tech-invite   World Map     

3GPP     Specs     Glossaries     Architecture     IMS     UICC       IETF     RFCs     Groups     SIP     ABNFs       Search

RFC 4544


Pages: 83
Top     in Index     Prev     Next
 

Definitions of Managed Objects for Internet Small Computer System Interface (iSCSI)

Part 1 of 4, p. 1 to 14
None       Next RFC Part

Obsoleted by:    7147


Top       ToC       Page 1 
Network Working Group                                           M. Bakke
Request for Comments: 4544                                 Cisco Systems
Category: Standards Track                                     M. Krueger
                                                         Hewlett-Packard
                                                            T. McSweeney
                                                                     IBM
                                                               J. Muchow
                                                            Qlogic Corp.
                                                                May 2006


                    Definitions of Managed Objects
          for Internet Small Computer System Interface (iSCSI)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This memo defines a portion of the Management Information Base (MIB)
   for use with network management protocols in TCP/IP-based internets.
   In particular, it defines objects for managing a client using the
   Internet Small Computer System Interface (iSCSI) protocol (SCSI over
   TCP).

Top       Page 2 
Table of Contents

   1. Introduction ....................................................3
   2. Specification of Requirements ...................................3
   3. The Internet-Standard Management Framework ......................3
   4. Relationship to Other MIB Modules ...............................3
   5. Relationship to SNMP Contexts ...................................4
   6. Discussion ......................................................4
      6.1. iSCSI MIB Object Model .....................................5
      6.2. iSCSI MIB Table Structure ..................................6
      6.3. iscsiInstance ..............................................7
      6.4. iscsiPortal ................................................7
      6.5. iscsiTargetPortal ..........................................9
      6.6. iscsiInitiatorPortal .......................................9
      6.7. iscsiNode .................................................10
      6.8. iscsiTarget ...............................................10
      6.9. iscsiTgtAuthorization .....................................11
      6.10. iscsiInitiator ...........................................11
      6.11. iscsiIntrAuthorization ...................................11
      6.12. iscsiSession .............................................11
      6.13. iscsiConnection ..........................................12
      6.14. IP Addresses and TCP Port Numbers ........................12
      6.15. Descriptors: Using OIDs in Place of Enumerated Types .....13
      6.16. Notifications ............................................13
   7. MIB Definitions ................................................14
   8. Security Considerations ........................................79
   9. IANA Considerations ............................................80
   10. Normative References ..........................................80
   11. Informative References ........................................81
   12. Acknowledgements ..............................................81

Top      ToC       Page 3 
1.  Introduction

   This document defines a MIB module for iSCSI [RFC3720], used to
   manage devices that implement the iSCSI protocol.

2.  Specification of Requirements

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

3.  The Internet-Standard Management Framework

   For a detailed overview of the documents that describe the current
   Internet-Standard Management Framework, please refer to section 7 of
   RFC 3410 [RFC3410].

   Managed objects are accessed via a virtual information store, termed
   the Management Information Base or MIB.  MIB objects are generally
   accessed through the Simple Network Management Protocol (SNMP).
   Objects in the MIB are defined using the mechanisms defined in the
   Structure of Management Information (SMI).  This memo specifies a MIB
   module that is compliant to the SMIv2, which is described in STD 58,
   RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
   [RFC2580].

4.  Relationship to Other MIB Modules

   The iSCSI MIB module is normally layered between the SCSI MIB module
   [RFC4455] and the TCP MIB module [RFC4022], and makes use of the IP
   Storage (IPS) Identity Authentication MIB module [RFC4545].  Here is
   how these modules are related:

   SCSI MIB  Within systems where a SCSI layer is present, each
             iscsiNode, whether it has an initiator role, target role,
             or both, is related to one SCSI device within the SCSI MIB
             module.  In this case, the iscsiNodeTransportType attribute
             points to the SCSI transport object within the SCSI MIB
             module, which in turn contains an attribute that points
             back to the iscsiNode.  In this way, a management station
             can navigate between the two MIB modules.  In systems where
             a SCSI layer is not present, such as within an iSCSI proxy
             device, the iscsiNodeTransportType attribute points to the
             appropriate corresponding object within the appropriate
             MIB, or is left blank.

Top      ToC       Page 4 
   TCP MIB   Each iSCSI connection is related to one transport-level
             connection.  Currently, iSCSI uses only TCP; the iSCSI
             connection is related to a TCP connection using its normal
             (protocol, source address, source port, destination
             address, destination port) 5-tuple.

