idnits 2.17.1 draft-schoenw-opsawg-vm-mib-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 158 has weird spacing: '...nString vmSto...' == Line 162 has weird spacing: '...ceIndex vmIf...' -- The document date (July 16, 2012) is 4303 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4133 (Obsoleted by RFC 6933) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force M. MacFaden 3 Internet-Draft VMware Inc. 4 Intended status: Standards Track J. Schoenwaelder 5 Expires: January 17, 2013 Jacobs University 6 T. Tsou 7 Huawei Technologies (USA) 8 C. Zhou 9 Huawei Technologies 10 July 16, 2012 12 Definition of Managed Objects for Virtual Machines Controlled by a 13 Hypervisor 14 draft-schoenw-opsawg-vm-mib-01 16 Abstract 18 This memo defines a portion of the Management Information Base (MIB) 19 for use with network management protocols in the Internet community. 20 In particular, it defines objects for managing virtual machines 21 controlled by a hypervisor. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on January 17, 2013. 40 Copyright Notice 42 Copyright (c) 2012 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. The Internet-Standard Management Framework . . . . . . . . . . 3 59 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4 62 5.1. Relationship to the HOST-RESOURCES-MIB . . . . . . . . . . 5 63 5.2. Relationship to the IF-MIB . . . . . . . . . . . . . . . . 5 64 5.3. Relationship to the IEEE8021-BRIDGE-MIB . . . . . . . . . 5 65 5.4. Relationship to the ENTITY-MIB . . . . . . . . . . . . . . 5 66 6. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 67 7. Security Considerations . . . . . . . . . . . . . . . . . . . 19 68 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 69 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 20 70 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 71 10.1. Normative References . . . . . . . . . . . . . . . . . . . 20 72 10.2. Informative References . . . . . . . . . . . . . . . . . . 21 73 Appendix A. Open Issues . . . . . . . . . . . . . . . . . . . . . 21 75 1. Introduction 77 This memo defines a portion of the Management Information Base (MIB) 78 for use with network management protocols. In particular, it defines 79 objects for managing virtual machines controlled by a hypervisor. 81 The design of this MIB module has been derived from enterprise 82 specific MIB modules, namely a MIB module for managing guests of the 83 XEN hypervisor, a MIB module for managing virtual machines controlled 84 by the VMware hypervisor, and a MIB module using the libvirt 85 programming interface to access different hypervisors. 87 2. The Internet-Standard Management Framework 89 For a detailed overview of the documents that describe the current 90 Internet-Standard Management Framework, please refer to section 7 of 91 RFC 3410 [RFC3410]. 93 Managed objects are accessed via a virtual information store, termed 94 the Management Information Base or MIB. MIB objects are generally 95 accessed through the Simple Network Management Protocol (SNMP). 96 Objects in the MIB are defined using the mechanisms defined in the 97 Structure of Management Information (SMI). This memo specifies a MIB 98 module that is compliant to the SMIv2, which is described in STD 58, 99 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 100 [RFC2580]. 102 3. Conventions 104 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 105 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 106 "OPTIONAL" in this document are to be interpreted as described in RFC 107 2119 [RFC2119]. 109 4. Overview 111 The MIB module is organized into a group of scalars and tables. The 112 scalars below vmHypervisor provide basic information about the 113 hypervisor. The vmGuestTable lists the guests (virtual machines) 114 that are known to the hypervisor. The vmStorageTable and the 115 vmIfTable provide the mapping of logical storage areas and network 116 interfaces to virtual machines. 118 The GuestState textual convention defines a state model for virtual 119 machines. Events causing transitions between major states will cause 120 the generation of notifications (vmGuestStarted, vmGuestStopped, 121 vmGuestSuspended, vmGuestResumed). 123 The MIB module provides a few writable objects that can be used to 124 make non-persistent changes, e.g., changing the memory allocation or 125 the CPU allocation. It is not the goal of this MIB module to provide 126 a configuration interface for virtual machines since other protocols 127 and data modeling languages are more suitable for this task. 129 The OID tree structure of the MIB module is shown below. 