Network Working Group J. Case Request for Comments: 2570 SNMP Research, Inc. Category: Informational R. Mundy TIS Labs at Network Associates, Inc. D. Partain Ericsson B. Stewart Cisco Systems April 1999 Introduction to Version 3 of the Internet-standard Network Management Framework Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (1999). All Rights Reserved.
AbstractThe purpose of this document is to provide an overview of the third version of the Internet-standard Management Framework, termed the SNMP version 3 Framework (SNMPv3). This Framework is derived from and builds upon both the original Internet-standard Management Framework (SNMPv1) and the second Internet-standard Management Framework (SNMPv2). The architecture is designed to be modular to allow the evolution of the Framework over time. 1 Introduction .....................................................2 2 The Internet Standard Management Framework .......................3 2.1 Basic Structure and Components .................................3 2.2 Architecture of the Internet Standard Management Framework .....3 3 The SNMPv1 Management Framework ..................................4 3.1 The SNMPv1 Data Definition Language ............................5 3.2 Management Information .........................................6 3.3 Protocol Operations ............................................6 3.4 SNMPv1 Security and Administration .............................6
4 The SNMPv2 Management Framework ..................................7 5 The SNMPv3 Working Group .........................................8 6 SNMPv3 Framework Module Specifications ..........................10 6.1 Data Definition Language ......................................10 6.2 MIB Modules ...................................................11 6.3 Protocol Operations and Transport Mappings ....................12 6.4 SNMPv3 Security and Administration ............................12 7 Document Summaries ..............................................13 7.1 Structure of Management Information ...........................13 7.1.1 Base SMI Specification ......................................13 7.1.2 Textual Conventions .........................................14 7.1.3 Conformance Statements ......................................15 7.2 Protocol Operations ...........................................15 7.3 Transport Mappings ............................................15 7.4 Protocol Instrumentation ......................................16 7.5 Architecture / Security and Administration ....................16 7.6 Message Processing and Dispatch (MPD) .........................16 7.7 SNMP Applications .............................................17 7.8 User-based Security Model (USM) ...............................17 7.9 View-based Access Control (VACM) ..............................18 7.10 SNMPv3 Coexistence and Transition ............................18 8 Security Considerations .........................................19 9 Editors' Addresses ..............................................19 10 References .....................................................20 11 Full Copyright Statement .......................................23
the more detailed documents shall prevail. Further, the detailed documents attempt to maintain separation between the various component modules in order to specify well- defined interfaces between them. This roadmap document, however, takes a different approach and attempts to provide an integrated view of the various component modules in the interest of readability.
* a data definition language, * definitions of management information (the Management Information Base, or MIB), * a protocol definition, and * security and administration. Over time, as the Framework has evolved from SNMPv1, through SNMPv2, to SNMPv3, the definitions of each of these architectural components have become richer and more clearly defined, but the fundamental architecture has remained consistent. One prime motivator for this modularity was to enable the ongoing evolution of the Framework as is documented in RFC 1052 . When originally envisioned, this capability was to be used to ease the transition from SNMP-based management of internets to management based on OSI protocols. To this end, the framework was architected with a protocol-independent data definition language and Management Information Base along with a MIB-independent protocol. This separation was designed to allow the SNMP-based protocol to be replaced without requiring the management information to be redefined or reinstrumented. History has shown that the selection of this architecture was the right decision for the wrong reason -- it turned out that this architecture has eased the transition from SNMPv1 to SNMPv2 and from SNMPv2 to SNMPv3 rather than easing the transition away from management based on the Simple Network Management Protocol. The SNMPv3 Framework builds and extends these architectural principles by: * building on these four basic architectural components, in some cases incorporating them from the SNMPv2 Framework by reference, and * by using these same layering principles in the definition of new capabilities in the security and administration portion of the architecture. Those who are familiar with the architecture of the SNMPv1 Management Framework and the SNMPv2 Management Framework will find many familiar concepts in the architecture of the SNMPv3 Management Framework. However, in some cases, the terminology may be somewhat different.
