Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 2925

Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations

Pages: 77
Obsoleted by:  4560
Part 4 of 4 – Pages 63 to 77
First   Prev   None

ToP   noToC   RFC2925 - Page 63   prevText

4.3 DISMAN-NSLOOKUP-MIB

DISMAN-NSLOOKUP-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, mib-2, Integer32 FROM SNMPv2-SMI -- RFC2578 RowStatus FROM SNMPv2-TC -- RFC2579 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF -- RFC2580 SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- RFC2571
ToP   noToC   RFC2925 - Page 64
    InetAddressType, InetAddress
        FROM INET-ADDRESS-MIB;           -- RFC2851


 lookupMIB MODULE-IDENTITY
    LAST-UPDATED "200009210000Z"         -- 21 September 2000
    ORGANIZATION "IETF Distributed Management Working Group"
    CONTACT-INFO
        "Kenneth White

        International Business Machines Corporation
        Network Computing Software Division
        Research Triangle Park, NC, USA

        E-mail: wkenneth@us.ibm.com"
    DESCRIPTION
        "The Lookup MIB (DISMAN-NSLOOKUP-MIB) enables determination
        of either the name(s) corresponding to a host address or of
        the address(es) associated with a host name at a remote host."

     --  Revision history

     REVISION     "200009210000Z"         -- 21 September 2000
     DESCRIPTION
         "Initial version, published as RFC 2925."

    ::= { mib-2 82 }

 -- Top level structure of the MIB

 lookupObjects        OBJECT IDENTIFIER ::= { lookupMIB 1 }
 lookupConformance    OBJECT IDENTIFIER ::= { lookupMIB 2 }

 -- Simple Object Definitions

 lookupMaxConcurrentRequests OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "requests"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
       "The maximum number of concurrent active lookup requests
       that are allowed within an agent implementation.  A value
       of 0 for this object implies that there is no limit for
       the number of concurrent active requests in effect."
    DEFVAL { 10 }
    ::= { lookupObjects 1 }
ToP   noToC   RFC2925 - Page 65
 lookupPurgeTime OBJECT-TYPE
    SYNTAX      Unsigned32 (0..86400)
    UNITS       "seconds"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
       "The amount of time to wait before automatically
       deleting an entry in the lookupCtlTable and any
       dependent lookupResultsTable entries
       after the lookup operation represented by an
       lookupCtlEntry has completed.

       An lookupCtEntry is considered complete
       when its lookupCtlOperStatus object has a
       value of completed(3)."
    DEFVAL { 900 }  -- 15 minutes as default
    ::= { lookupObjects 2 }

 -- Lookup Control Table

 lookupCtlTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF LookupCtlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Defines the Lookup Control Table for providing
        the capability of performing a lookup operation,
        gethostbyname or gethostbyaddr, from a remote host."
   ::= { lookupObjects 3 }

 lookupCtlEntry OBJECT-TYPE
    SYNTAX      LookupCtlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Defines an entry in the lookupCtlTable.  A
        lookupCtlEntry is initially indexed by
        lookupCtlOwnerIndex, which is of type SnmpAdminString,
        a textual convention that allows for use of the SNMPv3
        View-Based Access Control Model (RFC 2575 [11], VACM)
        and also allows an management application to identify
        its entries.  The second index element,
        lookupCtlOperationName, enables the same
        lookupCtlOwnerIndex entity to have multiple outstanding
        requests.

        The value of lookupCtlTargetAddressType determines which
        lookup function to perform.  Specification of dns(16)
ToP   noToC   RFC2925 - Page 66
        as the value of this index implies that the gethostbyname
        function should be performed to determine the numeric
        addresses associated with a symbolic name via
        lookupResultsTable entries.  Use of a value of either
        ipv4(1) or ipv6(2) implies that the gethostbyaddr function
        should be performed to determine the symbolic name(s)
        associated with a numeric address at a remote host."
    INDEX {
             lookupCtlOwnerIndex,
             lookupCtlOperationName
          }
    ::= { lookupCtlTable 1 }

 LookupCtlEntry ::=
    SEQUENCE {
        lookupCtlOwnerIndex         SnmpAdminString,
        lookupCtlOperationName      SnmpAdminString,
        lookupCtlTargetAddressType  InetAddressType,
        lookupCtlTargetAddress      InetAddress,
        lookupCtlOperStatus         INTEGER,
        lookupCtlTime               Unsigned32,
        lookupCtlRc                 Integer32,
        lookupCtlRowStatus          RowStatus
    }

 lookupCtlOwnerIndex OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE(0..32))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "To facilitate the provisioning of access control by a
       security administrator using the View-Based Access
       Control Model (RFC 2575, VACM) for tables in which
       multiple users may need to independently create or
       modify entries, the initial index is used as an 'owner
       index'.  Such an initial index has a syntax of
       SnmpAdminString, and can thus be trivially mapped to a
       securityName or groupName as defined in VACM, in
       accordance with a security policy.

