draft-ietf-ips-iscsi-mib-07.txt   draft-ietf-ips-iscsi-mib-08.txt 
Internet Draft Mark Bakke Internet Draft Mark Bakke
<draft-ietf-ips-iscsi-mib-07.txt> Jim Muchow <draft-ietf-ips-iscsi-mib-08.txt> Jim Muchow
Expires May 2003 Cisco Systems Expires May 2003 Cisco Systems
Marjorie Krueger Marjorie Krueger
Hewlett-Packard Hewlett-Packard
Tom McSweeney Tom McSweeney
IBM IBM
November 2002 November 2002
Definitions of Managed Objects for iSCSI Definitions of Managed Objects for iSCSI
1. Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference time. It is inappropriate to use Internet- Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.html.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
1.1. Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved. Copyright (C) The Internet Society (2001). All Rights Reserved.
2. Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in TCP/IP based internets. for use with network management protocols in TCP/IP based internets.
In particular it defines objects for managing a client using the In particular it defines objects for managing a client using the
iSCSI (SCSI over TCP) protocol. It is meant to match the latest iSCSI (SCSI over TCP) protocol.
version of iSCSI defined in [ISCSI].
3. Acknowledgments Acknowledgments
In addition to the authors, several people contributed to the In addition to the authors, several people contributed to the
development of this MIB. Thanks especially to those who took the development of this MIB. Thanks especially to those who took the
time to participate in our weekly conference calls to build our time to participate in our weekly conference calls to build our
requirements, object models, table structures, and attributes: John requirements, object models, table structures, and attributes: John
Hufferd, Tom McSweeney (IBM), Kevin Gibbons (Nishan Systems), Chad Hufferd, Tom McSweeney (IBM), Kevin Gibbons (Nishan Systems), Chad
Gregory (Intel), Jack Harwood (EMC), Hari Mudaliar (Adaptec), Ie Wei Gregory (Intel), Jack Harwood (EMC), Hari Mudaliar (Adaptec), Ie Wei
Njoo (Agilent), Lawrence Lamers (SAN Valley), Satish Mali (Stonefly Njoo (Agilent), Lawrence Lamers (SAN Valley), Satish Mali (Stonefly
Networks), and William Terrell (Troika). Networks), and William Terrell (Troika).
Special thanks to Tom McSweeney, Ie Wei Njoo, and Kevin Gibbons, who Special thanks to Tom McSweeney, Ie Wei Njoo, and Kevin Gibbons, who
wrote the descriptions for many of the tables and attributes in this wrote the descriptions for many of the tables and attributes in this
MIB, and to Keith McCloghrie for serving as advisor to the team. MIB, and to Keith McCloghrie for serving as advisor to the team.
4. The SNMP Management Framework Table of Contents
1. The SNMP Management Framework.............................2
2. Relationship to Other MIBs................................4
3. Discussion................................................4
3.1. iSCSI MIB Object Model..................................5
3.2. iSCSI MIB Table Structure...............................6
3.3. iscsiInstance...........................................7
3.4. iscsiPortal.............................................7
3.5. iscsiTargetPortal.......................................8
3.6. iscsiInitiatorPortal....................................9
3.7. iscsiNode...............................................9
3.8. iscsiTarget.............................................9
3.9. iscsiTgtAuthorization..................................10
3.10. iscsiInitiator........................................10
3.11. iscsiIntrAuthorization................................10
3.12. iscsiSession..........................................10
3.13. iscsiConnection.......................................11
3.14. IP Addresses and TCP Port Numbers.....................11
3.15. Descriptors: Using OIDs in Place of Enumerated Types..12
3.16. Notifications.........................................12
4. MIB Definitions..........................................13
5. Security Considerations..................................67
6. Normative References.....................................68
7. Informative References...................................69
8. Authors' Addresses.......................................70
9. Full Copyright Notice....................................71
1. The SNMP Management Framework
The SNMP Management Framework presently consists of five major The SNMP Management Framework presently consists of five major
components: components:
o An overall architecture, described in RFC 2571 [RFC2571]. o An overall architecture, described in RFC 2571 [RFC2571].
o Mechanisms for describing and naming objects and events for the o Mechanisms for describing and naming objects and events for the
purpose of management. The first version of this Structure of purpose of management. The first version of this Structure of
Management Information (SMI) is called SMIv1 and described in Management Information (SMI) is called SMIv1 and described in
STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC
skipping to change at page 3, line 28 skipping to change at page 4, line 5
This memo specifies a MIB module that is compliant to the SMIv2. A This memo specifies a MIB module that is compliant to the SMIv2. A
MIB conforming to the SMIv1 can be produced through the appropriate MIB conforming to the SMIv1 can be produced through the appropriate
translations. The resulting translated MIB must be semantically translations. The resulting translated MIB must be semantically
equivalent, except where objects or events are omitted because no equivalent, except where objects or events are omitted because no
translation is possible (use of Counter64). Some machine readable translation is possible (use of Counter64). Some machine readable
information in SMIv2 will be converted into textual descriptions in information in SMIv2 will be converted into textual descriptions in
SMIv1 during the translation process. However, this loss of machine SMIv1 during the translation process. However, this loss of machine
readable information is not considered to change the semantics of the readable information is not considered to change the semantics of the
MIB. MIB.
5. Relationship to Other MIBs 2. Relationship to Other MIBs
The iSCSI MIB is layered between the SCSI MIB [SCSI-MIB] (work in The iSCSI MIB is layered between the SCSI MIB [SCSI-MIB] (work in
progress) and the TCP MIB [RFC2012], and makes use of the IPS progress) and the TCP MIB [RFC2012], and makes use of the IPS
Identity Authentication MIB [AUTH-MIB] (work in progress). Here is Identity Authentication MIB [AUTH-MIB] (work in progress). Here is
how the MIBs are related: how the MIBs are related:
SCSI MIB Each iscsiNode, whether it has an initiator role, target SCSI MIB Each iscsiNode, whether it has an initiator role, target
role, or both, is related to one SCSI device within the role, or both, is related to one SCSI device within the
SCSI MIB. The iscsiNodeTransportType attribute points to SCSI MIB. The iscsiNodeTransportType attribute points to
the SCSI transport object within the SCSI MIB, which in the SCSI transport object within the SCSI MIB, which in
skipping to change at page 4, line 14 skipping to change at page 4, line 38
points to an identity within the IPS Identity points to an identity within the IPS Identity
Authentication MIB that will be allowed to access the Authentication MIB that will be allowed to access the
target. iSCSI nodes that serve in an initiator role can target. iSCSI nodes that serve in an initiator role can
also have a list of authorized targets. Each of the also have a list of authorized targets. Each of the
entries in this list points to an identity within the Auth entries in this list points to an identity within the Auth
MIB to which the initiator should attempt to establish MIB to which the initiator should attempt to establish
sessions. The Auth MIB includes information used to sessions. The Auth MIB includes information used to
identify initiators and targets by their iSCSI name, IP identify initiators and targets by their iSCSI name, IP
address, and/or credentials. address, and/or credentials.
6. Discussion 3. Discussion
This MIB structure supplies configuration, fault, and statistics This MIB structure supplies configuration, fault, and statistics
information for iSCSI devices. It is structured around the well- information for iSCSI devices [ISCSI]. It is structured around the
known iSCSI objects, such as targets, initiators, sessions, well-known iSCSI objects, such as targets, initiators, sessions,
connections, and the like. connections, and the like.
This MIB may also be used to configure access to iSCSI targets, by This MIB may also be used to configure access to iSCSI targets, by
creating iSCSI Portals and authorization list entries. creating iSCSI Portals and authorization list entries.
It is worthwhile to note that this is an iSCSI MIB and as such It is worthwhile to note that this is an iSCSI MIB and as such
reflects only iSCSI objects. This MIB does not contain information reflects only iSCSI objects. This MIB does not contain information
about the SCSI-layer attributes of a device. The SCSI MIB, currently about the SCSI-layer attributes of a device. The SCSI MIB, currently
under development, is related to the iSCSI MIB and contains the SCSI under development, is related to the iSCSI MIB and contains the SCSI
information about a device. information about a device.