STD 16, RFC 1155  which defines the Structure of Management Information (SMI), the mechanisms used for describing and naming objects for the purpose of management. * STD 16, RFC 1212  which defines a more concise description mechanism for describing and naming management information objects, but which is wholly consistent with the SMI. * STD 15, RFC 1157  which defines the Simple Network Management Protocol (SNMP), the protocol used for network access to managed objects and event notification. Note this document also defines an initial set of event notifications. Additionally, two documents are generally considered to be companions to these three: * STD 17, RFC 1213  which contains definitions for the base set of management information * RFC 1215  defines a concise description mechanism for defining event notifications, which are called traps in the SNMPv1 protocol. It also specifies the generic traps from RFC 1157 in the concise notation. These documents describe the four parts of the first version of the SNMP Framework. RFC 1215 was put forward with the status of "Informational", which was never updated because it was believed that the second version of the SNMP Framework would replace the first version. Note that the SNMPv1 data definition language is sometimes
referred to as SMIv1. RFC 1066 , and was subsequently used to define MIB-II as specified in RFC 1213 . Later, after the publication of MIB-II, a different approach to management information definition was taken from the earlier approach of having a single committee staffed by generalists work on a single document to define the Internet-standard MIB. Rather, many mini-MIB documents were produced in a parallel and distributed fashion by groups chartered to produce a specification for a focused portion of the Internet-standard MIB and staffed by personnel with expertise in those particular areas ranging from various aspects of network management, to system management, and application management.
Finally, the SNMPv1 Framework introduces access control based on a concept called an SNMP MIB view. The SNMPv3 Framework specifies a fundamentally similar concept called view-based access control. With this capability, SNMPv3 provides the means for controlling access to information on managed devices. However, while the SNMPv1 Framework anticipated the definition of multiple authentication schemes, it did not define any such schemes other than a trivial authentication scheme based on community strings. This was a known fundamental weakness in the SNMPv1 Framework but it was thought at that time that the definition of commercial grade security might be contentious in its design and difficult to get approved because "security" means many different things to different people. To that end, and because some users do not require strong authentication, the SNMPv1 architected an authentication service as a separate block to be defined "later" and the SNMPv3 Framework provides an architecture for use within that block as well as a definition for its subsystems. 10]. SNMPv2 provides several advantages over SNMPv1, including: * expanded data types (e.g., 64 bit counter) * improved efficiency and performance (get-bulk operator) * confirmed event notification (inform operator) * richer error handling (errors and exceptions) * improved sets, especially row creation and deletion * fine tuning of the data definition language However, the SNMPv2 Framework, as described in these documents, is incomplete in that it does not meet the original design goals of the SNMPv2 project. The unmet goals included provision of security and administration delivering so-called "commercial grade" security with * authentication: origin identification, message integrity, and some aspects of replay protection; * privacy: confidentiality;
* authorization and access control; and * suitable remote configuration and administration capabilities for these features. The SNMPv3 Management Framework, as described in this document and the companion documents, addresses these significant deficiencies. RFC 1351 - RFC 1353], * "SMP" circa 1992-1993, * "The Party-based SNMPv2" circa 1993-1995 [RFC 1441 - RFC 1452]. Each of these efforts incorporated commercial grade, industrial strength security including authentication, privacy, authorization, view-based access control, and administration, including remote configuration. These efforts fed the development of the SNMPv2 Management Framework as described in RFCs 1902 - 1908. However, the Framework described in those RFCs had no standards-based security and administrative framework of its own; rather, it was associated with multiple security and administrative frameworks, including: * "The Community-based SNMPv2" (SNMPv2c) [RFC 1901], * "SNMPv2u" [RFCs 1909 - 1910] and
* "SNMPv2*". SNMPv2c had the endorsement of the IETF but no security and administration whereas both SNMPv2u and SNMPv2* had security but lacked the endorsement of the IETF. The SNMPv3 Working Group was chartered to produce a single set of specifications for the next generation of SNMP, based upon a convergence of the concepts and technical elements of SNMPv2u and SNMPv2*, as was suggested by an advisory team which was formed to provide a single recommended approach for SNMP evolution. In so doing, the Working Group charter defined the following objectives: * accommodate the wide range of operational environments with differing management demands; * facilitate the need to transition from previous, multiple protocols to SNMPv3; * facilitate the ease of setup and maintenance activities. In the initial work of the SNMPv3 Working Group, the group focused on security and administration, including * authentication and privacy, * authorization and view-based access control, and * standards-based remote configuration of the above. The SNMPv3 Working Group did not "reinvent the wheel," but reused the SNMPv2 Draft Standard documents, i.e., RFCs 1902 through 1908 for those portions of the design that were outside the focused scope. Rather, the primary contributors to the SNMPv3 Working Group, and the Working Group in general, devoted their considerable efforts to addressing the missing link -- security and administration -- and in the process made invaluable contributions to the state-of-the-art of management. They produced a design based on a modular architecture with evolutionary capabilities with emphasis on layering. As a result, SNMPv3 can be thought of as SNMPv2 with additional security and administration capabilities.
