HTTP/1.1 200 OK Date: Tue, 09 Apr 2002 01:59:54 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Fri, 14 Aug 1998 13:06:00 GMT ETag: "2ed7dd-e540-35d43638" Accept-Ranges: bytes Content-Length: 58688 Connection: close Content-Type: text/plain DISMAN Working Group Kenneth White INTERNET DRAFT: IBM Corp. Expiration Date: February 1999 August 1998 Definitions of Managed Objects for Remote Operations Using SMIv2 Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a "working draft" or "work in progress." Please check the I-D abstract listing contained in each Internet Draft directory to learn the current status of this or any Internet Draft. Distribution of this document is unlimited. Copyright Notice Copyright (C) The Internet Society (1998). All Rights Reserved. Abstract This memo defines a Management Information Base (MIB) for performing remote operations (ping and traceroute) at a remote host. When managing a network it is useful to be able to retrieve the results of either a ping or traceroute operation when performed at a remote host. Currently, there exists several enterprise defined MIBs for performing both a remote ping or traceroute operation. The purpose of this memo is to defined a standards-based solution to enable interoperibility. Table of Contents 1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.0 The SNMP Network Management Framework . . . . . . . . . . . . 3 DISMAN Working Group Expires December 1998 [Page 1] Internet Draft REMOPS-MIB August 4, 1998 3.0 Structure of the MIB . . . . . . . . . . . . . . . . . . . . . 4 4.0 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 5.0 Security Considerations . . . . . . . . . . . . . . . . . . . 23 6.0 Intellectual Property . . . . . . . . . . . . . . . . . . . . 24 7.0 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 24 8.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . 24 9.0 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 26 10.0 Full Copyright Statement . . . . . . . . . . . . . . . . . . 26 1.0 Introduction The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119, reference [13]. This document is a product of the Distributed Management (DISMAN) Working Group. Its purpose is to define a standards-based MIB module for performing remote operations. The remote operations consist of the ping and traceroute functions. Ping and traceroute are two very useful functions for managing networks. Ping is typically used to determine if a path exists between two hosts while traceroute shows an actual path. Ping is usually implemented using the InterNet Control Message Protocol (ICMP) "ECHO" facility. It is also possible to implement a ping capability using alternate methods. For example, if the udp echo port (7) is supported at a target host it could be used instead of the ICMP echo facility. Traceroute is usually implemented by transmitting a series of probe packets with increasing time-to-live values. A probe packet is a UDP datagram encapsulated into an IP packet. Each hop in a path to the target (destination) host rejects the probe packets (probe's TTL too small) until its time-to-live value becomes large enough for the probe to be forwarded. Some systems use icmp probes instead of udp ones to implement traceroute. In both cases traceroute relies on the probes being rejected via an ICMP message to discover the hops taken along a path to the final destination. The actually method chosen to implement either the ping or traceroute functions at a remote host is considered to be implementation dependent. An agent implementation SHOULD use whatever method is thought to be best for its environment and document its behavior in its agent's capability statement when referring to the REMOPS-MIB. DISMAN Working Group Expires December 1998 [Page 2] Internet Draft REMOPS-MIB August 4, 1998 Both ping and traceroute yield the round-trip times measured in milliseconds. These times can be used as an rough approximation for network transit time. Consider the following diagram: +----------------------------------------------------------------------+ | | | Remote ping or Actual ping or | | +-----+traceroute request +------+traceroute request +------+| | |Local|------------------>|Remote|------------------>|Target|| | | Host| | Host | | Host || | +-----+ +------+ +------+| | | | | +----------------------------------------------------------------------+ A local host is the host from which the remote ping or traceroute operation is initiated from using an SNMP request. The remote host is a host where the MIB defined by this memo (REMOPS-MIB) is implemented that receives the remote ping or traceroute request via SNMP and performs the actual ping or traceroute command to the target (destination) host. 2.0 The SNMP Network Management Framework The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2271 [7]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in RFC 1155 [14], RFC 1212 [15] and RFC 1215 [16]. The second version, called SMIv2, is described in RFC 1902 [3], RFC 1903 [4] and RFC 1904 [5]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in RFC 1157 [1]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [17] and RFC 1906 [18]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [18], RFC 2272 [8] and RFC 2274 [10]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in RFC 1157 [1]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [6]. o A set of fundamental applications described in RFC 2273 [9] and the view-based access control mechanism described in RFC 2275 [11]. DISMAN Working Group Expires December 1998 [Page 3] Internet Draft REMOPS-MIB August 4, 1998 Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined ore, using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. 