[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: snmpconf 11. Setcli accessor function - Item to be resolved on email list

Given that even with setcli the scripts will have to be customized, the 
answer to "how do we do this now" is one small step short of standardizing 
setcli.  We recognize that vendor extensions are inevitable.  We document 
(as with SNMP) where vendor extensions go so that they do not colide with 
standard items (it does not matter in this case if they colide with another 
vendors extensions).  And we leave it at that.  If the vendor decides that 
setcli (or system, or ...) is the right answer, they can do that.  If they 
decide that some more specific escape functions are what are needed, they 
can do that.  And the question of how the mechanisms should itneract with 
both the standard SNMP security and the vendor's own security mechanism is 
then clearly up to the vendor.

After all, there is no way we can mandate a useful setcli function when we 
can not say what it will do.  So putting setcli in the spec does not 
actually ensure that the vendors give the users sufficient hooks to 
actually solve the problem.

Joel M. Halpern

At 12:50 PM 1/23/01 +0000, David Partain wrote:
>David Durham wrote, regarding setcli():
> > I would like to add my voice to the chorus dismissing a setcli accessor
> > function as a *REALLY* bad idea.
> >
> > David, we are here to do the right thing from the perspective of promoting
> > real standards. Promoting this subversive "ugly hack" runs exactly to the
> > contrary of that goal. Allowing the current bad habits to continue 
> under the
> > guise of a standard is akin to providing all the booze you want to drink at
> > the local alcohol rehab center.
>On a fundamental level, I _absolutely_ agree with you.
>What I don't know how to do, given what you write, is how
>to solve the _immediate_ problem of managing very complex,
>large networks with IPsec/diffserv capabilities.
>Assuming we do not add setcli(), how are we going to be able to
>deliver products which can be used to networks that exist today?
>Because I couldn't answer that question to my own satisfaction,
>I grudgingly accepted the idea of a setcli().  I'd be thrilled
>if there were another answer.
>I would also note that having a CLI driver is exactly what most
>"policy-based management" systems today use for configuring a
>large subset of the devices that exist today.  This is no worse
>than that, and, in my opinion, is a step forward by integrating
>the SNMP capability that we have and is being added.
>With kind regards,
>David Partain                  David.Partain@ericsson.com
>Ericsson Radio Systems AB      Tel:    +46 13 28 41 44
>Research and Innovation        Fax:    +46 13 28 75 67
>P.O. Box 1248
>SE-581 12  Linköping, Sweden