Definitions of Managed Objects for Internet Small Computer System Interface (iSCSI)
draft-ietf-ips-iscsi-mib-11
The information below is for an old version of the document that is already published as an RFC.
Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 4544.
|
|
---|---|---|---|
Authors | Marjorie Krueger , Tom McSweeney , James Muchow , Mark Bakke | ||
Last updated | 2020-01-21 (Latest revision 2005-10-11) | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | Proposed Standard | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | (None) | |
Document shepherd | (None) | ||
IESG | IESG state | Became RFC 4544 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | Allison J. Mankin | ||
Send notices to | bwijnen@lucent.com |
draft-ietf-ips-iscsi-mib-11
quot; ::= { iscsiGroups 20 } iscsiTgtLgnNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { iscsiTgtLoginFailure } STATUS current DESCRIPTION "A collection of notifications which indicate a login Bakke, Muchow Expires April 2006 [Page 74] Internet Draft iSCSI MIB October 2005 failure from a remote initiator to a local target." ::= { iscsiGroups 21 } iscsiIntrLgnNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { iscsiIntrLoginFailure } STATUS current DESCRIPTION "A collection of notifications which indicate a login failure from a local initiator to a remote target." ::= { iscsiGroups 22 } iscsiSsnFlrNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { iscsiInstSessionFailure } STATUS current DESCRIPTION "A collection of notifications which indicate session failures occurring after login." ::= { iscsiGroups 23 } --********************************************************************** iscsiComplianceV1 MODULE-COMPLIANCE STATUS current DESCRIPTION "Initial version of compliance statement based on initial version of this MIB module. If an implementation can be both a target and an initiator, all groups are mandatory." MODULE -- this module MANDATORY-GROUPS { iscsiInstanceAttributesGroup, iscsiInstanceSsnErrorStatsGroup, iscsiPortalAttributesGroup, iscsiNodeAttributesGroup, iscsiSessionAttributesGroup, iscsiSessionPDUStatsGroup, iscsiSessionCxnErrorStatsGroup, iscsiConnectionAttributesGroup, iscsiSsnFlrNotificationsGroup } -- Conditionally mandatory groups depending on the ability -- to support Counter64 data types and/or to provide counter Bakke, Muchow Expires April 2006 [Page 75] Internet Draft iSCSI MIB October 2005 -- information to SNMPv1 applications. GROUP iscsiSessionOctetStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that can support Counter64 data types." GROUP iscsiSessionLCOctetStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that provide information to SNMPv1-only applications; this includes agents that cannot support Counter64 data types." -- Conditionally mandatory groups to be included with -- the mandatory groups when the implementation has -- iSCSI target facilities. GROUP iscsiTgtPortalAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." OBJECT iscsiPortalMaxRecvDataSegLength MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT iscsiNodeStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required; an implementation may choose to allow this object to be set to 'volatile' or 'nonVolatile'." GROUP iscsiTargetAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." GROUP iscsiTargetLoginStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." GROUP iscsiTargetLogoutStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations Bakke, Muchow Expires April 2006 [Page 76] Internet Draft iSCSI MIB October 2005 that have iSCSI target facilities." GROUP iscsiTgtLgnNotificationsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." GROUP iscsiTargetAuthGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." -- Conditionally mandatory groups to be included with -- the mandatory groups when the implementation has -- iSCSI initiator facilities. GROUP iscsiIntrPortalAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiInitiatorAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiInitiatorLoginStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiInitiatorLogoutStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiIntrLgnNotificationsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiInitiatorAuthGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." OBJECT iscsiNodeErrorRecoveryLevel SYNTAX Unsigned32 (0..2) Bakke, Muchow Expires April 2006 [Page 77] Internet Draft iSCSI MIB October 2005 DESCRIPTION "Only values 0-2 are defined at present." ::= { iscsiCompliances 1 } END Bakke, Muchow Expires April 2006 [Page 78] Internet Draft iSCSI MIB October 2005 8. Security Considerations There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: iscsiPortalAttributesTable, iscsiTgtPortalAttributesTable, and iscsiIntrPortalAttributes table can be used to add or remove IP addresses to be used by iSCSI. iscsiTgtAuthAttributesTable entries can be added or removed, to allow or disallow access to a target by an initiator. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: iscsiNodeAttributesTable, iscsiTargetAttributesTable, and iscsiTgtAuthorization can be used to glean information needed to make connections to the iSCSI targets this module represents. However, it is the responsibility of the initiators and targets involved to authenticate each other to ensure that an inappropriately advertised or discovered initiator or target does not compromise their security. These issues are discussed in [RFC3720]. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementors consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator Bakke, Muchow Expires April 2006 [Page 79] Internet Draft iSCSI MIB October 2005 responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 9. IANA Considerations 9.1. OID Assignment IANA is requested to make a MIB OID assignment under the mib-2 branch. 10. Normative References [RFC3720] Satran, J., Meth, K., Sapuntzakis, C., Chadalapaka, M., and E. Zeidner, "Internet Small Computer Systems Interface (iSCSI)", RFC 3720, March 2004. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J. , Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005. [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. [AUTHMIB] Bakke, M., and J. Muchow, "Definitions of Managed Objects for User Identity Authorization", Work in Progress, draft- ietf-ips-auth-mib-06.txt, January 2005. Bakke, Muchow Expires April 2006 [Page 80] Internet Draft iSCSI MIB October 2005 11. Informative References [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. [RFC2012] McCloghrie, K., "SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2", RFC 2012, November 1996. [SCSIMIB] Hallak-Stamler, M., Bakke, M., McCloghrie, K., Lederman, Y., and M. Krueger, "Definitions of Managed Objects for SCSI Entities", Work in Progress, draft-ietf-ips-scsi-mib-06.txt, August 2004. 12. Acknowledgments In addition to the authors, several people contributed to the development of this MIB module. Thanks especially to those who took the time to participate in our weekly conference calls to build our requirements, object models, table structures, and attributes: John Hufferd, Tom McSweeney (IBM), Kevin Gibbons (Nishan Systems), Chad Gregory (Intel), Jack Harwood (EMC), Hari Mudaliar (Adaptec), Ie Wei Njoo (Agilent), Lawrence Lamers (SAN Valley), Satish Mali (Stonefly Networks), and William Terrell (Troika). Special thanks to Tom McSweeney, Ie Wei Njoo, and Kevin Gibbons, who wrote the descriptions for many of the tables and attributes in this MIB module, to Ayman Ghanem for finding and suggesting changes for many problems in this module, and to Keith McCloghrie for serving as advisor to the team. Authors' Addresses Mark Bakke Postal: Cisco Systems, Inc 7900 International Drive, Suite 400 Bloomington, MN USA 55425 E-mail: mbakke@cisco.com Bakke, Muchow Expires April 2006 [Page 81] Internet Draft iSCSI MIB October 2005 Marjorie Krueger Postal: Hewlett-Packard Networked Storage Architecture Networked Storage Solutions Org. 8000 Foothills Blvd. Roseville, CA USA 95747 E-mail: marjorie_krueger@hp.com Tom McSweeney Postal: IBM Corporation 600 Park Offices Drive Research Triangle Park, NC USA 27709 E-mail: tommcs@us.ibm.com James Muchow Postal: Qlogic Corp. 6321 Bury Drive Eden Prairie, MN USA 55346 Email: james.muchow@qlogic.com IPR Notice The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- Bakke, Muchow Expires April 2006 [Page 82] Internet Draft iSCSI MIB October 2005 ipr@ietf.org. Full Copyright Notice Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Bakke, Muchow Expires April 2006 [Page 83]