RFC 4544
Definitions of Managed Objects for Internet Small Computer System Interface (iSCSI)
iscsiInitiatorAttributesGroup OBJECT-GROUP
OBJECTS {
iscsiIntrLoginFailures,
iscsiIntrLastFailureTime,
iscsiIntrLastFailureType,
iscsiIntrLastTgtFailureName,
iscsiIntrLastTgtFailureAddrType,
iscsiIntrLastTgtFailureAddr
}
STATUS current
DESCRIPTION
"A collection of objects providing information about
all local initiators."
::= { iscsiGroups 11 }
iscsiInitiatorLoginStatsGroup OBJECT-GROUP
OBJECTS {
iscsiIntrLoginAcceptRsps,
iscsiIntrLoginOtherFailRsps,
iscsiIntrLoginRedirectRsps,
iscsiIntrLoginAuthFailRsps,
iscsiIntrLoginAuthenticateFails,
iscsiIntrLoginNegotiateFails
}
STATUS current
DESCRIPTION
"A collection of objects providing information about all
login attempts by local initiators to remote targets."
::= { iscsiGroups 12 }
iscsiInitiatorLogoutStatsGroup OBJECT-GROUP
OBJECTS {
iscsiIntrLogoutNormals,
iscsiIntrLogoutOthers
}
STATUS current
DESCRIPTION
"A collection of objects providing information about all
logout events between local initiators and remote targets."
::= { iscsiGroups 13 }
iscsiInitiatorAuthGroup OBJECT-GROUP
OBJECTS {
iscsiIntrAuthRowStatus,
iscsiIntrAuthStorageType,
iscsiIntrAuthIdentity
}
STATUS current
DESCRIPTION
"A collection of objects providing information about all
remote targets that are initiators of the local system
that they are authorized to access."
::= { iscsiGroups 14 }
iscsiSessionAttributesGroup OBJECT-GROUP
OBJECTS {
iscsiSsnDirection,
iscsiSsnInitiatorName,
iscsiSsnTargetName,
iscsiSsnTSIH,
iscsiSsnISID,
iscsiSsnInitiatorAlias,
iscsiSsnTargetAlias,
iscsiSsnInitialR2T,
iscsiSsnImmediateData,
iscsiSsnType,
iscsiSsnMaxOutstandingR2T,
iscsiSsnFirstBurstLength,
iscsiSsnMaxBurstLength,
iscsiSsnConnectionNumber,
iscsiSsnAuthIdentity,
iscsiSsnDataSequenceInOrder,
iscsiSsnDataPDUInOrder,
iscsiSsnErrorRecoveryLevel,
iscsiSsnDiscontinuityTime
}
STATUS current
DESCRIPTION
"A collection of objects providing information applicable to
all sessions."
::= { iscsiGroups 15 }
iscsiSessionPDUStatsGroup OBJECT-GROUP
OBJECTS {
iscsiSsnCmdPDUs,
iscsiSsnRspPDUs
}
STATUS current
DESCRIPTION
"A collection of objects providing information about PDU
traffic for each session."
::= { iscsiGroups 16 }
iscsiSessionOctetStatsGroup OBJECT-GROUP
OBJECTS {
iscsiSsnTxDataOctets,
iscsiSsnRxDataOctets
}
STATUS current
DESCRIPTION
"A collection of objects providing information about octet
traffic for each session using a Counter64 data type."
::= { iscsiGroups 17 }
iscsiSessionLCOctetStatsGroup OBJECT-GROUP
OBJECTS {
iscsiSsnLCTxDataOctets,
iscsiSsnLCRxDataOctets
}
STATUS current
DESCRIPTION
"A collection of objects providing information about octet
traffic for each session using a Counter32 data type."
::= { iscsiGroups 18 }
iscsiSessionCxnErrorStatsGroup OBJECT-GROUP
OBJECTS {
iscsiSsnCxnDigestErrors,
iscsiSsnCxnTimeoutErrors
}
STATUS current
DESCRIPTION
"A collection of objects providing information about connection
errors for all sessions."
::= { iscsiGroups 19 }
iscsiConnectionAttributesGroup OBJECT-GROUP
OBJECTS {
iscsiCxnCid,
iscsiCxnState,
iscsiCxnProtocol,
iscsiCxnAddrType,
iscsiCxnLocalAddr,
iscsiCxnLocalPort,
iscsiCxnRemoteAddr,
iscsiCxnRemotePort,
iscsiCxnMaxRecvDataSegLength,
iscsiCxnMaxXmitDataSegLength,
iscsiCxnHeaderIntegrity,
iscsiCxnDataIntegrity,
iscsiCxnRecvMarker,
iscsiCxnSendMarker,
iscsiCxnVersionActive
}
STATUS current
DESCRIPTION
"A collection of objects providing information about all
connections used by all sessions."
::= { iscsiGroups 20 }
iscsiTgtLgnNotificationsGroup NOTIFICATION-GROUP
NOTIFICATIONS {
iscsiTgtLoginFailure
}
STATUS current
DESCRIPTION
"A collection of notifications that indicate a login
failure from a remote initiator to a local target."
::= { iscsiGroups 21 }
iscsiIntrLgnNotificationsGroup NOTIFICATION-GROUP
NOTIFICATIONS {
iscsiIntrLoginFailure
}
STATUS current
DESCRIPTION
"A collection of notifications that indicate a login
failure from a local initiator to a remote target."
