[Docs] [txt|pdf] [Tracker] [WG] [Email] [Nits]

Versions: 00 01 02 03 04 05 06 07 RFC 3416

INTERNET-DRAFT                                   Editor of this version:
Will Obsolete: 1905                                           R. Presuhn
                                                      BMC Software, Inc.
                                                          9 January 2000

                                            Authors of previous version:
                                                    SNMPv2 Working Group
                                                                 J. Case
                                                     SNMP Research, Inc.
                                                           K. McCloghrie
                                                     Cisco Systems, Inc.
                                                                 M. Rose
                                            Dover Beach Consulting, Inc.
                                                           S. Waldbusser
                                          International Network Services


                Version 2 of the Protocol Operations for
                 the Simple Network Management Protocol
                <draft-ietf-snmpv3-update-proto-00.txt>


Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.  Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   This document is intended to obsolete RFC 1905, Protocol Operations



SNMPv3 Working Group        Expires June 2000                   [Page 1]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   for Version 2 of the Simple Network Management Protocol (SNMPv2).  It
   defines the syntax and elements of procedure for sending, receiving,
   and processing SNMP PDUs.

Table of Contents

   1. Introduction ................................................    3
   2. Overview ....................................................    4
   2.1. Management Information ....................................    4
   2.2. Retransmission of Requests ................................    4
   2.3. Message Sizes .............................................    4
   2.4. Transport Mappings ........................................    5
   2.5. SMIv2 Data Type Mappings ..................................    5
   3. Definitions .................................................    6
   4. Protocol Specification ......................................   11
   4.1. Common Constructs .........................................   11
   4.2. PDU Processing ............................................   11
   4.2.1. The GetRequest-PDU ......................................   12
   4.2.2. The GetNextRequest-PDU ..................................   13
   4.2.2.1. Example of Table Traversal ............................   14
   4.2.3. The GetBulkRequest-PDU ..................................   16
   4.2.3.1. Another Example of Table Traversal ....................   19
   4.2.4. The Response-PDU ........................................   20
   4.2.5. The SetRequest-PDU ......................................   21
   4.2.6. The SNMPv2-Trap-PDU .....................................   24
   4.2.7. The InformRequest-PDU ...................................   24
   5. Notice on Intellectual Property .............................   25
   6. Acknowledgments .............................................   26
   7. Security Considerations .....................................   27
   8. References ..................................................   27
   9. Editor's Address ............................................   29
   10. Changes from RFC 1905 ......................................   29
   11. Issues .....................................................   31
   12. Full Copyright Statement ...................................   33

















SNMPv3 Working Group        Expires June 2000                   [Page 2]

Internet Draft        Protocol Operations for SNMP        9 January 2000


1.  Introduction

   The SNMP Management Framework at the time of this writing consists of
   five major components:

        -    An overall architecture, described in RFC 2571 [RFC2571].

        -    Mechanisms for describing and naming objects and events for
             the purpose of management.  The first version of this
             Structure of Management Information (SMI) is called SMIv1
             and described in STD 16, RFC 1155 [RFC1155], STD 16, RFC
             1212 [RFC1212] and RFC 1215 [RFC1215].  The second version,
             called SMIv2, is described in STD 58, RFC 2578 [RFC2578],
             STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580].

        -    Message protocols for transferring management information.
             The first version of the SNMP message protocol is called
             SNMPv1 and described in STD 15, RFC 1157 [RFC1157].  A
             second version of the SNMP message protocol, which is not
             an Internet standards track protocol, is called SNMPv2c and
             described in RFC 1901 [RFC1901] and RFC -TM [RFC-TM].  The
             third version of the message protocol is called SNMPv3 and
             described in RFC -TM [RFC-TM], RFC 2572 [RFC2572] and RFC
             2574 [RFC2574].

        -    Protocol operations for accessing management information.
             The first set of protocol operations and associated PDU
             formats is described in STD 15, RFC 1157 [RFC1157].  A
             second set of protocol operations and associated PDU
             formats is described in this document.

        -    A set of fundamental applications described in RFC 2573
             [RFC2573] and the view-based access control mechanism
             described in RFC 2575 [RFC2575].

        A more detailed introduction to the SNMP Management Framework at
        the time of this writing can be found in RFC 2570 [RFC2570].

        Managed objects are accessed via a virtual information store,
        termed the Management Information Base or MIB.  Objects in the
        MIB are defined using the mechanisms defined in the SMI.

        This document, Version 2 of the Protocol Operations for the
        Simple Network Management Protocol, defines the operations of
        the protocol with respect to the sending and receiving of PDUs
        to be carried by the message protocol.





SNMPv3 Working Group        Expires June 2000                   [Page 3]

Internet Draft        Protocol Operations for SNMP        9 January 2000


2.  Overview

   SNMP entities supporting command generator or notification receiver
   applications (traditionally called "managers") communicate with SNMP
   entities supporting command responder or notification originator
   applications (traditionally called "agents").  The purpose of this
   protocol is the transport of management information and operations.

2.1.  Management Information

   The term "variable" refers to an instance of a non-aggregate object
   type defined according to the conventions set forth in the SMI
   [RFC2578] or the textual conventions based on the SMI [RFC2579].  The
   term "variable binding" normally refers to the pairing of the name of
   a variable and its associated value.  However, if certain kinds of
   exceptional conditions occur during processing of a retrieval
   request, a variable binding will pair a name and an indication of
   that exception.

   A variable-binding list is a simple list of variable bindings.

   The name of a variable is an OBJECT IDENTIFIER which is the
   concatenation of the OBJECT IDENTIFIER of the corresponding
   object-type together with an OBJECT IDENTIFIER fragment identifying
   the instance.  The OBJECT IDENTIFIER of the corresponding object-type
   is called the OBJECT IDENTIFIER prefix of the variable.

2.2.  Retransmission of Requests

   For all types of request in this protocol, the receiver is required
   under normal circumstances, to generate and transmit a response to
   the originator of the request.  Whether or not a request should be
   retransmitted if no corresponding response is received in an
   appropriate time interval, is at the discretion of the application
   originating the request.  This will normally depend on the urgency of
   the request.  However, such an application needs to act responsibly
   in respect to the frequency and duration of re-transmissions.

2.3.  Message Sizes

   The maximum size of an SNMP message is limited to the minimum of:

   (1)  the maximum message size which the destination SNMP entity can
   accept; and,

   (2)  the maximum message size which the source SNMP entity can
   generate.




SNMPv3 Working Group        Expires June 2000                   [Page 4]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   The former may be known on a per-recipient basis; and in the absence
   of such knowledge, is indicated by transport domain used when sending
   the message.  The latter is imposed by implementation-specific local
   constraints.

   Each transport mapping for the SNMP indicates the minimum message
   size which a SNMP implementation must be able to produce or consume.
   Although implementations are encouraged to support larger values
   whenever possible, a conformant implementation must never generate
   messages larger than allowed by the receiving SNMP entity.

   One of the aims of the GetBulkRequest-PDU, specified in this
   protocol, is to minimize the number of protocol exchanges required to
   retrieve a large amount of management information.  As such, this PDU
   type allows an SNMP entity supporting command generator applications
   to request that the response be as large as possible given the
   constraints on message sizes.  These constraints include the limits
   on the size of messages which the SNMP entity supporting command
   responder applications can generate, and the SNMP entity supporting
   command generator applications can receive.

