Re: iSCSI Data Integrity - Digests

[Glen Turner <glen.turner@aarnet.edu.au>]

Sean Quinlan wrote:

> If TLS or IPsec are used in conjunction with iSCSI, then strong
> end-to-end integrity is already provided and duplicating this in iSCSI seem
> rather a waste.

Um, this doesn't match the paper presented at SIGCOMM2000 showing an
uncomfortably high level of errors *above* the TCP layer due to faulty
computer hardware. [1]

The paper strongly recommended application-layer checksums.

Also, your analogy with HTTP is a bit misleading.  iSCSI errors
are cumulative, as disks are usually attached to iSCSI sessions
and a write corruption is stored to disk for later reading.

> If data integrity is provided by iSCSI, CRC algorithms are not particularly
> ideal from a software implementation point of view - surely there
> are better alternatives than CRC that are easy to implement in hardware and
> can take advantage of 32bit wide data ops.

There is unlikely to be an algorithm better than CRC that is also
faster than CRC.  Essentially, to handle data in words it appears
that you need to trade off the level of protection.  I know of no
paper that explores this assumption, but math is not my strong point.

Glen

 [1] Sorry that I can't give a reference, I'm in the terminal
     room at the Internet2 Joint Techs meeting.

-- 
 Glen Turner                                 Network Engineer
 (08) 8303 3936      Australian Academic and Research Network
 glen.turner@aarnet.edu.au          http://www.aarnet.edu.au/
--
 The revolution will not be televised, it will be digitised