Internet Draft Mark Bakke Jim Muchow Expires September 2003 Cisco Systems Marjorie Krueger Hewlett-Packard Tom McSweeney IBM March 2003 Definitions of Managed Objects for iSCSI Status of this Memo This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.html. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP based internets. In particular it defines objects for managing a client using the iSCSI (SCSI over TCP) protocol. Bakke, Muchow Expires August 2003 [Page 1] Internet Draft iSCSI MIB March 2003 Acknowledgments In addition to the authors, several people contributed to the development of this MIB. Thanks especially to those who took the time to participate in our weekly conference calls to build our requirements, object models, table structures, and attributes: John Hufferd, Tom McSweeney (IBM), Kevin Gibbons (Nishan Systems), Chad Gregory (Intel), Jack Harwood (EMC), Hari Mudaliar (Adaptec), Ie Wei Njoo (Agilent), Lawrence Lamers (SAN Valley), Satish Mali (Stonefly Networks), and William Terrell (Troika). Special thanks to Tom McSweeney, Ie Wei Njoo, and Kevin Gibbons, who wrote the descriptions for many of the tables and attributes in this MIB, to Ayman Ghanem for finding and suggesting changes for many problems in the MIB, and to Keith McCloghrie for serving as advisor to the team. Table of Contents 1. Introduction..............................................3 2. The Internet-Standard Management Framework................3 3. Relationship to Other MIBs................................3 4. Discussion................................................4 4.1. iSCSI MIB Object Model..................................4 4.2. iSCSI MIB Table Structure...............................5 4.3. iscsiInstance...........................................6 4.4. iscsiPortal.............................................7 4.5. iscsiTargetPortal.......................................8 4.6. iscsiInitiatorPortal....................................8 4.7. iscsiNode...............................................8 4.8. iscsiTarget.............................................9 4.9. iscsiTgtAuthorization...................................9 4.10. iscsiInitiator.........................................9 4.11. iscsiIntrAuthorization................................10 4.12. iscsiSession..........................................10 4.13. iscsiConnection.......................................11 4.14. IP Addresses and TCP Port Numbers.....................11 4.15. Descriptors: Using OIDs in Place of Enumerated Types..11 4.16. Notifications.........................................12 5. MIB Definitions..........................................13 6. Security Considerations..................................69 7. Normative References.....................................70 8. Informative References...................................70 9. Authors' Addresses.......................................70 10. IPR Notice..............................................72 11. Full Copyright Notice...................................72 Bakke, Muchow Expires August 2003 [Page 2] Internet Draft iSCSI MIB March 2003 1. Introduction This document defines a MIB for iSCSI [ISCSI], used to manage devices which implement the iSCSI protocol. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 3. Relationship to Other MIBs The iSCSI MIB is layered between the SCSI MIB [SCSI-MIB] (work in progress) and the TCP MIB [RFC2012], and makes use of the IPS Identity Authentication MIB [AUTH-MIB] (work in progress). Here is how the MIBs are related: SCSI MIB Each iscsiNode, whether it has an initiator role, target role, or both, is related to one SCSI device within the SCSI MIB. The iscsiNodeTransportType attribute points to the SCSI transport object within the SCSI MIB, which in turn contains an attribute that points back to the iscsiNode. In this way, a management station can navigate between the two MIBs. TCP MIB Each iSCSI connection is related to one transport-level connection. Currently, iSCSI uses only TCP; the iSCSI connection is related to a TCP connection using its normal (protocol, source address, source port, destination address, destination port) 5-tuple. AUTH MIB Each iSCSI node that serves a target role can have a list of authorized initiators. Each of the entries in this list points to an identity within the IPS Identity Authentication MIB that will be allowed to access the target. iSCSI nodes that serve in an initiator role can Bakke, Muchow Expires August 2003 [Page 3] Internet Draft iSCSI MIB March 2003 also have a list of authorized targets. Each of the entries in this list points to an identity within the Auth MIB to which the initiator should attempt to establish sessions. The Auth MIB includes information used to identify initiators and targets by their iSCSI name, IP address, and/or credentials. 4. Discussion This MIB structure supplies configuration, fault, and statistics information for iSCSI devices [ISCSI]. It is structured around the well-known iSCSI objects, such as targets, initiators, sessions, connections, and the like. This MIB may also be used to configure access to iSCSI targets, by creating iSCSI Portals and authorization list entries. It is worthwhile to note that this is an iSCSI MIB and as such reflects only iSCSI objects. This MIB does not contain information about the SCSI-layer attributes of a device. The SCSI MIB, currently under development, is related to the iSCSI MIB and contains the SCSI information about a device. The iSCSI MIB consists of several "objects", each of which is represented by one or more tables. This section contains a brief description of the "object" hierarchy and a description of each object, followed by a discussion of the actual MIB table structure within the objects. 4.1. iSCSI MIB Object Model The top-level object in this structure is the iSCSI instance, which "contains" all of the other objects. iscsiInstance -- A distinct iSCSI entity within the managed system. iscsiPortal -- An IP address used by this instance iscsiTargetPortal -- Contains portal information relevant when the portal -- is used to listen for connections to its targets. iscsiInitiatorPortal -- Contains portal information relevant when the portal -- is used to initiate connections to other targets. iscsiNode -- An iSCSI node can act as an initiator, a target, or both. -- Contains generic (non-role-specific) information. Bakke, Muchow Expires August 2003 [Page 4] Internet Draft iSCSI MIB March 2003 iscsiTarget -- Target-specific iSCSI node information. iscsiTgtAuth -- A list of initiator identities that are allowed -- access to this target. iscsiInitiator -- Initiator-specific iSCSI node information. iscsiIntrAuth -- A list of target identities to which this initiator -- is configured to establish sessions. iscsiSession -- An active iSCSI session between an initiator and target. -- The session's direction may be Inbound (outside -- initiator to our target) or Outbound (our initiator to -- an outside target). iscsiConnection -- An active TCP connection within an iSCSI session An iSCSI Node can be an initiator, a target, or both. The iSCSI Node's portals may be used to initiate connections (initiator) or listen for connections (target), depending on wither the iSCSI Node is acting as an initiator or target. The iSCSI MIB assumes that any target may be accessed via any portal that can take on a target role, although other access controls not reflected in the MIB might limit this. 4.2. iSCSI MIB Table Structure Each iSCSI object exports of one or more tables: an attributes table, and zero or more statistics tables which augment the attributes table. Since iSCSI is an evolving standard, it is much cleaner to provide statistics and attributes as separate tables, allowing attributes and statistics to be added independently. In a few cases, there are multiple categories of statistics that will likely grow; in this case, an object will contain multiple statistics tables. iscsiObjects iscsiDescriptors iscsiInstance iscsiInstanceAttributesTable iscsiInstanceSsnErrorStatsTable -- Counts abnormal session terminations iscsiPortal iscsiPortalAttributesTable iscsiTargetPortal iscsiTgtPortalAttributesTable iscsiInitiatorPortal iscsiIntrPortalAttributesTable Bakke, Muchow Expires August 2003 [Page 5] Internet Draft iSCSI MIB March 2003 iscsiNode iscsiNodeAttributesTable iscsiTarget iscsiTargetAttributesTable iscsiTargetLoginStatsTable -- Counts successful and unsuccessful logins iscsiTargetLogoutStatsTable -- Counts normal and abnormal logouts iscsiTgtAuthorization iscsiTgtAuthAttributesTable iscsiInitiator iscsiInitiatorAttributesTable iscsiInitiatorLoginStatsTable -- Counts successful and unsuccessful logins iscsiInitiatorLogoutStatsTable -- Counts normal and abnormal logouts iscsiIntrAuthorization iscsiIntrAuthAttributesTable iscsiSession iscsiSessionAttributesTable iscsiSessionStatsTable -- Performance-related counts (requests, responses, bytes) iscsiSessionCxnErrorStatsTable -- Counts digest errors, connection errors, etc. iscsiConnection iscsiConnectionAttributesTable Note that this MIB does not attempt to count everything that could be counted; it is designed to include only those counters that would be useful for identifying performance, security, and fault problems from a management station. 4.3. iscsiInstance The iscsiInstanceAttributesTable is the primary table of the iSCSI MIB. Every table entry in this MIB is "owned" by exactly one iSCSI instance; all other table entries in the MIB include this table's index as their primary index. Most implementations will include just one iSCSI instance row in this table. However, this table exists to allow for multiple virtual instances. For example, many IP routing products now allow multiple virtual routers. The iSCSI MIB has the same premise; a large system could be "partitioned" into multiple, distinct virtual systems. This also allows a single SNMP agent to proxy for multiple subsystems, perhaps a set of stackable devices, each of which have one or even more instances. Bakke, Muchow Expires August 2003 [Page 6] Internet Draft iSCSI MIB March 2003 The instance attributes include the iSCSI vendor and version, as well as information on the last target or initiator at the other end of a session that caused a session failure. The iscsiInstanceSsnErrorStatsTable augments the attributes table, and provides statistics on session failures due to digest, connection, or iSCSI format errors. 4.4. iscsiPortal The iscsiPortalAttributesTable lists iSCSI portals that can either be used to listen for connections to targets, or initiate connections to other targets, or both. Each entry in the table includes an IP address (either v4 or v6), and a transport protocol (currently only TCP is defined). Each entry that fulfills an initiator portal role has a corresponding entry in the iscsiInitiatorPortal table; each entry that has a target portal role has an entry in the iscsiTargetPortal table. Each portal that serves both roles has a corresponding entry in each table. Portal entries, along with their initiator and target portal counterparts, may be created and destroyed through this MIB by a management station. When creating a new portal entry, an iscsiPortal is first created, then the iscsiTargetPortal, iscsiInitiatorPortal, or both. Attributes are added during creation, and may not be subsequently modified. Creating an iscsiTargetPortal will cause the implementation to start listening for iSCSI connections on the portal. Creating an iscsiInitiatorPortal will not necessarily cause connections to be established; it is left to the implementation whether and when to make use of the portal. When deleting a portal entry, all connections associated with that portal entry are terminated. The implementation may either terminate the connection immediately, or request a clean shutdown as specified in [ISCSI]. An outbound connection (when an iscsiInitiatorPortal is deleted) matches the portal if its iscsiCxnLocalAddr matches the iscsiPortalAddr. An inbound connection (when an iscsiTargetPortal is deleted) matches the portal if both its iscsiCxnLocalAddr matches the iscsiPortalAddr, and the iscsiCxnLocalPort matches the iscsiTargetPortalPort. Individual attributes within a portal, initiatorPortal, or targetPortal entry may not be modified. For instance, changing the IP address of a portal requires that the portal entries associated with Bakke, Muchow Expires August 2003 [Page 7] Internet Draft iSCSI MIB March 2003 the old IP address be deleted, and new entries be created (in either order). 