The iSCSI MIB consists of several "objects", each of which is The iSCSI MIB consists of several "objects", each of which is
represented by one or more tables. This section contains a brief represented by one or more tables. This section contains a brief
description of the "object" hierarchy and a description of each description of the "object" hierarchy and a description of each
object, followed by a discussion of the actual MIB table structure object, followed by a discussion of the actual MIB table structure
within the objects. within the objects.
6.1. iSCSI MIB Object Model 3.1. iSCSI MIB Object Model
The top-level object in this structure is the iSCSI instance, which The top-level object in this structure is the iSCSI instance, which
"contains" all of the other objects. "contains" all of the other objects.
iscsiInstance iscsiInstance
-- A distinct iSCSI entity within the managed system. -- A distinct iSCSI entity within the managed system.
iscsiPortal iscsiPortal
-- An IP address used by this instance -- An IP address used by this instance
iscsiTargetPortal iscsiTargetPortal
-- Contains portal information relevant when the portal -- Contains portal information relevant when the portal
skipping to change at page 5, line 34 skipping to change at page 6, line 8
-- An active TCP connection within an iSCSI session -- An active TCP connection within an iSCSI session
An iSCSI Node can be an initiator, a target, or both. The iSCSI An iSCSI Node can be an initiator, a target, or both. The iSCSI
Node's portals may be used to initiate connections (initiator) or Node's portals may be used to initiate connections (initiator) or
listen for connections (target), depending on wither the iSCSI Node listen for connections (target), depending on wither the iSCSI Node
is acting as an initiator or target. The iSCSI MIB assumes that any is acting as an initiator or target. The iSCSI MIB assumes that any
target may be accessed via any portal that can take on a target role, target may be accessed via any portal that can take on a target role,
although other access controls not reflected in the MIB might limit although other access controls not reflected in the MIB might limit
this. this.
6.2. iSCSI MIB Table Structure 3.2. iSCSI MIB Table Structure
Each iSCSI object exports of one or more tables: an attributes table, Each iSCSI object exports of one or more tables: an attributes table,
and zero or more statistics tables which augment the attributes and zero or more statistics tables which augment the attributes
table. Since iSCSI is an evolving standard, it is much cleaner to table. Since iSCSI is an evolving standard, it is much cleaner to
provide statistics and attributes as separate tables, allowing provide statistics and attributes as separate tables, allowing
attributes and statistics to be added independently. In a few cases, attributes and statistics to be added independently. In a few cases,
there are multiple categories of statistics that will likely grow; in there are multiple categories of statistics that will likely grow; in
this case, an object will contain multiple statistics tables. this case, an object will contain multiple statistics tables.
iscsiObjects iscsiObjects
skipping to change at page 6, line 39 skipping to change at page 7, line 14
iscsiSessionCxnErrorStatsTable iscsiSessionCxnErrorStatsTable
-- Counts digest errors, connection errors, etc. -- Counts digest errors, connection errors, etc.
iscsiConnection iscsiConnection
iscsiConnectionAttributesTable iscsiConnectionAttributesTable
Note that this MIB does not attempt to count everything that could be Note that this MIB does not attempt to count everything that could be
counted; it is designed to include only those counters that would be counted; it is designed to include only those counters that would be
useful for identifying performance, security, and fault problems from useful for identifying performance, security, and fault problems from
a management station. a management station.
6.3. iscsiInstance 3.3. iscsiInstance
The iscsiInstanceAttributesTable is the primary table of the iSCSI The iscsiInstanceAttributesTable is the primary table of the iSCSI
MIB. Every table entry in this MIB is "owned" by exactly one iSCSI MIB. Every table entry in this MIB is "owned" by exactly one iSCSI
instance; all other table entries in the MIB include this table's instance; all other table entries in the MIB include this table's
index as their primary index. index as their primary index.
Most implementations will include just one iSCSI instance row in this Most implementations will include just one iSCSI instance row in this
table. However, this table exists to allow for multiple virtual table. However, this table exists to allow for multiple virtual
instances. For example, many IP routing products now allow multiple instances. For example, many IP routing products now allow multiple
virtual routers. The iSCSI MIB has the same premise; a large system virtual routers. The iSCSI MIB has the same premise; a large system
skipping to change at page 7, line 17 skipping to change at page 7, line 39
one or even more instances. one or even more instances.
The instance attributes include the iSCSI vendor and version, as well The instance attributes include the iSCSI vendor and version, as well
as information on the last target or initiator at the other end of a as information on the last target or initiator at the other end of a
session that caused a session failure. session that caused a session failure.
The iscsiInstanceSsnErrorStatsTable augments the attributes table, The iscsiInstanceSsnErrorStatsTable augments the attributes table,
and provides statistics on session failures due to digest, and provides statistics on session failures due to digest,
connection, or iSCSI format errors. connection, or iSCSI format errors.
6.4. iscsiPortal 3.4. iscsiPortal
The iscsiPortalAttributesTable lists iSCSI portals that can either be The iscsiPortalAttributesTable lists iSCSI portals that can either be
used to listen for connections to targets, or initiate connections to used to listen for connections to targets, or initiate connections to
other targets, or both. other targets, or both.
Each entry in the table includes an IP address (either v4 or v6), and Each entry in the table includes an IP address (either v4 or v6), and
a transport protocol (currently only TCP is defined). Each entry a transport protocol (currently only TCP is defined). Each entry
that fulfills an initiator portal role has a corresponding entry in that fulfills an initiator portal role has a corresponding entry in
the iscsiInitiatorPortal table; each entry that has a target portal the iscsiInitiatorPortal table; each entry that has a target portal
role has an entry in the iscsiTargetPortal table. Each portal that role has an entry in the iscsiTargetPortal table. Each portal that
skipping to change at page 8, line 11 skipping to change at page 8, line 34
deleted) matches the portal if both its iscsiCxnLocalAddr matches the deleted) matches the portal if both its iscsiCxnLocalAddr matches the
iscsiPortalAddr, and the iscsiCxnLocalPort matches the iscsiPortalAddr, and the iscsiCxnLocalPort matches the
iscsiTargetPortalPort. iscsiTargetPortalPort.
Individual attributes within a portal, initiatorPortal, or Individual attributes within a portal, initiatorPortal, or
targetPortal entry may not be modified. For instance, changing the IP targetPortal entry may not be modified. For instance, changing the IP
address of a portal requires that the portal entries associated with address of a portal requires that the portal entries associated with
the old IP address be deleted, and new entries be created (in either the old IP address be deleted, and new entries be created (in either
order). order).
6.5. iscsiTargetPortal 3.5. iscsiTargetPortal
The iscsiTargetPortalAttributesTable contains target-specific The iscsiTargetPortalAttributesTable contains target-specific
attributes for iSCSI Portals. Entries in this table use the same attributes for iSCSI Portals. Entries in this table use the same
indices as their corresponding entries in the indices as their corresponding entries in the
iscsiPortalAttributesTable. iscsiPortalAttributesTable. An entry in this table is created when
the targetTypePortal bit is set in the iscsiPortalRoles attribute; it
is destroyed when this bit is cleared.
This table contains the TCP (or other protocol) port on which the This table contains the TCP (or other protocol) port on which the
socket is listening for incoming connections. It also includes a socket is listening for incoming connections. It also includes a
portal group aggregation tag; iSCSI target portals within this portal group aggregation tag; iSCSI target portals within this
instance sharing the same tag can contain connections within the same instance sharing the same tag can contain connections within the same
session. session.
This table will be empty for iSCSI instances that contain only This table will be empty for iSCSI instances that contain only
initiators (such as iSCSI host driver implementations). initiators (such as iSCSI host driver implementations).