131 --vmMib(1.3.6.1.2.1.XXXX) 132 +--vmNotifications(0) 133 | +--vmGuestStarted(1) [vmGuestName,vmGuestUUID,vmGuestState] 134 | +--vmGuestStopped(2) [vmGuestName,vmGuestUUID,vmGuestState] 135 | +--vmGuestSuspended(3) [vmGuestName,vmGuestUUID,vmGuestState] 136 | +--vmGuestResumed(4) [vmGuestName,vmGuestUUID,vmGuestState] 137 +--vmObjects(1) 138 +--vmHypervisor(1) 139 | +-- r-n SnmpAdminString vmHypervisorVersion(1) 140 +--vmGuestTable(2) 141 | +--vmGuestEntry(1) [vmGuestIndex] 142 | +-- --- GuestIndex vmGuestIndex(1) 143 | +-- r-n SnmpAdminString vmGuestName(2) 144 | +-- r-n UUIDOrZero vmGuestUUID(3) 145 | +-- r-n GuestState vmGuestState(4) 146 | +-- r-n SnmpAdminString vmGuestOS(6) 147 | +-- r-n Unsigned32 vmGuestCurCPUs(7) 148 | +-- rwn Unsigned32 vmGuestMinCPUs(8) 149 | +-- rwn Unsigned32 vmGuestMaxCPUs(9) 150 | +-- r-n KBytes vmGuestCurMem(10) 151 | +-- rwn KBytes vmGuestMinMem(11) 152 | +-- rwn KBytes vmGuestMaxMem(12) 153 | +-- r-n Unsigned32 vmGuestCPUTime(13) 154 +--vmStorageTable(3) 155 | +--vmStorageEntry(1) [vmGuestIndex,vmStorageIndex] 156 | +-- --- GuestIndexOrZero vmStorageGuest(1) 157 | +-- --- StorageIndex vmStorageIndex(2) 158 | +-- r-n SnmpAdminString vmStorageName(3) 159 +--vmIfTable(4) 160 +--vmIfEntry(1) [vmGuestIndex,vmIfIndex] 161 +-- --- GuestIndexOrZero vmIfGuest(1) 162 +-- --- InterfaceIndex vmIfIndex(2) 163 +-- r-n PhysAddress vmIfPhysAddr(3) 165 5. Relationship to Other MIB Modules 167 The MIB module IMPORTS definitions from SNMPv2-SMI [RFC2578], 168 SNMPv2-TC [RFC2579], SNMPv2-CONF [RFC2580], SNMP-FRAMEWORK-MIB 169 [RFC3411], and IF-MIB [RFC2863]. 171 Hypervisors implementing this MIB module should implement the HOST- 172 RESOURCES-MIB [RFC2790] and the IF-MIB [RFC2863] in order to export 173 information about the resources (e.g., processors, memory, logical 174 storage devices, network interfaces) of the physical machine. If the 175 hypervisor emulates a bridge to network virtual machines, then it 176 should implement the IEEE8021-BRIDGE-MIB. (Note that the BRIDGE-MIB 177 defined in [RFC4188] is now further maintained by the IEEE 178 [RFC4663].) Details of the hardware configuration of a physical 179 machine can be made available by implementing the ENTITY-MIB 180 [RFC4133]. 182 5.1. Relationship to the HOST-RESOURCES-MIB 184 The HOST-RESOURCES-MIB implemented on the physical machine provides 185 information about the number of CPUs and the amount of memory 186 available. Furthermore, the HOST-RESOURCES-MIB provides information 187 about logical storage devices. 189 The MIB module defined in this memo provides a mapping of logical 190 storage devices to virtual machines. Further details about the 191 storage devices (such as the size and the amount of allocated 192 storage) is provided by the HOST-RESOURCES-MIB. Note that the number 193 of storage types can be extended through the IANA maintained HOST- 194 RESOURCES-TYPES MIB module. 196 5.2. Relationship to the IF-MIB 198 The MIB module provides a mapping of network interfaces to virtual 199 machines. Further details about the network interfaces (such as 200 statistics about the number of packets/bytes sent or received) can be 201 obtained from the IF-MIB. 203 5.3. Relationship to the IEEE8021-BRIDGE-MIB 205 Hypervisors implementing virtual bridges should export the bridging 206 topologies by implementing the IEEE8021-BRIDGE-MIB. For backwards 207 compatibility with existing management applications, they may also 208 choose to implement the BRIDGE-MIB [RFC4188]. 210 5.4. Relationship to the ENTITY-MIB 212 The ENTITY-MIB [RFC4133] describes managed objects used for managing 213 multiple logical and physical entities managed by a single SNMP 214 agent. Implementations of the MIB module defined in this document 215 may want to use the ENTITY-MIB to provide the logical to physical 216 entity mapping and if needed to point to the agent in the virtual 217 machine and vice versa. 219 6. Definitions 221 VM-MIB DEFINITIONS ::= BEGIN 223 IMPORTS 224 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, 225 Integer32, Unsigned32, mib-2 226 FROM SNMPv2-SMI -- RFC 2578 227 TEXTUAL-CONVENTION, PhysAddress 228 FROM SNMPv2-TC -- RFC 2579 229 OBJECT-GROUP, NOTIFICATION-GROUP, MODULE-COMPLIANCE 230 FROM SNMPv2-CONF -- RFC 2580 231 SnmpAdminString 232 FROM SNMP-FRAMEWORK-MIB -- RFC 3411 233 InterfaceIndex 234 FROM IF-MIB; -- RFC 2863 236 vmMib MODULE-IDENTITY 237 LAST-UPDATED "201203150000Z" 238 ORGANIZATION 239 "Jacobs University Bremen" 240 CONTACT-INFO 241 "Michael MacFaden 242 VMware Inc. 243 Email: mrm@vmware.com 245 Juergen Schoenwaelder 246 Jacobs University Bremen 247 Email: j.schoenwaelder@jacobs-university.de 249 Tina Tsou 250 Huawei Technologies (USA) 251 Email: tina.tsou.zouting@huawei.com 253 Cathy Zhou 254 Huawei Technologies 255 Email: cathyzhou@huawei.com" 256 DESCRIPTION 257 "The MIB module for monitoring virtual machines controlled 258 by a hypervisor. 