Internet Engineering Task Force (IETF) M. Ersue, Ed. Request for Comments: 6632 Nokia Siemens Networks Category: Informational B. Claise ISSN: 2070-1721 Cisco Systems, Inc. June 2012
Internet Engineering Task Force (IETF) M. Ersue, Ed. Request for Comments: 6632 Nokia Siemens Networks Category: Informational B. Claise ISSN: 2070-1721 Cisco Systems, Inc. June 2012
An Overview of the IETF Network Management Standards
IETF网络管理标准概述
Abstract
摘要
This document gives an overview of the IETF network management standards and summarizes existing and ongoing development of IETF Standards Track network management protocols and data models. The document refers to other overview documents, where they exist and classifies the standards for easy orientation. The purpose of this document is, on the one hand, to help system developers and users to select appropriate standard management protocols and data models to address relevant management needs. On the other hand, the document can be used as an overview and guideline by other Standard Development Organizations or bodies planning to use IETF management technologies and data models. This document does not cover Operations, Administration, and Maintenance (OAM) technologies on the data-path, e.g., OAM of tunnels, MPLS Transport Profile (MPLS-TP) OAM, and pseudowire as well as the corresponding management models.
本文件概述了IETF网络管理标准,总结了IETF标准跟踪网络管理协议和数据模型的现有和正在进行的开发。本文件参考了现有的其他概述文件,并对标准进行了分类,以便于定位。一方面,本文档的目的是帮助系统开发人员和用户选择适当的标准管理协议和数据模型,以满足相关的管理需求。另一方面,本文件可作为计划使用IETF管理技术和数据模型的其他标准开发组织或机构的概述和指南。本文档不包括数据路径上的操作、管理和维护(OAM)技术,例如隧道的OAM、MPLS传输配置文件(MPLS-TP)OAM和伪线以及相应的管理模型。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6632.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6632.
Copyright Notice
版权公告
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2012 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................4 1.1. Scope and Target Audience ..................................4 1.2. Related Work ...............................................5 1.3. Terminology ................................................6 2. Core Network Management Protocols ...............................8 2.1. Simple Network Management Protocol (SNMP) ..................8 2.1.1. Architectural Principles of SNMP ....................8 2.1.2. SNMP and Its Versions ...............................9 2.1.3. Structure of Managed Information (SMI) .............11 2.1.4. SNMP Security and Access Control Models ............12 2.1.4.1. Security Requirements on the SNMP Management Framework ......................12 2.1.4.2. User-Based Security Model (USM) ...........12 2.1.4.3. View-Based Access Control Model (VACM) ....13 2.1.5. SNMP Transport Subsystem and Transport Models ......13 2.1.5.1. SNMP Transport Security Model .............14 2.2. Syslog Protocol ...........................................15 2.3. IP Flow Information eXport (IPFIX) and Packet SAMPling (PSAMP) Protocols ................................16 2.4. Network Configuration .....................................19 2.4.1. Network Configuration Protocol (NETCONF) ...........19 2.4.2. YANG - NETCONF Data Modeling Language ..............21 3. Network Management Protocols and Mechanisms with Specific Focus .................................................23 3.1. IP Address Management .....................................23 3.1.1. Dynamic Host Configuration Protocol (DHCP) .........23 3.1.2. Ad Hoc Network Autoconfiguration ...................24 3.2. IPv6 Network Operations ...................................25 3.3. Policy-Based Management ...................................26 3.3.1. IETF Policy Framework ..............................26
1. Introduction ....................................................4 1.1. Scope and Target Audience ..................................4 1.2. Related Work ...............................................5 1.3. Terminology ................................................6 2. Core Network Management Protocols ...............................8 2.1. Simple Network Management Protocol (SNMP) ..................8 2.1.1. Architectural Principles of SNMP ....................8 2.1.2. SNMP and Its Versions ...............................9 2.1.3. Structure of Managed Information (SMI) .............11 2.1.4. SNMP Security and Access Control Models ............12 2.1.4.1. Security Requirements on the SNMP Management Framework ......................12 2.1.4.2. User-Based Security Model (USM) ...........12 2.1.4.3. View-Based Access Control Model (VACM) ....13 2.1.5. SNMP Transport Subsystem and Transport Models ......13 2.1.5.1. SNMP Transport Security Model .............14 2.2. Syslog Protocol ...........................................15 2.3. IP Flow Information eXport (IPFIX) and Packet SAMPling (PSAMP) Protocols ................................16 2.4. Network Configuration .....................................19 2.4.1. Network Configuration Protocol (NETCONF) ...........19 2.4.2. YANG - NETCONF Data Modeling Language ..............21 3. Network Management Protocols and Mechanisms with Specific Focus .................................................23 3.1. IP Address Management .....................................23 3.1.1. Dynamic Host Configuration Protocol (DHCP) .........23 3.1.2. Ad Hoc Network Autoconfiguration ...................24 3.2. IPv6 Network Operations ...................................25 3.3. Policy-Based Management ...................................26 3.3.1. IETF Policy Framework ..............................26
3.3.2. Use of Common Open Policy Service (COPS) for Policy Provisioning (COPS-PR) ..................26 3.4. IP Performance Metrics (IPPM) .............................27 3.5. Remote Authentication Dial-In User Service (RADIUS) .......29 3.6. Diameter Base Protocol (Diameter) .........................31 3.7. Control and Provisioning of Wireless Access Points (CAPWAP) ..................................................35 3.8. Access Node Control Protocol (ANCP) .......................36 3.9. Application Configuration Access Protocol (ACAP) ..........36 3.10. XML Configuration Access Protocol (XCAP) .................37 4. Network Management Data Models .................................38 4.1. IETF Network Management Data Models .......................39 4.1.1. Generic Infrastructure Data Models .................39 4.1.2. Link-Layer Data Models .............................40 4.1.3. Network-Layer Data Models ..........................40 4.1.4. Transport-Layer Data Models ........................40 4.1.5. Application-Layer Data Models ......................41 4.1.6. Network Management Infrastructure Data Models ......41 4.2. Network Management Data Models - FCAPS View ...............41 4.2.1. Fault Management ...................................42 4.2.2. Configuration Management ...........................44 4.2.3. Accounting Management ..............................45 4.2.4. Performance Management .............................46 4.2.5. Security Management ................................48 5. Security Considerations ........................................49 6. Contributors ...................................................51 7. Acknowledgements ...............................................52 8. Informative References .........................................52 Appendix A. High-Level Classification of Management Protocols and Data Models .......................................77 A.1. Protocols Classified by Standards Maturity in the IETF .....77 A.2. Protocols Matched to Management Tasks ......................79 A.3. Push versus Pull Mechanism .................................80 A.4. Passive versus Active Monitoring ...........................80 A.5. Supported Data Model Types and Their Extensibility ........81 Appendix B. New Work Related to IETF Management Standards .........83 B.1. Energy Management (EMAN) ...................................83
3.3.2. Use of Common Open Policy Service (COPS) for Policy Provisioning (COPS-PR) ..................26 3.4. IP Performance Metrics (IPPM) .............................27 3.5. Remote Authentication Dial-In User Service (RADIUS) .......29 3.6. Diameter Base Protocol (Diameter) .........................31 3.7. Control and Provisioning of Wireless Access Points (CAPWAP) ..................................................35 3.8. Access Node Control Protocol (ANCP) .......................36 3.9. Application Configuration Access Protocol (ACAP) ..........36 3.10. XML Configuration Access Protocol (XCAP) .................37 4. Network Management Data Models .................................38 4.1. IETF Network Management Data Models .......................39 4.1.1. Generic Infrastructure Data Models .................39 4.1.2. Link-Layer Data Models .............................40 4.1.3. Network-Layer Data Models ..........................40 4.1.4. Transport-Layer Data Models ........................40 4.1.5. Application-Layer Data Models ......................41 4.1.6. Network Management Infrastructure Data Models ......41 4.2. Network Management Data Models - FCAPS View ...............41 4.2.1. Fault Management ...................................42 4.2.2. Configuration Management ...........................44 4.2.3. Accounting Management ..............................45 4.2.4. Performance Management .............................46 4.2.5. Security Management ................................48 5. Security Considerations ........................................49 6. Contributors ...................................................51 7. Acknowledgements ...............................................52 8. Informative References .........................................52 Appendix A. High-Level Classification of Management Protocols and Data Models .......................................77 A.1. Protocols Classified by Standards Maturity in the IETF .....77 A.2. Protocols Matched to Management Tasks ......................79 A.3. Push versus Pull Mechanism .................................80 A.4. Passive versus Active Monitoring ...........................80 A.5. Supported Data Model Types and Their Extensibility ........81 Appendix B. New Work Related to IETF Management Standards .........83 B.1. Energy Management (EMAN) ...................................83
This document gives an overview of the IETF network management standards and summarizes existing and ongoing development of IETF Standards Track network management protocols and data models. The document refers to other overview documents where they exist and classifies the standards for easy orientation.
本文件概述了IETF网络管理标准,总结了IETF标准跟踪网络管理协议和数据模型的现有和正在进行的开发。本文件参考了现有的其他概述文件,并对标准进行了分类,以便于定位。
The target audience of the document is, on the one hand, IETF working groups, which aim to select appropriate standard management protocols and data models to address their needs concerning network management. On the other hand, the document can be used as an overview and guideline by non-IETF Standards Development Organizations (SDOs) planning to use IETF management technologies and data models for the realization of management applications. The document can also be used to initiate a discussion between the bodies with the goal to gather new requirements and to detect possible gaps. Finally, this document is directed to all interested parties that seek to get an overview of the current set of the IETF network management protocols such as network administrators or newcomers to the IETF.
一方面,本文件的目标受众是IETF工作组,其目的是选择适当的标准管理协议和数据模型,以满足其有关网络管理的需求。另一方面,本文件可作为计划使用IETF管理技术和数据模型实现管理应用程序的非IETF标准开发组织(SDO)的概述和指南。该文件还可用于启动各机构之间的讨论,以收集新的需求并发现可能的差距。最后,本文件面向所有寻求获得IETF网络管理协议当前集合概述的相关方,如网络管理员或IETF新来者。
Section 2 gives an overview of the IETF core network management standards with a special focus on Simple Network Management Protocol (SNMP), syslog, IP Flow Information eXport / Packet SAMPling (IPFIX/ PSAMP), and Network Configuration (NETCONF). Section 3 discusses IETF management protocols and mechanisms with a specific focus, e.g., IP address management or IP performance management. Section 4 discusses IETF data models, such as MIB modules, IPFIX Information Elements, Syslog Structured Data Elements, and YANG modules designed to address a specific set of management issues and provides two complementary overviews for the network management data models standardized within the IETF. Section 4.1 focuses on a broader view of models classified into categories such as generic and infrastructure data models as well as data models matched to different layers. Whereas Section 4.2 structures the data models following the management application view and maps them to the network management tasks fault, configuration, accounting, performance, and security management.
第2节概述了IETF核心网络管理标准,重点介绍了简单网络管理协议(SNMP)、系统日志、IP流信息导出/数据包采样(IPFIX/PSAMP)和网络配置(NETCONF)。第3节讨论了IETF管理协议和机制,重点是IP地址管理或IP性能管理。第4节讨论了IETF数据模型,如MIB模块、IPFIX信息元素、Syslog结构化数据元素和旨在解决一组特定管理问题的YANG模块,并提供了IETF内标准化的网络管理数据模型的两个补充概述。第4.1节重点介绍了分类为类别的模型的更广泛视图,如通用和基础设施数据模型以及与不同层匹配的数据模型。鉴于第4.2节按照管理应用程序视图构建数据模型,并将其映射到网络管理任务故障、配置、记帐、性能和安全管理。
Appendix A guides the reader for the high-level selection of management standards. For this, the section classifies the protocols according to high-level criteria, such as push versus pull mechanisms, passive versus active monitoring, as well as categorizes the protocols concerning the network management task they address and their data model extensibility. If the reader is interested only in a subset of the IETF network management protocols and data models
附录A为读者提供了管理标准的高级选择指南。为此,本节根据高级标准对协议进行分类,例如推送与拉送机制、被动与主动监控,并对与它们所处理的网络管理任务及其数据模型可扩展性相关的协议进行分类。如果读者只对IETF网络管理协议和数据模型的子集感兴趣
described in this document, Appendix A can be used as a dispatcher to the corresponding chapter. Appendix B gives an overview of the new work on Energy Management in the IETF.
如本文件所述,附录A可用作相应章节的调度员。附录B概述了IETF中关于能源管理的新工作。
This document mainly refers to Proposed, Draft, or Internet Standard documents from the IETF (see [RFCSEARCH]). Whenever valuable, Best Current Practice (BCP) documents are referenced. In exceptional cases, and if the document provides substantial guideline for standard usage or fills an essential gap, Experimental and Informational RFCs are noticed and ongoing work is mentioned.
本文件主要指IETF提出的、草案或互联网标准文件(见[RFCSEARCH])。只要有价值,就会引用最佳现行做法(BCP)文件。在特殊情况下,如果文件提供了标准使用的实质性指南或填补了基本空白,则应注意实验性和信息性RFC,并提及正在进行的工作。
Information on active and concluded IETF working groups (e.g., their charters, published or currently active documents, and mail archives) can be found at [IETF-WGS]).
有关现行和已结束的IETF工作组的信息(例如,其章程、已出版或当前有效的文件以及邮件档案),请访问[IETF-WGS])。
Note that this document does not cover OAM technologies on the data-path including MPLS forwarding plane and control plane protocols (e.g., OAM of tunnels, MPLS-TP OAM, and pseudowire) as well as the corresponding management models and MIB modules. For a list of related work, see Section 1.2.
请注意,本文档不包括数据路径上的OAM技术,包括MPLS转发平面和控制平面协议(例如,隧道OAM、MPLS-TP OAM和伪线)以及相应的管理模型和MIB模块。有关相关工作的列表,请参见第1.2节。
"Internet Protocols for the Smart Grid" [RFC6272] gives an overview and guidance on the key protocols of the Internet Protocol Suite. In analogy to [RFC6272], this document gives an overview of the IETF network management standards and their usage scenarios.
“智能电网的互联网协议”[RFC6272]对互联网协议套件的关键协议进行了概述和指导。与[RFC6272]类似,本文件概述了IETF网络管理标准及其使用场景。
"Overview of the 2002 IAB Network Management Workshop" [RFC3535] documented strengths and weaknesses of some IETF management protocols. In choosing existing protocol solutions to meet the management requirements, it is recommended that these strengths and weaknesses be considered, even though some of the recommendations from the 2002 IAB workshop have become outdated, some have been standardized, and some are being worked on within the IETF.
“2002年IAB网络管理研讨会概述”[RFC3535]记录了一些IETF管理协议的优缺点。在选择现有协议解决方案以满足管理要求时,建议考虑这些优势和劣势,尽管2002年IAB研讨会的一些建议已经过时,有些已经标准化,有些正在IETF内进行。
"Guidelines for Considering Operations and Management of New Protocols and Extensions" [RFC5706] recommends working groups consider operations and management needs and then select appropriate management protocols and data models. This document can be used to ease surveying the IETF Standards Track network management protocols and management data models.
“考虑新协议和扩展的操作和管理的准则”[RCFC5706]建议工作组考虑操作和管理需求,然后选择适当的管理协议和数据模型。本文件可用于轻松调查IETF标准跟踪网络管理协议和管理数据模型。
"Multiprotocol Label Switching (MPLS) Management Overview" [RFC4221] describes the management architecture for MPLS and indicates the interrelationships between the different MIB modules used for MPLS
“多协议标签交换(MPLS)管理概述”[RFC4221]描述了MPLS的管理体系结构,并指出了用于MPLS的不同MIB模块之间的相互关系
network management, where "Operations, Administration, and Maintenance Framework for MPLS-Based Transport Networks" [RFC6371] describes the OAM Framework for MPLS-based Transport Networks.
网络管理,其中“基于MPLS的传输网络的操作、管理和维护框架”[RFC6371]描述了基于MPLS的传输网络的OAM框架。
"An Overview of Operations, Administration, and Maintenance (OAM) Mechanisms" [OAM-OVERVIEW] gives an overview of the OAM toolset for detecting and reporting connection failures or measuring connection performance parameters.
“操作、管理和维护(OAM)机制概述”[OAM-Overview]概述了用于检测和报告连接故障或测量连接性能参数的OAM工具集。
"An Overview of the OAM Tool Set for MPLS-based Transport Networks" [OAM-ANALYSIS] provides an overview of the OAM toolset for MPLS-based Transport Networks including a brief summary of MPLS-TP OAM requirements and functions and of generic mechanisms created in the MPLS data plane to allow the OAM packets run in-band and share their fate with data packets. The protocol definitions for each MPLS-TP OAM tool are listed in separate documents, which are referenced.
“用于基于MPLS的传输网络的OAM工具集概述”[OAM-ANALYSIS]概述了用于基于MPLS的传输网络的OAM工具集,包括MPLS-TP OAM要求和功能的简要概述,以及在MPLS数据平面中创建的通用机制,以允许OAM数据包在频带内运行并与数据包共享其命运。每个MPLS-TP OAM工具的协议定义在单独的文档中列出,这些文档将被引用。
"MPLS-TP MIB-based Management Overview" [MPLSTP-MIB] describes the MIB-based architecture for MPLS-TP, and indicates the interrelationships between different existing MIB modules that can be leveraged for MPLS-TP network management and identifies areas where additional MIB modules are required.
“基于MPLS-TP MIB的管理概述”[MPLSTP-MIB]描述了MPLS-TP基于MIB的体系结构,指出了可用于MPLS-TP网络管理的不同现有MIB模块之间的相互关系,并确定了需要额外MIB模块的区域。
Note that so far, the IETF has not developed specific technologies for the management of sensor networks. IP-based sensors or constrained devices in such an environment, i.e., with very limited memory and CPU resources, can use, e.g., application-layer protocols to do simple resource management and monitoring.
请注意,到目前为止,IETF尚未开发用于传感器网络管理的特定技术。在这样的环境中,即具有非常有限的内存和CPU资源的基于IP的传感器或受限设备可以使用(例如)应用层协议来进行简单的资源管理和监控。
This document does not describe standard requirements. Therefore, key words from RFC 2119 [RFC2119] are not used in the document.
本文件不描述标准要求。因此,文档中不使用来自RFC 2119[RFC2119]的关键字。
o 3GPP: 3rd Generation Partnership Project, a collaboration between groups of telecommunications associations, to prepare the third-generation (3G) mobile phone system specification.
o 3GPP:3rd Generation Partnership Project,是电信协会团体之间的合作项目,旨在制定第三代(3G)移动电话系统规范。
o Agent: A software module that performs the network management functions requested by network management stations. An agent may be implemented in any network element that is to be managed, such as a host, bridge, or router. The 'management server' in NETCONF terminology.
o 代理:执行网络管理站请求的网络管理功能的软件模块。代理可以在要管理的任何网络元件中实现,例如主机、网桥或路由器。NETCONF术语中的“管理服务器”。
o BCP: An IETF Best Current Practice document.
o BCP:IETF最佳现行实践文件。
o CLI: Command Line Interface. A management interface that system administrators can use to interact with networking equipment.
o CLI:命令行界面。系统管理员可用于与网络设备交互的管理界面。
o Data model: A mapping of the contents of an information model into a form that is specific to a particular type of datastore or repository (see [RFC3444]).
o 数据模型:将信息模型的内容映射为特定于特定类型数据存储或存储库的表单(请参见[RFC3444])。
o Event: An occurrence of something in the "real world". Events can be indicated to managers through an event message or notification.
o 事件:“真实世界”中发生的事情。可以通过事件消息或通知向经理指示事件。
o IAB: Internet Architecture Board
o 互联网架构委员会
o IANA: Internet Assigned Numbers Authority, an organization that oversees global IP address allocation, autonomous system number allocation, media types, and other IP-related code point allocations.
o IANA:互联网分配号码管理局,一个监督全球IP地址分配、自主系统号码分配、媒体类型和其他IP相关代码点分配的组织。
o Information model: An abstraction and representation of entities in a managed environment, their properties, attributes, operations, and the way they relate to each other, independent of any specific repository, protocol, or platform (see [RFC3444]).
o 信息模型:托管环境中实体、其属性、属性、操作及其相互关联方式的抽象和表示,独立于任何特定的存储库、协议或平台(请参见[RFC3444])。
o ITU-T: International Telecommunication Union - Telecommunication Standardization Sector
o ITU-T:国际电信联盟-电信标准化部门
o Managed object: A management abstraction of a resource; a piece of management information in a MIB module. In the context of SNMP, a structured set of data variables that represent some resource to be managed or other aspect of a managed device.
o 托管对象:资源的管理抽象;MIB模块中的一段管理信息。在SNMP上下文中,一组结构化的数据变量,表示要管理的某些资源或受管设备的其他方面。
o Manager: An entity that acts in a manager role, either a user or an application. The counterpart to an agent. A 'management client' in NETCONF terminology.
o 管理者:以管理者角色(用户或应用程序)行事的实体。代理人的对应物。NETCONF术语中的“管理客户端”。
o Management Information Base (MIB): An information repository with a collection of related objects that represent the resources to be managed.
o 管理信息库(MIB):一个信息存储库,包含一组表示要管理的资源的相关对象。
o MIB module: MIB modules usually contain object definitions, may contain definitions of event notifications, and sometimes include compliance statements in terms of appropriate object and event notification groups. A MIB that is provided by a management agent is typically composed of multiple instantiated MIB modules.
o MIB模块:MIB模块通常包含对象定义,可能包含事件通知的定义,有时还包含相应对象和事件通知组的符合性声明。管理代理提供的MIB通常由多个实例化的MIB模块组成。
o Modeling language: A modeling language is any artificial language that can be used to express information or knowledge or systems in a structure that is defined by a consistent set of rules. Examples are Structure of Management Information Version 2 (SMIv2) [STD58], XML Schema Definition (XSD) [XSD-1], and YANG [RFC6020].
o 建模语言:建模语言是任何人工语言,可用于在由一组一致规则定义的结构中表达信息、知识或系统。例如管理信息版本2(SMIv2)[STD58]的结构、XML模式定义(XSD)[XSD-1]和YANG[RFC6020]。
o Notification: An unsolicited message sent by an agent to a management station to notify it of an unusual event.
o 通知:由代理发送到管理站的未经请求的消息,用于通知其异常事件。
o OAM: Operations, Administration, and Maintenance
o OAM:运营、管理和维护
o PDU: Protocol Data Unit, a unit of data, which is specified in a protocol of a given layer consisting protocol-control information and possibly layer-specific data.
o PDU:协议数据单元,一种数据单元,在由协议控制信息和可能的层特定数据组成的给定层的协议中指定。
o Principal: An application, an individual, or a set of individuals acting in a particular role, on whose behalf access to a service or MIB is allowed.
o 主体:一个应用程序、一个人或一组以特定角色行事的个人,允许代表其访问服务或MIB。
o RELAX NG: REgular LAnguage for XML Next Generation, a schema language for XML [RELAX-NG].
o RELAX NG:XML下一代的常规语言,XML的模式语言[RELAX-NG]。
o SDO: Standards Development Organization
o 标准开发组织
o SMI: Structure of Managed Information, the notation and grammar for the managed information definition used to define MIB modules [STD58].
o SMI:托管信息的结构,用于定义MIB模块的托管信息定义的符号和语法[STD58]。
o STDnn: An Internet Standard published at IETF, also referred as Standard, e.g., [STD62].
o STDnn:在IETF上发布的互联网标准,也称为标准,例如[STD62]。
o URI: Uniform Resource Identifier, a string of characters used to identify a name or a resource on the Internet [STD66]. Can be classified as locators (URLs), as names (URNs), or as both.
o URI:统一资源标识符,用于标识Internet上的名称或资源的字符串[STD66]。可以分类为定位器(URL)、名称(URN)或两者。
o XPATH: XML Path Language, a query language for selecting nodes from an XML document [XPATH].
o XPATH:XMLPath语言,用于从XML文档[XPATH]中选择节点的查询语言。
The SNMPv3 Framework [RFC3410], builds upon both the original SNMPv1 and SNMPv2 Frameworks. The basic structure and components for the SNMP Framework did not change between its versions and comprises the following components:
SNMPv3框架[RFC3410]建立在原始SNMPv1和SNMPv2框架的基础上。SNMP框架的基本结构和组件在其版本之间没有变化,包括以下组件:
o managed nodes, each with an SNMP entity providing remote access to management instrumentation (the agent),
o 受管节点,每个节点都有一个SNMP实体,提供对管理仪表(代理)的远程访问,
o at least one SNMP entity with management applications (the manager), and
o 至少一个具有管理应用程序的SNMP实体(管理器),以及
o a management protocol used to convey management information between the SNMP entities and management information.
o 一种管理协议,用于在SNMP实体和管理信息之间传递管理信息。
During its evolution, the fundamental architecture of the SNMP Management Framework remained consistent based on a modular architecture, which consists of:
在其发展过程中,SNMP管理框架的基本架构基于模块化架构保持一致,包括:
o a generic protocol definition independent of the data it is carrying,
o 通用协议定义,独立于它所承载的数据,
o a protocol-independent data definition language,
o 独立于协议的数据定义语言,
o an information repository containing a data set of management information definitions (the Management Information Base, or MIB), and
o 包含管理信息定义数据集(管理信息库或MIB)的信息存储库,以及
o security and administration.
o 安全和管理。
As such, the following standards build up the basis of the current SNMP Management Framework:
因此,以下标准构成了当前SNMP管理框架的基础:
o the SNMPv3 protocol [STD62],
o SNMPv3协议[STD62],
o the modeling language SMIv2 [STD58], and
o 建模语言SMIv2[STD58],以及
o the MIB modules for different management issues.
o MIB模块用于不同的管理问题。
The SNMPv3 Framework extends the architectural principles of SNMPv1 and SNMPv2 by:
SNMPv3框架通过以下方式扩展了SNMPv1和SNMPv2的体系结构原则:
o building on these three basic architectural components, in some cases, incorporating them from the SNMPv2 Framework by reference, and
o 以这三个基本架构组件为基础,在某些情况下,通过引用将它们从SNMPv2框架中合并,以及
o by using the same layering principles in the definition of new capabilities in the security and administration portion of the architecture.
o 通过在体系结构的安全和管理部分定义新功能时使用相同的分层原则。
SNMP is based on three conceptual entities: Manager, Agent, and the Management Information Base (MIB). In any configuration, at least one manager node runs SNMP management software. Typically, network devices, such as bridges, routers, and servers, are equipped with an agent. The agent is responsible for providing access to a local MIB of objects that reflects the resources and activity at its node.
SNMP基于三个概念实体:管理器、代理和管理信息库(MIB)。在任何配置中,至少有一个manager节点运行SNMP管理软件。通常,网络设备(如网桥、路由器和服务器)配备有代理。代理负责提供对反映其节点上的资源和活动的对象的本地MIB的访问。
Following the manager-agent paradigm, an agent can generate notifications and send them as unsolicited messages to the management application.
按照管理器代理范例,代理可以生成通知并将其作为未经请求的消息发送到管理应用程序。
SNMPv2 enhances this basic functionality with an Inform PDU, a bulk transfer capability and other functional extensions like an administrative model for access control, security extensions, and Manager-to-Manager communication. SNMPv2 entities can have a dual role as manager and agent. However, neither SNMPv1 nor SNMPv2 offers sufficient security features. To address the security deficiencies of SNMPv1/v2, SNMPv3 [STD62] has been issued.
SNMPv2通过Inform PDU、批量传输功能和其他功能扩展(如访问控制的管理模型、安全扩展和管理者到管理者的通信)增强了这一基本功能。SNMPv2实体可以兼任经理和代理。但是,SNMPv1和SNMPv2都没有提供足够的安全特性。为了解决SNMPv1/v2的安全缺陷,发布了SNMPv3[STD62]。
"Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework" [BCP074] gives an overview of the relevant Standard documents on the three SNMP versions. The BCP document furthermore describes how to convert MIB modules from SMIv1 to SMIv2 format and how to translate notification parameters. It also describes the mapping between the message processing and security models.
“Internet标准网络管理框架版本1、版本2和版本3之间的共存”[BCP074]概述了三个SNMP版本的相关标准文档。BCP文档进一步描述了如何将MIB模块从SMIv1转换为SMIv2格式,以及如何转换通知参数。它还描述了消息处理和安全模型之间的映射。
SNMP utilizes the MIB, a virtual information store of modules of managed objects. Generally, standard MIB modules support common functionality in a device. Operators often define additional MIB modules for their enterprise or use the Command Line Interface (CLI) to configure non-standard data in managed devices and their interfaces.
SNMP利用MIB,即托管对象模块的虚拟信息存储。通常,标准MIB模块支持设备中的通用功能。运营商通常为其企业定义其他MIB模块,或使用命令行界面(CLI)在受管设备及其接口中配置非标准数据。
SNMPv2 Trap and Inform PDUs can alert an operator or an application when some aspects of a protocol fail or encounter an error condition, and the contents of a notification can be used to guide subsequent SNMP polling to gather additional information about an event.
SNMPv2陷阱和通知PDU可在协议的某些方面出现故障或遇到错误情况时向操作员或应用程序发出警报,通知的内容可用于指导后续SNMP轮询以收集有关事件的其他信息。
SNMP is widely used for the monitoring of fault and performance data and with its stateless nature, SNMP also works well for status polling and determining the operational state of specific functionality. The widespread use of counters in standard MIB modules permits the interoperable comparison of statistics across devices from different vendors. Counters have been especially useful in monitoring bytes and packets going in and out over various protocol interfaces. SNMP is often used to poll a basic parameter of a device (e.g., sysUpTime, which reports the time since the last re-initialization of the network management portion of the device) to check for operational liveliness and to detect discontinuities in counters. Some operators also use SNMP for configuration management in their environment (e.g., for systems based on Data Over Cable Service Interface Specification (DOCSIS) such as cable modems).
SNMP广泛用于监控故障和性能数据,由于其无状态特性,SNMP还可以很好地用于状态轮询和确定特定功能的运行状态。标准MIB模块中计数器的广泛使用允许跨不同供应商的设备对统计数据进行互操作比较。计数器在监视通过各种协议接口进出的字节和数据包时特别有用。SNMP通常用于轮询设备的基本参数(例如,sysUpTime,它报告自设备的网络管理部分上次重新初始化以来的时间),以检查操作活跃度并检测计数器中的不连续性。一些运营商还在其环境中使用SNMP进行配置管理(例如,对于基于有线数据服务接口规范(DOCSIS)的系统,如有线调制解调器)。
SNMPv1 [RFC1157] has been declared Historic and its use is not recommended due to its lack of security features. "Introduction to Community-based SNMPv2" [RFC1901] is an Experimental RFC, which has been declared Historic, and its use is not recommended due to its lack of security features.
SNMPv1[RFC1157]已被宣布为历史性版本,由于缺乏安全功能,不建议使用。“基于社区的SNMPv2简介”[RFC1901]是一个实验性的RFC,已被宣布为历史性的,由于缺乏安全功能,不建议使用它。
Use of SNMPv3 [STD62] is recommended due to its security features, including support for authentication, encryption, message timeliness and integrity checking, and fine-grained data access controls. An overview of the SNMPv3 document set is in [RFC3410].
建议使用SNMPv3[STD62],因为它具有安全功能,包括支持身份验证、加密、消息及时性和完整性检查以及细粒度数据访问控制。SNMPv3文档集的概述见[RFC3410]。
Standards exist to use SNMP over diverse transport and link-layer protocols, including Transmission Control Protocol (TCP) [STD07], User Datagram Protocol (UDP) [STD06], Ethernet [RFC4789], and others (see Section 2.1.5.1).
现有标准可在各种传输和链路层协议上使用SNMP,包括传输控制协议(TCP)[STD07]、用户数据报协议(UDP)[STD06]、以太网[RFC4789]和其他协议(见第2.1.5.1节)。
SNMP MIB modules are defined with the notation and grammar specified as the Structure of Managed Information (SMI). The SMI uses an adapted subset of Abstract Syntax Notation One (ASN.1) [ITU-X680].
SNMP MIB模块使用指定为托管信息结构(SMI)的符号和语法进行定义。SMI使用了抽象语法符号1(ASN.1)[ITU-X680]的一个子集。
The SMI is divided into three parts: module definitions, object definitions, and notification definitions.
SMI分为三个部分:模块定义、对象定义和通知定义。
o Module definitions are used when describing information modules. An ASN.1 macro, MODULE-IDENTITY, is used to concisely convey the semantics of an information module.
o 描述信息模块时使用模块定义。ASN.1宏MODULE-IDENTITY用于简洁地传达信息模块的语义。
o Object definitions are used when describing managed objects. An ASN.1 macro, OBJECT-TYPE, is used to concisely convey the syntax and semantics of a managed object.
o 描述托管对象时使用对象定义。ASN.1宏OBJECT-TYPE用于简洁地传达托管对象的语法和语义。
o Notification definitions are used when describing unsolicited transmissions of management information. An ASN.1 macro, NOTIFICATION-TYPE, is used to concisely convey the syntax and semantics of a notification.
o 通知定义用于描述管理信息的非请求传输。ASN.1宏NOTIFICATION-TYPE用于简洁地传达通知的语法和语义。
SMIv1 is specified in "Structure and Identification of Management Information for TCP/IP-based Internets" [RFC1155] and "Concise MIB Definitions" [RFC1212], both part of [STD16]. [RFC1215] specifies conventions for defining SNMP traps. Note that SMIv1 is outdated and its use is not recommended.
SMIv1在[STD16]的“基于TCP/IP的互联网管理信息的结构和标识”[RFC1155]和“简明MIB定义”[RFC1212]中均有规定。[RFC1215]指定定义SNMP陷阱的约定。请注意,SMIv1已过时,不建议使用。
SMIv2 is the new notation for managed information definitions and should be used to define MIB modules. SMIv2 is specified in the following RFCs. With the exception of BCP 74, they are all part of [STD58]:
SMIv2是托管信息定义的新符号,应用于定义MIB模块。以下RFC中指定了SMIv2。除BCP 74外,它们都是[STD58]的一部分:
o [RFC2578] defines Version 2 of the Structure of Management Information (SMIv2),
o [RFC2578]定义了管理信息结构(SMIv2)的版本2,
o [RFC2579] defines the textual conventions macro for defining new types and it provides a core set of generally useful textual convention definitions,
o [RFC2579]定义了用于定义新类型的文本约定宏,它提供了一组通常有用的文本约定定义的核心集,
o [RFC2580] defines conformance statements and requirements for defining agent and manager capabilities, and
o [RFC2580]定义了用于定义代理和经理能力的一致性声明和要求,以及
o [BCP074] defines the mapping rules for and the conversion of MIB modules between SMIv1 and SMIv2 formats.
o [BCP074]定义SMIv1和SMIv2格式之间MIB模块的映射规则和转换。
Several of the classical threats to network protocols are applicable to management problem space and therefore are applicable to any security model used in an SNMP Management Framework. This section lists primary and secondary threats, and threats that are of lesser importance (see [RFC3411] for the detailed description of the security threats).
网络协议的几个经典威胁适用于管理问题空间,因此适用于SNMP管理框架中使用的任何安全模型。本节列出了主要和次要威胁以及不太重要的威胁(有关安全威胁的详细说明,请参见[RFC3411])。
The primary threats against which SNMP Security Models can provide protection are, "modification of information" by an unauthorized entity, and "masquerade", i.e., the danger that management operations not authorized for some principal may be attempted by assuming the identity of another principal.