4.5. iscsiTargetPortal The iscsiTgtPortalAttributesTable contains target-specific attributes for iSCSI Portals. Entries in this table use the same indices as their corresponding entries in the iscsiPortalAttributesTable. An entry in this table is created when the targetTypePortal bit is set in the iscsiPortalRoles attribute; it is destroyed when this bit is cleared. This table contains the TCP (or other protocol) port on which the socket is listening for incoming connections. It also includes a portal group aggregation tag; iSCSI target portals within this instance sharing the same tag can contain connections within the same session. This table will be empty for iSCSI instances that contain only initiators (such as iSCSI host driver implementations). 4.6. iscsiInitiatorPortal The iscsiIntrPortalAttributesTable contains initiator-specific attributes for iSCSI Portals. Entries in this table use the same indices as their corresponding entries in the iscsiPortalAttributesTable. An entry in this table is created when the initiatorTypePortal bit is set in the iscsiPortalRoles attribute; it is destroyed when this bit is cleared. Each entry in this table contains a portal group aggregation tag, indicating which portals an initiator may use together within a multiple-connection session. This table will be empty for iSCSI instances that contain only targets (such as most iSCSI devices). 4.7. iscsiNode The iscsiNodeAttributesTable contains a list of iSCSI nodes, each of which may have an initiator role, a target role, or both. This table contains the node's attributes which are common to both roles, such as its iSCSI Name and alias string. Attributes specific to initiators or targets are available in the iscsiTarget and iscsiInitiator objects. Each entry in this table that can fulfill a target role has a corresponding entry in the iscsiTarget table; each Bakke, Muchow Expires August 2003 [Page 8] Internet Draft iSCSI MIB March 2003 entry that fulfills an initiator role has an entry in the iscsiInitiator table. Nodes such as copy managers that can take on both roles have a corresponding entry in each table. This table also contains the login negotiations preferences for this node. These objects indicate the values this node will offer or prefer in the operational negotiation phase of the login process. Each entry in the table also contains a RowPointer to the transport table entry in the SCSI MIB which this iSCSI node represents. 4.8. iscsiTarget The iscsiTargetAttributesTable contains target-specific attributes for iSCSI nodes. Each entry in this table uses the same index values as its corresponding iscsiNode entry. This table contains attributes used to indicate the last failure that was (or should have been) sent as a notification or trap. This table is augmented by the iscsiTargetLoginStatsTable and the iscsiTargetLogoutStatsTable, which count the numbers of normal and abnormal logins and logouts to this target. 4.9. iscsiTgtAuthorization The iscsiTgtAuthAttributesTable contains an entry for each initiator identifier that will be allowed to access the target under which it appears. Each entry contains a RowPointer to a user identity in the IPS Identity Authentication MIB, which contains the name, address, and credential information necessary to authenticate the initiator. 4.10. iscsiInitiator The iscsiInitiatorAttributesTable contains a list of initiator- specific attributes for iSCSI nodes. Each entry in this table uses the same index values as its corresponding iscsiNode entry. Most implementations will include a single entry in this table, regardless of the number of physical interfaces the initiator may use. This table is augmented by the iscsiInitiatorLoginStatsTable and the iscsiInitiatorLogoutStatsTable, which count the numbers of normal and abnormal logins and logouts from this initiator. Bakke, Muchow Expires August 2003 [Page 9] Internet Draft iSCSI MIB March 2003 4.11. iscsiIntrAuthorization The iscsiIntrAuthAttributesTable contains an entry for each target identifier to which the initiator is configured to establish a session. Each entry contains a RowPointer to a user identity in the IPS Identity Authentication MIB, which contains the name, address, and credential information necessary to identify (for discovery purposes) and authenticate the target. 4.12. iscsiSession The iscsiSessionAttributesTable contains a set of rows that list the sessions known to be existing locally for each node in each iSCSI instance. The session type for each session indicates whether the session is used for normal SCSI commands or for discovery using the SendTargets text command. Discovery sessions that do not belong to any particular node have a node index attribute of zero. The session direction for each session indicates whether it is an Inbound Session or an Outbound Session. Inbound sessions are from some other initiator to the target node under which the session appears. Outbound sessions are from the initiator node under which the session appears to a target outside this iSCSI instance. Many attributes may be negotiated when starting an iSCSI session. Most of these attributes are included in the session object. Some attributes, such as the integrity and authentication schemes, have some standard values which can be extended by vendors to include their own schemes. These contain an object identifier, rather than the expected enumerated type, to allow these values to be extended by other MIBs, such as an enterprise MIB. The iscsiSessionStatsTable includes statistics related to performance; it counts iSCSI data bytes and PDUs. For implementations that support error recovery without terminating a session, the iscsiSessionCxnErrorStatsTable contains counters for the numbers of digest and connection errors that have occurred within the session. Bakke, Muchow Expires August 2003 [Page 10] Internet Draft iSCSI MIB March 2003 4.13. iscsiConnection The iscsiConnectionAttributesTable contains a list of active connections within each session. It contains the IP addresses and TCP (or other protocol) ports of both the local and remote side of the connection. These may be used to locate other connection-related information and statistics in the TCP MIB [RFC2012]. The attributes table also contains a connection state. This state is not meant to directly map to the state tables included within the iSCSI specification; they are meant to be simplified, higher-level definitions of connection state that provide information more useful to a user or network manager. No statistics are kept for connections. 4.14. IP Addresses and TCP Port Numbers The IP addresses in this MIB are represented by two attributes, one of type InetAddressType, and the other of type InetAddress. These are taken from [RFC3291], which specifies how to support addresses that may be either IPv4 or IPv6. The TCP port numbers that appear in a few of the structures are described as simply port numbers, with a protocol attribute indicating whether they are TCP ports, or something else. This will allow the MIB to be compatible with iSCSI over transports other than TCP in the future. 4.15. Descriptors: Using OIDs in Place of Enumerated Types The iSCSI MIB has a few attributes, such as the authentication and digest method attributes, where an enumerated type would work well, except that an implementation may need to extend the attribute and add types of its own. To make this work, the MIB defines a set of object identities within the iscsiDescriptors subtree. Each of these object identities is basically an enumerated type. Attributes that make use of these object identities have a value which is an OID instead of an enumerated type. These OIDs can either indicate the object identities defined in this MIB, or object identities defined elsewhere, such as in an enterprise MIB. Those implementations that add their own authentication and digest methods should also define a corresponding object identity for each of these methods within their own enterprise MIB, and return its OID whenever one of these attributes is using that method. Bakke, Muchow Expires August 2003 [Page 11] Internet Draft iSCSI MIB March 2003 4.16. Notifications Three notifications are provided. One is sent by an initiator detecting a critical login failure; another is sent by a target detecting a critical login failure, and the third is sent upon a session being terminated due to an abnormal connection or digest failure. Critical failures are defined as those that may expose security-related problems that may require immediate action, such as failures due to authentication, authorization, or negotiation problems. Attributes in the initiator, target, and instance objects provide the information necessary to send in the notification, such as the initiator or target name and IP address at the other end that may have caused the failure. To avoid sending an excessive number of notifications due to multiple errors counted, an SNMP agent implementing the iSCSI MIB should not send more than three iSCSI notifications in any 10-second period. The 3-in-10 rule was chosen because one notification every three seconds was deemed often enough, but should two or three different notifications happen at the same time, it would not be desirable to suppress them. Three notifications in ten seconds is a happy medium, where a short burst of notifications is allowed, without inundating the network and/or trap host with a large number of notifications. Bakke, Muchow Expires August 2003 [Page 12] Internet Draft iSCSI MIB March 2003 5. MIB Definitions ISCSI-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, NOTIFICATION-TYPE, Unsigned32, Counter32, Counter64, Gauge32, experimental FROM SNMPv2-SMI TEXTUAL-CONVENTION, TruthValue, RowPointer, TimeStamp, RowStatus, AutonomousType FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- RFC 2571 InetAddressType, InetAddress FROM INET-ADDRESS-MIB -- RFC 3291 ; iscsiModule MODULE-IDENTITY LAST-UPDATED "200211010000Z" -- November 1, 2002 ORGANIZATION "IETF IPS Working Group" CONTACT-INFO " Mark Bakke Postal: Cisco Systems, Inc 6450 Wedgwood Road, Suite 130 Maple Grove, MN USA 55311 Tel: +1 763-398-1000 Fax: +1 763-398-1001 E-mail: mbakke@cisco.com Marjorie Krueger Postal: Hewlett-Packard Networked Storage Architecture Networked Storage Solutions Org. 8000 Foothills Blvd. Roseville, CA 95747 Bakke, Muchow Expires August 2003 [Page 13] Internet Draft iSCSI MIB March 2003 Tel: +1 916-785-2656 Tel: +1 916-785-0391 E-mail: marjorie_krueger@hp.com Tom McSweeney Postal: IBM Corporation 600 Park Offices Drive Research Triangle Park, NC USA 27709 Tel: +1-919-254-5634 Fax: +1-919-254-0391 E-mail: rf42tpme@us.ibm.com Jim Muchow Postal: Cisco Systems, Inc 6450 Wedgwood Road, Suite 130 Maple Grove, MN USA 55311 Tel: +1 763-398-1000 Fax: +1 763-398-1001 E-mail: jmuchow@cisco.com" DESCRIPTION "The iSCSI Protocol MIB module." REVISION "200211010000Z" -- November 11, 2002 DESCRIPTION "Initial revision published as RFC xxxx." -- ::= { mib-2 xx } to be assigned by IANA. -- in case you want to COMPILE ::= { experimental 9999 } iscsiObjects OBJECT IDENTIFIER ::= { iscsiModule 1 } iscsiNotifications OBJECT IDENTIFIER ::= { iscsiModule 2 } iscsiConformance OBJECT IDENTIFIER ::= { iscsiModule 3 } -- Textual Conventions IscsiTransportProtocols ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION Bakke, Muchow Expires August 2003 [Page 14] Internet Draft iSCSI MIB March 2003 "This data type is used to define the transport protocols that will carry iSCSI PDUs." REFERENCE "RFC791, RFC1700 The presently known, officially delegated