SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    SLP, iSNS, and iSCSI



    I previously noted a couple of thing about SLP that
    appear not to have been part of prior discussions:
    
    [A] SLP scopes are allowed to overlap in a fashion
    similar to Fibre Channel zones -- Service, User,
    and Directory Agents can each be in multiple scopes.
    
    [B] RFC 2610 specifies DHCP options for configuring
    SLP Directory Agent locations and SLP scopes for both
    User and Service Agents.  This would allow DHCP to be
    used for centralized administration of an SLP
    infrastructure, and works even when DHCP is not used
    for IP address assignment.
    
    Going back to Josh Tseng's analysis of SLP and
    iSNS for iSCSI, Josh covered the following topics:
    
    (1) State Change Notification
    (2) Multicast
    (3) Zoning and Discovery Domains
    (4) Heartbeat
    (5) Non-string attributes
    (6) Security
    
    This is a note about the impact that [A] and [B]
    have on these 6 items, plus some related comments
    based on the SLP notification mechanism in RFC 3082
    
    -- (1) State Change Notification
    
    [A] and [B] don't seem to affect this area.  RFC 3082
    provides some level of support (but see next item).
    From a process standpoint, RFC 3082 is experimental,
    and hence can't be required by a standards-track
    document.  Unlike FCIP, iSCSI is client-server and
    hence has a use/need for some way of informing clients
    (Initiators) that a new server (Target) has appeared.
    
    -- (2) Multicast
    
    SLP requires both service and directory agents to listen for
    multicast requests, but can be configured in a fashion where
    they're never used.  The RFC 3082 notification mechanism
    *requires* multicast, which is likely to be an issue in
    larger networks and some VPN situations.
    
    -- (3) Zoning and Discovery Domains
    
    Both [A] and [B] matter here, and the appropriate
    comparison is probably SLP + DHCP vs. iSNS.  For
    SLP + DHCP, it looks like SLP scope is usable in the
    same fashion as an iSNS Zone/Discovery Domain, modulo
    issues with State Change Notification [(1) above].
    
    -- (4) Heartbeat
    
    Neither [A], [B] nor RFC 3082 affect this area, but
    it doesn't seem to be a major issue -- the concern
    is how long an SLP Directory Agent may cache information
    for and hence how often an SLP Service
    Agent has to refresh its registration(s).  A few minutes
    might be a good answer here since that's the default time
    for SLP to keep idle TCP connections open.
    
    -- (5) Non-string based attributes
    
    [A], [B], and RFC 3082 appear not to have any effect here.
    Whether we need to distribute things like X.509 certs through
    the SNS appears to be an open issue.
    
    -- (6) Security
    
    The fact that multiple scopes can be used and that the
    DEFAULT SLP scope can be removed from SLP directory agents
    (RFC 2608, Section 12.4) appears to remove the argument
    that the SLP Directory Agent is a central point of trust.
    DHCP doesn't need to replace it as a central point, as
    DHCP is readily partitionable along network topology
    boundaries.
    
    An important note about this area is that iSCSI access
    control departs from the model(s) used in Fibre Channel
    in an important aspect.  In Fibre Channel, end systems
    trust the Fabric to handle certain aspects of access
    control - both soft and hard zoning are primarily
    implemented in switches (and soft zoning also trusts
    HBAs to not do port scans).  For iSCSI, Targets are going
    to find themselves more involved in access control and
    authentication of Initiators.  There will be cases such
    as strict VLAN configuration along with no layer 3 gateway
    out of the VLAN reproduce Fibre Channel-like configurations,
    but iSCSI will need to operate in more general networks.
    
    This is all for discussion.  An initial take on this
    is that State Change Notification (1) is still an area
    in which SLP appears to fall short of iSNS, especially
    if RFC 3082 notification is ruled out of bounds due to
    its dependence on multicast.  OTOH, DHCP appears to
    be a viable route to central administration of SLP.
    
    Comments?,
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    


Home

Last updated: Tue Sep 04 01:04:37 2001
6315 messages in chronological order