3.0 Structure of the MIB The REMOPS-MIB consists of the following components: o remopsSpinLock, remopsPingMaxConcurrentRequests, remopsTraceRouteMaxConcurrentRequests, remopsPingPurgeTime, and remopsTraceRoutePurgeTime o remopsPingTable and remopsPingResultsTable o remopsTraceRouteTable and remopsTraceRouteResultsTable An agent MUST implement the remopsSpinLock object to enable management applications to coordinate their use of the REMOPS-MIB. Management application use of remopsSpinLock is OPTIONAL. The objects remopsPingMaxConcurrentRequests and remopsTraceRouteMaxConcurrentRequests enable control of the maximum number of concurrent requests that an agent implementation is structured to support. It is permissible for an agent to either limit the maximum upper range allowed for these objects or to implement these objects as read-only with implementation limits expressed as their values. The two objects remopsPingPurgeTime and remopsTraceRoutePurgeTime provide a method for entries in either remopsPingTable and remopsPingResultsTable, or remopsTraceRouteTable and remopsTraceRouteResultsTable to be automatically deleted after operations complete. A remote ping or traceroute operation is initiated by performing an SNMP SET request on either remopsPingRowStatus or remopsTraceRouteRowStatus. The first index (either remopsPingOwnerIndex or remopsTraceRouteOwnerIndex) is of the SnmpAdminString textual convention that allows for use of the SNMPv3 VACM security model and also allows for a management application to identify its entries in either table. The second and 3rd indexes specify the target address for the operation. A target address can be specified as either a dnsName(2), ipv4(3), or ipv6(4) address. DISMAN Working Group Expires December 1998 [Page 4] Internet Draft REMOPS-MIB August 4, 1998 Both ping and traceroute require that an entry be created and activated in either remopsPingTable or remopsTraceRouteTable. Additionally, results can be returned using NOTIFICATIONs (refer to remopsPingNotification and remopsTraceRouteHopNotification). Notification enabled is controlled via either the request on a remopsTraceRouteResponse instance. Which remopsPingCtlType or remopsTraceRouteCtlType objects. Using the maximum value for the parameters defined within an remopsPingEntry can result in a remote ping operation taking at most 15 minutes (remopsPingTimeOut times remopsPingProbeCount) plus whatever time it takes to send the ping request and receive its response over the network. Use of the defaults for remopsPingTimeOut and remopsProbeCount yields a maximum of 3 seconds to perform the actual ping operation. The object remopsPingOperStatus can be polled to determine when a ping operation completes prior to retrieve the results of the operation from the remopsPingResultsTable. Traceroute has a much longer theoretical maximum time for completion. Basically 42 hours and 30 minutes (the product of remopsTraceRouteTimeOut, remopsTraceRouteProbesPerHop, and remopsTraceRouteMaxTtl) plus some network transit time! Use of the defaults defined within an remopsTraceRouteEntry yields a maximum of 4 minutes and 30 seconds for a default traceroute operation. Clearly 42 plus hours is too long to wait for a traceroute operation to complete. The maximum TTL value in effect for traceroute route determines how long the traceroute function will keep increasing the TTL value in the probe it transmits hoping to reach the target host. The function ends whenever the maximum TTL is exceeded or the target host is reached. The object remopsTraceRouteSetupMaxFailures was created in order to impose a throttle for how long traceroute continues to increase the TTL field in a probe without receiving any kind of response (timeouts). It is RECOMMENDED that agent implementations impose a time limit for how long it allows a traceroute operation to take relative to how the function is implemented. For example, an implemented that can't process multiple traceroute operations at the same time SHOULD impose a shorter maximum allowed time period. Consideration SHOULD also be given to whether the response is going to be polled for or returned as a series of hop NOTIFICATIONs. The object remopsTraceRouteOperStatus can be examined to determine the state of a traceroute operation. A management application can delete active remote ping or traceroute request by setting its remopsPingRowStatus or remopsTraceRouteRowStatus object to destroy(6). An implementation SHOULD NOT retain SNMP-created entries in either the remopsPingTable or remopsTraceRouteTable across reIPLs (Initial Program Loads) of its agent, since management applications need to see consistent behavior with respect to the persistence of the table entries that they