Skip to main content

2. Documentation Overview

2. Documentation Overview

The SNMP version 3 documentation is organized into several documents. This section provides an overview of these documents and their relationships.

2.1. Document Roadmap

The SNMP version 3 documentation consists of the following documents:

  1. Architecture: This document (RFC 3411) describes the overall architecture of SNMP Management Frameworks.

  2. Message Processing and Dispatching: RFC 3412 describes the Message Processing Subsystem and the Dispatcher.

  3. User-based Security Model: RFC 3414 describes the User-based Security Model (USM) for SNMPv3.

  4. View-based Access Control Model: RFC 3415 describes the View-based Access Control Model (VACM) for SNMPv3.

  5. Protocol Operations: RFC 3416 describes the protocol operations for SNMPv2.

  6. Transport Mappings: RFC 3417 describes the transport mappings for SNMP over UDP and other transports.

  7. Management Information Base: RFC 3418 describes the Management Information Base (MIB) for SNMPv2.

  8. Coexistence and Transition: RFC 3584 describes coexistence between SNMPv1, SNMPv2c, and SNMPv3.

2.2. Applicability Statement

The SNMPv3 framework is designed to be applicable to a wide range of network management scenarios. It is particularly well-suited for:

  • Managing large networks with thousands of devices
  • Managing networks where security is a concern
  • Managing networks where remote configuration is required
  • Managing networks where multiple management systems need to coexist

The framework is designed to be extensible, allowing new features to be added as requirements evolve.

2.3. Coexistence and Transition

The SNMPv3 framework is designed to allow coexistence with SNMPv1 and SNMPv2c. This allows networks to transition gradually from older versions of SNMP to SNMPv3.

The coexistence strategy includes:

  1. Proxy mechanisms: SNMPv3 entities can act as proxies, translating between different versions of SNMP.

  2. Dual-stack implementations: SNMP entities can support multiple versions of SNMP simultaneously.

  3. Translation mechanisms: Messages can be translated from one version of SNMP to another.

Details of coexistence and transition strategies are described in RFC 3584.

2.4. Transport Mappings

SNMP messages can be transported over various network protocols. The most common transport is UDP (User Datagram Protocol). Other transports include TCP, IPX, and AppleTalk.

RFC 3417 defines the standard transport mappings for SNMP. It describes how SNMP messages are formatted for transmission over different transports, and how addresses are represented.

2.5. Message Processing

The Message Processing Subsystem is responsible for preparing messages for transmission and for extracting data from received messages. It provides a consistent interface to the Dispatcher, regardless of the message format being used.

RFC 3412 describes the Message Processing Subsystem in detail. It defines the abstract service interfaces that Message Processing Models must implement.

2.6. Security

Security is a critical component of the SNMPv3 framework. The Security Subsystem provides authentication, privacy, and timeliness checking for SNMP messages.

The User-based Security Model (USM) is the primary security model defined for SNMPv3. It provides:

  • Authentication: Using HMAC-MD5-96 or HMAC-SHA-96 authentication protocols
  • Privacy: Using CBC-DES or CBC-AES encryption protocols
  • Timeliness: Using time-based message validation to prevent replay attacks

RFC 3414 describes the User-based Security Model in detail.

The architecture allows for additional security models to be defined in the future.

2.7. Access Control

The Access Control Subsystem determines whether a particular SNMP operation is allowed based on the identity of the user and the managed object being accessed.

The View-based Access Control Model (VACM) is the primary access control model defined for SNMPv3. It provides:

  • Group-based access control: Users are assigned to groups, and access rights are assigned to groups
  • Context-based access control: Access rights can vary based on the SNMP context
  • View-based access control: Access rights are defined in terms of MIB views, which specify which objects can be accessed

RFC 3415 describes the View-based Access Control Model in detail.

The architecture allows for additional access control models to be defined in the future.

2.8. Protocol Operations

SNMP defines several types of protocol operations:

  1. Get: Retrieve the value of one or more managed objects
  2. GetNext: Retrieve the value of the lexicographically next managed object
  3. GetBulk: Retrieve the values of multiple managed objects efficiently
  4. Set: Modify the value of one or more managed objects
  5. Trap: Asynchronous notification sent from agent to manager
  6. InformRequest: Asynchronous notification that requires acknowledgement

RFC 3416 describes these protocol operations in detail. It defines the PDU formats and the processing rules for each operation type.

2.9. Applications

SNMP applications use the services of the SNMP engine to perform management functions. The architecture defines several types of applications:

  1. Command Generator: Initiates Get, GetNext, GetBulk, and Set operations
  2. Command Responder: Responds to Get, GetNext, GetBulk, and Set operations
  3. Notification Originator: Initiates Trap and InformRequest operations
  4. Notification Receiver: Receives Trap and InformRequest operations
  5. Proxy Forwarder: Forwards messages between SNMP entities

Applications can be combined within a single SNMP entity. For example, a typical SNMP agent contains both a Command Responder and a Notification Originator.

2.10. Structure of Management Information

The Structure of Management Information (SMI) defines how managed objects are defined and organized. The SMI includes:

  1. Object definitions: The syntax for defining managed objects
  2. Naming: The hierarchical naming scheme for managed objects (Object Identifiers)
  3. Data types: The primitive and constructed data types that can be used

The SMI for SNMPv2 is defined in RFC 2578, RFC 2579, and RFC 2580.

2.11. Textual Conventions

Textual Conventions are a mechanism for defining new data types based on existing data types. They provide a way to give semantic meaning to data types and to specify display formats.

RFC 2579 defines the mechanism for creating Textual Conventions.

2.12. Conformance Statements

Conformance Statements define the requirements for implementing MIB modules. They specify which objects must be implemented, which objects are optional, and any implementation constraints.

RFC 2580 defines the mechanism for creating Conformance Statements.

2.13. Management Information Base Modules

A Management Information Base (MIB) module is a collection of related managed object definitions. MIB modules are defined using the SMI syntax.

MIB modules can import definitions from other MIB modules, allowing for modular design and reuse.

2.13.1. SNMP Instrumentation MIBs

Several MIB modules are defined specifically for managing SNMP entities:

  1. SNMP-FRAMEWORK-MIB (RFC 3411): Defines objects for the SNMP engine
  2. SNMP-MPD-MIB (RFC 3412): Defines objects for message processing
  3. SNMP-USER-BASED-SM-MIB (RFC 3414): Defines objects for the User-based Security Model
  4. SNMP-VIEW-BASED-ACM-MIB (RFC 3415): Defines objects for the View-based Access Control Model
  5. SNMP-COMMUNITY-MIB (RFC 3584): Defines objects for community-based security
  6. SNMP-TARGET-MIB (RFC 3413): Defines objects for configuring notification destinations
  7. SNMP-NOTIFICATION-MIB (RFC 3413): Defines objects for filtering notifications
  8. SNMP-PROXY-MIB (RFC 3413): Defines objects for configuring proxy behavior

2.14. SNMP Framework Documents

The following documents define the SNMPv3 framework:

  • RFC 3410: Introduction and Applicability Statements for Internet Standard Management Framework
  • RFC 3411: An Architecture for Describing SNMP Management Frameworks (this document)
  • RFC 3412: Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)
  • RFC 3413: Simple Network Management Protocol (SNMP) Applications
  • RFC 3414: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
  • RFC 3415: View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)
  • RFC 3416: Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)
  • RFC 3417: Transport Mappings for the Simple Network Management Protocol (SNMP)
  • RFC 3418: Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)

These documents collectively define the complete SNMPv3 framework.

Last updated on