Internet Draft Proxy between SNMP Transport Mappings Mar 92 Proxy between SNMP Transport Mappings Thu Mar 12 09:31:03 1992 Marshall T. Rose Dover Beach Consulting, Inc. mrose@dbc.mtview.ca.us Keith McCloghrie Hughes LAN Systems kzm@hls.com 1. Status of this Memo This memo provides information for the Internet community. It does not specify any standard. Distribution of this memo is unlimited. Please send comments to the authors. 2. Abstract This memo suggests a straight-forward approach toward describing SNMP transport mappings so as to allow easy description of proxy relationships in implementations. Rose and McCloghrie [Page 1] Draft Proxy between SNMP Transport Mappings Mar 92 3. Proxy between SNMP Transport Mappings The SNMP Party MIB [1] provides a formal basis for proxy. However, in order to provide proxy to the community-based SNMP [2], and between different transport mappings with the party- based SNMP, some definitions are necessary for both transport domains and authentication protocols. This document provides those definitions. 3.1. Definitions mtr OBJECT IDENTIFIER ::= { joint-iso-ccitt 6 200 } mtrManagement OBJECT IDENTIFIER ::= { mtr 3 } mtrAdmin OBJECT IDENTIFIER ::= { mtrManagement 1 } mtrProtocols OBJECT IDENTIFIER ::= { mtrAdmin 1 } rfc1157noAuth OBJECT IDENTIFIER ::= { mtrProtocols 1 } mtrDomains OBJECT IDENTIFIER ::= { mtrAdmin 2 } rfc1157Domain OBJECT IDENTIFIER ::= { mtrDomains 1 } rfc1283CLDomain OBJECT IDENTIFIER ::= { mtrDomains 2 } rfc1283CODomain OBJECT IDENTIFIER ::= { mtrDomains 3 } rfc1298Domain OBJECT IDENTIFIER ::= { mtrDomains 4 } Rose and McCloghrie [Page 2] Draft Proxy between SNMP Transport Mappings Mar 92 3.2. Transport Domain: rfc1157Domain The transport domain, rfc1157Domain, indicates the transport mapping for community-based SNMP messages defined in RFC 1157. When a party's transport domain (partyTDomain) is rfc1157Domain: (1) the party's transport address (partyTAddress) shall be 6 octets long, the initial 4 octets containing the IP- address in network-byte order, and the last two octets containing the UDP port in network-byte order; and, (2) the party's authentication protocol (partyAuthProtocol) shall be rfc1157noAuth. 3.3. Transport Domain: rfc1283CLDomain and rfc1283CODomain The transport domains, rfc1283CLDomain and rfc1283CODomain, indicate the transport mappings onto CLTS and COTS services, respectively, defined in RFC 1283 [3]. When a party's transport domain (partyTDomain) is rfc1283CLDomain or rfc1283CODomain: (1) the party's transport address (partyTAddress) shall be `m' octets long, the initial octet indicates the length of the NSAP, `n', which immediately follows, octets 2 through `n+1' contain the NSAP using the concrete binary representation, and the remaining octets contain the transport selector; and, (2) the choice of messages sent (either community-based or party-based) depends on the value of partyAuthProtocol (a value of rfc1157noAuth indicates community-based messages, any other value indicates party-based messages). Rose and McCloghrie [Page 3] Draft Proxy between SNMP Transport Mappings Mar 92 3.4. Transport Domain: rfc1298Domain The transport domain, rfc1298Domain, indicates the transport mapping defined in RFC 1298 [4]. When a party's transport domain (partyTDomain) is rfc1298Domain: (1) the party's transport address (partyTAddress) shall be 12 octets long, the initial 4 octets containing the network-number in network-byte order, the next 6 octets containing the physical-address in network-byte order, and the last two octets containing the socket-number in network-byte order; and, (2) the choice of messages sent (either community-based or party-based) depends on the value of partyAuthProtocol (a value of rfc1157noAuth indicates community-based messages, any other value indicates party-based messages). 3.5. Authentication Algorithm: rfc1157noAuth A party's authentication protocol (partyAuthProtocol) specifies the protocol and mechanism by which the party authenticates the integrity and origin of the SNMP PDUs [2] it generates. When a party's authentication protocol is rfc1157noAuth: (1) the party's public authentication key (partyAuthPublic), clock (partyAuthClock), and lifetime (partyAuthLifetime) are irrelevant; and, (2) the party's private authentication key (partySecretsAuthPrivate) shall be used as the 1157 community for the proxy target, and shall be at least one octet in length (no maximum length is specified). Note that when setting the party's private authentication key, the exclusive-OR semantics specified in [1] still apply. Rose and McCloghrie [Page 4] Draft Proxy between SNMP Transport Mappings Mar 92 4. Acknowledgements This specification is based in part on a suggestion by Jonathan Biggar of Netlabs, Inc. Rose and McCloghrie [Page 5] Draft Proxy between SNMP Transport Mappings Mar 92 5. References [1] K. McCloghrie, J.R. Davin, and J.M. Galvin, Definitions of Managed Objects for Administration of SNMP Parties, Internet Draft, (December, 1991). [2] J.D. Case, M.S. Fedor, M.L. Schoffstall, and J.R. Davin, Simple Network Management Protocol, Internet Working Group Request for Comments 1157. Network Information Center, SRI International, Menlo Park, California, (May, 1990). [3] M.T. Rose, SNMP over OSI, Internet Working Group Request for Comments 1283. Network Information Center, SRI International, Menlo Park, California, (December, 1991). [4] R.B. Wormley, and S. Bostock, SNMP over IPX, Internet Working Group Request for Comments 1298. Network Information Center, SRI International, Menlo Park, California, (February, 1992). Rose and McCloghrie [Page 6] Draft Proxy between SNMP Transport Mappings Mar 92 Table of Contents 1 Status of this Memo ................................... 1 2 Abstract .............................................. 1 3 Proxy between SNMP Transport Mappings ................. 2 3.1 Definitions ......................................... 2 3.2 Transport Domain: rfc1157Domain ..................... 3 3.3 Transport Domain: rfc1283CLDomain and rfc1283CODomain .................................... 3 3.4 Transport Domain: rfc1298Domain ..................... 4 3.5 Authentication Algorithm: rfc1157noAuth ............. 4 4 Acknowledgements ...................................... 5 5 References ............................................ 6 Rose and McCloghrie [Page 7]