IPP Mail Archive: IPP> Re: SNMPv3 unsuited for IPP/JMP Notifications

IPP Mail Archive: IPP> Re: SNMPv3 unsuited for IPP/JMP Notifications

IPP> Re: SNMPv3 unsuited for IPP/JMP Notifications

Ira Mcdonald x10962 (imcdonal@eso.mc.xerox.com)
Sun, 22 Mar 1998 16:37:08 PST

Copies To: ipp@pwg.org, jmp@pwg.org, Joe_Filion@mc.xerox.com

Hi Randy, Sunday (22 March 1998)

My replies are imbedded in your note below, preceded by 'IEM>'. I tried
to answer each of your questions.

- Ira McDonald (High North)
>From: "Turner, Randy" <rturner@sharplabs.com>
>To: "'ipp@pwg.org'" <ipp@pwg.org>, "'jmp@pwg.org'" <jmp@pwg.org>
>Subject: RE: IPP> Re: SNMPv3 unsuited for IPP/JMP Notificiations
>Date: Sun, 22 Mar 1998 14:56:06 PST
>There two questions that have yet to be answered.
>You've repeatedly stated that SNMPv3 is not intended for "very many
>notification clients". I would like to hear a technical analysis of why
>you think this is the case.

IEM> Because the SNMPv3 security depends on the distribution of shared
secrets to EVERY managed system, but does NOT specify a Key Management
Protocol. Because the SNMPv3 Target and Notification MIBs have highly
inefficient string indices, placing a significant burden on ALL managed
systems. For ACTIVE management (not just passive monitoring) of key
infrastructure (routers, switches, hubs, etc), SNMPv3 may turn out to
be quite successful in the marketplace, but deployment will undoubtedly
be sporadic and interworking problems will be common.

>Also, I think its VERY unrealistic that an embedded device will have to
>manage "several hundred" client notification requests. If every client
>can specify a totally different object set to be sent along with each
>notification, then I don't think this is realistic for embedded devices.
>If you have a defined trap/notification, with a specific list of objects
>that are returned, then a notification originator only has to keep track
>of transport domains and addresses, not every combination of object sets
>that "possibly hundreds of notification clients" might want to know

IEM> Xerox (like IBM, and various other printer vendors) builds VERY big
production printing systems (which may cost over a million dollars each).
The SNMPv1 framework defines 6 different important traps; each interface
MIB (Ethernet, TokenRing, etc) defines several more traps; the Printer MIB
defines one trap; the PWG Job Monitoring MIB will (hopefully) define one
or several (job- vs document-level) traps; the XCMI (Xerox Common Mgmt
Interface) suite of 14 MIBs defines 16 different traps. Xerox clients
do NOT register promiscuously for ALL traps - they pick and choose,
according to their end-user preferences or roles (operators and system
administrators have different interests and needs, for example). VERY
lightweight trap registration is a necessity for the printer industry!

>I don't think SNMPv3 is heavyweight. It's designed be implemented in
>everything from $300 managed 100Mbit hubs, all the way to enterprise ATM
>switches. And I think whatever solution we come up with will have to
>have the capability to support a distributed event notification system,
>similar to the way SENSE and other distributed notification mechanisms
>remove the burden from individual embedded printers from having to keep
>up with the entire world of notifications.

IEM> But, your examples are all of infrastructure (intermediate-systems),
not printers, scanners, and other end-systems. Managing a hub or router
has essentially nothing in common with managing end-systems, except that
they use a common protocol - SNMPv1, NOT SNMPv3, which is unlikely to be
widely deployed for at least the next three years - look at the deployment
track record of SNMPv2!

No vendor can tell their customers that they can't manage their printers
until they deploy (largely non-existant) new enterprise open management
systems (CA Unicenter, Tivoli TME, HP OpenView, Sun Solstice, etc) that
have support for SNMPv3 (some of those that I just mentioned don't have
support for SNMPv2, yet). Xerox research has found that many customers
HATE to be told that "this product just requires a few little server
applications." Elegant distributed event notification schemes like
SENSE are very unpopular with Xerox product planners and marketers
(and customers). Perhaps your customers haven't been bitten by unstable
NetWare NLMs or NT server applications?

[Jay, I personally think SENSE is good stuff - but technical excellence
isn't the only or even major factor in the deployment of technology.]