RFC relevance of framework

As per Relevance of the word framework, we have this rfc below:

Network Working Group J.
Request for Comments: 2570 SNMP Research, Inc
Category: Informational R.
TIS Labs at Network Associates, Inc
D.

B.
Cisco
April 1999

Introduction to Version 3 of
Internet-standard Network Management

Status of this

This memo provides information for the Internet community. It
not specify an Internet standard of any kind. Distribution of
memo is unlimited

Copyright

Copyright (C) The Internet Society (1999). All Rights Reserved

The purpose of this document is to provide an overview of the
version of the Internet-standard Management Framework, termed
SNMP version 3 Framework (SNMPv3). This Framework is derived
and builds upon both the original Internet-standard
Framework (SNMPv1) and the second Internet-standard
Framework (SNMPv2).

The architecture is designed to be modular to allow the evolution
the Framework over time

Table of

1 Introduction .....................................................2
2 The Internet Standard Management Framework .......................3
2.1 Basic Structure and Components .................................3
2.2 Architecture of the Internet Standard Management Framework .....3
3 The SNMPv1 Management Framework ..................................4
3.1 The SNMPv1 Data Definition Language ............................5
3.2 Management Information .........................................6
3.3 Protocol Operations ............................................6
3.4 SNMPv1 Security and Administration .............................6

Case, et al. Informational [Page 1]

RFC 2570 Introduction to SNMPv3 April 1999

4 The SNMPv2 Management Framework ..................................7
5 The SNMPv3 Working Group .........................................8
6 SNMPv3 Framework Module Specifications ..........................10
6.1 Data Definition Language ......................................10
6.2 MIB Modules ...................................................11
6.3 Protocol Operations and Transport Mappings ....................12
6.4 SNMPv3 Security and Administration ............................12
7 Document Summaries ..............................................13
7.1 Structure of Management Information ...........................13
7.1.1 Base SMI Specification ......................................13
7.1.2 Textual Conventions .........................................14
7.1.3 Conformance Statements ......................................15
7.2 Protocol Operations ...........................................15
7.3 Transport Mappings ............................................15
7.4 Protocol Instrumentation ......................................16
7.5 Architecture / Security and Administration ....................16
7.6 Message Processing and Dispatch (MPD) .........................16
7.7 SNMP Applications .............................................17
7.8 User-based Security Model (USM) ...............................17
7.9 View-based Access Control (VACM) ..............................18
7.10 SNMPv3 Coexistence and Transition ............................18
8 Security Considerations .........................................19
9 Editors' Addresses ..............................................19
10 References .....................................................20
11 Full Copyright Statement .......................................23

1

This document is an introduction to the third version of
Internet-standard Management Framework, termed the SNMP version 3
Management Framework (SNMPv3) and has multiple purposes

First, it describes the relationship between the SNMP version 3
(SNMPv3) specifications and the specifications of the SNMP version 1
(SNMPv1) Management Framework, the SNMP version 2 (SNMPv2)
Framework, and the Community-based Administrative Framework
SNMPv2.

Second, it provides a roadmap to the multiple documents which
the relevant specifications

Third, this document provides a brief easy-to-read summary of
contents of each of the relevant specification documents

This document is intentionally tutorial in nature and, as such,
occasionally be "guilty" of oversimplification. In the event of
conflict or contradiction between this document and the more
documents for which this document is a roadmap, the specifications

Case, et al. Informational [Page 2]

RFC 2570 Introduction to SNMPv3 April 1999

the more detailed documents shall prevail

Further, the detailed documents attempt to maintain
between the various component modules in order to specify well
defined interfaces between them. This roadmap document, however
takes a different approach and attempts to provide an integrated
of the various component modules in the interest of readability

2 The Internet Standard Management

The third version of the Internet Standard Management Framework (
SNMPv3 Framework) is derived from and builds upon both the
Internet-standard Management Framework (SNMPv1) and the
Internet-standard Management Framework (SNMPv2).

All versions (SNMPv1, SNMPv2, and SNMPv3) of the Internet
Management Framework share the same basic structure and components
Furthermore, all versions of the specifications of the
Standard Management Framework follow the same architecture

2.1 Basic Structure and

An enterprise deploying the Internet Standard Management
contains four basic components

* several (typically many) managed nodes, each with an SNMP
which provides remote access to management
(traditionally called an agent);

* at least one SNMP entity with management applications (
called a manager),

* a management protocol used to convey management
between the SNMP entities,

* management information

The management protocol is used to convey management
between SNMP entities such as managers and agents

This basic structure is common to all versions of the
Standard Management Framework; i.e., SNMPv1, SNMPv2, and SNMPv3.

