Re: Keep-alive traffic (was iSCSI: more on StatRN)

[Glen Turner <glen.turner@aarnet.edu.au>]

Charles Monia wrote:
> 
> I assume the objection is only to mandatory keep alive.
> 
> In high-availabilty scenarios, pinging of some sort goes on all the time to
> detect when an otherwise long-dormant node loses connectivity or becomes
> brain-dead.

I hope you don't mean ICMP Echo Request and ICMP Echo Reply.  These
are unreliable across the Internet, as backbone ISPs rate limit them
to reduce the impact of denial of service attacks.

Ironically, the more available the Internet infrastructure, the stricter
the ICMP rate limiting that needs to be performed.  So an application
that uses ICMP Echo Request to enhance availability is counter-productive,
as it will fail when running over a public Internet that is designed
to have high availability.

It is desirable that high-availability applications can run across
a high-availability public Internet as this allows geographical
redundancy.

Thus the need for an iSCSI Echo Request and Echo Reply.  As these run
over an authenticated link, the ISP need not rate limit these.  The
iSCSI protocol does need to be careful not to allow unauthenticated
Echo Replies to become a channel that can be used to launch a DoS
attack (eg: from a public iSCSI server such as a CD-ROM jukebox).

Glen

PS: A bit of background.  I'm a network engineer for the Australian
    Academic and Research Network.  We are in the process of constructing
    a multi-gigabit public Internet with 99.999% availability.