create. DISMAN Working Group Expires December 1998 [Page 5] Internet Draft REMOPS-MIB August 4, 1998 4.0 Definitions REMOPS-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, experimental, Unsigned32, NOTIFICATION-TYPE FROM SNMPv2-SMI -- RFC1902 TEXTUAL-CONVENTION, RowStatus, TestAndIncr FROM SNMPv2-TC -- RFC1903 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF -- RFC1904 Utf8String FROM SYSAPPL-MIB -- RFC2287 SnmpAdminString FROM SNMP-FRAMEWORK-MIB; -- RFC2271 remopsMIB MODULE-IDENTITY LAST-UPDATED "9808040000Z" ORGANIZATION "IETF Distributed Management Working Group" CONTACT-INFO "Kenneth White International Business Machines Corporation Network Computing Software Division Research Triangle Park, NC, USA E-mail: kennethw@vnet.ibm.com" DESCRIPTION "The Remote Operations MIB (REMOPS-MIB) enables use of the ping and traceroute functions via use of the SNMP protocol." ::= { experimental 84 } -- Textual Conventions RemopsHostAddressType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The textual convention for defining the type of the target host's (destination) address." SYNTAX INTEGER { none(1), dnsName(2), -- Utf8string encoded DNS name ipv4(3), -- ipv4 address ipv6(4) -- ipv6 address } RemopsHostAddress ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The textual convention for specifying a host DISMAN Working Group Expires December 1998 [Page 6] Internet Draft REMOPS-MIB August 4, 1998 target (destination) address as indicated though use of the RemopsHostAddressType textual convention. The length of an object of this textual convention is in octets as indicated by the value of an associating object with the following RemopsHostAddressType value: RemopsHostAddressType none(1) 0 OCTETs dnsName(2) 1 to 65 OCTETs ipv4(3) 4 OCTETs ipv6(4) 16 OCTETs" SYNTAX OCTET STRING (SIZE (0..65)) RemopsStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The textual convention for specifying the states that a remops operation can be in." SYNTAX INTEGER { notStarted(1), active(2), completed(3) } -- Top-level structure of the MIB remopsNotifications OBJECT IDENTIFIER ::= { remopsMIB 0 } remopsObjects OBJECT IDENTIFIER ::= { remopsMIB 1 } remopsConformance OBJECT IDENTIFIER ::= { remopsMIB 2 } -- All simple objects remopsBaseObjects OBJECT IDENTIFIER ::= { remopsObjects 1 } -- SpinLock Definition remopsSpinLock OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "An advisory lock used to allow cooperating remops applications to coordinate their use of the remopsPingTable or the remopsTraceRouteTable. This object should be used when an application seeks to create an new entry or alter an existing entry in either the remopsPingTable or remopsTraceRouteTable. A management implementation MAY utilize the remopsSpinLock to serialize its changes or additions. Its usage is NOT REQUIRED." ::= { remopsBaseObjects 1 } DISMAN Working Group Expires December 1998 [Page 7] Internet Draft REMOPS-MIB August 4, 1998 remopsPingMaxConcurrentRequests OBJECT-TYPE SYNTAX Unsigned32 (1..100) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum number of concurrent active ping requests that are allowed within an agent implementation." DEFVAL { 10 } ::= { remopsBaseObjects 2 } remopsTraceRouteMaxConcurrentRequests OBJECT-TYPE SYNTAX Unsigned32 (1..100) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum number of concurrent active traceroute requests that are allowed within an agent implementation." DEFVAL { 10 } ::= { remopsBaseObjects 3 } remopsPingPurgeTime OBJECT-TYPE SYNTAX Unsigned32 (0..86400) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The amount of time to wait before automatically deleting an entry in remopsPingTable and all remopsPingResultsTable entries after the ping operation represented by an entry in the remopsPingTable has completed." DEFVAL { 900 } -- 15 minutes as default ::= { remopsBaseObjects 4 } remopsTraceRoutePurgeTime OBJECT-TYPE SYNTAX Unsigned32 (0..86400) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The amount of time to wait before automatically deleting an entry in remopsTraceRouteTable and all dependent remopsTraceRouteResultsTable entries after the traceroute operation represented by an remopsTraceRouteEntry has completed." DEFVAL { 900 } -- 15 minutes as default ::= { remopsBaseObjects 5 } -- Remote Operations Ping Table remopsPingTable OBJECT-TYPE SYNTAX SEQUENCE OF RemopsPingEntry MAX-ACCESS not-accessible DISMAN Working Group Expires December 1998 [Page 8] Internet Draft REMOPS-MIB August 4, 1998 STATUS current DESCRIPTION "Defines the Remote Operations Ping Table for provide via SNMP the capability of invoking ping from a remote host." ::= { remopsObjects 2 } remopsPingEntry OBJECT-TYPE SYNTAX RemopsPingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the remopsPingTable." INDEX { remopsPingOwnerIndex, remopsPingHostAddressType, remopsPingHostAddress } ::= { remopsPingTable 1 } RemopsPingEntry ::= SEQUENCE { remopsPingOwnerIndex SnmpAdminString, remopsPingHostAddressType RemopsHostAddressType, remopsPingHostAddress RemopsHostAddress, remopsPingCtlType BITS, remopsPingPacketSize Unsigned32, remopsPingTimeOut Unsigned32, remopsPingProbeCount Unsigned32, remopsPingOperStatus RemopsStatus, remopsPingRowStatus RowStatus } remopsPingOwnerIndex OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "To facilitate the provisioning of access control by a security administrator using the View-Based Access Control Model (RFC 2275, VACM) for tables in which multiple users may need to independently create or modify entries, the initial index is used as an 'owner index'. Such an initial index has a syntax of SnmpAdminString, and can thus be trivially mapped to a securityName or groupName as defined in VACM, in accordance with a security policy. All entries in that table belonging to a particular user will have the same value for this initial index. For a given user's entries in a particular table, the object identifiers for the information in these entries will have the same subidentifiers (except for the 'column' subidentifier) up to the end of the encoded owner index. To configure VACM to permit access to this portion of the table, one would create vacmViewTreeFamilyTable entries with the value of vacmViewTreeFamilySubtree including the DISMAN Working Group Expires December 1998 [Page 9] Internet Draft REMOPS-MIB August 4, 1998 owner index portion, and vacmViewTreeFamilyMask 'wildcarding' the column subidentifier. More elaborate configurations are possible." ::= { remopsPingEntry 1 } remopsPingHostAddressType OBJECT-TYPE SYNTAX RemopsHostAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies the address type of the destination." ::= { remopsPingEntry 2 } remopsPingHostAddress OBJECT-TYPE SYNTAX RemopsHostAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies the host address used on by ping request by the remote host. The host address specified is indicated by remopsPingHostAddressType." ::= { remopsPingEntry 3 } remopsPingCtlType OBJECT-TYPE SYNTAX BITS { enableNotifications(0) } MAX-ACCESS read-create STATUS current DESCRIPTION "The purpose of this object is enable the following ping function: enableNotifications(0) = enable NOTIFICATIONs for a ping operation. By default no notifications are generated." ::= { remopsPingEntry 4 } remopsPingPacketSize OBJECT-TYPE SYNTAX Unsigned32 (0..65507) UNITS "octets" MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the size of the data portion to be transmitted in a ping request in octets. A ping request is usually an ICMP message encoded into an IP packet. An IP packet has a maximum size of 65535 octets. Subtracting the size of the ICMP header (8 octets) and the size of the IP header (20 octets) yields a maximum size of 65507 octets." DEFVAL { 0 } ::= { remopsPingEntry 5 } remopsPingTimeOut OBJECT-TYPE DISMAN Working Group Expires December 1998 [Page 10] Internet Draft REMOPS-MIB August 4, 1998 SYNTAX Unsigned32 (1..60) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the time-out value, in seconds, for the actual PING request made by the remote host. Valid values for time out are from 1 to 60 seconds." DEFVAL { 3 } ::= { remopsPingEntry 6 } remopsPingProbeCount OBJECT-TYPE SYNTAX Unsigned32 (1..15) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the number of times to issue a ping request at a remote host." DEFVAL { 1 } ::= { remopsPingEntry 7 } remopsPingOperStatus OBJECT-TYPE SYNTAX RemopsStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Reflects the operational state of a remote ping operation." ::= { remopsPingEntry 8 } remopsPingRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object allows entries to be created and deleted in the remopsPingTable. Deletion of an entry in this table results in all remopsPingResultsTable entries being deleted. A remote ping operation is started when an entry in this table is created via an SNMP SET request and the entry is activated. This can occur by setting the value of this object to CreateAndGo(4) during row creation or by setting this object to active(1) after the row is created. A remote ping request starts when its entry first becomes active(1). Transitions in and out of active(1) state have no effect on the operational behavior of a remote ping operation, with the exception that deletion of an entry in this table by setting its RowStatus DISMAN Working Group Expires December 1998 [Page 11] Internet Draft REMOPS-MIB August 4, 1998 object to destroy(6) will stop an active remote ping operation. The operational state of an remote ping operation can be determined by examination of it's remopsPingOperStatus object." REFERENCE "RFC 1903, 'Textual Conventions for version 2 of the Simple Network Management Protocol (SNMPv2).'" ::= { remopsPingEntry 9 } -- Remote Operations Ping Results Table remopsPingResultsTable OBJECT-TYPE SYNTAX SEQUENCE OF RemopsPingResultsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines the Remote Operations Result Ping Table for storing the results of a ping operation." ::= { remopsObjects 3 } remopsPingResultsEntry OBJECT-TYPE SYNTAX RemopsPingResultsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the remopsPingResultsTable." INDEX { remopsPingOwnerIndex, remopsPingHostAddressType, remopsPingHostAddress, remopsPingResultsProbeIndex } ::= { remopsPingResultsTable 1 } RemopsPingResultsEntry ::= SEQUENCE { remopsPingResultsProbeIndex Unsigned32, remopsPingResultsResponse Integer32 } remopsPingResultsProbeIndex OBJECT-TYPE SYNTAX Unsigned32 (1..15) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table is created when the results of a ping probe is determined. The initial instance identifier value identifies the remopsPingEntry that a probe result (remopsPingResultsEntry) belongs to." ::= { remopsPingResultsEntry 1 } DISMAN Working Group Expires December 1998 [Page 12] Internet Draft REMOPS-MIB August 4, 1998 remopsPingResultsResponse OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The result of the ping operation made by a remote host for a particular probe. The results of the probe is indicated as the value of this object as follows: >=0 Round-trip response time in milliseconds. -1 Internal error. -2 ICMP echo request timed out. -3 Unknown destination address. -4 No route to host. -5 Interface inactive to host. -6 Failed to resolve host name. -7 remopsPingMaxConcurrentRequests limit reached." ::= { remopsPingResultsEntry 2 } -- Remote Operations Traceroute Table remopsTraceRouteTable OBJECT-TYPE SYNTAX SEQUENCE OF RemopsTraceRouteEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines the Remote Operations Traceroute Table for provide via SNMP the capability of invoking traceroute from a remote host." ::= { remopsObjects 4 } remopsTraceRouteEntry OBJECT-TYPE SYNTAX RemopsTraceRouteEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the remopsTraceRouteTable." INDEX { remopsTraceRouteOwnerIndex, remopsTraceRouteHostAddressType, remopsTraceRouteHostAddress } ::= { remopsTraceRouteTable 1 } RemopsTraceRouteEntry ::= SEQUENCE { remopsTraceRouteOwnerIndex SnmpAdminString, remopsTraceRouteHostAddressType RemopsHostAddressType, remopsTraceRouteHostAddress RemopsHostAddress, remopsTraceRouteCtlType BITS, remopsTraceRoutePacketSize Unsigned32, remopsTraceRouteTimeOut Unsigned32, remopsTraceRouteProbesPerHop Unsigned32, remopsTraceRoutePort Unsigned32, DISMAN Working Group Expires December 1998 [Page 13] Internet Draft REMOPS-MIB August 4, 1998 remopsTraceRouteMaxTtl Unsigned32, remopsTraceRouteTos Unsigned32, remopsTraceRouteSourceAddressType RemopsHostAddressType, remopsTraceRouteSourceAddress RemopsHostAddress, remopsTraceRouteInterfaceName OCTET STRING, remopsTraceRouteMiscOptions Utf8String, remopsTraceRouteMaxFailures Unsigned32, remopsTraceRouteOperStatus RemopsStatus, remopsTraceRouteRowStatus RowStatus } remopsTraceRouteOwnerIndex OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "To facilitate the provisioning of access control by a security administrator using the View-Based Access Control Model (RFC 2275, VACM) for tables in which multiple users may need to independently create or modify entries, the initial index is used as an 'owner index'. Such an initial index has a syntax of SnmpAdminString, and can thus be trivially mapped to a securityName or groupName as defined in VACM, in accordance with a security policy. All entries in this table belonging to a particular user will have the same value for this initial index. For a given user's entries in a particular table, the object identifiers for the information in these entries will have the same subidentifiers (except for the 'column' subidentifier) up to the end of the encoded owner index. To configure VACM to permit access to this portion of the table, one would create vacmViewTreeFamilyTable entries with the value of vacmViewTreeFamilySubtree including the owner index portion, and vacmViewTreeFamilyMask 'wildcarding' the column subidentifier. More elaborate configurations are possible." ::= { remopsTraceRouteEntry 1 } remopsTraceRouteHostAddressType OBJECT-TYPE SYNTAX RemopsHostAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies the address type of the destination." ::= { remopsTraceRouteEntry 2 } remopsTraceRouteHostAddress OBJECT-TYPE SYNTAX RemopsHostAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies the host address used on the traceroute request at the remote host. The host address specified is indicated by remopsTraceRouteHostAddressType." ::= { remopsTraceRouteEntry 3 } DISMAN Working Group Expires December 1998 [Page 14] Internet Draft REMOPS-MIB August 4, 1998 remopsTraceRouteCtlType OBJECT-TYPE SYNTAX BITS { enableNotifications(0), bypassRouteTable(1), noDnsLookup(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The purpose of this object is enable the following remote traceroute functions: enableNotifications(0) = enable NOTIFICATIONs for a remote traceroute operation. bypassRouteTable(2) = If selected bypass the normal routing tables and send directly to a host on an attached network. If the host is not on a directly-attached network, an error is returned. This option can be used to ping a local host through an interface that has no route through it (e.g., after the interface was dropped by routed). noDnsLookup(3) =Return hop addresses numerically rather symbolically. Enabling this option saves a nameserver lookup for each hop found on a path." DEFVAL { { enableNotifications, noDnsLookup } } ::= { remopsTraceRouteEntry 4 } remopsTraceRoutePacketSize OBJECT-TYPE SYNTAX Unsigned32 (0..65507) UNITS "octets" MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the size of the data portion of a traceroute request in octets. A traceroute request is essentially transmitted by encoding a UDP datagram into a IP packet. So