[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
MIB review of <draft-glenn-mo-aggr-mib-05.txt>
Review is attached. Comments marked in document with either "gww>" or
"bert>" at the beginning of the line.
There are a number of comments that require attention before
publication.
Both MIBs compiled clean with smilint. Both MIBs generated the following
error when compiled with smicng:
E: f(taggr.mi2), (223,21) Default value for
"tAggrCompressionAlgorithm" must be a name and not a number
I don't understand why this error is generated, perhaps Dave can
comment.
Regards, /gww
Network Working Group Glenn Mansfield Keeni
INTERNET-DRAFT Cyber Solutions Inc.
Expires: January 15, 2006 July 16, 2005
The Managed Object Aggregation MIB
<draft-glenn-mo-aggr-mib-05.txt>
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Comments are solicited and should be addressed to the author.
This Internet-Draft will expire on January 15, 2006.
Copyright Notice
Copyright (C) The Internet Society (2005).
Expires: January 15, 2006 [Page 1]
�
Internet Draft July 16, 2005
Abstract
This memo defines a portion of the Management Information Base (MIB),
the Aggregation MIB modules, for use with network management
protocols in the Internet community. In particular, the Aggregation
MIB modules will be used to configure a network management agent to
aggregate the values of a (user) specified set of Managed Object
instances and to service queries related to the aggregated Managed
Object instances.
Table of Contents
1. The Internet-Standard Management Framework .................... 3
2. Background .................................................... 3
3. MO Aggregation: The Concept ................................... 4
4. The Requirements for Managed Object Aggregation ............... 7
5. MIB Design .................................................... 8
6. The Aggregation MIB modules ................................... 9
7. Security Considerations .......................................30
8. IANA Considerations ...........................................32
9. References ....................................................32
10. Acknowledgments ...............................................32
11. Authors' Addresses ............................................32
12. Full Copyright Statement ......................................33
Expires: January 15, 2006 [Page 2]
�
Internet Draft July 16, 2005
1. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14, RFC 2119
[RFC2119].
2. Background
For the purpose of management it is necessary to access Managed
Objects (MOs). The SNMP framework provides a mechanism for naming and
describing managed objects. These objects are accessed via a virtual
information store termed a Management Information Base (MIB). MIBs
have been defined by equipment, protocol and application developers
to provide management access to the managed entities. We will call
the MOs defined in these MIBs - simple MOs (SMO). Management
applications will access one or more instances of these SMOs, one or
more times, to monitor the target entity.
There is a cost associated with accessing MOs. The cost is the
network bandwidth and the packet header processing overhead at the
command generator (manager) and the command responder (agent). This
cost constrains the number of MO instances that can be polled and the
interval at which polling can be carried out.
The overhead reduction can be carried out by reducing the number of
query-response packets. This will reduce the packet processing
overhead and to some extent the bandwidth.
The payload in a typical SNMP "get" packet and the corresponding
response are as shown in Fig. 1. In this example polling is carried
out for 'n' Managed Object instances OID1, OID2, .., OIDn. It is
obvious that a substantial amount of the payload in an SNMP packet
consists of the OIDs.
Expires: January 15, 2006 [Page 3]
�
Internet Draft July 16, 2005
3. MO Aggregation: The Concept
In this draft, a mechanism of MO aggregation for payload compression
is defined. The idea is simple: we introduce the concept of an
Aggregate MO (AgMO). An AgMO is just another MO as far as the SNMP
protocol is concerned. No new protocol operations will be required to
handle these MOs. As in the case of any other MO, it requires
additional instrumentation at the command responder (agent) and at
the (command generator) manager. In this mechanism the user defines
an Aggregate MO (AgMO) corresponding to one or more (predefined) MO
instances. Semantically, the value of an AgMO instance will be
equivalent to the concatenation of the values of the corresponding MO
instances. The order of the concatenation will be determined by the
order in which the MO instances are specified in the AgMO definition.
With the definitions done, the user can, as and when the necessity
arises, do an SNMP 'get' on instances of the AgMO to fetch the value
of the constituent MO instances. There is substantial savings on
bandwidth as only one instance object identifier is carried in the
request and the response. In the normal case, instance object
identifiers for each of the constituent MO instances would be carried
in the requests and the responses. This is the basic concept of
Aggregate Managed Objects. For every AgMO an ErrorStatus Managed
Object is defined. This MO indicates errors, if any, that has been
encountered while fetching the values of the constituent MO
instances. The error indication comprises of the index of the MO
instance and the corresponding error. If there are no errors the
ErrorStatus Managed Object instance will have a null value. This is
the basic concept of Aggregate Managed Objects.
The concepts are explained in Fig. 2. An aggregate managed object
AgMOx has been defined for MO instances MOI1, ... MOIn. The value of
an instance of AgMOx will be a concatenation of the values of MOI1,
... MOIn, in that order.
