Tech-invite3GPPspaceIETFspace
959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 2263

SNMPv3 Applications

Pages: 70
Obsoleted by:  2273
Part 1 of 3 – Pages 1 to 18
None   None   Next

ToP   noToC   RFC2263 - Page 1
Network Working Group                                            D. Levi
Request for Comments: 2263                           SNMP Research, Inc.
Category: Standards Track                                       P. Meyer
                                            Secure Computing Corporation
                                                              B. Stewart
                                                           Cisco Systems
                                                            January 1998

                          SNMPv3 Applications


Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1997).  All Rights Reserved.

Abstract

   This memo describes five types of SNMP applications which make use of
   an SNMP engine as described in [RFC2261].  The types of application
   described are Command Generators, Command Responders, Notification
   Originators, Notification Receivers, and Proxy Forwarders.

   This memo also defines MIB modules for specifying targets of
   management operations, for notification filtering, and for proxy
   forwarding.

Table of Contents

   1 Overview .....................................................    2
   1.1 Command Generator Applications .............................    3
   1.2 Command Responder Applications .............................    3
   1.3 Notification Originator Applications .......................    3
   1.4 Notification Receiver Applications .........................    3
   1.5 Proxy Forwarder Applications ...............................    3
   2 Management Targets ...........................................    5
   3 Elements Of Procedure ........................................    6
   3.1 Command Generator Applications .............................    6
   3.2 Command Responder Applications .............................    8
   3.3 Notification Originator Applications .......................   13
   3.4 Notification Receiver Applications .........................   16
ToP   noToC   RFC2263 - Page 2
   3.5 Proxy Forwarder Applications ...............................   18
   3.5.1 Request Forwarding .......................................   19
   3.5.1.1 Processing an Incoming Request .........................   19
   3.5.1.2 Processing an Incoming Response ........................   22
   3.5.1.3 Processing an Incoming Report Indication ...............   23
   3.5.2 Notification Forwarding ..................................   24
   4 The Structure of the MIB Modules .............................   27
   4.1 The Management Target MIB Module ...........................   27
   4.1.1 Tag Lists ................................................   28
   4.1.2 Definitions ..............................................   28
   4.2 The Notification MIB Module ................................   41
   4.2.1 Definitions ..............................................   42
   4.3 The Proxy MIB Module .......................................   53
   4.3.1 Definitions ..............................................   53
   5 Identification of Management Targets in Notification
        Originators ...............................................   59
   6 Notification Filtering .......................................   60
   7 Management Target Translation in Proxy  Forwarder
        Applications ..............................................   61
   7.1 Management Target Translation for Request Forwarding .......   61
   7.2 Management Target Translation for Notification Forwarding
        ...........................................................   62
   8 Intellectual Property ........................................   63
   9 Acknowledgments ..............................................   64
   10 Security Considerations .....................................   65
   11 References ..................................................   65
   12 Editors' Address ............................................   67
   A. Trap Configuration Example ..................................   68
   B. Full Copyright Statement ....................................   70

1.  Overview

   This document describes five types of SNMP applications:

       -  Applications which initiate SNMP Get, GetNext, GetBulk, and/or
          Set requests, called 'command generators.'

       -  Applications which respond to SNMP Get, GetNext, GetBulk,
          and/or Set requests, called 'command responders.'

       -  Applications which generate notifications, called
          'notification originators.'

       -  Applications which receive notifications, called 'notification
          receivers.'

       -  Applications which forward SNMP Get, GetNext, GetBulk, and/or
          Set requests or notifications, called 'proxy forwarder.'
ToP   noToC   RFC2263 - Page 3
   Note that there are no restrictions on which types of applications
   may be associated with a particular SNMP engine.  For example, a
   single SNMP engine may, in fact, be associated with both command
   generator and command responder applications.

1.1.  Command Generator Applications

   A command generator application initiates SNMP Get, GetNext, GetBulk,
   and/or Set requests, as well as processing the response to a request
   which it generated.