SNMP安全模型可以提供保护的主要威胁是未经授权的实体对信息的“修改”和“伪装”,即通过假定另一个主体的身份可能会尝试对某些主体未授权的管理操作的危险。
Secondary threats against which SNMP Security Models can provide protection are "message stream modification", e.g., reordering, delay, or replay of messages, and "disclosure", i.e., the danger of eavesdropping on the exchanges between SNMP engines.
SNMP安全模型可以提供保护的次要威胁是“消息流修改”,例如消息的重新排序、延迟或重播,以及“泄露”,即SNMP引擎之间的交换存在窃听的危险。
There are two threats against which the SNMP Security Model does not protect, since they are deemed to be of lesser importance in this context: Denial of Service and Traffic Analysis (see [RFC3411]).
SNMP安全模型无法保护两种威胁,因为在这种情况下,它们被认为不太重要:拒绝服务和流量分析(请参见[RFC3411])。
SNMPv3 [STD62] introduced the User-based Security Model (USM). USM is specified in [RFC3414] and provides authentication and privacy services for SNMP. Specifically, USM is designed to secure against the primary and secondary threats discussed in Section 2.1.4.1. USM does not secure against Denial of Service and attacks based on Traffic Analysis.
SNMPv3[STD62]引入了基于用户的安全模型(USM)。USM在[RFC3414]中指定,并为SNMP提供身份验证和隐私服务。具体而言,USM旨在防止第2.1.4.1节中讨论的主要和次要威胁。USM无法防止基于流量分析的拒绝服务和攻击。
The USM supports following security services:
USM支持以下安全服务:
o Data integrity is the provision of the property that data has not been altered or destroyed in an unauthorized manner, nor have data sequences been altered to an extent greater than can occur non-maliciously.
o 数据完整性是指未经授权的方式对数据进行更改或销毁,也未对数据序列进行超过非恶意程度的更改。
o Data origin authentication is the provision of the property that the claimed identity of the user on whose behalf received data was originated is supported.
o 数据源身份验证是一种属性的规定,该属性支持代表其接收数据的用户的声明身份。
o Data confidentiality is the provision of the property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
o 数据保密性是指不向未经授权的个人、实体或流程提供或披露信息的财产。
o Message timeliness and limited replay protection is the provision of the property that a message whose generation time is outside of a specified time window is not accepted.
o 消息及时性和有限重播保护是指不接受生成时间超出指定时间窗口的消息的属性。
See [RFC3414] for a detailed description of SNMPv3 USM.
有关SNMPv3 USM的详细说明,请参见[RFC3414]。
SNMPv3 [STD62] introduced the View-based Access Control (VACM) facility. The VACM is defined in [RFC3415] and enables the configuration of agents to provide different levels of access to the agent's MIB. An agent entity can restrict access to a certain portion of its MIB, e.g., restrict some principals to view only performance-related statistics or disallow other principals to read those performance-related statistics. An agent entity can also restrict the access to monitoring (read-only) as opposed to monitoring and configuration (read-write) of a certain portion of its MIB, e.g., allowing only a single designated principal to update configuration parameters.
SNMPv3[STD62]引入了基于视图的访问控制(VACM)功能。VACM在[RFC3415]中定义,并且使代理的配置能够提供对代理的MIB的不同级别的访问。代理实体可以限制对其MIB特定部分的访问,例如,限制某些主体仅查看与性能相关的统计信息,或禁止其他主体读取与性能相关的统计信息。代理实体还可以限制对监控(只读)的访问,而不是对其MIB的特定部分进行监控和配置(读写),例如,仅允许单个指定主体更新配置参数。
VACM defines five elements that make up the Access Control Model: groups, security level, contexts, MIB views, and access policy. Access to a MIB module is controlled by means of a MIB view.
VACM定义了构成访问控制模型的五个元素:组、安全级别、上下文、MIB视图和访问策略。通过MIB视图控制对MIB模块的访问。
See [RFC3415] for a detailed description of SNMPv3 VACM.
有关SNMPv3 VACM的详细说明,请参见[RFC3415]。
The User-based Security Model (USM) was designed to be independent of other existing security infrastructures to ensure it could function when third-party authentication services were not available. As a result, USM utilizes a separate user and key-management
基于用户的安全模型(USM)被设计为独立于其他现有的安全基础设施,以确保在第三方身份验证服务不可用时,它能够正常工作。因此,USM使用单独的用户和密钥管理
infrastructure. Operators have reported that the deployment of a separate user and key-management infrastructure in order to use SNMPv3 is costly and hinders the deployment of SNMPv3.
基础设施运营商报告称,为了使用SNMPv3而部署单独的用户和密钥管理基础设施成本高昂,并且阻碍了SNMPv3的部署。
SNMP Transport Subsystem [RFC5590] extends the original SNMP architecture and Transport Model and enables the use of transport protocols to provide message security unifying the administrative security management for SNMP and other management interfaces.
SNMP传输子系统[RFC5590]扩展了原始的SNMP体系结构和传输模型,并允许使用传输协议提供消息安全性,从而统一SNMP和其他管理接口的管理安全管理。
Transport Models are tied into the SNMP Framework through the Transport Subsystem. The Transport Security Model [RFC5591] has been designed to work on top of lower-layer, secure Transport Models.
传输模型通过传输子系统绑定到SNMP框架中。传输安全模型[RFC5591]被设计为在较低层的安全传输模型之上工作。
The SNMP Transport Model defines an alternative to existing standard transport mappings described in [RFC3417], e.g., for SNMP over UDP, in [RFC4789] for SNMP over IEEE 802 networks, and in the Experimental RFC [RFC3430] defining SNMP over TCP.
SNMP传输模型定义了[RFC3417]中描述的现有标准传输映射的替代方案,例如,对于UDP上的SNMP,[RFC4789]中对于IEEE 802网络上的SNMP,以及在实验性RFC[RFC3430]中定义TCP上的SNMP。
The SNMP Transport Security Model [RFC5591] is an alternative to the existing SNMPv1 and SNMPv2 Community-based Security Models [BCP074], and the User-based Security Model [RFC3414], part of [STD62].
SNMP传输安全模型[RFC5591]是现有SNMPv1和SNMPv2基于社区的安全模型[BCP074]和基于用户的安全模型[RFC3414]的替代方案,是[STD62]的一部分。
The Transport Security Model utilizes one or more lower-layer security mechanisms to provide message-oriented security services. These include authentication of the sender, encryption, timeliness checking, and data integrity checking.
传输安全模型利用一个或多个低层安全机制来提供面向消息的安全服务。这些包括发送方身份验证、加密、及时性检查和数据完整性检查。
A secure Transport Model sets up an authenticated and possibly encrypted session between the Transport Models of two SNMP engines. After a transport-layer session is established, SNMP messages can be sent through this session from one SNMP engine to the other. The new Transport Model supports the sending of multiple SNMP messages through the same session to amortize the costs of establishing a security association.
安全传输模型在两个SNMP引擎的传输模型之间建立经过身份验证且可能加密的会话。建立传输层会话后,可以通过该会话将SNMP消息从一个SNMP引擎发送到另一个。新的传输模型支持通过同一会话发送多个SNMP消息,以分摊建立安全关联的成本。
The Secure Shell (SSH) Transport Model [RFC5592] and the Transport Layer Security (TLS) Transport Model [RFC6353] are current examples of Transport Security Models.
安全外壳(SSH)传输模型[RFC5592]和传输层安全(TLS)传输模型[RFC6353]是当前传输安全模型的示例。
The SSH Transport Model makes use of the commonly deployed SSH security and key-management infrastructure. Furthermore, [RFC5592] defines MIB objects for monitoring and managing the SSH Transport Model for SNMP.
SSH传输模型利用了通常部署的SSH安全性和密钥管理基础架构。此外,[RFC5592]定义了用于监视和管理SNMP的SSH传输模型的MIB对象。
The Transport Layer Security (TLS) Transport Model [RFC6353] uses either the TLS protocol [RFC5246] or the Datagram Transport Layer Security (DTLS) protocol [RFC6347]. The TLS and DTLS protocols provide authentication and privacy services for SNMP applications. The TLS Transport Model supports the sending of SNMP messages over TLS and TCP and over DTLS and UDP. Furthermore, [RFC6353] defines MIB objects for managing the TLS Transport Model for SNMP.
传输层安全(TLS)传输模型[RFC6353]使用TLS协议[RFC5246]或数据报传输层安全(DTLS)协议[RFC6347]。TLS和DTLS协议为SNMP应用程序提供身份验证和隐私服务。TLS传输模型支持通过TLS和TCP以及DTLS和UDP发送SNMP消息。此外,[RFC6353]定义了用于管理SNMP的TLS传输模型的MIB对象。
[RFC5608] describes the use of a Remote Authentication Dial-In User Service (RADIUS) service by SNMP secure Transport Models for authentication of users and authorization of services. Access control authorization, i.e., how RADIUS attributes and messages are applied to the specific application area of SNMP Access Control Models, and VACM in particular has been specified in [RFC6065].
[RFC5608]描述了SNMP安全传输模型使用远程身份验证拨入用户服务(RADIUS)服务进行用户身份验证和服务授权。访问控制授权,即如何将RADIUS属性和消息应用于SNMP访问控制模型的特定应用领域,特别是VACM已在[RFC6065]中规定。
Syslog is a mechanism for distribution of logging information initially used on Unix systems (see [RFC3164] for BSD syslog). The IETF Syslog Protocol [RFC5424] introduces a layered architecture allowing the use of any number of transport protocols, including reliable and secure transports, for transmission of syslog messages.
Syslog是一种用于分发最初在Unix系统上使用的日志信息的机制(请参阅[RFC3164]了解BSD Syslog)。IETF系统日志协议[RFC5424]引入了一种分层体系结构,允许使用任意数量的传输协议,包括可靠和安全的传输,以传输系统日志消息。
The Syslog protocol enables a machine to send system log messages across networks to event message collectors. The protocol is simply designed to transport and distribute these event messages. By default, no acknowledgements of the receipt are made, except the reliable delivery extensions specified in [RFC3195] are used. The Syslog protocol and process does not require a stringent coordination between the transport sender and the receiver. Indeed, the transmission of syslog messages may be started on a device without a receiver being configured, or even actually physically present. Conversely, many devices will most likely be able to receive messages without explicit configuration or definitions.
Syslog协议允许计算机通过网络向事件消息收集器发送系统日志消息。该协议只是为了传输和分发这些事件消息而设计的。默认情况下,除了使用[RFC3195]中指定的可靠交付扩展外,不会确认接收。Syslog协议和进程不需要传输发送方和接收方之间进行严格的协调。实际上,系统日志消息的传输可以在没有配置接收器的设备上启动,甚至可以在实际存在的情况下启动。相反,许多设备最有可能在没有明确配置或定义的情况下接收消息。
BSD syslog had little uniformity for the message format and the content of syslog messages. The body of a BSD syslog message has traditionally been unstructured text. This content is human friendly, but difficult to parse for applications. With the Syslog Protocol [RFC5424], the IETF has standardized a new message header format, including timestamp, hostname, application, and message ID, to improve filtering, interoperability, and correlation between compliant implementations.
BSD系统日志在消息格式和系统日志消息内容方面几乎没有统一性。BSD系统日志消息的正文传统上是非结构化文本。此内容人性化,但很难为应用程序解析。通过Syslog协议[RFC5424],IETF标准化了新的消息头格式,包括时间戳、主机名、应用程序和消息ID,以改进兼容实现之间的过滤、互操作性和相关性。
The Syslog protocol [RFC5424] also introduces a mechanism for defining Structured Data Elements (SDEs). The SDEs allow vendors to define their own structured data elements to supplement standardized elements. [RFC5675] defines a mapping from SNMP notifications to
Syslog协议[RFC5424]还引入了一种定义结构化数据元素(SDE)的机制。SDE允许供应商定义自己的结构化数据元素,以补充标准化元素。[RFC5675]定义从SNMP通知到的映射
syslog messages. [RFC5676] defines an SNMP MIB module to represent syslog messages for the purpose of sending those syslog messages as notifications to SNMP notification receivers. [RFC5674] defines the way alarms are sent in syslog, which includes the mapping of ITU-perceived severities onto syslog message fields and a number of alarm-specific definitions from ITU-T X.733 [ITU-X733] and the IETF Alarm MIB [RFC3877].
系统日志消息。[RFC5676]定义一个SNMP MIB模块来表示系统日志消息,以便将这些系统日志消息作为通知发送给SNMP通知接收器。[RFC5674]定义了在系统日志中发送警报的方式,包括将ITU感知的严重性映射到系统日志消息字段,以及来自ITU-T X.733[ITU-X733]和IETF警报MIB[RFC3877]的大量警报特定定义。
"Signed Syslog Messages" [RFC5848] defines a mechanism to add origin authentication, message integrity, replay resistance, message sequencing, and detection of missing messages to the transmitted syslog messages to be used in conjunction with the Syslog protocol.
“已签名的系统日志消息”[RFC5848]定义了一种机制,用于将原始身份验证、消息完整性、重播阻力、消息排序和丢失消息检测添加到传输的系统日志消息中,以便与系统日志协议一起使用。
The Syslog protocol's layered architecture provides support for a number of transport mappings. For interoperability purposes and especially in managed networks, where the network path has been explicitly provisioned for UDP syslog traffic, the Syslog protocol can be used over UDP [RFC5426]. However, to support congestion control and reliability, [RFC5426] strongly recommends the use of the TLS transport.
Syslog协议的分层体系结构支持许多传输映射。出于互操作性目的,特别是在已为UDP系统日志通信明确设置网络路径的受管网络中,系统日志协议可通过UDP[RFC5426]使用。然而,为了支持拥塞控制和可靠性,[RFC5426]强烈建议使用TLS传输。
Furthermore, the IETF defined the TLS Transport Mapping for syslog in [RFC5425], which provides a secure connection for the transport of syslog messages. [RFC5425] describes the security threats to syslog and how TLS can be used to counter such threats. [RFC6012] defines the Datagram Transport Layer Security (DTLS) Transport Mapping for syslog, which can be used if a connectionless transport is desired.
此外,IETF在[RFC5425]中定义了系统日志的TLS传输映射,它为系统日志消息的传输提供了安全连接。[RFC5425]描述了系统日志的安全威胁,以及如何使用TLS来应对此类威胁。[RFC6012]定义syslog的数据报传输层安全性(DTLS)传输映射,如果需要无连接传输,可以使用该映射。
For information on MIB modules related to syslog, see Section 4.2.1.
有关与syslog相关的MIB模块的信息,请参阅第4.2.1节。
2.3. IP Flow Information eXport (IPFIX) and Packet SAMPling (PSAMP) Protocols
2.3. IP流信息导出(IPFIX)和数据包采样(PSAMP)协议
"Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information" (the IPFIX Protocol) [RFC5101] defines a push-based data export mechanism for transferring IP flow information in a compact binary format from an Exporter to a Collector.
“IP流量信息交换的IP流量信息导出(IPFIX)协议规范”(IPFIX协议)[RFC5101]定义了一种基于推送的数据导出机制,用于以紧凑的二进制格式将IP流量信息从导出器传输到收集器。
"Architecture for IP Flow Information Export" (the IPFIX Architecture) [RFC5470] defines the components involved in IP flow measurement and reporting of information on IP flows, particularly, a Metering Process generating Flow Records, an Exporting Process that sends metered flow information using the IPFIX protocol, and a Collecting Process that receives flow information as IPFIX Data Records.
“IP流信息导出架构”(IPFIX架构)[RFC5470]定义了IP流测量和IP流信息报告中涉及的组件,特别是生成流记录的计量过程,使用IPFIX协议发送计量流信息的导出过程,以及收集过程,其接收作为IPFIX数据记录的流信息。
After listing the IPFIX requirements in [RFC3917], NetFlow Version 9 [RFC3954] was taken as the basis for the IPFIX protocol and the IPFIX architecture.
在[RFC3917]中列出IPFIX要求后,NetFlow版本9[RFC3954]被视为IPFIX协议和IPFIX体系结构的基础。
IPFIX can run over different transport protocols. The IPFIX Protocol [RFC5101] specifies Stream Control Transmission Protocol (SCTP) [RFC4960] as the mandatory transport protocol to implement. Optional alternatives are TCP [STD07] and UDP [STD06].
IPFIX可以运行不同的传输协议。IPFIX协议[RFC5101]将流控制传输协议(SCTP)[RFC4960]指定为要实现的强制传输协议。可选的备选方案是TCP[STD07]和UDP[STD06]。
SCTP is used with its Partial Reliability extension (PR-SCTP) specified in [RFC3758]. [RFC6526] specifies an extension to [RFC5101], when using the PR-SCTP [RFC3758]. The extension offers several advantages over IPFIX export, e.g., the ability to calculate Data Record losses for PR-SCTP, immediate reuse of Template IDs within an SCTP stream, reduced likelihood of Data Record loss, and reduced demands on the Collecting Process.
SCTP与[RFC3758]中规定的部分可靠性扩展(PR-SCTP)一起使用。[RFC6526]指定使用PR-SCTP[RFC3758]时对[RFC5101]的扩展。与IPFIX导出相比,该扩展提供了几个优势,例如,能够计算PR-SCTP的数据记录丢失,在SCTP流中立即重用模板ID,降低数据记录丢失的可能性,以及减少对收集过程的需求。
IPFIX transmits IP flow information in Data Records containing IPFIX Information Elements (IEs) defined by the IPFIX Information Model [RFC5102]. IPFIX IEs are quantities with unit and semantics defined by the Information Model. When transmitted over the IPFIX protocol, only their values need to be carried in Data Records. This compact encoding allows efficient transport of large numbers of measured flow values. Remaining redundancy in Data Records can be further reduced by the methods described in [RFC5473] (for further discussion on IPFIX IEs, see Section 4).
IPFIX在包含IPFIX信息模型[RFC5102]定义的IPFIX信息元素的数据记录中传输IP流信息。IPFIX IEs是由信息模型定义的具有单位和语义的数量。当通过IPFIX协议传输时,数据记录中只需携带它们的值。这种紧凑的编码允许有效传输大量测量的流量值。数据记录中的剩余冗余可以通过[RFC5473]中描述的方法进一步减少(有关IPFIX IEs的进一步讨论,请参阅第4节)。
The IPFIX Information Model is extensible. New IEs can be registered at IANA (see "IPFIX Information Elements" in [IANA-PROT]). IPFIX also supports the use of proprietary, i.e., enterprise-specific IEs.
IPFIX信息模型是可扩展的。新IEs可以在IANA注册(参见[IANA-PROT]中的“IPFIX信息元素”)。IPFIX还支持使用专有的,即特定于企业的IE。
The PSAMP protocol [RFC5476] extends the IPFIX protocol by means of transferring information on individual packets. [RFC5475] specifies a set of sampling and filtering techniques for IP packet selection, based on the PSAMP Framework [RFC5474]. The PSAMP Information Model [RFC5477] provides a set of basic IEs for reporting packet information with the IPFIX/PSAMP protocol.
PSAMP协议[RFC5476]通过传输单个数据包上的信息来扩展IPFIX协议。[RFC5475]基于PSAMP框架[RFC5474]为IP数据包选择指定了一组采样和过滤技术。PSAMP信息模型[RFC5477]提供了一组基本IEs,用于使用IPFIX/PSAMP协议报告数据包信息。
The IPFIX model of an IP traffic flow is unidirectional. [RFC5103] adds means of reporting bidirectional flows to IPFIX, for example, both directions of packet flows of a TCP connection.
IP通信流的IPFIX模型是单向的。[RFC5103]添加了向IPFIX报告双向流的方法,例如,TCP连接的数据包流的两个方向。
When enterprise-specific IEs are transmitted with IPFIX, a Collector receiving Data Records may not know the type of received data and cannot choose the right format for storing the contained information. [RFC5610] provides a means of exporting extended type information for enterprise-specific Information Elements from an Exporter to a Collector.
当使用IPFIX传输特定于企业的IEs时,接收数据记录的采集器可能不知道所接收数据的类型,并且无法选择正确的格式来存储包含的信息。[RFC5610]提供了一种将企业特定信息元素的扩展类型信息从导出器导出到收集器的方法。
Collectors may store received flow information in files. The IPFIX file format [RFC5655] can be used for storing IP flow information in a way that facilitates exchange of traffic flow information between different systems and applications.
收集器可以将接收到的流信息存储在文件中。IPFIX文件格式[RFC5655]可用于以便于不同系统和应用程序之间交换流量信息的方式存储IP流量信息。
In terms of IPFIX and PSAMP configurations, the Metering and Exporting Processes are configured out of band. As the IPFIX protocol is a push mechanism only, IPFIX cannot configure the Exporter. The actual configuration of selection processes, caches, Exporting Processes, and Collecting Processes of IPFIX- and PSAMP-compliant monitoring devices is executed using the NETCONF protocol [RFC6241] (see Section 2.4.1). The "Configuration Data Model for IPFIX and PSAMP" (the IPFIX Configuration Data Model) [CONF-MODEL] has been specified using Unified Modeling Language (UML) class diagrams. The data model is formally defined using the YANG modeling language [RFC6020] (see Section 2.4.2).
就IPFIX和PSAMP配置而言,计量和导出过程在带外配置。由于IPFIX协议只是一种推送机制,IPFIX无法配置导出器。IPFIX和PSAMP兼容监控设备的选择过程、缓存、导出过程和收集过程的实际配置使用NETCONF协议[RFC6241]执行(见第2.4.1节)。使用统一建模语言(UML)类图指定了“IPFIX和PSAMP的配置数据模型”(IPFIX配置数据模型)[CONF-Model]。使用YANG建模语言[RFC6020]正式定义数据模型(见第2.4.2节)。
At the time of this writing, a framework for IPFIX flow mediation is in preparation, which addresses the need for mediation of flow information in IPFIX applications in large operator networks, e.g., for aggregating huge amounts of flow data and for anonymization of flow information (see the problem statement in [RFC5982]).
在撰写本文时,IPFIX流中介框架正在准备中,该框架解决了大型运营商网络中IPFIX应用程序中流信息中介的需求,例如,聚合大量流数据和流信息的匿名化(参见[RFC5982]中的问题陈述)。
The IPFIX Mediation Framework [RFC6183] defines the intermediate device between Exporters and Collectors, which provides an IPFIX mediation by receiving a record stream from, e.g., a Collecting Process, hosting one or more Intermediate Processes to transform this stream, and exporting the transformed record stream into IPFIX messages via an Exporting Process.
IPFIX中介框架[RFC6183]定义了导出器和收集器之间的中间设备,它通过接收来自(例如)收集进程的记录流,承载一个或多个中间进程来转换该流,从而提供IPFIX中介,以及通过导出过程将转换后的记录流导出为IPFIX消息。
Examples for mediation functions are flow aggregation, flow selection, and anonymization of traffic information (see [RFC6235]).
中介功能的示例包括流聚合、流选择和流量信息的匿名化(请参见[RFC6235])。
Privacy, integrity, and authentication of the Exporter and Collector are important security requirements for IPFIX [RFC3917]. Confidentiality, integrity, and authenticity of IPFIX data transferred from an Exporting Process to a Collecting Process must be ensured. The IPFIX and PSAMP protocols do not define any new security mechanisms and rely on the security mechanism of the underlying transport protocol, such as TLS [RFC5246] and DTLS [RFC6347].
导出者和收集器的隐私、完整性和身份验证是IPFIX的重要安全要求[RFC3917]。必须确保从导出过程传输到收集过程的IPFIX数据的机密性、完整性和真实性。IPFIX和PSAMP协议没有定义任何新的安全机制,而是依赖于底层传输协议的安全机制,如TLS[RFC5246]和DTLS[RFC6347]。
The primary goal of IPFIX is the reporting of the flow accounting for flexible flow definitions and usage-based accounting. As described in the IPFIX Applicability Statement [RFC5472], there are also other applications such as traffic profiling, traffic engineering, intrusion detection, and QoS monitoring, that require flow-based traffic measurements and can be realized using IPFIX. Furthermore,
IPFIX的主要目标是报告流会计,以实现灵活的流定义和基于使用的会计。如IPFIX适用性声明[RFC5472]所述,还有其他应用程序,如流量分析、流量工程、入侵检测和QoS监控,它们需要基于流量的流量测量,并且可以使用IPFIX实现。此外
the IPFIX Applicability Statement explains the relation of IPFIX to other framework and protocols such as PSAMP, RMON (Remote Network Monitoring MIB, Section 4.2.1), and IPPM (IP Performance Metrics, Section 3.4)). Similar flow information could be also used for security monitoring. The addition of Performance Metrics in the IPFIX IANA registry [IANA-IPFIX], will extend the IPFIX use case to performance management.
IPFIX适用性声明解释了IPFIX与其他框架和协议的关系,如PSAMP、RMON(远程网络监控MIB,第4.2.1节)和IPPM(IP性能指标,第3.4节))。类似的流信息也可用于安全监控。在IPFIX IANA注册表[IANA-IPFIX]中添加性能指标,将IPFIX用例扩展到性能管理。
Note that even if the initial IPFIX focus has been around IP flow information exchange, non-IP-related IEs are now specified in the IPFIX IANA registration (e.g., MAC (Media Access Control) address, MPLS (Multiprotocol Label Switching) labels, etc.). At the time of this writing, there are requests to widen the focus of IPFIX and to export non-IP related IEs (such as SIP monitoring IEs).
请注意,即使最初的IPFIX关注点是围绕IP流信息交换,现在也在IPFIX IANA注册中指定了与IP无关的IE(例如,MAC(媒体访问控制)地址、MPLS(多协议标签交换)标签等)。在撰写本文时,有人要求扩大IPFIX的重点,并导出与IP无关的IE(如SIP监控IE)。
The IPFIX structured data [RFC6313] is an extension to the IPFIX protocol, which supports hierarchical structured data and lists (sequences) of Information Elements in Data Records. This extension allows the definition of complex data structures such as variable-length lists and specification of hierarchical containment relationships between templates. Furthermore, the extension provides the semantics to express the relationship among multiple list elements in a structured Data Record.
IPFIX结构化数据[RFC6313]是IPFIX协议的扩展,它支持分层结构化数据和数据记录中的信息元素列表(序列)。此扩展允许定义复杂的数据结构,如可变长度列表和模板之间层次包含关系的规范。此外,扩展提供了语义来表示结构化数据记录中多个列表元素之间的关系。
For information on data models related to the management of the IPFIX and PSAMP protocols, see Sections 4.2.1 and 4.2.2. For information on IPFIX/PSAMP IEs, see Section 4.2.3.
有关IPFIX和PSAMP协议管理相关数据模型的信息,请参阅第4.2.1节和第4.2.2节。有关IPFIX/PSAMP IEs的信息,请参见第4.2.3节。
The IAB workshop on Network Management [RFC3535] determined advanced requirements for configuration management:
IAB网络管理研讨会[RFC3535]确定了配置管理的高级要求:
o robustness: Minimizing disruptions and maximizing stability,
o 稳健性:最大限度地减少中断,最大限度地提高稳定性,
o a task-oriented view,
o 以任务为导向的观点,
o extensibility for new operations,
o 新操作的可扩展性,
o standardized error handling,
o 标准化错误处理,
o clear distinction between configuration data and operational state,
o 明确区分配置数据和运行状态,
o distribution of configurations to devices under transactional constraints,
o 在事务约束下向设备分发配置,
o single- and multi-system transactions and scalability in the number of transactions and managed devices,
o 单系统和多系统事务以及事务数量和受管设备的可扩展性,
o operations on selected subsets of management data,
o 对选定管理数据子集的操作,
o dumping and reloading a device configuration in a textual format in a standard manner across multiple vendors and device types,
o 跨多个供应商和设备类型以标准方式以文本格式转储和重新加载设备配置,
o a human interface and a programmatic interface,
o 人机界面和程序界面,
o a data modeling language with a human-friendly syntax,
o 具有人性化语法的数据建模语言,
o easy conflict detection and configuration validation, and
o 易于冲突检测和配置验证,以及
o secure transport, authentication, and robust access control.
o 安全传输、身份验证和强健的访问控制。
The NETCONF protocol [RFC6241] provides mechanisms to install, manipulate, and delete the configuration of network devices and aims to address the configuration management requirements pointed out in the IAB workshop. It uses an XML-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized on top of a simple and reliable Remote Procedure Call (RPC) layer. A key aspect of NETCONF is that it allows the functionality of the management protocol to closely mirror the native command-line interface of the device.
NETCONF协议[RFC6241]提供了安装、操作和删除网络设备配置的机制,旨在满足IAB研讨会中提出的配置管理要求。它对配置数据和协议消息使用基于XML的数据编码。NETCONF协议操作是在简单可靠的远程过程调用(RPC)层上实现的。NETCONF的一个关键方面是,它允许管理协议的功能紧密镜像设备的本机命令行界面。
The NETCONF working group developed the NETCONF Event Notifications Mechanism as an optional capability, which provides an asynchronous message notification delivery service for NETCONF [RFC5277]. The NETCONF notification mechanism enables using general purpose notification streams, where the originator of the notification stream can be any managed device (e.g., SNMP notifications).
NETCONF工作组开发了NETCONF事件通知机制作为可选功能,它为NETCONF[RFC5277]提供异步消息通知传递服务。NETCONF通知机制允许使用通用通知流,其中通知流的发起人可以是任何受管设备(例如SNMP通知)。
The NETCONF Partial Locking specification introduces fine-grained locking of the configuration datastore to enhance NETCONF for fine-grained transactions on parts of the datastore [RFC5717].
NETCONF部分锁定规范引入了配置数据存储的细粒度锁定,以增强NETCONF在部分数据存储上的细粒度事务[RFC5717]。
The NETCONF working group also defined the necessary data model to monitor the NETCONF protocol [RFC6022], by using the modeling language YANG [RFC6020] (see Section 2.4.2). The monitoring data model includes information about NETCONF datastores, sessions, locks, and statistics, which facilitate the management of a NETCONF server.
NETCONF工作组还使用建模语言YANG[RFC6020]定义了监控NETCONF协议[RFC6022]所需的数据模型(见第2.4.2节)。监控数据模型包括有关NETCONF数据存储、会话、锁和统计信息,这些信息有助于管理NETCONF服务器。
NETCONF connections are required to provide authentication, data integrity, confidentiality, and replay protection. NETCONF depends on the underlying transport protocol for this capability. For example, connections can be encrypted in TLS or SSH, depending on the underlying protocol.
NETCONF连接需要提供身份验证、数据完整性、机密性和重播保护。NETCONF依赖于此功能的底层传输协议。例如,连接可以在TLS或SSH中加密,具体取决于底层协议。
The NETCONF working group defined the SSH transport protocol as the mandatory transport binding [RFC6242]. Other optional transport bindings are TLS [RFC5539], Blocks Extensible Exchange Protocol (BEEP) over TLS [RFC4744], and Simple Object Access Protocol (SOAP) over HTTP over TLS [RFC4743].
NETCONF工作组将SSH传输协议定义为强制传输绑定[RFC6242]。其他可选传输绑定包括TLS[RFC5539]、TLS上的块可扩展交换协议(BEEP)[RFC4744]和TLS上的HTTP上的简单对象访问协议(SOAP)[RFC4743]。
The NETCONF Access Control Model (NACM) [RFC6536] provides standard mechanisms to restrict protocol access to particular users with a pre-configured subset of operations and content.
NETCONF访问控制模型(NACM)[RFC6536]提供了标准机制,通过预先配置的操作和内容子集来限制特定用户对协议的访问。
Following the guidelines of the IAB management workshop [RFC3535], the NETMOD working group developed a data modeling language defining the semantics of operational and configuration data, notifications, and operations [RFC6020]. The new data modeling language, called YANG, maps directly to XML-encoded content (on the wire) and will serve as the normative description of NETCONF data models.
按照IAB管理研讨会[RFC3535]的指南,NETMOD工作组开发了一种数据建模语言,定义了操作和配置数据、通知和操作的语义[RFC6020]。新的数据建模语言YANG直接映射到XML编码的内容(在线),并将作为NETCONF数据模型的规范性描述。
YANG has the following properties addressing specific requirements on a modeling language for configuration management:
YANG具有以下属性,可满足配置管理建模语言的特定要求:
o YANG provides the means to define hierarchical data models. It supports reusable data types and groupings, i.e., a set of schema nodes that can be reused across module boundaries.
o YANG提供了定义分层数据模型的方法。它支持可重用的数据类型和分组,即一组可以跨模块边界重用的模式节点。
o YANG supports the distinction between configuration and state data. In addition, it provides support for modeling event notifications and the specification of operations that extend the base NETCONF operations.
o 杨支持配置和状态数据之间的区别。此外,它还提供了对事件通知建模的支持,以及对扩展基本NETCONF操作的操作规范。
o YANG allows the expression of constraints on data models by means of type restrictions and XML Path Language (XPATH) 1.0 [XPATH] expressions. XPATH expressions can also be used to make certain portions of a data model conditional.
o YANG允许通过类型限制和XML路径语言(XPATH)1.0[XPATH]表达式表达数据模型上的约束。XPATH表达式还可用于使数据模型的某些部分具有条件。
o YANG supports the integration of standard- and vendor-defined data models. YANG's augmentation mechanism allows the seamless augmentation of standard data models with proprietary extensions.
o YANG支持标准和供应商定义的数据模型的集成。杨的扩充机制允许使用专有扩展无缝扩充标准数据模型。
o YANG data models can be partitioned into collections of features, allowing low-end devices only to implement the core features of a data model while high-end devices may choose to support all features. The supported features are announced via the NETCONF capability exchange to management applications.
o YANG数据模型可以划分为功能集合,允许低端设备仅实现数据模型的核心功能,而高端设备可以选择支持所有功能。支持的功能通过NETCONF功能交换向管理应用程序发布。
o The syntax of the YANG language is compact and optimized for human readers. An associated XML-based syntax called the YANG Independent Notation (YIN) [RFC6020] is available to allow the processing of YANG data models with XML-based tools. The mapping rules for the translation of YANG data models into Document Schema Definition Languages (DSDL), of which RELAX NG is a major component, are defined in [RFC6110].
o 杨语的语法简洁,适合人类读者。相关的基于XML的语法称为YANG Independent Notation(YIN)[RFC6020]可用于使用基于XML的工具处理YANG数据模型。[RFC6110]中定义了将YANG数据模型转换为文档模式定义语言(DSDL)的映射规则,RELAXNG是其中的一个主要组件。
o Devices implementing standard data models can document deviations from the data model in separate YANG modules. Applications capable of discovering deviations can make allowances that would otherwise not be possible.
o 实现标准数据模型的设备可以在单独的模块中记录与数据模型的偏差。能够发现偏差的应用程序可以考虑其他情况下不可能的偏差。
A collection of common data types for IETF-related standards is provided in [RFC6021]. This standard data type library has been derived to a large extend from common SMIv2 data types, generalizing them to a less-constrained NETCONF Framework.
[RFC6021]中提供了IETF相关标准的通用数据类型集合。这个标准数据类型库在很大程度上是从常见的SMIv2数据类型派生出来的,它将这些数据类型概括为约束较少的NETCONF框架。
The document "An Architecture for Network Management using NETCONF and YANG" describes how NETCONF and YANG can be used to build network management applications that meet the needs of network operators [RFC6244].
文件“使用NETCONF和YANG的网络管理架构”描述了如何使用NETCONF和YANG构建满足网络运营商需求的网络管理应用程序[RFC6244]。
The Experimental RFC [RFC6095] specifies extensions for YANG, introducing language abstractions such as class inheritance and recursive data structures.
实验性RFC[RFC6095]指定了YANG的扩展,引入了诸如类继承和递归数据结构之类的语言抽象。
[RFC6087] gives guidelines for the use of YANG within the IETF and other standardization organizations.
