rfc1224.Techniques for Managing Asynchronously Generated Alerts

Internet RFC/STD/FYI/BCP ArchivesRFC1242[ Index | Search | What's New | Comments | Help ]Network Working Group S. Bradner, Editor Request for Comments: 1242 Harvard University July 1991Benchmarking Terminology for Network Interconnection DevicesStatus of this MemoThis memo provides information for the Internet community. It does not specify an Internet standard. Distribution of this memo isunlimited.AbstractThis memo discusses and defines a number of terms that are used indescribing performance benchmarking tests and the results of suchtests. The terms defined in this memo will be used in additionalmemos to define specific benchmarking tests and the suggested format to be used in reporting the results of each of the tests. This memo is a product of the Benchmarking Methodology Working Group (BMWG) of the Internet Engineering Task Force (IETF).1. IntroductionVendors often engage in "specsmanship" in an attempt to give theirproducts a better position in the marketplace. This usually involves much "smoke & mirrors" used to confuse the user. This memo andfollow-up memos attempt to define a specific set of terminology and tests that vendors can use to measure and report the performancecharacteristics of network devices. This will provide the usercomparable data from different vendors with which to evaluate these devices.2. Definition formatTerm to be defined. (e.g., Latency)Definition:The specific definition for the term.Discussion:A brief discussion about the term, it's applicationand any restrictions on measurement procedures.Measurement units:The units used to report measurements of thisterm, if applicable.Issues:List of issues or conditions that effect this term.See Also:List of other terms that are relevant to the discussion of this term.3. Term definitions3.1 Back-to-backDefinition:Fixed length frames presented at a rate such that there is the minimum legal separation for a given mediumbetween frames over a short to medium period of time,starting from an idle state.Discussion:A growing number of devices on a network can producebursts of back-to-back frames. Remote disk serversusing protocols like NFS, remote disk backup systemslike rdump, and remote tape access systems can beconfigured such that a single request can result ina block of data being returned of as much as 64K octets. Over networks like ethernet with a relatively small MTU this results in many fragments to be transmitted. Since fragment reassembly will only be attempted if allfragments have been received, the loss of even onefragment because of the failure of some intermediatenetwork device to process enough continuous frames can cause an endless loop as the sender repetitivelyattempts to send its large data block.With the increasing size of the Internet, routingupdates can span many frames, with modern routers able to transmit very quickly. Missing frames of routinginformation can produce false indications ofunreachability. Tests of this parameter are intendedto determine the extent of data buffering in thedevice.Measurement units:Number of N-octet frames in burst.Issues:See Also:3.2 BridgeDefinition:A system which forwards data frames based on information in the data link layer.Discussion:Measurement units:n/aIssues:See Also:bridge/router (3.3)router (3.15)3.3 bridge/routerDefinition:A bridge/router is a network device that can selectively function as a router and/or a bridge based on theprotocol of a specific frame.Discussion:Measurement units:n/aIssues:See Also:bridge (3.2)router (3.15)3.4 Constant LoadDefinition:Fixed length frames at a fixed interval time.Discussion:Although it is rare, to say the least, to encountera steady state load on a network device in the realworld, measurement of steady state performance maybe useful in evaluating competing devices. Theframe size is specified and constant. All deviceparameters are constant. When there is a checksumin the frame, it must be verified.Measurement units:n/aIssues:unidirectional vs. bidirectionalSee Also:3.5 Data link frame sizeDefinition:The number of octets in the frame from the first octet following the preamble to the end of the FCS, ifpresent, or to the last octet of the data if thereis no FCS.Discussion:There is much confusion in reporting the framesizes used in testing network devices or networkmeasurement. Some authors include the checksum,some do not. This is a specific definition for usein this and subsequent memos.Measurement units:octetsIssues:See Also:3.6 Frame Loss RateDefinition:Percentage of frames that should have been forwardedby a network device under steady state (constant)load that were not forwarded due to lack ofresources.Discussion:This measurement can be used in reporting theperformance of a network device in an overloadedstate. This can be a useful indication of how adevice would perform under pathological networkconditions such as broadcast storms.Measurement units:Percentage of N-octet offered frames that are dropped. To be reported as a graph of offered load vs frame loss.Issues:See Also:overhead behavior (3.11)policy based filtering (3.13)MTU mismatch behavior (3.10)3.7 Inter Frame GapDefinition:The delay from the end of a data link frame as defined in section 3.5, to the start of the preamble of thenext data link frame.Discussion:There is much confusion in reporting the betweenframe time used in testing network devices. Thisis a specific definition for use in this and subsequent memos.Measurement units:Time with fine enough units to distinguish between2 events.Issues:Link data rate.See Also:3.8 LatencyDefinition:For store and forward devices:The time interval starting when the last bit of theinput frame reaches the input port and ending whenthe first bit of the output frame is seen on theoutput port.For bit forwarding devices:The time interval starting when the end of the firstbit of the input frame reaches the input port andending when the start of the first bit of the outputframe is seen on the output port.Discussion:Variability of latency can be a problem.Some protocols are timing dependent (e.g., LAT and IPX). Future applications are likely to be sensitive tonetwork latency. Increased device delay can reducethe useful diameter of net. It is desired toeliminate the effect of the data rate on the latencymeasurement. This measurement should only reflect the actual within device latency. Measurements should betaken for a spectrum of frame sizes without changingthe device setup.Ideally, the measurements for all devices would be fromthe first actual bit of the frame after the preamble. Theoretically a vendor could design a device thatnormally would be considered a store and forwarddevice, a bridge for example, that begins transmitting a frame before it is fully received. This type ofdevice is known as a "cut through" device. Theassumption is that the device would somehow invalidate the partially transmitted frame if in receiving theremainder of the input frame, something came up that the frame or this specific forwarding of it was inerror. For example, a bad checksum. In this case,the device would still be considered a store andforward device and the latency would still befrom last bit in to first bit out, even though thevalue would be negative. The intent is to treatthe device as a unit without regard to the internalstructure.Measurement units:Time with fine enough units to distinguish between2 events.Issues:See Also:link speed mismatch (3.9)constant load (3.4)back-to-back (3.1)policy based filtering (3.13)single frame behavior (3.16)3.9 Link Speed MismatchDefinition:Speed mismatch between input and output data rates.Discussion:This does not refer to frame rate per se, it refers to the actual data rate of the data path. For example,an Ethernet on one side and a 56KB serial link on the other. This is has also been referred to as the "fire hose effect". Networks that make use of serial links between local high speed networks will usually havelink speed mismatch at each end of the serial links.Measurement units:Ratio of input and output data rates.Issues:See Also:constant load (3.4)back-to-back (3.1)3.10 MTU-mismatch behaviorDefinition:The network MTU (Maximum Transmission Unit) of theoutput network is smaller than the MTU of the inputnetwork, this results in fragmentation.Discussion:The performance of network devices can be significantly affected by having to fragment frames.Measurement units:Description of behavior.Issues:See Also:3.11 Overhead behaviorDefinition:Processing done other than that for normal data frames.Discussion:Network devices perform many functions in additionto forwarding frames. These tasks range from internal hardware testing to the processing of routinginformation and responding to network managementrequests. It is useful to know what the effect ofthese sorts of tasks is on the device performance.An example would be if a router were to suspendforwarding or accepting frames during the processingof large routing update for a complex protocol likeOSPF. It would be good to know of this sort ofbehavior.Measurement units:Any quantitative understanding of this behavior is by the determination of its effect on other measurements.Issues:bridging and routing protocolscontrol processingicmpip options processingfragmentationerror processingevent logging/statistics collectionarpSee Also:policy based filtering (3.13)3.12 Overloaded behaviorDefinition:When demand exceeds available system resources.Discussion:Devices in an overloaded state will lose frames. The device might lose frames that contain routing orconfiguration information. An overloaded state isassumed when there is any frame loss.Measurement units:Description of behavior of device in any overloadedstates for both input and output overload conditions.Issues:How well does the device recover from overloaded state? How does source quench production effect device?What does device do when its resources are exhausted? What is response to system management in overloadedstate?See Also:3.13 Policy based filteringDefinition:Filtering is the process of discarding receivedframes by administrative decision where normaloperation would be to forward them.Discussion:Many network devices have the ability to beconfigured to discard frames based on a numberof criteria. These criteria can range from simplesource or destination addresses to examiningspecific fields in the data frame itself.Configuring many network devices to performfiltering operations impacts the throughputof the device.Measurement units:n/aIssues:flexibility of filter optionsnumber of filter conditionsSee Also:3.14 Restart behaviorDefinition:Reinitialization of system causing data loss.Discussion:During a period of time after a power up orreset, network devices do not accept and forwardframes. The duration of this period of unavailabilitycan be useful in evaluating devices. In addition,some network devices require some form of resetwhen specific setup variables are modified. If thereset period were long it might discourage networkmanagers from modifying these variables on productionnetworks.Measurement units:Description of device behavior under various restartconditions.Issues:Types:power onreload software imageflush port, reset buffersrestart current code image, without reconfurationUnder what conditions is a restart required?Does the device know when restart needed (i.e., hungstate timeout)?Does the device recognize condition of too frequentauto-restart?Does the device run diagnostics on all or some resets?How may restart be initiated?physical interventionremote via terminal line or login over networkSee Also:3.15 RouterDefinition:A system which forwards data frames based oninformation in the network layer.Discussion:This implies "running" the network level protocolrouting algorithm and performing whatever actionsthat the protocol requires. For example, decrementingthe TTL field in the TCP/IP header.Measurement units:n/aIssues:See Also:bridge (3.2)bridge/router (3.3)3.16 Single frame behaviorDefinition:One frame received on the input to a device.Discussion:A data "stream" consisting of a single frame canrequire a network device to do a lot of processing.Figuring routes, performing ARPs, checkingpermissions etc., in general, setting up cache entries. Devices will often take much more time to process asingle frame presented in isolation than it would ifthe same frame were part of a steady stream. Thereis a worry that some devices would even discard a single frame as part of the cache setup procedure under theassumption that the frame is only the first of many.Measurement units:Description of the behavior of the device.Issues:See Also:policy based filtering (3.13)3.17 ThroughputDefinition:The maximum rate at which none of the offered framesare dropped by the device.Discussion:The throughput figure allows vendors to report asingle value which has proven to have use in themarketplace. Since even the loss of one frame in adata stream can cause significant delays whilewaiting for the higher level protocols to time out,it is useful to know the actual maximum datarate that the device can support. Measurements should be taken over a assortment of frame sizes. Separatemeasurements for routed and bridged data in thosedevices that can support both. If there is a checksum in the received frame, full checksum processing mustbe done.Measurement units:N-octet input frames per secondinput bits per secondIssues:single path vs. aggregateloadunidirectional vs bidirectionalchecksum processing required on some protocolsSee Also:frame loss rate (3.6)constant load (3.4)back-to-back (3.1)4. AcknowledgementsThis memo is a product of the IETF BMWG working group:Chet Birger, Coral NetworksScott Bradner, Harvard University (chair)Steve Butterfield, independant consultantFrank Chui, TRWPhill Gross, CNRIStev Knowles, FTP Software, Inc.Mat Lew, TRWGary Malkin, FTP Software, Inc.K.K. Ramakrishnan, Digital Equipment Corp.Mick Scully, Ungerman BassWilliam M. Seifert, Wellfleet Communications Corp.John Shriver, Proteon, Inc.Dick Sterry, MicrocomGeof Stone, Network Systems Corp.Geoff Thompson, SynOpticsMary Youssef, IBMSecurity ConsiderationsSecurity issues are not discussed in this memo.Author's AddressScott BradnerHarvard UniversityWilliam James Hall 123233 Kirkland StreetCambridge, MA 02138Phone: (617) 495-3864EMail: SOB@Or, send comments to: bmwg@.[ Index | Search | What's New | Comments | Help ] Comments/Questions about this archive ? Send mail to rfc-admin@。

