7 Network Working Group M. Rose
8 Request for Comments: 1227 Performance Systems International, Inc.
12 SNMP MUX Protocol and MIB
16 This memo suggests a mechanism by which a user process may associate
17 itself with the local SNMP agent on a host, in order to implement
18 portions of the MIB. This mechanism would be local to the host.
20 This is an Experimental Protocol for the Internet community.
21 Discussion and suggestions for improvement are requested. Please
22 refer to the current edition of the "IAB Official Protocol Standards"
23 for the standardization state and status of this protocol.
24 Distribution of this memo is unlimited.
28 1. Introduction .......................................... 1
29 2. Architecture .......................................... 2
30 3. Protocol .............................................. 3
31 3.1 Tricky Things ........................................ 3
32 3.1.1 Registration ....................................... 4
33 3.1.2 Removing Registration .............................. 4
34 3.1.3 Atomic Sets ........................................ 4
35 3.1.4 Variables in Requests .............................. 5
36 3.1.5 Request-ID ......................................... 5
37 3.1.6 The powerful get-next operator ..................... 5
38 3.2 Protocol Data Units .................................. 6
39 3.3 Mappings on Transport Service ........................ 8
40 3.3.1 Mapping onto the TCP ............................... 8
41 4. MIB for the SMUX ...................................... 9
42 5. Acknowledgements ...................................... 12
43 6. References ............................................ 12
44 7. Security Considerations................................ 13
45 8. Author's Address....................................... 13
49 On typical kernel/user systems, an agent speaking the SNMP [1] is
50 often implemented as a user-process, that reads kernel variables in
51 order to realize the Internet-standard MIB [2]. This approach works
52 fine as long as all of the information needed by the SNMP agent
53 resides in either the kernel or in stable storage (i.e., files).
54 However, when other user-processes are employed to implement other
60 RFC 1227 SMUX May 1991
63 network services, such as routing protocols, communication between
64 the SNMP agent and other processes is problematic.
66 In order to solve this problem, a new protocol, the SNMP multiplexing
67 (SMUX) protocol is introduced. When a user-process, termed a SMUX
68 peer, wishes to export a MIB module, it initiates a SMUX association
69 to the local SNMP agent, registers itself, and (later) fields
70 management operations for objects in the MIB module.
72 Carrying this approach to its fullest, it is possible to generalize
73 the SNMP agent so that it knows about only the SNMP group of the
74 Internet-standard MIB. All other portions of the Internet-standard
75 MIB can be implemented by another process. This is quite useful, for
76 example, when a computer manufacturer wishes to provide SNMP access
77 for its operating system in binary form.
79 In addition to defining the SMUX protocol, this document defines a
80 MIB for the SMUX. Obviously, this MIB module must also be
81 implemented in the local SNMP agent.
85 There are two approaches that can be taken when trying to integrate
86 arbitrary MIB modules with the SNMP agent: request-response and
89 The request-response model simply propagates the SNMP requests
90 received by the SNMP agent to the user process which exported the MIB
91 module. The SMUX peer then performs the operation and returns a
92 response. In turn, the SNMP agent propagates this response back to
93 the network management station. The request-response model is said
94 to be agent-driven since, after registration, the SNMP agent
95 initiates all transactions.
97 The cache-ahead model requires that the SMUX peer, after
98 registration, periodically updates the SNMP agent with the subtree
99 for the MIB module which has been registered. The SNMP agent, upon
100 receiving an SNMP request for information retrieval, locally performs
101 the operation, and returns a response to the network management
102 station. (SNMP set requests are given immediately to the SMUX peer.)
103 The cache-ahead model is said to be peer-driven since, after
104 registration, the SMUX peer initiates all transactions.
106 There are advantages and disadvantages to both approaches. As such,
107 the architecture envisioned supports both models in the following
108 fashion: the protocol between the SNMP agent and the SMUX peer is
109 based on the request-response model. However, the SMUX peer, may
110 itself be a user-process which employs the cache-ahead model with
116 RFC 1227 SMUX May 1991
119 other user-processes.
121 Obviously, the SMUX peer which employs the cache-ahead model acts as
122 a "firewall" for those user-processes which actually implement the
123 managed objects in the given MIB module.
125 Note that this document describes only the SMUX protocol, for the
126 request-response model. Each SMUX peer is free to define a cache-
127 ahead protocol specific for the application at hand.