numbers can be found at: http://www.iana.org/assignments/protocol-numbers" SYNTAX INTEGER (0..255) IscsiDigestMethod ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This data type represents the methods possible for digest negotiation. none - a placeholder for a secondary digest method that means only the primary method can be used. other - a digest method other than those defined below; noDigest - does not support digests (will operate without a digest (NOTE: implementations must support digests to be compliant with the iSCSI RFC); CRC32c - require a CRC32C digest." SYNTAX INTEGER { none(1), other(2), noDigest(3), crc32c(4) } IscsiName ::= TEXTUAL-CONVENTION DISPLAY-HINT "223a" STATUS current DESCRIPTION "This data type is a local refinement of the SnmpAdminString used to define an iSCSI Name." REFERENCE "iSCSI Protocol Specification, Section 3.2.6, iSCSI Names." SYNTAX OCTET STRING (SIZE(16..223)) ------------------------------------------------------------------------ iscsiDescriptors OBJECT IDENTIFIER ::= { iscsiObjects 1 } iscsiHeaderIntegrityTypes OBJECT IDENTIFIER ::= { iscsiDescriptors 1 } iscsiHdrIntegrityNone OBJECT-IDENTITY STATUS current Bakke, Muchow Expires August 2003 [Page 15] Internet Draft iSCSI MIB March 2003 DESCRIPTION "The authoritative identifier when no integrity scheme (for either the header or data) is being used." REFERENCE "iSCSI Protocol Specification." ::= { iscsiHeaderIntegrityTypes 1 } iscsiHdrIntegrityCrc32c OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the integrity scheme (for either the header or data) is CRC-32c." REFERENCE "iSCSI Protocol Specification." ::= { iscsiHeaderIntegrityTypes 2 } iscsiDataIntegrityTypes OBJECT IDENTIFIER ::= { iscsiDescriptors 2 } iscsiDataIntegrityNone OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when no integrity scheme (for either the header or data) is being used." REFERENCE "iSCSI Protocol Specification." ::= { iscsiDataIntegrityTypes 1 } iscsiDataIntegrityCrc32c OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the integrity scheme (for either the header or data) is CRC-32c." REFERENCE "iSCSI Protocol Specification." ::= { iscsiDataIntegrityTypes 2 } ---------------------------------------------------------------------- iscsiInstance OBJECT IDENTIFIER ::= { iscsiObjects 2 } -- Instance Attributes Table iscsiInstanceAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiInstanceAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of iSCSI instances present on the system." ::= { iscsiInstance 1 } Bakke, Muchow Expires August 2003 [Page 16] Internet Draft iSCSI MIB March 2003 iscsiInstanceAttributesEntry OBJECT-TYPE SYNTAX IscsiInstanceAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a particular iSCSI instance." INDEX { iscsiInstIndex } ::= { iscsiInstanceAttributesTable 1 } IscsiInstanceAttributesEntry ::= SEQUENCE { iscsiInstIndex Unsigned32, iscsiInstDescr SnmpAdminString, iscsiInstVersionMin INTEGER, iscsiInstVersionMax INTEGER, iscsiInstVendorID SnmpAdminString, iscsiInstVendorVersion SnmpAdminString, iscsiInstPortalNumber Unsigned32, iscsiInstNodeNumber Unsigned32, iscsiInstSessionNumber Unsigned32, iscsiInstSsnFailures Counter32, iscsiInstLastSsnFailureType AutonomousType, iscsiInstLastSsnRmtNodeName IscsiName } iscsiInstIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular ISCSI instance." ::= { iscsiInstanceAttributesEntry 1 } iscsiInstDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string, determined by the implementation to describe the iSCSI instance. When only a single instance is present, this object may be set to the zero-length string; with multiple iSCSI instances, it may be used in an implementation-dependent manner to describe the purpose of the respective instance." ::= { iscsiInstanceAttributesEntry 2 } iscsiInstVersionMin OBJECT-TYPE Bakke, Muchow Expires August 2003 [Page 17] Internet Draft iSCSI MIB March 2003 SYNTAX INTEGER (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The minimum version number of the iSCSI specification such that this iSCSI instance supports this minimum value, the maximum value indicated by the corresponding instance in iscsiInstVersionMax, and all versions in between." ::= { iscsiInstanceAttributesEntry 3 } iscsiInstVersionMax OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum version number of the iSCSI specification such that this iSCSI instance supports this maximum value, the minimum value indicated by the corresponding instance in iscsiInstVersionMin, and all versions in between." ::= { iscsiInstanceAttributesEntry 4 } iscsiInstVendorID OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string describing the manufacturer of the implementation of this instance." ::= { iscsiInstanceAttributesEntry 5 } iscsiInstVendorVersion OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string set by the manufacturer describing the version of the implementation of this instance. The format of this string is determined solely by the manufacturer, and is for informational purposes only. It is unrelated to the iSCSI specification version numbers." ::= { iscsiInstanceAttributesEntry 6 } iscsiInstPortalNumber OBJECT-TYPE SYNTAX Unsigned32 UNITS "transport endpoints" MAX-ACCESS read-only Bakke, Muchow Expires August 2003 [Page 18] Internet Draft iSCSI MIB March 2003 STATUS current DESCRIPTION "The number of rows in the iscsiPortalAttributesTable which are currently associated with this iSCSI instance." ::= { iscsiInstanceAttributesEntry 7 } iscsiInstNodeNumber OBJECT-TYPE SYNTAX Unsigned32 UNITS "Internet Network Addresses" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of rows in the iscsiNodeAttributesTable which are currently associated with this iSCSI instance." ::= { iscsiInstanceAttributesEntry 8 } iscsiInstSessionNumber OBJECT-TYPE SYNTAX Unsigned32 UNITS "sessions" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of rows in the iscsiSessionAttributesTable which are currently associated with this iSCSI instance." ::= { iscsiInstanceAttributesEntry 9 } iscsiInstSsnFailures OBJECT-TYPE SYNTAX Counter32 UNITS "sessions" MAX-ACCESS read-only STATUS current DESCRIPTION "This object counts the number of times a session belonging to this instance has been failed." ::= { iscsiInstanceAttributesEntry 10 } iscsiInstLastSsnFailureType OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-only STATUS current DESCRIPTION "The counter object in the iscsiInstSsnErrorStatsTable that was incremented when the last session failure occurred. If the reason for failure is not found in the iscsiInstSsnErrorStatsTable, the value { 0.0 } is used instead." ::= { iscsiInstanceAttributesEntry 11 } Bakke, Muchow Expires August 2003 [Page 19] Internet Draft iSCSI MIB March 2003 iscsiInstLastSsnRmtNodeName OBJECT-TYPE SYNTAX IscsiName MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string describing the name of the remote node from the failed session." ::= { iscsiInstanceAttributesEntry 12 } -- Instance Session Failure Stats Table iscsiInstanceSsnErrorStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiInstanceSsnErrorStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of error types that will cause a session failure." ::= { iscsiInstance 2 } iscsiInstanceSsnErrorStatsEntry OBJECT-TYPE SYNTAX IscsiInstanceSsnErrorStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a particular iSCSI instance." AUGMENTS { iscsiInstanceAttributesEntry } ::= { iscsiInstanceSsnErrorStatsTable 1 } IscsiInstanceSsnErrorStatsEntry ::= SEQUENCE { iscsiInstSsnDigestErrors Counter32, iscsiInstSsnCxnTimeoutErrors Counter32, iscsiInstSsnFormatErrors Counter32 } iscsiInstSsnDigestErrors OBJECT-TYPE SYNTAX Counter32 UNITS "sessions" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of sessions which were failed due to receipt of a PDU containing header or data digest errors." ::= { iscsiInstanceSsnErrorStatsEntry 1 } iscsiInstSsnCxnTimeoutErrors OBJECT-TYPE SYNTAX Counter32 UNITS "sessions" Bakke, Muchow Expires August 2003 [Page 20] Internet Draft iSCSI MIB March 2003 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of sessions which were failed due to a sequence exceeding a time limit." ::= { iscsiInstanceSsnErrorStatsEntry 2 } iscsiInstSsnFormatErrors OBJECT-TYPE SYNTAX Counter32 UNITS "sessions" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of sessions which were failed due to receipt of a PDU which contained a format error." ::= { iscsiInstanceSsnErrorStatsEntry 3 } ---------------------------------------------------------------------- iscsiPortal OBJECT IDENTIFIER ::= { iscsiObjects 3 } -- Portal Attributes Table iscsiPortalAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiPortalAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of transport endpoints (using TCP or another transport protocol) used by this iSCSI instance. An iSCSI instance may use a portal to listen for incoming connections to its targets, to initiate connections to other targets, or both." ::= { iscsiPortal 1 } iscsiPortalAttributesEntry OBJECT-TYPE SYNTAX IscsiPortalAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a particular portal instance." INDEX { iscsiInstIndex, iscsiPortalIndex } ::= { iscsiPortalAttributesTable 1 } IscsiPortalAttributesEntry ::= SEQUENCE { iscsiPortalIndex Unsigned32, iscsiPortalRowStatus RowStatus, iscsiPortalRoles BITS, Bakke, Muchow Expires August 2003 [Page 21] Internet Draft iSCSI MIB March 2003 iscsiPortalAddrType InetAddressType, iscsiPortalAddr InetAddress, iscsiPortalProtocol IscsiTransportProtocols, iscsiPortalMaxRecvDataSegLength INTEGER, iscsiPortalPrimaryHdrDigest IscsiDigestMethod, iscsiPortalPrimaryDataDigest IscsiDigestMethod, iscsiPortalSecondaryHdrDigest IscsiDigestMethod, iscsiPortalSecondaryDataDigest IscsiDigestMethod, iscsiPortalRecvMarker TruthValue } iscsiPortalIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular transport endpoint within this iSCSI instance." ::= { iscsiPortalAttributesEntry 1 } iscsiPortalRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of the row." ::= { iscsiPortalAttributesEntry 2 } iscsiPortalRoles OBJECT-TYPE SYNTAX BITS { targetTypePortal(0), initiatorTypePortal(1) } MAX-ACCESS read-create STATUS current DESCRIPTION "A portal can operate in one or both of two roles: as a target portal and/or an initiator portal. If the portal will operate in both roles, both bits must be set. This object will define a corresponding row that will exist or must be created in the iscsiTgtPortalAttributesTable, the iscsiIntrPortalAttributesTable or both. If the targetTypePortal bit is set, a corresponding iscsiTgtPortalAttributesEntry will be found or must be created. If the initiatorTypePortal bit is set, Bakke, Muchow Expires August 2003 [Page 22] Internet Draft iSCSI MIB March 2003 a corresponding iscsiIntrPortalAttributesEntry will be found or must be created. If both bits are set, a corresponding iscsiTgtPortalAttributesEntry and iscsiIntrPortalAttributesEntry will be found or must be created." ::= { iscsiPortalAttributesEntry 3 } iscsiPortalAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet Network Address contained in the corresponding instance of the iscsiPortalAddr." DEFVAL { ipv4 } ::= { iscsiPortalAttributesEntry 4 } iscsiPortalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The portal's Internet Network Address." ::= { iscsiPortalAttributesEntry 5 } iscsiPortalProtocol OBJECT-TYPE SYNTAX IscsiTransportProtocols MAX-ACCESS read-create STATUS current DESCRIPTION "The portal's transport protocol." DEFVAL { 6 } -- TCP ::= { iscsiPortalAttributesEntry 6 } iscsiPortalMaxRecvDataSegLength OBJECT-TYPE SYNTAX INTEGER (512..16777215) MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum PDU length this portal can receive. This may be constrained by hardware characteristics and individual implementations may choose not to allow this object to be changed." DEFVAL { 8192 } ::= { iscsiPortalAttributesEntry 7 } iscsiPortalPrimaryHdrDigest OBJECT-TYPE SYNTAX IscsiDigestMethod Bakke, Muchow Expires August 2003 [Page 23] Internet Draft iSCSI MIB March 2003 MAX-ACCESS read-create STATUS current