RFC 1592
Simple Network Management Protocol Distributed Protocol Interface Version 2.0
Network Working Group B. Wijnen Request for Comments: 1592 G. Carpenter Obsoletes: 1228 T.J. Watson Research Center, IBM Corp. Category: Experimental K. Curran A. Sehgal G. Waters Bell Northern Research, Ltd. March 1994 Simple Network Management Protocol Distributed Protocol Interface Version 2.0 Status of this Memo This memo defines an Experimental Protocol for the Internet community. This memo does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited. Table of Contents 1. INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Summary of Changes . . . . . . . . . . . . . . . . . . . . 4 2. THEORY OF OPERATION . . . . . . . . . . . . . . . . . . . . . 5 2.1 Connection Establishment and Termination . . . . . . . . . 5 2.2 Registration . . . . . . . . . . . . . . . . . . . . . . . 6 2.3 Normal Operation . . . . . . . . . . . . . . . . . . . . . 6 2.4 DPI Architecture . . . . . . . . . . . . . . . . . . . . . 6 3. SNMP DPI PROTOCOL . . . . . . . . . . . . . . . . . . . . . 10 3.1 Connection Establishment . . . . . . . . . . . . . . . . 10 3.1.1 SNMP PDU to GET the Agent's DPI port . . . . . . . . . 11 3.1.2 SNMP PDU Containing the RESPONSE to the GET . . . . . 13 3.2 SNMP DPI Packet Formats . . . . . . . . . . . . . . . . 15 3.2.1 DPI Packet Header . . . . . . . . . . . . . . . . . . 15 3.2.2 OPEN . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2.3 CLOSE . . . . . . . . . . . . . . . . . . . . . . . . 18 3.2.4 ARE_YOU_THERE . . . . . . . . . . . . . . . . . . . . 19 3.2.5 REGISTER . . . . . . . . . . . . . . . . . . . . . . . 20 3.2.6 UNREGISTER . . . . . . . . . . . . . . . . . . . . . . 22 3.2.7 GET . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.2.8 GETNEXT . . . . . . . . . . . . . . . . . . . . . . . 24 3.2.9 GETBULK . . . . . . . . . . . . . . . . . . . . . . . 25 3.2.10 SET, COMMIT and UNDO . . . . . . . . . . . . . . . . 26 3.2.11 RESPONSE . . . . . . . . . . . . . . . . . . . . . . 29 3.2.12 TRAP . . . . . . . . . . . . . . . . . . . . . . . . 31 3.3 Constants and Values . . . . . . . . . . . . . . . . . . 33
3.3.1 Protocol Version and Release Values . . . . . . . . . 33
3.3.2 Packet Type Values . . . . . . . . . . . . . . . . . . 34
3.3.3 Variable Type Values . . . . . . . . . . . . . . . . . 35
3.3.4 Value Representation . . . . . . . . . . . . . . . . . 36
3.3.5 Character set selection . . . . . . . . . . . . . . . 36
3.3.6 Error Code Values for SNMP DPI RESPONSE packets . . . 37
3.3.7 UNREGISTER Reason Codes . . . . . . . . . . . . . . . 40
3.3.8 CLOSE Reason Codes . . . . . . . . . . . . . . . . . . 41
4. DPI 2.0 MIB DEFINITION . . . . . . . . . . . . . . . . . . 41
5. SUBAGENT CONSIDERATIONS . . . . . . . . . . . . . . . . . . 42
5.1 DPI API . . . . . . . . . . . . . . . . . . . . . . . . 43
5.2 Overview of Request Processing . . . . . . . . . . . . . 44
5.2.1 GET Processing . . . . . . . . . . . . . . . . . . . . 44
5.2.2 SET Processing . . . . . . . . . . . . . . . . . . . . 44
5.2.3 GETNEXT Processing . . . . . . . . . . . . . . . . . . 46
5.2.4 GETBULK Processing . . . . . . . . . . . . . . . . . . 47
5.2.5 OPEN Request . . . . . . . . . . . . . . . . . . . . . 48
5.2.6 CLOSE Request . . . . . . . . . . . . . . . . . . . . 49
5.2.7 REGISTER Request . . . . . . . . . . . . . . . . . . . 49
5.2.8 UNREGISTER Request . . . . . . . . . . . . . . . . . . 50
5.2.9 TRAP Request . . . . . . . . . . . . . . . . . . . . . 51
5.2.10 ARE_YOU_THERE request . . . . . . . . . . . . . . . . 51
5.2.11 How to query the DPI port. . . . . . . . . . . . . . 51
6. REFERENCES . . . . . . . . . . . . . . . . . . . . . . . . 51
7. SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . 52
8. AUTHORS' ADDRESSES . . . . . . . . . . . . . . . . . . . . 53
9. SAMPLE SOURCES FOR ANONYMOUS FTP . . . . . . . . . . . . . 54
1. INTRODUCTION
This RFC describes version 2.0 of a protocol that International
Business Machines Corporation (IBM) has been implementing in most of
its SNMP agents to allow dynamic extension of supported MIBs. Bell
Northern Research (BNR) has also implemented a version of this
protocol in some of its SNMP agents for the same reason.
