written 8.5 years ago by
teamques10
★ 68k
|
•
modified 5.5 years ago
|
RFC 3413 defines five types of SNMP applications: command generators, command responders, notification originators, notification receivers, and proxy forwarders. It also defines the Management Information Base (MIB) modules for specifying targets of management operations, for notification filtering, and for proxy forwarding.
1) Command Generator:
- A command generator application makes use of the sendPdu and processResponsePdu Dispatcher primitives.
- The sendPdu provides the Dispatcher with information about the intended destination, security parameters, and the actual PDU to be sent. The Dispatcher then invokes the Message Processing Model, which in turn invokes the Security Model, to prepare the message.
- The Dispatcher hands the prepared message over to the transport layer (for example, UDP) for transmission. If message preparation fails, the return primitive value of the sendPdu, set by the Dispatcher, is an error indication.
- If message preparation succeeds, the Dispatcher assigns a sendPduHandle identifier to this PDU and returns that value to the command generator as the return primitive value of the sendPdu.
- The command generator stores the sendPduHandle so that it can match the subsequent response PDU to the original request.
- The Dispatcher delivers each incoming response PDU to the correct command generator application, using the processResponsePdu primitive. The command generator then performs the following steps.
- First, the command generator examines the parameters in the processResponsePdu primitive. It compares the received values of messageProcessingModel, secutityModel, securityName, contextEngineID, contextName, and pduVersion to those in the corresponding request PDU (using sendPduHandle to identify the request PDU). If not all of these parameters match, the response is discarded. If status Information indicates the request failed, an implementation dependent action is taken, such as resending the request or notifying the principal.
- Next, the command generator examines the contents of the response PDU. It extracts the operation type, request - id, error-status, error-index, and variable-bindings. If the request-id is not equal to the value used in the original request, the response is discarded.
- If steps 1 and 2 succeed, the command generator takes an implementation-dependent action. A command generator application is used to generate get-request, get-next-request, get-bulk, and set-request messages.
The command generator also processes the response received for the command sent. Typically, the command generator application is associated with the network manager process.
Figure7 shows the use of the command generator application using the get-request example.
Command Generator Application
2) Command Responder:
- A command responder application makes use of four Dispatcher primitives (register - ContextEngineID, unregisterContextEngineID, processPdu, returnResponsePdu) and one Access Control Subsystem primitive (isAccessAllowed).
- The registerContextEnginelD primitive enables a command responder application to associate itself with an SNMP engine for the purpose of processing certain PDU types for a context engine.
- Once a command responder has registered, all asynchronously received messages containing the registered combination of contextEnginelD and pduType supported are sent to the command responder that registered to support that combination.
- A command responder can disassociate from an SNMP engine using the unregister ContextEnginelD primitive.
- The Dispatcher delivers each incoming request PDU to the correct command responder application, using the processPdu primitive.
- The command responder then performs the following steps.
- The command responder examines the contents of the request PDU. The operation type must match one of the types previously registered by this application.
- The command responder determines if access is allowed for performing the management operation requested in this PDU. For this purpose, the isAccessAllowed primitive is called.
The security Model parameter indicates which security model the Access Control Subsystem is to use in responding to this call.
The Access Control Subsystem determines if the requesting principal (securityName) at this security level (securityLevel) has permission to request the management operation (viewType) on the management object (variableName) in this context (contextName).
- If access is permitted, the command responder performs the management operation and prepares a response PDU. If access fails, the command responder prepares the appropriate response PDU to signal that failure.
- The command responder calls the Dispatcher with a returnResponsePdu primitive to send the response PDU.
Figure 8 shows the Command Responder Application.
Command Responder Application
3) Notification Generator Applications:
A notification generator application follows the same general procedures used for a command generator application. If an Inform PDU is to be sent, both the sendPdu and processResponsePdu primitives are used, in the same fashion as for command genera-tor applications. If a t rap PDU is to be sent, only the sendPdu primitive is used.
4) Notification Receiver Applications:
A notification receiver application follows a subset of the general procedures as for a command responder application. The notification receiver must first register to receive Inform and/or trap PDUs. Both types of PDUs are received by means of a process Pduprimitive. For an Inform PDU, a returnResponsePdu primitive is used to respond.
5) Proxy Forwarder Applications:
A proxy forwarder application makes use of Dispatcher primitives to forward SNMP messages. The proxy forwarder handles four basic types of messages:
- Messages containing PDU types from a command generator application: The proxy forwarder determines either the target SNMP engine or an SNMP engine that is closer, or downstream, to the target, and sends the appropriate request PDU.
- Messages containing PDU types from a notification originator application: The proxy forwarder determines which SNMP engines should receive the notification and sends the appropriate notification PDU or PDUs.
- Messages containing a response PDU type: The proxy forwarder determines which previously forwarded request or notification, if any, is matched by this response, and sends the appropriate response PDU.
- Messages containing a report indication: report PDUs are SNMPv3 engine-to-engine communications, the proxy forwarder determines which previously forwarded request or notification, if any, is matched by this report indication, and forwards the report indication back to the initiator of the request or notification.