subtracting the size of a UDP header (8 octets) and the size of a IP header (20 octets) yields a maximum of 65507 octets." DEFVAL { 0 } ::= { remopsTraceRouteEntry 5 } remopsTraceRouteTimeOut OBJECT-TYPE SYNTAX Unsigned32 (1..60) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the time-out value, in seconds, for a traceroute request." DISMAN Working Group Expires December 1998 [Page 15] Internet Draft REMOPS-MIB August 4, 1998 DEFVAL { 3 } ::= { remopsTraceRouteEntry 6 } remopsTraceRouteProbesPerHop OBJECT-TYPE SYNTAX Unsigned32 (1..10) UNITS "count" MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the number of times to reissue a traceroute request with the same time-to-live (TTL) value." DEFVAL { 3 } ::= { remopsTraceRouteEntry 7 } remopsTraceRoutePort OBJECT-TYPE SYNTAX Unsigned32 (1..65535) UNITS "UDP Port" MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the UDP port to sent the traceroute request to. Need to specify a port that is not in use at the destination host." DEFVAL { 4096 } ::= { remopsTraceRouteEntry 8 } remopsTraceRouteMaxTtl OBJECT-TYPE SYNTAX Unsigned32 (1..255) UNITS "time-to-live maximum" MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the maximum time-to-live value." DEFVAL { 30 } ::= { remopsTraceRouteEntry 9 } remopsTraceRouteTos OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the value to store in the TOS OCTET in the IP probe packet that is transmitted as the traceroute request. The value must be a decimal integer in the range 0 to 255. This option can be used to see if different types-of-service result in different paths. Not all values of TOS are legal or meaningful. TOS is often not supported by IP implementations. Useful values are probably '16' (low delay) and '8' (high throughput)." DEFVAL { 0 } ::= { remopsTraceRouteEntry 10 } remopsTraceRouteSourceAddressType OBJECT-TYPE DISMAN Working Group Expires December 1998 [Page 16] Internet Draft REMOPS-MIB August 4, 1998 SYNTAX RemopsHostAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the type of address that is stored in the corresponding remopsTraceRouteSetupSourceAddress. A value of none(1) indicates that the specification of a source address is not enabled." DEFVAL { none } ::= { remopsTraceRouteEntry 11 } remopsTraceRouteSourceAddress OBJECT-TYPE SYNTAX RemopsHostAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Use the specified an IP address (which must be given as an IP number, not a hostname) as the source address in outgoing probe packets. On hosts with more than one IP address, this option can be used to force the source address to be something other than the IP address of the interface the probe packet is sent on. If the IP address is not one of this machine's interface addresses, an error is returned and nothing is sent." DEFVAL { ''H } ::= { remopsTraceRouteEntry 12 } remopsTraceRouteInterfaceName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Setting this object to an interface's name prior to starting a remote traceroute operation directs the traceroute probes to be transmitted over the specified interface." DEFVAL { ''H } ::= { remopsTraceRouteEntry 13 } remopsTraceRouteMiscOptions OBJECT-TYPE SYNTAX Utf8String (SIZE(0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "Enables an application to specify implementation dependent options." DEFVAL { ''H } ::= { remopsTraceRouteEntry 14 } remopsTraceRouteMaxFailures OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS read-create STATUS current DISMAN Working Group Expires December 1998 [Page 17] Internet Draft REMOPS-MIB August 4, 1998 DESCRIPTION "The value of this object indicates the maximum number of consecutive timeouts allowed before terminating a remote traceroute request. A value of 255 (maximum hop count) indicate that the function of terminating a remote traceroute request when a number of successive timeouts are detected is disabled." DEFVAL { 5 } ::= { remopsTraceRouteEntry 15 } remopsTraceRouteOperStatus OBJECT-TYPE SYNTAX RemopsStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Reflects the operational state of a remote traceroute operation." ::= { remopsTraceRouteEntry 16 } remopsTraceRouteRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object allows entries to be created and deleted in the remopsTraceRouteTable. A remote traceroute operation is started when an entry in this table is created via an SNMP SET request and the entry is activated. This can occur by setting the value of this object to CreateAndGo(4) during row creation or by setting this object to active(1) after the row is created. A remote traceroute request starts when its entry first becomes active(1). Transitions in and out of active(1) state have no effect on the operational behavior of a remote traceroute operation, with the exception that deletion of an entry in this table by setting its RowStatus object to destroy(6) will stop an active remote traceroute operation." REFERENCE "RFC 1903, 'Textual Conventions for version 2 of the Simple Network Management Protocol (SNMPv2).'" ::= { remopsTraceRouteEntry 17 } -- Remote Operations Traceroute Results Table remopsTraceRouteResultsTable OBJECT-TYPE SYNTAX SEQUENCE OF RemopsTraceRouteResultsEntry MAX-ACCESS not-accessible STATUS current DISMAN