Deployment Report for RFCs 1905-7

RFC1905-1907 have been updated in internet drafts, and have been through working group last call. These documents are included in what is known as SNMPv2c, an experimental intermediate protocol that bridges that gap between SNMPv1 and SNMPv3, and they are part of SNMPv3 by reference.

SNMPv2c and SNMPv3 have been implemented in a number of products that are widely recognized as having the leading market shares in the SNMP community. These include HP OpenView, Tivoli's NetSight, and Aprisma's (aka Cabletron) Spectrum management platforms.

A number of market-leading interworking equipment vendors have had SNMPv2c and SNMPv3 incorporated into their firmware for years, most notably Cisco. SNMPv2C and SNMPv3 have been widely available in the leading SNMP toolkits, such as SNMP Research, Net-SNMP, and the libsmi tools from the University of Braunschweig. Each of these products offer tri-lingual stacks, including SNMPv1, SNMPv2C, and SNMPv3 support. Unfortunately few customers of these products have chosen to file deployment reports.

We have the following reports of deployment:

@Home has deployed SNMPv3 in its cable modem network, following the DOCSIS 1.1 standard. This is by far the largest deployment reported. We have had no reports of scalability problems. Manager implementations were from Objective Systems' NetExpert, SNMP Research's BRASS toolkit, and UCDavis UNIX. Agent implementations were from cisco systems and Extreme Networks. No interoperability problems were discovered for the tested and used features.

Verio has a division that has been deploying SNMPv3, although the going is slow. Carl Kalbfleisch is the contact person for this report.

Tom Lehman presented a report from CAIRN. They are attempting to do more effective monitoring with SNMPv3. Today they mainly use web servers with ssl to go to ssl servers which run scripts to collect and manipulate information. The current versions of the scripts use RSH to collect the information, they would like to modify the scripts to use SNMPv3. Tom presented a slide with a CAIRN diagram which gives a better illustrations of this deployment (the slide will be submitted for inclusion in the IETF proceedings).

  • The CAIRN web site is: www.cairn.net
  • The contact person is: Jaroslav Flidr

Sonus Networks reports having implemented and deployed the following new features in the GSX9000 Open Services Switch, System 9200, and PSX6000 SoftSwitch products. Our Insight Element Management System (NMS) uses these new features to manage the aforementioned products through SNMPv2C; these products support SNMPv1 and SNMPv2C.

NDS Technologies Israel Ltd. Reports using the Emanate toolkit from SNMP Research. Some of our installations use SNMPv2 traps. Our management applications, most of which are based on another SNMP Research product process both v1 and v2 traps.

IBM OS/390 division reports: The Communications Server for OS/390 product (which is the TCP/IP implementation on the MVS operating system) picked up a code base provided by IBM Research that implemented most of the features listed below. Most of the features have been in use by customers since the product became available in September, 1997.

RFC1905 New Features

  • GetBulk - implemented and available to customers since September 1997
  • Inform - implemented at the agent only; available to customers since September 2000
  • Snmpv2Trap - implemented and available to customers since September 1997
  • New error codes - implemented and available to customers since September 1997
  • Exceptions - implemented and available to customers since September 1997

RFC1906 New Features

  • SNMPv2 over UDP - implemented and available to customers since September 1997

RFC1907 New Features

  • The System Group - implemented and available to customers since September 1997
  • The SNMP Group - implemented and available to customers since September 1997
  • Well-known Traps - implemented and available to customers since September 1997
    • However, we do not support the warmStart trap.
  • The Set Group - implemented and available to customers since September 1997

Because we receive occasional requests from our service team to help on SNMP problems, we are aware that customers are in fact using SNMPv2. Most customer calls we have assisted on have been with configuration problems related to our implementation, not the features discussed above.

SNMP Research has deployed SNMPv3 on nearly every host and device on our network (the exceptions being ancient hardware, and the router discussed later in this paragraph). While our largest use is as a testbed for our agent and management products, we do use SNMPv2/3 as a monitoring tool, and increasingly as a configuration tool. We currently only have one core device that does not do SNMPv3, and that is the gateway router supplied by our ISP. The software is available, but SNMPv2c is adequate for both SNMP Research's and Genuity's monitoring requirements on this device.