2.2 Architecture of the Internet Standard Management

The specifications of the Internet Standard Management Framework
based on a modular architecture. This framework is more than just
protocol for moving data. It consists of

Case, et al. Informational [Page 3]

RFC 2570 Introduction to SNMPv3 April 1999

* a data definition language

* definitions of management information (the
Information Base, or MIB),

* a protocol definition,

* security and administration

Over time, as the Framework has evolved from SNMPv1, through SNMPv2,
to SNMPv3, the definitions of each of these architectural
have become richer and more clearly defined, but the
architecture has remained consistent

One prime motivator for this modularity was to enable the
evolution of the Framework as is documented in RFC 1052 [14].
originally envisioned, this capability was to be used to ease
transition from SNMP-based management of internets to
based on OSI protocols. To this end, the framework was
with a protocol-independent data definition language and
Information Base along with a MIB-independent protocol.
separation was designed to allow the SNMP-based protocol to
replaced without requiring the management information to be
or reinstrumented. History has shown that the selection of
architecture was the right decision for the wrong reason -- it
out that this architecture has eased the transition from SNMPv1
SNMPv2 and from SNMPv2 to SNMPv3 rather than easing the
away from management based on the Simple Network Management Protocol

The SNMPv3 Framework builds and extends these
principles by

* building on these four basic architectural components, in
cases incorporating them from the SNMPv2 Framework by reference

* by using these same layering principles in the definition of
capabilities in the security and administration portion of
architecture

Those who are familiar with the architecture of the SNMPv1
Framework and the SNMPv2 Management Framework will find many
concepts in the architecture of the SNMPv3 Management Framework
However, in some cases, the terminology may be somewhat different

Case, et al. Informational [Page 4]

RFC 2570 Introduction to SNMPv3 April 1999

3 The SNMPv1 Management

The original Internet-standard Network Management Framework (SNMPv1)
is defined in the following documents

* STD 16, RFC 1155 [1] which defines the Structure of
Information (SMI), the mechanisms used for describing and
objects for the purpose of management

* STD 16, RFC 1212 [2] which defines a more concise
mechanism for describing and naming management information objects
but which is wholly consistent with the SMI

* STD 15, RFC 1157 [3] which defines the Simple Network
Protocol (SNMP), the protocol used for network access to
objects and event notification. Note this document also defines
initial set of event notifications

Additionally, two documents are generally considered to be
to these three

* STD 17, RFC 1213 [13] which contains definitions for the
set of management

* RFC 1215 [25] defines a concise description mechanism
defining event notifications, which are called traps in the SNMPv
protocol. It also specifies the generic traps from RFC 1157 in
concise notation

These documents describe the four parts of the first version of
SNMP Framework

3.1 The SNMPv1 Data Definition

The first two and the last document describe the SNMPv1
definition language. Note that due to the initial requirement
the SMI be protocol-independent, the first two SMI documents do
provide a means for defining event notifications (traps). Instead
the SNMP protocol document defines a few standardized
notifications (generic traps) and provides a means for
event notifications to be defined. The last document specifies
straight-forward approach towards defining event notifications
with the SNMPv1 protocol. At the time that it was written, use
traps in the Internet-standard network management framework
controversial. As such, RFC 1215 was put forward with the status
"Informational", which was never updated because it was believed
the second version of the SNMP Framework would replace the
version. Note that the SNMPv1 data definition language is

Case, et al. Informational [Page 5]

RFC 2570 Introduction to SNMPv3 April 1999

referred to as SMIv1.

3.2 Management

The data definition language described in the first two documents
first used to define the now-historic MIB-I as specified in RFC 1066
[12], and was subsequently used to define MIB-II as specified in
1213 [13].

