MADMAN Working Group Glenn Mansfield [glenn@aic.co.jp] INTERNET-DRAFT AIC Systems Laboratory S.E.Hardcastle-Kille [steve@isode.com] ISODE Consortium August 1993 Directory Monitoring MIB Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a "working draft" or "work in progress." To learn the current status of any Internet-Draft, please check the 1id-abstracts.txt listing contained in the Internet-Drafts Shadow Directories on ds.internic.net, nic.nordu.net, ftp.nisc.sri.com, or munnari.oz.au. Abstract This document defines an experimental portion of the Management Information Base (MIB). It defines the MIB for monitoring Directory System Agents[DSA], a component of the OSI Directory. This MIB will be used in conjunction with the APPLICATION-MIB for monitoring DSAs. Contents ======== 1.The SNMPv2 Network Management Framework. 2 2.MIB Model for DSA Management 2 3.The DSA functions and operations. 3 4.MIB design. 4 5.The Directory Monitoring MIB 4 6.Acknowledgements 17 7.References 18 Security Considerations Authors' Addresses Expires: February 25, 1994 [Page 1] Internet Draft August 1993 1.The SNMPv2 Network Management Framework. ========================================== The major components of the SNMPv2 Network Management framework are described in the documents listed below. o RFC 1442 [1] defines the Structure of Management Information (SMI), the mechanisms used for describing and naming objects for the purpose of management. o RFC 1213 [2] defines MIB-II, the core set of managed objects (MO) for the Internet suite of protocols. o RFC 1445 [3] defines the administrative and other architectural aspects of the management framework. o RFC 1448 [4] defines the protocol used for network access to managed objects. The framework is adaptable/extensible by defining new MIBs to suit the requirements of specific applications/protocols/situations. Managed objects are accessed via a virtual information store, the MIB. Objects in the MIB are defined using the subset of Abstract Syntax Notation One (ASN.1) defined in the SMI. In particular, each object type is named by an OBJECT IDENTIFIER, which is an administratively assigned name. The object type together with an object instance serves to uniquely identify a specific instantiation of the object. For human convenience, often a textual string, termed the descriptor,is used to refer to the object type. 2. MIB Model for DSA Management. ================================= A DSA-manager may wish to monitor several aspects of the operational DSA. He/she may want to know the process related aspects- the CPU, memory, .. utilization of the operational DSA; the network service related aspects - inbound-associations, outbound-associations, operational status, ... and finally the information specific to the DSA application- its operations and performance. The MIB proposed in this document covers only the portion which is specific to the DSA-application. The network service related part of the MIB, and the host-resources related part, of the MIB , as well other parts of interest to a Manager monitoring the DSA-application, are covered in separate documents [6][7]. The relationship of this MIB with the other MIBs is shown in fig.1. Expires: February 25, 1994 [Page 2] Internet Draft August 1993 +----------------------+ | Host Resources MIB | +----------------------+ | | | DSA-specific MIB | | | +----------------------| | generic NSA MIB | +----------------------+ | Other MIBs | | [MIB-II, ... ] | +----------------------+ Fig. 1 The manager (application) of a network service application will use the Host Resources MIB to obtain process related information [ resource usage,..], the Network Service Application (NSA) MIB for generic NSA related MOs. The DSA-specific MIB is the one that is being proposed in this memo. For management information pertaining to the lower layer TCP/UDP/IP/... the MIB-II offers the repertoire of MOs. 3.The DSA functions and operations. ================================== The Directory System Agent [DSA], a component of the OSI-Directory, is an application process. It provides access to the Directory Information Base [DIB] to Directory User Agents [DUA] and/or other DSAs. Functionally , a User [ DUA ] and the Directory are bound together for a period of time at an access point to the Directory [DSA]. A