Network Working Group J. Schoenwaelder Internet-Draft TU Braunschweig Expires: August 31, 2001 March 2, 2001 SNMP over TCP Transport Mapping draft-irtf-nmrg-snmp-tcp-06.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." To view the entire list of Internet-Draft Shadow Directories, see http://www.ietf.org/shadow.html. The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/iid-abstracts.txt This Internet-Draft will expire on August 31, 2001. Copyright Notice Copyright (C) The Internet Society (2001). All Rights Reserved. Abstract This memo defines a transport mapping for using the Simple Network Management Protocol (SNMP) over TCP. The transport mapping can be used with any version of SNMP. This document extends the transport mappings defined in RFC 1906. Schoenwaelder Expires August 31, 2001 [Page 1] Internet-Draft SNMP over TCP Transport Mapping March 2001 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. SNMP over TCP . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1 Serialization . . . . . . . . . . . . . . . . . . . . . . . . 5 3.2 Well-Known Values . . . . . . . . . . . . . . . . . . . . . . 6 3.3 Connection Management . . . . . . . . . . . . . . . . . . . . 6 3.4 Reliable Transport versus Confirmed Operations . . . . . . . . 7 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 10 A. Connection Establishment Alternatives . . . . . . . . . . . . 10 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 12 Schoenwaelder Expires August 31, 2001 [Page 2] Internet-Draft SNMP over TCP Transport Mapping March 2001 1. Introduction The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2571 [1]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [2], STD 16, RFC 1212 [3] and RFC 1215 [4]. The second version, called SMIv2, is described in STD 58, RFC 2578 [5], STD 58, RFC 2579 [6] and STD 58, RFC 2580 [7]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [8]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [10], RFC 2572 [11] and RFC 2574 [12]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [8]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [13]. o A set of fundamental applications described in RFC 2573 [14] and the view-based access control mechanism described in RFC 2575 [15]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [16]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo defines a transport mapping for using the Simple Network Management Protocol (SNMP) over TCP. The transport mapping can be used with any version of SNMP. This document extends the transport mappings defined in RFC 1906 [10]. The SNMP over TCP transport mapping is an optional transport mapping. SNMP protocol engines that implement the SNMP over TCP transport mapping MUST also implement the SNMP over UDP transport mapping as defined in RFC 1906 [10]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [17]. Schoenwaelder Expires August 31, 2001 [Page 3] Internet-Draft SNMP over TCP Transport Mapping March 2001 2. Definitions IRTF-NMRG-SNMP-TM DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-IDENTITY, experimental FROM SNMPv2-SMI TEXTUAL-CONVENTION FROM SNMPv2-TC; nmrgSnmpDomains MODULE-IDENTITY LAST-UPDATED "200103010000Z" ORGANIZATION "IRTF Network Management Research Group" CONTACT-INFO "Juergen Schoenwaelder TU Braunschweig Bueltenweg 74/75 38106 Braunschweig Germany Phone: +49 531 391-3283 Email: schoenw@ibr.cs.tu-bs.de" DESCRIPTION "This MIB module defines the SNMP over TCP transport mapping." REVISION "200103010000Z" DESCRIPTION "Initial version, published as RFC XXXX." ::= { experimental nmrg(91) 1 } -- SNMP over TCP over IPv4 snmpTCPDomain OBJECT-IDENTITY STATUS current DESCRIPTION "The SNMP over TCP over IPv4 transport domain. The corresponding transport address is of type SnmpTCPAddress." ::= { nmrgSnmpDomains 1 } SnmpTCPAddress ::= TEXTUAL-CONVENTION DISPLAY-HINT "1d.1d.1d.1d/2d" STATUS current DESCRIPTION "Represents a TCP/IPv4 address: octets contents encoding 1-4 IP-address network-byte order 5-6 TCP-port network-byte order " SYNTAX OCTET STRING (SIZE (6)) END Schoenwaelder Expires August 31, 2001 [Page 4] Internet-Draft SNMP over TCP Transport Mapping March 2001 3. SNMP over TCP SNMP over TCP is an experimental optional transport mapping. It is primarily defined to support more efficient bulk transfer mechanisms within the SNMP framework [20]. The originator of a request/response transaction chooses the transport protocol for the entire transaction. The transport protocol MUST NOT change during a transaction. In general, originators of request/response transactions are free to use the transport they assume is the best in a given situation. However, since TCP has a larger footprint on resource usage than UDP, engines using SNMP over TCP may choose to switch back to UDP by refusing new TCP connections whenever necessary (e.g. too many open TCP connections). When selecting the transport, it is useful to consider how SNMP interacts with TCP acknowledgements and timers. In particular, infrequent SNMP interactions over TCP may lead to additional IP packets carrying acknowledgements for SNMP responses if there is no chance to piggyback them. Furthermore, it is recommended to configure SNMP timers to fire later when using SNMP over TCP to avoid application specific timeouts before the TCP timers have expired. 