1+x云计算平台运维与开发认证（中级）总题目试题与答案1. 单选题 1、下面哪个是软件代码版本控制软件?(10 分) [单选题]A.projectB.SVN(正确答案)C.notepad++D.Xshell2. 2、下面哪个阶段不是项目管理流程中的阶段?(10 分) [单选题]A.项目立项B.项目开发C.项目测试D.项目质保(正确答案)3. 3、VRRP 协议报文使用的固定组播地址是? (10 分) [单选题]A.127.0.0.1B.192.168.0.1C.169.254.254.254D.224.0.0.18(正确答案)4. 4、每个物理端口传输速率为 100Mb/s，将 2 个物理端口聚合成逻辑端口后，该聚合端口AP 的传输速率为多少? (10 分) [单选题]A.200Mb/s(正确答案)B.100Mb/sC.300Mb/sD.50Mb/s5. 5、下列关于 DHCP 服务器的描述中，正确的是?(10 分) [单选题]A.客户端只能接受本网段 DHCP 服务器提供的 IP 地址B.需要保留的 IP 地址可以包含在 DHCP 服务器的地址池中(正确答案)C.DHCP 服务器不能帮助用户指定 DNS 服务器D.DHCP 服务器可以将一个 IP 地址同时分配给两个不同的用户6. 6、下列选项当中，创建名称为 test 的数据库的正确命令是?(10 分) [单选题] Amysql-uroot–p000000createtestB.mysqladmin-uroot–p000000 create test(正确答案)Cmysql-uroot-p000000createtestDmysqladmin-uroot-p 000000 create test7. 7、操作 Nginx 时需要与哪个进程进行通讯?(10 分) [单选题]A.主进程(正确答案)B.通讯进程C.网络进程D.worker 进程8. 8、Nginx 中重新加载配置 Master 在接受到什么信号后，会先重新加载配置?(10 分) [单选题]A.kill-HUPpid(正确答案)B.start-HUPpidC.stop-HUPpidD.restart-HUPpid9. 9、以下哪个服务为 OpenStack 平台提供了消息服务?(10 分) [单选题]A.KeystoneC.RabbitMQ(正确答案)D.Nova10. 10、OpenStack 在以下哪个版本正式发布 Horizon?(10 分) [单选题]A.CactusB.DiabloC.Essex(正确答案)D.Folsom11. 11、下列选项当中，哪个是 Neutron 查询网络服务列表信息的命令?(10 分) [单选题]A.neutronagent-list(正确答案)B.neutronnetwork-showC.neutronagent-showD.neutronnetwork-list12. 12、以下关于腾讯云按量计费的描述中，哪项是错误的?(10 分) [单选题]A.先使用后付款，相对预付费更灵活，用多少付多少，计费准确，无资源浪费。