   However, it is possible that such maximum sized messages may be
   larger than the Path MTU of the path across the network traversed by
   the messages.  In this situation, such messages are subject to
   fragmentation.  Fragmentation is generally considered to be harmful
   [FRAG], since among other problems, it leads to a decrease in the
   reliability of the transfer of the messages.  Thus, an SNMP entity
   which sends a GetBulkRequest-PDU must take care to set its parameters
   accordingly, so as to reduce the risk of fragmentation.  In
   particular, under conditions of network stress, only small values
   should be used for max-repetitions.

2.4.  Transport Mappings

   It is important to note that the exchange of SNMP messages requires
   only an unreliable datagram service, with every message being
   entirely and independently contained in a single transport datagram.
   Specific transport mappings and encoding rules are specified
   elsewhere [RFC-TM].  However, the preferred mapping is the use of the
   User Datagram Protocol [RFC768].

2.5.  SMIv2 Data Type Mappings

   The SMIv2 [RFC2578] defines 11 base types (INTEGER, OCTET STRING,
   OBJECT IDENTIFIER, Integer32, IpAddress, Counter32, Gauge32,
   Unsigned32, TimeTicks, Opaque, Counter64) and the BITS construct. The
   SMIv2 base types are mapped to the corresponding selection type in
   the SimpleSyntax and ApplicationSyntax choices of the ASN.1 SNMP



SNMPv3 Working Group        Expires June 2000                   [Page 5]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   protocol definition. Note that the INTEGER and Integer32 SMIv2 base
   types are mapped to the integer-value selection type of the
   SimpleSyntax choice. Similarly, the Gauge32 and Unsigned32 SMIv2 base
   types are mapped to the unsigned-integer-value selection type of the
   ApplicationSyntax choice.

   The SMIv2 BITS construct is mapped to the string-value selection type
   of the SimpleSyntax choice. A BITS value is encoded as an OCTET
   STRING, in which all the named bits in (the definition of) the
   bitstring, commencing with the first bit and proceeding to the last
   bit, are placed in bits 8 to 1 of the first octet, followed by bits 8
   to 1 of each subsequent octet in turn, followed by as many bits as
   are needed of the final subsequent octet, commencing with bit 8.
   Remaining bits, if any, of the final octet are set to zero on
   generation and ignored on receipt.

3.  Definitions


   SNMPv2-PDU DEFINITIONS ::= BEGIN

   ObjectName ::= OBJECT IDENTIFIER


   ObjectSyntax ::=
       CHOICE {
           simple
               SimpleSyntax,

           application-wide
               ApplicationSyntax
       }


   SimpleSyntax ::=
       CHOICE {
           integer-value
               INTEGER (-2147483648..2147483647),

           string-value
               OCTET STRING (SIZE (0..65535)),

           objectID-value
               OBJECT IDENTIFIER
       }






SNMPv3 Working Group        Expires June 2000                   [Page 6]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   ApplicationSyntax ::=
       CHOICE {
           ipAddress-value
               IpAddress,

           counter-value
               Counter32,

           timeticks-value
               TimeTicks,

           arbitrary-value
               Opaque,

           big-counter-value
               Counter64,

           unsigned-integer-value
               Unsigned32
       }


   IpAddress ::= [APPLICATION 0] IMPLICIT OCTET STRING (SIZE (4))

   Counter32 ::= [APPLICATION 1] IMPLICIT INTEGER (0..4294967295)

   Unsigned32 ::= [APPLICATION 2] IMPLICIT INTEGER (0..4294967295)

   Gauge32 ::= Unsigned32

   TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER (0..4294967295)

   Opaque ::= [APPLICATION 4] IMPLICIT OCTET STRING

   Counter64 ::= [APPLICATION 6]
                 IMPLICIT INTEGER (0..18446744073709551615)

   -- protocol data units

   PDUs ::=
       CHOICE {
           get-request
               GetRequest-PDU,

           get-next-request
               GetNextRequest-PDU,





SNMPv3 Working Group        Expires June 2000                   [Page 7]

Internet Draft        Protocol Operations for SNMP        9 January 2000


           get-bulk-request
               GetBulkRequest-PDU,

           response
               Response-PDU,

           set-request
               SetRequest-PDU,

           inform-request
               InformRequest-PDU,

           snmpV2-trap
               SNMPv2-Trap-PDU,

           report
               Report-PDU,
       }


   -- PDUs

   GetRequest-PDU ::=
       [0]
           IMPLICIT PDU

   GetNextRequest-PDU ::=
       [1]
           IMPLICIT PDU

   Response-PDU ::=
       [2]
           IMPLICIT PDU

   SetRequest-PDU ::=
       [3]
           IMPLICIT PDU

   -- [4] is obsolete

   GetBulkRequest-PDU ::=
       [5]
           IMPLICIT BulkPDU

   InformRequest-PDU ::=
       [6]
           IMPLICIT PDU




SNMPv3 Working Group        Expires June 2000                   [Page 8]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   SNMPv2-Trap-PDU ::=
       [7]
           IMPLICIT PDU

   --   Usage and precise semantics of Report-PDU are not defined
   --   in this document.  Any SNMP administrative framework making
   --   use of this PDU must define its usage and semantics.
   Report-PDU ::=
       [8]
           IMPLICIT PDU

   max-bindings
       INTEGER ::= 2147483647

   PDU ::=
       SEQUENCE {
           request-id
               INTEGER (-214783648..214783647),

           error-status            -- sometimes ignored
               INTEGER {
                   noError(0),
                   tooBig(1),
                   noSuchName(2),      -- for proxy compatibility
                   badValue(3),        -- for proxy compatibility
                   readOnly(4),        -- for proxy compatibility
                   genErr(5),
                   noAccess(6),
                   wrongType(7),
                   wrongLength(8),
                   wrongEncoding(9),
                   wrongValue(10),
                   noCreation(11),
                   inconsistentValue(12),
                   resourceUnavailable(13),
                   commitFailed(14),
                   undoFailed(15),
                   authorizationError(16),
                   notWritable(17),
                   inconsistentName(18)
               },

           error-index                 -- sometimes ignored
               INTEGER (0..max-bindings),

           variable-bindings           -- values are sometimes ignored
               VarBindList
       }



SNMPv3 Working Group        Expires June 2000                   [Page 9]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   BulkPDU ::=                         -- must be identical in
       SEQUENCE {                      -- structure to PDU
           request-id
               INTEGER (-214783648..214783647),

           non-repeaters
               INTEGER (0..max-bindings),

           max-repetitions
               INTEGER (0..max-bindings),

           variable-bindings           -- values are ignored
               VarBindList
       }


   -- variable binding

   VarBind ::=
       SEQUENCE {
           name
               ObjectName,

           CHOICE {
               value
                   ObjectSyntax,

               unSpecified             -- in retrieval requests
                       NULL,

                                       -- exceptions in responses
               noSuchObject[0]
                       IMPLICIT NULL,

               noSuchInstance[1]
                       IMPLICIT NULL,

               endOfMibView[2]
                       IMPLICIT NULL
           }
       }










SNMPv3 Working Group        Expires June 2000                  [Page 10]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   -- variable-binding list

   VarBindList ::=
       SEQUENCE (SIZE (0..max-bindings)) OF
           VarBind


   END

4.  Protocol Specification


4.1.  Common Constructs

   The value of the request-id field in a Response-PDU takes the value
   of the request-id field in the request PDU to which it is a response.
   By use of the request-id value, an application can distinguish the
   (potentially multiple) outstanding requests, and thereby correlate
   incoming responses with outstanding requests.  In cases where an
   unreliable datagram service is used, the request-id also provides a
   simple means of identifying messages duplicated by the network.  Use
   of the same request-id on a retransmission of a request allows the
   response to either the original transmission or the retransmission to
   satisfy the request.  However, in order to calculate the round trip
   time for transmission and processing of a request-response
   transaction, the application needs to use a different request-id
   value on a retransmitted request.  The latter strategy is recommended
   for use in the majority of situations.

