and Call for the IETF to Reconvene the Open Standardization Process
Las Vegas, Nevada, April 2, 1996 - Several major vendors joined together today in an SNMPv2* Technology Demonstration showing agents residing in workstations, switches, routers, hubs, and mid-level managers communicating securely with management stations over InteropNet ®, the Networld+Interop show network. The demo also highlights remote configuration using SNMPv2* technology.
Participating vendors in the SNMPv2* Technology Demonstration include:
The Interop SNMPv2* Technology Demonstration marks a turning point for secure SNMP-based management, and is one half of a two-pronged strategy to accelerate progress toward the standardization and industry acceptance of a single common standard for the next generation of management, dubbed SNMPng.
The other half of the strategy is to encourage the Internet Engineering Task Force (IETF) to re-start the SNMP standardization process which has been stalled since last summer. The vendors participating in the SNMPv2* Technology Demonstration, coauthored a formal recommendation and submitted their request to the IETF leadership in late March.
The participants in the SNMPv2* Technology Demonstration are showing some of the positive aspects of the SNMPv2* design using their implementations as well as jointly calling for the IETF to restart the open standardization process.
These two complementary strategic efforts lead toward the goal of having a single set of acceptable specifications become both an IETF standard and a de facto industry standard resulting from widespread market acceptance. Multivendor support of these two strategic efforts is key because it accelerates progress toward the shared goal of a single standard.
"Addressing both SNMP security and security administration while protecting the existing investment in SNMPv1 solutions is a critical customer issue that needs to be addressed immediately by the vendor community and the IETF," remarked Dave Stevens, product line manager for network management at Bay Networks. "The SNMPv2* proposal is a pragmatic solution to these critical requirements that also forms an excellent foundation for SNMPng."
The theme of the demonstration is "Good Ideas Coming Together." The vendors participating in the Technology Demonstration believe that both SNMPv2U (nee USEC) and SNMPv2* (which is heavily based on USEC) have multiple good ideas and each is close to being a standard. However, they feel that selecting one of them now as an IETF standard, to the exclusion of the other, would be a mistake. The SNMPv2* Technology Demonstration participants prefer that the next generation of SNMP standards (SNMPng) be based on the best ideas of each approach using a fair and open process.
The vendors participating in the SNMPv2* Technology Demonstration are exhibiting the interoperability of their trilingual implementations of SNMPv1 (RFC 1157), SNMPv2c (RFCs 1901-1908), and SNMPv2*. The demonstration includes secure communication between managers and agents as well as manager-to-manager communications.
The demo highlights remote configuration using SNMPv2* technology. For example, the demo shows how a network administrator at an HP OpenView Network Node Manager console can quickly and easily use a graphical user interface (GUI) to securely configure remote agents and managers including frequent but routine operations such as creating and disabling users and related maintenance chores.
Proving ease-of-use is key since past attempts to add security to the SNMP framework were unsuccessful to a large extent because they placed an unacceptably high configuration burden on administrators. While the security and administrative framework had been shown to be implementable and interoperable, they were often criticized as too difficult for the average network administrator to deploy, configure, and use. Furthermore, the former remote configuration mechanisms also resulted in a large agent memory requirements which further inhibited widespread acceptance of those earlier attempts.
As this demo shows, the simplified user-based remote configuration in SNMPv2* significantly reduces the size of the agent memory required and thereby reduces agent cost--and has increased vendor willingness to implement SNMPv2* in agents.
However, while the SNMPv2* design is sensitive to the need to minimize the cost of agent implementations, it is also sensitive to the needs of management stations and applications. The level of participation in the demonstration shows that it has also increased vendor willingness to implement SNMPv2* in management stations and applications.
Adoption by management station and application implementations was a failure of past attempts to add security to the SNMP framework and reversing this was an explicit goal of the of SNMPv2* authors, many of whom are implementers of SNMP management stations and applications. The SNMPv2* authors are:
David Harrington, Cabletron;
David Levi, SNMP Research;
Brian O'Keefe, Hewlett Packard;
Jon Saperia, BGS; and
Steve Waldbusser, International Network Services.
Most of the SNMPv2* authors will participate in the SNMPv2* Technology Demonstration by meeting with visitors and answering their questions about the technology.
"BGS is pleased to to participate in the SNMPv2* Technology Demonstration with our new BEST/1 Network Product which builds on 20 years experience providing performance and capacity management products," said Jon Saperia, Software Engineering Manager for BGS Systems in Waltham, MA. "This participation provides a good way to obtain implementation feedback which can improve the SNMPv2* specifications and thereby provide a good foundation for SNMPng. This demonstration shows how the SNMPv2* Technology makes it easy to integrate sophisticated management applications into a mixed environment of agents and managers," said Saperia.
