|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI - Change Proposal X bit
Santosh,
The draft DOES NOT ALLOW commands to be reissued on another connection
without an intervening logout.
Julo
Santosh Rao <santoshr@cup.hp.com>
Sent by: santoshr@cup.hp.com
25-10-01 01:44
Please respond to Santosh Rao
To: Julian Satran/Haifa/IBM@IBMIL
cc:
Subject: Re: iSCSI - Change Proposal X bit
Julian,
The one scenario where I do see stale CmdSNs creating a problem is the
following :
- 2 connections.
- CmdSN 3 issued on connection 1.
- Initiator does not get CmdSN ack for 1 and re-issues CmdSN 1 on
connection 2.
- CmdSN ack for 1 received on connection 2. All further I/O traffic on
connection 2 only (nothing on connection 1) and CmdSN sequence wraps
around.
- Finally, connection 1 clears up and CmdSN 1 is delivered on connection
1.
In the above situation, the stale CmdSN 1 is a problem. However, the
problem only occurs if the draft allows previously issued commands to be
re-issued on a different connection without first logging out the
previous connection.
Why is it not possible to disallow commands to be re-issued on a
different connection unless the original connection used for that
command was first logged out successfully ?
This would avoid this stale CmdSN on wrap around problem, as well as
avoid sporadic ULP timeout of I/Os due to race condition b/n initiator
re-issuing command on another connection and target sending CmdSN update
on the first connection.
Thanks,
Santosh
ps : I still don't see how your scenario below holds good. When the
target ack's CmdSNs upto 8 on connection 3, it has received all CmdSNs.
Hence, there can be no stalled commands on connection 2. However, a
different scenario which does cause a problem is the one I describe
above.
Julian Satran wrote:
>
> Santosh,
>
> There is nothing in a command that arrives late on a link (as in the
> example in which it was sent redundantly) to distinguish it from a new
> (valid) command.
>
> This wraparound problem exists in all protocols - even in TCP, and we
use
> the CmdSN per session in the same fashion TCP uses sequence numbers per
> connection - and it is solved in different ways (TCP uses time-stamps).
>
> The NOP is meant to solve that wrap-around problem.
>
> I am sure that when rereading the example you will see the issue.
>
> Julo
>
> Santosh Rao <santoshr@cup.hp.com>
> Sent by: santoshr@cup.hp.com
> 24-10-01 18:29
> Please respond to Santosh Rao
>
>
> To: Julian Satran/Haifa/IBM@IBMIL
> cc: ips@ece.cmu.edu
> Subject: Re: iSCSI - Change Proposal X bit
>
>
>
> Julian,
>
> Some comments on the below quoted scenarios :
>
> > session has 3 connections
> > on connection 1 I->T c1,c2,c3,C6
> > on connection 2 I->T c4,c5,c7,c8
> > Target receives 1,2,4,5,7,8 (miss 3 and 6) and acks 1 & 2
> > Initiator closes 1 and resends c3, c4, c5,c7,c8 on connection 2
and
> 6
> > on connection 3
> > target receives all and starts executing and acks 8 on connection 3
> but
> > connection 2 stalls after c3 for a LONG TIME
> > then (after 2 full sequence wraps) connection 2 is gets alive and
> > delivers c4,c5 etc (that are now valid)
>
> When the target acks CmdSN 8 on connection 3, it has, in effect, sent
> CmdSN ack's for CMdSNs 3,4,5,6,7,8. This implies that the commands with
> CmdSN 3, 4, 5, 7, & 8 were received by the target on connection 2 and
> their processing was commenced.
>
> Hence, the following does not make sense :
>
> > connection 2 stalls after c3 for a LONG TIME
> > then (after 2 full sequence wraps) connection 2 is gets alive and
> > delivers c4,c5 etc (that are now valid)
>
> c4, c5, etc were already delivered to the target and are not being
> re-delivered. There is no problem in this case. (??).
>
> Take the next scenario :
> > 2 connections:
> >
> > connection1 I->T c3,c4,c5
> > status of 3 contains ack up to 6 and it and all other statuses
are
> > lost
> > connection2 resend c3, c4 & c5 (no logout) and those are executed!
>
> Since the initiator got CmdSN ack's upto 6, the initiator should not be
> re-issuing these I/Os ??