In doing so, the Working Group achieved the goal of producing a single specification which has not only the endorsement of the IETF but also has security and administration. STD 58, RFC 2578, "Structure of Management Information Version 2 (SMIv2)" , and related specifications. These documents are updates of RFCs 1902 - 1904 [4-6] which have evolved independently from the other parts of the framework and were republished as STD 58, RFCs 2578 - 2580 [26-28] when promoted from Draft Standard.
The Structure of Management Information (SMIv2) defines fundamental data types, an object model, and the rules for writing and revising MIB modules. Related specifications include STD 58, RFCs 2579, 2580. The updated data definition language is sometimes referred to as SMIv2. STD 58, RFC 2579, "Textual Conventions for SMIv2" , defines an initial set of shorthand abbreviations which are available for use within all MIB modules for the convenience of human readers and writers. STD 58, RFC 2580, "Conformance Statements for SMIv2" , defines the format for compliance statements which are used for describing requirements for agent implementations and capability statements which can be used to document the characteristics of particular implementations. RFC 2400]. As of this writing, there are nearly 100 standards-based MIB modules with a total number of defined objects approaching 10,000. In addition, there is an even larger and growing number of enterprise-specific MIB modules defined unilaterally by various vendors, research groups, consortia, and the like resulting in an unknown and virtually uncountable number of defined objects. In general, management information defined in any MIB module, regardless of the version of the data definition language used, can be used with any version of the protocol. For example, MIB modules defined in terms of the SNMPv1 SMI (SMIv1) are compatible with the SNMPv3 Management Framework and can be conveyed by the protocols specified therein. Furthermore, MIB modules defined in terms of the SNMPv2 SMI (SMIv2) are compatible with SNMPv1 protocol operations and can be conveyed by it. However, there is one noteworthy exception:
the Counter64 datatype which can be defined in a MIB module defined in SMIv2 format but which cannot be conveyed by an SNMPv1 protocol engine. RFC 1905, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)" . The SNMPv3 Framework is designed to allow various portions of the architecture to evolve independently. For example, it might be possible for a new specification of protocol operations to be defined within the Framework to allow for additional protocol operations. The specification of transport mappings is found in RFC 1906, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)" . RFC 2571, "An Architecture for Describing SNMP Management Frameworks" , describes the overall architecture with special emphasis on the architecture for security and administration. RFC 2572, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)" , describes the possibly multiple message processing models and the dispatcher portion that can be a part of an SNMP protocol engine. RFC 2573, "SNMP Applications" , describes the five types of applications that can be associated with an SNMPv3 engine and their elements of procedure. RFC 2574, "The User-Based Security Model for Version 3 of the Simple Network Management Protocol (SNMPv3)" , describes the threats, mechanisms, protocols, and supporting data used to provide SNMP message-level security.
RFC 2575, "View-based Access Control Model for the Simple Network Management Protocol (SNMP)" , describes how view-based access control can be applied within command responder and notification originator applications. The Work in Progress, "Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework" , describes coexistence between the SNMPv3 Management Framework, the SNMPv2 Management Framework, and the original SNMPv1 Management Framework. 11] language. STD 58, RFCs 2578, 2579, 2580, together define the MIB module language, specify the base data types for objects, specify a core set of short-hand specifications for data types called textual conventions, and specify a few administrative assignments of object identifier (OID) values. The SMI is divided into three parts: module definitions, object definitions, and notification definitions. (1) Module definitions are used when describing information modules. An ASN.1 macro, MODULE-IDENTITY, is used to convey concisely the semantics of an information module. (2) Object definitions are used when describing managed objects. An ASN.1 macro, OBJECT-TYPE, is used to convey concisely the syntax and semantics of a managed object. (3) Notification definitions are used when describing unsolicited transmissions of management information. An ASN.1 macro, NOTIFICATION-TYPE, is used to convey concisely the syntax and semantics of a notification.
