Tech-invite3GPPspaceIETFspace
959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 4455

Definition of Managed Objects for Small Computer System Interface (SCSI) Entities

Pages: 88
Proposed Standard
Errata
Part 4 of 4 – Pages 76 to 88
First   Prev   None

Top   ToC   RFC4455 - Page 76   prevText

10. Object Population Example: SCSI Target and Initiator Devices on a pSCSI Bus

This section provides a sample set of values for a parallel SCSI scenario in which a SCSI MIB module can be implemented. The example shown below is not a normative part of this document and makes some assumptions about the underlying implementation, which are not based on actual implementations. The respective sections describe the sequence of object instantiations and attempts to explain non-typical values for attributes that are unique to the scenario. Note: While populating the objects, the population of statistics is not considered. This scenario deals with a SCSI target and initiator devices attached to a parallel SCSI bus, defined by one of the SCSI-3 Parallel Interface standards (the version referenced in the MIB module is the 4th generation, called SPI-4). We assume that the SCSI initiator device is a Host Bus Adaptor (HBA), and the SCSI target device is a physical disk. We assume that the SCSI target device has one integrated logical unit, identified by a Logical Unit Number (LUN) of 0, which is the default LUN. The parallel SCSI transport only supports port identifiers, and not port names. The transport pointer is set to 0 since there is no MIB module defined for SPI-4. We assume an HBA as the SCSI initiator device and a disk as the SCSI target device. We assume that the SCSI target device has one logical unit, addressed by Logical Unit Number set to 0 (LUN0), which is the default LUN. Parallel SCSI has only port identifiers, no port names. The transport pointer for parallel SCSI is set to 0 since there is no reference transport (SPI) MIB module. Once the SCSI system is initialized, an SNMP agent should be able to view the values of variables populated in the ScsiDevice, ScsiInitiatorDevice, ScsiTargetDevice, ScsiPort, ScsiTargetPort, ScsiInitiatorPort, ScsiLogicalUnit, ScsiLUIdentifier objects. The ScsiAuthorizedIntr population depends on the transport and the implementation. As this example scenario is parallel SCSI, we deal with the ports. Hence the ScsiPortIndexOrZero is the index of the SCSI target port and ScsiAuthIntrDevOrPort is "port". Same is the case with the variables in scsiDscTgtDevOrPort. Note that "" means zero-length string.
Top   ToC   RFC4455 - Page 77

10.1. scsiInstance Table:

Attribute Value ---------- ------ scsiInstIndex 1 scsiInstAlias "pSCSI-1" scsiInstSoftwareIndex 1000 scsiInstVendorVersion "1.0a" scsiInstScsiNotificationsEnable true scsiInstStorageType nonVolatile

10.2. scsiDevice Table:

Attribute Value ---------- ------ scsiInstIndex 1 1 scsiDeviceIndex 1 2 scsiDeviceAlias "pSCSI-HBA" "pSCSI-Disk1" scsiDeviceRole initiator(1) target(0) scsiDevicePortNumber 1 1

10.3. scsiPort Table:

Attribute Value ---------- ------ scsiInstIndex 1 1 scsiDeviceIndex 1 2 scsiPortIndex 1 2 scsiPortRole initiator(1) target(0) scsiPortTransportPtr 1 2

10.4. scsiTransport Table:

Attribute Value ---------- ------ scsiInstIndex 1 1 scsiDeviceIndex 1 2 scsiTransportIndex 1 2 scsiTransportType scsiTransportSPI scsiTransportSPI scsiTransportPointer 0.0 0.0 scsiTransportDevName "" ""
Top   ToC   RFC4455 - Page 78

10.5. scsiIntrDev Table:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 1 scsiIntrDevTgtAccessMode autoEnable(2)

10.6. scsiInitiatorPort Table:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 1 scsiPortIndex 1 scsiIntrPortName "" scsiIntrPortIdentifier *1 0001b *1 Port Identifier for SCSI is represented by 4 bits.

10.7. scsiDscTgt Table:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 1 scsiDscTgtIntrPortIndex 1 scsiDscTgtIndex 1 scsiDscTgtDevOrPort port(2) scsiDscTgtName "" scsiDscTgtConfigured false(2) scsiDscTgtDiscovered true(1) scsiDscTgtRowStatus active(1)

10.8. scsiDscLUN:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 1 scsiDscTgtIntrPortIndex 1 scsiDscTgtIndex 1 scsiDscLunIndex 1 scsiDscLunLun 0
Top   ToC   RFC4455 - Page 79

10.9. scsiDscLUNIdentifier:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 1 scsiDscLunIndex 1 scsiDscLunIdIndex 1 scsiDscLunIdCodeSet *1 2 scsiDscLunIdAssociation *2 1 scsiDscLunIdType *3 1 scsiDscLunIdValue ASPENsl318203-001 *1 - The identifier field will have ASCII graphic codes. *2 - The identifier is associated with the port that received the request. *3 - As defined in SPC. (This value specifies that the scsiDscLunIdValue contains a vendorID in the first 8 bytes concatenated with the product identifier field and product serial number.)