Working Group Expires December 1998 [Page 18] Internet Draft REMOPS-MIB August 4, 1998 DESCRIPTION "Defines the Remote Operations Traceroute Results Table for storing the results of a trace route operation." ::= { remopsObjects 5 } remopsTraceRouteResultsEntry OBJECT-TYPE SYNTAX RemopsTraceRouteResultsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the remopsTraceRouteResultsTable." INDEX { remopsTraceRouteOwnerIndex, remopsTraceRouteHostAddressType, remopsTraceRouteHostAddress, remopsTraceRouteResultsHopIndex, remopsTraceRouteResultsProbeIndex } ::= { remopsTraceRouteResultsTable 1 } RemopsTraceRouteResultsEntry ::= SEQUENCE { remopsTraceRouteResultsHopIndex Unsigned32, remopsTraceRouteResultsProbeIndex Unsigned32, remopsTraceRouteResultsHopDnsName Utf8String, remopsTraceRouteResultsHopAddress RemopsHostAddress, remopsTraceRouteResultsResponse Integer32 } remopsTraceRouteResultsHopIndex OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table has as its initial instance identifier the value of its corresponding remopsTraceRouteEntry's instance identifier." ::= { remopsTraceRouteResultsEntry 1 } remopsTraceRouteResultsProbeIndex OBJECT-TYPE SYNTAX Unsigned32 (1..10) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index of a probe for determining a hop in a traceroute path." ::= { remopsTraceRouteResultsEntry 2 } remopsTraceRouteResultsHopDnsName OBJECT-TYPE SYNTAX Utf8String (SIZE(0..65)) MAX-ACCESS read-only STATUS current DESCRIPTION "The DNS name of a hop if not the zero length octet string." DISMAN Working Group Expires December 1998 [Page 19] Internet Draft REMOPS-MIB August 4, 1998 ::= { remopsTraceRouteResultsEntry 3 } remopsTraceRouteResultsHopAddress OBJECT-TYPE SYNTAX RemopsHostAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The address of a hop in a traceroute path. This object is not allowed to be a DNS name. The length of the octet string returned determines the address type." ::= { remopsTraceRouteResultsEntry 4 } remopsTraceRouteResultsResponse OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of this object indicated the result of a traceroute probe: >=0 Round-trip response time in milliseconds. -1 Internal error. -2 probe timed out. -3 Unknown destination address. -4 No route to host. -5 Interface inactive to host. -6 Failed to resolve host name. -7 remopsTraceRouteMaxConcurrentRequests limit reached." ::= { remopsTraceRouteResultsEntry 5 } -- Notifications remopsTraceRouteHopNotification NOTIFICATION-TYPE OBJECTS { remopsTraceRouteResultsHopDnsName, remopsTraceRouteResultsHopAddress, remopsTraceRouteResultsResponse } STATUS current DESCRIPTION "This object is generated when the enableNotifications(0) option via remopsTraceRouteSetupCtlType is enabled. The result of a hop is returned via this notification." ::= { remopsNotifications 1 } remopsPingNotification NOTIFICATION-TYPE OBJECTS { remopsPingResultsResponse } STATUS current DESCRIPTION "This object is generated when the enableNotifications(0) option via remopsPingCtlType is enabled. The result of a ping probe is returned in this notification." DISMAN Working Group Expires December 1998 [Page 20] Internet Draft REMOPS-MIB August 4, 1998 ::= { remopsNotifications 2 } --------------------------------------------------------------------- -- Conformance information -- Compliance statements --------------------------------------------------------------------- remopsCompliances OBJECT IDENTIFIER ::= { remopsConformance 1 } remopsGroups OBJECT IDENTIFIER ::= { remopsConformance 2 } --------------------------------------------------------------------- -- Compliance statements --------------------------------------------------------------------- remopsCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the REMOPS-MIB." MODULE -- this module MANDATORY-GROUPS { remopsBaseGroup, remopsPingGroup, remopsTraceRouteGroup } GROUP remopsPingNotGroup DESCRIPTION "Notification support is optional." GROUP remopsTraceRouteNotGroup DESCRIPTION "Notification support is optional." OBJECT remopsPingMaxConcurrentRequests MIN-ACCESS read-only DESCRIPTION "The agent is not required to support a SET operation to this object." OBJECT remopsPingPurgeTime MIN-ACCESS read-only DESCRIPTION "The agent is not required to support a SET operation to this object." OBJECT remopsPingCtlType MIN-ACCESS not-accessible DESCRIPTION "An agent implementation is not required to determine the DNS name of a destination and hence support of this object is optional." OBJECT remopsTraceRouteMaxConcurrentRequests MIN-ACCESS read-only DISMAN Working Group Expires December 1998 [Page 21] Internet Draft REMOPS-MIB August 4, 1998 DESCRIPTION "The agent is not required to support a SET operation to this object." OBJECT remopsTraceRoutePurgeTime MIN-ACCESS read-only DESCRIPTION "The agent is not required to support a SET operation to this object." OBJECT remopsTraceRouteCtlType DESCRIPTION "Prevention of hop DNS lookup is the only REQUIRED remopsTraceRouteCtlType option." ::= { remopsCompliances 1 } --------------------------------------------------------------------- -- MIB groupings --------------------------------------------------------------------- remopsBaseGroup OBJECT-GROUP OBJECTS { remopsSpinLock } STATUS current