   A non-zero value of the error-status field in a Response-PDU is used
   to indicate that an error occurred to prevent the processing of the
   request.  In these cases, a non-zero value of the Response-PDU's
   error-index field provides additional information by identifying
   which variable binding in the list caused the error.  A variable
   binding is identified by its index value.  The first variable binding
   in a variable-binding list is index one, the second is index two,
   etc.

   SNMP limits OBJECT IDENTIFIER values to a maximum of 128
   sub-identifiers, where each sub-identifier has a maximum value of
   2**32-1.

4.2.  PDU Processing

   In the elements of procedure below, any field of a PDU which is not
   referenced by the relevant procedure is ignored by the receiving SNMP
   entity.  However, all components of a PDU, including those whose
   values are ignored by the receiving SNMP entity, must have valid



SNMPv3 Working Group        Expires June 2000                  [Page 11]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   ASN.1 syntax and encoding.  For example, some PDUs (e.g., the
   GetRequest-PDU) are concerned only with the name of a variable and
   not its value.  In this case, the value portion of the variable
   binding is ignored by the receiving SNMP entity.  The unSpecified
   value is defined for use as the value portion of such bindings.

   On generating a management communication, the message "wrapper" to
   encapsulate the PDU is generated according to the "Elements of
   Procedure" of the administrative framework in use is followed.  While
   the definition of "max-bindings" does impose an upper-bound on the
   number of variable bindings, in practice, the size of a message is
   limited only by constraints on the maximum message size -- it is not
   limited by the number of variable bindings.  A compliant
   implementation must support as many variable bindings in a PDU or
   BulkPDU as fit into the overall maximum message size limit of the
   SNMP engine, but no more than 2147483647.

   On receiving a management communication, the "Elements of Procedure"
   of the administrative framework in use is followed, and if those
   procedures indicate that the operation contained within the message
   is to be performed locally, then those procedures also indicate the
   MIB view which is visible to the operation.

4.2.1.  The GetRequest-PDU

   A GetRequest-PDU is generated and transmitted at the request of an
   application.

   Upon receipt of a GetRequest-PDU, the receiving SNMP entity processes
   each variable binding in the variable-binding list to produce a
   Response-PDU.  All fields of the Response-PDU have the same values as
   the corresponding fields of the received request except as indicated
   below.  Each variable binding is processed as follows:

   (1)  If the variable binding's name exactly matches the name of a
        variable accessible by this request, then the variable binding's
        value field is set to the value of the named variable.

   (2)  Otherwise, if the variable binding's name does not have an
        OBJECT IDENTIFIER prefix which exactly matches the OBJECT
        IDENTIFIER prefix of any (potential) variable accessible by this
        request, then its value field is set to "noSuchObject".

   (3)  Otherwise, the variable binding's value field is set to
        "noSuchInstance".

   If the processing of any variable binding fails for a reason other
   than listed above, then the Response-PDU is re-formatted with the



SNMPv3 Working Group        Expires June 2000                  [Page 12]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   same values in its request-id and variable-bindings fields as the
   received GetRequest-PDU, with the value of its error-status field set
   to "genErr", and the value of its error-index field is set to the
   index of the failed variable binding.

   Otherwise, the value of the Response-PDU's error-status field is  set
   to "noError", and the value of its error-index field is zero.

   The generated Response-PDU is then encapsulated into a message.  If
   the size of the resultant message is less than or equal to both a
   local constraint and the maximum message size of the originator, it
   is transmitted to the originator of the GetRequest-PDU.

   Otherwise, an alternate Response-PDU is generated.  This alternate
   Response-PDU is formatted with the same value in its request-id field
   as the received GetRequest-PDU, with the value of its error-status
   field set to "tooBig", the value of its error-index field set to
   zero, and an empty variable-bindings field.  This alternate
   Response-PDU is then encapsulated into a message.  If the size of the
   resultant message is less than or equal to both a local constraint
   and the maximum message size of the originator, it is transmitted to
   the originator of the GetRequest-PDU.  Otherwise, the snmpSilentDrops
   [RFC-MIB] counter is incremented and the resultant message is
   discarded.

4.2.2.  The GetNextRequest-PDU

   A GetNextRequest-PDU is generated and transmitted at the request of
   an application.

   Upon receipt of a GetNextRequest-PDU, the receiving SNMP entity
   processes each variable binding in the variable-binding list to
   produce a Response-PDU.  All fields of the Response-PDU have the same
   values as the corresponding fields of the received request except as
   indicated below.  Each variable binding is processed as follows:

   (1)  The variable is located which is in the lexicographically
        ordered list of the names of all variables which are accessible
        by this request and whose name is the first lexicographic
        successor of the variable binding's name in the incoming
        GetNextRequest-PDU.  The corresponding variable binding's name
        and value fields in the Response-PDU are set to the name and
        value of the located variable.

   (2)  If the requested variable binding's name does not
        lexicographically precede the name of any variable accessible by
        this request, i.e., there is no lexicographic successor, then
        the corresponding variable binding produced in the Response-PDU



SNMPv3 Working Group        Expires June 2000                  [Page 13]

Internet Draft        Protocol Operations for SNMP        9 January 2000


        has its value field set to "endOfMibView", and its name field
        set to the variable binding's name in the request.

   If the processing of any variable binding fails for a reason other
   than listed above, then the Response-PDU is re-formatted with the
   same values in its request-id and variable-bindings fields as the
   received GetNextRequest-PDU, with the value of its error-status field
   set to "genErr", and the value of its error-index field is set to the
   index of the failed variable binding.

   Otherwise,  the value of the Response-PDU's error-status field is set
   to "noError", and the value of its error-index field is zero.

   The generated Response-PDU is then encapsulated into a message.  If
   the size of the resultant message is less than or equal to both a
   local constraint and the maximum message size of the originator, it
   is transmitted to the originator of the GetNextRequest-PDU.

   Otherwise, an alternate Response-PDU is generated.  This alternate
   Response-PDU is formatted with the same values in its request-id
   field as the received GetNextRequest-PDU, with the value of its
   error-status field set to "tooBig", the value of its error-index
   field set to zero, and an empty variable-bindings field.  This
   alternate Response-PDU is then encapsulated into a message.  If the
   size of the resultant message is less than or equal to both a local
   constraint and the maximum message size of the originator, it is
   transmitted to the originator of the GetNextRequest-PDU.  Otherwise,
   the snmpSilentDrops [RFC-MIB] message is discarded.