Polling for MO Instances [MOI1, MOI2, ... MOIn] :
+--------+------+-------+... -+------+------+
Query: |Get req | MOI1 | NULL | | MOIn | NULL |
+--------+------+-------+... -+------+------+
+--------+------+-------+... -+------+------+
Response: |Get resp| MOI1 | Val1 | | MOIn | Valn |
+--------+------+-------+... -+------+------+
Fig. 1 Polling for MO instances
Expires: January 15, 2006 [Page 4]
�
Internet Draft July 16, 2005
Polling for an instance (AgMOIx) of an aggregate MO
(AgMOx):
AgMOx = aggr{AgMOI1, AgMOI2, ......AgMOIn}
+--------+--------+-------+
Query: |Get req | AgMOIx | NULL |
+--------+--------+-------+
+--------+--------+------------------------+
Response: |Get resp| AgMOIx | Val1,Val2,...,Valn |
+--------+--------+------------------------+
Fig. 2 MO aggregation
As a further refinement of the AgMO, we introduce the Time-based
Aggregated Managed Object (TAgMO). The TAgMO is an MO that
represents the values of a (user) specified MO instance sampled at
(user) specified intervals for a (user) specified number of times.
In this case the user defines a TAgMO by specifying the MO instance
that needs to be sampled, the sampling interval and the desired
number of samples that will be included in one TAgMO. The value of a
TAgMO instance will include the timestamp (sysUpTime) at which the
first sample was taken. The start time is not specified when the
TAgMO is defined. Implementations may chose to align the start time
with the appropriate time boundaries (e.g. seconds, minutes, hours
etc.) With the definitions done the user can do an SNMP "get" on an
instance of the TAgMO to fetch the values of the constituent MO
instance sampled at the specified intervals. This is the concept of
time-based aggregation.
Polling for MO Instances [MOI1, MOI2, ... MOIn] :
+--------+------+-------+... -+------+------+
Query: |Get req | MOI1 | NULL | | MOIn | NULL |
+--------+------+-------+... -+------+------+
+--------+------+-------+... -+------+------+
Response: |Get resp| MOI1 | Val1 | | MOIn | Valn |
+--------+------+-------+... -+------+------+
Fig. 3 Polling for MO instances
Expires: January 15, 2006 [Page 5]
�
Internet Draft July 16, 2005
Polling for an instance (TAgMOIx) of a time-based aggregate MO
(TAgMOx):
TAgMOx = aggr{'n' polled samples of an instance (MOI) of MO
at intervals = 'i' microseconds}
+--------+---------+-------+
Query: |Get req | TAgMOIx | NULL |
+--------+---------+-------+
+--------+---------+--------------------------------------+
Response: |Get resp| TAgMOIx | t,Val(t),Val(t+i),.,Val(t + (n-1)*i) |
+--------+---------+--------------------------------------+
gww> where do you distinguish between MOI1 through MOIn
Fig. 4 Time-based aggregation
The TAgMO instance is a "bucket" of data representing the value of
the corresponding MO instance sampled at 'i' microsecond intervals,
'n' times i.e. over a 'n' X 'i' microsecond window. The TAgMO
instance value gets updated at 'n' X 'i' microsecond intervals.
Expires: January 15, 2006 [Page 6]
�
Internet Draft July 16, 2005
4. The Requirements for Managed Object Aggregation
The general requirements of managed object aggregation are as
follows:
o It should lead to lesser number of packets
o It should lead to lesser bandwidth consumption
o It should not lead to loss of information
In the case of time-based aggregation there will be a delay involved
in getting the actual data. The minimum delay in this case will be
the duration of the aggregation.
The manager application is expected to configure AgMOs (Aggregate
MOs) and TAgMOs (Time based Aggregate MOs) with care so that the
response size is not too large. In case the resultant response size
is larger than the maximum acceptable message size of the originator
or larger than the local maximum message size then the error-status
field will be set to "tooBig".
It must be noted that an aggregate MO can be defined only when all
the constituent MO instances of interest are known. This scheme
cannot be employed if a manager/application does not know the
specific MO instances (of interest) that are serviced by the
management target. In such cases, the application may "discover" the
MO instances of interest by some means e.g. by "walking" through the
MIB tree on the agent. Based on the results of the "walk", the
application can define an appropriate aggregate MO that will serve
the purpose. Considering the cost involved in this exercise, this
method is recommended only if the aggregate MO will be used
repeatedly, so that the benefits of aggregation outweigh the costs of
configuration.
Expires: January 15, 2006 [Page 7]
�
Internet Draft July 16, 2005
5. MIB Design.
The basic principle has been to keep the MIB as simple as possible
and at the same time to make it flexible enough so that a large
number of users and applications can use the MIB to configure
aggregate MOs conveniently.
Two separate MIB modules have been defined. The AggrMIB supports the
aggregation of independent MO instances while TAggrMIB suports the
aggregation of several samples of the same MO instance.
The AggrMIB comprises of three tables described below.
- The aggrCtlTable controls the aggregation process. Each row in
this table defines the attributes of aggregate object defined in
the aggrMOTable.
- The aggrMOTable defines the primary MO-based aggregation
i.e. the MOs that will be aggregated.
- The aggrDataTable contains the details of the aggregated object.
The TAggrMIB comprises of two tables described below.
