MADMAN Working Group Glenn Mansfield [glenn@aic.co.jp] INTERNET-DRAFT AIC Systems Laboratory S.E.Hardcastle-Kille [steve@isode.com] ISODE Consortium July 1993 DSA Monitoring MIB Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a "working draft" or "work in progress." To learn the current status of any Internet-Draft, please check the 1id-abstracts.txt listing contained in the Internet-Drafts Shadow Directories on ds.internic.net, nic.nordu.net, ftp.nisc.sri.com, or munnari.oz.au. Abstract This document defines an MIB for monitoring Directory System Agents[DSA], a component of the OSI Directory. The DSAmib will be used in conjunction with the application-mib for monitoring DSAs. Contents ======== 1.The Network Management Framework. 2 2.Model of the management information base for a DSA Manager. 2 3.The DSA functions and operations. 3 4.MIB design. 4 5.The DSAmib 4 6.Acknowledgements 14 7.References 15 Expires: January 7, 1994 [Page 1] Internet Draft July 1993 1.The Network Management Framework. ================================== The Internet Network Management framework is laid out in the three documents- STD 16/ RFC 1155 [1] defines the generic structure of network management information STD 15/ RFC 1157 [2] defines the protocol for accessing network management information STD 17/ RFC 1213 [3] defines the primary set of managed objects. The framework is adaptable/extensible by defining newer MIBs to suit the requirements of specific applications/protocols/situations. 2.Model of the management information base for a DSA Manager. ============================================================== A DSA-manager[application] may wish to monitor several aspects of the the operational DSA. It may want to know the process related aspects- the CPU, memory, .. utilization of the operational DSA; the network service related aspects - inbound-associations, outbound-associations, operational status, ... and finally the information specific to the DSA application- its operations and performance. The MIB proposed in this document covers only the portion which is specific to the DSA-application. The network service related part of the MIB, and the host-resources related part, of the MIB , as well other parts of interest to a Manager monitoring the DSA-application, are covered in separate documents [6][7]. The relationship of this MIB with the other MIBs (existing and potential) is shown in the following diagram. Expires: January 7, 1994 [Page 2] Internet Draft July 1993 ------------------------------------------ | HOST RESOURCES mib | | | ------------------------------------------- | | | | O | | | | | | | | T | | |O| | DSA | MTA |FTAM | H | NFS | DNS |T| | mib | mib |mib | E | mib | mib |H| | | | | R | | |E| --------------------------| | |R| | NETWORK APPLN mib | | | | | for CO-AP | | | | ------------------------------------------- | | | Other mibs [MIB-II, ... ] | | | ------------------------------------------- Fig. 1 The manager (application) of a network service application will use the Host-resources-mib to obtain process related information [ resource usage,..] the network service application mib provides the information for the generic objects[peer associations]. The Application specific objects are defined in the corresponding MIB, e.g., the DSA-specific MIB is the one that is being proposed in this Paper. For management information pertaining to the lower layer TCP/UDP/IP/... the MIB-II offers the repertoire of MOs. 3.The DSA functions and operations. ================================== The Directory System Agent [DSA], a component of the OSI-Directory, is an application process. It provides access to the Directory Information Base [DIB] to Directory User Agents [DUA] and/or other DSAs. Functionally , a User [ DUA ] and the Directory are bound together for a period of time at an access point to the Directory [DSA]. A DSA may use information stored in its local database or interact with (chain the request to) other DSAs to service requirements. Alternatively, a DSA may return a reference to another DSA. The local database of a DSA consists of the part of the DIT that is masered by the DSA, the part of the DIT for which it keeps slave copies and cached information that is gathered during the operation of the DSA. The specific operations carried out by the DSA are : Read, Compare, AddEntry, ModifyEntry, ModifyRDN, RemoveEntry, List, Search. There is Expires: January 7, 1994 [Page 3] Internet Draft July 1993 also the special operation Abandon. In response to request results and/or errors are returned by the DSA. 4. MIB design. ============= The basic principle has been to keep the MIB as simple as possible. The Managed objects included in the MIB are divided into two tables- the dsaTable and dsaInfoTable. - The dsaTable provides summary data on the accesses, operations errors and cache performance - The dsaInfoTable provides some useful information on the performance of other DSAs with which the monitored DSA interacts. There are references to the Directory itself for static information pertaining to the DSA. These references are in the form of "Directory Distinguished Name" of the corresponding object. It is intended that DSA management applications will use these references to obtain further related information on the objects of interest. 5. The DSAmib ============= DSA-MIB DEFINITIONS ::= BEGIN IMPORTS OBJECT-TYPE FROM RFC1212 Counter, TimeTicks, DisplayString FROM RFC1151-SMI; -- textual conventions -- Distinguished Name- is used to refer to objects in the directory. DistinguishedName::= DisplayString dsa OBJECT IDENTIFIER ::= { experimental XX} dsaTable OBJECT-TYPE SYNTAX SEQUENCE OF DSAEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The table holding information specific to the DSA" ::= {dsa 1} Expires: January 7, 1994 [Page 4] Internet Draft July 1993 dsaEntry OBJECT-TYPE SYNTAX DSAEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Entry associated with each DSA" INDEX { dsaApplIndex } ::= {dsaTable 1} DSAEntry ::= SEQUENCE { dsaApplIndex INTEGER, --bindings dsaAnonymousBinds Counter, dsaUnauthNameBinds Counter, dsaSimpleBinds Counter, dsaProtectedBinds Counter, dsaExternalBinds Counter, dsaBindSecurityErrors Counter, -- in-coming operations dsainOps Counter, -- locally executed dsaReadOps Counter, dsaCompareOps Counter, dsaAddEntryOps Counter, dsaRemoveEntryOps Counter, dsaModifyEntryOps Counter, dsaModifyRDNOps Counter, dsaListOps Counter, Expires: January 7, 1994 [Page 5] Internet Draft July 1993 dsaSearchOps Counter, dsaOneLevelSearchOps Counter, dsaWholeTreeSearchOps Counter, -- out going operations dsaReferrals Counter, dsaChainings Counter, dsaMulticastChainings Counter, -- errors dsaSecurityErrors Counter, dsaErrors Counter, -- Cache performance dsaMasterEntries INTEGER, dsaCopyEntries INTEGER, dsaCacheEntries INTEGER, dsaCacheHits Counter, dsaSlaveHits Counters } dsaApplIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Reference into application table to allow correlation with general application parameters" ::= {dsaEntry 1} Expires: January 7, 1994 [Page 6] Internet Draft July 1993 ---- for more information on the DSA ---- [Contact person , Directory Distinguished name ... ?] ---- the corresponding ApplEntry [ applicationIndex = dsaApplIndex] ---- in the applTable should be looked up ---- [ the dsa's appn entry-id = experimental.46.1.1.dsaApplIndex ] dsaAnonymousBinds OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " Number of anonymous (DAP) binds to this DSA since application start" ::= {dsaEntry 2} dsaUnauthNameBinds OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " Number of un-authenticated binds to this DSA , since application start" ::= {dsaEntry 3} dsaSimpleBinds OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " Number of binds to this DSA that passed simple authentication, since application start" ::= {dsaEntry 4} dsaProtectedBinds OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " Number of binds to this DSA that passed protected authentication, since application start" ::= {dsaEntry 5} Expires: January 7, 1994 [Page 7] Internet Draft July 1993 dsaExternalBinds OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " Number of binds to this DSA that were authenticated using the external authentication procedures, since application start" ::= {dsaEntry 6} dsaBindSecurityErrors OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of bind operations that have been rejected by this DSA due to inappropriateAuthentication or invalidCredentials." ::= {dsaEntry 7} dsaInOps OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " Number of operations forwarded to this DSA from DUAs or other DSAs , since application start" ::= {dsaEntry 8} dsaReadOps OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of read operations locally executed by this DSA since application startup." ::= {dsaEntry 9} dsaCompareOps OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of compare operations locally executed by this DSA since application startup." ::= {dsaEntry 10} Expires: January 7, 1994 [Page 8] Internet Draft July 1993 dsaAddEntryOps OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of addEntry operations locally executed by this DSA since application startup." ::= {dsaEntry 11} dsaRemoveEntryOps OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of removeEntry operations locally executed by this DSA since application startup." ::= {dsaEntry 12} dsaModifyEntryOps OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of modifyEntry operations locally executed by this DSA since application startup." ::= {dsaEntry 13} dsaModifyRDNOps OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of modifyRDN operations locally executed by this DSA since application startup." ::= {dsaEntry 14} dsaListOps OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of list operations locally executed by this DSA since application startup." ::= {dsaEntry 15} Expires: January 7, 1994 [Page 9] Internet Draft July 1993 dsaSearchOps OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of search operations- baseObjectSearches, oneLevelSearches and subTreeSearches, locally executed by this DSA since application startup." ::= {dsaEntry 16} dsaOneLevelSearchOps OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of oneLevelSearch operations locally executed by this DSA since application startup." ::= {dsaEntry 17} dsaWholeTreeSearchOps OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of wholeTreeSearch operations locally executed by this DSA since application startup." ::= {dsaEntry 18} dsaReferrals OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of referrals returned by this DSA in response to requests for operations since application startup." ::= {dsaEntry 19} dsaChainings OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of operations forwarded by this DSA to other DSAs since application startup." ::= {dsaEntry 20} Expires: January 7, 1994 [Page 10] Internet Draft July 1993 dsaMulticastChainings OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of parallel multicast chainings that were originated from this DSA since application start up." ::= {dsaEntry 21} dsaSecurityErrors OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of operations forwarded to this DSA which did not meet the security requirements " ::= {dsaEntry 22} dsaErrors OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of operations that could not be serviced due to errors other than security errors, and referrals. A partially serviced operation will not be counted as an error. The errors include NameErrors, UpdateErrors, Attribute errors and ServiceErrors." ::= {dsaEntry 23} dsaMasterEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Number of Entries mastered in the DSA" ::= {dsaEntry 24} Expires: January 7, 1994 [Page 11] Internet Draft July 1993 dsaCopyEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Number of Entries with systematic (slave) copies maintained in the DSA" ::= {dsaEntry 25} dsaCacheEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Number of Entries cached (non-systematic copies) in the DSA" ::= {dsaEntry 26} dsaCacheHits OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of operations that were serviced from the locally held cache, since application startup." ::= {dsaEntry 27} dsaSlaveHits OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION " number of operations that were serviced from the locally held object replications [ shadow entries] since application startup." ::= {dsaEntry 28} -- The DSAInfo table contains statistical data on the DSAs -- with which it [attempts to] interact. This table will -- provide a useful insight into the effect of neighbours -- on the DSA performance. -- Due to resource constraints it may be necessary to -- delete entries. It is suggested that the least recently -- used entries be deleted first. The size of the table and -- procedures for its maintenance will be left to the -- implementation. Expires: January 7, 1994 [Page 12] Internet Draft July 1993 dsaInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF dsaInfoEntry ACCESS read-only STATUS mandatory ::= { dsa 2 } dsaInfoEntry OBJECT-TYPE SYNTAX DsaInfoEntry ACCESS read-only STATUS mandatory ::= { dsaInfoTable 1 } DsaInfoEntry ::= SEQUENCE { dsaName DistinguishedName, dsaTimeOfCreation TimeTicks, dsaTimeOfLastAttempt TimeTicks, dsaTimeOfLastSuccess TimeTicks, dsaFailuresSinceLastSuccess Counter, dsaFailures Counter, dsaSuccesses Counter } dsaName OBJECT-TYPE SYNTAX DistinguishedName ACCESS read-only STATUS mandatory DESCRIPTION " distinguished name of the DSA to which this entry pertains." ::= {dsaInfoEntry 1} dsaTimeOfCreation OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION " The value of sysUpTime when this entry was created. If the entry was created before the network management subsystem was initialized, this object will contain a value of zero." ::= {dsaInfoEntry 2} Expires: January 7, 1994 [Page 13] Internet Draft July 1993 dsaTimeOfLastAttempt OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION " The value of sysUpTime when the last attempt was made to contact this DSA. If the last attempt was made before the network management subsystem was initialized, this object will contain a value of zero." ::= {dsaInfoEntry 3} dsaTimeOfLastSuccess OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION " The value of sysUpTime when the last attempt made to contact this DSA was successful. If there have been no successful attempts this entry will be 0. If the last successful attempt was made before the network management subsystem was initialized, this object will contain a value of zero." ::= {dsaInfoEntry 4} dsaFailuresSinceLastSuccess OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION " The number of failures since the last time an attempt to contact this DSA was successful." ::= {dsaInfoEntry 5} dsaFailures OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION " cumulative failures since the creation of this entry." ::= {dsaInfoEntry 6} Expires: January 7, 1994 [Page 14] Internet Draft July 1993 dsaSuccesses OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION " cumulative successes since the creation of this entry." ::= {dsaInfoEntry 7} END 6. Acknowledgements ==================== This draft is the product of discussions and deliberations carried out in the following working groups ietf-madman-wg ietf-madman@innosoft.com wide-isode-wg isode-wg@wide.ad.jp wide-netman-wg netman-wg@wide.ad.jp 7. References ============== [1] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based internets", STD 16, RFC 1155, Performance Systems International, Hughes LAN Systems, May 1990. [2] Case, J., M. Fedor, M. Schoffstall, and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, SNMP Research, Performance Systems International, Performance Systems International, MIT Laboratory for Computer Science, May 1990. [3] McCloghrie, K., and M. Rose, Editors, "Management Information Base for Network Management of TCP/IP-based internets: MIB-II", STD 17, RFC 1213, Hughes LAN Systems, Performance Systems International, March 1991. [4] Rose, M., and K. McCloghrie, Editors, "Concise MIB Definitions", STD 16, RFC 1212, Performance Systems International, Hughes LAN Systems, March 1991. [5] The X.500 blue book. Expires: January 7, 1994 [Page 15] Internet Draft July 1993 [6] Freed, N., Kille, S., The Network Services Monitoring MIB, Internet Draft, May 17, 1993. [7] Austein, R., Saperia J., DNS MIB Extensions, Internet Draft, 12 Nov, 1992. [8] Grillo, P., Waldbusser, S., HostResources MIB, Internet Draft, Dec, 1992. Expires: January 7, 1994 [Page 16]