Later, after the publication of MIB-II, a different approach
management information definition was taken from the earlier
of having a single committee staffed by generalists work on a
document to define the Internet-standard MIB. Rather, many mini-
documents were produced in a parallel and distributed fashion
groups chartered to produce a specification for a focused portion
the Internet-standard MIB and staffed by personnel with expertise
those particular areas ranging from various aspects of
management, to system management, and application management

3.3 Protocol

The third document, STD 15, describes the SNMPv1 protocol
performed by protocol data units (PDUs) on lists of variable
and describes the format of SNMPv1 messages. The operators defined
SNMPv1 are: get, get-next, get-response, set-request, and trap
Typical layering of SNMP on a connectionless transport service
also defined

3.4 SNMPv1 Security and

STD 15 also describes an approach to security and administration
Many of these concepts are carried forward and some,
security, are extended by the SNMPv3 Framework

The SNMPv1 Framework describes the encapsulation of SNMPv1 PDUs
SNMP messages between SNMP entities and distinguishes
application entities and protocol entities. In SNMPv3, these
renamed applications and engines, respectively

The SNMPv1 Framework also introduces the concept of an
service supporting one or more authentication schemes. In
to authentication, SNMPv3 defines the additional security
referred to as privacy. (Note: some literature from the
community would describe SNMPv3 security capabilities as
data integrity, source authenticity, and confidentiality.)
modular nature of the SNMPv3 Framework permits both changes
additions to the security capabilities

Case, et al. Informational [Page 6]

RFC 2570 Introduction to SNMPv3 April 1999

Finally, the SNMPv1 Framework introduces access control based on
concept called an SNMP MIB view. The SNMPv3 Framework specifies
fundamentally similar concept called view-based access control.
this capability, SNMPv3 provides the means for controlling access
information on managed devices

However, while the SNMPv1 Framework anticipated the definition
multiple authentication schemes, it did not define any such
other than a trivial authentication scheme based on
strings. This was a known fundamental weakness in the SNMPv
Framework but it was thought at that time that the definition
commercial grade security might be contentious in its design
difficult to get approved because "security" means many
things to different people. To that end, and because some users
not require strong authentication, the SNMPv1 architected
authentication service as a separate block to be defined "later"
the SNMPv3 Framework provides an architecture for use within
block as well as a definition for its subsystems

4 The SNMPv2 Management

The SNMPv2 Management Framework is fully described in [4-9]
coexistence and transition issues relating to SNMPv1 and SNMPv2
discussed in [10].

SNMPv2 provides several advantages over SNMPv1, including

* expanded data types (e.g., 64 bit counter

* improved efficiency and performance (get-bulk operator

* confirmed event notification (inform operator

* richer error handling (errors and exceptions

* improved sets, especially row creation and

* fine tuning of the data definition

However, the SNMPv2 Framework, as described in these documents,
incomplete in that it does not meet the original design goals of
SNMPv2 project. The unmet goals included provision of security
administration delivering so-called "commercial grade" security

* authentication: origin identification, message integrity
and some aspects of replay protection

* privacy: confidentiality

Case, et al. Informational [Page 7]

RFC 2570 Introduction to SNMPv3 April 1999

* authorization and access control;

* suitable remote configuration and administration
for these features

The SNMPv3 Management Framework, as described in this document
the companion documents, addresses these significant deficiencies

5 The SNMPv3 Working

This document, and its companion documents, were produced by
SNMPv3 Working Group of the Internet Engineering Task Force (IETF).
The SNMPv3 Working Group was chartered to prepare recommendations
the next generation of SNMP. The goal of the Working Group was
produce the necessary set of documents that provide a single
for the next generation of core SNMP functions. The single,
critical need in the next generation is a definition of security
administration that makes SNMP-based management transactions
in a way which is useful for users who wish to use SNMPv3 to
networks, the systems that make up those networks, and
applications which reside on those systems, including manager-to
agent, agent-to-manager, and manager-to-manager transactions

In the several years prior to the chartering of the Working Group
there were a number of activities aimed at incorporating security
other improvements to SNMP. These efforts included

* "SNMP Security" circa 1991-1992 [RFC 1351 - RFC 1353],

* "SMP" circa 1992-1993,

* "The Party-based SNMPv2" circa 1993-1995 [RFC 1441 - RFC 1452].

Each of these efforts incorporated commercial grade,
strength security including authentication, privacy, authorization
view-based access control, and administration, including
configuration

These efforts fed the development of the SNMPv2 Management
as described in RFCs 1902 - 1908. However, the Framework
in those RFCs had no standards-based security and
framework of its own; rather, it was associated with
security and administrative frameworks, including

* "The Community-based SNMPv2" (SNMPv2c) [RFC 1901],

* "SNMPv2u" [RFCs 1909 - 1910]

Case, et al. Informational [Page 8]

RFC 2570 Introduction to SNMPv3 April 1999

* "SNMPv2*".