1.2.  Command Responder Applications

   A command responder application receives SNMP Get, GetNext, GetBulk,
   and/or Set requests destined for the local system as indicated by the
   fact that the contextEngineID in the received request is equal to
   that of the local engine through which the request was received.  The
   command responder application will perform the appropriate protocol
   operation, using access control, and will generate a response message
   to be sent to the request's originator.

1.3.  Notification Originator Applications

   A notification originator application conceptually monitors a system
   for particular events or conditions, and generates Trap and/or Inform
   messages based on these events or conditions.  A notification
   originator must have a mechanism for determining where to send
   messages, and what SNMP version and security parameters to use when
   sending messages.  A mechanism and MIB module for this purpose is
   provided in this document.

1.4.  Notification Receiver Applications

   A notification receiver application listens for notification
   messages, and generates response messages when a message containing
   an Inform PDU is received.

1.5.  Proxy Forwarder Applications

   A proxy forwarder application forwards SNMP messages.  Note that
   implementation of a proxy forwarder application is optional.  The
   sections describing proxy (4.5, 5.3, and 8) may be skipped for
   implementations that do not include a proxy forwarder application.

   The term "proxy" has historically been used very loosely, with
   multiple different meanings.  These different meanings include (among
   others):
ToP   noToC   RFC2263 - Page 4
(1)  the forwarding of SNMP requests to other SNMP entities without
     regard for what managed object types are being accessed; for
     example, in order to forward an SNMP request from one transport
     domain to another, or to translate SNMP requests of one version
     into SNMP requests of another version;

(2)  the translation of SNMP requests into operations of some non-SNMP
     management protocol; and

(3)  support for aggregated managed objects where the value of one
     managed object instance depends upon the values of multiple other
     (remote) items of management information.

   Each of these scenarios can be advantageous; for example, support for
   aggregation of management information can significantly reduce the
   bandwidth requirements of large-scale management activities.
   However, using a single term to cover multiple different scenarios
   causes confusion.

   To avoid such confusion, this document uses the term "proxy" with a
   much more tightly defined meaning.  The term "proxy" is used in this
   document to refer to a proxy forwarder application which forwards
   either SNMP requests, notifications, and responses without regard for
   what managed objects are contained within requests or notifications.
   This definition is most closely related to the first definition
   above.  Note, however, that in the SNMP architecture [RFC2261], a
   proxy forwarder is actually an application, and need not be
   associated with what is traditionally thought of as an SNMP agent.

   Specifically, the distinction between a traditional SNMP agent and a
   proxy forwarder application is simple:

       -  a proxy forwarder application forwards requests and/or
          notifications to other SNMP engines according to the context,
          and irrespective of the specific managed object types being
          accessed, and forwards the response to such previously
          forwarded messages back to the SNMP engine from which the
          original message was received;

       -  in contrast, the command responder application that is part of
          what is traditionally thought of as an SNMP agent, and which
          processes SNMP requests according to the (names of the)
          individual managed object types and instances being accessed,
          is NOT a proxy forwarder application from the perspective of
          this document.
ToP   noToC   RFC2263 - Page 5
   Thus, when a proxy forwarder application forwards a request or
   notification for a particular contextEngineID / contextName pair, not
   only is the information on how to forward the request specifically
   associated with that context, but the proxy forwarder application has
   no need of a detailed definition of a MIB view (since the proxy
   forwarder application forwards the request irrespective of the
   managed object types).

   In contrast, a command responder application must have the detailed
   definition of the MIB view, and even if it needs to issue requests to
   other entities, via SNMP or otherwise, that need is dependent on the
   individual managed object instances being accessed (i.e., not only on
   the context).

   Note that it is a design goal of a proxy forwarder application to act
   as an intermediary between the endpoints of a transaction.  In
   particular, when forwarding Inform requests, the associated response
   is forwarded when it is received from the target to which the Inform
   request was forwarded, rather than generating a response immediately
   when an Inform request is received.