3.1 Serialization Each instance of a message is serialized into a single BER-encoded message, using the algorithm specified in Section 8 of RFC 1906 [10]. The BER-encoded message is then sent over a TCP connection. An SNMP engine MUST NOT interleave SNMP messages within the TCP byte stream. All the bytes of one SNMP message must be sent before any bytes of a different SNMP message. It is possible to exchange multiple SNMP request/response pairs over a single (persistent) TCP connection. TCP connections are per default full-duplex and data can travel in both directions at different speeds. It is therefore possible to send multiple SNMP messages to a remote SNMP engine before receiving responses from the same SNMP engine. Note that an SNMP engine is not required to return responses in the same order as it received the requests. It is possible that the underlying TCP implementation delivers byte sequences that do not coincide with SNMP message boundaries. A receiving SNMP engine MUST therefore use the length field in the BER-encoded SNMP message to separate multiple requests sent over a single TCP connection. Schoenwaelder Expires August 31, 2001 [Page 5] Internet-Draft SNMP over TCP Transport Mapping March 2001 3.2 Well-Known Values It is RECOMMENDED that administrators configure their SNMP entities containing command responders to listen on TCP port 161 for incoming connections. It is also RECOMMENDED that SNMP entities containing notification receivers be configured to listen on TCP port 162 for connection requests. When an SNMP entity uses the TCP transport mapping, it MUST be capable of accepting messages that are at least 8192 octets in size. Implementation of larger values is encouraged whenever possible. 3.3 Connection Management The use of TCP connections introduces costs [18]. Connection establishment and teardown cause additional network traffic. Furthermore, maintaining open connections binds resources in the network layer of the underlying operating system. SNMP over TCP is intended to be used when the size of the transferred data is large since TCP offers flow control and efficient segmentation. The transport of large amounts of management data via SNMP over UDP requires many request/response interactions with small-sized SNMP over UDP messages, which causes latency to increase excessively. TCP connections are established on behalf of the SNMP applications which initiate a transaction. In particular, command generator applications are responsible for opening TCP connections to command responder applications and notification originator applications are responsible to initiate TCP connections to notification receiver applications, which are selected as described in Section 3 of RFC 2573 [14]. If the TCP connection cannot be established, then transaction is aborted reported to the application as a timeout error condition. Alternative connection establishment procedures are discussed in Appendix A but are not part of this specification. All SNMP entities (whether in an agent role or manager role) can close TCP connections at any point in time. This ensures that SNMP entities can control their resource usage and shut down TCP connections that are not used. Note that SNMP engines are not required to process SNMP messages if the incoming half of the TCP connection is closed while the outgoing half remains open. The processing of any outstanding SNMP requests when both sides of the TCP connection have been closed is implementation dependent. The sending SNMP entity SHOULD therefore not make assumptions about the processing of outstanding SNMP requests once a TCP connection is closed. A timeout error condition SHOULD be signalled for confirmed Schoenwaelder Expires August 31, 2001 [Page 6] Internet-Draft SNMP over TCP Transport Mapping March 2001 requests if the TCP connection is closed before a response has been received. 