The Simple Network Management Protocol (SNMP [1]) Distributed
Protocol Interface (DPI) is an extension to SNMP agents that permits
end-users to dynamically add, delete or replace management variables
in the local Management Information Base without requiring
recompilation of the SNMP agent. This is achieved by writing a so-
called sub-agent that communicates with the agent via the SNMP-DPI.
For the author of a sub-agent, the SNMP-DPI eliminates the need to
know the details of ASN.1 [2] or SNMP PDU (Protocol Data Unit)
encoding/decoding [1, 3].
Versions 1.0 and 1.1 of this protocol have been in use within IBM
since 1989 and is included in the SNMP agents for VM, MVS and OS/2. Version 1.2 of this protocol has been in use within BNR since 1992. 1.1 MOTIVATION The Simple Network Management Protocol [1] defines a protocol that permits operations on a collection of variables. This set of variables is called the Management Information Base (MIB) and a core set of variables has previously been defined [4, 5]; however, the design of the MIB makes provision for extension of this core set. Thus, an enterprise or individual can define variables of their own which represent information of use to them. An example of a potentially interesting variable which is not in the core MIB would be CPU utilization (percent busy). Unfortunately, conventional SNMP agent implementations provide no means for an end-user to make available new variables. Besides this, today there are many MIBs that people want to implement on a system. Without a capability for sub-agents, this requires all the MIBs to be implemented in one big monolithic agent, which is in many cases undesirable. The SNMP DPI addresses these issues by providing a light-weight mechanism by which a process can register the existence of a MIB variable or a MIB sub-tree with the SNMP agent. Requests for the variable(s) that are received by the SNMP agent are passed to the process acting as a sub-agent. The sub-agent then returns an appropriate answer to the SNMP agent. The SNMP agent eventually packages an SNMP response packet and sends the answer back to the remote network management station that initiated the request. Remote network management stations have no knowledge that the SNMP agent calls on other processes to obtain an answer. As far as they can tell, there is only one network management application (agent) running on the host. At the San Diego IETF (March 1992) a BOF was held on multiplexing SNMP agent's requirements. Both the SMUX [6] and DPI [7] protocols were discussed, as well as other unpublished approaches. There was also discussion regarding a need for a standard for multiplexing SNMP agents or sub-agent support. At the end of the BOF, however, there was not enough support for defining a standard. This was due, at least partially, to a few well known SNMP authors who stated that the proxy and party support for SNMPv2 (SMP at the time) would solve the problem.
Nevertheless, questions continue to be raised about sub-agent support (both in SNMP and SNMP2 mail lists) in spite of both SNMPv2 [8] being on the standard's track and SMUX being changed to a historic RFC. Furthermore, within IBM and BNR we continue to see a substantial and expanding use of the DPI protocol. with positive results. Therefore, we believe that there is a place for a sub-agent protocol and we again offer this new version as an experimental protocol. We encourage people to try it and send us feedback. Depending on that feedback, we may decide to try to get onto the standards track at a later time. During discussions about sub-agent interfaces at the San Diego BOF it also became clear that we should reduce the focus on the API for the sub-agent programmers. This RFC, therefore, specifies only the protocol to distribute SNMP requests from the main SNMP agent to the sub-agents. Programmers can build one or more Programming APIs on top of that protocol as needed, and sample API code is available from the authors of this document. 1.2 SUMMARY OF CHANGES The following changes have been made since the initial definition of SNMP-DPI [7]. Some of these resulted from comparing the SMUX [6] and DPI [7] protocols. o Documentation changes to cleanup and be more specific in some areas. Among other things, this includes: - Defining that integers are in network byte order - Defining the character set used for strings - Defining how DisplayStrings are handled. - Including DPI20 MIB definition. o Removal of the Programming API from the document. o Addition of new DPI packet types: - SNMP_DPI_OPEN for a sub-agent to open a "connection" with the DPI SNMP capable agent. The sub-agent must now identify itself and optionally provide a "password" for the connection. - SNMP_DPI_CLOSE for the agent or sub-agent to close the connection in a graceful way. - SNMP_DPI_ARE_YOU_THERE for the sub-agent to verify that the agent still knows about the sub-agent. - SNMP_DPI_UNREGISTER for the agent or sub-agent to terminate the registration of a MIB variable or MIB sub-tree.