4.2.2.1.  Example of Table Traversal

   An important use of the GetNextRequest-PDU is the traversal of
   conceptual tables of information within a MIB.  The semantics of this
   type of request, together with the method of identifying individual
   instances of objects in the MIB, provides access to related objects
   in the MIB as if they enjoyed a tabular organization.

   In the protocol exchange sketched below, an application retrieves the
   media-dependent physical address and the address-mapping type for
   each entry in the IP net-to-media Address Translation Table [RFC1213]
   of a particular network element.  It also retrieves the value of
   sysUpTime [RFC-MIB], at which the mappings existed.  Suppose that the
   command responder's IP net-to-media table has three entries:
   Interface-Number  Network-Address  Physical-Address  Type

       1            10.0.0.51     00:00:10:01:23:45  static
       1             9.2.3.4      00:00:10:54:32:10  dynamic
       2            10.0.0.15     00:00:10:98:76:54  dynamic



SNMPv3 Working Group        Expires June 2000                  [Page 14]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   The SNMP entity supporting a command generator application begins by
   sending a GetNextRequest-PDU containing the indicated OBJECT
   IDENTIFIER values as the requested variable names:

    GetNextRequest ( sysUpTime,
                   ipNetToMediaPhysAddress,
                   ipNetToMediaType )

   The SNMP entity supporting a command responder application responds
   with a Response-PDU:

    Response (( sysUpTime.0 =  "123456" ),
            ( ipNetToMediaPhysAddress.1.9.2.3.4 =
                                       "000010543210" ),
            ( ipNetToMediaType.1.9.2.3.4 =  "dynamic" ))

   The SNMP entity supporting the command generator application
   continues with:

    GetNextRequest ( sysUpTime,
                   ipNetToMediaPhysAddress.1.9.2.3.4,
                   ipNetToMediaType.1.9.2.3.4 )

   The SNMP entity supporting the command responder application responds
   with:

    Response (( sysUpTime.0 =  "123461" ),
            ( ipNetToMediaPhysAddress.1.10.0.0.51 =
                                        "000010012345" ),
            ( ipNetToMediaType.1.10.0.0.51 =  "static" ))

   The SNMP entity supporting the command generator application
   continues with:

    GetNextRequest ( sysUpTime,
                   ipNetToMediaPhysAddress.1.10.0.0.51,
                   ipNetToMediaType.1.10.0.0.51 )

   The SNMP entity supporting the command responder application responds
   with:

    Response (( sysUpTime.0 =  "123466" ),
            ( ipNetToMediaPhysAddress.2.10.0.0.15 =
                                         "000010987654" ),
            ( ipNetToMediaType.2.10.0.0.15 =  "dynamic" ))






SNMPv3 Working Group        Expires June 2000                  [Page 15]

Internet Draft        Protocol Operations for SNMP        9 January 2000



   The SNMP entity supporting the command generator application
   continues with:

    GetNextRequest ( sysUpTime,
                   ipNetToMediaPhysAddress.2.10.0.0.15,
                   ipNetToMediaType.2.10.0.0.15 )

   As there are no further entries in the table, the SNMP entity
   supporting the command responder application responds with the
   variables that are next in the lexicographical ordering of the
   accessible object names, for example:

    Response (( sysUpTime.0 =  "123471" ),
            ( ipNetToMediaNetAddress.1.9.2.3.4 =
                                             "9.2.3.4" ),
            ( ipRoutingDiscards.0 =  "2" ))

   Note now, having reached the end of the column for
   ipNetToMediaPhysAddress, the second variable binding in the command
   responder application has "wrapped" to the first row in the next
   column.  Furthermore, note how, having reached the end of the
   ipNetToMediaTable for the third variable binding, the command
   responder application has responded with the next available object,
   which is outside that table.  This response signals the end of the
   table to the command generator application.

4.2.3.  The GetBulkRequest-PDU

   A GetBulkRequest-PDU is generated and transmitted at the request of
   an application.  The purpose of the GetBulkRequest-PDU is to request
   the transfer of a potentially large amount of data, including, but
   not limited to, the efficient and rapid retrieval of large tables.

   Upon receipt of a GetBulkRequest-PDU, the receiving SNMP entity
   processes each variable binding in the variable-binding list to
   produce a Response-PDU with its request-id field having the same
   value as in the request.

   For the GetBulkRequest-PDU type, the successful processing of each
   variable binding in the request generates zero or more variable
   bindings in the Response-PDU.  That is, the one-to-one mapping
   between the variable bindings of the GetRequest-PDU,
   GetNextRequest-PDU, and SetRequest-PDU types and the resultant
   Response-PDUs does not apply for the mapping between the variable
   bindings of a GetBulkRequest-PDU and the resultant Response-PDU.





SNMPv3 Working Group        Expires June 2000                  [Page 16]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   The values of the non-repeaters and max-repetitions fields in the
   request specify the processing requested.  One variable binding in
   the Response-PDU is requested for the first N variable bindings in
   the request and M variable bindings are requested for each of the R
   remaining variable bindings in the request.  Consequently, the total
   number of requested variable bindings communicated by the request is
   given by N + (M * R), where N is the minimum of:  a) the value of the
   non-repeaters field in the request, and b) the number of variable
   bindings in the request; M is the value of the max-repetitions field
   in the request; and R is the maximum of:  a) number of variable
   bindings in the request - N, and b)  zero.

   The receiving SNMP entity produces a Response-PDU with up to the
   total number of requested variable bindings communicated by the
   request.  The request-id shall have the same value as the received
   GetBulkRequest-PDU.

   If N is greater than zero, the first through the (N)-th variable
   bindings of the Response-PDU are each produced as follows:

   (1)  The variable is located which is in the lexicographically
        ordered list of the names of all variables which are accessible
        by this request and whose name is the first lexicographic
        successor of the variable binding's name in the incoming
        GetBulkRequest-PDU.  The corresponding variable binding's name
        and value fields in the Response-PDU are set to the name and
        value of the located variable.

   (2)  If the requested variable binding's name does not
        lexicographically precede the name of any variable accessible by
        this request, i.e., there is no lexicographic successor, then
        the corresponding variable binding produced in the Response-PDU
        has its value field set to "endOfMibView", and its name field
        set to the variable binding's name in the request.

   If M and R are non-zero, the (N + 1)-th and subsequent variable
   bindings of the Response-PDU are each produced in a similar manner.
   For each iteration i, such that i is greater than zero and less than
   or equal to M, and for each repeated variable, r, such that r is
   greater than zero and less than or equal to R, the (N + ( (i-1) * R )
   + r)-th variable binding of the Response-PDU is produced as follows:

   (1)  The variable which is in the lexicographically ordered list of
        the names of all variables which are accessible by this request
        and whose name is the (i)-th lexicographic successor of the (N +
        r)-th variable binding's name in the incoming GetBulkRequest-PDU
        is located and the variable binding's name and value fields are
        set to the name and value of the located variable.



SNMPv3 Working Group        Expires June 2000                  [Page 17]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   (2)  If there is no (i)-th lexicographic successor, then the
        corresponding variable binding produced in the Response-PDU has
        its value field set to "endOfMibView", and its name field set to
        either the last lexicographic successor, or if there are no
        lexicographic successors, to the (N + r)-th variable binding's
        name in the request.

   While the maximum number of variable bindings in the Response-PDU is
   bounded by N + (M * R), the response may be generated with a lesser
   number of variable bindings (possibly zero) for either of three
   reasons.