3.4 Reliable Transport versus Confirmed Operations The transport of SNMP messages over TCP results in a reliable exchange of SNMP messages between SNMP engines. In particular, TCP guarantees (in the absence of security attacks) that the delivered data is not damaged, lost, duplicated, or delivered out of order [19]. The SNMP protocol has been designed to support confirmed as well as unconfirmed operations [1]. The inform-request protocol operation is an example for a confirmed operation while the snmpV2-trap operation is an example for an unconfirmed operation. There is an important difference between an unconfirmed protocol operation sent over a reliable transport and a confirmed protocol operation. A reliable transport such as TCP only guarantees that delivered data is not damaged, lost, duplicated, or delivered out of order. It does not guarantee that the delivered data was actually processed in any way by the application process. Furthermore, even a reliable transport such as TCP cannot guarantee that data sent to a remote system is eventually delivered on the remote system. Even a graceful close of the TCP connection does not guarantee that the receiving TCP engine has actually delivered all the data to an application process. With a confirmed SNMP operation, the receiving SNMP engine acknowledges that the data was actually received. Depending on the SNMP protocol operation, a confirmation may indicate that further processing was done. For example, the response to an inform-request protocol operation also indicates to the notification originator that the notification passed the security model and that it was delivered to the notification receiver application. Similarily, the response to a set-request indicates that the data passed the transport, the authentication mechanism and that the write request was actually processed by the command responder. A reliable transport is thus only a poor approximation for confirmed operations. Applications that need confirmation of delivery or processing are encouraged to use the confirmed operations, such as the inform-request, rather than using unconfirmed operations, such as snmpV2-trap, over a reliable transport. 4. Security Considerations It is recommended that implementors consider the security features as provided by the SNMPv3 framework in order to provide SNMP Schoenwaelder Expires August 31, 2001 [Page 7] Internet-Draft SNMP over TCP Transport Mapping March 2001 security. Specifically, the use of the User-based Security Model RFC 2574 [12] and the View-based Access Control Model RFC 2575 [15] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to a MIB is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change) them. The SNMP over TCP transport mapping does not have any impact on the security mechanisms provided by SNMPv3. However, SNMP over TCP may introduce new vulnerabilities to denial of service attacks (such as TCP syn flooding) that do not exist in this form in other transport mappings. 5. Acknowledgments This document is the result of discussions within the Network Management Research Group (NMRG) of the Internet Research Task Force[21] (IRTF). Special thanks to Luca Deri, Jean-Philippe Martin-Flatin, Aiko Pras, Ron Sprenkels, and Bert Wijnen for their comments and suggestions. Additional useful comments have been made by Mike Ayers, Jeff Case, Mike Daniele, David Harrington, Lauren Heintz, Keith McCloghrie, and Dave Shield. Luca Deri, Wes Hardaker, Bert Helthuis, and Erik Schoenfelder helped to create prototype implementations. The SNMP over TCP transport mapping is currently supported by the NET-SNMP package[22] and the Linux CMU SNMP package[23]. References [1] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999. [2] Rose, M. and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990. [3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991. [4] Rose, M., "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. [5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Structure of Management Information Schoenwaelder Expires August 31, 2001 [Page 8] Internet-Draft SNMP over TCP Transport Mapping March 2001 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "A Simple Network Management Protocol (SNMP)", STD 15, RFC 1157, May 1990. [9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [11] Case, J., Harrington, D., Presuhn, R. and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999. [12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [14] Levi, D., Meyer, P. and B. Stewart, "SNMP Applications", RFC 2573, April 1999. [15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [16] Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999. [17] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [18] Kastenholz, F., "SNMP Communications Services", RFC 1270, October 1991. Schoenwaelder Expires August 31, 2001 [Page 9] Internet-Draft SNMP over TCP Transport Mapping March 2001 [19] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, September 1981. [20] Sprenkels, R. and J.P. Martin-Flatin, "Bulk Transfers of MIB Data", Simple Times 7(1), March 