Network Working Group M. Daniele Request for Comments: 2454 Compaq Computer Corporation Category: Standards Track December 1998
Network Working Group M. Daniele Request for Comments: 2454 Compaq Computer Corporation Category: Standards Track December 1998
IP Version 6 Management Information Base for the User Datagram Protocol
用户数据报协议的IP版本6管理信息库
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
Abstract
摘要
This document is one in the series of documents that define various MIB objects for IPv6. Specifically, this document is the MIB module which defines managed objects for implementations of the User Datagram Protocol (UDP) over IP Version 6 (IPv6).
本文档是为IPv6定义各种MIB对象的系列文档之一。具体地说,本文档是MIB模块,它定义了通过IP版本6(IPv6)实现用户数据报协议(UDP)的托管对象。
This document also recommends a specific policy with respect to the applicability of RFC 2013 for implementations of IPv6. Namely, that most of managed objects defined in RFC 2013 are independent of which IP versions underlie UDP, and only the UDP listener information is IP version-specific.
本文件还就RFC 2013对IPv6实施的适用性提出了具体政策建议。也就是说,RFC 2013中定义的大多数托管对象独立于UDP下的IP版本,并且只有UDP侦听器信息是特定于IP版本的。
This memo defines an experimental portion of the Management Information Base (MIB) for use with network management protocols in IPv6-based internets.
本备忘录定义了管理信息库(MIB)的实验部分,用于基于IPv6的Internet中的网络管理协议。
A management system contains: several (potentially many) nodes, each with a processing entity, termed an agent, which has access to management instrumentation; at least one management station; and, a management protocol, used to convey management information between the agents and management stations. Operations of the protocol are carried out under an administrative framework which defines authentication, authorization, access control, and privacy policies.
管理系统包含:几个(可能很多)节点,每个节点都有一个处理实体,称为代理,可以访问管理工具;至少一个管理站;以及管理协议,用于在代理和管理站之间传送管理信息。协议的操作是在一个管理框架下进行的,该框架定义了身份验证、授权、访问控制和隐私策略。
Management stations execute management applications which monitor and control managed elements. Managed elements are devices such as hosts, routers, terminal servers, etc., which are monitored and controlled via access to their management information.
管理站执行管理应用程序,这些应用程序监视和控制被管理的元素。被管理元素是通过访问其管理信息来监视和控制的设备,如主机、路由器、终端服务器等。
Management information is viewed as a collection of managed objects, residing in a virtual information store, termed the Management Information Base (MIB). Collections of related objects are defined in MIB modules. These modules are written using a subset of OSI's Abstract Syntax Notation One (ASN.1) [1], termed the Structure of Management Information (SMI) [2].
管理信息被视为托管对象的集合,驻留在虚拟信息存储中,称为管理信息库(MIB)。相关对象的集合在MIB模块中定义。这些模块是使用OSI抽象语法符号1(ASN.1)[1]的子集编写的,称为管理信息结构(SMI)[2]。
This document is one in the series of documents that define various MIB objects, and statements of conformance, for IPv6. This document defines the required instrumentation for implementations of UDP over IPv6.
本文档是为IPv6定义各种MIB对象和一致性声明的系列文档之一。本文档定义了通过IPv6实现UDP所需的检测。
The fact that UDP is carried over IPv6 as opposed to IPv4, is largely invisible to a UDP implementation. A "UDPng" did not need to be defined, implementations simply need to support IPv6 addresses.
UDP通过IPv6而不是IPv4传输,这一事实对于UDP实现来说基本上是不可见的。不需要定义“UDPng”,实现只需要支持IPv6地址。
As such, the managed objects already defined in [UDP MIB] are sufficient for managing UDP in the presence of IPv6. These objects are equally applicable whether the managed node supports IPv4 only, IPv6 only, or both IPv4 and IPv6.
