[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits] [IPR]

Versions: 00 01 02 03 04 05 06 07 08 09 10 11 RFC 4544

Internet Draft                                              Mark Bakke
<draft-ietf-ips-iscsi-mib-09.txt>                           Jim Muchow
Expires September 2003                                   Cisco Systems

                                                      Marjorie Krueger
                                                       Hewlett-Packard

                                                         Tom McSweeney
                                                                   IBM

                                                            March 2003


                Definitions of Managed Objects for iSCSI


Status of this Memo

   This document is an Internet-Draft and is subject to all provisions
   of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.html.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This memo defines a portion of the Management Information Base (MIB)
   for use with network management protocols in TCP/IP based internets.
   In particular it defines objects for managing a client using the
   iSCSI (SCSI over TCP) protocol.




Bakke, Muchow              Expires August 2003                  [Page 1]


Internet Draft                  iSCSI MIB                     March 2003


Acknowledgments

   In addition to the authors, several people contributed to the
   development of this MIB.  Thanks especially to those who took the
   time to participate in our weekly conference calls to build our
   requirements, object models, table structures, and attributes: John
   Hufferd, Tom McSweeney (IBM), Kevin Gibbons (Nishan Systems), Chad
   Gregory (Intel), Jack Harwood (EMC), Hari Mudaliar (Adaptec), Ie Wei
   Njoo (Agilent), Lawrence Lamers (SAN Valley), Satish Mali (Stonefly
   Networks), and William Terrell (Troika).

   Special thanks to Tom McSweeney, Ie Wei Njoo, and Kevin Gibbons, who
   wrote the descriptions for many of the tables and attributes in this
   MIB, to Ayman Ghanem for finding and suggesting changes for many
   problems in the MIB, and to Keith McCloghrie for serving as advisor
   to the team.

Table of Contents

   1.  Introduction..............................................3
   2.  The Internet-Standard Management Framework................3
   3.  Relationship to Other MIBs................................3
   4.  Discussion................................................4
   4.1.  iSCSI MIB Object Model..................................4
   4.2.  iSCSI MIB Table Structure...............................5
   4.3.  iscsiInstance...........................................6
   4.4.  iscsiPortal.............................................7
   4.5.  iscsiTargetPortal.......................................8
   4.6.  iscsiInitiatorPortal....................................8
   4.7.  iscsiNode...............................................8
   4.8.  iscsiTarget.............................................9
   4.9.  iscsiTgtAuthorization...................................9
   4.10.  iscsiInitiator.........................................9
   4.11.  iscsiIntrAuthorization................................10
   4.12.  iscsiSession..........................................10
   4.13.  iscsiConnection.......................................11
   4.14.  IP Addresses and TCP Port Numbers.....................11
   4.15.  Descriptors: Using OIDs in Place of Enumerated Types..11
   4.16.  Notifications.........................................12
   5.  MIB Definitions..........................................13
   6.  Security Considerations..................................69
   7.  Normative References.....................................70
   8.  Informative References...................................70
   9.  Authors' Addresses.......................................70
   10.  IPR Notice..............................................72
   11.  Full Copyright Notice...................................72





Bakke, Muchow              Expires August 2003                  [Page 2]


Internet Draft                  iSCSI MIB                     March 2003


1.  Introduction

   This document defines a MIB for iSCSI [ISCSI], used to manage devices
   which implement the iSCSI protocol.


2.  The Internet-Standard Management Framework

   For a detailed overview of the documents that describe the current
   Internet-Standard Management Framework, please refer to section 7 of
   RFC 3410 [RFC3410].

   Managed objects are accessed via a virtual information store, termed
   the Management Information Base or MIB.  MIB objects are generally
   accessed through the Simple Network Management Protocol (SNMP).
   Objects in the MIB are defined using the mechanisms defined in the
   Structure of Management Information (SMI).  This memo specifies a MIB
   module that is compliant to the SMIv2, which is described in STD 58,
   RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
   [RFC2580].


3.  Relationship to Other MIBs

   The iSCSI MIB is layered between the SCSI MIB [SCSI-MIB] (work in
   progress) and the TCP MIB [RFC2012], and makes use of the IPS
   Identity Authentication MIB [AUTH-MIB] (work in progress).  Here is
   how the MIBs are related:

   SCSI MIB  Each iscsiNode, whether it has an initiator role, target
             role, or both, is related to one SCSI device within the
             SCSI MIB.  The iscsiNodeTransportType attribute points to
             the SCSI transport object within the SCSI MIB, which in
             turn contains an attribute that points back to the
             iscsiNode.  In this way, a management station can navigate
             between the two MIBs.

   TCP MIB   Each iSCSI connection is related to one transport-level
             connection.  Currently, iSCSI uses only TCP; the iSCSI
             connection is related to a TCP connection using its normal
             (protocol, source address, source port, destination
             address, destination port) 5-tuple.

   AUTH MIB  Each iSCSI node that serves a target role can have a list
             of authorized initiators.  Each of the entries in this list
             points to an identity within the IPS Identity
             Authentication MIB that will be allowed to access the
             target.  iSCSI nodes that serve in an initiator role can



Bakke, Muchow              Expires August 2003                  [Page 3]


Internet Draft                  iSCSI MIB                     March 2003


             also have a list of authorized targets.  Each of the
             entries in this list points to an identity within the Auth
             MIB to which the initiator should attempt to establish
             sessions.  The Auth MIB includes information used to
             identify initiators and targets by their iSCSI name, IP
             address, and/or credentials.


4.  Discussion

   This MIB structure supplies configuration, fault, and statistics
   information for iSCSI devices [ISCSI].  It is structured around the
   well-known iSCSI objects, such as targets, initiators, sessions,
   connections, and the like.

   This MIB may also be used to configure access to iSCSI targets, by
   creating iSCSI Portals and authorization list entries.

   It is worthwhile to note that this is an iSCSI MIB and as such
   reflects only iSCSI objects. This MIB does not contain information
   about the SCSI-layer attributes of a device.  The SCSI MIB, currently
   under development, is related to the iSCSI MIB and contains the SCSI
   information about a device.

   The iSCSI MIB consists of several "objects", each of which is
   represented by one or more tables.  This section contains a brief
   description of the "object" hierarchy and a description of each
   object, followed by a discussion of the actual MIB table structure
   within the objects.

4.1.  iSCSI MIB Object Model

   The top-level object in this structure is the iSCSI instance, which
   "contains" all of the other objects.

   iscsiInstance
      -- A distinct iSCSI entity within the managed system.
      iscsiPortal
         -- An IP address used by this instance
         iscsiTargetPortal
            -- Contains portal information relevant when the portal
            -- is used to listen for connections to its targets.
         iscsiInitiatorPortal
            -- Contains portal information relevant when the portal
            -- is used to initiate connections to other targets.
      iscsiNode
         -- An iSCSI node can act as an initiator, a target, or both.
         -- Contains generic (non-role-specific) information.



Bakke, Muchow              Expires August 2003                  [Page 4]


Internet Draft                  iSCSI MIB                     March 2003


         iscsiTarget
            -- Target-specific iSCSI node information.
            iscsiTgtAuth
               -- A list of initiator identities that are allowed
               -- access to this target.
         iscsiInitiator
            -- Initiator-specific iSCSI node information.
            iscsiIntrAuth
               -- A list of target identities to which this initiator
               -- is configured to establish sessions.
         iscsiSession
            -- An active iSCSI session between an initiator and target.
            -- The session's direction may be Inbound (outside
            -- initiator to our target) or Outbound (our initiator to
            -- an outside target).
            iscsiConnection
               -- An active TCP connection within an iSCSI session

   An iSCSI Node can be an initiator, a target, or both.  The iSCSI
   Node's portals may be used to initiate connections (initiator) or
   listen for connections (target), depending on wither the iSCSI Node
   is acting as an initiator or target.  The iSCSI MIB assumes that any
   target may be accessed via any portal that can take on a target role,
   although other access controls not reflected in the MIB might limit
   this.

4.2.  iSCSI MIB Table Structure

   Each iSCSI object exports of one or more tables: an attributes table,
   and zero or more statistics tables which augment the attributes
   table.  Since iSCSI is an evolving standard, it is much cleaner to
   provide statistics and attributes as separate tables, allowing
   attributes and statistics to be added independently.  In a few cases,
   there are multiple categories of statistics that will likely grow; in
   this case, an object will contain multiple statistics tables.

   iscsiObjects
     iscsiDescriptors
     iscsiInstance
       iscsiInstanceAttributesTable
       iscsiInstanceSsnErrorStatsTable
         -- Counts abnormal session terminations
     iscsiPortal
       iscsiPortalAttributesTable
     iscsiTargetPortal
       iscsiTgtPortalAttributesTable
     iscsiInitiatorPortal
       iscsiIntrPortalAttributesTable



Bakke, Muchow              Expires August 2003                  [Page 5]


Internet Draft                  iSCSI MIB                     March 2003


     iscsiNode
       iscsiNodeAttributesTable
     iscsiTarget
       iscsiTargetAttributesTable
       iscsiTargetLoginStatsTable
         -- Counts successful and unsuccessful logins
       iscsiTargetLogoutStatsTable
         -- Counts normal and abnormal logouts
     iscsiTgtAuthorization
       iscsiTgtAuthAttributesTable
     iscsiInitiator
       iscsiInitiatorAttributesTable
       iscsiInitiatorLoginStatsTable
         -- Counts successful and unsuccessful logins
       iscsiInitiatorLogoutStatsTable
         -- Counts normal and abnormal logouts
     iscsiIntrAuthorization
       iscsiIntrAuthAttributesTable
     iscsiSession
       iscsiSessionAttributesTable
       iscsiSessionStatsTable
         -- Performance-related counts (requests, responses, bytes)
       iscsiSessionCxnErrorStatsTable
         -- Counts digest errors, connection errors, etc.
     iscsiConnection
       iscsiConnectionAttributesTable

   Note that this MIB does not attempt to count everything that could be
   counted; it is designed to include only those counters that would be
   useful for identifying performance, security, and fault problems from
   a management station.

4.3.  iscsiInstance

   The iscsiInstanceAttributesTable is the primary table of the iSCSI
   MIB.  Every table entry in this MIB is "owned" by exactly one iSCSI
   instance; all other table entries in the MIB include this table's
   index as their primary index.

   Most implementations will include just one iSCSI instance row in this
   table.  However, this table exists to allow for multiple virtual
   instances.  For example, many IP routing products now allow multiple
   virtual routers.  The iSCSI MIB has the same premise; a large system
   could be "partitioned" into multiple, distinct virtual systems.

   This also allows a single SNMP agent to proxy for multiple
   subsystems, perhaps a set of stackable devices, each of which have
   one or even more instances.



Bakke, Muchow              Expires August 2003                  [Page 6]


Internet Draft                  iSCSI MIB                     March 2003


   The instance attributes include the iSCSI vendor and version, as well
   as information on the last target or initiator at the other end of a
   session that caused a session failure.

   The iscsiInstanceSsnErrorStatsTable augments the attributes table,
   and provides statistics on session failures due to digest,
   connection, or iSCSI format errors.


4.4.  iscsiPortal

   The iscsiPortalAttributesTable lists iSCSI portals that can either be
   used to listen for connections to targets, or initiate connections to
   other targets, or both.

   Each entry in the table includes an IP address (either v4 or v6), and
   a transport protocol (currently only TCP is defined).  Each entry
   that fulfills an initiator portal role has a corresponding entry in
   the iscsiInitiatorPortal table; each entry that has a target portal
   role has an entry in the iscsiTargetPortal table.  Each portal that
   serves both roles has a corresponding entry in each table.

   Portal entries, along with their initiator and target portal
   counterparts, may be created and destroyed through this MIB by a
   management station.

   When creating a new portal entry, an iscsiPortal is first created,
   then the iscsiTargetPortal, iscsiInitiatorPortal, or both.
   Attributes are added during creation, and may not be subsequently
   modified.  Creating an iscsiTargetPortal will cause the
   implementation to start listening for iSCSI connections on the
   portal.  Creating an iscsiInitiatorPortal will not necessarily cause
   connections to be established; it is left to the implementation
   whether and when to make use of the portal.

   When deleting a portal entry, all connections associated with that
   portal entry are terminated.  The implementation may either terminate
   the connection immediately, or request a clean shutdown as specified
   in [ISCSI].  An outbound connection (when an iscsiInitiatorPortal is
   deleted) matches the portal if its iscsiCxnLocalAddr matches the
   iscsiPortalAddr.  An inbound connection (when an iscsiTargetPortal is
   deleted) matches the portal if both its iscsiCxnLocalAddr matches the
   iscsiPortalAddr, and the iscsiCxnLocalPort matches the
   iscsiTargetPortalPort.

   Individual attributes within a portal, initiatorPortal, or
   targetPortal entry may not be modified. For instance, changing the IP
   address of a portal requires that the portal entries associated with



Bakke, Muchow              Expires August 2003                  [Page 7]


Internet Draft                  iSCSI MIB                     March 2003


   the old IP address be deleted, and new entries be created (in either
   order).


4.5.  iscsiTargetPortal

   The iscsiTgtPortalAttributesTable contains target-specific attributes
   for iSCSI Portals.  Entries in this table use the same indices as
   their corresponding entries in the iscsiPortalAttributesTable.  An
   entry in this table is created when the targetTypePortal bit is set
   in the iscsiPortalRoles attribute; it is destroyed when this bit is
   cleared.

