HTTP/1.1 200 OK Date: Tue, 09 Apr 2002 00:47:59 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Tue, 17 Mar 1998 16:32:00 GMT ETag: "2e79f7-8bdc-350ea580" Accept-Ranges: bytes Content-Length: 35804 Connection: close Content-Type: text/plain INTERNET-DRAFT M. Greene Ascom Nexion, Inc. S. Gudur BMC Software, Inc. 13 November 1997 Definitions of Managed Objects for Extensible SNMP Agents Status of this Memo This document is an Internet-Draft. Internet-Drafts are working doc- uments of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute work- ing documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference mate- rial or to cite them other than as a "work in progress". To learn the current status of any Internet-Draft, please check the "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). Copyright Notice Copyright (C) The Internet Society (1997). All Rights Reserved. Abstract This memo defines an experimental portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes objects managing SNMP agents that use the Agent Extensibility (AgentX) Protocol. This memo specifies a MIB module in a manner that is both compliant to the SNMPv2 SMI, and semantically identical to the peer SNMPv1 definitions. This memo does not specify a standard for the Internet community. AgentX Working Group Expires April 1998 [Page 1] Internet Draft AgentX MIB 13 November 1997 1. The SNMP Network Management Framework The SNMP Network Management Framework presently consists of three major components. They are: - the SMI, described in RFC 1902 [1] - the mechanisms used for describing and naming objects for the purpose of management. - the MIB-II, STD 17, RFC 1213 [2] - the core set of managed objects for the Internet suite of protocols. - the protocol, RFC 1157 [3] and/or RFC 1905 [4], - the protocol for accessing managed objects. The Framework permits new objects to be defined for the purpose of experimentation and evaluation. 1.1. Object Definitions Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the subset of Abstract Syntax Notation One (ASN.1) defined in the SMI. In particular, each object type is named by an OBJECT IDENTIFIER, an administratively assigned name. The object type together with an object instance serves to uniquely identify a specific instantiation of the object. For human convenience, we often use a textual string, termed the descriptor, to also refer to the object type. 2. Introduction The SNMP Agent Extensibility Protocol (AgentX) is a protocol used to distribute the implementation of an SNMP agent amongst a single "master agent" and multiple "subagents". See [5] for details about the AgentX protocol. The goals of the AgentX MIB are: - List the set of subagents that currently have logical sessions open with the master agent. - Identify each subagent's type, vendor, transport address, AgentX protocol version, and other characteristics. - Identify the set of MIB objects each subagent implements, the context in which the objects are registered, and the priority of the registration. Provide statistics about the protocol operation such as the number of packets to and from each subagent. AgentX Working Group Expires April 1998 [Page 2] Internet Draft AgentX MIB 13 November 1997 - Determine protocol operational parameters such as the timeout interval for responses from a subagent and the priority at which a subagent registers a particular MIB region. - Allow (but do not require) managers to be able to modify AgentX protocol operational parameters and to explicitly close subagent sessions with the master agent. 3. Overview This MIB is organized into four groups. The agentxGeneral group provides information describing the master agent's Agentx support, including the protocol version supported and the supported transport mechanisms. The agentxConnection group provides information describing the current set of connections capable of carrying Agentx sessions. The agentxSession group provides information describing the current set of AgentX sessions. The agentxRegistration group provides information describing the current set of registrations. Three tables form the heart of this mib. These are the connection, session, and registration tables. Entries in the registration table exist in a many-to-one relationship with entries in the session table. This relationship is represented