1999. [21] http://www.irtf.org/ [22] http://net-snmp.sourceforge.net/ [23] http://www.gaertner.de/snmp/ Author's Address Juergen Schoenwaelder TU Braunschweig Bueltenweg 74/75 38106 Braunschweig Germany Phone: +49 531 391-3283 EMail: schoenw@ibr.cs.tu-bs.de Appendix A. Connection Establishment Alternatives This memo defines a simple connection establishment scheme where the notification originator or command generator application is responsible to establish TCP connections to notification receiver or command responder applications. The purpose of this section is to document variations or alternatives of this scheme which have been discussed during the development of this specification. The discussion below focuses on notification originator applications since this is case where people seem to have diverging viewpoints. The discussion below also assumes that the reader is familiar with the SNMPv3 notification forwarding model as defined in RFC 2573 [14]. The variations that have been discussed are basically driven by the idea to provide fallback mechanisms in cases where TCP connection establishment from the notification originator to the notification receiver fails. The approach specified in this memo simply drops notifications if the TCP connection cannot be established. This implies that notification originators which need reliable notification delivery must implement a local notification log in order to keep a history of notifications that could not be delivered. Another option is to deliver notifications via UDP in case TCP connection establishment fails. This might require to augment the Schoenwaelder Expires August 31, 2001 [Page 10] Internet-Draft SNMP over TCP Transport Mapping March 2001 snmpTargetTable with columns that provide information about the alternate UDP transport domain and address. In general, this approach only helps to deliver notifications in cases where the notification receiver is unable to accept more TCP connections. In other fault scenarios (e.g. routing problems in the network), the UDP packet would have no or only marginally better chances to reach the notification receiver. This implies that notification originators which need reliable notification delivery still need to implement a local notification log in order to keep a history of notifications in cases the UDP packets do not reach the destination. A generalization of this approach leads to the idea of a sparse augmentation of the snmpTargetTable which lists alternate fallback transports endpoints of arbitrary transport domains. Multiple fallbacks may be possible by using a tag list approach. This provides a generic transport independent fallback mechanism which is independent of the TCP transport mapping defined in this memo. Another alternative is to make the notification originator responsible to retry connection establishment. This could be accomplished by augmenting the snmpTargetTable with additional columns that specify retry counts and timeouts or by adapting the existing snmpTargetAddrTimeout and snmpTargetAddrRetryCount columns in the snmpTargetTable. But even this approach requires a local notification log in order to handle situations where all retries have failed. A fundamentally different approach is to make the notification receiver responsible to establish the TCP connection to the notification originator. This approach has the advantage that the notification originator does not necessarily need a list of pre-configured notification receiver transport addresses. The current notification forwarding model however relies on the snmpTargetTable to identify notification targets. So the question comes up whether (a) new entries are added to the snmpTargetTable when a connection is established or whether (b) connections are only accepted if they match pre-configured snmpTargetTable entries. Note that the target selection logic relies on a tag list which can not reasonably populated when a connection is accepted. So only option (b) seems to be compliant with the current notification forwarding logic. Another issue to consider is the volunerability to denial of service attacks. A notification originator can be easily attacked by syn-flooding attacks if it listens for incoming TCP connections. Finally, in order to let notification originator and notification receiver appplications coexist easily on a single system, it would be necessary to assign new default port numbers on which notification originators listen for incoming TCP connections. Schoenwaelder Expires August 31, 2001 [Page 11] Internet-Draft SNMP over TCP Transport Mapping March 2001 Full Copyright Statement Copyright (C) The Internet Society (2001). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Schoenwaelder Expires August 31, 2001 [Page 12]