DSA may use information stored in its local database or interact with (chain the request to) other DSAs to service requirements. Alternatively, a DSA may return a reference to another DSA. The local database of a DSA consists of the part of the DIT that is mastered by the DSA, the part of the DIT for which it keeps slave copies and cached information that is gathered during the operation of the DSA. The specific operations carried out by the DSA are : Read, Compare, AddEntry, ModifyEntry, ModifyRDN, RemoveEntry, List, Search. There is also the special operation Abandon. In response to requests results and/or errors are returned by the DSA. Expires: February 25, 1994 [Page 3] Internet Draft August 1993 4. MIB design. ============= The basic principle has been to keep the MIB as simple as possible. The Managed objects included in the MIB are divided into three tables- the dsaOpsTable dsaEntryTable and dsaIntTable. - The dsaOpsTable provides summary statistics on the accesses, operations errors. - The dsaEntriesTable provides summary statistics on the entries held by the DSA and on cache performance. - The dsaIntTable provides some useful information on the interaction of the monitored DSA with peer DSAs. There are references to the Directory itself for static information pertaining to the DSA. These references are in the form of "Directory Distinguished Name" [5] of the corresponding object. It is intended that DSA management applications will use these references to obtain further related information on the objects of interest. 5. The Directory Monitoring MIB. =============================== DSA-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,experimental FROM SNMPv2-SMI DisplayString FROM SNMPv2-TC; -- textual conventions -- Distinguished Name [5]- is used to refer to objects in the directory. DistinguishedName::= DisplayString dsaMIB MODULE-IDENTITY LAST-UPDATED "9308190000Z" ORGANIZATION "IETF MADMAN Working Group" CONTACT-INFO " Glenn Mansfield Postal: AIC Systems Laboratory 6-6-3, Minami Yoshinari Aoba-ku, Sendai, Japan 989-32. Expires: February 25, 1994 [Page 4] Internet Draft August 1993 Tel: +81-22-279-3310 Fax: +81-22-279-3640 E-mail: glenn@aic.co.jp" DESCRIPTION "The MIB module for monitoring Directory System Agents" ::= { experimental 48 } dsaMIBObjects OBJECT IDENTIFIER ::= { dsaMIB 1} dsaOpsTable OBJECT-TYPE SYNTAX SEQUENCE OF DsaOpsEntry MAX-ACCESS not-accessible STATUS mandatory DESCRIPTION "The table holding information related to the DSA operations" ::= {dsaMIBObjects 1} dsaOpsEntry OBJECT-TYPE SYNTAX DsaOpsEntry MAX-ACCESS not-accessible STATUS mandatory DESCRIPTION "Entry containing operations related statistics for a DSA" INDEX { dsaApplIndex } ::= {dsaOpsTable 1} DsaOpsEntry ::= SEQUENCE { dsaApplIndex INTEGER, --bindings dsaAnonymousBinds Counter32, dsaUnauthBinds Counter32, dsaSimpleAuthBinds Counter32, dsaStrongAuthBinds Counter32, dsaBindSecurityErrors Counter32, -- in-coming operations dsaInOps Counter32, Expires: February 25, 1994 [Page 5] Internet Draft August 1993 -- locally executed dsaReadOps Counter32, dsaCompareOps Counter32, dsaAddEntryOps Counter32, dsaRemoveEntryOps Counter32, dsaModifyEntryOps Counter32, dsaModifyRDNOps Counter32, dsaListOps Counter32, dsaSearchOps Counter32, dsaOneLevelSearchOps Counter32, dsaWholeTreeSearchOps Counter32, -- out going operations dsaReferrals Counter32, dsaChainings Counter32, -- errors dsaSecurityErrors Counter32, dsaErrors Counter32 } dsaApplIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS mandatory DESCRIPTION "Reference into application table to allow correlation with general application parameters" ::= {dsaOpsEntry 1} Expires: February 25, 1994 [Page 6] Internet Draft August 1993 -- for more information on the DSA [Contact person , Directory -- Distinguished Name ... ] the corresponding ApplEntry -- [ applicationIndex = dsaApplIndex] in the applTable should -- should be looked up. -- [ the dsa's appn entry-id = experimental.46.1.1.dsaApplIndex ] dsaAnonymousBinds OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " Number of anonymous (DAP) binds to this DSA since application start" ::= {dsaOpsEntry 2} dsaUnauthBinds OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " Number of un-authenticated binds to this DSA , since application start" ::= {dsaOpsEntry 