SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI: CONNECT message (was Naming/Discovery/URLs)



    > > Forgive my ignorance, but is there a reason why a tunneling protocol is
    not
    > > used to get past the NAT or Firewall?  Why is there a gateway-in
    specific to
    > > only this protocol?
    > 
    > It's actually my ignorance, Doug. I don't know of an applicable
    > tunneling protocol.
    > 
    > The only widely deployed tunneling/proxy protocol I know of is
    > HTTP/FTP proxies.
    
    Deployment is definitely a problem.  RSA -IP and RSAP-IP are nice
    solutions for NAT traversal (see RFC 2663), but they're not widely
    implemented; recommending them might be a good thing to do.
    If one wanted to solve both the firewall traversal and authentication
    problems in one go, an IPsec tunnel will do the job, at some
    implementation cost.
    
    A problem with both approaches that I don't believe is well solved at
    the moment is tunnel autoconfig.  E.g., when host A wants to talk
    to host B, how does it know to ask gateway X (could be host A
    itself) to set up an what sort of tunnel to gateway Y (in front of host B)?
    This gets peculiar quickly when one or both of A and B are in private IP
    address space.  Doug's earlier observation that B ought to have a public
    (i.e., globally routable) IP address is applicable here, but this situation
    is complicated by the presence of gateway policies about what sort of
    tunnels have to be set up to get traffic to B (i.e., even if A knows B's
    public IP address, A still has to know about Y and what sort of tunnels
    Y requires to talk to B).
    
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    
    


Home

Last updated: Tue Sep 04 01:06:49 2001
6315 messages in chronological order