MG-SOFT SNMPv3 engine
Reference SNMPv3 implementation since 1998
MG-SOFT started implementing an SNMPv3 engine in early 1998, while SNMPv3 draft specifications were still emerging from the IETF SNMPv3 working group. MG-SOFT published the first public beta release of the SNMPv3 engine implementation in November 1998. In May 1999, when IETF published RFC 257x documents, MG-SOFT published a conformant release of the SNMPv3 engine implementation.
In December 2002, when IETF published RFC 341x documents and with that advanced SNMPv3 specification to the Internet Standard level (STD 62), MG-SOFT has already been shipping a conformant SNMPv3 implementation. In consequence, all other MG-SOFT's network management products are also compliant with the current SNMPv3 protocol standard.
By providing a conformant implementation of the SNMPv3 protocol standard (and the whole SNMPv3 network management product line) even before the standard has been officially published, MG-SOFT again proved its high tech excellency and commitment to serve even the most demanding customers.
In 2003 MG-SOFT extended the SNMPv3 engine so that the USM module supports also the CFB-AES-128 privacy protocol (RFC 3826).
In 2011 we extended MG-SOFT's SNMPv3 engine with support for the TLS/DTLS transport layer
security
(RFC 6353).
Interoperability
tests were successfully passed with another two known implementations,
Net-SNMP and SNMP Research, in order to support advancement of the
feature standardization process:
draft-schoenw-isms-interoperability-report-02.txt
Our SNMP protocol implementation with this feature now serves as a reference implementation for other implementers.
In 2016 we extended MG-SOFT's SNMPv3 engine with support for HMAC-SHA-2 Authentication Protocols in User-Based Security Model (USM) implemented in our SNMPv3 protocol implementation (RFC 7860). The supported SHA-2 authentication protocols are HMAC-SHA-2-224, HMAC-SHA-2-256, HMAC-SHA-2-384 and HMAC-SHA-2-512.
In 2017 we extended MG-SOFT's SNMPv3 engine to support also CFB-AES-192, CFB-AES-256 and CBC-3DES Privacy Protocols in User-Based Security Model (USM). Note: There is currently no standard for using AES-192, AES-256 and 3DES privacy protocols in SNMPv3 USM. When using these privacy protocols with MD5 and SHA1 authentication protocols that do not provide long enough output to accommodate the 192-bit or 256-bit size keys for AES-192 and AES-256 or the 168-bit size key for 3DES, some mechanism needs to be employed to produce localized keys of an adequate size. MG-SOFT SNMPv3 engine employs the key extension mechanism used by Cisco and some other parties, which is described in the (Reeder 3DES Internet draft document).
Since November 1998, when MG-SOFT performed and successfully passed a number of interoperability tests with other SNMPv3 vendors and their SNMPv3 implementations, MG-SOFT has built a global reputation for trusted, conformant, high performance and highly reliable SNMPv3 implementation. MG-SOFT has tens of thousands of corporate, educational, governmental and individual users worldwide.
Today, MG-SOFT's SNMPv3 engine is a mature and market-proven product that is widely used with MG-SOFT's SNMPv3 manager and agent products, as well as with numerous products developed by third parties, who have licensed MG-SOFT's SNMPv3 technology. Even more, MG-SOFT's SNMPv3 engine is considered a de-facto reference SNMPv3 protocol implementation for other SNMPv3 protocol implementers.
MG-SOFT has implemented an SNMP engine supporting SNMPv1, SNMPv2c and SNMPv3 protocols including the complete User-Based Security Model (HMAC-MD5, HMAC-SHA1 authentication; CBC-DES, CFB-AES-128 privacy) and USM extensions (HMAC-SHA-2 authentication; CFB-AES-192, CFB-AES-256, CBC-3DES privacy; Diffie-Helman key ignition), and Transport Security Model with support for SNMPv3 over TLS and DTLS protocols (using X.509 digital certificates), which provide strong security on the transport layer.