   This table contains the TCP (or other protocol) port on which the
   socket is listening for incoming connections.  It also includes a
   portal group aggregation tag; iSCSI target portals within this
   instance sharing the same tag can contain connections within the same
   session.

   This table will be empty for iSCSI instances that contain only
   initiators (such as iSCSI host driver implementations).

4.6.  iscsiInitiatorPortal

   The iscsiIntrPortalAttributesTable contains initiator-specific
   attributes for iSCSI Portals.  Entries in this table use the same
   indices as their corresponding entries in the
   iscsiPortalAttributesTable.  An entry in this table is created when
   the initiatorTypePortal bit is set in the iscsiPortalRoles attribute;
   it is destroyed when this bit is cleared.

   Each entry in this table contains a portal group aggregation tag,
   indicating which portals an initiator may use together within a
   multiple-connection session.

   This table will be empty for iSCSI instances that contain only
   targets (such as most iSCSI devices).

4.7.  iscsiNode

   The iscsiNodeAttributesTable contains a list of iSCSI nodes, each of
   which may have an initiator role, a target role, or both.

   This table contains the node's attributes which are common to both
   roles, such as its iSCSI Name and alias string.  Attributes specific
   to initiators or targets are available in the iscsiTarget and
   iscsiInitiator objects.  Each entry in this table that can fulfill a
   target role has a corresponding entry in the iscsiTarget table; each



Bakke, Muchow              Expires August 2003                  [Page 8]


Internet Draft                  iSCSI MIB                     March 2003


   entry that fulfills an initiator role has an entry in the
   iscsiInitiator table.  Nodes such as copy managers that can take on
   both roles have a corresponding entry in each table.

   This table also contains the login negotiations preferences for this
   node.  These objects indicate the values this node will offer or
   prefer in the operational negotiation phase of the login process.

   Each entry in the table also contains a RowPointer to the transport
   table entry in the SCSI MIB which this iSCSI node represents.

4.8.  iscsiTarget

   The iscsiTargetAttributesTable contains target-specific attributes
   for iSCSI nodes.  Each entry in this table uses the same index values
   as its corresponding iscsiNode entry.

   This table contains attributes used to indicate the last failure that
   was (or should have been) sent as a notification or trap.

   This table is augmented by the iscsiTargetLoginStatsTable and the
   iscsiTargetLogoutStatsTable, which count the numbers of normal and
   abnormal logins and logouts to this target.

4.9.  iscsiTgtAuthorization

   The iscsiTgtAuthAttributesTable contains an entry for each initiator
   identifier that will be allowed to access the target under which it
   appears.  Each entry contains a RowPointer to a user identity in the
   IPS Identity Authentication MIB, which contains the name, address,
   and credential information necessary to authenticate the initiator.

4.10.  iscsiInitiator

   The iscsiInitiatorAttributesTable contains a list of initiator-
   specific attributes for iSCSI nodes.  Each entry in this table uses
   the same index values as its corresponding iscsiNode entry.

   Most implementations will include a single entry in this table,
   regardless of the number of physical interfaces the initiator may
   use.

   This table is augmented by the iscsiInitiatorLoginStatsTable and the
   iscsiInitiatorLogoutStatsTable, which count the numbers of normal and
   abnormal logins and logouts from this initiator.






Bakke, Muchow              Expires August 2003                  [Page 9]


Internet Draft                  iSCSI MIB                     March 2003


4.11.  iscsiIntrAuthorization

   The iscsiIntrAuthAttributesTable contains an entry for each target
   identifier to which the initiator is configured to establish a
   session.

   Each entry contains a RowPointer to a user identity in the IPS
   Identity Authentication MIB, which contains the name, address, and
   credential information necessary to identify (for discovery purposes)
   and authenticate the target.

4.12.  iscsiSession

   The iscsiSessionAttributesTable contains a set of rows that list the
   sessions known to be existing locally for each node in each iSCSI
   instance.

   The session type for each session indicates whether the session is
   used for normal SCSI commands or for discovery using the SendTargets
   text command.  Discovery sessions that do not belong to any
   particular node have a node index attribute of zero.

   The session direction for each session indicates whether it is an
   Inbound Session or an Outbound Session.  Inbound sessions are from
   some other initiator to the target node under which the session
   appears.  Outbound sessions are from the initiator node under which
   the session appears to a target outside this iSCSI instance.

   Many attributes may be negotiated when starting an iSCSI session.
   Most of these attributes are included in the session object.

   Some attributes, such as the integrity and authentication schemes,
   have some standard values which can be extended by vendors to include
   their own schemes.  These contain an object identifier, rather than
   the expected enumerated type, to allow these values to be extended by
   other MIBs, such as an enterprise MIB.

   The iscsiSessionStatsTable includes statistics related to
   performance; it counts iSCSI data bytes and PDUs.

   For implementations that support error recovery without terminating a
   session, the iscsiSessionCxnErrorStatsTable contains counters for the
   numbers of digest and connection errors that have occurred within the
   session.







Bakke, Muchow              Expires August 2003                 [Page 10]


Internet Draft                  iSCSI MIB                     March 2003


4.13.  iscsiConnection

   The iscsiConnectionAttributesTable contains a list of active
   connections within each session.  It contains the IP addresses and
   TCP (or other protocol) ports of both the local and remote side of
   the connection.  These may be used to locate other connection-related
   information and statistics in the TCP MIB [RFC2012].

   The attributes table also contains a connection state.  This state is
   not meant to directly map to the state tables included within the
   iSCSI specification; they are meant to be simplified, higher-level
   definitions of connection state that provide information more useful
   to a user or network manager.

   No statistics are kept for connections.

4.14.  IP Addresses and TCP Port Numbers

   The IP addresses in this MIB are represented by two attributes, one
   of type InetAddressType, and the other of type InetAddress.  These
   are taken from [RFC3291], which specifies how to support addresses
   that may be either IPv4 or IPv6.

   The TCP port numbers that appear in a few of the structures are
   described as simply port numbers, with a protocol attribute
   indicating whether they are TCP ports, or something else.  This will
   allow the MIB to be compatible with iSCSI over transports other than
   TCP in the future.

4.15.  Descriptors: Using OIDs in Place of Enumerated Types

   The iSCSI MIB has a few attributes, such as the authentication and
   digest method attributes, where an enumerated type would work well,
   except that an implementation may need to extend the attribute and
   add types of its own.  To make this work, the MIB defines a set of
   object identities within the iscsiDescriptors subtree.  Each of these
   object identities is basically an enumerated type.

   Attributes that make use of these object identities have a value
   which is an OID instead of an enumerated type.  These OIDs can either
   indicate the object identities defined in this MIB, or object
   identities defined elsewhere, such as in an enterprise MIB.  Those
   implementations that add their own authentication and digest methods
   should also define a corresponding object identity for each of these
   methods within their own enterprise MIB, and return its OID whenever
   one of these attributes is using that method.





Bakke, Muchow              Expires August 2003                 [Page 11]


Internet Draft                  iSCSI MIB                     March 2003


4.16.  Notifications

   Three notifications are provided.  One is sent by an initiator
   detecting a critical login failure; another is sent by a target
   detecting a critical login failure, and the third is sent upon a
   session being terminated due to an abnormal connection or digest
   failure.  Critical failures are defined as those that may expose
   security-related problems that may require immediate action, such as
   failures due to authentication, authorization, or negotiation
   problems.  Attributes in the initiator, target, and instance objects
   provide the information necessary to send in the notification, such
   as the initiator or target name and IP address at the other end that
   may have caused the failure.

   To avoid sending an excessive number of notifications due to multiple
   errors counted, an SNMP agent implementing the iSCSI MIB should not
   send more than three iSCSI notifications in any 10-second period.

   The 3-in-10 rule was chosen because one notification every three
   seconds was deemed often enough, but should two or three different
   notifications happen at the same time, it would not be desirable to
   suppress them.  Three notifications in ten seconds is a happy medium,
   where a short burst of notifications is allowed, without inundating
   the network and/or trap host with a large number of notifications.



























Bakke, Muchow              Expires August 2003                 [Page 12]


Internet Draft                  iSCSI MIB                     March 2003


5.  MIB Definitions



ISCSI-MIB DEFINITIONS  ::= BEGIN

    IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, NOTIFICATION-TYPE,
    Unsigned32, Counter32, Counter64, Gauge32,
    experimental
    FROM SNMPv2-SMI

    TEXTUAL-CONVENTION, TruthValue, RowPointer, TimeStamp, RowStatus,
    AutonomousType
    FROM SNMPv2-TC

    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
    FROM SNMPv2-CONF

    SnmpAdminString
    FROM SNMP-FRAMEWORK-MIB -- RFC 2571

    InetAddressType, InetAddress
    FROM INET-ADDRESS-MIB -- RFC 3291
    ;

iscsiModule MODULE-IDENTITY
    LAST-UPDATED  "200211010000Z" -- November 1, 2002
    ORGANIZATION  "IETF IPS Working Group"
    CONTACT-INFO
    "
    Mark Bakke
    Postal: Cisco Systems, Inc
    6450 Wedgwood Road, Suite 130
    Maple Grove, MN
    USA 55311

    Tel: +1 763-398-1000
    Fax: +1 763-398-1001

    E-mail: mbakke@cisco.com

    Marjorie Krueger
    Postal: Hewlett-Packard
    Networked Storage Architecture
    Networked Storage Solutions Org.
    8000 Foothills Blvd.
    Roseville, CA 95747



Bakke, Muchow              Expires August 2003                 [Page 13]


Internet Draft                  iSCSI MIB                     March 2003


    Tel: +1 916-785-2656
    Tel: +1 916-785-0391

    E-mail: marjorie_krueger@hp.com

    Tom McSweeney
    Postal: IBM Corporation
    600 Park Offices Drive
    Research Triangle Park, NC
    USA 27709

    Tel: +1-919-254-5634
    Fax: +1-919-254-0391

    E-mail: rf42tpme@us.ibm.com

    Jim Muchow
    Postal: Cisco Systems, Inc
    6450 Wedgwood Road, Suite 130
    Maple Grove, MN
    USA 55311

    Tel: +1 763-398-1000
    Fax: +1 763-398-1001

    E-mail: jmuchow@cisco.com"

    DESCRIPTION
        "The iSCSI Protocol MIB module."

    REVISION "200211010000Z" -- November 11, 2002
    DESCRIPTION
        "Initial revision published as RFC xxxx."

-- ::= { mib-2 xx } to be assigned by IANA.
-- in case you want to COMPILE
::= { experimental 9999 }

iscsiObjects OBJECT IDENTIFIER ::= { iscsiModule 1 }
iscsiNotifications OBJECT IDENTIFIER ::= { iscsiModule 2 }
iscsiConformance OBJECT IDENTIFIER ::= { iscsiModule 3 }

-- Textual Conventions

IscsiTransportProtocols ::= TEXTUAL-CONVENTION
    DISPLAY-HINT  "d"
    STATUS        current
    DESCRIPTION



Bakke, Muchow              Expires August 2003                 [Page 14]


Internet Draft                  iSCSI MIB                     March 2003


        "This data type is used to define the transport
        protocols that will carry iSCSI PDUs."
    REFERENCE
        "RFC791, RFC1700

        The presently known, officially delegated numbers
        can be found at:
        http://www.iana.org/assignments/protocol-numbers"
    SYNTAX        INTEGER (0..255)

IscsiDigestMethod ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
        "This data type represents the methods possible
        for digest negotiation.
        none     - a placeholder for a secondary digest method
                   that means only the primary method can be
                   used.
        other    - a digest method other than those defined below;
        noDigest - does not support digests (will operate without
                   a digest (NOTE: implementations must support
                  digests to be compliant with the iSCSI RFC);
        CRC32c   - require a CRC32C digest."
    SYNTAX        INTEGER {
                      none(1),
                      other(2),
                      noDigest(3),
                      crc32c(4)
                  }

IscsiName ::= TEXTUAL-CONVENTION
    DISPLAY-HINT  "223a"
    STATUS        current
    DESCRIPTION
        "This data type is a local refinement of the SnmpAdminString
        used to define an iSCSI Name."
    REFERENCE
        "iSCSI Protocol Specification, Section 3.2.6, iSCSI Names."
    SYNTAX        OCTET STRING (SIZE(16..223))

------------------------------------------------------------------------

iscsiDescriptors OBJECT IDENTIFIER ::= { iscsiObjects 1 }

iscsiHeaderIntegrityTypes OBJECT IDENTIFIER ::= { iscsiDescriptors 1 }

iscsiHdrIntegrityNone OBJECT-IDENTITY
    STATUS      current



Bakke, Muchow              Expires August 2003                 [Page 15]


Internet Draft                  iSCSI MIB                     March 2003


    DESCRIPTION
        "The authoritative identifier when no integrity
        scheme (for either the header or data) is being
        used."
    REFERENCE "iSCSI Protocol Specification."
::= { iscsiHeaderIntegrityTypes 1 }

iscsiHdrIntegrityCrc32c OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION
        "The authoritative identifier when the integrity
        scheme (for either the header or data) is CRC-32c."
    REFERENCE "iSCSI Protocol Specification."
::= { iscsiHeaderIntegrityTypes 2 }

iscsiDataIntegrityTypes OBJECT IDENTIFIER ::= { iscsiDescriptors 2 }

iscsiDataIntegrityNone OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION
        "The authoritative identifier when no integrity
        scheme (for either the header or data) is being
        used."
    REFERENCE "iSCSI Protocol Specification."
::= { iscsiDataIntegrityTypes 1 }

iscsiDataIntegrityCrc32c OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION
        "The authoritative identifier when the integrity
        scheme (for either the header or data) is CRC-32c."
    REFERENCE "iSCSI Protocol Specification."
::= { iscsiDataIntegrityTypes 2 }

