Chapter 7 SNMPv3 SNMPv3 was developed to meet the need for better security in SNMP management. Fortunately,SNMPv3 addressed more than just security:It now provides a framework for all three versions of SNMP and future development in SNMP management with minimum impact on existing operations. One of the key features of SNMPv3 is the modularization of documentation and architecture. Another key feature is improved security
Chapter 7 SNMPv3 SNMPv3 was developed to meet the need for better security in SNMP management. Fortunately, SNMPv3 addressed more than just security: It now provides a framework for all three versions of SNMP and future development in SNMP management with minimum impact on existing operations. One of the key features of SNMPv3 is the modularization of documentation and architecture. Another key feature is improved security
7.1 SNMPv3 Documentation published in January 1998 and listed in SNMPy3 RFCs: RFC 2271 An Architecture for Describing SNMP Management Frameworks RFC 2272 Message Processing and Dispatching for SNMP RFC 2273 SNMPv3 Applications RFC 2274 User-based Security Model (USM)for SNMPV3 RFC2275 View-based Access Control Model for SNMP
7.1 SNMPv3 Documentation published in January 1998 and listed in SNMPv3 RFCs: RFC 2271 An Architecture for Describing SNMP Management Frameworks RFC 2272 Message Processing and Dispatching for SNMP RFC 2273 SNMPv3 Applications RFC 2274 User-based Security Model (USM) for SNMPV3 RFC2275 View-based Access Control Model for SNMP
Chapter 7 SNMPy3 7.2 SNMPv3 Documentation Architecture The numerous SNMP documents have been organized into a document architecture.It addresses how existing documents and new documents can be designed to be autonomous and,at the same time, be integrated to provide documentation for the various SNMP frameworks.The representation shown in Figure 7.1 reflects the contents of the specifications,but is a different perspective than that given in [RFC 2271].It can be correlated with what we presented in Figure 4.4.Two sets of documents are general in nature.One is the set of documents covering the roadmap,the applicability statement, and coexistence and transition
Chapter 7 SNMPv3 7.2 SNMPv3 Documentation Architecture The numerous SNMP documents have been organized into a document architecture. It addresses how existing documents and new documents can be designed to be autonomous and, at the same time, be integrated to provide documentation for the various SNMP frameworks. The representation shown in Figure 7.1 reflects the contents of the specifications, but is a different perspective than that given in [RFC 2271]. It can be correlated with what we presented in Figure 4.4. Two sets of documents are general in nature. One is the set of documents covering the roadmap, the applicability statement, and coexistence and transition
7.3 Architecture An SNMP management network consists of several nodes,each with an SNMP entity.They interact with each other in monitoring and managing the network and its resources.The architecture of an SNMP entity is defined as the elements of that entity and the names associated with them.There are three kinds of naming: naming of entities,naming of identities,and naming of management information.Let us first look at the elements of an entity,including naming of the entity. 7.3.1 Elements of an Entity The elements of the architecture associated with an SNMP entity,shown in Figure 7.2,comprise an SNMP engine and a set of applications.The SNMP engine, named snmpEnginelD,consists of a dispatcher,a message processing subsystem,a security subsystem, and an access control subsystem
7.3 Architecture An SNMP management network consists of several nodes, each with an SNMP entity. They interact with each other in monitoring and managing the network and its resources. The architecture of an SNMP entity is defined as the elements of that entity and the names associated with them. There are three kinds of naming: naming of entities, naming of identities, and naming of management information. Let us first look at the elements of an entity, including naming of the entity. 7.3.1 Elements of an Entity The elements of the architecture associated with an SNMP entity, shown in Figure 7.2, comprise an SNMP engine and a set of applications. The SNMP engine, named snmpEngineID, consists of a dispatcher, a message processing subsystem, a security subsystem, and an access control subsystem
SNMP entity SNMP Engine(identified by snmpEnginelD) Message Access Dispatcher Processing Security Subsystem Control Subsystem Application(s) 兮9030月Q乡ga2v4形 Proxy Command Notification Forwarder Generator Receiver Subsystem Command Notification 后AN Other Responder Originator Figure 7.2 SNMPv3 Architecture