iSNS zoning

To: ips@ece.cmu.edu
Subject: iSNS zoning
From: Raghavendra Rao <jp.raghavendra@sun.com>
Date: Thu, 14 Dec 2000 18:28:13 +0400
Content-Type: multipart/mixed;boundary="------------B89DDD4316A71B53D7DF842D"
Organization: Sun Microsystems
Reply-To: jp.raghavendra@sun.com
Sender: owner-ips@ece.cmu.edu



Looking into iSNS draft, the zoning service as defined appears to be a poor
replica of its Fibre Channel counter part. In FC fabric, the switch that runs
the zoning service has several methods to prevent unauthorised or unintended
accesses from N/NL_Ports, since it is part of the access path. However, in
the case of iSNS, the zoning service is merely a repository of records of the
so called zones. I really have hard time in understanding how a standalone
internet storage name server could enforce the following claims made in
the draft.

a)
	3.1.3
	>  access control purposes.  Devices must be in common zones in order
	>  to "see" each other and communicate through the network.  Devices
	>  can be a member of multiple zones simultaneously.

b)	4.3
    	> Zoning is a security and management mechanism used to partition
    	> storage resources.  Zoning prevents initiators from potentially

How can this storage name server prevent an iSCSI initiator from setting
up a TCP connection with an iSCSI target ? Also, the right place for
authentication and access control is the iSCSI target.


-JP

Prev by Date: iSNS and zoning
Next by Date: RE: iFCP: FC-BB exists, why invent something new?
Prev by thread: Framing slides presented to IETF-49 IPS WG
Next by thread: RE: iSNS zoning
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:06:03 2001
6315 messages in chronological order