----------------------------------------------------------------------

iscsiInstance OBJECT IDENTIFIER ::= { iscsiObjects 2 }

-- Instance Attributes Table

iscsiInstanceAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiInstanceAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of iSCSI instances present on the system."
::= { iscsiInstance 1 }




Bakke, Muchow              Expires August 2003                 [Page 16]


Internet Draft                  iSCSI MIB                     March 2003


iscsiInstanceAttributesEntry OBJECT-TYPE
    SYNTAX        IscsiInstanceAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information applicable
        to a particular iSCSI instance."
    INDEX { iscsiInstIndex }
::= { iscsiInstanceAttributesTable 1 }

IscsiInstanceAttributesEntry ::= SEQUENCE {
    iscsiInstIndex                 Unsigned32,
    iscsiInstDescr                 SnmpAdminString,
    iscsiInstVersionMin            INTEGER,
    iscsiInstVersionMax            INTEGER,
    iscsiInstVendorID              SnmpAdminString,
    iscsiInstVendorVersion         SnmpAdminString,
    iscsiInstPortalNumber          Unsigned32,
    iscsiInstNodeNumber            Unsigned32,
    iscsiInstSessionNumber         Unsigned32,
    iscsiInstSsnFailures           Counter32,
    iscsiInstLastSsnFailureType    AutonomousType,
    iscsiInstLastSsnRmtNodeName    IscsiName
}

iscsiInstIndex OBJECT-TYPE
    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a particular
        ISCSI instance."
::= { iscsiInstanceAttributesEntry 1 }

iscsiInstDescr OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "An octet string, determined by the implementation to
        describe the iSCSI instance.  When only a single instance
        is present, this object may be set to the zero-length
        string; with multiple iSCSI instances, it may be used in
        an implementation-dependent manner to describe the purpose
        of the respective instance."
::= { iscsiInstanceAttributesEntry 2 }

iscsiInstVersionMin OBJECT-TYPE



Bakke, Muchow              Expires August 2003                 [Page 17]


Internet Draft                  iSCSI MIB                     March 2003


    SYNTAX        INTEGER (0..255)
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The minimum version number of the iSCSI specification
        such that this iSCSI instance supports this minimum
        value, the maximum value indicated by the corresponding
        instance in iscsiInstVersionMax, and all versions in
        between."
::= { iscsiInstanceAttributesEntry 3 }

iscsiInstVersionMax OBJECT-TYPE
    SYNTAX        INTEGER (0..255)
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The maximum version number of the iSCSI specification
        such that this iSCSI instance supports this maximum
        value, the minimum value indicated by the corresponding
        instance in iscsiInstVersionMin, and all versions in
        between."
::= { iscsiInstanceAttributesEntry 4 }

iscsiInstVendorID OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "An octet string describing the manufacturer of the
        implementation of this instance."
::= { iscsiInstanceAttributesEntry 5 }

iscsiInstVendorVersion OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "An octet string set by the manufacturer describing the
        version of the implementation of this instance.  The
        format of this string is determined solely by the
        manufacturer, and is for informational purposes only.
        It is unrelated to the iSCSI specification version numbers."
::= { iscsiInstanceAttributesEntry 6 }

iscsiInstPortalNumber OBJECT-TYPE
    SYNTAX        Unsigned32
    UNITS         "transport endpoints"
    MAX-ACCESS    read-only



Bakke, Muchow              Expires August 2003                 [Page 18]


Internet Draft                  iSCSI MIB                     March 2003


    STATUS        current
    DESCRIPTION
        "The number of rows in the iscsiPortalAttributesTable
        which are currently associated with this iSCSI instance."
::= { iscsiInstanceAttributesEntry 7 }

iscsiInstNodeNumber OBJECT-TYPE
    SYNTAX        Unsigned32
    UNITS         "Internet Network Addresses"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The number of rows in the iscsiNodeAttributesTable
        which are currently associated with this iSCSI instance."
::= { iscsiInstanceAttributesEntry 8 }

iscsiInstSessionNumber OBJECT-TYPE
    SYNTAX        Unsigned32
    UNITS         "sessions"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The number of rows in the iscsiSessionAttributesTable
        which are currently associated with this iSCSI instance."
::= { iscsiInstanceAttributesEntry 9 }

iscsiInstSsnFailures  OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "sessions"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object counts the number of times a session belonging
        to this instance has been failed."
::= { iscsiInstanceAttributesEntry 10 }

iscsiInstLastSsnFailureType  OBJECT-TYPE
    SYNTAX        AutonomousType
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The counter object in the iscsiInstSsnErrorStatsTable
        that was incremented when the last session failure occurred.

        If the reason for failure is not found in the
        iscsiInstSsnErrorStatsTable, the value { 0.0 } is
        used instead."
::= { iscsiInstanceAttributesEntry 11 }



Bakke, Muchow              Expires August 2003                 [Page 19]


Internet Draft                  iSCSI MIB                     March 2003


iscsiInstLastSsnRmtNodeName  OBJECT-TYPE
    SYNTAX        IscsiName
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "An octet string describing the name of the remote node
        from the failed session."
::= { iscsiInstanceAttributesEntry 12 }

-- Instance Session Failure Stats Table

iscsiInstanceSsnErrorStatsTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiInstanceSsnErrorStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of error types that will cause a session failure."
::= { iscsiInstance 2 }

iscsiInstanceSsnErrorStatsEntry OBJECT-TYPE
    SYNTAX        IscsiInstanceSsnErrorStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information applicable
        to a particular iSCSI instance."
    AUGMENTS { iscsiInstanceAttributesEntry }
::= { iscsiInstanceSsnErrorStatsTable 1 }

IscsiInstanceSsnErrorStatsEntry ::= SEQUENCE {
    iscsiInstSsnDigestErrors       Counter32,
    iscsiInstSsnCxnTimeoutErrors   Counter32,
    iscsiInstSsnFormatErrors       Counter32
}

iscsiInstSsnDigestErrors OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "sessions"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of sessions which were failed due to receipt of a PDU
        containing header or data digest errors."
::= { iscsiInstanceSsnErrorStatsEntry 1 }

iscsiInstSsnCxnTimeoutErrors OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "sessions"



Bakke, Muchow              Expires August 2003                 [Page 20]


Internet Draft                  iSCSI MIB                     March 2003


    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of sessions which were failed due to a sequence
        exceeding a time limit."
::= { iscsiInstanceSsnErrorStatsEntry 2 }

iscsiInstSsnFormatErrors OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "sessions"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of sessions which were failed due to receipt of a PDU
        which contained a format error."
::= { iscsiInstanceSsnErrorStatsEntry 3 }

----------------------------------------------------------------------

iscsiPortal OBJECT IDENTIFIER ::= { iscsiObjects 3 }

-- Portal Attributes Table

iscsiPortalAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiPortalAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of transport endpoints (using TCP or another transport
        protocol) used by this iSCSI instance. An iSCSI instance may
        use a portal to listen for incoming connections to its targets,
        to initiate connections to other targets, or both."
::= { iscsiPortal 1 }

iscsiPortalAttributesEntry OBJECT-TYPE
    SYNTAX        IscsiPortalAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information applicable
        to a particular portal instance."
    INDEX { iscsiInstIndex, iscsiPortalIndex  }
::= { iscsiPortalAttributesTable 1 }

IscsiPortalAttributesEntry ::= SEQUENCE {
    iscsiPortalIndex               Unsigned32,
    iscsiPortalRowStatus           RowStatus,
    iscsiPortalRoles               BITS,



Bakke, Muchow              Expires August 2003                 [Page 21]


Internet Draft                  iSCSI MIB                     March 2003


    iscsiPortalAddrType            InetAddressType,
    iscsiPortalAddr                InetAddress,
    iscsiPortalProtocol            IscsiTransportProtocols,
    iscsiPortalMaxRecvDataSegLength INTEGER,
    iscsiPortalPrimaryHdrDigest    IscsiDigestMethod,
    iscsiPortalPrimaryDataDigest   IscsiDigestMethod,
    iscsiPortalSecondaryHdrDigest  IscsiDigestMethod,
    iscsiPortalSecondaryDataDigest IscsiDigestMethod,
    iscsiPortalRecvMarker          TruthValue
}

iscsiPortalIndex OBJECT-TYPE
    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a particular
        transport endpoint within this iSCSI instance."
::= { iscsiPortalAttributesEntry 1 }

iscsiPortalRowStatus OBJECT-TYPE
    SYNTAX        RowStatus
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The status of the row."
::= { iscsiPortalAttributesEntry 2 }

iscsiPortalRoles OBJECT-TYPE
    SYNTAX        BITS {
                      targetTypePortal(0),
                      initiatorTypePortal(1)
                  }
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "A portal can operate in one or both of two roles:
        as a target portal and/or an initiator portal. If
        the portal will operate in both roles, both bits
        must be set.

        This object will define a corresponding row that
        will exist or must be created in the
        iscsiTgtPortalAttributesTable, the
        iscsiIntrPortalAttributesTable or both. If the
        targetTypePortal bit is set, a corresponding
        iscsiTgtPortalAttributesEntry will be found or must
        be created. If the initiatorTypePortal bit is set,



Bakke, Muchow              Expires August 2003                 [Page 22]


Internet Draft                  iSCSI MIB                     March 2003


        a corresponding iscsiIntrPortalAttributesEntry will be
        found or must be created. If both bits are set, a
        corresponding iscsiTgtPortalAttributesEntry and
        iscsiIntrPortalAttributesEntry will be found or must be
        created."
::= { iscsiPortalAttributesEntry 3 }

iscsiPortalAddrType OBJECT-TYPE
    SYNTAX        InetAddressType
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The type of Internet Network Address contained in the
        corresponding instance of the iscsiPortalAddr."
    DEFVAL        { ipv4 }
::= { iscsiPortalAttributesEntry 4 }

iscsiPortalAddr OBJECT-TYPE
    SYNTAX        InetAddress
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The portal's Internet Network Address."
::= { iscsiPortalAttributesEntry 5 }

iscsiPortalProtocol OBJECT-TYPE
    SYNTAX        IscsiTransportProtocols
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The portal's transport protocol."
    DEFVAL        { 6 } -- TCP
::= { iscsiPortalAttributesEntry 6 }

iscsiPortalMaxRecvDataSegLength OBJECT-TYPE
    SYNTAX        INTEGER (512..16777215)
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The maximum PDU length this portal can receive.
        This may be constrained by hardware characteristics
        and individual implementations may choose not to
        allow this object to be changed."
    DEFVAL { 8192 }
::= { iscsiPortalAttributesEntry 7 }

iscsiPortalPrimaryHdrDigest OBJECT-TYPE
    SYNTAX        IscsiDigestMethod



Bakke, Muchow              Expires August 2003                 [Page 23]


Internet Draft                  iSCSI MIB                     March 2003


    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The preferred header digest for this portal."
    DEFVAL        { crc32c }
::= { iscsiPortalAttributesEntry 8 }

iscsiPortalPrimaryDataDigest OBJECT-TYPE
    SYNTAX        IscsiDigestMethod
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The preferred data digest method for this portal."
    DEFVAL        { crc32c }
::= { iscsiPortalAttributesEntry 9 }

iscsiPortalSecondaryHdrDigest OBJECT-TYPE
    SYNTAX        IscsiDigestMethod
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "An alternate header digest preference for this portal."
    DEFVAL        { noDigest }
::= { iscsiPortalAttributesEntry 10 }

iscsiPortalSecondaryDataDigest OBJECT-TYPE
    SYNTAX        IscsiDigestMethod
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "An alternate data digest preference for this portal."
    DEFVAL        { noDigest }
::= { iscsiPortalAttributesEntry 11 }

iscsiPortalRecvMarker OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "This object indicates whether or not this portal will
        request markers in it's incoming data stream."
    DEFVAL        { false }
::= { iscsiPortalAttributesEntry 12 }

----------------------------------------------------------------------
iscsiTargetPortal OBJECT IDENTIFIER ::= { iscsiObjects 4 }

-- Target Portal Attributes Table



Bakke, Muchow              Expires August 2003                 [Page 24]


Internet Draft                  iSCSI MIB                     March 2003


iscsiTgtPortalAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiTgtPortalAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of transport endpoints (using TCP or another transport
        protocol) on which this iSCSI instance listens for incoming
        connections to its targets."
::= { iscsiTargetPortal 1 }

iscsiTgtPortalAttributesEntry OBJECT-TYPE
    SYNTAX        IscsiTgtPortalAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information applicable
        to a particular portal instance that is used to listen for
        incoming connections to local targets. This row is populated
        for each iscsiPortalAttributesEntry row that may be used as
        a target portal."
    INDEX { iscsiInstIndex, iscsiPortalIndex  }
::= { iscsiTgtPortalAttributesTable 1 }

IscsiTgtPortalAttributesEntry ::= SEQUENCE {
    iscsiTgtPortalPort             Unsigned32,
    iscsiTgtPortalTag              INTEGER
}

iscsiTgtPortalPort OBJECT-TYPE
    SYNTAX        Unsigned32 (1..65535)
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The portal's transport protocol port number on which the
        portal listens for incoming iSCSI connections when the
        portal is used as a target portal."
::= { iscsiTgtPortalAttributesEntry 1 }

iscsiTgtPortalTag OBJECT-TYPE
    SYNTAX        INTEGER (1..65535)
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The portal's aggregation tag when portal is used as
        a target portal.  Multiple-connection sessions may
        be aggregated over portals sharing an identical
        aggregation tag."
::= { iscsiTgtPortalAttributesEntry 2 }



