SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI ERT: data SACK/replay buffer/"semi-transport"



    At 06:22 PM 4/9/2001 -0400, Stephen Bailey wrote:
    
    >No.  However, middlebox-proofing we do will be circumvented when the
    >middle box decides it wants to look in iSCSI as a L7 protocol.  I know
    >it sounds horrible, but there are zillions of companies doing this for
    >HTTP now.  The reason why middle boxes manipulate the data is because
    >that allows them to provide the desired behavior.  It seems like a
    >really natural product idea for some people (personally I don't get
    >it) to plumb HTTP and iSCSI (hey, why not CIFS, NFS, SIP and RTP while
    >we're at it :^) into one big, happy L7 router/switch type box.
    >Fundamentally, if the middle box is going to diddle in the payload,
    >there's not squat we can do.
    
    This is why the concept of a variant CRC for those fields within the header 
    subject to change and an invariant CRC for the data and header fields that 
    are not subject to change is a preferred solution.  The middle boxes cannot 
    screw up everything.  However, this is primarily practical only when PDU do 
    not span multiple packets which many people seem to want for some reason.
    
    >I am somewhat ambivalent about CRC digests (I'd rather have end-to-end
    >security and kill all those birds with the same stone), but what I'm
    >really averse to is assuming that digest failures are frequent, and a
    >less than brute force (connection bounce) recovery mechanism is
    >required.
    
    Given security solutions can change over time it is unclear whether this 
    would be practically. Doing something as simple as a secured hash for 
    modification detection is much more complex and performance inhibiting than 
    calculating a CRC.
    
    Also the frequency of many aspects - the number, type, and bandwidth of the 
    fabrics involved in the end-to-end solution come immediately to 
    mind.  Given these can vary in quality and rate of change (bandwidth is 
    already at 40 Gbps on some fabrics and rising to 100 Gbps and it is 
    important for the same solution to work from DSL speeds to 100 Gbps and 
    beyond), it is unclear whether any study done to date can quantify the 
    actual frequency that will be present. As such, it is better to error on 
    the side of strong data integrity at the start (provide investment 
    protection to the customer) and then adapt as required.  Not doing anything 
    now leaves customers buying hardware that will be throw-away / of limited use.
    
    Mike
    
    


Home

Last updated: Tue Sep 04 01:05:06 2001
6315 messages in chronological order