260 Copyright (c) 2012 IETF Trust and the persons identified as 261 authors of the code. All rights reserved. 263 Redistribution and use in source and binary forms, with or 264 without modification, is permitted pursuant to, and subject 265 to the license terms contained in, the Simplified BSD 266 License set forth in Section 4.c of the IETF Trust's 267 Legal Provisions Relating to IETF Documents 268 (http://trustee.ietf.org/license-info)." 270 REVISION "201203150000Z" 271 DESCRIPTION 272 "Initial version, published as RFC XXXX." 273 -- RFC Ed.: replace XXXX with actual RFC number & remove this note 274 ::= { mib-2 XXXX } 276 vmNotifications OBJECT IDENTIFIER ::= { vmMib 0 } 277 vmObjects OBJECT IDENTIFIER ::= { vmMib 1 } 278 vmConformance OBJECT IDENTIFIER ::= { vmMib 2 } 280 -- Textual convention definitions: 282 GuestIndex ::= TEXTUAL-CONVENTION 283 DISPLAY-HINT "d" 284 STATUS current 285 DESCRIPTION 286 "A unique value, greater than zero, identifying a virtual 287 machine. The value for each virtual machine must remain 288 constant at least from one re-initialization of the 289 hypervisor to the next re-initialization." 290 SYNTAX Integer32 (1..2147483647) 292 GuestIndexOrZero ::= TEXTUAL-CONVENTION 293 DISPLAY-HINT "d" 294 STATUS current 295 DESCRIPTION 296 "This textual convention is an extension of the VmGuestIndex 297 convention. This extension permits the additional value 298 of zero. The meaning of the value zero is object-specific 299 and must therefore be defined as part of the description of 300 any object which uses this syntax. Examples of the usage of 301 zero might include situations where a virtual machine is 302 unknown, or when none or all virtual machines need to be 303 referenced." 304 SYNTAX Integer32 (0..2147483647) 306 StorageIndex ::= TEXTUAL-CONVENTION 307 DISPLAY-HINT "d" 308 STATUS current 309 DESCRIPTION 310 "A unique value, greater than zero, identifying a logical 311 storage area. The value for each logical storage area must 312 remain constant at least from one re-initialization of the 313 hypervisor to the next re-initialization." 314 SYNTAX Integer32 (1..2147483647) 316 UUID ::= TEXTUAL-CONVENTION 317 DISPLAY-HINT "4x-2x-2x-2x-6x" 318 STATUS current 319 DESCRIPTION 320 "The Universally Unique IDentifier (UUID) identifying a 321 virtual machine. The UUID format is defined in RFC 4122." 322 REFERENCE 323 "RFC4122: A Universally Unique IDentifier (UUID) URN Namespace" 324 SYNTAX OCTET STRING (SIZE (16)) 326 UUIDOrZero ::= TEXTUAL-CONVENTION 327 DISPLAY-HINT "4x-2x-2x-2x-6x" 328 STATUS current 329 DESCRIPTION 330 "The Universally Unique IDentifier (UUID) identifying a 331 virtual machine or a zero-length string. The UUID format is 332 defined in RFC 4122. The meaning of the zero-length string is 333 object-specific and must therefore be defined as part of the 334 description of any object which uses this syntax." 335 SYNTAX OCTET STRING (SIZE (0|16)) 337 GuestState ::= TEXTUAL-CONVENTION 338 STATUS current 339 DESCRIPTION 340 "The state of a guest (virtual machine): 342 unknown(1) The state is unknown, e.g., because the 343 implementation failed to obtain the state 344 from the hypervisor. 346 other(2) The state has been obtained but it is 347 not a known state. 349 running(3) The virtual machine is currently running. 351 blocked(4) The virtual machine is currently blocked. 353 paused(5) The virtual machine is currently paused. 355 migrating(6) The virtual machine is currently migrating. 357 shutdown(7) The virtual machine is currently in the 358 process of shutting down. 360 shutoff(8) The virtual machine is down. 362 crashed(9) The virtual machine has crashed." 363 SYNTAX INTEGER { 364 unknown(1), 365 other(2), 366 running(3), 367 blocked(4), 368 paused(5), 369 migrating(6), 370 shutdown(7), 371 shutoff(8), 372 crashed(9) 373 } 375 KBytes ::= TEXTUAL-CONVENTION 376 DISPLAY-HINT "d" 377 STATUS current 378 DESCRIPTION 379 "Storage size measured in units of 1024 octets (bytes). This 380 textual convention allows to represent storage sizes up to 381 4096 gigabytes." 382 SYNTAX Unsigned32 384 -- Object definitions 386 vmHypervisor OBJECT IDENTIFIER ::= { vmObjects 1 } 388 vmHypervisorVersion OBJECT-TYPE 389 SYNTAX SnmpAdminString 390 MAX-ACCESS read-only 391 STATUS current 392 DESCRIPTION 393 "The version string indicating the version of the hypervisor 394 running on the physical host." 395 ::= { vmHypervisor 1 } 397 -- The number of CPUs and the amount of memory can be found 398 -- in the objects of the HOST-RESOURCES-MIB 400 vmGuestTable OBJECT-TYPE 401 SYNTAX SEQUENCE OF VmGuestEntry 402 MAX-ACCESS not-accessible 403 STATUS current 404 DESCRIPTION 405 "A (conceptual) table of all guests (virtual machines) 406 on the physical host." 407 ::= { vmObjects 2 } 409 vmGuestEntry OBJECT-TYPE 410 SYNTAX VmGuestEntry 411 MAX-ACCESS not-accessible 412 STATUS current 413 DESCRIPTION 414 "An (conceptual) table entry describing a particular 415 guest (virtual machine)." 