- The tAggrCtlTable controls the aggregation process. Each row in
this table defines the attributes of the aggregate object defined
in the aggrMOTable.
- The tAggrDataTable contains the details of the aggregated object.
Expires: January 15, 2006 [Page 8]
�
Internet Draft July 16, 2005
6. The Aggregation MIB modules.
AGGREGATE-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, experimental, Unsigned32,
OBJECT-TYPE, Opaque
FROM SNMPv2-SMI
OwnerString
FROM RMON-MIB
RowStatus, StorageType, TEXTUAL-CONVENTION
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB;
aggrMIB MODULE-IDENTITY
LAST-UPDATED "200507160000Z" -- 16th July, 2005
ORGANIZATION "Cyber Solutions Inc. NetMan Working Group"
CONTACT-INFO
" Glenn Mansfield Keeni
Postal: Cyber Solutions Inc.
6-6-3, Minami Yoshinari
Aoba-ku, Sendai, Japan 989-3204.
Tel: +81-22-303-4012
Fax: +81-22-303-4015
E-mail: glenn@cysols.com
Support Group E-mail: mibsupport@cysols.com"
DESCRIPTION
" The MIB for servicing aggregate objects.
Copyright (C) The Internet Society (2005). This
version of this MIB module is part of RFC XXXX;
see the RFC itself for full legal notices.
"
-- RFC Ed.: replace XXXX with the actual RFC number & remove this
-- note
REVISION "200507160000Z" -- 16th July, 2005
DESCRIPTION "Initial version, published as RFC XXXX."
-- RFC Ed.: replace XXXX with the actual RFC number & remove this
-- note
::= { experimental xxx } -- will be assigned by IANA
Expires: January 15, 2006 [Page 9]
�
Internet Draft July 16, 2005
-- IANA Reg.: Please assign a value for "xxx" under the
-- 'experimental' subtree and record the assignment in the SMI
-- Numbers registry.
-- RFC Ed.: When the above assignment has been made, please
-- remove the above note
-- replace "xxx" here with the assigned value and
-- remove this note.
AggrMOErrorStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This data type is used to model the error status of the
constituent MO instances. The error status for a
constituent MO instance is given in terms of two elements -
o the moIndex which indicates the position of the MO
instance (starting at 1) in the value of the aggregated
MO instance.
o the moError which indicates the error that was
encountered in fetching that MO instance.
The syntax in ASN.1 Notation will be
ErrorStatus :: = SEQUENCE {
moIndex Integer32,
moError SnmpPduErrorStatus
}
AggrMOErrorStatus ::= SEQUENCE OF {
ErrorStatus
}
Note1: the command responder will supply values for all
constituent MO instances and in the same order in
which the MO instances are specified for the AgMO.
If an error is encountered for an MO instance then
the corresponding value will have an ASN.1 value NULL
and, an error flagged in the corresponding
AggrMOErrorStatus object.
Only MOs for which errors have been encountered will
have the corresponding moIndex and moError values set.
Note2: the error code for the component MO instances will be
in accordance with the SnmpPduErrorStatus TC defined
in the DISMAN-SCHEDULE-MIB[RFC3231].
Note3: the command generator will need to know
constituent MO instances and their order to correctly
interpret AggrMOErrorStatus.
"
SYNTAX Opaque (SIZE (0..1024))
Expires: January 15, 2006 [Page 10]
�
Internet Draft July 16, 2005
AggrMOValue ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This data type is used to model the aggregate
MOs. It will have a format dependent on the constituent
MOs, a sequence of values. The syntax in ASN.1 Notation will
be
MOValue :: = SEQUENCE {
value ObjectSyntax
}
Where, 'value' is the value of a constituent MO instance.
AggrMOValue :: = SEQUENCE OF {
MOValue
}
Note: the command generator will need to know the
the constituent MO instances and their order to
correctly interpret AggrMOValue."
SYNTAX Opaque (SIZE (0..1024))
CompressedAggrMOValue ::= TEXTUAL-CONVENTION
bert> For naming consistency this should be named some like AggrCompressedMOValue
bert> or AggrMOCompressedValue.
STATUS current
DESCRIPTION
"This data type is used to model the compressed
aggregate MOs. "
SYNTAX OCTET STRING (SIZE (0..1024))
--
-- The aggregation control table
-- There will be a row for each aggregate MO
--
aggrCtlTable OBJECT-TYPE
SYNTAX SEQUENCE OF AggrCtlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" A table that controls the aggregation of the MOs."
::= {aggrMIB 1}
Expires: January 15, 2006 [Page 11]
�
Internet Draft July 16, 2005
aggrCtlEntry OBJECT-TYPE
SYNTAX AggrCtlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row of the control table that defines one aggregated
MO.
Entries in this table are required to survive a reboot
of the managed entity depending on the value of the
corresponding aggrEntryStorageType instance.
