idnits 2.17.1 draft-asai-vmm-mib-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (July 30, 2012) is 4281 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2863' is defined on line 1051, but no explicit reference was found in the text ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Downref: Normative reference to an Informational RFC: RFC 1215 ** Downref: Normative reference to an Historic RFC: RFC 1901 ** Obsolete normative reference: RFC 2573 (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (Obsoleted by RFC 3415) ** Downref: Normative reference to an Informational RFC: RFC 3410 Summary: 6 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 OPSAWG H. Asai 3 Internet-Draft Y. Sekiya 4 Intended status: Standards Track The University of Tokyo 5 Expires: January 31, 2013 K. Shima 6 IIJ Innovation Institute Inc. 7 H. Esaki 8 The University of Tokyo 9 July 30, 2012 11 Management Information Base for the Virtual Machine Manager 12 draft-asai-vmm-mib-00 14 Abstract 16 This document defines a portion of the Management Information Base 17 (MIB) for use with network management protocols in the Internet 18 community. In particular, this specifies managed objects that are 19 used for virtual machine managers (a.k.a. hypervisors) and virtual 20 machines running on them. 22 Status of this Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on January 31, 2013. 39 Copyright Notice 41 Copyright (c) 2012 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 58 2. The SNMP Network Management Framework . . . . . . . . . . . . 4 59 3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 60 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 61 5. Security Considerations . . . . . . . . . . . . . . . . . . . 25 62 6. Normative References . . . . . . . . . . . . . . . . . . . . . 27 63 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 29 65 1. Introduction 67 This document defines a portion of the Management Information Base 68 (MIB) for use with network management protocols in the Internet 69 community. In particular, this specifies managed objects that are 70 used for virtual machine managers (a.k.a. hypervisors) and virtual 71 machines running on them. A virtual machine manager manages multiple 72 virtual machines on a single physical machine by allocating resources 73 to each virtual machine using virtualization technologies. Thus, the 74 MIB objects include information on virtual CPUs, virtual storages, 75 and virtual netwrok interfaces of virtual machines as well as 76 hypervisor's hardware and software information. 78 1.1. Requirements Language 80 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 81 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 82 document are to be interpreted as described in RFC 2119. 84 2. The SNMP Network Management Framework 86 The SNMP Network Management Framework presently consists of three 87 major components; 89 o An overall architecture, described in RFC 3411 [RFC3411] 91 o Mechanisms for describing and naming objects and events for the 92 purpose of management. The first version of this Structure of 93 Management Information (SMI) is called SMIv1 and described in STD 94 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 1215 95 [RFC1215]. The second version, called SMIv2, is described in STD 96 58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 [RFC2580]. 98 o Message protocols for transferring management information. The 99 first version of the SNMP message protocol is called SNMPv1 and 100 described in STD 15, RFC 1157 [RFC1157]. A second version of the 101 SNMP message protocol, which is not an Internet standards track 102 protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] 103 and RFC 3417 [RFC3417]. The third version of the message protocol 104 is called SNMPv3 and described in RFC 3412 [RFC3412], RFC 3414 105 [RFC3414] and RFC 3417 [RFC3417]. 107 o Protocol operations for accessing management information. The 108 first set of protocol operations and associated PDU formats is 109 described in STD 15, RFC 1157 [RFC1157]. A second set of protocol 110 operations and associated PDU formats is described in RFC 3416 111 [RFC3416]. 113 o A set of fundamental applications described in RFC 2573 [RFC2573] 114 and the view-based access control mechanism described in RFC 2575 115 [RFC2575]. 