Bakke, Muchow              Expires August 2003                 [Page 25]


Internet Draft                  iSCSI MIB                     March 2003


----------------------------------------------------------------------

iscsiInitiatorPortal OBJECT IDENTIFIER ::= { iscsiObjects 5 }

-- Initiator Portal Attributes Table

iscsiIntrPortalAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiIntrPortalAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of Internet Network Addresses (using TCP or another
        transport protocol) from which this iSCSI instance may
        initiate connections to other targets."
::= { iscsiInitiatorPortal 1 }

iscsiIntrPortalAttributesEntry OBJECT-TYPE
    SYNTAX        IscsiIntrPortalAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information applicable
        to a particular portal instance that is used to initiate
        connections to iSCSI targets.  This row is populated for
        each iscsiPortalAttributesEntry row that may be used as an
        initiator portal."
    INDEX { iscsiInstIndex, iscsiPortalIndex  }
::= { iscsiIntrPortalAttributesTable 1 }

IscsiIntrPortalAttributesEntry ::= SEQUENCE {
    iscsiIntrPortalTag             INTEGER
}

iscsiIntrPortalTag OBJECT-TYPE
    SYNTAX        INTEGER (1..65535)
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The portal's aggregation tag when the portal is used as
        an initiator portal.  Multiple-connection sessions may
        be aggregated over portals sharing an identical
        aggregation tag."
::= { iscsiIntrPortalAttributesEntry 1 }

----------------------------------------------------------------------

iscsiNode OBJECT IDENTIFIER ::= { iscsiObjects 6 }




Bakke, Muchow              Expires August 2003                 [Page 26]


Internet Draft                  iSCSI MIB                     March 2003


-- Node Attributes Table

iscsiNodeAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiNodeAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of iSCSI nodes belonging to each iSCSI instance
        present on the local system.  An iSCSI node can act as
        an initiator, a target, or both."
::= { iscsiNode 1 }

iscsiNodeAttributesEntry OBJECT-TYPE
    SYNTAX        IscsiNodeAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information applicable
        to a particular iSCSI node."
    INDEX { iscsiInstIndex, iscsiNodeIndex }
::= { iscsiNodeAttributesTable 1 }

IscsiNodeAttributesEntry ::= SEQUENCE {
    iscsiNodeIndex                  Unsigned32,
    iscsiNodeName                   IscsiName,
    iscsiNodeAlias                  SnmpAdminString,
    iscsiNodeRoles                  BITS,
    iscsiNodeTransportType          RowPointer,
    iscsiNodeInitialR2T             TruthValue,
    iscsiNodeImmediateData          TruthValue,
    iscsiNodeMaxOutstandingR2T      INTEGER,
    iscsiNodeFirstBurstLength       INTEGER,
    iscsiNodeMaxBurstLength         INTEGER,
    iscsiNodeMaxConnections         INTEGER,
    iscsiNodeDataSequenceInOrder    TruthValue,
    iscsiNodeDataPDUInOrder         TruthValue,
    iscsiNodeDefaultTime2Wait       INTEGER,
    iscsiNodeDefaultTime2Retain     INTEGER,
    iscsiNodeErrorRecoveryLevel     INTEGER
}

iscsiNodeIndex OBJECT-TYPE
    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a particular
        node within an iSCSI instance present on the local system."



Bakke, Muchow              Expires August 2003                 [Page 27]


Internet Draft                  iSCSI MIB                     March 2003


::= { iscsiNodeAttributesEntry 1 }

iscsiNodeName OBJECT-TYPE
    SYNTAX        IscsiName
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "A character string that is a globally unique identifier for
        this iSCSI node.  The node name is independent of the location
        of the node, and can be resolved into a set of addresses
        through various discovery services."
::= { iscsiNodeAttributesEntry 2 }

iscsiNodeAlias OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "A character string that is a human-readable name or
        description of the iSCSI node.  If configured, this alias
        may be communicated to the initiator or target node at
        the remote end of the connection during a Login Request
        or Response message.  This string is not used as an
        identifier, but can be displayed by the system's user
        interface in a list of initiators and/or targets to
        which it is connected.

        If no alias exists, the value is a zero-length string."
::= { iscsiNodeAttributesEntry 3 }

iscsiNodeRoles OBJECT-TYPE
    SYNTAX        BITS {
                      targetTypeNode(0),
                      initiatorTypeNode(1)
                  }
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "A node can operate in one or both of two roles:
        a target role and/or an initiator role. If the node
        will operate in both roles, both bits must be set.

        This object will also define the corresponding rows that
        will exist in the iscsiTargetAttributesTable, the
        iscsiInitiatorAttributesTable or both. If the
        targetTypeNode bit is set, there will be a corresponding
        iscsiTargetAttributesEntry. If the initiatorTypeNode bit
        is set, there will be a corresponding



Bakke, Muchow              Expires August 2003                 [Page 28]


Internet Draft                  iSCSI MIB                     March 2003


        iscsiInitiatorAttributesEntry. If both bits are set,
        there will be a corresponding iscsiTgtPortalAttributesEntry
        and iscsiPortalAttributesEntry."
::= { iscsiNodeAttributesEntry 4 }

iscsiNodeTransportType OBJECT-TYPE
    SYNTAX        RowPointer
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "A pointer to the corresponding row in the appropriate
        table for this SCSI transport, thereby allowing management
        stations to locate the SCSI-level device that is represented
        by this iscsiNode. For example, it could point to the
        corresponding scsiTrnspt object in the SCSI MIB.

        If no corresponding row exists, the value 0.0 must be
        used to indicate this."
    REFERENCE
        "SCSI-MIB"
::= { iscsiNodeAttributesEntry 5 }

iscsiNodeInitialR2T OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object indicates the InitialR2T preference for this
        node:
        True = YES,
        False = will try to negotiate NO, will accept YES "
::= { iscsiNodeAttributesEntry 6 }

iscsiNodeImmediateData OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object indicates ImmediateData preference for this
        node
        True = YES (but will accept NO),
        False = NO "
    DEFVAL        { true }
::= { iscsiNodeAttributesEntry 7 }

iscsiNodeMaxOutstandingR2T OBJECT-TYPE
    SYNTAX        INTEGER (1..65535)
    MAX-ACCESS    read-write



Bakke, Muchow              Expires August 2003                 [Page 29]


Internet Draft                  iSCSI MIB                     March 2003


    STATUS        current
    DESCRIPTION
        "Maximum number of outstanding R2Ts allowed per ISCSI task."
    DEFVAL        { 1 }
::= { iscsiNodeAttributesEntry 8 }

iscsiNodeFirstBurstLength OBJECT-TYPE
    SYNTAX        INTEGER (512..16777215)
    UNITS         "bytes"
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The maximum length (bytes) supported for unsolicited data
        to/from this node."
    DEFVAL        { 65536 }
::= { iscsiNodeAttributesEntry 9 }

iscsiNodeMaxBurstLength OBJECT-TYPE
    SYNTAX        INTEGER (512..16777215)
    UNITS         "bytes"
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
     "The maximum number of bytes which can be sent within
     a single sequence of Data-In or Data-Out PDUs."
    DEFVAL        { 262144 }
::= { iscsiNodeAttributesEntry 10 }

iscsiNodeMaxConnections OBJECT-TYPE
    SYNTAX        INTEGER (1..65535)
    UNITS         "connections"
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The maximum number of connections allowed in each
        session to and/or from this node."
    DEFVAL        { 1 }
::= { iscsiNodeAttributesEntry 11 }

iscsiNodeDataSequenceInOrder OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The DataSequenceInOrder preference of this node.
        False (=No) indicates that iSCSI data PDU sequences may
        be transferred in any order.  True (=Yes) indicates that
        data PDU sequences must be transferred using



Bakke, Muchow              Expires August 2003                 [Page 30]


Internet Draft                  iSCSI MIB                     March 2003


        continuously increasing offsets, except during
        error recovery."
    DEFVAL        { true }
::= { iscsiNodeAttributesEntry 12 }

iscsiNodeDataPDUInOrder OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The DataPDUInOrder preference of this node.
        False (=No) indicates that iSCSI data PDUs within sequences
        may be in any order.  True (=Yes) indicates that data PDUs
        within sequences must be at continuously increasing
        addresses, with no gaps or overlay between PDUs."
    DEFVAL        { true }
::= { iscsiNodeAttributesEntry 13 }

iscsiNodeDefaultTime2Wait OBJECT-TYPE
    SYNTAX        INTEGER (0..3600)
    UNITS         "seconds"
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The DefaultTime2Wait preference of this node. This is the
        minimum time, in seconds, to wait before attempting an
        explicit/implicit logout or active iSCSI task reassignment
        after an unexpected connection termination or a connection
        reset."
    DEFVAL        { 2 }
::= { iscsiNodeAttributesEntry 14 }

iscsiNodeDefaultTime2Retain OBJECT-TYPE
    SYNTAX        INTEGER (0..3600)
    UNITS         "seconds"
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The DefaultTime2Retain preference of this node. This is
        the maximum time, in seconds after an initial wait
        (Time2Wait), before which an active iSCSI task reassignment
        is still possible after an unexpected connection termination
        or a connection reset."
    DEFVAL        { 20 }
::= { iscsiNodeAttributesEntry 15 }

iscsiNodeErrorRecoveryLevel OBJECT-TYPE
    SYNTAX        INTEGER (0..255)



Bakke, Muchow              Expires August 2003                 [Page 31]


Internet Draft                  iSCSI MIB                     March 2003


    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The ErrorRecoveryLevel preference of this node.
        Currently, only 0-2 are valid.
        This object is designed to accommodate future error recover
        levels.
        Higher error recovery levels imply support in addition to
        support for the lower error level functions.  In other words,
        error level 2 implies support for levels 0-1, since those
        functions are subsets of error level 2."
    DEFVAL        { 0 }
::= { iscsiNodeAttributesEntry 16 }

----------------------------------------------------------------------

iscsiTarget OBJECT IDENTIFIER ::= { iscsiObjects 7 }

-- Target Attributes Table

iscsiTargetAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiTargetAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of iSCSI nodes that can take on a target role,
        belonging to each iSCSI instance present on the local
        system."
::= { iscsiTarget 1 }

iscsiTargetAttributesEntry OBJECT-TYPE
    SYNTAX        IscsiTargetAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information applicable
        to a particular node that can take on a target role."
    INDEX { iscsiInstIndex, iscsiNodeIndex }
::= { iscsiTargetAttributesTable 1 }

IscsiTargetAttributesEntry ::= SEQUENCE {
    iscsiTgtLoginFailures          Counter32,
    iscsiTgtLastFailureTime        TimeStamp,
    iscsiTgtLastFailureType        AutonomousType,
    iscsiTgtLastIntrFailureName    IscsiName,
    iscsiTgtLastIntrFailureAddrType InetAddressType,
    iscsiTgtLastIntrFailureAddr    InetAddress
}



Bakke, Muchow              Expires August 2003                 [Page 32]


Internet Draft                  iSCSI MIB                     March 2003


iscsiTgtLoginFailures OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "failed login attempts"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object counts the number of times a login attempt to this
        local target has failed."
::= { iscsiTargetAttributesEntry 1 }

iscsiTgtLastFailureTime OBJECT-TYPE
    SYNTAX        TimeStamp
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The timestamp of the most recent failure of a login attempt
        to this target.  A value of zero indicates that no such
        failures have occurred since the last system boot."
::= { iscsiTargetAttributesEntry 2 }

iscsiTgtLastFailureType  OBJECT-TYPE
    SYNTAX        AutonomousType
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The type of the most recent failure of a login attempt
        to this target, represented as the OID of the counter
        object in iscsiTargetLoginStatsTable for which the
        relevant instance was incremented.  A value of 0.0
        indicates a type which is not represented by any of
        the counters in iscsiTargetLoginStatsTable."
::= { iscsiTargetAttributesEntry 3 }

iscsiTgtLastIntrFailureName  OBJECT-TYPE
    SYNTAX        IscsiName
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "An octet string giving the name of the initiator
        that failed the last login attempt."
::= { iscsiTargetAttributesEntry 4 }

iscsiTgtLastIntrFailureAddrType OBJECT-TYPE
    SYNTAX        InetAddressType
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The type of Internet Network Address contained in the



Bakke, Muchow              Expires August 2003                 [Page 33]


Internet Draft                  iSCSI MIB                     March 2003


        corresponding instance of the iscsiTgtLastIntrFailureAddr."
::= { iscsiTargetAttributesEntry 5 }

iscsiTgtLastIntrFailureAddr OBJECT-TYPE
    SYNTAX        InetAddress
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "An Internet Network Address giving the host address
        of the initiator that failed the last login attempt."
::= { iscsiTargetAttributesEntry 6 }

-- Target Login Stats Table

iscsiTargetLoginStatsTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiTargetLoginStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A table of counters which keep a record of the results
        of initiators' login attempts to this target."
::= { iscsiTarget 2 }

iscsiTargetLoginStatsEntry OBJECT-TYPE
    SYNTAX        IscsiTargetLoginStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing counters for each result of
        a login attempt to this target."
    AUGMENTS { iscsiTargetAttributesEntry }
::= { iscsiTargetLoginStatsTable 1 }

IscsiTargetLoginStatsEntry ::= SEQUENCE {
    iscsiTgtLoginAccepts           Counter32,
    iscsiTgtLoginOtherFails        Counter32,
    iscsiTgtLoginRedirects         Counter32,
    iscsiTgtLoginAuthorizeFails    Counter32,
    iscsiTgtLoginAuthenticateFails Counter32,
    iscsiTgtLoginNegotiateFails    Counter32
}

iscsiTgtLoginAccepts OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "successful logins"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION



Bakke, Muchow              Expires August 2003                 [Page 34]


Internet Draft                  iSCSI MIB                     March 2003


        "The count of Login Response PDUs with status
        0x0000, Accept Login, transmitted by this
        target."
::= { iscsiTargetLoginStatsEntry 1 }

iscsiTgtLoginOtherFails OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "failed logins"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The number of Login Response PDUs which were transmitted
        by this target, and which were not counted by any other
        object in the row."
::= { iscsiTargetLoginStatsEntry 2 }

iscsiTgtLoginRedirects OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "failed logins"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Login Response PDUs with status class 0x01,
        Redirection, transmitted by this target."
::= { iscsiTargetLoginStatsEntry 3 }

iscsiTgtLoginAuthorizeFails OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "failed logins"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Login Response PDUs with status 0x0202,
        Forbidden Target, transmitted by this target.

