2. Management Targets
Management Target is the term used for an application (for the purpose of this document, either a notification receiver application or a command responder application) which a command generator or notification originator application wants to interact with. These applications may be remote or co-located with the command generator or notification originator.
Management targets are identified by a combination of:
-
A transport domain and transport address: Identifies the network location of the target application. The transport domain defines the transport protocol used (e.g., UDP over IPv4, TCP over IPv6, etc.), and the transport address provides the specific address within that domain (e.g., IP address and port number).
-
SNMP message parameters: Including message processing model, security model, security level, and security name. The selection of the message processing model is typically dependent upon the SNMP protocol version (SNMPv1, SNMPv2c, or SNMPv3).
These parameters together define how to reach the management target and how to securely communicate with it.
Transport Domain and Transport Address
The transport domain identifies the transport protocol used to communicate with the management target. Common transport domains include:
- snmpUDPDomain: UDP over IPv4
- snmpTCPDomain: TCP over IPv4
- snmpUDP6Domain: UDP over IPv6
- snmpTCP6Domain: TCP over IPv6
Each transport domain has a corresponding transport address format. For example, for snmpUDPDomain, the transport address consists of an IPv4 address and UDP port number.
Transport domains are defined in RFC 3417 [RFC3417], which defines transport mappings for SNMP.
SNMP Message Parameters
SNMP message parameters define the SNMP version and security settings to use when communicating with the management target:
Message Processing Model
The message processing model identifies the version of the SNMP message format:
- 0: SNMPv1 message format
- 1: SNMPv2c message format
- 2: Reserved
- 3: SNMPv3 message format
Security Model
The security model defines the security mechanism used to protect SNMP messages:
- 1: SNMPv1 security model
- 2: SNMPv2c security model
- 3: User-based Security Model (USM), as defined in RFC 3414 [RFC3414]
Security Level
The security level defines the required level of protection:
- noAuthNoPriv: No authentication or encryption required
- authNoPriv: Authentication required but no encryption
- authPriv: Both authentication and encryption required
Security Name
The security name is a string that identifies the principal on whose behalf an SNMP operation is performed. The interpretation of the security name depends on the security model in use.
For USM (User-based Security Model), the security name identifies a configured user with associated authentication and encryption keys.
Using Management Targets
Command generator and notification originator applications use management target information to determine:
- Where to send SNMP messages: Using the transport domain and transport address.
- How to format and secure messages: Using the message processing model, security model, security level, and security name.
The MIB modules defined in this document (specifically the SNMP-TARGET-MIB) provide a standardized way to configure and manage these management target definitions.
Context Information
In addition to management target information, SNMP operations also need to specify context information:
- contextEngineID: Identifies the SNMP engine containing the desired management information.
- contextName: Identifies a specific context (collection of management information) within that SNMP engine.
For a command generator communicating directly with a command responder, the contextEngineID typically identifies the command responder's SNMP engine. In proxy scenarios, the contextEngineID may identify a different SNMP engine behind the proxy.
Context information allows a single SNMP engine to maintain multiple instances of management information, each in a different context. This is particularly useful for devices that support multiple virtual devices or isolated management domains.