117 A more detailed introduction to the current SNMP Management Framework 118 can be found in RFC 3410 [RFC3410]. 120 Managed objects are accessed via a virtual information store, termed 121 the Management Information Base or MIB. Objects in the MIB are 122 defined using the mechanisms defined in the SMI. 124 This document specifies a MIB module that is compliant to the SMIv2. 125 A MIB conforming to the SMIv1 can be produced through the appropriate 126 translations. The resulting translated MIB must be semantically 127 equivalent, except where objects or events are omitted because no 128 translation is possible (use of Counter64). Some machine readable 129 information in SMIv2 will be converted into textual descriptions in 130 SMIv1 during the translation process. However, this loss of machine 131 readable information is not considered to change the semantics of the 132 MIB. 134 3. Definitions 136 VMM-MIB DEFINITIONS ::= BEGIN 138 IMPORTS 139 MODULE-IDENTITY, OBJECT-TYPE, TimeTicks, Counter32, Integer32, 140 mib-2 141 FROM SNMPv2-SMI 142 DisplayString, TEXTUAL-CONVENTION 143 FROM SNMPv2-TC 144 InterfaceIndexOrZero 145 FROM IF-MIB; 147 VirtualMachineIndex ::= TEXTUAL-CONVENTION 148 DISPLAY-HINT "d" 149 STATUS current 150 DESCRIPTION 151 "A unique value, greater than zero, for each virtual 152 machine in the managed hypervisor. The value for each 153 virtual machine must remain constant at least from one 154 re-initialization of the entity's hypervisor to the next 155 re-initialization." 156 SYNTAX Integer32 (1..2147483647) 158 VirtualMachineUUID ::= TEXTUAL-CONVENTION 159 DISPLAY-HINT "8X-4X-4X-4X-12X" 160 STATUS current 161 DESCRIPTION 162 "A unique value, a 128-bit value guaranteed to be unique 163 over both space and time represented as a 164 hyphen-punctuated ASCII string of the form 165 `8X-4X-4X-4X-12X', for each virtual machine in the 166 managed hypervisor. See [RFC4122]." 167 SYNTAX DisplayString (SIZE (36)) 169 HypervisorCPUIndex ::= TEXTUAL-CONVENTION 170 DISPLAY-HINT "d" 171 STATUS current 172 DESCRIPTION 173 "A unique value, greater than zero, for each physical 174 CPU on a hypervisor. For the indexes, sequential values 175 are usually used." 176 SYNTAX Integer32 (1..2147483647) 178 VirtualCPUIndex ::= TEXTUAL-CONVENTION 179 DISPLAY-HINT "d" 180 STATUS current 181 DESCRIPTION 182 "A unique value, greater than zero, for each virtual CPU 183 on a virtual machine. For the indexes, sequential 184 values are usually used." 185 SYNTAX Integer32 (1..2147483647) 187 VirtualStorageIndex ::= TEXTUAL-CONVENTION 188 DISPLAY-HINT "d" 189 STATUS current 190 DESCRIPTION 191 "A unique value, greater than zero, for each virtual 192 storage on a virtual machine. The value for each 193 virtual storage must remain constant at least from one 194 re-initialization of the entity's virtual machine to the 195 next re-initialization." 196 SYNTAX Integer32 (1..2147483647) 198 VirtualInterfaceIndex ::= TEXTUAL-CONVENTION 199 DISPLAY-HINT "d" 200 STATUS current 201 DESCRIPTION 202 "A unique value, greater than zero, for each virtual 203 network interface on a virtual machine. For the indexes, 204 sequential values are usually used." 205 SYNTAX Integer32 (1..2147483647) 207 vmm-mib MODULE-IDENTITY 208 LAST-UPDATED "201207300000Z" -- 30 July 2012 209 ORGANIZATION "IETF Operations and Management Area Working Group" 210 CONTACT-INFO 211 " Hirochika Asai 212 The University of Tokyo 213 7-3-1 Hongo 214 Bunkyo-ku, Tokyo 113-8656 215 Japan 217 +81 3 5841 6748 218 panda@hongo.wide.ad.jp" 219 DESCRIPTION 220 "This MIB is for use in managing virtual machines on a 221 hypervisor. The OID `TBD' must be assigned by IANA when 222 this becomes an official 223 document." 224 ::= { mib-2 TBD } 226 -- The hypervisor group 227 -- 228 -- A collection of objects common to all hypervisors. 229 -- 230 hypervisor OBJECT IDENTIFIER ::= { vmm-mib 1 } 232 hvSoftware OBJECT-TYPE 233 SYNTAX DisplayString (SIZE (0..255)) 234 MAX-ACCESS read-only 235 STATUS current 236 DESCRIPTION 237 "A textual description of the hypervisor software. This 238 value should not include its version, and it should be 239 included in `hvSersion'." 240 ::= { hypervisor 1 } 242 hvVersion OBJECT-TYPE 243 SYNTAX DisplayString (SIZE (0..255)) 244 MAX-ACCESS read-only 245 STATUS current 246 DESCRIPTION 247 "A textual description of the version of the hypervisor 248 software." 