10.10. scsiAttTgtPort Table:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 1 scsiPortIndex 1 scsiAttTgtPortIndex 1 scsiAttTgtPortDscTgtIdx 1 scsiAttTgtPortName "" scsiAttTgtPortId 0011b

10.11. scsiTgtDev Table:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 2 scsiTgtDevNumberOfLUs 1 scsiTgtDeviceStatus available(2) scsiTgtDevNonAccessibleLUs 0
Top   ToC   RFC4455 - Page 80

10.12. scsiTgtPort Table:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 2 scsiPortIndex 2 scsiPortName "" scsiTgtPortIdentifier 0010b

10.13. scsiLU Table:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 2 scsiLuIndex 1 scsiLuDefaultLun 0 scsiLuWwnName "" scsiLuVendorId "xyz-corp" scsiLuProductId "super turbo disk" scsiRevisionId 02 scsiLUPeripheralType 00 scsiLUStatus available(2) scsiLuState exposed(3)

10.14. scsiLuId Table:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 2 scsiLuIndex 1 scsiLuIdIndex 1 scsiLuIdCodeSet *1 2 scsiLuIdAssociation *2 1 scsiLuIdType *3 1 scsiLuIdValue ASPENsl318203-0004 *1 - The identifier field will have ASCII graphic codes. *2 - The identifier is associated with the port that received the request. *3 - As defined in SPC. (This value specifies that the LuIdValue contains a vendorID in the first 8 bytes concatenated with the product identifier field and product serial number.)
Top   ToC   RFC4455 - Page 81

10.15. scsiLunMap Table:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 2 scsiLunMapIndex 1 scsiLunMapLun 0 scsiLunMapLuIndex 1 scsiLunMapLunRowStatus active(1)

10.16. scsiAuthorizedIntr Table:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 2 scsiAuthIntrTgtPortIndex 2 scsiAuthIntrIndex 1 scsiAuthIntrDevOrPort port(2) scsiAuthIntrName "" scsiAuthIntrLunMapIndex 1 scsiAuthIntrRowStatus active(1)

10.17. scsiAttIntrPort Table:

Attribute Value ---------- ------ scsiInstIndex 1 scsiDeviceIndex 2 scsiPortIndex 2 scsiAttIntrPortIdx 1 scsiAttIntrPortAuthIntrIdx 1 scsiAttIntrPortName "" scsiAttIntrPortIdentifier 0011b

11. Security Considerations

There are a number of management objects defined in this MIB module that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the following: o scsiInstAlias, scsiInstScsiNotificationsEnable, scsiInstStorageType and scsiDeviceAlias: these objects can be manipulated to affect the management of a SCSI instance and its
Top   ToC   RFC4455 - Page 82
      devices; specifically, the SCSI instance's administrative alias,
      whether it generates notifications, whether its non-default
      parameter settings are retained over restarts, and the
      administrative alias for each of its devices.

   o  scsiIntrDevTgtAccessMode: this object can be manipulated to allow
      immediate access by local SCSI initiator devices to discovered
      SCSI target devices without waiting for administrator approval,
      where such approval might not be forthcoming.

   o  scsiDscTgtTable: the objects in this table can be manipulated to
      remove administrator-specified controls on access by local SCSI
      initiator devices to discovered SCSI target devices.

   o  scsiAuthorizedIntrTable: the objects in this table can be
      manipulated to remove administrator-specified controls on access
      by remote SCSI initiator devices to local SCSI target devices.

   o  scsiLunMapTable: the objects in this table can be manipulated to
      provide access by a remote SCSI initiator device to logical units
      that an administrator has configured as not accessible to said
      initiator.

   In each of the last four cases, the objects in the tables can also be
   manipulated to cause a denial of service attack, by preventing
   administrator-authorized access.

   Some of the readable objects in this MIB module (i.e., objects with a
   MAX-ACCESS other than not-accessible) may be considered sensitive or
   vulnerable in some network environments.  It is thus important to
   control even GET and/or NOTIFY access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  All seventeen of the tables in this MIB module
   contain information which might be considered sensitive to read
   access in some environments, e.g.,

   o  the settings of all read-write/read-create parameter objects
      mentioned above,

   o  scsiInstSoftwareIndex, scsiInstVendorVersion
      --which version of which software is running;

   o  scsiDeviceRole, scsiPortRole, scsiTransportType,
      scsiTransportPointer, scsiTransportDevName, scsiDscLunIdCodeSet,
      scsiDscLunIdAssociation, scsiDscLunIdType, scsiDscLunIdValue plus
      information in several tables: scsiTgtDevTable, scsiLuTable,
      scsiLuIdTable, scsiLunMapTable
Top   ToC   RFC4455 - Page 83
      --topology information indicating which devices/ports are targets,
      about the transport protocols they use, and more specific
      information about such targets, including detailed information
      about the LUNs they expose and how they are mapped onto logical
      units;

   o  scsiIntrPortOutCommands,
      scsiIntrPortWrittenMegaBytes, scsiIntrPortReadMegaBytes,
      scsiIntrPortHSOutCommands scsiDscTgtInCommands,
      scsiDscTgtWrittenMegaBytes, scsiDscTgtReadMegaBytes,
      scsiDscTgtHSInCommands, scsiTgtPortInCommands,
      scsiTgtPortWrittenMegaBytes, scsiTgtPortReadMegaBytes,
      scsiTgtPortHSInCommands, scsiAuthIntrAttachedTimes,
      scsiAuthIntrOutCommands, scsiAuthIntrReadMegaBytes,
      scsiAuthIntrWrittenMegaBytes, scsiAuthIntrHSOutCommands,
      scsiLuInCommands, scsiLuReadMegaBytes, scsiLuWrittenMegaBytes,
      scsiLuHSInCommands
      -- statistics that could be used for traffic analysis.