        If this counter is incremented, an iscsiTgtLoginFailure
        notification should be generated."
::= { iscsiTargetLoginStatsEntry 4 }

iscsiTgtLoginAuthenticateFails OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "failed logins"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Login Response PDUs with status 0x0201,
        Authentication Failed, transmitted by this target




Bakke, Muchow              Expires August 2003                 [Page 35]


Internet Draft                  iSCSI MIB                     March 2003


        If this counter is incremented, an iscsiTgtLoginFailure
        notification should be generated."
::= { iscsiTargetLoginStatsEntry 5 }

iscsiTgtLoginNegotiateFails OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "failed logins"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The number of times a target has effectively refused a
        login because the parameter negotiation failed.
        [Ed. While this situation can occur, the exact mechanism
        is as yet undefined in the iSCSI Protocol Spec.]

        If this counter is incremented, an iscsiTgtLoginFailure
        notification should be generated."
::= { iscsiTargetLoginStatsEntry 6 }

-- Target Logout Stats Table

iscsiTargetLogoutStatsTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiTargetLogoutStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "When a target receives a Logout command, it responds
        with a Logout Response that carries a status code.
        This table contains counters for both normal and
        abnormal logout requests received by this target."
::= { iscsiTarget 3 }

iscsiTargetLogoutStatsEntry OBJECT-TYPE
    SYNTAX        IscsiTargetLogoutStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing counters of Logout Response
        PDUs that were received by this target."
    AUGMENTS { iscsiTargetAttributesEntry }
::= { iscsiTargetLogoutStatsTable 1 }

IscsiTargetLogoutStatsEntry ::= SEQUENCE {
    iscsiTgtLogoutNormals          Counter32,
    iscsiTgtLogoutOthers           Counter32
}

iscsiTgtLogoutNormals OBJECT-TYPE



Bakke, Muchow              Expires August 2003                 [Page 36]


Internet Draft                  iSCSI MIB                     March 2003


    SYNTAX        Counter32
    UNITS         "normal logouts"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Logout Command PDUs received by this target,
        with reason code 0 (closes the session)."
::= { iscsiTargetLogoutStatsEntry 1 }

iscsiTgtLogoutOthers OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "abnormal logouts"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Logout Command PDUs received by this target,
        with any reason code other than 0."
::= { iscsiTargetLogoutStatsEntry 2 }

----------------------------------------------------------------------

iscsiTgtAuthorization OBJECT IDENTIFIER ::= { iscsiObjects 8 }

-- Target Authorization Attributes Table

iscsiTgtAuthAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiTgtAuthAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of initiator identities that are authorized to
        access each target node within each iSCSI instance
        present on the local system."
::= { iscsiTgtAuthorization 1 }

iscsiTgtAuthAttributesEntry OBJECT-TYPE
    SYNTAX        IscsiTgtAuthAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information
        applicable to a particular target node's authorized
        initiator identity."
    INDEX { iscsiInstIndex, iscsiNodeIndex, iscsiTgtAuthIndex }
::= { iscsiTgtAuthAttributesTable 1 }

IscsiTgtAuthAttributesEntry ::= SEQUENCE {
    iscsiTgtAuthIndex              Unsigned32,



Bakke, Muchow              Expires August 2003                 [Page 37]


Internet Draft                  iSCSI MIB                     March 2003


    iscsiTgtAuthRowStatus          RowStatus,
    iscsiTgtAuthIdentity           RowPointer
}

iscsiTgtAuthIndex OBJECT-TYPE
    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a particular
        target's authorized initiator identity within an iSCSI
        instance present on the local system."
::= { iscsiTgtAuthAttributesEntry 1 }

iscsiTgtAuthRowStatus OBJECT-TYPE
    SYNTAX        RowStatus
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "The status of the row."
::= { iscsiTgtAuthAttributesEntry 2 }

iscsiTgtAuthIdentity OBJECT-TYPE
    SYNTAX        RowPointer
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "A pointer to the corresponding IPS-AUTH MIB user entry
        that will be allowed to access this iSCSI target."
    REFERENCE
        "IPS-AUTH MIB"
::= { iscsiTgtAuthAttributesEntry 3 }

----------------------------------------------------------------------

iscsiInitiator OBJECT IDENTIFIER ::= { iscsiObjects 9 }

-- Initiator Attributes Table

iscsiInitiatorAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiInitiatorAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of iSCSI nodes that can take on an initiator
        role, belonging to each iSCSI instance present on
        the local system."
::= { iscsiInitiator 1 }



Bakke, Muchow              Expires August 2003                 [Page 38]


Internet Draft                  iSCSI MIB                     March 2003


iscsiInitiatorAttributesEntry OBJECT-TYPE
    SYNTAX        IscsiInitiatorAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information
        applicable to a particular iSCSI node that has
        initiator capabilities."
    INDEX  { iscsiInstIndex, iscsiNodeIndex }
::= { iscsiInitiatorAttributesTable 1 }

IscsiInitiatorAttributesEntry ::= SEQUENCE {
    iscsiIntrLoginFailures         Counter32,
    iscsiIntrLastFailureTime       TimeStamp,
    iscsiIntrLastFailureType       AutonomousType,
    iscsiIntrLastTgtFailureName    IscsiName,
    iscsiIntrLastTgtFailureAddrType InetAddressType,
    iscsiIntrLastTgtFailureAddr    InetAddress
}

iscsiIntrLoginFailures OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "failed logins"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object counts the number of times a login attempt from
        this local initiator has failed."
::= { iscsiInitiatorAttributesEntry 1 }

iscsiIntrLastFailureTime OBJECT-TYPE
    SYNTAX        TimeStamp
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The timestamp of the most recent failure of a login attempt
        from this initiator.  A value of zero indicates that no such
        failures have occurred since the last system boot."
::= { iscsiInitiatorAttributesEntry 2 }

iscsiIntrLastFailureType  OBJECT-TYPE
    SYNTAX        AutonomousType
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The type of the most recent failure of a login attempt
        from this initiator, represented as the OID of the counter
        object in iscsiInitiatorLoginStatsTable for which the



Bakke, Muchow              Expires August 2003                 [Page 39]


Internet Draft                  iSCSI MIB                     March 2003


        relevant instance was incremented.  A value of 0.0
        indicates a type which is not represented by any of
        the counters in iscsiInitiatorLoginStatsTable."
::= { iscsiInitiatorAttributesEntry 3 }

iscsiIntrLastTgtFailureName  OBJECT-TYPE
    SYNTAX        IscsiName
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "An octet string giving the name of the target that failed
        the last login attempt."
::= { iscsiInitiatorAttributesEntry 4 }

iscsiIntrLastTgtFailureAddrType OBJECT-TYPE
    SYNTAX        InetAddressType
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The type of Internet Network Address contained in the
        corresponding instance of the iscsiIntrLastTgtFailureAddr."
::= { iscsiInitiatorAttributesEntry 5 }

iscsiIntrLastTgtFailureAddr OBJECT-TYPE
    SYNTAX        InetAddress
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "An Internet Network Address giving the host address of the
        target that failed the last login attempt."
::= { iscsiInitiatorAttributesEntry 6 }

-- Initiator Login Stats Table

iscsiInitiatorLoginStatsTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiInitiatorLoginStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A table of counters which keep track of the results of
        this initiator's login attempts."
::= { iscsiInitiator 2 }

iscsiInitiatorLoginStatsEntry OBJECT-TYPE
    SYNTAX        IscsiInitiatorLoginStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION



Bakke, Muchow              Expires August 2003                 [Page 40]


Internet Draft                  iSCSI MIB                     March 2003


        "An entry (row) containing counters of each result
        of this initiator's login attempts."
    AUGMENTS { iscsiInitiatorAttributesEntry }
::= { iscsiInitiatorLoginStatsTable 1 }

IscsiInitiatorLoginStatsEntry ::= SEQUENCE {
    iscsiIntrLoginAcceptRsps       Counter32,
    iscsiIntrLoginOtherFailRsps    Counter32,
    iscsiIntrLoginRedirectRsps     Counter32,
    iscsiIntrLoginAuthFailRsps     Counter32,
    iscsiIntrLoginAuthenticateFails Counter32,
    iscsiIntrLoginNegotiateFails   Counter32
}

iscsiIntrLoginAcceptRsps OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "successful logins"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Login Response PDUs with status
        0x0000, Accept Login, received by this initiator."
::= { iscsiInitiatorLoginStatsEntry 1 }

iscsiIntrLoginOtherFailRsps OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "failed logins"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Login Response PDUs received by this
        initiator with any status code not counted in the
        objects below."
::= { iscsiInitiatorLoginStatsEntry 2 }

iscsiIntrLoginRedirectRsps OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "failed logins"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Login Response PDUs with status class 0x01,
        Redirection, received by this initiator."
::= { iscsiInitiatorLoginStatsEntry 3 }

iscsiIntrLoginAuthFailRsps OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "failed logins"



Bakke, Muchow              Expires August 2003                 [Page 41]


Internet Draft                  iSCSI MIB                     March 2003


    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Login Response PDUs with status class 0x201,
        Authentication Failed, received by this initiator."
::= { iscsiInitiatorLoginStatsEntry 4 }

iscsiIntrLoginAuthenticateFails OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "failed logins"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The number of times the initiator has aborted a
        login because the target could not be authenticated.

        No response is generated.

        If this counter is incremented, an iscsiIntrLoginFailure
        notification should be generated."
::= { iscsiInitiatorLoginStatsEntry 5 }

iscsiIntrLoginNegotiateFails OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "failed logins"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The number of times the initiator has aborted a
        login because parameter negotiation with the target
        failed.

        No response is generated.

        If this counter is incremented, an iscsiIntrLoginFailure
        notification should be generated."
::= { iscsiInitiatorLoginStatsEntry 6 }

-- Initiator Logout Stats Table

iscsiInitiatorLogoutStatsTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiInitiatorLogoutStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "When an initiator attempts send a Logout command, the target
        responds with a Logout Response that carries a status code.
        This table contains a list of counters of Logout Response



Bakke, Muchow              Expires August 2003                 [Page 42]


Internet Draft                  iSCSI MIB                     March 2003


        PDUs of each status code, that were received by each
        initiator belonging to this iSCSI instance present on this
        system."
::= { iscsiInitiator 3 }

iscsiInitiatorLogoutStatsEntry OBJECT-TYPE
    SYNTAX        IscsiInitiatorLogoutStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing counters of Logout Response
        PDUs of each status code, that were generated by this
        initiator."
    AUGMENTS { iscsiInitiatorAttributesEntry }
::= { iscsiInitiatorLogoutStatsTable 1 }

IscsiInitiatorLogoutStatsEntry ::= SEQUENCE {
    iscsiIntrLogoutNormals         Counter32,
    iscsiIntrLogoutOthers          Counter32
}

iscsiIntrLogoutNormals OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "normal logouts"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Logout Command PDUs generated by this initiator
        with reason code 0 (closes the session)."
::= { iscsiInitiatorLogoutStatsEntry 1 }

iscsiIntrLogoutOthers OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "abnormal logouts"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Logout Command PDUs generated by this initiator
        with any status code other than 0."
::= { iscsiInitiatorLogoutStatsEntry 2 }

----------------------------------------------------------------------

iscsiIntrAuthorization OBJECT IDENTIFIER ::= { iscsiObjects 10 }

-- Initiator Authorization Attributes Table

iscsiIntrAuthAttributesTable OBJECT-TYPE



Bakke, Muchow              Expires August 2003                 [Page 43]


Internet Draft                  iSCSI MIB                     March 2003


    SYNTAX        SEQUENCE OF IscsiIntrAuthAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of target identities which each initiator
        on the local system may access."
::= { iscsiIntrAuthorization 1 }

iscsiIntrAuthAttributesEntry OBJECT-TYPE
    SYNTAX        IscsiIntrAuthAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information applicable
        to a particular initiator node's authorized target identity."
    INDEX { iscsiInstIndex, iscsiNodeIndex, iscsiIntrAuthIndex }
::= { iscsiIntrAuthAttributesTable 1 }

IscsiIntrAuthAttributesEntry ::= SEQUENCE {
    iscsiIntrAuthIndex              Unsigned32,
    iscsiIntrAuthRowStatus          RowStatus,
    iscsiIntrAuthIdentity           RowPointer
}

iscsiIntrAuthIndex OBJECT-TYPE
    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a
        particular initiator node's authorized target
        identity within an iSCSI instance present on the
        local system."
::= { iscsiIntrAuthAttributesEntry 1 }

iscsiIntrAuthRowStatus OBJECT-TYPE
    SYNTAX        RowStatus
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The status of the row."
::= { iscsiIntrAuthAttributesEntry 2 }

iscsiIntrAuthIdentity OBJECT-TYPE
    SYNTAX        RowPointer
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION



Bakke, Muchow              Expires August 2003                 [Page 44]


Internet Draft                  iSCSI MIB                     March 2003


        "A pointer to the corresponding IPS-AUTH MIB user entry
        to which this initiator node should attempt to establish
        an iSCSI session."
    REFERENCE
        "IPS-AUTH MIB"
::= { iscsiIntrAuthAttributesEntry 3 }

----------------------------------------------------------------------

iscsiSession OBJECT IDENTIFIER ::= { iscsiObjects 11 }

-- Session Attributes Table

iscsiSessionAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiSessionAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of sessions belonging to each iSCSI instance
        present on the system."
::= { iscsiSession 1 }

iscsiSessionAttributesEntry OBJECT-TYPE
    SYNTAX        IscsiSessionAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information applicable
        to a particular session.

