draft-ietf-opsawg-vmm-mib-00.txt   draft-ietf-opsawg-vmm-mib-01.txt 
OPSAWG H. Asai OPSAWG H. Asai
Internet-Draft Univ. of Tokyo Internet-Draft Univ. of Tokyo
Intended status: Standards Track M. MacFaden Intended status: Standards Track M. MacFaden
Expires: August 14, 2014 VMware Inc. Expires: January 5, 2015 VMware Inc.
J. Schoenwaelder J. Schoenwaelder
Jacobs University Jacobs University
K. Shima K. Shima
IIJ Innovation Institute Inc. IIJ Innovation Institute Inc.
T. Tsou T. Tsou
Huawei Technologies (USA) Huawei Technologies (USA)
February 10, 2014 July 4, 2014
Management Information Base for Virtual Machines Controlled by a Management Information Base for Virtual Machines Controlled by a
Hypervisor Hypervisor
draft-ietf-opsawg-vmm-mib-00 draft-ietf-opsawg-vmm-mib-01
Abstract Abstract
This document defines a portion of the Management Information Base This document defines a portion of the Management Information Base
(MIB) for use with network management protocols in the Internet (MIB) for use with network management protocols in the Internet
community. In particular, this specifies objects for managing community. In particular, this specifies objects for managing
virtual machines controlled by a hypervisor (a.k.a. virtual machine virtual machines controlled by a hypervisor (a.k.a. virtual machine
monitor). monitor).
Status of this Memo Status of this Memo
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 14, 2014. This Internet-Draft will expire on January 5, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 21 skipping to change at page 2, line 21
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. The Internet-Standard Management Framework . . . . . . . . . . 4 2. The Internet-Standard Management Framework . . . . . . . . . . 4
3. Overview and Objectives . . . . . . . . . . . . . . . . . . . 5 3. Overview and Objectives . . . . . . . . . . . . . . . . . . . 5
4. Structure of the VM-MIB Module . . . . . . . . . . . . . . . . 7 4. Structure of the VM-MIB Module . . . . . . . . . . . . . . . . 7
5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 12 5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 12
6. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 13 6. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 13
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 49 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 48
8. Security Considerations . . . . . . . . . . . . . . . . . . . 50 8. Security Considerations . . . . . . . . . . . . . . . . . . . 49
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 52 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 50
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 53 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 51
10.1. Normative References . . . . . . . . . . . . . . . . . . 53 10.1. Normative References . . . . . . . . . . . . . . . . . . 51
10.2. Informative References . . . . . . . . . . . . . . . . . 54 10.2. Informative References . . . . . . . . . . . . . . . . . 52
Appendix A. State Transition Table . . . . . . . . . . . . . . . 55 Appendix A. State Transition Table . . . . . . . . . . . . . . . 53
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 57 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 55
1. Introduction 1. Introduction
This document defines a portion of the Management Information Base This document defines a portion of the Management Information Base
(MIB) for use with network management protocols in the Internet (MIB) for use with network management protocols in the Internet
community. In particular, this specifies objects for managing community. In particular, this specifies objects for managing
virtual machines controlled by a hypervisor (a.k.a. virtual machine virtual machines controlled by a hypervisor (a.k.a. virtual machine
monitor). A hypervisor controls multiple virtual machines on a monitor). A hypervisor controls multiple virtual machines on a
single physical machine by allocating resources to each virtual single physical machine by allocating resources to each virtual
machine using virtualization technologies. Therefore, this MIB machine using virtualization technologies. Therefore, this MIB
skipping to change at page 5, line 11 skipping to change at page 5, line 11
This memo specifies a MIB module that is compliant to the SMIv2, This memo specifies a MIB module that is compliant to the SMIv2,
which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579
[RFC2579] and STD 58, RFC 2580 [RFC2580]. [RFC2579] and STD 58, RFC 2580 [RFC2580].
3. Overview and Objectives 3. Overview and Objectives
This document defines a portion of MIB for the management of virtual This document defines a portion of MIB for the management of virtual
machines controlled by a hypervisor. This MIB module consists of the machines controlled by a hypervisor. This MIB module consists of the
managed objects related to system and software information of a managed objects related to system and software information of a
hypervisor, the list of virtual machines controlled by the hypervisor, the list of virtual machines controlled by the
hypervisor, and information of virtual resources allocated by the hypervisor, and information of virtual resources allocated to virtual
hypervisor to virtual machines. This document specifies four machines by the hypervisor. This document specifies four specific
specific types of virtual resources that are common to many types of virtual resources that are common to many hypervisor
hypervisors; processors (CPUs), memory, network interfaces (NICs), implementations; processors (CPUs), memory, network interfaces
and storage devices. The objects are independent of the hypervisors (NICs), and storage devices. These managed objects are independent
or operating systems running on virtual machines. of the families of hypervisors or operating systems running on
virtual machines.