   (1)  If the size of the message encapsulating the Response-PDU
        containing the requested number of variable bindings would be
        greater than either a local constraint or the maximum message
        size of the originator, then the response is generated with a
        lesser number of variable bindings.  This lesser number is the
        ordered set of variable bindings with some of the variable
        bindings at the end of the set removed, such that the size of
        the message encapsulating the Response-PDU is approximately
        equal to but no greater than either a local constraint or the
        maximum message size of the originator.  Note that the number of
        variable bindings removed has no relationship to the values of
        N, M, or R.

   (2)  The response may also be generated with a lesser number of
        variable bindings if for some value of iteration i, such that i
        is greater than zero and less than or equal to M, that all of
        the generated variable bindings have the value field set to
        "endOfMibView".  In this case, the variable bindings may be
        truncated after the (N + (i * R))-th variable binding.

   (3)  In the event that the processing of a request with many
        repetitions requires a significantly greater amount of
        processing time than a normal request, then a command responder
        application may terminate the request with less than the full
        number of repetitions, providing at least one repetition is
        completed.

   If the processing of any variable binding fails for a reason other
   than listed above, then the Response-PDU is re-formatted with the
   same values in its request-id and variable-bindings fields as the
   received GetBulkRequest-PDU, with the value of its error-status field
   set to "genErr", and the value of its error-index field is set to the
   index of the variable binding in the original request which
   corresponds to the failed variable binding.





SNMPv3 Working Group        Expires June 2000                  [Page 18]

Internet Draft        Protocol Operations for SNMP        9 January 2000



   Otherwise, the value of the Response-PDU's error-status field is set
   to "noError", and the value of its error-index field to zero.

   The generated Response-PDU (possibly with an empty variable-bindings
   field) is then encapsulated into a message.  If the size of the
   resultant message is less than or equal to both a local constraint
   and the maximum message size of the originator, it is transmitted to
   the originator of the GetBulkRequest-PDU.  Otherwise, the
   snmpSilentDrops [RFC-MIB] counter is incremented and the resultant
   message is discarded.

4.2.3.1.  Another Example of Table Traversal

   This example demonstrates how the GetBulkRequest-PDU can be used as
   an alternative to the GetNextRequest-PDU.  The same traversal of the
   IP net-to-media table as shown in Section 4.2.2.1 is achieved with
   fewer exchanges.

   The SNMP entity supporting the command generator application begins
   by sending a GetBulkRequest-PDU with the modest max-repetitions value
   of 2, and containing the indicated OBJECT IDENTIFIER values as the
   requested variable names:

    GetBulkRequest [ non-repeaters = 1, max-repetitions = 2 ]
                  ( sysUpTime,
                    ipNetToMediaPhysAddress,
                    ipNetToMediaType )

   The SNMP entity supporting the command responder application responds
   with a Response-PDU:

    Response (( sysUpTime.0 =  "123456" ),
            ( ipNetToMediaPhysAddress.1.9.2.3.4 =
                                       "000010543210" ),
            ( ipNetToMediaType.1.9.2.3.4 =  "dynamic" ),
            ( ipNetToMediaPhysAddress.1.10.0.0.51 =
                                        "000010012345" ),
            ( ipNetToMediaType.1.10.0.0.51 =  "static" ))

   The SNMP entity supporting the command generator application
   continues with:

     GetBulkRequest [ non-repeaters = 1, max-repetitions = 2 ]
                     ( sysUpTime,
                       ipNetToMediaPhysAddress.1.10.0.0.51,
                       ipNetToMediaType.1.10.0.0.51 )




SNMPv3 Working Group        Expires June 2000                  [Page 19]

Internet Draft        Protocol Operations for SNMP        9 January 2000



   The SNMP entity supporting the command responder application responds
   with:

    Response (( sysUpTime.0 =  "123466" ),
            ( ipNetToMediaPhysAddress.2.10.0.0.15 =
                                       "000010987654" ),
            ( ipNetToMediaType.2.10.0.0.15 =
                                            "dynamic" ),
            ( ipNetToMediaNetAddress.1.9.2.3.4 =
                                            "9.2.3.4" ),
            ( ipRoutingDiscards.0 =  "2" ))

   Note how, as in the first example, the variable bindings in the
   response indicate that the end of the table has been reached.  The
   fourth variable binding does so by returning information from the
   next available column; the fifth variable binding does so by
   returning information from the first available object
   lexicographically following the table.  This response signals the end
   of the table to the command generator application.

4.2.4.  The Response-PDU

   The Response-PDU is generated by an SNMP entity only upon receipt of
   a GetRequest-PDU, GetNextRequest-PDU, GetBulkRequest-PDU,
   SetRequest-PDU, or InformRequest-PDU, as described elsewhere in this
   document.

   If the error-status field of the Response-PDU is non-zero, the value
   fields of the variable bindings in the variable binding list are
   ignored.

   If both the error-status field and the error-index field of the
   Response-PDU are non-zero, then the value of the error-index field is
   the index of the variable binding (in the variable-binding list of
   the corresponding request) for which the request failed.  The first
   variable binding in a request's variable-binding list is index one,
   the second is index two, etc.

   A compliant SNMP entity supporting a command generator application
   must be able to properly receive and handle a Response-PDU with an
   error-status field equal to "noSuchName", "badValue", or "readOnly".
   (See Section ???3.1.2??? of [RFC-COEX].)

   Upon receipt of a Response-PDU, the receiving SNMP entity presents
   its contents to the application which generated the request with the
   same request-id value.  For more details, see [RFC2572].




SNMPv3 Working Group        Expires June 2000                  [Page 20]

Internet Draft        Protocol Operations for SNMP        9 January 2000


4.2.5.  The SetRequest-PDU

   A SetRequest-PDU is generated and transmitted at the request of an
   application.

   Upon receipt of a SetRequest-PDU, the receiving SNMP entity
   determines the size of a message encapsulating a Response-PDU having
   the same values in its request-id and variable-bindings fields as the
   received SetRequest-PDU, and the largest possible sizes of the
   error-status and error-index fields.  If the determined message size
   is greater than either a local constraint or the maximum message size
   of the originator, then an alternate Response-PDU is generated,
   transmitted to the originator of the SetRequest-PDU, and processing
   of the SetRequest-PDU terminates immediately thereafter.  This
   alternate Response-PDU is formatted with the same values in its
   request-id field as the received SetRequest-PDU, with the value of
   its error-status field set to "tooBig", the value of its error-index
   field set to zero, and an empty variable-bindings field.  This
   alternate Response-PDU is then encapsulated into a message.  If the
   size of the resultant message is less than or equal to both a local
   constraint and the maximum message size of the originator, it is
   transmitted to the originator of the SetRequest-PDU.  Otherwise, the
   snmpSilentDrops [RFC-MIB] counter is incremented and the resultant
   message is discarded.  Regardless, processing of the SetRequest-PDU
   terminates.

   Otherwise, the receiving SNMP entity processes each variable binding
   in the variable-binding list to produce a Response-PDU.  All fields
   of the Response-PDU have the same values as the corresponding fields
   of the received request except as indicated below.