[RFC6087]给出了IETF和其他标准化组织内部使用YANG的指南。
Work is underway to standardize a translation of SMIv2 data models into YANG data models preserving investments into SNMP MIB modules, which are widely available for monitoring purposes [SMI-YANG].
正在进行将SMIv2数据模型转换为YANG数据模型的标准化工作,以保留对SNMP MIB模块的投资,这些模块可广泛用于监控目的[SMI-YANG]。
Several independent and open source implementations of the YANG data modeling language and associated tools are available.
YANG数据建模语言和相关工具的几个独立的开源实现是可用的。
While YANG is a relatively recent data modeling language, some data models have already been produced. The specification of the base NETCONF protocol operations has been revised and uses YANG as the normative modeling language to specify its operations [RFC6241]. The IPFIX working group prepared the normative model for configuring and monitoring IPFIX- and PSAMP-compliant monitoring devices using the YANG modeling language [CONF-MODEL].
虽然YANG是一种相对较新的数据建模语言,但已经产生了一些数据模型。基本NETCONF协议操作规范已经修订,并使用YANG作为规范建模语言来指定其操作[RFC6241]。IPFIX工作组使用YANG建模语言[CONF-model]编制了配置和监控符合IPFIX和PSAMP的监控设备的规范模型。
At the time of this writing, the NETMOD working group is developing core system and interface data models. Following the example of the IPFIX configuration model, IETF working groups will prepare models for their specific needs.
在撰写本文时,NETMOD工作组正在开发核心系统和接口数据模型。以IPFIX配置模型为例,IETF工作组将为其特定需求准备模型。
For information on data models developed using the YANG modeling language, see Sections 4.2.1 and 4.2.2.
有关使用YANG建模语言开发的数据模型的信息,请参见第4.2.1节和第4.2.2节。
This section reviews additional protocols the IETF offers for management and discusses for which applications they were designed and/or have already been successfully deployed. These are protocols that have mostly reached Proposed Standard status or higher within the IETF.
本节回顾IETF为管理提供的附加协议,并讨论这些协议是为哪些应用程序设计和/或已成功部署的。这些协议大多已达到IETF中提议的标准状态或更高级别。
Dynamic Host Configuration Protocol (DHCP) [RFC2131] provides a framework for passing configuration information to hosts on a TCP/IP network and, as such, enables autoconfiguration in IP networks. In addition to IP address management, DHCP can also provide other configuration information, such as default routers, the IP addresses of recursive DNS servers, and the IP addresses of NTP servers. As described in [RFC6272], DHCP can be used for IPv4 and IPv6 Address Allocation and Assignment as well as for Service Discovery.
动态主机配置协议(DHCP)[RFC2131]提供了一个框架,用于将配置信息传递给TCP/IP网络上的主机,因此,支持IP网络中的自动配置。除了IP地址管理之外,DHCP还可以提供其他配置信息,例如默认路由器、递归DNS服务器的IP地址和NTP服务器的IP地址。如[RFC6272]所述,DHCP可用于IPv4和IPv6地址分配和分配以及服务发现。
There are two versions of DHCP: one for IPv4 (DHCPv4) [RFC2131] and one for IPv6 (DHCPv6) [RFC3315]. DHCPv4 was defined as an extension to BOOTP (Bootstrap Protocol) [RFC0951]. DHCPv6 was subsequently defined to accommodate new functions required by IPv6 such as assignment of multiple addresses to an interface and to address limitations in the design of DHCPv4 resulting from its origins in BOOTP. While both versions bear the same name and perform the same functionality, the details of DHCPv4 and DHCPv6 are sufficiently different that they can be considered separate protocols.
DHCP有两个版本:一个用于IPv4(DHCPv4)[RFC2131],另一个用于IPv6(DHCPv6)[RFC3315]。DHCPv4被定义为BOOTP(引导协议)[RFC0951]的扩展。随后定义了DHCPv6,以适应IPv6所需的新功能,如向接口分配多个地址,并解决DHCPv4设计中因其起源于BOOTP而产生的限制。虽然这两个版本具有相同的名称并执行相同的功能,但DHCPv4和DHCPv6的详细信息完全不同,因此可以将它们视为单独的协议。
In addition to the assignment of IP addresses and other configuration information, DHCP options like the Relay Agent Information option (DHCPv4) [RFC3046] and, the Interface-Id Option (DHCPv6) [RFC3315] are widely used by ISPs.
除了分配IP地址和其他配置信息外,ISP还广泛使用DHCP选项,如中继代理信息选项(DHCPv4)[RFC3046]和接口Id选项(DHCPv6)[RFC3315]。
DHCPv6 includes Prefix Delegation [RFC3633], which is used to provision a router with an IPv6 prefix for use in the subnetwork supported by the router.
DHCPv6包括前缀委派[RFC3633],用于为路由器提供IPv6前缀,以便在路由器支持的子网中使用。
The following are examples of DHCP options that provide configuration information or access to specific servers. A complete list of DHCP options is available at [IANA-PROT].
以下是提供配置信息或访问特定服务器的DHCP选项的示例。有关DHCP选项的完整列表,请访问[IANA-PROT]。
o "DNS Configuration options for Dynamic Host Configuration Protocol for IPV6 (DHCPv6)" [RFC3646] describes DHCPv6 options for passing a list of available DNS recursive name servers and a domain search list to a client.
o “IPV6动态主机配置协议(DHCPv6)的DNS配置选项”[RFC3646]描述了用于将可用DNS递归名称服务器列表和域搜索列表传递给客户端的DHCPv6选项。
o "DHCP Options for Service Location Protocol" [RFC2610] describes DHCPv4 options and methods through which entities using the Service Location Protocol can find out the address of Directory Agents in order to transact messages and how the assignment of scope for configuration of Service Location Protocol (SLP) User and Service Agents can be achieved.
o “服务位置协议的DHCP选项”[RFC2610]描述了DHCPv4选项和方法,通过这些选项和方法,使用服务位置协议的实体可以找到目录代理的地址,以便处理消息,以及如何分配服务位置协议(SLP)的配置范围可以实现用户代理和服务代理。
o "Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers" [RFC3319] specifies DHCPv6 options that allow SIP clients to locate a local SIP server that is to be used for all outbound SIP requests, a so-called "outbound proxy server".
o “会话启动协议(SIP)服务器的动态主机配置协议(DHCPv6)选项”[RFC3319]指定DHCPv6选项,该选项允许SIP客户端定位用于所有出站SIP请求的本地SIP服务器,即所谓的“出站代理服务器”。
o "Dynamic Host Configuration Protocol (DHCP) Options for Broadcast and Multicast Control Servers" [RFC4280] defines DHCPv6 options to discover the Broadcast and Multicast Service (BCMCS) controller in an IP network.
o “广播和多播控制服务器的动态主机配置协议(DHCP)选项”[RFC4280]定义了用于在IP网络中发现广播和多播服务(BCMCS)控制器的DHCPv6选项。
Built directly on UDP and IP, DHCP itself has no security provisions. There are two different classes of potential security issues related to DHCP: unauthorized DHCP Servers and unauthorized DHCP Clients. The recommended solutions to these risks generally involve providing security at lower layers, e.g., careful control over physical access to the network, security techniques implemented at Layer 2 but also IPsec at Layer 3 can be used to provide authentication.
DHCP直接建立在UDP和IP上,它本身没有安全规定。与DHCP相关的潜在安全问题有两类:未经授权的DHCP服务器和未经授权的DHCP客户端。针对这些风险的建议解决方案通常涉及在较低层提供安全性,例如,对网络的物理访问进行仔细控制,在第2层实施的安全技术,以及在第3层实施的IPsec,可用于提供身份验证。
Ad hoc nodes need to configure their network interfaces with locally unique addresses as well as globally routable IPv6 addresses, in order to communicate with devices on the Internet. The IETF AUTOCONF working group developed [RFC5889], which describes the addressing model for ad hoc networks and how nodes in these networks configure their addresses.
为了与Internet上的设备通信,adhoc节点需要使用本地唯一地址以及全局可路由IPv6地址配置其网络接口。IETF自动通信工作组开发了[RFC5889],描述了自组织网络的寻址模型以及这些网络中的节点如何配置其地址。
The ad hoc nodes under consideration are expected to be able to support multi-hop communication by running MANET (Mobile Ad Hoc Network) routing protocols as developed by the IETF MANET working group.
所考虑的adhoc节点有望通过运行IETF-MANET工作组开发的MANET(移动adhoc网络)路由协议来支持多跳通信。
From the IP layer perspective, an ad hoc network presents itself as a Layer 3 multi-hop network formed over a collection of links. The addressing model aims to avoid problems for parts of the system that are ad hoc unaware, such as standard applications running on an ad hoc node or regular Internet nodes attached to the ad hoc nodes.
从IP层的角度来看,adhoc网络表现为在链路集合上形成的第3层多跳网络。寻址模型旨在避免系统中不知道特定情况的部分出现问题,例如在特定节点上运行的标准应用程序或连接到特定节点的常规Internet节点。
The IPv6 Operations (V6OPS) working group develops guidelines for the operation of a shared IPv4/IPv6 Internet and provides operational guidance on how to deploy IPv6 into existing IPv4-only networks, as well as into new network installations.
IPv6操作(V6OPS)工作组为共享IPv4/IPv6 Internet的操作制定了指导方针,并就如何将IPv6部署到现有的仅IPv4网络以及新的网络安装中提供了操作指导。
o "Basic Transition Mechanisms for IPv6 Hosts and Routers" [RFC4213] specifies IPv4 compatibility mechanisms for dual-stack and configured tunneling that can be implemented by IPv6 hosts and routers. "Dual stack" implies providing complete implementations of both IPv4 and IPv6, and configured tunneling provides a means to carry IPv6 packets over unmodified IPv4 routing infrastructures.
o “IPv6主机和路由器的基本转换机制”[RFC4213]指定了IPv6主机和路由器可以实现的双堆栈和配置隧道的IPv4兼容机制。“双栈”意味着提供IPv4和IPv6的完整实现,而配置的隧道提供了一种通过未修改的IPv4路由基础设施承载IPv6数据包的方法。
o "Transition Scenarios for 3GPP Networks" [RFC3574] lists different scenarios in 3GPP defined packet network that would need IPv6 and IPv4 transition, where "Analysis on IPv6 Transition in Third Generation Partnership Project (3GPP) Networks" [RFC4215] does a more detailed analysis of the transition scenarios that may come up in the deployment phase of IPv6 in 3GPP packet networks.
o “3GPP网络的过渡场景”[RFC3574]列出了3GPP定义的分组网络中需要IPv6和IPv4过渡的不同场景,其中“第三代合作伙伴关系项目(3GPP)网络中IPv6过渡的分析”[RFC4215]对3GPP分组网络中IPv6部署阶段可能出现的过渡场景进行了更详细的分析。
o "Scenarios and Analysis for Introducing IPv6 into ISP Networks" [RFC4029] describes and analyzes different scenarios for the introduction of IPv6 into an ISP's existing IPv4 network. "IPv6 Deployment Scenarios in 802.16 Networks" [RFC5181] provides a detailed description of IPv6 deployment, integration methods, and scenarios in wireless broadband access networks (802.16) in coexistence with deployed IPv4 services. [RFC4057] describes the scenarios for IPv6 deployment within enterprise networks.
o “将IPv6引入ISP网络的场景和分析”[RFC4029]描述并分析了将IPv6引入ISP现有IPv4网络的不同场景。“802.16网络中的IPv6部署场景”[RFC5181]详细描述了与已部署IPv4服务共存的无线宽带接入网络(802.16)中的IPv6部署、集成方法和场景。[RFC4057]描述了在企业网络中部署IPv6的场景。
o "Application Aspects of IPv6 Transition" [RFC4038] specifies scenarios and application aspects of IPv6 transition considering how to enable IPv6 support in applications running on IPv6 hosts, and giving guidance for the development of IP-version-independent applications.
o “IPv6过渡的应用程序方面”[RFC4038]指定了IPv6过渡的场景和应用程序方面,考虑如何在IPv6主机上运行的应用程序中启用IPv6支持,并为开发独立于IP版本的应用程序提供指导。
o "IANA-Reserved IPv4 Prefix for Shared Address Space" [RFC6598] updates RFC 5735 and requested the allocation of an IPv4/10 address block to be used as "Shared Carrier-Grade Network Address
o “用于共享地址空间的IANA保留IPv4前缀”[RFC6598]更新RFC 5735,并请求分配IPv4/10地址块以用作“共享载波级网络地址”
Translation (CGN) Space" by Service Providers to number the interfaces that connect CGN devices to Customer Premises Equipment (CPE).
翻译(CGN)空间”,由服务提供商对连接CGN设备与客户场所设备(CPE)的接口进行编号。
The IETF specified a general policy framework [RFC2753] for managing, sharing, and reusing policies in a vendor-independent, interoperable, and scalable manner. [RFC3460] specifies the Policy Core Information Model (PCIM) as an object-oriented information model for representing policy information. PCIM has been developed jointly in the IETF Policy Framework (POLICY) working group and the Common Information Model (CIM) activity in the Distributed Management Task Force (DMTF). PCIM has been published as extensions to CIM [DMTF-CIM].
IETF指定了一个通用策略框架[RFC2753],用于以独立于供应商、可互操作和可扩展的方式管理、共享和重用策略。[RFC3460]将策略核心信息模型(PCIM)指定为用于表示策略信息的面向对象信息模型。PCIM是在IETF政策框架(政策)工作组和分布式管理任务组(DMTF)的公共信息模型(CIM)活动中联合开发的。PCIM已作为CIM[DMTF-CIM]的扩展发布。
The IETF Policy Framework is based on a policy-based admission control specifying two main architectural elements: the Policy Enforcement Point (PEP) and the Policy Decision Point (PDP). For the purpose of network management, policies allow an operator to specify how the network is to be configured and monitored by using a descriptive language. Furthermore, it allows the automation of a number of management tasks, according to the requirements set out in the policy module.
IETF策略框架基于基于策略的准入控制,指定了两个主要架构元素:策略实施点(PEP)和策略决策点(PDP)。出于网络管理的目的,策略允许运营商使用描述性语言指定如何配置和监控网络。此外,它还允许根据策略模块中规定的要求自动化许多管理任务。
The IETF Policy Framework has been accepted by the industry as a standard-based policy management approach and has been adopted by different SDOs, e.g., for 3GGP charging standards.
IETF政策框架已被业界接受为基于标准的政策管理方法,并已被不同的SDO采用,例如3GGP收费标准。
3.3.2. Use of Common Open Policy Service (COPS) for Policy Provisioning (COPS-PR)
3.3.2. 使用公共开放策略服务(COPS)进行策略设置(COPS-PR)
[RFC3159] defines the Structure of Policy Provisioning Information (SPPI), an extension to the SMIv2 modeling language used to write Policy Information Base (PIB) modules. COPS-PR [RFC3084] uses the Common Open Policy Service (COPS) protocol [RFC2748] for the provisioning of policy information. COPS provides a simple client/ server model for supporting policy control over QoS signaling protocols. The COPS-PR specification is independent of the type of policy being provisioned (QoS, security, etc.) but focuses on the mechanisms and conventions used to communicate provisioned information between policy-decision-points (PDPs) and policy enforcement points (PEPs). Policy data is modeled using PIB modules.
[RFC3159]定义了策略供应信息(SPPI)的结构,SPPI是SMIv2建模语言的扩展,用于编写策略信息库(PIB)模块。COPS-PR[RFC3084]使用公共开放策略服务(COPS)协议[RFC2748]提供策略信息。COPS提供了一个简单的客户机/服务器模型,用于支持对QoS信令协议的策略控制。COPS-PR规范独立于提供的策略类型(QoS、安全性等),但侧重于用于在策略决策点(PDP)和策略实施点(PEP)之间传递提供的信息的机制和约定。策略数据使用PIB模块建模。
COPS-PR has not been widely deployed, and operators have stated that its use of binary encoding for management data makes it difficult to develop automated scripts for simple configuration management tasks
COPS-PR尚未得到广泛部署,运营商表示,它对管理数据使用二进制编码,因此很难为简单的配置管理任务开发自动化脚本
in most text-based scripting languages. In the IAB Workshop on Network Management [RFC3535], the consensus of operators and protocol developers indicated a lack of interest in PIB modules for use with COPS-PR.
在大多数基于文本的脚本语言中。在IAB网络管理研讨会[RFC3535]中,运营商和协议开发商的一致意见表明,他们对用于COPS-PR的PIB模块缺乏兴趣。
As a result, even if COPS-PR and the Structure of Policy Provisioning Information (SPPI) were initially approved as Proposed Standards, the IESG has not approved any PIB modules as Proposed Standard, and the use of COPS-PR is not recommended.
因此,即使COPS-PR和政策制定信息结构(SPPI)最初被批准为拟议标准,IESG也没有批准任何PIB模块作为拟议标准,也不建议使用COPS-PR。
The IPPM working group has defined metrics for accurately measuring and reporting the quality, performance, and reliability of Internet data delivery. The metrics include connectivity, one-way delay and loss, round-trip delay and loss, delay variation, loss patterns, packet reordering, bulk transport capacity, and link bandwidth capacity.
IPPM工作组定义了准确测量和报告互联网数据交付的质量、性能和可靠性的指标。这些指标包括连接性、单向延迟和丢失、往返延迟和丢失、延迟变化、丢失模式、数据包重新排序、批量传输容量和链路带宽容量。
These metrics are designed for use by network operators and their customers, and they provide unbiased quantitative measures of performance. The IPPM metrics have been developed inside an active measurement context, that is, the devices used to measure the metrics produce their own traffic. However, most of the metrics can be used inside a passive context as well. At the time of this writing, there is no work planned in the area of passive measurement.
这些指标是为网络运营商及其客户设计的,它们提供了无偏见的定量性能度量。IPPM度量是在活动度量上下文中开发的,即,用于度量度量的设备产生自己的流量。然而,大多数指标也可以在被动上下文中使用。在撰写本文时,在被动测量领域没有计划开展任何工作。
As a property, individual IPPM performance and reliability metrics need to be well defined and concrete: thus, implementable. Furthermore, the methodology used to implement a metric needs to be repeatable with consistent measurements.
作为一种属性,单个IPPM性能和可靠性指标需要定义良好且具体:因此是可实现的。此外,用于实施度量的方法需要具有一致的度量值,并且具有可重复性。
IPPMs have been adopted by different organizations, e.g., the Metro Ethernet Forum.
IPPM已被不同的组织采用,例如Metro Ethernet Forum。
Note that this document does not aim to cover OAM technologies on the data-path and, as such, the discussion of IPPM-based active versus passive monitoring as well as the data plane measurement and its diagnostics is rather incomplete. For a detailed overview and discussion of IETF OAM standards and IPPM measurement mechanisms, the reader is referred to the documents listed at the end of Section 1.2 ("Related Work") but especially to [OAM-OVERVIEW].
请注意,本文件的目的不在于涵盖数据路径上的OAM技术,因此,关于基于IPPM的主动与被动监控以及数据平面测量及其诊断的讨论相当不完整。有关IETF OAM标准和IPPM测量机制的详细概述和讨论,读者可参考第1.2节(“相关工作”)末尾列出的文件,尤其是[OAM-overview]。
The following are essential IPPM documents:
以下是IPPM的基本文件:
o "Framework for IP Performance Metrics" [RFC2330] defines a general framework for particular metrics developed by the IPPM working group, and it defines the fundamental concepts of 'metric' and 'measurement methodology'. It also discusses the issue of measurement uncertainties and errors as well as introduces the notion of empirically defined metrics and how metrics can be composed.
o “IP性能指标框架”[RFC2330]定义了IPPM工作组制定的特定指标的一般框架,并定义了“指标”和“测量方法”的基本概念。它还讨论了测量不确定性和误差的问题,并介绍了经验定义的度量的概念以及度量是如何组成的。
o "A One-way Delay Metric for IPPM" [RFC2679] defines a metric for the one-way delay of packets across Internet paths. It builds on notions introduced in the IPPM Framework document.
o “IPPM的单向延迟度量”[RFC2679]定义了跨Internet路径的数据包单向延迟度量。它以IPPM框架文件中介绍的概念为基础。
o "A Round-trip Delay Metric for IPPM" [RFC2681] defines a metric for the round-trip delay of packets across network paths and closely follows the corresponding metric for one-way delay.
o “IPPM的往返延迟度量”[RFC2681]定义了网络路径上数据包的往返延迟度量,并严格遵循相应的单向延迟度量。
o "IP Packet Delay Variation Metric for IP Performance Metrics (IPPM)" [RFC3393] refers to a metric for variation in the delay of packets across network paths and is based on the difference in the one-way-delay of selected packets called "IP Packet Delay Variation (ipdv)".
o “IP性能度量(IPPM)的IP数据包延迟变化度量”[RFC3393]是指网络路径上数据包延迟变化的度量,并基于所选数据包的单向延迟差异,称为“IP数据包延迟变化(ipdv)”。
o "A One-way Packet Loss Metric for IPPM" [RFC2680] defines a metric for one-way packet loss across Internet paths.
o “IPPM的单向分组丢失度量”[RFC2680]定义了跨Internet路径的单向分组丢失度量。
o "A One-Way Packet Duplication Metric" [RFC5560] defines a metric for the case where multiple copies of a packet are received, and it discusses methods to summarize the results of streams.
o “单向数据包复制度量”[RFC5560]定义了接收数据包多个副本的情况下的度量,并讨论了汇总数据流结果的方法。
o "Packet Reordering Metrics" [RFC4737] defines metrics to evaluate whether a network has maintained packet order on a packet-by-packet basis and discusses the measurement issues, including the context information required for all metrics.
o “数据包重新排序度量”[RFC4737]定义了用于评估网络是否在数据包基础上维持数据包顺序的度量,并讨论了度量问题,包括所有度量所需的上下文信息。
o "IPPM Metrics for Measuring Connectivity" [RFC2678] defines a series of metrics for connectivity between a pair of Internet hosts.
o “测量连接性的IPPM指标”[RFC2678]定义了一系列用于一对Internet主机之间连接性的指标。
o "Framework for Metric Composition" [RFC5835] describes a detailed framework for composing and aggregating metrics.
o “度量组合框架”[RFC5835]描述了用于组合和聚合度量的详细框架。
o "Guidelines for Considering New Performance Metric Development" [BCP170] describes the framework and process for developing Performance Metrics of protocols and applications transported over IETF-specified protocols.
o “考虑新性能指标开发的指南”[BCP170]描述了开发通过IETF指定协议传输的协议和应用程序的性能指标的框架和过程。
To measure these metrics, two protocols and a sampling method have been standardized:
为了衡量这些指标,标准化了两个协议和一种抽样方法:
o "A One-way Active Measurement Protocol (OWAMP)" [RFC4656] measures unidirectional characteristics such as one-way delay and one-way loss between network devices and enables the interoperability of these measurements. OWAMP is discussed in more detail in [OAM-OVERVIEW].
o “单向主动测量协议(OWAMP)”[RFC4656]测量单向特性,如网络设备之间的单向延迟和单向损耗,并实现这些测量的互操作性。[OAM-OVERVIEW]中详细讨论了OWAMP。
o "A Two-Way Active Measurement Protocol (TWAMP)" [RFC5357] adds round-trip or two-way measurement capabilities to OWAMP. TWAMP is discussed in more detail in [OAM-OVERVIEW].
o “双向主动测量协议(TWAMP)”[RFC5357]为OWAMP增加了往返或双向测量功能。TWAMP在[OAM-OVERVIEW]中有更详细的讨论。
o "Network performance measurement with periodic streams" [RFC3432] describes a periodic sampling method and relevant metrics for assessing the performance of IP networks, as an alternative to the Poisson sampling method described in [RFC2330].
o “具有周期流的网络性能测量”[RFC3432]描述了用于评估IP网络性能的周期采样方法和相关指标,作为[RFC2330]中描述的泊松采样方法的替代方法。
For information on MIB modules related to IP Performance Metrics see Section 4.2.4.
有关与IP性能指标相关的MIB模块的信息,请参阅第4.2.4节。
"Remote Authentication Dial In User Service (RADIUS)" [RFC2865] describes a client/server protocol for carrying authentication, authorization, and configuration information between a Network Access Server (NAS), which desires to authenticate its links, and a shared authentication server. The companion document "Radius Accounting" [RFC2866] describes a protocol for carrying accounting information between a NAS and a shared accounting server. [RFC2867] adds required new RADIUS accounting attributes and new values designed to support the provision of tunneling in dial-up networks.
“远程身份验证拨入用户服务(RADIUS)”[RFC2865]描述了一种客户机/服务器协议,用于在网络访问服务器(NAS)和共享身份验证服务器之间承载身份验证、授权和配置信息,网络访问服务器(NAS)希望对其链路进行身份验证。配套文档“Radius记帐”[RFC2866]描述了在NAS和共享记帐服务器之间传输记帐信息的协议。[RFC2867]添加了所需的新RADIUS记帐属性和新值,旨在支持拨号网络中的隧道功能。
The RADIUS protocol is widely used in environments like enterprise networks, where a single administrative authority manages the network and protects the privacy of user information. RADIUS is deployed in the networks of fixed broadband access provider as well as cellular broadband operators.
RADIUS协议广泛应用于企业网络等环境中,在这些环境中,只有一个管理机构管理网络并保护用户信息的隐私。RADIUS部署在固定宽带接入提供商和蜂窝宽带运营商的网络中。
RADIUS uses attributes to carry the specific authentication, authorization, information, and configuration details. RADIUS is extensible with a known limitation of a maximum of 255 attribute codes and 253 octets as attribute content length. RADIUS has Vendor-Specific Attributes (VSAs), which have been used both for vendor-specific purposes (as an addition to standardized attributes) as well as to extend the limited attribute code space.
RADIUS使用属性来携带特定的身份验证、授权、信息和配置详细信息。RADIUS是可扩展的,已知最大限制为255个属性代码和253个八位字节作为属性内容长度。RADIUS具有特定于供应商的属性(VSA),用于特定于供应商的目的(作为标准化属性的补充)以及扩展有限的属性代码空间。
The RADIUS protocol uses a shared secret along with the MD5 hash algorithm to secure passwords [RFC1321]. Based on the known threads, additional protection like IPsec tunnels [RFC4301] are used to further protect the RADIUS traffic. However, building and administering large IPsec-protected networks may become a management burden, especially when the IPsec-protected RADIUS infrastructure should provide inter-provider connectivity. Moving towards TLS-based security solutions [RFC5246] and establishing dynamic trust relationships between RADIUS servers has become a trend. Since the introduction of TCP transport for RADIUS [RFC6613], it became natural to have TLS support for RADIUS. An ongoing work is "Transport Layer Security (TLS) encryption for RADIUS" [RFC6614].
RADIUS协议使用共享密钥和MD5哈希算法来保护密码[RFC1321]。基于已知线程,使用诸如IPsec隧道[RFC4301]之类的附加保护来进一步保护RADIUS流量。但是,构建和管理受IPsec保护的大型网络可能会成为管理负担,特别是当受IPsec保护的RADIUS基础设施应提供提供商间连接时。转向基于TLS的安全解决方案[RFC5246],并在RADIUS服务器之间建立动态信任关系已成为一种趋势。自从引入RADIUS的TCP传输[RFC6613]以来,RADIUS的TLS支持变得很自然。正在进行的工作是“RADIUS传输层安全(TLS)加密”[RFC6614]。
"RADIUS Attributes for Tunnel Protocol Support" [RFC2868] defines a number of RADIUS attributes designed to support the compulsory provision of tunneling in dial-up network access. Some applications involve compulsory tunneling, i.e., the tunnel is created without any action from the user and without allowing the user any choice in the matter. In order to provide this functionality, specific RADIUS attributes are needed to carry the tunneling information from the RADIUS server to the tunnel end points. "Signalling Connection Control Part User Adaptation Layer (SUA)" [RFC3868] defines the necessary attributes, attribute values, and the required IANA registries.
“隧道协议支持的RADIUS属性”[RFC2868]定义了许多RADIUS属性,这些属性旨在支持拨号网络访问中隧道的强制提供。一些应用程序涉及强制隧道,即,创建隧道时用户无需采取任何行动,也不允许用户在该问题上做出任何选择。为了提供此功能,需要特定的RADIUS属性将隧道信息从RADIUS服务器传送到隧道端点。“信令连接控制部分用户适配层(SUA)”[RFC3868]定义了必要的属性、属性值和所需的IANA注册表。
"RADIUS and IPv6" [RFC3162] specifies the operation of RADIUS over IPv6 and the RADIUS attributes used to support the IPv6 network access. "RADIUS Delegated-IPv6-Prefix Attribute" [RFC4818] describes how to transport delegated IPv6 prefix information over RADIUS.
“RADIUS和IPv6”[RFC3162]指定RADIUS在IPv6上的操作以及用于支持IPv6网络访问的RADIUS属性。“RADIUS委派的IPv6前缀属性”[RFC4818]描述了如何通过RADIUS传输委派的IPv6前缀信息。
"RADIUS Attributes for Virtual LAN and Priority Support" [RFC4675] defines additional attributes for dynamic Virtual LAN assignment and prioritization, for use in provisioning of access to IEEE 802 local area networks usable with RADIUS and diameter.
“用于虚拟LAN和优先级支持的RADIUS属性”[RFC4675]定义了用于动态虚拟LAN分配和优先级划分的其他属性,用于提供对可使用RADIUS和diameter的IEEE 802局域网的访问。
"Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes" [RFC5080] describes common issues seen in RADIUS implementations and suggests some fixes. Where applicable, unclear statements and errors in previous RADIUS specifications are clarified. People designing extensions to RADIUS protocol for various deployment cases should get familiar with "RADIUS Design Guidelines" [RFC6158] in order to avoid, e.g., known interoperability challenges.
“常见远程身份验证拨入用户服务(RADIUS)实施问题和建议的修复”[RFC5080]描述了RADIUS实施中常见的问题并建议了一些修复。在适用的情况下,澄清先前半径规范中不明确的陈述和错误。为各种部署案例设计RADIUS协议扩展的人员应熟悉“RADIUS设计指南”[RFC6158],以避免(例如)已知的互操作性挑战。
"RADIUS Extension for Digest Authentication" [RFC5090] defines an extension to the RADIUS protocol to enable support of Digest Authentication, for use with HTTP-style protocols like the Session Initiation Protocol (SIP) and HTTP.
“用于摘要身份验证的RADIUS扩展”[RFC5090]定义了RADIUS协议的扩展,以支持摘要身份验证,并与HTTP风格的协议(如会话启动协议(SIP)和HTTP)一起使用。
"Carrying Location Objects in RADIUS and DIAMETER" [RFC5580] describes procedures for conveying access-network ownership and location information based on civic and geospatial location formats in RADIUS and diameter.
“承载半径和直径范围内的位置对象”[RFC5580]描述了基于半径和直径范围内的城市和地理空间位置格式传输接入网络所有权和位置信息的过程。
"Remote Authentication Dial-In User Service (RADIUS) Authorization for Network Access Server (NAS) Management" [RFC5607] specifies required RADIUS attributes and their values for authorizing a management access to a NAS. Both local and remote management are supported, with access rights and management privileges. Specific provisions are made for remote management via Framed Management protocols, such as SNMP and NETCONF, and for management access over a secure transport protocol.
“网络访问服务器(NAS)管理的远程身份验证拨入用户服务(RADIUS)授权”[RFC5607]指定授权NAS管理访问所需的RADIUS属性及其值。支持本地和远程管理,并具有访问权限和管理权限。对通过框架管理协议(如SNMP和NETCONF)进行远程管理以及通过安全传输协议进行管理访问作出了具体规定。
"RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)" [RFC3579] describes how to use RADIUS to convey an EAP [RFC3748] payload between the authenticator and the EAP server using RADIUS. RFC 3579 is widely implemented, for example, in WLAN and 802.1 X environments. "IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines" [RFC3580] describes how to use RADIUS with IEEE 802.1X authenticators. In the context of 802.1X and EAP-based authentication, the VSAs described in [RFC2458] have been widely accepted by the industry. "RADIUS Extensions" [RFC2869] is another important RFC related to EAP use. RFC 2869 describes additional attributes for carrying AAA information between a NAS and a shared accounting server using RADIUS. It also defines attributes to encapsulate EAP message payload.
“RADIUS(远程身份验证拨入用户服务)对可扩展身份验证协议(EAP)的支持”[RFC3579]描述了如何使用RADIUS在身份验证程序和EAP服务器之间使用RADIUS传输EAP[RFC3748]有效负载。例如,在WLAN和802.1 X环境中,RFC 3579被广泛实施。“IEEE 802.1X远程身份验证拨入用户服务(RADIUS)使用指南”[RFC3580]描述了如何使用IEEE 802.1X身份验证程序的RADIUS。在802.1X和基于EAP的认证环境中,[RFC2458]中描述的VSA已被业界广泛接受。“半径扩展”[RFC2869]是与EAP使用相关的另一个重要RFC。RFC 2869描述了使用RADIUS在NAS和共享记帐服务器之间传输AAA信息的附加属性。它还定义了封装EAP消息负载的属性。
There are different MIB modules defined for multiple purposes to use with RADIUS (see Sections 4.2.3 and 4.2.5).
有不同的MIB模块定义用于RADIUS的多种用途(见第4.2.3节和第4.2.5节)。
Diameter [RFC3588] provides an Authentication, Authorization, and Accounting (AAA) framework for applications such as network access or IP mobility. Diameter is also intended to work in local AAA and in roaming scenarios. Diameter provides an upgrade path for RADIUS but is not directly backwards compatible.
Diameter[RFC3588]为网络访问或IP移动等应用程序提供身份验证、授权和计费(AAA)框架。Diameter也适用于本地AAA和漫游场景。Diameter为RADIUS提供升级路径,但不直接向后兼容。
Diameter is designed to resolve a number of known problems with RADIUS. Diameter supports server failover, reliable transport over TCP and SCTP, well-documented functions for proxy, redirect and relay agent functions, server-initiated messages, auditability, and capability negotiation. Diameter also provides a larger attribute space for Attribute-Value Pairs (AVPs) and identifiers than RADIUS. Diameter features make it especially appropriate for environments,
“直径”旨在解决许多已知的半径问题。Diameter支持服务器故障切换、TCP和SCTP上的可靠传输、代理、重定向和中继代理功能、服务器启动的消息、可审核性和功能协商的详细文档功能。Diameter还为属性值对(avp)和标识符提供了比RADIUS更大的属性空间。直径特性使其特别适合于各种环境,
where the providers of services are in different administrative domains than the maintainer (protector) of confidential user information.
服务提供者与机密用户信息的维护者(保护者)处于不同的管理域。
Other notable differences to RADIUS are as follows:
半径的其他显著差异如下:
o Network and Transport Layer Security (IPsec or TLS),
o 网络和传输层安全(IPsec或TLS),
o Stateful and stateless models,
o 有状态和无状态模型,
o Dynamic discovery of peers (using DNS Service Record (SRV) and Naming Authority Pointer (NAPTR)),
o 对等点的动态发现(使用DNS服务记录(SRV)和命名机构指针(NAPTR)),
o Concept of an application that describes how a specific set of commands and Attribute-Value Pairs (AVPs) are treated by diameter nodes. Each application has an IANA-assigned unique identifier,
o 描述diameter节点如何处理特定命令集和属性值对(AVP)的应用程序概念。每个应用程序都有一个IANA分配的唯一标识符,
o Support of application layer acknowledgements, failover methods and state machines,
o 支持应用层确认、故障切换方法和状态机,
o Basic support for user-sessions and accounting,
o 对用户会话和记帐的基本支持,
o Better roaming support,
o 更好的漫游支持,
o Error notification, and
o 错误通知,以及
o Easy extensibility.
o 易于扩展。
The Diameter protocol is designed to be extensible to support, e.g., proxies, brokers, mobility and roaming, Network Access Servers (NASREQ), and Accounting and Resource Management. Diameter applications extend the Diameter base protocol by adding new commands and/or attributes. Each application is defined by a unique IANA-assigned application identifier and can add new command codes and/or new mandatory AVPs.