+------------------------------------------------------------------+ +------------------------------------------------------------------+
| +-------------------------------------------------+ | | +-------------------------------------------------+ |
| | Virtual machine | | | | Virtual machine | |
| | | | | | | |
| | +---------+ +---------+ +---------+ +---------+ | ....... | | | +---------+ +---------+ +---------+ +---------+ | ....... |
| | | Virtual | | Virtual | | Virtual | | Virtual | | | | | | Virtual | | Virtual | | Virtual | | Virtual | | |
| +-| CPU |-| memory |-| storage |-| NIC |-+ | | +-| CPU |-| memory |-| storage |-| NIC |-+ |
| +---------+ +---------+ +---------+ +---------+ | | +---------+ +---------+ +---------+ +---------+ |
| Virtual resources | | Virtual resources |
| ^ | | ^ |
| | Allocation using virtualization technologies | | | Allocation using virtualization technologies |
| | | | | |
| +-- Physical resources ._____. | | +-- Physical resources ._____. |
| +--------+ .--------. / \ +--^--+ | | +--------+ .--------. / \ +--^--+ |
+- - - - - - - | | - /________/| - *\_______/* - | | - -+ +- - - - - - - | | - /________/| - *\_______/* - | | - -+
| Hypervisor | CPU | | Memory |/ | Storage | | NIC | | | Hypervisor | CPU | | Memory |/ | Storage | | NIC | |
| +--------+ +--------+ \_______/ +-----+ | | +--------+ +--------+ \_______/ +-----+ |
| +-----------------------+ | | +-----------------------+ |
| || MIB objects || | | || MIB objects || |
| +-----------------------+ | | +-----------------------+ |
+------------------------------------------------------------------+ +------------------------------------------------------------------+
A hypervisor allocates virtual resources such as virtual CPUs, A hypervisor allocates virtual resources such as virtual CPUs,
virtual memory, virtual storage devices, and virtual network virtual memory, virtual storage devices, and virtual network
interfaces to virtual machines from physical resources. interfaces to virtual machines from physical resources.
Figure 1: An example of a virtualization environment Figure 1: An example of a virtualization environment
On the common implementations of hypervisors, a hypervisor allocates On the common implementations of hypervisors, a hypervisor allocates
virtual resources from physical resources; virtual CPUs, virtual virtual resources from physical resources; virtual CPUs, virtual
memory, virtual storage devices, and virtual network interfaces to memory, virtual storage devices, and virtual network interfaces to
virtual machines as shown in Figure 1. Since the virtual resources virtual machines as shown in Figure 1. Since the virtual resources
allocated to virtual machines are managed by the hypervisor, the MIB allocated to virtual machines are managed by the hypervisor, the MIB
objects are managed at a hypervisor. If the objects are accessed objects are managed at a hypervisor. In case that the objects are
through the SNMP, an SNMP agent is launched at the hypervisor to accessed through the SNMP, an SNMP agent is launched at the
provide access to the objects. hypervisor to provide access to the objects.
The objects are managed from the viewpoint of the operators of The objects are managed from the viewpoint of the operators of
hypervisors, but not the operators of virtual machines; i.e., the hypervisors, but not the operators of virtual machines; i.e., the
objects do not take into account the actual resource utilization on objects do not take into account the actual resource utilization on
each virtual machine but the resource allocation from the physical each virtual machine but the resource allocation from the physical
resources. For example, vmNetworkIfIndex indicates the virtual resources. For example, vmNetworkIfIndex indicates the virtual
interface associated with an interface of a virtual machine at the interface associated with an interface of a virtual machine at the
hypervisor, and consequently, the `in' and `out' directions denote hypervisor, and consequently, the `in' and `out' directions denote
`from a virtual machine to the hypervisor' and `from the hypervisor `from a virtual machine to the hypervisor' and `from the hypervisor
to a virtual machine', respectively. Moreover, to a virtual machine', respectively. Moreover,
skipping to change at page 7, line 8 skipping to change at page 7, line 8
The objectives of this document are the followings: 1) This document The objectives of this document are the followings: 1) This document
defines the MIB objects common to many hypervisors for the management defines the MIB objects common to many hypervisors for the management
of virtual machines controlled by a hypervisor. 2) This document of virtual machines controlled by a hypervisor. 2) This document
clarifies the relationship between other MIB modules for managing clarifies the relationship between other MIB modules for managing
host computers and network devices. host computers and network devices.
4. Structure of the VM-MIB Module 4. Structure of the VM-MIB Module
The MIB module is organized into a group of scalars and tables. The The MIB module is organized into a group of scalars and tables. The
scalars below `hypervisor' provide basic information about the scalars below `vmHypervisor' provide basic information about the
hypervisor. The `vmTable' lists the virtual machines (guests) that hypervisor. The `vmTable' lists the virtual machines (guests) that
are known to the hypervisor. The `vmCpuTable' provides the mapping are known to the hypervisor. The `vmCpuTable' provides the mapping
table of virtual CPUs to virtual machines, including CPU time used by table of virtual CPUs to virtual machines, including CPU time used by
each virtual CPU. The 'vmCpuAffinityTable' provides the affinity of each virtual CPU. The 'vmCpuAffinityTable' provides the affinity of
each virtual CPU to a physical CPU. The `vmStorageTable' provides each virtual CPU to a physical CPU. The `vmStorageTable' provides
the list of virtual storage devices and their mapping to virtual the list of virtual storage devices and their mapping to virtual
machines. In case that an entry in the `vmStorageTable' has a machines. In case that an entry in the `vmStorageTable' has a
corresponding parent physical storage device managed in corresponding parent physical storage device managed in
`vmStorageTable' of HOST-RESOURCES-MIB [RFC2790], the entry contains `vmStorageTable' of HOST-RESOURCES-MIB [RFC2790], the entry contains
a pointer `vmStorageParent' to the physical storage device. The a pointer `vmStorageParent' to the physical storage device. The
`vmNetworkTable' provides the list of virtual network interfaces and `vmNetworkTable' provides the list of virtual network interfaces and
their mapping to virtual machines. Each entry in the their mapping to virtual machines. Each entry in the
`vmNetworkTable' also provides a pointer `vmNetworkIfIndex' to the `vmNetworkTable' also provides a pointer `vmNetworkIfIndex' to the
corresponding entry in the `ifTable' of IF-MIB [RFC2863]. In case corresponding entry in the `ifTable' of IF-MIB [RFC2863]. In case
that an entry in the `vmNetworkTable' has a corresponding parent that an entry in the `vmNetworkTable' has a corresponding parent
physical network interface managed in `ifTable' of IF-MIB, the entry physical network interface managed in the `ifTable' of IF-MIB, the
contains a pointer `vmNetworkParent' to the physical network entry contains a pointer `vmNetworkParent' to the physical network
interface. interface.