"
INDEX {aggrEntryID }
::= {aggrCtlTable 1 }
AggrCtlEntry ::= SEQUENCE {
aggrEntryID
SnmpAdminString,
aggrAgMOIndex
Unsigned32,
aggrAgMODescr
SnmpAdminString,
aggrCompressionAlgorithm
INTEGER,
aggrEntryOwner
OwnerString,
aggrEntryStorageType
StorageType,
aggrEntryStatus
RowStatus
}
bert> For naming consistency all objects for this table should
bert> start with aggrCtl
aggrEntryID OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" A locally-unique administratively assigned name
for this aggregated MO. It is used as an index to
uniquely identify this row in the table."
::= { aggrCtlEntry 1 }
Expires: January 15, 2006 [Page 12]
�
Internet Draft July 16, 2005
aggrAgMOIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..2147483647)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" A pointer to a group of MOs identified by aggrMOEntryID
in the aggrMOTable. This is the group of MOs that will
be aggregated."
::= { aggrCtlEntry 2 }
gww> Hmmmm. The indexing in the aggrMOTable is { aggrMOEntryID, aggrMOEntryMOID }
gww> which are both defined as 0..65535. Interesting way to "index" another table.
gww> I think I understand what is going on... the first two bytes of aggrAgMOIndex
gww> refer to aggrMOEntryID and the second two bytes refer to aggrMOEntryMOID. If
gww> this is indeed the case there should be some text describing this. I would
gww> say this is unconventional and would strongly recommend that two objects
gww> be defined in this table to break out the indices.
aggrAgMODescr OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" A textual description of the object that is
being aggregated."
::= {aggrCtlEntry 3}
-- no compression algorithms are defined as of now.
aggrCompressionAlgorithm OBJECT-TYPE
SYNTAX INTEGER {
none (1)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The compression algorithm that will be used by
the agent to compress the value of the aggregated
object."
DEFVAL { 1 }
::= {aggrCtlEntry 4}
aggrEntryOwner OBJECT-TYPE
SYNTAX OwnerString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The entity that created this entry."
::= {aggrCtlEntry 5}
Expires: January 15, 2006 [Page 13]
�
Internet Draft July 16, 2005
aggrEntryStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines whether the parameters defined in
this row are kept in volatile storage and lost upon
reboot or are backed up by non-volatile (permanent)
storage.
gww> aggrCtlEntry has a comment that says entries "are required to survive reboot".
gww> This description implies otherwise. This needs to be fixed.
Conceptual rows having the value ''permanent'' need not
allow write-access to any columnar objects in the row.
"
::= {aggrCtlEntry 6}
aggrEntryStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to row
installation and removal conventions.
Objects in a row can be modified only when the value of
this object in the corresponding conceptual row is not
''active''.
Thus to modify one or more of the objects in this
conceptual row,
a. change the row status to ''notInService'',
b. change the values of the row
c. change the row status to ''active''
The aggrEntryStatus may be changed to ''active'' iff
all the MOs in the conceptual row have been assigned
valid values.
"
::= {aggrCtlEntry 7}
Expires: January 15, 2006 [Page 14]
�
Internet Draft July 16, 2005
--
-- The Table of primary(simple) MOs
-- Each row in this table represents a MO which will be aggregated.
-- The aggrMOEntryID index is used to identify the group of MOs
-- that will be aggregated. The aggrMOIndex instance in the
-- corresponding row of the aggrCtlTable will have value equal to
-- the value of aggrMOEntryID.
-- The aggrMOEntryMOID index is used to identify an MO in the group.
--
bert> Move these comments into description clause for the table (and edit
bert> appropriately.
aggrMOTable OBJECT-TYPE
SYNTAX SEQUENCE OF AggrMOEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" A table of the MOs that will be aggregated."
::= {aggrMIB 2}
aggrMOEntry OBJECT-TYPE
SYNTAX AggrMOEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row of the table that specifies one MO.
Entries in this table are required to survive a reboot
of the managed entity depending on the value of the
corresponding aggrMOEntryStorageType instance.
"
INDEX { aggrMOEntryID, aggrMOEntryMOID }
::= {aggrMOTable 1 }
AggrMOEntry ::= SEQUENCE {
aggrMOEntryID
Unsigned32,
aggrMOEntryMOID
Unsigned32,
aggrMOInstance
OBJECT IDENTIFIER,
aggrMODescr
SnmpAdminString,
aggrMOEntryStorageType
StorageType,
aggrMOEntryStatus
RowStatus
}
Expires: January 15, 2006 [Page 15]
�
Internet Draft July 16, 2005
aggrMOEntryID OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
bert> Index values normally start at 1. Only in rare cases should they start at 0.
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" An index uniquely identifying a group of MOs
that will be aggregated."
::= { aggrMOEntry 1 }
aggrMOEntryMOID OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
bert> Index values normally start at 1. Only in rare cases should they start at 0.
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" An index to uniquely identify an MO instance in the
group of MO instances that will be aggregated."
::= { aggrMOEntry 2 }
aggrMOInstance OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The OID of the MO instance - the value of which will
be sampled by the agent."
::= { aggrMOEntry 3 }
aggrMODescr OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" A textual description of the object that will
be aggregated."
::= {aggrMOEntry 4}
Expires: January 15, 2006 [Page 16]
�
Internet Draft July 16, 2005
aggrMOEntryStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines whether the parameters defined in
this row are kept in volatile storage and lost upon
reboot or are backed up by non-volatile (permanent)
storage.