        If this session is a discovery session which is not attached
        to any particular node, the iscsiSsnNodeIndex will be zero.
        Otherwise, the iscsiSsnNodeIndex will have the same value as
        iscsiNodeIndex."
    INDEX  { iscsiInstIndex, iscsiSsnNodeIndex, iscsiSsnIndex }
::= { iscsiSessionAttributesTable 1 }

IscsiSessionAttributesEntry ::= SEQUENCE {
    iscsiSsnNodeIndex              Unsigned32,
    iscsiSsnIndex                  Unsigned32,
    iscsiSsnDirection              INTEGER,
    iscsiSsnInitiatorName          IscsiName,
    iscsiSsnTargetName             IscsiName,
    iscsiSsnTSIH                   INTEGER,
    iscsiSsnISID                   OCTET STRING,
    iscsiSsnInitiatorAlias         SnmpAdminString,
    iscsiSsnTargetAlias            SnmpAdminString,
    iscsiSsnInitialR2T             TruthValue,



Bakke, Muchow              Expires August 2003                 [Page 45]


Internet Draft                  iSCSI MIB                     March 2003


    iscsiSsnImmediateData          TruthValue,
    iscsiSsnType                   INTEGER,
    iscsiSsnMaxOutstandingR2T      INTEGER,
    iscsiSsnFirstBurstLength       INTEGER,
    iscsiSsnMaxBurstLength         INTEGER,
    iscsiSsnConnectionNumber       Gauge32,
    iscsiSsnAuthIdentity           RowPointer,
    iscsiSsnDataSequenceInOrder    TruthValue,
    iscsiSsnDataPDUInOrder         TruthValue,
    iscsiSsnErrorRecoveryLevel     INTEGER
}

iscsiSsnNodeIndex OBJECT-TYPE
    SYNTAX        Unsigned32
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a
        particular node  within an iSCSI instance present
        on the local system. For normal, non-discovery
        sessions, this value will map to the iscsiNodeIndex.
        For discovery sessions which do not have a node
        associated, the value 0 (zero) is used."
::= { iscsiSessionAttributesEntry 1 }

iscsiSsnIndex OBJECT-TYPE
    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a
        particular session within an iSCSI instance present
        on the local system."
::= { iscsiSessionAttributesEntry 2 }

iscsiSsnDirection OBJECT-TYPE
    SYNTAX        INTEGER {
                      inboundSession(1),
                      outboundSession(2)
                  }
    MAX-ACCESS    read-only
    STATUS                         current
    DESCRIPTION
        "Direction of iSCSI session:
        InboundSession  - session is established from an external
                          initiator to a target within this iSCSI
                          instance.
        OutboundSession - session is established from an initiator



Bakke, Muchow              Expires August 2003                 [Page 46]


Internet Draft                  iSCSI MIB                     March 2003


                          within this iSCSI instance to an external
                          target."
::= { iscsiSessionAttributesEntry 3 }

iscsiSsnInitiatorName OBJECT-TYPE
    SYNTAX        IscsiName
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "If iscsiSsnDirection is Inbound, this object is an
        octet string that will contain the name of the remote
        initiator.  If this session is a discovery session that
        does not specify a particular initiator, this object
        will contain a zero-length string.

        If iscsiSsnDirection is Outbound, this object will
        contain a zero-length string."
::= { iscsiSessionAttributesEntry 4 }

iscsiSsnTargetName OBJECT-TYPE
    SYNTAX        IscsiName
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "If iscsiSsnDirection is Outbound, this object is an
        octet string that will contain the name of the remote
        target.  If this session is a discovery session that
        does not specify a particular target, this object will
        contain a zero-length string.

        If iscsiSsnDirection is Inbound, this object will
        contain a zero-length string."
::= { iscsiSessionAttributesEntry 5 }

iscsiSsnTSIH OBJECT-TYPE
    SYNTAX        INTEGER (1..65535)
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The target-defined identification handle for this session."
::= { iscsiSessionAttributesEntry 6 }

iscsiSsnISID OBJECT-TYPE
    SYNTAX        OCTET STRING (SIZE(6))
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The initiator-defined portion of the iSCSI Session ID."



Bakke, Muchow              Expires August 2003                 [Page 47]


Internet Draft                  iSCSI MIB                     March 2003


::= { iscsiSessionAttributesEntry 7 }

iscsiSsnInitiatorAlias OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "An octet string that gives the alias communicated by the
        initiator end of the session during the login phase.

        If no alias exists, the value is a zero-length string."
::= { iscsiSessionAttributesEntry 8 }

iscsiSsnTargetAlias OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "An octet string that gives the alias communicated by the
        target end of the session during the login phase.

        If no alias exists, the value is a zero-length string."
::= { iscsiSessionAttributesEntry 9 }

iscsiSsnInitialR2T OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "If set to true, indicates that the initiator must wait
        for an R2T before sending to the target.  If set to false,
        the initiator may send data immediately, within limits set
        by iscsiSsnFirstBurstLength and the expected data transfer
        length of the request."
::= { iscsiSessionAttributesEntry 10 }

iscsiSsnImmediateData OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "Indicates whether the initiator and target have agreed to
        support immediate data on this session."
::= { iscsiSessionAttributesEntry 11 }

iscsiSsnType OBJECT-TYPE
    SYNTAX        INTEGER {
                      normalSession(1),



Bakke, Muchow              Expires August 2003                 [Page 48]


Internet Draft                  iSCSI MIB                     March 2003


                      discoverySession(2)
                  }
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "Type of iSCSI session:
        normalSession    - session is a normal iSCSI session
        discoverySession - session is being used only for discovery."
::= { iscsiSessionAttributesEntry 12 }

iscsiSsnMaxOutstandingR2T OBJECT-TYPE
    SYNTAX        INTEGER (1..65535)
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The maximum number of outstanding request-to-transmit
        (R2T)s per iSCSI task within this session."
::= { iscsiSessionAttributesEntry 13 }

iscsiSsnFirstBurstLength OBJECT-TYPE
    SYNTAX        INTEGER (512..16777215)
    UNITS         "bytes"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The maximum length supported for unsolicited data sent
        within this session."
::= { iscsiSessionAttributesEntry 14 }

iscsiSsnMaxBurstLength OBJECT-TYPE
    SYNTAX        INTEGER (512..16777215)
    UNITS         "bytes"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The maximum number of bytes which can be sent within
        a single sequence of Data-In or Data-Out PDUs."
::= { iscsiSessionAttributesEntry 15 }

iscsiSsnConnectionNumber OBJECT-TYPE
    SYNTAX        Gauge32 (1..65535)
    UNITS         "connections"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The number of transport protocol connections that currently
        belong to this session."
::= { iscsiSessionAttributesEntry 16 }



Bakke, Muchow              Expires August 2003                 [Page 49]


Internet Draft                  iSCSI MIB                     March 2003


iscsiSsnAuthIdentity OBJECT-TYPE
    SYNTAX        RowPointer
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object contains a pointer to a row in the
        IPS-AUTH MIB which identifies the authentication
        method being used on this session, as communicated
        during the login phase."
    REFERENCE
        "IPS-AUTH MIB"
::= { iscsiSessionAttributesEntry 17 }

 iscsiSsnDataSequenceInOrder OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "False indicates that iSCSI data PDU sequences may
        be transferred in any order.  True indicates that
        data PDU sequences must be transferred using
        continuously increasing offsets, except during
        error recovery."
::= { iscsiSessionAttributesEntry 18 }

iscsiSsnDataPDUInOrder OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "False indicates that iSCSI data PDUs within sequences
        may be in any order.  True indicates that data PDUs
        within sequences must be at continuously increasing
        addresses, with no gaps or overlay between PDUs.

        Default is true."
::= { iscsiSessionAttributesEntry 19 }

iscsiSsnErrorRecoveryLevel OBJECT-TYPE
    SYNTAX        INTEGER (0..255)
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The level of error recovery negotiated between
        the initiator and the target.  Higher numbers
        represent more detailed recovery schemes."
::= { iscsiSessionAttributesEntry 20 }




Bakke, Muchow              Expires August 2003                 [Page 50]


Internet Draft                  iSCSI MIB                     March 2003


-- Session Stats Table

iscsiSessionStatsTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiSessionStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of general iSCSI traffic counters for each of the
        sessions present on the system."
::= { iscsiSession 2 }

iscsiSessionStatsEntry OBJECT-TYPE
    SYNTAX        IscsiSessionStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing general iSCSI traffic counters
        for a particular session."
    AUGMENTS { iscsiSessionAttributesEntry }
::= { iscsiSessionStatsTable 1 }

IscsiSessionStatsEntry ::= SEQUENCE {
    iscsiSsnCmdPDUs                Counter32,
    iscsiSsnRspPDUs                Counter32,
    iscsiSsnTxDataOctets           Counter64,
    iscsiSsnRxDataOctets           Counter64,
    iscsiSsnLCTxDataOctets         Counter32,
    iscsiSsnLCRxDataOctets         Counter32
}

iscsiSsnCmdPDUs OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "PDUs"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Command PDUs transferred on this session."
::= { iscsiSessionStatsEntry 1 }

iscsiSsnRspPDUs OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "PDUs"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of Response PDUs transferred on this session."
::= { iscsiSessionStatsEntry 2 }




Bakke, Muchow              Expires August 2003                 [Page 51]


Internet Draft                  iSCSI MIB                     March 2003


iscsiSsnTxDataOctets OBJECT-TYPE
    SYNTAX        Counter64
    UNITS         "octets"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of data octets that were transmitted by
        the local iSCSI node on this session."
::= { iscsiSessionStatsEntry 3 }

iscsiSsnRxDataOctets OBJECT-TYPE
    SYNTAX        Counter64
    UNITS         "octets"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of data octets that were received by
        the local iSCSI node on this session."
::= { iscsiSessionStatsEntry 4 }

iscsiSsnLCTxDataOctets OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "octets"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "A Low Capacity shadow object of iscsiSsnTxDataOctets
        for those systems that don't support Counter64."
::= { iscsiSessionStatsEntry 5 }

iscsiSsnLCRxDataOctets OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "octets"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "A Low Capacity shadow object of iscsiSsnRxDataOctets
        for those systems that don't support Counter64."
::= { iscsiSessionStatsEntry 6 }

-- Session Connection Error Stats Table

iscsiSessionCxnErrorStatsTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiSessionCxnErrorStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A list of error counters for each of the sessions



Bakke, Muchow              Expires August 2003                 [Page 52]


Internet Draft                  iSCSI MIB                     March 2003


        present on this system."
::= { iscsiSession 3 }

iscsiSessionCxnErrorStatsEntry OBJECT-TYPE
    SYNTAX        IscsiSessionCxnErrorStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing error counters for
        a particular session."
    AUGMENTS { iscsiSessionAttributesEntry }
::= { iscsiSessionCxnErrorStatsTable 1 }

IscsiSessionCxnErrorStatsEntry ::= SEQUENCE {
    iscsiSsnDigestErrors           Counter32,
    iscsiSsnCxnTimeoutErrors       Counter32
}

iscsiSsnDigestErrors OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "PDUs"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of PDUs which were received on the session and
        contained header or data digest errors."
::= { iscsiSessionCxnErrorStatsEntry 1 }

iscsiSsnCxnTimeoutErrors OBJECT-TYPE
    SYNTAX        Counter32
    UNITS         "connections"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The count of connections within this session
        which have been terminated due to timeout."
::= { iscsiSessionCxnErrorStatsEntry 2 }

----------------------------------------------------------------------

iscsiConnection OBJECT IDENTIFIER ::= { iscsiObjects 12 }

-- Connection Attributes Table

iscsiConnectionAttributesTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF IscsiConnectionAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current



Bakke, Muchow              Expires August 2003                 [Page 53]