*: `vmAdminState' write access
!: Notification !: Notification
+-------------+ + - - - - - - + +-------------+ + - - - - - - +
| finite | | transient | | finite | | transient |
| vmOperState | | vmOperState | | vmOperState | | vmOperState |
+-------------+ + - - - - - - + +-------------+ + - - - - - - +
================================================================ ================================================================
+--------------+ + - - - - - - - + +-------------+ +--------------+ + - - - - - - - + +-------------+
| suspended |<--| suspending | | paused | | suspended |<--| suspending | | paused |
| !vmSuspended | | !vmSuspending | | !vmPaused | | !vmSuspended | | !vmSuspending | | !vmPaused |
+--------------+ + - - - - - - - + +-------------+ +--------------+ + - - - - - - - + +-------------+
| ^ *suspended ^ *paused | ^ ^
| | | | | |
v *running | *running | v | |
+ - - - - - - + +-------------+<----------+ + - - - - - - -+ + - - - - - - + +-------------+<----------+ + - - - - - - -+
| resuming |-->| running |<-------------->| migrating | | resuming |-->| running |<-------------->| migrating |
| !vmResuming | | !vmRunning | | !vmMigrating | | !vmResuming | | !vmRunning | | !vmMigrating |
+ - - - - - - + +-------------+ + - - - - - - -+ + - - - - - - + +-------------+ + - - - - - - -+
| ^ *running ^ | ^ ^
| | | | | |
| +-------------------+ | | +-------------------+ |
| | | | | |
v *shutdown *destroy v v v v v
+ - - - - - - - - + +-------------+ + - - - - - - - - + +-------------+
| shuttingdown |--------->| shutdown | | shuttingdown |--------->| shutdown |
| !vmShuttingdown | | !vmShutdown | | !vmShuttingdown | | !vmShutdown |
+ - - - - - - - - + +-------------+ + - - - - - - - - + +-------------+
^ | ^ |
| v !vmDeleted | v !vmDeleted
+ - - - - - -+ +------------+ + - - - - - - + (Deleted from + - - - - - -+ +------------+ + - - - - - - + (Deleted from
| blocked | | crashed | | preparing | vmTable) | blocked | | crashed | | preparing | vmTable)
| !vmBlocked | | !vmCrashed | | | | !vmBlocked | | !vmCrashed | | |
+ - - - - - -+ +------------+ + - - - - - - + + - - - - - -+ +------------+ + - - - - - - +
skipping to change at page 10, line 23 skipping to change at page 10, line 22
| | +-- r-n OBJECT IDENTIFIER vmHvObjectID(3) | | +-- r-n OBJECT IDENTIFIER vmHvObjectID(3)
| | +-- r-n TimeTicks vmHvUpTime(4) | | +-- r-n TimeTicks vmHvUpTime(4)
| +-- r-n Integer32 vmNumber(2) | +-- r-n Integer32 vmNumber(2)
| +-- r-n TimeTicks vmTableLastChange(3) | +-- r-n TimeTicks vmTableLastChange(3)
| +--vmTable(4) | +--vmTable(4)
| | +--vmEntry(1) [vmIndex] | | +--vmEntry(1) [vmIndex]
| | +-- --- VirtualMachineIndex vmIndex(1) | | +-- --- VirtualMachineIndex vmIndex(1)
| | +-- r-n SnmpAdminString vmName(2) | | +-- r-n SnmpAdminString vmName(2)
| | +-- r-n UUIDorZero vmUUID(3) | | +-- r-n UUIDorZero vmUUID(3)
| | +-- r-n SnmpAdminString vmOSType(4) | | +-- r-n SnmpAdminString vmOSType(4)
| | +-- rwn VirtualMachineAdminState | | +-- r-n VirtualMachineAdminState
| | | vmAdminState(5) | | | vmAdminState(5)
| | +-- r-n VirtualMachineOperState | | +-- r-n VirtualMachineOperState
| | | vmOperState(6) | | | vmOperState(6)
| | +-- r-n VirtualMachineAutoStart | | +-- r-n VirtualMachineAutoStart
| | | vmAutoStart(7) | | | vmAutoStart(7)
| | +-- r-n VirtualMachinePersistent | | +-- r-n VirtualMachinePersistent
| | | vmPersistent(8) | | | vmPersistent(8)
| | +-- rwn Integer32 vmCurCpuNumber(9) | | +-- r-n Integer32 vmCurCpuNumber(9)
| | +-- rwn Integer32 vmMinCpuNumber(10) | | +-- r-n Integer32 vmMinCpuNumber(10)
| | +-- rwn Integer32 vmMaxCpuNumber(11) | | +-- r-n Integer32 vmMaxCpuNumber(11)
| | +-- r-n Integer32 vmMemUnit(12) | | +-- r-n Integer32 vmMemUnit(12)
| | +-- rwn Integer32 vmCurMem(13) | | +-- r-n Integer32 vmCurMem(13)
| | +-- rwn Integer32 vmMinMem(14) | | +-- r-n Integer32 vmMinMem(14)
| | +-- rwn Integer32 vmMaxMem(15) | | +-- r-n Integer32 vmMaxMem(15)
| | +-- r-n TimeTicks vmUpTime(16) | | +-- r-n TimeTicks vmUpTime(16)
| | +-- r-n Counter64 vmCpuTime(17) | | +-- r-n Counter64 vmCpuTime(17)
| +--vmCpuTable(5) | +--vmCpuTable(5)
| | +--vmCpuEntry(1) [vmIndex, vmCpuIndex] | | +--vmCpuEntry(1) [vmIndex, vmCpuIndex]
| | +-- --- VirtualMachineCpuIndex | | +-- --- VirtualMachineCpuIndex
| | | vmCpuIndex(1) | | | vmCpuIndex(1)
| | +-- r-n Counter64 vmCpuCoreTime(2) | | +-- r-n Counter64 vmCpuCoreTime(2)
| +--vmCpuAffinityTable(6) | +--vmCpuAffinityTable(6)
| | +--vmCpuAffinityEntry(1) [vmIndex, | | +--vmCpuAffinityEntry(1) [vmIndex,
| | | vmCpuIndex, | | | vmCpuIndex,
| | | vmCpuPhysIndex] | | | vmCpuPhysIndex]
| | +-- --- Integer32 vmCpuPhysIndex(1) | | +-- --- Integer32 vmCpuPhysIndex(1)