The IETF leadership has stated a hope that this sort of implementation feedback will enrich the knowledge and experience of the community, and will be used as input into future standardization efforts, and to a large extent, this demonstration is the realization of that hope.
Restarting SNMP Standardization Efforts in the IETF
Efforts to define an acceptable standard for security, the administrative framework, and remote configuration have been on hold since September 1995 when the IETF SNMP Working Group was unable to reach agreement on these aspects. Since that time, the IETF has:
SNMPv2* is actually a set of extensions to SNMPv1 and SNMPv2c which add multiple key features including an administrative framework (including authentication, authorization, access control, and privacy), plus remote configuration MIB objects for ease of administration.
SNMPv2* also supports the level of smooth coexistence and transition required to preserve customer investment in the vast installed base of SNMP-based management. The multi-lingual nature of the demonstration shows the effectiveness of the approach.
"HP is today shipping Network Node Manager with support for communications with SNMPv1 and SNMPv2c devices and agents" said Gordon MacKinney of HP's Network and System Management Division. "The pressure to deliver a secure management protocol is increasing and HP is committed to finding a solution which is standard, easy to administer, and protects our customer's investments in existing equipment and systems. SNMPv2* meets most of our criteria for an acceptable standard. We want to encourage the IETF to begin work immediately with the express goal of combining the best features of the competing proposals so that we may offer a standard solution to our customers as quickly as possible."
There are multiple sets of specifications which propose solutions to portions of the missing security, administrative framework, and remote configuration aspects. One is SNMPv2*; the other leading one is SNMPv2U (RFC 1909-1910).
These two sets of specifications have much in common. It is generally agreed that each of these specifications is superior to the party-based design found in the now historic RFCs 1445-1447. Both SNMPv2* and SNMPv2U are based on the SNMPv2 RFCs (1902-1908).
It is also generally agreed that it will be best for vendors and customers alike if a single standard is adopted by both the IETF and by the market. Consequently, the request forwarded to the IETF recommends development of SNMPng based on the best aspects of SNMPv2U and SNMPv2*.
"SNMPng will represent the best of three worlds," remarked Steve Waldbusser, principal architect at International Network Services, Mountain View, CA. "It brings together the good ideas found in SNMPv2U and SNMPv2*, while building on the solid foundation of SNMPv2."
For the past few years, customers have been frustrated by the delay involved in moving secure SNMP to the marketplace. In contrast to the fate of earlier secure SNMP specifications, including RFCs 1445, 1446, 1447, the current thrust toward SNMPng stands a much greater chance of timely progress because major vendor participation is occurring much earlier in the cycle.
However, some of these vendors are being careful to avoid the appearance of taking sides in the controversy and all of the vendors in the SNMPv2* Technology Demonstration are committed to supporting the results of the open SNMPng process when it is completed.
"Cisco is experimenting with SNMPv2* and SNMPv2USEC to help its users obtain interoperability and implementation experience," said Robert Snyder, Manager, IOS Embedded Management Group, at Cisco systems. "We feel this will assist the dialogue of the SNMP community and help move the standards process forward. We plan to participate in demonstrations of both technologies and are working with these pre-IETF specifications to help refocus conversations around outstanding technical issues."
End-users are well aware of the benefits made possible by completion of a single standard.
"We would very much like to see security in SNMP soon," said Johnny Walker, Senior Analyst for BellSouth Telecommunications. "BellSouth views secure management as a critical requirement for moving beyond mere monitoring toward full management and control. We are encouraged by progress in this regard."
"Meeting the security requirements of our customers is of paramount importance to all of the vendors participating in the SNMPv2* Technology Demonstration," noted Jeff Case, President of SNMP Research, Incorporated. "We are pleased to have been able to team with other vendors in this demonstration and in calling for new IETF efforts. This team will be a key factor in moving the industry forward toward delivering a standards-based solution to management security issues."
SNMP Research International produces a complete family of management products based on SNMPv1, SNMPv2c, SNMPv2*, and other protocols for agents, management stations, and mid-level managers. These products form the basis of many of today's SNMP products offered by leading networking companies. The founder of SNMP Research, Dr. Jeff Case, has long been a contributor in the area of SNMP and has authored or coauthored many standards documents and articles on the topic. As a result of his efforts, SNMP Research is in a leadership position with respect to defining the standards and constructing implementations based on SNMP, the standard protocol for TCP/IP management.
For further information, contact SNMP Research International, Inc.
3001 Kimberlin Heights Road