   AUTH MIB  Each iSCSI node that serves a target role can have a list
             of authorized initiators.  Each of the entries in this list
             points to an identity within the IPS Identity
             Authentication MIB module that will be allowed to access
             the target.  iSCSI nodes that serve in an initiator role
             can also have a list of authorized targets.  Each of the
             entries in this list points to an identity within the Auth
             MIB module to which the initiator should attempt to
             establish sessions.  The Auth MIB module includes
             information used to identify initiators and targets by
             their iSCSI name, IP address, and/or credentials.

   This MIB module imports objects from RFCs 2578 [RFC2578], 2579
   [RFC2579], 2580 [RFC2580], and 3411 [RFC3411].  It also imports
   textual conventions from the INET-ADDRESS-MIB [RFC4001].

5.  Relationship to SNMP Contexts

   Each non-scalar object in the iSCSI MIB module is indexed first by an
   iSCSI Instance.  Each instance is a collection of nodes, portals,
   sessions, etc., that can define a physical or virtual partitioning of
   an iSCSI-capable device.  The use of an instance works well with
   partitionable or hierarchical storage devices and fits in logically
   with other management schemes.  Instances do not replace SNMP
   contexts, however they do provide a very simple way to assign a
   virtual or physical partition of a device to one or more SNMP
   contexts, without having to do so for each individual node, portal,
   and session row.

6.  Discussion

   This MIB module structure supplies configuration, fault, and
   statistics information for iSCSI devices [RFC3720].  It is structured
   around the well-known iSCSI objects, such as targets, initiators,
   sessions, connections, and the like.

   This MIB module may also be used to configure access to iSCSI
   targets, by creating iSCSI Portals and authorization list entries.

Top      ToC       Page 5 
   It is worthwhile to note that this is an iSCSI MIB module and as such
   reflects only iSCSI objects.  This module does not contain
   information about the SCSI-layer attributes of a device.  If a SCSI
   layer is present, the SCSI MIB module, currently under development,
   may be used to manage SCSI information for a device.

   The iSCSI MIB module consists of several "objects", each of which is
   represented by one or more tables.  This section contains a brief
   description of the "object" hierarchy and a description of each
   object, followed by a discussion of the actual table structure within
   the objects.

6.1.  iSCSI MIB Object Model

   The top-level object in this structure is the iSCSI instance, which
   "contains" all of the other objects.

   iscsiInstance
      -- A distinct iSCSI entity within the managed system.
      iscsiPortal
         -- An IP address used by this instance
         iscsiTargetPortal
            -- Contains portal information relevant when the portal
            -- is used to listen for connections to its targets.
         iscsiInitiatorPortal
            -- Contains portal information relevant when the portal
            -- is used to initiate connections to other targets.
      iscsiNode
         -- An iSCSI node can act as an initiator, a target, or both.
         -- Contains generic (non-role-specific) information.
         iscsiTarget
            -- Target-specific iSCSI node information.
            iscsiTgtAuth
               -- A list of initiator identities that are allowed
               -- access to this target.
         iscsiInitiator
            -- Initiator-specific iSCSI node information.
            iscsiIntrAuth
               -- A list of target identities to which this initiator
               -- is configured to establish sessions.
         iscsiSession
            -- An active iSCSI session between an initiator and target.
            -- The session's direction may be Inbound (outside
            -- initiator to our target) or Outbound (our initiator to
            -- an outside target).
            iscsiConnection
               -- An active TCP connection within an iSCSI session.

Top      ToC       Page 6 
   An iSCSI node can be an initiator, a target, or both.  The iSCSI
   node's portals may be used to initiate connections (initiator) or
   listen for connections (target), depending on whether the iSCSI node
   is acting as an initiator or target.  The iSCSI MIB module assumes
   that any target may be accessed via any portal that can take on a
   target role, although other access controls not reflected in the
   module might limit this.

6.2.  iSCSI MIB Table Structure

   Each iSCSI object exports one or more tables: an attributes table,
   and zero or more statistics tables, which augment the attributes
   table.  Since iSCSI is an evolving standard, it is much cleaner to
   provide statistics and attributes as separate tables, allowing
   attributes and statistics to be added independently.  In a few cases,
   there are multiple categories of statistics that will likely grow; in
   this case, an object will contain multiple statistics tables.