6.6. iscsiInitiatorPortal 3.6. iscsiInitiatorPortal
The iscsiInitiatorPortalAttributesTable contains initiator-specific The iscsiInitiatorPortalAttributesTable contains initiator-specific
attributes for iSCSI Portals. Entries in this table use the same attributes for iSCSI Portals. Entries in this table use the same
indices as their corresponding entries in the indices as their corresponding entries in the
iscsiPortalAttributesTable. iscsiPortalAttributesTable. An entry in this table is created when
the initiatorTypePortal bit is set in the iscsiPortalRoles attribute;
it is destroyed when this bit is cleared.
Each entry in this table contains a portal group aggregation tag, Each entry in this table contains a portal group aggregation tag,
indicating which portals an initiator may use together within a indicating which portals an initiator may use together within a
multiple-connection session. multiple-connection session.
This table will be empty for iSCSI instances that contain only This table will be empty for iSCSI instances that contain only
targets (such as most iSCSI devices). targets (such as most iSCSI devices).
6.7. iscsiNode 3.7. iscsiNode
The iscsiNodeAttributesTable contains a list of iSCSI nodes, each of The iscsiNodeAttributesTable contains a list of iSCSI nodes, each of
which may have an initiator role, a target role, or both. which may have an initiator role, a target role, or both.
This table contains the node's attributes which are common to both This table contains the node's attributes which are common to both
roles, such as its iSCSI Name and alias string. Attributes specific roles, such as its iSCSI Name and alias string. Attributes specific
to initiators or targets are available in the iscsiTarget and to initiators or targets are available in the iscsiTarget and
iscsiInitiator objects. Each entry in this table that can fulfill a iscsiInitiator objects. Each entry in this table that can fulfill a
target role has a corresponding entry in the iscsiTarget table; each target role has a corresponding entry in the iscsiTarget table; each
entry that fulfills an initiator role has an entry in the entry that fulfills an initiator role has an entry in the
iscsiInitiator table. Nodes such as copy managers that can take on iscsiInitiator table. Nodes such as copy managers that can take on
both roles have a corresponding entry in each table. both roles have a corresponding entry in each table.
This table also contains the login negotiations preferences for this This table also contains the login negotiations preferences for this
node. These objects indicate the values this node will offer or node. These objects indicate the values this node will offer or
prefer in the operational negotiation phase of the login process. prefer in the operational negotiation phase of the login process.
Each entry in the table also contains a RowPointer to the transport Each entry in the table also contains a RowPointer to the transport
table entry in the SCSI MIB which this iSCSI node represents. table entry in the SCSI MIB which this iSCSI node represents.
Discovery sessions may be established without a particular target 3.8. iscsiTarget
node specified as an endpoint. Since sessions are indexed in part by
the node index, a node must be provided under which to keep them. An
iscsiNode with a blank iSCSI Name may be created as a "discovery"
node; discovery sessions must include this node as part of their
indices.
6.8. iscsiTarget
The iscsiTargetAttributesTable contains target-specific attributes The iscsiTargetAttributesTable contains target-specific attributes
for iSCSI nodes. Each entry in this table uses the same index values for iSCSI nodes. Each entry in this table uses the same index values
as its corresponding iscsiNode entry. as its corresponding iscsiNode entry.
This table contains attributes used to indicate the last failure that This table contains attributes used to indicate the last failure that
was (or should have been) sent as a notification or trap. was (or should have been) sent as a notification or trap.
This table is augmented by the iscsiTargetLoginStatsTable and the This table is augmented by the iscsiTargetLoginStatsTable and the
iscsiTargetLogoutStatsTable, which count the numbers of normal and iscsiTargetLogoutStatsTable, which count the numbers of normal and
abnormal logins and logouts to this target. abnormal logins and logouts to this target.
6.9. iscsiTgtAuthorization 3.9. iscsiTgtAuthorization
The iscsiTgtAuthAttributesTable contains an entry for each initiator The iscsiTgtAuthAttributesTable contains an entry for each initiator
identifier that will be allowed to access the target under which it identifier that will be allowed to access the target under which it
appears. Each entry contains a RowPointer to a user identity in the appears. Each entry contains a RowPointer to a user identity in the
IPS Identity Authentication MIB, which contains the name, address, IPS Identity Authentication MIB, which contains the name, address,
and credential information necessary to authenticate the initiator. and credential information necessary to authenticate the initiator.
6.10. iscsiInitiator 3.10. iscsiInitiator
The iscsiInitiatorAttributesTable contains a list of initiator- The iscsiInitiatorAttributesTable contains a list of initiator-
specific attributes for iSCSI nodes. Each entry in this table uses specific attributes for iSCSI nodes. Each entry in this table uses
the same index values as its corresponding iscsiNode entry. the same index values as its corresponding iscsiNode entry.
Most implementations will include a single entry in this table, Most implementations will include a single entry in this table,
regardless of the number of physical interfaces the initiator may regardless of the number of physical interfaces the initiator may
use. use.
This table is augmented by the iscsiInitiatorLoginStatsTable and the This table is augmented by the iscsiInitiatorLoginStatsTable and the
iscsiInitiatorLogoutStatsTable, which count the numbers of normal and iscsiInitiatorLogoutStatsTable, which count the numbers of normal and
abnormal logins and logouts to this target. abnormal logins and logouts to this target.
6.11. iscsiIntrAuthorization 3.11. iscsiIntrAuthorization
The iscsiIntrAuthAttributesTable contains an entry for each target The iscsiIntrAuthAttributesTable contains an entry for each target
identifier to which the initiator is configured to establish a identifier to which the initiator is configured to establish a
session. session.
Each entry contains a RowPointer to a user identity in the IPS Each entry contains a RowPointer to a user identity in the IPS
Identity Authentication MIB, which contains the name, address, and Identity Authentication MIB, which contains the name, address, and
credential information necessary to identify (for discovery purposes) credential information necessary to identify (for discovery purposes)
and authenticate the target. and authenticate the target.
6.12. iscsiSession 3.12. iscsiSession
The iscsiSessionAttributesTable contains a set of rows that list the The iscsiSessionAttributesTable contains a set of rows that list the
sessions known to be existing locally for each node in each iSCSI sessions known to be existing locally for each node in each iSCSI
instance. instance.
The session type for each session indicates whether the session is The session type for each session indicates whether the session is
used for normal SCSI commands or for discovery using the SendTargets used for normal SCSI commands or for discovery using the SendTargets
text command. Discovery sessions that do not belong to any text command. Discovery sessions that do not belong to any
particular node are placed under the "discovery" node. particular node have a node index attribute of zero.
The session direction for each session indicates whether it is an The session direction for each session indicates whether it is an
Inbound Session or an Outbound Session. Inbound sessions are from Inbound Session or an Outbound Session. Inbound sessions are from
some other initiator to the target node under which the session some other initiator to the target node under which the session
appears. Outbound sessions are from the initiator node under which appears. Outbound sessions are from the initiator node under which
the session appears to a target outside this iSCSI instance. the session appears to a target outside this iSCSI instance.
Many attributes may be negotiated when starting an iSCSI session. Many attributes may be negotiated when starting an iSCSI session.
Most of these attributes are included in the session object. Most of these attributes are included in the session object.
skipping to change at page 11, line 5 skipping to change at page 11, line 25
other MIBs, such as an enterprise MIB. other MIBs, such as an enterprise MIB.
The iscsiSessionStatsTable includes statistics related to The iscsiSessionStatsTable includes statistics related to
performance; it counts iSCSI data bytes and PDUs. performance; it counts iSCSI data bytes and PDUs.
For implementations that support error recovery without terminating a For implementations that support error recovery without terminating a
session, the iscsiSessionCxnErrorStatsTable contains counters for the session, the iscsiSessionCxnErrorStatsTable contains counters for the
numbers of digest and connection errors that have occurred within the numbers of digest and connection errors that have occurred within the
session. session.