Network Working Group R. Housley Request for Comments: 5652 Vigil Security Obsoletes: 3852 September 2009 Category: Standards TrackCryptographic Message Syntax (CMS)AbstractThis document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encryptarbitrary message content.Status of This MemoThis document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions forimprovements. Please refer to the current edition of the "InternetOfficial Protocol Standards" (STD 1) for the standardization stateand status of this protocol. Distribution of this memo is unlimited. Copyright and License NoticeCopyright (c) 2009 IETF Trust and the persons identified as thedocument authors. All rights reserved.This document is subject to BCP 78 and the IETF Trust’s LegalProvisions Relating to IETF Documents(/license-info) in effect on the date ofpublication of this document. Please review these documentscarefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e ofthe Trust Legal Provisions and are provided without warranty asdescribed in the BSD License.This document may contain material from IETF Documents or IETFContributions published or made publicly available before November10, 2008. The person(s) controlling the copyright in some of thismaterial may not have granted the IETF Trust the right to allowmodifications of such material outside the IETF Standards Process.Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modifiedoutside the IETF Standards Process, and derivative works of it maynot be created outside the IETF Standards Process, except to formatit for publication as an RFC or to translate it into languages other than English.Housley Standards Track [Page 1]Table of Contents1. Introduction (3)1.1. Evolution of the CMS (4)1.1.1. Changes Since PKCS #7 Version 1.5 (4)1.1.2. Changes Since RFC 2630 (4)1.1.3. Changes Since RFC 3369 (5)1.1.4. Changes Since RFC 3852 (5)1.2. Terminology (5)1.3. Version Numbers (6)2. General Overview (6)3. General Syntax (7)4. Data Content Type (7)5. Signed-data Content Type (8)5.1. SignedData Type (9)5.2. EncapsulatedContentInfo Type (11)5.2.1. Compatibility with PKCS #7 (12)5.3. SignerInfo Type (13)5.4. Message Digest Calculation Process (16)5.5. Signature Generation Process (16)5.6. Signature Verification Process (17)6. Enveloped-Data Content Type (17)6.1. EnvelopedData Type (18)6.2. RecipientInfo Type (21)6.2.1. KeyTransRecipientInfo Type (22)6.2.2. KeyAgreeRecipientInfo Type (23)6.2.3. KEKRecipientInfo Type (25)6.2.4. PasswordRecipientInfo Type (26)6.2.5. OtherRecipientInfo Type (27)6.3. Content-encryption Process (27)6.4. Key-Encryption Process (28)7. Digested-Data Content Type (28)8. Encrypted-Data Content Type (29)9. Authenticated-Data Content Type (30)9.1. AuthenticatedData Type (31)9.2. MAC Generation (33)9.3. MAC Verification (34)10. Useful Types (34)10.1. Algorithm Identifier Types (35)10.1.1. DigestAlgorithmIdentifier (35)10.1.2. SignatureAlgorithmIdentifier (35)10.1.3. KeyEncryptionAlgorithmIdentifier (35)10.1.4. ContentEncryptionAlgorithmIdentifier (36)10.1.5. MessageAuthenticationCodeAlgorithm (36)10.1.6. KeyDerivationAlgorithmIdentifier (36)10.2. Other Useful Types (36)10.2.1. RevocationInfoChoices (36)10.2.2. CertificateChoices (37)Housley Standards Track [Page 2]10.2.3. CertificateSet (38)10.2.4. IssuerAndSerialNumber (38)10.2.5. CMSVersion (39)10.2.6. UserKeyingMaterial (39)10.2.7. OtherKeyAttribute (39)11. Useful Attributes (39)11.1. Content Type (40)11.2. Message Digest (40)11.3. Signing Time (41)11.4. Countersignature (42)12. ASN.1 Modules (43)12.1. CMS ASN.1 Module (44)12.2. Version 1 Attribute Certificate ASN.1 Module (51)13. References (52)13.1. Normative References (52)13.2. Informative References (53)14. Security Considerations (54)15. Acknowledgments (56)1. IntroductionThis document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encryptarbitrary message content.The CMS describes an encapsulation syntax for data protection. Itsupports digital signatures and encryption. The syntax allowsmultiple encapsulations; one encapsulation envelope can be nestedinside another. Likewise, one party can digitally sign somepreviously encapsulated data. It also allows arbitrary attributes,such as signing time, to be signed along with the message content,and it provides for other attributes such as countersignatures to be associated with a signature.The CMS can support a variety of architectures for certificate-based key management, such as the one defined by the PKIX (Public KeyInfrastructure using X.509) working group [PROFILE].The CMS values are generated using ASN.1 [X.208-88], using BER-encoding (Basic Encoding Rules) [X.209-88]. Values are typicallyrepresented as octet strings. While many systems are capable oftransmitting arbitrary octet strings reliably, it is well known that many electronic mail systems are not. This document does not address mechanisms for encoding octet strings for reliable transmission insuch environments.Housley Standards Track [Page 3]1.1. Evolution of the CMSThe CMS is derived from PKCS #7 version 1.5, which is documented inRFC 2315 [PKCS#7]. PKCS #7 version 1.5 was developed outside of the IETF; it was originally published as an RSA Laboratories TechnicalNote in November 1993. Since that time, the IETF has takenresponsibility for the development and maintenance of the CMS.Today, several important IETF Standards-Track protocols make use ofthe CMS.This section describes that changes that the IETF has made to the CMS in each of the published versions.1.1.1. Changes Since PKCS #7 Version 1.5RFC 2630 [CMS1] was the first version of the CMS on the IETFStandards Track. Wherever possible, backward compatibility with PKCS #7 version 1.5 is preserved; however, changes were made toaccommodate version 1 attribute certificate transfer and to supportalgorithm-independent key management. PKCS #7 version 1.5 includedsupport only for key transport. RFC 2630 adds support for keyagreement and previously distributed symmetric key-encryption keytechniques.1.1.2. Changes Since RFC 2630RFC 3369 [CMS2] obsoletes RFC 2630 [CMS1] and RFC 3211 [PWRI].Password-based key management is included in the CMS specification,and an extension mechanism to support new key management schemeswithout further changes to the CMS is specified. Backwardcompatibility with RFC 2630 and RFC 3211 is preserved; however,version 2 attribute certificate transfer is added, and the use ofversion 1 attribute certificates is deprecated.Secure/Multipurpose Internet Mail Extensions (S/MIME) v2 signatures[MSG2], which are based on PKCS #7 version 1.5, are compatible withS/MIME v3 signatures [MSG3]and S/MIME v3.1 signatures [MSG3.1].However, there are some subtle compatibility issues with signaturesbased on PKCS #7 version 1.5. These issues are discussed in Section 5.2.1. These issues remain with the current version of the CMS.Specific cryptographic algorithms are not discussed in this document, but they were discussed in RFC 2630. The discussion of specificcryptographic algorithms has been moved to a separate document[CMSALG]. Separation of the protocol and algorithm specificationsallows the IETF to update each document independently. Thisspecification does not require the implementation of any particular Housley Standards Track [Page 4]algorithms. Rather, protocols that rely on the CMS are expected tochoose appropriate algorithms for their environment. The algorithms may be selected from [CMSALG] or elsewhere.1.1.3. Changes Since RFC 3369RFC 3852 [CMS3] obsoletes RFC 3369 [CMS2]. As discussed in theprevious section, RFC 3369 introduced an extension mechanism tosupport new key management schemes without further changes to theCMS. RFC 3852 introduces a similar extension mechanism to supportadditional certificate formats and revocation status informationformats without further changes to the CMS. These extensions areprimarily documented in Sections 10.2.1 and 10.2.2. Backwardcompatibility with earlier versions of the CMS is preserved.The use of version numbers is described in Section 1.3.Since the publication of RFC 3369, a few errata have been noted.These errata are posted on the RFC Editor web site. These errorshave been corrected in this document.The text in Section 11.4 that describes the counter signatureunsigned attribute is clarified. Hopefully, the revised text isclearer about the portion of the SignerInfo signature that is covered by a countersignature.1.1.4. Changes Since RFC 3852This document obsoletes RFC 3852 [CMS3]. The primary reason for the publication of this document is to advance the CMS along thestandards maturity ladder.This document includes the clarifications that were originallypublished in RFC 4853 [CMSMSIG] regarding the proper handling of the SignedData protected content type when more than one digitalsignature is present.Since the publication of RFC 3852, a few errata have been noted.These errata are posted on the RFC Editor web site. These errorshave been corrected in this document.1.2. TerminologyIn this document, the key words MUST, MUST NOT, REQUIRED, SHOULD,SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL are to be interpreted asdescribed in [STDWORDS].Housley Standards Track [Page 5]1.3. Version NumbersEach of the major data structures includes a version number as thefirst item in the data structure. The version numbers are intendedto avoid ASN.1 decode errors. Some implementations do not check the version number prior to attempting a decode, and if a decode erroroccurs, then the version number is checked as part of the errorhandling routine. This is a reasonable approach; it places errorprocessing outside of the fast path. This approach is also forgiving when an incorrect version number is used by the sender.Most of the initial version numbers were assigned in PKCS #7 version 1.5. Others were assigned when the structure was initially created. Whenever a structure is updated, a higher version number is assigned. However, to ensure maximum interoperability, the higher versionnumber is only used when the new syntax feature is employed. Thatis, the lowest version number that supports the generated syntax isused.2. General OverviewThe CMS is general enough to support many different content types.This document defines one protection content, ContentInfo.ContentInfo encapsulates a single identified content type, and theidentified type may provide further encapsulation. This documentdefines six content types: data, signed-data, enveloped-data,digested-data, encrypted-data, and authenticated-data. Additionalcontent types can be defined outside this document.An implementation that conforms to this specification MUST implement the protection content, ContentInfo, and MUST implement the data,signed-data, and enveloped-data content types. The other contenttypes MAY be implemented.As a general design philosophy, each content type permits single pass processing using indefinite-length Basic Encoding Rules (BER)encoding. Single-pass operation is especially helpful if content is large, stored on tapes, or is "piped" from another process. Single- pass operation has one significant drawback: it is difficult toperform encode operations using the Distinguished Encoding Rules(DER) [X.509-88] encoding in a single pass since the lengths of thevarious components may not be known in advance. However, signedattributes within the signed-data content type and authenticatedattributes within the authenticated-data content type need to betransmitted in DER form to ensure that recipients can verify acontent that contains one or more unrecognized attributes. Signedattributes and authenticated attributes are the only data types used in the CMS that require DER encoding.Housley Standards Track [Page 6]3. General SyntaxThe following object identifier identifies the content informationtype:id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 }The CMS associates a content type identifier with a content. Thesyntax MUST have ASN.1 type ContentInfo:ContentInfo ::= SEQUENCE {contentType ContentType,content [0] EXPLICIT ANY DEFINED BY contentType }ContentType ::= OBJECT IDENTIFIERThe fields of ContentInfo have the following meanings:contentType indicates the type of the associated content. It isan object identifier; it is a unique string of integers assignedby an authority that defines the content type.content is the associated content. The type of content can bedetermined uniquely by contentType. Content types for data,signed-data, enveloped-data, digested-data, encrypted-data, andauthenticated-data are defined in this document. If additionalcontent types are defined in other documents, the ASN.1 typedefined SHOULD NOT be a CHOICE type.4. Data Content TypeThe following object identifier identifies the data content type:id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }The data content type is intended to refer to arbitrary octetstrings, such as ASCII text files; the interpretation