--- 1/draft-ietf-pint-mib-04.txt 2007-12-18 18:54:42.000000000 +0100 +++ 2/draft-ietf-pint-mib-05.txt 2007-12-18 18:54:42.000000000 +0100 @@ -1,27 +1,44 @@ PINT Working Group Murali Krishnaswamy Internet Draft Lucent Technologies Dan Romascanu Avaya Communication -Expires March 2001 6 September 2000 +Expires May 2001 16 November 2000 Management Information Base for the PINT Services Architecture - + Abstract This memo describes a proposed MIB for the PINT Services Architecture. +Table of Contents + + Status of this Memo 1 + Abstract 1 + 1 Introduction 2 + 2 The SNMP Management Framework 2 + 3 The need for PINT Services monitoring MIB 3 + 4 PINT MIB Overview 4 + 5 Definitions 5 + 6 Acknowledgements 17 + 7 Security Considerations 18 + 8 IANA Considerations 18 + 9 Intellectual Property 18 + 10 References 19 + 11 Author's Address 20 + A Full Copyright Statement 21 + Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any @@ -108,60 +125,60 @@ a PSTN network. This network is well known for robust handling of the requests, in terms of availability and security. However when the requests originate from the Internet there is a concern both on the part of the user as well as the provider about issues like reliable forwarding of the call requests to the PINT gateway under various network conditions, user/host authentication, secure handling of the user information etc. Performance and security management becomes all the more important where PINT services cross multiple administrative domains (or providers). - This MIB is an attempt to list the parameters that need to be - monitored on an user, PINT client, PINT server and PINT gateway basis. + This MIB is an attempt to list the parameters that need to be moni- + tored on an user, PINT client, PINT server and PINT gateway basis. (PINT services, their invocation methods/protocols and security issues associated with the PINT architecture are discussed in detail in [18]). 4. PINT MIB - Overview Following is a list of some explanations on the MIB definitions that we have chosen to construct. o The basic purpose of this MIB is to monitor the access to PINT services both from the performance and security point of view. Information may pertain to a certain user or his/her system (PINT client) or the system providing the PINT services (PINT server) or the PINT gateway that forwards the call to the PSTN network. - o We propose to build the configuration table as an extension of - the Application MIB - RFC 2287 [19] using the augments clause. - Server location and contact might be retrieved from the - standard MIB-II sysLocation and sysContact objects. There is no - need to replicate this information in the PINT MIB. However, the - PINT administrator may be a different person than the sysadmin - with global responsibilities, thus a pintSysContact object is + o We chose to build the configuration table as an extension of the + Application MIB - RFC 2287 [19] using the augments construct. + Server location and contact might be retrieved from the standard + MIB-II sysLocation and sysContact objects. There is no need to + replicate this information in the PINT MIB. However, the PINT + administrator may be a different person than the sysadmin with + global responsibilities, thus a pintSysContact object is defined. o We chose to monitor the gateway connections from the PINT - server. While the agent runs in the PINT servers, the links - to the gateways might need to be monitored in order to + server. While the agent runs in the PINT servers, the connec- + tions to the gateways might need to be monitored in order to understand what goes on. We placed them in a separate MIB group, and by using MODULE-COMPLIANCE clauses, agents that cannot implement this stuff will not be mandated to do it. - o There is no traps definition in this preliminary proposal. Note - that thresholding on counters is always possible by using a - standard mechanism defined by the Remote Monitoring MIB, that - can be referenced here. Some events that may be defined by using - this mechanisms: + o There is no traps definition in this MIB module. Note that + thresholding on counters is always possible by using a standard + mechanism defined by the Remote Monitoring MIB, that can be ref- + erenced here. Some events that may be defined by using this + mechanisms: * continuous login/authentication failure or refusal from a particular client or user * nuisance call - repeated calls (within a specified period) to a number originating from the same user o The client performance and user performance tables may be rather resource demanding for an agent implementation. In some MIBs, like the Remote Monitoring (RMON) MIBs, control mechanisms were @@ -173,82 +190,88 @@ o We built a time-distribution trying to cover both short-lived, as well as longer sessions (1-10 secs, 10 secs - 1 min., 1-15 min., 15 mins-24 hours, longer). o PintServerClientAddress is defined as a SnmpAdminString. It may include an IpAddress and/or name, but we preferred to minimize the number of indices at this stage, and keep a human-readable format at the same time. o We define pintServerUserIdName as the UserId. This UserId needs - to be unique across multiple PINT servers and gateways depending - on the architecture, and is mapped to the SessionId. One + to be unique across multiple PINT servers and gateways (depend- + ing on the architecture) and is mapped to the SessionId. One way to achieve this uniqueness is by appending clientId to the UserId string before sending to the PINT server. The SessionId could then be a combination of this new UserId and a timestamp. 5. Definitions PINT-MIB DEFINITIONS ::= BEGIN IMPORTS OBJECT-TYPE, Counter32, MODULE-IDENTITY, mib-2 FROM SNMPv2-SMI TEXTUAL-CONVENTION FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF sysApplInstallPkgEntry FROM SYSAPPL-MIB SnmpAdminString - FROM SNMP-FRAMEWORK-MIB; -- RFC 2271 [20] + FROM SNMP-FRAMEWORK-MIB; -- RFC 2571 [2] pintMib MODULE-IDENTITY - LAST-UPDATED "0009061900Z" + LAST-UPDATED "200011161400Z" + ORGANIZATION "IETF PINT Working Group" CONTACT-INFO " Chairs: Steve Bellovin E-mail: smb@research.att.com Igor Faynberg E-mail: faynberg@lucent.com +Authors: Murali Krishnaswamy Postal: 3C-512, 101 Crawfords Corner Rd. Holmdel, NJ 07733 Tel: +1 (732)949-3611 FAX: +1 (732)949-3210 E-mail: murali@lucent.com Dan Romascanu Postal: Atidim Technology Park, Bldg 3 Tel Aviv, Israel Tel: +972 3 6458414 E-mail: dromasca@avaya.com General Discussion:pint@lists.bell-labs.com To Subscribe: pint-request@lists.bell-labs.com In Body: subscribe your-email-addres Archive: http://www.bell-labs.com/mailing-lists/pint/ " DESCRIPTION + "Revised version - editorial and MIB corrections + following Area Director Review" +REVISION "200009061900Z" +DESCRIPTION "Revised version - editorial and MIB corrections" -REVISION "0009061900Z" +REVISION "200009061900Z" DESCRIPTION "This MIB defines the objects necessary to monitor PINT Services" -REVISION "0007241525Z" +REVISION "200007241525Z" DESCRIPTION "Initial version, published as RFC xxxx." -::= { mib-2 99999 } -- Not an IANA number +::= { mib-2 xxxx } -- To be assigned by IANA PintServiceType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This TC describes the type of a PINT service." SYNTAX INTEGER { r2C(1), -- Request-to-Talk r2F(2), -- Request-to-Fax r2FB(3), -- Request-to-Fax-Back r2HC(4) -- Request-to-Hear-Content @@ -388,24 +411,23 @@ performance statistics collection period." INDEX {pintServerServiceTypeIndex, pintServerPerfStatPeriodIndex} ::= { pintServerGlobalStatsTable 1 } PintServerGlobalStatsEntry ::= SEQUENCE { pintServerServiceTypeIndex PintServiceType, pintServerPerfStatPeriodIndex PintPerfStatPeriod, pintServerGlobalCallsReceived Counter32, pintServerGlobalSuccessfulCalls Counter32, pintServerGlobalDisconnectedCalls Counter32, -pintServerGlobalDisconnectedClientUserAuthorizationFailureCalls -Counter32, -pintServerGlobalDisconnectedServerProblemCalls Counter32, -pintServerGlobalDisconnectedGatewayProblemCalls Counter32 +pintServerGlobalDisCUAutFCalls Counter32, +pintServerGlobalDisServProbCalls Counter32, +pintServerGlobalDisGatProbCalls Counter32 } pintServerServiceTypeIndex OBJECT-TYPE SYNTAX PintServiceType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique identifier of the monitored service." ::= { pintServerGlobalStatsEntry 1 } @@ -435,40 +457,40 @@ ::= { pintServerGlobalStatsEntry 4 } pintServerGlobalDisconnectedCalls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of global disconnected (failed) calls." ::= { pintServerGlobalStatsEntry 5 } -pintServerGlobalDisconnectedClientUserAuthorizationFailureCalls +pintServerGlobalDisCUAutFCalls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of global calls that were disconnected because of client or user authorization failure." ::= { pintServerGlobalStatsEntry 6 } -pintServerGlobalDisconnectedServerProblemCalls OBJECT-TYPE +pintServerGlobalDisServProbCalls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of global calls that were disconnected because of server problems." ::= { pintServerGlobalStatsEntry 7 } -pintServerGlobalDisconnectedGatewayProblemCalls OBJECT-TYPE +pintServerGlobalDisGatProbCalls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of global calls that were disconnected because of gateway problems." ::= { pintServerGlobalStatsEntry 8 } pintServerClientStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF PintServerClientStatsEntry @@ -489,23 +511,22 @@ period." INDEX {pintServerClientAddress, pintServerServiceTypeIndex, pintServerPerfStatPeriodIndex} ::= { pintServerClientStatsTable 1 } PintServerClientStatsEntry ::= SEQUENCE { pintServerClientAddress SnmpAdminString, pintServerClientCallsReceived Counter32, pintServerClientSuccessfulCalls Counter32, pintServerClientDisconnectedCalls Counter32, -pintServerClientDisconnectedClientAuthorizationFailureCalls -Counter32, -pintServerClientDisconnectedEgressFacilityProblemCalls Counter32 +pintServerClientDisCAutFCalls Counter32, +pintServerClientDisEFProbCalls Counter32 } pintServerClientAddress OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique identifier of the monitored client identified by its address represented as as a string." ::= { pintServerClientStatsEntry 1 } @@ -528,31 +549,31 @@ pintServerClientDisconnectedCalls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of calls received from the client, and that were disconnected (failed)." ::= { pintServerClientStatsEntry 4 } -pintServerClientDisconnectedClientAuthorizationFailureCalls +pintServerClientDisCAutFCalls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of calls from the client that were disconnected because of client authorization failure." ::= { pintServerClientStatsEntry 5 } -pintServerClientDisconnectedEgressFacilityProblemCalls OBJECT-TYPE +pintServerClientDisEFProbCalls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of calls from the client that were disconnected because of egress facility problems." ::= { pintServerClientStatsEntry 6 } pintServerUserIdStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF PintServerUserIdStatsEntry @@ -563,37 +584,41 @@ ::= { pintServerUserIdPerf 1 } pintServerUserIdStatsEntry OBJECT-TYPE SYNTAX PintServerUserIdStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entries in the user statistics table. One entry is defined for each user identified by name, each monitored service type and performance statistics collection - period." + period. + + It is assumed that the capabilities of the pint server + are enough to accommodate the number of entries in this table. + It is a local server implementation issue if an aging mechanism + Is implemented in order to avoid scalability problems." INDEX {pintServerUserIdName, pintServerServiceTypeIndex, pintServerPerfStatPeriodIndex} ::= { pintServerUserIdStatsTable 1 } PintServerUserIdStatsEntry ::= SEQUENCE { pintServerUserIdName SnmpAdminString, pintServerUserIdCallsReceived Counter32, pintServerUserIdSuccessfulCalls Counter32, pintServerUserIdDisconnectedCalls Counter32, -pintServerUserIdDisconnectedUserIdAuthorizationFailureCalls -Counter32, -pintServerUserIdDisconnectedEgressFacilityProblemCalls Counter32 +pintServerUserIdDiscUIdAFailCalls Counter32, +pintServerUserIdEFProbCalls Counter32 } pintServerUserIdName OBJECT-TYPE - SYNTAX SnmpAdminString + SYNTAX SnmpAdminString (SIZE(0..