SNMPv2c had the endorsement of the IETF but no security
administration whereas both SNMPv2u and SNMPv2* had security
lacked the endorsement of the IETF

The SNMPv3 Working Group was chartered to produce a single set
specifications for the next generation of SNMP, based upon
convergence of the concepts and technical elements of SNMPv2u
SNMPv2*, as was suggested by an advisory team which was formed
provide a single recommended approach for SNMP evolution

In so doing, the Working Group charter defined the
objectives

* accommodate the wide range of operational environments
differing management demands

* facilitate the need to transition from previous,
protocols to SNMPv3;

* facilitate the ease of setup and maintenance activities

In the initial work of the SNMPv3 Working Group, the group focused
security and administration,

* authentication and privacy

* authorization and view-based access control,

* standards-based remote configuration of the above

The SNMPv3 Working Group did not "reinvent the wheel," but reused
SNMPv2 Draft Standard documents, i.e., RFCs 1902 through 1908
those portions of the design that were outside the focused scope

Rather, the primary contributors to the SNMPv3 Working Group, and
Working Group in general, devoted their considerable efforts
addressing the missing link -- security and administration -- and
the process made invaluable contributions to the state-of-the-art
management

They produced a design based on a modular architecture
evolutionary capabilities with emphasis on layering. As a result
SNMPv3 can be thought of as SNMPv2 with additional security
administration capabilities

Case, et al. Informational [Page 9]

RFC 2570 Introduction to SNMPv3 April 1999

In doing so, the Working Group achieved the goal of producing
single specification which has not only the endorsement of the
but also has security and administration

6 SNMPv3 Framework Module

The specification of the SNMPv3 Management Framework is
in a modular fashion among several documents. It is the intention
the SNMPv3 Working Group that, with proper care, any or all of
individual documents can be revised, upgraded, or replaced
requirements change, new understandings are obtained, and
technologies become available

Whenever feasible, the initial document set which defines the SNMPv
Management Framework leverages prior investments defining
implementing the SNMPv2 Management Framework by incorporating
reference each of the specifications of the SNMPv2
Framework

The SNMPv3 Framework augments those specifications
specifications for security and administration for SNMPv3.

The documents which specify the SNMPv3 Management Framework
the same architecture as those of the prior versions and can
organized for expository purposes into four main categories
follows

* the data definition language

* Management Information Base (MIB) modules

* protocol operations,

* security and administration

The first three sets of documents are incorporated from SNMPv2.
fourth set of documents are new to SNMPv3, but, as
previously, build on significant prior related works

6.1 Data Definition

The specifications of the data definition language includes STD 58,
RFC 2578, "Structure of Management Information Version 2 (SMIv2)"
[26], and related specifications. These documents are updates
RFCs 1902 - 1904 [4-6] which have evolved independently from
other parts of the framework and were republished as STD 58,
2578 - 2580 [26-28] when promoted from Draft Standard

Case, et al. Informational [Page 10]

RFC 2570 Introduction to SNMPv3 April 1999

The Structure of Management Information (SMIv2) defines
data types, an object model, and the rules for writing and
MIB modules. Related specifications include STD 58, RFCs 2579, 2580.
The updated data definition language is sometimes referred to
SMIv2.

STD 58, RFC 2579, "Textual Conventions for SMIv2" [27], defines
initial set of shorthand abbreviations which are available for
within all MIB modules for the convenience of human readers
writers

STD 58, RFC 2580, "Conformance Statements for SMIv2" [28],
the format for compliance statements which are used for
requirements for agent implementations and capability
which can be used to document the characteristics of
implementations

6.2 MIB

MIB modules usually contain object definitions, may
definitions of event notifications, and sometimes include
statements specified in terms of appropriate object and
notification groups. As such, MIB modules define the
information maintained by the instrumentation in managed nodes,
remotely accessible by management agents, conveyed by the
protocol, and manipulated by management applications

MIB modules are defined according the rules defined in the
which specify the data definition language, principally the SMI
supplemented by the related specifications

There is a large and growing number of standards-based MIB modules
as defined in the periodically updated list of standard
[STD 1, RFC 2400]. As of this writing, there are nearly 100
standards-based MIB modules with a total number of defined
approaching 10,000. In addition, there is an even larger and
number of enterprise-specific MIB modules defined unilaterally
various vendors, research groups, consortia, and the like
in an unknown and virtually uncountable number of defined objects

