RE: iSCSI CONNECT message

["Douglas Otis" <dotis@sanlight.net>]

John,

You are still stuck with the chicken and the egg problem.  Unless this login
process can expose extensive amounts of information with selectors to allow
a user to prune this information, you are left with a scheme that will not
scale.  Stop designing a database server within the SCSI transport.  It is
counter intuitive to use transport to inform the system as how to use
transport.  Bootstrapping must still be defined.  Should there be a tunnel
that needs to be navigated, leave that operation to the gateway already on
the network.  The transport should not need to define every aspect of a path
taken between point two points.  Let gateways and routers make those
decisions.

There have been years of work at allowing this level of separation between a
connection and routing.  Do not mix routing with what should be a simple
transport.  Keep SCSI addressing free of embedded IPs.  If there is an IP
domain that must be transversed beyond the portal, it should be configured
outside the transport.  It is a mistake to try to mix SCSI address space
with IP address space.  A SCSI target is not a IP:Port combination.  Once
within a SCSI domain, only SCSI targets using the real addressing such as
S_ID or D_ID with a link should be used.  To introduce two levels of
addressing makes it impossible to provide security.  Each domain would have
a different translation to the eventual target.  Allowing such levels of
proxy will never scale due to an inability to authenticate or to provide
meaningful restrictions prior to access.

Doug