   The variable bindings are conceptually processed as a two phase
   operation.  In the first phase, each variable binding is validated;
   if all validations are successful, then each variable is altered in
   the second phase.  Of course, implementors are at liberty to
   implement either the first, or second, or both, of these conceptual
   phases as multiple implementation phases.  Indeed, such multiple
   implementation phases may be necessary in some cases to ensure
   consistency.

   The following validations are performed in the first phase on each
   variable binding until they are all successful, or until one fails:

   (1)  If the variable binding's name specifies an existing or
        non-existent variable to which this request is/would be denied
        access because it is/would not be in the appropriate MIB view,
        then the value of the Response-PDU's error-status field is set
        to "noAccess", and the value of its error-index field is set to



SNMPv3 Working Group        Expires June 2000                  [Page 21]

Internet Draft        Protocol Operations for SNMP        9 January 2000


        the index of the failed variable binding.

   (2)  Otherwise, if there are no variables which share the same OBJECT
        IDENTIFIER prefix as the variable binding's name, and which are
        able to be created or modified no matter what new value is
        specified, then the value of the Response-PDU's error-status
        field is set to "notWritable", and the value of its error-index
        field is set to the index of the failed variable binding.

   (3)  Otherwise, if the variable binding's value field specifies,
        according to the ASN.1 language, a type which is inconsistent
        with that required for all variables which share the same OBJECT
        IDENTIFIER prefix as the variable binding's name, then the value
        of the Response-PDU's error-status field is set to "wrongType",
        and the value of its error-index field is set to the index of
        the failed variable binding.

   (4)  Otherwise, if the variable binding's value field specifies,
        according to the ASN.1 language, a length which is inconsistent
        with that required for all variables which share the same OBJECT
        IDENTIFIER prefix as the variable binding's name, then the value
        of the Response-PDU's error-status field is set to
        "wrongLength", and the value of its error-index field is set to
        the index of the failed variable binding.

   (5)  Otherwise, if the variable binding's value field contains an
        ASN.1 encoding which is inconsistent with that field's ASN.1
        tag, then the value of the Response-PDU's error-status field is
        set to "wrongEncoding", and the value of its error-index field
        is set to the index of the failed variable binding.  (Note that
        not all implementation strategies will generate this error.)

   (6)  Otherwise, if the variable binding's value field specifies a
        value which could under no circumstances be assigned to the
        variable, then the value of the Response-PDU's error-status
        field is set to "wrongValue", and the value of its error-index
        field is set to the index of the failed variable binding.

   (7)  Otherwise, if the variable binding's name specifies a variable
        which does not exist and could not ever be created (even though
        some variables sharing the same OBJECT IDENTIFIER prefix might
        under some circumstances be able to be created), then the value
        of the Response-PDU's error-status field is set to "noCreation",
        and the value of its error-index field is set to the index of
        the failed variable binding.

   (8)  Otherwise, if the variable binding's name specifies a variable
        which does not exist but can not be created under the present



SNMPv3 Working Group        Expires June 2000                  [Page 22]

Internet Draft        Protocol Operations for SNMP        9 January 2000


        circumstances (even though it could be created under other
        circumstances), then the value of the Response-PDU's
        error-status field is set to "inconsistentName", and the value
        of its error-index field is set to the index of the failed
        variable binding.

   (9)  Otherwise, if the variable binding's name specifies a variable
        which exists but can not be modified no matter what new value is
        specified, then the value of the Response-PDU's error-status
        field is set to "notWritable", and the value of its error-index
        field is set to the index of the failed variable binding.

   (10) Otherwise, if the variable binding's value field specifies a
        value that could under other circumstances be held by the
        variable, but is presently inconsistent or otherwise unable to
        be assigned to the variable, then the value of the
        Response-PDU's error-status field is set to "inconsistentValue",
        and the value of its error-index field is set to the index of
        the failed variable binding.

   (11) When, during the above steps, the assignment of the value
        specified by the variable binding's value field to the specified
        variable requires the allocation of a resource which is
        presently unavailable, then the value of the Response-PDU's
        error-status field is set to "resourceUnavailable", and the
        value of its error-index field is set to the index of the failed
        variable binding.

   (12) If the processing of the variable binding fails for a reason
        other than listed above, then the value of the Response-PDU's
        error-status field is set to "genErr", and the value of its
        error-index field is set to the index of the failed variable
        binding.

   (13) Otherwise, the validation of the variable binding succeeds.

   At the end of the first phase, if the validation of all variable
   bindings succeeded, then the value of the Response-PDU's error-status
   field is set to "noError" and the value of its error-index field is
   zero, and processing continues as follows.

   For each variable binding in the request, the named variable is
   created if necessary, and the specified value is assigned to it.
   Each of these variable assignments occurs as if simultaneously with
   respect to all other assignments specified in the same request.
   However, if the same variable is named more than once in a single
   request, with different associated values, then the actual assignment
   made to that variable is implementation-specific.



SNMPv3 Working Group        Expires June 2000                  [Page 23]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   If any of these assignments fail (even after all the previous
   validations), then all other assignments are undone, and the
   Response-PDU is modified to have the value of its error-status field
   set to "commitFailed", and the value of its error-index field set to
   the index of the failed variable binding.

   If and only if it is not possible to undo all the assignments, then
   the Response-PDU is modified to have the value of its error-status
   field set to "undoFailed", and the value of its error-index field is
   set to zero.  Note that implementations are strongly encouraged to
   take all possible measures to avoid use of either "commitFailed" or
   "undoFailed" - these two error-status codes are not to be taken as
   license to take the easy way out in an implementation.

   Finally, the generated Response-PDU is encapsulated into a message,
   and transmitted to the originator of the SetRequest-PDU.

4.2.6.  The SNMPv2-Trap-PDU

   An SNMPv2-Trap-PDU is generated and transmitted by an SNMP entity on
   behalf of a notification originator application. The SNMPv2-Trap-PDU
   is often used to notify a notification receiver application at a
   logically remote SNMP entity that an event has occurred or that a
   condition is present.  There is no confirmation associated with this
   notification delivery mechanism.

   The destination(s) to which an SNMPv2-Trap-PDU is sent is determined
   in an implementation-dependent fashion by the SNMP entity.  The first
   two variable bindings in the variable binding list of an
   SNMPv2-Trap-PDU are sysUpTime.0 [RFC-MIB] and snmpTrapOID.0 [RFC-MIB]
   respectively.  If the OBJECTS clause is present in the invocation of
   the corresponding NOTIFICATION-TYPE macro, then each corresponding
   variable, as instantiated by this notification, is copied, in order,
   to the variable-bindings field.  If any additional variables are
   being included (at the option of the generating SNMP entity), then
   each is copied to the variable-bindings field.

4.2.7.  The InformRequest-PDU

   An InformRequest-PDU is generated and transmitted by an SNMP entity
   on behalf of a notification originator application.  The
   InformRequest-PDU is often used to notify a notification receiver
   application that an event has occurred or that a condition is
   present.  This is a confirmed notification delivery mechanism,
   although there is, of course, no guarantee of delivery.

   The destination(s) to which an InformRequest-PDU is sent is specified
   by the notification originator application.  The first two variable



SNMPv3 Working Group        Expires June 2000                  [Page 24]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   bindings in the variable binding list of an InformRequest-PDU are
   sysUpTime.0 [RFC-MIB] and snmpTrapOID.0 [RFC-MIB] respectively.  If
   the OBJECTS clause is present in the invocation of the corresponding
   NOTIFICATION-TYPE macro, then each corresponding variable, as
   instantiated by this notification, is copied, in order, to the
   variable-bindings field.

