IETF Logo Mail Archive

Didn't I Start This? (Was: Autotopology)

Jon Saperia <saperia@tcpjon.lkg.dec.com> Fri, 09 April 1993 01:38 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa19626; 8 Apr 93 21:38 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa19622; 8 Apr 93 21:38 EDT
Received: from thumper.bellcore.com by CNRI.Reston.VA.US id aa08157; 8 Apr 93 21:38 EDT
Received: by thumper.bellcore.com (4.1/4.7) id <AA29897> for ietf-archive@nri.reston.va.us; Thu, 8 Apr 93 21:38:10 EDT
Received: from inet-gw-2.pa.dec.com by thumper.bellcore.com (4.1/4.7) id <AA29892> for /usr/lib/sendmail -oi -fowner-snmp2 X-snmp2; Thu, 8 Apr 93 21:38:08 EDT
Received: by inet-gw-2.pa.dec.com; id AA03570; Thu, 8 Apr 93 18:38:02 -0700
Received: by tcpjon.lkg.dec.com (5.57/ULTRIX-fma-071891); id AA09714; Thu, 8 Apr 93 21:41:37 -0400
Message-Id: <9304090141.AA09714@tcpjon.lkg.dec.com>
To: snmp@psi.com, snmp2@thumper.bellcore.com
Cc: saperia@tcpjon.lkg.dec.com
Subject: Didn't I Start This? (Was: Autotopology)
Date: Thu, 08 Apr 93 21:41:36 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Jon Saperia <saperia@tcpjon.lkg.dec.com>
X-Mts: smtp

Ed Alcoff wrote a few days ago:

    >> While it does my heart well to see this discussion
    >> garner interest, I wonder why I haven't seen any
    >> mention or reference to my original post. (Sigh,
    >> such is the life of a suit;-()
    >> 
    >> I still maintain that SNMPv2 will break one or more
    >> auto-discover/auto-topology implementations due to
    >> the security aspects.

I though that I would take a stab at this since I have not seen anybody
else respond.

I do not know if I would use the work 'break'.  It is true that changes
will have to be made.  The crux of the question is:  can you get from a
compliant SNMPv2 entity the information these programs want?  I
believe the answer is yes.  The more important question is can you get
the information easily without the management station knowing ahead of
time about the existence of all the objects - the reason for doing the
discovery in the first place.  Once again, I believe that the answer is
yes.  

I have spent the past couple of days talking with a number of people
about this issue and believe that a vendor could ship a compliant agent
with the entire Internet tree included in the MIB view which is
associated with the initial party id.  Assuming this takes place, when
the management station issues a query (we are obviously assuming
noAuth/noPriv here) to the target agent, instance 1 of the party table
will be used (initial party ID) which will have all the goodies the
auto discovery program wants in its view.  Response to the manager from
the agent is taken care of since the agent knows the IP address of the
manager which sent it the query.

The documents offer an example which does not include all of the tree in
the initial view which is problematic, there is (at least as far as I
have been able to determine) no reason why a vendor could not take a
broader view.

So the short answer to the question is:  Yes code will have to be
changed, but there is nothing new or even very problematic about that.
The real issue is to create a convention in our industry for SNMPv2
which has essentially the same access to objects as an SNMPv1 agent with
a 'public' community string.  I raised this issue several times in the
past and essentially was told that the best way to deal with this would
be once the standard was complete for people to adopt a reasonable
default.  My suggestion is above.

I wrote this because obviously a bunch of us think this is an important
issue.  I am would be interested to know if I have missed something

/jon
		
	------------------------------------------
	Jon Saperia, Digital Equipment Corporation			
	Internet: saperia@lkg.dec.com
	508-486-5959

v2.8.7 | Report a Bug | By Email