131 The SMUX protocol is simple: the SNMP agent listens for incoming
132 connections. Upon establishing a connection, the SMUX peer issues an
133 OpenPDU to initialize the SMUX association. If the SNMP agent
134 declines the association, it issues a closePDU and closes the
135 connection. If the SNMP agent accepts the association, no response
136 is issued by the SNMP agent.
138 For each subtree defined in a MIB module that the SMUX peer wishes to
139 register (or unregister), the SMUX peer issues a RReqPDU. When the
140 SNMP agent receives such a PDU, it issues a corresponding RRspPDU.
141 The SNMP agent returns RRspPDUs in the same order as the RReqPDUs
144 When the SMUX peer wishes to issue a trap, it issues an SNMP Trap-
145 PDU. When the SNMP agent receives such a PDU, it propagates this to
146 the network management stations that it is configured to send traps
149 When the SNMP agent receives an SNMP GetRequest-PDU, GetNextRequest-
150 PDU, or SetRequest-PDU which includes one or more variable-bindings
151 within a subtree registered by a SMUX peer, the SNMP agent sends an
152 equivalent SNMP PDU containing only those variables within the
153 subtree registered by that SMUX peer. When the SMUX peer receives
154 such a PDU, it applies the indicated operation and issues a
155 corresponding SNMP GetResponse-PDU. The SNMP agent then correlates
156 this result and propagates the resulting GetResponse-PDU to the
157 network management station.
159 When either the SNMP agent or the SMUX peer wishes to release the
160 SMUX association, the ClosePDU is issued, the connection is closed,
161 and all subtree registrations for that association are released.
165 Although straight-forward, there are a few nuances.
172 RFC 1227 SMUX May 1991
177 Associated with each registration is an integer priority, from 0 to
178 (2^31)-1. The lower the value, the higher the priority.
180 Multiple SMUX peers may register the same subtree. However, they
181 must do so at different priorities (i.e., a subtree and a priority
182 uniquely identifies a SMUX peer). As such, if a SMUX peer wishes to
183 register a subtree at a priority which is already taken, the SNMP
184 agent repeatedly increments the integer value until an unused
187 When registering a subtree, the special priority -1 may be used,
188 which selects the highest available priority.
190 Of course, the SNMP agent may select an arbitrarily worse priority
191 for a SMUX peer, based on local (configuration) information.
193 Note that when a subtree is registered, the SMUX peer with the
194 highest registration priority is exclusively consulted for all
195 operations on that subtree. Further note that SNMP agents must
196 enforce the "subtree mounting effect", which hides the registrations
197 by other SMUX peers of objects within the subtree. For example, if a
198 SMUX peer registered "sysDescr", and later another SMUX peer
199 registered "system" (which scopes "sysDescr"), then all requests for
200 "sysDescr" would be given to the latter SMUX peer.
202 An SNMP agent should disallow any attempt to register above, at, or
203 below, the SNMP and SMUX subtrees of the MIB. Other subtrees may be
204 disallowed as an implementation-specific option.
206 3.1.2. Removing Registration
208 A SMUX peer may remove registrations for only those subtrees which it
209 has registered. If the priority given in the RReqPDU is -1, then the
210 registration of highest priority is selected for deletion.
211 Otherwise, only that registration with the precise priority is
216 A simple two-phase commit protocol is used between the SNMP agent and
217 the SMUX peers. When an SNMP SetRequest-PDU is received, the SNMP
218 agent determines which SMUX peers will participate in the
219 transaction. For each of these peers, at least one SNMP SetRequest-
220 PDU is sent, with only those variables of interest to that peer.
222 Each SMUX peer must either accept or refuse the set operation,
228 RFC 1227 SMUX May 1991
231 without actually performing the operation. If the peer opts to
232 accept, it sends back an SNMP GetResponse-PDU with an error-status of
233 noError(0); otherwise, if the peer refuses to perform the operation,
234 then an SNMP GetResponse-PDU is returned with a non-zero error-
237 The SNMP agent examines all of the responses. If at least one SMUX
238 peer refused the operation, then a SMUX SOutPDU is sent to each SMUX
239 peer, with value rollback, telling the SMUX peer to discard any
240 knowledge of the requested operation.