| | +-- rwn Integer32 vmCpuAffinity(2) | | +-- r-n Integer32 vmCpuAffinity(2)
| +--vmStorageTable(7) | +--vmStorageTable(7)
| | +--vmStorageEntry(1) [vmStorageVmIndex, vmStorageIndex] | | +--vmStorageEntry(1) [vmStorageVmIndex, vmStorageIndex]
| | +-- --- VirtualMachineIndexOrZero | | +-- --- VirtualMachineIndexOrZero
| | | vmStorageVmIndex(1) | | | vmStorageVmIndex(1)
| | +-- --- VirtualMachineStorageIndex | | +-- --- VirtualMachineStorageIndex
| | | vmStorageIndex(2) | | | vmStorageIndex(2)
| | +-- r-n Integer32 vmStorageParent(3) | | +-- r-n Integer32 vmStorageParent(3)
| | +-- r-n VirtualMachineStorageSourceType | | +-- r-n VirtualMachineStorageSourceType
| | | vmStorageSourceType(4) | | | vmStorageSourceType(4)
| | +-- r-n SnmpAdminString vmStorageSourceTypeString(5) | | +-- r-n SnmpAdminString vmStorageSourceTypeString(5)
skipping to change at page 12, line 40 skipping to change at page 12, line 40
`vmNetworkIfIndex'. In case that an entry in the `vmNetworkTable' `vmNetworkIfIndex'. In case that an entry in the `vmNetworkTable'
has a corresponding parent physical network interface managed in the has a corresponding parent physical network interface managed in the
`ifTable' of IF-MIB, the entry contains a pointer `vmNetworkParent' `ifTable' of IF-MIB, the entry contains a pointer `vmNetworkParent'
to the physical network interface. to the physical network interface.
The objects related to virtual switches are not also included in the The objects related to virtual switches are not also included in the
MIB module defined in this document though virtual switches shall be MIB module defined in this document though virtual switches shall be
placed on a hypervisor. This is because the virtual network placed on a hypervisor. This is because the virtual network
interfaces are the lowest abstraction of network resources allocated interfaces are the lowest abstraction of network resources allocated
to a virtual machine. Instead of including the objects related to to a virtual machine. Instead of including the objects related to
virtual switches, for example, IEEE8021-BRIDGE-MIB and IEEE8021-Q- virtual switches, for example, IEEE8021-BRIDGE-MIB
BRIDGE-MIB could be used. [IEEE8021-BRIDGE-MIB] and IEEE8021-Q-BRIDGE-MIB
[IEEE8021-Q-BRIDGE-MIB] could be used.
The other objects related to virtual machines such as management IP The other objects related to virtual machines such as management IP
addresses of a virtual machine are not included in this MIB module addresses of a virtual machine are not included in this MIB module
because this MIB module defines the objects common to general because this MIB module defines the objects common to general
hypervisors but they are specific to some hypervisors. They may be hypervisors but they are specific to some hypervisors. They may be
included in the entLogicalTable of ENTITY-MIB [RFC6933]. included in the entLogicalTable of ENTITY-MIB [RFC6933].
6. Definitions 6. Definitions
VM-MIB DEFINITIONS ::= BEGIN VM-MIB DEFINITIONS ::= BEGIN
skipping to change at page 13, line 25 skipping to change at page 13, line 25
TEXTUAL-CONVENTION, PhysAddress, TruthValue TEXTUAL-CONVENTION, PhysAddress, TruthValue
FROM SNMPv2-TC FROM SNMPv2-TC
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB FROM SNMP-FRAMEWORK-MIB
UUIDorZero UUIDorZero
FROM UUID-TC-MIB FROM UUID-TC-MIB
InterfaceIndexOrZero InterfaceIndexOrZero
FROM IF-MIB; FROM IF-MIB;
vmMIB MODULE-IDENTITY vmMIB MODULE-IDENTITY
LAST-UPDATED "201402080000Z" -- 8 February 2014 LAST-UPDATED "201407040000Z" -- 4 July 2014
ORGANIZATION "IETF Operations and Management Area Working Group" ORGANIZATION "IETF Operations and Management Area Working Group"
CONTACT-INFO CONTACT-INFO
" "
WG E-mail: opsawg@ietf.org WG E-mail: opsawg@ietf.org
Mailing list subscription info: Mailing list subscription info:
https://www.ietf.org/mailman/listinfo/opsawg https://www.ietf.org/mailman/listinfo/opsawg
Hirochika Asai Hirochika Asai
The University of Tokyo The University of Tokyo
7-3-1 Hongo 7-3-1 Hongo
skipping to change at page 14, line 34 skipping to change at page 14, line 34
Copyright (c) 2014 IETF Trust and the persons identified Copyright (c) 2014 IETF Trust and the persons identified
as authors of the code. All rights reserved. as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the subject to the license terms contained in, the
Simplified BSD License set forth in Section 4.c of the Simplified BSD License set forth in Section 4.c of the
IETF Trust's Legal Provisions Relating to IETF Documents IETF Trust's Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info)." (http://trustee.ietf.org/license-info)."