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique identifier of the monitored user identified by its name." ::= { pintServerUserIdStatsEntry 1 } pintServerUserIdCallsReceived OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only @@ -611,31 +636,32 @@ ::= { pintServerUserIdStatsEntry 3 } pintServerUserIdDisconnectedCalls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of calls received from the user that were disconnected (failed)." ::= { pintServerUserIdStatsEntry 4 } -pintServerUserIdDisconnectedUserIdAuthorizationFailureCalls +pintServerUserIdDiscUIdAFailCalls + OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of calls from the user that were disconnected because of user authorization failure." ::= { pintServerUserIdStatsEntry 5 } -pintServerUserIdDisconnectedEgressFacilityProblemCalls OBJECT-TYPE +pintServerUserIdEFProbCalls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of calls from the user that were disconnected because of egress facility problems." ::= { pintServerUserIdStatsEntry 6 } pintServerGatewayStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF PintServerGatewayStatsEntry @@ -725,35 +751,34 @@ "A collection of objects providing configuration information for a PINT Server." ::= { pintMibGroups 1 } pintMibMonitorGroup OBJECT-GROUP OBJECTS { pintServerGlobalCallsReceived, pintServerGlobalSuccessfulCalls, pintServerGlobalDisconnectedCalls, -pintServerGlobalDisconnectedClientUserAuthorizationFailureCalls, -pintServerGlobalDisconnectedServerProblemCalls, -pintServerGlobalDisconnectedGatewayProblemCalls, +pintServerGlobalDisCUAutFCalls, +pintServerGlobalDisServProbCalls, +pintServerGlobalDisGatProbCalls, pintServerClientCallsReceived, pintServerClientSuccessfulCalls, pintServerClientDisconnectedCalls, -pintServerClientDisconnectedClientAuthorizationFailureCalls, -pintServerClientDisconnectedEgressFacilityProblemCalls, +pintServerClientDisCAutFCalls, +pintServerClientDisEFProbCalls, --pintServerUserIdName, pintServerUserIdCallsReceived, - pintServerUserIdSuccessfulCalls, pintServerUserIdDisconnectedCalls, -pintServerUserIdDisconnectedUserIdAuthorizationFailureCalls, -pintServerUserIdDisconnectedEgressFacilityProblemCalls, +pintServerUserIdDiscUIdAFailCalls, +pintServerUserIdEFProbCalls, pintServerGatewayCallsReceived, pintServerGatewaySuccessfulCalls, pintServerGatewayDisconnectedCalls } STATUS current DESCRIPTION "A collection of objects providing monitoring information for a PINT Server." ::= { pintMibGroups 2 } @@ -781,76 +806,98 @@ is thus important to control even GET access to these objects and possibly to even encrypt the values of these object when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. - It is recommended that the implementers consider the security - features as provided by the SNMPv3 framework. Specifically, the use - of the User-based Security Model RFC 2574 [13] and the View- based + It is recommended that the implementers consider the security fea- + tures as provided by the SNMPv3 framework. Specifically, the use of + the User-based Security Model RFC 2574 [13] and the View- based Access Control Model RFC 2575 [16] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly config- ured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/cre- ate/delete) them. 8. IANA Considerations All extensions to the values listed in this MIB must be done through -Standards Action processes as defined in RFC 2434 [21]. +Standards Action processes as defined in RFC 2434 [20]. -9. References +9. Intellectual Property + + The IETF takes no position regarding the validity or scope of any + intellectual property or other rights that might be claimed to per- + tain to the implementation or use of the technology described in this + document or the extent to which any license under such rights might + or might not be available; neither does it represent that it has made + any effort to identify any such rights. Information on the IETF's + procedures with respect to rights in standards-track and standards- + related documentation can be found in BCP-11. Copies of claims of + rights made available for publication and any assurances of licenses + to be made available, or the result of an attempt made to obtain a + general license or permission for the use of such proprietary rights + by implementors or users of this specification can be obtained from + the IETF Secretariat. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights which may cover technology that may be required to practice + this standard. Please address the information to the IETF Executive + Director. + +10. References [1] H.Lu, et. al, "Toward the PSTN/Internet Inter-Networking --Pre- PINT Implementations", RFC 2458, November 1998. [2] Wijnen, B., Harrington, D., and Presuhn, R., "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999. -[3] Rose, M. and McCloghrie, K., "Structure and Identification of - Management Information for TCP/IP-based Internets", RFC 1155, May +[3] Rose, M. and McCloghrie, K., "Structure and Identification of Man- + agement Information for TCP/IP-based Internets", RFC 1155, May 1990. [4] Rose, M. and McCloghrie, K., "Concise MIB Definitions", RFC 1212, March 1991. [5] Rose, M., "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. [6] McCloghrie, K., Perkins, D., and Schoenwaelder, J., "Structure of Management Information Version 2 (SMIv2)", RFC 2578, April 1999. -[7] McCloghrie, K., Perkins, D., and Schoenwaelder, J., "Textual - Conventions for SMIv2", RFC 2579, April 1999. +[7] McCloghrie, K., Perkins, D., and Schoenwaelder, J., "Textual Con- + ventions for SMIv2", RFC 2579, April 1999. [8] McCloghrie, K., Perkins, D., and Schoenwaelder, J., "Conformance Statements for SMIv2", RFC 2580, April 1999. -[9] Case, J., Fedor, M., Schoffstall, M., and Davin, J., "Simple - Network Management Protocol", RFC 1157, May 1990. +[9] Case, J., Fedor, M., Schoffstall, M., and Davin, J., "Simple Net- + work Management Protocol", RFC 1157, May 1990. -[10] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., - "Introduction to Community-based SNMPv2", RFC 1901, January 1996. +[10] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Introduc- + tion to Community-based SNMPv2", RFC 1901, January 1996. [11] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. -[12] Case, J., Harrington D., Presuhn R., and Wijnen, B., "Message - Processing and Dispatching for the Simple Network Management - Protocol (SNMP)", RFC 2572, April 1999. +[12] Case, J., Harrington D., Presuhn R., and Wijnen, B., "Message Pro- + cessing and Dispatching for the Simple Network Management Protocol + (SNMP)", RFC 2572, April 1999. [13] Blumenthal, U. and Wijnen, B., "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [14] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [15] Levi, D., Meyer, P., and Stewart, B., "SNMPv3 Applications", RFC @@ -864,32 +911,28 @@ Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999. [18] S. Petrack, L. Conroy, "The PINT Service Protocol: Extensions to SIP and SDP for IP Access to Telephone Call Services", draft-ietf- pint-protocol-01.txt, 14 July 1999. [19] C. Krupczak, J. Saperia, "Definitions of System-Level Managed Objects for Applications", RFC 2287, February 1998. -[20] D. Harrington, R. Presuhn, B. Wijnen, "An Architecture for - Describing SNMP Management Frameworks", RFC 2271, January 1998. - -[21] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA Consid- +[20] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA Consid- erations Section in RFCs", RFC 2434, October 1998. -10. Authors' Addresses +11. Authors' Addresses Murali Krishnaswamy Lucent Technologies 3C-512, 101 Crawfords Corner Rd. - Holmdel, NJ 07733 Tel: +1 (732)949-3611 Fax: +1 (732)949-3210 E-mail: murali@lucent.com Dan Romascanu Avaya Communication Atidim Technology Park, Bldg 3 Tel Aviv, Israel Tel: +972 3 6458414 @@ -886,11 +929,37 @@ Holmdel, NJ 07733 Tel: +1 (732)949-3611 Fax: +1 (732)949-3210 E-mail: murali@lucent.com Dan Romascanu Avaya Communication Atidim Technology Park, Bldg 3 Tel Aviv, Israel Tel: +972 3 6458414 - E-mail: dromasca@lucent.com + E-mail: dromasca@avaya.com + +A. Full Copyright Statement + +This document and translations of it may be copied and furnished to +others, and derivative works that comment on or otherwise explain it +or assist in its implementation may be prepared, copied, published +and distributed, in whole or in part, without restriction of any +kind, provided that the above copyright notice and this paragraph are +included on all such copies and derivative works. However, this +document itself may not be modified in any way, such as by removing +the copyright notice or references to the Internet Society or other +Internet organizations, except as needed for the purpose of +developing Internet standards in which case the procedures for +copyrights defined in the Internet Standards process must be +followed, or as required to translate it into languages other than +English. + +The limited permissions granted above are perpetual and will not be +revoked by the Internet Society or its successors or assigns. + +This document and the information contained herein is provided on an +"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.