416 INDEX { vmGuestIndex } 417 ::= { vmGuestTable 1 } 419 VmGuestEntry ::= SEQUENCE { 420 vmGuestIndex GuestIndex, 421 vmGuestName SnmpAdminString, 422 vmGuestUUID UUIDOrZero, 423 vmGuestState GuestState, 424 -- XXX add information about the CPU type 425 -- XXX the cpu type may be different from the host CPU 426 vmGuestOS SnmpAdminString, 427 vmGuestCurCPUs Unsigned32, 428 vmGuestMinCPUs Unsigned32, 429 vmGuestMaxCPUs Unsigned32, 430 vmGuestCurMem KBytes, 431 vmGuestMinMem KBytes, 432 vmGuestMaxMem KBytes, 433 vmGuestCPUTime Unsigned32 434 } 436 vmGuestIndex OBJECT-TYPE 437 SYNTAX GuestIndex 438 MAX-ACCESS not-accessible 439 STATUS current 440 DESCRIPTION 441 "A unique value identifying a guest (virtual machine)." 442 ::= { vmGuestEntry 1 } 444 vmGuestName OBJECT-TYPE 445 SYNTAX SnmpAdminString 446 MAX-ACCESS read-only 447 STATUS current 448 DESCRIPTION 449 "The name of this guest (virtual machine)." 450 ::= { vmGuestEntry 2 } 452 vmGuestUUID OBJECT-TYPE 453 SYNTAX UUIDOrZero 454 MAX-ACCESS read-only 455 STATUS current 456 DESCRIPTION 457 "A UUID identifying this guest (virtual machine). The UUID 458 is expected to be a long-term persistent identifier and 459 to remain the same across reboots of the virtual machines 460 and the hypervisor. The zero-length string is returned 461 in case a virtual machine does not have a suitable 462 persistent UUID." 463 ::= { vmGuestEntry 3 } 465 vmGuestState OBJECT-TYPE 466 SYNTAX GuestState 467 MAX-ACCESS read-only 468 STATUS current 469 DESCRIPTION 470 "The current operational state of the guest (virtual 471 machine)." 472 ::= { vmGuestEntry 4 } 474 vmGuestOS OBJECT-TYPE 475 SYNTAX SnmpAdminString 476 MAX-ACCESS read-only 477 STATUS current 478 DESCRIPTION 479 "The operating system running on this guest (virtual 480 machine). This value corresponds to the operating 481 system the hypervisor assumes to be running when the 482 virtual machine is started. This may differ from the 483 actual operating system in case the virtual machine 484 boots into a different operating system." 485 ::= { vmGuestEntry 6 } 487 vmGuestCurCPUs OBJECT-TYPE 488 SYNTAX Unsigned32 489 UNITS "CPUs" 490 MAX-ACCESS read-only 491 STATUS current 492 DESCRIPTION 493 "The number of CPUs currently assigned to this guest 494 (virtual machine). Virtual machines that are not 495 operational typically have 0 CPUs assigned." 496 ::= { vmGuestEntry 7 } 498 vmGuestMinCPUs OBJECT-TYPE 499 SYNTAX Unsigned32 500 UNITS "CPUs" 501 MAX-ACCESS read-write 502 STATUS current 503 DESCRIPTION 504 "The minimum number of CPUs that are assigned to this 505 guest (virtual machine) when it is in a running state. 506 Changes to this value may not persist across restarts 507 of the hypervisor." 509 ::= { vmGuestEntry 8 } 511 vmGuestMaxCPUs OBJECT-TYPE 512 SYNTAX Unsigned32 513 UNITS "CPUs" 514 MAX-ACCESS read-write 515 STATUS current 516 DESCRIPTION 517 "The maximum number of CPUs that are assigned to this 518 guest (virtual machine) when it is in a running state. 519 The value zero denotes that there is no limit. Changes 520 to this value may not persist across restarts of the 521 hypervisor." 522 ::= { vmGuestEntry 9 } 524 vmGuestCurMem OBJECT-TYPE 525 SYNTAX KBytes 526 UNITS "KBytes" 527 MAX-ACCESS read-only 528 STATUS current 529 DESCRIPTION 530 "The amount of main memory currently assigned to this 531 guest (virtual machine). Virtual machines that are not 532 operational typically have no memory assigned." 533 ::= { vmGuestEntry 10 } 535 vmGuestMinMem OBJECT-TYPE 536 SYNTAX KBytes 537 UNITS "KBytes" 538 MAX-ACCESS read-write 539 STATUS current 540 DESCRIPTION 541 "The minimum amount of main memory that is assigned to 542 this guest (virtual machine) when it is in a running 543 state. Changes to this value may not persist across 544 the restart of the hypervisor." 545 ::= { vmGuestEntry 11 } 547 vmGuestMaxMem OBJECT-TYPE 548 SYNTAX KBytes 549 UNITS "KBytes" 550 MAX-ACCESS read-write 551 STATUS current 552 DESCRIPTION 553 "The maximum amount of main memory that can be assigned to 554 this guest (virtual machine) when it is in a running state. 555 The value zero denotes that there is no limit. Changes to 556 this value may not persist across the restart of the 557 hypervisor." 