Internet Draft                  iSCSI MIB                     March 2003


    DESCRIPTION
        "A list of connections belonging to each iSCSI instance
        present on the system."
::= { iscsiConnection 1 }

iscsiConnectionAttributesEntry OBJECT-TYPE
    SYNTAX        IscsiConnectionAttributesEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry (row) containing management information applicable
        to a particular connection."
    INDEX  { iscsiInstIndex, iscsiSsnNodeIndex, iscsiSsnIndex,
             iscsiCxnIndex }
::= { iscsiConnectionAttributesTable 1 }

IscsiConnectionAttributesEntry ::= SEQUENCE {
    iscsiCxnIndex                  Unsigned32,
    iscsiCxnCid                    INTEGER,
    iscsiCxnState                  INTEGER,
    iscsiCxnLocalAddrType          InetAddressType,
    iscsiCxnLocalAddr              InetAddress,
    iscsiCxnProtocol               IscsiTransportProtocols,
    iscsiCxnLocalPort              Unsigned32,
    iscsiCxnRemoteAddrType         InetAddressType,
    iscsiCxnRemoteAddr             InetAddress,
    iscsiCxnRemotePort             Unsigned32,
    iscsiCxnMaxRecvDataSegLength   INTEGER,
    iscsiCxnMaxXmitDataSegLength   INTEGER,
    iscsiCxnHeaderIntegrity        IscsiDigestMethod,
    iscsiCxnDataIntegrity          IscsiDigestMethod,
    iscsiCxnRecvMarker             TruthValue,
    iscsiCxnSendMarker             TruthValue,
    iscsiCxnVersionActive          INTEGER
}

iscsiCxnIndex OBJECT-TYPE
    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An arbitrary integer used to uniquely identify a
        particular connection of a particular session within
        an iSCSI instance present on the local system."
::= { iscsiConnectionAttributesEntry 1 }

iscsiCxnCid OBJECT-TYPE
    SYNTAX        INTEGER (1..65535)



Bakke, Muchow              Expires August 2003                 [Page 54]


Internet Draft                  iSCSI MIB                     March 2003


    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The iSCSI Connection ID for this connection."
::= { iscsiConnectionAttributesEntry 2 }

iscsiCxnState OBJECT-TYPE
    SYNTAX        INTEGER {
                      login(1),
                      full(2),
                      logout(3)
                  }
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The current state of this connection, from an iSCSI negotiation
        point of view.  Here are the states:

        login  - The transport protocol connection has been established,
                 but a valid iSCSI login response with the final bit set
                 has not been sent or received.
        full   - A valid iSCSI login response with the final bit set
                 has been sent or received.
        logout - A valid iSCSI logout command has been sent or
                 received, but the transport protocol connection has
                 not yet been closed."
::= { iscsiConnectionAttributesEntry 3 }

iscsiCxnLocalAddrType OBJECT-TYPE
    SYNTAX        InetAddressType
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The type of Internet Network Address contained in the
        corresponding instance of the iscsiCxnLocalAddr."
::= { iscsiConnectionAttributesEntry 4 }

iscsiCxnLocalAddr OBJECT-TYPE
    SYNTAX        InetAddress
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The local Internet Network Address used by this connection."
::= { iscsiConnectionAttributesEntry 5 }

iscsiCxnProtocol OBJECT-TYPE
    SYNTAX        IscsiTransportProtocols
    MAX-ACCESS    read-only



Bakke, Muchow              Expires August 2003                 [Page 55]


Internet Draft                  iSCSI MIB                     March 2003


    STATUS        current
    DESCRIPTION
        "The transport protocol over which this connection is
        running."
::= { iscsiConnectionAttributesEntry 6 }

iscsiCxnLocalPort OBJECT-TYPE
    SYNTAX        Unsigned32
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The local transport protocol port used by this connection."
::= { iscsiConnectionAttributesEntry 7 }

iscsiCxnRemoteAddrType OBJECT-TYPE
    SYNTAX        InetAddressType
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The type of Internet Network Address in contained in the
        corresponding instance of the iscsiCxnRemoteAddr."
::= { iscsiConnectionAttributesEntry 8 }

iscsiCxnRemoteAddr OBJECT-TYPE
    SYNTAX        InetAddress
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The remote Internet Network Address used by this connection."
::= { iscsiConnectionAttributesEntry 9 }

iscsiCxnRemotePort OBJECT-TYPE
    SYNTAX        Unsigned32
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The remote transport protocol port used by this connection."
::= { iscsiConnectionAttributesEntry 10 }

iscsiCxnMaxRecvDataSegLength OBJECT-TYPE
    SYNTAX        INTEGER (512..16777215)
    UNITS         "bytes"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The maximum data payload size supported for command
        or data PDUs able to be received on this connection."
::= { iscsiConnectionAttributesEntry 11 }



Bakke, Muchow              Expires August 2003                 [Page 56]


Internet Draft                  iSCSI MIB                     March 2003


iscsiCxnMaxXmitDataSegLength OBJECT-TYPE
    SYNTAX        INTEGER (512..16777215)
    UNITS         "bytes"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The maximum data payload size supported for command
        or data PDUs to be sent on this connection."
::= { iscsiConnectionAttributesEntry 12 }

iscsiCxnHeaderIntegrity OBJECT-TYPE
    SYNTAX        IscsiDigestMethod
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object identifies the iSCSI header
        digest scheme in use within this connection."
::= { iscsiConnectionAttributesEntry 13 }

iscsiCxnDataIntegrity OBJECT-TYPE
    SYNTAX        IscsiDigestMethod
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object identifies the iSCSI data
        digest scheme in use within this connection."
::= { iscsiConnectionAttributesEntry 14 }

iscsiCxnRecvMarker OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object indicates whether or not this connection
        is receiving markers in in its incoming data stream."
::= { iscsiConnectionAttributesEntry 15 }

iscsiCxnSendMarker OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object indicates whether or not this connection
        is inserting markers in in its outgoing data stream."
::= { iscsiConnectionAttributesEntry 16 }

iscsiCxnVersionActive OBJECT-TYPE
    SYNTAX        INTEGER (0..255)



Bakke, Muchow              Expires August 2003                 [Page 57]


Internet Draft                  iSCSI MIB                     March 2003


    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "Active version number of the iSCSI specification negotiated
        on this connection."
::= { iscsiConnectionAttributesEntry 17 }

------------------------------------------------------------------------
-- Notifications

iscsiNotificationsPrefix OBJECT IDENTIFIER ::= { iscsiNotifications 0 }

iscsiTgtLoginFailure NOTIFICATION-TYPE
    OBJECTS {
        iscsiTgtLoginFailures,
        iscsiTgtLastFailureType,
        iscsiTgtLastIntrFailureName,
        iscsiTgtLastIntrFailureAddrType,
        iscsiTgtLastIntrFailureAddr
    }
    STATUS current
    DESCRIPTION
        "Sent when a login is failed by a target.

        The implementation of this notification should not send
        more than 3 notifications of this type in any 10 second
        time span."
::= { iscsiNotificationsPrefix 1 }

iscsiIntrLoginFailure NOTIFICATION-TYPE
    OBJECTS {
        iscsiIntrLoginFailures,
        iscsiIntrLastFailureType,
        iscsiIntrLastTgtFailureName,
        iscsiIntrLastTgtFailureAddrType,
        iscsiIntrLastTgtFailureAddr
    }
    STATUS current
    DESCRIPTION
        "Sent when a login is failed by a initiator.

        The implementation of this notification should not send
        more than 3 notifications of this type in any 10 second
        time span."
::= { iscsiNotificationsPrefix 2 }

iscsiInstSessionFailure NOTIFICATION-TYPE
    OBJECTS {



Bakke, Muchow              Expires August 2003                 [Page 58]


Internet Draft                  iSCSI MIB                     March 2003


        iscsiInstSsnFailures,
        iscsiInstLastSsnFailureType,
        iscsiInstLastSsnRmtNodeName
    }
    STATUS current
    DESCRIPTION
        "Sent when an active session is failed by either the initiator
        or the target.

        The implementation of this notification should not send
        more than 3 notifications of this type in any 10 second
        time span."
::= { iscsiNotificationsPrefix 3 }

------------------------------------------------------------------------

-- Conformance Statements

iscsiGroups OBJECT IDENTIFIER ::= { iscsiConformance 1 }

iscsiInstanceAttributesGroup OBJECT-GROUP
    OBJECTS {
        iscsiInstDescr,
        iscsiInstVersionMin,
        iscsiInstVersionMax,
        iscsiInstVendorID,
        iscsiInstVendorVersion,
        iscsiInstPortalNumber,
        iscsiInstNodeNumber,
        iscsiInstSessionNumber,
        iscsiInstSsnFailures,
        iscsiInstLastSsnFailureType,
        iscsiInstLastSsnRmtNodeName
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about iSCSI
        instances."
::= { iscsiGroups 1 }

iscsiInstanceSsnErrorStatsGroup OBJECT-GROUP
    OBJECTS {
        iscsiInstSsnDigestErrors,
        iscsiInstSsnCxnTimeoutErrors,
        iscsiInstSsnFormatErrors
    }
    STATUS current
    DESCRIPTION



Bakke, Muchow              Expires August 2003                 [Page 59]


Internet Draft                  iSCSI MIB                     March 2003


        "A collection of objects providing information about
        errors that have caused a session failure for an
        iSCSI instance."
::= { iscsiGroups 2 }

iscsiPortalAttributesGroup OBJECT-GROUP
    OBJECTS {
        iscsiPortalRowStatus,
        iscsiPortalRoles,
        iscsiPortalAddrType,
        iscsiPortalAddr,
        iscsiPortalProtocol,
        iscsiPortalMaxRecvDataSegLength,
        iscsiPortalPrimaryHdrDigest,
        iscsiPortalPrimaryDataDigest,
        iscsiPortalSecondaryHdrDigest,
        iscsiPortalSecondaryDataDigest,
        iscsiPortalRecvMarker
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about
        the transport protocol endpoints of the local targets."
::= { iscsiGroups 3 }

iscsiTgtPortalAttributesGroup OBJECT-GROUP
    OBJECTS {
        iscsiTgtPortalPort,
        iscsiTgtPortalTag
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about
        the transport protocol endpoints of the local targets."
::= { iscsiGroups 4 }

iscsiIntrPortalAttributesGroup OBJECT-GROUP
    OBJECTS {
        iscsiIntrPortalTag
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about
        the Internet Network Addresses of the local initiators."
::= { iscsiGroups 5 }

iscsiNodeAttributesGroup OBJECT-GROUP
    OBJECTS {



Bakke, Muchow              Expires August 2003                 [Page 60]


Internet Draft                  iSCSI MIB                     March 2003


        iscsiNodeName,
        iscsiNodeAlias,
        iscsiNodeRoles,
        iscsiNodeTransportType,
        iscsiNodeInitialR2T,
        iscsiNodeImmediateData,
        iscsiNodeMaxOutstandingR2T,
        iscsiNodeFirstBurstLength,
        iscsiNodeMaxBurstLength,
        iscsiNodeMaxConnections,
        iscsiNodeDataSequenceInOrder,
        iscsiNodeDataPDUInOrder,
        iscsiNodeDefaultTime2Wait,
        iscsiNodeDefaultTime2Retain,
        iscsiNodeErrorRecoveryLevel
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about all
        local targets."
::= { iscsiGroups 6 }

iscsiTargetAttributesGroup OBJECT-GROUP
    OBJECTS {
        iscsiTgtLoginFailures,
        iscsiTgtLastFailureTime,
        iscsiTgtLastFailureType,
        iscsiTgtLastIntrFailureName,
        iscsiTgtLastIntrFailureAddrType,
        iscsiTgtLastIntrFailureAddr
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about all
        local targets."
::= { iscsiGroups 7 }

iscsiTargetLoginStatsGroup OBJECT-GROUP
    OBJECTS {
        iscsiTgtLoginAccepts,
        iscsiTgtLoginOtherFails,
        iscsiTgtLoginRedirects,
        iscsiTgtLoginAuthorizeFails,
        iscsiTgtLoginAuthenticateFails,
        iscsiTgtLoginNegotiateFails
    }
    STATUS current
    DESCRIPTION



Bakke, Muchow              Expires August 2003                 [Page 61]


Internet Draft                  iSCSI MIB                     March 2003


        "A collection of objects providing information about all
        login attempts by remote initiators to local targets."
::= { iscsiGroups 8 }

iscsiTargetLogoutStatsGroup OBJECT-GROUP
    OBJECTS {
        iscsiTgtLogoutNormals,
        iscsiTgtLogoutOthers
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about all
        logout events between remote initiators to local targets."
::= { iscsiGroups 9 }

iscsiTargetAuthGroup OBJECT-GROUP
    OBJECTS {
        iscsiTgtAuthRowStatus,
        iscsiTgtAuthIdentity
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about all
        remote initiators that are authorized to connect to local
        targets."
::= { iscsiGroups 10 }

iscsiInitiatorAttributesGroup OBJECT-GROUP
    OBJECTS {
        iscsiIntrLoginFailures,
        iscsiIntrLastFailureTime,
        iscsiIntrLastFailureType,
        iscsiIntrLastTgtFailureName,
        iscsiIntrLastTgtFailureAddrType,
        iscsiIntrLastTgtFailureAddr
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about
        all local initiators."
::= { iscsiGroups 11 }

iscsiInitiatorLoginStatsGroup OBJECT-GROUP
    OBJECTS {
        iscsiIntrLoginAcceptRsps,
        iscsiIntrLoginOtherFailRsps,
        iscsiIntrLoginRedirectRsps,
        iscsiIntrLoginAuthFailRsps,



Bakke, Muchow              Expires August 2003                 [Page 62]