242 Otherwise if all SMUX peers accepted the operation, then a SMUX
243 SOutPDU is sent to each SMUX peer, with value commit, telling the
244 SMUX peer to perform the operation.
246 In either case, the SMUX peer does not generate a response to the
249 3.1.4. Variables in Requests
251 When constructing an SNMP GetRequest-PDU or GetNextRequest-PDU for a
252 SMUX peer, the SNMP agent may send one, or more than one variable in
253 a single request. In all cases, the SNMP agent should process each
254 variable sequentially, and block accordingly when a SMUX peer is
259 When the SNMP agent constructs an SNMP GetRequest-PDU,
260 GetNextRequest-PDU, or SetRequest-PDU, for a SMUX peer, the
261 request_id field of the SNMP takes a special meaning: if an SNMP
262 agent generates multiple PDUs for a SMUX peer, upon receipt of a
263 single PDU from the network management station, then the request_id
264 field of the PDUs sent to the SMUX peer must take the same value
265 (which need bear no relationship to the value of the request_id field
266 of the PDU originally received by the SNMP agent.)
268 3.1.6. The powerful get-next operator
270 Each SMUX peer acts as though it contains the entire MIB when
271 processing a SNMP GetNext-PDU from the SNMP agent. This means that
272 the SNMP agent must check each variable returned in the SNMP
273 GetResponse-PDU generated by the SMUX peer to ensure that each
274 variable is still within the same registered subtree as caused the
275 SNMP GetNext-PDU to be sent to that peer. For each variable which is
276 not, the SNMP agent must include it in a SNMP GetNext-PDU to the peer
277 for the succeeding registered subtree, until responses are available
278 for all variables within their expected registered subtree.
284 RFC 1227 SMUX May 1991
287 3.2. Protocol Data Units
289 The SMUX protocol data units are defined using Abstract Syntax
290 Notation One (ASN.1) [3]:
292 SMUX DEFINITIONS ::= BEGIN
295 DisplayString, ObjectName
302 -- tags for SMUX-specific PDUs are application-wide to
303 -- avoid conflict with tags for current (and future)
308 open -- SMUX peer uses
309 OpenPDU, -- immediately after TCP open
311 close -- either uses immediately before TCP close
314 registerRequest -- SMUX peer uses
317 registerResponse -- SNMP agent uses
320 PDUs, -- note that roles are reversed:
321 -- SNMP agent does get/get-next/set
322 -- SMUX peer does get-response/trap
324 commitOrRollback -- SNMP agent uses
330 -- currently only simple authentication
340 RFC 1227 SMUX May 1991
347 [APPLICATION 0] IMPLICIT
349 version -- of SMUX protocol
354 identity -- of SMUX peer, authoritative
357 description -- of SMUX peer, implementation-specific
360 password -- zero length indicates no authentication
368 [APPLICATION 1] IMPLICIT
371 unsupportedVersion(1),
375 authenticationFailure(5)
382 [APPLICATION 2] IMPLICIT
387 priority -- the lower the better, "-1" means default
388 INTEGER (-1..2147483647),
396 RFC 1227 SMUX May 1991
400 delete(0), -- remove registration
401 readOnly(1), -- add registration, objects are RO
402 readWrite(2) -- .., objects are RW
407 [APPLICATION 3] IMPLICIT
411 -- on success the non-negative priority is returned
415 [APPLICATION 4] IMPLICIT
424 3.3. Mappings on Transport Service
426 The SMUX protocol may be mapped onto any CO-mode transport service.
427 At present, only one such mapping is defined.
429 3.3.1. Mapping onto the TCP
431 When using the TCP to provide the transport-backing for the SMUX
432 protocol, the SNMP agent listens on TCP port 199.
434 Each SMUX PDU is serialized using the Basic Encoding Rules [4] and
435 sent on the TCP. As ASN.1 objects are self-delimiting when encoding
436 using the BER, no packetization protocol is required.
452 RFC 1227 SMUX May 1991
457 The MIB objects for the SMUX are implemented by the local SNMP agent:
459 SMUX-MIB DEFINITIONS ::= BEGIN
467 unix OBJECT IDENTIFIER ::= { enterprises 4 }
469 smux OBJECT IDENTIFIER ::= { unix 4 }
471 smuxPeerTable OBJECT-TYPE
472 SYNTAX SEQUENCE OF SmuxPeerEntry
473 ACCESS not-accessible
476 "The SMUX peer table."
479 smuxPeerEntry OBJECT-TYPE
481 ACCESS not-accessible
484 "An entry in the SMUX peer table."
486 ::= { smuxPeerTable 1}
500 smuxPindex OBJECT-TYPE
508 RFC 1227 SMUX May 1991
513 "An index which uniquely identifies a SMUX peer."