>
> I still don't see justification to require that initiators send a
> immediate NOP-OUT in the manner being advocated.
>
> On a more fundamental note, I see some issues with the initiator being
> allowed to re-issue the commands on a different connection without
> having first logged out the previous connection successfully. I see
> nothing in the draft that suggests such behaviour, while at the same
> time, it is not forbidden.
>
> By resorting to command retries on a different connection in an attempt
> to plug the hole, without first logging out the previous connection, the
> initiator is susceptible to encountering I/O failure of that I/O due to
> ULP timeout.
>
> Here's the scenario why such recovery should not be allowed :
> - Initiator sends CmdSN 3 on connection 1.
> - No CmdSN updates for a while and initiator re-sends CmdSn 3 on
> connection 2.
> - At the same time, target has sent CmdSN ack's for CmdSN 3 on
> connection 1.
>
> - Initiator has transferred the command allegiance on its side from
> connection 1 to connection 2 and is attempting the command on connection
> 2. However, the command does not go through, since the (ExpCmdSN,
> MaxCmdSN) window has advanced and the trget discards the command.
>
> - Target sends in data and/or R2T and/or status for CmdSN 3 on
> connection 1. Since the initiator is not expecting any traffic for that
> I/O on connection 1, it discards any PDUs received on that connection 1
> for which no I/O state existed.
>
> In the above scenario, initiator will never get a CmdSN ack on
> connection 2 and will never be able to plug the hole despite repeated
> retries, finally, causing a ULP timeout, followed by session recovery.
>
> Given the above scenario, I suggest that the initiator must only
> re-issue commands on the same connection, and can re-issue them on
> another connection only following a successful logout.
>
> Comments ?
>
> Thanks,
> Santosh
>
> Julian Satran wrote:
> >
> > Santosh,
> >
> > The scenarios I am talking about are all derivatives of an initiator
> trying
> > to plug-in holes and switching connections.
> > As the initiator does know the "extent" of a hole it can send-out
> commands
> > that he did not have to.
> > I have sent the attached not to Mallikarjun a while ago. I think
that
> > there might be many of this kind. I am also aware that X bit by
itself
> > might have some bad scenarios but the new proposal fixes them all.
> >
> > Julo
> >
> > _____________________________
> >
> > Mallikarjun,
> >
> > Take the following sequence scenario:
> >
> > session has 3 connections
> > on connection 1 I->T c1,c2,c3,C6
> > on connection 2 I->T c4,c5,c7,c8
> > Target receives 1,2,4,5,7,8 (miss 3 and 6) and acks 1 & 2
> > Initiator closes 1 and resends c3, c4, c5,c7,c8 on connection 2
and
> 6
> > on connection 3
> > target receives all and starts executing and acks 8 on connection 3
> but
> > connection 2 stalls after c3 for a LONG TIME
> > then (after 2 full sequence wraps) connection 2 is gets alive and
> > delivers c4,c5 etc (that are now valid)
> >
> > That is not a very likely scenario, I admit, but it is possible.
> > With X bit I could not find any such scenario since an X either
follows
> a
> > good one on the same connection or can be safely discarded.
> > I suspect that there are some more scenarios that involve immediate
> > commands or commands that carry their own ack in the status and are
> acked
> > like:
> >
> > 2 connections:
> >
> > connection1 I->T c3,c4,c5
> > status of 3 contains ack up to 6 and it and all other statuses
are
> > lost
> > connection2 resend c3, c4 & c5 (no logout) and those are executed!
> >
> > I think we can avoid those be requiring a NOP exchange before
reissuing
> a
> > command on a new connection or reissue the command with a task
> management
> > (that has an implied ordering) but why do it if X is an obvious and
safe
> > solution.
> >
> > Julo
> >
> > Regards,
> > Julo
> >
> >
> > "Mallikarjun
> > C." To: Julian
> Satran/Haifa/IBM@IBMIL
> > <cbm@rose.hp.c cc:
> > om> Subject: Re: iscsi : X
bit
> in SCSI Command PDU.
> >
> > 08-10-01 21:45
> > Please respond
> > to cbm
> >
> >
> >
> > Julian,
> >
> > We currently have the following specified in section 2.2.2.1 -
> >
> > "The target MUST NOT transmit a MaxCmdSN that is more than
> > 2**31 - 1 above the last ExpCmdSN."
