--- 1/draft-ietf-pint-mib-03.txt 2007-12-18 18:54:41.000000000 +0100 +++ 2/draft-ietf-pint-mib-04.txt 2007-12-18 18:54:41.000000000 +0100 @@ -1,18 +1,21 @@ PINT Working Group Murali Krishnaswamy Internet Draft Lucent Technologies Dan Romascanu Avaya Communication + +Expires March 2001 6 September 2000 + Management Information Base for the PINT Services Architecture - + Abstract This memo describes a proposed MIB for the PINT Services Architecture. Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026. Internet-Drafts are working @@ -102,54 +105,54 @@ 3. The need for PINT services monitoring MIB Traditionally voice (and fax) requests originate and terminate inside a PSTN network. This network is well known for robust handling of the requests, in terms of availability and security. However when the requests originate from the Internet there is a concern both on the part of the user as well as the provider about issues like reliable forwarding of the call requests to the PINT gateway under various network conditions, user/host authentication, secure handling of the user information etc. Performance and security management becomes - all the more important where PINT services cross multiple administra- - tive domains (or providers). + all the more important where PINT services cross multiple + administrative domains (or providers). - This MIB is an attempt to list the parameters that need to be moni- - tored on an user, PINT client, PINT server and PINT gateway basis. + This MIB is an attempt to list the parameters that need to be + monitored on an user, PINT client, PINT server and PINT gateway basis. (PINT services, their invocation methods/protocols and security issues associated with the PINT architecture are discussed in detail in [18]). 4. PINT MIB - Overview Following is a list of some explanations on the MIB definitions that we have chosen to construct. o The basic purpose of this MIB is to monitor the access to PINT services both from the performance and security point of view. Information may pertain to a certain user or his/her system (PINT client) or the system providing the PINT services (PINT server) or the PINT gateway that forwards the call to the PSTN network. o We propose to build the configuration table as an extension of - the Application MIB - RFC 2287 [19] using the augments con- - struct. Server location and contact might be retrieved from the + the Application MIB - RFC 2287 [19] using the augments clause. + Server location and contact might be retrieved from the standard MIB-II sysLocation and sysContact objects. There is no need to replicate this information in the PINT MIB. However, the PINT administrator may be a different person than the sysadmin with global responsibilities, thus a pintSysContact object is defined. o We chose to monitor the gateway connections from the PINT - server. While the agent runs in the PINT servers, the connec- - tions to the gateways might need to be monitored in order to + server. While the agent runs in the PINT servers, the links + to the gateways might need to be monitored in order to understand what goes on. We placed them in a separate MIB group, and by using MODULE-COMPLIANCE clauses, agents that cannot implement this stuff will not be mandated to do it. o There is no traps definition in this preliminary proposal. Note that thresholding on counters is always possible by using a standard mechanism defined by the Remote Monitoring MIB, that can be referenced here. Some events that may be defined by using this mechanisms: @@ -170,49 +173,47 @@ o We built a time-distribution trying to cover both short-lived, as well as longer sessions (1-10 secs, 10 secs - 1 min., 1-15 min., 15 mins-24 hours, longer). o PintServerClientAddress is defined as a SnmpAdminString. It may include an IpAddress and/or name, but we preferred to minimize the number of indices at this stage, and keep a human-readable format at the same time. o We define pintServerUserIdName as the UserId. This UserId needs - to be unique across multiple PINT servers and gateways (depend- - ing on the architecture) and is mapped to the SessionId. One + to be unique across multiple PINT servers and gateways depending + on the architecture, and is mapped to the SessionId. One way to achieve this uniqueness is by appending clientId to the UserId string before sending to the PINT server. The SessionId could then be a combination of this new UserId and a timestamp. 