is left to the application. Such strings need not have any internal structure(although they could have their own ASN.1 definition or otherstructure).S/MIME uses id-data to identify MIME-encoded content. The use ofthis content identifier is specified in RFC 2311 for S/MIME v2[MSG2], RFC 2633 for S/MIME v3 [MSG3], and RFC 3851 for S/MIME v3.1[MSG3.1].Housley Standards Track [Page 7]The data content type is generally encapsulated in the signed-data,enveloped-data, digested-data, encrypted-data, or authenticated-data content type.5. Signed-data Content TypeThe signed-data content type consists of a content of any type andzero or more signature values. Any number of signers in parallel can sign any type of content.The typical application of the signed-data content type representsone signer’s digital signature on content of the data content type.Another typical application disseminates certificates and certificate revocation lists (CRLs).The process by which signed-data is constructed involves thefollowing steps:1. For each signer, a message digest, or hash value, is computed on the content with a signer-specific message-digest algorithm. If the signer is signing any information other than the content, the message digest of the content and the other information aredigested with the signer’s message digest algorithm (see Section 5.4), and the result becomes the "message digest."2. For each signer, the message digest is digitally signed using the signer’s private key.3. For each signer, the signature value and other signer-specificinformation are collected into a SignerInfo value, as defined in Section 5.3. Certificates and CRLs for each signer, and thosenot corresponding to any signer, are collected in this step.4. The message digest algorithms for all the signers and theSignerInfo values for all the signers are collected together with the content into a SignedData value, as defined in Section 5.1.A recipient independently computes the message digest. This message digest and the signer’s public key are used to verify the signaturevalue. The signer’s public key is referenced in one of two ways. It can be referenced by an issuer distinguished name along with anissuer-specific serial number to uniquely identify the certificatethat contains the public key. Alternatively, it can be referenced by a subject key identifier, which accommodates both certified anduncertified public keys. While not required, the signer’scertificate can be included in the SignedData certificates field. Housley Standards Track [Page 8]When more than one signature is present, the successful validation of one signature associated with a given signer is usually treated as a successful signature by that signer. However, there are someapplication environments where other rules are needed. Anapplication that employs a rule other than one valid signature foreach signer must specify those rules. Also, where simple matching of the signer identifier is not sufficient to determine whether thesignatures were generated by the same signer, the applicationspecification must describe how to determine which signatures weregenerated by the same signer. Support of different communities ofrecipients is the primary reason that signers choose to include more than one signature. For example, the signed-data content type might include signatures generated with the RSA signature algorithm andwith the Elliptic Curve Digital Signature Algorithm (ECDSA) signature algorithm. This allows recipients to verify the signature associated with one algorithm or the other.This section is divided into six parts. The first part describes the top-level type SignedData, the second part describesEncapsulatedContentInfo, the third part describes the per-signerinformation type SignerInfo, and the fourth, fifth, and sixth partsdescribe the message digest calculation, signature generation, andsignature verification processes, respectively.5.1. SignedData TypeThe following object identifier identifies the signed-data contenttype:id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }The signed-data content type shall have ASN.1 type SignedData:SignedData ::= SEQUENCE {version CMSVersion,digestAlgorithms DigestAlgorithmIdentifiers,encapContentInfo EncapsulatedContentInfo,certificates [0] IMPLICIT CertificateSet OPTIONAL,crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,signerInfos SignerInfos }DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifierSignerInfos ::= SET OF SignerInfoHousley Standards Track [Page 9]The fields of type SignedData have the following meanings:version is the syntax version number. The appropriate valuedepends on certificates, eContentType, and SignerInfo. Theversion MUST be assigned as follows:IF ((certificates is present) AND(any certificates with a type of other are present)) OR((crls is present) AND(any crls with a type of other are present))THEN version MUST be 5ELSEIF (certificates is present) AND(any version 2 attribute certificates are present)THEN version MUST be 4ELSEIF ((certificates is present) AND(any version 1 attribute certificates are present)) OR (any SignerInfo structures are version 3) OR(encapContentInfo eContentType is other than id-data) THEN version MUST be 3ELSE version MUST be 1digestAlgorithms is a collection of message digest algorithmidentifiers. There MAY be any number of elements in thecollection, including zero. Each element identifies the messagedigest algorithm, along with any associated parameters, used byone or more signer. The collection is intended to list themessage digest algorithms employed by all of the signers, in anyorder, to facilitate one-pass signature verification.Implementations MAY fail to validate signatures that use a digest algorithm that is not included in this set. The message digesting process is described in Section 5.4.encapContentInfo is the signed content, consisting of a contenttype identifier and the content itself. Details of theEncapsulatedContentInfo type are discussed in Section 5.2.certificates is a collection of certificates. It is intended that the set of certificates be sufficient to contain certificationpaths from a recognized "root" or "top-level certificationauthority" to all of the signers in the signerInfos field. There may be more certificates than necessary, and there may becertificates sufficient to contain certification paths from two or more independent top-level certification authorities. There mayalso be fewer certificates than necessary, if it is expected that recipients have an alternate means of obtaining necessaryHousley Standards Track [Page 10]certificates (e.g., from a previous set of certificates). Thesigner’s certificate MAY be included. The use of version 1attribute certificates is strongly discouraged.crls is a collection of revocation status information. It isintended that the collection contain information sufficient todetermine whether the certificates in the certificates field arevalid, but such correspondence is not necessary. Certificaterevocation lists (CRLs) are the primary source of revocationstatus information. There MAY be more CRLs than necessary, andthere MAY also be fewer CRLs than necessary.signerInfos is a collection of per-signer information. There MAY be any number of elements in the collection, including zero. When the collection represents more than one signature, the successful validation of one of signature from a given signer ought to betreated as a successful signature by that signer. However, there are some application environments where other rules are needed.The details of the SignerInfo type are discussed in Section 5.3.Since each signer can employ a different digital signaturetechnique, and future specifications could update the syntax, all implementations MUST gracefully handle unimplemented versions ofSignerInfo. Further, since all implementations will not supportevery possible signature algorithm, all implementations MUSTgracefully handle unimplemented signature algorithms when they are encountered.5.2. EncapsulatedContentInfo TypeThe content is represented in the type EncapsulatedContentInfo:EncapsulatedContentInfo ::= SEQUENCE {eContentType ContentType,eContent [0] EXPLICIT OCTET STRING OPTIONAL }ContentType ::= OBJECT IDENTIFIERThe fields of type EncapsulatedContentInfo have the followingmeanings:eContentType is an object identifier. The object identifieruniquely specifies the content type.eContent is the content itself, carried as an octet string. TheeContent need not be DER encoded.Housley Standards Track [Page 11]The optional omission of the eContent within theEncapsulatedContentInfo field makes it possible to construct"external signatures". In the case of external signatures, thecontent being signed is absent from the EncapsulatedContentInfo value included in the signed-data content type. If the eContent valuewithin EncapsulatedContentInfo is absent, then the signatureValue is calculated and the eContentType is assigned as though the eContentvalue was present.In the degenerate case where there are no signers, theEncapsulatedContentInfo value being "signed" is irrelevant. In this case, the content type within the EncapsulatedContentInfo value being "signed" MUST be id-data (as defined in Section 4), and the contentfield of the EncapsulatedContentInfo value MUST be omitted.5.2.1. Compatibility with PKCS #7This section contains a word of warning to implementers that wish to support both the CMS and PKCS #7 [PKCS#7] SignedData content types.Both the CMS and PKCS #7 identify the type of the encapsulatedcontent with an object identifier, but the ASN.1 type of the content itself is variable in PKCS #7 SignedData content type.PKCS #7 defines content as:content [0] EXPLICIT ANY DEFINED BY contentType OPTIONALThe CMS defines eContent as:eContent [0] EXPLICIT OCTET STRING OPTIONALThe CMS definition is much easier to use in most applications, and it is compatible with both S/MIME v2 and S/MIME v3. S/MIME signedmessages using the CMS and PKCS #7 are compatible because identicalsigned message formats are specified in RFC 2311 for S/MIME v2[MSG2], RFC 2633 for S/MIME v3 [MSG3], and RFC 3851 for S/MIME v3.1[MSG3.1]. S/MIME v2 encapsulates the MIME content in a Data type(that is, an OCTET STRING) carried in the SignedData contentInfocontent ANY field, and S/MIME v3 carries the MIME content in theSignedData encapContentInfo eContent OCTET STRING. Therefore, inS/MIME v2, S/MIME v3, and S/MIME v3.1, the MIME content is placed in an OCTET STRING and the message digest is computed over the identical portions of the content. That is, the message digest is computedover the octets comprising the value of the OCTET STRING, neither the tag nor length octets are included.Housley Standards Track [Page 12]There are incompatibilities between the CMS and PKCS #7 SignedDatatypes when the encapsulated content is not formatted using the Datatype. For example, when an RFC 2634 signed receipt [ESS] isencapsulated in the CMS SignedData type, then the Receipt SEQUENCE is encoded in the SignedData encapContentInfo eContent OCTET STRING and the message digest is computed using the entire Receipt SEQUENCEencoding (including tag, length and value octets). However, if anRFC 2634 signed receipt is encapsulated in the PKCS #7 SignedDatatype, then the Receipt SEQUENCE is DER encoded [X.509-88] in theSignedData contentInfo content ANY field (a SEQUENCE, not an OCTETSTRING). Therefore, the message digest is computed using only thevalue octets of the Receipt SEQUENCE encoding.The following strategy can be used to achieve backward compatibility with PKCS #7 when processing SignedData content types. If theimplementation is unable to ASN.1 decode the SignedData type usingthe CMS SignedData encapContentInfo eContent OCTET STRING syntax,then the implementation MAY attempt to decode the SignedData typeusing the PKCS #7 SignedData contentInfo content ANY syntax andcompute the message digest accordingly.The following strategy can be used to achieve backward compatibility with PKCS #7 when creating a SignedData content type in which theencapsulated content is not formatted using the Data type.Implementations MAY examine the value of the eContentType, and thenadjust the expected DER encoding of eContent based on the objectidentifier value. For example, to support Microsoft Authenticode[MSAC], the following information MAY be included:eContentType Object Identifier is set to { 1 3 6 1 4 1 311 2 1 4 } eContent contains DER-encoded Authenticode signing information5.3. SignerInfo TypePer-signer information is represented in the type SignerInfo:SignerInfo ::= SEQUENCE {version CMSVersion,sid SignerIdentifier,digestAlgorithm DigestAlgorithmIdentifier,signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,signatureAlgorithm SignatureAlgorithmIdentifier,signature SignatureValue,unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }Housley Standards Track [Page 13]。