REVISION "201402080000Z" -- 8 February 2014 REVISION "201407040000Z" -- 4 July 2014
DESCRIPTION DESCRIPTION
"The original version of this MIB, published as "The original version of this MIB, published as
RFCXXXX." RFCXXXX."
::= { mib-2 yyy } ::= { mib-2 yyy }
vmNotifications OBJECT IDENTIFIER ::= { vmMIB 0 } vmNotifications OBJECT IDENTIFIER ::= { vmMIB 0 }
vmObjects OBJECT IDENTIFIER ::= { vmMIB 1 } vmObjects OBJECT IDENTIFIER ::= { vmMIB 1 }
vmConformance OBJECT IDENTIFIER ::= { vmMIB 2 } vmConformance OBJECT IDENTIFIER ::= { vmMIB 2 }
-- Textual conversion definitions -- Textual conversion definitions
skipping to change at page 25, line 24 skipping to change at page 25, line 24
information installed on the virtual machine. This information installed on the virtual machine. This
value corresponds to the operating system the hypervisor value corresponds to the operating system the hypervisor
assumes to be running when the virtual machine is assumes to be running when the virtual machine is
started. This may differ from the actual operating started. This may differ from the actual operating
system in case the virtual machine boots into a system in case the virtual machine boots into a
different operating system." different operating system."
::= { vmEntry 4 } ::= { vmEntry 4 }
vmAdminState OBJECT-TYPE vmAdminState OBJECT-TYPE
SYNTAX VirtualMachineAdminState SYNTAX VirtualMachineAdminState
MAX-ACCESS read-write MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The administrative power state of the virtual machine. "The administrative power state of the virtual machine."
Note that a virtual machine is supposed to be resumed
when vmAdminState of the virtual machine is changed from
suspended(2) or paused(3) to running(1)."
::= { vmEntry 5 } ::= { vmEntry 5 }
vmOperState OBJECT-TYPE vmOperState OBJECT-TYPE
SYNTAX VirtualMachineOperState SYNTAX VirtualMachineOperState
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The operational state of the virtual machine." "The operational state of the virtual machine."
::= { vmEntry 6 } ::= { vmEntry 6 }
skipping to change at page 26, line 17 skipping to change at page 26, line 13
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This value indicates whether the virtual machine has a "This value indicates whether the virtual machine has a
persistent configuration which means the virtual machine persistent configuration which means the virtual machine
will still exist after its shutdown." will still exist after its shutdown."
::= { vmEntry 8 } ::= { vmEntry 8 }
vmCurCpuNumber OBJECT-TYPE vmCurCpuNumber OBJECT-TYPE
SYNTAX Integer32 (0..2147483647) SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of virtual CPUs currently assigned to the "The number of virtual CPUs currently assigned to the
virtual machine. Changes to this object MUST NOT virtual machine."
persist across re-initialization of the hypervisor."
::= { vmEntry 9 } ::= { vmEntry 9 }
vmMinCpuNumber OBJECT-TYPE vmMinCpuNumber OBJECT-TYPE
SYNTAX Integer32 (-1|0..2147483647) SYNTAX Integer32 (-1|0..2147483647)
MAX-ACCESS read-write MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The minimum number of virtual CPUs that are assigned to "The minimum number of virtual CPUs that are assigned to
the virtual machine when it is in a power-on state. The the virtual machine when it is in a power-on state. The
value -1 indicates that there is no hard boundary for value -1 indicates that there is no hard boundary for
the minimum number of virtual CPUs. Changes to this the minimum number of virtual CPUs."
object MUST NOT persist across re-initialization of the
hypervisor."
::= { vmEntry 10 } ::= { vmEntry 10 }
vmMaxCpuNumber OBJECT-TYPE vmMaxCpuNumber OBJECT-TYPE
SYNTAX Integer32 (-1|0..2147483647) SYNTAX Integer32 (-1|0..2147483647)
MAX-ACCESS read-write MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum number of virtual CPUs that are assigned to "The maximum number of virtual CPUs that are assigned to
the virtual machine when it is in a power-on state. The the virtual machine when it is in a power-on state. The
value -1 indicates that there is no limit. Changes to value -1 indicates that there is no limit."
this object MUST NOT persist across re-initialization of
the hypervisor."
::= { vmEntry 11 } ::= { vmEntry 11 }
vmMemUnit OBJECT-TYPE vmMemUnit OBJECT-TYPE
SYNTAX Integer32 (1..2147483647) SYNTAX Integer32 (1..2147483647)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The multiplication unit for vmCurMem, vmMinMem, and "The multiplication unit for vmCurMem, vmMinMem, and
vmMaxMem. For example, when this value is 1024, the vmMaxMem. For example, when this value is 1024, the
memory size unit for vmCurMem, vmMinMem, and vmMaxMem is memory size unit for vmCurMem, vmMinMem, and vmMaxMem is
KiB." KiB."