   o  scsiAttTgtPortTable
      -- information on which initiators are connected to which targets
      that could be used for traffic analysis.

   o  scsiAuthorizedIntrTable and scsiAttIntrPortTable tables
      -- information about which initiators are authorized to connect to
      that targets.

   These information may need to be kept private in sensitive
   environments.

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example, by using IPsec),
   even then, there is no control as to who on the secure network is
   allowed to access and GET/SET (read/change/create/delete) the objects
   in this MIB module.

   It is RECOMMENDED that implementers consider the security features as
   provided by the SNMPv3 framework (see [RFC3410], section 8),
   including full support for the SNMPv3 cryptographic mechanisms (for
   authentication and privacy).

   Further, deployment of SNMP versions prior to SNMPv3 is NOT
   RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to an
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.
Top   ToC   RFC4455 - Page 84

12. Acknowledgements

This document is the result of the work of the SCSI MIB Group. In particular, the contributions of Sajay Selvaraj (HCL Technologies), George Penokie (IBM), and Roger Cummings (Veritas Software) were critical to the formulation of this specification.

13. IANA Considerations

IANA has made a MIB OID assignment under the mib-2 branch for the SCSI-MIB.

14. References

14.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", RFC 2790, March 2000. [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network Management Protocol (SNMP) Applications", STD 62, RFC 3413, December 2002. [SAM2] ANSI INCITS 366-2003, "SCSI Architecture Model-2 (SAM-2)", SAM-2 Revision 24, September 2002. [SPC2] ANSI INCITS 351-2001, "SCSI Primary Commands - 2 (SPC-2)", SPC-2 Revision 20, July 2001.
Top   ToC   RFC4455 - Page 85

14.2. Informative References

[FCP2] ANSI INCITS 350-2003, "Fibre Channel Protocol for SCSI (FCP-2)", FCP-2 Revision 08, September 2002. [ISCSI] Bakke, M., "Definitions of Managed Objects for iSCSI", Work in Progress, October 2005. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. [RFC3720] Satran, J., Meth, K., Sapuntzakis, C., Chadalapaka, M., and E. Zeidner, "Internet Small Computer Systems Interface (iSCSI)", RFC 3720, April 2004. [RFC4022] Raghunarayan, R., "Management Information Base for the Transmission Control Protocol (TCP)", RFC 4022, March 2005. [RFC4044] McCloghrie, K., "Fibre Channel Management MIB", RFC 4044, May 2005. [SAS-1.1] T10 Project #1601-D, "Serial Attached SCSI - 1.1 (SAS- 1.1)", SAS-1.1 Revision 10, September 2005. [SBP3] ANSI INCITS 375-2004, "Serial Bus Protocol 3 (SBP-3)", SBP-3 Revision 05, September 2003. [SCC2] ANSI INCITS 318-1998, "SCSI Controller Commands - 2 (SCC- 2)", SCC-2 Revision 04, September 1997. [SPI4] ANSI INCITS 362-2002, "SCSI Parallel Interface-4 (SPI4)", SPI-4 Revision 10, May 2002. [SRP] ANSI INCITS 365-2002, "SCSI RDMA Protocol (SRP)", SRP Revision 16a, July 2002.
Top   ToC   RFC4455 - Page 86

Authors' Addresses

Michele Hallak-Stamler Sanrad Intelligent Storage 27 Habarzel Street Tel Aviv 69710 IL Phone: +972 3 7674809 EMail: michele@sanrad.com URI: http://www.sanrad.com/ Mark Bakke Cisco Systems, Inc. 7900 International Drive, Suite 400 Bloomington, MN 55425 USA EMail: mbakke@cisco.com URI: http://www.cisco.com/ Yaron Lederman Siliquent Technologies 21 Etzel Street Ramat Gan IL Phone: +972 54 5308833 EMail: yaronled@bezeqint.net Marjorie Krueger Hewlett-Packard 8000 Foothills Blvd Roseville, CA 95747 US Phone: +1 916-785-2656 EMail: marjorie_krueger@hp.com
Top   ToC   RFC4455 - Page 87
   Keith McCloghrie
   Cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, CA  95134
   US

   Phone: +1 408 526-5260
   EMail: kzm@cisco.com
Top   ToC   RFC4455 - Page 88
Full Copyright Statement

   Copyright (C) The Internet Society (2006).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

Acknowledgement

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).