The MG-SOFT SNMPv3 engine conforms to the most recent SNMPv3 specification documents:
- Structure and Identification of Management Information for TCP/IP-based Internets (SMIv1),
(RFC 1155, May 1990). - A Simple Network Management Protocol (SNMPv1),
(RFC 1157, May 1990). - Concise MIB Definitions (SMIv1),
(RFC 1212, March 1991). - A Convention for Defining Traps for use with the SNMP (SMIv1),
(RFC 1215, March 1991). - Introduction to Community-based SNMPv2 (SNMPv2c),
(RFC 1901, Experimental, January 1996). - Structure of Management Information Version 2 (SMIv2),
(RFC 2578, STD 58, April 1999). - Textual Conventions for SMIv2,
(RFC 2579, STD 58, April 1999). - Conformance Statements for SMIv2,
(RFC 2580, STD 58, April 1999). - Extension to the User-Based Security Model (USM) to
Support Triple-DES EDE in "Outside" CBC Mode,
(I-D, October 1999). - Diffie-Helman USM Key
Management Information Base and Textual Convention,
(RFC 2786, Experimental, March 2000). - Introduction and Applicability Statements for Internet Standard Management
Framework,
(RFC 3410, Informational, December 2002). - An Architecture for Describing Simple Network Management Protocol
(SNMP) Management Frameworks,
(RFC 3411, STD 62, December 2002). - Message Processing and Dispatching for the Simple Network Management
Protocol (SNMP),
(RFC 3412, STD 62, December 2002). - Simple Network Management Protocol (SNMP) Applications,
(RFC 3413, STD 62, December 2002). - User-based Security Model (USM) for version 3 of the Simple Network
Management Protocol (SNMPv3),
(RFC 3414, STD 62, December 2002). - View-based Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP),
(RFC 3415, STD 62, December 2002). - Version 2 of the Protocol Operations for the Simple Network Management
Protocol (SNMP),
(RFC 3416, STD 62, December 2002). - Transport Mappings for the Simple Network Management Protocol
(SNMP),
(RFC 3417, STD 62, December 2002). - Management Information Base (MIB) for the Simple Network Management
Protocol (SNMP),
(RFC 3418, STD 62, December 2002). - Coexistence between Version 1, Version 2, and Version 3 of the
Internet-standard Network Management Framework,
(RFC 3584, BCP 74, August 2003). - The Advanced Encryption Standard (AES) Cipher Algorithm
in the SNMP User-based Security Model,
(RFC 3826, Standards Track, June 2004). - Transport Subsystem for the Simple Network Management Protocol (SNMP),
(RFC 5590, Standards Track, June 2009). - Transport Security Model for the Simple Network Management Protocol (SNMP),
(RFC 5591, Standards Track, June 2009). - Transport Layer Security (TLS) Transport Model for
the Simple Network Management Protocol (SNMP),
(RFC 6353, Standards Track, July 2011). - Translation of Structure of Management Information Version 2 (SMIv2) MIB Modules to YANG Modules,
(RFC 6643, Standards Track, July 2012). - HMAC-SHA-2 Authentication Protocols in
User-Based Security Model (USM) for SNMPv3,
(RFC 7860, Standards Track, April 2016).
An agent based on MG-SOFT SNMPv3 engine is available on the Internet for interoperability testing (note that SNMP-SET operation is disabled for security reasons). The following are the supported groups of SNMPv3 USM access parameters:
- Accessing the agent by using
the SNMPv3 protocol without authentication and
without privacy (security
level: NoAuthNoPriv):
IP Address: 212.30.73.70 SNMP Port: 161 ContextName: public UserName: noAuthUser - Accessing the agent by using
the SNMPv3 protocol with HMAC-MD5 authentication
protocol and without CBC-DES privacy protocol (security
level: AuthNoPriv):
IP Address: 212.30.73.70 SNMP Port: 161 ContextName: public UserName: MD5_User Authentication Password: AuthPassword - Accessing the agent by using
the SNMPv3 protocol with HMAC-SHA authentication
protocol and without CBC-DES privacy protocol (security
level: AuthNoPriv):
IP Address: 212.30.73.70 SNMP Port: 161 ContextName: public UserName: SHA_User Authentication Password: AuthPassword - Accessing the agent by using
the SNMPv3 protocol with HMAC-MD5 authentication
protocol and with CBC-DES privacy protocol (security
level: AuthPriv):
IP Address: 212.30.73.70 SNMP Port: 161 ContextName: public UserName: MD5_DES_User Authentication Password: AuthPassword Privacy Password: PrivPassword - Accessing the agent by using
the SNMPv3 protocol with HMAC-SHA authentication
protocol and with CBC-DES privacy protocol (security
level: AuthPriv):
IP Address: 212.30.73.70 SNMP Port: 161 ContextName: public UserName: SHA_DES_User Authentication Password: AuthPassword Privacy Password: PrivPassword - Accessing the agent by using
the SNMPv3 protocol with HMAC-MD5 authentication
protocol and with CFB-AES-128 privacy protocol (security
level: AuthPriv):
IP Address: 212.30.73.70 SNMP Port: 161 ContextName: public UserName: MD5_AES128_User Authentication Password: AuthMD5-Password Privacy Password: PrivAES-Password - Accessing the agent by using
the SNMPv3 protocol with HMAC-SHA authentication
protocol and with CFB-AES-128 privacy protocol (security
level: AuthPriv):
IP Address: 212.30.73.70 SNMP Port: 161 ContextName: public UserName: SHA_AES128_User Authentication Password: AuthSHA-Password Privacy Password: PrivAES-Password