Diameter协议设计为可扩展,以支持代理、代理、移动和漫游、网络访问服务器(NASREQ)以及记帐和资源管理。Diameter应用程序通过添加新命令和/或属性来扩展Diameter基本协议。每个应用程序由唯一的IANA分配的应用程序标识符定义,可以添加新的命令代码和/或新的强制AVP。
The Diameter application identifier space has been divided into Standards Track and 'First Come First Served' vendor-specific applications. The following are examples of Diameter applications published at IETF:
Diameter应用程序标识符空间分为标准轨道和“先到先得”供应商特定应用程序。以下是IETF上发布的Diameter应用程序示例:
o Diameter Base Protocol Application [RFC3588]: Required support from all Diameter implementations.
o Diameter基本协议应用程序[RFC3588]:需要所有Diameter实现的支持。
o Diameter Base Accounting Application [RFC3588]: A Diameter application using an accounting protocol based on a server-directed model with capabilities for real-time delivery of accounting information.
o Diameter基础记帐应用程序[RFC3588]:一种Diameter应用程序,使用基于服务器导向模型的记帐协议,具有实时传递记帐信息的功能。
o Diameter Mobile IPv4 Application [RFC4004]: A Diameter application that allows a Diameter server to authenticate, authorize, and collect accounting information for Mobile IPv4 services rendered to a mobile node.
o Diameter移动IPv4应用程序[RFC4004]:允许Diameter服务器对提供给移动节点的移动IPv4服务进行身份验证、授权和收集记帐信息的Diameter应用程序。
o Diameter Network Access Server Application (NASREQ, [RFC4005]): A Diameter application used for AAA services in the NAS environment.
o Diameter网络访问服务器应用程序(NASREQ,[RFC4005]):用于NAS环境中AAA服务的Diameter应用程序。
o Diameter Extensible Authentication Protocol Application [RFC4072]: A Diameter application that carries EAP packets between a NAS and a back-end authentication server.
o Diameter可扩展身份验证协议应用程序[RFC4072]:在NAS和后端身份验证服务器之间承载EAP数据包的Diameter应用程序。
o Diameter Credit-Control Application [RFC4006]: A Diameter application that can be used to implement real-time credit-control for a variety of end-user services such as network access, Session Initiation Protocol (SIP) services, messaging services, and download services.
o Diameter信用控制应用程序[RFC4006]:一种Diameter应用程序,可用于对各种最终用户服务(如网络访问、会话初始化协议(SIP)服务、消息服务和下载服务)实施实时信用控制。
o Diameter Session Initiation Protocol Application [RFC4740]: A Diameter application designed to be used in conjunction with SIP and provides a Diameter client co-located with a SIP server, with the ability to request the authentication of users and authorization of SIP resources usage from a Diameter server.
o Diameter会话启动协议应用程序[RFC4740]:设计用于与SIP结合使用的Diameter应用程序,提供与SIP服务器位于同一位置的Diameter客户端,能够从Diameter服务器请求用户身份验证和SIP资源使用授权。
o Diameter Quality-of-Service Application [RFC5866]: A Diameter application allowing network elements to interact with Diameter servers when allocating QoS resources in the network.
o Diameter服务质量应用程序[RFC5866]:允许网元在网络中分配QoS资源时与Diameter服务器交互的Diameter应用程序。
o Diameter Mobile IPv6 IKE (MIP6I) Application [RFC5778]: A Diameter application that enables the interaction between a Mobile IP home agent and a Diameter server and is used when the mobile node is authenticated and authorized using IKEv2 [RFC5996].
o Diameter移动IPv6 IKE(MIP6I)应用程序[RFC5778]:一种Diameter应用程序,支持移动IP归属代理和Diameter服务器之间的交互,并在使用IKEv2[RFC5996]对移动节点进行身份验证和授权时使用。
o Diameter Mobile IPv6 Auth (MIP6A) Application [RFC5778]: A Diameter application that enables the interaction between a Mobile IP home agent and a Diameter server and is used when the mobile node is authenticated and authorized using the Mobile IPv6 Authentication Protocol [RFC4285].
o Diameter移动IPv6身份验证(MIP6A)应用程序[RFC5778]:一种Diameter应用程序,支持移动IP归属代理和Diameter服务器之间的交互,并在使用移动IPv6身份验证协议[RFC4285]对移动节点进行身份验证和授权时使用。
The large majority of Diameter applications are vendor-specific and mainly used in various SDOs outside the IETF. One example SDO using diameter extensively is 3GPP (e.g., 3GPP 'IP Multimedia Subsystem' (IMS) uses diameter-based interfaces (e.g., Cx) [3GPPIMS]). Recently, during the standardization of the '3GPP Evolved Packet Core' [3GPPEPC], diameter was chosen as the only AAA signaling protocol.
绝大多数Diameter应用程序都是特定于供应商的,主要用于IETF之外的各种SDO。广泛使用diameter的一个示例SDO是3GPP(例如,3GPP“IP多媒体子系统”(IMS)使用基于diameter的接口(例如,Cx)[3GPPIMS])。最近,在“3GPP演进包核心”[3GPPEPC]的标准化过程中,diameter被选为唯一的AAA信令协议。
One part of diameter's extensibility mechanism is an easy and consistent way of creating new commands for the need of applications. RFC 3588 proposed to define diameter command code allocations with a new RFC. This policy decision caused undesired use and redefinition of existing command codes within SDOs. Diverse RFCs have been published as simple command code allocations for other SDO purposes (see [RFC3589], [RFC5224], [RFC5431], and [RFC5516]). [RFC5719] changed the command code policy and added a range for vendor-specific command codes to be allocated on a 'First Come First Served' basis by IANA.
diameter的扩展机制的一部分是一种简单而一致的方法,可以根据应用程序的需要创建新命令。RFC 3588建议使用新的RFC定义diameter命令代码分配。此策略决策导致SDO中现有命令代码的不希望的使用和重新定义。各种RFC已发布为用于其他SDO目的的简单命令代码分配(请参阅[RFC3589]、[RFC5224]、[RFC5431]和[RFC5516])。[RFC5719]更改了命令代码策略,并添加了供应商特定命令代码的范围,以便IANA按照“先到先得”的原则进行分配。
The implementation and deployment experience of diameter has led to the ongoing development of an update of the base protocol [DIAMETER], which introduces TLS as the preferred security mechanism and deprecates the in-band security negotiation for TLS.
diameter的实施和部署经验导致了基本协议[diameter]的不断更新,该协议引入TLS作为首选安全机制,并反对TLS的带内安全协商。
Some Diameter protocol enhancements and clarifications that logically fit better into [DIAMETER], are also needed on the existing deployments based on RFC 3588. Therefore, protocol extensions specifically usable in large inter-provider roaming network scenarios are made available for RFC 3588. Two currently existing specifications are mentioned below:
基于RFC 3588的现有部署也需要一些在逻辑上更适合[Diameter]的Diameter协议增强和澄清。因此,RFC3588提供了在大型提供商间漫游网络场景中特别可用的协议扩展。以下提到了两个现有规范:
o "Clarifications on the Routing of Diameter Requests Based on the Username and the Realm" [RFC5729] defines the behavior required for Diameter agents to route requests when the User-Name AVP contains a NAI formatted with multiple realms. These multi-realm Network Access Identifiers are used in order to force the routing of request messages through a predefined list of mediating realms.
o “基于用户名和领域的Diameter请求路由说明”[RFC5729]定义了当用户名AVP包含使用多个领域格式化的NAI时,Diameter代理路由请求所需的行为。这些多域网络访问标识符用于通过预定义的中介域列表强制路由请求消息。
o "Diameter Straightforward-Naming Authority Pointer (S-NAPTR) Usage" [RFC6408] describes an improved DNS-based dynamic Diameter agent discovery mechanism without having to do diameter capability exchange beforehand with a number of agents.
o “Diameter直接命名机构指针(S-NAPTR)用法”[RFC6408]描述了一种改进的基于DNS的动态Diameter代理发现机制,无需事先与多个代理进行Diameter功能交换。
There have been a growing number of Diameter Framework documents from the IETF that basically are just a collection of AVPs for a specific purpose or a system architecture with semantic AVP descriptions and a logic for "imaginary" applications. From a standardization point of view, this practice allows the development of larger system architecture documents that do not need to reference AVPs or application logic outside the IETF. Below are examples of a few recent AVP and Framework documents:
IETF中越来越多的Diameter框架文档基本上只是用于特定目的的AVP集合,或者是具有语义AVP描述和“虚拟”应用逻辑的系统架构。从标准化的角度来看,这种做法允许开发更大的系统架构(architecture)文档,而不需要参考IETF之外的AVP或应用逻辑。以下是一些最新AVP和框架文件的示例:
o "Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction" [RFC5447] describes the bootstrapping of the Mobile IPv6 framework and the support of interworking with existing AAA infrastructures by using the diameter NAS-to-home-AAA server interface.
o “Diameter移动IPv6:支持网络访问服务器到Diameter服务器的交互”[RFC5447]描述了移动IPv6框架的引导,以及通过使用Diameter NAS到家庭AAA服务器接口支持与现有AAA基础架构的交互。
o "Traffic Classification and Quality of Service (QoS) Attributes for Diameter" [RFC5777] defines a number of Diameter AVPs for traffic classification with actions for filtering and QoS treatment.
o “Diameter的流量分类和服务质量(QoS)属性”[RFC5777]为流量分类定义了许多Diameter AVP,包括过滤和QoS处理操作。
o "Diameter Proxy Mobile IPv6: Mobile Access Gateway and Local Mobility Anchor Interaction with Diameter Server" [RFC5779] defines AAA interactions between Proxy Mobile IPv6 (PMIPv6) entities (MAG and LMA) and a AAA server within a PMIPv6 Domain.
o “Diameter代理移动IPv6:移动接入网关和本地移动锚与Diameter服务器的交互”[RFC5779]定义了代理移动IPv6(PMIPv6)实体(MAG和LMA)与PMIPv6域内AAA服务器之间的AAA交互。
For information on MIB modules related to diameter, see Section 4.2.5.
有关与直径相关的MIB模块的信息,请参见第4.2.5节。
Wireless LAN (WLAN) product architectures have evolved from single autonomous Access Points to systems consisting of a centralized Access Controller (AC) and Wireless Termination Points (WTPs). The general goal of centralized control architectures is to move access control, including user authentication and authorization, mobility management, and radio management from the single access point to a centralized controller, where an Access Point pulls the information from the AC.
无线局域网(WLAN)产品体系结构已从单个自主接入点发展到由集中接入控制器(AC)和无线终端点(WTP)组成的系统。集中式控制体系结构的总体目标是将访问控制(包括用户身份验证和授权、移动性管理和无线电管理)从单个接入点移动到集中式控制器,其中接入点从AC获取信息。
Based on "Architecture Taxonomy for Control and Provisioning of Wireless Access Points (CAPWAP)" [RFC4118], the CAPWAP working group developed the CAPWAP protocol [RFC5415] to facilitate control, management, and provisioning of WTPs specifying the services, functions, and resources relating to 802.11 WLAN Termination Points in order to allow for interoperable implementations of WTPs and ACs. The protocol defines the CAPWAP control plane, including the primitives to control data access. The protocol document also specifies how configuration management of WTPs can be done and defines CAPWAP operations responsible for debugging, gathering statistics, logging, and managing firmware as well as discusses operational and transport considerations.
基于“无线接入点(CAPWAP)控制和供应的体系结构分类法”[RFC4118],CAPWAP工作组开发了CAPWAP协议[RFC5415],以促进WTP的控制、管理和供应,其中规定了服务、功能,以及与802.11 WLAN终端点相关的资源,以允许WTP和ACs的互操作实现。该协议定义了CAPWAP控制平面,包括控制数据访问的原语。协议文档还规定了如何进行WTP的配置管理,并定义了负责调试、收集统计信息、记录和管理固件的CAPWAP操作,并讨论了操作和传输注意事项。
The CAPWAP protocol is prepared to be independent of Layer 2 technologies, and meets the objectives in "Objectives for Control and Provisioning of Wireless Access Points (CAPWAP)" [RFC4564]. Separate
CAPWAP协议准备独立于第2层技术,并满足“无线接入点(CAPWAP)的控制和供应目标”[RFC4564]中的目标。分离
binding extensions enable the use with additional wireless technologies. [RFC5416] defines the CAPWAP Protocol Binding for IEEE 802.11.
绑定扩展支持与其他无线技术一起使用。[RFC5416]定义了IEEE 802.11的CAPWAP协议绑定。
CAPWAP Control messages, and optionally CAPWAP Data messages, are secured using DTLS [RFC6347]. DTLS is used as a tightly integrated, secure wrapper for the CAPWAP protocol.
CAPWAP控制消息和CAPWAP数据消息(可选)使用DTLS[RFC6347]进行安全保护。DTLS被用作CAPWAP协议的一个紧密集成的安全包装器。
For information on MIB modules related to CAPWAP, see Section 4.2.2.
有关CAPWAP相关MIB模块的信息,请参见第4.2.2节。
The Access Node Control Protocol (ANCP) [RFC6320] realizes a control plane between a service-oriented Layer 3 edge device, the NAS and a Layer 2 Access Node (AN), e.g., Digital Subscriber Line Access Module (DSLAM). As such, ANCP operates in a multi-service reference architecture and communicates QoS-, service-, and subscriber-related configuration and operation information between a NAS and an AN.
接入节点控制协议(ANCP)[RFC6320]实现面向服务的第3层边缘设备、NAS和第2层接入节点(AN)(例如数字用户线接入模块(DSLAM))之间的控制平面。因此,ANCP在多服务参考体系结构中运行,并在NAS和an之间传送QoS、服务和与订户相关的配置和操作信息。
The main goal of this protocol is to configure and manage access equipment and allow them to report information to the NAS in order to enable and optimize configuration.
此协议的主要目标是配置和管理访问设备,并允许它们向NAS报告信息,以便启用和优化配置。
The framework and requirements for an AN control mechanism and the use cases for ANCP are documented in [RFC5851].
控制机制的框架和要求以及ANCP的用例记录在[RFC5851]中。
ANCP offers authentication and authorization between AN and NAS nodes and provides replay protection and data-origin authentication. The ANCP solution is also robust against Denial-of-Service (DoS) attacks. Furthermore, the ANCP solution is recommended to offer confidentiality protection. Security Threats and Security Requirements for ANCP are discussed in [RFC5713].
ANCP在AN和NAS节点之间提供身份验证和授权,并提供重播保护和数据源身份验证。ANCP解决方案还可以抵御拒绝服务(DoS)攻击。此外,建议使用ANCP解决方案提供保密保护。[RFC5713]中讨论了ANCP的安全威胁和安全要求。
The Application Configuration Access Protocol (ACAP) [RFC2244] is designed to support remote storage and access of program option, configuration, and preference information. The datastore model is designed to allow a client relatively simple access to interesting data, to allow new information to be easily added without server reconfiguration, and to promote the use of both standardized data and custom or proprietary data. Key features include "inheritance", which can be used to manage default values for configuration settings and access control lists that allow interesting personal information to be shared and group information to be restricted.
应用程序配置访问协议(ACAP)[RFC2244]旨在支持远程存储和访问程序选项、配置和首选项信息。数据存储模型旨在允许客户端相对简单地访问感兴趣的数据,允许在不重新配置服务器的情况下轻松添加新信息,并促进标准化数据和自定义或专有数据的使用。主要功能包括“继承”,它可用于管理配置设置和访问控制列表的默认值,允许共享感兴趣的个人信息和限制组信息。
ACAP's primary purpose is to allow applications access to their configuration data from multiple network-connected computers. Users can then use any network-connected computer, run any ACAP-enabled application, and have access to their own configuration data. To enable wide usage client simplicity has been preferred to server or protocol simplicity whenever reasonable.
ACAP的主要目的是允许应用程序从多台网络连接的计算机访问其配置数据。然后,用户可以使用任何网络连接的计算机,运行任何启用ACAP的应用程序,并可以访问自己的配置数据。为了实现广泛使用,在合理的情况下,客户机的简单性比服务器或协议的简单性更受欢迎。
The ACAP 'authenticate' command uses Simple Authentication and Security Layer (SASL) [RFC4422] to provide basic authentication, authorization, integrity, and privacy services. All ACAP implementations are required to implement the CRAM-MD5 (Challenge-Response Authentication Mechanism) [RFC2195] for authentication, which can be disabled based on the site security policy.
ACAP“authenticate”命令使用简单身份验证和安全层(SASL)[RFC4422]提供基本身份验证、授权、完整性和隐私服务。所有ACAP实现都需要实现CRAM-MD5(质询-响应身份验证机制)[RFC2195]进行身份验证,可以根据站点安全策略禁用该机制。
The Extensible Markup Language (XML) Configuration Access Protocol (XCAP) [RFC4825] has been designed for and is commonly used with SIP-based solutions, in particular, for instant messages, presence, and SIP conferences. XCAP is a protocol that allows a client to read, write, and modify application configuration data stored in XML format on a server, where the main functionality is provided by so-called "XCAP Application Usages".
可扩展标记语言(XML)配置访问协议(XCAP)[RFC4825]是为基于SIP的解决方案而设计的,并且通常与基于SIP的解决方案一起使用,特别是用于即时消息、状态和SIP会议。XCAP是一种协议,允许客户端读取、写入和修改服务器上以XML格式存储的应用程序配置数据,其中主要功能由所谓的“XCAP应用程序使用”提供。
XCAP is a protocol that can be used to manipulate per-user data. XCAP is a set of conventions for mapping XML documents and document components into HTTP URIs, rules for how the modification of one resource affects another, data validation constraints, and authorization policies associated with access to those resources. Because of this structure, normal HTTP primitives can be used to manipulate the data. Like ACAP, XCAP supports the configuration needs for a multiplicity of applications.
XCAP是一种可用于处理每用户数据的协议。XCAP是一组约定,用于将XML文档和文档组件映射到httpuri、修改一个资源如何影响另一个资源的规则、数据验证约束以及与访问这些资源相关的授权策略。由于这种结构,可以使用普通的HTTP原语来操作数据。与ACAP一样,XCAP支持多种应用程序的配置需求。
All XCAP servers are required to implement HTTP Digest Authentication [RFC2617]. Furthermore, XCAP servers are required to implement HTTP over TLS (HTTPS) [RFC2818]. It is recommended that administrators use an HTTPS URI as the XCAP root URI, so that the digest client authentication occurs over TLS.
所有XCAP服务器都需要实现HTTP摘要身份验证[RFC2617]。此外,XCAP服务器需要通过TLS实现HTTP(HTTPS)[RFC2818]。建议管理员使用HTTPS URI作为XCAP根URI,以便通过TLS进行摘要客户端身份验证。
The following list summarizes important XCAP application usages:
以下列表总结了重要的XCAP应用程序用法:
o XCAP server capabilities [RFC4825] can be read by clients to determine which extensions, application usages, or namespaces a server supports.
o 客户端可以读取XCAP服务器功能[RFC4825],以确定服务器支持哪些扩展、应用程序使用或名称空间。
o A resource lists application is any application that needs access to a list of resources, identified by a URI, to which operations, such as subscriptions, can be applied [RFC4826].
o 资源列表应用程序是需要访问由URI标识的资源列表的任何应用程序,可以对其应用订阅等操作[RFC4826]。
o A Resource List Server (RLS) Services application is a SIP application, where a server receives SIP SUBSCRIBE requests for resources and generates subscriptions towards the resource list [RFC4826].
o 资源列表服务器(RLS)服务应用程序是SIP应用程序,其中服务器接收资源的SIP订阅请求并生成对资源列表的订阅[RFC4826]。
o A Presence Rules application uses authorization policies, also known as authorization rules, to specify what presence information can be given to which watchers, and when [RFC4827].
o 状态规则应用程序使用授权策略(也称为授权规则)来指定哪些状态信息可以提供给哪些观察者以及何时提供[RFC4827]。
o A 'pidf-manipulation' application defines how XCAP is used to manipulate the contents of PIDF-based presence documents [RFC4827].
o “pidf操纵”应用程序定义了如何使用XCAP操纵基于pidf的状态文档的内容[RFC4827]。
This section provides two complementary overviews for the network management data models standardized at IETF. The first subsection focuses on a broader view of models classified into categories such as generic and infrastructure data models as well as data models matched to different layers. The second subsection is structured following the management application view and focuses mainly on the data models for the network management tasks fault, configuration, accounting, performance, and security management (see [FCAPS]).
本节提供了IETF标准化网络管理数据模型的两个补充概述。第一小节侧重于更广泛的模型视图,这些模型分为多个类别,如通用数据模型、基础设施数据模型以及与不同层匹配的数据模型。第二小节的结构遵循管理应用程序视图,主要关注网络管理任务故障、配置、记帐、性能和安全管理的数据模型(请参见[FCAPS])。
Note that the IETF does not use the FCAPS view as an organizing principle for its data models. However, the FCAPS view is used widely outside of the IETF for the realization of management tasks and applications. Section 4.2 aims to address the FCAPS view to enable people outside of the IETF to understand the relevant data models in the IETF.
请注意,IETF不使用FCAPS视图作为其数据模型的组织原则。然而,FCAPS视图在IETF之外广泛用于实现管理任务和应用程序。第4.2节旨在说明FCAPS视图,使IETF之外的人员能够理解IETF中的相关数据模型。
The different data models covered in this section are MIB modules, IPFIX Information Elements, Syslog Structured Data Elements, and YANG modules. There are many technology-specific IETF data models, such as transmission and protocol MIBs, which are not mentioned in this document and can be found at [RFCSEARCH].
本节介绍的不同数据模型包括MIB模块、IPFIX信息元素、Syslog结构化数据元素和YANG模块。有许多特定于技术的IETF数据模型,如传输和协议MIB,本文档中未提及,可在[RFCSEARCH]中找到。
This section gives an overview of management data models that have reached Draft or Proposed Standard status at the IETF. In exceptional cases, important Informational RFCs are referenced. The advancement process for management data models beyond Proposed Standard status, has been defined in [BCP027] with a more pragmatic approach and special considerations on data model specification interoperability. However, most IETF management data models never advanced beyond Proposed Standard.
本节概述了在IETF上已达到草案或拟议标准状态的管理数据模型。在特殊情况下,参考重要的信息性RFC。[BCP027]中定义了超出拟议标准状态的管理数据模型的改进过程,采用了更务实的方法,并特别考虑了数据模型规范的互操作性。然而,大多数IETF管理数据模型从未超越提议的标准。
The data models defined by the IETF can be broadly classified into the following categories depicted in Figure 1.
IETF定义的数据模型可大致分为图1所示的以下类别。
+-----------+ +-------------------------------+ +-----------+ | | | application-layer data models | | network | | generic | +-------------------------------+ | management| | infra- | | transport-layer data models | | infra- | | structure | +-------------------------------+ | structure | | data | | network-layer data models | | data | | models | +-------------------------------+ | models | | | | link-layer data models | | | +-----------+ +-------------------------------+ +-----------+
+-----------+ +-------------------------------+ +-----------+ | | | application-layer data models | | network | | generic | +-------------------------------+ | management| | infra- | | transport-layer data models | | infra- | | structure | +-------------------------------+ | structure | | data | | network-layer data models | | data | | models | +-------------------------------+ | models | | | | link-layer data models | | | +-----------+ +-------------------------------+ +-----------+
Figure 1: Categories of Network Management Data Models
图1:网络管理数据模型的类别
Each of the categories is briefly described below. Note that the classification used here is intended to provide orientation and reflects how most data models have been developed in the IETF by the various working groups. This classification does not aim to classify correctly all data models that have been defined by the IETF so far. The network layering model in the middle of Figure 1 follows the four-layer model of the Internet as defined in [RFC1021].
下面简要介绍每一类。请注意,此处使用的分类旨在提供方向,并反映各工作组在IETF中开发大多数数据模型的方式。这种分类的目的并不是正确分类IETF迄今定义的所有数据模型。图1中的网络分层模型遵循如[RCF1021]中定义的因特网的四层模型。
The network management object identifiers for use with IETF MIB modules defined in the IETF can be found under the IANA registry at [SMI-NUMBERS].
与IETF中定义的IETF MIB模块一起使用的网络管理对象标识符可在IANA注册表的[SMI-NUMBERS]下找到。
Generic infrastructure data models provide core abstractions that many other data models are built upon. The most important example is the interfaces data model defined in the IF-MIB [RFC2863]. It provides the basic notion of network interfaces and allows expressing stacking/layering relationships between interfaces. The interfaces data model also provides basic monitoring objects that are widely used for performance and fault management.
通用基础设施数据模型提供了许多其他数据模型所基于的核心抽象。最重要的例子是IF-MIB[RFC2863]中定义的接口数据模型。它提供了网络接口的基本概念,并允许表示接口之间的堆叠/分层关系。接口数据模型还提供了广泛用于性能和故障管理的基本监视对象。
The second important infrastructure data model is defined in the Entity MIB [RFC4133]. It exports the containment hierarchy of the physical entities (slots, modules, ports) that make up a networking device and, as such, it is a key data model for inventory management. Physical entities can have pointers to other data models that provide more specific information about them (e.g., physical ports usually point to the related network interface). Entity MIB extensions exist for physical sensors such as temperature sensors embedded on line cards or sensors that report fan rotation speeds [RFC3433]. The
第二个重要的基础设施数据模型在实体MIB[RFC4133]中定义。它导出组成网络设备的物理实体(插槽、模块、端口)的包含层次结构,因此,它是库存管理的关键数据模型。物理实体可以有指向其他数据模型的指针,这些数据模型提供关于它们的更具体的信息(例如,物理端口通常指向相关的网络接口)。实体MIB扩展适用于物理传感器,如内嵌在线路卡上的温度传感器或报告风扇转速的传感器[RFC3433]。这个
Entity State MIB [RFC4268] models states and alarms of physical entities. Some vendors have extended the basic Entity MIB with several proprietary data models.
实体状态MIB[RFC4268]为物理实体的状态和警报建模。一些供应商用几个专有数据模型扩展了基本实体MIB。
A number of data models exist in the form of MIB modules covering the link layers IP runs over, such as Asymmetric Bit-Rate DSL (ADSL) [RFC4706], Very high bit-rate Digital Subscriber Line (VDSL) [RFC5650], GMPLS [RFC4803], ISDN [RFC2127], ATM [RFC2515] [RFC3606], Cable Modems [RFC4546], or Ethernet [RFC4188] [RFC4318] [RFC4363]. These so-called transmission data models typically extend the generic network interfaces data model with interface type specific information. Most of the link-layer data models focus on monitoring capabilities that can be used for performance and fault management functions and, to some lesser extent, for accounting and security management functions. Meanwhile, the IEEE has taken over the responsibility to maintain and further develop data models for the IEEE 802 family of protocols [RFC4663]. The cable modem industry consortium DOCSIS is working with the IETF to publish data models for cable modem networks as IETF Standards Track specifications.
许多数据模型以MIB模块的形式存在,覆盖IP上的链路层,例如非对称比特率DSL(ADSL)[RFC4706]、甚高速数字用户线(VDSL)[RFC5650]、GMPLS[RFC4803]、ISDN[RFC2127]、ATM[RFC2515][RFC3606]、电缆调制解调器[RFC4546]或以太网[RFC4188][RFC4318][RFC4363]。这些所谓的传输数据模型通常使用接口类型特定的信息扩展通用网络接口数据模型。大多数链路层数据模型侧重于可用于性能和故障管理功能的监控功能,以及在较小程度上用于记帐和安全管理功能的监控功能。同时,IEEE已经接管了维护和进一步开发IEEE 802协议系列数据模型的责任[RFC4663]。电缆调制解调器行业联盟DOCSIS正在与IETF合作,将电缆调制解调器网络的数据模型发布为IETF标准轨道规范。
There are data models in the form of MIB modules covering IP/ICMP [RFC4293] [RFC4292] network protocols and their extensions (e.g., Mobile IP), the core protocols of the Internet. In addition, there are data models covering popular unicast routing protocols (OSPF [RFC4750], IS-IS [RFC4444], BGP-4 [RFC4273]) and multicast routing protocols (PIM [RFC5060]).
有MIB模块形式的数据模型,涵盖IP/ICMP[RFC4293][RFC4292]网络协议及其扩展(如移动IP),这是互联网的核心协议。此外,还有涵盖流行单播路由协议(OSPF[RFC4750]、IS-IS[RFC4444]、BGP-4[RFC4273])和多播路由协议(PIM[RFC5060])的数据模型。
Detailed models also exist for performance measurements in the form of IP Performance Metrics [RFC2330] (see Section 3.4).
还存在IP性能度量[RFC2330]形式的详细性能度量模型(见第3.4节)。
The necessary data model infrastructure for configuration data models covering network layers are currently being defined using NETCONF [RFC6242] and YANG [RFC6020].
目前正在使用NETCONF[RFC6242]和YANG[RFC6020]定义覆盖网络层的配置数据模型所需的数据模型基础设施。
There are data models for the transport protocols TCP [RFC4022], UDP [RFC4113], and SCTP [RFC3873]. For TCP, a data model providing extended statistics is defined in [RFC4898].
传输协议TCP[RFC4022]、UDP[RFC4113]和SCTP[RFC3873]都有数据模型。对于TCP,提供扩展统计信息的数据模型在[RFC4898]中定义。
Some data models have been developed for specific application protocols (e.g., SIP [RFC4780]). In addition, there are data models that provide a generic infrastructure for instrumenting applications in order to obtain data useful primarily for performance management and fault management [RFC2287] [RFC2564]. In general, however, generic application MIB modules have been less successful in gaining widespread deployment.
已经为特定的应用协议(如SIP[RFC4780])开发了一些数据模型。此外,还有一些数据模型为检测应用程序提供了通用基础设施,以便获得主要用于性能管理和故障管理的数据[RFC2287][RFC2564]。然而,一般来说,通用应用程序MIB模块在获得广泛部署方面不太成功。
A number of data models are concerned with the network management system itself. This includes, in addition to a set of SNMP MIB modules for monitoring and configuring SNMP itself [RFC3410], some MIB modules providing generic functions such as the calculation of expressions over MIB objects, generic functions for thresholding and event generation, event notification logging functions, and data models to represent alarms [RFC2981] [RFC2982] [RFC3014] [RFC3877].
许多数据模型与网络管理系统本身有关。除用于监控和配置SNMP本身[RFC3410]的一组SNMP MIB模块外,还包括一些MIB模块,这些模块提供通用功能,如MIB对象上表达式的计算、阈值和事件生成的通用功能、事件通知日志功能以及表示报警的数据模型[RFC2981][RFC2982][RFC3014][RFC3877]。
In addition, there are data models that allow the execution of basic reachability and path discovery tests [RFC4560]. Another collection of MIB modules provides remote monitoring functions, ranging from the data link layer up to the application layer. This is known as the "RMON family of MIB modules" [RFC3577].
此外,还存在允许执行基本可达性和路径发现测试的数据模型[RFC4560]。另一组MIB模块提供远程监控功能,从数据链路层到应用程序层。这被称为“RMON系列MIB模块”[RFC3577]。
The IPFIX Protocol [RFC5101] (Section 2.3) is used to export information about network flows collected at so-called Observation Points (typically, a network interface). The IEs [RFC5102] carried in IPFIX cover the majority of the network and transport layer header fields and a few link-layer-specific fields. Work is underway to further extend the standardized information that can be carried in IPFIX.
IPFIX协议[RFC5101](第2.3节)用于导出在所谓的观测点(通常为网络接口)收集的网络流量信息。IPFIX中的IEs[RFC5102]涵盖了大多数网络和传输层头字段以及一些链路层特定字段。正在进一步扩展IPFIX中可携带的标准化信息。
The Syslog Protocol document [RFC5424] (Section 2.2) defines an initial set of Structured Data Elements (SDEs) that relate to content time quality, content origin, and meta-information about the message, such as language. Proprietary SDEs can be used to supplement the IETF-defined SDEs.
Syslog协议文档[RFC5424](第2.2节)定义了一组初始结构化数据元素(SDE),这些元素与内容时间质量、内容来源和有关消息的元信息(如语言)有关。专有SDE可用于补充IETF定义的SDE。
This subsection follows the management application view and aims to match the data models to network management tasks for fault, configuration, accounting, performance, and security management ([FCAPS]). As OAM is a general term that refers to a toolset, which can be used for fault detection, isolation, and performance measurement, aspects of FCAPS in the context of the data path, such
本小节遵循管理应用程序视图,旨在将数据模型与故障、配置、记帐、性能和安全管理([FCAPS])的网络管理任务相匹配。由于OAM是一个通用术语,指的是一个工具集,可用于故障检测、隔离和性能度量,因此数据路径上下文中FCAP的各个方面,例如
as fault and performance management, are also discussed in "An Overview of Operations, Administration, and Maintenance (OAM) Mechanisms" [OAM-OVERVIEW].
“操作、管理和维护(OAM)机制概述”[OAM-Overview]中还讨论了故障和性能管理。
Some of the data models do not fit into one single FCAPS category per design but span multiple areas. For example, there are many technology-specific IETF data models, such as transmission and protocol MIBs, which cover multiple FCAPS categories, and therefore are not mentioned in this subsection and can be found at [RFCSEARCH].
有些数据模型不适合每个设计的单一FCAPS类别,而是跨越多个区域。例如,有许多特定于技术的IETF数据模型,如传输和协议MIB,涵盖多个FCAP类别,因此本小节未提及,可在[RFCSEARCH]中找到。
Fault management encloses a set of functions to detect, isolate, notify, and correct faults encountered in a network as well as to maintain and examine error logs. The data models below can be utilized to realize a fault management application.
故障管理包含一组功能,用于检测、隔离、通知和纠正网络中遇到的故障,以及维护和检查错误日志。以下数据模型可用于实现故障管理应用程序。
[RFC3418], part of SNMPv3 standard [STD62], is a MIB module containing objects in the system group that are often polled to determine if a device is still operating, and sysUpTime can be used to detect if the network management portion of the system has restarted and counters have been re-initialized.
[RFC3418]是SNMPv3标准[STD62]的一部分,是一个MIB模块,其中包含系统组中的对象,这些对象经常被轮询以确定设备是否仍在运行,sysUpTime可用于检测系统的网络管理部分是否已重新启动,计数器是否已重新初始化。
[RFC3413], part of SNMPv3 standard [STD62], is a MIB module including objects designed for managing notifications, including tables for addressing, retry parameters, security, lists of targets for notifications, and user customization filters.
[RFC3413]是SNMPv3标准[STD62]的一部分,是一个MIB模块,包括用于管理通知的对象,包括用于寻址、重试参数、安全性、通知目标列表和用户自定义筛选器的表。
The Interfaces Group MIB [RFC2863] builds on the old standard for MIB II [STD17] and is used as a primary MIB module for managing and monitoring the status of network interfaces. The Interfaces Group MIB defines a generic set of managed objects for network interfaces, and it provides the infrastructure for additional managed objects specific to particular types of network interfaces, such as Ethernet.
接口组MIB[RFC2863]建立在MIB II[STD17]的旧标准之上,用作管理和监控网络接口状态的主MIB模块。接口组MIB为网络接口定义了一组通用的托管对象,并为特定于特定类型网络接口(如以太网)的其他托管对象提供了基础设施。
[RFC4560] defines a MIB module for performing ping, traceroute, and lookup operations at a host. For troubleshooting purposes, it is useful to be able to initiate and retrieve the results of ping or traceroute operations when they are performed at a remote host.
[RFC4560]定义用于在主机上执行ping、traceroute和查找操作的MIB模块。出于故障排除目的,在远程主机上执行ping或traceroute操作时,能够启动和检索这些操作的结果非常有用。
The RMON (Remote Network Monitoring) MIB [STD59] can be configured to recognize conditions on existing MIB variables (most notably error conditions) and continuously check for them. When one of these conditions occurs, the event may be logged, and management stations may be notified in a number of ways (for further discussion on RMON, see Section 4.2.4).
RMON(远程网络监控)MIB[STD59]可以配置为识别现有MIB变量的条件(最明显的是错误条件),并持续检查它们。当其中一种情况发生时,可记录事件,并以多种方式通知管理站(有关RMON的进一步讨论,请参阅第4.2.4节)。
DISMAN-EVENT-MIB in [RFC2981] and DISMAN-EXPRESSION-MIB in [RFC2982] provide a superset of the capabilities of the RMON alarm and event groups. These modules provide mechanisms for thresholding and reporting anomalous events to management applications.
[RFC2981]中的DISAN-EVENT-MIB和[RFC2982]中的DISAN-EXPRESSION-MIB提供了RMON报警和事件组功能的超集。这些模块提供了阈值设置和向管理应用程序报告异常事件的机制。
The Alarm MIB in [RFC3877] and the Alarm Reporting Control MIB in [RFC3878] specify mechanisms for expressing state transition models for persistent problem states. Alarm MIB defines the following:
[RFC3877]中的报警MIB和[RFC3878]中的报警报告控制MIB指定了表示持续问题状态的状态转换模型的机制。报警MIB定义了以下内容:
o a mechanism for expressing state transition models for persistent problem states,
o 表示持续问题状态的状态转换模型的机制,
o a mechanism to correlate a notification with subsequent state transition notifications about the same entity/object, and
o 将通知与关于同一实体/对象的后续状态转换通知关联的机制,以及
o a generic alarm reporting mechanism (extends ITU-T work on X.733 [ITU-X733]).
o 通用报警报告机制(扩展了X.733[ITU-X733]上的ITU-T工作)。
In particular, [RFC3878] defines objects for controlling the reporting of alarm conditions and extends ITU-T work on M.3100 Amendment 3 [ITU-M3100].
特别是,[RFC3878]定义了用于控制报警条件报告的对象,并扩展了ITU-T在M.3100修正案3[ITU-M3100]上的工作。
Other MIB modules that may be applied to fault management with SNMP include:
可应用于SNMP故障管理的其他MIB模块包括:
o NOTIFICATION-LOG-MIB [RFC3014] describes managed objects used for logging SNMP Notifications.
o NOTIFICATION-LOG-MIB[RFC3014]描述了用于记录SNMP通知的托管对象。
o ENTITY-STATE-MIB [RFC4268] describes extensions to the Entity MIB to provide information about the state of physical entities.
o ENTITY-STATE-MIB[RFC4268]描述了实体MIB的扩展,以提供有关物理实体状态的信息。
o ENTITY-SENSOR-MIB [RFC3433] describes managed objects for extending the Entity MIB to provide generalized access to information related to physical sensors, which are often found in networking equipment (such as chassis temperature, fan RPM, power supply voltage).
o ENTITY-SENSOR-MIB[RFC3433]描述了用于扩展实体MIB的托管对象,以提供对物理传感器相关信息的通用访问,这些信息通常存在于网络设备中(如机箱温度、风扇转速、电源电压)。
The Syslog protocol document [RFC5424] defines an initial set of SDEs that relate to content time quality, content origin, and meta-information about the message, such as language. Proprietary SDEs can be used to supplement the IETF-defined SDEs.
Syslog协议文档[RFC5424]定义了与内容时间质量、内容来源和有关消息的元信息(如语言)相关的一组初始SDE。专有SDE可用于补充IETF定义的SDE。
The IETF has standardized MIB Textual-Conventions for facility and severity labels and codes to encourage consistency between syslog and MIB representations of these event properties [RFC5427]. The intent is that these textual conventions will be imported and used in MIB modules that would otherwise define their own representations.
IETF已经为设施和严重性标签和代码标准化了MIB文本约定,以鼓励这些事件属性的syslog和MIB表示之间的一致性[RFC5427]。目的是导入这些文本约定,并在MIB模块中使用,否则这些模块将定义它们自己的表示。
An IPFIX MIB module [RFC5815] has been defined for monitoring IPFIX Meters, Exporters, and Collectors (see Section 2.3). The ongoing work on the PSAMP MIB module extends the IPFIX MIB modules by managed objects for monitoring PSAMP implementations [PSAMP-MIB].
IPFIX MIB模块[RFC5815]已定义用于监控IPFIX仪表、导出器和收集器(见第2.3节)。PSAMP MIB模块上正在进行的工作通过监视PSAMP实现的托管对象扩展了IPFIX MIB模块[PSAMP-MIB]。
The NETCONF working group defined the data model necessary to monitor the NETCONF protocol [RFC6022] with the modeling language YANG. The monitoring data model includes information about NETCONF datastores, sessions, locks, and statistics, which facilitate the management of a NETCONF server. The NETCONF monitoring document also defines methods for NETCONF clients to discover the data models supported by a NETCONF server and defines the operation <get-schema> to retrieve them.
NETCONF工作组使用建模语言定义了监视NETCONF协议[RFC6022]所需的数据模型。监控数据模型包括有关NETCONF数据存储、会话、锁和统计信息,这些信息有助于管理NETCONF服务器。NETCONF监控文档还定义了NETCONF客户端发现NETCONF服务器支持的数据模型的方法,并定义了检索这些数据模型的操作<get schema>。
Configuration management focuses on establishing and maintaining consistency of a system and defines the functionality to configure its functional and physical attributes as well as operational information throughout its life. Configuration management includes configuration of network devices, inventory management, and software management. The data models below can be used to utilize configuration management.
配置管理侧重于建立和维护系统的一致性,并定义功能,以配置其功能和物理属性以及整个生命周期内的操作信息。配置管理包括网络设备配置、资源清册管理和软件管理。以下数据模型可用于利用配置管理。
MIB modules for monitoring of network configuration (e.g., for physical and logical network topologies) already exist and provide some of the desired capabilities. New MIB modules might be developed for the target functionality to allow operators to monitor and modify the operational parameters, such as timer granularity, event reporting thresholds, target addresses, etc.
用于监控网络配置(例如,物理和逻辑网络拓扑)的MIB模块已经存在,并提供了一些所需的功能。可能会为目标功能开发新的MIB模块,以允许操作员监控和修改操作参数,如计时器粒度、事件报告阈值、目标地址等。
[RFC3418], part of [STD62], contains objects in the system group useful, e.g., for identifying the type of device and the location of the device, the person responsible for the device. The SNMPv3 standard [STD62] furthermore includes objects designed for configuring principals, access control rules, notification destinations, and for configuring proxy-forwarding SNMP agents, which can be used to forward messages through firewalls and NAT devices.
[RFC3418]是[STD62]的一部分,包含系统组中有用的对象,例如,用于识别设备类型和设备位置、设备负责人。SNMPv3标准[STD62]还包括用于配置主体、访问控制规则、通知目的地和用于配置代理转发SNMP代理的对象,这些对象可用于通过防火墙和NAT设备转发消息。
The Entity MIB [RFC4133] supports mainly inventory management and is used for managing multiple logical and physical entities matched to a single SNMP agent. This module provides a useful mechanism for identifying the entities comprising a system and defines event notifications for configuration changes that may be useful to management applications.
实体MIB[RFC4133]主要支持库存管理,用于管理与单个SNMP代理匹配的多个逻辑和物理实体。此模块提供了一种有用的机制,用于识别组成系统的实体,并定义可能对管理应用程序有用的配置更改事件通知。
[RFC3165] defines a set of managed objects that enable the delegation of management scripts to distributed managers.
[RFC3165]定义一组托管对象,用于将管理脚本委托给分布式管理器。
For configuring IPFIX and PSAMP devices, the IPFIX working group developed the IPFIX Configuration Data Model [CONF-MODEL], by using the YANG modeling language and in close collaboration with the NETMOD working group (see Section 2.4.2). The model specifies the necessary data for configuring and monitoring Selection Processes, caches, Exporting Processes, and Collecting Processes of IPFIX- and PSAMP-compliant monitoring devices.
为了配置IPFIX和PSAMP设备,IPFIX工作组使用YANG建模语言并与NETMOD工作组密切合作,开发了IPFIX配置数据模型[CONF-Model](见第2.4.2节)。该模型指定了配置和监视与IPFIX和PSAMP兼容的监视设备的选择过程、缓存、导出过程和收集过程所需的数据。
At the time of this writing, the NETMOD working group is developing core system and interface models in YANG.
在撰写本文时,NETMOD工作组正在YANG开发核心系统和接口模型。
The CAPWAP protocol exchanges message elements using the Type-Length-Value (TLV) format. The base TLVs are specified in [RFC5415], while the TLVs for IEEE 802.11 are specified in [RFC5416]. The CAPWAP Base MIB [RFC5833] specifies managed objects for the modeling the CAPWAP protocol and provides configuration and WTP status-monitoring aspects of CAPWAP, where the CAPWAP Binding MIB [RFC5834] defines managed objects for the modeling of the CAPWAP protocol for IEEE 802.11 wireless binding. Note: RFC 5833 and RFC 5834 have been published as Informational RFCs to provide the basis for future work on a SNMP management of the CAPWAP protocol.
CAPWAP协议使用类型长度值(TLV)格式交换消息元素。基本TLV在[RFC5415]中指定,而IEEE 802.11的TLV在[RFC5416]中指定。CAPWAP基本MIB[RFC5833]指定CAPWAP协议建模的受管对象,并提供CAPWAP的配置和WTP状态监视方面,其中CAPWAP绑定MIB[RFC5834]定义了IEEE 802.11无线绑定CAPWAP协议建模的受管对象。注:RFC 5833和RFC 5834已作为信息RFC发布,为CAPWAP协议的SNMP管理的未来工作提供基础。
Accounting management collects usage information of network resources. Note that the IETF does not define any mechanisms related to billing and charging. Many technology-specific MIBs (link layer, network layer, transport layer, or application layer) contain counters but are not primarily targeted for accounting and, therefore, are not included in this section.
会计管理收集网络资源的使用信息。请注意,IETF没有定义任何与计费和收费相关的机制。许多特定于技术的MIB(链路层、网络层、传输层或应用层)包含计数器,但主要不是用于记帐的,因此不包括在本节中。
"RADIUS Accounting Client MIB for IPv6" [RFC4670] defines RADIUS Accounting Client MIB objects that support version-neutral IP addressing formats.
“用于IPv6的RADIUS记帐客户端MIB”[RFC4670]定义支持版本无关IP寻址格式的RADIUS记帐客户端MIB对象。
"RADIUS Accounting Server MIB for IPv6" [RFC4671] defines RADIUS Accounting Server MIB objects that support version-neutral IP addressing formats.
“用于IPv6的RADIUS记帐服务器MIB”[RFC4671]定义支持版本无关IP寻址格式的RADIUS记帐服务器MIB对象。
IPFIX/PSAMP Information Elements:
IPFIX/PSAMP信息元素:
As expressed in Section 2.3, the IPFIX Architecture [RFC5470] defines components involved in IP flow measurement and reporting of information on IP flows. As such, IPFIX records provide fine-grained measurement data for flexible and detailed usage reporting and enable usage-based accounting.
如第2.3节所述,IPFIX体系结构[RFC5470]定义了IP流测量和IP流信息报告中涉及的组件。因此,IPFIX记录为灵活详细的使用情况报告提供了细粒度的度量数据,并支持基于使用情况的记帐。
The IPFIX Information Elements (IEs) have been initially defined in the IPFIX Information Model [RFC5102] and registered with IANA [IANA-IPFIX]. The IPFIX IEs are composed of two types:
IPFIX信息元素最初在IPFIX信息模型[RFC5102]中定义,并在IANA[IANA-IPFIX]中注册。IPFIX IEs由两种类型组成:
o IEs related to identification of IP flows such as header information, derived packet properties, IGP and BGP next-hop IP address, BGP AS, etc., and
o 与IP流标识相关的IEs,如报头信息、派生数据包属性、IGP和BGP下一跳IP地址、BGP as等,以及
o IEs related to counter and timestamps, such as per-flow counters (e.g., octet count, packet count), flow start times, flow end times, and flow duration, etc.
o 与计数器和时间戳相关的IEs,例如每流计数器(例如,八位字节计数、数据包计数)、流开始时间、流结束时间和流持续时间等。
The Information Elements specified in the IPFIX Information Model [RFC5102] are used by the PSAMP protocol where applicable. PSAMP Parameters defined in the PSAMP protocol specification are registered at [IANA-PSAMP]. An additional set of PSAMP Information Elements for reporting packet information with the IPFIX/PSAMP protocol such as Sampling-related IEs are specified in the PSAMP Information Model [RFC5477]. These IEs fulfill the requirements on reporting of different sampling and filtering techniques specified in [RFC5475].
适用时,PSAMP协议使用IPFIX信息模型[RFC5102]中指定的信息元素。PSAMP协议规范中定义的PSAMP参数在[IANA-PSAMP]中注册。PSAMP信息模型[RFC5477]中规定了一组附加的PSAMP信息元素,用于使用IPFIX/PSAMP协议报告数据包信息,例如与采样相关的IEs。这些IEs满足[RFC5475]中规定的不同采样和过滤技术的报告要求。
Performance management covers a set of functions that evaluate and report the performance of network elements and the network, with the goal to maintain the overall network performance at a defined level. Performance management functionality includes monitoring and measurement of network performance parameters, gathering statistical information, maintaining and examining activity logs. The data models below can be used for performance management tasks.
性能管理包括一组功能,用于评估和报告网络元件和网络的性能,目标是将整体网络性能保持在规定的水平。性能管理功能包括监视和测量网络性能参数、收集统计信息、维护和检查活动日志。以下数据模型可用于绩效管理任务。
The RMON (Remote Network Monitoring) MIB [STD59] defines objects for collecting data related to network performance and traffic from remote monitoring devices. An organization may employ many remote monitoring probes, one per network segment, to monitor its network. These devices may be used by a network service provider to access a (distant) client network. Most of the objects in the RMON MIB module are suitable for the monitoring of any type of network, while some of them are specific to the monitoring of Ethernet networks.
RMON(远程网络监控)MIB[STD59]定义了用于从远程监控设备收集与网络性能和流量相关的数据的对象。一个组织可以使用许多远程监视探头(每个网段一个)来监视其网络。网络服务提供商可以使用这些设备访问(远程)客户端网络。RMON MIB模块中的大多数对象适用于监视任何类型的网络,而其中一些对象专用于监视以太网网络。
RMON allows a probe to be configured to perform diagnostics and to collect network statistics continuously, even when communication with the management station may not be possible or efficient. The alarm group periodically takes statistical samples from variables in the probe and compares them to previously configured thresholds. If the monitored variable crosses a threshold, an event is generated.
RMON允许将探测器配置为执行诊断并连续收集网络统计信息,即使与管理站的通信可能不可能或效率不高。报警组定期从探测器中的变量中获取统计样本,并将其与以前配置的阈值进行比较。如果监控变量超过阈值,则生成事件。
"Introduction to the Remote Monitoring (RMON) Family of MIB Modules" [RFC3577] describes the documents associated with the RMON Framework and how they relate to each other.
“MIB模块远程监控(RMON)系列简介”[RFC3577]描述了与RMON框架相关的文档以及它们之间的关系。
The RMON-2 MIB [RFC4502] extends RMON by providing RMON analysis up to the application layer and defines performance data to monitor. The SMON MIB [RFC2613] extends RMON by providing RMON analysis for switched networks.
RMON-2 MIB[RFC4502]通过向应用层提供RMON分析来扩展RMON,并定义要监视的性能数据。SMON MIB[RFC2613]通过提供交换网络的RMON分析来扩展RMON。
"Remote Monitoring MIB Extensions for High Capacity Alarms" [RFC3434] describes managed objects for extending the alarm thresholding capabilities found in the RMON MIB and provides similar threshold monitoring of objects based on the Counter64 data type.
“高容量报警的远程监控MIB扩展”[RFC3434]描述了用于扩展RMON MIB中的报警阈值功能的托管对象,并基于Counter64数据类型提供了类似的对象阈值监控。
"Remote Network Monitoring Management Information Base for High Capacity Networks" [RFC3273] defines objects for managing RMON devices for use on high-speed networks.
“大容量网络远程网络监控管理信息库”[RFC3273]定义了用于管理高速网络上使用的RMON设备的对象。
"Remote Monitoring MIB Extensions for Interface Parameters Monitoring" [RFC3144] describes an extension to the RMON MIB with a method of sorting the interfaces of a monitored device according to values of parameters specific to this interface.
“用于接口参数监控的远程监控MIB扩展”[RFC3144]描述了RMON MIB的扩展,该扩展使用了一种根据特定于该接口的参数值对被监控设备的接口进行排序的方法。
[RFC4710] describes Real-Time Application Quality of Service Monitoring (RAQMON), which is part of the RMON protocol family. RAQMON supports end-to-end QoS monitoring for multiple concurrent applications and does not relate to a specific application transport. RAQMON is scalable and works well with encrypted payload and signaling. RAQMON uses TCP to transport RAQMON PDUs.
[RFC4710]描述了实时应用程序服务质量监控(RAQMON),它是RMON协议系列的一部分。RAQMON支持对多个并发应用程序进行端到端QoS监控,并且与特定的应用程序传输无关。RAQMON是可扩展的,可以很好地与加密的有效负载和信令一起工作。RAQMON使用TCP传输RAQMON PDU。
[RFC4711] proposes an extension to the Remote Monitoring MIB [STD59] and describes managed objects used for RAQMON. [RFC4712] specifies two transport mappings for the RAQMON information model using TCP as a native transport and SNMP to carry the RAQMON information from a RAQMON Data Source (RDS) to a RAQMON Report Collector (RRC).
[RFC4711]提出了对远程监控MIB[STD59]的扩展,并描述了用于RAQMON的托管对象。[RFC4712]使用TCP作为本机传输和SNMP为RAQMON信息模型指定两个传输映射,以将RAQMON信息从RAQMON数据源(RDS)传输到RAQMON报告收集器(RRC)。
"Application Performance Measurement MIB" [RFC3729] uses the architecture created in the RMON MIB and defines objects by providing measurement and analysis of the application performance as experienced by end-users. [RFC3729] enables the measurement of the quality of service delivered to end-users by applications.
“应用程序性能度量MIB”[RFC3729]使用在RMON MIB中创建的体系结构,并通过提供最终用户体验的应用程序性能度量和分析来定义对象。[RFC3729]允许通过应用程序测量向最终用户提供的服务质量。
"Transport Performance Metrics MIB" [RFC4150] describes managed objects used for monitoring selectable Performance Metrics and statistics derived from the monitoring of network packets and sub-application level transactions. The metrics can be defined through reference to existing IETF, ITU, and other SDOs' documents.
“传输性能指标MIB”[RFC4150]描述了用于监控可选性能指标和从监控网络数据包和子应用程序级事务中导出的统计信息的托管对象。可以通过参考现有的IETF、ITU和其他SDO文件来定义这些指标。
The IPPM working group has defined "IP Performance Metrics (IPPM) Metrics Registry" [RFC4148]. Note that with the publication of [RFC6248], [RFC4148] and the corresponding IANA registry for IPPM metrics have been declared Obsolete and shouldn't be used.
IPPM工作组定义了“IP性能度量(IPPM)度量注册表”[RFC4148]。注意,随着[RFC6248]、[RFC4148]和相应的IANA注册中心的发布,IPPM度量已被宣布为过时,不应使用。
The IPPM working group defined the "Information Model and XML Data Model for Traceroute Measurements" [RFC5388], which defines a common information model dividing the IEs into two semantically separated groups (configuration elements and results elements) with an additional element to relate configuration elements and results elements by means of a common unique identifier. Based on the information model, an XML data model is provided to store the results of traceroute measurements.
IPPM工作组定义了“用于跟踪路由测量的信息模型和XML数据模型”[RFC5388],该模型定义了一个公共信息模型,将IEs划分为两个语义上分离的组(配置元素和结果元素)使用附加元素通过公共唯一标识符将配置元素和结果元素关联起来。基于信息模型,提供了一个XML数据模型来存储跟踪路由测量结果。
"Session Initiation Protocol Event Package for Voice Quality Reporting" [RFC6035] defines a SIP event package that enables the collection and reporting of metrics that measure the quality for Voice over Internet Protocol (VoIP) sessions.
“用于语音质量报告的会话启动协议事件包”[RFC6035]定义了一个SIP事件包,该事件包支持收集和报告度量Internet语音协议(VoIP)会话质量的指标。
Security management provides the set of functions to protect the network and system from unauthorized access and includes functions such as creating, deleting, and controlling security services and mechanisms, key management, reporting security-relevant events, and authorizing user access and privileges. Based on their support for authentication and authorization, RADIUS and diameter are seen as security management protocols. The data models below can be used to utilize security management.
安全管理提供了一组功能,以保护网络和系统免受未经授权的访问,包括创建、删除和控制安全服务和机制、密钥管理、报告安全相关事件以及授权用户访问和权限等功能。基于对身份验证和授权的支持,RADIUS和diameter被视为安全管理协议。下面的数据模型可用于利用安全管理。
[RFC3414], part of [STD62], specifies the procedures for providing SNMPv3 message-level security and includes a MIB module for remotely monitoring and managing the configuration parameters for the USM.
[RFC3414]是[STD62]的一部分,规定了提供SNMPv3消息级安全性的程序,并包括一个用于远程监控和管理USM配置参数的MIB模块。
[RFC3415], part of [STD62], describes the procedures for controlling access to management information in the SNMPv3 architecture and includes a MIB module, which defines managed objects to access portions of an SNMP engine's Local Configuration Datastore (LCD). As such, this MIB module enables remote management of the configuration parameters of the VACM.
[RFC3415]是[STD62]的一部分,描述了在SNMPv3体系结构中控制对管理信息的访问的过程,并包括MIB模块,该模块定义了访问SNMP引擎本地配置数据存储(LCD)部分的受管对象。因此,该MIB模块能够远程管理VACM的配置参数。
The NETCONF Access Control Model (NACM) [RFC6536] addresses the need for access control mechanisms for the operation and content layers of NETCONF, as defined in [RFC6241]. As such, the NACM proposes standard mechanisms to restrict NETCONF protocol access for particular users to a pre-configured subset of all available NETCONF protocol operations and content within a particular server.
NETCONF访问控制模型(NACM)[RFC6536]解决了[RFC6241]中定义的NETCONF操作层和内容层对访问控制机制的需求。因此,NACM提出了标准机制,将特定用户对NETCONF协议的访问限制为特定服务器内所有可用NETCONF协议操作和内容的预配置子集。
There are numerous MIB modules defined for multiple purposes to use with RADIUS:
有许多MIB模块定义用于多种用途,可与RADIUS一起使用:
o "RADIUS Authentication Client MIB for IPv6" [RFC4668] defines RADIUS Authentication Client MIB objects that support version-neutral IP addressing formats and defines a set of extensions for RADIUS authentication client functions.
o “用于IPv6的RADIUS身份验证客户端MIB”[RFC4668]定义了支持版本无关IP寻址格式的RADIUS身份验证客户端MIB对象,并为RADIUS身份验证客户端功能定义了一组扩展。
o "RADIUS Authentication Server MIB for IPv6" [RFC4669] defines RADIUS Authentication Server MIB objects that support version-neutral IP addressing formats and defines a set of extensions for RADIUS authentication server functions.
o “用于IPv6的RADIUS身份验证服务器MIB”[RFC4669]定义了支持版本无关IP寻址格式的RADIUS身份验证服务器MIB对象,并为RADIUS身份验证服务器功能定义了一组扩展。
o "RADIUS Dynamic Authorization Client MIB" [RFC4672] defines the MIB module for entities implementing the client side of the Dynamic Authorization Extensions to RADIUS [RFC5176].
o “RADIUS动态授权客户端MIB”[RFC4672]为实现RADIUS[RFC5176]动态授权扩展客户端的实体定义MIB模块。
o "RADIUS Dynamic Authorization Server MIB" [RFC4673] defines the MIB module for entities implementing the server side of the Dynamic Authorization Extensions to RADIUS [RFC5176].
o “RADIUS动态授权服务器MIB”[RFC4673]为实现RADIUS[RFC5176]动态授权扩展服务器端的实体定义MIB模块。
The MIB Module definitions in [RFC4668], [RFC4669], [RFC4672], [RFC4673] are intended to be used only for RADIUS over UDP and do not support RADIUS over TCP. There is also a recommendation that RADIUS clients and servers implementing RADIUS over TCP should not reuse earlier listed MIB modules to perform statistics counting for RADIUS-over-TCP connections.
[RFC4668]、[RFC4669]、[RFC4672]、[RFC4673]中的MIB模块定义仅用于UDP上的RADIUS,不支持TCP上的RADIUS。还有一项建议是,实现RADIUS over TCP的RADIUS客户端和服务器不应重用前面列出的MIB模块来执行RADIUS over TCP连接的统计计数。
Currently, there are no standardized MIB modules for diameter applications, which can be considered as a lack on the management side of diameter nodes.
目前,没有针对diameter应用程序的标准化MIB模块,这可能被认为是diameter节点管理方面的一个不足。
This document gives an overview of IETF network management standards and summarizes existing and ongoing development of IETF Standards Track network management protocols and data models. As such, it does not have any security implications in or of itself.
本文件概述了IETF网络管理标准,总结了IETF标准的现有和正在进行的开发,跟踪网络管理协议和数据模型。因此,它本身没有任何安全影响。
For each specific technology discussed in the document a summary of its security usage has been given in corresponding chapters. In a few cases, e.g., for SNMP, a detailed description of developed security mechanisms has been provided.
对于本文档中讨论的每种特定技术,其安全性使用的摘要已在相应的章节中给出。在少数情况下,例如对于SNMP,提供了已开发安全机制的详细说明。
The attention of the reader is particularly drawn to the security discussion in following document sections:
读者应特别注意以下文档部分中的安全性讨论:
o SNMP Security and Access Control Models in Section 2.1.4.1,
o 第2.1.4.1节中的SNMP安全和访问控制模型,
o User-based Security Model (USM) in Section 2.1.4.2,
o 第2.1.4.2节中基于用户的安全模型(USM),
o View-based Access Control Model (VACM) in Section 2.1.4.3,
o 第2.1.4.3节中基于视图的访问控制模型(VACM),
o SNMP Transport Security Model in Section 2.1.5.1,
o 第2.1.5.1节中的SNMP传输安全模型,
o Secure syslog message delivery in Section 2.2,
o 第2.2节中的安全系统日志消息传递,
o Use of secure NETCONF message transport and the NETCONF Access Control Model (NACM) in Section 2.4.1,
o 使用第2.4.1节中的安全NETCONF消息传输和NETCONF访问控制模型(NACM),
o Message authentication for Dynamic Host Configuration Protocol (DHCP) in Section 3.1.1,
o 第3.1.1节中动态主机配置协议(DHCP)的消息认证,
o Security for Remote Authentication Dial-In User Service (RADIUS) in conjunction with EAP and IEEE 802.1X authenticators in Section 3.5,
o 与第3.5节中的EAP和IEEE 802.1X认证器一起使用的远程认证拨入用户服务(RADIUS)的安全性,
o Built-in and transport security for the Diameter Base Protocol in Section 3.6,
o 第3.6节中Diameter基本协议的内置和传输安全性,
o Transport security for Control And Provisioning of Wireless Access Points (CAPWAP) in Section 3.7,
o 第3.7节中无线接入点(CAPWAP)控制和供应的传输安全,
o Built-in security for Access Node Control Protocol (ANCP) in Section 3.8,
o 第3.8节中访问节点控制协议(ANCP)的内置安全性,
o Security for Application Configuration Access Protocol (ACAP) in Section 3.9,
o 第3.9节中应用程序配置访问协议(ACAP)的安全性,
o Security for XML Configuration Access Protocol (XCAP) in Section 3.10, and
o 第3.10节中XML配置访问协议(XCAP)的安全性,以及
o Data models for Security Management in Section 4.2.5.
o 第4.2.5节中的安全管理数据模型。
The authors would also like to refer to detailed security consideration sections for specific management standards described in this document, which contain comprehensive discussion of security implications of the particular management protocols and mechanisms. Among others, security consideration sections of following documents should be carefully read before implementing the technology.
作者还希望参考本文件中描述的具体管理标准的详细安全考虑章节,其中包含对特定管理协议和机制的安全影响的全面讨论。除其他外,在实施该技术之前,应仔细阅读以下文件中的安全考虑部分。
o For SNMP security in general, subsequent security consideration sections in [STD62], which includes RFCs 3411-3418,
o 对于一般的SNMP安全性,[STD62]中的后续安全考虑部分,包括RFCs 3411-3418,
o Security considerations section in Section 8 of [BCP074] for the coexistence of SNMP versions 1, 2, and 3,
o [BCP074]第8节中关于SNMP版本1、2和3共存的安全注意事项部分,
o Security considerations for the SNMP Transport Security Model in Section 8 of [RFC5591],
o [RFC5591]第8节中SNMP传输安全模型的安全注意事项,
o Security considerations for the Secure Shell Transport Model for SNMP in Section 9 of [RFC5592],
o [RFC5592]第9节中SNMP安全外壳传输模型的安全注意事项,
o Security considerations for the TLS Transport Model for SNMP in Section 9 of [RFC6353],
o [RFC6353]第9节中SNMP的TLS传输模型的安全注意事项,
o Security considerations for the TLS Transport Mapping for syslog in Section 6 of [RFC5425],
o [RFC5425]第6节中系统日志的TLS传输映射的安全注意事项,
o Security considerations for the IPFIX Protocol Specification in Section 11 of [RFC5101],
o [RFC5101]第11节中IPFIX协议规范的安全注意事项,
o Security considerations for the NETCONF protocol in Section 9 of [RFC6241] and the SSH transport in Section 6 of [RFC6242],
o [RFC6241]第9节中的NETCONF协议和[RFC6242]第6节中的SSH传输的安全注意事项,
o Security considerations for the NETCONF Access Control Model (NACM) in Section 3.7 of [RFC6536],
o [RFC6536]第3.7节中NETCONF访问控制模型(NACM)的安全注意事项,
o Security considerations for DHCPv4 and DHCPv6 in Section 7 of [RFC2131] and Section 23. of [RFC3315],
o [RFC2131]第7节和第23节中DHCPv4和DHCPv6的安全注意事项。在[RFC3315]中,
o Security considerations for RADIUS in Section 8 of [RFC2865],
o [RFC2865]第8节中RADIUS的安全注意事项,
o Security considerations for diameter in Section 13 of [RFC3588],
o [RFC3588]第13节中直径的安全注意事项,
o Security considerations for the CAPWAP protocol in Section 12 of [RFC5415],
o [RFC5415]第12节中CAPWAP协议的安全注意事项,
o Security considerations for the ANCP protocol in Section 11 of [RFC6320], and
o [RFC6320]第11节中ANCP协议的安全考虑,以及
o Security considerations for the XCAP protocol in Section 14 of [RFC4825].
o [RFC4825]第14节中关于XCAP协议的安全注意事项。
Following persons made significant contributions to and reviewed this document:
以下人员对本文件做出了重大贡献并进行了审查:
o Ralph Droms (Cisco) - revised the section on IP Address Management and DHCP.
o Ralph Droms(Cisco)-修订了关于IP地址管理和DHCP的部分。
o Jouni Korhonen (Nokia Siemens Networks) - contributed the sections on RADIUS and diameter.
o Jouni Korhonen(诺基亚西门子网络公司)-贡献了有关半径和直径的部分。
o Al Morton (AT&T) - contributed to the section on IP Performance Metrics.
o Al Morton(AT&T)-参与了关于IP性能指标的部分。
o Juergen Quittek (NEC) - contributed the section on IPFIX/PSAMP.
o Juergen Quittek(NEC)-贡献了关于IPFIX/PSAMP的部分。
o Juergen Schoenwaelder (Jacobs University Bremen) - contributed the sections on IETF Network Management Data Models and YANG.
o Juergen Schoenwaeld(不来梅雅各布大学)-贡献了IETF网络管理数据模型和YANG的部分。
The editor would like to thank Fred Baker, Alex Clemm, Miguel A. Garcia, Simon Leinen, Christopher Liljenstolpe, Tom Petch, Randy Presuhn, Dan Romascanu, Juergen Schoenwaelder, Tina Tsou, and Henk Uijterwaal for their valuable suggestions and comments in the OPSAWG sessions and on the mailing list.
编辑要感谢弗雷德·贝克、亚历克斯·克莱姆、米格尔·A·加西亚、西蒙·莱宁、克里斯托弗·利延斯托尔佩、汤姆·佩奇、兰迪·普雷森、丹·罗马斯坎努、尤尔根·舍恩瓦埃尔德、蒂娜·邹和亨克·尤伊特瓦尔,感谢他们在OPSAWG会议和邮件列表中提出的宝贵建议和评论。
The editor would like to especially thank Dave Harrington, who created the document "Survey of IETF Network Management Standards" a few years ago, which has been used as a starting point and enhanced with a special focus on the description of the IETF network management standards and management data models.
编辑要特别感谢Dave Harrington,他在几年前创建了“IETF网络管理标准概览”文档,该文档已被用作起点,并通过特别关注IETF网络管理标准和管理数据模型的描述而得到增强。
[3GPPEPC] 3GPP, "Access to the 3GPP Evolved Packet Core (EPC) via non-3GPP access networks", December 2010, <http://www.3gpp.org/ftp/Specs/html-info/24302.htm>.
[3GPPEPC]3GPP,“通过非3GPP接入网络接入3GPP演进包核心(EPC)”,2010年12月<http://www.3gpp.org/ftp/Specs/html-info/24302.htm>.
[3GPPIMS] 3GPP, "Release 10, IP Multimedia Subsystem (IMS); Stage 2", September 2010, <http://www.3gpp.org/ftp/Specs/html-info/23228.htm>.
[3GPPIMS]3GPP,“第10版,IP多媒体子系统(IMS);第2阶段”,2010年9月<http://www.3gpp.org/ftp/Specs/html-info/23228.htm>.
[BCP027] O'Dell, M., Alvestrand, H., Wijnen, B., and S. Bradner, "Advancement of MIB specifications on the IETF Standards Track", BCP 27, RFC 2438, October 1998.
[BCP027]O'Dell,M.,Alvestrand,H.,Wijnen,B.,和S.Bradner,“IETF标准轨道上MIB规范的进步”,BCP 27,RFC 2438,1998年10月。
[BCP074] Frye, R., Levi, D., Routhier, S., and B. Wijnen, "Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework", BCP 74, RFC 3584, August 2003.
[BCP074]Frye,R.,Levi,D.,Routhier,S.,和B.Wijnen,“互联网标准网络管理框架版本1,版本2和版本3之间的共存”,BCP 74,RFC 3584,2003年8月。
[BCP170] Clark, A. and B. Claise, "Guidelines for Considering New Performance Metric Development", BCP 170, RFC 6390, October 2011.
[BCP170]Clark,A.和B.Claise,“考虑新绩效指标开发的指南”,BCP 170,RFC 63902011年10月。
[CONF-MODEL] Muenz, G., Claise, B., and P. Aitken, "Configuration Data Model for IPFIX and PSAMP", Work in Progress, July 2011.
[CONF-MODEL]Muenz,G.,Claise,B.,和P.Aitken,“IPFIX和PSAMP的配置数据模型”,正在进行的工作,2011年7月。
[DIAMETER] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, "Diameter Base Protocol", Work in Progress, April 2012.
[DIAMETER]Fajardo,V.,Arkko,J.,Loughney,J.,和G.Zorn,“DIAMETER基础协议”,正在进行的工作,2012年4月。
[DMTF-CIM] DMTF, "Common Information Model Schema, Version 2.27.0", November 2010, <http://www.dmtf.org/standards/cim>.
[DMTF-CIM]DMTF,“公共信息模型模式,版本2.27.0”,2010年11月<http://www.dmtf.org/standards/cim>.
[EMAN-WG] IETF, "EMAN Working Group", <http://datatracker.ietf.org/wg/eman>.
[EMAN-WG]IETF,“EMAN工作组”<http://datatracker.ietf.org/wg/eman>.
[FCAPS] International Telecommunication Union, "X.700: Management Framework For Open Systems Interconnection (OSI) For CCITT Applications", September 1992, <http://www.itu.int/rec/T-REC-X.700-199209-I/en>.
[FCAPS]国际电信联盟,“X.700:CCITT应用的开放系统互连(OSI)管理框架”,1992年9月<http://www.itu.int/rec/T-REC-X.700-199209-I/en>.
[IANA-AAA] Internet Assigned Numbers Authority, "Authentication, Authorization, and Accounting (AAA) Parameters", February 2012, <http://www.iana.org/assignments/aaa-parameters>.
[IANA-AAA]互联网分配号码管理局,“认证、授权和会计(AAA)参数”,2012年2月<http://www.iana.org/assignments/aaa-parameters>.
[IANA-IPFIX] Internet Assigned Numbers Authority, "IP Flow Information Export (IPFIX) Entities", May 2012, <http://www.iana.org/assignments/ipfix>.
[IANA-IPFIX]互联网分配号码管理局,“IP流量信息导出(IPFIX)实体”,2012年5月<http://www.iana.org/assignments/ipfix>.
[IANA-PROT] Internet Assigned Numbers Authority, "Protocol Registries", <http://www.iana.org/protocols/>.
[IANA-PROT]互联网分配号码管理局,“协议注册处”<http://www.iana.org/protocols/>.
[IANA-PSAMP] Internet Assigned Numbers Authority, "Packet Sampling (PSAMP) Parameters", April 2009, <http://www.iana.org/assignments/psamp-parameters>.
[IANA-PSAMP]互联网分配号码管理局,“数据包采样(PSAMP)参数”,2009年4月<http://www.iana.org/assignments/psamp-parameters>.
[IETF-WGS] IETF, "IETF Working Groups", <http://datatracker.ietf.org/wg/>.
[IETF-WGS]IETF,“IETF工作组”<http://datatracker.ietf.org/wg/>.
[ITU-M3100] International Telecommunication Union, "M.3100: Generic network information model", January 2006, <http://www.itu.int/rec/T-REC-M.3100-200504-I>.
[ITU-M3100]国际电信联盟,“M.3100:通用网络信息模型”,2006年1月<http://www.itu.int/rec/T-REC-M.3100-200504-I>.
[ITU-X680] International Telecommunication Union, "X.680: Abstract Syntax Notation One (ASN.1): Specification of basic notation", July 2002, <http://www.itu.int/ ITU-T/studygroups/com17/languages/X.680-0207.pdf>.
[ITU-X680]国际电信联盟,“X.680:抽象语法符号一(ASN.1):基本符号规范”,2002年7月<http://www.itu.int/ ITU-T/StudyGroup/com17/languages/X.680-0207.pdf>。
[ITU-X733] International Telecommunication Union, "X.733: Systems Management: Alarm Reporting Function", October 1992, <http://www.itu.int/rec/T-REC-X.733-199202-I/en>.
[ITU-X733]国际电信联盟,“X.733:系统管理:报警报告功能”,1992年10月<http://www.itu.int/rec/T-REC-X.733-199202-I/en>.
[MPLSTP-MIB] King, D. and V. Mahalingam, "Multiprotocol Label Switching Transport Profile (MPLS-TP) MIB-based Management Overview", Work in Progress, April 2012.
[MPLSTP-MIB]King,D.和V.Mahalingam,“多协议标签交换传输配置文件(MPLS-TP)基于MIB的管理概述”,正在进行的工作,2012年4月。
[OAM-ANALYSIS] Sprecher, N. and L. Fang, "An Overview of the OAM Tool Set for MPLS based Transport Networks", Work in Progress, April 2012.
[OAM-ANALYSIS]Sprecher,N.和L.Fang,“基于MPLS的传输网络的OAM工具集概述”,正在进行的工作,2012年4月。
[OAM-OVERVIEW] Mizrahi, T., Sprecher, N., Bellagamba, E., and Y. Weingarten, "An Overview of Operations, Administration, and Maintenance (OAM) Mechanisms", Work in Progress, March 2012.
[OAM概述]Mizrahi,T.,Sprecher,N.,Bellagamba,E.,和Y.Weingarten,“运营、管理和维护(OAM)机制概述”,进展中的工作,2012年3月。
[PSAMP-MIB] Dietz, T., Claise, B., and J. Quittek, "Definitions of Managed Objects for Packet Sampling", Work in Progress, October 2011.
[PSAMP-MIB]Dietz,T.,Claise,B.,和J.Quittek,“数据包采样管理对象的定义”,正在进行的工作,2011年10月。
[RELAX-NG] OASIS, "RELAX NG Specification, Committee Specification 3 December 2001", December 2001, <http: //www.oasis-open.org/committees/relax-ng/ spec-20011203.html>.
[RELAX-NG]OASIS,“RELAX-NG规范,委员会规范,2001年12月3日”,2001年12月,<http://www.OASIS-open.org/committees/RELAX-NG/spec-20011203.html>。
[RFC0951] Croft, B. and J. Gilmore, "Bootstrap Protocol", RFC 951, September 1985.
[RFC0951]Croft,B.和J.Gilmore,“引导协议”,RFC 9511985年9月。
[RFC1021] Partridge, C. and G. Trewitt, "High-level Entity Management System (HEMS)", RFC 1021, October 1987.
[RFC1021]帕特里奇,C.和G.特雷维特,“高级实体管理系统(HEMS)”,RFC10211987年10月。
[RFC1155] Rose, M. and K. McCloghrie, "Structure and identification of management information for TCP/ IP-based internets", STD 16, RFC 1155, May 1990.
[RFC1155]Rose,M.和K.McCloghrie,“基于TCP/IP的互联网管理信息的结构和识别”,STD 16,RFC 1155,1990年5月。
[RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol (SNMP)", STD 15, RFC 1157, May 1990.
[RFC1157]Case,J.,Fedor,M.,Schoffstall,M.,和J.Davin,“简单网络管理协议(SNMP)”,STD 15,RFC 1157,1990年5月。
[RFC1212] Rose, M. and K. McCloghrie, "Concise MIB definitions", STD 16, RFC 1212, March 1991.
[RFC1212]Rose,M.和K.McCloghrie,“简明MIB定义”,STD 16,RFC 1212,1991年3月。
[RFC1215] Rose, M., "Convention for defining traps for use with the SNMP", RFC 1215, March 1991.
[RFC1215]Rose,M.,“定义用于SNMP的陷阱的约定”,RFC1215,1991年3月。
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.
[RFC1321]Rivest,R.,“MD5消息摘要算法”,RFC13211992年4月。
[RFC1470] Enger, R. and J. Reynolds, "FYI on a Network Management Tool Catalog: Tools for Monitoring and Debugging TCP/IP Internets and Interconnected Devices", RFC 1470, June 1993.
[RFC1470]Enger,R.和J.Reynolds,“网络管理工具目录:监控和调试TCP/IP互联网和互联设备的工具”,RFC 1470,1993年6月。
[RFC1901] Case, J., McCloghrie, K., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996.
[RFC1901]Case,J.,McCloghrie,K.,McCloghrie,K.,Rose,M.,和S.Waldbusser,“基于社区的SNMPv2简介”,RFC 1901,1996年1月。
[RFC2026] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996.
[RFC2026]Bradner,S.,“互联网标准过程——第3版”,BCP 9,RFC 2026,1996年10月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2127] Roeck, G., "ISDN Management Information Base using SMIv2", RFC 2127, March 1997.
[RFC2127]Roeck,G.“使用SMIv2的ISDN管理信息库”,RFC 2127,1997年3月。
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997.
[RFC2131]Droms,R.,“动态主机配置协议”,RFC21311997年3月。
[RFC2195] Klensin, J., Catoe, R., and P. Krumviede, "IMAP/POP AUTHorize Extension for Simple Challenge/Response", RFC 2195, September 1997.
[RFC2195]Klensin,J.,Catoe,R.,和P.Krumviede,“简单质询/响应的IMAP/POP授权扩展”,RFC 21951997年9月。
[RFC2244] Newman, C. and J. Myers, "ACAP -- Application Configuration Access Protocol", RFC 2244, November 1997.
[RFC2244]Newman,C.和J.Myers,“ACAP——应用程序配置访问协议”,RFC2244,1997年11月。
[RFC2287] Krupczak, C. and J. Saperia, "Definitions of System-Level Managed Objects for Applications", RFC 2287, February 1998.
[RFC2287]Krupczak,C.和J.Saperia,“应用程序系统级托管对象的定义”,RFC 2287,1998年2月。
[RFC2330] Paxson, V., Almes, G., Mahdavi, J., and M. Mathis, "Framework for IP Performance Metrics", RFC 2330, May 1998.
[RFC2330]Paxson,V.,Almes,G.,Mahdavi,J.,和M.Mathis,“IP性能度量框架”,RFC 2330,1998年5月。
[RFC2458] Lu, H., Krishnaswamy, M., Conroy, L., Bellovin, S., Burg, F., DeSimone, A., Tewani, K., Davidson, P., Schulzrinne, H., and K. Vishwanathan, "Toward the PSTN/Internet Inter-Networking --Pre-PINT Implementations", RFC 2458, November 1998.
[RFC2458]Lu,H.,Krishnaswamy,M.,Conroy,L.,Bellovin,S.,Burg,F.,Desmone,A.,Tewani,K.,Davidson,P.,Schulzrinne,H.,和K.Vishwanathan,“走向PSTN/互联网互联——PINT前的实施”,RFC 2458,1998年11月。
[RFC2515] Tesink, K., "Definitions of Managed Objects for ATM Management", RFC 2515, February 1999.
[RFC2515]Tesink,K.,“ATM管理的受管对象定义”,RFC25151999年2月。
[RFC2564] Kalbfleisch, C., Krupczak, C., Presuhn, R., and J. Saperia, "Application Management MIB", RFC 2564, May 1999.
[RFC2564]Kalbflesch,C.,Krupczak,C.,Presohn,R.,和J.Saperia,“应用程序管理MIB”,RFC2564,1999年5月。
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[RFC2578]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.“管理信息的结构版本2(SMIv2)”,STD 58,RFC 2578,1999年4月。
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999.
[RFC2579]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.“SMIv2的文本约定”,STD 58,RFC 2579,1999年4月。
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
[RFC2580]McCloghrie,K.,Perkins,D.,和J.Schoenwaeld,“SMIv2的一致性声明”,STD 58,RFC 25801999年4月。
[RFC2610] Perkins, C. and E. Guttman, "DHCP Options for Service Location Protocol", RFC 2610, June 1999.
[RFC2610]Perkins,C.和E.Guttman,“服务位置协议的DHCP选项”,RFC2610,1999年6月。
[RFC2613] Waterman, R., Lahaye, B., Romascanu, D., and S. Waldbusser, "Remote Network Monitoring MIB Extensions for Switched Networks Version 1.0", RFC 2613, June 1999.
[RFC2613]Waterman,R.,Lahaye,B.,Romascanu,D.,和S.Waldbusser,“交换网络1.0版的远程网络监控MIB扩展”,RFC 2613,1999年6月。
[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999.
[RFC2617]Franks,J.,Hallam Baker,P.,Hostetler,J.,Lawrence,S.,Leach,P.,Lootonen,A.,和L.Stewart,“HTTP认证:基本和摘要访问认证”,RFC 26171999年6月。
[RFC2678] Mahdavi, J. and V. Paxson, "IPPM Metrics for Measuring Connectivity", RFC 2678, September 1999.
[RFC2678]Mahdavi,J.和V.Paxson,“测量连接性的IPPM度量”,RFC 2678,1999年9月。
[RFC2679] Almes, G., Kalidindi, S., and M. Zekauskas, "A One-way Delay Metric for IPPM", RFC 2679, September 1999.
[RFC2679]Almes,G.,Kalidini,S.,和M.Zekauskas,“IPPM的单向延迟度量”,RFC 2679,1999年9月。
[RFC2680] Almes, G., Kalidindi, S., and M. Zekauskas, "A One-way Packet Loss Metric for IPPM", RFC 2680, September 1999.
[RFC2680]Almes,G.,Kalidini,S.,和M.Zekauskas,“IPPM的单向数据包丢失度量”,RFC 2680,1999年9月。
[RFC2681] Almes, G., Kalidindi, S., and M. Zekauskas, "A Round-trip Delay Metric for IPPM", RFC 2681, September 1999.
[RFC2681]Almes,G.,Kalidini,S.,和M.Zekauskas,“IPPM的往返延迟度量”,RFC 2681,1999年9月。
[RFC2748] Durham, D., Boyle, J., Cohen, R., Herzog, S., Rajan, R., and A. Sastry, "The COPS (Common Open Policy Service) Protocol", RFC 2748, January 2000.
[RFC2748]达勒姆,D.,博伊尔,J.,科恩,R.,赫尔佐格,S.,拉詹,R.,和A.萨斯特里,“共同开放政策服务协议”,RFC 27482000年1月。
[RFC2753] Yavatkar, R., Pendarakis, D., and R. Guerin, "A Framework for Policy-based Admission Control", RFC 2753, January 2000.
[RFC2753]Yavatkar,R.,Pendarakis,D.,和R.Guerin,“基于政策的准入控制框架”,RFC 2753,2000年1月。
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
[RFC2818]Rescorla,E.,“TLS上的HTTP”,RFC2818,2000年5月。
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000.
[RFC2863]McCloghrie,K.和F.Kastenholz,“接口组MIB”,RFC 28632000年6月。
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[RFC2865]Rigney,C.,Willens,S.,Rubens,A.,和W.Simpson,“远程认证拨入用户服务(RADIUS)”,RFC 28652000年6月。
[RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.
[RFC2866]Rigney,C.,“半径会计”,RFC 28662000年6月。
[RFC2867] Zorn, G., Aboba, B., and D. Mitton, "RADIUS Accounting Modifications for Tunnel Protocol Support", RFC 2867, June 2000.
[RFC2867]Zorn,G.,Aboba,B.和D.Mitton,“隧道协议支持的半径计算修改”,RFC 28672000年6月。
[RFC2868] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M., and I. Goyret, "RADIUS Attributes for Tunnel Protocol Support", RFC 2868, June 2000.
[RFC2868]Zorn,G.,Leifer,D.,Rubens,A.,Shriver,J.,Holdrege,M.,和I.Goyret,“隧道协议支持的半径属性”,RFC 28682000年6月。
[RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", RFC 2869, June 2000.
[RFC2869]Rigney,C.,Willats,W.,和P.Calhoun,“半径延伸”,RFC 2869,2000年6月。
[RFC2981] Kavasseri, R., "Event MIB", RFC 2981, October 2000.
[RFC2981]Kavasseri,R.,“事件MIB”,RFC 29812000年10月。
[RFC2982] Kavasseri, R., "Distributed Management Expression MIB", RFC 2982, October 2000.
[RFC2982]Kavasseri,R.,“分布式管理表达式MIB”,RFC 29822000年10月。
[RFC3014] Kavasseri, R., "Notification Log MIB", RFC 3014, November 2000.
[RFC3014]Kavasseri,R.,“通知日志MIB”,RFC30142000年11月。
[RFC3046] Patrick, M., "DHCP Relay Agent Information Option", RFC 3046, January 2001.
[RFC3046]Patrick,M.,“DHCP中继代理信息选项”,RFC3046,2001年1月。
[RFC3084] Chan, K., Seligson, J., Durham, D., Gai, S., McCloghrie, K., Herzog, S., Reichmeyer, F., Yavatkar, R., and A. Smith, "COPS Usage for Policy Provisioning (COPS-PR)", RFC 3084, March 2001.
[RFC3084]Chan,K.,Seligson,J.,Durham,D.,Gai,S.,McCloghrie,K.,Herzog,S.,Reichmeyer,F.,Yavatkar,R.,和A.Smith,“策略供应的COPS使用(COPS-PR)”,RFC 30842001年3月。
[RFC3144] Romascanu, D., "Remote Monitoring MIB Extensions for Interface Parameters Monitoring", RFC 3144, August 2001.
[RFC3144]Romascanu,D.,“用于接口参数监控的远程监控MIB扩展”,RFC 31442001年8月。
[RFC3159] McCloghrie, K., Fine, M., Seligson, J., Chan, K., Hahn, S., Sahita, R., Smith, A., and F. Reichmeyer, "Structure of Policy Provisioning Information (SPPI)", RFC 3159, August 2001.
[RFC3159]McCloghrie,K.,Fine,M.,Seligson,J.,Chan,K.,Hahn,S.,Sahita,R.,Smith,A.,和F.Reichmeyer,“策略供应信息的结构(SPPI)”,RFC 3159,2001年8月。
[RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162, August 2001.
[RFC3162]Aboba,B.,Zorn,G.和D.Mitton,“RADIUS和IPv6”,RFC 3162,2001年8月。
[RFC3164] Lonvick, C., "The BSD Syslog Protocol", RFC 3164, August 2001.
[RFC3164]Lonvick,C.,“BSD系统日志协议”,RFC31642001年8月。
[RFC3165] Levi, D. and J. Schoenwaelder, "Definitions of Managed Objects for the Delegation of Management Scripts", RFC 3165, August 2001.
[RFC3165]Levi,D.和J.Schoenwaeld,“管理脚本委托的托管对象定义”,RFC 3165,2001年8月。
[RFC3195] New, D. and M. Rose, "Reliable Delivery for syslog", RFC 3195, November 2001.
[RFC3195]New,D.和M.Rose,“系统日志的可靠交付”,RFC 31952001年11月。
[RFC3273] Waldbusser, S., "Remote Network Monitoring Management Information Base for High Capacity Networks", RFC 3273, July 2002.
[RFC3273]Waldbusser,S.,“大容量网络的远程网络监控管理信息库”,RFC3273,2002年7月。
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3315]Droms,R.,Bound,J.,Volz,B.,Lemon,T.,Perkins,C.,和M.Carney,“IPv6的动态主机配置协议(DHCPv6)”,RFC3315,2003年7月。
[RFC3319] Schulzrinne, H. and B. Volz, "Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers", RFC 3319, July 2003.
[RFC3319]Schulzrinne,H.和B.Volz,“会话启动协议(SIP)服务器的动态主机配置协议(DHCPv6)选项”,RFC 3319,2003年7月。
[RFC3393] Demichelis, C. and P. Chimento, "IP Packet Delay Variation Metric for IP Performance Metrics (IPPM)", RFC 3393, November 2002.
[RFC3393]Demichelis,C.和P.Chimento,“IP性能度量的IP数据包延迟变化度量(IPPM)”,RFC 3393,2002年11月。
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002.
[RFC3410]Case,J.,Mundy,R.,Partain,D.,和B.Stewart,“互联网标准管理框架的介绍和适用性声明”,RFC 34102002年12月。
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002.
[RFC3411]Harrington,D.,Presohn,R.,和B.Wijnen,“描述简单网络管理协议(SNMP)管理框架的体系结构”,STD 62,RFC 3411,2002年12月。
[RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network Management Protocol (SNMP) Applications", STD 62, RFC 3413, December 2002.
[RFC3413]Levi,D.,Meyer,P.,和B.Stewart,“简单网络管理协议(SNMP)应用”,STD 62,RFC 3413,2002年12月。
[RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", STD 62, RFC 3414, December 2002.
[RFC3414]Blumenthal,U.和B.Wijnen,“简单网络管理协议(SNMPv3)版本3的基于用户的安全模型(USM)”,STD 62,RFC 3414,2002年12月。
[RFC3415] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3415, December 2002.
[RFC3415]Wijnen,B.,Presuhn,R.,和K.McCloghrie,“用于简单网络管理协议(SNMP)的基于视图的访问控制模型(VACM)”,STD 62,RFC 3415,2002年12月。
[RFC3417] Presuhn, R., "Transport Mappings for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3417, December 2002.
[RFC3417]Presohn,R.,“简单网络管理协议(SNMP)的传输映射”,STD 62,RFC 34172002年12月。
[RFC3418] Presuhn, R., "Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3418, December 2002.
[RFC3418]Presohn,R.,“简单网络管理协议(SNMP)的管理信息库(MIB)”,STD 62,RFC 3418,2002年12月。
[RFC3430] Schoenwaelder, J., "Simple Network Management Protocol Over Transmission Control Protocol Transport Mapping", RFC 3430, December 2002.
[RFC3430]Schoenwaeld,J.,“传输控制协议传输映射上的简单网络管理协议”,RFC 3430,2002年12月。
[RFC3432] Raisanen, V., Grotefeld, G., and A. Morton, "Network performance measurement with periodic streams", RFC 3432, November 2002.
[RFC3432]Raisanen,V.,Grotefeld,G.,和A.Morton,“周期流的网络性能测量”,RFC 3432,2002年11月。
[RFC3433] Bierman, A., Romascanu, D., and K. Norseth, "Entity Sensor Management Information Base", RFC 3433, December 2002.
[RFC3433]Bierman,A.,Romascanu,D.,和K.Norseth,“实体传感器管理信息库”,RFC 3433,2002年12月。
[RFC3434] Bierman, A. and K. McCloghrie, "Remote Monitoring MIB Extensions for High Capacity Alarms", RFC 3434, December 2002.
[RFC3434]Bierman,A.和K.McCloghrie,“高容量警报的远程监控MIB扩展”,RFC 3434,2002年12月。
[RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between Information Models and Data Models", RFC 3444, January 2003.
[RFC3444]Pras,A.和J.Schoenwaeld,“关于信息模型和数据模型之间的差异”,RFC 3444,2003年1月。
[RFC3460] Moore, B., "Policy Core Information Model (PCIM) Extensions", RFC 3460, January 2003.
[RFC3460]Moore,B.,“政策核心信息模型(PCIM)扩展”,RFC 3460,2003年1月。
[RFC3535] Schoenwaelder, J., "Overview of the 2002 IAB Network Management Workshop", RFC 3535, May 2003.
[RFC3535]Schoenwaeld,J.,“2002年IAB网络管理研讨会概述”,RFC 3535,2003年5月。
[RFC3574] Soininen, J., "Transition Scenarios for 3GPP Networks", RFC 3574, August 2003.
[RFC3574]Soininen,J.,“3GPP网络的过渡场景”,RFC 3574,2003年8月。
[RFC3577] Waldbusser, S., Cole, R., Kalbfleisch, C., and D. Romascanu, "Introduction to the Remote Monitoring (RMON) Family of MIB Modules", RFC 3577, August 2003.
[RFC3577]Waldbusser,S.,Cole,R.,Kalbflish,C.,和D.Romascanu,“MIB模块远程监控(RMON)系列介绍”,RFC 3577,2003年8月。
[RFC3579] Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)", RFC 3579, September 2003.
[RFC3579]Aboba,B.和P.Calhoun,“RADIUS(远程认证拨入用户服务)对可扩展认证协议(EAP)的支持”,RFC 3579,2003年9月。
[RFC3580] Congdon, P., Aboba, B., Smith, A., Zorn, G., and J. Roese, "IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines", RFC 3580, September 2003.
[RFC3580]Congdon,P.,Aboba,B.,Smith,A.,Zorn,G.,和J.Roese,“IEEE 802.1X远程认证拨入用户服务(RADIUS)使用指南”,RFC 35802003年9月。
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC3588]Calhoun,P.,Loughney,J.,Guttman,E.,Zorn,G.,和J.Arkko,“直径基础协议”,RFC 3588,2003年9月。
[RFC3589] Loughney, J., "Diameter Command Codes for Third Generation Partnership Project (3GPP) Release 5", RFC 3589, September 2003.
[RFC3589]Loughney,J.,“第三代合作伙伴关系项目(3GPP)版本5的直径命令代码”,RFC 3589,2003年9月。
[RFC3606] Ly, F., Noto, M., Smith, A., Spiegel, E., and K. Tesink, "Definitions of Supplemental Managed Objects for ATM Interface", RFC 3606, November 2003.
[RFC3606]Ly,F.,Noto,M.,Smith,A.,Spiegel,E.,和K.Tesink,“ATM接口补充管理对象的定义”,RFC 3606,2003年11月。
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6", RFC 3633, December 2003.
[RFC3633]Troan,O.和R.Droms,“动态主机配置协议(DHCP)版本6的IPv6前缀选项”,RFC 3633,2003年12月。
[RFC3646] Droms, R., "DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, December 2003.
[RFC3646]Droms,R.,“IPv6动态主机配置协议(DHCPv6)的DNS配置选项”,RFC 36462003年12月。
[RFC3729] Waldbusser, S., "Application Performance Measurement MIB", RFC 3729, March 2004.
[RFC3729]Waldbusser,S.,“应用程序性能度量MIB”,RFC 37292004年3月。
[RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. Levkowetz, "Extensible Authentication Protocol (EAP)", RFC 3748, June 2004.
[RFC3748]Aboba,B.,Blunk,L.,Vollbrecht,J.,Carlson,J.,和H.Levkowetz,“可扩展身份验证协议(EAP)”,RFC 3748,2004年6月。
[RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P. Conrad, "Stream Control Transmission Protocol (SCTP) Partial Reliability Extension", RFC 3758, May 2004.
[RFC3758]Stewart,R.,Ramalho,M.,Xie,Q.,Tuexen,M.,和P.Conrad,“流控制传输协议(SCTP)部分可靠性扩展”,RFC 3758,2004年5月。
[RFC3868] Loughney, J., Sidebottom, G., Coene, L., Verwimp, G., Keller, J., and B. Bidulock, "Signalling Connection Control Part User Adaptation Layer (SUA)", RFC 3868, October 2004.
[RFC3868]Loughney,J.,Sidebottom,G.,Coene,L.,Verwimp,G.,Keller,J.,和B.Bidulock,“信令连接控制部分用户适配层(SUA)”,RFC 38682004年10月。
[RFC3873] Pastor, J. and M. Belinchon, "Stream Control Transmission Protocol (SCTP) Management Information Base (MIB)", RFC 3873, September 2004.
[RFC3873]Pastor,J.和M.Belinchon,“流控制传输协议(SCTP)管理信息库(MIB)”,RFC3873,2004年9月。
[RFC3877] Chisholm, S. and D. Romascanu, "Alarm Management Information Base (MIB)", RFC 3877, September 2004.
[RFC3877]Chisholm,S.和D.Romascanu,“报警管理信息库(MIB)”,RFC 3877,2004年9月。
[RFC3878] Lam, H., Huynh, A., and D. Perkins, "Alarm Reporting Control Management Information Base (MIB)", RFC 3878, September 2004.
[RFC3878]Lam,H.,Huynh,A.,和D.Perkins,“报警报告控制管理信息库(MIB)”,RFC 3878,2004年9月。
[RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, "Requirements for IP Flow Information Export (IPFIX)", RFC 3917, October 2004.
[RFC3917]Quitek,J.,Zseby,T.,Claise,B.,和S.Zander,“IP流信息导出(IPFIX)的要求”,RFC 39172004年10月。
[RFC3954] Claise, B., "Cisco Systems NetFlow Services Export Version 9", RFC 3954, October 2004.
[RFC3954]Claise,B.,“Cisco Systems NetFlow服务导出版本9”,RFC 3954,2004年10月。
[RFC4004] Calhoun, P., Johansson, T., Perkins, C., Hiller, T., and P. McCann, "Diameter Mobile IPv4 Application", RFC 4004, August 2005.
[RFC4004]Calhoun,P.,Johansson,T.,Perkins,C.,Hiller,T.,和P.McCann,“Diameter移动IPv4应用”,RFC 40042005年8月。
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter Network Access Server Application", RFC 4005, August 2005.
[RFC4005]Calhoun,P.,Zorn,G.,Spence,D.,和D.Mitton,“Diameter网络访问服务器应用”,RFC 4005,2005年8月。
[RFC4006] Hakala, H., Mattila, L., Koskinen, J-P., Stura, M., and J. Loughney, "Diameter Credit-Control Application", RFC 4006, August 2005.
[RFC4006]Hakala,H.,Mattila,L.,Koskinen,J-P.,Stura,M.,和J.Loughney,“直径信用控制应用”,RFC 4006,2005年8月。
[RFC4022] Raghunarayan, R., "Management Information Base for the Transmission Control Protocol (TCP)", RFC 4022, March 2005.
[RFC4022]Raghunarayan,R.,“传输控制协议(TCP)的管理信息库”,RFC 40222,2005年3月。
[RFC4029] Lind, M., Ksinant, V., Park, S., Baudot, A., and P. Savola, "Scenarios and Analysis for Introducing IPv6 into ISP Networks", RFC 4029, March 2005.
[RFC4029]Lind,M.,Ksinant,V.,Park,S.,Baudot,A.,和P.Savola,“将IPv6引入ISP网络的场景和分析”,RFC 40292005年3月。
[RFC4038] Shin, M-K., Hong, Y-G., Hagino, J., Savola, P., and E. Castro, "Application Aspects of IPv6 Transition", RFC 4038, March 2005.
[RFC4038]Shin,M-K.,Hong,Y-G.,Hagino,J.,Savola,P.,和E.Castro,“IPv6过渡的应用方面”,RFC 4038,2005年3月。
[RFC4057] Bound, J., "IPv6 Enterprise Network Scenarios", RFC 4057, June 2005.
[RFC4057]Bound,J.,“IPv6企业网络场景”,RFC 4057,2005年6月。
[RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible Authentication Protocol (EAP) Application", RFC 4072, August 2005.
[RFC4072]Eronen,P.,Hiller,T.,和G.Zorn,“直径可扩展认证协议(EAP)应用”,RFC 4072,2005年8月。
[RFC4113] Fenner, B. and J. Flick, "Management Information Base for the User Datagram Protocol (UDP)", RFC 4113, June 2005.
[RFC4113]Fenner,B.和J.Flick,“用户数据报协议(UDP)的管理信息库”,RFC41132005年6月。
[RFC4118] Yang, L., Zerfos, P., and E. Sadot, "Architecture Taxonomy for Control and Provisioning of Wireless Access Points (CAPWAP)", RFC 4118, June 2005.
[RFC4118]Yang,L.,Zerfos,P.,和E.Sadot,“无线接入点控制和供应(CAPWAP)的体系结构分类”,RFC 4118,2005年6月。
[RFC4133] Bierman, A. and K. McCloghrie, "Entity MIB (Version 3)", RFC 4133, August 2005.
[RFC4133]Bierman,A.和K.McCloghrie,“实体MIB(版本3)”,RFC 41332005年8月。
[RFC4148] Stephan, E., "IP Performance Metrics (IPPM) Metrics Registry", BCP 108, RFC 4148, August 2005.
[RFC4148]Stephan,E.“IP性能度量(IPPM)度量注册表”,BCP 108,RFC 4148,2005年8月。
[RFC4150] Dietz, R. and R. Cole, "Transport Performance Metrics MIB", RFC 4150, August 2005.
[RFC4150]Dietz,R.和R.Cole,“传输性能指标MIB”,RFC 4150,2005年8月。
[RFC4188] Norseth, K. and E. Bell, "Definitions of Managed Objects for Bridges", RFC 4188, September 2005.
[RFC4188]Norseth,K.和E.Bell,“网桥托管对象的定义”,RFC 4188,2005年9月。
[RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms for IPv6 Hosts and Routers", RFC 4213, October 2005.
[RFC4213]Nordmark,E.和R.Gilligan,“IPv6主机和路由器的基本转换机制”,RFC 4213,2005年10月。
[RFC4215] Wiljakka, J., "Analysis on IPv6 Transition in Third Generation Partnership Project (3GPP) Networks", RFC 4215, October 2005.
[RFC4215]Wiljakka,J.,“第三代合作伙伴计划(3GPP)网络中IPv6过渡的分析”,RFC 4215,2005年10月。
[RFC4221] Nadeau, T., Srinivasan, C., and A. Farrel, "Multiprotocol Label Switching (MPLS) Management Overview", RFC 4221, November 2005.
[RFC4221]Nadeau,T.,Srinivasan,C.,和A.Farrel,“多协议标签交换(MPLS)管理概述”,RFC 42212005年11月。
[RFC4268] Chisholm, S. and D. Perkins, "Entity State MIB", RFC 4268, November 2005.
[RFC4268]Chisholm,S.和D.Perkins,“实体国家MIB”,RFC 4268,2005年11月。
[RFC4273] Haas, J. and S. Hares, "Definitions of Managed Objects for BGP-4", RFC 4273, January 2006.
[RFC4273]Haas,J.和S.Hares,“BGP-4管理对象的定义”,RFC 4273,2006年1月。
[RFC4280] Chowdhury, K., Yegani, P., and L. Madour, "Dynamic Host Configuration Protocol (DHCP) Options for Broadcast and Multicast Control Servers", RFC 4280, November 2005.
[RFC4280]Chowdhury,K.,Yegani,P.,和L.Madour,“广播和多播控制服务器的动态主机配置协议(DHCP)选项”,RFC 4280,2005年11月。
[RFC4285] Patel, A., Leung, K., Khalil, M., Akhtar, H., and K. Chowdhury, "Authentication Protocol for Mobile IPv6", RFC 4285, January 2006.
[RFC4285]Patel,A.,Leung,K.,Khalil,M.,Akhtar,H.,和K.Chowdhury,“移动IPv6认证协议”,RFC 4285,2006年1月。
[RFC4292] Haberman, B., "IP Forwarding Table MIB", RFC 4292, April 2006.
[RFC4292]Haberman,B.,“IP转发表MIB”,RFC 42922006年4月。
[RFC4293] Routhier, S., "Management Information Base for the Internet Protocol (IP)", RFC 4293, April 2006.
[RFC4293]Routhier,S.,“互联网协议(IP)的管理信息库”,RFC 4293,2006年4月。
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, December 2005.
[RFC4301]Kent,S.和K.Seo,“互联网协议的安全架构”,RFC 43012005年12月。
[RFC4318] Levi, D. and D. Harrington, "Definitions of Managed Objects for Bridges with Rapid Spanning Tree Protocol", RFC 4318, December 2005.
[RFC4318]Levi,D.和D.Harrington,“具有快速生成树协议的网桥托管对象的定义”,RFC 4318,2005年12月。
[RFC4363] Levi, D. and D. Harrington, "Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and Virtual LAN Extensions", RFC 4363, January 2006.
[RFC4363]Levi,D.和D.Harrington,“具有流量类、多播过滤和虚拟LAN扩展的网桥的托管对象定义”,RFC 4363,2006年1月。
[RFC4422] Melnikov, A. and K. Zeilenga, "Simple Authentication and Security Layer (SASL)", RFC 4422, June 2006.