DESCRIPTION "The preferred header digest for this portal." DEFVAL { crc32c } ::= { iscsiPortalAttributesEntry 8 } iscsiPortalPrimaryDataDigest OBJECT-TYPE SYNTAX IscsiDigestMethod MAX-ACCESS read-create STATUS current DESCRIPTION "The preferred data digest method for this portal." DEFVAL { crc32c } ::= { iscsiPortalAttributesEntry 9 } iscsiPortalSecondaryHdrDigest OBJECT-TYPE SYNTAX IscsiDigestMethod MAX-ACCESS read-create STATUS current DESCRIPTION "An alternate header digest preference for this portal." DEFVAL { noDigest } ::= { iscsiPortalAttributesEntry 10 } iscsiPortalSecondaryDataDigest OBJECT-TYPE SYNTAX IscsiDigestMethod MAX-ACCESS read-create STATUS current DESCRIPTION "An alternate data digest preference for this portal." DEFVAL { noDigest } ::= { iscsiPortalAttributesEntry 11 } iscsiPortalRecvMarker OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates whether or not this portal will request markers in it's incoming data stream." DEFVAL { false } ::= { iscsiPortalAttributesEntry 12 } ---------------------------------------------------------------------- iscsiTargetPortal OBJECT IDENTIFIER ::= { iscsiObjects 4 } -- Target Portal Attributes Table Bakke, Muchow Expires August 2003 [Page 24] Internet Draft iSCSI MIB March 2003 iscsiTgtPortalAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiTgtPortalAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of transport endpoints (using TCP or another transport protocol) on which this iSCSI instance listens for incoming connections to its targets." ::= { iscsiTargetPortal 1 } iscsiTgtPortalAttributesEntry OBJECT-TYPE SYNTAX IscsiTgtPortalAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a particular portal instance that is used to listen for incoming connections to local targets. This row is populated for each iscsiPortalAttributesEntry row that may be used as a target portal." INDEX { iscsiInstIndex, iscsiPortalIndex } ::= { iscsiTgtPortalAttributesTable 1 } IscsiTgtPortalAttributesEntry ::= SEQUENCE { iscsiTgtPortalPort Unsigned32, iscsiTgtPortalTag INTEGER } iscsiTgtPortalPort OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The portal's transport protocol port number on which the portal listens for incoming iSCSI connections when the portal is used as a target portal." ::= { iscsiTgtPortalAttributesEntry 1 } iscsiTgtPortalTag OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The portal's aggregation tag when portal is used as a target portal. Multiple-connection sessions may be aggregated over portals sharing an identical aggregation tag." ::= { iscsiTgtPortalAttributesEntry 2 } Bakke, Muchow Expires August 2003 [Page 25] Internet Draft iSCSI MIB March 2003 ---------------------------------------------------------------------- iscsiInitiatorPortal OBJECT IDENTIFIER ::= { iscsiObjects 5 } -- Initiator Portal Attributes Table iscsiIntrPortalAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiIntrPortalAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of Internet Network Addresses (using TCP or another transport protocol) from which this iSCSI instance may initiate connections to other targets." ::= { iscsiInitiatorPortal 1 } iscsiIntrPortalAttributesEntry OBJECT-TYPE SYNTAX IscsiIntrPortalAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a particular portal instance that is used to initiate connections to iSCSI targets. This row is populated for each iscsiPortalAttributesEntry row that may be used as an initiator portal." INDEX { iscsiInstIndex, iscsiPortalIndex } ::= { iscsiIntrPortalAttributesTable 1 } IscsiIntrPortalAttributesEntry ::= SEQUENCE { iscsiIntrPortalTag INTEGER } iscsiIntrPortalTag OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The portal's aggregation tag when the portal is used as an initiator portal. Multiple-connection sessions may be aggregated over portals sharing an identical aggregation tag." ::= { iscsiIntrPortalAttributesEntry 1 } ---------------------------------------------------------------------- iscsiNode OBJECT IDENTIFIER ::= { iscsiObjects 6 } Bakke, Muchow Expires August 2003 [Page 26] Internet Draft iSCSI MIB March 2003 -- Node Attributes Table iscsiNodeAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiNodeAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of iSCSI nodes belonging to each iSCSI instance present on the local system. An iSCSI node can act as an initiator, a target, or both." ::= { iscsiNode 1 } iscsiNodeAttributesEntry OBJECT-TYPE SYNTAX IscsiNodeAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a particular iSCSI node." INDEX { iscsiInstIndex, iscsiNodeIndex } ::= { iscsiNodeAttributesTable 1 } IscsiNodeAttributesEntry ::= SEQUENCE { iscsiNodeIndex Unsigned32, iscsiNodeName IscsiName, iscsiNodeAlias SnmpAdminString, iscsiNodeRoles BITS, iscsiNodeTransportType RowPointer, iscsiNodeInitialR2T TruthValue, iscsiNodeImmediateData TruthValue, iscsiNodeMaxOutstandingR2T INTEGER, iscsiNodeFirstBurstLength INTEGER, iscsiNodeMaxBurstLength INTEGER, iscsiNodeMaxConnections INTEGER, iscsiNodeDataSequenceInOrder TruthValue, iscsiNodeDataPDUInOrder TruthValue, iscsiNodeDefaultTime2Wait INTEGER, iscsiNodeDefaultTime2Retain INTEGER, iscsiNodeErrorRecoveryLevel INTEGER } iscsiNodeIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular node within an iSCSI instance present on the local system." Bakke, Muchow Expires August 2003 [Page 27] Internet Draft iSCSI MIB March 2003 ::= { iscsiNodeAttributesEntry 1 } iscsiNodeName OBJECT-TYPE SYNTAX IscsiName MAX-ACCESS read-only STATUS current DESCRIPTION "A character string that is a globally unique identifier for this iSCSI node. The node name is independent of the location of the node, and can be resolved into a set of addresses through various discovery services." ::= { iscsiNodeAttributesEntry 2 } iscsiNodeAlias OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A character string that is a human-readable name or description of the iSCSI node. If configured, this alias may be communicated to the initiator or target node at the remote end of the connection during a Login Request or Response message. This string is not used as an identifier, but can be displayed by the system's user interface in a list of initiators and/or targets to which it is connected. If no alias exists, the value is a zero-length string." ::= { iscsiNodeAttributesEntry 3 } iscsiNodeRoles OBJECT-TYPE SYNTAX BITS { targetTypeNode(0), initiatorTypeNode(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "A node can operate in one or both of two roles: a target role and/or an initiator role. If the node will operate in both roles, both bits must be set. This object will also define the corresponding rows that will exist in the iscsiTargetAttributesTable, the iscsiInitiatorAttributesTable or both. If the targetTypeNode bit is set, there will be a corresponding iscsiTargetAttributesEntry. If the initiatorTypeNode bit is set, there will be a corresponding Bakke, Muchow Expires August 2003 [Page 28] Internet Draft iSCSI MIB March 2003 iscsiInitiatorAttributesEntry. If both bits are set, there will be a corresponding iscsiTgtPortalAttributesEntry and iscsiPortalAttributesEntry." ::= { iscsiNodeAttributesEntry 4 } iscsiNodeTransportType OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-only STATUS current DESCRIPTION "A pointer to the corresponding row in the appropriate table for this SCSI transport, thereby allowing management stations to locate the SCSI-level device that is represented by this iscsiNode. For example, it could point to the corresponding scsiTrnspt object in the SCSI MIB. If no corresponding row exists, the value 0.0 must be used to indicate this." REFERENCE "SCSI-MIB" ::= { iscsiNodeAttributesEntry 5 } iscsiNodeInitialR2T OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the InitialR2T preference for this node: True = YES, False = will try to negotiate NO, will accept YES " ::= { iscsiNodeAttributesEntry 6 } iscsiNodeImmediateData OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates ImmediateData preference for this node True = YES (but will accept NO), False = NO " DEFVAL { true } ::= { iscsiNodeAttributesEntry 7 } iscsiNodeMaxOutstandingR2T OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write Bakke, Muchow Expires August 2003 [Page 29] Internet Draft iSCSI MIB March 2003 STATUS current DESCRIPTION "Maximum number of outstanding R2Ts allowed per ISCSI task." DEFVAL { 1 } ::= { iscsiNodeAttributesEntry 8 } iscsiNodeFirstBurstLength OBJECT-TYPE SYNTAX INTEGER (512..16777215) UNITS "bytes" MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum length (bytes) supported for unsolicited data to/from this node." DEFVAL { 65536 } ::= { iscsiNodeAttributesEntry 9 } iscsiNodeMaxBurstLength OBJECT-TYPE SYNTAX INTEGER (512..16777215) UNITS "bytes" MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum number of bytes which can be sent within a single sequence of Data-In or Data-Out PDUs." DEFVAL { 262144 } ::= { iscsiNodeAttributesEntry 10 } iscsiNodeMaxConnections OBJECT-TYPE SYNTAX INTEGER (1..65535) UNITS "connections" MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum number of connections allowed in each session to and/or from this node." DEFVAL { 1 } ::= { iscsiNodeAttributesEntry 11 } iscsiNodeDataSequenceInOrder OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The DataSequenceInOrder preference of this node. False (=No) indicates that iSCSI data PDU sequences may be transferred in any order. True (=Yes) indicates that data PDU sequences must be transferred using Bakke, Muchow Expires August 2003 [Page 30] Internet Draft iSCSI MIB March 2003 continuously increasing offsets, except during error recovery." DEFVAL { true } ::= { iscsiNodeAttributesEntry 12 } iscsiNodeDataPDUInOrder OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The DataPDUInOrder preference of this node. False (=No) indicates that iSCSI data PDUs within sequences may be in any order. True (=Yes) indicates that data PDUs within sequences must be at continuously increasing addresses, with no gaps or overlay between PDUs." DEFVAL { true } ::= { iscsiNodeAttributesEntry 13 } iscsiNodeDefaultTime2Wait OBJECT-TYPE SYNTAX INTEGER (0..3600) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The DefaultTime2Wait preference of this node. This is the minimum time, in seconds, to wait before attempting an explicit/implicit logout or active iSCSI task reassignment after an unexpected connection termination or a connection reset." DEFVAL { 2 } ::= { iscsiNodeAttributesEntry 14 } iscsiNodeDefaultTime2Retain OBJECT-TYPE SYNTAX INTEGER (0..3600) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The DefaultTime2Retain preference of this node. This is the maximum time, in seconds after an initial wait (Time2Wait), before which an active iSCSI task reassignment is still possible after an unexpected connection termination or a connection reset." DEFVAL { 20 } ::= { iscsiNodeAttributesEntry 15 } iscsiNodeErrorRecoveryLevel OBJECT-TYPE SYNTAX INTEGER (0..255) Bakke, Muchow Expires August 2003 [Page 31] Internet Draft iSCSI MIB March 2003 MAX-ACCESS read-write STATUS current DESCRIPTION "The ErrorRecoveryLevel preference of this node. Currently, only 0-2 are valid. This object is designed to accommodate future error recover levels. Higher error recovery levels imply support in addition to support for the lower error level functions. In other words, error level 2 implies support for levels 0-1, since those functions are subsets of error level 2." DEFVAL { 0 } ::= { iscsiNodeAttributesEntry 16 } ---------------------------------------------------------------------- iscsiTarget OBJECT IDENTIFIER ::= { iscsiObjects 7 } -- Target Attributes Table iscsiTargetAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiTargetAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of iSCSI nodes that can take on a target role, belonging to each iSCSI instance present on the local system." ::= { iscsiTarget 1 } iscsiTargetAttributesEntry OBJECT-TYPE SYNTAX IscsiTargetAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a particular node that can