::= { iscsiGroups 22 }
iscsiSsnFlrNotificationsGroup NOTIFICATION-GROUP
NOTIFICATIONS {
iscsiInstSessionFailure
}
STATUS current
DESCRIPTION
"A collection of notifications that indicate session
failures occurring after login."
::= { iscsiGroups 23 }
--**********************************************************************
iscsiComplianceV1 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Initial version of compliance statement based on
initial version of this MIB module.
If an implementation can be both a target and an
initiator, all groups are mandatory."
MODULE -- this module
MANDATORY-GROUPS {
iscsiInstanceAttributesGroup,
iscsiInstanceSsnErrorStatsGroup,
iscsiPortalAttributesGroup,
iscsiNodeAttributesGroup,
iscsiSessionAttributesGroup,
iscsiSessionPDUStatsGroup,
iscsiSessionCxnErrorStatsGroup,
iscsiConnectionAttributesGroup,
iscsiSsnFlrNotificationsGroup
}
-- Conditionally mandatory groups depending on the ability
-- to support Counter64 data types and/or to provide counter
-- information to SNMPv1 applications.
GROUP iscsiSessionOctetStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that can support Counter64 data types."
GROUP iscsiSessionLCOctetStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that provide information to SNMPv1-only applications;
this includes agents that cannot support Counter64
data types."
-- Conditionally mandatory groups to be included with
-- the mandatory groups when the implementation has
-- iSCSI target facilities.
GROUP iscsiTgtPortalAttributesGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
OBJECT iscsiPortalMaxRecvDataSegLength
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT iscsiNodeStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required; an implementation may
choose to allow this object to be set to 'volatile'
or 'nonVolatile'."
GROUP iscsiTargetAttributesGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
GROUP iscsiTargetLoginStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
GROUP iscsiTargetLogoutStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
GROUP iscsiTgtLgnNotificationsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
GROUP iscsiTargetAuthGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
-- Conditionally mandatory groups to be included with
-- the mandatory groups when the implementation has
-- iSCSI initiator facilities.
GROUP iscsiIntrPortalAttributesGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiInitiatorAttributesGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiInitiatorLoginStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiInitiatorLogoutStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiIntrLgnNotificationsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiInitiatorAuthGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
OBJECT iscsiNodeErrorRecoveryLevel
SYNTAX Unsigned32 (0..2)
DESCRIPTION
"Only values 0-2 are defined at present."
::= { iscsiCompliances 1 }
END
8. Security Considerations
There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: iscsiPortalAttributesTable, iscsiTgtPortalAttributesTable, and iscsiIntrPortalAttributesTable can be used to add or remove IP addresses to be used by iSCSI. iscsiTgtAuthAttributesTable entries can be added or removed, to allow or disallow access to a target by an initiator. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: iscsiNodeAttributesTable, iscsiTargetAttributesTable, and iscsiTgtAuthorization can be used to glean information needed to make connections to the iSCSI targets this module represents. However, it is the responsibility of the initiators and targets involved to authenticate each other to ensure that an inappropriately advertised or discovered initiator or target does not compromise their security. These issues are discussed in [RFC3720]. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementors consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.9. IANA Considerations
The IANA has assigned a MIB OID number under the mib-2 branch for the ISCSI-MIB.10. Normative References
[RFC3720] Satran, J., Meth, K., Sapuntzakis, C., Chadalapaka, M., and E. Zeidner, "Internet Small Computer Systems Interface (iSCSI)", RFC 3720, March 2004. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005. [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. [RFC4545] Bakke, M. and J. Muchow, "Definitions of Managed Objects for IP Storage User Identity Authorization", RFC 4545, May 2006.
11. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. [RFC4022] Raghunarayan, R., "Management Information Base for the Transmission Control Protocol (TCP)", RFC 4022, March 2005. [RFC4455] Hallak-Stamler, M., Bakke, M., Lederman, Y., Krueger, M., and K. McCloghrie, "Definition of Managed Objects for Small Computer System Interface (SCSI) Entities", RFC 4455, April 2006.12. Acknowledgements
In addition to the authors, several people contributed to the development of this MIB module. Thanks especially to those who took the time to participate in our weekly conference calls to build our requirements, object models, table structures, and attributes: John Hufferd, Tom McSweeney (IBM), Kevin Gibbons (Nishan Systems), Chad Gregory (Intel), Jack Harwood (EMC), Hari Mudaliar (Adaptec), Ie Wei Njoo (Agilent), Lawrence Lamers (SAN Valley), Satish Mali (Stonefly Networks), and William Terrell (Troika). Special thanks to Tom McSweeney, Ie Wei Njoo, and Kevin Gibbons, who wrote the descriptions for many of the tables and attributes in this MIB module, to Ayman Ghanem for finding and suggesting changes for many problems in this module, and to Keith McCloghrie for serving as advisor to the team.
Authors' Addresses
Mark Bakke Cisco Systems, Inc 7900 International Drive, Suite 400 Bloomington, MN USA 55425 EMail: mbakke@cisco.com Marjorie Krueger Hewlett-Packard Networked Storage Architecture Networked Storage Solutions Org. 8000 Foothills Blvd. Roseville, CA USA 95747 EMail: marjorie_krueger@hp.com Tom McSweeney IBM Corporation 600 Park Offices Drive Research Triangle Park, NC USA 27709 EMail: tommcs@us.ibm.com James Muchow Qlogic Corp. 6321 Bury Drive Eden Prairie, MN USA 55346 EMail: james.muchow@qlogic.com
Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgement Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).