[RFC4422]Melnikov,A.和K.Zeilenga,“简单身份验证和安全层(SASL)”,RFC 4422,2006年6月。
[RFC4444] Parker, J., "Management Information Base for Intermediate System to Intermediate System (IS-IS)", RFC 4444, April 2006.
[RFC4444]Parker,J.“中间系统到中间系统(IS-IS)的管理信息库”,RFC44444,2006年4月。
[RFC4502] Waldbusser, S., "Remote Network Monitoring Management Information Base Version 2", RFC 4502, May 2006.
[RFC4502]Waldbusser,S.,“远程网络监控管理信息库版本2”,RFC4502,2006年5月。
[RFC4546] Raftus, D. and E. Cardona, "Radio Frequency (RF) Interface Management Information Base for Data over Cable Service Interface Specifications (DOCSIS) 2.0 Compliant RF Interfaces", RFC 4546, June 2006.
[RFC4546]Raftus,D.和E.Cardona,“电缆数据服务接口规范(DOCSIS)2.0兼容射频接口的射频(RF)接口管理信息库”,RFC 45462006年6月。
[RFC4560] Quittek, J. and K. White, "Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations", RFC 4560, June 2006.
[RFC4560]Quittek,J.和K.White,“远程Ping、跟踪路由和查找操作的托管对象定义”,RFC 4560,2006年6月。
[RFC4564] Govindan, S., Cheng, H., Yao, ZH., Zhou, WH., and L. Yang, "Objectives for Control and Provisioning of Wireless Access Points (CAPWAP)", RFC 4564, July 2006.
[RFC4564]Govindan,S.,Cheng,H.,Yao,ZH.,Zhou,WH.,和L.Yang,“无线接入点(CAPWAP)的控制和供应目标”,RFC 4564,2006年7月。
[RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M. Zekauskas, "A One-way Active Measurement Protocol (OWAMP)", RFC 4656, September 2006.
[RFC4656]Shalunov,S.,Teitelbaum,B.,Karp,A.,Boote,J.,和M.Zekauskas,“单向主动测量协议(OWAMP)”,RFC 46562006年9月。
[RFC4663] Harrington, D., "Transferring MIB Work from IETF Bridge MIB WG to IEEE 802.1 WG", RFC 4663, September 2006.
[RFC4663]Harrington,D.,“将MIB工作从IETF桥接MIB工作组转移到IEEE 802.1工作组”,RFC 4663,2006年9月。
[RFC4668] Nelson, D., "RADIUS Authentication Client MIB for IPv6", RFC 4668, August 2006.
[RFC4668]Nelson,D.,“IPv6的RADIUS身份验证客户端MIB”,RFC 4668,2006年8月。
[RFC4669] Nelson, D., "RADIUS Authentication Server MIB for IPv6", RFC 4669, August 2006.
[RFC4669]Nelson,D.,“IPv6的RADIUS认证服务器MIB”,RFC 4669,2006年8月。
[RFC4670] Nelson, D., "RADIUS Accounting Client MIB for IPv6", RFC 4670, August 2006.
[RFC4670]Nelson,D.,“IPv6的RADIUS计费客户端MIB”,RFC 46702006年8月。
[RFC4671] Nelson, D., "RADIUS Accounting Server MIB for IPv6", RFC 4671, August 2006.
[RFC4671]Nelson,D.,“IPv6的RADIUS计费服务器MIB”,RFC 46712006年8月。
[RFC4672] De Cnodder, S., Jonnala, N., and M. Chiba, "RADIUS Dynamic Authorization Client MIB", RFC 4672, September 2006.
[RFC4672]De Cnodder,S.,Jonnala,N.和M.Chiba,“RADIUS动态授权客户端MIB”,RFC 4672,2006年9月。
[RFC4673] De Cnodder, S., Jonnala, N., and M. Chiba, "RADIUS Dynamic Authorization Server MIB", RFC 4673, September 2006.
[RFC4673]De Cnodder,S.,Jonnala,N.和M.Chiba,“RADIUS动态授权服务器MIB”,RFC 4673,2006年9月。
[RFC4675] Congdon, P., Sanchez, M., and B. Aboba, "RADIUS Attributes for Virtual LAN and Priority Support", RFC 4675, September 2006.
[RFC4675]Congdon,P.,Sanchez,M.,和B.Aboba,“虚拟LAN和优先级支持的RADIUS属性”,RFC 4675,2006年9月。
[RFC4706] Morgenstern, M., Dodge, M., Baillie, S., and U. Bonollo, "Definitions of Managed Objects for Asymmetric Digital Subscriber Line 2 (ADSL2)", RFC 4706, November 2006.
[RFC4706]Morgenstern,M.,Dodge,M.,Baillie,S.,和U.Bonollo,“非对称数字用户线路2(ADSL2)托管对象的定义”,RFC 4706,2006年11月。
[RFC4710] Siddiqui, A., Romascanu, D., and E. Golovinsky, "Real-time Application Quality-of-Service Monitoring (RAQMON) Framework", RFC 4710, October 2006.
[RFC4710]Siddiqui,A.,Romascanu,D.,和E.Golovinsky,“实时应用程序服务质量监控(RAQMON)框架”,RFC 47102006年10月。
[RFC4711] Siddiqui, A., Romascanu, D., and E. Golovinsky, "Real-time Application Quality-of-Service Monitoring (RAQMON) MIB", RFC 4711, October 2006.
[RFC4711]Siddiqui,A.,Romascanu,D.,和E.Golovinsky,“实时应用程序服务质量监控(RAQMON)MIB”,RFC 47112006年10月。
[RFC4712] Siddiqui, A., Romascanu, D., Golovinsky, E., Rahman, M., and Y. Kim, "Transport Mappings for Real-time Application Quality-of-Service Monitoring (RAQMON) Protocol Data Unit (PDU)", RFC 4712, October 2006.
[RFC4712]Siddiqui,A.,Romascanu,D.,Golovinsky,E.,Rahman,M.,和Y.Kim,“实时应用服务质量监控(RAQMON)协议数据单元(PDU)的传输映射”,RFC 4712,2006年10月。
[RFC4737] Morton, A., Ciavattone, L., Ramachandran, G., Shalunov, S., and J. Perser, "Packet Reordering Metrics", RFC 4737, November 2006.
[RFC4737]Morton,A.,Ciavattone,L.,Ramachandran,G.,Shalunov,S.,和J.Perser,“数据包重新排序度量”,RFC 4737,2006年11月。
[RFC4740] Garcia-Martin, M., Belinchon, M., Pallares-Lopez, M., Canales-Valenzuela, C., and K. Tammi, "Diameter Session Initiation Protocol (SIP) Application", RFC 4740, November 2006.
[RFC4740]Garcia Martin,M.,Belinchon,M.,Pallares Lopez,M.,Canales Valenzuela,C.,和K.Tammi,“Diameter会话启动协议(SIP)应用”,RFC 47402006年11月。
[RFC4743] Goddard, T., "Using NETCONF over the Simple Object Access Protocol (SOAP)", RFC 4743, December 2006.
[RFC4743]Goddard,T.,“通过简单对象访问协议(SOAP)使用NETCONF”,RFC 4743,2006年12月。
[RFC4744] Lear, E. and K. Crozier, "Using the NETCONF Protocol over the Blocks Extensible Exchange Protocol (BEEP)", RFC 4744, December 2006.
[RFC4744]Lear,E.和K.Crozier,“在块可扩展交换协议(BEEP)上使用NETCONF协议”,RFC 47442006年12月。
[RFC4750] Joyal, D., Galecki, P., Giacalone, S., Coltun, R., and F. Baker, "OSPF Version 2 Management Information Base", RFC 4750, December 2006.
[RFC4750]Joyal,D.,Galecki,P.,Giacalone,S.,Coltun,R.,和F.Baker,“OSPF版本2管理信息库”,RFC 47502006年12月。
[RFC4780] Lingle, K., Mule, J-F., Maeng, J., and D. Walker, "Management Information Base for the Session Initiation Protocol (SIP)", RFC 4780, April 2007.
[RFC4780]Lingle,K.,Mule,J-F.,Maeng,J.,和D.Walker,“会话启动协议(SIP)的管理信息库”,RFC 47802007年4月。
[RFC4789] Schoenwaelder, J. and T. Jeffree, "Simple Network Management Protocol (SNMP) over IEEE 802 Networks", RFC 4789, November 2006.
[RFC4789]Schoenwaeld,J.和T.Jeffree,“IEEE 802网络上的简单网络管理协议(SNMP)”,RFC 4789,2006年11月。
[RFC4803] Nadeau, T. and A. Farrel, "Generalized Multiprotocol Label Switching (GMPLS) Label Switching Router (LSR) Management Information Base", RFC 4803, February 2007.
[RFC4803]Nadeau,T.和A.Farrel,“通用多协议标签交换(GMPLS)标签交换路由器(LSR)管理信息库”,RFC 4803,2007年2月。
[RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6- Prefix Attribute", RFC 4818, April 2007.
[RFC4818]Salowey,J.和R.Droms,“RADIUS-IPv6-前缀属性”,RFC 4818,2007年4月。
[RFC4825] Rosenberg, J., "The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)", RFC 4825, May 2007.
[RFC4825]Rosenberg,J.,“可扩展标记语言(XML)配置访问协议(XCAP)”,RFC4825,2007年5月。
[RFC4826] Rosenberg, J., "Extensible Markup Language (XML) Formats for Representing Resource Lists", RFC 4826, May 2007.
[RFC4826]Rosenberg,J.,“用于表示资源列表的可扩展标记语言(XML)格式”,RFC 4826,2007年5月。
[RFC4827] Isomaki, M. and E. Leppanen, "An Extensible Markup Language (XML) Configuration Access Protocol (XCAP) Usage for Manipulating Presence Document Contents", RFC 4827, May 2007.
[RFC4827]Isomaki,M.和E.Leppanen,“用于操纵状态文档内容的可扩展标记语言(XML)配置访问协议(XCAP)使用”,RFC 4827,2007年5月。
[RFC4898] Mathis, M., Heffner, J., and R. Raghunarayan, "TCP Extended Statistics MIB", RFC 4898, May 2007.
[RFC4898]Mathis,M.,Heffner,J.和R.Raghunarayan,“TCP扩展统计MIB”,RFC 4898,2007年5月。
[RFC4960] Stewart, R., "Stream Control Transmission Protocol", RFC 4960, September 2007.
[RFC4960]Stewart,R.,“流控制传输协议”,RFC 49602007年9月。
[RFC5060] Sivaramu, R., Lingard, J., McWalter, D., Joshi, B., and A. Kessler, "Protocol Independent Multicast MIB", RFC 5060, January 2008.
[RFC5060]Sivaramu,R.,Lingard,J.,McWalter,D.,Joshi,B.,和A.Kessler,“协议独立多播MIB”,RFC 50602008年1月。
[RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes", RFC 5080, December 2007.
[RFC5080]Nelson,D.和A.DeKok,“通用远程身份验证拨入用户服务(RADIUS)实施问题和建议修复”,RFC 50802007年12月。
[RFC5085] Nadeau, T. and C. Pignataro, "Pseudowire Virtual Circuit Connectivity Verification (VCCV): A Control Channel for Pseudowires", RFC 5085, December 2007.
[RFC5085]Nadeau,T.和C.Pignataro,“伪线虚拟电路连接验证(VCCV):伪线的控制通道”,RFC 5085,2007年12月。
[RFC5090] Sterman, B., Sadolevsky, D., Schwartz, D., Williams, D., and W. Beck, "RADIUS Extension for Digest Authentication", RFC 5090, February 2008.
[RFC5090]Sterman,B.,Sadolevsky,D.,Schwartz,D.,Williams,D.,和W.Beck,“摘要认证的半径扩展”,RFC 50902008年2月。
[RFC5101] Claise, B., "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information", RFC 5101, January 2008.
[RFC5101]Claise,B.,“用于交换IP流量信息的IP流量信息导出(IPFIX)协议规范”,RFC 5101,2008年1月。
[RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. Meyer, "Information Model for IP Flow Information Export", RFC 5102, January 2008.
[RFC5102]Quitek,J.,Bryant,S.,Claise,B.,Aitken,P.,和J.Meyer,“IP流信息导出的信息模型”,RFC 5102,2008年1月。
[RFC5103] Trammell, B. and E. Boschi, "Bidirectional Flow Export Using IP Flow Information Export (IPFIX)", RFC 5103, January 2008.
[RFC5103]Trammell,B.和E.Boschi,“使用IP流量信息导出(IPFIX)的双向流量导出”,RFC 5103,2008年1月。
[RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B. Aboba, "Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)", RFC 5176, January 2008.
[RFC5176]Chiba,M.,Dommety,G.,Eklund,M.,Mitton,D.,和B.Aboba,“远程认证拨号用户服务(RADIUS)的动态授权扩展”,RFC 51762008年1月。
[RFC5181] Shin, M-K., Han, Y-H., Kim, S-E., and D. Premec, "IPv6 Deployment Scenarios in 802.16 Networks", RFC 5181, May 2008.
[RFC5181]Shin,M-K.,Han,Y-H.,Kim,S-E.,和D.Premec,“802.16网络中的IPv6部署场景”,RFC 5181,2008年5月。
[RFC5224] Brenner, M., "Diameter Policy Processing Application", RFC 5224, March 2008.
[RFC5224]Brenner,M.,“直径策略处理应用”,RFC 52242008年3月。
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5246]Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.2”,RFC 5246,2008年8月。
[RFC5277] Chisholm, S. and H. Trevino, "NETCONF Event Notifications", RFC 5277, July 2008.
[RFC5277]Chisholm,S.和H.Trevino,“NETCONF事件通知”,RFC 5277,2008年7月。
[RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J. Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)", RFC 5357, October 2008.
[RFC5357]Hedayat,K.,Krzanowski,R.,Morton,A.,Yum,K.,和J.Babiarz,“双向主动测量协议(TWAMP)”,RFC 5357,2008年10月。
[RFC5388] Niccolini, S., Tartarelli, S., Quittek, J., Dietz, T., and M. Swany, "Information Model and XML Data Model for Traceroute Measurements", RFC 5388, December 2008.
[RFC5388]Niccolini,S.,Tartarelli,S.,Quittek,J.,Dietz,T.,和M.Swany,“示踪路线测量的信息模型和XML数据模型”,RFC 5388,2008年12月。
[RFC5415] Calhoun, P., Montemurro, M., and D. Stanley, "Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification", RFC 5415, March 2009.
[RFC5415]Calhoun,P.,Montemurro,M.,和D.Stanley,“无线接入点的控制和供应(CAPWAP)协议规范”,RFC 5415,2009年3月。
[RFC5416] Calhoun, P., Montemurro, M., and D. Stanley, "Control and Provisioning of Wireless Access Points (CAPWAP) Protocol Binding for IEEE 802.11", RFC 5416, March 2009.
[RFC5416]Calhoun,P.,Montemurro,M.,和D.Stanley,“IEEE 802.11无线接入点(CAPWAP)协议绑定的控制和供应”,RFC 5416,2009年3月。
[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009.
[RFC5424]Gerhards,R.,“系统日志协议”,RFC 54242009年3月。
[RFC5425] Miao, F., Ma, Y., and J. Salowey, "Transport Layer Security (TLS) Transport Mapping for Syslog", RFC 5425, March 2009.
[RFC5425]Miao,F.,Ma,Y.,和J.Salowey,“系统日志的传输层安全性(TLS)传输映射”,RFC 54252009年3月。
[RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP", RFC 5426, March 2009.
[RFC5426]Okmianski,A.,“通过UDP传输系统日志消息”,RFC 5426,2009年3月。
[RFC5427] Keeni, G., "Textual Conventions for Syslog Management", RFC 5427, March 2009.
[RFC5427]Keeni,G.“系统日志管理的文本约定”,RFC 5427,2009年3月。
[RFC5431] Sun, D., "Diameter ITU-T Rw Policy Enforcement Interface Application", RFC 5431, March 2009.
[RFC5431]Sun,D.,“Diameter ITU-T Rw策略实施接口应用”,RFC 54312009年3月。
[RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., and K. Chowdhury, "Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction", RFC 5447, February 2009.
[RFC5447]Korhonen,J.,Bournelle,J.,Tschofenig,H.,Perkins,C.,和K.Chowdhury,“Diameter移动IPv6:支持网络访问服务器到Diameter服务器的交互”,RFC 5447,2009年2月。
[RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek, "Architecture for IP Flow Information Export", RFC 5470, March 2009.
[RFC5470]Sadasivan,G.,Brownlee,N.,Claise,B.,和J.Quitek,“IP流信息导出架构”,RFC 54702009年3月。
[RFC5472] Zseby, T., Boschi, E., Brownlee, N., and B. Claise, "IP Flow Information Export (IPFIX) Applicability", RFC 5472, March 2009.
[RFC5472]Zseby,T.,Boschi,E.,Brownlee,N.,和B.Claise,“IP流信息导出(IPFIX)适用性”,RFC 54722009年3月。
[RFC5473] Boschi, E., Mark, L., and B. Claise, "Reducing Redundancy in IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Reports", RFC 5473, March 2009.
[RFC5473]Boschi,E.,Mark,L.,和B.Claise,“减少IP流信息导出(IPFIX)和数据包采样(PSAMP)报告中的冗余”,RFC 5473,2009年3月。
[RFC5474] Duffield, N., Chiou, D., Claise, B., Greenberg, A., Grossglauser, M., and J. Rexford, "A Framework for Packet Selection and Reporting", RFC 5474, March 2009.
[RFC5474]N.Duffield、Chiou、D.Claise、B.Greenberg、A.Grossglauser、M.和J.Rexford,“数据包选择和报告框架”,RFC 54742009年3月。
[RFC5475] Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F. Raspall, "Sampling and Filtering Techniques for IP Packet Selection", RFC 5475, March 2009.
[RFC5475]Zseby,T.,Molina,M.,Duffield,N.,Niccolini,S.,和F.Raspall,“IP数据包选择的采样和过滤技术”,RFC 5475,2009年3月。
[RFC5476] Claise, B., Johnson, A., and J. Quittek, "Packet Sampling (PSAMP) Protocol Specifications", RFC 5476, March 2009.
[RFC5476]Claise,B.,Johnson,A.,和J.Quittek,“数据包采样(PSAMP)协议规范”,RFC 54762009年3月。
[RFC5477] Dietz, T., Claise, B., Aitken, P., Dressler, F., and G. Carle, "Information Model for Packet Sampling Exports", RFC 5477, March 2009.
[RFC5477]Dietz,T.,Claise,B.,Aitken,P.,Dressler,F.,和G.Carle,“数据包抽样出口的信息模型”,RFC 5477,2009年3月。
[RFC5516] Jones, M. and L. Morand, "Diameter Command Code Registration for the Third Generation Partnership Project (3GPP) Evolved Packet System (EPS)", RFC 5516, April 2009.
[RFC5516]Jones,M.和L.Morand,“第三代合作伙伴关系项目(3GPP)演进包系统(EPS)的DIAMER命令代码注册”,RFC 5516,2009年4月。
[RFC5539] Badra, M., "NETCONF over Transport Layer Security (TLS)", RFC 5539, May 2009.
[RFC5539]Badra,M.,“传输层安全(TLS)上的网络配置”,RFC 5539,2009年5月。
[RFC5560] Uijterwaal, H., "A One-Way Packet Duplication Metric", RFC 5560, May 2009.
[RFC5560]Uijterwaal,H.,“单向数据包复制度量”,RFC 5560,2009年5月。
[RFC5580] Tschofenig, H., Adrangi, F., Jones, M., Lior, A., and B. Aboba, "Carrying Location Objects in RADIUS and Diameter", RFC 5580, August 2009.
[RFC5580]Tschofenig,H.,Adrangi,F.,Jones,M.,Lior,A.,和B.Aboba,“以半径和直径携带定位物体”,RFC 55802009年8月。
[RFC5590] Harrington, D. and J. Schoenwaelder, "Transport Subsystem for the Simple Network Management Protocol (SNMP)", RFC 5590, June 2009.
[RFC5590]Harrington,D.和J.Schoenwaeld,“简单网络管理协议(SNMP)的传输子系统”,RFC 55902009年6月。
[RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model for the Simple Network Management Protocol (SNMP)", RFC 5591, June 2009.
[RFC5591]Harrington,D.和W.Hardaker,“简单网络管理协议(SNMP)的传输安全模型”,RFC 55912009年6月。
[RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure Shell Transport Model for the Simple Network Management Protocol (SNMP)", RFC 5592, June 2009.
[RFC5592]Harrington,D.,Salowey,J.,和W.Hardaker,“简单网络管理协议(SNMP)的安全外壳传输模型”,RFC 55922009年6月。
[RFC5607] Nelson, D. and G. Weber, "Remote Authentication Dial-In User Service (RADIUS) Authorization for Network Access Server (NAS) Management", RFC 5607, July 2009.
[RFC5607]Nelson,D.和G.Weber,“网络访问服务器(NAS)管理的远程认证拨入用户服务(RADIUS)授权”,RFC 5607,2009年7月。
[RFC5608] Narayan, K. and D. Nelson, "Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models", RFC 5608, August 2009.
[RFC5608]Narayan,K.和D.Nelson,“简单网络管理协议(SNMP)传输模型的远程认证拨入用户服务(RADIUS)使用”,RFC 5608,2009年8月。
[RFC5610] Boschi, E., Trammell, B., Mark, L., and T. Zseby, "Exporting Type Information for IP Flow Information Export (IPFIX) Information Elements", RFC 5610, July 2009.
[RFC5610]Boschi,E.,Trammell,B.,Mark,L.,和T.Zseby,“为IP流信息导出(IPFIX)信息元素导出类型信息”,RFC 56102009年7月。
[RFC5650] Morgenstern, M., Baillie, S., and U. Bonollo, "Definitions of Managed Objects for Very High Speed Digital Subscriber Line 2 (VDSL2)", RFC 5650, September 2009.
[RFC5650]Morgenstern,M.,Baillie,S.,和U.Bonollo,“超高速数字用户线路2(VDSL2)的托管对象定义”,RFC 56502009年9月。
[RFC5655] Trammell, B., Boschi, E., Mark, L., Zseby, T., and A. Wagner, "Specification of the IP Flow Information Export (IPFIX) File Format", RFC 5655, October 2009.
[RFC5655]Trammell,B.,Boschi,E.,Mark,L.,Zseby,T.,和A.Wagner,“IP流信息导出(IPFIX)文件格式规范”,RFC 56552009年10月。
[RFC5674] Chisholm, S. and R. Gerhards, "Alarms in Syslog", RFC 5674, October 2009.
[RFC5674]Chisholm,S.和R.Gerhards,“系统日志中的警报”,RFC 5674,2009年10月。
[RFC5675] Marinov, V. and J. Schoenwaelder, "Mapping Simple Network Management Protocol (SNMP) Notifications to SYSLOG Messages", RFC 5675, October 2009.
[RFC5675]Marinov,V.和J.Schoenwaeld,“将简单网络管理协议(SNMP)通知映射到系统日志消息”,RFC 5675,2009年10月。
[RFC5676] Schoenwaelder, J., Clemm, A., and A. Karmakar, "Definitions of Managed Objects for Mapping SYSLOG Messages to Simple Network Management Protocol (SNMP) Notifications", RFC 5676, October 2009.
[RFC5676]Schoenwaeld,J.,Clemm,A.,和A.Karmakar,“将系统日志消息映射到简单网络管理协议(SNMP)通知的受管对象的定义”,RFC 5676,2009年10月。
[RFC5706] Harrington, D., "Guidelines for Considering Operations and Management of New Protocols and Protocol Extensions", RFC 5706, November 2009.
[RFC5706]Harrington,D.,“考虑新协议和协议扩展的操作和管理指南”,RFC 5706,2009年11月。
[RFC5713] Moustafa, H., Tschofenig, H., and S. De Cnodder, "Security Threats and Security Requirements for the Access Node Control Protocol (ANCP)", RFC 5713, January 2010.
[RFC5713]Moustafa,H.,Tschofenig,H.,和S.De Cnodder,“接入节点控制协议(ANCP)的安全威胁和安全要求”,RFC 5713,2010年1月。
[RFC5717] Lengyel, B. and M. Bjorklund, "Partial Lock Remote Procedure Call (RPC) for NETCONF", RFC 5717, December 2009.
[RFC5717]Lengyel,B.和M.Bjorklund,“NETCONF的部分锁远程过程调用(RPC)”,RFC 57172009年12月。
[RFC5719] Romascanu, D. and H. Tschofenig, "Updated IANA Considerations for Diameter Command Code Allocations", RFC 5719, January 2010.
[RFC5719]Romascanu,D.和H.Tschofenig,“Diameter命令代码分配的最新IANA注意事项”,RFC 5719,2010年1月。
[RFC5729] Korhonen, J., Jones, M., Morand, L., and T. Tsou, "Clarifications on the Routing of Diameter Requests Based on the Username and the Realm", RFC 5729, December 2009.
[RFC5729]Korhonen,J.,Jones,M.,Morand,L.,和T.Tsou,“关于基于用户名和领域的Diameter请求路由的澄清”,RFC 57292009年12月。
[RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M., and A. Lior, "Traffic Classification and Quality of Service (QoS) Attributes for Diameter", RFC 5777, February 2010.
[RFC5777]Korhonen,J.,Tschofenig,H.,Arumaithurai,M.,Jones,M.,和A.Lior,“直径的流量分类和服务质量(QoS)属性”,RFC 57772010年2月。
[RFC5778] Korhonen, J., Tschofenig, H., Bournelle, J., Giaretta, G., and M. Nakhjiri, "Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction", RFC 5778, February 2010.
[RFC5778]Korhonen,J.,Tschofenig,H.,Bournelle,J.,Giaretta,G.,和M.Nakhjiri,“Diameter移动IPv6:对归属代理到Diameter服务器交互的支持”,RFC 5778,2010年2月。
[RFC5779] Korhonen, J., Bournelle, J., Chowdhury, K., Muhanna, A., and U. Meyer, "Diameter Proxy Mobile IPv6: Mobile Access Gateway and Local Mobility Anchor Interaction with Diameter Server", RFC 5779, February 2010.
[RFC5779]Korhonen,J.,Bournelle,J.,Chowdhury,K.,Muhanna,A.,和U.Meyer,“Diameter代理移动IPv6:移动接入网关和本地移动锚与Diameter服务器的交互”,RFC 5779,2010年2月。
[RFC5815] Dietz, T., Kobayashi, A., Claise, B., and G. Muenz, "Definitions of Managed Objects for IP Flow Information Export", RFC 5815, April 2010.
[RFC5815]Dietz,T.,Kobayashi,A.,Claise,B.,和G.Muenz,“IP流信息导出的托管对象定义”,RFC 5815,2010年4月。
[RFC5833] Shi, Y., Perkins, D., Elliott, C., and Y. Zhang, "Control and Provisioning of Wireless Access Points (CAPWAP) Protocol Base MIB", RFC 5833, May 2010.
[RFC5833]Shi,Y.,Perkins,D.,Elliott,C.,和Y.Zhang,“无线接入点(CAPWAP)协议基础MIB的控制和供应”,RFC 5833,2010年5月。
[RFC5834] Shi, Y., Perkins, D., Elliott, C., and Y. Zhang, "Control and Provisioning of Wireless Access Points (CAPWAP) Protocol Binding MIB for IEEE 802.11", RFC 5834, May 2010.
[RFC5834]Shi,Y.,Perkins,D.,Elliott,C.,和Y.Zhang,“IEEE 802.11无线接入点(CAPWAP)协议绑定MIB的控制和供应”,RFC 5834,2010年5月。
[RFC5835] Morton, A. and S. Van den Berghe, "Framework for Metric Composition", RFC 5835, April 2010.
[RFC5835]Morton,A.和S.Van den Berghe,“公制组合框架”,RFC 58352010年4月。
[RFC5848] Kelsey, J., Callas, J., and A. Clemm, "Signed Syslog Messages", RFC 5848, May 2010.
[RFC5848]Kelsey,J.,Callas,J.,和A.Clemm,“签名系统日志消息”,RFC 5848,2010年5月。
[RFC5851] Ooghe, S., Voigt, N., Platnic, M., Haag, T., and S. Wadhwa, "Framework and Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks", RFC 5851, May 2010.
[RFC5851]Ooghe,S.,Voigt,N.,Platnic,M.,Haag,T.,和S.Wadhwa,“宽带多业务网络中接入节点控制机制的框架和要求”,RFC 58512010年5月。
[RFC5866] Sun, D., McCann, P., Tschofenig, H., Tsou, T., Doria, A., and G. Zorn, "Diameter Quality-of-Service Application", RFC 5866, May 2010.
[RFC5866]Sun,D.,McCann,P.,Tschofenig,H.,Tsou,T.,Doria,A.,和G.Zorn,“直径服务质量应用”,RFC 5866,2010年5月。
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD)", RFC 5880, June 2010.
[RFC5880]Katz,D.和D.Ward,“双向转发检测(BFD)”,RFC 58802010年6月。
[RFC5889] Baccelli, E. and M. Townsley, "IP Addressing Model in Ad Hoc Networks", RFC 5889, September 2010.
[RFC5889]Baccelli,E.和M.Townsley,“Ad Hoc网络中的IP寻址模型”,RFC 5889,2010年9月。
[RFC5982] Kobayashi, A. and B. Claise, "IP Flow Information Export (IPFIX) Mediation: Problem Statement", RFC 5982, August 2010.
[RFC5982]Kobayashi,A.和B.Claise,“IP流信息导出(IPFIX)调解:问题陈述”,RFC 59822010年8月。
[RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, "Internet Key Exchange Protocol Version 2 (IKEv2)", RFC 5996, September 2010.
[RFC5996]Kaufman,C.,Hoffman,P.,Nir,Y.,和P.Eronen,“互联网密钥交换协议版本2(IKEv2)”,RFC 59962010年9月。
[RFC6012] Salowey, J., Petch, T., Gerhards, R., and H. Feng, "Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog", RFC 6012, October 2010.
[RFC6012]Salowey,J.,Petch,T.,Gerhards,R.,和H.Feng,“系统日志的数据报传输层安全性(DTLS)传输映射”,RFC 6012,2010年10月。
[RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, October 2010.
[RFC6020]Bjorklund,M.“YANG-网络配置协议(NETCONF)的数据建模语言”,RFC6020,2010年10月。
[RFC6021] Schoenwaelder, J., "Common YANG Data Types", RFC 6021, October 2010.
[RFC6021]Schoenwaeld,J.,“常见的杨氏数据类型”,RFC 602112010年10月。
[RFC6022] Scott, M. and M. Bjorklund, "YANG Module for NETCONF Monitoring", RFC 6022, October 2010.
[RFC6022]Scott,M.和M.Bjorklund,“网络形态监测的杨模块”,RFC 6022,2010年10月。
[RFC6035] Pendleton, A., Clark, A., Johnston, A., and H. Sinnreich, "Session Initiation Protocol Event Package for Voice Quality Reporting", RFC 6035, November 2010.
[RFC6035]Pendleton,A.,Clark,A.,Johnston,A.,和H.Sinnreich,“语音质量报告的会话启动协议事件包”,RFC 60352010年11月。
[RFC6065] Narayan, K., Nelson, D., and R. Presuhn, "Using Authentication, Authorization, and Accounting Services to Dynamically Provision View-Based Access Control Model User-to-Group Mappings", RFC 6065, December 2010.
[RFC6065]Narayan,K.,Nelson,D.,和R.Presohn,“使用身份验证、授权和记帐服务动态提供基于视图的访问控制模型用户到组的映射”,RFC 6065,2010年12月。
[RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG Data Model Documents", RFC 6087, January 2011.
[RFC6087]Bierman,A.,“YANG数据模型文件的作者和评审指南”,RFC 6087,2011年1月。
[RFC6095] Linowski, B., Ersue, M., and S. Kuryla, "Extending YANG with Language Abstractions", RFC 6095, March 2011.
[RFC6095]Linowski,B.,Ersue,M.,和S.Kuryla,“用语言抽象扩展杨”,RFC 60952011年3月。
[RFC6110] Lhotka, L., "Mapping YANG to Document Schema Definition Languages and Validating NETCONF Content", RFC 6110, February 2011.
[RFC6110]Lhotka,L.“将YANG映射到文档模式定义语言并验证NETCONF内容”,RFC61102011年2月。
[RFC6158] DeKok, A. and G. Weber, "RADIUS Design Guidelines", BCP 158, RFC 6158, March 2011.
[RFC6158]DeKok,A.和G.Weber,“半径设计指南”,BCP 158,RFC 6158,2011年3月。
[RFC6183] Kobayashi, A., Claise, B., Muenz, G., and K. Ishibashi, "IP Flow Information Export (IPFIX) Mediation: Framework", RFC 6183, April 2011.
[RFC6183]Kobayashi,A.,Claise,B.,Muenz,G.,和K.Ishibashi,“IP流信息导出(IPFIX)中介:框架”,RFC 6183,2011年4月。
[RFC6235] Boschi, E. and B. Trammell, "IP Flow Anonymization Support", RFC 6235, May 2011.
[RFC6235]Boschi,E.和B.Trammell,“IP流匿名化支持”,RFC 62352011年5月。
[RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A. Bierman, "Network Configuration Protocol (NETCONF)", RFC 6241, June 2011.
[RFC6241]Enns,R.,Bjorklund,M.,Schoenwaeld,J.,和A.Bierman,“网络配置协议(NETCONF)”,RFC 62412011年6月。
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, June 2011.
[RFC6242]Wasserman,M.“在安全Shell(SSH)上使用NETCONF协议”,RFC6242,2011年6月。
[RFC6244] Shafer, P., "An Architecture for Network Management Using NETCONF and YANG", RFC 6244, June 2011.
[RFC6244]Shafer,P.“使用NETCONF和YANG的网络管理架构”,RFC 62442011年6月。
[RFC6248] Morton, A., "RFC 4148 and the IP Performance Metrics (IPPM) Registry of Metrics Are Obsolete", RFC 6248, April 2011.
[RFC6248]Morton,A.,“RFC 4148和IP性能度量(IPPM)度量注册表已过时”,RFC 6248,2011年4月。
[RFC6272] Baker, F. and D. Meyer, "Internet Protocols for the Smart Grid", RFC 6272, June 2011.
[RFC6272]Baker,F.和D.Meyer,“智能电网的互联网协议”,RFC 62722011年6月。
[RFC6313] Claise, B., Dhandapani, G., Aitken, P., and S. Yates, "Export of Structured Data in IP Flow Information Export (IPFIX)", RFC 6313, July 2011.
[RFC6313]Claise,B.,Dhandapani,G.,Aitken,P.,和S.Yates,“IP流信息导出(IPFIX)中结构化数据的导出”,RFC 63132011年7月。
[RFC6320] Wadhwa, S., Moisand, J., Haag, T., Voigt, N., and T. Taylor, "Protocol for Access Node Control Mechanism in Broadband Networks", RFC 6320, October 2011.
[RFC6320]Wadhwa,S.,Moissand,J.,Haag,T.,Voigt,N.,和T.Taylor,“宽带网络中接入节点控制机制的协议”,RFC 6320,2011年10月。
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer Security Version 1.2", RFC 6347, January 2012.
[RFC6347]Rescorla,E.和N.Modadugu,“数据报传输层安全版本1.2”,RFC 6347,2012年1月。
[RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)", RFC 6353, July 2011.