   Upon receipt of an InformRequest-PDU, the receiving SNMP entity
   determines the size of a message encapsulating a Response-PDU with
   the same values in its request-id, error-status, error-index and
   variable-bindings fields as the received InformRequest-PDU.  If the
   determined message size is greater than either a local constraint or
   the maximum message size of the originator, then an alternate
   Response-PDU is generated, transmitted to the originator of the
   InformRequest-PDU, and processing of the InformRequest-PDU terminates
   immediately thereafter.  This alternate Response-PDU is formatted
   with the same values in its request-id field as the received
   InformRequest-PDU, with the value of its error-status field set to
   "tooBig", the value of its error-index field set to zero, and an
   empty variable-bindings field.  This alternate Response-PDU is then
   encapsulated into a message.  If the size of the resultant message is
   less than or equal to both a local constraint and the maximum message
   size of the originator, it is transmitted to the originator of the
   InformRequest-PDU.  Otherwise, the snmpSilentDrops [RFC-MIB] counter
   is incremented and the resultant message is discarded.  Regardless,
   processing of the InformRequest-PDU terminates.

   Otherwise, the receiving SNMP entity:

   (1)  presents its contents to the appropriate application;

   (2)  generates a Response-PDU with the same values in its request-id
        and variable-bindings fields as the received InformRequest-PDU,
        with the value of its error-status field is set to "noError" and
        the value of its error-index field is zero; and

   (3)  transmits the generated Response-PDU to the originator of the
        InformRequest-PDU.

5.  Notice on Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights.  Information on the
   IETF's procedures with respect to rights in standards-track and



SNMPv3 Working Group        Expires June 2000                  [Page 25]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   standards-related documentation can be found in BCP-11.  Copies of
   claims of rights made available for publication and any assurances of
   licenses to be made available, or the result of an attempt made to
   obtain a general license or permission for the use of such
   proprietary rights by implementors or users of this specification can
   be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard.  Please address the information to the IETF Executive
   Director.

6.  Acknowledgments

   The previous versions of this document, edited by Keith McCloghrie,
   was the result of significant work by four major contributors:

        Jeffrey D. Case (SNMP Research, case@snmp.com)
        Keith McCloghrie (Cisco Systems, kzm@cisco.com)
        Marshall T. Rose (Dover Beach Consulting, mrose@dbc.mtview.ca.us)
        Steven Waldbusser (International Network Services, stevew@uni.ins.com)

   In addition, the contributions of the SNMPv2 Working Group are
   acknowledged.  In particular, a special thanks is extended for the
   contributions of:

        Alexander I. Alten (Novell)
        Dave Arneson (Cabletron)
        Uri Blumenthal (IBM)
        Doug Book (Chipcom)
        Kim Curran (Bell-Northern Research)
        Jim Galvin (Trusted Information Systems)
        Maria Greene (Ascom Timeplex)
        Iain Hanson (Digital)
        Dave Harrington (Cabletron)
        Nguyen Hien (IBM)
        Jeff Johnson (Cisco Systems)
        Michael Kornegay (Object Quest)
        Deirdre Kostick (AT&T Bell Labs)
        David Levi (SNMP Research)
        Daniel Mahoney (Cabletron)
        Russ Mundy (TIS Labs at Network Associates, Chair)
        Bob Natale (ACE*COMM)
        Brian O'Keefe (Hewlett Packard)
        Andrew Pearson (SNMP Research)
        Dave Perkins (Peer Networks)
        Randy Presuhn (Peer Networks)



SNMPv3 Working Group        Expires June 2000                  [Page 26]

Internet Draft        Protocol Operations for SNMP        9 January 2000


        Aleksey Romanov (Quality Quorum)
        Shawn Routhier (Epilogue)
        Jon Saperia (BGS Systems)
        Juergen Schoenwaelder (TU Braunschweig)
        Bob Stewart (Cisco Systems)
        Kaj Tesink (Bellcore)
        Glenn Waters (Bell-Northern Research)
        Bert Wijnen (IBM)

7.  Security Considerations

   The protocol defined in this document by itself does not provide a
   secure environment.  Even if the network itself is secure (for
   example by using IPSec), there is no control as to who on the secure
   network is allowed to access and GET/SET (read/change) MIB
   information.

   It is recommended that the implementors consider the security
   features as provided by the SNMPv3 framework.  Specifically, the use
   of the User-based Security Model RFC 2574 [RFC2574] and the
   View-based Access Control Model RFC 2575 [RFC2575] is recommended.

   It is then a customer/user responsibility to ensure that the SNMP
   entity is properly configured so that:

        -    only those principals (users) having legitimate rights can
             access or modify the values of any MIB objects supported by
             that entity;

        -    the occurrence of particular events on the entity will be
             communicated appropriately;

        -    the entity responds appropriately and with due credence to
             events and information that have been communicated to it.

8.  References

   [ASN1]      Information processing systems - Open Systems
               Interconnection - Specification of Abstract Syntax
               Notation One (ASN.1), International Organization for
               Standardization.  International Standard 8824, December
               1987.

   [FRAG]      Kent, C., and J. Mogul, Fragmentation Considered Harmful,
               Proceedings, ACM SIGCOMM '87, Stowe, VT, August 1987.

   [RFC768]    Postel, J., "User Datagram Protocol", STD 6, RFC 768,
               USC/Information Sciences Institute, August 1980.



SNMPv3 Working Group        Expires June 2000                  [Page 27]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   [RFC1213]   McCloghrie, K., and M. Rose, Editors, "Management
               Information Base for Network Management of TCP/IP-based
               internets: MIB-II", STD 17, RFC 1213, March 1991.

   [RFC2571]   Harrington, D., Presuhn, R., and B. Wijnen, "An
               Architecture for Describing SNMP Management Frameworks",
               RFC 2571, April 1999.

   [RFC1155]   Rose, M., and K. McCloghrie, "Structure and
               Identification of Management Information for TCP/IP-based
               Internets", STD 16, RFC 1155, May 1990.

   [RFC1212]   Rose, M., and K. McCloghrie, "Concise MIB Definitions",
               STD 16, RFC 1212, March 1991.

   [RFC1215]   Rose, M., "A Convention for Defining Traps for use with
               the SNMP", RFC 1215, March 1991.

   [RFC2578]   McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
               Rose, M., and S. Waldbusser, "Structure of Management
               Information Version 2 (SMIv2)", STD 58, RFC 2578, April
               1999.

   [RFC2579]   McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
               Rose, M., and S. Waldbusser, "Textual Conventions for
               SMIv2", STD 58, RFC 2579, April 1999.

   [RFC2580]   McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
               Rose, M., and S. Waldbusser, "Conformance Statements for
               SMIv2", STD 58, RFC 2580, April 1999.

   [RFC1157]   Case, J., Fedor, M., Schoffstall, M., and J. Davin,
               "Simple Network Management Protocol", STD 15, RFC 1157,
               May 1990.

   [RFC1901]   Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
               "Introduction to Community-based SNMPv2", RFC 1901,
               January 1996.