6.13. iscsiConnection 3.13. iscsiConnection
The iscsiConnectionAttributesTable contains a list of active The iscsiConnectionAttributesTable contains a list of active
connections within each session. It contains the IP addresses and connections within each session. It contains the IP addresses and
TCP (or other protocol) ports of both the local and remote side of TCP (or other protocol) ports of both the local and remote side of
the connection. These may be used to locate other connection-related the connection. These may be used to locate other connection-related
information and statistics in the TCP MIB [RFC 2012]. information and statistics in the TCP MIB [RFC 2012].
The attributes table also contains a connection state. This state is The attributes table also contains a connection state. This state is
not meant to directly map to the state tables included within the not meant to directly map to the state tables included within the
iSCSI specification; they are meant to be simplified, higher-level iSCSI specification; they are meant to be simplified, higher-level
definitions of connection state that provide information more useful definitions of connection state that provide information more useful
to a user or network manager. to a user or network manager.
No statistics are kept for connections. No statistics are kept for connections.
6.14. IP Addresses and TCP Port Numbers 3.14. IP Addresses and TCP Port Numbers
The IP addresses in this MIB are represented by two attributes, one The IP addresses in this MIB are represented by two attributes, one
of type InetAddressType, and the other of type InetAddress. These of type InetAddressType, and the other of type InetAddress. These
are taken from [RFC3291], which specifies how to support addresses are taken from [RFC3291], which specifies how to support addresses
that may be either IPv4 or IPv6. that may be either IPv4 or IPv6.
The TCP port numbers that appear in a few of the structures are The TCP port numbers that appear in a few of the structures are
described as simply port numbers, with a protocol attribute described as simply port numbers, with a protocol attribute
indicating whether they are TCP ports, or something else. This will indicating whether they are TCP ports, or something else. This will
allow the MIB to be compatible with iSCSI over transports other than allow the MIB to be compatible with iSCSI over transports other than
TCP in the future. TCP in the future.
6.15. Descriptors: Using OIDs in Place of Enumerated Types 3.15. Descriptors: Using OIDs in Place of Enumerated Types
The iSCSI MIB has a few attributes, such as the authentication and The iSCSI MIB has a few attributes, such as the authentication and
digest method attributes, where an enumerated type would work well, digest method attributes, where an enumerated type would work well,
except that an implementation may need to extend the attribute and except that an implementation may need to extend the attribute and
add types of its own. To make this work, the MIB defines a set of add types of its own. To make this work, the MIB defines a set of
object identities within iscsiDescriptors. Each of these object object identities within iscsiDescriptors. Each of these object
identities is basically an enumerated type. identities is basically an enumerated type.
Attributes that make use of these object identities have a value Attributes that make use of these object identities have a value
which is an OID instead of an enumerated type. These OIDs can either which is an OID instead of an enumerated type. These OIDs can either
indicate the object identities defined in this MIB, or object indicate the object identities defined in this MIB, or object
identities defined elsewhere, such as in an enterprise MIB. Those identities defined elsewhere, such as in an enterprise MIB. Those
implementations that add their own authentication and digest methods implementations that add their own authentication and digest methods
should also define a corresponding object identity for each of these should also define a corresponding object identity for each of these
methods within their own enterprise MIB, and return its OID whenever methods within their own enterprise MIB, and return its OID whenever
one of these attributes is using that method. one of these attributes is using that method.
6.16. Notifications 3.16. Notifications
Three notifications are provided. One is sent by an initiator Three notifications are provided. One is sent by an initiator
detecting a critical login failure; another is sent by a target detecting a critical login failure; another is sent by a target
detecting a critical login failure, and the third is sent upon a detecting a critical login failure, and the third is sent upon a
session being terminated due to an abnormal connection or digest session being terminated due to an abnormal connection or digest
failure. Critical failures are defined as those that may expose failure. Critical failures are defined as those that may expose
security-related problems that may require immediate action, such as security-related problems that may require immediate action, such as
failures due to authentication, authorization, or negotiation failures due to authentication, authorization, or negotiation
problems. Attributes in the initiator, target, and instance objects problems. Attributes in the initiator, target, and instance objects
provide the information necessary to send in the notification, such provide the information necessary to send in the notification, such
skipping to change at page 13, line 5 skipping to change at page 13, line 5
errors counted, an SNMP agent implementing the iSCSI MIB should not errors counted, an SNMP agent implementing the iSCSI MIB should not
send more than three iSCSI notifications in any 10-second period. send more than three iSCSI notifications in any 10-second period.
The 3-in-10 rule was chosen because one notification every three The 3-in-10 rule was chosen because one notification every three
seconds was deemed often enough, but should two or three different seconds was deemed often enough, but should two or three different
notifications happen at the same time, it would not be desirable to notifications happen at the same time, it would not be desirable to
suppress them. Three notifications in ten seconds is a happy medium, suppress them. Three notifications in ten seconds is a happy medium,
where a short burst of notifications is allowed, without inundating where a short burst of notifications is allowed, without inundating
the network and/or trap host with a large number of notifications. the network and/or trap host with a large number of notifications.
7. MIB Definitions 4. MIB Definitions
ISCSI-MIB DEFINITIONS ::= BEGIN ISCSI-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, NOTIFICATION-TYPE, MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, NOTIFICATION-TYPE,
Unsigned32, Counter32, Counter64, Gauge32, Unsigned32, Counter32, Counter64, Gauge32,
experimental experimental
FROM SNMPv2-SMI FROM SNMPv2-SMI
TEXTUAL-CONVENTION, TruthValue, RowPointer, TimeStamp, RowStatus, TEXTUAL-CONVENTION, TruthValue, RowPointer, TimeStamp, RowStatus,
skipping to change at page 14, line 7 skipping to change at page 14, line 7
Marjorie Krueger Marjorie Krueger
Postal: Hewlett-Packard Postal: Hewlett-Packard
Networked Storage Architecture Networked Storage Architecture
Networked Storage Solutions Org. Networked Storage Solutions Org.
8000 Foothills Blvd. 8000 Foothills Blvd.
Roseville, CA 95747 Roseville, CA 95747
Tel: +1 916-785-2656 Tel: +1 916-785-2656
Tel: +1 916-785-0391 Tel: +1 916-785-0391
Email: marjorie_krueger@hp.com E-mail: marjorie_krueger@hp.com
Tom McSweeney Tom McSweeney
Postal: IBM Corporation Postal: IBM Corporation
600 Park Offices Drive 600 Park Offices Drive
Research Triangle Park, NC Research Triangle Park, NC
USA 27709 USA 27709
Tel: +1-919-254-5634 Tel: +1-919-254-5634
Fax: +1-919-254-0391 Fax: +1-919-254-0391
skipping to change at page 15, line 24 skipping to change at page 15, line 24
IscsiDigestMethod ::= TEXTUAL-CONVENTION IscsiDigestMethod ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This data type represents the methods possible "This data type represents the methods possible
for digest negotiation. for digest negotiation.
none - a placeholder for a secondary digest method none - a placeholder for a secondary digest method
that means only the primary method can be that means only the primary method can be
used. used.
other - a digest method other than those defined below; other - a digest method other than those defined below;
noDigest - does not support digests (will operate without noDigest - does not support digests (will operate without
a digest (NOTE: implementations MUST support a digest (NOTE: implementations must support
digests to be compliant with the iSCSI RFC); digests to be compliant with the iSCSI RFC);
CRC32c - require a CRC32C digest." CRC32c - require a CRC32C digest."
SYNTAX INTEGER { SYNTAX INTEGER {
none(1), none(1),
other(2), other(2),
noDigest(3), noDigest(3),
crc32c(4) crc32c(4)
} }
------------------------------------------------------------------------ ------------------------------------------------------------------------
skipping to change at page 18, line 24 skipping to change at page 18, line 24
DESCRIPTION DESCRIPTION
"An octet string describing the manufacturer of the "An octet string describing the manufacturer of the
implementation of this instance." implementation of this instance."
