This section presents an example configuration by which a SNMPv2 management station may manage network elements that do not themselves support the SNMPv2. This configuration centers on a SNMPv2 proxy agent that realizes SNMPv2 management operations by interacting with a non-SNMPv2 device using a proprietary protocol.
Table 9 presents information about SNMPv2 parties that is recorded in the SNMPv2 proxy agent's local database of party information. Table 10 presents information about proxy relationships that is recorded in the SNMPv2 proxy agent's local database of context information. Table 11 presents information about SNMPv2 parties that is recorded in the SNMPv2 management station's local database of party information. Table 12 presents information about the database of access policy information specified by the local administration.
Identity groucho chico harpo (manager) (proxy agent) (proxy dst) Domain snmpUDPDomain snmpUDPDomain acmeMgmtPrtcl Address 188.8.131.52, 2002 184.108.40.206, 161 0x98765432 Auth Prot v2md5AuthProtocol v2md5AuthProtocol noAuth Auth Priv Key "0123456789ABCDEF" "GHIJKL0123456789" "" Auth Pub Key "" "" "" Auth Clock 0 0 0 Auth Lifetime 300 300 0 Priv Prot noPriv noPriv noPriv Priv Priv Key "" "" "" Priv Pub Key "" "" "" Table 9: Party Information for Proxy Agent Context Proxy Destination Proxy Source Proxy Context ducksoup harpo n/a n/a Table 10: Proxy Relationships for Proxy Agent Identity groucho chico (manager) (proxy agent) Domain snmpUDPDomain snmpUDPDomain Address 220.127.116.11, 2002 18.104.22.168, 161 Auth Prot v2md5AuthProtocol v2md5AuthProtocol Auth Priv Key "0123456789ABCDEF" "GHIJKL0123456789" Auth Pub Key "" "" Auth Clock 0 0 Auth Lifetime 300 300 Priv Prot noPriv noPriv Priv Priv Key "" "" Priv Pub Key "" "" Table 11: Party Information for Management Station Target Subject Context Privileges chico groucho ducksoup 35 (Get, GetNext & GetBulk) groucho chico ducksoup 132 (Response & SNMPv2-Trap) Table 12: Access Information for Foreign Proxy
As represented in Table 9, the proxy agent party operates at UDP port 161 at IP address 22.214.171.124 using the party identity chico; and, the example manager operates at UDP port 2002 at IP address 126.96.36.199 using the identity groucho. Both groucho and chico authenticate all messages that they generate by using the protocol v2md5AuthProtocol and their distinct, private authentication keys. Although these private authentication key values ("0123456789ABCDEF" and "GHIJKL0123456789") are presented here for expository purposes, knowledge of private keys is not normally afforded to human beings and is confined to those portions of the protocol implementation that require it.
The party harpo does not send or receive SNMPv2 protocol messages; rather, all communication with that party proceeds via a hypothetical proprietary protocol identified by the value acmeMgmtPrtcl. Because the party harpo does not participate in the SNMPv2, many of the attributes recorded for that party in the local database of party information are ignored.
Table 10 shows the proxy relationships known to the proxy agent. In particular, the SNMPv2 context ducksoup refers to a relationship that is satisfied by the party harpo. (The transport domain of the proxy destination party determines the interpretation of the proxy source and proxy context identities - in this case, use of the acmeMgmtPrtcl indicates that the proxy source and context identities are ignored.)
In order to interrogate the proprietary device associated with the party harpo, the management station groucho constructs a SNMPv2 GetNext request contained within a SnmpMgmtCom value which references the SNMPv2 context ducksoup, and transmits it to the party chico operating (see Table 11) at UDP port 161, and IP address 188.8.131.52. This request is authenticated using the private authentication key "0123456789ABCDEF".
When that request is received by the party chico, the originator of the message is verified as being the party groucho by using local knowledge (see Table 9) of the private authentication key "0123456789ABCDEF". Because party groucho is authorized to issue GetNext (as well as Get and GetBulk) requests with respect to party chico and the SNMPv2 context ducksoup by the relevant access control policy (Table 12), the request is accepted. Because the local database of context information indicates that the SNMPv2 context ducksoup refers to a proxy relationship, the request is satisfied by its translation into appropriate operations of the acmeMgmtPrtcl directed at party harpo. These new operations are transmitted to the party harpo at the address 0x98765432 in the acmeMgmtPrtcl domain.
When and if the proprietary protocol exchange between the proxy agent and the proprietary device concludes, a SNMPv2 Response management operation is constructed by the SNMPv2 party chico to relay the results to party groucho again referring to the SNMPv2 context ducksoup. This response communication is authenticated as to origin and integrity using the authentication protocol v2md5AuthProtocol and private authentication key "GHIJKL0123456789" specified for transmissions from party chico. It is then transmitted to the SNMPv2 party groucho operating at the management station at IP address 184.108.40.206 and UDP port 2002 (the source address for the corresponding request).
When this response is received by the party groucho, the originator of the message is verified as being the party chico by using local knowledge (see Table 11) of the private authentication key "GHIJKL0123456789". Because party chico is authorized to issue Response communications with respect to party groucho and SNMPv2 context ducksoup by the relevant access control policy (Table 12), the response is accepted, and the interrogation of the proprietary device is complete.
It is especially useful to observe that the local database of party information recorded at the proxy agent (Table 9) need be neither static nor configured exclusively by the management station. For instance, suppose that, in this example, the acmeMgmtPrtcl was a proprietary, MAC-layer mechanism for managing stations attached to a local area network. In such an environment, the SNMPv2 party chico would reside at a SNMPv2 proxy agent attached to such a LAN and could, by participating in the LAN protocols, detect the attachment and disconnection of various stations on the LAN. In this scenario, the SNMPv2 proxy agent could easily adjust its local database of party information to support indirect management of the LAN stations by the SNMPv2 management station. For each new LAN station detected, the SNMPv2 proxy agent would add to its local database of party information an entry analogous to that for party harpo (representing the new LAN station itself), and also add to its local database of context information an entry analogous to that for SNMPv2 context ducksoup (representing a proxy relationship for that new station in the SNMPv2 domain).
By using the SNMPv2 to interrogate the local database of party information held by the SNMPv2 proxy agent, a SNMPv2 management station can discover and interact with new stations as they are attached to the LAN.