- SNMP_DPI_COMMIT which instructs the sub-agent to actually
commit a previous SNMP_DPI_SET request. This, together
with the UNDO, allows DPI sub-agents to be compliant with
SNMP in the sense that we can now handle the "as if
simultaneous" requirement.
- SNMP_DPI_UNDO which instructs the sub-agent to UNDO a SET
or COMMIT if such is needed.
o Changes to DPI packets:
- Multiple varBinds can now be exchanged in one DPI packet
(for GET, GETNEXT, SET, TRAP). The sub-agent can specify
the maximum it wants to handle per packet.
- The packet headers now contain a packet-ID (similar to SNMP
request ID in SNMP PDU). This allows to match RESPONSE
packets to REQUESTS, which is important for UDP based
DPI-connections.
- The SNMP_DPI_REGISTER packet has new fields for time_out
and for requested priority.
- The SNMP_DPI_TRAP packet allows to specify an enterprise
OID. In addition, the generic and specific trap types are
now 4 octets, so that we can pass the types correctly.
- In general, the packets have a more consistent layout.
o The agent now sends a RESPONSE to a REGISTER request
o Addition of SNMPv2 error codes and value types.
2. THEORY OF OPERATION
2.1 CONNECTION ESTABLISHMENT AND TERMINATION
Communication between the SNMP Agent and its clients (sub-agents)
takes place via a communication mechanism. The communication type
can be either a logical stream connection (via TCP, for instance) or
an unreliable datagram connection (UDP, for instance). It should be
noted that other stream oriented transport communication mechanisms
can also be used. For example, the VM SNMP agent allows DPI
connections over IUCV (Inter-User Communications Vehicle) [9, 10].
Other than the connection establishment procedure, the protocol used
is identical in these environments.
In Unix the number of processes is limited by the number of file-
descriptors that can be opened. Since each TCP socket represents a
file-descriptor, restricting SNMP-DPI protocol to TCP only
connections would limit the number of sub-agents an agent could
support. As a result, the some SNMP-DPI agents support both TCP and
UDP socket type communication mechanisms for the SNMP-DPI protocol.
Please note that in the following portion of this text the SNMP-DPI agent is referred simply as the agent. Once the transport connection has been set up, the sub-agent must also initialize the logical connection with the agent. To do so it issues an OPEN request to the agent in which the sub-agent uniquely identifies itself and passes some other parameters to the agent, such as, the maximum number of varBinds per interaction it is prepared to handle, and the timeout the agent should use when waiting for a response from the sub-agent. When the sub-agent prepares to stop or cease operations, it first issues a CLOSE to shut down the logical connection with the agent, and then closes the transport connection. 2.2 REGISTRATION A sub-agent supports a collection of MIB variables or object identifiers (object IDs) that constitute its MIB (sub)tree. Each of these object IDs consists of a group ID and an instance ID. The group ID is the root of the sub-agent's MIB tree that it supports and the point of registration to the agent's MIB tree. The instance ID is the piece of the Object Identifier that follows the group ID (registration point), so it is not an instance in the terms of the SNMP definition of an instance. Regardless of the transport mechanism used, after establishing a connection to the agent, the sub-agent registers a branch (group ID) to the Agent's MIB tree. With the registration request, the sub- agent passes some parameters, such as, requested priority and a timeout value for this specific sub-tree. The agent sends back a response to indicate success or failure of the registration request. 2.3 NORMAL OPERATION Once the sub-agent has set up both the physical and logical connection to the agent, and once it has successfully registered the sub-tree(s) of the MIB(s) that it supports, it waits for requests from the SNMP agent or generates traps as required. 2.4 DPI ARCHITECTURE These are the requests that can be initiated by the SNMP agent: GET, GETNEXT, GETBULK, SET, COMMIT, UNDO, UNREGISTER, and CLOSE.
The first four of these correspond directly to SNMP requests that a
network management station can make (By default a GETBULK request
will be translated into multiple GETNEXT requests by the agent, but a
sub-agent may request that the GETBULK be passed to it). The COMMIT,
UNDO, UNREGISTER, ARE_YOU_THERE and CLOSE requests are specific
SNMP-DPI requests. The sub-agent normally responds to a request with
a RESPONSE packet. The CLOSE request is an exception for which the
sub-agent only closes the physical connection.