::= { iscsiInstanceAttributesEntry 5 } ::= { iscsiInstanceAttributesEntry 5 }
iscsiInstVendorVersion OBJECT-TYPE iscsiInstVendorVersion OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An octet string set by the manufacturer describing the verison "An octet string set by the manufacturer describing the
of the implementation of this instance. The format of this string version of the implementation of this instance. The
is determined solely by the manufacturer, and is for informational format of this string is determined solely by the
purposes only. It is unrelated to the iSCSI specification version manufacturer, and is for informational purposes only.
numbers." It is unrelated to the iSCSI specification version numbers."
::= { iscsiInstanceAttributesEntry 6 } ::= { iscsiInstanceAttributesEntry 6 }
iscsiInstPortalNumber OBJECT-TYPE iscsiInstPortalNumber OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
UNITS "transport endpoints" UNITS "transport endpoints"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the iscsiPortalAttributesTable "The number of rows in the iscsiPortalAttributesTable
which are currently associated with this iSCSI instance." which are currently associated with this iSCSI instance."
skipping to change at page 25, line 49 skipping to change at page 25, line 49
"A list of Internet Network Addresses (using TCP or another "A list of Internet Network Addresses (using TCP or another
transport protocol) from which this iSCSI instance may transport protocol) from which this iSCSI instance may
initiate connections to other targets." initiate connections to other targets."
::= { iscsiInitiatorPortal 1 } ::= { iscsiInitiatorPortal 1 }
iscsiIntrPortalAttributesEntry OBJECT-TYPE iscsiIntrPortalAttributesEntry OBJECT-TYPE
SYNTAX IscsiIntrPortalAttributesEntry SYNTAX IscsiIntrPortalAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing managment information applicable "An entry (row) containing management information applicable
to a particular portal instance that is used to initiate to a particular portal instance that is used to initiate
connections to iSCSI targets. This row is populated for connections to iSCSI targets. This row is populated for
each iscsiPortalAttributesEntry row that may be used as an each iscsiPortalAttributesEntry row that may be used as an
initiator portal." initiator portal."
INDEX { iscsiInstIndex, iscsiPortalIndex } INDEX { iscsiInstIndex, iscsiPortalIndex }
::= { iscsiIntrPortalAttributesTable 1 } ::= { iscsiIntrPortalAttributesTable 1 }
IscsiIntrPortalAttributesEntry ::= SEQUENCE { IscsiIntrPortalAttributesEntry ::= SEQUENCE {
iscsiIntrPortalTag INTEGER iscsiIntrPortalTag INTEGER
} }
skipping to change at page 26, line 45 skipping to change at page 26, line 45
"A list of iSCSI nodes belonging to each iSCSI instance "A list of iSCSI nodes belonging to each iSCSI instance
present on the local system. An iSCSI node can act as present on the local system. An iSCSI node can act as
an initiator, a target, or both." an initiator, a target, or both."
::= { iscsiNode 1 } ::= { iscsiNode 1 }
iscsiNodeAttributesEntry OBJECT-TYPE iscsiNodeAttributesEntry OBJECT-TYPE
SYNTAX IscsiNodeAttributesEntry SYNTAX IscsiNodeAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing managment information applicable "An entry (row) containing management information applicable
to a particular iSCSI node." to a particular iSCSI node."
INDEX { iscsiInstIndex, iscsiNodeIndex } INDEX { iscsiInstIndex, iscsiNodeIndex }
::= { iscsiNodeAttributesTable 1 } ::= { iscsiNodeAttributesTable 1 }
IscsiNodeAttributesEntry ::= SEQUENCE { IscsiNodeAttributesEntry ::= SEQUENCE {
iscsiNodeIndex Unsigned32, iscsiNodeIndex Unsigned32,
iscsiNodeName SnmpAdminString, iscsiNodeName SnmpAdminString,
iscsiNodeAlias SnmpAdminString, iscsiNodeAlias SnmpAdminString,
iscsiNodeRoles BITS, iscsiNodeRoles BITS,
iscsiNodeTransportType RowPointer, iscsiNodeTransportType RowPointer,
skipping to change at page 27, line 38 skipping to change at page 27, line 38
::= { iscsiNodeAttributesEntry 1 } ::= { iscsiNodeAttributesEntry 1 }
iscsiNodeName OBJECT-TYPE iscsiNodeName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A character string that is a globally unique identifier for "A character string that is a globally unique identifier for
this iSCSI node. The node name is independent of the location this iSCSI node. The node name is independent of the location
of the node, and can be resolved into a set of addresses of the node, and can be resolved into a set of addresses
through various discovery services. through various discovery services."
If this node is used as a discovery-only node, and supports
only discovery sessions, this object contains a zero-length
string."
::= { iscsiNodeAttributesEntry 2 } ::= { iscsiNodeAttributesEntry 2 }
iscsiNodeAlias OBJECT-TYPE iscsiNodeAlias OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A character string that is a human-readable name or "A character string that is a human-readable name or
description of the iSCSI node. If configured, this alias description of the iSCSI node. If configured, this alias
may be communicated to the initiator or target node at may be communicated to the initiator or target node at
skipping to change at page 29, line 8 skipping to change at page 29, line 4
iscsiNodeInitialR2T OBJECT-TYPE iscsiNodeInitialR2T OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object indicates the InitialR2T preference for this "This object indicates the InitialR2T preference for this
node: node:
True = YES, True = YES,
False = will try to negotiate NO, will accept YES " False = will try to negotiate NO, will accept YES "
DEFVAL { true } DEFVAL { true }
::= { iscsiNodeAttributesEntry 6 } ::= { iscsiNodeAttributesEntry 6 }
iscsiNodeImmediateData OBJECT-TYPE iscsiNodeImmediateData OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object indicates ImmediateData preference for this node "This object indicates ImmediateData preference for this
node
True = YES (but will accept NO), True = YES (but will accept NO),
False = NO " False = NO "
DEFVAL { true } DEFVAL { true }
::= { iscsiNodeAttributesEntry 7 } ::= { iscsiNodeAttributesEntry 7 }
iscsiNodeMaxOutstandingR2T OBJECT-TYPE iscsiNodeMaxOutstandingR2T OBJECT-TYPE
SYNTAX INTEGER (1..65535) SYNTAX INTEGER (1..65535)
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 30, line 24 skipping to change at page 30, line 20
::= { iscsiNodeAttributesEntry 11 } ::= { iscsiNodeAttributesEntry 11 }
iscsiNodeDataSequenceInOrder OBJECT-TYPE iscsiNodeDataSequenceInOrder OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The DataSequenceInOrder preference of this node. "The DataSequenceInOrder preference of this node.
False (=No) indicates that iSCSI data PDU sequences may False (=No) indicates that iSCSI data PDU sequences may
be transferred in any order. True (=Yes) indicates that be transferred in any order. True (=Yes) indicates that
data PDU sequences must be tranferred using data PDU sequences must be transferred using
continuously increasing offsets, except during continuously increasing offsets, except during
error recovery." error recovery."
DEFVAL { true } DEFVAL { true }
::= { iscsiNodeAttributesEntry 12 } ::= { iscsiNodeAttributesEntry 12 }
iscsiNodeDataPDUInOrder OBJECT-TYPE iscsiNodeDataPDUInOrder OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 31, line 47 skipping to change at page 31, line 43
iscsiTarget OBJECT IDENTIFIER ::= { iscsiObjects 7 } iscsiTarget OBJECT IDENTIFIER ::= { iscsiObjects 7 }
-- Target Attributes Table -- Target Attributes Table
iscsiTargetAttributesTable OBJECT-TYPE iscsiTargetAttributesTable OBJECT-TYPE
SYNTAX SEQUENCE OF IscsiTargetAttributesEntry SYNTAX SEQUENCE OF IscsiTargetAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing managment information applicable "An entry (row) containing management information applicable
to a particular node that can take on a target role." to a particular node that can take on a target role."