2.  Management Targets

   Some types of applications (notification generators and proxy
   forwarders in particular) require a mechanism for determining where
   and how to send generated messages.  This document provides a
   mechanism and MIB module for this purpose.  The set of information
   that describes where and how to send a message is called a
   'Management Target', and consists of two kinds of information:

       -  Destination information, consisting of a transport domain and
          a transport address.  This is also termed a transport
          endpoint.

       -  SNMP parameters, consisting of message processing model,
          security model, security level, and security name information.

   The SNMP-TARGET-MIB module described later in this document contains
   one table for each of these types of information.  There can be a
   many-to-many relationship in the MIB between these two types of
   information.  That is, there may be multiple transport endpoints
   associated with a particular set of SNMP parameters, or a particular
   transport endpoint may be associated with several sets of SNMP
   parameters.
ToP   noToC   RFC2263 - Page 6
3.  Elements Of Procedure

   The following sections describe the procedures followed by each type
   of application when generating messages for transmission or when
   processing received messages.  Applications communicate with the
   Dispatcher using the abstract service interfaces defined in [RFC2261].

3.1.  Command Generator Applications

   A command generator initiates an SNMP request by calling the
   Dispatcher using the following abstract service interface:

       statusInformation =              -- sendPduHandle if success
                                        -- errorIndication if failure
         sendPdu(
         IN   transportDomain           -- transport domain to be used
         IN   transportAddress          -- destination network address
         IN   messageProcessingModel    -- typically, SNMP version
         IN   securityModel             -- Security Model to use
         IN   securityName              -- on behalf of this principal
         IN   securityLevel             -- Level of Security requested
         IN   contextEngineID           -- data from/at this entity
         IN   contextName               -- data from/in this context
         IN   pduVersion                -- the version of the PDU
         IN   PDU                       -- SNMP Protocol Data Unit
         IN   expectResponse            -- TRUE or FALSE
              )

   Where:

       -  The transportDomain is that of the destination of the message.

       -  The transportAddress is that of the destination of the
          message.

       -  The messageProcessingModel indicates which Message Processing
          Model the application wishes to use.

       -  The securityModel is the security model that the application
          wishes to use.

       -  The securityName is the security model independent name for
          the principal on whose behalf the application wishes the
          message is to be generated.

       -  The securityLevel is the security level that the application
          wishes to use.
ToP   noToC   RFC2263 - Page 7
       -  The contextEngineID is provided by the command generator if it
          wishes to explicitly specify the location of the management
          information it is requesting.

       -  The contextName is provided by the command generator if it
          wishes to explicitly specify the local context name for the
          management information it is requesting.

       -  The pduVersion indicates the version of the PDU to be sent.

       -  The PDU is a value constructed by the command generator
          containing the management operation that the command generator
          wishes to perform.

       -  The expectResponse argument indicates that a response is
          expected.

   The result of the sendPdu interface indicates whether the PDU was
   successfully sent.  If it was successfully sent, the returned value
   will be a sendPduHandle.  The command generator should store the
   sendPduHandle so that it can correlate a response to the original
   request.

   The Dispatcher is responsible for delivering the response to a
   particular request to the correct command generator application.  The
   abstract service interface used is:

       processResponsePdu(              -- process Response PDU
         IN   messageProcessingModel    -- typically, SNMP version
         IN   securityModel             -- Security Model in use
         IN   securityName              -- on behalf of this principal
         IN   securityLevel             -- Level of Security
         IN   contextEngineID           -- data from/at this SNMP entity
         IN   contextName               -- data from/in this context
         IN   pduVersion                -- the version of the PDU
         IN   PDU                       -- SNMP Protocol Data Unit
         IN   statusInformation         -- success or errorIndication
         IN   sendPduHandle             -- handle from sendPDU
              )

   Where:

       -  The messageProcessingModel is the value from the received
          response.

       -  The securityModel is the value from the received response.

       -  The securityName is the value from the received response.
ToP   noToC   RFC2263 - Page 8
       -  The securityLevel is the value from the received response.

       -  The contextEngineID is the value from the received response.

       -  The contextName is the value from the received response.

       -  The pduVersion indicates the version of the PDU in the
          received response.