Conceptual rows having the value ''permanent'' need not
allow write-access to any columnar objects in the row.
"
::= {aggrMOEntry 5}
aggrMOEntryStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to row
installation and removal conventions.
Objects in a row can be modified only when the value of
this object in the corresponding conceptual row is not
''active''.
Thus to modify one or more of the objects in this
conceptual row,
a. change the row status to ''notInService'',
b. change the values of the row
c. change the row status to ''active''
The aggrMOEntryStatus may be changed to ''active'' iff
all the MOs in the conceptual row have been assigned
valid values.
"
::= {aggrMOEntry 6}
Expires: January 15, 2006 [Page 17]
�
Internet Draft July 16, 2005
--
-- aggrDataTable: The Table of Data. Each row represents a Data
-- set. aggrEntryID is the key to the table. It is
-- used to identify instances of the aggregated MO
-- that are present in the table.
--
aggrDataTable OBJECT-TYPE
SYNTAX SEQUENCE OF AggrDataEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" Each row of this table contains information
about an aggregateMO indexed by aggrEntryID."
::= {aggrMIB 3}
aggrDataEntry OBJECT-TYPE
SYNTAX AggrDataEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" Entry containing information pertaining to
an aggregate MO."
INDEX {aggrEntryID}
::= {aggrDataTable 1 }
AggrDataEntry ::= SEQUENCE {
aggrDataRec
gww> Recommend aggrDataRecord
AggrMOValue,
aggrDataRecC
bert> Recommend aggrDataRecordCompressed
CompressedAggrMOValue,
aggrErrorRec
bert> Recommend aggrDataErrorRecord
AggrMOErrorStatus
}
aggrDataRec OBJECT-TYPE
SYNTAX AggrMOValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The snapshot value of the aggregated MO.
Note that the access privileges to this object will be
governed by the access privileges of the component
objects. Thus, an entity attempting to access an instance
of this MO MUST have access rights to all the component
instance objects and this MO instance.
"
gww> Hmmm. Does this mean that whenever this object is retrieved then the
gww> access to each MO will be checked? So, this is "legal" design, however,
gww> I cannot imagine many implementations actually performing this check.
gww> If indeed they do not check the access rights then we have broken the
gww> security model. I would recommend that this is clearly discussed in the
gww> security section below.
::= { aggrDataEntry 1}
Expires: January 15, 2006 [Page 18]
�
Internet Draft July 16, 2005
aggrDataRecC OBJECT-TYPE
SYNTAX CompressedAggrMOValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The compressed value of the aggregated MO.
The compression algorithm will depend on the
aggrCompressionAlgorithm given in the corresponding
aggrCtlEntry. In case the value of the corresponding
aggrCompressionAlgorithm is (1) 'none' then this MO
will be inaccessible.
gww> inaccessible is not good. I would recommend that this object is
gww> accessible but empty. Since no compression algorithms are defined I
gww> would strongly recommend that any references to compression are removed
gww> and issue a new version of this MIB module when compression algorithm(s)
gww> are required.
Note that the access privileges to this object will be
governed by the access privileges of the component
objects. Thus, an entity attempting to access an instance
of this MO MUST have access rights to all the component
instance objects and this MO instance.
"
::= { aggrDataEntry 2}
aggrErrorRec OBJECT-TYPE
SYNTAX AggrMOErrorStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The error status corresponding to the MO instances
aggregated in aggrDataRec (and aggrDataRecC)."
::= { aggrDataEntry 3}
-- Conformance information
aggrConformance OBJECT IDENTIFIER ::= { aggrMIB 4 }
aggrGroups OBJECT IDENTIFIER ::= { aggrConformance 1 }
aggrCompliances OBJECT IDENTIFIER ::= { aggrConformance 2 }
-- Compliance statements
aggrDataCompliance MODULE-COMPLIANCE
bert> Prefer a name such as aggrMibCompliance
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities
which implement the
AGGREGATE-MIB."
MODULE -- this module
MANDATORY-GROUPS { aggrDataGroup }
::= { aggrCompliances 1 }
Expires: January 15, 2006 [Page 19]
�
Internet Draft July 16, 2005
-- Units of conformance
aggrDataGroup OBJECT-GROUP
bert> Prefer a name such as aggrMibBasicGroup
OBJECTS {
aggrAgMOIndex,
aggrAgMODescr,
aggrCompressionAlgorithm,
aggrEntryOwner,
aggrEntryStorageType,
aggrEntryStatus,
aggrMOInstance,
aggrMODescr,
aggrMOEntryStorageType,
aggrMOEntryStatus,
aggrDataRec,
aggrDataRecC,
aggrErrorRec
}
STATUS current
DESCRIPTION
" A collection of objects for aggregation of MOs."