   iscsiObjects
     iscsiDescriptors
     iscsiInstance
       iscsiInstanceAttributesTable
       iscsiInstanceSsnErrorStatsTable
         -- Counts abnormal session terminations
     iscsiPortal
       iscsiPortalAttributesTable
     iscsiTargetPortal
       iscsiTgtPortalAttributesTable
     iscsiInitiatorPortal
       iscsiIntrPortalAttributesTable
     iscsiNode
       iscsiNodeAttributesTable
     iscsiTarget
       iscsiTargetAttributesTable
       iscsiTargetLoginStatsTable
         -- Counts successful and unsuccessful logins
       iscsiTargetLogoutStatsTable
         -- Counts normal and abnormal logouts
     iscsiTgtAuthorization
       iscsiTgtAuthAttributesTable
     iscsiInitiator
       iscsiInitiatorAttributesTable
       iscsiInitiatorLoginStatsTable
         -- Counts successful and unsuccessful logins
       iscsiInitiatorLogoutStatsTable
         -- Counts normal and abnormal logouts
     iscsiIntrAuthorization
       iscsiIntrAuthAttributesTable

Top      ToC       Page 7 
     iscsiSession
       iscsiSessionAttributesTable
       iscsiSessionStatsTable
         -- Performance-related counts (requests, responses, bytes)
       iscsiSessionCxnErrorStatsTable
         -- Counts digest errors, connection errors, etc.
     iscsiConnection
       iscsiConnectionAttributesTable

   Note that this module does not attempt to count everything that could
   be counted; it is designed to include only those counters that would
   be useful for identifying performance, security, and fault problems
   from a management station.

6.3.  iscsiInstance

   The iscsiInstanceAttributesTable is the primary table of the iSCSI
   MIB module.  Every table entry in this module is "owned" by exactly
   one iSCSI instance; all other table entries in the module include
   this table's index as their primary index.

   Most implementations will include just one iSCSI instance row in this
   table.  However, this table exists to allow for multiple virtual
   instances.  For example, many IP routing products now allow multiple
   virtual routers.  The iSCSI MIB module has the same premise; a large
   system could be "partitioned" into multiple, distinct virtual
   systems.

   This also allows a single SNMP agent to proxy for multiple
   subsystems, perhaps a set of stackable devices, each of which has one
   or even more instances.

   The instance attributes include the iSCSI vendor and version, as well
   as information on the last target or initiator at the other end of a
   session that caused a session failure.

   The iscsiInstanceSsnErrorStatsTable augments the attributes table and
   provides statistics on session failures due to digest, connection, or
   iSCSI format errors.

6.4.  iscsiPortal

   The iscsiPortalAttributesTable lists iSCSI portals that can be used
   to listen for connections to targets, to initiate connections to
   other targets, or to do both.

Top      ToC       Page 8 
   Each row in the table includes an IP address (either v4 or v6), and a
   transport protocol (currently only TCP is defined).  Each portal may
   have additional attributes, depending on whether it is an initiator
   portal, a target portal, or both.  Initiator portals also have portal
   tags; these are placed in corresponding rows in the
   iscsiIntrPortalAttributesTable.  Target portals have both portal tags
   and ports (e.g., TCP listen ports if the transport protocol is TCP);
   these are placed in rows in the iscsiTgtPortalAttributesTable.

   Portal rows, along with their initiator and target portal
   counterparts, may be created and destroyed through this MIB module by
   a management station.  Rows in the initiator and target portal tables
   are created and destroyed automatically by the agent, whenever a row
   is created or destroyed in the iscsiPortalAttributesTable, or if the
   value of iscsiPortalRoles changes.  Attributes in these tables may
   then be modified by the management station if the agent
   implementation allows.

   When created by a management station, the iscsiPortalRoles attribute
   is used to control row creation in the initiator and target portal
   tables.  Creating a row with the targetTypePortal bit set in
   iscsiPortalRoles will cause the implementation to start listening for
   iSCSI connections on the portal.  Creating a row with the
   initiatorTypePortal bit set in iscsiPortalRoles will not necessarily
   cause connections to be established; it is left to the implementation
   whether and when to make use of the portal.  Both bits may be set if
   the portal is to be used by both initiator and target nodes.

   When deleting a row in the iscsiPortalAttibutesTable, all connections
   associated with that row are terminated.  The implementation may
   either terminate the connection immediately or request a clean
   shutdown as specified in [RFC3720].  An outbound connection (when an
   iscsiInitiatorPortal is deleted) matches the portal if its
   iscsiCxnLocalAddr matches the iscsiPortalAddr.  An inbound connection
   (when an iscsiTargetPortal is deleted) matches the portal if its
   iscsiCxnLocalAddr matches the iscsiPortalAddr, and its
   iscsiCxnLocalPort matches the iscsiTargetPortalPort.

   Individual objects within a row in this table may not be modified
   while the row is active.  For instance, changing the IP address of a
   portal requires that the rows associated with the old IP address be
   deleted, and new rows be created (in either order).