3} dsaSimpleAuthBinds OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " Number of binds to this DSA that were authenticated using simple authentication procedures, since application start" ::= {dsaOpsEntry 4} dsaStrongAuthBinds OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " Number of binds to this DSA that were authenticated using the strong authentication procedures, since application start. This includes the binds that were authenticated using external authentication procedures" ::= {dsaOpsEntry 5} Expires: February 25, 1994 [Page 7] Internet Draft August 1993 dsaBindSecurityErrors OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of bind operations that have been rejected by this DSA due to inappropriateAuthentication or invalidCredentials." ::= {dsaOpsEntry 6} dsaInOps OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " Number of operations forwarded to this DSA from DUAs or other DSAs , since application start up" ::= {dsaOpsEntry 7} dsaReadOps OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of read operations locally executed by this DSA since application startup." ::= {dsaOpsEntry 8} dsaCompareOps OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of compare operations locally executed by this DSA since application startup." ::= {dsaOpsEntry 9} dsaAddEntryOps OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of addEntry operations locally executed by this DSA since application startup." ::= {dsaOpsEntry 10} Expires: February 25, 1994 [Page 8] Internet Draft August 1993 dsaRemoveEntryOps OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of removeEntry operations locally executed by this DSA since application startup." ::= {dsaOpsEntry 11} dsaModifyEntryOps OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of modifyEntry operations locally executed by this DSA since application startup." ::= {dsaOpsEntry 12} dsaModifyRDNOps OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of modifyRDN operations locally executed by this DSA since application startup." ::= {dsaOpsEntry 13} dsaListOps OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of list operations locally executed by this DSA since application startup." ::= {dsaOpsEntry 14} dsaSearchOps OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of search operations- baseObjectSearches, oneLevelSearches and subTreeSearches, locally executed by this DSA since application startup." ::= {dsaOpsEntry 15} Expires: February 25, 1994 [Page 9] Internet Draft August 1993 dsaOneLevelSearchOps OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of oneLevelSearch operations locally executed by this DSA since application startup." ::= {dsaOpsEntry 16} dsaWholeTreeSearchOps OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of wholeTreeSearch operations locally executed by this DSA since application startup." ::= {dsaOpsEntry 17} dsaReferrals OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of referrals returned by this DSA in response to requests for operations since application startup." ::= {dsaOpsEntry 18} dsaChainings OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of operations forwarded by this DSA to other DSAs since application startup." ::= {dsaOpsEntry 19} dsaSecurityErrors OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of operations forwarded to this DSA which did not meet the security requirements " ::= {dsaOpsEntry 20} Expires: February 25, 1994 [Page 10] Internet Draft August 1993 dsaErrors OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of operations that could not be serviced due to errors other than security errors, and referrals. A partially serviced operation will not be counted as an error. The errors include NameErrors, UpdateErrors, Attribute errors and ServiceErrors." ::= {dsaOpsEntry 21} -- Entry statistics/Cache performance dsaEntriesTable OBJECT-TYPE SYNTAX SEQUENCE OF DsaEntriesEntry MAX-ACCESS not-accessible STATUS mandatory DESCRIPTION "The table holding information related to the cache performance of the DSAs" ::= {dsaMIBObjects 2} dsaEntriesEntry OBJECT-TYPE SYNTAX DsaEntriesEntry MAX-ACCESS not-accessible STATUS mandatory DESCRIPTION "Entry containing statistics pertaining to entries held by a DSA" INDEX { dsaApplIndex } ::= {dsaTable 1} DsaEntriesEntry ::= SEQUENCE { dsaMasterEntries INTEGER, dsaCopyEntries INTEGER, dsaCacheEntries INTEGER, dsaCacheHits Counter32, dsaSlaveHits Counter32 } Expires: February 25, 1994 [Page 11] Internet Draft August 1993 dsaMasterEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION "Number of Entries mastered in the DSA" ::= {dsaEntriesEntry 1} dsaCopyEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION "Number of Entries with systematic (slave) copies maintained in the DSA" ::= {dsaEntriesEntry 2} dsaCacheEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION "Number of Entries cached (non-systematic copies) in the DSA" ::= {dsaEntriesEntry 3} dsaCacheHits OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of operations that were serviced from the locally held cache, since application startup." ::= {dsaEntriesEntry 4} dsaSlaveHits OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS mandatory DESCRIPTION " number of operations that were serviced from the locally held object replications [ shadow entries] since application startup." ::= {dsaEntriesEntry 5} -- The dsaIntTable contains statistical data on the DSAs Expires: February 25, 1994 [Page 12] Internet Draft August 1993 -- with which a DSA [attempts to] interact. This table will -- provide a useful insight into the effect of neighbours -- on the DSA performance. -- Due to resource constraints it may be necessary to -- delete entries. It is suggested that the least recently -- used entries be deleted first. The size of the table and -- procedures for its maintenance will be left to the -- implementation. dsaIntTable OBJECT-TYPE SYNTAX SEQUENCE OF DsaIntEntry MAX-ACCESS not-accessible STATUS mandatory DESCRIPTION "each row of this table contains some details related to the history of the interaction of the DSAs mastered locally with other DSAs" ::= { dsaMIBObjects 3 } dsaIntEntry OBJECT-TYPE SYNTAX DsaIntEntry MAX-ACCESS not-accessible STATUS mandatory DESCRIPTION "entry containing interaction details of a DSA with a peer DSA" INDEX { dsaApplIndex,dsaIntIndex } ::= { dsaIntTable 1 } DsaIntEntry ::= SEQUENCE { dsaIntIndex INTEGER, dsaName DistinguishedName, dsaTimeOfCreation TimeTicks, dsaTimeOfLastAttempt TimeTicks, dsaTimeOfLastSuccess TimeTicks, dsaFailuresSinceLastSuccess Counter32, dsaFailures Counter32, dsaSuccesses Counter32 } Expires: February 25, 1994 [Page 13] Internet Draft August 1993 dsaIntIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS mandatory DESCRIPTION " together with dsaApplIndex it forms the unique key to identify the conceptual row which contains useful info on the (attempted) interaction between the DSA (referred to by dsaApplIndex) and another DSA." ::= {dsaIntEntry 1} dsaName OBJECT-TYPE SYNTAX DistinguishedName MAX-ACCESS read-only STATUS mandatory DESCRIPTION " distinguished name of the DSA to which this entry pertains." ::= {dsaIntEntry 2} dsaTimeOfCreation OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS mandatory DESCRIPTION " The value of sysUpTime when this entry was created. If the entry was created before the network management subsystem was initialized, this object will contain a value of zero." ::= {dsaIntEntry 3} dsaTimeOfLastAttempt OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS mandatory DESCRIPTION " The value of sysUpTime when the last attempt was made to contact this DSA. If the last attempt was made before the network management subsystem was initialized, this object will contain a value of zero." ::= {dsaIntEntry 4} dsaTimeOfLastSuccess OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS mandatory DESCRIPTION " The value of sysUpTime when the last attempt made to Expires: February 25, 1994 [Page 14] Internet Draft August 1993 contact this DSA was successful. If there have been no successful attempts this entry will be 0. If the last successful attempt was made before the network management subsystem was initialized, this object will contain a value of zero." ::= {dsaIntEntry 5} dsaFailuresSinceLastSuccess OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS mandatory DESCRIPTION " The number of failures since the last time an attempt to contact this DSA was successful." ::= {dsaIntEntry 6} dsaFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS mandatory DESCRIPTION " cumulative failures since the creation of this entry." ::= {dsaIntEntry 7} dsaSuccesses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS mandatory DESCRIPTION " cumulative successes since the creation of this entry." ::= {dsaIntEntry 8} Expires: February 25, 1994 [Page 15] Internet Draft August 1993 -- conformance information dsaConformance OBJECT IDENTIFIER ::= { dsaMIB 2 } dsaGroups OBJECT IDENTIFIER ::= { dsaConformance 1 } dsaCompliances OBJECT IDENTIFIER ::= { dsaConformance 2 } -- compliance statements dsaOpsCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMPv2 entities which implement the dsa MIB for monitoring DSA operations." MODULE -- this module MANDATORY-GROUPS { dsaOpsGroup } ::= { dsaCompliances 1 } dsaEntryCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMPv2 entities which implement the dsa MIB for monitoring DSA operations, entry statistics and cache performance." MODULE -- this module MANDATORY-GROUPS { dsaOpsGroup,dsaEntryGroup } ::= { dsaCompliances 2 } dsaIntCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMPv2 entities which implement the dsa MIB for monitoring DSAs interaction with other DSAs." MODULE -- this module MANDATORY-GROUPS { dsaOpsGroup, dsaIntGroup } ::= { dsaCompliances 3 } Expires: February 25, 1994 [Page 16] Internet Draft August 1993 -- units of conformance dsaOpsGroup OBJECT-GROUP OBJECTS {dsaApplIndex, dsaAnonymousBinds, dsaUnauthBinds, dsaSimpleAuthBinds, dsaStrongAuthBinds, dsaBindSecurityErrors, dsaInOps, dsaReadOps, dsaCompareOps, dsaAddEntryOps, dsaRemoveEntryOps, dsaModifyEntryOps, dsaModifyRDNOps, dsaListOps, dsaSearchOps, dsaOneLevelSearchOps,dsaWholeTreeSearchOps,dsaReferrals, dsaChainings, dsaSecurityErrors, dsaErrors} STATUS current DESCRIPTION "A collection of objects for monitoring the DSA operations" ::= { dsaGroups 1 } dsaEntryGroup OBJECT-GROUP OBJECTS {dsaMasterEntries, dsaCopyEntries, dsaCacheEntries, dsaCacheHits, dsaSlaveHits} STATUS current DESCRIPTION "A collection of objects for monitoring the DSA entry statistics and cache performance" ::= { dsaGroups 2 } dsaIntGroup OBJECT-GROUP OBJECTS {dsaName, dsaTimeOfCreation, dsaTimeOfLastAttempt, dsaTimeOfLastSuccess,dsaFailuresSinceLastSuccess,dsaFailures, dsaSuccesses} STATUS current DESCRIPTION "A collection of objects for monitoring the DSA interaction with other DSAs" ::= { dsaGroups 3 } END 6. Acknowledgements ==================== This draft is the product of discussions and deliberations carried out in the following working groups ietf-madman-wg ietf-madman@innosoft.com wide-isode-wg isode-wg@wide.ad.jp wide-netman-wg netman-wg@wide.ad.jp Expires: February 25, 1994 [Page 17] Internet Draft August 1993 7. References ============== [1] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Structure of Management Information for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC1442, SNMP Research,Inc., Hughes LAN Systems, Dover Beach Consulting, Inc., Carnegie Mellon University,April 1993. [2] McCloghrie, K., and Rose,M., Editors, "Management Information Base for Network Management of TCP/IP-based internets: MIB-II", STD 17, RFC 1213, Hughes LAN Systems, Performance Systems International, March 1991. [3] Galvin, J., McCloghrie, K., " Administrative Model for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1445, Trusted Information Systems, Hughes LAN Systems, April 1993. [4] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Protocol Operations for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC1448, SNMP Research,Inc., Hughes LAN Systems, Dover Beach Consulting, Inc., Carnegie Mellon University, April 1993. [5] The X.500 blue book. [6] Freed, N., Kille, S., The Network Services Monitoring MIB, Internet Draft, August 18, 1993. [7] Grillo, P., Waldbusser, S., Host Resources MIB, Internet Draft, June, 1993. [8] Austein, R., Saperia J., DNS Resolver MIB, Internet Draft, July 1993. [9] Austein, R., Saperia J., DNS Server MIB Extensions, Internet Draft, July 1993. Expires: February 25, 1994 [Page 18] Internet Draft August 1993 Security Considerations. ======================== Security issues are not discussed in this memo. Authors' Addresses ================== Glenn Mansfield Steve Hardcastle-Kille AIC Systems Laboratories ISODE Consortium 6-6-3 Minami Yoshinari Unit 309, The Chandlery Aoba-ku 50 Westminster Bridge Road Sendai 989-32 London SE1 7QY Japan England Expires: February 25, 1994 [Page 19]