558 ::= { vmGuestEntry 12 } 560 vmGuestCPUTime OBJECT-TYPE 561 SYNTAX Unsigned32 562 UNITS "seconds" 563 MAX-ACCESS read-only 564 STATUS current 565 DESCRIPTION 566 "The number of CPU seconds consumed by this guest (virtual 567 machine). Note that on a virtual machines with multiple 568 CPUs, this value may increment by more than one second 569 in a second of real (wall clock) time." 570 ::= { vmGuestEntry 13 } 572 vmStorageTable OBJECT-TYPE 573 SYNTAX SEQUENCE OF VmStorageEntry 574 MAX-ACCESS not-accessible 575 STATUS current 576 DESCRIPTION 577 "A (conceptual) table of storage devices attached to 578 guests (virtual machines)." 579 ::= { vmObjects 3 } 581 vmStorageEntry OBJECT-TYPE 582 SYNTAX VmStorageEntry 583 MAX-ACCESS not-accessible 584 STATUS current 585 DESCRIPTION 586 "An (conceptual) table entry describing a particular 587 storage device attached to a guest (virtual machine)" 588 INDEX { vmStorageGuest, vmStorageIndex } 589 ::= { vmStorageTable 1 } 591 VmStorageEntry ::= SEQUENCE { 592 vmStorageGuest GuestIndexOrZero, 593 vmStorageIndex StorageIndex, 594 vmStorageName SnmpAdminString 595 } 597 vmStorageGuest OBJECT-TYPE 598 SYNTAX GuestIndexOrZero 599 MAX-ACCESS not-accessible 600 STATUS current 601 DESCRIPTION 602 "Identifies the guest (virtual machine) this storage has 603 been allocated to. The value 0 indicates that the storage 604 is currently not allocated to a guest (virtual machine)." 606 ::= { vmStorageEntry 1 } 608 vmStorageIndex OBJECT-TYPE 609 SYNTAX StorageIndex 610 MAX-ACCESS not-accessible 611 STATUS current 612 DESCRIPTION 613 "A unique value identifying a logical storage area. On 614 systems implementing the HOST-RESOURCES-MIB, the value 615 must be the same value that is used as the index into 616 the hrStorageTable (hrStorageIndex)." 617 ::= { vmStorageEntry 2 } 619 vmStorageName OBJECT-TYPE 620 SYNTAX SnmpAdminString 621 MAX-ACCESS read-only 622 STATUS current 623 DESCRIPTION 624 "The name of the storage area as seen on the hypervisor." 625 ::= { vmStorageEntry 3 } 627 vmIfTable OBJECT-TYPE 628 SYNTAX SEQUENCE OF VmIfEntry 629 MAX-ACCESS not-accessible 630 STATUS current 631 DESCRIPTION 632 "A (conceptual) table of network interfaces attached to 633 guests (virtual machines)." 634 ::= { vmObjects 4 } 636 vmIfEntry OBJECT-TYPE 637 SYNTAX VmIfEntry 638 MAX-ACCESS not-accessible 639 STATUS current 640 DESCRIPTION 641 "An (conceptual) table entry describing a particular 642 network interface attached to a guest (virtual machine)" 643 INDEX { vmGuestIndex, vmIfIndex } 644 ::= { vmIfTable 1 } 646 VmIfEntry ::= SEQUENCE { 647 vmIfGuest GuestIndexOrZero, 648 vmIfIndex InterfaceIndex, 649 vmIfPhysAddr PhysAddress 650 } 652 vmIfGuest OBJECT-TYPE 653 SYNTAX GuestIndexOrZero 654 MAX-ACCESS not-accessible 655 STATUS current 656 DESCRIPTION 657 "Identifies the guest (virtual machine) this network interface 658 has been allocated to. The value 0 indicates that the network 659 interface is currently not allocated to a guest (virtual 660 machine)." 661 ::= { vmIfEntry 1 } 663 vmIfIndex OBJECT-TYPE 664 SYNTAX InterfaceIndex 665 MAX-ACCESS not-accessible 666 STATUS current 667 DESCRIPTION 668 "The interface index of the network interface under which it 669 is known on the system running the hypervisor. If the 670 interface is a port of a virtual bridge, then the port 671 of the virtual bridge should map to this interface index." 672 ::= { vmIfEntry 2 } 674 vmIfPhysAddr OBJECT-TYPE 675 SYNTAX PhysAddress 676 MAX-ACCESS read-only 677 STATUS current 678 DESCRIPTION 679 "The physical address used by the interface. For interfaces 680 associated to a port of a virtual bridge, this object 681 normally contains a MAC address. For interfaces which do not 682 have such an address, this object should contain a 683 zero-length octet string." 684 ::= { vmIfEntry 3 } 686 -- Notification definitions: 688 vmGuestStarted NOTIFICATION-TYPE 689 OBJECTS { 690 vmGuestName, 691 vmGuestUUID, 692 vmGuestState 693 } 694 STATUS current 695 DESCRIPTION 696 "This notification is generated when a guest (virtual machine) 697 has been started and the start process has reached a stable 698 state (e.g., running or crashed)." 699 ::= { vmNotifications 1 } 701 vmGuestStopped NOTIFICATION-TYPE 702 OBJECTS { 703 vmGuestName, 704 vmGuestUUID, 705 vmGuestState 706 } 707 STATUS current 708 DESCRIPTION 709 "This notification is generated when a guest (virtual machine) 710 has been stopped and the shutdown process has reached a stable 711 state (e.g., shutdown or shutoff or crashed)." 712 ::= { vmNotifications 2 } 714 vmGuestSuspended NOTIFICATION-TYPE 715 OBJECTS { 716 vmGuestName, 717 vmGuestUUID, 718 vmGuestState 719 } 720 STATUS current 721 DESCRIPTION 722 "This notification is generated when a guest (virtual machine) 723 has been suspended and the suspension process has reached a 724 stable state (e.g., paused or crashed)." 