因此,[UDP MIB]中已定义的托管对象足以在IPv6存在的情况下管理UDP。无论受管节点仅支持IPv4、仅支持IPv6还是同时支持IPv4和IPv6,这些对象都同样适用。
For example, udpInDatagrams counts "The total number of UDP datagrams delivered to UDP users", regardless of which version of IP is used to deliver any of those datagrams.
例如,udpInDatagrams统计“发送给UDP用户的UDP数据报总数”,而不管使用哪个版本的IP发送这些数据报。
Stated differently, UDP implementations don't need separate counters for IPv4 and for IPv6.
换句话说,UDP实现对于IPv4和IPv6不需要单独的计数器。
The exception to the statements in section 3 is the udpTable. Since IPv6 addresses cannot be represented with the IpAddress syntax, not all UDP endpoints can be represented in the udpTable defined in [UDP MIB].
第3节中陈述的例外情况是udpTable。由于IPv6地址不能用IpAddress语法表示,因此并非所有UDP端点都可以在[UDP MIB]中定义的udpTable中表示。
This memo defines a new, separate table to represent only those UDP endpoints that utilize an IPv6 address. UDP endpoints on IPv4 addresses continue to be represented in udpTable [UDP MIB].
此备忘录定义了一个新的单独表,仅表示那些使用IPv6地址的UDP端点。IPv4地址上的UDP端点继续在udpTable[UDP MIB]中表示。
A different approach would have been to define a new table to represent all UDP endpoints regardless of IP version. This would require changes to [UDP MIB] and hence to existing (IPv4-only) UDP implementations. The approach suggested in this memo has the advantage of leaving IPv4-only implementations intact.
另一种方法是定义一个新表来表示所有UDP端点,而不管IP版本如何。这需要更改[UDP MIB],从而更改现有(仅限IPv4)UDP实现。本备忘录中建议的方法的优点是保持只使用IPv4的实现完好无损。
It is assumed that the objects defined in this memo will eventually be defined in an update to [UDP MIB]. For this reason, the module identity is assigned under the experimental portion of the MIB.
假设此备忘录中定义的对象最终将在[UDP MIB]更新中定义。因此,模块标识分配在MIB的实验部分下。
This memo contains conformance statements to define conformance to this MIB for UDP over IPv6 implementations.
此备忘录包含一致性语句,用于定义UDP over IPv6实现与此MIB的一致性。
IPV6-UDP-MIB DEFINITIONS ::= BEGIN
IPV6-UDP-MIB DEFINITIONS ::= BEGIN
IMPORTS MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF MODULE-IDENTITY, OBJECT-TYPE, mib-2, experimental FROM SNMPv2-SMI Ipv6Address, Ipv6IfIndexOrZero FROM IPV6-TC;
从SNMPv2 CONF MODULE-IDENTITY导入MODULE-COMPLIANCE、OBJECT-GROUP、从SNMPv2 SMI导入mib-2、从IPV6-TC导入实验性的ipv6iIndexorZero、从SNMPv2 SMI导入IPV6地址;
ipv6UdpMIB MODULE-IDENTITY LAST-UPDATED "9801290000Z" ORGANIZATION "IETF IPv6 MIB Working Group" CONTACT-INFO " Mike Daniele
ipv6UdpMIB模块标识最后更新的“980129000Z”组织“IETF IPv6 MIB工作组”联系人信息“Mike Daniele
Postal: Compaq Computer Corporation 110 Spitbrook Rd Nashua, NH 03062. US
邮政:康柏计算机公司,地址:新罕布什尔州纳舒亚市斯皮布鲁克路110号,邮编:03062。我们
Phone: +1 603 884 1423 Email: daniele@zk3.dec.com" DESCRIPTION "The MIB module for entities implementing UDP over IPv6." ::= { experimental 87 }
Phone: +1 603 884 1423 Email: daniele@zk3.dec.com" DESCRIPTION "The MIB module for entities implementing UDP over IPv6." ::= { experimental 87 }
-- objects specific to UDP for IPv6
--特定于IPv6的UDP的对象
udp OBJECT IDENTIFIER ::= { mib-2 7 }
udp OBJECT IDENTIFIER ::= { mib-2 7 }
-- the UDP over IPv6 Listener table
--IPv6上的UDP侦听器表
-- This table contains information about this entity's -- UDP/IPv6 endpoints. Only endpoints utilizing IPv6 addresses -- are contained in this table. This entity's UDP/IPv4 endpoints -- are contained in udpTable.
