Internet Draft Silvano Gai draft-gai-fc-mibs-00.txt Keith McCloghrie Expires: December 2003 Cisco Systems Claudio DeSanti Andiamo Systems June 2003 MIBs Standardization for Fibre Channel Status of this Memo This document is an Internet Draft and is in full conformance with all provisions of Section 10 of RFC 2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract Fibre Channel (FC) is a high speed serial interface technology that supports several Upper Layer Protocols including Small Computer System Interface (SCSI) and IP. Fibre Channel is standardized by the INCITS T11 Technical Committee. Fibre Channel Standards include Framing and Signaling protocols [FC-FS], Generic Services protocols [FC-GS-3], Switch Fabric protocols [FC-SW-2], etc. The management of a Fibre Channel network requires to monitor and set many parameters related to these protocols and this may be accomplished defining a proper set of MIBs. Gai, McCloghrie, DeSanti Expires December 2003 [Page 1] INTERNET DRAFT MIBs Standardization for Fibre Channel June 2003 This Internet Draft states the intention of the authors to submit to the IETF for standardization 9 new MIBs related to all the aspects of Fibre Channel management. The purpose of this document is to stimulate a discussion inside the IETF on where this standardization work can be accomplished and to receive preliminary feedback before submitting the individual I-Ds. 1. Overview of Fibre Channel Fibre Channel (FC) is a gigabit speed network technology primarily used for Storage Networking. Fibre Channel is standardized in the T11 Technical Committee of the InterNational Committee for Information Technology Standards (INCITS), an American National Standard Institute (ANSI) accredited standards committee. Fibre Channel devices are called Nodes. Each Node has one or more Ports to connect to Ports of other devices. Fibre Channel may be implemented using any combination of the following three topologies: - a point-to-point link between two Ports; - a set of Ports interconnected by a switching network called a Fabric [FC-SW-2]; - a set of Ports interconnected with a loop topology, as defined in [FC-AL-2]. A Node Port is more precisely called an N_Port. A Node Port that is capable of operating in a loop topology using the loop specific protocols is designated as an NL_Port. The term Nx_Port is used to generically indicate these two kinds of Node Port. A Fabric Port is more precisely called an F_Port. A Fabric Port that is capable of operating in a loop topology using the loop specific protocols is designated as an FL_Port. The term Fx_Port is used to generically indicate these two kinds of Fabric Port. Fibre Channel ports interconnecting Switches are called Expansion Ports or E_Ports. E_Port operation specifies the tools and algorithms for interconnection and initialization of Fibre Channel Switches to create a multi-Switch Fabric [FC-SW-2]. Fabric operation includes Fabric Configuration, Path Selection, Distributed Server Communication, Exchange of Zone Information, Distributed Event Notification, etc. A Fibre Channel Fabric provides several Generic Services to the nodes connected to the Fabric itself [FC-GS-3]. Examples of Services are Directory Services or Management Services. Access to Fabric Services is provided by a Common Transport Protocol, that provides a set of parameters that facilitates the usage of Fibre Channel constructs. It Gai, McCloghrie, DeSanti Expires December 2003 [Page 2] INTERNET DRAFT MIBs Standardization for Fibre Channel June 2003 also provides a level of multiplexing that simplifies the Switch-to-Switch communication for a Distributed Service. 2. MIBs for management Fibre Channel has evolved into an extensive network architecture with many features, protocols, services and parameters. This has created a demand for a standard solution for the management of Fibre Channel networks and for integration with the management of IP networks. Historically the IETF has used SNMP and MIBs as the primary vehicle for management information with good success. There has been some attempts to extend MIBs to cover SANs (Storage Area Networks) with some relevant successes in the area of SCSI, for example with the work on Definition of Managed Objects for SCSI Entities done in the IP Storage WG. The so called "Fibre Alliance MIB" has also been implemented in many products, and an updated and corrected version (draft-ietf-ips- fcmgmt-mib-04.txt) is in the process of being approved as a Proposed Standard. However, a systematic work of standardization of a set of MIBs to cover all the different aspects of Fibre Channel networks has not yet been attempted. Note that the IPS WG did previously consider defining some of the additional FC functionality in MIBs, but deferred it to the future (see http://www.pdl.cmu.edu/mailinglists/ips/mail/msg09473.html). The authors of this I-D are interested in submitting to the IETF approximately 9 MIBs that collectively cover all the management aspects of a Fibre Channel network. A list of the MIBs with a short description is given in section 4. These MIBs are intended to complement and update but not obsolete the existing work on Fibre Channel MIBs that the IETF has done. The authors ask for guidance from the IETF in identifying the most appropriate WG that can work on the standardization of these MIBs before submitting all the individual I-Ds. 3. VSAN awareness The concept of Virtual Fabric or VSAN (Virtual SAN) [VSAN, TAG-HEAD] has been recently introduced in Fibre Channel. Similar to VLANs (Virtual LANs), VSANs allow the sharing of a common Fibre Channel physical infrastructure by multiple logical Fabrics. The concept of VSAN is already present in the CIM/SMI-S specification [CMI/SMI-S], and has been proposed to SNIA and to T11 [VSAN, TAG-HEAD]. All these MIBs are VSAN-aware. Gai, McCloghrie, DeSanti Expires December 2003 [Page 3] INTERNET DRAFT MIBs Standardization for Fibre Channel June 2003 4. List of MIBs The following MIBs are ready to be submitted for standardization. 4.1 Fibre Element This MIB covers: - Extension to the interface MIB [RFC 2863]; - The groups from [RFC 2837] relevant to an FC Fabric; - Other features specific to an FC Fabric. This MIB supports all the port types defined by [FC-FS] and [FC-AL-2] (N_Port, NL_Port, F_Port, FL_Port), all the port types defined by [FC-SW-2] (E_Ports or B_Ports), plus the port types required to support VSANs [TAG-HEAD] (TE_Port or Trunking E_Port). Examples of parameters that can be monitored/configured are: Buffer-to-Buffer Credits, FC Port Type, Port Name_Identifiers, Port Speed, Port Status, VSAN list and Login table. 4.2 Virtual Fabrics (VSAN) This MIB enables the manager to configure and monitor Virtual Fabrics parameters (see section 3). Examples of parameters that can be monitored/configured are: Name, ID, State, MTU, in order delivery, Name_Identifiers, and membership. 4.3 Domain Manager The Domain Manager is a software functionality present on an FC-SW-2 compliant Switch [FC-SW-2] to provide addresses (domain) assignment. For the purposes of this MIB, Domain Manager is the software functionality which executes in both the Principal Switch [FC-SW-2] and other Switches of a FC Fabric. Examples of parameters that can be monitored/configured are: Principal Switch ID, Priority, Domain_ID List. 4.4 Fibre Shortest Path First (FSPF) Fibre Shortest Path First (FSPF) [FC-SW-2] is a link state path selection protocol. FSPF keeps track of the state of the links on all Switches in the Fabric and associates a cost with each link. The protocol computes paths from a Switch to all the other Switches in Gai, McCloghrie, DeSanti Expires December 2003 [Page 4] INTERNET DRAFT MIBs Standardization for Fibre Channel June 2003 the Fabric by adding the cost of all the links traversed by the path, and choosing the path that minimizes the overall cost. The collection of link states (including cost) of all the Switches in a Fabric constitutes the topology database (or link-state database). This MIB enables the manager to configure and monitor FSPF parameters. Examples of parameters that can be monitored/configured are: Region ID, Domain ID, Interface State, Interface Cost, Interface Hello Interval, Interface Dead Interval, Hold Time, Max Age, Admin Status, Operator Status, and Incarnation Number. 4.5 Routing Information FSPF [FC-SW-2] defines how to compute the shortest path toward another domain. When this computation is done, it needs to be summarized into a routing table that define for each destination domain the next hop(s) and that can be used by a switch forwarding engine, either centralized or distributed. This MIB enables the manager to configure and monitor Routing Information. Examples of parameters that can be monitored/configured are: the Fibre Channel Routing table, and for each route the Route Destination Address ID, Interface, Domain_ID, Route Metric, and Route Type. 4.6 Name Server The Name Server [FC-GS-3] provides a way for N_Ports and NL_Ports to register and discover Fibre Channel attributes. Once registered, the attributes are made available to requestors. The Name Server is intended to be distributed among Fabric Elements, making the Name Server available to N_Ports and NL_Ports, once they have successfully completed Fabric Login. For example, a disk may register with the name server to become known to the hosts. An host, after having completed the Fabric Login may query the name server to discover which disks are accessible. This MIB enables the manager to configure and monitor the Fibre Channel Name Server. Examples of parameters that can be monitored/configured are: the Fibre Channel Name Server table, which contains an entry for each Nx_Port presently known (through FC-GS-3 registrations) and in each Gai, McCloghrie, DeSanti Expires December 2003 [Page 5] INTERNET DRAFT MIBs Standardization for Fibre Channel June 2003 entry the Port Name, the Node Name, Class of Service, Node IP address, FC-4 Type, Port IP address, Symbolic Port Name, and Symbolic Node Name. 4.7 Registered State Change Notification (RSCN) RSCNs [FC-FS] are messages sent to registered Nx_Ports when an event occurs which may have affected the state of one or more Nx_Ports. RSCNs are intended to provide a timely indication of changes in nodes to avoid the considerable traffic that polling can generate. RSCNs may be used to indicate a failed node, allowing the release of resources tied up by the failed node. RSCNs may also be used to notify interested nodes of new devices coming on-line, and of changes within an on-line node that affect the operation of the system (e.g., more storage has become available). This MIB enables the manager to configure and monitor the Fibre Channel Registered State Change Notification (RSCN). Examples of parameters that can be monitored/configured are: the number and a table of Nx_Ports currently registered to receive RSCNs, and for each Nx_Port the FC_ID of the port and the type of events included in the subscription. Moreover, statistical information like the number of SCR, RSCN, SW_RSCN received, transmitted, accepted and rejected are provided. 4.8 Zone Server Fabric Zones [FC-GS-3, FC-SW-2] provide a mechanism to expose selected views of Name Server information to Clients. This technique is similar to ôvirtual private networksö in that the Fabric can group Fibre Channel address identifiers into Zones. Administrators create Zones to increase network security, and prevent data loss or corruption, by controlling access between devices or user groups. A Zone Server maintains a list of all the Zone Sets configured. A Zone Set is a collection of Zones. There may be multiple Zone Sets configured on a Fabric. Only one Zone Set is allowed to be active at a time. A Zone can be present in multiple Zone Sets. Each Zone consists of a group of members allowed to communicate. Zones and Zone Sets may be configured and monitored through a Switch vendors' management tool, or via this MIB. Examples of parameters that can be monitored/configured are: Zone Set database, Active Zone Set, and for each Zone Set the Index, the Name, the Zone List, the Administrator Status and the Operative Gai, McCloghrie, DeSanti Expires December 2003 [Page 6] INTERNET DRAFT MIBs Standardization for Fibre Channel June 2003 Status. For each Zone the Index, the Name, the Member List and the Alias List. 4.9 Fabric Configuration Server As a repository for configuration information, the Fabric Configuration Server [FC-GS-3] provides information regarding the Fabric, and the Interconnect Elements that comprise the Fabric. It provides a way for a management application to discover Fibre Channel Fabric topology information and attributes. The Fabric Configuration Server is intended to be distributed among Fabric Elements, making the Fabric Configuration Server immediately available to an N_Port once it has successfully completed the Fabric Login. Requests for the Fabric Configuration Server are carried over the Common Transport. This MIB module interfaces the Fabric Configuration Server (FCS). Examples of parameters that can be monitored/configured are: the Interconnect Elements table, composed of Interconnect Element entries, each having a Name, a Type, a Domain_ID, a Management_ID, a Fabric_Name, a Logical Name; and a Port List Table, composed of Port List entries, each having a Port Type, a Port Name, a Port State and an Attached Port Name. 5. Security Considerations These MIBs do not introduce any additional security concerns beyond what already exists within the Fibre Channel protocols. There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. In particular, write-able objects allow an administrator to control the interfaces or to perform tests on the interfaces, and unauthorized access to these could cause a denial of service, or in combination with other (e.g., physical) security breaches, could cause unauthorized connectivity to a device. SNMPv1 by itself does not provide a secure environment. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in a MIB. Gai, McCloghrie, DeSanti Expires December 2003 [Page 7] INTERNET DRAFT MIBs Standardization for Fibre Channel June 2003 It is recommended that the implementers consider the security features provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model specified in [RFC 2574] and the View- based Access Control Model [RFC 2575] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of a MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 6. Acknowledgment The authors would like to acknowledge all the individual authors of the MIBs. 7. References [FC-FS] ANSI INCITS 373-2003, "Fibre Channel - Framing and Signaling (FC-FS)". [FC-AL-2] ANSI INCITS 332-1999, "Fibre Channel - Arbitrated Loop-2 (FC-AL-2)". [FC-GS-3] ANSI INCITS 348-2000, "Fibre Channel - Generic Services-3 (FC-GS-3)". [FC-SW-2] ANSI INCITS 355-2001, "Fibre Channel - Switch Fabric-2 (FC-SW-2)". [RFC 2574] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, January 1998. [RFC 2575] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, January 1998. [RFC 2837] Teow K.S., "Definitions of Managed Objects for the Fabric Element in Fibre Channel Standard", RFC 2837, May 2000. [RFC 2863] McCloghrie K., Kastenholz F., "The Interfaces Group MIB", RFC 2863, June 2000. [VSAN] DeSanti C., Carlson C., McGlaughlin E. "Virtual Fabrics" T11 document 03-352v0, May 2003. Gai, McCloghrie, DeSanti Expires December 2003 [Page 8] INTERNET DRAFT MIBs Standardization for Fibre Channel June 2003 [TAG-HEAD] DeSanti C., Carlson C., McGlaughlin E. "Tagged Frame Specification" T11 document 03-353v0, May 2003. [CMI/SMI-S] SNIA CIM/SMI-S: Storage Management Initiative Specification, Version 1.1. 8. Authors' Address Silvano Gai Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Phone: +1 408 527-7269 EMail: sgai@cisco.com Keith McCloghrie Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Phone: +1 408 526-5260 EMail: kzm@cisco.com Claudio DeSanti Andiamo Systems, Inc. 375 E. Tasman Dr. San Jose, CA 95134 USA Phone: +1 408 853-9172 EMail: cds@andiamo.com Gai, McCloghrie, DeSanti Expires December 2003 [Page 9]