::= { iscsiTarget 1 } ::= { iscsiTarget 1 }
iscsiTargetAttributesEntry OBJECT-TYPE iscsiTargetAttributesEntry OBJECT-TYPE
SYNTAX IscsiTargetAttributesEntry SYNTAX IscsiTargetAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing management information applicable "An entry (row) containing management information applicable
to a particular target." to a particular target."
skipping to change at page 38, line 28 skipping to change at page 38, line 26
"A list of iSCSI nodes that can take on an initiator "A list of iSCSI nodes that can take on an initiator
role, belonging to each iSCSI instance present on role, belonging to each iSCSI instance present on
the local system." the local system."
::= { iscsiInitiator 1 } ::= { iscsiInitiator 1 }
iscsiInitiatorAttributesEntry OBJECT-TYPE iscsiInitiatorAttributesEntry OBJECT-TYPE
SYNTAX IscsiInitiatorAttributesEntry SYNTAX IscsiInitiatorAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing managment information "An entry (row) containing management information
applicable to a particular iSCSI node that has applicable to a particular iSCSI node that has
initiator capabilities." initiator capabilities."
INDEX { iscsiInstIndex, iscsiNodeIndex } INDEX { iscsiInstIndex, iscsiNodeIndex }
::= { iscsiInitiatorAttributesTable 1 } ::= { iscsiInitiatorAttributesTable 1 }
IscsiInitiatorAttributesEntry ::= SEQUENCE { IscsiInitiatorAttributesEntry ::= SEQUENCE {
iscsiIntrLoginFailures Counter32, iscsiIntrLoginFailures Counter32,
iscsiIntrLastFailureTime TimeStamp, iscsiIntrLastFailureTime TimeStamp,
iscsiIntrLastFailureType AutonomousType, iscsiIntrLastFailureType AutonomousType,
iscsiIntrLastTgtFailureName SnmpAdminString, iscsiIntrLastTgtFailureName SnmpAdminString,
iscsiIntrLastTgtFailureAddrType InetAddressType, iscsiIntrLastTgtFailureAddrType InetAddressType,
iscsiIntrLastTgtFailureAddr InetAddress iscsiIntrLastTgtFailureAddr InetAddress
} }
iscsiIntrLoginFailures OBJECT-TYPE iscsiIntrLoginFailures OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
UNITS "failed logins" UNITS "failed logins"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object counts the number of times a login attempt from this "This object counts the number of times a login attempt from
local initiator has failed." this local initiator has failed."
::= { iscsiInitiatorAttributesEntry 1 } ::= { iscsiInitiatorAttributesEntry 1 }
iscsiIntrLastFailureTime OBJECT-TYPE iscsiIntrLastFailureTime OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The timestamp of the most recent failure of a login attempt "The timestamp of the most recent failure of a login attempt
from this initiator. A value of zero indicates that no such from this initiator. A value of zero indicates that no such
failures have occurred." failures have occurred."
skipping to change at page 39, line 42 skipping to change at page 39, line 39
DESCRIPTION DESCRIPTION
"An octet string giving the name of the target that failed "An octet string giving the name of the target that failed
the last login attempt." the last login attempt."
::= { iscsiInitiatorAttributesEntry 4 } ::= { iscsiInitiatorAttributesEntry 4 }
iscsiIntrLastTgtFailureAddrType OBJECT-TYPE iscsiIntrLastTgtFailureAddrType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The type of Internet Network Address in iscsiIntrLastTgtFailureAddr." "The type of Internet Network Address in
iscsiIntrLastTgtFailureAddr."
DEFVAL { ipv4 } DEFVAL { ipv4 }
::= { iscsiInitiatorAttributesEntry 5 } ::= { iscsiInitiatorAttributesEntry 5 }
iscsiIntrLastTgtFailureAddr OBJECT-TYPE iscsiIntrLastTgtFailureAddr OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An Internet Network Address giving the host address of the target "An Internet Network Address giving the host address of the
that failed the last login attempt." target that failed the last login attempt."
::= { iscsiInitiatorAttributesEntry 6 } ::= { iscsiInitiatorAttributesEntry 6 }
-- Initiator Login Stats Table -- Initiator Login Stats Table
iscsiInitiatorLoginStatsTable OBJECT-TYPE iscsiInitiatorLoginStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF IscsiInitiatorLoginStatsEntry SYNTAX SEQUENCE OF IscsiInitiatorLoginStatsEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of counters which keep track of the results of "A table of counters which keep track of the results of
skipping to change at page 43, line 35 skipping to change at page 43, line 33
DESCRIPTION DESCRIPTION
"A list of target identities which each initiator "A list of target identities which each initiator
on the local system may access." on the local system may access."
::= { iscsiIntrAuthorization 1 } ::= { iscsiIntrAuthorization 1 }
iscsiIntrAuthAttributesEntry OBJECT-TYPE iscsiIntrAuthAttributesEntry OBJECT-TYPE
SYNTAX IscsiIntrAuthAttributesEntry SYNTAX IscsiIntrAuthAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing managment information applicable "An entry (row) containing management information applicable
to a particular initiator node's authorized target identity." to a particular initiator node's authorized target identity."
INDEX { iscsiInstIndex, iscsiNodeIndex, iscsiIntrAuthIndex } INDEX { iscsiInstIndex, iscsiNodeIndex, iscsiIntrAuthIndex }
::= { iscsiIntrAuthAttributesTable 1 } ::= { iscsiIntrAuthAttributesTable 1 }
IscsiIntrAuthAttributesEntry ::= SEQUENCE { IscsiIntrAuthAttributesEntry ::= SEQUENCE {
iscsiIntrAuthIndex Unsigned32, iscsiIntrAuthIndex Unsigned32,
iscsiIntrAuthRowStatus RowStatus, iscsiIntrAuthRowStatus RowStatus,
iscsiIntrAuthIdentity RowPointer iscsiIntrAuthIdentity RowPointer
} }
skipping to change at page 44, line 49 skipping to change at page 44, line 48
"A list of sessions belonging to each iSCSI instance "A list of sessions belonging to each iSCSI instance
present on the system." present on the system."
::= { iscsiSession 1 } ::= { iscsiSession 1 }
iscsiSessionAttributesEntry OBJECT-TYPE iscsiSessionAttributesEntry OBJECT-TYPE
SYNTAX IscsiSessionAttributesEntry SYNTAX IscsiSessionAttributesEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (row) containing management information applicable "An entry (row) containing management information applicable
to a particular session." to a particular session.
If this session is a discovery session which is not attached
to any particular node, the iscsiNodeIndex will be zero."
INDEX { iscsiInstIndex, iscsiNodeIndex, iscsiSsnIndex } INDEX { iscsiInstIndex, iscsiNodeIndex, iscsiSsnIndex }
::= { iscsiSessionAttributesTable 1 } ::= { iscsiSessionAttributesTable 1 }
IscsiSessionAttributesEntry ::= SEQUENCE { IscsiSessionAttributesEntry ::= SEQUENCE {
iscsiSsnIndex Unsigned32, iscsiSsnIndex Unsigned32,
iscsiSsnDirection INTEGER, iscsiSsnDirection INTEGER,
iscsiSsnInitiatorName SnmpAdminString, iscsiSsnInitiatorName SnmpAdminString,
iscsiSsnTargetName SnmpAdminString, iscsiSsnTargetName SnmpAdminString,
iscsiSsnTSIH INTEGER, iscsiSsnTSIH INTEGER,
iscsiSsnISID OCTET STRING, iscsiSsnISID OCTET STRING,
skipping to change at page 47, line 43 skipping to change at page 47, line 48
length of the request. length of the request.
Default is true." Default is true."
::= { iscsiSessionAttributesEntry 9 } ::= { iscsiSessionAttributesEntry 9 }
iscsiSsnImmediateData OBJECT-TYPE iscsiSsnImmediateData OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicates whether the initiator and target have agreed to support "Indicates whether the initiator and target have agreed to
immediate data on this session." support immediate data on this session."