249 ::= { hypervisor 2 } 251 hvObjectID OBJECT-TYPE 252 SYNTAX OBJECT IDENTIFIER 253 MAX-ACCESS read-only 254 STATUS current 255 DESCRIPTION 256 "The vendor's authoritative identification of the 257 hypervisor software contained in the entity. This value 258 is allocated within the SMI enterprises 259 subtree (1.3.6.1.4.1). Note that this is different from 260 sysObjectID in the SNMPv2-MIB [RFC3418] because 261 sysObjectID is not the identification of the hypervisor 262 software but the device, firmware, or management 263 operating system." 264 ::= { hypervisor 3 } 266 hvUpTime OBJECT-TYPE 267 SYNTAX TimeTicks 268 MAX-ACCESS read-only 269 STATUS current 270 DESCRIPTION 271 "The time (in centi-seconds) since the hypervisor was 272 last re-initialized. Note that this is different from 273 sysUpTime in the SNMPv2-MIB [RFC3418] and hrSystemUptime 274 in the HOST-RESOURCES-MIB [RFC2790] because sysUpTime is 275 the uptime of the network management portion of the 276 system, and hrSystemUptime is the uptime of the 277 management operating system but not the hypervisor 278 software." 279 ::= { hypervisor 4 } 281 -- Physical CPUs 282 hvCpuNumber OBJECT-TYPE 283 SYNTAX Integer32 284 MAX-ACCESS read-only 285 STATUS current 286 DESCRIPTION 287 "The number of physical CPUs (cores) on this hypervisor." 288 ::= { hypervisor 5 } 290 hvCpuTable OBJECT-TYPE 291 SYNTAX SEQUENCE OF HvCpuEntry 292 MAX-ACCESS not-accessible 293 STATUS current 294 DESCRIPTION 295 "A list of hypervisor's CPU entries. The number of 296 entries is given by the value of hvCpuNumber." 297 ::= { hypervisor 6 } 299 hvCpuEntry OBJECT-TYPE 300 SYNTAX VmEntry 301 MAX-ACCESS not-accessible 302 STATUS current 303 DESCRIPTION 304 "An entry containing management information applicable 305 to a particular CPU on this hypervisor." 306 INDEX { hvCpuIndex } 307 ::= { hvCpuTable 1 } 309 HvCpuEntry ::= 310 SEQUENCE { 311 hvCpuIndex HypervisorCPUIndex, 312 hvCpuDeviceIndex Integer32, 313 hvCpuClockRate Integer32 314 } 316 hvCpuIndex OBJECT-TYPE 317 SYNTAX HypervisorCPUIndex 318 MAX-ACCESS read-only 319 STATUS current 320 DESCRIPTION 321 "A unique value, greater than zero, for each physical 322 CPU on this hypervisor. It is recommended that values 323 are assigned contiguously starting from 1." 325 ::= { hvCpuEntry 1 } 327 hvCpuDeviceIndex OBJECT-TYPE 328 SYNTAX Integer32 329 MAX-ACCESS read-only 330 STATUS current 331 DESCRIPTION 332 "The value of hrDeviceIndex which corresponds to this 333 CPU. If this device is not represented in the 334 hvProcessorTable, then this value shall be zero." 335 ::= { hvCpuEntry 2 } 337 hvCpuClockRate OBJECT-TYPE 338 SYNTAX Integer32 339 MAX-ACCESS read-only 340 STATUS current 341 DESCRIPTION 342 "The clock rate (i.e., frequency) of a CPU in KHz. If 343 this property is not available, the value shall be 344 zero." 345 ::= { hvCpuEntry 3 } 347 -- The virtual machine group 348 -- 349 -- A collection of objects common to all virtual machines. 350 -- 351 vms OBJECT IDENTIFIER ::= { vmm-mib 2 } 353 vmNumber OBJECT-TYPE 354 SYNTAX Integer32 355 MAX-ACCESS read-only 356 STATUS current 357 DESCRIPTION 358 "The number of virtual machines (regardless of their 359 current state) present on this hypervisor." 360 ::= { vms 1 } 362 vmTableLastChange OBJECT-TYPE 363 SYNTAX TimeTicks 364 MAX-ACCESS read-only 365 STATUS current 366 DESCRIPTION 367 "The value of sysUpTime at the time of the last creation 368 or deletion of an entry in the vmTable." 369 ::= { vms 2 } 371 vmTable OBJECT-TYPE 372 SYNTAX SEQUENCE OF VmEntry 373 MAX-ACCESS not-accessible 374 STATUS current 375 DESCRIPTION 376 "A list of virtual machine entries. The number of 377 entries is given by the value of vmNumber." 378 ::= { vms 3 } 380 vmEntry OBJECT-TYPE 381 SYNTAX VmEntry 382 MAX-ACCESS not-accessible 383 STATUS current 384 DESCRIPTION 385 "An entry containing management information applicable 386 to a particular virtual machine." 387 INDEX { vmIndex } 388 ::= { vmTable 1 } 390 VmEntry ::= 391 SEQUENCE { 392 vmIndex VirtualMachineIndex, 393 vmName DisplayString, 394 vmUUID VirtualMachineUUID, 395 vmOSType DisplayString, 396 vmAdminState Integer32, 397 vmState Integer32, 398 vmVcpuNumber Integer32, 399 vmCpuTime Counter64, 400 vmMemUnit Integer32, 401 vmMaxMem Integer32, 402 vmMinMem Integer32, 403 vmCurMem Integer32, 404 vmStorageNumber Integer32, 405 vmIfNumber Integer32, 406 vmAutoStart Integer32, 407 vmPersistent Integer32 408 } 410 vmIndex OBJECT-TYPE 411 SYNTAX VirtualMachineIndex 412 MAX-ACCESS read-only 413 STATUS current 414 DESCRIPTION 415 "A unique value, greater than zero, for each virtual 416 machine. It is recommended that values are assigned 417 contiguously starting from 1. The value for each 418 virtual machine must remain constant at least from one 419 re-initialization of the entity's hypervisor to the next 420 re-initialization." 421 ::= { vmEntry 1 } 423 vmName OBJECT-TYPE 424 SYNTAX DisplayString (SIZE (0..255)) 425 MAX-ACCESS read-only 426 STATUS current 427 DESCRIPTION 428 "A textual string containing information about the 429 virtual machine name." 430 ::= { vmEntry 2 } 432 vmUUID OBJECT-TYPE 433 SYNTAX VirtualMachineUUID 434 MAX-ACCESS read-only 435 STATUS current 436 DESCRIPTION 437 "A textual hyphen-punctuated ASCII string of the virtual 438 machine's 128-bit UUID." 439 ::= { vmEntry 3 } 441 vmOSType OBJECT-TYPE 442 SYNTAX DisplayString (SIZE (0..255)) 443 MAX-ACCESS read-only 444 STATUS current 445 DESCRIPTION 446 "A textual string containing operating system 447 information running on the virtual machine." 448 ::= { vmEntry 4 } 450 vmAdminState OBJECT-TYPE 451 SYNTAX Integer32 { 452 unknown(0), -- unknown 453 on(1), -- power on 454 off(2), -- power off 455 pause(3) -- hibernate / suspend 456 } 457 MAX-ACCESS read-write 458 STATUS current 459 DESCRIPTION 460 "The administrative power state of the virtual machine. 461 Note that a virtual machine is supposed to be resumed 462 when vmAdminState of the virtual machine is changed from 463 pause(3) to on(1)." 464 ::= { vmEntry 5 } 466 vmState OBJECT-TYPE 467 SYNTAX Integer32 { 468 unknown(0), -- unknown state 469 noState(1), -- no state 470 running(2), -- running 471 blocked(3), -- blocked on resource 472 paused(4), -- paused by user 473 shutdown(5), -- being shutdown 474 shutoff(6), -- shutoff 475 crashed(7) -- crashed 476 } 477 MAX-ACCESS read-only 478 STATUS current 479 DESCRIPTION 480 "The current state of the virtual machine." 481 ::= { vmEntry 6 } 483 vmVcpuNumber OBJECT-TYPE 484 SYNTAX Integer32 485 MAX-ACCESS read-only 486 STATUS current 487 DESCRIPTION 488 "The number of virtual CPUs on the virtual machine." 489 ::= { vmEntry 7 } 491 vmCpuTime OBJECT-TYPE 492 SYNTAX Counter64 493 MAX-ACCESS read-only 494 STATUS current 495 DESCRIPTION 496 "The total CPU utilization time in nanosecond. If the 497 number of virtual CPUs is larger than 1, vmCpuTime may 498 exceed real time." 499 ::= { vmEntry 8 } 501 vmMemUnit OBJECT-TYPE 502 SYNTAX Integer32 (1..2147483647) 503 MAX-ACCESS read-only 504 STATUS current 505 DESCRIPTION 506 "The multiplication unit for vmMaxMem, vmMinMem, and 507 vmCurMem. For example, when this value is 4096, the 508 memory size unit for vmMaxMem, vmMinMem, and vmCurMem is 509 KiB." 510 ::= { vmEntry 9 } 512 vmMaxMem OBJECT-TYPE 513 SYNTAX Integer32 (0..2147483647) 514 MAX-ACCESS read-write 515 STATUS current 516 DESCRIPTION 517 "The maximum memory size defined to the virtual machine 518 in the unit designated by vmMemUnit." 519 ::= { vmEntry 10 } 521 vmMinMem OBJECT-TYPE 522 SYNTAX Integer32 (0..2147483647) 523 MAX-ACCESS read-write 524 STATUS current 525 DESCRIPTION 526 "The minimum memory size defined to the virtual machine 527 in the unit designated by vmMemUnit." 528 ::= { vmEntry 11 } 530 vmCurMem OBJECT-TYPE 531 SYNTAX Integer32 (0..2147483647) 532 MAX-ACCESS read-only 533 STATUS current 534 DESCRIPTION 535 "The current memory size allocated to the virtual 536 machine in the unit designated by vmMemUnit." 537 ::= { vmEntry 12 } 539 vmStorageNumber OBJECT-TYPE 540 SYNTAX Integer32 541 MAX-ACCESS read-only 542 STATUS current 543 DESCRIPTION 544 "The number of storage devices attached to the virtual 545 machine." 546 ::= { vmEntry 13 } 548 vmIfNumber OBJECT-TYPE 549 SYNTAX Integer32 550 MAX-ACCESS read-only 551 STATUS current 552 DESCRIPTION 553 "The number of network interfaces attached to the 554 virtual machine." 555 ::= { vmEntry 14 } 557 vmAutoStart OBJECT-TYPE 558 SYNTAX Integer32 { 559 unknown(0), -- unknown 560 enable(1), -- enabled 561 disable(2) 562 } 563 MAX-ACCESS read-write 564 STATUS current 565 DESCRIPTION 566 "The autostart configuration of the virtual machine." 