In general, management information defined in any MIB module
regardless of the version of the data definition language used,
be used with any version of the protocol. For example, MIB
defined in terms of the SNMPv1 SMI (SMIv1) are compatible with
SNMPv3 Management Framework and can be conveyed by the
specified therein. Furthermore, MIB modules defined in terms of
SNMPv2 SMI (SMIv2) are compatible with SNMPv1 protocol operations
can be conveyed by it. However, there is one noteworthy exception

Case, et al. Informational [Page 11]

RFC 2570 Introduction to SNMPv3 April 1999

the Counter64 datatype which can be defined in a MIB module
in SMIv2 format but which cannot be conveyed by an SNMPv1
engine

6.3 Protocol Operations and Transport

The specifications for the protocol operations and transport
of the SNMPv3 Framework are incorporated by reference to the
SNMPv2 Framework documents

The specification for protocol operations is found in RFC 1905,
"Protocol Operations for Version 2 of the Simple Network
Protocol (SNMPv2)" [7]. The SNMPv3 Framework is designed to
various portions of the architecture to evolve independently.
example, it might be possible for a new specification of
operations to be defined within the Framework to allow for
protocol operations

The specification of transport mappings is found in RFC 1906,
"Transport Mappings for Version 2 of the Simple Network
Protocol (SNMPv2)" [8].

6.4 SNMPv3 Security and

The SNMPv3 document series defined by the SNMPv3 Working
consists of seven documents at this time

RFC 2570, "Introduction to Version 3 of the Internet-
Network Management Framework", which is this document

RFC 2571, "An Architecture for Describing SNMP
Frameworks" [15], describes the overall architecture with
emphasis on the architecture for security and administration

RFC 2572, "Message Processing and Dispatching for the
Network Management Protocol (SNMP)" [16], describes the
multiple message processing models and the dispatcher portion
can be a part of an SNMP protocol engine

RFC 2573, "SNMP Applications" [17], describes the five types
applications that can be associated with an SNMPv3 engine
their elements of procedure

RFC 2574, "The User-Based Security Model for Version 3 of
Simple Network Management Protocol (SNMPv3)" [18], describes
threats, mechanisms, protocols, and supporting data used
provide SNMP message-level security

Case, et al. Informational [Page 12]

RFC 2570 Introduction to SNMPv3 April 1999

RFC 2575, "View-based Access Control Model for the Simple
Management Protocol (SNMP)" [19], describes how view-based
control can be applied within command responder and
originator applications

The Work in Progress, "Coexistence between Version 1, Version 2,
and Version 3 of the Internet-standard Network
Framework" [20], describes coexistence between the SNMPv
Management Framework, the SNMPv2 Management Framework, and
original SNMPv1 Management Framework

7 Document

The following sections provide brief summaries of each document
slightly more detail than is provided in the overviews above

7.1 Structure of Management

Management information is viewed as a collection of managed objects
residing in a virtual information store, termed the
Information Base (MIB). Collections of related objects are
in MIB modules. These modules are written in the SNMP MIB
language, which contains elements of OSI's Abstract Syntax
One (ASN.1) [11] language. STD 58, RFCs 2578, 2579, 2580,
define the MIB module language, specify the base data types
objects, specify a core set of short-hand specifications for
types called textual conventions, and specify a few
assignments of object identifier (OID) values

The SMI is divided into three parts: module definitions,
definitions, and notification definitions

(1) Module definitions are used when describing information modules
An ASN.1 macro, MODULE-IDENTITY, is used to convey concisely
semantics of an information module

(2) Object definitions are used when describing managed objects.
ASN.1 macro, OBJECT-TYPE, is used to convey concisely the
and semantics of a managed object

(3) Notification definitions are used when describing
transmissions of management information. An ASN.1 macro
NOTIFICATION-TYPE, is used to convey concisely the syntax
semantics of a notification

Case, et al. Informational [Page 13]

RFC 2570 Introduction to SNMPv3 April 1999

7.1.1 Base SMI

STD 58, RFC 2578 specifies the base data types for the MIB
language, which include: Integer32, enumerated integers, Unsigned32,
Gauge32, Counter32, Counter64, TimeTicks, INTEGER, OCTET STRING
OBJECT IDENTIFIER, IpAddress, Opaque, and BITS. It also
values to several object identifiers. STD 58, RFC 2578
defines the following constructs of the MIB module language

* IMPORTS to allow the specification of items that are
in a MIB module, but defined in another MIB module

* MODULE-IDENTITY to specify for a MIB module a
and administrative information such as contact and
history