       -  The PDU is the value from the received response.

       -  The statusInformation indicates success or failure in
          receiving the response.

       -  The sendPduHandle is the value returned by the sendPdu call
          which generated the original request to which this is a
          response.

   The procedure when a command generator receives a message is as
   follows:

(1)  If the received values of messageProcessingModel, securityModel,
     securityName, contextEngineID, contextName, and pduVersion are not
     all equal to the values used in the original request, the response
     is discarded.

(2)  The operation type, request-id, error-status, error-index, and
     variable-bindings are extracted from the PDU and saved.  If the
     request-id is not equal to the value used in the original request,
     the response is discarded.

(3)  At this point, it is up to the application to take an appropriate
     action.  The specific action is implementation dependent.  If the
     statusInformation indicates that the request failed, an appropriate
     action might be to attempt to transmit the request again, or to
     notify the person operating the application that a failure
     occurred.

3.2.  Command Responder Applications

   Before a command responder application can process messages, it must
   first associate itself with an SNMP engine.  The abstract service
   interface used for this purpose is:
ToP   noToC   RFC2263 - Page 9
       statusInformation =        -- success or errorIndication
         registerContextEngineID(
         IN   contextEngineID     -- take responsibility for this one
         IN   pduType             -- the pduType(s) to be registered
              )

   Where:

       -  The statusInformation indicates success or failure of the
          registration attempt.

       -  The contextEngineID is equal to the snmpEngineID of the SNMP
          engine with which the command responder is registering.

       -  The pduType indicates a Get, GetNext, GetBulk, or Set pdu.

   Note that if another command responder application is already
   registered with an SNMP engine, any further attempts to register with
   the same contextEngineID and pduType will be denied.  This implies
   that separate command responder applications could register
   separately for the various pdu types.  However, in practice this is
   undesirable, and only a single command responder application should
   be registered with an SNMP engine at any given time.

   A command responder application can disassociate with an SNMP engine
   using the following abstract service interface:

       unregisterContextEngineID(
         IN   contextEngineID     -- give up responsibility for this one
         IN   pduType             -- the pduType(s) to be unregistered
              )

   Where:

       -  The contextEngineID is equal to the snmpEngineID of the SNMP
          engine with which the command responder is cancelling the
          registration.

       -  The pduType indicates a Get, GetNext, GetBulk, or Set pdu.

   Once the command responder has registered with the SNMP engine, it
   waits to receive SNMP messages.  The abstract service interface used
   for receiving messages is:

   processPdu(                     -- process Request/Notification PDU
     IN   messageProcessingModel   -- typically, SNMP version
     IN   securityModel            -- Security Model in use
     IN   securityName             -- on behalf of this principal
ToP   noToC   RFC2263 - Page 10
     IN   securityLevel            -- Level of Security
     IN   contextEngineID          -- data from/at this SNMP entity
     IN   contextName              -- data from/in this context
     IN   pduVersion               -- the version of the PDU
     IN   PDU                      -- SNMP Protocol Data Unit
     IN   maxSizeResponseScopedPDU -- maximum size of the Response PDU
     IN   stateReference           -- reference to state information
          )                        -- needed when sending a response

   Where:

       -  The messageProcessingModel indicates which Message Processing
          Model received and processed the message.

       -  The securityModel is the value from the received message.

       -  The securityName is the value from the received message.

       -  The securityLevel is the value from the received message.

       -  The contextEngineID is the value from the received message.

       -  The contextName is the value from the received message.

       -  The pduVersion indicates the version of the PDU in the
          received message.

       -  The PDU is the value from the received message.

       -  The maxSizeResponseScopedPDU is the maximum allowable size of
          a ScopedPDU containing a Response PDU (based on the maximum
          message size that the originator of the message can accept).

       -  The stateReference is a value which references cached
          information about each received request message.  This value
          must be returned to the Dispatcher in order to generate a
          response.

   The procedure when a message is received is as follows.