5. Definitions PINT-MIB DEFINITIONS ::= BEGIN IMPORTS OBJECT-TYPE, Counter32, MODULE-IDENTITY, mib-2 FROM SNMPv2-SMI TEXTUAL-CONVENTION FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF - SysApplInstallPkgIndex + sysApplInstallPkgEntry FROM SYSAPPL-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB; -- RFC 2271 [20] pintMib MODULE-IDENTITY - LAST-UPDATED "200007241525Z" + LAST-UPDATED "0009061900Z" ORGANIZATION "IETF PINT Working Group" - CONTACT-INFO - " + CONTACT-INFO " Chairs: - Steve Bellovin E-mail: smb@research.att.com Igor Faynberg E-mail: faynberg@lucent.com Murali Krishnaswamy Postal: 3C-512, 101 Crawfords Corner Rd. Holmdel, NJ 07733 Tel: +1 (732)949-3611 @@ -225,55 +226,58 @@ Tel: +972 3 6458414 E-mail: dromasca@avaya.com General Discussion:pint@lists.bell-labs.com To Subscribe: pint-request@lists.bell-labs.com In Body: subscribe your-email-addres Archive: http://www.bell-labs.com/mailing-lists/pint/ " DESCRIPTION + "Revised version - editorial and MIB corrections" +REVISION "0009061900Z" +DESCRIPTION "This MIB defines the objects necessary to monitor PINT Services" - REVISION "200007241525Z" +REVISION "0007241525Z" DESCRIPTION "Initial version, published as RFC xxxx." ::= { mib-2 99999 } -- Not an IANA number PintServiceType ::= TEXTUAL-CONVENTION STATUS current +DESCRIPTION + "This TC describes the type of a PINT service." SYNTAX INTEGER { r2C(1), -- Request-to-Talk r2F(2), -- Request-to-Fax r2FB(3), -- Request-to-Fax-Back r2HC(4) -- Request-to-Hear-Content } -DESCRIPTION - "This TC describes the type of a PINT service." PintPerfStatPeriod ::= TEXTUAL-CONVENTION STATUS current - SYNTAX INTEGER { - last30sec(1), -- Performance Statics for the last 30 sec - last15min(2), -- 15 min - last24Hr(3), -- 24 Hour - sinceReboot(4) -- Since the time the pint server was - -- last rebooted - } DESCRIPTION "This TC describes the statistics period of time. Note that the values of the counters indexed with a value SinceReboot(4) can be potentially affected by a counter rollover. It is the responsibility of the application using this object to take into account that the counter has been zeroed each time it reached a value of (2**32-1)." +SYNTAX INTEGER { +last30sec(1), -- Performance Statics for the last 30 sec +last15min(2), -- 15 min +last24Hr(3), -- 24 Hour +sinceReboot(4) -- Since the time the pint server was +-- last rebooted +} pintServerConfig OBJECT IDENTIFIER ::= { pintMib 1 } pintServerMonitor OBJECT IDENTIFIER ::= { pintMib 2 } pintMibConformance OBJECT IDENTIFIER ::= { pintMib 3 } -- pintServerConfig - PINT configuration MIB variables pintReleaseNumber OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only @@ -299,21 +303,21 @@ DESCRIPTION "Table describing the PINT applications that are installed." ::= { pintServerConfig 3 } pintApplInstallPkgEntry OBJECT-TYPE SYNTAX PintApplInstallPkgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entries per PINT Application." - AUGMENTS { sysApplInstallPkgIndex } + AUGMENTS { sysApplInstallPkgEntry } ::= { pintApplInstallPkgTable 1 } PintApplInstallPkgEntry ::= SEQUENCE { pintApplInstallPkgDescription SnmpAdminString } pintApplInstallPkgDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current @@ -328,31 +332,31 @@ DESCRIPTION "Table describing the registered gateway applications." ::= { pintServerConfig 4 } pintRegisteredGatewayEntry OBJECT-TYPE SYNTAX PintRegisteredGatewayEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entries per Registered Gateway Application." - AUGMENTS { sysApplInstallPkgIndex, pintRegisteredGatewayName } +AUGMENTS { sysApplInstallPkgEntry } ::= { pintRegisteredGatewayTable 1 } - pintRegisteredGatewayEntry ::= SEQUENCE { - pintRegisteredGatewayName SnmpAdminString +PintRegisteredGatewayEntry ::= SEQUENCE { +pintRegisteredGatewayName SnmpAdminString, pintRegisteredGatewayDescription SnmpAdminString } pintRegisteredGatewayName OBJECT-TYPE SYNTAX SnmpAdminString - MAX-ACCESS not-accessible + MAX-ACCESS read-only STATUS current DESCRIPTION "Name of the registered gateway." ::= { pintRegisteredGatewayEntry 1 } pintRegisteredGatewayDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION @@ -566,21 +569,21 @@ DESCRIPTION "Entries in the user statistics table. One entry is defined for each user identified by name, each monitored service type and performance statistics collection period." INDEX {pintServerUserIdName, pintServerServiceTypeIndex, pintServerPerfStatPeriodIndex} ::= { pintServerUserIdStatsTable 1 } PintServerUserIdStatsEntry ::= SEQUENCE { -pintServerUserIdName UserIdName, +pintServerUserIdName SnmpAdminString, pintServerUserIdCallsReceived Counter32, pintServerUserIdSuccessfulCalls Counter32, pintServerUserIdDisconnectedCalls Counter32, pintServerUserIdDisconnectedUserIdAuthorizationFailureCalls Counter32, pintServerUserIdDisconnectedEgressFacilityProblemCalls Counter32 } pintServerUserIdName OBJECT-TYPE SYNTAX SnmpAdminString @@ -608,22 +611,21 @@ ::= { pintServerUserIdStatsEntry 3 } pintServerUserIdDisconnectedCalls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of calls received from the user that were disconnected (failed)." ::= { pintServerUserIdStatsEntry 4 } - -pintServerUserIdDisconnectedUserIdUserAuthorizationFailureCalls +pintServerUserIdDisconnectedUserIdAuthorizationFailureCalls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of calls from the user that were disconnected because of user authorization failure." ::= { pintServerUserIdStatsEntry 5 } pintServerUserIdDisconnectedEgressFacilityProblemCalls OBJECT-TYPE @@ -647,21 +649,21 @@ SYNTAX PintServerGatewayStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entries in the gateway table. One entry is defined for each gateway identified by name, each monitored service type and performance statistics collection period." INDEX { pintRegisteredGatewayName, pintServerServiceTypeIndex, - pintServerPerfStatPeriodIndex + pintServerPerfStatPeriodIndex } ::= { pintServerGatewayStatsTable 1 } PintServerGatewayStatsEntry ::= SEQUENCE { pintServerGatewayCallsReceived Counter32, pintServerGatewaySuccessfulCalls Counter32, pintServerGatewayDisconnectedCalls Counter32 } pintServerGatewayCallsReceived OBJECT-TYPE SYNTAX Counter32 @@ -719,36 +722,34 @@ } STATUS current DESCRIPTION "A collection of objects providing configuration information for a PINT Server." ::= { pintMibGroups 1 } pintMibMonitorGroup OBJECT-GROUP OBJECTS { -pintServerServiceTypeIndex, -pintServerPerfStatPeriodIndex, pintServerGlobalCallsReceived, pintServerGlobalSuccessfulCalls, pintServerGlobalDisconnectedCalls, pintServerGlobalDisconnectedClientUserAuthorizationFailureCalls, pintServerGlobalDisconnectedServerProblemCalls, pintServerGlobalDisconnectedGatewayProblemCalls, -pintServerClientAddress, pintServerClientCallsReceived, pintServerClientSuccessfulCalls, pintServerClientDisconnectedCalls, pintServerClientDisconnectedClientAuthorizationFailureCalls, pintServerClientDisconnectedEgressFacilityProblemCalls, -pintServerUserIdName, +--pintServerUserIdName, pintServerUserIdCallsReceived, + pintServerUserIdSuccessfulCalls, pintServerUserIdDisconnectedCalls, pintServerUserIdDisconnectedUserIdAuthorizationFailureCalls, pintServerUserIdDisconnectedEgressFacilityProblemCalls, pintServerGatewayCallsReceived, pintServerGatewaySuccessfulCalls, pintServerGatewayDisconnectedCalls } STATUS current DESCRIPTION @@ -780,23 +781,23 @@ is thus important to control even GET access to these objects and possibly to even encrypt the values of these object when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. - It is recommended that the implementers consider the security fea- - tures as provided by the SNMPv3 framework. Specifically, the use of - the User-based Security Model RFC 2574 [13] and the View- based + It is recommended that the implementers consider the security + features as provided by the SNMPv3 framework. Specifically, the use + of the User-based Security Model RFC 2574 [13] and the View- based Access Control Model RFC 2575 [16] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly config- ured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/cre- ate/delete) them. 8. IANA Considerations @@ -805,52 +805,52 @@ Standards Action processes as defined in RFC 2434 [21]. 9. References [1] H.Lu, et. al, "Toward the PSTN/Internet Inter-Networking --Pre- PINT Implementations", RFC 2458, November 1998. [2] Wijnen, B., Harrington, D., and Presuhn, R., "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999. -[3] Rose, M. and McCloghrie, K., "Structure and Identification of Man- - agement Information for TCP/IP-based Internets", RFC 1155, May +[3] Rose, M. and McCloghrie, K., "Structure and Identification of + Management Information for TCP/IP-based Internets", RFC 1155, May 1990. [4] Rose, M. and McCloghrie, K., "Concise MIB Definitions", RFC 1212, March 1991. [5] Rose, M., "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. [6] McCloghrie, K., Perkins, D., and Schoenwaelder, J., "Structure of Management Information Version 2 (SMIv2)", RFC 2578, April 1999. -[7] McCloghrie, K., Perkins, D., and Schoenwaelder, J., "Textual Con- - ventions for SMIv2", RFC 2579, April 1999. +[7] McCloghrie, K., Perkins, D., and Schoenwaelder, J., "Textual + Conventions for SMIv2", RFC 2579, April 1999. [8] McCloghrie, K., Perkins, D., and Schoenwaelder, J., "Conformance Statements for SMIv2", RFC 2580, April 1999. -[9] Case, J., Fedor, M., Schoffstall, M., and Davin, J., "Simple Net- - work Management Protocol", RFC 1157, May 1990. +[9] Case, J., Fedor, M., Schoffstall, M., and Davin, J., "Simple + Network Management Protocol", RFC 1157, May 1990. -[10] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Introduc- - tion to Community-based SNMPv2", RFC 1901, January 1996. +[10] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., + "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [11] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. -[12] Case, J., Harrington D., Presuhn R., and Wijnen, B., "Message Pro- - cessing and Dispatching for the Simple Network Management Protocol - (SNMP)", RFC 2572, April 1999. +[12] Case, J., Harrington D., Presuhn R., and Wijnen, B., "Message + Processing and Dispatching for the Simple Network Management + Protocol (SNMP)", RFC 2572, April 1999. [13] Blumenthal, U. and Wijnen, B., "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [14] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [15] Levi, D., Meyer, P., and Stewart, B., "SNMPv3 Applications", RFC