[dhcwg] Re: DHCP Option for SNMP Notifications

Mark Bakke <mbakke@cisco.com> Wed, 11 September 2002 21:48 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA26192 for <dhcwg-archive@odin.ietf.org>; Wed, 11 Sep 2002 17:48:43 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g8BLo0P13465 for dhcwg-archive@odin.ietf.org; Wed, 11 Sep 2002 17:50:00 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g8BLo0v13462 for <dhcwg-web-archive@optimus.ietf.org>; Wed, 11 Sep 2002 17:50:00 -0400
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA26184 for <dhcwg-web-archive@ietf.org>; Wed, 11 Sep 2002 17:48:12 -0400 (EDT)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g8BLiAv13195; Wed, 11 Sep 2002 17:44:10 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g8BLh9v13155 for <dhcwg@optimus.ietf.org>; Wed, 11 Sep 2002 17:43:09 -0400
Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.54]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA25966 for <dhcwg@ietf.org>; Wed, 11 Sep 2002 17:41:21 -0400 (EDT)
Received: from sj-msg-av-3.cisco.com (sj-msg-av-3.cisco.com [171.69.17.42]) by sj-msg-core-4.cisco.com (8.12.2/8.12.2) with ESMTP id g8BLgWW4005312; Wed, 11 Sep 2002 14:42:32 -0700 (PDT)
Received: from nisser.cisco.com (localhost [127.0.0.1]) by sj-msg-av-3.cisco.com (8.12.2/8.12.2) with ESMTP id g8BLgUHY009266; Wed, 11 Sep 2002 14:42:30 -0700 (PDT)
Received: from cisco.com (mbakke-lnx.cisco.com [64.101.211.87]) by nisser.cisco.com (8.8.6 (PHNE_14041)/CISCO.SERVER.1.2) with ESMTP id OAA24308; Wed, 11 Sep 2002 14:42:28 -0700 (PDT)
Message-ID: <3D7FBD54.C6EC2E2D@cisco.com>
Date: Wed, 11 Sep 2002 17:01:56 -0500
From: Mark Bakke <mbakke@cisco.com>
X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.16-3.uid32 i686)
X-Accept-Language: en, de
MIME-Version: 1.0
To: "David T. Perkins" <dperkins@dsperkins.com>
CC: dhcwg@ietf.org, mibs@ops.ietf.org
References: <5.1.1.6.2.20020911134627.035dd7b0@127.0.0.1> <5.1.1.6.2.20020911142157.035df060@127.0.0.1>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Subject: [dhcwg] Re: DHCP Option for SNMP Notifications
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

True; that's what I had in mind, although we would definitely need
to say which version was needed for each host.  I hadn't taken
proxies or security into account, since I have not thought beyond
version 2.  Anyway, we should do this right.  I assume that we
need to have a set of parameters that are global to the entity
being configured, as well as a set of parameters for each trap
or notification host.

Any pointers to what should be configured for security?

Thanks,

Mark

"David T. Perkins" wrote:
> 
> HI,
> 
> So, you are developing a mechanism that works only for
> SNMPv1 with no proxy or security. Note that SNMPv1 is
> a "not recommended" protocol. It would be much more
> valuable to create an approach that worked for SNMPv1,
> SNMPv2, and SNMPv3 protocols, that supported security
> parameters from the DHCP server and from local persistent
> storage, and that allowed a multi-stage boot.
> 
> There are security trade-offs that need to be covered.
> 
> At 04:40 PM 9/11/2002 -0500, Mark Bakke wrote:
> >Hi David-
> >
> >My assumption was that in this case, we could get away with using
> >"public" for the community string, and that any defined traps would
> >be enabled (we would only send these when something failed, so
> >we shouldn't have to allow the user to configure which ones to
> >send).  That would take care of early boot, unless configuring the
> >community string was important.  Perhaps this would be enough.
> >
> >Are there other things that might be important to set for an initial
> >boot implementation that only sends traps?
> >
> >Thanks,
> >
> >Mark
> >
> >"David T. Perkins" wrote:
> >>
> >> HI,
> >>
> >> Mark,
> >>
> >> Having only an IP address of a management target is insufficient for
> >> achieving your objective. What you need to add depends on how many
> >> "stages" that you have for your boot operation, and what you assume
> >> can be configured in persistent storage for the device.
> >>
> >> At 11:22 AM 9/11/2002 -0500, Mark Bakke wrote:
> >> >Hi-
> >> >
> >> >I needed a method to configure a list of SNMP notification (AKA trap)
> >> >hosts for use by diskless workstations booting from a network device.
> >> >Since none of the usual SNMP configuration information is available
> >> >at this time, I would like to use a DHCP option to provide a list of
> >> >IP addresses to which to send notifications when, for instance, booting
> >> >from a network device fails for some reason.  This could also be used
> >> >to centrally configure the list of SNMP notification hosts, rather than
> >> >setting them individually on each machine.
> >> >
> >> >Anyway, I've submitted a short draft describing the proposed option
> >> >as draft-bakke-dhc-snmp-trap-00.txt.  I'll forward the message to
> >> >these two groups when the draft is published.  In the mean time, it
> >> >is available at:
> >> >
> >> >ftp://ftpeng.cisco.com/mbakke/ips/dhcp/draft-bakke-dhc-snmp-trap-00.txt
> >> >
> >> >I'm guessing that these two mailing lists (dhcwg and mibs) are the
> >> >correct places to discuss this (please let me know if there's a more
> >> >appropriate list).
> >> >
> >> >Regards,
> >> >
> >> >Mark A. Bakke
> >> >Cisco Systems
> >> >mbakke@cisco.com
> >> >763.398.1054
> >> Regards,
> >> /david t. perkins
> >
> >--
> >Mark A. Bakke
> >Cisco Systems
> >mbakke@cisco.com
> >763.398.1054
> Regards,
> /david t. perkins

-- 
Mark A. Bakke
Cisco Systems
mbakke@cisco.com
763.398.1054
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg