SNMPv3 Structure

SNMPv3 provides a modular structure that allows for specific subsystems to be used for certain tasks . This approach is in line with the increasing trend toward component technology (we discuss this later, but for now just think of components as real-world mini-objects that are embodied in software. Components are joined together to form more complex entities, such as VLANs, virtual connections made up of Ethernet cross-connections joined across an ATM/MPLS core network, etc.). Broadly speaking, an SNMPv3 entity consists of two main components:

• An SNMP engine

• A collection of SNMP applications

Our discussion of SNMPv3 is more of an overview than a detailed description. The latter can be found in [Zeltserman1999].

SNMPv3 Engine

The SNMPv3 engine is made up of four subcomponents:

• Dispatcher handles message sending and receiving.

• Message subsystem handles message processing for SNMPv3, SNMPv2c, SNMPv1, and any other models.

• Security subsystem handles security processing for SNMPv3 user -based security model (USM), SNMPv1/v2c community-based security model, and any additional (newly defined) models.

• Access control subsystem handles the granting/rejecting of access to specific managed objects.

Two important points to note about the engine subcomponents are that they:

1. Can hand off the message processing to each other as required.

2. Are themselves extensible entities.

The SNMPv3 architecture is flexible and modular. It remains to be seen whether this facility will be used over time, but one area where change is quite likely is that of security. Another security model could be added to the architecture by extending the security subsystem and adding an extra value in the security model number field (as illustrated in Figure 2-1 with the MessageSecurity parameter). Such a change would require a potentially costly software upgrade, but the benefits of extra security may become a necessity.