SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    iSNS/SLP Comparison



    Folks,
    
    As promised, here is the text of the detailed analysis completed several
    weeks ago on
    the feasibility of using the SLP protocol to support the storage name
    service functionality
    for iSCSI.  This issue was hashed and rehashed multiple times within the
    Naming &
    Discovery Team.  Mark Bakke and I had numerous online and offline
    discussions on
    SLP and iSNS, and in the end we both concluded that SLP would not provide
    the needed
    functionality for a storage name service.  Rather, we agreed SLP can be used
    to do
    simple discovery of iSCSI targets in a device-centric management model,
    without the
    aid of the iSNS.  On the other hand, iSNS would provide the centralized
    management
    function that would allow iSCSI to scale to enterprise-class networks.
    
    The bottom line is that iSNS is a storage-aware application that is aware of
    client attributes,
    and can take appropriate action when events occur in the network.  SLP is a
    generic
    discovery protocol and has no intelligence of storage devices and their
    attributes.  LDAP
    alone is inappropriate for a similar reason in that it is a generic
    protocol, not an application.
    However, both LDAP and SLP can be used to support the iSNS application.
    LDAP to
    store and distribute attribute values in a directory-enabled iSNS
    implementation, and
    SLP to discover the iSNS service itself.
    
    Josh
    
    ---------------------------------------------
    
    Comparisons between iSNS and SLPv2:
    
    1)  State Change Notification:  
    
    SLPv2 does not currently support it.  This is an important function that
    exists in enterprise-scale Fibre Channel SANs.  For SLPv2 to be feasible for
    large enterprise-scale storage networks, it would have to incorporate an
    asynchronous messaging mechanism that is closely tied to entities identified
    by service attributes.  Specifically, this means SLPv2 must develop the
    intelligence to recognize a significant event, identify the entities (i.e.,
    WWUI's) that are affected by that event by examining the DD/Zoning of each
    entity, and send a directed unicast message to the entities represented by
    those WWUI's.
    
    Such functionality seems to be beyond the intent and scope of SLP.  WWUI
    would be stored as an attribute, and in SLP, attributes are simple values
    which carry no significance to SLP.  It is beyond the purpose of SLP to
    interpret the contents of any attribute stored for a service.  However, in
    order to support SCN's, SLP would need interpret the WWUI attribute values
    and map it to a destination IP address (i.e., extract the URL attribute and
    query for an IP address) for the State Change Notification.
    
    Therefore, we cannot count on SLP's ability to fulfill the State Change
    Notification requirement, even with future upgrades to the SLP protocol.
    
    2)  Multicast
    
    RFC 2608 contains "MUST" language that requires SA's to listen to multicast
    requests from UA's and DA's.  However, in order to fulfill the SNS role,
    SA's do not need this capability, and multicast should not be used in many
    cases.  An implementer will be faced with the choice of either compliance
    with the RFC 2608 and implementing a capability that is not needed, or being
    non-compliant and implementing only what is needed for the SNS.  There are
    other areas in SLP which describe capabilities that are not needed for SNS.
    
    Multicast is not required for SNS because it may not be available in some
    networks, particularly the Public Internet or in a business partner's
    network.  I shall assume no multicast functionality, since SNS must be able
    to work over the Public Internet per IETF Charter.
    
    3)  Zoning/Discovery Domains:
    
    The scoping functionality cannot be used for "Zoning/Discovery Domain"
    capability, because common scoping is a requirement for even DA's and SA's
    to communicate with each other.  SLP assumes SA's, UA's, and DA's are
    already configured with the appropriate scoping, and SLP itself cannot be
    used to create, delete, or modify a scoping of an SA, UA, or DA, because
    they can't even communicate unless they already have common scoping.
    Therefore, a new attribute such as "Zone" in Mark's template is needed.  But
    is the Zone an attribute of the WWUI or iSCSI instance?
    
    At the current time, it's unclear if the service represents a single WWUI,
    or an "iSCSI Instance" which may have multiple WWUI's.  Either way, there is
    a disadvantage:
    
    a.  If the service registers an iSCSI Instance, then the Zone/Discovery
    Domain is an attribute of the service (i.e., iSCSI instance), and not of the
    WWUI (i.e., iSCSI device), ALL WWUI's belonging to the iSCSI instance must
    be assigned to the same Zone/Discovery Domain.  That means, if an iSCSI
    target device has 50 WWUI's, then all 50 must be assigned to the same
    Discovery Domain, and initiators must perform an iSCSI login to each of the
    50 devices.  While a native iSCSI device with 50 controllers may be rare,
    the real impact is on iSCSI-FC gateways.  The gateway must proxy for a
    network of Fibre Channel devices, and the gateway will likely represent each
    FC device with a WWUI (using the "eui.xxx" WWUI format).  But that means the
    user has no means of limiting access and discovery to a subset of devices in
    the FC network.
    
    b.  If the "service" registers a single WWUI, then each "iSCSI instance"
    will have to register multiple times if it supports more than one WWUI.
    Once again, an iSCSI-FC gateway will have a large number of individual
    registration messages to send for any change to its attributes, and updates
    to receive for any change in status to other members in a common
    Zoning/Discovery Domain.  For example, if the gateway supports 50 FC devices
    that are in a common Zone with initiator I, and initiator I is somehow
    removed from the Zone then the iSCSI-FC gateway will need to query the DA 50
    times in order to make this simple update.
    