These are the requests that can be initiated by a sub-agent:
OPEN, REGISTER, TRAP, UNREGISTER, ARE_YOU_THERE and CLOSE.
The agent responds to OPEN, REGISTER, UNREGISTER and ARE_YOU_THERE
with a RESPONSE packet. The TRAP packet is just accepted and
forwarded by the agent without returning any information to the sub-
agent. The CLOSE packet is also just accepted by the agent upon
which it closes the physical connection.
See Figure 1 for an overview of the DPI packet flow.
-------------------------------------------------------------------
*---------------------------------*
| |
| SNMP Network |
| Management Station |
| |
|---------------------------------|
| SNMP Protocol |
*---------------------------------*
A | Get A
| | GetNext | GetResponse
Trap | | GetBulk |
| | Set |
| V |
*------------------------------* *-------------------*
| SNMP Protocol | | DPI Interface |
|------------------------------| Response | *--------------|
| | |<----------->| | |
| | | | | |
| SNMP Agent | | | | |
| | | Get,GetNext | | |
| | | (GetBulk) | | Client |
| | | Set,Commit | | |
| A *-----------+-> | Undo | | |
| | | Get/Set | |------------>| | or |
| Trap| | info | | | | |
| | | | SNMP | | | |
|-----+-----+-------* | | trap | | SNMP |
| | V | | DPI |<------------| | Sub-Agent |
| | | | | | |
| Statically Linked | | | | | |
| Instrumentation | | | | | |
| (like MIB II) | | | | | |
| | | | close | | |
| A | | | unregister | | |
|-------+-----------| | |<----------->| | |
| V | | | | | |
| | | | | | |
| | | | AreYouThere | | |
| TCP/IP layers | | | open | | |
| Kernel | | | register | | |
| | | |<------------| | |
*------------------------------* *-------------------*
-------------------------------------------------------------------
Figure 1. SNMP DPI overview
Remarks for Figure 1:
o The SNMP agent communicates with the SNMP manager via the
standard SNMP protocol.
o The SNMP agent communicates with some statically linked-in
instrumentation (potentially for the MIB II), which in turn
talks to the TCP/IP layers and kernel (operating system) in an
implementation-dependent manner.
o An SNMP sub-agent, running as a separate process (potentially
on another machine), can set up a connection with the agent.
The sub-agent has an option to communicate with the SNMP agent
through UDP or TCP sockets, or even through other mechanisms.
o Once the connection is established, the sub-agent issues a DPI
OPEN and one or more REGISTER requests to register one or more
MIB sub-trees with the SNMP agent.
o The SNMP agent responds to DPI OPEN and REGISTER requests with
a RESPONSE packet, indicating success or failure.
o The SNMP agent will decode SNMP packets.
If such a packet contains a Get or GetNext request for an
object in a sub-tree registered by a sub-agent, it sends a
corresponding DPI packet to the sub-agent.
If the request is for a GetBulk, then the agent translates it
into multiple DPI GETNEXT packets and sends those to the
sub-agent. However, the sub-agent can request (in the REGISTER
packet) that a GETBULK be passed to the sub-agent.
If the request is for a Set, then the agent uses a 2-phase
commit scheme and sends the sub-agent a sequence of SET/COMMIT,
SET/UNDO or SET/COMMIT/UNDO DPI packets.
o The SNMP sub-agent sends responses back via a RESPONSE packet.
o The SNMP agent then encodes the reply into an SNMP packet and
sends it back to the requesting SNMP manager.
o If the sub-agent wants to report an important state change, it
sends a DPI TRAP packet to the SNMP agent which will encode it
into an SNMP trap packet and send it to the manager(s).
o If the sub-agent wants to stop operations, it sends a DPI
UNREGISTER and a DPI CLOSE packet to the agent. The agent
sends a response to an UNREGISTER request.
o There is no RESPONSE to a CLOSE, the agent just closes the DPI
connection. A CLOSE implies an UNREGISTER for all
registrations that exist for the DPI connection being CLOSED.
o An agent can send DPI UNREGISTER (if a higher priority
registration comes in or for other reasons) to the sub-agent,
the sub-agent then responds with a DPI RESPONSE packet.
o An agent can also (for whatever reason) send a DPI CLOSE to
indicate it is terminating the DPI connection.
o A sub-agent can send an ARE_YOU_THERE to verify that the
"connection" is still open. If so, the agent sends a RESPONSE
with no error, otherwise, it may send a RESPONSE with an error
indication, or not react at all.
(page 10 continued on part 2)