(1)  The operation type is determined from the ASN.1 tag value
     associated with the PDU parameter.  The operation type should
     always be one of the types previously registered by the
     application.

(2)  The request-id is extracted from the PDU and saved.
ToP   noToC   RFC2263 - Page 11
(3)  If the SNMPv2 operation type is GetBulk, the non-repeaters and
     max-repetitions values are extracted from the PDU and saved.

(4)  The variable-bindings are extracted from the PDU and saved.

(5)  The management operation represented by the SNMPv2 operation type
     is performed with respect to the relevant MIB view within the
     context named by the contextName, according to the procedures set
     forth in [RFC1905].  The relevant MIB view is determined by the
     securityLevel, securityModel, contextName, securityName, and SNMPv2
     operation type.  To determine whether a particular object instance
     is within the relevant MIB view, the following abstract service
     interface is called:

         statusInformation =      -- success or errorIndication
           isAccessAllowed(
           IN   securityModel     -- Security Model in use
           IN   securityName      -- principal who wants to access
           IN   securityLevel     -- Level of Security
           IN   viewType          -- read, write, or notify view
           IN   contextName       -- context containing variableName
           IN   variableName      -- OID for the managed object
                )

     Where:

       -  The securityModel is the value from the received message.

       -  The securityName is the value from the received message.

       -  The securityLevel is the value from the received message.

       -  The viewType indicates whether the PDU type is a read or write
          operation.

       -  The contextName is the value from the received message.

       -  The variableName is the object instance of the variable for
          which access rights are to be checked.

     Normally, the result of the management operation will be a new PDU
     value, and processing will continue in step (6) below.  However, at
     any time during the processing of the management operation:

       -  If the isAccessAllowed ASI returns a noSuchView,
          noAccessEntry, or noGroupName error, processing of the
          management operation is halted, a PDU value is contructed
          using the values from the originally received PDU, but
ToP   noToC   RFC2263 - Page 12
          replacing the error_status with an authorizationError code,
          and error_index value of 0, and control is passed to step (6)
          below.

       -  If the isAccessAllowed ASI returns an otherError, processing
          of the management operation is halted, a different PDU value
          is contructed using the values from the originally received
          PDU, but replacing the error_status with a genError code, and
          control is passed to step (6) below.

       -  If the isAccessAllowed ASI returns a noSuchContext error,
          processing of the management operation is halted, no result
          PDU is generated, the snmpUnknownContexts counter is
          incremented, and control is passed to step (6) below.

       -  If the context named by the contextName parameter is
          unavailable, processing of the management operation is halted,
          no result PDU is generated, the snmpUnavailableContexts
          counter is incremented, and control is passed to step (6)
          below.

(6)  The Dispatcher is called to generate a response or report message.
     The abstract service interface is:

     returnResponsePdu(
       IN   messageProcessingModel   -- typically, SNMP version
       IN   securityModel            -- Security Model in use
       IN   securityName             -- on behalf of this principal
       IN   securityLevel            -- same as on incoming request
       IN   contextEngineID          -- data from/at this SNMP entity
       IN   contextName              -- data from/in this context
       IN   pduVersion               -- the version of the PDU
       IN   PDU                      -- SNMP Protocol Data Unit
       IN   maxSizeResponseScopedPDU -- maximum size of the Response PDU
       IN   stateReference           -- reference to state information
                                     -- as presented with the request
       IN   statusInformation        -- success or errorIndication
            )                        -- error counter OID/value if error

     Where:

       -  The messageProcessingModel is the value from the processPdu
          call.

       -  The securityModel is the value from the processPdu call.

       -  The securityName is the value from the processPdu call.
ToP   noToC   RFC2263 - Page 13
       -  The securityLevel is the value from the processPdu call.

       -  The contextEngineID is the value from the processPdu call.

       -  The contextName is the value from the processPdu call.

       -  The pduVersion indicates the version of the PDU to be
          returned.  If no result PDU was generated, the pduVersion is
          an undefined value.

       -  The PDU is the result generated in step (5) above.  If no
          result PDU was generated, the PDU is an undefined value.