       When used in conjunction with such a security policy all
       entries in the table belonging to a particular user (or
       group) will have the same value for this initial index.
       For a given user's entries in a particular table, the
       object identifiers for the information in these entries
       will have the same subidentifiers (except for the
       'column' subidentifier) up to the end of the encoded
       owner index. To configure VACM to permit access to this
ToP   noToC   RFC2925 - Page 67
       portion of the table, one would create
       vacmViewTreeFamilyTable entries with the value of
       vacmViewTreeFamilySubtree including the owner index
       portion, and vacmViewTreeFamilyMask 'wildcarding' the
       column subidentifier.  More elaborate configurations
       are possible."
    ::= { lookupCtlEntry 1 }

 lookupCtlOperationName OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE(0..32))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The name of a lookup operation.  This is locally unique,
        within the scope of an lookupCtlOwnerIndex."
    ::= { lookupCtlEntry 2 }

 lookupCtlTargetAddressType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Specifies the type of address for either performing a
        gethostbyname or a gethostbyaddr function at a remote host.
        Specification of dns(16) as the value for this object
        means that the gethostbyname function should be performed
        to return one or more numeric addresses.  Use of a value
        of either ipv4(1) or ipv6(2) means that the gethostbyaddr
        function should be used to return the symbolic names
        associated with a remote host."
    ::= { lookupCtlEntry 3 }

 lookupCtlTargetAddress OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Specifies the address used for a resolver lookup at a
        remote host.  The corresponding lookupCtlAddressType
        objects determines its type as well as the function
        that can be requested.

        A value for this object MUST be set prior to
        transitioning its corresponding lookupCtlEntry to
        active(1) via lookupCtlRowStatus."
    ::= { lookupCtlEntry 4 }

 lookupCtlOperStatus OBJECT-TYPE
ToP   noToC   RFC2925 - Page 68
    SYNTAX      INTEGER {
                   notStarted(2), -- operation has not started
                   completed(3)   -- operation is done
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Reflects the operational state of an lookupCtlEntry:

           enabled(1)    - Operation is active.
           notStarted(2) - Operation has not been enabled.
           completed(3)  - Operation has completed.

         An operation is automatically enabled(1) when its
         lookupCtlRowStatus object is transitioned to active(1)
         status.  Until this occurs lookupCtlOperStatus MUST
         report a value of notStarted(2).  After the lookup
         operation completes (success or failure) the value
         for lookupCtlOperStatus MUST be transitioned to
         completed(3)."
    ::= { lookupCtlEntry 5 }

 lookupCtlTime OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "milliseconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Reports the number of milliseconds that a lookup
        operation required to be completed at a remote host.
        Completed means operation failure as well as
        success."
    ::= { lookupCtlEntry 6 }

 lookupCtlRc OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The system specific return code from a lookup
        operation.  All implementations MUST return a value
        of 0 for this object when the remote lookup
        operation succeeds.  A non-zero value for this
        objects indicates failure.  It is recommended that
        implementations that support errno use it as the
        value of this object to aid a management
        application in determining the cause of failure."
    ::= { lookupCtlEntry 7 }
ToP   noToC   RFC2925 - Page 69
 lookupCtlRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object allows entries to be created and deleted
        in the lookupCtlTable.

        A remote lookup operation is started when an
        entry in this table is created via an SNMP SET
        request and the entry is activated.  This
        occurs by setting the value of this object
        to CreateAndGo(4) during row creation or
        by setting this object to active(1) after
        the row is created.

        A value MUST be specified for lookupCtlTargetAddress
        prior to a transition to active(1) state being
        accepted.

        A remote lookup operation starts when its entry
        first becomes active(1).  Transitions in and
        out of active(1) state have no effect on the
        operational behavior of a remote lookup
        operation, with the exception that deletion of
        an entry in this table by setting its RowStatus
        object to destroy(6) will stop an active
        remote lookup operation.