* OBJECT-IDENTITY and OID value assignments to specify
an OID value

* OBJECT-TYPE to specify the data type, status, and the
of managed objects

* SEQUENCE type assignment to list the columnar objects
a table

* NOTIFICATION-TYPE construct to specify an event notification

7.1.2 Textual

When designing a MIB module, it is often useful to specify in
short-hand way the semantics for a set of objects with
behavior. This is done by defining a new data type using a base
type specified in the SMI. Each new type has a different name,
specifies a base type with more restrictive semantics. These
defined types are termed textual conventions, and are used for
convenience of humans reading a MIB module and potentially
"intelligent" management applications. It is the purpose of STD 58,
RFC 2579, Textual Conventions for SMIv2 [27], to define
construct, TEXTUAL-CONVENTION, of the MIB module language used
define such new types and to specify an initial set of
conventions available to all MIB modules

Case, et al. Informational [Page 14]

RFC 2570 Introduction to SNMPv3 April 1999

7.1.3 Conformance

It may be useful to define the acceptable lower-bounds
implementation, along with the actual level of
achieved. It is the purpose of STD 58, RFC 2580,
Statements for SMIv2 [28], to define the constructs of the MIB
language used for these purposes. There are two kinds of constructs

(1) Compliance statements are used when describing requirements
agents with respect to object and event
definitions. The MODULE-COMPLIANCE construct is used to
concisely such requirements

(2) Capability statements are used when describing capabilities
agents with respect to object and event
definitions. The AGENT-CAPABILITIES construct is used to
concisely such capabilities

Finally, collections of related objects and collections of
event notifications are grouped together to form a unit
conformance. The OBJECT-GROUP construct is used to convey
the objects in and the semantics of an object group.
NOTIFICATION-GROUP construct is used to convey concisely the
notifications in and the semantics of an event notification group

7.2 Protocol

The management protocol provides for the exchange of messages
convey management information between the agents and the
stations. The form of these messages is a message "wrapper"
encapsulates a Protocol Data Unit (PDU).

It is the purpose of RFC 1905, Protocol Operations for SNMPv2 [7],
define the operations of the protocol with respect to the sending
receiving of the PDUs

7.3 Transport

SNMP Messages may be used over a variety of protocol suites. It
the purpose of RFC 1906, Transport Mappings for SNMPv2 [8], to
how SNMP messages maps onto an initial set of transport domains
Other mappings may be defined in the future

Although several mappings are defined, the mapping onto UDP is
preferred mapping. As such, to provide for the greatest level
interoperability, systems which choose to deploy other
should also provide for proxy service to the UDP mapping

Case, et al. Informational [Page 15]

RFC 2570 Introduction to SNMPv3 April 1999

7.4 Protocol

It is the purpose of RFC 1907, the Management Information Base
SNMPv2 document [9] to define managed objects which describe
behavior of an SNMPv2 entity

7.5 Architecture / Security and

It is the purpose of RFC 2571, "An Architecture for Describing
Management Frameworks" [15], to define an architecture for
SNMP Management Frameworks. While addressing general
issues, it focuses on aspects related to security and administration
It defines a number of terms used throughout the SNMPv3
Framework and, in so doing, clarifies and extends the naming

* engines and applications

* entities (service providers such as the engines in
and managers),

* identities (service users),

* management information, including support for
logical contexts

The document contains a small MIB module which is implemented by
authoritative SNMPv3 protocol engines

7.6 Message Processing and Dispatch (MPD

RFC 2572, "Message Processing and Dispatching for the Simple
Management Protocol (SNMP)" [16], describes the Message
and Dispatching for SNMP messages within the SNMP architecture.
defines the procedures for dispatching potentially multiple
of SNMP messages to the proper SNMP Message Processing Models,
for dispatching PDUs to SNMP applications. This document
describes one Message Processing Model - the SNMPv3
Processing Model

It is expected that an SNMPv3 protocol engine MUST support at
one Message Processing Model. An SNMPv3 protocol engine MAY
more than one, for example in a multi-lingual system which
simultaneous support of SNMPv3 and SNMPv1 and/or SNMPv2c

Case, et al. Informational [Page 16]

RFC 2570 Introduction to SNMPv3 April 1999

7.7 SNMP

It is the purpose of RFC 2573, "SNMP Applications" to describe
five types of applications which can be associated with an
engine. They are: Command Generators, Command Responders
Notification Originators, Notification Receivers, and
Forwarders

The document also defines MIB modules for specifying targets
management operations (including notifications), for
filtering, and for proxy forwarding

