[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec MIB



Angelos D. Keromytis says:
> Well, i think that:
> a) this is useful mostly for debugging (-> development)
> b) why open a potential hole there if it's not going to be used by
>    your every-day user/admin/whoever

You might be surprised, but most OTHER vendors do have bugs
in their code, and systems do get misconfigured more often
than not. Thus, "debugging" isn't only done by the vendor
quality control - but often by the customers as well.

> >Of course KMP can be instrumented too...  Should it be...?
> I believe that mandating KMPs to monitor SNMP variables is
> unreasonable (i will admit i have little knowledge of the inner
> workings of SNMP). If you make it optional, router vendors will probably
> support it.

Oh no, either IPSEC nor KMP would ever *monitor* SNMP variables!
They might *maintain* those variables so that SNMP may *access* 
them (i.e. "request" the values of those variables, if al the
proper credentials are shown).

> For all other implementations (ie. non-routers), i think it's not
> realistic to use a network monitoring protocol to control a user
> application (the KMP).

Well, there's megabucks market for application management, and
there are at least two WG's in the IETF that are working on
application management via SNMP (ApplMIB and SysAplMIB to
name a few)... And those aim at monitoring (and managing?)
various applications running on different systems...

> My 4.8 drachmas (about $0.02).

(:-)
-- 
Regards,
Uri		uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>