::= { aggrGroups 1 }
END
Expires: January 15, 2006 [Page 20]
�
Internet Draft July 16, 2005
TIME-AGGREGATE-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, experimental,
OBJECT-TYPE, Opaque, Gauge32
FROM SNMPv2-SMI
OwnerString
FROM RMON-MIB
RowStatus, StorageType, TEXTUAL-CONVENTION
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB;
tAggrMIB MODULE-IDENTITY
LAST-UPDATED "200507160000Z" -- 16th July 2005
ORGANIZATION "Cyber Solutions Inc. NetMan Working Group"
CONTACT-INFO
" Glenn Mansfield Keeni
Postal: Cyber Solutions Inc.
6-6-3, Minami Yoshinari
Aoba-ku, Sendai, Japan 989-3204.
Tel: +81-22-303-4012
Fax: +81-22-303-4015
E-mail: glenn@cysols.com
Support Group E-mail: mibsupport@cysols.com"
DESCRIPTION
" The MIB for servicing time-based Aggregate objects.
Copyright (C) The Internet Society (2005). This
version of this MIB module is part of RFC NNNN;
see the RFC itself for full legal notices.
"
-- RFC Ed.: Please replace NNNN with actual RFC number & remove
-- this note
REVISION "200507160000Z" -- 16th July, 2005
DESCRIPTION "Initial version, published as RFC NNNN."
-- RFC Ed.: Please replace NNNN with actual RFC number & remove
-- this note
::= { experimental nnn } -- will be assigned by IANA
Expires: January 15, 2006 [Page 21]
�
Internet Draft July 16, 2005
-- IANA Reg.: Please assign a value for "nnn" under the
-- 'experimental' subtree and record the assignment in
-- the SMI Numbers registry.
-- RFC Ed.: When the above assignment has been made, please
-- remove the above note
-- replace "nnn" here with the assigned value and
-- remove this note.
TAggrMOErrorStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This data type is used to model the error status of the
sampled MO instance. The error status for a sampled MO
instance is given in terms of two elements -
o the moIndex which indicates the sample number of the MO
instance (starting at 1) in the value of the time
aggregated MO instance.
o the moError which indicates the error that was
encountered in sampling that MO instance.
The syntax in ASN.1 Notation will be
ErrorStatus :: = SEQUENCE {
moIndex Integer32,
moError SnmpPduErrorStatus
}
TAggrMOErrorStatus ::= SEQUENCE OF {
ErrorStatus
}
Note1: the command responder will supply values for all
the samples of the MO instance. If an error is
encountered for a sample then the corresponding
value will have an ASN.1 value NULL and, an error
will be flagged in the corresponding
TAggrMOErrorStatus object.
Only MOs for which errors have been encountered will
have the corresponding moIndex and moError values set.
Note2: the error code for the component MO instances will be
in accordance with the SnmpPduErrorStatus TC defined
in the DISMAN-SCHEDULE-MIB[RFC3231].
"
SYNTAX Opaque (SIZE (0..1024))
gww> Any reason to define this again. This looks just like the AggrMOErrorStatus,
gww> recommend that AggrMOErrorStatus is reused.
Expires: January 15, 2006 [Page 22]
�
Internet Draft July 16, 2005
TimeAggrMOValue ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This data type is used to model the time aggregated MOs. It
will be a sequence of values. The syntax in ASN.1 Notation
will be
MOValue :: = SEQUENCE {
value ObjectSyntax
}
TimeAggrMOValue ::= SEQUENCE OF {
MOSampleValue
gww> I know this is just in a description clause but I don't see MOSampleValue
gww> defined anywhere in this document. Should be fixed.
}
Where, the first MOSampleValue will always be the timestamp
of the first sample in the aggregated object. The subsequent
values are the values of the MO instance sampled at the
specified intervals for the specified number of times.
Note: the command generator will need to know the
constituent MO instance and the sampling interval to
correctly interpret TimeAggrMOValue.
"
SYNTAX Opaque (SIZE (0..1024))
CompressedTimeAggrMOValue ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This data type is used to model the compressed
TAgMOs. "
SYNTAX Opaque (SIZE (0..1024))
--
-- The time-based aggregation control table
-- There will be a row for each TAgMO
--
gww> Move these comments into description clause for the table (and edit
gww> appropriately.
tAggrCtlTable OBJECT-TYPE
SYNTAX SEQUENCE OF TAggrCtlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" A table that controls the aggregation of the
samples of the MO instances."
::= {tAggrMIB 1}
Expires: January 15, 2006 [Page 23]
�
Internet Draft July 16, 2005
tAggrCtlEntry OBJECT-TYPE
SYNTAX TAggrCtlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row of the control table that defines one time-based
aggregate MO (TAgMO)."
INDEX {tAggrEntryID }
::= {tAggrCtlTable 1 }
TAggrCtlEntry ::= SEQUENCE {
tAggrEntryID
gww> All entries in this table should start with tAggrCtl
SnmpAdminString,
tAggrMOInstance
OBJECT IDENTIFIER,
tAggrAgMODescr
SnmpAdminString,
tAggrInterval
Gauge32,
tAggrSamples
Gauge32,
tAggrCompressionAlgorithm
INTEGER,
tAggrEntryOwner
OwnerString,
tAggrEntryStorageType
StorageType,
tAggrEntryStatus
RowStatus
}
tAggrEntryID OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" A locally-unique administratively assigned name
for this aggregated MO. It is used as an index to
uniquely identify this row in the table."