    And the last significant issue I'm aware of with Zones/Discovery Domains is
    that since the Zone is already an attribute, additional attributes cannot be
    associated with the Zone.  This means a VLAN tag, multicast group address,
    or user-assigned symbolic name cannot be stored as an attribute of the Zone,
    in the DA.
    
    4)  Heartbeat/Client Status Inquiry:
    
    SLP accomplishes this function through a multicast DAAdvert.  However, SLP
    does not specify an alternative if multicast is not available.  Rather, SLP
    relies on the SA's and the UA's to continue refreshing their registrations
    in the DA at regular intervals.  The refresh interval is dependent on the SA
    and UA settings, and is an interval between 0 and 18 hours.  Since the DA
    has no control over the interval at which SA's send in registrations, it
    could get overwhelmed if there are a large number of SA's and UA's query for
    and register data.  And the only way that the DA can discover (in the
    absence of multicast) that an SA has been removed from the network, is to
    wait until the timeout interval expires for SA registration refresh.  Set
    the expiration timer too low, and the SA's will be re-registering with the
    DA too often and overwhelm it.  Set the timer too high, and it could be
    hours or days before the DA discovers that an SA (i.e., iSCSI target) has
    disappeared.  That would be unacceptable for an enterprise-class user.
    
    This is the original reason why SLP relied on the multicast advertisement.
    There is no unicast advertisement originated by the DA that I am aware of
    that is not in response to a multicast request by an SA.
    
    On the other hand, iSNS unicasts heartbeat messages to each iSNS client, and
    can adjust the interval at which it is comfortable sending out heartbeats,
    depending on its processing load.
    
    5)  Non-string-based attributes:
    
    SLP is optimized to store and transmit string-based attributes.  However,
    the SNS must be able to store non-string attributes, such as an X.509 public
    key certificate.  The only way that SLP can do this is if it escapes each
    byte of binary data.  This "escaped" SLP formatting will effectively double
    the size of the original X.509 certificate.  This is an additional burden
    for iSCSI devices, that will need to take the X.509 "blob" and place an "/"
    between every byte of binary data.  Processing requirements for the DA host
    (which are already significantly more than iSNS server from the above issues
    1-4), will also be increased as the a companion application on the DA host
    may need to extract the original certificate so that it can verify the
    signature and authenticate its origin.
    
    Also, doubling the size of the X.509 certificate in the SLP protocol message
    may overflow the size of the multicast datagram, which is a no-no.
    
    6)  Security:
    
    Because the DA, SA, and UA are all using the same scope ("SNS"), and Zone is
    now an attribute of the iSCSI device (either the WWUI or the iSCSI
    Instance), the DA (i.e., the SNS) must trust each of the SA's as far as
    access authorization.  Although initiators are not supposed to change the
    attributes of a target, nothing prevents a wayward initiator from doing it
    anyway.  Once again, attribute values have no significance to SLP, and there
    is no way for SLP to disallow a query or registration command by examining
    the value stored in an attribute field for the service that is the object of
    the query or request.
    
    This will become an issue when sharing the DA database with a business
    partner.  Even if a new special "Zone" or "Discovery Domain" is created, and
    only devices that an enterprise intends to share with the business partner
    is placed into that "Discovery Domain", there is nothing which prevents the
    business partner from doing an SLP query with no "Discovery Domain"
    attribute.  This will result in ALL devices registered in the DA being
    returned.  The business partner now has access to all devices stored in the
    DA, and can do unlimited damage if they desire.
    
    CONCLUSION:
    
    I believe there may be other issues which have yet to be discovered,
    regarding use of SLP in the SNS role for a large enterprise-class storage
    network.  My suggestion is that we limit the use of SLP in iSCSI to
    discovery only.  We can recomend and use SLP for simple discovery of iSCSI
    devices, as well as discovery of the iSNS.  But let's not encourage SLP to
    be used in a role for which it was not designed.
    
    My concern is that if we talk or hint about the possibility of using SLP to
    fulfill the SNS role, those that take this path will invest considerable
    engineering effort only to find in the end that there are insurmountable
    issues in supporting large, enterprise-class storage area networks.  SLP
    simply was not designed for the SNS role.  Attempting to force SLP to do
    what it wasn't designed for will result in consequences down the road if
    anyone takes our errant advice to do so.
    
    Josh
    
    


Home

Last updated: Tue Sep 04 01:05:17 2001
6315 messages in chronological order