如何进行持续集成与持续交付以保证代码质量随着互联网的快速发展和软件开发的迅速推进，如何保证代码质量成为了开发者们亟需解决的问题。

在传统的开发模式中，开发人员往往会在某个阶段进行代码的集成和交付，但这种方式容易导致问题的积累和代码质量下降。

为了提高开发效率和代码质量，持续集成（Continuous Integration）与持续交付（Continuous Delivery）逐渐成为了现代软件开发的主流。

一、持续集成持续集成是一种开发模式，旨在通过频繁的将代码合并到主干分支，并进行自动化测试和构建，来快速捕捉和解决问题。

它可以确保团队的代码始终保持在一个可部署的状态，减少代码冲突和集成问题。

以下是实施持续集成的关键步骤和注意事项。

1. 版本控制：使用版本控制系统，如Git或SVN，对代码进行跟踪和管理。

确保每个开发人员在自己的分支上进行开发和修改，并及时解决冲突。

2. 自动化构建：通过使用构建工具，如Maven或Gradle，自动化地进行代码构建。

构建过程中应包括依赖解决、编译、测试等步骤，以确保代码的正确性和可部署性。

3. 自动化测试：编写和运行自动化测试用例，覆盖代码的各个功能和边界情况。

使用单元测试、集成测试和端到端测试等多种类型的测试，以保证代码逻辑的正确性和质量。

4. 持续集成服务器：配置和管理持续集成服务器，如Jenkins或Travis CI。

将代码库与持续集成服务器连接，以实现代码的自动集成和测试。

保持持续集成服务器的稳定和高可用性，减少构建和测试的失败。

5. 及时反馈：持续集成过程中，及时向团队成员反馈代码质量和构建结果。

通过邮件、即时消息或终端输出等方式，通知开发人员代码是否通过了测试、构建是否成功，并及时解决问题和修复Bug。

二、持续交付持续交付是在持续集成的基础上，将代码部署到生产环境中的一种实践。

它的目标是通过自动化的方式，频繁地进行软件的部署和发布，以便更快地向用户交付新功能和修复Bug。

spring事务管理培训VOS工程陈冲目录1前言 (3)2事务管理 (3)2.1什么是事务 (3)2.2为什么需要事务 (4)2.3 Java事务类型 (4)JBDC事务 (4)JTA(Java Transaction API)事务 (4)容器事务 (5)3 VOS的事务应用 (5)3.1事务现状 (5)3.2事务配置 (5)配置文件 (5)事务说明 (6)3.3数据源配置 (7)配置文件 (7)数据源说明 (7)1前言本文档是描绘vos 中的事务管理方式，用于开发人员培训和交流，有缺乏之处还望谅解和指出。