   [RFC2572]   Case, J., Harrington D., Presuhn R., and B. Wijnen,
               "Message Processing and Dispatching for the Simple
               Network Management Protocol (SNMP)", RFC 2572, April
               1999.

   [RFC2574]   Blumenthal, U., and B. Wijnen, "User-based Security Model
               (USM) for version 3 of the Simple Network Management
               Protocol (SNMPv3)", RFC 2574, April 1999.




SNMPv3 Working Group        Expires June 2000                  [Page 28]

Internet Draft        Protocol Operations for SNMP        9 January 2000


   [RFC2573]   Levi, D., Meyer, P., and B. Stewart, "SNMPv3
               Applications", RFC 2573, April 1999.

   [RFC2575]   Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based
               Access Control Model (VACM) for the Simple Network
               Management Protocol (SNMP)", RFC 2575, April 1999.

   [RFC2570]   Case, J., Mundy, R., Partain, D., and B. Stewart,
               "Introduction to Version 3 of the Internet-standard
               Network Management Framework", RFC 2570, April 1999.

   [RFC2233]   McCloghrie, K., and F.  Kastenholz, "The Interfaces Group
               MIB using SMIv2", RFC 2233, November 1997.

   [RFC-COEX]  Frye, R., Levi, D., Routhier, S., and B. Wijnen,
               "Coexistence between Version 1, Version 2, and Version 3
               of the Internet-standard Network Management Framework",
               <draft-ietf-snmpv3-coex-06.txt>, December 1999.

   [RFC-TM]    Presuhn, R., SNMPv2 Working Group, Case, J., McCloghrie,
               K., Rose, M., and S. Waldbusser, "Transport Mappings for
               the Simple Network Management Protocol",
               <draft-ietf-snmpv3-update-transmap-00.txt>, January 2000.

   [RFC-MIB]   Presuhn, R., SNMPv2 Working Group, Case, J., McCloghrie,
               K., Rose, M., and S. Waldbusser, "Management Information
               Base for the Simple Network Management Protocol",
               <draft-ietf-snmpv3-update-mib-00.txt>, January 2000.

9.  Editor's Address

   Randy Presuhn
   BMC Software, Inc.
   2141 North First Street
   San Jose, CA  95131
   USA

   Phone: +1 408 546 1006
   EMail: randy_presuhn@bmc.com

10.  Changes from RFC 1905

   These are the changes from RFC 1905:

        -    Corrected spelling error in copyright statement;

        -    Updated copyright date;




SNMPv3 Working Group        Expires June 2000                  [Page 29]

Internet Draft        Protocol Operations for SNMP        9 January 2000


        -    Updated with new editor's name and contact information;

        -    Added notice on intellectual property;

        -    Cosmetic fixes to layout and typography;

        -    Added table of contents;

        -    Title changed;

        -    Updated document headers and footers;

        -    Deleted the old clause 2.3, entitled "Access to Management
             Information".

        -    Changed the way in which request-id was defined, though
             with the same ultimate syntax and semantics, to avoid
             coupling with SMI.  This does not affect the protocol in
             any way.

        -    Replaced the word "exception" with the word "error" in the
             old clause 4.1.  This does not affect the protocol in any
             way.

        -    Deleted the first two paragraphs of the old clause 4.2.

        -    Clarified the maximum number of variable bindings that an
             implementation must support in a PDU.  This does not affect
             the protocol in any way.

        -    Replaced occurrences of "SNMPv2 application" with
             "application".

        -    Deleted three sentences in old clause 4.2.3 describing the
             handling of an impossible situation.  This does not affect
             the protocol in any way.

        -    Clarified the use of the SNMPv2-Trap-Pdu in the old clause
             4.2.6.  This does not affect the protocol in any way.

        -    Aligned description of the use of the InformRequest-Pdu in
             old clause 4.2.7 with the architecture.  This does not
             affect the protocol in any way.

        -    Updated references.

        -    Re-wrote introduction clause.




SNMPv3 Working Group        Expires June 2000                  [Page 30]

Internet Draft        Protocol Operations for SNMP        9 January 2000


        -    Replaced manager/agent/SNMPv2 entity terminology with
             terminology from RFC 2571.  This does not affect the
             protocol in any way.

        -    Eliminated IMPORTS from the SMI, replaced with equivalent
             in-line ASN.1.  This does not affect the protocol in any
             way.

        -    Added notes calling attention to two different
             manifestations of reaching the end of a table in the table
             walk examples.

        -    Added content to security considerations clause.

        -    Updated ASN.1 comment on use of Report-PDU.  This does not
             affect the protocol in any way.

11.  Issues

   This clause will be deleted when this material is published as an
   RFC.  The issue labels are the same as those used in the on-line
   issues list at
   ftp://amethyst.bmc.com/pub/snmpv3/Update567/rfc1905/index.html

        1905-1    Done; table of contents added.

        1905-2    Done; new title put in.

        1905-3    Done; new introduction clause put in.

        1905-4    Done; handled as part of 1905-3.

        1905-5    Done; clause deleted.

        1905-6    Done; clause deleted, terminology changed throughout
                  the document.

        1905-7    Done; resolution was "no change".

        1905-8    Done; deleted the old clause 2.3.

        1905-9    Done; resolution was "no change".

        1905-10   Done; resolution was "no change".

        1905-11   Done; resolution was "no change".

        1905-12   Done; incorporated suggested text, fixed minor ASN.1



SNMPv3 Working Group        Expires June 2000                  [Page 31]

Internet Draft        Protocol Operations for SNMP        9 January 2000


                  problem.

        1905-13   Done; resolution was to change form (but not ultimate
                  syntax or semantics) of definition of request-id
                  element.

        1905-14   Done; resolution was "no change".

        1905-15   Done; ASN.1 comments lined up.

        1905-16   Done; resolution was "no change".

        1905-17   Done; changed "exception" to "error" in second
                  paragraph of old clause 4.1.

        1905-18   Done; deleted first two paragraphs of old clause 4.2.

        1905-19   Done; resolution was "no change".

        1905-20   Done; replaced occurrences of "SNMPv2 application"
                  with "application".

        1905-21   Done; though as a side-effect of issue 1905-6's
                  resolution.

        1905-22   Done; clarifying notes added.

        1905-23   Done; deleted offending sentences.

        1905-24   Done; resolution was "no change".

        1905-25   Done; added note to example.

        1905-26   Done; resolution was "no change".

        1905-27   Done; resolution was "no change".

        1905-28   Done; replaced first paragraph of old clause 4.2.6.

        1905-29   Done; replaced first paragraph of old clause 4.2.7.

        1905-30   Done; added content to security considerations clause.

        1905-31   PARTIAL; references update; more work needed on
                  acknowledgments.

        1905-32   Done; added clarifying text.




SNMPv3 Working Group        Expires June 2000                  [Page 32]

Internet Draft        Protocol Operations for SNMP        9 January 2000


        1905-33   Done; IPR and copyright material updated.

        1905-34   Done; headers and footers updated appropriately.

        1905-35   Done; resolution was "no change".

        1905-36   Done; though original resolution was "no change", this
                  was effectively superseded by the resolution to
                  1905-12.

        1905-37   Done; resolution was "no change".

12.  Full Copyright Statement

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.












SNMPv3 Working Group        Expires June 2000                  [Page 33]


Html markup produced by rfcmarkup 1.107, available from http://tools.ietf.org/tools/rfcmarkup/