-- This table contains information about this entity's -- UDP/IPv6 endpoints. Only endpoints utilizing IPv6 addresses -- are contained in this table. This entity's UDP/IPv4 endpoints -- are contained in udpTable.
ipv6UdpTable OBJECT-TYPE SYNTAX SEQUENCE OF Ipv6UdpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing UDP listener information for UDP/IPv6 endpoints." ::= { udp 6 }
ipv6UdpTable OBJECT-TYPE SYNTAX SEQUENCE OF Ipv6UdpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing UDP listener information for UDP/IPv6 endpoints." ::= { udp 6 }
ipv6UdpEntry OBJECT-TYPE SYNTAX Ipv6UdpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular current UDP listener.
ipv6UdpEntry对象类型语法ipv6UdpEntry MAX-ACCESS不可访问状态当前描述“有关特定当前UDP侦听器的信息。
Note that conceptual rows in this table require an additional index object compared to udpTable, since IPv6 addresses are not guaranteed to be unique on the managed node." INDEX { ipv6UdpLocalAddress, ipv6UdpLocalPort, ipv6UdpIfIndex } ::= { ipv6UdpTable 1 }
Note that conceptual rows in this table require an additional index object compared to udpTable, since IPv6 addresses are not guaranteed to be unique on the managed node." INDEX { ipv6UdpLocalAddress, ipv6UdpLocalPort, ipv6UdpIfIndex } ::= { ipv6UdpTable 1 }
Ipv6UdpEntry ::= SEQUENCE { ipv6UdpLocalAddress Ipv6Address, ipv6UdpLocalPort INTEGER (0..65535), ipv6UdpIfIndex Ipv6IfIndexOrZero }
Ipv6UdpEntry ::= SEQUENCE { ipv6UdpLocalAddress Ipv6Address, ipv6UdpLocalPort INTEGER (0..65535), ipv6UdpIfIndex Ipv6IfIndexOrZero }
ipv6UdpLocalAddress OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS not-accessible STATUS current DESCRIPTION "The local IPv6 address for this UDP listener. In the case of a UDP listener which is willing to accept datagrams for any IPv6 address associated with the managed node, the value ::0 is used." ::= { ipv6UdpEntry 1 }
ipv6UdpLocalAddress OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS not-accessible STATUS current DESCRIPTION "The local IPv6 address for this UDP listener. In the case of a UDP listener which is willing to accept datagrams for any IPv6 address associated with the managed node, the value ::0 is used." ::= { ipv6UdpEntry 1 }
ipv6UdpLocalPort OBJECT-TYPE
ipv6UdpLocalPort对象类型
SYNTAX INTEGER (0..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The local port number for this UDP listener." ::= { ipv6UdpEntry 2 }
SYNTAX INTEGER (0..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The local port number for this UDP listener." ::= { ipv6UdpEntry 2 }
ipv6UdpIfIndex OBJECT-TYPE SYNTAX Ipv6IfIndexOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "An index object used to disambiguate conceptual rows in the table, since the ipv6UdpLocalAddress/ipv6UdpLocalPort pair may not be unique.
ipv6UdpIfIndex对象类型语法Ipv6IfIndexOrZero MAX-ACCESS只读状态当前描述“用于消除表中概念行歧义的索引对象,因为ipv6UdpLocalAddress/ipv6UdpLocalPort对可能不唯一。
This object identifies the local interface that is associated with ipv6UdpLocalAddress for this UDP listener. If such a local interface cannot be determined, this object should take on the value 0. (A possible example of this would be if the value of ipv6UdpLocalAddress is ::0.)
