Template:FAQ:General 13

From Net-SNMP Wiki
Revision as of 09:03, 16 August 2006 by Dts12 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

A full description is probably beyond the scope of this FAQ. Very briefly, the original protocol and framework was described in RFCs 1155-1157, and is now known as SNMPv1.

Practical experience showed up various problems and deficiencies with this, and a number of revised frameworks were developed to try and address these problems. Unfortunately, it proved difficult to achieve any sort of agreement - particularly over the administrative framework to use.

There was less disagreement over the proposed changes to the protocol operations. These included:

  • increasing the range of errors that could be reported
  • introducing "exception values"
    so a single missing value didn't affect the other varbinds in the same request)
  • a new GETBULK operation
    (a supercharged GETNEXT)
  • new notification PDUs
    (closer in structure to the other request PDUs)

Strictly speaking, it's this revised protocol (originally defined in RFC 1905, and most recently in RFC 3416) that is "SNMPv2".

The only framework based on this protocol that saw a significant level of use was "Community-based SNMPv2" or "SNMPv2c" (defined in RFCs 1901-1908). This retained the same administrative framework as SNMPv1 (with all of the accompanying deficiencies), but using the new protocol operations.

More recently, a new administrative framework has been developed, building on the various competing SNMPv2 proposals, and using the same SNMPv2 protocol operations. This is SNMPv3, which is defined in RFCs 3411-3418. It addresses some of the deficiencies of the community-based versions, including significant improvements to the security of SNMP requests (like it finally has some!). SNMPv3 is now a full IETF standard protocol.

Strictly speaking, SNMPv3 just defines a fairly abstract framework, based around the idea of "Security Models" and "Access Control Models". It's this combination of SNMPv3 plus accompanying models that actually provides a working SNMP system. However, the only models in common use are the "User-based Security Model" (RFC 3414) and the "View-based Access Control Model" (RFC 3415). So "SNMPv3" is frequently used to mean the combination of the basic SNMPv3 framework with these two particular models. This is also sometimes described as "SNMPv3/USM".


So in brief:

  • SNMPv2c updated the protocol operations but left the administrative framework unchanged.
  • SNMPv3 updated the administrative framework but left the protocol operations unchanged.