through the agentxRegSessionIndex object in a registration entry. To determine which session is responsible for a given registration entry, a manager can retrieve the value of agentxRegSessionIndex for that entry, and then use that value to retrieve the corresponding row of the session table. To determine which registration(s), if any, a given subagent session is responsible for, a manager can scan the registration table for entries in which agentxRegSessionIndex matches the value of the agentxSessionIndex of the session in question. Entries in the session table exist in a many-to-one relationship with entries in the connection table. This relationship is represented through the agentxSessionConnIndex object in a session entry. To determine which connection is carrying a given session, a manager can retrieve the value of agentxSessionConnIndex for that entry, and then use that value to retrieve the corresponding row of the connection table. To determine which session(s), if any, a given connection is carrying, a manager can scan the connection table for entries in which agentxSessionConnIndex matches the value of the agentxConnIndex of the connection in question. AgentX Working Group Expires April 1998 [Page 3] Internet Draft AgentX MIB 13 November 1997 4. Definitions AGENTX-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, experimental, Counter32, Gauge32, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF TEXTUAL-CONVENTION, TimeStamp FROM SNMPv2-TC; agentxMIB MODULE-IDENTITY LAST-UPDATED "9710221200Z" -- October 22, 1997 ORGANIZATION "IETF AgentX Working Group" CONTACT-INFO "WG-email: agentx@fv.com Subscribe: agentx-request@fv.com http://www.ietf.org/html.charters/agentx-charter.html Chair: Bob Natale ACE*COMM Corporation Email: bnatale@acec.com Editor: Smitha Gudur BMC Software, Inc. 1190 Saratoga Avenue San Jose, CA 95129 Phone: +1 408-556-0720 Email: sgudur@bmc.com " DESCRIPTION "This is the MIB module for the SNMP Agent Extensibility Protocol (AgentX). This MIB module will be implemented by the master agent." -- For testing purposes only. Need to get an experimental id ::= { experimental 2001 } agentxObjects OBJECT IDENTIFIER ::= { agentxMIB 1 } -- -- Define the four groups that serve to organize the -- objects in this MIB -- agentxGeneral OBJECT IDENTIFIER ::= { agentxObjects 1 } agentxConnection OBJECT IDENTIFIER ::= { agentxObjects 2 } AgentX Working Group Expires April 1998 [Page 4] Internet Draft AgentX MIB 13 November 1997 agentxSession OBJECT IDENTIFIER ::= { agentxObjects 3 } agentxRegistration OBJECT IDENTIFIER ::= { agentxObjects 4 } -- -- Textual Conventions -- Utf8String ::= TEXTUAL-CONVENTION DISPLAY-HINT "255a" STATUS current DESCRIPTION "To facilitate internationalization, this TC represents information taken from the ISO/IEC IS 10646-1 character set, encoded as an octet string using the UTF-8 character encoding scheme described in RFC 2044 [8]. For strings in 7-bit US-ASCII, there is no impact since the UTF-8 representation is identical to the US-ASCII encoding." SYNTAX OCTET STRING (SIZE (0..255)) agentxDefaultTimeout OBJECT-TYPE SYNTAX INTEGER (0..255) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The default length of time, in seconds, that the master agent should allow to elapse after dispatching a message to a subagent before it regards the subagent as not responding. This is a system-wide value that may be overridden by the values associated with a particular subagent (agentxSessionTimeout) or a particular registered MIB region (agentxRegTimeout)." DEFVAL { 5 } ::= { agentxGeneral 1 } agentxMasterAgentXVer OBJECT-TYPE SYNTAX INTEGER (1..256) MAX-ACCESS read-only STATUS current DESCRIPTION "The AgentX protocol version supported by this master agent. Current version is 1. Note that the master agent must allow registration of earlier version subagents." DEFVAL { 1 } ::= { agentxGeneral 2 } agentxMasterTransports OBJECT-TYPE SYNTAX BITS { unixDomainSockets(0), tcp(1), AgentX Working Group Expires April 1998 [Page 5] Internet Draft AgentX MIB 13 November 1997 udp(2), sharedMem(3), other(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The transports that the master agent supports." DEFVAL { { tcp } } ::= { agentxGeneral 3 } -- -- The Agentx Subagent Connection Group -- agentxConnTableLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when