[RFC6353]Hardaker,W.“简单网络管理协议(SNMP)的传输层安全(TLS)传输模型”,RFC 63532011年7月。
[RFC6371] Busi, I. and D. Allan, "Operations, Administration, and Maintenance Framework for MPLS-Based Transport Networks", RFC 6371, September 2011.
[RFC6371]Busi,I.和D.Allan,“基于MPLS的传输网络的运营、管理和维护框架”,RFC 6371,2011年9月。
[RFC6408] Jones, M., Korhonen, J., and L. Morand, "Diameter Straightforward-Naming Authority Pointer (S-NAPTR) Usage", RFC 6408, November 2011.
[RFC6408]Jones,M.,Korhonen,J.和L.Morand,“直接命名机构指针(S-NAPTR)的使用”,RFC 6408,2011年11月。
[RFC6410] Housley, R., Crocker, D., and E. Burger, "Reducing the Standards Track to Two Maturity Levels", BCP 9, RFC 6410, October 2011.
[RFC6410]Housley,R.,Crocker,D.,和E.Burger,“将标准轨道降低到两个成熟度水平”,BCP 9,RFC 6410,2011年10月。
[RFC6526] Claise, B., Aitken, P., Johnson, A., and G. Muenz, "IP Flow Information Export (IPFIX) Per Stream Control Transmission Protocol (SCTP) Stream", RFC 6526, March 2012.
[RFC6526]Claise,B.,Aitken,P.,Johnson,A.,和G.Muenz,“每个流控制传输协议(SCTP)流的IP流信息导出(IPFIX)”,RFC 6526,2012年3月。
[RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration Protocol (NETCONF) Access Control Model", RFC 6536, March 2012.
[RFC6536]Bierman,A.和M.Bjorklund,“网络配置协议(NETCONF)访问控制模型”,RFC 65362012年3月。
[RFC6598] Weil, J., Kuarsingh, V., Donley, C., Liljenstolpe, C., and M. Azinger, "IANA-Reserved IPv4 Prefix for Shared Address Space", BCP 153, RFC 6598, April 2012.
[RFC6598]Weil,J.,Kuarsingh,V.,Donley,C.,Liljenstolpe,C.,和M.Azinger,“IANA为共享地址空间保留IPv4前缀”,BCP 153,RFC 6598,2012年4月。
[RFC6613] DeKok, A., "RADIUS over TCP", RFC 6613, May 2012.
[RFC6613]DeKok,A.,“TCP上的半径”,RFC 6613,2012年5月。
[RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga, "Transport Layer Security (TLS) Encryption for RADIUS", RFC 6614, May 2012.
[RFC6614]Winter,S.,McCauley,M.,Venaas,S.,和K.Wierenga,“RADIUS的传输层安全(TLS)加密”,RFC 6614,2012年5月。
[RFCSEARCH] RFC Editor, "RFC Index Search Engine", <http://www.rfc-editor.org/rfcsearch.html>.
[RFC搜索]RFC编辑器,“RFC索引搜索引擎”<http://www.rfc-editor.org/rfcsearch.html>.
[SMI-NUMBERS] IANA, "Network Management Parameters - SMI OID List", May 2012, <http://www.iana.org/assignments/smi-numbers>.
[SMI-NUMBERS]IANA,“网络管理参数-SMI OID列表”,2012年5月<http://www.iana.org/assignments/smi-numbers>.
[SMI-YANG] Schoenwaelder, J., "Translation of SMIv2 MIB Modules to YANG Modules", Work in Progress, April 2012.
[SMI-YANG]Schoenwaeld,J.,“SMIv2 MIB模块到YANG模块的翻译”,正在进行的工作,2012年4月。
[STD06] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980.
[STD06]Postel,J.,“用户数据报协议”,STD 6,RFC 768,1980年8月。
[STD07] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, September 1981.
[STD07]Postel,J.,“传输控制协议”,STD 7,RFC 793,1981年9月。
[STD16] Rose, M. and K. McCloghrie, "Structure and identification of management information for TCP/ IP-based internets", STD 16, RFC 1155, May 1990.
[STD16]Rose,M.和K.McCloghrie,“基于TCP/IP的互联网管理信息的结构和识别”,STD 16,RFC 1155,1990年5月。
Rose, M. and K. McCloghrie, "Concise MIB definitions", STD 16, RFC 1212, March 1991.
Rose,M.和K.McCloghrie,“简明MIB定义”,STD 16,RFC 1212,1991年3月。
[STD17] McCloghrie, K. and M. Rose, "Management Information Base for Network Management of TCP/IP-based internets:MIB-II", STD 17, RFC 1213, March 1991.
[STD17]McCloghrie,K.和M.Rose,“基于TCP/IP的互联网网络管理的管理信息库:MIB-II”,STD 17,RFC 1213,1991年3月。
[STD58] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[STD58]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.,“管理信息的结构版本2(SMIv2)”,STD 58,RFC 2578,1999年4月。
McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999.
McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.,“SMIv2的文本约定”,STD 58,RFC 2579,1999年4月。
McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.,“SMIv2的一致性声明”,STD 58,RFC 25801999年4月。
[STD59] Waldbusser, S., "Remote Network Monitoring Management Information Base", STD 59, RFC 2819, May 2000.
[STD59]Waldbusser,S.,“远程网络监控管理信息库”,STD 59,RFC 2819,2000年5月。
[STD62] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002.
[STD62]Harrington,D.,Presuhn,R.,和B.Wijnen,“描述简单网络管理协议(SNMP)管理框架的体系结构”,STD 62,RFC 3411,2002年12月。
Case, J., Harrington, D., Presuhn, R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3412, December 2002.
Case,J.,Harrington,D.,Presohn,R.,和B.Wijnen,“简单网络管理协议(SNMP)的消息处理和调度”,STD 62,RFC 3412,2002年12月。
Levi, D., Meyer, P., and B. Stewart, "Simple Network Management Protocol (SNMP) Applications", STD 62, RFC 3413, December 2002.
Levi,D.,Meyer,P.,和B.Stewart,“简单网络管理协议(SNMP)应用”,STD 62,RFC 3413,2002年12月。
Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", STD 62, RFC 3414, December 2002.
Blumenthal,U.和B.Wijnen,“简单网络管理协议(SNMPv3)第3版的基于用户的安全模型(USM)”,STD 62,RFC 3414,2002年12月。
Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3415, December 2002.
Wijnen,B.,Presuhn,R.,和K.McCloghrie,“用于简单网络管理协议(SNMP)的基于视图的访问控制模型(VACM)”,STD 62,RFC 3415,2002年12月。
Presuhn, R., Ed., "Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3416, December 2002.
Presohn,R.,Ed.“简单网络管理协议(SNMP)的协议操作第2版”,STD 62,RFC 3416,2002年12月。
Presuhn, R., Ed., "Transport Mappings for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3417, December 2002.
Presohn,R.,Ed.“简单网络管理协议(SNMP)的传输映射”,STD 62,RFC 34172002年12月。
Presuhn, R., Ed., "Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3418, December 2002.
Presohn,R.,Ed.,“简单网络管理协议(SNMP)的管理信息库(MIB)”,STD 62,RFC 3418,2002年12月。
[STD66] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005.
[STD66]Berners Lee,T.,Fielding,R.,和L.Masinter,“统一资源标识符(URI):通用语法”,STD 66,RFC 3986,2005年1月。
[XPATH] World Wide Web Consortium, "XML Path Language (XPath) Version 1.0", November 1999, <http://www.w3.org/TR/1999/REC-xpath-19991116>.
[XPATH]万维网联盟,“XML路径语言(XPATH)1.0版”,1999年11月<http://www.w3.org/TR/1999/REC-xpath-19991116>.
[XSD-1] Beech, D., Thompson, H., Maloney, M., Mendelsohn, N., and World Wide Web Consortium Recommendation REC-xmlschema-1-20041028, "XML Schema Part 1: Structures Second Edition", October 2004, <http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>.
[XSD-1]Beech,D.,Thompson,H.,Maloney,M.,Mendelsohn,N.,和万维网联盟建议REC-xmlschema-1-20041028,“XML模式第1部分:结构第二版”,2004年10月<http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>.
Appendix A. High-Level Classification of Management Protocols and Data Models
附录A.管理协议和数据模型的高级分类
The following subsections aim to guide the reader for the fast selection of the management standard in interest and can be used as a dispatcher to forward to the appropriate chapter. The subsections below classify the protocols on one hand according to high-level criteria such as push versus pull mechanism, and passive versus active monitoring. On the other hand, the protocols are categorized concerning the network management task they address or the data model extensibility they provide. Based on the reader's requirements, a reduced set of standard protocols and associated data models can be selected for further reading.
以下小节旨在指导读者快速选择感兴趣的管理标准,并可用作转发至相应章节的调度员。下面的小节一方面根据高级标准对协议进行分类,如推拉机制和被动与主动监控。另一方面,根据协议所处理的网络管理任务或提供的数据模型扩展性对协议进行分类。根据读者的需求,可以选择一组简化的标准协议和相关数据模型,以供进一步阅读。
As an example, someone outside of IETF typically would look for the TWAMP protocol in the Operations and Management Area working groups as it addresses performance management. However, the protocol TWAMP has been developed by the IPPM working group in the Transport Area.
例如,IETF之外的人员通常会在操作和管理区域工作组中寻找TWAMP协议,因为它涉及性能管理。然而,协议TWAMP是由IPPM工作组在运输领域制定的。
Note that not all protocols have been listed in all classification sections. Some of the protocols, especially the protocols with specific focus in Section 3 cannot be clearly classified. Note also that COPS and COPS-PR are not listed in the tables, as COPS-PR is not recommended to use (see Section 3.3).
请注意,并非所有协议都列在所有分类部分中。一些协议,特别是第3节中有特定重点的协议,无法明确分类。还请注意,表中未列出COPS和COPS-PR,因为不建议使用COPS-PR(见第3.3节)。
This section classifies the management protocols according their standard maturity in the IETF. The IETF standard maturity levels Proposed, Draft, or Internet Standard, are defined in [RFC2026] (as amended by [RFC6410]). An Internet Standard is characterized by a high degree of technical maturity and by a generally held belief that the specified protocol or service provides significant benefit to the Internet community.
本节根据IETF中的标准成熟度对管理协议进行分类。[RFC2026](经[RFC6410]修订)中定义了提议的IETF标准成熟度级别、草案或互联网标准。互联网标准的特点是技术高度成熟,并且普遍认为指定的协议或服务为互联网社区提供了重大利益。
The table below covers the standard maturity of the different protocols listed in this document. Note that only the main protocols (and not their extensions) are noted. An RFC search tool listing the current document status is available at [RFCSEARCH].
下表涵盖了本文件中列出的不同协议的标准成熟度。请注意,只记录了主要协议(而不是它们的扩展)。[RFCSEARCH]提供了列出当前文档状态的RFC搜索工具。
+---------------------------------------------+---------------------+ | Protocol | Maturity Level | +---------------------------------------------+---------------------+ | SNMP [STD62][RFC3411] (Section 2.1) | Internet Standard | | | | | Syslog [RFC5424] (Section 2.2) | Proposed Standard | | | | | IPFIX [RFC5101] (Section 2.3) | Proposed Standard | | | | | PSAMP [RFC5476] (Section 2.3) | Proposed Standard | | | | | NETCONF [RFC6241] (Section 2.4.1) | Proposed Standard | | | | | DHCP for IPv4 [RFC2131] (Section 3.1.1) | Draft Standard | | | | | DHCP for IPv6 [RFC3315] (Section 3.1.1) | Proposed Standard | | | | | OWAMP [RFC4656] (Section 3.4) | Proposed Standard | | | | | TWAMP [RFC5357] (Section 3.4) | Proposed Standard | | | | | RADIUS [RFC2865] (Section 3.5) | Draft Standard | | | | | Diameter [RFC3588] (Section 3.6) | Proposed Standard | | | | | CAPWAP [RFC5416] (Section 3.7) | Proposed Standard | | | | | ANCP [RFC6320] (Section 3.8) | Proposed Standard | | | | | Ad hoc network configuration [RFC5889] | Informational | | (Section 3.1.2) | | | | | | ACAP [RFC2244] (Section 3.9) | Proposed Standard | | | | | XCAP [RFC4825] (Section 3.10) | Proposed Standard | +---------------------------------------------+---------------------+
+---------------------------------------------+---------------------+ | Protocol | Maturity Level | +---------------------------------------------+---------------------+ | SNMP [STD62][RFC3411] (Section 2.1) | Internet Standard | | | | | Syslog [RFC5424] (Section 2.2) | Proposed Standard | | | | | IPFIX [RFC5101] (Section 2.3) | Proposed Standard | | | | | PSAMP [RFC5476] (Section 2.3) | Proposed Standard | | | | | NETCONF [RFC6241] (Section 2.4.1) | Proposed Standard | | | | | DHCP for IPv4 [RFC2131] (Section 3.1.1) | Draft Standard | | | | | DHCP for IPv6 [RFC3315] (Section 3.1.1) | Proposed Standard | | | | | OWAMP [RFC4656] (Section 3.4) | Proposed Standard | | | | | TWAMP [RFC5357] (Section 3.4) | Proposed Standard | | | | | RADIUS [RFC2865] (Section 3.5) | Draft Standard | | | | | Diameter [RFC3588] (Section 3.6) | Proposed Standard | | | | | CAPWAP [RFC5416] (Section 3.7) | Proposed Standard | | | | | ANCP [RFC6320] (Section 3.8) | Proposed Standard | | | | | Ad hoc network configuration [RFC5889] | Informational | | (Section 3.1.2) | | | | | | ACAP [RFC2244] (Section 3.9) | Proposed Standard | | | | | XCAP [RFC4825] (Section 3.10) | Proposed Standard | +---------------------------------------------+---------------------+
Table 1: Protocols Classified by Standard Maturity in the IETF
表1:IETF中按标准成熟度分类的协议
This subsection classifies the management protocols matching to the management tasks for fault, configuration, accounting, performance, and security management.
本小节对与故障、配置、记帐、性能和安全管理的管理任务相匹配的管理协议进行分类。
+------------+------------+-------------+--------------+------------+ | Fault Mgmt | Config. | Accounting | Performance | Security | | | Mgmt | Mgmt | Mgmt | Mgmt | +------------+------------+-------------+--------------+------------+ | SNMP | SNMP | SNMP | SNMP | | | notif. | config. | monitoring | monitoring | | | with trap | with set | with get | with get | | | operation | operation | operation | operation | | | (S. 2.1.1) | (S. 2.1.1) | (S. 2.1.1) | (S. 2.1.1) | | | | | | | | | IPFIX | CAPWAP | IPFIX | IPFIX | | | (S. 2.3) | (S. 3.7) | (S. 2.3) | (S. 2.3) | | | | | | | | | PSAMP | NETCONF | PSAMP | PSAMP | | | (S. 2.3) | (S. 2.4.1) | (S. 2.3) | (S. 2.3) | | | | | | | | | Syslog | ANCP | RADIUS | | RADIUS | | (S. 2.2) | (S. 3.8) | Accounting | | Authent.& | | | | (S. 3.5) | | Authoriz. | | | | | | (S. 3.5) | | | | | | | | | AUTOCONF | Diameter | | Diameter | | | (S. 3.1.2) | Accounting | | Authent.& | | | | (S. 3.6) | | Authoriz. | | | | | | (S. 3.6) | | | | | | | | | ACAP | | | | | | (S. 3.9) | | | | | | | | | | | | XCAP | | | | | | (S. 3.10) | | | | | | | | | | | | DHCP | | | | | | (S. 3.1.1) | | | | +------------+------------+-------------+--------------+------------+
+------------+------------+-------------+--------------+------------+ | Fault Mgmt | Config. | Accounting | Performance | Security | | | Mgmt | Mgmt | Mgmt | Mgmt | +------------+------------+-------------+--------------+------------+ | SNMP | SNMP | SNMP | SNMP | | | notif. | config. | monitoring | monitoring | | | with trap | with set | with get | with get | | | operation | operation | operation | operation | | | (S. 2.1.1) | (S. 2.1.1) | (S. 2.1.1) | (S. 2.1.1) | | | | | | | | | IPFIX | CAPWAP | IPFIX | IPFIX | | | (S. 2.3) | (S. 3.7) | (S. 2.3) | (S. 2.3) | | | | | | | | | PSAMP | NETCONF | PSAMP | PSAMP | | | (S. 2.3) | (S. 2.4.1) | (S. 2.3) | (S. 2.3) | | | | | | | | | Syslog | ANCP | RADIUS | | RADIUS | | (S. 2.2) | (S. 3.8) | Accounting | | Authent.& | | | | (S. 3.5) | | Authoriz. | | | | | | (S. 3.5) | | | | | | | | | AUTOCONF | Diameter | | Diameter | | | (S. 3.1.2) | Accounting | | Authent.& | | | | (S. 3.6) | | Authoriz. | | | | | | (S. 3.6) | | | | | | | | | ACAP | | | | | | (S. 3.9) | | | | | | | | | | | | XCAP | | | | | | (S. 3.10) | | | | | | | | | | | | DHCP | | | | | | (S. 3.1.1) | | | | +------------+------------+-------------+--------------+------------+
Table 2: Protocols Matched to Management Tasks
表2:与管理任务匹配的协议
Note: Corresponding section numbers are given in parentheses.
注:括号中给出了相应的章节编号。
A pull mechanism is characterized by the Network Management System (NMS) pulling the management information out of network elements, when needed. A push mechanism is characterized by the network elements pushing the management information to the NMS, either when the information is available or on a regular basis.
拉动机制的特点是网络管理系统(NMS)在需要时从网元中拉出管理信息。推送机制的特点是,当信息可用或定期时,网络元件将管理信息推送至NMS。
Client/Server protocols, such as DHCP, ANCP, ACAP, and XCAP are not listed in Table 3.
表3中未列出DHCP、ANCP、ACAP和XCAP等客户机/服务器协议。
+---------------------------------+---------------------------------+ | Protocols supporting the Pull | Protocols supporting the Push | | mechanism | mechanism | +---------------------------------+---------------------------------+ | SNMP (except notifications) | SNMP notifications | | (Section 2.1) | (Section 2.1) | | NETCONF (except notifications) | NETCONF notifications | | (Section 2.4.1) | (Section 2.4.1) | | CAPWAP (Section 3.7) | Syslog (Section 2.2) | | | IPFIX (Section 2.3) | | | PSAMP (Section 2.3) | | | RADIUS accounting | | | (Section 3.5) | | | Diameter accounting | | | (Section 3.6) | +---------------------------------+---------------------------------+
+---------------------------------+---------------------------------+ | Protocols supporting the Pull | Protocols supporting the Push | | mechanism | mechanism | +---------------------------------+---------------------------------+ | SNMP (except notifications) | SNMP notifications | | (Section 2.1) | (Section 2.1) | | NETCONF (except notifications) | NETCONF notifications | | (Section 2.4.1) | (Section 2.4.1) | | CAPWAP (Section 3.7) | Syslog (Section 2.2) | | | IPFIX (Section 2.3) | | | PSAMP (Section 2.3) | | | RADIUS accounting | | | (Section 3.5) | | | Diameter accounting | | | (Section 3.6) | +---------------------------------+---------------------------------+
Table 3: Protocol Classification by Push versus Pull Mechanism
表3:按推拉机制划分的协议分类
Monitoring can be divided into two categories: passive and active monitoring. Passive monitoring can perform the network traffic monitoring, monitoring of a device, or the accounting of network resource consumption by users. Active monitoring, as used in this document, focuses mainly on active network monitoring and relies on the injection of specific traffic (also called "synthetic traffic"), which is then monitored. The monitoring focus is indicated in the table below as "network", "device", or "accounting".
监测可分为两类:被动监测和主动监测。被动监视可以执行网络流量监视、设备监视或用户对网络资源消耗的统计。本文档中使用的主动监控主要关注主动网络监控,并依赖于特定流量(也称为“合成流量”)的注入,然后对其进行监控。监控重点在下表中表示为“网络”、“设备”或“计费”。
This classification excludes non-monitoring protocols, such as configuration protocols: Ad hoc network autoconfiguration, ANCP, and XCAP. Note that some of the active monitoring protocols, in the context of the data path, e.g., ICMP Ping and Traceroute [RFC1470], Bidirectional Forwarding Detection (BFD) [RFC5880], and PWE3 Virtual Circuit Connectivity Verification (VCCV) [RFC5085] are covered in [OAM-OVERVIEW].
此分类不包括非监视协议,例如配置协议:自组织网络自动配置、ANCP和XCAP。注意,数据路径上下文中的一些主动监控协议,例如ICMP Ping和Traceroute[RFC1470]、双向转发检测(BFD)[RFC5880]和PWE3虚拟电路连接验证(VCCV)[RFC5085]在[OAM-概述]中介绍。
+---------------------------------+---------------------------------+ | Protocols supporting passive | Protocols supporting active | | monitoring | monitoring | +---------------------------------+---------------------------------+ | IPFIX (network) (Section 2.3) | OWAMP (network) (Section 3.4) | | PSAMP (network) (Section 2.3) | TWAMP (network) (Section 3.4) | | SNMP (network and device) | | | (Section 2.1) | | | NETCONF (device) | | | (Section 2.4.1) | | | RADIUS (accounting) | | | (Section 3.5) | | | Diameter (accounting) | | | (Section 3.6) | | | CAPWAP (device) (Section 3.7) | | +---------------------------------+---------------------------------+
+---------------------------------+---------------------------------+ | Protocols supporting passive | Protocols supporting active | | monitoring | monitoring | +---------------------------------+---------------------------------+ | IPFIX (network) (Section 2.3) | OWAMP (network) (Section 3.4) | | PSAMP (network) (Section 2.3) | TWAMP (network) (Section 3.4) | | SNMP (network and device) | | | (Section 2.1) | | | NETCONF (device) | | | (Section 2.4.1) | | | RADIUS (accounting) | | | (Section 3.5) | | | Diameter (accounting) | | | (Section 3.6) | | | CAPWAP (device) (Section 3.7) | | +---------------------------------+---------------------------------+
Table 4: Protocols for Passive and Active Monitoring and Their Monitoring Focus
表4:被动和主动监测协议及其监测重点
The application of SNMP to passive traffic monitoring (e.g., with RMON-MIB) or active monitoring (with IPPM MIB) depends on the MIB modules used. However, the SNMP protocol itself does not have operations, which support active monitoring. NETCONF can be used for passive monitoring, e.g., with the NETCONF Monitoring YANG module [RFC6022] for the monitoring of the NETCONF protocol. CAPWAP monitors the status of a Wireless Termination Point.
SNMP在被动流量监控(例如,使用RMON-MIB)或主动监控(使用IPPM MIB)中的应用取决于使用的MIB模块。但是,SNMP协议本身没有支持主动监视的操作。NETCONF可用于被动监控,例如,使用NETCONF监控模块[RFC6022]监控NETCONF协议。CAPWAP监控无线终端点的状态。
RADIUS and diameter are considered passive monitoring protocols as they perform accounting, i.e., counting the number of packets/bytes for a specific user.
RADIUS和diameter被认为是被动监控协议,因为它们执行记帐,即计算特定用户的数据包/字节数。
The following table matches the protocols to the associated data model types. Furthermore, the table indicates how the data model can be extended based on the available content today and whether the protocol contains a built-in mechanism for proprietary extensions of the data model.
下表将协议与关联的数据模型类型相匹配。此外,该表还说明了如何根据当前可用的内容扩展数据模型,以及协议是否包含用于数据模型专有扩展的内置机制。
+-------------+---------------+------------------+------------------+ | Protocol | Data Modeling | Data Model | Proprietary Data | | | | Extensions | Modeling | | | | | Extensions | +-------------+---------------+------------------+------------------+ | SNMP | MIB modules | New MIB modules | Enterprise- | | (S. 2.1) | defined with | specified in new | specific MIB | | | SMI | RFCs | modules | | | (S. 2.1.3) | | | | | | | | | Syslog | Structured | With the | Enterprise- | | (S. 2.2) | Data Elements | procedure to add | specific SDEs | | | (SDEs) | Structured Data | | | | (S. 4.2.1) | ID in [RFC5424] | | | | | | | | IPFIX | IPFIX | With the | Enterprise- | | (S. 2.3) | Information | procedure to add | specific | | | Elements, | Information | Information | | | IPFIX IANA | Elements | Elements | | | registry at | specified in | [RFC5101] | | | [IANA-IPFIX] | [RFC5102] | | | | (S. 2.3) | | | | | | | | | PSAMP | PSAMP | With the | Enterprise- | | (S. 2.3) | Information | procedure to add | specific | | | Elements, as | Information | Information | | | an extension | Elements | Elements | | | to IPFIX | specified in | [RFC5101] | | | [IANA-IPFIX], | [RFC5102] | | | | and PSAMP | | | | | IANA registry | | | | | at | | | | | [IANA-PSAMP] | | | | | (S. 2.3) | | | | | | | | | NETCONF | YANG modules | New YANG modules | Enterprise- | | (S. 2.4.1) | (S. 2.4.2) | specified in new | specific YANG | | | | RFCs following | modules | | | | the guideline in | | | | | [RFC6087] | | | | | | | | IPPM OWAMP/ | IPPM metrics | New IPPM metrics | Not applicable | | TWAMP | (*) (S. 3.4) | (S. 3.4) | | | (S. 3.4) | | | |
+-------------+---------------+------------------+------------------+ | Protocol | Data Modeling | Data Model | Proprietary Data | | | | Extensions | Modeling | | | | | Extensions | +-------------+---------------+------------------+------------------+ | SNMP | MIB modules | New MIB modules | Enterprise- | | (S. 2.1) | defined with | specified in new | specific MIB | | | SMI | RFCs | modules | | | (S. 2.1.3) | | | | | | | | | Syslog | Structured | With the | Enterprise- | | (S. 2.2) | Data Elements | procedure to add | specific SDEs | | | (SDEs) | Structured Data | | | | (S. 4.2.1) | ID in [RFC5424] | | | | | | | | IPFIX | IPFIX | With the | Enterprise- | | (S. 2.3) | Information | procedure to add | specific | | | Elements, | Information | Information | | | IPFIX IANA | Elements | Elements | | | registry at | specified in | [RFC5101] | | | [IANA-IPFIX] | [RFC5102] | | | | (S. 2.3) | | | | | | | | | PSAMP | PSAMP | With the | Enterprise- | | (S. 2.3) | Information | procedure to add | specific | | | Elements, as | Information | Information | | | an extension | Elements | Elements | | | to IPFIX | specified in | [RFC5101] | | | [IANA-IPFIX], | [RFC5102] | | | | and PSAMP | | | | | IANA registry | | | | | at | | | | | [IANA-PSAMP] | | | | | (S. 2.3) | | | | | | | | | NETCONF | YANG modules | New YANG modules | Enterprise- | | (S. 2.4.1) | (S. 2.4.2) | specified in new | specific YANG | | | | RFCs following | modules | | | | the guideline in | | | | | [RFC6087] | | | | | | | | IPPM OWAMP/ | IPPM metrics | New IPPM metrics | Not applicable | | TWAMP | (*) (S. 3.4) | (S. 3.4) | | | (S. 3.4) | | | |
| | | | | | RADIUS | TLVs | RADIUS-related | Vendor-Specific | | (S. 3.5) | | registries at | Attributes | | | | [IANA-AAA] and | [RFC2865] | | | | [IANA-PROT] | | | | | | | | Diameter | AVPs | Diameter-related | Vendor-Specific | | (S. 3.6) | | registry at | Attributes | | | | [IANA-AAA] | [RFC2865] | | | | | | | CAPWAP | TLVs | New bindings | Vendor-specific | | (S. 3.7) | | specified in new | TLVs | | | | RFCs | | +-------------+---------------+------------------+------------------+
| | | | | | RADIUS | TLVs | RADIUS-related | Vendor-Specific | | (S. 3.5) | | registries at | Attributes | | | | [IANA-AAA] and | [RFC2865] | | | | [IANA-PROT] | | | | | | | | Diameter | AVPs | Diameter-related | Vendor-Specific | | (S. 3.6) | | registry at | Attributes | | | | [IANA-AAA] | [RFC2865] | | | | | | | CAPWAP | TLVs | New bindings | Vendor-specific | | (S. 3.7) | | specified in new | TLVs | | | | RFCs | | +-------------+---------------+------------------+------------------+
Table 5: Data Models and Their Extensibility
表5:数据模型及其可扩展性
(*): With the publication of [RFC6248], the latest IANA registry for IPFIX metrics has been declared Obsolete.
(*):随着[RFC6248]的发布,IPFIX度量的最新IANA注册表已宣布过时。
Energy management is becoming an additional requirement for network management systems due to several factors including the rising and fluctuating energy costs, the increased awareness of the ecological impact of operating networks and devices, and government regulation on energy consumption and production.
能源管理正成为网络管理系统的一项额外要求,原因包括能源成本的上升和波动、对运行网络和设备的生态影响的认识的提高以及政府对能源消耗和生产的监管。
The basic objective of energy management is operating communication networks and other equipment with a minimal amount of energy while still providing sufficient performance to meet service-level objectives. Today, most networking and network-attached devices neither monitor nor allow controlled energy usage as they are mainly instrumented for functions such as fault, configuration, accounting, performance, and security management. These devices are not instrumented to be aware of energy consumption. There are very few means specified in IETF documents for energy management, which includes the areas of power monitoring, energy monitoring, and power state control.
能源管理的基本目标是以最少的能源运行通信网络和其他设备,同时提供足够的性能以满足服务级别目标。今天,大多数网络和网络连接设备既不监视也不允许控制能源使用,因为它们主要用于故障、配置、记帐、性能和安全管理等功能。这些设备未安装仪表以了解能耗。IETF文件中规定的能源管理方法很少,包括电源监控、能源监控和电源状态控制。
A particular difference between energy management and other management tasks is that in some cases energy consumption of a device is not measured at the device itself but reported by a different place. For example, at a Power over Ethernet (PoE) sourcing device or at a smart power strip, where one device is effectively metering another remote device. This requires a clear definition of the
能量管理和其他管理任务之间的一个特殊区别是,在某些情况下,设备的能量消耗不是在设备本身测量的,而是在不同的地方报告的。例如,在以太网供电(PoE)源设备或智能电源板上,一个设备有效地计量另一个远程设备。这就需要一个明确的定义
relationship between the reporting devices and identification of remote devices for which monitoring information is provided. Similar considerations will apply to power state control of remote devices, for example, at a PoE sourcing device that switches on and off power at its ports. Another example scenario for energy management is a gateway to low resourced and lossy network devices in wireless a building network. Here the energy management system talks directly to the gateway but not necessarily to other devices in the building network.
报告设备与提供监控信息的远程设备标识之间的关系。类似的考虑将适用于远程设备的电源状态控制,例如,在PoE源设备上,在其端口上打开和关闭电源。能量管理的另一个示例场景是无线建筑网络中低资源和有损网络设备的网关。在这里,能源管理系统直接与网关通信,但不一定与建筑网络中的其他设备通信。
At the time of this writing, the EMAN working group is working on the management of energy-aware devices, covered by the following items:
在撰写本文时,EMAN工作组正在研究能源感知设备的管理,包括以下项目:
o The requirements for energy management, specifying energy management properties that will allow networks and devices to become energy aware. In addition to energy awareness requirements, the need for control functions will be discussed. Specifically, the need to monitor and control properties of devices that are remote to the reporting device should be discussed.
o 能源管理要求,指定能源管理属性,使网络和设备能够感知能源。除能源意识要求外,还将讨论控制功能的需要。具体而言,应讨论监控和控制报告设备远程设备属性的需要。
o The energy management framework, which will describe extensions to the current management framework, required for energy management. This includes: power and energy monitoring, power states, power state control, and potential power state transitions. The framework will focus on energy management for IP-based network equipment (routers, switches, PCs, IP cameras, phones and the like). Particularly, the relationships between reporting devices, remote devices, and monitoring probes (such as might be used in low-power and lossy networks) need to be elaborated. For the case of a device reporting on behalf of other devices and controlling those devices, the framework will address the issues of discovery and identification of remote devices.
o 能源管理框架将描述能源管理所需的对当前管理框架的扩展。这包括:功率和能量监控、功率状态、功率状态控制和潜在功率状态转换。该框架将侧重于基于IP的网络设备(路由器、交换机、PC、IP摄像机、电话等)的能源管理。特别是,需要详细说明报告设备、远程设备和监视探头(例如可能用于低功耗和有损网络)之间的关系。对于代表其他设备报告并控制这些设备的设备,该框架将解决发现和识别远程设备的问题。
o The Energy-aware Networks and Devices MIB document, for monitoring energy-aware networks and devices, will address devices identification, context information, and potential relationship between reporting devices, remote devices, and monitoring probes.
o 用于监控能源感知网络和设备的能源感知网络和设备MIB文件将说明设备标识、上下文信息以及报告设备、远程设备和监控探头之间的潜在关系。
o The Power and Energy Monitoring MIB document will document defining managed objects for the monitoring of power states and energy consumption/production. The monitoring of power states includes the following: retrieving power states, properties of power states, current power state, power state transitions, and power state statistics. The managed objects will provide means of reporting detailed properties of the actual energy rate (power) and of accumulated energy. Further, they will provide information on electrical power quality.
o 电力和能源监控MIB文件将记录定义用于监控电力状态和能源消耗/生产的托管对象。电源状态的监视包括以下内容:检索电源状态、电源状态的属性、当前电源状态、电源状态转换和电源状态统计信息。托管对象将提供报告实际能量率(功率)和累积能量详细属性的方法。此外,他们还将提供有关电能质量的信息。
o The Battery MIB document will define managed objects for battery monitoring, which will provide means of reporting detailed properties of the actual charge, age, and state of a battery and of battery statistics.
o 电池MIB文档将定义电池监控的托管对象,该对象将提供报告电池的实际电量、寿命和状态以及电池统计信息的详细属性的方法。
o The applicability statement will describe the variety of applications that can use the energy framework and associated MIB modules. Potential examples are building networks, home energy gateway, etc. Finally, the document will also discuss relationships of the framework to other architectures and frameworks (such as Smart Grid). The applicability statement will explain the relationship between the work in this WG and other existing standards, e.g., from the IEC, ANSI, DMTF, etc. Note that the EMAN WG will be looking into existing standards such as those from the IEC, ANSI, DMTF and others, and reuse existing work as much as possible.
o 适用性声明将描述可使用能源框架和相关MIB模块的各种应用程序。潜在的例子包括建筑网络、家庭能源网关等。最后,本文件还将讨论框架与其他架构和框架(如智能电网)的关系。适用性声明将解释本工作组中的工作与其他现有标准(如IEC、ANSI、DMTF等)之间的关系。请注意,EMAN工作组将研究现有标准,如IEC、ANSI、DMTF和其他标准,并尽可能重用现有工作。
The documents of the EMAN working group can be found at [EMAN-WG].
EMAN工作组的文件可在[EMAN-WG]上找到。
Authors' Addresses
作者地址
Mehmet Ersue (editor) Nokia Siemens Networks St.-Martin-Strasse 53 Munich 81541 Germany
Mehmet Ersue(编辑)诺基亚西门子网络圣马丁大街53号慕尼黑81541德国
EMail: mehmet.ersue@nsn.com
EMail: mehmet.ersue@nsn.com
Benoit Claise Cisco Systems, Inc. De Kleetlaan 6a b1 Diegem 1831 Belgium
Benoit Claise Cisco Systems,Inc.De Kleetlaan 6a b1 Diegem 1831比利时
EMail: bclaise@cisco.com
EMail: bclaise@cisco.com