::= { vmEntry 12 } ::= { vmEntry 12 }
vmCurMem OBJECT-TYPE vmCurMem OBJECT-TYPE
SYNTAX Integer32 (0..2147483647) SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The current memory size currently allocated to the "The current memory size currently allocated to the
virtual memory module in the unit designated by virtual memory module in the unit designated by
vmMemUnit. Changes to this object MUST NOT persist vmMemUnit."
across re-initialization of the hypervisor."
::= { vmEntry 13 } ::= { vmEntry 13 }
vmMinMem OBJECT-TYPE vmMinMem OBJECT-TYPE
SYNTAX Integer32 (-1|0..2147483647) SYNTAX Integer32 (-1|0..2147483647)
MAX-ACCESS read-write MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The minimum memory size defined to the virtual machine "The minimum memory size defined to the virtual machine
in the unit designated by vmMemUnit. The value -1 in the unit designated by vmMemUnit. The value -1
indicates that there is no hard boundary for the minimum indicates that there is no hard boundary for the minimum
memory size. Changes to this object MUST NOT persist memory size."
across re-initialization of the hypervisor."
::= { vmEntry 14 } ::= { vmEntry 14 }
vmMaxMem OBJECT-TYPE vmMaxMem OBJECT-TYPE
SYNTAX Integer32 (-1|0..2147483647) SYNTAX Integer32 (-1|0..2147483647)
MAX-ACCESS read-write MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum memory size defined to the virtual machine "The maximum memory size defined to the virtual machine
in the unit designated by vmMemUnit. The value -1 in the unit designated by vmMemUnit. The value -1
indicates that there is no limit. Changes to this indicates that there is no limit."
object MUST NOT persist across re-initialization of the
hypervisor."
::= { vmEntry 15 } ::= { vmEntry 15 }
vmUpTime OBJECT-TYPE vmUpTime OBJECT-TYPE
SYNTAX TimeTicks SYNTAX TimeTicks
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The time (in centi-seconds) since the administrative "The time (in centi-seconds) since the administrative
state of the virtual machine was last changed from state of the virtual machine was last changed from
shutdown(4) to running(1)." shutdown(4) to running(1)."
skipping to change at page 30, line 22 skipping to change at page 30, line 9
value must be the same value that is used as the index value must be the same value that is used as the index
in the hrProcessorTable (hrDeviceIndex)." in the hrProcessorTable (hrDeviceIndex)."
::= { vmCpuAffinityEntry 2 } ::= { vmCpuAffinityEntry 2 }
vmCpuAffinity OBJECT-TYPE vmCpuAffinity OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
unknown(0), -- unknown unknown(0), -- unknown
enable(1), -- enabled enable(1), -- enabled
disable(2) -- disabled disable(2) -- disabled
} }
MAX-ACCESS read-write MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The CPU affinity of this virtual CPU to the physical "The CPU affinity of this virtual CPU to the physical
CPU represented by `vmCpuPhysIndex'." CPU represented by `vmCpuPhysIndex'."
::= { vmCpuAffinityEntry 3 } ::= { vmCpuAffinityEntry 3 }
-- The virtual storage devices on each virtual machine. This -- The virtual storage devices on each virtual machine. This
-- document defines some overlapped objects with hrStorage in -- document defines some overlapped objects with hrStorage in
-- HOST-RESOURCES-MIB [RFC2790], because virtual resources shall be -- HOST-RESOURCES-MIB [RFC2790], because virtual resources shall be
-- allocated from the hypervisor's resources, which is the `host -- allocated from the hypervisor's resources, which is the `host
skipping to change at page 36, line 17 skipping to change at page 36, line 7
::= { vmNetworkEntry 5 } ::= { vmNetworkEntry 5 }
-- Notification definitions: -- Notification definitions:
vmPerVMNotificationsEnabled OBJECT-TYPE vmPerVMNotificationsEnabled OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicates if notification generator will send "Indicates if notification generator will send
notifications per virtual machine." notifications per virtual machine. Changes to this
object MUST NOT persist across re-initialization of
the management system, e.g., SNMP agent."
::= { vmObjects 9 } ::= { vmObjects 9 }
vmBulkNotificationsEnabled OBJECT-TYPE vmBulkNotificationsEnabled OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicates if notification generator will send "Indicates if notification generator will send
notifications per set of virtual machines." notifications per set of virtual machines. Changes to
this object MUST NOT persist across re-initialization of
the management system, e.g., SNMP agent."
::= { vmObjects 10 } ::= { vmObjects 10 }
vmAffectedVMs OBJECT-TYPE vmAffectedVMs OBJECT-TYPE
SYNTAX VirtualMachineList SYNTAX VirtualMachineList
MAX-ACCESS accessible-for-notify MAX-ACCESS accessible-for-notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A complete list of virtual machines whose state has "A complete list of virtual machines whose state has
changed. This object is the only object sent with bulk changed. This object is the only object sent with bulk
notifications." notifications."
skipping to change at page 44, line 11 skipping to change at page 44, line 4
only readonly access." only readonly access."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { MANDATORY-GROUPS {
vmHypervisorGroup, vmHypervisorGroup,
vmVirtualMachineGroup, vmVirtualMachineGroup,
vmCpuGroup, vmCpuGroup,
vmCpuAffinityGroup, vmCpuAffinityGroup,
vmStorageGroup, vmStorageGroup,
vmNetworkGroup vmNetworkGroup
} }
OBJECT vmAdminState
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT vmCurCpuNumber
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT vmMinCpuNumber
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT vmMaxCpuNumber
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT vmCurMem
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT vmMinMem
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT vmMaxMem
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT vmCpuAffinity
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT vmPerVMNotificationsEnabled OBJECT vmPerVMNotificationsEnabled
MIN-ACCESS read-only MIN-ACCESS read-only
DESCRIPTION DESCRIPTION
"Write access is not required." "Write access is not required."