::= { iscsiSessionAttributesEntry 10 } ::= { iscsiSessionAttributesEntry 10 }
iscsiSsnType OBJECT-TYPE iscsiSsnType OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
normalSession(1), normalSession(1),
discoverySession(2) discoverySession(2)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 49, line 27 skipping to change at page 49, line 30
"IPS-AUTH MIB" "IPS-AUTH MIB"
::= { iscsiSessionAttributesEntry 16 } ::= { iscsiSessionAttributesEntry 16 }
iscsiSsnDataSequenceInOrder OBJECT-TYPE iscsiSsnDataSequenceInOrder OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"False indicates that iSCSI data PDU sequences may "False indicates that iSCSI data PDU sequences may
be transferred in any order. True indicates that be transferred in any order. True indicates that
data PDU sequences must be tranferred using data PDU sequences must be transferred using
continuously increasing offsets, except during continuously increasing offsets, except during
error recovery." error recovery."
::= { iscsiSessionAttributesEntry 17 } ::= { iscsiSessionAttributesEntry 17 }
iscsiSsnDataPDUInOrder OBJECT-TYPE iscsiSsnDataPDUInOrder OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"False indicates that iSCSI data PDUs within sequences "False indicates that iSCSI data PDUs within sequences
skipping to change at page 53, line 34 skipping to change at page 53, line 39
iscsiCxnCid INTEGER, iscsiCxnCid INTEGER,
iscsiCxnState INTEGER, iscsiCxnState INTEGER,
iscsiCxnLocalAddrType InetAddressType, iscsiCxnLocalAddrType InetAddressType,
iscsiCxnLocalAddr InetAddress, iscsiCxnLocalAddr InetAddress,
iscsiCxnProtocol IscsiTransportProtocols, iscsiCxnProtocol IscsiTransportProtocols,
iscsiCxnLocalPort Unsigned32, iscsiCxnLocalPort Unsigned32,
iscsiCxnRemoteAddrType InetAddressType, iscsiCxnRemoteAddrType InetAddressType,
iscsiCxnRemoteAddr InetAddress, iscsiCxnRemoteAddr InetAddress,
iscsiCxnRemotePort Unsigned32, iscsiCxnRemotePort Unsigned32,
iscsiCxnMaxRecvDataSegLength INTEGER, iscsiCxnMaxRecvDataSegLength INTEGER,
iscsiCxnMaxXmitDataSegLength INTEGER,
iscsiCxnHeaderIntegrity IscsiDigestMethod, iscsiCxnHeaderIntegrity IscsiDigestMethod,
iscsiCxnDataIntegrity IscsiDigestMethod, iscsiCxnDataIntegrity IscsiDigestMethod,
iscsiCxnRecvMarker TruthValue, iscsiCxnRecvMarker TruthValue,
iscsiCxnSendMarker TruthValue iscsiCxnSendMarker TruthValue,
iscsiCxnVersionActive INTEGER
} }
iscsiCxnIndex OBJECT-TYPE iscsiCxnIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer used to uniquely identify a "An arbitrary integer used to uniquely identify a
particular connection of a particular session within particular connection of a particular session within
an iSCSI instance present on the local system." an iSCSI instance present on the local system."
skipping to change at page 55, line 51 skipping to change at page 56, line 9
"The remote transport protocol port used by this connection." "The remote transport protocol port used by this connection."
::= { iscsiConnectionAttributesEntry 10 } ::= { iscsiConnectionAttributesEntry 10 }
iscsiCxnMaxRecvDataSegLength OBJECT-TYPE iscsiCxnMaxRecvDataSegLength OBJECT-TYPE
SYNTAX INTEGER (512..16777215) SYNTAX INTEGER (512..16777215)
UNITS "bytes" UNITS "bytes"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum data payload size supported for command "The maximum data payload size supported for command
or data PDUs in use within this connection. or data PDUs able to be received on this connection."
Note that the size of reported in bytes even though
the negotiation is in 512k blocks."
DEFVAL { 8192 } DEFVAL { 8192 }
::= { iscsiConnectionAttributesEntry 11 } ::= { iscsiConnectionAttributesEntry 11 }
iscsiCxnMaxXmitDataSegLength OBJECT-TYPE
SYNTAX INTEGER (512..16777215)
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum data payload size supported for command
or data PDUs to be sent on this connection."
DEFVAL { 8192 }
::= { iscsiConnectionAttributesEntry 12 }
iscsiCxnHeaderIntegrity OBJECT-TYPE iscsiCxnHeaderIntegrity OBJECT-TYPE
SYNTAX IscsiDigestMethod SYNTAX IscsiDigestMethod
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object identifies the iSCSI header "This object identifies the iSCSI header
digest scheme in use within this connection." digest scheme in use within this connection."
::= { iscsiConnectionAttributesEntry 12 } ::= { iscsiConnectionAttributesEntry 13 }
iscsiCxnDataIntegrity OBJECT-TYPE iscsiCxnDataIntegrity OBJECT-TYPE
SYNTAX IscsiDigestMethod SYNTAX IscsiDigestMethod
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object identifies the iSCSI data "This object identifies the iSCSI data
digest scheme in use within this connection." digest scheme in use within this connection."
::= { iscsiConnectionAttributesEntry 13 } ::= { iscsiConnectionAttributesEntry 14 }
iscsiCxnRecvMarker OBJECT-TYPE iscsiCxnRecvMarker OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object indicates whether or not this connection "This object indicates whether or not this connection
is receiving markers in in its incoming data stream." is receiving markers in in its incoming data stream."
DEFVAL { false } DEFVAL { false }
::= { iscsiConnectionAttributesEntry 14 } ::= { iscsiConnectionAttributesEntry 15 }
iscsiCxnSendMarker OBJECT-TYPE iscsiCxnSendMarker OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object indicates whether or not this connection "This object indicates whether or not this connection
is inserting markers in in its outgoing data stream." is inserting markers in in its outgoing data stream."
DEFVAL { false } DEFVAL { false }
::= { iscsiConnectionAttributesEntry 15 } ::= { iscsiConnectionAttributesEntry 16 }
iscsiCxnVersionActive OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Active version number of the iSCSI specification negotiated
on this connection."
::= { iscsiConnectionAttributesEntry 17 }
------------------------------------------------------------------------ ------------------------------------------------------------------------
-- Notifications -- Notifications
iscsiNotificationsPrefix OBJECT IDENTIFIER ::= { iscsiNotifications 0 } iscsiNotificationsPrefix OBJECT IDENTIFIER ::= { iscsiNotifications 0 }
iscsiTgtLoginFailure NOTIFICATION-TYPE iscsiTgtLoginFailure NOTIFICATION-TYPE
OBJECTS { OBJECTS {
iscsiTgtLoginFailures, iscsiTgtLoginFailures,
iscsiTgtLastFailureType, iscsiTgtLastFailureType,
skipping to change at page 63, line 52 skipping to change at page 64, line 28
iscsiCxnCid, iscsiCxnCid,
iscsiCxnState, iscsiCxnState,
iscsiCxnProtocol, iscsiCxnProtocol,
iscsiCxnLocalAddrType, iscsiCxnLocalAddrType,
iscsiCxnLocalAddr, iscsiCxnLocalAddr,
iscsiCxnLocalPort, iscsiCxnLocalPort,
iscsiCxnRemoteAddrType, iscsiCxnRemoteAddrType,
iscsiCxnRemoteAddr, iscsiCxnRemoteAddr,
iscsiCxnRemotePort, iscsiCxnRemotePort,
iscsiCxnMaxRecvDataSegLength, iscsiCxnMaxRecvDataSegLength,
iscsiCxnMaxXmitDataSegLength,
iscsiCxnHeaderIntegrity, iscsiCxnHeaderIntegrity,
iscsiCxnDataIntegrity, iscsiCxnDataIntegrity,
iscsiCxnRecvMarker, iscsiCxnRecvMarker,
iscsiCxnSendMarker iscsiCxnSendMarker,
iscsiCxnVersionActive
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of objects providing information about all "A collection of objects providing information about all
connections used by all sessions." connections used by all sessions."