::= { tAggrCtlEntry 1 }
Expires: January 15, 2006 [Page 24]
�
Internet Draft July 16, 2005
tAggrMOInstance OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The sampled values of this MO instance will be
aggregated by the TAgMO.
"
::= { tAggrCtlEntry 2 }
tAggrAgMODescr OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" A textual description of the aggregate object."
::= {tAggrCtlEntry 3}
tAggrInterval OBJECT-TYPE
SYNTAX Gauge32
gww> This should be an Integer32
UNITS "micro seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The interval in microseconds at which the MO instance
pointed at by tAaggrInstance, will be sampled for
time-based aggregation.
"
::= {tAggrCtlEntry 4}
tAggrSamples OBJECT-TYPE
SYNTAX Gauge32
gww> This should be an Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The number of times at which the MO instance referred
to by tAaggrInstance, will be sampled for time-based
aggregation."
::= {tAggrCtlEntry 5}
Expires: January 15, 2006 [Page 25]
�
Internet Draft July 16, 2005
-- no compression algorithms are defined as of now.
tAggrCompressionAlgorithm OBJECT-TYPE
SYNTAX INTEGER {
none (1)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The compression algorithm that will be used by
the agent to compress the value of the TAgMO.
"
DEFVAL { 1 }
::= {tAggrCtlEntry 6}
tAggrEntryOwner OBJECT-TYPE
SYNTAX OwnerString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" A textual description of the entity that created
this entry.
"
::= {tAggrCtlEntry 7}
tAggrEntryStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines whether the parameters defined in
this row are kept in volatile storage and lost upon
reboot or are backed up by non-volatile (permanent)
storage.
Conceptual rows having the value ''permanent'' need not
allow write-access to any columnar objects in the row.
"
::= {tAggrCtlEntry 8}
Expires: January 15, 2006 [Page 26]
�
Internet Draft July 16, 2005
tAggrEntryStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to row
installation and removal conventions.
Objects in a row can be modified only when the value of
this object in the corresponding conceptual row is not
''active''.
Thus, to modify one or more of the objects in this
conceptual row,
a. change the row status to ''notInService'',
b. change the values of the row
c. change the row status to ''active''
The tAggrEntryStatus may be changed to ''active'' iff
all the MOs in the conceptual row have been assigned
valid values.
"
::= {tAggrCtlEntry 9}
--
-- tAggrDataTable: The Table of Data. Each row represents a Data
-- set. tAggrEntryID is the key to the table. It
-- is used to identify instances of the
-- TAgMO that are present in the table.
--
gww> Move these comments into description clause for the table (and edit
gww> appropriately.
tAggrDataTable OBJECT-TYPE
SYNTAX SEQUENCE OF TAggrDataEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" Each row of this table contains information
about a TAgMO indexed by tAggrEntryID."
::= {tAggrMIB 2}
Expires: January 15, 2006 [Page 27]
�
Internet Draft July 16, 2005
tAggrDataEntry OBJECT-TYPE
SYNTAX TAggrDataEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" Entry containing information pertaining
to a TAgMO."
INDEX {tAggrEntryID}
::= {tAggrDataTable 1 }
TAggrDataEntry ::= SEQUENCE {
tAggrDataRec
TimeAggrMOValue,
tAggrDataRecC
CompressedTimeAggrMOValue,
tAggrErrorRec
TAggrMOErrorStatus
}
gww> See comments about aggrDataEntry and rename these columns similarly.
tAggrDataRec OBJECT-TYPE
SYNTAX TimeAggrMOValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The snapshot value of the TAgMO."
::= { tAggrDataEntry 1}
tAggrDataRecC OBJECT-TYPE
SYNTAX CompressedTimeAggrMOValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The compressed value of the TAgMO.
The compression algorithm will depend on the
tAggrCompressionAlgorithm given in the corresponding
tAggrCtlEntry. In case the value of the corresponding
tAggrCompressionAlgorithm is (1) 'none' then this MO
will be inaccessible.
Note that the access privileges to this object will be
governed by the access privileges of the corresponding MO
instance. Thus an entity attempting to access an instance
of this MO MUST have access rights to the instance object
pointed at by tAggrMOInstance and this MO instance.
"
::= { tAggrDataEntry 2}
Expires: January 15, 2006 [Page 28]
�
Internet Draft July 16, 2005
tAggrErrorRec OBJECT-TYPE
SYNTAX TAggrMOErrorStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The error status corresponding to the MO instance
samples aggregated in tAggrDataRec (and tAggrDataRecC)."
::= { tAggrDataEntry 3}
-- Conformance information
tAggrConformance OBJECT IDENTIFIER ::= { tAggrMIB 3 }
tAggrGroups OBJECT IDENTIFIER ::= { tAggrConformance 1 }
tAggrCompliances OBJECT IDENTIFIER ::= { tAggrConformance 2 }
-- Compliance statements
tAggrDataCompliance MODULE-COMPLIANCE
gww> Rename to tAggrMibCompliance
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities
which implement the
TIME-AGGREGATE-MIB."