OBJECT vmBulkNotificationsEnabled OBJECT vmBulkNotificationsEnabled
MIN-ACCESS read-only MIN-ACCESS read-only
DESCRIPTION DESCRIPTION
"Write access is not required." "Write access is not required."
::= { vmCompliances 2 } ::= { vmCompliances 2 }
skipping to change at page 50, line 7 skipping to change at page 49, line 7
The MIB module in this document uses the following IANA-assigned The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry: OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value Descriptor OBJECT IDENTIFIER value
---------- ----------------------- ---------- -----------------------
vmMIB { mib-2 TBD } vmMIB { mib-2 TBD }
8. Security Considerations 8. Security Considerations
There are a number of management objects defined in this MIB that There are two objects defined in this MIB,
have a MAX-ACCESS clause of read-write and/or read-create. Such vmPerVMNotificationsEnabled and vmBulkNotificationsEnabled, that have
objects may be considered sensitive or vulnerable in some network a MAX-ACCESS clause of read-write. Such objects may be considered
environments. The support for SET operations in a non-secure sensitive or vulnerable in some network environments. The support
environment without proper protection can have a negative effect on for SET operations in a non-secure environment without proper
hypervisor and virtual machine operations. protection can have a negative effect on the management system. It
is recommended that attention be given to these objects in scenarios
that DO NOT use SNMPv3 strong security, i.e. authentication and
encryption. When SNMPv3 strong security is not used, these objects
should have access of read-only, not read-write.
There are a number of managed objects in this MIB that may contain There are a number of managed objects in this MIB that may contain
sensitive information. The objects in the vmHvSoftware and sensitive information. The objects in the vmHvSoftware and
vmHvVersion list information about the hypervisor's software and vmHvVersion list information about the hypervisor's software and
version. Some may wish not to disclose to others which software they version. Some may wish not to disclose to others which software they
are running. Further, an inventory of the running software and are running. Further, an inventory of the running software and
versions may be helpful to an attacker who hopes to exploit software versions may be helpful to an attacker who hopes to exploit software
bugs in certain applications. Moreover, the objects in the vmTable, bugs in certain applications. Moreover, the objects in the vmTable,
vmCpuTable, vmCpuAffinityTable, vmStorageTable and vmNetworkTable vmCpuTable, vmCpuAffinityTable, vmStorageTable and vmNetworkTable
list information about the virtual machines and their virtual list information about the virtual machines and their virtual
resource allocation. Some may wish not to disclose to others how resource allocation. Some may wish not to disclose to others how
many and what virtual machines they are operating. many and what virtual machines they are operating.
It is thus important to control even GET access to these objects and It is thus important to control even GET access to these objects and
possibly to even encrypt the values of these object when sending them possibly to even encrypt the values of these object when sending them
over the network via SNMP. Not all versions of SNMP provide features over the network via SNMP. Not all versions of SNMP provide features
for such a secure environment. for such a secure environment.
It is recommended that attention be specifically given to
implementing the MAX-ACCESS clause in a number of objects, including
vmAdminState, vmMinCpuNumber, vmMaxCpuNumber, vmMinMem, vmMaxMem, and
vmCpuAffinity in scenarios that DO NOT use SNMPv3 strong security
(i.e. authentication and encryption). Extreme caution must be used
to minimize the risk of cascading security vulnerabilities when
SNMPv3 strong security is not used. When SNMPv3 strong security is
not used, these objects should have access of read-only, not read-
create.
SNMPv1 by itself is not a secure environment. Even if the network SNMPv1 by itself is not a secure environment. Even if the network
itself is secure (for example by using IPsec), even then, there is no itself is secure (for example by using IPsec), even then, there is no
control as to who on the secure network is allowed to access and GET/ control as to who on the secure network is allowed to access and GET/
SET (read/change/create/delete) the objects in this MIB. SET (read/change/create/delete) the objects in this MIB.
It is recommended that the implementers consider the security It is recommended that the implementers consider the security
features as provided by the SNMPv3 framework. Specifically, the use features as provided by the SNMPv3 framework. Specifically, the use
of the User-based Security Model [RFC3414] and the View-based Access of the User-based Security Model [RFC3414] and the View-based Access
Control Model [RFC3415] is recommended. Control Model [RFC3415] is recommended.
It is then a customer/user responsibility to ensure that the SNMP It is then a customer/user responsibility to ensure that the SNMP
entity giving access to an instance of this MIB, is properly entity giving access to an instance of this MIB, is properly
configured to give access to the objects only to those principals configured to give access to the objects only to those principals
(users) that have legitimate rights to indeed GET or SET (change/ (users) that have legitimate rights to indeed GET or SET (change/
create/delete) them. create/delete) them.
9. Acknowledgements 9. Acknowledgements
The authors like to thank Joe Marcus Clarke, Randy Presuhn, and David The authors like to thank Joe Marcus Clarke, Randy Presuhn, David
Black for providing helpful comments during the development of this Black, Joel Jaeggli, Tom Petch, Andy Bierman, and C. M. Heard for
providing helpful comments during the development of this
specification. specification.