STD 58, RFC 2578 specifies the base data types for the MIB module language, which include: Integer32, enumerated integers, Unsigned32, Gauge32, Counter32, Counter64, TimeTicks, INTEGER, OCTET STRING, OBJECT IDENTIFIER, IpAddress, Opaque, and BITS. It also assigns values to several object identifiers. STD 58, RFC 2578 further defines the following constructs of the MIB module language: * IMPORTS to allow the specification of items that are used in a MIB module, but defined in another MIB module. * MODULE-IDENTITY to specify for a MIB module a description and administrative information such as contact and revision history. * OBJECT-IDENTITY and OID value assignments to specify a an OID value. * OBJECT-TYPE to specify the data type, status, and the semantics of managed objects. * SEQUENCE type assignment to list the columnar objects in a table. * NOTIFICATION-TYPE construct to specify an event notification. STD 58, RFC 2579, Textual Conventions for SMIv2 , to define the construct, TEXTUAL-CONVENTION, of the MIB module language used to define such new types and to specify an initial set of textual conventions available to all MIB modules.
STD 58, RFC 2580, Conformance Statements for SMIv2 , to define the constructs of the MIB module language used for these purposes. There are two kinds of constructs: (1) Compliance statements are used when describing requirements for agents with respect to object and event notification definitions. The MODULE-COMPLIANCE construct is used to convey concisely such requirements. (2) Capability statements are used when describing capabilities of agents with respect to object and event notification definitions. The AGENT-CAPABILITIES construct is used to convey concisely such capabilities. Finally, collections of related objects and collections of related event notifications are grouped together to form a unit of conformance. The OBJECT-GROUP construct is used to convey concisely the objects in and the semantics of an object group. The NOTIFICATION-GROUP construct is used to convey concisely the event notifications in and the semantics of an event notification group. RFC 1905, Protocol Operations for SNMPv2 , to define the operations of the protocol with respect to the sending and receiving of the PDUs. RFC 1906, Transport Mappings for SNMPv2 , to define how SNMP messages maps onto an initial set of transport domains. Other mappings may be defined in the future. Although several mappings are defined, the mapping onto UDP is the preferred mapping. As such, to provide for the greatest level of interoperability, systems which choose to deploy other mappings should also provide for proxy service to the UDP mapping.
RFC 1907, the Management Information Base for SNMPv2 document  to define managed objects which describe the behavior of an SNMPv2 entity. RFC 2571, "An Architecture for Describing SNMP Management Frameworks" , to define an architecture for specifying SNMP Management Frameworks. While addressing general architectural issues, it focuses on aspects related to security and administration. It defines a number of terms used throughout the SNMPv3 Management Framework and, in so doing, clarifies and extends the naming of * engines and applications, * entities (service providers such as the engines in agents and managers), * identities (service users), and * management information, including support for multiple logical contexts. The document contains a small MIB module which is implemented by all authoritative SNMPv3 protocol engines. RFC 2572, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)" , describes the Message Processing and Dispatching for SNMP messages within the SNMP architecture. It defines the procedures for dispatching potentially multiple versions of SNMP messages to the proper SNMP Message Processing Models, and for dispatching PDUs to SNMP applications. This document also describes one Message Processing Model - the SNMPv3 Message Processing Model. It is expected that an SNMPv3 protocol engine MUST support at least one Message Processing Model. An SNMPv3 protocol engine MAY support more than one, for example in a multi-lingual system which provides simultaneous support of SNMPv3 and SNMPv1 and/or SNMPv2c.