此对象标识与此UDP侦听器的ipv6UdpLocalAddress关联的本地接口。如果无法确定此类本地接口,则此对象的值应为0。(如果ipv6UdpLocalAddress的值为::0,则可能是一个示例。)
The interface identified by a particular non-0 value of this index is the same interface as identified by the same value of ipv6IfIndex.
此索引的特定非0值标识的接口与IPV6iIndex的相同值标识的接口相同。
The value of this object must remain constant during the life of this UDP endpoint." ::= { ipv6UdpEntry 3 }
The value of this object must remain constant during the life of this UDP endpoint." ::= { ipv6UdpEntry 3 }
-- -- conformance information --
----一致性信息--
ipv6UdpConformance OBJECT IDENTIFIER ::= { ipv6UdpMIB 2 }
ipv6UdpConformance OBJECT IDENTIFIER ::= { ipv6UdpMIB 2 }
ipv6UdpCompliances OBJECT IDENTIFIER ::= { ipv6UdpConformance 1 } ipv6UdpGroups OBJECT IDENTIFIER ::= { ipv6UdpConformance 2 }
ipv6UdpCompliances OBJECT IDENTIFIER ::= { ipv6UdpConformance 1 } ipv6UdpGroups OBJECT IDENTIFIER ::= { ipv6UdpConformance 2 }
-- compliance statements
--合规声明
ipv6UdpCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMPv2 entities which implement UDP over IPv6." MODULE -- this module MANDATORY-GROUPS { ipv6UdpGroup }
ipv6UdpCompliance MODULE-COMPLIANCE STATUS当前描述“在IPv6上实现UDP的SNMPv2实体的符合性声明。”MODULE--此模块为必填项-GROUPS{ipv6UdpGroup}
::= { ipv6UdpCompliances 1 }
::= { ipv6UdpCompliances 1 }
ipv6UdpGroup OBJECT-GROUP OBJECTS { -- these are defined in this module -- ipv6UdpLocalAddress (not-accessible) -- ipv6UdpLocalPort (not-accessible) ipv6UdpIfIndex } STATUS current DESCRIPTION "The group of objects providing management of UDP over IPv6." ::= { ipv6UdpGroups 1 }
ipv6UdpGroup OBJECT-GROUP OBJECTS { -- these are defined in this module -- ipv6UdpLocalAddress (not-accessible) -- ipv6UdpLocalPort (not-accessible) ipv6UdpIfIndex } STATUS current DESCRIPTION "The group of objects providing management of UDP over IPv6." ::= { ipv6UdpGroups 1 }
END
终止
This memo is a product of the IPng work group, and benefited especially from the contributions of the following working group members:
本备忘录是IPng工作组的成果,特别得益于以下工作组成员的贡献:
Dimitry Haskin Bay Networks Margaret Forsythe Epilogue Tim Hartrick Mentat Frank Solensky FTP Jack McCann DEC
迪米特里·哈斯金海湾网络玛格丽特·福赛斯结语蒂姆·哈特里克·门塔特·弗兰克·索伦斯基FTP杰克·麦肯
[1] Information processing systems - Open Systems Interconnection - Specification of Abstract Syntax Notation One (ASN.1), International Organization for Standardization. International Standard 8824, (December, 1987).
[1] 信息处理系统.开放系统互连.国际标准化组织抽象语法符号1(ASN.1)规范。国际标准8824(1987年12月)。
[2] McCloghrie, K., Editor, "Structure of Management Information for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1902, January 1996.
[2] McCloghrie,K.,编辑,“简单网络管理协议(SNMPv2)第2版的管理信息结构”,RFC 1902,1996年1月。
[UDP MIB] SNMPv2 Working Group, McCloghrie, K., Editor, "SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2", RFC 2013, November 1996.