take on a target role." INDEX { iscsiInstIndex, iscsiNodeIndex } ::= { iscsiTargetAttributesTable 1 } IscsiTargetAttributesEntry ::= SEQUENCE { iscsiTgtLoginFailures Counter32, iscsiTgtLastFailureTime TimeStamp, iscsiTgtLastFailureType AutonomousType, iscsiTgtLastIntrFailureName IscsiName, iscsiTgtLastIntrFailureAddrType InetAddressType, iscsiTgtLastIntrFailureAddr InetAddress } Bakke, Muchow Expires August 2003 [Page 32] Internet Draft iSCSI MIB March 2003 iscsiTgtLoginFailures OBJECT-TYPE SYNTAX Counter32 UNITS "failed login attempts" MAX-ACCESS read-only STATUS current DESCRIPTION "This object counts the number of times a login attempt to this local target has failed." ::= { iscsiTargetAttributesEntry 1 } iscsiTgtLastFailureTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The timestamp of the most recent failure of a login attempt to this target. A value of zero indicates that no such failures have occurred since the last system boot." ::= { iscsiTargetAttributesEntry 2 } iscsiTgtLastFailureType OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the most recent failure of a login attempt to this target, represented as the OID of the counter object in iscsiTargetLoginStatsTable for which the relevant instance was incremented. A value of 0.0 indicates a type which is not represented by any of the counters in iscsiTargetLoginStatsTable." ::= { iscsiTargetAttributesEntry 3 } iscsiTgtLastIntrFailureName OBJECT-TYPE SYNTAX IscsiName MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string giving the name of the initiator that failed the last login attempt." ::= { iscsiTargetAttributesEntry 4 } iscsiTgtLastIntrFailureAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of Internet Network Address contained in the Bakke, Muchow Expires August 2003 [Page 33] Internet Draft iSCSI MIB March 2003 corresponding instance of the iscsiTgtLastIntrFailureAddr." ::= { iscsiTargetAttributesEntry 5 } iscsiTgtLastIntrFailureAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "An Internet Network Address giving the host address of the initiator that failed the last login attempt." ::= { iscsiTargetAttributesEntry 6 } -- Target Login Stats Table iscsiTargetLoginStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiTargetLoginStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of counters which keep a record of the results of initiators' login attempts to this target." ::= { iscsiTarget 2 } iscsiTargetLoginStatsEntry OBJECT-TYPE SYNTAX IscsiTargetLoginStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing counters for each result of a login attempt to this target." AUGMENTS { iscsiTargetAttributesEntry } ::= { iscsiTargetLoginStatsTable 1 } IscsiTargetLoginStatsEntry ::= SEQUENCE { iscsiTgtLoginAccepts Counter32, iscsiTgtLoginOtherFails Counter32, iscsiTgtLoginRedirects Counter32, iscsiTgtLoginAuthorizeFails Counter32, iscsiTgtLoginAuthenticateFails Counter32, iscsiTgtLoginNegotiateFails Counter32 } iscsiTgtLoginAccepts OBJECT-TYPE SYNTAX Counter32 UNITS "successful logins" MAX-ACCESS read-only STATUS current DESCRIPTION Bakke, Muchow Expires August 2003 [Page 34] Internet Draft iSCSI MIB March 2003 "The count of Login Response PDUs with status 0x0000, Accept Login, transmitted by this target." ::= { iscsiTargetLoginStatsEntry 1 } iscsiTgtLoginOtherFails OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Login Response PDUs which were transmitted by this target, and which were not counted by any other object in the row." ::= { iscsiTargetLoginStatsEntry 2 } iscsiTgtLoginRedirects OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs with status class 0x01, Redirection, transmitted by this target." ::= { iscsiTargetLoginStatsEntry 3 } iscsiTgtLoginAuthorizeFails OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs with status 0x0202, Forbidden Target, transmitted by this target. If this counter is incremented, an iscsiTgtLoginFailure notification should be generated." ::= { iscsiTargetLoginStatsEntry 4 } iscsiTgtLoginAuthenticateFails OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs with status 0x0201, Authentication Failed, transmitted by this target Bakke, Muchow Expires August 2003 [Page 35] Internet Draft iSCSI MIB March 2003 If this counter is incremented, an iscsiTgtLoginFailure notification should be generated." ::= { iscsiTargetLoginStatsEntry 5 } iscsiTgtLoginNegotiateFails OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times a target has effectively refused a login because the parameter negotiation failed. [Ed. While this situation can occur, the exact mechanism is as yet undefined in the iSCSI Protocol Spec.] If this counter is incremented, an iscsiTgtLoginFailure notification should be generated." ::= { iscsiTargetLoginStatsEntry 6 } -- Target Logout Stats Table iscsiTargetLogoutStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiTargetLogoutStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "When a target receives a Logout command, it responds with a Logout Response that carries a status code. This table contains counters for both normal and abnormal logout requests received by this target." ::= { iscsiTarget 3 } iscsiTargetLogoutStatsEntry OBJECT-TYPE SYNTAX IscsiTargetLogoutStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing counters of Logout Response PDUs that were received by this target." AUGMENTS { iscsiTargetAttributesEntry } ::= { iscsiTargetLogoutStatsTable 1 } IscsiTargetLogoutStatsEntry ::= SEQUENCE { iscsiTgtLogoutNormals Counter32, iscsiTgtLogoutOthers Counter32 } iscsiTgtLogoutNormals OBJECT-TYPE Bakke, Muchow Expires August 2003 [Page 36] Internet Draft iSCSI MIB March 2003 SYNTAX Counter32 UNITS "normal logouts" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Logout Command PDUs received by this target, with reason code 0 (closes the session)." ::= { iscsiTargetLogoutStatsEntry 1 } iscsiTgtLogoutOthers OBJECT-TYPE SYNTAX Counter32 UNITS "abnormal logouts" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Logout Command PDUs received by this target, with any reason code other than 0." ::= { iscsiTargetLogoutStatsEntry 2 } ---------------------------------------------------------------------- iscsiTgtAuthorization OBJECT IDENTIFIER ::= { iscsiObjects 8 } -- Target Authorization Attributes Table iscsiTgtAuthAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiTgtAuthAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of initiator identities that are authorized to access each target node within each iSCSI instance present on the local system." ::= { iscsiTgtAuthorization 1 } iscsiTgtAuthAttributesEntry OBJECT-TYPE SYNTAX IscsiTgtAuthAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a particular target node's authorized initiator identity." INDEX { iscsiInstIndex, iscsiNodeIndex, iscsiTgtAuthIndex } ::= { iscsiTgtAuthAttributesTable 1 } IscsiTgtAuthAttributesEntry ::= SEQUENCE { iscsiTgtAuthIndex Unsigned32, Bakke, Muchow Expires August 2003 [Page 37] Internet Draft iSCSI MIB March 2003 iscsiTgtAuthRowStatus RowStatus, iscsiTgtAuthIdentity RowPointer } iscsiTgtAuthIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular target's authorized initiator identity within an iSCSI instance present on the local system." ::= { iscsiTgtAuthAttributesEntry 1 } iscsiTgtAuthRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of the row." ::= { iscsiTgtAuthAttributesEntry 2 } iscsiTgtAuthIdentity OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "A pointer to the corresponding IPS-AUTH MIB user entry that will be allowed to access this iSCSI target." REFERENCE "IPS-AUTH MIB" ::= { iscsiTgtAuthAttributesEntry 3 } ---------------------------------------------------------------------- iscsiInitiator OBJECT IDENTIFIER ::= { iscsiObjects 9 } -- Initiator Attributes Table iscsiInitiatorAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiInitiatorAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of iSCSI nodes that can take on an initiator role, belonging to each iSCSI instance present on the local system." ::= { iscsiInitiator 1 } Bakke, Muchow Expires August 2003 [Page 38] Internet Draft iSCSI MIB March 2003 iscsiInitiatorAttributesEntry OBJECT-TYPE SYNTAX IscsiInitiatorAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a particular iSCSI node that has initiator capabilities." INDEX { iscsiInstIndex, iscsiNodeIndex } ::= { iscsiInitiatorAttributesTable 1 } IscsiInitiatorAttributesEntry ::= SEQUENCE { iscsiIntrLoginFailures Counter32, iscsiIntrLastFailureTime TimeStamp, iscsiIntrLastFailureType AutonomousType, iscsiIntrLastTgtFailureName IscsiName, iscsiIntrLastTgtFailureAddrType InetAddressType, iscsiIntrLastTgtFailureAddr InetAddress } iscsiIntrLoginFailures OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "This object counts the number of times a login attempt from this local initiator has failed." ::= { iscsiInitiatorAttributesEntry 1 } iscsiIntrLastFailureTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The timestamp of the most recent failure of a login attempt from this initiator. A value of zero indicates that no such failures have occurred since the last system boot." ::= { iscsiInitiatorAttributesEntry 2 } iscsiIntrLastFailureType OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the most recent failure of a login attempt from this initiator, represented as the OID of the counter object in iscsiInitiatorLoginStatsTable for which the Bakke, Muchow Expires August 2003 [Page 39] Internet Draft iSCSI MIB March 2003 relevant instance was incremented. A value of 0.0 indicates a type which is not represented by any of the counters in iscsiInitiatorLoginStatsTable." ::= { iscsiInitiatorAttributesEntry 3 } iscsiIntrLastTgtFailureName OBJECT-TYPE SYNTAX IscsiName MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string giving the name of the target that failed the last login attempt." ::= { iscsiInitiatorAttributesEntry 4 } iscsiIntrLastTgtFailureAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of Internet Network Address contained in the corresponding instance of the iscsiIntrLastTgtFailureAddr." ::= { iscsiInitiatorAttributesEntry 5 } iscsiIntrLastTgtFailureAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "An Internet Network Address giving the host address of the target that failed the last login attempt." ::= { iscsiInitiatorAttributesEntry 6 } -- Initiator Login Stats Table iscsiInitiatorLoginStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiInitiatorLoginStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of counters which keep track of the results of this initiator's login attempts." ::= { iscsiInitiator 2 } iscsiInitiatorLoginStatsEntry OBJECT-TYPE SYNTAX IscsiInitiatorLoginStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Bakke, Muchow Expires August 2003 [Page 40] Internet Draft iSCSI MIB March 2003 "An entry (row) containing counters of each result of this initiator's login attempts." AUGMENTS { iscsiInitiatorAttributesEntry } ::= { iscsiInitiatorLoginStatsTable 1 } IscsiInitiatorLoginStatsEntry ::= SEQUENCE { iscsiIntrLoginAcceptRsps Counter32, iscsiIntrLoginOtherFailRsps Counter32, iscsiIntrLoginRedirectRsps Counter32, iscsiIntrLoginAuthFailRsps Counter32, iscsiIntrLoginAuthenticateFails Counter32, iscsiIntrLoginNegotiateFails Counter32 } iscsiIntrLoginAcceptRsps OBJECT-TYPE SYNTAX Counter32 UNITS "successful logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs with status 0x0000, Accept Login, received by this initiator." ::= { iscsiInitiatorLoginStatsEntry 1 } iscsiIntrLoginOtherFailRsps OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs received by this initiator with any status code not counted in the objects below." ::= { iscsiInitiatorLoginStatsEntry 2 } iscsiIntrLoginRedirectRsps OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs with status class 0x01, Redirection, received by this initiator." ::= { iscsiInitiatorLoginStatsEntry 3 } iscsiIntrLoginAuthFailRsps OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" Bakke, Muchow Expires August 2003 [Page 41] Internet Draft iSCSI MIB March 2003 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs with status class 0x201, Authentication Failed, received by this initiator." ::= { iscsiInitiatorLoginStatsEntry 4 } iscsiIntrLoginAuthenticateFails OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the initiator has aborted a login because the target could not be authenticated. No response is generated. If this counter is incremented, an iscsiIntrLoginFailure notification should be generated." ::= { iscsiInitiatorLoginStatsEntry 5 } iscsiIntrLoginNegotiateFails OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the initiator has aborted a login because parameter negotiation with the target failed. No response is generated. If this counter is incremented, an iscsiIntrLoginFailure notification should be generated." ::= { iscsiInitiatorLoginStatsEntry 6 } -- Initiator Logout Stats Table iscsiInitiatorLogoutStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiInitiatorLogoutStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "When an initiator attempts send a Logout command, the target responds with a Logout Response that carries a status code. This table contains a list of counters of Logout Response Bakke, Muchow Expires August 2003 [Page 42] Internet Draft iSCSI MIB March 2003 PDUs of each status code, that were received by each initiator belonging to this iSCSI instance present on this system." ::= { iscsiInitiator 3 } iscsiInitiatorLogoutStatsEntry OBJECT-TYPE SYNTAX IscsiInitiatorLogoutStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing counters of Logout Response PDUs of each status code, that were generated by this initiator." AUGMENTS { iscsiInitiatorAttributesEntry } ::= { iscsiInitiatorLogoutStatsTable 1 } IscsiInitiatorLogoutStatsEntry ::= SEQUENCE { iscsiIntrLogoutNormals Counter32, iscsiIntrLogoutOthers Counter32 } iscsiIntrLogoutNormals OBJECT-TYPE SYNTAX Counter32 UNITS "normal logouts" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Logout Command PDUs generated by this initiator with reason code 0 (closes the session)." ::= { iscsiInitiatorLogoutStatsEntry 1 } iscsiIntrLogoutOthers OBJECT-TYPE SYNTAX Counter32 UNITS "abnormal logouts" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Logout Command PDUs generated by this initiator with any status code other than 0." ::= { iscsiInitiatorLogoutStatsEntry 2 } ---------------------------------------------------------------------- iscsiIntrAuthorization OBJECT IDENTIFIER ::= { iscsiObjects 10 } -- Initiator Authorization Attributes Table iscsiIntrAuthAttributesTable OBJECT-TYPE Bakke, Muchow Expires August 2003 [Page 43] Internet Draft iSCSI MIB March 2003 SYNTAX SEQUENCE OF IscsiIntrAuthAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of target identities which each initiator on the local system may access." ::= { iscsiIntrAuthorization 1 } iscsiIntrAuthAttributesEntry OBJECT-TYPE SYNTAX IscsiIntrAuthAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a particular initiator node's authorized target identity." INDEX { iscsiInstIndex, iscsiNodeIndex, iscsiIntrAuthIndex } ::= { iscsiIntrAuthAttributesTable 1 } IscsiIntrAuthAttributesEntry ::= SEQUENCE { iscsiIntrAuthIndex Unsigned32, iscsiIntrAuthRowStatus RowStatus, iscsiIntrAuthIdentity RowPointer } iscsiIntrAuthIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular initiator node's authorized target identity within an iSCSI instance present on the local system." ::= { iscsiIntrAuthAttributesEntry 1 } iscsiIntrAuthRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the row." ::= { iscsiIntrAuthAttributesEntry 2 } iscsiIntrAuthIdentity OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-only STATUS current DESCRIPTION Bakke, Muchow Expires August 2003 [Page 44] Internet Draft iSCSI MIB March 2003 "A pointer to the corresponding IPS-AUTH MIB user entry to which this initiator node should attempt to establish an iSCSI session." REFERENCE "IPS-AUTH MIB" ::= { iscsiIntrAuthAttributesEntry 3 } ---------------------------------------------------------------------- iscsiSession OBJECT IDENTIFIER ::= { iscsiObjects 11 } -- Session Attributes Table iscsiSessionAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiSessionAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of sessions belonging to each iSCSI instance present on the system." ::= { iscsiSession 1 } iscsiSessionAttributesEntry OBJECT-TYPE SYNTAX IscsiSessionAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a particular session. If this session is a discovery session which is not attached to any particular node, the iscsiSsnNodeIndex will be zero. Otherwise, the iscsiSsnNodeIndex will have the same value as iscsiNodeIndex." INDEX { iscsiInstIndex, iscsiSsnNodeIndex, iscsiSsnIndex } ::= { iscsiSessionAttributesTable 1 } IscsiSessionAttributesEntry ::= SEQUENCE { iscsiSsnNodeIndex Unsigned32, iscsiSsnIndex Unsigned32, iscsiSsnDirection INTEGER, iscsiSsnInitiatorName IscsiName, iscsiSsnTargetName IscsiName, iscsiSsnTSIH INTEGER, iscsiSsnISID OCTET STRING, iscsiSsnInitiatorAlias SnmpAdminString, iscsiSsnTargetAlias SnmpAdminString, iscsiSsnInitialR2T TruthValue, Bakke, Muchow Expires August 2003 [Page 45] Internet Draft iSCSI MIB March 2003 iscsiSsnImmediateData TruthValue, iscsiSsnType INTEGER, iscsiSsnMaxOutstandingR2T INTEGER, iscsiSsnFirstBurstLength INTEGER, iscsiSsnMaxBurstLength INTEGER, iscsiSsnConnectionNumber Gauge32, iscsiSsnAuthIdentity RowPointer, iscsiSsnDataSequenceInOrder TruthValue, iscsiSsnDataPDUInOrder TruthValue, iscsiSsnErrorRecoveryLevel INTEGER } iscsiSsnNodeIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular node within an iSCSI instance present on the local system. For normal, non-discovery sessions, this value will map to the iscsiNodeIndex. For discovery sessions which do not have a node associated, the value 0 (zero) is used." ::= { iscsiSessionAttributesEntry 1 } iscsiSsnIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular session within an iSCSI instance present on the local system." ::= { iscsiSessionAttributesEntry 2 } iscsiSsnDirection OBJECT-TYPE SYNTAX INTEGER { inboundSession(1), outboundSession(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Direction of iSCSI session: InboundSession - session is established from an external initiator to a target within this iSCSI instance. OutboundSession - session is established from an initiator Bakke, Muchow Expires August 2003 [Page 46] Internet Draft iSCSI MIB March 2003 within this iSCSI instance to an external target." ::= { iscsiSessionAttributesEntry 3 } iscsiSsnInitiatorName OBJECT-TYPE SYNTAX IscsiName MAX-ACCESS read-only STATUS current DESCRIPTION "If iscsiSsnDirection is Inbound, this object is an octet string that will contain the name of the remote initiator. If this session is a discovery session that does not specify a particular initiator, this object will contain a zero-length string. If iscsiSsnDirection is Outbound, this object will contain a zero-length string." ::= { iscsiSessionAttributesEntry 4 } iscsiSsnTargetName OBJECT-TYPE SYNTAX IscsiName MAX-ACCESS read-only STATUS current DESCRIPTION "If iscsiSsnDirection is Outbound, this object is an octet string that will contain the name of the remote target. If this session is a discovery session that does not specify a particular target, this object will contain a zero-length string. If iscsiSsnDirection is Inbound, this object will contain a zero-length string." ::= { iscsiSessionAttributesEntry 5 } iscsiSsnTSIH OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The target-defined identification handle for this session." ::= { iscsiSessionAttributesEntry 6 } iscsiSsnISID OBJECT-TYPE SYNTAX OCTET STRING (SIZE(6)) MAX-ACCESS read-only STATUS current DESCRIPTION "The initiator-defined portion of the iSCSI Session ID." Bakke, Muchow Expires August 2003 [Page 47] Internet Draft iSCSI MIB March 2003 ::= { iscsiSessionAttributesEntry 7 } iscsiSsnInitiatorAlias OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string that gives the alias communicated by the initiator end of the session during the login phase. If no alias exists, the value is a zero-length string." ::= { iscsiSessionAttributesEntry 8 } iscsiSsnTargetAlias OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string that gives the alias communicated by the target end of the session during the login phase. If no alias exists, the value is a zero-length string." ::= { iscsiSessionAttributesEntry 9 } iscsiSsnInitialR2T OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "If set to true, indicates that the initiator must wait for an R2T before sending to the target. If set to false, the initiator may send data immediately, within limits set by iscsiSsnFirstBurstLength and the expected data transfer length of the request." ::= { iscsiSessionAttributesEntry 10 } iscsiSsnImmediateData OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates whether the initiator and target have agreed to support immediate data on this session." ::= { iscsiSessionAttributesEntry 11 } iscsiSsnType OBJECT-TYPE SYNTAX INTEGER { normalSession(1), Bakke, Muchow Expires August 2003 [Page 48] Internet Draft iSCSI MIB March 2003 discoverySession(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Type of iSCSI session: normalSession - session is a normal iSCSI session discoverySession - session is being used only for discovery." ::= { iscsiSessionAttributesEntry 12 } iscsiSsnMaxOutstandingR2T OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of outstanding request-to-transmit (R2T)s per iSCSI task within this session." ::= { iscsiSessionAttributesEntry 13 } iscsiSsnFirstBurstLength OBJECT-TYPE SYNTAX INTEGER (512..16777215) UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum length supported for unsolicited data sent within this session." ::= { iscsiSessionAttributesEntry 14 } iscsiSsnMaxBurstLength OBJECT-TYPE SYNTAX INTEGER (512..16777215) UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of bytes which can be sent within a single sequence of Data-In or Data-Out PDUs." ::= { iscsiSessionAttributesEntry 15 } iscsiSsnConnectionNumber OBJECT-TYPE SYNTAX Gauge32 (1..65535) UNITS "connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of transport protocol connections that currently belong to this session." ::= { iscsiSessionAttributesEntry 16 } Bakke, Muchow Expires August 2003 [Page 49] Internet Draft iSCSI MIB March 2003 iscsiSsnAuthIdentity OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains a pointer to a row in the IPS-AUTH MIB which identifies the authentication method being used on this session, as communicated during the login phase." REFERENCE "IPS-AUTH MIB" ::= { iscsiSessionAttributesEntry 17 } iscsiSsnDataSequenceInOrder OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "False indicates that iSCSI data PDU sequences may be transferred in any order. True indicates that data PDU sequences must be transferred using continuously increasing offsets, except during error recovery." ::= { iscsiSessionAttributesEntry 18 } iscsiSsnDataPDUInOrder OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "False indicates that iSCSI data PDUs within sequences may be in any order. True indicates that data PDUs within sequences must be at continuously increasing addresses, with no gaps or overlay between PDUs. Default is true." ::= { iscsiSessionAttributesEntry 19 } iscsiSsnErrorRecoveryLevel OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The level of error recovery negotiated between the initiator and the target. Higher numbers represent more detailed recovery schemes." ::= { iscsiSessionAttributesEntry 20 } Bakke, Muchow Expires August 2003 [Page 50] Internet Draft iSCSI MIB March 2003 -- Session Stats Table iscsiSessionStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of general iSCSI traffic counters for each of the sessions present on the system." ::= { iscsiSession 2 } iscsiSessionStatsEntry OBJECT-TYPE SYNTAX IscsiSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing general iSCSI traffic counters for a particular session." AUGMENTS { iscsiSessionAttributesEntry } ::= { iscsiSessionStatsTable 1 } IscsiSessionStatsEntry ::= SEQUENCE { iscsiSsnCmdPDUs Counter32, iscsiSsnRspPDUs Counter32, iscsiSsnTxDataOctets Counter64, iscsiSsnRxDataOctets Counter64, iscsiSsnLCTxDataOctets Counter32, iscsiSsnLCRxDataOctets Counter32 } iscsiSsnCmdPDUs OBJECT-TYPE SYNTAX Counter32 UNITS "PDUs" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Command PDUs transferred on this session." ::= { iscsiSessionStatsEntry 1 } iscsiSsnRspPDUs OBJECT-TYPE SYNTAX Counter32 UNITS "PDUs" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Response PDUs transferred on this session." ::= { iscsiSessionStatsEntry 2 } Bakke, Muchow Expires August 2003 [Page 51] Internet Draft iSCSI MIB March 2003 iscsiSsnTxDataOctets OBJECT-TYPE SYNTAX Counter64 UNITS "octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of data octets that were transmitted by the local iSCSI node on this session." ::= { iscsiSessionStatsEntry 3 } iscsiSsnRxDataOctets OBJECT-TYPE SYNTAX Counter64 UNITS "octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of data octets that were received by the local iSCSI node on this session." ::= { iscsiSessionStatsEntry 4 } iscsiSsnLCTxDataOctets OBJECT-TYPE SYNTAX Counter32 UNITS "octets" MAX-ACCESS read-only STATUS current DESCRIPTION "A Low Capacity shadow object of iscsiSsnTxDataOctets for those systems that don't support Counter64." ::= { iscsiSessionStatsEntry 5 } iscsiSsnLCRxDataOctets OBJECT-TYPE SYNTAX Counter32 UNITS "octets" MAX-ACCESS read-only STATUS current DESCRIPTION "A Low Capacity shadow object of iscsiSsnRxDataOctets for those systems that don't support Counter64." ::= { iscsiSessionStatsEntry 6 } -- Session Connection Error Stats Table iscsiSessionCxnErrorStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiSessionCxnErrorStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of error counters for each of the sessions Bakke, Muchow Expires August 2003 [Page 52] Internet Draft iSCSI MIB March 2003 present on this system." ::= { iscsiSession 3 } iscsiSessionCxnErrorStatsEntry OBJECT-TYPE SYNTAX IscsiSessionCxnErrorStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing error counters for a particular session." AUGMENTS { iscsiSessionAttributesEntry } ::= { iscsiSessionCxnErrorStatsTable 1 } IscsiSessionCxnErrorStatsEntry ::= SEQUENCE { iscsiSsnDigestErrors Counter32, iscsiSsnCxnTimeoutErrors Counter32 } iscsiSsnDigestErrors OBJECT-TYPE SYNTAX Counter32 UNITS "PDUs" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of PDUs which were received on the session and contained header or data digest errors." ::= { iscsiSessionCxnErrorStatsEntry 1 } iscsiSsnCxnTimeoutErrors OBJECT-TYPE SYNTAX Counter32 UNITS "connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of connections within this session which have been terminated due to timeout." ::= { iscsiSessionCxnErrorStatsEntry 2 } ---------------------------------------------------------------------- iscsiConnection OBJECT IDENTIFIER ::= { iscsiObjects 12 } -- Connection Attributes Table iscsiConnectionAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiConnectionAttributesEntry MAX-ACCESS not-accessible STATUS current Bakke, Muchow Expires August 2003 [Page 53] Internet Draft iSCSI MIB March 2003 DESCRIPTION "A list of connections belonging to each iSCSI instance present on the system." ::= { iscsiConnection 1 } iscsiConnectionAttributesEntry OBJECT-TYPE SYNTAX IscsiConnectionAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to a particular connection." INDEX { iscsiInstIndex, iscsiSsnNodeIndex, iscsiSsnIndex, iscsiCxnIndex } ::= { iscsiConnectionAttributesTable 1 } IscsiConnectionAttributesEntry ::= SEQUENCE { iscsiCxnIndex Unsigned32, iscsiCxnCid INTEGER, iscsiCxnState INTEGER, iscsiCxnLocalAddrType InetAddressType, iscsiCxnLocalAddr InetAddress, iscsiCxnProtocol IscsiTransportProtocols, iscsiCxnLocalPort Unsigned32, iscsiCxnRemoteAddrType InetAddressType, iscsiCxnRemoteAddr InetAddress, iscsiCxnRemotePort Unsigned32, iscsiCxnMaxRecvDataSegLength INTEGER, iscsiCxnMaxXmitDataSegLength INTEGER, iscsiCxnHeaderIntegrity IscsiDigestMethod, iscsiCxnDataIntegrity IscsiDigestMethod, iscsiCxnRecvMarker TruthValue, iscsiCxnSendMarker TruthValue, iscsiCxnVersionActive INTEGER } iscsiCxnIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular connection of a particular session within an iSCSI instance present on the local system." ::= { iscsiConnectionAttributesEntry 1 } iscsiCxnCid OBJECT-TYPE SYNTAX INTEGER (1..65535) Bakke, Muchow Expires August 2003 [Page 54] Internet Draft iSCSI MIB March 2003 MAX-ACCESS read-only STATUS current DESCRIPTION "The iSCSI Connection ID for this connection." ::= { iscsiConnectionAttributesEntry 2 } iscsiCxnState OBJECT-TYPE SYNTAX INTEGER { login(1), full(2), logout(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current state of this connection, from an iSCSI negotiation point of view. Here are the states: login - The transport protocol connection has been established, but a valid iSCSI login response with the final bit set has not been sent or received. full - A valid iSCSI login response with the final bit set has been sent or received. logout - A valid iSCSI logout command has been sent or received, but the transport protocol connection has not yet been closed." ::= { iscsiConnectionAttributesEntry 3 } iscsiCxnLocalAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of Internet Network Address contained in the corresponding instance of the iscsiCxnLocalAddr." ::= { iscsiConnectionAttributesEntry 4 } iscsiCxnLocalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The local Internet Network Address used by this connection." ::= { iscsiConnectionAttributesEntry 5 } iscsiCxnProtocol OBJECT-TYPE SYNTAX IscsiTransportProtocols MAX-ACCESS read-only Bakke, Muchow Expires August 2003 [Page 55] Internet Draft iSCSI MIB March 2003 STATUS current DESCRIPTION "The transport protocol over which this connection is running." ::= { iscsiConnectionAttributesEntry 6 } iscsiCxnLocalPort OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The local transport protocol port used by this connection." ::= { iscsiConnectionAttributesEntry 7 } iscsiCxnRemoteAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of Internet Network Address in contained in the corresponding instance of the iscsiCxnRemoteAddr." ::= { iscsiConnectionAttributesEntry 8 } iscsiCxnRemoteAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The remote Internet Network Address used by this connection." ::= { iscsiConnectionAttributesEntry 9 } iscsiCxnRemotePort OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The remote transport protocol port used by this connection." ::= { iscsiConnectionAttributesEntry 10 } iscsiCxnMaxRecvDataSegLength OBJECT-TYPE SYNTAX INTEGER (512..16777215) UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum data payload size supported for command or data PDUs able to be received on this connection." ::= { iscsiConnectionAttributesEntry 11 } Bakke, Muchow Expires August 2003 [Page 56] Internet Draft iSCSI MIB March 2003 iscsiCxnMaxXmitDataSegLength OBJECT-TYPE SYNTAX INTEGER (512..16777215) UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum data payload size supported for command or data PDUs to be sent on this connection." ::= { iscsiConnectionAttributesEntry 12 } iscsiCxnHeaderIntegrity OBJECT-TYPE SYNTAX IscsiDigestMethod MAX-ACCESS read-only STATUS current DESCRIPTION "This object identifies the iSCSI header digest scheme in use within this connection." ::= { iscsiConnectionAttributesEntry 13 } iscsiCxnDataIntegrity OBJECT-TYPE SYNTAX IscsiDigestMethod MAX-ACCESS read-only STATUS current DESCRIPTION "This object identifies the iSCSI data digest scheme in use within this connection." ::= { iscsiConnectionAttributesEntry 14 } iscsiCxnRecvMarker OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether or not this connection is receiving markers in in its incoming data stream." ::= { iscsiConnectionAttributesEntry 15 } iscsiCxnSendMarker OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether or not this connection is inserting markers in in its outgoing data stream." ::= { iscsiConnectionAttributesEntry 16 } iscsiCxnVersionActive OBJECT-TYPE SYNTAX INTEGER (0..255) Bakke, Muchow Expires August 2003 [Page 57] Internet Draft iSCSI MIB March 2003 MAX-ACCESS read-only STATUS current DESCRIPTION "Active version number of the iSCSI specification negotiated on this connection." ::= { iscsiConnectionAttributesEntry 17 } ------------------------------------------------------------------------ -- Notifications iscsiNotificationsPrefix OBJECT IDENTIFIER ::= { iscsiNotifications 0 } iscsiTgtLoginFailure NOTIFICATION-TYPE OBJECTS { iscsiTgtLoginFailures, iscsiTgtLastFailureType, iscsiTgtLastIntrFailureName, iscsiTgtLastIntrFailureAddrType, iscsiTgtLastIntrFailureAddr } STATUS current DESCRIPTION "Sent when a login is failed by a target. The implementation of this notification should not send more than 3 notifications of this type in any 10 second time span." ::= { iscsiNotificationsPrefix 1 } iscsiIntrLoginFailure NOTIFICATION-TYPE OBJECTS { iscsiIntrLoginFailures, iscsiIntrLastFailureType, iscsiIntrLastTgtFailureName, iscsiIntrLastTgtFailureAddrType, iscsiIntrLastTgtFailureAddr } STATUS current DESCRIPTION "Sent when a login is failed by a initiator. The implementation of this notification should not send more than 3 notifications of this type in any 10 second time span." ::= { iscsiNotificationsPrefix 2 } iscsiInstSessionFailure NOTIFICATION-TYPE OBJECTS { Bakke, Muchow Expires August 2003 [Page 58] Internet Draft iSCSI MIB March 2003 iscsiInstSsnFailures, iscsiInstLastSsnFailureType, iscsiInstLastSsnRmtNodeName } STATUS current DESCRIPTION "Sent when an active session is failed by either the initiator or the target. The implementation of this notification should not send more than 3 notifications of this type in any 10 second time span." ::= { iscsiNotificationsPrefix 3 } ------------------------------------------------------------------------ -- Conformance Statements iscsiGroups OBJECT IDENTIFIER ::= { iscsiConformance 1 } iscsiInstanceAttributesGroup OBJECT-GROUP OBJECTS { iscsiInstDescr, iscsiInstVersionMin, iscsiInstVersionMax, iscsiInstVendorID, iscsiInstVendorVersion, iscsiInstPortalNumber, iscsiInstNodeNumber, iscsiInstSessionNumber, iscsiInstSsnFailures, iscsiInstLastSsnFailureType, iscsiInstLastSsnRmtNodeName } STATUS current DESCRIPTION "A collection of objects providing information about iSCSI instances." ::= { iscsiGroups 1 } iscsiInstanceSsnErrorStatsGroup OBJECT-GROUP OBJECTS { iscsiInstSsnDigestErrors, iscsiInstSsnCxnTimeoutErrors, iscsiInstSsnFormatErrors } STATUS current DESCRIPTION Bakke, Muchow Expires August 2003 [Page 59] Internet Draft iSCSI MIB March 2003 "A collection of objects providing information about errors that have caused a session failure for an iSCSI instance." ::= { iscsiGroups 2 } iscsiPortalAttributesGroup OBJECT-GROUP OBJECTS { iscsiPortalRowStatus, iscsiPortalRoles, iscsiPortalAddrType, iscsiPortalAddr, iscsiPortalProtocol, iscsiPortalMaxRecvDataSegLength, iscsiPortalPrimaryHdrDigest, iscsiPortalPrimaryDataDigest, iscsiPortalSecondaryHdrDigest, iscsiPortalSecondaryDataDigest, iscsiPortalRecvMarker } STATUS current DESCRIPTION "A collection of objects providing information about the transport protocol endpoints of the local targets." ::= { iscsiGroups 3 } iscsiTgtPortalAttributesGroup OBJECT-GROUP OBJECTS { iscsiTgtPortalPort, iscsiTgtPortalTag } STATUS current DESCRIPTION "A collection of objects providing information about the transport protocol endpoints of the local targets." ::= { iscsiGroups 4 } iscsiIntrPortalAttributesGroup OBJECT-GROUP OBJECTS { iscsiIntrPortalTag } STATUS current DESCRIPTION "A collection of objects providing information about the Internet Network Addresses of the local initiators." ::= { iscsiGroups 5 } iscsiNodeAttributesGroup OBJECT-GROUP OBJECTS { Bakke, Muchow Expires August 2003 [Page 60] Internet Draft iSCSI MIB March 2003 