::= { iscsiGroups 20 } ::= { iscsiGroups 20 }
iscsiTgtLgnNotificationsGroup NOTIFICATION-GROUP iscsiTgtLgnNotificationsGroup NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
iscsiTgtLoginFailure iscsiTgtLoginFailure
skipping to change at page 67, line 12 skipping to change at page 67, line 39
GROUP iscsiInitiatorAuthGroup GROUP iscsiInitiatorAuthGroup
DESCRIPTION DESCRIPTION
"This group is mandatory for all iSCSI implementations "This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities." that have iSCSI initiator facilities."
::= { iscsiCompliances 1 } ::= { iscsiCompliances 1 }
END END
8. Security Considerations 5. Security Considerations
There are a number of management objects defined in this MIB that There are a number of management objects defined in this MIB that
have a MAX-ACCESS clause of read-write and/or read-create. Such have a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on environment without proper protection can have a negative effect on
network operations. network operations.
Information gleaned from this MIB could be used to make connections Information gleaned from this MIB could be used to make connections
to the iSCSI targets it represents. However, it is the responsbility to the iSCSI targets it represents. However, it is the
of the initiators and targets involved to authenticate each other to responsibility of the initiators and targets involved to authenticate
ensure that an inappropriately advertised or discovered initiator or each other to ensure that an inappropriately advertised or discovered
target does not compromise their security. These issues are initiator or target does not compromise their security. These issues
discussed in [ISCSI]. are discussed in [ISCSI].
SNMPv1 by itself is not a secure environment. Even if the network SNMPv1 by itself is not a secure environment. Even if the network
itself is secure (for example by using IPSec), even then, there is no itself is secure (for example by using IPsec), even then, there is no
control as to who on the secure network is allowed to access and control as to who on the secure network is allowed to access and
GET/SET (read/change/create/delete) the objects in this MIB. GET/SET (read/change/create/delete) the objects in this MIB.
It is recommended that the implementers consider the security It is recommended that the implementors consider the security
features as provided by the SNMPv3 framework. Specifically, the use features as provided by the SNMPv3 framework. Specifically, the use
of the User-based Security Model RFC 2574 [RFC2574] and the View- of the User-based Security Model RFC 2574 [RFC2574] and the View-
based Access Control Model RFC 2575 [RFC2575] is recommended. based Access Control Model RFC 2575 [RFC2575] is recommended.
It is then a customer/user responsibility to ensure that the SNMP It is then a customer/user responsibility to ensure that the SNMP
entity giving access to an instance of this MIB, is properly entity giving access to an instance of this MIB, is properly
configured to give access to the objects only to those principals configured to give access to the objects only to those principals
(users) that have legitimate rights to indeed GET or SET (users) that have legitimate rights to indeed GET or SET
(change/create/delete) them. (change/create/delete) them.
9. Normative References 6. Normative References
[ISCSI] J. Satran, et. al., "iSCSI", draft-ietf-ips-iSCSI-18, [ISCSI] J. Satran, et. al., "iSCSI", draft-ietf-ips-iSCSI-18,
October 2002. October 2002.
[RFC2571] D. Harrington, R. Presuhn, and B. Wijnen, "An Architecture [RFC2571] D. Harrington, R. Presuhn, and B. Wijnen, "An Architecture
for Describing SNMP Management Frameworks", RFC 2571, April for Describing SNMP Management Frameworks", RFC 2571, April
1999. 1999.
[RFC1155] M. Rose and K. McCloghrie, "Structure and Identification of [RFC1155] M. Rose and K. McCloghrie, "Structure and Identification of
Management Information for TCP/IP-based Internets", STD 16, Management Information for TCP/IP-based Internets", STD 16,
skipping to change at page 68, line 46 skipping to change at page 69, line 23
Network Addresses", RFC 3291, May 2002. Network Addresses", RFC 3291, May 2002.
[SCSI-MIB] M. Hallak-Stamler, et. al., "Definitions of Managed Objects [SCSI-MIB] M. Hallak-Stamler, et. al., "Definitions of Managed Objects
for SCSI Entities", draft-ietf-ips-scsi-mib-03.txt, June for SCSI Entities", draft-ietf-ips-scsi-mib-03.txt, June
2002. 2002.
[AUTH-MIB] M. Bakke, J. Muchow, "Definitions of Managed Objects for [AUTH-MIB] M. Bakke, J. Muchow, "Definitions of Managed Objects for
User Identity Authentication", draft-ietf-ips-auth- User Identity Authentication", draft-ietf-ips-auth-
mib-02.txt, September 2002. mib-02.txt, September 2002.
10. Informative References 7. Informative References
[RFC1901] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser, [RFC1901] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser,
"Introduction to Community-based SNMPv2", RFC 1901, January "Introduction to Community-based SNMPv2", RFC 1901, January
1996. 1996.
[RFC1906] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser, [RFC1906] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser,
"Transport Mappings for Version 2 of the Simple Network "Transport Mappings for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1906, January 1996. Management Protocol (SNMPv2)", RFC 1906, January 1996.
[RFC2572] J. Case, D. Harrington, R. Presuhn, and B. Wijnen, "Message [RFC2572] J. Case, D. Harrington, R. Presuhn, and B. Wijnen, "Message
skipping to change at page 69, line 36 skipping to change at page 70, line 13
Protocol (SNMP)", RFC 2575, April 1999. Protocol (SNMP)", RFC 2575, April 1999.
[RFC2570] J. Case, R. Mundy, D. Partain, and B. Stewart, "Introduction [RFC2570] J. Case, R. Mundy, D. Partain, and B. Stewart, "Introduction
to Version 3 of the Internet-standard Network Management to Version 3 of the Internet-standard Network Management
Framework", RFC 2570, April 1999. Framework", RFC 2570, April 1999.
[RFC2012] K. McCloghrie, "SNMPv2 Management Information Base for the [RFC2012] K. McCloghrie, "SNMPv2 Management Information Base for the
Transmission Control Protocol using SMIv2", RFC 2012, Transmission Control Protocol using SMIv2", RFC 2012,
November 1996. November 1996.
11. Authors' Addresses 8. Authors' Addresses
Mark Bakke Mark Bakke
Postal: Cisco Systems, Inc Postal: Cisco Systems, Inc
6450 Wedgwood Road, Suite 130 6450 Wedgwood Road, Suite 130
Maple Grove, MN Maple Grove, MN
USA 55311 USA 55311
Tel: +1 763-398-1000 Tel: +1 763-398-1000
Fax: +1 763-398-1001 Fax: +1 763-398-1001
skipping to change at page 70, line 15 skipping to change at page 70, line 37
Postal: Hewlett-Packard Postal: Hewlett-Packard
Networked Storage Architecture Networked Storage Architecture
Networked Storage Solutions Org. Networked Storage Solutions Org.
8000 Foothills Blvd. 8000 Foothills Blvd.
Roseville, CA Roseville, CA
USA 95747 USA 95747
Tel: +1 916-785-2656 Tel: +1 916-785-2656
Tel: +1 916-785-0391 Tel: +1 916-785-0391
Email: marjorie_krueger@hp.com E-mail: marjorie_krueger@hp.com
Tom McSweeney Tom McSweeney
Postal: IBM Corporation Postal: IBM Corporation
600 Park Offices Drive 600 Park Offices Drive
Research Triangle Park, NC Research Triangle Park, NC
USA 27709 USA 27709
Tel: +1-919-254-5634 Tel: +1-919-254-5634
Fax: +1-919-254-0391 Fax: +1-919-254-0391
skipping to change at line 3322 skipping to change at page 71, line 14
Jim Muchow Jim Muchow
Postal: Cisco Systems, Inc Postal: Cisco Systems, Inc
6450 Wedgwood Road, Suite 130 6450 Wedgwood Road, Suite 130
Maple Grove, MN Maple Grove, MN
USA 55311 USA 55311
Tel: +1 763-398-1000 Tel: +1 763-398-1000
Fax: +1 763-398-1001 Fax: +1 763-398-1001
E-mail: jmuchow@cisco.com" E-mail: jmuchow@cisco.com"
9. Full Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/