SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI gateways, proxies, etc.



    Charles,
    
    Should there be a generalized encapsulation that must be altered by the
    server, or should there be a specific encapsulation for the native SAN?  In
    the case of a specific encapsulation, there would be a better likelihood of
    scaling as the workload remains within the client.  Otherwise, inventing a
    generalized encapsulation requiring modification of addressing and
    structures seems pre-mature as there are many issues to be considered before
    this encapsulation becomes native to the medium.  Forwarding and security is
    but one aspect.
    
    Doug
    
    > Hi:
    >
    > Do you plan to submit a proposal for T10's consideration
    >
    > Charles
    >
    > > -----Original Message-----
    > > From: julian_satran@il.ibm.com [mailto:julian_satran@il.ibm.com]
    > > Sent: Thursday, October 12, 2000 12:27 AM
    > > To: ips@ece.cmu.edu
    > > Subject: Re: iSCSI gateways, proxies, etc.
    > >
    > >
    > >
    > >
    > > David,
    > >
    > > That is a fair summary and I agree with it.
    > > I think that one point of clarification is needed with regard to 2.
    > > To use the T10 addresses for third party we invented the
    > > (admittedly ugly)
    > > map and unmap
    > > messages. It should be clear that as we can't afford to
    > > synchronize with
    > > T10
    > > those will have to stay and get obsoleted in some later
    > > version when T10
    > > moves
    > > to a more flexible scheme.
    > >
    > > Julo
    > >
    > > Black_David@emc.com on 11/10/2000 21:17:51
    > >
    > > Please respond to Black_David@emc.com
    > >
    > > To:   ips@ece.cmu.edu
    > > cc:
    > > Subject:  iSCSI gateways, proxies, etc.
    > >
    > >
    > >
    > >
    > > Folks,
    > >
    > > We've been going around on the topic of these for
    > > a while without much visible progress.  I'd like
    > > to suggest a means to extricate ourselves from this
    > > situation.
    > >
    > > Jim Hafner correctly observed that there is a
    > > fundamental difference between:
    > > - A gateway that always exposes TCP/IP addresses for the
    > >      iSCSI targets behind it, and
    > > - A gateway that must be dynamically configured to
    > >      obtain connectivity to the iSCSI targets behind it.
    > > We don't need to do anything to support the first class
    > > of gateway.  For the second class, there's another
    > > crucial distinction in the second category, namely
    > > between in-band and out-of-band configuration mechanisms.
    > >
    > > From a protocol specification viewpoint, out-of-band
    > > configuration mechanisms are both more flexible and
    > > easier to deal with.  Flexibility comes from the
    > > variety of possible mechanisms, for example:
    > >
    > > [A] A NAT monitors DNS traffic to/from a DNS server in
    > > private address space behind the NAT.  When a DNS reply
    > > containing a translation is intercepted, the NAT sets up
    > > an external IP address that maps to the internal IP address
    > > in the DNS reply, and substitutes that external IP address
    > > for the internal IP address before forwarding the reply
    > > (in addition to the usual translation operations performed
    > > on the header).  Credit/apologies to whomever (Joshua Tseng?)
    > > originally described this example.
    > >
    > > [B] An encrypting firewall does not provide connectivity
    > > to hosts behind the firewall for general traffic outside
    > > the firewall.  If an encrypted IPsec tunnel is set up in
    > > accordance with the firewall's policies, then connectivity
    > > to some of the hosts behind the firewall is provided for
    > > traffic using the tunnel in accordance with the firewall's
    > > policies.
    > >
    > > Note that both the NAT and the firewall have to be configured
    > > by some means, and that both of these mechanisms work without
    > > any changes to the iSCSI protocol, as both the DNS lookup and
    > > IPsec tunnel setup happen before the first iSCSI packet is sent.
    > > The fact that we don't have to specify anything makes these
    > > easier to deal with, and gives iSCSI compatibility with all sorts
    > > of things we haven't thought of (yet).
    > >
    > > Both the current URL mechanism and the discussion of the
    > > CONNECT message are in-band configuration mechanisms.  In the
    > > context of proxy configuration (Julian's concern about views
    > > is a different, but related issue), this has been turning
    > > into a tarpit on the list.  From what I can see, the issues
    > > here are similar to the issues in naming for 3rd party
    > > commands, something that is not in particularly good shape,
    > > despite T10's best efforts. I find it hard to believe that
    > > people want to repeat T10's experience with this from scratch
    > > for iSCSI, but ... I see three possible paths forward
    > > from which the WG needs to choose:
    > >
    > > (1) Rely on out-of-band gateway/proxy configuration.
    > > (2) Reference T10's 3rd party naming formats for target naming.
    > >      This WG would still define an iSCSI 3rd party naming format
    > >      and recommend it to T10, and could define ways of using
    > >      T10 naming formats with Internet protocols (e.g., LDAP).
    > > (3) Invent new ways of naming targets.
    > >
    > > I'm inclined to dismiss (3) as being out-of-scope, because
    > > if this really is analogous to 3rd party naming, then it needs
    > > to be left to T10 and iSCSI should follow what T10 adopts, BUT
    > > I'm willing to listen to counter-arguments.
    > >
    > > (1) and (2) are complementary rather than exclusive, but the
    > > protocol gets simpler if we don't have to do (2).  The 3rd party
    > > naming recommendations to T10 are needed regardless.
    > >
    > > Ok - comments are solicited, as I do intend to try to call
    > > consensus on this set of issues to make progress.
    > >
    > > Thanks,
    > > --David
    > >
    > > ---------------------------------------------------
    > > David L. Black, Senior Technologist
    > > EMC Corporation, 42 South St., Hopkinton, MA  01748
    > > +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    > > black_david@emc.com       Mobile: +1 (978) 394-7754
    > > ---------------------------------------------------
    > >
    > >
    > >
    > >
    >
    
    


Home

Last updated: Tue Sep 04 01:06:41 2001
6315 messages in chronological order