the last row creation or deletion occurred in the agentxConnectionTable." ::= { agentxConnection 1 } agentxConnNumber OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the agentxConnectionTable. Note that this may be smaller than the largest value of agentxConnIndex since index values are not reused when entries come and go from the agentxConnectionTable." ::= { agentxConnection 2 } agentxConnectionTable OBJECT-TYPE SYNTAX SEQUENCE OF AgentxConnectionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The agentxConnectionTable tracks all current Agentx transport connections. There may be zero, one, or more agentx sessions on a given Agentx connection." ::= { agentxConnection 3 } AgentxConnectionEntry ::= SEQUENCE { agentxConnIndex Unsigned32, agentxConnOpenTime TimeStamp, agentxConnTransportType INTEGER, AgentX Working Group Expires April 1998 [Page 6] Internet Draft AgentX MIB 13 November 1997 agentxConnTransportAddr OCTET STRING, agentxConnSessions Gauge32 } agentxConnectionEntry OBJECT-TYPE SYNTAX AgentxConnectionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An agentxConnectionEntry contains information describing a single Agentx transport connection. A connection may be used to support zero or more Agentx sessions. Entries come into being when the transport connection is established, and are not deleted unless the transport connection has been terminated." INDEX { agentxConnIndex } ::= { agentxConnectionTable 1 } agentxConnIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of agentxConnIndex uniquely identifies each open transport connection used by this master agent to provide AgentX service. Values of this index should not be re-used. The value assigned to a given transport connection is constant for the lifetime of that connection." ::= { agentxConnectionEntry 1 } agentxConnOpenTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when this connection was established and, therefore, its value when this entry was added to the table." ::= { agentxConnectionEntry 2 } agentxConnTransportType OBJECT-TYPE SYNTAX INTEGER { unixDomainSockets(1), tcp(2), udp(3), sharedMem(4), other(5) } MAX-ACCESS read-only STATUS current DESCRIPTION AgentX Working Group Expires April 1998 [Page 7] Internet Draft AgentX MIB 13 November 1997 "The transport protocol in use for this connection to the master agent. This information can be used by a management application to determine how agentxConnTransportAddr should be displayed." ::= { agentxConnectionEntry 3 } agentxConnTransportAddr OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "The transport address of the remote (subagent) end of this connection to the master agent, in network byte order. Management applications can use agentxConnTransportType to determine how this information is to be formatted for display." ::= { agentxConnectionEntry 4 } agentxConnSessions OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of AgentX sessions being carried by this transport connection. For purposes of this MIB, an AgentX session begins when a valid agentx-Open-PDU is received, and ends when a corresponding agentx-Close-PDU has been sent or received by the master agent." ::= { agentxConnectionEntry 5 } -- -- The AgentX Subagent Session Group -- agentxSessionTableLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when the last row creation or deletion occurred in the agentxSessionTable." ::= { agentxSession 1 } agentxSessionNumber OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the AgentX Working Group Expires April 1998 [Page 8] Internet Draft AgentX MIB 13 November 1997 agentxSessionTable. Note that this may be smaller than the largest value of agentxSessionIndex since index values are not reused when entries come and go from the agentxSessionTable." ::= { agentxSession 2 } -- -- The AgentX Subagent Session Table -- agentxSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF AgentxSubagentEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of AgentX subagents that have open sessions with the AgentX master agent." ::= { agentxSession 3 } agentxSessionEntry OBJECT-TYPE SYNTAX AgentxSubagentEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single open session between the AgentX master agent and a subagent." INDEX { agentxSessionIndex } ::= { agentxSessionTable 1 } AgentxSubagentEntry ::= SEQUENCE { agentxSessionIndex Unsigned32, agentxSessionObjectID OBJECT IDENTIFIER, agentxSessionDescr Utf8String, agentxSessionAdminStatus INTEGER, agentxSessionOpenTime TimeStamp, agentxSessionAgentXVer INTEGER, agentxSessionTimeout INTEGER, agentxSessionConnIndex Unsigned32 } agentxSessionIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique index for the subagent session. Note that if a subagent's session with the master agent is closed for any reason its index should not be re-used, therefore, the values of agentxSessionIndex may not be contiguous and AgentX Working Group Expires April 1998 [Page 9] Internet Draft AgentX MIB 13 November 1997 will generally not be the same for the same subagent across multiple sessions. Index values assigned for a given registration are constant for the lifetime of this table" ::= { agentxSessionEntry 1 } agentxSessionObjectID OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-only STATUS current DESCRIPTION "This is analogous to sysObjectID defined in MIB-2 [2] and is taken from the o.id field of the agentx-Open-PDU." ::= { agentxSessionEntry 2 } -- -- Issue: should we describe this more in terms of AGENT-CAPABILITIES -- or sysORTable? -- agentxSessionDescr OBJECT-TYPE SYNTAX Utf8String MAX-ACCESS read-only STATUS current DESCRIPTION "A textual description of the subagent. This is analogous to sysDescr defined in MIB-2 [2] and is taken from the o.descr field of the agentx-Open-PDU." ::= { agentxSessionEntry 3 } agentxSessionAdminStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The administrative (desired) status of the subagent. Setting the value to 'down(2)' closes the subagent session (with c.reason set to 'reasonByManager'). When read, the value returned is always 'up(1)'." DEFVAL { up } ::= { agentxSessionEntry 4 } agentxSessionOpenTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current AgentX Working Group Expires April 1998 [Page 10] Internet Draft AgentX MIB 13 November 1997 DESCRIPTION "The value of sysUpTime when this session was opened and, therefore, its value when this entry was added to the table." ::= { agentxSessionEntry 5 } agentxSessionAgentXVer OBJECT-TYPE SYNTAX INTEGER (1..256) MAX-ACCESS read-only STATUS current DESCRIPTION "The version of the AgentX protocol supported by the subagent. This will be less than or equal to the value of agentxMasterAgentXVer." DEFVAL { 1 } ::= { agentxSessionEntry 6 } agentxSessionTimeout OBJECT-TYPE SYNTAX INTEGER (0..255) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The length of time, in seconds, that a master agent should allow to elapse after dispatching a message to this subagent before it regards the subagent as not responding. This value is taken from the o.timeout field of the agentx-Open-PDU. This is a subagent-specific value that may be overridden by values associated with specific registered MIB regions (see agentxRegTimeout). The default value of '0' indicates that the master agent's default timeout value should be used (see agentxDefaultTimeout)." DEFVAL { 0 } ::= { agentxSessionEntry 7 } agentxSessionConnIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The agentxSessionConnIndex attribute identifies the entry in the agentxConnectionTable for the connection on which this session is carried. This attribute's value is constant for the lifetime of a given session. Multiple sessions, if carried by the same transport connection, will have the same value for this attribute." ::= { agentxSessionEntry 8 } AgentX Working Group Expires April 1998 [Page 11] Internet Draft AgentX MIB 13 November 1997 -- -- The AgentX Registration Information group -- -- The statistics in this group are maintained by the Master Agent. -- -- Other stats have been removed. Support trap generation based -- on certain situations for duplicate registration. -- agentxRegisterDuplicate OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of agentx-Response-PDU messages sent by this master agent where the res.error field was set to 'duplicateRegistration'." ::= { agentxRegistration 1 } -- -- The AgentX Registration Table -- agentxRegistrationTable OBJECT-TYPE SYNTAX SEQUENCE OF AgentxRegistrationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of registered OBJECT IDENTIFIER regions. This is the table used to identify a registered region of a subagent. Note that a