567 ::= { vmEntry 15 } 569 vmPersistent OBJECT-TYPE 570 SYNTAX Integer32 { 571 unknown(0), -- unknown 572 persistent(1), -- persistent 573 transient(2) -- transient 574 } 575 MAX-ACCESS read-only 576 STATUS current 577 DESCRIPTION 578 "This value indicates whether the virtual machine has a 579 persistent configuration which means the virtual machine 580 will still exist after shutting down." 581 ::= { vmEntry 16 } 583 -- The virtual CPU group 584 -- 585 -- A collection of objects common to all virtual CPUs. 586 -- 587 vcpus OBJECT IDENTIFIER ::= { vms 4 } 589 vcpuTable OBJECT-TYPE 590 SYNTAX SEQUENCE OF VcpuEntry 591 MAX-ACCESS not-accessible 592 STATUS current 593 DESCRIPTION 594 "A list of virtual CPUs associated with virtual 595 machines. The number of entries for each virtual 596 machine is given by the value of vmCpusNumber." 597 ::= { vcpus 1 } 599 vcpuEntry OBJECT-TYPE 600 SYNTAX VcpuEntry 601 MAX-ACCESS not-accessible 602 STATUS current 603 DESCRIPTION 604 "An entry containing virtual CPU information 605 associated with a particular virtual machine." 606 INDEX { vmIndex, vcpuIndex } 607 ::= { vcpuTable 1 } 609 VcpuEntry ::= 610 SEQUENCE { 611 vcpuIndex VirtualCPUIndex, 612 vcpuCpuTime Counter64 613 } 615 vcpuIndex OBJECT-TYPE 616 SYNTAX VirtualCPUIndex 617 MAX-ACCESS read-only 618 STATUS current 619 DESCRIPTION 620 "A unique value, greater than zero, for each virtual 621 CPU. It is recommended that values are assigned 622 contiguously starting from 1." 623 ::= { vcpuEntry 1 } 625 vcpuCpuTime OBJECT-TYPE 626 SYNTAX Counter64 627 MAX-ACCESS read-only 628 STATUS current 629 DESCRIPTION 630 "The total CPU utilization time of this virtual CPU in 631 nanosecond." 632 ::= { vcpuEntry 2 } 634 -- Affinity 635 vcpuAffinityTable OBJECT-TYPE 636 SYNTAX SEQUENCE OF VcpuAffinityEntry 637 MAX-ACCESS not-accessible 638 STATUS current 639 DESCRIPTION 640 "A list of CPU affinity entries of a virtual CPU." 641 ::= { vcpus 2 } 643 vcpuAffinityEntry OBJECT-TYPE 644 SYNTAX VcpuAffinityEntry 645 MAX-ACCESS not-accessible 646 STATUS current 647 DESCRIPTION 648 "An entry containing CPU affinity 649 associated with a particular virtual machine." 650 INDEX { vmIndex, vcpuIndex, vcpuHvCpuIndex } 651 ::= { vcpuAffinityTable 1 } 653 VcpuAffinityEntry ::= 654 SEQUENCE { 655 vcpuHvCpuIndex HypervisorCPUIndex, 656 vcpuAffinity Integer32, 657 vcpuHvCpuTime Counter64 658 } 660 vcpuHvCpuIndex OBJECT-TYPE 661 SYNTAX HypervisorCPUIndex 662 MAX-ACCESS read-only 663 STATUS current 664 DESCRIPTION 665 "The value of hvCpuIndex which corresponds to this 666 virtual CPU. Note that this device must be represented 667 in the hvCpuTable." 668 ::= { vcpuAffinityEntry 1 } 670 vcpuAffinity OBJECT-TYPE 671 SYNTAX Integer32 { 672 unknown(0), -- unknown 673 enable(1), -- enabled 674 diable(2) -- disabled 675 } 676 MAX-ACCESS read-write 677 STATUS current 678 DESCRIPTION 679 "The CPU affinity to the physical CPU represented by 680 vcpuHvCpuIndex of this virtual CPU." 681 ::= { vcpuAffinityEntry 2 } 683 vcpuHvCpuTime OBJECT-TYPE 684 SYNTAX Counter64 685 MAX-ACCESS read-only 686 STATUS current 687 DESCRIPTION 688 "The CPU utilization time of this virtual CPU 689 corresponding to this hypervisor's CPU in nanosecond. 690 This shall be zero if the hypervisor does not maintain 691 such information." 692 ::= { vcpuAffinityEntry 3 } 694 -- The virtual storage group 695 -- 696 -- A collection of objects common to all virtual storage devices. 697 -- This document defines some overlapped objects with hrStorage in 698 -- HOST-RESOURCES-MIB [RFC2790], because virtual storage shall be an 699 -- image file, which is not the `host resource', on the hypervisor's 700 -- filesystem, which is the `host resource'. 701 -- 702 vstorage OBJECT IDENTIFIER ::= { vms 5 } 704 vstorageTable OBJECT-TYPE 705 SYNTAX SEQUENCE OF VstorageEntry 706 MAX-ACCESS not-accessible 707 STATUS current 708 DESCRIPTION 709 "A list of virtual storage devices associated with 710 virtual machines. The number of entries for each 711 virtual machine is given by the value of 712 vmStorageNumber." 713 ::= { vstorage 1 } 715 vstorageEntry OBJECT-TYPE 716 SYNTAX VStorageEntry 717 MAX-ACCESS not-accessible 718 STATUS current 719 DESCRIPTION 720 "An entry containing virtual storage information 721 associated with a particular virtual machine." 