       -  The maxSizeResponseScopedPDU is a local value indicating the
          maximum size of a ScopedPDU that the application can accept.

       -  The stateReference is the value from the processPdu call.

       -  The statusInformation either contains an indication that no
          error occurred and that a response should be generated, or
          contains an indication that an error occurred along with the
          OID and counter value of the appropriate error counter object.

   Note that a command responder application should always call the
   returnResponsePdu abstract service interface, even in the event of an
   error such as a resource allocation error.  In the event of such an
   error, the PDU value passed to returnResponsePdu should contain
   appropriate values for errorStatus and errorIndex.

3.3.  Notification Originator Applications

   A notification originator application generates SNMP notification
   messages.  A notification message may, for example, contain an
   SNMPv2-Trap PDU or an Inform PDU.  However, a particular
   implementation is not required to be capable of generating both types
   of messages.

   Notification originator applications require a mechanism for
   identifying the management targets to which notifications should be
   sent.  The particular mechanism used is implementation dependent.
   However, if an implementation makes the configuration of management
   targets SNMP manageable, it MUST use the SNMP-TARGET-MIB module
   described in this document.

   When a notification originator wishes to generate a notification, it
   must first determine in which context the information to be conveyed
   in the notification exists, i.e., it must determine the
   contextEngineID and contextName.  It must then determine the set of
ToP   noToC   RFC2263 - Page 14
   management targets to which the notification should be sent.  The
   application must also determine, for each management target, whether
   the notification message should contain an SNMPv2-Trap PDU or Inform
   PDU, and if it is to contain an Inform PDU, the number of retries and
   retransmission algorithm.

   The mechanism by which a notification originator determines this
   information is implementation dependent.  Once the application has
   determined this information, the following procedure is performed for
   each management target:

(1)  Any appropriate filtering mechanisms are applied to determine
     whether the notification should be sent to the management target.
     If such filtering mechanisms determine that the notification should
     not be sent, processing continues with the next management target.
     Otherwise,

(2)  The appropriate set of variable-bindings is retrieved from local
     MIB instrumentation within the relevant MIB view.  The relevant MIB
     view is determined by the securityLevel, securityModel,
     contextName, and securityName of the management target.  To
     determine whether a particular object instance is within the
     relevant MIB view, the isAccessAllowed abstract service interface
     is used, in the same manner as described in the preceding section.
     If the statusInformation returned by isAccessAllowed does not
     indicate accessAllowed, the notification is not sent to the
     management target.

(3)  A PDU is constructed using a locally unique request-id value, an
     operation type of SNMPv2-Trap or Inform, an error-status and
     error-index value of 0, and the variable-bindings supplied
     previously in step (2).

(4)  If the notification contains an SNMPv2-Trap PDU, the Dispatcher is
     called using the following abstract service interface:

         statusInformation =              -- sendPduHandle if success
                                          -- errorIndication if failure
           sendPdu(
           IN   transportDomain           -- transport domain to be used
           IN   transportAddress          -- destination network address
           IN   messageProcessingModel    -- typically, SNMP version
           IN   securityModel             -- Security Model to use
           IN   securityName              -- on behalf of this principal
           IN   securityLevel             -- Level of Security requested
           IN   contextEngineID           -- data from/at this entity
           IN   contextName               -- data from/in this context
           IN   pduVersion                -- the version of the PDU
ToP   noToC   RFC2263 - Page 15
           IN   PDU                       -- SNMP Protocol Data Unit
           IN   expectResponse            -- TRUE or FALSE
                )

     Where:

       -  The transportDomain is that of the management target.

       -  The transportAddress is that of the management target.

       -  The messageProcessingModel is that of the management target.

       -  The securityModel is that of the management target.

       -  The securityName is that of the management target.

       -  The securityLevel is that of the management target.

       -  The contextEngineID is the value originally determined for the
          notification.

       -  The contextName is the value originally determined for the
          notification.

       -  The pduVersion is the version of the PDU to be sent.

       -  The PDU is the value constructed in step (3) above.