iscsiNodeName, iscsiNodeAlias, iscsiNodeRoles, iscsiNodeTransportType, iscsiNodeInitialR2T, iscsiNodeImmediateData, iscsiNodeMaxOutstandingR2T, iscsiNodeFirstBurstLength, iscsiNodeMaxBurstLength, iscsiNodeMaxConnections, iscsiNodeDataSequenceInOrder, iscsiNodeDataPDUInOrder, iscsiNodeDefaultTime2Wait, iscsiNodeDefaultTime2Retain, iscsiNodeErrorRecoveryLevel } STATUS current DESCRIPTION "A collection of objects providing information about all local targets." ::= { iscsiGroups 6 } iscsiTargetAttributesGroup OBJECT-GROUP OBJECTS { iscsiTgtLoginFailures, iscsiTgtLastFailureTime, iscsiTgtLastFailureType, iscsiTgtLastIntrFailureName, iscsiTgtLastIntrFailureAddrType, iscsiTgtLastIntrFailureAddr } STATUS current DESCRIPTION "A collection of objects providing information about all local targets." ::= { iscsiGroups 7 } iscsiTargetLoginStatsGroup OBJECT-GROUP OBJECTS { iscsiTgtLoginAccepts, iscsiTgtLoginOtherFails, iscsiTgtLoginRedirects, iscsiTgtLoginAuthorizeFails, iscsiTgtLoginAuthenticateFails, iscsiTgtLoginNegotiateFails } STATUS current DESCRIPTION Bakke, Muchow Expires August 2003 [Page 61] Internet Draft iSCSI MIB March 2003 "A collection of objects providing information about all login attempts by remote initiators to local targets." ::= { iscsiGroups 8 } iscsiTargetLogoutStatsGroup OBJECT-GROUP OBJECTS { iscsiTgtLogoutNormals, iscsiTgtLogoutOthers } STATUS current DESCRIPTION "A collection of objects providing information about all logout events between remote initiators to local targets." ::= { iscsiGroups 9 } iscsiTargetAuthGroup OBJECT-GROUP OBJECTS { iscsiTgtAuthRowStatus, iscsiTgtAuthIdentity } STATUS current DESCRIPTION "A collection of objects providing information about all remote initiators that are authorized to connect to local targets." ::= { iscsiGroups 10 } iscsiInitiatorAttributesGroup OBJECT-GROUP OBJECTS { iscsiIntrLoginFailures, iscsiIntrLastFailureTime, iscsiIntrLastFailureType, iscsiIntrLastTgtFailureName, iscsiIntrLastTgtFailureAddrType, iscsiIntrLastTgtFailureAddr } STATUS current DESCRIPTION "A collection of objects providing information about all local initiators." ::= { iscsiGroups 11 } iscsiInitiatorLoginStatsGroup OBJECT-GROUP OBJECTS { iscsiIntrLoginAcceptRsps, iscsiIntrLoginOtherFailRsps, iscsiIntrLoginRedirectRsps, iscsiIntrLoginAuthFailRsps, Bakke, Muchow Expires August 2003 [Page 62] Internet Draft iSCSI MIB March 2003 iscsiIntrLoginAuthenticateFails, iscsiIntrLoginNegotiateFails } STATUS current DESCRIPTION "A collection of objects providing information about all login attempts by local initiators to remote targets." ::= { iscsiGroups 12 } iscsiInitiatorLogoutStatsGroup OBJECT-GROUP OBJECTS { iscsiIntrLogoutNormals, iscsiIntrLogoutOthers } STATUS current DESCRIPTION "A collection of objects providing information about all logout events between local initiators to remote targets." ::= { iscsiGroups 13 } iscsiInitiatorAuthGroup OBJECT-GROUP OBJECTS { iscsiIntrAuthRowStatus, iscsiIntrAuthIdentity } STATUS current DESCRIPTION "A collection of objects providing information about all remote targets that are initiators of the local system are authorized to access." ::= { iscsiGroups 14 } iscsiSessionAttributesGroup OBJECT-GROUP OBJECTS { iscsiSsnDirection, iscsiSsnInitiatorName, iscsiSsnTargetName, iscsiSsnTSIH, iscsiSsnISID, iscsiSsnInitiatorAlias, iscsiSsnTargetAlias, iscsiSsnInitialR2T, iscsiSsnImmediateData, iscsiSsnType, iscsiSsnMaxOutstandingR2T, iscsiSsnFirstBurstLength, iscsiSsnMaxBurstLength, iscsiSsnConnectionNumber, Bakke, Muchow Expires August 2003 [Page 63] Internet Draft iSCSI MIB March 2003 iscsiSsnAuthIdentity, iscsiSsnDataSequenceInOrder, iscsiSsnDataPDUInOrder, iscsiSsnErrorRecoveryLevel } STATUS current DESCRIPTION "A collection of objects providing information applicable to all sessions." ::= { iscsiGroups 15 } iscsiSessionPDUStatsGroup OBJECT-GROUP OBJECTS { iscsiSsnCmdPDUs, iscsiSsnRspPDUs } STATUS current DESCRIPTION "A collection of objects providing information about PDU traffic for each session." ::= { iscsiGroups 16 } iscsiSessionOctetStatsGroup OBJECT-GROUP OBJECTS { iscsiSsnTxDataOctets, iscsiSsnRxDataOctets } STATUS current DESCRIPTION "A collection of objects providing information about octet traffic for each session using a Counter64 data type." ::= { iscsiGroups 17 } iscsiSessionLCOctetStatsGroup OBJECT-GROUP OBJECTS { iscsiSsnLCTxDataOctets, iscsiSsnLCRxDataOctets } STATUS current DESCRIPTION "A collection of objects providing information about octet traffic for each session using a Counter32 data type." ::= { iscsiGroups 18 } iscsiSessionCxnErrorStatsGroup OBJECT-GROUP OBJECTS { iscsiSsnDigestErrors, iscsiSsnCxnTimeoutErrors Bakke, Muchow Expires August 2003 [Page 64] Internet Draft iSCSI MIB March 2003 } STATUS current DESCRIPTION "A collection of objects providing information about connection errors for all sessions." ::= { iscsiGroups 19 } iscsiConnectionAttributesGroup OBJECT-GROUP OBJECTS { iscsiCxnCid, iscsiCxnState, iscsiCxnProtocol, iscsiCxnLocalAddrType, iscsiCxnLocalAddr, iscsiCxnLocalPort, iscsiCxnRemoteAddrType, iscsiCxnRemoteAddr, iscsiCxnRemotePort, iscsiCxnMaxRecvDataSegLength, iscsiCxnMaxXmitDataSegLength, iscsiCxnHeaderIntegrity, iscsiCxnDataIntegrity, iscsiCxnRecvMarker, iscsiCxnSendMarker, iscsiCxnVersionActive } STATUS current DESCRIPTION "A collection of objects providing information about all connections used by all sessions." ::= { iscsiGroups 20 } iscsiTgtLgnNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { iscsiTgtLoginFailure } STATUS current DESCRIPTION "A collection of notifications which indicate a login failure from a remote initiator to a local target." ::= { iscsiGroups 21 } iscsiIntrLgnNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { iscsiIntrLoginFailure } STATUS current DESCRIPTION Bakke, Muchow Expires August 2003 [Page 65] Internet Draft iSCSI MIB March 2003 "A collection of notifications which indicate a login failure from a local initiator to a remote target." ::= { iscsiGroups 22 } iscsiSsnFlrNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { iscsiInstSessionFailure } STATUS current DESCRIPTION "A collection of notifications which indicate session failures occurring after login." ::= { iscsiGroups 23 } ------------------------------------------------------------------------ iscsiCompliances OBJECT IDENTIFIER ::= { iscsiConformance 2 } iscsiComplianceV1 MODULE-COMPLIANCE STATUS current DESCRIPTION "Initial version of compliance statement based on initial version of MIB. If an implementation can be both a target and an initiator, all groups are mandatory." MODULE -- this module MANDATORY-GROUPS { iscsiInstanceAttributesGroup, iscsiPortalAttributesGroup, iscsiNodeAttributesGroup, iscsiSessionAttributesGroup, iscsiSessionPDUStatsGroup, iscsiSessionCxnErrorStatsGroup, iscsiConnectionAttributesGroup, iscsiSsnFlrNotificationsGroup } -- Conditionally mandatory groups depending on the ability -- to support Counter64 data types and/or to provide counter -- information to SNMPv1 applications. GROUP iscsiSessionOctetStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that can support Counter64 data types." GROUP iscsiSessionLCOctetStatsGroup Bakke, Muchow Expires August 2003 [Page 66] Internet Draft iSCSI MIB March 2003 DESCRIPTION "This group is mandatory for all iSCSI implementations that provide information to SNMPv1-only applications; this includes agents that cannot support Counter64 data types." -- Conditionally mandatory groups to be included with -- the mandatory groups when the implementation has -- iSCSI target facilities. GROUP iscsiTgtPortalAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." OBJECT iscsiPortalMaxRecvDataSegLength MIN-ACCESS read-only DESCRIPTION "Write access is not required." GROUP iscsiTargetAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." GROUP iscsiTargetLoginStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." GROUP iscsiTargetLogoutStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." GROUP iscsiTgtLgnNotificationsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." GROUP iscsiTargetAuthGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." -- Conditionally mandatory groups to be included with -- the mandatory groups when the implementation has -- iSCSI initiator facilities. Bakke, Muchow Expires August 2003 [Page 67] Internet Draft iSCSI MIB March 2003 GROUP iscsiIntrPortalAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiInitiatorAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiInitiatorLoginStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiInitiatorLogoutStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiIntrLgnNotificationsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiInitiatorAuthGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." ::= { iscsiCompliances 1 } END Bakke, Muchow Expires August 2003 [Page 68] Internet Draft iSCSI MIB March 2003 6. Security Considerations There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: iscsiPortalAttributesTable, iscsiTgtPortalAttributesTable, and iscsiIntrPortalAttributes table can be used to add or remove IP addresses to be used by iSCSI. iscsiTgtAuthAttributesTable entries can be added or removed, to allow or disallow access to a target by an initiator. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: iscsiNodeAttributesTable, iscsiTargetAttributesTable, and iscsiTgtAuthorization can be used to glean information needed to make connections to the iSCSI targets this MIB represents. However, it is the responsibility of the initiators and targets involved to authenticate each other to ensure that an inappropriately advertised or discovered initiator or target does not compromise their security. These issues are discussed in [ISCSI]. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementors consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator Bakke, Muchow Expires August 2003 [Page 69] Internet Draft iSCSI MIB March 2003 responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 7. Normative References [ISCSI] J. Satran, et. al., "iSCSI", Work in Progress, draft-ietf- ips-iSCSI-20, January 2003. [RFC2578] K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose, and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose, and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose, and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC3291] M. Daniele, et. al., "Textual Conventions for Internet Network Addresses", RFC 3291, May 2002. [AUTH-MIB] M. Bakke, J. Muchow, "Definitions of Managed Objects for User Identity Authentication", Work in Progress, draft-ietf- ips-auth-mib-04.txt, March 2003. 8. Informative References [RFC3410] J. Case, R. Mundy, D. Partain, and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002. [RFC2012] K. McCloghrie, "SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2", RFC 2012, November 1996. [SCSI-MIB] M. Hallak-Stamler, et. al., "Definitions of Managed Objects for SCSI Entities", Work in Progress, draft-ietf-ips-scsi- mib-03.txt, June 2002. 9. Authors' Addresses Bakke, Muchow Expires August 2003 [Page 70] Internet Draft iSCSI MIB March 2003 Mark Bakke Postal: Cisco Systems, Inc 6450 Wedgwood Road, Suite 130 Maple Grove, MN USA 55311 Tel: +1 763-398-1000 Fax: +1 763-398-1001 E-mail: mbakke@cisco.com Marjorie Krueger Postal: Hewlett-Packard Networked Storage Architecture Networked Storage Solutions Org. 8000 Foothills Blvd. Roseville, CA USA 95747 Tel: +1 916-785-2656 Tel: +1 916-785-0391 E-mail: marjorie_krueger@hp.com Tom McSweeney Postal: IBM Corporation 600 Park Offices Drive Research Triangle Park, NC USA 27709 Tel: +1-919-254-5634 Fax: +1-919-254-0391 E-mail: rf42tpme@us.ibm.com Jim Muchow Postal: Cisco Systems, Inc 6450 Wedgwood Road, Suite 130 Maple Grove, MN USA 55311 Tel: +1 763-398-1000 Fax: +1 763-398-1001 E-mail: jamesdmuchow@yahoo.com" Bakke, Muchow Expires August 2003 [Page 71] Internet Draft iSCSI MIB March 2003 10. IPR Notice The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 11. Full Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING Bakke, Muchow Expires August 2003 [Page 72] Internet Draft iSCSI MIB March 2003 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." Bakke, Muchow Expires August 2003 [Page 73]