subagent registration may be broken up into multiple entries in this table, as described in the AgentX Protocol specification [5]." ::= { agentxRegistration 2 } agentxRegistrationEntry OBJECT-TYPE SYNTAX AgentxRegistrationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A single registered region. Regions are added by the master agent when subagents register and are removed from the table when the subagents unregister the region or their sessions are closed. Note that the combination of agentxRegContext, agentxRegStart and agentxRegDispatchOrder will be unique and could have been used for indexing purposes, but would have potentially resulted in excessively long OBJECT IDENTIFIERs." INDEX { agentxRegIndex } ::= { agentxRegistrationTable 1 } AgentX Working Group Expires April 1998 [Page 12] Internet Draft AgentX MIB 13 November 1997 AgentxRegistrationEntry ::= SEQUENCE { agentxRegIndex Unsigned32, agentxRegContext OCTET STRING, agentxRegStart OBJECT IDENTIFIER, agentxRegEnd OBJECT IDENTIFIER, agentxRegPriority Unsigned32, agentxRegSessionIndex Unsigned32, agentxRegTimeout INTEGER } agentxRegIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "AgentxRegIndex is an integer that uniquely identifies a registration entry. Its value is constant for the lifetime of an entry." ::= { agentxRegistrationEntry 1 } agentxRegContext OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "The context in which the subagent supports the objects in this region. A zero-length context indicates the default context." ::= { agentxRegistrationEntry 2 } agentxRegStart OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-only STATUS current DESCRIPTION "The starting OBJECT IDENTIFIER of this registration entry. The subagent identified by agentxRegSessionIndex implements objects starting at this value (inclusive). Note that this value could identify an object type, an object instance, or a partial object instance." ::= { agentxRegistrationEntry 3 } agentxRegEnd OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-only STATUS current DESCRIPTION "The ending OBJECT IDENTIFIER of this registration entry. The subagent identified by agentxRegSessionIndex implements AgentX Working Group Expires April 1998 [Page 13] Internet Draft AgentX MIB 13 November 1997 objects up to but not including this value. Note that this value could identify an object type, an object instance, or a partial object instance." ::= { agentxRegistrationEntry 4 } -- -- To support other subagent types that can be visible -- to the manager. -- agentxRegPriority OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The subagent's priority when exporting this OID range. Lower values have higher priority." DEFVAL { 255 } ::= { agentxRegistrationEntry 5 } agentxRegSessionIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of agentxSessionIndex for the subagent that registered this OID range." ::= { agentxRegistrationEntry 6 } agentxRegTimeout OBJECT-TYPE SYNTAX INTEGER (0..255) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The timeout value, in seconds, for subagent responses to requests associated with this OID range. The value '0' indicates that the default value (indicated by agentxSessionTimeout or agentxDefaultTimeout) is to be used. This value is taken from the r.timeout field of the agentx-Register-PDU." DEFVAL { 0 } ::= { agentxRegistrationEntry 7 } -- -- Conformance Statements for the AgentX MIB -- agentxConformance OBJECT IDENTIFIER ::= { agentxMIB 2 } agentxMIBGroups OBJECT IDENTIFIER ::= { agentxConformance 1 } AgentX Working Group Expires April 1998 [Page 14] Internet Draft AgentX MIB 13 November 1997 agentxMIBCompliances OBJECT IDENTIFIER ::= { agentxConformance 2 } agentxMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities that implement the AgentX protocol. Note that a compliant agent can implement all objects in this MIB module as read-only." MODULE -- this module MANDATORY-GROUPS { agentxMIBGroup } OBJECT agentxDefaultTimeout MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT agentxSessionAdminStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { agentxMIBCompliances 1 } agentxMIBGroup OBJECT-GROUP OBJECTS { agentxDefaultTimeout, agentxMasterAgentXVer, agentxMasterTransports, agentxConnTableLastChange, agentxConnNumber, agentxConnOpenTime, agentxConnTransportType, agentxConnTransportAddr, agentxConnSessions, agentxSessionTableLastChange, agentxSessionNumber, agentxSessionTimeout, agentxSessionObjectID, agentxSessionDescr, agentxSessionAdminStatus, agentxSessionOpenTime, agentxSessionAgentXVer, agentxSessionConnIndex, agentxRegisterDuplicate, agentxRegContext, agentxRegStart, agentxRegEnd, AgentX Working Group Expires April 1998 [Page 15] Internet Draft AgentX MIB 13 November 1997 agentxRegPriority, agentxRegSessionIndex, agentxRegTimeout } STATUS current DESCRIPTION "All accessible objects in the AgentX MIB." ::= { agentxMIBGroups 1 } END 5. Acknowledgments This document is a product of the IETF's AgentX Working Group. Special acknowledgement is made to: Maria Greene Ascom Nexion 289 Great Road Acton, MA 01720 USA Phone: +1 508-266-4570 EMail: greene@nexen.com This MIB is an evolution of the Subagent MIB by Bert Wijnen (wijnen@vnet.ibm.com) which in turn was derived from the SMUX-MIB by Marshall Rose [6]. 6. References [1] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC1902, SNMP Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [2] McCloghrie, K., and M. Rose, Editors, "Management Information Base for Network Management of TCP/IP-based internets: MIB-II", STD 17, RFC 1213, Hughes LAN Systems, Performance Systems International, March 1991. [3] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", RFC 1157, SNMP Research, Performance Systems International, Performance Systems International, MIT Laboratory for Computer Science, May 1990. AgentX Working Group Expires April 1998 [Page 16] Internet Draft AgentX MIB 13 November 1997 [4] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC1905, SNMP Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [5] Daniele, M., Wijnen, B., and D. Francisco, "Agent Extensibility (AgentX) Protocol, Version 1", draft-ietf-agentx-ext-pro-01.txt, Digital Equipment Corporation, T.J. Watson Research Center, IBM Corp., Cisco Systems, November, 1996. [6] Rose, M., "SNMP MUX Protocol and MIB", RFC1227, Performance Systems International, Inc., May 1991. [7] Wijnen, B., Carpenter, G., Curran, K., Sehgal, A., and G. Waters, "Simple Network Management Protocol: Distributed Protocol Interface, Version 2.0", RFC 1592, T.J. Watson Research Center, IBM Corp., Bell Northern Research, Ltd., March 1994. [8] F. Yergeau, "UTF-8, a transformation format of Unicode and ISO 10646,", RFC 2044, October 1996. 7. Security Considerations In most cases, MIBs are not themselves security risks; if SNMP security is operating as intended, the use of a MIB to view information about a system, or to change some parameter at the system, is a tool, not a threat. None of the read-only objects in this MIB reports a password, user data, or anything else that is particularly sensitive. If access to these objects is not limited by an appropriate access control policy, these objects can provide an attacker with information about a system's configuration and the services that that system is providing. Some enterprises view their network and system configurations themselves, as well as information about usage and performance, as corporate assets; such enterprises may wish to restrict SNMP access to most of the objects in the MIB. This MIB contains two read-write objects: agentxDefaultTimeout and agentxSAAdminStatus. Setting agentxDefaultTimeout to an inappropriately small value can prevent new subagent sessions from being usable. Setting agentxSAAdminStatus to an inappropriate value can effectively prevent access to management information, or provide access to inappropriate information. Since changes to either of these objects can adversely impact the manageability of a system, write access to these objects should be subject to an appropriate access control policy. Such a policy may be realized in an implementation by limiting support for these objects to read-only AgentX Working Group Expires April 1998 [Page 17] Internet Draft AgentX MIB 13 November 1997 access. 8. Editor's Address Smitha Gudur BMC Software, Inc. 1190 Saratoga Avenue, Suite 130 San Jose, CA 95129-3433 USA Phone: +1 408-556-0720 EMail: sgudur@bmc.com 9. Full Copyright Statement Copyright (C) The Internet Society (1997). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implmentation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. AgentX Working Group Expires April 1998 [Page 18]