Definitions of Managed Objects for Internet Small Computer System Interface (iSCSI)
draft-ietf-ips-iscsi-mib-11
The information below is for an old version of the document that is already published as an RFC.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 4544.
|
|
|---|---|---|---|
| Authors | Marjorie Krueger , Tom McSweeney , James Muchow , Mark Bakke | ||
| Last updated | 2020-01-21 (Latest revision 2005-10-11) | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | Proposed Standard | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | (None) | |
| Document shepherd | (None) | ||
| IESG | IESG state | Became RFC 4544 (Proposed Standard) | |
| Action Holders |
(None)
|
||
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | Allison J. Mankin | ||
| Send notices to | bwijnen@lucent.com |
draft-ietf-ips-iscsi-mib-11
quot;
::= { iscsiGroups 20 }
iscsiTgtLgnNotificationsGroup NOTIFICATION-GROUP
NOTIFICATIONS {
iscsiTgtLoginFailure
}
STATUS current
DESCRIPTION
"A collection of notifications which indicate a login
Bakke, Muchow Expires April 2006 [Page 74]
Internet Draft iSCSI MIB October 2005
failure from a remote initiator to a local target."
::= { iscsiGroups 21 }
iscsiIntrLgnNotificationsGroup NOTIFICATION-GROUP
NOTIFICATIONS {
iscsiIntrLoginFailure
}
STATUS current
DESCRIPTION
"A collection of notifications which indicate a login
failure from a local initiator to a remote target."
::= { iscsiGroups 22 }
iscsiSsnFlrNotificationsGroup NOTIFICATION-GROUP
NOTIFICATIONS {
iscsiInstSessionFailure
}
STATUS current
DESCRIPTION
"A collection of notifications which indicate session
failures occurring after login."
::= { iscsiGroups 23 }
--**********************************************************************
iscsiComplianceV1 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Initial version of compliance statement based on
initial version of this MIB module.
If an implementation can be both a target and an
initiator, all groups are mandatory."
MODULE -- this module
MANDATORY-GROUPS {
iscsiInstanceAttributesGroup,
iscsiInstanceSsnErrorStatsGroup,
iscsiPortalAttributesGroup,
iscsiNodeAttributesGroup,
iscsiSessionAttributesGroup,
iscsiSessionPDUStatsGroup,
iscsiSessionCxnErrorStatsGroup,
iscsiConnectionAttributesGroup,
iscsiSsnFlrNotificationsGroup
}
-- Conditionally mandatory groups depending on the ability
-- to support Counter64 data types and/or to provide counter
Bakke, Muchow Expires April 2006 [Page 75]
Internet Draft iSCSI MIB October 2005
-- information to SNMPv1 applications.
GROUP iscsiSessionOctetStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that can support Counter64 data types."
GROUP iscsiSessionLCOctetStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that provide information to SNMPv1-only applications;
this includes agents that cannot support Counter64
data types."
-- Conditionally mandatory groups to be included with
-- the mandatory groups when the implementation has
-- iSCSI target facilities.
GROUP iscsiTgtPortalAttributesGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
OBJECT iscsiPortalMaxRecvDataSegLength
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT iscsiNodeStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required; an implementation may
choose to allow this object to be set to 'volatile'
or 'nonVolatile'."
GROUP iscsiTargetAttributesGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
GROUP iscsiTargetLoginStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
GROUP iscsiTargetLogoutStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
Bakke, Muchow Expires April 2006 [Page 76]
Internet Draft iSCSI MIB October 2005
that have iSCSI target facilities."
GROUP iscsiTgtLgnNotificationsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
GROUP iscsiTargetAuthGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
-- Conditionally mandatory groups to be included with
-- the mandatory groups when the implementation has
-- iSCSI initiator facilities.
GROUP iscsiIntrPortalAttributesGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiInitiatorAttributesGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiInitiatorLoginStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiInitiatorLogoutStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiIntrLgnNotificationsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiInitiatorAuthGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
OBJECT iscsiNodeErrorRecoveryLevel
SYNTAX Unsigned32 (0..2)
Bakke, Muchow Expires April 2006 [Page 77]
Internet Draft iSCSI MIB October 2005
DESCRIPTION
"Only values 0-2 are defined at present."
::= { iscsiCompliances 1 }
END
Bakke, Muchow Expires April 2006 [Page 78]
Internet Draft iSCSI MIB October 2005
8. Security Considerations
There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations. These are the tables and objects and their
sensitivity/vulnerability:
iscsiPortalAttributesTable, iscsiTgtPortalAttributesTable, and
iscsiIntrPortalAttributes table can be used to add or remove IP
addresses to be used by iSCSI.
iscsiTgtAuthAttributesTable entries can be added or removed, to
allow or disallow access to a target by an initiator.
Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability:
iscsiNodeAttributesTable, iscsiTargetAttributesTable, and
iscsiTgtAuthorization can be used to glean information needed to
make connections to the iSCSI targets this module represents.
However, it is the responsibility of the initiators and targets
involved to authenticate each other to ensure that an
inappropriately advertised or discovered initiator or target does
not compromise their security. These issues are discussed in
[RFC3720].
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPsec),
even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module.
It is RECOMMENDED that implementors consider the security features as
provided by the SNMPv3 framework (see [RFC3410], section 8),
including full support for the SNMPv3 cryptographic mechanisms (for
authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
Bakke, Muchow Expires April 2006 [Page 79]
Internet Draft iSCSI MIB October 2005
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
9. IANA Considerations
9.1. OID Assignment
IANA is requested to make a MIB OID assignment under the mib-2
branch.
10. Normative References
[RFC3720] Satran, J., Meth, K., Sapuntzakis, C., Chadalapaka, M., and
E. Zeidner, "Internet Small Computer Systems Interface
(iSCSI)", RFC 3720, March 2004.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J. ,
Rose, M., and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", STD 58, RFC 2578, April
1999.
[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Textual Conventions for
SMIv2", STD 58, RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Conformance Statements for
SMIv2", STD 58, RFC 2580, April 1999.
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder, "Textual Conventions for Internet Network
Addresses", RFC 4001, February 2005.
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture
for Describing Simple Network Management Protocol (SNMP)
Management Frameworks", STD 62, RFC 3411, December 2002.
[AUTHMIB] Bakke, M., and J. Muchow, "Definitions of Managed Objects
for User Identity Authorization", Work in Progress, draft-
ietf-ips-auth-mib-06.txt, January 2005.
Bakke, Muchow Expires April 2006 [Page 80]
Internet Draft iSCSI MIB October 2005
11. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
[RFC2012] McCloghrie, K., "SNMPv2 Management Information Base for the
Transmission Control Protocol using SMIv2", RFC 2012,
November 1996.
[SCSIMIB] Hallak-Stamler, M., Bakke, M., McCloghrie, K., Lederman, Y.,
and M. Krueger, "Definitions of Managed Objects for SCSI
Entities", Work in Progress, draft-ietf-ips-scsi-mib-06.txt,
August 2004.
12. Acknowledgments
In addition to the authors, several people contributed to the
development of this MIB module. Thanks especially to those who took
the time to participate in our weekly conference calls to build our
requirements, object models, table structures, and attributes: John
Hufferd, Tom McSweeney (IBM), Kevin Gibbons (Nishan Systems), Chad
Gregory (Intel), Jack Harwood (EMC), Hari Mudaliar (Adaptec), Ie Wei
Njoo (Agilent), Lawrence Lamers (SAN Valley), Satish Mali (Stonefly
Networks), and William Terrell (Troika).
Special thanks to Tom McSweeney, Ie Wei Njoo, and Kevin Gibbons, who
wrote the descriptions for many of the tables and attributes in this
MIB module, to Ayman Ghanem for finding and suggesting changes for
many problems in this module, and to Keith McCloghrie for serving as
advisor to the team.
Authors' Addresses
Mark Bakke
Postal: Cisco Systems, Inc
7900 International Drive, Suite 400
Bloomington, MN
USA 55425
E-mail: mbakke@cisco.com
Bakke, Muchow Expires April 2006 [Page 81]
Internet Draft iSCSI MIB October 2005
Marjorie Krueger
Postal: Hewlett-Packard
Networked Storage Architecture
Networked Storage Solutions Org.
8000 Foothills Blvd.
Roseville, CA
USA 95747
E-mail: marjorie_krueger@hp.com
Tom McSweeney
Postal: IBM Corporation
600 Park Offices Drive
Research Triangle Park, NC
USA 27709
E-mail: tommcs@us.ibm.com
James Muchow
Postal: Qlogic Corp.
6321 Bury Drive
Eden Prairie, MN
USA 55346
Email: james.muchow@qlogic.com
IPR Notice
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
Bakke, Muchow Expires April 2006 [Page 82]
Internet Draft iSCSI MIB October 2005
ipr@ietf.org.
Full Copyright Notice
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Bakke, Muchow Expires April 2006 [Page 83]