[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

submitted draft-ietf-snmpconf-diffpolicy-08.txt



Greetings,

I have now submitted draft-ietf-snmpconf-diffpolicy-08.txt to the
I-D people.  This update reflects changes after Bert's AD review.
The I-D should appear soon.

The changes are in the diff below.  I've removed all of the
administrivia stuff (-07 to -08 and so on).  Also not reflected
in the diff is moving the reference to the PM MIB from normative
to informational references.

It's not a diff you can feed into patch, so don't try.

Cheers,

Harrie and David

@@ -77,7 +77,7 @@
 Abstract
 
    This memo describes a MIB module that provides a conceptual layer
-   between high-level "network-wide" policy definitions that affect
+   between high-level "network-wide" policy definitions that effect
    configuration of the Differentiated Services (diffserv) subsystem and
    the instance-specific information that would include such details as
    the parameters for all the queues associated with each interface in a
@@ -209,7 +210,8 @@
    used in combination with the Policy-based Management MIB module
    [PMMIBDR], but that is not a requirement. Without the Policy-based
    Management MIB module, a management application must emulate behavior
-   provided by the Policy-based Management MIB using equivalent
+   provided by the Policy-based Management MIB using equivalent "low-
+   level" SNMP operations in normal manager/agent communication.
 
    Together, this memo and [RFC3289] and [PMMIBDR] represent an instance
    of an integrated architecture for both device-specific and network-
@@ -245,12 +246,13 @@
 
    It is assumed that the reader is familiar with Differentiated
    Services ([RFC2474] and [RFC2475]), the Policy-based Management MIB
-   ([PMMIBDR]) and the BCP entitled "Configuring Networks and Devices
-   With SNMP" ([RFC3512]).  These documents include all of the necessary
-   terminology for understanding this memo.  [RFC3512] also provides an
-   example MIB module which may help in understanding the relationship
-   between DIFFSERV-CONFIG-MIB and the Differentiated Services MIB in
-   [RFC3289].
+   ([PMMIBDR]) and "Configuring Networks and Devices With SNMP"
+   ([RFC3512]).  These documents include all of the necessary
+   terminology for understanding this memo.  Note, though, that use of
+   the MIB module in this memo does not require the use of [PMMIBDR].
+   [RFC3512] also provides an example MIB module which may help in
+   understanding the relationship between DIFFSERV-CONFIG-MIB and the
+   Differentiated Services MIB in [RFC3289].
 
 
 4.  Relationship to other MIBs
@@ -269,7 +271,8 @@
    of elements on a particular device, a table for representing the
    capabilities of a device with respect to policy management, a table
    for referencing elements affected by a policy, as well as other
-   infrastructure.
+   infrastructure.  There is no requirement that [PMMIBDR] be used in
+   conjunction with the MIB module defined in this memo.
 
    See [PMMIBDR] for a full description of the policy-based
    configuration framework it provides.
@@ -491,7 +495,8 @@
    stream. Then, with the policy-based configuration concept as defined
    in this document and in [PMMIBDR], a traffic marking configuration
    will be applied.  The example will walk the reader through all of the
-   steps involved in this process.
+   steps involved in this process.  Again, the use of [PMMIBDR] is
+   simply as an example and is not required.
 
       NOTE WELL:  For brevity and clarity, the example does not always
       show the complete entry (row) of a table. The only objects shown
@@ -1216,7 +1217,9 @@
           may differ.  It may very well be that the agent is
           not capable of detecting such changes and therefore,
           the management application should verify the correct
-          configuration after a reboot."
+          configuration after a reboot.  Rows with a StorageType
+          of 'permanent' do not need to allow write access to
+          any of the columnar objects in that row."
        DEFVAL { nonVolatile }
        ::= { diffServConfigEntry 6 }
 
@@ -1226,23 +1229,24 @@
        STATUS         current
        DESCRIPTION
           "RowStatus object used for creation and deletion of
-          rows in this table."
-       DEFVAL { notInService }
-       ::= { diffServConfigEntry 7 }
+          rows in this table.  All writable objects in this row
+          may be modified at any time."
+       DEFVAL { notInService }
+       ::= { diffServConfigEntry 7 }
 
@@ -1313,24 +1373,34 @@
    In addition, the managed objects of the DIFFSERV-MIB are also
    security sensitive, since unauthorized changes may cause
    configuration changes. For more detail, refer to [RFC3289].
 
+   Allowing read access to objects in this MIB module is generally not
+   considered sensitive, as read access only provides information that a
+   template exists.  This is due to the fact that the managed objects
+   that actually instantiate the template are in the DIFFSERV-MIB
+   [RFC3289].  However, in environments where the template description
+   (diffServConfigDescr) or owner (diffServConfigOwner) is considered
+   sensitive information, appropriate access control should be exercised
+   for these objects.
+
    SNMP versions prior to SNMPv3 did not include adequate security.
    Even if the network itself is secure (for example by using IPSec),
    there is no control as to who on the secure network is allowed to