Internet Draft                  iSCSI MIB                     March 2003


        iscsiIntrLoginAuthenticateFails,
        iscsiIntrLoginNegotiateFails
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about all
        login attempts by local initiators to remote targets."
::= { iscsiGroups 12 }

iscsiInitiatorLogoutStatsGroup OBJECT-GROUP
    OBJECTS {
        iscsiIntrLogoutNormals,
        iscsiIntrLogoutOthers
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about all
        logout events between local initiators to remote targets."
::= { iscsiGroups 13 }

iscsiInitiatorAuthGroup OBJECT-GROUP
    OBJECTS {
        iscsiIntrAuthRowStatus,
        iscsiIntrAuthIdentity
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about all
        remote targets that are initiators of the local system are
        authorized to access."
::= { iscsiGroups 14 }

iscsiSessionAttributesGroup OBJECT-GROUP
    OBJECTS {
        iscsiSsnDirection,
        iscsiSsnInitiatorName,
        iscsiSsnTargetName,
        iscsiSsnTSIH,
        iscsiSsnISID,
        iscsiSsnInitiatorAlias,
        iscsiSsnTargetAlias,
        iscsiSsnInitialR2T,
        iscsiSsnImmediateData,
        iscsiSsnType,
        iscsiSsnMaxOutstandingR2T,
        iscsiSsnFirstBurstLength,
        iscsiSsnMaxBurstLength,
        iscsiSsnConnectionNumber,



Bakke, Muchow              Expires August 2003                 [Page 63]


Internet Draft                  iSCSI MIB                     March 2003


        iscsiSsnAuthIdentity,
        iscsiSsnDataSequenceInOrder,
        iscsiSsnDataPDUInOrder,
        iscsiSsnErrorRecoveryLevel
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information applicable to
        all sessions."
::= { iscsiGroups 15 }

iscsiSessionPDUStatsGroup OBJECT-GROUP
    OBJECTS {
        iscsiSsnCmdPDUs,
        iscsiSsnRspPDUs
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about PDU
        traffic for each session."
::= { iscsiGroups 16 }

iscsiSessionOctetStatsGroup OBJECT-GROUP
    OBJECTS {
        iscsiSsnTxDataOctets,
        iscsiSsnRxDataOctets
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about octet
        traffic for each session using a Counter64 data type."
::= { iscsiGroups 17 }

iscsiSessionLCOctetStatsGroup OBJECT-GROUP
    OBJECTS {
        iscsiSsnLCTxDataOctets,
        iscsiSsnLCRxDataOctets
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about octet
        traffic for each session using a Counter32 data type."
::= { iscsiGroups 18 }

iscsiSessionCxnErrorStatsGroup OBJECT-GROUP
    OBJECTS {
        iscsiSsnDigestErrors,
        iscsiSsnCxnTimeoutErrors



Bakke, Muchow              Expires August 2003                 [Page 64]


Internet Draft                  iSCSI MIB                     March 2003


    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about connection
        errors for all sessions."
::= { iscsiGroups 19 }

iscsiConnectionAttributesGroup OBJECT-GROUP
    OBJECTS {
        iscsiCxnCid,
        iscsiCxnState,
        iscsiCxnProtocol,
        iscsiCxnLocalAddrType,
        iscsiCxnLocalAddr,
        iscsiCxnLocalPort,
        iscsiCxnRemoteAddrType,
        iscsiCxnRemoteAddr,
        iscsiCxnRemotePort,
        iscsiCxnMaxRecvDataSegLength,
        iscsiCxnMaxXmitDataSegLength,
        iscsiCxnHeaderIntegrity,
        iscsiCxnDataIntegrity,
        iscsiCxnRecvMarker,
        iscsiCxnSendMarker,
        iscsiCxnVersionActive
    }
    STATUS current
    DESCRIPTION
        "A collection of objects providing information about all
        connections used by all sessions."
::= { iscsiGroups 20 }

iscsiTgtLgnNotificationsGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
        iscsiTgtLoginFailure
    }
    STATUS current
    DESCRIPTION
        "A collection of notifications which indicate a login
        failure from a remote initiator to a local target."
::= { iscsiGroups 21 }

iscsiIntrLgnNotificationsGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
        iscsiIntrLoginFailure
    }
    STATUS current
    DESCRIPTION



Bakke, Muchow              Expires August 2003                 [Page 65]


Internet Draft                  iSCSI MIB                     March 2003


        "A collection of notifications which indicate a login
        failure from a local initiator to a remote target."
::= { iscsiGroups 22 }

iscsiSsnFlrNotificationsGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
        iscsiInstSessionFailure
    }
    STATUS current
    DESCRIPTION
        "A collection of notifications which indicate session
        failures occurring after login."
::= { iscsiGroups 23 }

------------------------------------------------------------------------

iscsiCompliances OBJECT IDENTIFIER ::= { iscsiConformance 2 }

iscsiComplianceV1 MODULE-COMPLIANCE
    STATUS current
    DESCRIPTION
        "Initial version of compliance statement based on
        initial version of MIB.

        If an implementation can be both a target and an
        initiator, all groups are mandatory."
    MODULE       -- this module
    MANDATORY-GROUPS {
        iscsiInstanceAttributesGroup,
        iscsiPortalAttributesGroup,
        iscsiNodeAttributesGroup,
        iscsiSessionAttributesGroup,
        iscsiSessionPDUStatsGroup,
        iscsiSessionCxnErrorStatsGroup,
        iscsiConnectionAttributesGroup,
        iscsiSsnFlrNotificationsGroup
    }

    -- Conditionally mandatory groups depending on the ability
    -- to support Counter64 data types and/or to provide counter
    -- information to SNMPv1 applications.

    GROUP iscsiSessionOctetStatsGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that can support Counter64 data types."

    GROUP iscsiSessionLCOctetStatsGroup



Bakke, Muchow              Expires August 2003                 [Page 66]


Internet Draft                  iSCSI MIB                     March 2003


    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that provide information to SNMPv1-only applications;
        this includes agents that cannot support Counter64
        data types."

    -- Conditionally mandatory groups to be included with
    -- the mandatory groups when the implementation has
    -- iSCSI target facilities.

    GROUP iscsiTgtPortalAttributesGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that have iSCSI target facilities."

    OBJECT iscsiPortalMaxRecvDataSegLength
    MIN-ACCESS read-only
    DESCRIPTION
        "Write access is not required."

    GROUP iscsiTargetAttributesGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that have iSCSI target facilities."

    GROUP iscsiTargetLoginStatsGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that have iSCSI target facilities."

    GROUP iscsiTargetLogoutStatsGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that have iSCSI target facilities."

    GROUP iscsiTgtLgnNotificationsGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that have iSCSI target facilities."

    GROUP iscsiTargetAuthGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that have iSCSI target facilities."

    -- Conditionally mandatory groups to be included with
    -- the mandatory groups when the implementation has
    -- iSCSI initiator facilities.



Bakke, Muchow              Expires August 2003                 [Page 67]


Internet Draft                  iSCSI MIB                     March 2003


    GROUP iscsiIntrPortalAttributesGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that have iSCSI initiator facilities."

    GROUP iscsiInitiatorAttributesGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that have iSCSI initiator facilities."

    GROUP iscsiInitiatorLoginStatsGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that have iSCSI initiator facilities."

    GROUP iscsiInitiatorLogoutStatsGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that have iSCSI initiator facilities."

    GROUP iscsiIntrLgnNotificationsGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that have iSCSI initiator facilities."

    GROUP iscsiInitiatorAuthGroup
    DESCRIPTION
        "This group is mandatory for all iSCSI implementations
        that have iSCSI initiator facilities."

::= { iscsiCompliances 1 }

END


















Bakke, Muchow              Expires August 2003                 [Page 68]


Internet Draft                  iSCSI MIB                     March 2003


6.  Security Considerations

   There are a number of management objects defined in this MIB module
   with a MAX-ACCESS clause of read-write and/or read-create.  Such
   objects may be considered sensitive or vulnerable in some network
   environments.  The support for SET operations in a non-secure
   environment without proper protection can have a negative effect on
   network operations.  These are the tables and objects and their
   sensitivity/vulnerability:

      iscsiPortalAttributesTable, iscsiTgtPortalAttributesTable, and
      iscsiIntrPortalAttributes table can be used to add or remove IP
      addresses to be used by iSCSI.

      iscsiTgtAuthAttributesTable entries can be added or removed, to
      allow or disallow access to a target by an initiator.

   Some of the readable objects in this MIB module (i.e., objects with a
   MAX-ACCESS other than not-accessible) may be considered sensitive or
   vulnerable in some network environments.  It is thus important to
   control even GET and/or NOTIFY access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  These are the tables and objects and their
   sensitivity/vulnerability:

      iscsiNodeAttributesTable, iscsiTargetAttributesTable, and
      iscsiTgtAuthorization can be used to glean information needed to
      make connections to the iSCSI targets this MIB represents.
      However, it is the responsibility of the initiators and targets
      involved to authenticate each other to ensure that an
      inappropriately advertised or discovered initiator or target does
      not compromise their security.  These issues are discussed in
      [ISCSI].

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPsec),
   even then, there is no control as to who on the secure network is
   allowed to access and GET/SET (read/change/create/delete) the objects
   in this MIB module.

   It is RECOMMENDED that implementors consider the security features as
   provided by the SNMPv3 framework (see [RFC3410], section 8),
   including full support for the SNMPv3 cryptographic mechanisms (for
   authentication and privacy).

   Further, deployment of SNMP versions prior to SNMPv3 is NOT
   RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator



Bakke, Muchow              Expires August 2003                 [Page 69]


Internet Draft                  iSCSI MIB                     March 2003


   responsibility to ensure that the SNMP entity giving access to an
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.

7.  Normative References

[ISCSI]     J. Satran, et. al., "iSCSI", Work in Progress, draft-ietf-
            ips-iSCSI-20, January 2003.

[RFC2578]   K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M.
            Rose, and S. Waldbusser, "Structure of Management
            Information Version 2 (SMIv2)", STD 58, RFC 2578, April
            1999.

[RFC2579]   K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M.
            Rose, and S. Waldbusser, "Textual Conventions for SMIv2",
            STD 58, RFC 2579, April 1999.

[RFC2580]   K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M.
            Rose, and S. Waldbusser, "Conformance Statements for SMIv2",
            STD 58, RFC 2580, April 1999.

[RFC3291]   M. Daniele, et. al., "Textual Conventions for Internet
            Network Addresses", RFC 3291, May 2002.

[AUTH-MIB]  M. Bakke, J. Muchow, "Definitions of Managed Objects for
            User Identity Authentication", Work in Progress, draft-ietf-
            ips-auth-mib-04.txt, March 2003.

8.  Informative References

[RFC3410]   J. Case, R. Mundy, D. Partain, and B. Stewart, "Introduction
            and Applicability Statements for Internet-Standard
            Management Framework", RFC 3410, December 2002.

[RFC2012]   K. McCloghrie, "SNMPv2 Management Information Base for the
            Transmission Control Protocol using SMIv2", RFC 2012,
            November 1996.

[SCSI-MIB]  M. Hallak-Stamler, et. al., "Definitions of Managed Objects
            for SCSI Entities", Work in Progress, draft-ietf-ips-scsi-
            mib-03.txt, June 2002.

9.  Authors' Addresses






Bakke, Muchow              Expires August 2003                 [Page 70]


Internet Draft                  iSCSI MIB                     March 2003


   Mark Bakke
   Postal: Cisco Systems, Inc
   6450 Wedgwood Road, Suite 130
   Maple Grove, MN
   USA 55311

   Tel: +1 763-398-1000
   Fax: +1 763-398-1001

   E-mail: mbakke@cisco.com

   Marjorie Krueger
   Postal: Hewlett-Packard
   Networked Storage Architecture
   Networked Storage Solutions Org.
   8000 Foothills Blvd.
   Roseville, CA
   USA 95747

   Tel: +1 916-785-2656
   Tel: +1 916-785-0391

   E-mail: marjorie_krueger@hp.com

   Tom McSweeney
   Postal: IBM Corporation
   600 Park Offices Drive
   Research Triangle Park, NC
   USA 27709

   Tel: +1-919-254-5634
   Fax: +1-919-254-0391

   E-mail: rf42tpme@us.ibm.com

   Jim Muchow
   Postal: Cisco Systems, Inc
   6450 Wedgwood Road, Suite 130
   Maple Grove, MN
   USA 55311

   Tel: +1 763-398-1000
   Fax: +1 763-398-1001

   E-mail: jamesdmuchow@yahoo.com"






Bakke, Muchow              Expires August 2003                 [Page 71]


Internet Draft                  iSCSI MIB                     March 2003


10.  IPR Notice

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights.  Information on the
   IETF's procedures with respect to rights in standards-track and
   standards-related documentation can be found in BCP-11.  Copies of
   claims of rights made

   available for publication and any assurances of licenses to be made
   available, or the result of an attempt made to obtain a general
   license or permission for the use of such proprietary rights by
   implementors or users of this specification can be obtained from the
   IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard.  Please address the information to the IETF Executive
   Director.

11.  Full Copyright Notice

   Copyright (C) The Internet Society (2003). All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the  purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING



Bakke, Muchow              Expires August 2003                 [Page 72]


Internet Draft                  iSCSI MIB                     March 2003


   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
















































Bakke, Muchow              Expires August 2003                 [Page 73]


Html markup produced by rfcmarkup 1.129b, available from https://tools.ietf.org/tools/rfcmarkup/