722 INDEX { vmIndex, vstorageIndex } 723 ::= { vstorageTable 1 } 725 VstorageEntry ::= 726 SEQUENCE { 727 vstorageIndex VirtualStorageIndex, 728 vstorageName DisplayString, 729 vstorageType Integer32, 730 vstorageTypeHint DisplayString, 731 vstorageResourceID DisplayString, 732 vstorageSizeUnit Integer32, 733 vstorageDefinedSize Integer32, 734 vstorageAllocatedSize Integer32 735 } 737 vstorageIndex OBJECT-TYPE 738 SYNTAX VirtualStorageIndex 739 MAX-ACCESS read-only 740 STATUS current 741 DESCRIPTION 742 "A unique value, greater than zero, for each virtual 743 storage. It is recommended that values are assigned 744 contiguously starting from 1 to recognize the order of 745 virtual storage devices allocated to the virtual 746 machine." 747 ::= { vstorageEntry 1 } 749 vstorageName OBJECT-TYPE 750 SYNTAX DisplayString (SIZE (0..255)) 751 MAX-ACCESS read-only 752 STATUS current 753 DESCRIPTION 754 "A textual string containing the virtual storage 755 device." 756 ::= { vstorageEntry 2 } 758 vstorageType OBJECT-TYPE 759 SYNTAX Integer32 { 760 unknown(0), -- unknown format 761 block(1), -- block device 762 raw(2), -- raw file 763 sparse(3), -- sparse file 764 network(4) -- network 765 } 766 MAX-ACCESS read-only 767 STATUS current 768 DESCRIPTION 769 "The type of the virtual storage." 770 ::= { vstorageEntry 3 } 772 vstorageTypeHint OBJECT-TYPE 773 SYNTAX DisplayString (SIZE (0..255)) 774 MAX-ACCESS read-only 775 STATUS current 776 DESCRIPTION 777 "A textual string of the virtual storage type. For 778 example, this represents the specific format name of the 779 sparse file." 780 ::= { vstorageEntry 4 } 782 vstorageResourceID OBJECT-TYPE 783 SYNTAX DisplayString (SIZE (0..255)) 784 MAX-ACCESS read-only 785 STATUS current 786 DESCRIPTION 787 "A textual string that represents the resource 788 identifier of the virtual storage. For example, this 789 contains the path to the disk image file that 790 corresponds to the virtual storage." 791 ::= { vstorageEntry 5 } 793 vstorageSizeUnit OBJECT-TYPE 794 SYNTAX Integer32 (1..2147483647) 795 MAX-ACCESS read-only 796 STATUS current 797 DESCRIPTION 798 "The multiplication unit for vstorageSize. For 799 example, when this value is 1048576, the storage size 800 unit for vstorageDefinedSize and vstorageAllocatedSize 801 is MiB." 802 ::= { vstorageEntry 6 } 804 vstorageDefinedSize OBJECT-TYPE 805 SYNTAX Integer32 (0..2147483647) 806 MAX-ACCESS read-only 807 STATUS current 808 DESCRIPTION 809 "The defined virtual storage size defined in the unit 810 designated by vstorageSizeUnit. If this information is 811 not available, this value shall be zero." 812 ::= { vstorageEntry 7 } 814 vstorageAllocatedSize OBJECT-TYPE 815 SYNTAX Integer32 (0..2147483647) 816 MAX-ACCESS read-only 817 STATUS current 818 DESCRIPTION 819 "The storage size allocated to the virtual storage from 820 a physical storage in the unit designated by 821 vstorageSizeUnit. When the virtual storage is block 822 device or raw file, this value and vstorageDefinedSize 823 are supposed to equal. If this information is not 824 available, this value shall be zero." 825 ::= { vstorageEntry 8 } 827 -- The virtual network interface group 828 -- 829 -- A collection of objects common to all virtual network interfaces. 830 -- 831 vif OBJECT IDENTIFIER ::= { vms 6 } 833 vifTable OBJECT-TYPE 834 SYNTAX SEQUENCE OF VifEntry 835 MAX-ACCESS not-accessible 836 STATUS current 837 DESCRIPTION 838 "A list of virtual network interfaces associated with 839 virtual machines. The number of entries for each 840 virtual machine is given by the value of vmIfNumber." 841 ::= { vif 1 } 843 vifEntry OBJECT-TYPE 844 SYNTAX VifEntry 845 MAX-ACCESS not-accessible 846 STATUS current 847 DESCRIPTION 848 "An entry containing virtual network interface 849 information associated with a particular virtual 850 machine." 852 INDEX { vmIndex, vifIndex } 853 ::= { vifTable 1 } 855 VifEntry ::= 856 SEQUENCE { 857 vifIndex VirtualInterfaceIndex, 858 vifNetworkIndex InterfaceIndexOrZero, 859 vifName DisplayString, 860 vifModel DisplayString 861 } 863 vifIndex OBJECT-TYPE 864 SYNTAX VirtualInterfaceIndex 865 MAX-ACCESS read-only 866 STATUS current 867 DESCRIPTION 868 "A unique value, greater than zero, for each virtual 869 network interface. It is recommended that values are 870 assigned contiguously starting from 1 to recognize the 871 order of virtual network interfaces allocated to the 872 virtual machine." 