Wes Hardaker (hardaker@tislabs.com) presented the results of the Net-SNMP survey that he ran. They were attempting to get information on what people are using SNMP for and which version of SNMP is being used. Some of the results that were thought to be of particular interest to the WG were that some folks are using v2c or v3 without using v1 and that v2c is in wide use but v3 has not yet been used quite as widely. He also found that the range of the number of hosts per site was much broader for v1 sites than for v3 sites. When asked why they didn't use v3, many people stated that it was because it isn't available on the equipment they use. At least some of these folks would seem to be confused since the equipment that they indicated they managed does support v3. Lastly, Wes also asked what else the respondents wanted in v3. A number of them were content with v3 as it currently exists while others did have some additional desires. The leading desires on the list seemed to be bulk transfer (mostly with some sort of filtering at the agent side). Some other confused folks were asking for security. For more information from this survey can be seen at http://www.netsnmp.org/report In another section of the meeting, a participant stated that SNMPv3 was not being considered at his company due to a lack of integration with RADIUS and the lack of easy centrally controlled management.

Approximate number of net-snmp downloads: 18,000

Does your company use snmp to manage their network: yes=50, no=15

Does your company produce SNMP related software: yes=33, no=32

Does your company use SNMPv1: yes=33, no=11

Does your company use SNMPv2c: yes=49, no=14

Does your company use SNMPv3: yes=14, no=44

How many SNMP enabled hosts are you using: very wide range, average around 1000-10000 or so.

How many SNMPv3 enabled hosts/systems/boxes are you using? results: 0, 1, 2, 3, 7, 10, 20, 50, 80, 100, 500, 850, >1000

If not using SNMPv3, why? (some of) Results:

  • 20 not supported on (at least some of) the hardware/software in use (note that a fair number of these were HPOV based, because they hadn't bought the extension (or weren't aware of it)) (many notes said some boxes do, some don't and they need ALL to support it before switching)
  • 7 in process of switching now
  • 5 no time to make the switch
  • 4 customers not asking for it or it's not needed
  • 3 only need monitoring
  • 3 it's complexity makes it hard
  • 3 not needed in an otherwise secure environment (local lan)
  • 3 don't know enough about it
  • 2 Not enough memory in current shipping products
  • 1 not a standard

MG-SOFT has a full implementation of the current SNMPv3 RFCs. Interoperability tests with implementations of other major SNMPv3 vendors were conducted from late 1998 and sucessfully concluded in May 1999, when 257x RFCs were published.

The MG-SOFT's SNMPv3 engine is mostly marketed as a part of MG-SOFT network management software (MIB Browser Pro., Net Inspector, SNMP MIB Query Manager, Trap Ringer Pro, etc) and as a SNMPv3 SDK (and therefore used as a part of SNMPv3 agent or manager applications built by MG-SOFT's customers who purchased the SNMPv3 SDK). As of today, MG-SOFT has thousands of users who have licensed SNMPv3 products in ar least one of the above two forms - a brief list of for MG-SOFT's cutomers is given on our web page at http://www.mg-soft.com/profile.html

According to the feedback that we receive from our customers, MG-SOFT's SNMPv3 products are used for the following 3 main purposes:

  1. managing or monitoring SNMPv3 devices deployed at customer's site,
  2. debugging and interoperability testing of other SNMPv3 implementations that customers are developing and
  3. as a base for third party SNMPv3 management applications, based on MG-SOFT's WinSNMPv3 API.

Summary:

This report shows that RFCs1905, 1906, and 1907 have been deployed in networks large and small. With the primarily typographical and editorial corrections made in the internets drafts which went through working group last call, it is the consensus of the working group that these documents should be advanced to full standard.

SNMPv3 co-chairs Dave Harrington and Russ Mundy