[UDP MIB]SNMPv2工作组,McCloghrie,K.,编辑,“使用SMIv2的用户数据报协议的SNMPv2管理信息库”,RFC 2013,1996年11月。
[IPV6 MIB TC] Haskin, D., and S. Onishi, "Management Information Base for IP Version 6: Textual Conventions and General Group", RFC 2465, December 1998.
[IPV6 MIB TC]Haskin,D.和S.Onishi,“IP版本6的管理信息库:文本约定和通用组”,RFC 2465,1998年12月。
[IPV6] Deering, S., and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998.
[IPV6]Deering,S.和R.Hinden,“互联网协议,第6版(IPV6)规范”,RFC 2460,1998年12月。
[RFC2274] Blumenthal, U., and B. Wijnen, "The User-Based Security Model for Version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2274, January 1998.
[RFC2274]Blumenthal,U.和B.Wijnen,“简单网络管理协议(SNMPv3)第3版基于用户的安全模型”,RFC 2274,1998年1月。
[RFC2275] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model for the Simple Network Management Protocol (SNMP)", RFC 2275, January 1998.
[RFC2275]Wijnen,B.,Presuhn,R.,和K.McCloghrie,“简单网络管理协议(SNMP)基于视图的访问控制模型”,RFC 22751998年1月。
There are no management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. So, if this MIB is implemented correctly, then there is no risk that an intruder can alter or create any management objects of this MIB via direct SNMP SET operations.
此MIB中未定义具有读写和/或读创建MAX-ACCESS子句的管理对象。因此,如果此MIB正确实现,则入侵者不会通过直接的SNMP集操作更改或创建此MIB的任何管理对象。
There are a number of managed objects in this MIB that may be considered to contain sensitive information in some environments. For example, the MIB identifies UDP ports on which processes are listening. Although this information might be considered sensitive in some environments (i.e., to identify ports on which to launch denial-of-service or other attacks), there are already other ways of obtaining similar information. For example, sending a random UDP packet to an unused port prompts the generation of an ICMP port unreachable message.
在某些环境中,此MIB中有许多托管对象可能被视为包含敏感信息。例如,MIB标识进程正在侦听的UDP端口。尽管这些信息在某些环境中可能被视为敏感信息(即,识别要在其上发起拒绝服务或其他攻击的端口),但已经有其他方法可以获取类似信息。例如,向未使用的端口发送随机UDP数据包会提示生成ICMP端口不可访问消息。
Therefore, it may be important in some environments to control read access to these objects and possibly to even encrypt the values of these object when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. SNMPv1 by itself does not provide encryption or strong authentication.
因此,在某些环境中,控制对这些对象的读取访问,甚至可能在通过SNMP通过网络发送这些对象时加密这些对象的值,这可能很重要。并非所有版本的SNMP都为这种安全环境提供功能。SNMPv1本身不提供加密或强身份验证。
It is recommended that the implementors consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model [RFC2274] and the View-based Access Control Model [RFC2275] is recommended.
建议执行者考虑SNMPv3框架提供的安全特性。具体而言,建议使用基于用户的安全模型[RFC2274]和基于视图的访问控制模型[RFC2275]。
It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to those objects only to those principals (users) that have legitimate rights to access them.
然后,客户/用户有责任确保授予对此MIB实例访问权限的SNMP实体正确配置为仅授予具有合法访问权限的主体(用户)对这些对象的访问权限。
Mike Daniele Compaq Computer Corporation 110 Spit Brook Rd Nashua, NH 03062
迈克·达涅利·康柏计算机公司,地址:新罕布什尔州纳舒亚市斯皮布鲁克路110号,邮编:03062
Phone: +1-603-884-1423 EMail: daniele@zk3.dec.com
Phone: +1-603-884-1423 EMail: daniele@zk3.dec.com
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。