        The operational state of a remote lookup operation
        can be determined by examination of its
        lookupCtlOperStatus object."
    REFERENCE
        "See definition of RowStatus in RFC 2579,
        'Textual Conventions for SMIv2.'"
    ::= { lookupCtlEntry 8 }


-- Lookup Results Table

 lookupResultsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF LookupResultsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Defines the Lookup Results Table for providing
        the capability of determining the results of a
        operation at a remote host.
ToP   noToC   RFC2925 - Page 70
        One or more entries are added to the
        lookupResultsTable when a lookup operation,
        as reflected by an lookupCtlEntry, completes
        successfully.  All entries related to a
        successful lookup operation MUST be added
        to the lookupResultsTable at the same time
        that the associating lookupCtlOperStatus
        object is transitioned to completed(2).

        The number of entries added depends on the
        results determined for a particular lookup
        operation.  All entries associated with an
        lookupCtlEntry are removed when the
        lookupCtlEntry is deleted.

        A remote host can be multi-homed and have more
        than one IP address associated with it
        (gethostbyname results) and/or it can have more
        than one symbolic name (gethostbyaddr results).

        The gethostbyaddr function is called with a
        host address as its parameter and is used
        primarily to determine a symbolic name to
        associate with the host address.  Entries in
        the lookupResultsTable MUST be made for each
        host name returned.  The official host name MUST
        be assigned a lookupResultsIndex of 1.

        The gethostbyname function is called with a
        symbolic host name and is used primarily to
        retrieve a host address.  If possible the
        primary host address SHOULD be assigned a
        lookupResultsIndex of 1."
   ::= { lookupObjects 4 }

 lookupResultsEntry OBJECT-TYPE
    SYNTAX      LookupResultsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Defines an entry in the lookupResultsTable.  The
        first two index elements identify the
        lookupCtlEntry that a lookupResultsEntry belongs
        to.  The third index element selects a single
        lookup operation result."
    INDEX {
             lookupCtlOwnerIndex,
             lookupCtlOperationName,
ToP   noToC   RFC2925 - Page 71
             lookupResultsIndex
          }
    ::= { lookupResultsTable 1 }

 LookupResultsEntry ::=
    SEQUENCE {
        lookupResultsIndex        Unsigned32,
        lookupResultsAddressType  InetAddressType,
        lookupResultsAddress      InetAddress
     }

 lookupResultsIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..'ffffffff'h)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Entries in the lookupResultsTable are created when
        the result of a lookup operation is determined.

        Entries MUST be stored in the lookupResultsTable in
        the order that they are retrieved.  Values assigned
        to lookupResultsIndex MUST start at 1 and increase
        in order."
    ::= { lookupResultsEntry 1 }

 lookupResultsAddressType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the type of result of a remote lookup
        operation.  A value of unknown(0) implies that
        either the operation hasn't been started or that
        it has failed."
    ::= { lookupResultsEntry 2 }

 lookupResultsAddress OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Reflects a result for a remote lookup operation
        as per the value of lookupResultsAddressType."
    ::= { lookupResultsEntry 3 }


 -- Conformance information
 -- Compliance statements
ToP   noToC   RFC2925 - Page 72
 lookupCompliances OBJECT IDENTIFIER ::= { lookupConformance 1 }
 lookupGroups      OBJECT IDENTIFIER ::= { lookupConformance 2 }

 -- Compliance statements

 lookupCompliance MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
            "The compliance statement for the DISMAN-NSLOOKUP-MIB."
    MODULE  -- this module
        MANDATORY-GROUPS {
                            lookupGroup
                          }

        OBJECT lookupMaxConcurrentRequests
        MIN-ACCESS  read-only
        DESCRIPTION
            "The agent is not required to support SET
            operations to this object."

        OBJECT lookupPurgeTime
        MIN-ACCESS  read-only
        DESCRIPTION
            "The agent is not required to support a SET
            operation to this object."
    ::= { lookupCompliances 1 }

 -- MIB groupings

 lookupGroup OBJECT-GROUP
   OBJECTS {
             lookupMaxConcurrentRequests,
             lookupPurgeTime,
             lookupCtlOperStatus,
             lookupCtlTargetAddressType,
             lookupCtlTargetAddress,
             lookupCtlTime,
             lookupCtlRc,
             lookupCtlRowStatus,
             lookupResultsAddressType,
             lookupResultsAddress
           }
   STATUS  current
   DESCRIPTION
       "The group of objects that comprise the remote
       Lookup operation."
    ::= { lookupGroups 1 }
ToP   noToC   RFC2925 - Page 73
END