873 ::= { vifEntry 1 } 875 vifNetworkIndex OBJECT-TYPE 876 SYNTAX InterfaceIndexOrZero 877 MAX-ACCESS read-only 878 STATUS current 879 DESCRIPTION 880 "The value of ifIndex which corresponds to this virtual 881 network interface. If this device is not represented in 882 the ifTable, then this value shall be zero." 883 ::= { vifEntry 2 } 885 vifName OBJECT-TYPE 886 SYNTAX DisplayString (SIZE (0..255)) 887 MAX-ACCESS read-only 888 STATUS current 889 DESCRIPTION 890 "A textual string containing the virtual network 891 interface." 892 ::= { vifEntry 3 } 894 vifModel OBJECT-TYPE 895 SYNTAX DisplayString (SIZE (0..255)) 896 MAX-ACCESS read-only 897 STATUS current 898 DESCRIPTION 899 "A textual string containing the (emulated) model of 900 virtual network interface." 901 ::= { vifEntry 4 } 903 vifPhysAddress OBJECT-TYPE 904 SYNTAX PhysAddress 905 MAX-ACCESS read-only 906 STATUS current 907 DESCRIPTION 908 "The MAC address of virtual network interface." 909 ::= { vifEntry 5 } 911 -- Conformance 912 vmConformance OBJECT IDENTIFIER ::= { vms 7 } 913 vmGroups OBJECT IDENTIFIER ::= { vmConformance 1 } 914 vmCompliances OBJECT IDENTIFIER ::= { vmConformance 2 } 916 -- Compliance statement 917 vmCompliance MODULE-COMPLIANCE 918 STATUS current 919 DESCRIPTION 920 "The compliance statement for SNMP entities which have 921 virtual machines." 922 MODULE 923 MANDATORY-GROUPS { vmNotificationGroup } 924 ::= { vmCompliances 1 } 926 vmNotificationGroup NOTIFICATION-GROUP 927 NOTIFICATIONS { 928 vmAdminStateChange 929 } 930 STATUS current 931 DESCRIPTION 932 "The notifications which indicate specific changes in the 933 value of vmAdminState." 934 ::= { vmGroups 1 } 936 -- Trap 937 vmTrap OBJECT IDENTIFIER ::= { vms 8 } 939 vmAdminStateChange NOTIFICATION-TYPE 940 OBJECTS { vmIndex, vmName, vmUUID, vmAdminState, vmState } 941 STATUS current 942 DESCRIPTION 943 "A vmAdminStateChange trap signifies that the SNMP 944 entity, acting in an agent role, has detected the 945 changes in the value of vmAdminState object." 947 END 949 4. IANA Considerations 951 The MIB module in this document uses the following IANA-assigned 952 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 954 Descriptor OBJECT IDENTIFIER value 955 ---------- ----------------------- 957 vmm-mib { mib-2 TBD } 959 5. Security Considerations 961 There are a number of management objects defined in this MIB that 962 have a MAX-ACCESS clause of read-write and/or read-create. Such 963 objects may be considered sensitive or vulnerable in some network 964 environments. The support for SET operations in a non-secure 965 environment without proper protection can have a negative effect on 966 virtual machine manager and virtual machine operations. 968 There are a number of managed objects in this MIB that may contain 969 sensitive information. The objects in the hvSoftware and hvVersion 970 list information about the virtual machine manager's software and 971 version. Some may wish not to disclose to others which software they 972 are running. Further, an inventory of the running software and 973 versions may be helpful to an attacker who hopes to exploit software 974 bugs in certain applications. Moreover, the objects in the vmTable, 975 vstorage, and vif list information about the virtual machines, and 976 their resources. Some may wish not to disclose to others how many 977 and what virtual machines they are operating. 979 It is thus important to control even GET access to these objects and 980 possibly to even encrypt the values of these object when sending them 981 over the network via SNMP. Not all versions of SNMP provide features 982 for such a secure environment. 984 It is recommended that attention be specifically given to 985 implementing the MAX-ACCESS clause in a number of objects, including 986 vmAdminState, vmMaxMem, vmMinMem, vmAutoStart, and vcpuAffinity in 987 scenarios that DO NOT use SNMPv3 strong security (i.e. authentication 988 and encryption). Extreme caution must be used to minimize the risk 989 of cascading security vulnerabilities when SNMPv3 strong security is 990 not used. When SNMPv3 strong security is not used, these objects 991 should have access of read-only, not read-create. 993 SNMPv1 by itself is not a secure environment. Even if the network 994 itself is secure (for example by using IPsec), even then, there is no 995 control as to who on the secure network is allowed to access and GET/ 996 SET (read/change/create/delete) the objects in this MIB. 998 It is recommended that the implementers consider the security 999 features as provided by the SNMPv3 framework. Specifically, the use 1000 of the User-based Security Model RFC 3414 [RFC3414] and the View- 1001 based Access Control Model RFC 3415 [RFC3415] is recommended. 