       -  The expectResponse argument indicates that no response is
          expected.

     Otherwise,

(5)  If the notification contains an Inform PDU, then:

      a)  The Dispatcher is called using the sendPdu abstract service
          interface as described in step (4) above, except that the
          expectResponse argument indicates that a response is expected.

      b)   The application caches information about the management
          target.

      c)  If a response is received within an appropriate time interval
          from the transport endpoint of the management target, the
          notification is considered acknowledged and the cached
          information is deleted.  Otherwise,
ToP   noToC   RFC2263 - Page 16
      d)  If a response is not received within an appropriate time
          period, or if a report indication is received, information
          about the management target is retrieved from the cache, and
          steps a) through d) are repeated.  The number of times these
          steps are repeated is equal to the previously determined retry
          count.  If this retry count is exceeded, the acknowledgement
          of the notification is considered to have failed, and
          processing of the notification for this management target is
          halted.

   Responses to Inform PDU notifications will be received via the
   processResponsePDU abstract service interface.

3.4.  Notification Receiver Applications

   Notification receiver applications receive SNMP Notification messages
   from the Dispatcher.  Before any messages can be received, the
   notification receiver must register with the Dispatcher using the
   registerContextEngineID abstract service interface.  The parameters
   used are:

       -  The contextEngineID is an undefined 'wildcard' value.
          Notifications are delivered to a registered notification
          receiver regardless of the contextEngineID contained in the
          notification message.

       -  The pduType indicates the type of notifications that the
          application wishes to receive (for example, SNMPv2-Trap PDUs
          or Inform PDUs).

   Once the notification receiver has registered with the Dispatcher,
   messages are received using the processPdu abstract service
   interface.  Parameters are:

       -  The messageProcessingModel indicates which Message Processing
          Model received and processed the message.

       -  The securityModel is the value from the received message.

       -  The securityName is the value from the received message.

       -  The securityLevel is the value from the received message.

       -  The contextEngineID is the value from the received message.

       -  The contextName is the value from the received message.
ToP   noToC   RFC2263 - Page 17
       -  The pduVersion indicates the version of the PDU in the
          received message.

       -  The PDU is the value from the received message.

       -  The maxSizeResponseScopedPDU is the maximum allowable size of
          a ScopedPDU containing a Response PDU (based on the maximum
          message size that the originator of the message can accept).

       -  If the message contains an SNMPv2-Trap PDU, the stateReference
          is undefined and unused.  Otherwise, the stateReference is a
          value which references cached information about the
          notification.  This value must be returned to the Dispatcher
          in order to generate a response.

   When an SNMPv2-Trap PDU is delivered to a notification receiver
   application, it first extracts the SNMP operation type, request-id,
   error-status, error-index, and variable-bindings from the PDU.  After
   this, processing depends on the particular implementation.

   When an Inform PDU is received, the notification receiver application
   follows the following procedure:

(1)  The SNMPv2 operation type, request-id, error-status, error-index,
     and variable-bindings are extracted from the PDU.

(2)  A Response PDU is constructed using the extracted request-id and
     variable-bindings, and with error-status and error-index both set
     to 0.

(3)  The Dispatcher is called to generate a response message using the
     returnResponsePdu abstract service interface.  Parameters are:

       -  The messageProcessingModel is the value from the processPdu
          call.

       -  The securityModel is the value from the processPdu call.

       -  The securityName is the value from the processPdu call.

       -  The securityLevel is the value from the processPdu call.

       -  The contextEngineID is the value from the processPdu call.

       -  The contextName is the value from the processPdu call.

       -  The pduVersion indicates the version of the PDU to be
          returned.
ToP   noToC   RFC2263 - Page 18
       -  The PDU is the result generated in step (2) above.

       -  The maxSizeResponseScopedPDU is a local value indicating the
          maximum size of a ScopedPDU that the application can accept.

       -  The stateReference is the value from the processPdu call.

       -  The statusInformation indicates that no error occurred and
          that a response should be generated.



(page 18 continued on part 2)

Next Section