7.8 User-based Security Model (USM

RFC 2574, the "User-based Security Model (USM) for version 3 of
Simple Network Management Protocol (SNMPv3)" describes the User-
Security Model for SNMPv3. It defines the Elements of Procedure
providing SNMP message-level security

The document describes the two primary and two secondary
which are defended against by the User-based Security Model.
are: modification of information, masquerade, message
modification, and disclosure

The USM utilizes MD5 [21] and the Secure Hash Algorithm [22] as
hashing algorithms [23] for digest computation to provide

* to directly protect against data modification attacks

* to indirectly provide data origin authentication,

* to defend against masquerade attacks

The USM uses loosely synchronized monotonically increasing
indicators to defend against certain message stream
attacks. Automatic clock synchronization mechanisms based on
protocol are specified without dependence on third-party time
and concomitant security considerations

The USM uses the Data Encryption Standard (DES) [24] in the
block chaining mode (CBC) if disclosure protection is desired
Support for DES in the USM is optional, primarily because export
usage restrictions in many countries make it difficult to export
use products which include cryptographic technology

Case, et al. Informational [Page 17]

RFC 2570 Introduction to SNMPv3 April 1999

The document also includes a MIB suitable for remotely monitoring
managing the configuration parameters for the USM, including
distribution and key management

An entity may provide simultaneous support for multiple
models as well as multiple authentication and privacy protocols.
of the protocols used by the USM are based on pre-placed keys, i.e.,
private key mechanisms. The SNMPv3 architecture permits the use
asymmetric mechanisms and protocols (commonly called "public
cryptography") but as of this writing, no such SNMPv3 security
utilizing public key cryptography have been published

7.9 View-based Access Control (VACM

The purpose of RFC 2575, the "View-based Access Control Model (VACM
for the Simple Network Management Protocol (SNMP)" is to describe
View-based Access Control Model for use in the SNMP architecture
The VACM can simultaneously be associated in a single
implementation with multiple Message Processing Models and
Security Models

It is architecturally possible to have multiple, different,
Control Models active and present simultaneously in a single
implementation, but this is expected to be *_very_* rare in
and *_far_* less common than simultaneous support for
Message Processing Models and/or multiple Security Models

7.10 SNMPv3 Coexistence and

The purpose of "Coexistence between Version 1, Version 2, and
3 of the Internet-standard Network Management Framework" is
describe coexistence between the SNMPv3 Management Framework,
SNMPv2 Management Framework, and the original SNMPv1
Framework. In particular, this document describes four aspects
coexistence

* Conversion of MIB documents from SMIv1 to SMIv2

* Mapping of notification

* Approaches to coexistence between entities which
the various versions of SNMP in a multi-lingual network,
particular the processing of protocol operations
multi-lingual implementations, as well as behavior
proxy

Case, et al. Informational [Page 18]

RFC 2570 Introduction to SNMPv3 April 1999

* The SNMPv1 Message Processing Model and Community-
Security Model, which provides mechanisms for
SNMPv1 and SNMPv2c into the View-Based Access Control
(VACM) [19]

8 Security

As this document is primarily a roadmap document, it introduces
new security considerations. The reader is referred to the
sections of each of the referenced documents for information
security considerations

9 Editors'

Jeffrey
SNMP Research, Inc
3001 Kimberlin Heights
Knoxville, TN 37920-9716

Phone: +1 423 573 1434
EMail: case@snmp.

Russ
TIS Labs at Network
3060 Washington
Glenwood, MD 21738

Phone: +1 301 854 6889
EMail: mundy@tislabs.

David
Ericsson Radio
Research and
P.O. Box 1248
SE-581 12

Phone: +46 13 28 41 44
EMail: David.Partain@ericsson.

Bob
Cisco Systems, Inc
170 West Tasman
San Jose, CA 95134-1706
U.S.A
Phone: +1 603 654 6923
EMail: bstewart@cisco.

Case, et al. Informational [Page 19]

RFC 2570 Introduction to SNMPv3 April 1999

10

[1] Rose, M. and K. McCloghrie, "Structure and Identification
Management Information for TCP/IP-based internets", STD 16,
1155, May 1990.

[2] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16,
RFC 1212, March 1991.

[3] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "
Network Management Protocol", STD 15, RFC 1157, May 1990.

[4] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S
Waldbusser, "Structure of Management Information for Version 2
of the Simple Network Management Protocol (SNMPv2)", RFC 1902,
January 1996.

[5] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S
Waldbusser, "Textual Conventions for Version 2 of the
Network Management Protocol (SNMPv2)", RFC 1903, January 1996.