725 ::= { vmNotifications 3 } 727 vmGuestResumed NOTIFICATION-TYPE 728 OBJECTS { 729 vmGuestName, 730 vmGuestUUID, 731 vmGuestState 732 } 733 STATUS current 734 DESCRIPTION 735 "This notification is generated when a guest (virtual machine) 736 has been resumed and the resumption process has reached a 737 stable state (e.g., running or crashed)." 738 ::= { vmNotifications 4 } 740 -- Compliance definitions: 742 vmGroups OBJECT IDENTIFIER ::= { vmConformance 1 } 743 vmCompliances OBJECT IDENTIFIER ::= { vmConformance 2 } 745 vmFullCompliance MODULE-COMPLIANCE 746 STATUS current 747 DESCRIPTION 748 "Compliance statement for implementations supporting 749 read/write access, according to the object definitions." 750 MODULE -- this module 751 MANDATORY-GROUPS { 752 vmHypervisorGroup, 753 vmGuestGroup, 754 vmStorageGroup, 755 vmIfGroup, 756 vmNotificationGroup 757 } 758 ::= { vmCompliances 1 } 760 vmReadOnlyCompliance MODULE-COMPLIANCE 761 STATUS current 762 DESCRIPTION 763 "Compliance statement for implementations supporting 764 only readonly access." 765 MODULE -- this module 766 MANDATORY-GROUPS { 767 vmHypervisorGroup, 768 vmGuestGroup, 769 vmStorageGroup, 770 vmIfGroup, 771 vmNotificationGroup 772 } 774 OBJECT vmGuestMinCPUs 775 MIN-ACCESS read-only 776 DESCRIPTION 777 "Write access is not required." 779 OBJECT vmGuestMaxCPUs 780 MIN-ACCESS read-only 781 DESCRIPTION 782 "Write access is not required." 784 OBJECT vmGuestMinMem 785 MIN-ACCESS read-only 786 DESCRIPTION 787 "Write access is not required." 789 OBJECT vmGuestMaxMem 790 MIN-ACCESS read-only 791 DESCRIPTION 792 "Write access is not required." 793 ::= { vmCompliances 2 } 795 vmHypervisorGroup OBJECT-GROUP 796 OBJECTS { 797 vmHypervisorVersion 798 } 799 STATUS current 800 DESCRIPTION 801 "A collection of objects providing insight into the 802 hypervisor itself." 803 ::= { vmGroups 1 } 805 vmGuestGroup OBJECT-GROUP 806 OBJECTS { 807 -- vmGuestIndex, 808 vmGuestName, 809 vmGuestUUID, 810 vmGuestState, 811 vmGuestOS, 812 vmGuestCurCPUs, 813 vmGuestMinCPUs, 814 vmGuestMaxCPUs, 815 vmGuestCurMem, 816 vmGuestMinMem, 817 vmGuestMaxMem, 818 vmGuestCPUTime 819 } 820 STATUS current 821 DESCRIPTION 822 "A collection of objects providing insight into the 823 guests (virtual machines) controlled by a hypervisor." 824 ::= { vmGroups 2 } 826 vmStorageGroup OBJECT-GROUP 827 OBJECTS { 828 -- vmStorageGuest, 829 -- vmStorageIndex, 830 vmStorageName 831 } 832 STATUS current 833 DESCRIPTION 834 "A collection of objects providing insight into the 835 logical storage areas controlled by a hypervisor." 836 ::= { vmGroups 3 } 838 vmIfGroup OBJECT-GROUP 839 OBJECTS { 840 -- vmIfGuest, 841 -- vmIfIndex, 842 vmIfPhysAddr 843 } 844 STATUS current 845 DESCRIPTION 846 "A collection of objects providing insight into the 847 network interfaces controlled by a hypervisor." 848 ::= { vmGroups 4 } 850 vmNotificationGroup NOTIFICATION-GROUP 851 NOTIFICATIONS { 852 vmGuestStarted, 853 vmGuestStopped, 854 vmGuestSuspended, 855 vmGuestResumed 856 } 857 STATUS current 858 DESCRIPTION 859 "A collection of notifications for virtual machines 860 controlled by a hypervisor." 861 ::= { vmGroups 5 } 863 END 865 7. Security Considerations 867 There are a number of management objects defined in this MIB module 868 with a MAX-ACCESS clause of read-write and/or read-create. Such 869 objects may be considered sensitive or vulnerable in some network 870 environments. The support for SET operations in a non-secure 871 environment without proper protection can have a negative effect on 872 network operations. These are the tables and objects and their 873 sensitivity/vulnerability: 875 o Unauthorized changes to vmGuestMinCPUs, vmGuestMaxCPUs, 876 vmGuestMinMem, and vmGuestMaxMem can significantly slow down 877 virtual machines or prevent the start of new virtual machines. 879 Some of the readable objects in this MIB module (i.e., objects with a 880 MAX-ACCESS other than not-accessible) may be considered sensitive or 881 vulnerable in some network environments. It is thus important to 882 control even GET and/or NOTIFY access to these objects and possibly 883 to even encrypt the values of these objects when sending them over 884 the network via SNMP. These are the tables and objects and their 885 sensitivity/vulnerability: 887 o The tables vmGuestTable, vmStorageTable, and vmIfTable provide 888 insight into the resources allocated to virtual machines and this 889 knowledge might be exploited for targeted denial of service 890 attacks. 892 o The vmGuestStarted, vmGuestStopped, vmGuestSuspended, and 893 vmGuestResumed notifications provides information about state 894 changes of virtual machines and implicitly also on which physical 895 hosts virtual machines are located. Furthermore, the generation 896 of fake notifications might trigger false alarms and subsequent 897 actions in a network management system, which can amplify denial 898 of service attacks or simply lead to less efficient resource 899 usage. 