Juergen Schoenwaelder was partly funded by Flamingo, a Network of Juergen Schoenwaelder was partly funded by Flamingo, a Network of
Excellence project (ICT-318488) supported by the European Commission Excellence project (ICT-318488) supported by the European Commission
under its Seventh Framework Programme. under its Seventh Framework Programme.
10. References 10. References
10.1. Normative References 10.1. Normative References
skipping to change at page 55, line 5 skipping to change at page 52, line 12
[RFC6933] Bierman, A., Romascanu, D., Quittek, J., and M. [RFC6933] Bierman, A., Romascanu, D., Quittek, J., and M.
Chandramouli, "Entity MIB (Version 4)", RFC 6933, Chandramouli, "Entity MIB (Version 4)", RFC 6933,
May 2013. May 2013.
10.2. Informative References 10.2. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- "Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002. Standard Management Framework", RFC 3410, December 2002.
[IEEE8021-BRIDGE-MIB]
IEEE, "IEEE8021-BRIDGE-MIB", <http://www.ieee802.org/1/
files/public/MIBs/IEEE8021-BRIDGE-MIB-200810150000Z.txt>.
[IEEE8021-Q-BRIDGE-MIB]
IEEE, "IEEE8021-BRIDGE-MIB", <http://www.ieee802.org/1/
files/public/MIBs/
IEEE8021-Q-BRIDGE-MIB-200810150000Z.txt>.
Appendix A. State Transition Table Appendix A. State Transition Table
+--------------+----------------+--------------+--------------------+ +--------------+----------------+--------------+--------------------+
| State | Action or | Next state | Notification | | State | Change to | Next state | Notification |
| | vmAdminState | | |
| | at the | | |
| | hypervisor or | | |
| | (Event) | | | | | (Event) | | |
+--------------+----------------+--------------+--------------------+ +--------------+----------------+--------------+--------------------+
| suspended | running | resuming | vmResuming | | | suspended | running | resuming | vmResuming | |
| | | | vmBulkResuming | | | | | vmBulkResuming |
| | | | | | | | | |
| suspending | (suspend | suspended | vmSuspended | | | suspending | (suspend | suspended | vmSuspended | |
| | operation | | vmBulkSuspended | | | operation | | vmBulkSuspended |
| | completed) | | | | | completed) | | |
| | | | | | | | | |
| running | suspended | suspending | vmSuspending | | | running | suspended | suspending | vmSuspending | |
skipping to change at page 56, line 43 skipping to change at page 54, line 49
| | | | | | | | | |
| (no state) | (preparation | preparing | - | | (no state) | (preparation | preparing | - |
| | initiated) | | | | | initiated) | | |
| | | | | | | | | |
| | (migrate from | shutdown (*) | vmShutdown | | | | (migrate from | shutdown (*) | vmShutdown | |
| | other | | vmBulkShutdown | | | other | | vmBulkShutdown |
| | hypervisor | | | | | hypervisor | | |
| | initiated) | | | | | initiated) | | |
+--------------+----------------+--------------+--------------------+ +--------------+----------------+--------------+--------------------+
State transition table State transition table for vmOperState
Authors' Addresses Authors' Addresses
Hirochika Asai Hirochika Asai
The University of Tokyo The University of Tokyo
7-3-1 Hongo 7-3-1 Hongo
Bunkyo-ku, Tokyo 113-8656 Bunkyo-ku, Tokyo 113-8656
JP JP
Phone: +81 3 5841 6748 Phone: +81 3 5841 6748
skipping to change at page 57, line 29 skipping to change at page 55, line 29
Email: mrm@vmware.com Email: mrm@vmware.com
Juergen Schoenwaelder Juergen Schoenwaelder
Jacobs University Jacobs University
Campus Ring 1 Campus Ring 1
Bremen 28759 Bremen 28759
Germany Germany
Email: j.schoenwaelder@jacobs-university.de Email: j.schoenwaelder@jacobs-university.de
Yuji Sekiya
The University of Tokyo
2-11-16 Yayoi
Bunkyo-ku, Tokyo 113-8658
JP
Email: sekiya@wide.ad.jp
Keiichi Shima Keiichi Shima
IIJ Innovation Institute Inc. IIJ Innovation Institute Inc.
3-13 Kanda-Nishikicho 3-13 Kanda-Nishikicho
Chiyoda-ku, Tokyo 101-0054 Chiyoda-ku, Tokyo 101-0054
JP JP
Email: keiichi@iijlab.net Email: keiichi@iijlab.net
Tina Tsou Tina Tsou
Huawei Technologies (USA) Huawei Technologies (USA)
2330 Central Expressway 2330 Central Expressway
Santa Clara CA 95050 Santa Clara CA 95050
USA USA
Email: tina.tsou.zouting@huawei.com Email: tina.tsou.zouting@huawei.com
Yuji Sekiya
The University of Tokyo
2-11-16 Yayoi
Bunkyo-ku, Tokyo 113-8658
JP
Email: sekiya@wide.ad.jp
Cathy Zhou Cathy Zhou
Huawei Technologies Huawei Technologies
Bantian, Longgang District Bantian, Longgang District
Shenzhen 518129 Shenzhen 518129
P.R. China P.R. China
Email: cathyzhou@huawei.com Email: cathyzhou@huawei.com
Hiroshi Esaki Hiroshi Esaki
 End of changes. 49 change blocks. 
142 lines changed or deleted 101 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/