[6] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S
Waldbusser, "Conformance Statements for Version 2 of the
Network Management Protocol (SNMPv2)", RFC 1904, January 1996.

[7] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and S
Waldbusser, "Protocol Operations for Version 2 of the
Network Management Protocol (SNMPv2)", RFC 1905, January 1996.

[8] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and S
Waldbusser, "Transport Mappings for Version 2 of the
Network Management Protocol (SNMPv2)", RFC 1906, January 1996.

[9] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and S
Waldbusser, "Management Information Base for Version 2 of
Simple Network Management Protocol (SNMPv2)", RFC 1907,
1996.

[10] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and S
Waldbusser, "Coexistence between Version 1 and Version 2 of
Internet-standard Network Management Framework", RFC 1908,
January 1996.

[11] Information processing systems - Open Systems Interconnection -
Specification of Abstract Syntax Notation One (ASN.1),
International Organization for Standardization.
Standard 8824, (December, 1987).

Case, et al. Informational [Page 20]

RFC 2570 Introduction to SNMPv3 April 1999

[12] McCloghrie, K. and M. Rose, "Management Information Base
Network Management of TCP/IP-based Internets", RFC 1066,
1988.

[13] McCloghrie, K. and M. Rose, "Management Information Base
Network Management of TCP/IP-based internets: MIB-II, STD 17,
RFC 1213, March 1991.

[14] Cerf, V., "IAB Recommendations for the Development of
Network Management Standards", RFC 1052, April 1988.

[15] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture
Describing SNMP Management Frameworks", RFC 2571, April 1999.

[16] Case, J., Harrington, D., Presuhn, R. and B. Wijnen, "
Processing and Dispatching for the Simple Network
Protocol (SNMP)", RFC 2572, April 1999.

[17] Levi, D., Meyer, P. and B. Stewart, "SNMP Applications",
2573, April 1999.

[18] Blumenthal, U. and B. Wijnen, "The User-Based Security Model
Version 3 of the Simple Network Management Protocol (SNMPv3)",
RFC 2574, April 1999.

[19] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based
Control Model for the Simple Network Management
(SNMP)", RFC 2575, April 1999.

[20] Frye, R., Levi, D., Routhier, S., and B. Wijnen, "
between Version 1, Version 2, and Version 3 of the Internet
standard Network Management Framework", Work in Progress

[21] Rivest, R., "Message Digest Algorithm MD5", RFC 1321,
1992.

[22] Secure Hash Algorithm. NIST FIPS 180-1, (April, 1995)
http://csrc.nist.gov/fips/fip180-1.txt (ASCII
http://csrc.nist.gov/fips/fip180-1.ps (Postscript

[23] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-
for Message Authentication", RFC 2104, February 1997.

[24] Data Encryption Standard, National Institute of Standards
Technology. Federal Information Processing Standard (FIPS
Publication 46-1. Supersedes FIPS Publication 46, (January
1977; reaffirmed January, 1988).

Case, et al. Informational [Page 21]

RFC 2570 Introduction to SNMPv3 April 1999

[25] Rose, M., "A Convention for Defining Traps for use with
SNMP", RFC 1215, March 1991.

[26] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose
M. and S. Waldbusser, "Structure of Management
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.

[27] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose
M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58,
RFC 2579, April 1999.

[28] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose
M. and S. Waldbusser, "Conformance Statements for SMIv2",
58, RFC 2580, April 1999.

Case, et al. Informational [Page 22]

RFC 2570 Introduction to SNMPv3 April 1999

11 Full Copyright

Copyright (C) The Internet Society (1998). All Rights Reserved

This document and translations of it may be copied and furnished
others, and derivative works that comment on or otherwise explain
or assist in its implementation may be prepared, copied,
and distributed, in whole or in part, without restriction of
kind, provided that the above copyright notice and this paragraph
included on all such copies and derivative works. However,
document itself may not be modified in any way, such as by
the copyright notice or references to the Internet Society or
Internet organizations, except as needed for the purpose
developing Internet standards in which case the procedures
copyrights defined in the Internet Standards process must
followed, or as required to translate it into languages other
English

The limited permissions granted above are perpetual and will not
revoked by the Internet Society or its successors or assigns

This document and the information contained herein is provided on
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."

Funding for the RFC Editor function is currently provided
the Internet Society

Case, et al. Informational [Page 23]

if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.

RFC documents can be found at I.E.T.F.

Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX