MADMAN Working Group Glenn Mansfield [glenn@aic.co.jp] INTERNET-DRAFT AIC Systems Laboratory S.E.Kille [S.Kille@isode.com] ISODE Consortium September 1993 Directory Monitoring MIB Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a "working draft" or "work in progress." To learn the current status of any Internet-Draft, please check the 1id-abstracts.txt listing contained in the Internet-Drafts Shadow Directories on ds.internic.net, nic.nordu.net, ftp.nisc.sri.com, or munnari.oz.au. Abstract This document defines an experimental portion of the Management Information Base (MIB). It defines the MIB for monitoring Directory System Agents(DSA), a component of the OSI Directory. This MIB will be used in conjunction with the APPLICATION-MIB for monitoring DSAs. Contents ======== 1.The SNMPv2 Network Management Framework. 2 2.MIB Model for DSA Management 2 3.The DSA functions and operations. 3 4.MIB design. 3 5.The Directory Monitoring MIB 4 6.Acknowledgements 17 7.References 18 Security Considerations Authors' Addresses Expires: March 16, 1994 [Page 1] Internet Draft September 1993 1.The SNMPv2 Network Management Framework. ========================================== The major components of the SNMPv2 Network Management framework are described in the documents listed below. o RFC 1442 [1] defines the Structure of Management Information (SMI), the mechanisms used for describing and naming objects for the purpose of management. o RFC 1213 [2] defines MIB-II, the core set of managed objects (MO) for the Internet suite of protocols. o RFC 1445 [3] defines the administrative and other architectural aspects of the management framework. o RFC 1448 [4] defines the protocol used for network access to managed objects. The framework is adaptable/extensible by defining new MIBs to suit the requirements of specific applications/protocols/situations. Managed objects are accessed via a virtual information store, the MIB. Objects in the MIB are defined using the subset of Abstract Syntax Notation One (ASN.1) defined in the SMI. In particular, each object type is named by an OBJECT IDENTIFIER, which is an administratively assigned name. The object type together with an object instance serves to uniquely identify a specific instantiation of the object. For human convenience, often a textual string, termed the descriptor,is used to refer to the object type. 2. MIB Model for DSA Management. ================================= A DSA-manager may wish to monitor several aspects of the operational DSA. He/she may want to know the process related aspects- the resource utilization of the operational DSA; the network service related aspects e.g. inbound-associations, outbound-associations, operational status, and finally the information specific to the DSA application- its operations and performance. The MIB defined in this document covers the portion which is specific to the DSA-application. The network service related part of the MIB, and the host-resources related part of the MIB , as well other parts of interest to a Manager monitoring the DSA-application, are covered in separate documents [6][7]. Expires: March 16, 1994 [Page 2] Internet Draft September 1993 3.The DSA functions and operations. ================================== The Directory System Agent [DSA], a component of the OSI- Directory[5][9], is an application process. It provides access to the Directory Information Base [DIB] to Directory User Agents [DUA] and/or other DSAs. Functionally , a User [ DUA ] and the Directory are bound together for a period of time at an access point to the Directory [DSA]. A DSA may use information stored in its local database or interact with (chain the request to) other DSAs to service requirements. Alternatively, a DSA may return a reference to another DSA. The local database of a DSA consists of the part of the DIT that is mastered by the DSA, the part of the DIT for which it keeps slave copies and cached information that is gathered during the operation of the DSA. The specific operations carried out by the DSA are : Read, Compare, AddEntry, ModifyEntry, ModifyRDN, RemoveEntry, List, Search. There is also the special operation Abandon. In response to requests results and/or errors are returned by the DSA. 4. MIB design. ============= The basic principle has been to keep the MIB as simple as possible. The Managed objects included in the MIB are divided into three tables- dsaOpsTable, dsaEntryTable and dsaIntTable. - The dsaOpsTable provides summary statistics on the accesses, operations and errors. - The dsaEntriesTable provides summary statistics on the entries held by the DSA and on cache performance. - The dsaIntTable provides some useful information on the interaction of the monitored DSA with peer DSAs. There are references to the Directory itself for static information pertaining to the DSA. These references are in the form of "Directory Distinguished Name" [8] of the corresponding object. It is intended that DSA management applications will use these references to obtain further related information on the objects of interest. Expires: March 16, 1994 [Page 3] Internet Draft September 1993 5. The Directory Monitoring MIB. =============================== DSA-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,experimental FROM SNMPv2-SMI DisplayString, TimeStamp, TEXTUAL-CONVENTION FROM SNMPv2-TC applIndex FROM APPLICATION-MIB; -- Textual conventions -- DistinguishedName [8]- is used to refer to objects in the directory. DistinguishedName ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " A Distinguished Name represented in accordance with RFC1485." SYNTAX DisplayString dsaMIB MODULE-IDENTITY LAST-UPDATED "9309160000Z" ORGANIZATION "IETF MADMAN Working Group" CONTACT-INFO " Glenn Mansfield Postal: AIC Systems Laboratory 6-6-3, Minami Yoshinari Aoba-ku, Sendai, Japan 989-32. Tel: +81-22-279-3310 Fax: +81-22-279-3640 E-mail: glenn@aic.co.jp" DESCRIPTION " The MIB module for monitoring Directory System Agents." ::= { experimental 48 } dsaMIBObjects OBJECT IDENTIFIER ::= { dsaMIB 1} Expires: March 16, 1994 [Page 4] Internet Draft September 1993 dsaOpsTable OBJECT-TYPE SYNTAX SEQUENCE OF DsaOpsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " The table holding information related to the DSA operations." ::= {dsaMIBObjects 1} dsaOpsEntry OBJECT-TYPE SYNTAX DsaOpsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Entry containing operations related statistics for a DSA." INDEX { applIndex } ::= {dsaOpsTable 1} DsaOpsEntry ::= SEQUENCE { -- Bindings dsaAnonymousBinds Counter32, dsaUnauthBinds Counter32, dsaSimpleAuthBinds Counter32, dsaStrongAuthBinds Counter32, dsaBindSecurityErrors Counter32, -- In-coming operations dsaInOps Counter32, dsaReadOps Counter32, dsaCompareOps Counter32, dsaAddEntryOps Counter32, dsaRemoveEntryOps Counter32, dsaModifyEntryOps Counter32, dsaModifyRDNOps Expires: March 16, 1994 [Page 5] Internet Draft September 1993 Counter32, dsaListOps Counter32, dsaSearchOps Counter32, dsaOneLevelSearchOps Counter32, dsaWholeTreeSearchOps Counter32, -- Out going operations dsaReferrals Counter32, dsaChainings Counter32, -- Errors dsaSecurityErrors Counter32, dsaErrors Counter32 } dsaAnonymousBinds OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of anonymous binds to this DSA from DUAs since application start." ::= {dsaOpsEntry 1} dsaUnauthBinds OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of un-authenticated binds to this DSA since application start." ::= {dsaOpsEntry 2} dsaSimpleAuthBinds OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION Expires: March 16, 1994 [Page 6] Internet Draft September 1993 " Number of binds to this DSA that were authenticated using simple authentication procedures since application start." ::= {dsaOpsEntry 3} dsaStrongAuthBinds OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of binds to this DSA that were authenticated using the strong authentication procedures since application start. This includes the binds that were authenticated using external authentication procedures." ::= {dsaOpsEntry 4} dsaBindSecurityErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of bind operations that have been rejected by this DSA due to inappropriateAuthentication or invalidCredentials." ::= {dsaOpsEntry 5} dsaInOps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of operations forwarded to this DSA from DUAs or other DSAs since application start up." ::= {dsaOpsEntry 6} dsaReadOps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of read operations serviced by this DSA since application startup." ::= {dsaOpsEntry 7} dsaCompareOps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only Expires: March 16, 1994 [Page 7] Internet Draft September 1993 STATUS current DESCRIPTION " Number of compare operations serviced by this DSA since application startup." ::= {dsaOpsEntry 8} dsaAddEntryOps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of addEntry operations serviced by this DSA since application startup." ::= {dsaOpsEntry 9} dsaRemoveEntryOps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of removeEntry operations serviced by this DSA since application startup." ::= {dsaOpsEntry 10} dsaModifyEntryOps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of modifyEntry operations serviced by this DSA since application startup." ::= {dsaOpsEntry 11} dsaModifyRDNOps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of modifyRDN operations serviced by this DSA since application startup." ::= {dsaOpsEntry 12} Expires: March 16, 1994 [Page 8] Internet Draft September 1993 dsaListOps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of list operations serviced by this DSA since application startup." ::= {dsaOpsEntry 13} dsaSearchOps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of search operations- baseObjectSearches, oneLevelSearches and subTreeSearches, serviced by this DSA since application startup." ::= {dsaOpsEntry 14} dsaOneLevelSearchOps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of oneLevelSearch operations serviced by this DSA since application startup." ::= {dsaOpsEntry 15} dsaWholeTreeSearchOps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of wholeTreeSearch operations serviced by this DSA since application startup." ::= {dsaOpsEntry 16} dsaReferrals OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of referrals returned by this DSA in response to requests for operations since application startup." ::= {dsaOpsEntry 17} Expires: March 16, 1994 [Page 9] Internet Draft September 1993 dsaChainings OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of operations forwarded by this DSA to other DSAs since application startup." ::= {dsaOpsEntry 18} dsaSecurityErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of operations forwarded to this DSA which did not meet the security requirements. " ::= {dsaOpsEntry 19} dsaErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of operations that could not be serviced due to errors other than security errors, and referrals. A partially serviced operation will not be counted as an error. The errors include NameErrors, UpdateErrors, Attribute errors and ServiceErrors." ::= {dsaOpsEntry 20} -- Entry statistics/Cache performance dsaEntriesTable OBJECT-TYPE SYNTAX SEQUENCE OF DsaEntriesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " The table holding information related to the entry statistics and cache performance of the DSAs." ::= {dsaMIBObjects 2} Expires: March 16, 1994 [Page 10] Internet Draft September 1993 dsaEntriesEntry OBJECT-TYPE SYNTAX DsaEntriesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Entry containing statistics pertaining to entries held by a DSA." INDEX { applIndex } ::= {dsaEntriesTable 1} DsaEntriesEntry ::= SEQUENCE { dsaMasterEntries Gauge32, dsaCopyEntries Gauge32, dsaCacheEntries Gauge32, dsaCacheHits Counter32, dsaSlaveHits Counter32 } dsaMasterEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of Entries mastered in the DSA." ::= {dsaEntriesEntry 1} dsaCopyEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of Entries for which systematic (slave) copies are maintained in the DSA." ::= {dsaEntriesEntry 2} Expires: March 16, 1994 [Page 11] Internet Draft September 1993 dsaCacheEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of Entries cached (non-systematic copies) in the DSA. This will include the Entries that are cached partially. The negative cache is not counted." ::= {dsaEntriesEntry 3} dsaCacheHits OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of operations that were serviced from the locally held cache since application startup." ::= {dsaEntriesEntry 4} dsaSlaveHits OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of operations that were serviced from the locally held object replications [ shadow entries] since application startup." ::= {dsaEntriesEntry 5} -- The dsaIntTable contains statistical data on the peer DSAs -- with which the monitored DSAs [attempt to] interact. This -- table will provide a useful insight into the effect of -- neighbours on the DSA performance. -- The table keeps track of the last "N" DSAs with which the -- monitored DSAs has interacted [attempted to interact], -- where "N" is a locally-defined constant. Expires: March 16, 1994 [Page 12] Internet Draft September 1993 dsaIntTable OBJECT-TYPE SYNTAX SEQUENCE OF DsaIntEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Each row of this table contains some details related to the history of the interaction of the monitored DSAs with their respective peer DSAs." ::= { dsaMIBObjects 3 } dsaIntEntry OBJECT-TYPE SYNTAX DsaIntEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Entry containing interaction details of a DSA with a peer DSA." INDEX { applIndex,dsaIntIndex } ::= { dsaIntTable 1 } DsaIntEntry ::= SEQUENCE { dsaIntIndex INTEGER, dsaName DistinguishedName, dsaTimeOfCreation TimeStamp, dsaTimeOfLastAttempt TimeStamp, dsaTimeOfLastSuccess TimeStamp, dsaFailuresSinceLastSuccess Counter32, dsaFailures Counter32, dsaSuccesses Counter32 } Expires: March 16, 1994 [Page 13] Internet Draft September 1993 dsaIntIndex OBJECT-TYPE SYNTAX INTEGER (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION " Together with applIndex it forms the unique key to identify the conceptual row which contains useful info on the (attempted) interaction between the DSA (referred to by applIndex) and a peer DSA." ::= {dsaIntEntry 1} dsaName OBJECT-TYPE SYNTAX DistinguishedName MAX-ACCESS read-only STATUS current DESCRIPTION " Distinguished Name of the peer DSA to which this entry pertains." ::= {dsaIntEntry 2} dsaTimeOfCreation OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION " The value of sysUpTime when this row was created. If the entry was created before the network management subsystem was initialized, this object will contain a value of zero." ::= {dsaIntEntry 3} dsaTimeOfLastAttempt OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION " The value of sysUpTime when the last attempt was made to contact this DSA. If the last attempt was made before the network management subsystem was initialized, this object will contain a value of zero." ::= {dsaIntEntry 4} dsaTimeOfLastSuccess OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION " The value of sysUpTime when the last attempt made to Expires: March 16, 1994 [Page 14] Internet Draft September 1993 contact this DSA was successful. If there have been no successful attempts this entry will have a value of zero. If the last successful attempt was made before the network management subsystem was initialized, this object will contain a value of zero." ::= {dsaIntEntry 5} dsaFailuresSinceLastSuccess OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " The number of failures since the last time an attempt to contact this DSA was successful. If there has been no successful attempts, this counter will contain the number of failures since this entry was created." ::= {dsaIntEntry 6} dsaFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Cumulative failures since the creation of this entry." ::= {dsaIntEntry 7} dsaSuccesses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION " Cumulative successes since the creation of this entry." ::= {dsaIntEntry 8} Expires: March 16, 1994 [Page 15] Internet Draft September 1993 -- Conformance information dsaConformance OBJECT IDENTIFIER ::= { dsaMIB 2 } dsaGroups OBJECT IDENTIFIER ::= { dsaConformance 1 } dsaCompliances OBJECT IDENTIFIER ::= { dsaConformance 2 } -- Compliance statements dsaOpsCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMPv2 entities which implement the DSA-MIB for monitoring DSA operations." MODULE -- this module MANDATORY-GROUPS { dsaOpsGroup } ::= { dsaCompliances 1 } dsaEntryCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMPv2 entities which implement the DSA-MIB for monitoring DSA operations, entry statistics and cache performance." MODULE -- this module MANDATORY-GROUPS { dsaOpsGroup,dsaEntryGroup } ::= { dsaCompliances 2 } dsaIntCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION " The compliance statement for SNMPv2 entities which implement the DSA-MIB for monitoring DSA operations and the interaction of the DSA with peer DSAs." MODULE -- this module MANDATORY-GROUPS { dsaOpsGroup, dsaIntGroup } ::= { dsaCompliances 3 } Expires: March 16, 1994 [Page 16] Internet Draft September 1993 -- Units of conformance dsaOpsGroup OBJECT-GROUP OBJECTS {dsaAnonymousBinds, dsaUnauthBinds, dsaSimpleAuthBinds, dsaStrongAuthBinds, dsaBindSecurityErrors,dsaInOps, dsaReadOps, dsaCompareOps, dsaAddEntryOps, dsaRemoveEntryOps, dsaModifyEntryOps, dsaModifyRDNOps, dsaListOps, dsaSearchOps, dsaOneLevelSearchOps, dsaWholeTreeSearchOps,dsaReferrals, dsaChainings, dsaSecurityErrors, dsaErrors} STATUS current DESCRIPTION " A collection of objects for monitoring the DSA operations." ::= { dsaGroups 1 } dsaEntryGroup OBJECT-GROUP OBJECTS {dsaMasterEntries, dsaCopyEntries, dsaCacheEntries, dsaCacheHits, dsaSlaveHits} STATUS current DESCRIPTION " A collection of objects for monitoring the DSA entry statistics and cache performance." ::= { dsaGroups 2 } dsaIntGroup OBJECT-GROUP OBJECTS {dsaName, dsaTimeOfCreation, dsaTimeOfLastAttempt, dsaTimeOfLastSuccess,dsaFailuresSinceLastSuccess,dsaFailures, dsaSuccesses} STATUS current DESCRIPTION " A collection of objects for monitoring the DSA's interaction with peer DSAs." ::= { dsaGroups 3 } END 6. Acknowledgements ==================== This draft is the product of discussions and deliberations carried out in the following working groups ietf-madman-wg ietf-madman@innosoft.com wide-isode-wg isode-wg@wide.ad.jp wide-netman-wg netman-wg@wide.ad.jp Expires: March 16, 1994 [Page 17] Internet Draft September 1993 7. References ============== [1] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Structure of Management Information for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC1442, SNMP Research,Inc., Hughes LAN Systems, Dover Beach Consulting, Inc., Carnegie Mellon University,April 1993. [2] McCloghrie, K., and Rose,M., Editors, "Management Information Base for Network Management of TCP/IP-based internets: MIB-II", STD 17, RFC 1213, Hughes LAN Systems, Performance Systems International, March 1991. [3] Galvin, J., McCloghrie, K., " Administrative Model for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1445, Trusted Information Systems, Hughes LAN Systems, April 1993. [4] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Protocol Operations for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC1448, SNMP Research,Inc., Hughes LAN Systems, Dover Beach Consulting, Inc., Carnegie Mellon University, April 1993. [5] CCITT, "Data Communication Networks: Directory", Recommendations X.500-X.521, December 1988. [6] Freed, N., Kille, S., "The Network Services Monitoring MIB", Internet Draft, August 18, 1993. [7] Grillo, P., Waldbusser, S., "Host Resources MIB", Internet Draft, June, 1993. [8] Kille, S., "A String Representation of Distinguished Names", RFC 1485, July,1993. [9] Kille, S., Huizer,E., Cerf, V., Hobby, R., Kent, S., "A Strategic Plan for Deploying an Internet X.500 Directory Service", RFC1430, February, 1993. Expires: March 16, 1994 [Page 18] Internet Draft September 1993 Security Considerations. ======================== Security issues are not discussed in this memo. Authors' Addresses ================== Glenn Mansfield Steve E. Kille AIC Systems Laboratories ISODE Consortium 6-6-3 Minami Yoshinari The Dome, The Square Aoba-ku, Sendai 989-32 Richmond TW9 1DT Japan. UK. Phone: +81-22-279-3310 Phone:+44-81-332-9091 Email: glenn@aic.co.jp Email:S.Kille@isode.com Expires: March 16, 1994 [Page 19]