DESCRIPTION "The group of objects common to both the remote ping and remote traceroute operations." ::= { remopsGroups 1 } remopsPingGroup OBJECT-GROUP OBJECTS { remopsPingMaxConcurrentRequests, remopsPingPurgeTime, remopsPingCtlType, remopsPingPacketSize, remopsPingTimeOut, remopsPingProbeCount, remopsPingOperStatus, remopsPingRowStatus, remopsPingResultsResponse } STATUS current DESCRIPTION "The group of objects that comprise the remote ping operation." ::= { remopsGroups 2 } remopsPingNotGroup NOTIFICATION-GROUP NOTIFICATIONS { remopsPingNotification } STATUS current DESCRIPTION DISMAN Working Group Expires December 1998 [Page 22] Internet Draft REMOPS-MIB August 4, 1998 "Defines the NOTIFICATION used by the remote ping operation." ::= { remopsGroups 3 } remopsTraceRouteGroup OBJECT-GROUP OBJECTS { remopsTraceRouteMaxConcurrentRequests, remopsTraceRoutePurgeTime, remopsTraceRouteCtlType, remopsTraceRoutePacketSize, remopsTraceRouteTimeOut, remopsTraceRouteProbesPerHop, remopsTraceRoutePort, remopsTraceRouteMaxTtl, remopsTraceRouteTos, remopsTraceRouteSourceAddressType, remopsTraceRouteSourceAddress, remopsTraceRouteInterfaceName, remopsTraceRouteMiscOptions, remopsTraceRouteMaxFailures, remopsTraceRouteOperStatus, remopsTraceRouteRowStatus, remopsTraceRouteResultsHopDnsName, remopsTraceRouteResultsHopAddress, remopsTraceRouteResultsResponse } STATUS current DESCRIPTION "The group of objects that comprise the remote traceroute operation." ::= { remopsGroups 4 } remopsTraceRouteNotGroup NOTIFICATION-GROUP NOTIFICATIONS { remopsTraceRouteHopNotification } STATUS current DESCRIPTION "Defines the NOTIFICATION used by the remote traceroute operation." ::= { remopsGroups 5 } END  5.0 Security Considerations Certain management information defined in this MIB may be considered sensitive in some network environments. Therefore, authentication of received SNMP requests and controlled access to management information SHOULD be employed in such environments. The method for this authentication is a function of the SNMP Administrative Framework, and has not been expanded by this MIB. DISMAN Working Group Expires December 1998 [Page 23] Internet Draft REMOPS-MIB August 4, 1998 It is RECOMMENDED that this MIB not be supported in insecure environments. 6.0 Intellectual Property The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 7.0 Acknowledgments This document is a product of the DISMAN Working Group. 8.0 References [1] Case, J., M. Fedor, M. Schoffstall, J. Davin, "Simple Network Management Protocol", RFC 1157, SNMP Research, Performance Systems International, MIT Laboratory for Computer Science, May 1990. [2] McCloghrie, K., and M. Rose, Editors, "Management Information Base for Network Management of TCP/IP-based internets: MIB-II", STD 17, RFC 1213, Hughes LAN Systems, Performance Systems International, March 1991. [3] Case, J., McCloghrie, K., Rose, M., and Waldbusser S., "Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1902, January 1996. [4] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1903, January 1996. [5] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1904, January 1996. DISMAN Working Group Expires December 1998 [Page 24] Internet Draft REMOPS-MIB August 4, 1998 [6] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [7] Harrington D., Presuhn, R., Wijnen, B., "An Architecture for Describing SNMP Management Frameworks", RFC 2271, Cabletron Systems, BMC Software, Inc., IBM T.J. Watson Research, January 1998. [8] Harrington D., Presuhn, R., Wijnen, B., "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2272, Cabletron Systems, BMC Software, Inc., IBM T.J. Watson Research, January 1998. [9] Levi D., Meyer P., Stewart, B., "SNMPv3 Applications", RFC 2273, SNMP Research, Inc., Secure Computing Corporation, Cisco Systems, January 1998. [10] Blumenthal, U., Wijnen, B., "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2274, IBM T. J. Watson Research, January 1998. [11] Wijnen, B., Presuhn, R., McCloghrie, K., "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2275, IBM T.J. Watson Research, BMC Software, Inc., Cisco Systems, Inc., January 1998. [12] Hovey, R., and S. Bradner, "The Organizations Involved in the IETF Standards Process", BCP 11, RFC 2028, October 1996. [13] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [14] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", RFC 1155, Performance Systems International, Hughes LAN Systems, May 1990. [15] Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212, Performance Systems International, Hughes LAN Systems, March 1991. [16] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, Performance Systems International, March 1991. [17] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [18] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. DISMAN Working Group Expires December 1998 [Page 25] Internet Draft REMOPS-MIB August 4, 1998 9.0 Author's Address Kenneth D. White Dept. BRQA/Bldg. 501/G114 IBM Corporation P.O.Box 12195 3039 Cornwallis Research Triangle Park, NC 27709, USA E-mail: kennethw@vnet.ibm.com 10.0 Full Copyright Statement Copyright (C) The Internet Society (1997). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. DISMAN Working Group Expires December 1998 [Page 26]