1003 It is then a customer/user responsibility to ensure that the SNMP 1004 entity giving access to an instance of this MIB, is properly 1005 configured to give access to the objects only to those principals 1006 (users) that have legitimate rights to indeed GET or SET (change/ 1007 create/delete) them. 1009 6. Normative References 1011 [RFC1155] Rose, M. and K. McCloghrie, "Structure and identification 1012 of management information for TCP/IP-based internets", 1013 STD 16, RFC 1155, May 1990. 1015 [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, 1016 "Simple Network Management Protocol (SNMP)", STD 15, 1017 RFC 1157, May 1990. 1019 [RFC1212] Rose, M. and K. McCloghrie, "Concise MIB definitions", 1020 STD 16, RFC 1212, March 1991. 1022 [RFC1215] Rose, M., "Convention for defining traps for use with the 1023 SNMP", RFC 1215, March 1991. 1025 [RFC1901] Case, J., McCloghrie, K., McCloghrie, K., Rose, M., and S. 1026 Waldbusser, "Introduction to Community-based SNMPv2", 1027 RFC 1901, January 1996. 1029 [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMP Applications", 1030 RFC 2573, April 1999. 1032 [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 1033 Access Control Model (VACM) for the Simple Network 1034 Management Protocol (SNMP)", RFC 2575, April 1999. 1036 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1037 Schoenwaelder, Ed., "Structure of Management Information 1038 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 1040 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1041 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 1042 STD 58, RFC 2579, April 1999. 1044 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1045 "Conformance Statements for SMIv2", STD 58, RFC 2580, 1046 April 1999. 1048 [RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", 1049 RFC 2790, March 2000. 1051 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1052 MIB", RFC 2863, June 2000. 1054 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1055 "Introduction and Applicability Statements for Internet- 1056 Standard Management Framework", RFC 3410, December 2002. 1058 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 1059 Architecture for Describing Simple Network Management 1060 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 1061 December 2002. 1063 [RFC3412] Case, J., Harrington, D., Presuhn, R., and B. Wijnen, 1064 "Message Processing and Dispatching for the Simple Network 1065 Management Protocol (SNMP)", STD 62, RFC 3412, 1066 December 2002. 1068 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 1069 (USM) for version 3 of the Simple Network Management 1070 Protocol (SNMPv3)", STD 62, RFC 3414, December 2002. 1072 [RFC3415] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 1073 Access Control Model (VACM) for the Simple Network 1074 Management Protocol (SNMP)", STD 62, RFC 3415, 1075 December 2002. 1077 [RFC3416] Presuhn, R., "Version 2 of the Protocol Operations for the 1078 Simple Network Management Protocol (SNMP)", STD 62, 1079 RFC 3416, December 2002. 1081 [RFC3417] Presuhn, R., "Transport Mappings for the Simple Network 1082 Management Protocol (SNMP)", STD 62, RFC 3417, 1083 December 2002. 1085 [RFC3418] Presuhn, R., "Management Information Base (MIB) for the 1086 Simple Network Management Protocol (SNMP)", STD 62, 1087 RFC 3418, December 2002. 1089 [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally 1090 Unique IDentifier (UUID) URN Namespace", RFC 4122, 1091 July 2005. 1093 Authors' Addresses 1095 Hirochika Asai 1096 The University of Tokyo 1097 7-3-1 Hongo 1098 Bunkyo-ku, Tokyo 113-8656 1099 JP 1101 Phone: +81 3 5841 6748 1102 Email: panda@hongo.wide.ad.jp 1104 Yuji Sekiya 1105 The University of Tokyo 1106 2-11-16 Yayoi 1107 Bunkyo-ku, Tokyo 113-8658 1108 JP 1110 Email: sekiya@wide.ad.jp 1112 Keiichi Shima 1113 IIJ Innovation Institute Inc. 1114 1-105 Kanda-Jinbocho 1115 Chiyoda-ku, Tokyo 101-0051 1116 JP 1118 Email: keiichi@iijlab.net 1120 Hiroshi Esaki 1121 The University of Tokyo 1122 7-3-1 Hongo 1123 Bunkyo-ku, Tokyo 113-8656 1124 JP 1126 Phone: +81 3 5841 6748 1127 Email: hiroshi@wide.ad.jp