RFC 2573, "SNMP Applications" to describe the five types of applications which can be associated with an SNMP engine. They are: Command Generators, Command Responders, Notification Originators, Notification Receivers, and Proxy Forwarders. The document also defines MIB modules for specifying targets of management operations (including notifications), for notification filtering, and for proxy forwarding. RFC 2574, the "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)" describes the User-based Security Model for SNMPv3. It defines the Elements of Procedure for providing SNMP message-level security. The document describes the two primary and two secondary threats which are defended against by the User-based Security Model. They are: modification of information, masquerade, message stream modification, and disclosure. The USM utilizes MD5  and the Secure Hash Algorithm  as keyed hashing algorithms  for digest computation to provide data integrity * to directly protect against data modification attacks, * to indirectly provide data origin authentication, and * to defend against masquerade attacks. The USM uses loosely synchronized monotonically increasing time indicators to defend against certain message stream modification attacks. Automatic clock synchronization mechanisms based on the protocol are specified without dependence on third-party time sources and concomitant security considerations. The USM uses the Data Encryption Standard (DES)  in the cipher block chaining mode (CBC) if disclosure protection is desired. Support for DES in the USM is optional, primarily because export and usage restrictions in many countries make it difficult to export and use products which include cryptographic technology.
The document also includes a MIB suitable for remotely monitoring and managing the configuration parameters for the USM, including key distribution and key management. An entity may provide simultaneous support for multiple security models as well as multiple authentication and privacy protocols. All of the protocols used by the USM are based on pre-placed keys, i.e., private key mechanisms. The SNMPv3 architecture permits the use of asymmetric mechanisms and protocols (commonly called "public key cryptography") but as of this writing, no such SNMPv3 security models utilizing public key cryptography have been published. RFC 2575, the "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)" is to describe the View-based Access Control Model for use in the SNMP architecture. The VACM can simultaneously be associated in a single engine implementation with multiple Message Processing Models and multiple Security Models. It is architecturally possible to have multiple, different, Access Control Models active and present simultaneously in a single engine implementation, but this is expected to be *_very_* rare in practice and *_far_* less common than simultaneous support for multiple Message Processing Models and/or multiple Security Models.
* The SNMPv1 Message Processing Model and Community-Based Security Model, which provides mechanisms for adapting SNMPv1 and SNMPv2c into the View-Based Access Control Model (VACM) 
 Rose, M. and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based internets", STD 16, RFC 1155, May 1990.  Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991.  Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990.  SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1902, January 1996.  SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1903, January 1996.  SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1904, January 1996.  SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996.  SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996.  SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Management Information Base for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1907, January 1996.  SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Coexistence between Version 1 and Version 2 of the Internet-standard Network Management Framework", RFC 1908, January 1996.  Information processing systems - Open Systems Interconnection - Specification of Abstract Syntax Notation One (ASN.1), International Organization for Standardization. International Standard 8824, (December, 1987).
 McCloghrie, K. and M. Rose, "Management Information Base for Network Management of TCP/IP-based Internets", RFC 1066, August 1988.  McCloghrie, K. and M. Rose, "Management Information Base for Network Management of TCP/IP-based internets: MIB-II, STD 17, RFC 1213, March 1991.  Cerf, V., "IAB Recommendations for the Development of Internet Network Management Standards", RFC 1052, April 1988.  Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999.  Case, J., Harrington, D., Presuhn, R. and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999.  Levi, D., Meyer, P. and B. Stewart, "SNMP Applications", RFC 2573, April 1999.  Blumenthal, U. and B. Wijnen, "The User-Based Security Model for Version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999.  Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access Control Model for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999.  Frye, R., Levi, D., Routhier, S., and B. Wijnen, "Coexistence between Version 1, Version 2, and Version 3 of the Internet- standard Network Management Framework", Work in Progress.  Rivest, R., "Message Digest Algorithm MD5", RFC 1321, April 1992.  Secure Hash Algorithm. NIST FIPS 180-1, (April, 1995) http://csrc.nist.gov/fips/fip180-1.txt (ASCII) http://csrc.nist.gov/fips/fip180-1.ps (Postscript)  Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.  Data Encryption Standard, National Institute of Standards and Technology. Federal Information Processing Standard (FIPS) Publication 46-1. Supersedes FIPS Publication 46, (January, 1977; reaffirmed January, 1988).
 Rose, M., "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991.  McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.  McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999.  McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.