514 ::= { smuxPeerEntry 1 }
516 smuxPidentity OBJECT-TYPE
517 SYNTAX OBJECT IDENTIFIER
521 "The authoritative designation for a SMUX peer."
522 ::= { smuxPeerEntry 2 }
524 smuxPdescription OBJECT-TYPE
525 SYNTAX DisplayString (SIZE (0..255))
529 "A human-readable description of a SMUX peer."
530 ::= { smuxPeerEntry 3 }
532 smuxPstatus OBJECT-TYPE
533 SYNTAX INTEGER { valid(1), invalid(2), connecting(3) }
537 "The type of SMUX peer.
539 Setting this object to the value invalid(2) has
540 the effect of invaliding the corresponding entry
541 in the smuxPeerTable. It is an implementation-
542 specific matter as to whether the agent removes an
543 invalidated entry from the table. Accordingly,
544 management stations must be prepared to receive
545 tabular information from agents that correspond to
546 entries not currently in use. Proper
547 interpretation of such entries requires
548 examination of the relative smuxPstatus object."
549 ::= { smuxPeerEntry 4 }
551 smuxTreeTable OBJECT-TYPE
552 SYNTAX SEQUENCE OF SmuxTreeEntry
553 ACCESS not-accessible
556 "The SMUX tree table."
564 RFC 1227 SMUX May 1991
567 smuxTreeEntry OBJECT-TYPE
569 ACCESS not-accessible
572 "An entry in the SMUX tree table."
573 INDEX { smuxTsubtree, smuxTpriority }
574 ::= { smuxTreeTable 1}
588 smuxTsubtree OBJECT-TYPE
589 SYNTAX OBJECT IDENTIFIER
593 "The MIB subtree being exported by a SMUX peer."
594 ::= { smuxTreeEntry 1 }
596 smuxTpriority OBJECT-TYPE
597 SYNTAX INTEGER (0..'07fffffff'h)
601 "The SMUX peer's priority when exporting the MIB
603 ::= { smuxTreeEntry 2 }
605 smuxTindex OBJECT-TYPE
610 "The SMUX peer's identity."
611 ::= { smuxTreeEntry 3 }
613 smuxTstatus OBJECT-TYPE
614 SYNTAX INTEGER { valid(1), invalid(2) }
620 RFC 1227 SMUX May 1991
626 "The type of SMUX tree.
628 Setting this object to the value invalid(2) has
629 the effect of invaliding the corresponding entry
630 in the smuxTreeTable. It is an implementation-
631 specific matter as to whether the agent removes an
632 invalidated entry from the table. Accordingly,
633 management stations must be prepared to receive
634 tabular information from agents that correspond to
635 entries not currently in use. Proper
636 interpretation of such entries requires
637 examination of the relative smuxTstatus object."
638 ::= { smuxTreeEntry 4 }
644 SMUX was designed one afternoon by these people:
646 Jeffrey S. Case, UTK-CS
647 James R. Davin, MIT-LCS
649 Jeffrey C. Honig, Cornell
650 Louie A. Mamakos, UMD
651 Michael G. Petry, UMD
653 Marshall T. Rose, PSI
657 [1] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple
658 Network Management Protocol", RFC 1157, SNMP Research,
659 Performance Systems International, Performance Systems
660 International, MIT Laboratory for Computer Science, May 1990.
662 [2] McCloghrie K., and M. Rose, "Management Information Base for
663 Network Management of TCP/IP-based Internets", RFC 1156,
664 Performance Systems International and Hughes LAN Systems, May
667 [3] Information processing systems - Open Systems Interconnection -
668 Specification of Abstract Syntax Notation One (ASN.1),
669 International Organization for Standardization, International
670 Standard 8824, December 1987.
676 RFC 1227 SMUX May 1991
679 [4] Information processing systems - Open Systems Interconnection -
680 Specification of Basic Encoding Rules for Abstract Notation One
681 (ASN.1), International Organization for Standardization,
682 International Standard 8825, December 1987.
684 [5] Rose, M., and K. McCloghrie, "Structure and Identification of
685 Management Information for TCP/IP-based Internets", RFC 1155,
686 Performance Systems International and Hughes LAN Systems, May
689 7. Security Considerations
691 Security issues are not discussed in this memo.
696 Performance Systems International, Inc.
697 5201 Great America Parkway
699 Santa Clara, CA 95054
701 Phone: +1 408 562 6222
projects / freeradius.git / blob