2事务管理2.1什么是事务事务是现代数据库理论中的核心概念之一。

假设一组处理步骤或者全部发生或者一步也不执行，我们称该组处理步骤为一个事务。

当所有的步骤像一个操作一样被完好地执行，我们称该事务被提交。

由于其中的一部分或多步执行失败，导致没有步骤被提交，那么事务必须回滚到最初的系统状态。

事务必须服从ISO/IEC所制定的ACID原那么。

ACID是原子性〔atomicity〕、一致性〔consistency〕、隔离性〔isolation〕和持久性〔durability〕的缩写。

事务原子性:表示事务执行过程中的任何失败都将导致事务所做的任何修改失效。

一致性:表示当事务执行失败时，所有被该事务影响的数据都应该恢复到事务执行前的状态。

隔离性:表示在事务执行过程中对数据的修改，在事务提交之前对其他事务不可见。

持久性:表示当系统或介质发生故障时，确保已提交事务的更新不能丧失。

持久性通过数据库备份和恢复来保证。

2.2为什么需要事务事务是为解决数据平安操作提出的，事务控制实际上就是控制数据的平安访问。

具一个简单例子：比方银行转帐业务，账户A要将自己账户上的1000 元转到B账户下面，A账户余额首先要减去1000元，然后B 账户要增加1000元。

假设在中间网络出现了问题，A账户减去1000元已经完毕，B因为网络中断而操作失败，那么整个业务失败，必须做出控制，要求A账户转帐业务撤销。

FortiSwitch Data Center switches deliver a Secure,Simple, Scalable Ethernet solution with outstandingthroughput, resiliency and scalability. Virtualizationand cloud computing have created dense high-bandwidthEthernet networking requirements. FortiSwitch DataCenter switches meet these challenges by providing ahigh performance 10 GE, 40 GE or 100 GE capableswitching platform, with a low Total Cost of Ownership.Ideal for Top of Rack server or firewall aggregationapplications, as well as SD-Branch network core deployments, these switches are purpose-built to meet the needs of today’s bandwidth intensive environments.FortiSwitch™ Data Center SeriesStandalone ModeThe FortiSwitch has a native GUI and CLI interface. All configuration and switch administration can be accomplished through either of theseinterfaces. Available ReSTful API’s offer additional configuration and management options.FortiLink ModeFortiLink is an innovative proprietary management protocol that allows our FortiGate Security Appliance to seamlessly manage any FortiSwitch. FortiLink enables the FortiSwitch to become a logical extension of the FortiGate integrating it directly into the Fortinet Security Fabric. This management option reduces complexity and decreases management cost as network security and access layer functions are enabled and managed through a single console.3FortiSwitch 1024D — frontFortiSwitch 1048D — frontFortiSwitch 1048D — backFortiSwitch 3032D — frontFortiSwitch 3032D — backFortiSwitch 1048E — frontFortiSwitch 1048E — backFortiSwitch 1024D — backFortiSwitch 3032E — frontFortiSwitch 3032E — backLAG support for FortiLink Connection YesActive-Active Split LAG from FortiGate to FortiSwitches for Advanced Redundancy YesFORTISWITCH 1024D FORTISWITCH 1048D FORTISWITCH 1048E FORTISWITCH 3032D FORTISWITCH 3032E Layer 2Jumbo Frames Yes Yes Yes Yes YesAuto-negotiation for port speed and duplex Yes Yes Yes Yes YesIEEE 802.1D MAC Bridging/STP Yes Yes Yes Yes YesIEEE 802.1w Rapid Spanning Tree Protocol (RSTP)Yes Yes Yes Yes YesIEEE 802.1s Multiple Spanning Tree Protocol (MSTP)Yes Yes Yes Yes YesSTP Root Guard Yes Yes Yes Yes YesEdge Port / Port Fast Yes Yes Yes Yes YesIEEE 802.1Q VLAN Tagging Yes Yes Yes Yes Yes* Fortinet Warranty Policy: /doc/legal/EULA.pdfFortiSwitch 1024DFortiSwitch 1048DFortiSwitch 1048E7FortiSwitch 3032D* Fortinet Warranty Policy: /doc/legal/EULA.pdfFortiSwitch 3032EGLOBAL HEADQUARTERS Fortinet Inc.899 KIFER ROAD Sunnyvale, CA 94086United StatesTel: +/salesEMEA SALES OFFICE 905 rue Albert Einstein 06560 Valbonne FranceTel: +33.4.8987.0500APAC SALES OFFICE 8 Temasek Boulevard#12-01 Suntec Tower Three Singapore 038988Tel: +65.6395.2788LATIN AMERICA SALES OFFICE Sawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430 Sunrise, FL 33323United StatesTel: +1.954.368.9990Copyright© 2019 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.FST -PROD-DS-SW4 FS-DC-DAT-R18-201903FortiSwitch ™ Data Center SeriesORDER INFORMATIONFS-SW-LIC-3000SW License for FS-3000 Series Switches to activate Advanced Features.* When managing a FortiSwitch with a FortiGate via FortiGate Cloud, no additional license is necessary.For details of Transceiver modules, see the Fortinet Transceivers datasheet.。