901 SNMP versions prior to SNMPv3 did not include adequate security. 902 Even if the network itself is secure (for example by using IPsec), 903 even then, there is no control as to who on the secure network is 904 allowed to access and GET/SET (read/change/create/delete) the objects 905 in this MIB module. 907 It is RECOMMENDED that implementers consider the security features as 908 provided by the SNMPv3 framework (see [RFC3410], section 8), 909 including full support for the SNMPv3 cryptographic mechanisms (for 910 authentication and privacy). 912 Further, deployment of SNMP versions prior to SNMPv3 is NOT 913 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 914 enable cryptographic security. It is then a customer/operator 915 responsibility to ensure that the SNMP entity giving access to an 916 instance of this MIB module is properly configured to give access to 917 the objects only to those principals (users) that have legitimate 918 rights to indeed GET or SET (change/create/delete) them. 920 8. IANA Considerations 922 IANA is requested to assign a value for "XXXX" under the 'mib-2' 923 subtree and to record the assignment in the SMI Numbers registry. 924 When the assignment has been made, the RFC Editor is asked to replace 925 "XXXX" (here and in the MIB module) with the assigned value and to 926 remove this note. 928 9. Acknowledgements 930 Thanks to David Black and Robert Story for helpful comments during 931 the development of this specification. 933 10. References 935 10.1. Normative References 937 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 938 Requirement Levels", BCP 14, RFC 2119, March 1997. 940 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 941 Schoenwaelder, Ed., "Structure of Management Information 942 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 944 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 945 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 946 STD 58, RFC 2579, April 1999. 948 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 949 "Conformance Statements for SMIv2", STD 58, RFC 2580, 950 April 1999. 952 [RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", 953 RFC 2790, March 2000. 955 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 956 MIB", RFC 2863, June 2000. 958 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 959 Architecture for Describing Simple Network Management 960 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 961 December 2002. 963 [RFC4133] Bierman, A. and K. McCloghrie, "Entity MIB (Version 3)", 964 RFC 4133, August 2005. 966 10.2. Informative References 968 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 969 "Introduction and Applicability Statements for Internet- 970 Standard Management Framework", RFC 3410, December 2002. 972 [RFC4188] Norseth, K. and E. Bell, "Definitions of Managed Objects 973 for Bridges", RFC 4188, September 2005. 975 [RFC4663] Harrington, D., "Transferring MIB Work from IETF Bridge 976 MIB WG to IEEE 802.1 WG", RFC 4663, September 2006. 978 Appendix A. Open Issues 980 This file is used to track issues that were discussed during the 981 development of the SMIv2 to YANG translation in the IETF NETMOD 982 working group. This issues covered here concern major design choices; 983 this file does not attempt to track minor clarification requests etc. 985 To comment on issues on the mailing list, please include the issue 986 number in the subject line of the email message. 988 * vm-mib-01: storage sizes 990 The MIB does not provide storage sizes, assuming this is provided by 991 the hrStorageTable of the HOST-RESOURCES-MIB. However, some well 992 known implementations of the HOST-RESOURCES-MIB only report about 993 file systems used by the host system and not file systems residing 994 in files used by virtual machines. Furthermore, the hrStorageTable 995 reports sizes "usable by the requesting entity", "excluding loss due 996 to formatting of file system reference information". For storage 997 provided to virtual machines, this information is often not readily 998 available since all you have is the raw block size. 1000 ** Solution #01-01 1002 Provide the storage block sizes as part of the VM-MIB. Provide a 1003 pointer to the hrStorageTable on systems that can provide this 1004 linkage but allow the pointer to be NULL. 1006 ** Resolution 1008 TBD 1010 * vm-mib-02: scaling and caching support 1012 It was mentioned that large data centers are characterized by 1013 100.000 physical hosts running 2.000.000 virtual machines. The NASA 1014 is reported with 1.000.000 physical hosts and 60.000.000 virtual 1015 machines. Bottom line is that we need to make the MIB module 1016 scalable. We can assume up hundreds of VMs running on a single 1017 virtual machine. 