Top      ToC       Page 9 
6.5.  iscsiTargetPortal

   The iscsiTgtPortalAttributesTable contains target-specific attributes
   for iSCSI portals.  Rows in this table use the same indices as their
   corresponding rows in the iscsiPortalAttributesTable, with the
   addition of iscsiNodeIndex.

   Rows in this table are created when the targetTypePortal bit is set
   in the iscsiPortalRoles attribute of the corresponding
   iscsiPortalAttributesEntry; they are destroyed when this bit is
   cleared.

   This table contains the TCP (or other protocol) port on which the
   socket is listening for incoming connections.  It also includes a
   portal group aggregation tag; iSCSI target portals within this
   instance sharing the same tag can contain connections within the same
   session.

   This table will be empty for iSCSI instances that contain only
   initiators (such as iSCSI host driver implementations).

   Many implementations use the same target portal tag and protocol port
   for all nodes accessed via a portal.  These implementations will
   create a single row in the iscsiTgtPortalAttributeTable, with an
   iscsiNodeIndex of zero.

   Other implementations do not use the same tag and/or port for all
   nodes; these implementations will create a row in this table for each
   (portal, node) tuple, using iscsiNodeIndex to designate the node for
   this portal tag and port.

6.6.  iscsiInitiatorPortal

   The iscsiIntrPortalAttributesTable contains initiator-specific
   objects for iSCSI portals.  Rows in this table use the same indices
   as their corresponding entries in the iscsiPortalAttributesTable.  A
   row in this table is created when the initiatorTypePortal bit is set
   in the iscsiPortalRoles attribute; it is destroyed when this bit is
   cleared.

   Each row in this table contains a portal group aggregation tag,
   indicating which portals an initiator may use together within a
   multiple-connection session.

   This table will be empty for iSCSI instances that contain only
   targets (such as most iSCSI devices).

Top      ToC       Page 10 
   Many implementations use the same initiator tag for all nodes
   accessing targets via a given portal.  These implementations will
   create a single row in iscsiIntrPortalAttributeTable, with an
   iscsiNodeIndex of zero.

   Other implementations do not use the same tag and/or port for all
   nodes; these implementations will create a row in this table for each
   (portal, node) tuple, using iscsiNodeIndex to designate the node for
   this portal tag and port.

6.7.  iscsiNode

   The iscsiNodeAttributesTable contains a list of iSCSI nodes, each of
   which may have an initiator role, a target role, or both.

   This table contains the node's attributes that are common to both
   roles, such as its iSCSI name and alias string.  Attributes specific
   to initiators or targets are available in the iscsiTarget and
   iscsiInitiator objects.  Each row in this table that can fulfill a
   target role has a corresponding row in the iscsiTarget table; each
   entry that fulfills an initiator role has a row in the iscsiInitiator
   table.  Nodes such as copy managers that can take on both roles have
   a corresponding row in each table.

   This table also contains the login negotiations preferences for this
   node.  These objects indicate the values this node will offer or
   prefer in the operational negotiation phase of the login process.

   For most implementations, each entry in the table also contains a
   RowPointer to the transport table entry in the SCSI MIB module that
   this iSCSI node represents.  For implementations without a standard
   SCSI layer above iSCSI, such as an iSCSI proxy or gateway, this
   RowPointer can point to a row in an implementation-specific table
   that this iSCSI node represents.

6.8.  iscsiTarget

   The iscsiTargetAttributesTable contains target-specific attributes
   for iSCSI nodes.  Each entry in this table uses the same index values
   as its corresponding iscsiNode entry.

   This table contains attributes used to indicate the last failure that
   was (or should have been) sent as a notification.

   This table is augmented by the iscsiTargetLoginStatsTable and the
   iscsiTargetLogoutStatsTable, which count the numbers of normal and
   abnormal logins and logouts to this target.

Top      ToC       Page 11 
6.9.  iscsiTgtAuthorization

   The iscsiTgtAuthAttributesTable contains an entry for each initiator
   identifier that will be allowed to access the target under which it
   appears.  Each entry contains a RowPointer to a user identity in the
   IPS Authorization MIB module, which contains the name, address, and
   credential information necessary to authenticate the initiator.

6.10.  iscsiInitiator

   The iscsiInitiatorAttributesTable contains a list of initiator-
   specific attributes for iSCSI nodes.  Each entry in this table uses
   the same index values as its corresponding iscsiNode entry.

   Most implementations will include a single entry in this table,
   regardless of the number of physical interfaces the initiator may
   use.

   This table is augmented by the iscsiInitiatorLoginStatsTable and the
   iscsiInitiatorLogoutStatsTable, which count the numbers of normal and
   abnormal logins and logouts from this initiator.