Network Working Group G. Malkin Request for Comments: 1724 Xylogics, Inc. Obsoletes: 1389 F. Baker Category: Standards Track Cisco Systems November 1994 RIP Version 2 MIB ExtensionStatus of this MemoThis document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions forimprovements. Please refer to the current edition of the "InternetOfficial Protocol Standards" (STD 1) for the standardization stateand status of this protocol. Distribution of this memo is unlimited.AbstractThis memo defines a portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP-based internets. In particular, it defines objects for managing RIP Version 2. AcknowledgementsThe authors would like to thank the IETF ripv2 Working Group fortheir help in improving the RIP-2 MIB extension.Table of Contents1. The Network Management Framework (2)2. Objects (2)2.1 Format of Definitions (3)3. Overview (3)3.1 Textual Conventions (3)3.2 Structure of MIB (3)3.3 Modifications from RFC 1389 (3)4. Definitions (5)4.1 Global Counters (6)4.2 RIP Interface Tables (6)4.3 Peer Table (12)5. References (17)6. Security Considerations (18)7. Authors’ Addresses (18)Malkin & Baker [Page 1]1. The Network Management FrameworkThe Internet-standard Network Management Framework consists of three components. They are:STD 16/RFC 1155 which defines the SMI, the mechanisms used fordescribing and naming objects for the purpose of management.STD 16/RFC 1212 defines a more concise description mechanism,which is wholly consistent with the SMI.RFC 1156 which defines MIB-I, the core set of managed objects for the Internet suite of protocols. STD 17/RFC 1213 defines MIB- II, an evolution of MIB-I based on implementation experienceand new operational requirements.STD 15/RFC 1157 which defines the SNMP, the protocol used fornetwork access to managed objects.The Framework permits new objects to be defined for the purpose ofexperimentation and evaluation.2. ObjectsManaged objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB aredefined using the subset of Abstract Syntax Notation One (ASN.1) [7] defined in the SMI. In particular, each object has a name, a syntax, and an encoding. The name is an object identifier, anadministratively assigned name, which specifies an object type. The object type together with an object instance serves to uniquelyidentify a specific instantiation of the object. For humanconvenience, we often use a textual string, termed the OBJECTDESCRIPTOR, to also refer to the object type.The syntax of an object type defines the abstract data structurecorresponding to that object type. The ASN.1 language is used forthis purpose. However, the SMI [3] purposely restricts the ASN.1constructs which may be used. These restrictions are explicitly made for simplicity.The encoding of an object type is simply how that object type isrepresented using the object type’s syntax. Implicitly tied to thenotion of an object type’s syntax and encoding is how the object type is represented when being transmitted on the network.The SMI specifies the use of the basic encoding rules of ASN.1 [8],subject to the additional requirements imposed by the SNMP.Malkin & Baker [Page 2]2.1 Format of DefinitionsSection 4 contains the specification of all object types contained in this MIB module. The object types are defined using the conventions defined in the SMI, as amended by the extensions specified in [9].3. Overview3.1 Textual ConventionsSeveral new data types are introduced as a textual convention in this MIB document. These textual conventions enhance the readability ofthe specification and can ease comparison with other specificationsif appropriate. It should be noted that the introduction of thethese textual conventions has no effect on either the syntax nor the semantics of any managed objects. The use of these is merely anartifact of the explanatory method used. Objects defined in terms of one of these methods are always encoded by means of the rules thatdefine the primitive type. Hence, no changes to the SMI or the SNMP are necessary to accommodate these textual conventions which areadopted merely for the convenience of readers and writers in pursuit of the elusive goal of clear, concise, and unambiguous MIB documents. The new data type is RouteTag. The RouteTag type represents thecontents of the Route Domain field in the packet header or routeentry.3.2 Structure of MIBThe RIP-2 MIB contains global counters, useful for detecting thedeleterious effects of RIP incompatibilities; two "interfaces"tables, which contains interface-specific statistics andconfiguration information; and an optional "peer" table, containinginformation that may be helpful in debugging neighbor relationships. Like the protocol itself, this MIB takes great care to preservecompatibility with RIP-1 systems and controls for monitoring andcontrolling system interactions.3.3 Modifications from RFC 1389The RIP-2 MIB was originally published in RFC 1389. It encoded theconcept of a Routing Domain, and did not address unnumberedinterfaces.In the current version of the protocol, Route Domains are deprecated; therefore, they are deprecated in the MIB as well. This means thatthe object rip2IfConfDomain is deprecated, and the objectrip2PeerDomain (which cannot be deprecated, being an instance object) Malkin & Baker [Page 3]must always be zero.Unnumbered interfaces are supported in this version. Since the IPAddress that the neighbor uses may be unknown to the system, apseudo-address is used to identify these interfaces. The pseudo-address is in the class A network 0.0.0.0, and the host number (theleast significant 24 bits of the address) are the ifIndex value ofthe relevant IP Interface. This is an additional new meaning of the objects rip2IfStatAddress and rip2IfConfAddress, backward compatible with the RFC 1389 usage. The object rip2IfConfSrcAddress is added,to permit the configuration of the source address on an unnumberedinterface, and the meaning of the object rip2PeerAddress is broadened to remain relevant on unnumbered interfaces.rip2IfConfSend is augmented with two values for the use of Demand RIP under RIP-I and RIP-II rules. This avoids the necessity of a Demand RIP MIB.MD5 Authentication is supported.Malkin & Baker [Page 4]4. DefinitionsRIPv2-MIB DEFINITIONS ::= BEGINIMPORTSMODULE-IDENTITY, OBJECT-TYPE, Counter32,TimeTicks, IpAddress FROM SNMPv2-SMITEXTUAL-CONVENTION, RowStatus FROM SNMPv2-TCMODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONFmib-2 FROM RFC1213-MIB;-- This MIB module uses the extended OBJECT-TYPE macro as-- defined in [9].rip2 MODULE-IDENTITYLAST-UPDATED "9407272253Z" -- Wed Jul 27 22:53:04 PDT 1994 ORGANIZATION "IETF RIP-II Working Group"CONTACT-INFO" Fred BakerPostal: Cisco Systems519 Lado DriveSanta Barbara, California 93111Tel: +1 805 681 0115E-Mail: fbaker@Postal: Gary MalkinXylogics, Inc.53 Third AvenueBurlington, MA 01803Phone: (617) 272-8140EMail: gmalkin@"DESCRIPTION"The MIB module to describe the RIP2 Version 2 Protocol"::= { mib-2 23 }-- RIP-2 Management Information Base-- the RouteTag type represents the contents of the-- Route Domain field in the packet header or route entry.-- The use of the Route Domain is deprecated.RouteTag ::= TEXTUAL-CONVENTIONSTATUS currentDESCRIPTION"the RouteTag type represents the contents of the Route Domainfield in the packet header or route entry"SYNTAX OCTET STRING (SIZE (2))Malkin & Baker [Page 5]--4.1 Global Counters-- The RIP-2 Globals Group.-- Implementation of this group is mandatory for systems-- which implement RIP-2.-- These counters are intended to facilitate debugging quickly-- changing routes or failing neighborsrip2Globals OBJECT IDENTIFIER ::= { rip2 1 }rip2GlobalRouteChanges OBJECT-TYPESYNTAX Counter32MAX-ACCESS read-onlySTATUS currentDESCRIPTION"The number of route changes made to the IP RouteDatabase by RIP. This does not include the refreshof a route’s age."::= { rip2Globals 1 }rip2GlobalQueries OBJECT-TYPESYNTAX Counter32MAX-ACCESS read-onlySTATUS currentDESCRIPTION"The number of responses sent to RIP queriesfrom other systems."::= { rip2Globals 2 }--4.2 RIP Interface Tables-- RIP Interfaces Groups-- Implementation of these Groups is mandatory for systems-- which implement RIP-2.-- The RIP Interface Status Table.rip2IfStatTable OBJECT-TYPESYNTAX SEQUENCE OF Rip2IfStatEntryMAX-ACCESS not-accessibleSTATUS currentDESCRIPTION"A list of subnets which require separatestatus monitoring in RIP."::= { rip2 2 }rip2IfStatEntry OBJECT-TYPEMalkin & Baker [Page 6]SYNTAX Rip2IfStatEntryMAX-ACCESS not-accessibleSTATUS currentDESCRIPTION"A Single Routing Domain in a single Subnet."INDEX { rip2IfStatAddress }::= { rip2IfStatTable 1 }Rip2IfStatEntry ::=SEQUENCE {rip2IfStatAddressIpAddress,rip2IfStatRcvBadPacketsCounter32,rip2IfStatRcvBadRoutesCounter32,rip2IfStatSentUpdatesCounter32,rip2IfStatStatusRowStatus}rip2IfStatAddress OBJECT-TYPESYNTAX IpAddressMAX-ACCESS read-onlySTATUS currentDESCRIPTION"The IP Address of this system on the indicatedsubnet. For unnumbered interfaces, the value 0.0.0.N,where the least significant 24 bits (N) is the ifIndexfor the IP Interface in network byte order."::= { rip2IfStatEntry 1 }rip2IfStatRcvBadPackets OBJECT-TYPESYNTAX Counter32MAX-ACCESS read-onlySTATUS currentDESCRIPTION"The number of RIP response packets received bythe RIP process which were subsequently discardedfor any reason (e.g. a version 0 packet, or anunknown command type)."::= { rip2IfStatEntry 2 }rip2IfStatRcvBadRoutes OBJECT-TYPESYNTAX Counter32MAX-ACCESS read-onlySTATUS currentMalkin & Baker [Page 7]DESCRIPTION"The number of routes, in valid RIP packets,which were ignored for any reason (e.g. unknownaddress family, or invalid metric)."::= { rip2IfStatEntry 3 }rip2IfStatSentUpdates OBJECT-TYPESYNTAX Counter32MAX-ACCESS read-onlySTATUS currentDESCRIPTION"The number of triggered RIP updates actuallysent on this interface. This explicitly doesNOT include full updates sent containing newinformation."::= { rip2IfStatEntry 4 }rip2IfStatStatus OBJECT-TYPESYNTAX RowStatusMAX-ACCESS read-createSTATUS currentDESCRIPTION"Writing invalid has the effect of deletingthis interface."::= { rip2IfStatEntry 5 }-- The RIP Interface Configuration Table.rip2IfConfTable OBJECT-TYPESYNTAX SEQUENCE OF Rip2IfConfEntryMAX-ACCESS not-accessibleSTATUS