MODULE -- this module
MANDATORY-GROUPS { tAggrDataGroup }
::= { tAggrCompliances 1 }
-- Units of conformance
tAggrDataGroup OBJECT-GROUP
gww> Rename to tAggrMibBasicGroup
OBJECTS {
tAggrMOInstance,
tAggrAgMODescr,
tAggrInterval,
tAggrSamples,
tAggrCompressionAlgorithm,
tAggrEntryOwner,
tAggrEntryStorageType,
tAggrEntryStatus,
tAggrDataRec,
tAggrDataRecC,
tAggrErrorRec
}
STATUS current
DESCRIPTION
" A collection of objects for time-based aggregation
of MOs."
::= { tAggrGroups 1 }
END
Expires: January 15, 2006 [Page 29]
�
Internet Draft July 16, 2005
7. Security Considerations
There are management objects in the MIB modules defined in this
document that have a MAX-ACCESS clause of read-create. Such objects
may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations. The objects and corresponding vulnerabilities
are discussed below.
The following MOs are used to configure an agent that implements the
aggregate MIB modules.
aggrAgMOIndex,
aggrAgMODescr,
aggrCompressionAlgorithm,
aggrEntryOwner,
aggrEntryStorageType,
aggrEntryStatus,
aggrMOInstance,
aggrMODescr,
aggrMOEntryStorageType,
aggrMOEntryStatus,
tAggrMOInstance,
tAggrAgMODescr,
tAggrInterval,
tAggrSamples,
tAggrCompressionAlgorithm,
tAggrEntryOwner,
tAggrEntryStorageType,
tAggrEntryStatus,
Access to these objects may be abused to affect the operation of the
data collection system. In particular,
- by changing the value of an instance of aggrEntryStatus,
tAggrEntryStatus, aggrMOEntryStatus or tAggrMOEntryStatus
to 'notInService' or 'destroy', the data aggregation
operation for the corresponding entry will become
unavailable to the management system.
- by changing the value of an instance of aggrMOInstance or
tAggrMOInstance instance, the data aggregation operation
may be subverted. This may result in wrong information
being fed to the management system.
- by adding several rows in the aggrMOTable corresponding
to an aggregate MO it is possible to make the value of
the aggregate MOs very large. A similar effect may be
achieved by manipulating the value of the tAggrSamples
instance corresponding to a time-based aggregate MO.
This could result in very heavy management traffic and/or
Expires: January 15, 2006 [Page 30]
�
Internet Draft July 16, 2005
fragmentation of response packets. In some cases the
responder may refuse to send the data and will simply
respond with an error message indicating that the response
packet size is too big.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec),
there is no control as to who on the secure network is allowed to
access and GET/SET (read/change/create/delete) the objects in this
MIB module.
It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see [RFC3410], section 8),
gww> editorial: should be section 9
including full support for the SNMPv3 cryptographic mechanisms (for
authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
Expires: January 15, 2006 [Page 31]
�
Internet Draft July 16, 2005
8. IANA Considerations
IANA should assign a base arc each in the 'experimental' OID tree for
the 'aggrMIB' MODULE-IDENTITY and the 'tAggrMIB' MODULE-IDENTITY
defined in the AGGREGATE-MIB and the TIME-AGGREGATE-MIB respectively.
gww> Should have an editor's note here since the above text can be removed
gww> prior to publication. See mib review document section 3.5.3
9. References
9.1 Normative References
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", STD 58, RFC 2578,
April 1999
[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Textual Conventions for
SMIv2", STD 58, RFC 2579, April 1999
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Conformance Statements for
SMIv2", STD 58, RFC 2580, April 1999
[RFC3231] Levi. D. and Schoenwaelder, J., "Definitions of Managed
Objects for Scheduling Management Operations", RFC3231,
January 2002
gww> Missing reference to RMON-MIB
gww> Missing reference to RFC3411
9.2 Informative References
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for the
Internet-Standard Management Framework", RFC 3410,
December 2002.
10. Acknowledgments
This draft is the product of discussions and deliberations carried
out in the WIDE-netman group.
11. Authors' Addresses
Glenn Mansfield Keeni
Cyber Solutions Inc.
6-6-3 Minami Yoshinari
Aoba-ku, Sendai 989-3204
Japan
Phone: +81-22-303-4012
EMail: glenn@cysols.com
Expires: January 15, 2006 [Page 32]
�
Internet Draft July 16, 2005
12. Full Copyright Statement
Copyright (C) The Internet Society (2005).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Expires: January 15, 2006 [Page 33]
�
Internet Draft July 16, 2005
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology
described in this document or the extent to which any license
under such rights might or might not be available; nor does it
represent that it has made any independent effort to identify any
such rights. Information on the procedures with respect to
rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention
any copyrights, patents or patent applications, or other
proprietary rights that may cover technology that may be required
to implement this standard. Please address the information to the
IETF at ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Expires: January 15, 2006 [Page 34]
�
Internet Draft July 16, 2005
Expires: January 15, 2006 [Page 35]