6.11.  iscsiIntrAuthorization

   The iscsiIntrAuthAttributesTable contains an entry for each target
   identifier to which the initiator is configured to establish a
   session.

   Each entry contains a RowPointer to a user identity in the IPS
   Authorization MIB module, which contains the name, address, and
   credential information necessary to identify (for discovery purposes)
   and authenticate the target.

6.12.  iscsiSession

   The iscsiSessionAttributesTable contains a set of rows that list the
   sessions known to be existing locally for each node in each iSCSI
   instance.

   The session type for each session indicates whether the session is
   used for normal SCSI commands or for discovery using the SendTargets
   text command.  Discovery sessions that do not belong to any
   particular node have a node index attribute of zero.

Top      ToC       Page 12 
   The session direction for each session indicates whether it is an
   Inbound session or an Outbound session.  Inbound sessions are from
   some other initiator to the target node under which the session
   appears.  Outbound sessions are from the initiator node under which
   the session appears to a target outside this iSCSI instance.

   Many attributes may be negotiated when starting an iSCSI session.
   Most of these attributes are included in the session object.

   Some attributes, such as the integrity and authentication schemes,
   have some standard values that can be extended by vendors to include
   their own schemes.  These contain an object identifier, rather than
   the expected enumerated type, to allow these values to be extended by
   other MIB modules, such as an enterprise MIB module.

   The iscsiSessionStatsTable includes statistics related to
   performance; it counts iSCSI data bytes and PDUs.

   For implementations that support error recovery without terminating a
   session, the iscsiSessionCxnErrorStatsTable contains counters for the
   numbers of digest and connection errors that have occurred within the
   session.

6.13.  iscsiConnection

   The iscsiConnectionAttributesTable contains a list of active
   connections within each session.  It contains the IP addresses and
   TCP (or other protocol) ports of both the local and remote sides of
   the connection.  These may be used to locate other connection-related
   information and statistics in the TCP MIB module [RFC4022].

   The attributes table also contains a connection state.  This state is
   not meant to directly map to the state tables included within the
   iSCSI specification; they are meant to be simplified, higher-level
   definitions of connection state that provide information more useful
   to a user or network manager.

   No statistics are kept for connections.

6.14.  IP Addresses and TCP Port Numbers

   The IP addresses in this module are represented by two attributes,
   one of type InetAddressType, and the other of type InetAddress.
   These are taken from [RFC4001], which specifies how to support
   addresses that may be either IPv4 or IPv6.

Top      ToC       Page 13 
   The TCP port numbers that appear in a few of the structures are
   described as simply port numbers, with a protocol attribute
   indicating whether they are TCP ports or something else.  This will
   allow the module to be compatible with iSCSI over transports other
   than TCP in the future.

6.15.  Descriptors: Using OIDs in Place of Enumerated Types

   The iSCSI MIB module has a few attributes, namely, the digest method
   attributes, where an enumerated type would work well, except that an
   implementation may need to extend the attribute and add types of its
   own.  To make this work, this MIB module defines a set of object
   identities within the iscsiDescriptors subtree.  Each of these object
   identities is basically an enumerated type.

   Attributes that make use of these object identities have a value that
   is an Object Identifier (OID) instead of an enumerated type.  These
   OIDs can indicate either the object identities defined in this module
   or object identities defined elsewhere, such as in an enterprise MIB
   module.  Those implementations that add their own digest methods
   should also define a corresponding object identity for each of these
   methods within their own enterprise MIB module, and return its OID
   whenever one of these attributes is using that method.

6.16.  Notifications

   Three notifications are provided.  One is sent by an initiator
   detecting a critical login failure, another is sent by a target
   detecting a critical login failure, and the third is sent upon a
   session being terminated due to an abnormal connection or digest
   failure.  Critical failures are defined as those that may expose
   security-related problems that may require immediate action, such as
   failures due to authentication, authorization, or negotiation
   problems.  Attributes in the initiator, target, and instance objects
   provide the information necessary to send in the notification, such
   as the initiator or target name and IP address at the other end that
   may have caused the failure.

   To avoid sending an excessive number of notifications due to multiple
   errors counted, an SNMP agent implementing the iSCSI MIB module
   SHOULD NOT send more than three iSCSI notifications in any 10-second
   period.

   The 3-in-10 rule was chosen because one notification every three
   seconds was deemed often enough, but should two or three different
   notifications happen at the same time, it would not be desirable to
   suppress them.  Three notifications in 10 seconds is a happy medium,

Top      ToC       Page 14 
   where a short burst of notifications is allowed, without inundating
   the network and/or notification host with a large number of
   notifications.



(page 14 continued on part 2)

Next RFC Part