currentDESCRIPTION"A list of subnets which require separateconfiguration in RIP."::= { rip2 3 }rip2IfConfEntry OBJECT-TYPESYNTAX Rip2IfConfEntryMAX-ACCESS not-accessibleSTATUS currentDESCRIPTION"A Single Routing Domain in a single Subnet."INDEX { rip2IfConfAddress }::= { rip2IfConfTable 1 }Rip2IfConfEntry ::=SEQUENCE {Malkin & Baker [Page 8]rip2IfConfAddressIpAddress,rip2IfConfDomainRouteTag,rip2IfConfAuthTypeINTEGER,rip2IfConfAuthKeyOCTET STRING (SIZE(0..16)),rip2IfConfSendINTEGER,rip2IfConfReceiveINTEGER,rip2IfConfDefaultMetricINTEGER,rip2IfConfStatusRowStatus,rip2IfConfSrcAddressIpAddress}rip2IfConfAddress OBJECT-TYPESYNTAX IpAddressMAX-ACCESS read-onlySTATUS currentDESCRIPTION"The IP Address of this system on the indicatedsubnet. For unnumbered interfaces, the value 0.0.0.N,where the least significant 24 bits (N) is the ifIndexfor the IP Interface in network byte order."::= { rip2IfConfEntry 1 }rip2IfConfDomain OBJECT-TYPESYNTAX RouteTagMAX-ACCESS read-createSTATUS obsoleteDESCRIPTION"Value inserted into the Routing Domain fieldof all RIP packets sent on this interface."DEFVAL { ’0000’h }::= { rip2IfConfEntry 2 }rip2IfConfAuthType OBJECT-TYPESYNTAX INTEGER {noAuthentication (1),simplePassword (2),md5 (3)}MAX-ACCESS read-createMalkin & Baker [Page 9]STATUS currentDESCRIPTION"The type of Authentication used on thisinterface."DEFVAL { noAuthentication }::= { rip2IfConfEntry 3 }rip2IfConfAuthKey OBJECT-TYPESYNTAX OCTET STRING (SIZE(0..16))MAX-ACCESS read-createSTATUS currentDESCRIPTION"The value to be used as the Authentication Keywhenever the corresponding instance ofrip2IfConfAuthType has a value other thannoAuthentication. A modification of the correspondinginstance of rip2IfConfAuthType does not modifythe rip2IfConfAuthKey value. If a string shorterthan 16 octets is supplied, it will be left-justified and padded to 16 octets, on the right,with nulls (0x00).Reading this object always results in an OCTETSTRING of length zero; authentication may notbe bypassed by reading the MIB object."DEFVAL { ’’h }::= { rip2IfConfEntry 4 }rip2IfConfSend OBJECT-TYPESYNTAX INTEGER {doNotSend (1),ripVersion1 (2),rip1Compatible (3),ripVersion2 (4),ripV1Demand (5),ripV2Demand (6)}MAX-ACCESS read-createSTATUS currentDESCRIPTION"What the router sends on this interface.ripVersion1 implies sending RIP updates compliantwith RFC 1058. rip1Compatible impliesbroadcasting RIP-2 updates using RFC 1058 routesubsumption rules. ripVersion2 impliesmulticasting RIP-2 updates. ripV1Demand indicatesthe use of Demand RIP on a WAN interface under RIPVersion 1 rules. ripV2Demand indicates the use ofMalkin & Baker [Page 10]Demand RIP on a WAN interface under Version 2 rules."DEFVAL { rip1Compatible }::= { rip2IfConfEntry 5 }rip2IfConfReceive OBJECT-TYPESYNTAX INTEGER {rip1 (1),rip2 (2),rip1OrRip2 (3),doNotRecieve (4)}MAX-ACCESS read-createSTATUS currentDESCRIPTION"This indicates which version of RIP updatesare to be accepted. Note that rip2 andrip1OrRip2 implies reception of multicastpackets."DEFVAL { rip1OrRip2 }::= { rip2IfConfEntry 6 }rip2IfConfDefaultMetric OBJECT-TYPESYNTAX INTEGER ( 0..15 )MAX-ACCESS read-createSTATUS currentDESCRIPTION"This variable indicates the metric that is tobe used for the default route entry in RIP updatesoriginated on this interface. A value of zeroindicates that no default route should beoriginated; in this case, a default route viaanother router may be propagated."::= { rip2IfConfEntry 7 }rip2IfConfStatus OBJECT-TYPESYNTAX RowStatusMAX-ACCESS read-createSTATUS currentDESCRIPTION"Writing invalid has the effect of deletingthis interface."::= { rip2IfConfEntry 8 }rip2IfConfSrcAddress OBJECT-TYPESYNTAX IpAddressMAX-ACCESS read-createSTATUS currentDESCRIPTIONMalkin & Baker [Page 11]"The IP Address this system will use as a sourceaddress on this interface. If it is a numberedinterface, this MUST be the same value asrip2IfConfAddress. On unnumbered interfaces,it must be the value of rip2IfConfAddress forsome interface on the system."::= { rip2IfConfEntry 9 }--4.3 Peer Table-- Peer Table-- The RIP Peer Group-- Implementation of this Group is Optional-- This group provides information about active peer-- relationships intended to assist in debugging. An-- active peer is a router from which a valid RIP-- updated has been heard in the last 180 seconds.rip2PeerTable OBJECT-TYPESYNTAX SEQUENCE OF Rip2PeerEntryMAX-ACCESS not-accessibleSTATUS currentDESCRIPTION"A list of RIP Peers."::= { rip2 4 }rip2PeerEntry OBJECT-TYPESYNTAX Rip2PeerEntryMAX-ACCESS not-accessibleSTATUS currentDESCRIPTION"Information regarding a single routing peer."INDEX { rip2PeerAddress, rip2PeerDomain }::= { rip2PeerTable 1 }Rip2PeerEntry ::=SEQUENCE {rip2PeerAddressIpAddress,rip2PeerDomainRouteTag,rip2PeerLastUpdateTimeTicks,rip2PeerVersionINTEGER,rip2PeerRcvBadPacketsMalkin & Baker [Page 12]Counter32,rip2PeerRcvBadRoutesCounter32}rip2PeerAddress OBJECT-TYPESYNTAX IpAddressMAX-ACCESS read-onlySTATUS currentDESCRIPTION"The IP Address that the peer is using as its sourceaddress. Note that on an unnumbered link, this maynot be a member of any subnet on the system."::= { rip2PeerEntry 1 }rip2PeerDomain OBJECT-TYPESYNTAX RouteTagMAX-ACCESS read-onlySTATUS currentDESCRIPTION"The value in the Routing Domain field in RIPpackets received from the peer. As domain suuportis deprecated, this must be zero."::= { rip2PeerEntry 2 }rip2PeerLastUpdate OBJECT-TYPESYNTAX TimeTicksMAX-ACCESS read-onlySTATUS currentDESCRIPTION"The value of sysUpTime when the most recentRIP update was received from this system."::= { rip2PeerEntry 3 }rip2PeerVersion OBJECT-TYPESYNTAX INTEGER ( 0..255 )MAX-ACCESS read-onlySTATUS currentDESCRIPTION"The RIP version number in the header of thelast RIP packet received."::= { rip2PeerEntry 4 }rip2PeerRcvBadPackets OBJECT-TYPESYNTAX Counter32MAX-ACCESS read-onlySTATUS currentDESCRIPTIONMalkin & Baker [Page 13]"The number of RIP response packets from thispeer discarded as invalid."::= { rip2PeerEntry 5 }rip2PeerRcvBadRoutes OBJECT-TYPESYNTAX Counter32MAX-ACCESS read-onlySTATUS currentDESCRIPTION"The number of routes from this peer that wereignored because the entry format was invalid."::= { rip2PeerEntry 6 }Malkin & Baker [Page 14]-- conformance informationrip2Conformance OBJECT IDENTIFIER ::= { rip2 5 }rip2Groups OBJECT IDENTIFIER ::= { rip2Conformance 1 }rip2Compliances OBJECT IDENTIFIER ::= { rip2Conformance 2 }-- compliance statementsrip2Compliance MODULE-COMPLIANCESTATUS currentDESCRIPTION"The compliance statement "MODULE -- this moduleMANDATORY-GROUPS {rip2GlobalGroup,rip2IfStatGroup,rip2IfConfGroup,rip2PeerGroup}GROUP rip2GlobalGroupDESCRIPTION"This group defines global controls for RIP-II systems."GROUP rip2IfStatGroupDESCRIPTION"This group defines interface statistics for RIP-II systems."GROUP rip2IfConfGroupDESCRIPTION"This group defines interface configuration for RIP-II systems." GROUP rip2PeerGroupDESCRIPTION"This group defines peer information for RIP-II systems."::= { rip2Compliances 1 }Malkin & Baker [Page 15]-- units of conformancerip2GlobalGroup OBJECT-GROUPOBJECTS {rip2GlobalRouteChanges,rip2GlobalQueries}STATUS currentDESCRIPTION"This group defines global controls for RIP-II systems."::= { rip2Groups 1 }rip2IfStatGroup OBJECT-GROUPOBJECTS {rip2IfStatAddress,rip2IfStatRcvBadPackets,rip2IfStatRcvBadRoutes,rip2IfStatSentUpdates,rip2IfStatStatus}STATUS currentDESCRIPTION"This group defines interface statistics for RIP-II systems."::= { rip2Groups 2 }rip2IfConfGroup OBJECT-GROUPOBJECTS {rip2IfConfAddress,rip2IfConfAuthType,rip2IfConfAuthKey,rip2IfConfSend,rip2IfConfReceive,rip2IfConfDefaultMetric,rip2IfConfStatus,rip2IfConfSrcAddress}STATUS currentDESCRIPTION"This group defines interface configuration for RIP-II systems." ::= { rip2Groups 3 }rip2PeerGroup OBJECT-GROUPOBJECTS {rip2PeerAddress,rip2PeerDomain,rip2PeerLastUpdate,rip2PeerVersion,rip2PeerRcvBadPackets,rip2PeerRcvBadRoutes}STATUS currentMalkin & Baker [Page 16]DESCRIPTION"This group defines peer information for RIP-II systems."::= { rip2Groups 4 }END5. References[1] Cerf, V., "IAB Recommendations for the Development of InternetNetwork Management Standards", RFC 1052, IAB, April 1988.[2] Cerf, V., "Report of the Second Ad Hoc Network Management Review Group", RFC 1109, IAB, August 1989.[3] Rose M., and K. McCloghrie, "Structure and Identification ofManagement Information for TCP/IP-based internets", STD 16, RFC1155, Performance Systems International, Hughes LAN Systems, May 1990.[4] McCloghrie K., and M. Rose, "Management Information Base forNetwork Management of TCP/IP-based internets", RFC 1156, HughesLAN Systems, Performance Systems International, May 1990.[5] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "SimpleNetwork Management Protocol", STD 15, RFC 1157, SNMP Research,Performance Systems International, Performance SystemsInternational, MIT Laboratory for Computer Science, May 1990.[6] Rose, M., Editor, "Management Information Base for NetworkManagement of TCP/IP-based internets: MIB-II", RFC 1158,Performance Systems International, May 1990.[7] Information processing systems - Open Systems Interconnection -Specification of Abstract Syntax Notation One (ASN.1),International Organization for Standardization, InternationalStandard 8824, December 1987.[8] Information processing systems - Open Systems Interconnection -Specification of Basic Encoding Rules for Abstract Notation One(ASN.1), International Organization for Standardization,International Standard 8825, December 1987.[9] Rose, M., and K. McCloghrie, Editors, "Concise MIB Definitions", STD 16, RFC 1212, Performance Systems International, Hughes LANSystems, March 1991.[10] Malkin, G., "RIP Version 2 - Carrying Additional Information",RFC 1723, Xylogics, Inc., November 1994.Malkin & Baker [Page 17][11] Malkin, G., "RIP Version 2 Protocol Analysis", RFC 1721,Xylogics, Inc., November 1994.[12] Malkin, G., "RIP Version 2 Protocol Applicability Statement", RFC 1722, Xylogics, Inc., November 1994.6. Security ConsiderationsSecurity issues are not discussed in this memo.7. Authors’ AddressesGary MalkinXylogics, Inc.53 Third AvenueBurlington, MA 01803Phone: (617) 272-8140EMail: gmalkin@Fred BakerCisco Systems519 Lado DriveSanta Barbara, California 93111Phone: 805-681-0115EMail: fred@Malkin & Baker [Page 18]。