|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: Stand alone SAN network configuration change notice.> If you feel ICMP is off the table, then consider this suggestion as a > general signaling mechanism using UDP. Like SNMP Notifications? I'd suggest looking there as one possibility. > Although the affected programs may > be at the application level, the change notification would be changes in > assignments or function within the physical networks through a SAN bridge, > router or switch. The suggestion that I made included notice and reply to > overcome your delivery concern. In other words, a new reliable delivery mechanism. That's not likely to make it through the transport ADs. > If you look at RFC2521 (1999 experimental) > you will see ICMP used to signal security failures. That's for IPsec, which is layer 3, whereas all the IPS protocols are layer 5. The fact that this can be made to work doesn't make it a good design decision from an architectural standpoint. > As the server and the > SAN network is likely inside the firewall, there should be few such issues > related to ICMP for this type of signaling concerning IPSec and may be > viewed as a feature. Definitely a bad design assumption. IPS protocols will almost certainly run over VPN links that are implemented by IPSec security gateways, and ICMP has a poor track record of interaction with such gateways. > I have no trouble > looking elsewhere such as UDP but I must say I do not agree with your > conclusions. Considering such a signaling mechanism may impact the various > transports if such signaling is standardized, reflector bandwidth should not > be a major concern to resolve if changing existing network services are the > best solution or if a more general and simpler scheme may be of greater > utility. In case I'm not making myself clear - I have no problem with work on notification issues and use of the reflector to explore solutions (e.g., see my previous comments on iSNS's ability to handle this). My issue is solely with ICMP - extending it is not an appropriate approach to this area and hence I am strongly advising the WG to look elsewhere. Considering Doug's past complaint that: It would seem that IPS can do anything out of the architectural norm they desire I'm quite surprised to find Doug pushing something that is clearly "out of the architectural norm". Do I need to get out a bigger clue-by-four? --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Tue Sep 04 01:04:25 2001 6315 messages in chronological order |