1019 ** Solution #02-01 1021 Add ...LastChange objects to tables so that management applications 1022 can easily validate cached information without having to read 1023 through potentially larger tables. For the vmGuestTable, we might 1024 also provide a ...LastStateChange object so that state changes can 1025 be polled with reading a simple scalar. 1027 ** Solution #02-02 1029 Make some tables time filtered. Unclear which tables would have to 1030 be time filtered. 1032 ** Resolution 1034 TBD 1036 * vm-mib-03: virtual cpu type identification 1038 It is necessary to identify the CPU architecture or type since some 1039 virtual machine systems can emulate different CPU types. 1041 ** Solution #03-01 1043 Provide an IANA controlled enumeration that provides a CPU 1044 classification. The problem will be to provide rules about what 1045 constitutes a new CPU type and what not. 1047 ** Solution #03-02 1049 Use OBJECT IDENTITIES to identify CPU types. Such a distributed 1050 enumeration will not achieve a great deal of interoperability 1051 and is likely close to #03-03. 1053 ** Solution #03-03 1055 Use a string data type and rely on systems to put meaningful 1056 information there, perhaps provide guidelines how to structure the 1057 CPU type names, e.g. vendor-arch-model(-features)* that is 1058 amd-x86_64-opteron or intel-i686-pentium3-vmx-acpi (perhaps using a 1059 different separator character since a dash might easily clash). 1060 Applications may have to do some normalization across VM-MIB 1061 implementations (e.g., regular expression matching) but on the 1062 other hand this allows to provide details where necessary. 1064 ** Solution #03-04 1066 Following #03-03, we provide ...GuestCpuVendor, ...GuestCpuArch 1067 and ...GuestCpuModel objects plus an additional table that provides 1068 details about the features of the CPUs used by a certain virtual 1069 machine. This essentially breaks the string into a set of separate 1070 MIB objects. 1072 ** Solution #03-05 1074 Following #03-04, we provide ...GuestCpuVendor, ...GuestCpuArch and 1075 ...GuestCpuModel objects plus a string object containing a list of 1076 features. This way, things are more compact but still the most 1077 important components (vendor, arch, model) are broken out as 1078 separate objects. 1080 ** Resolution 1082 TBD 1084 * vm-mib-04: physical CPU type identification 1086 VM migration sometimes requires to match physical CPUs and more 1087 important also feature sets of physical CPUs. 1089 ** Solution #04-01: 1091 Extend the ENTITY-MIB with a new MIB module, say an ENTITY-CPU-MIB, 1092 providing an entPhyCPUTable, sparsely augmenting the 1093 entPhysicalTable for physical entities with entPhysicalClass = cpu. 1094 The entPhyCPUTable would contain information about CPU vendor, CPU 1095 architecture, CPU mode, CPU features, clock speeds, etc. (see also 1096 vm-mib-03). 1098 ** Resolution 1100 TBD 1102 * vm-mib-05: per virtual cpu statistics 1104 It seems to be useful to provide statistics for each virtual CPU. 1105 However, it remains unclear what can be expected to be provided by a 1106 typical hypervisor implementation. There are a number of things to 1107 consider: 1109 a) Reporting the time the virtual CPU has been running (CPU time 1110 consumed) seems relatively straight forward. 1112 b) Reporting the current state of a virtual CPU requires to first 1113 define a suitable state model that is course grained enough to be 1114 useful (otherwise CPU state changes far too quickly to yield 1115 meaningful results). Libvirt, for example, has CPU states 1116 offline, running, blocked on resource. It is not further defined 1117 what blocked on resource really means. Anyway, with a suitable 1118 state model, the MIB could provide the time spent in the various 1119 CPU states rather than or in addition to the current snapshot 1120 state. 1122 c) Reporting the affinity mapping of virtual CPUs to physical CPUs. 1123 This, of course, requires to have a representation of physical 1124 CPUs. 1126 ** Resolution 1128 TBD 1130 * representing networks (vmNetTable) 1131 Not yet well enough understood to write up this issue. ;-) 1133 Authors' Addresses 1135 Michael MacFaden 1136 VMware Inc. 1138 EMail: mrm@vmware.com 1140 Juergen Schoenwaelder 1141 Jacobs University 1142 Campus Ring 1 1143 Bremen 28759 1144 Germany 1146 EMail: j.schoenwaelder@jacobs-university.de 1148 Tina Tsou 1149 Huawei Technologies (USA) 1150 2330 Central Expressway 1151 Santa Clara CA 95050 1152 USA 1154 EMail: tina.tsou.zouting@huawei.com 1156 Cathy Zhou 1157 Huawei Technologies 1158 Bantian, Longgang District 1159 Shenzhen 518129 1160 P.R. China 1162 EMail: cathyzhou@huawei.com