5.0 Security Considerations

Certain management information in the MIBs defined by this document may be considered sensitive in some network environments. Therefore, authentication of received SNMP requests and controlled access to management information SHOULD be employed in such environments. The method for this authentication is a function of the SNMP Administrative Framework, and has not been expanded by this MIB. To facilitate the provisioning of access control by a security administrator using the View-Based Access Control Model (VACM) defined in RFC 2575 [11] for tables in which multiple users may need to independently create or modify entries, the initial index is used as an "owner index". Such an initial index has a syntax of SnmpAdminString, and can thus be trivially mapped to a securityName or groupName as defined in VACM, in accordance with a security policy. All entries in related tables belonging to a particular user will have the same value for this initial index. For a given user's entries in a particular table, the object identifiers for the information in these entries will have the same subidentifiers (except for the "column" subidentifier) up to the end of the encoded owner index. To configure VACM to permit access to this portion of the table, one would create vacmViewTreeFamilyTable entries with the value of vacmViewTreeFamilySubtree including the owner index portion, and vacmViewTreeFamilyMask "wildcarding" the column subidentifier. More elaborate configurations are possible. The VACM access control mechanism described above provides control. In general, both the ping and traceroute functions when used excessively are considered a form of system attack. In the case of ping sending a system requests too often can negatively effect its performance or attempting to connect to what is supposed to be an unused port can be very unpredictable. Excessive use of the
ToP   noToC   RFC2925 - Page 74
   traceroute capability can like ping negatively affect system
   performance.  In insecure environments it is RECOMMENDED that the
   MIBs defined within this memo not be supported.

6.0 Intellectual Property

The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.

7.0 Acknowledgments

This document is a product of the DISMAN Working Group.

8.0 References

[1] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. [2] Postel, J., "Echo Protocol", STD 20, RFC 862, May 1983. [3] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [4] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
ToP   noToC   RFC2925 - Page 75
   [6]  Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol
        Operations for Version 2 of the Simple Network Management
        Protocol (SNMPv2)", RFC 1905, January 1996.

   [7]  Harrington D., Presuhn, R. and B. Wijnen, "An Architecture for
        Describing SNMP Management Frameworks", RFC 2571, April 1999.

   [8]  Case, J., Harrington D., Presuhn, R. and B. Wijnen, "Message
        Processing and Dispatching for the Simple Network Management
        Protocol (SNMP)", RFC 2572, April 1999.

   [9]  Levi D., Meyer, P. and B. Stewart, "SNMPv3 Applications", RFC
        2573, April 1999.

   [10] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM)
        for version 3 of the Simple Network Management Protocol
        (SNMPv3)", RFC 2574, April 1999.

   [11] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access
        Control Model (VACM) for the Simple Network Management Protocol
        (SNMP)", RFC 2575, April 1999.

   [12] Hovey, R. and S. Bradner, "The Organizations Involved in the
        IETF Standards Process", BCP 11, RFC 2028, October 1996.

   [13] Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

   [14] Rose, M. and K. McCloghrie, "Structure and Identification of
        Management Information for TCP/IP-based Internets", RFC 1155,
        May 1990.

   [15] Rose, M. and K. McCloghrie, "Concise MIB Definitions", RFC 1212,
        March 1991.

   [16] Rose, M., "A Convention for Defining Traps for use with the
        SNMP", RFC 1215, March 1991.

   [17] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
        "Introduction to Community-based SNMPv2", RFC 1901, January
        1996.

   [18] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport
        Mappings for Version 2 of the Simple Network Management Protocol
        (SNMPv2)", RFC 1906, January 1996.

   [19] Bradner, S., "The Internet Standards Process -- Revision 3", RFC
        2026, BCP 9, October 1996.
ToP   noToC   RFC2925 - Page 76
   [20] Postel, J., "Internet Control Message Protocol", RFC 792,
        September 1981.

   [21] Nichols, K., Blake, S., Baker, F. and D. Black, "Definition of
        the Differentiated Services Field (DS Field) in the IPv4 and
        IPv6 Headers", RFC 2474, December 1998.

   [22] Daniele, M., Haberman, B., Routhier, S. and J. Schoenwaelder,
        "Textual Conventions for Internet Network Addresses", RFC 2851,
        June 2000.

   [23] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB",
        RFC 2863, June 2000.

9.0 Author's Address

Kenneth D. White Dept. BRQA/Bldg. 501/G114 IBM Corporation P.O.Box 12195 3039 Cornwallis Research Triangle Park, NC 27709, USA EMail: wkenneth@us.ibm.com
ToP   noToC   RFC2925 - Page 77

10. Full Copyright Statement

Copyright (C) The Internet Society (2000). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.