> >
> > It appears to me that the above is sufficient to ward off the
> > accidents of the sort you describe. Do you think otherwise?
> > --
> > Mallikarjun
> >
> > Mallikarjun Chadalapaka
> > Networked Storage Architecture
> > Network Storage Solutions Organization
> > MS 5668 Hewlett-Packard, Roseville.
> > cbm@rose.hp.com
> >
> > Julian Satran wrote:
> > >
> > > Mallikarjun,
> > >
> > > There is at least one theoretical scenario in which an "old" command
> > > may appear in a "new window" and be reinstantiated.
> > > At 10Gbs and several connection that does not take months. With X
the
> > > probability is far lower (not 0). I have no other strong arguments
> > > but I am still thinking. Matt Wakeley that insisted on it (against
> > > me) had some other argument that I am trying to find (I am note
> > > remembering).
> > >
> > > Julo
> > >
> > > "Mallikarjun C."
> > > <cbm@rose.hp.com> To: Julian
> > > Satran/Haifa/IBM@IBMIL
> > > 08-10-01 20:39 cc:
> > > Please respond to cbm Subject: Re: iscsi : X
> > > bit in SCSI Command PDU.
> > >
> > >
> > >
> > > Julian,
> > >
> > > Now that you put me on the spot, :-), my response -
> > >
> > > Santosh argued with me privately that X-bit no longer serves a
> > > useful purpose after the advent of task management commands to
> > > reassign. My response was that it never was a requirement per se,
> > > but always a "courtesy" extended by the initiator to help the
> > > target. I also suggested that X-bit may be considered for its
> > > usefulness in debugging.
> > >
> > > He still had some (very reasonable) comments for simplification
> > > - the most appealing of which (to me) was the opportunity to do
> > > away with the X-bit checking for *every* command PDU that the target
> > > has to endure now.
> > >
> > > If I missed a legitimate use of X-bit, please comment. Do you
> > > think it is a protocol requirement per se? I couldn't justify
> > > to myself so far (except the Login).
> > >
> > > Regards.
> > > --
> > > Mallikarjun
> > >
> > > Mallikarjun Chadalapaka
> > > Networked Storage Architecture
> > > Network Storage Solutions Organization
> > > MS 5668 Hewlett-Packard, Roseville.
> > > cbm@rose.hp.com
> > >
> > >
> > >
> > > Julian Satran wrote:
> > > >
> > > > Santosh,
> > > >
> > > > I am not sure you went through all scenarios. A conversation with
> > > your
> > > > colleague - Mallikarjun - and getting through the state table may
go
> > > a
> > > > long way to clarify the need for X.
> > > >
> > > > And I am sure that by now you found yourself several .
> > > >
> > > > Julo
> > > >
> > > > Santosh Rao
> > > > <santoshr@cup.hp.com> To: IPS Reflector
> > > > Sent by: owner-ips@ece.cmu.edu <ips@ece.cmu.edu>
> > > > cc:
> > > > 06-10-01 01:56 Subject: iscsi :
X
> > > > Please respond to Santosh Rao bit in SCSI Command PDU.
> > > >
> > > >
> > > >
> > > > All,
> > > >
> > > > With the elimination of command relay from iscsi [in the interests
> > > of
> > > > simplification ?], I believe that the X bit in the SCSI Command
PDU
> > > > can
> > > > also be removed. As it exists today, the X bit is only being used
> > > for
> > > > command restart, which is at attempt by the initiator to plug a
> > > > potential hole in the CmdSN sequence at the target. It does this
on
> > > > failing to get an ExpCmdSN ack for a previously sent command
within
> > > > some
> > > > timeout period.
> > > >
> > > > Given the above usage of command restart, no X bit is required to
be
> > > > set
> > > > in the SCSI Command PDU when command re-start is done.
> > > >
> > > > Either :
> > > > (a) the target had dropped the command earlier due to a digest
> > > error,
> > > > in
> > > > which case, the command restart plugs the CmdSN hole in the
target.
> > > >
> > > > [OR]
> > > >
> > > > (b) the target had received the command and was working on it,
when
> > > > the
> > > > initiator timed out too soon and attempted a command restart to
plug
> > > > [what it thought was] a possible hole in the CmdSN sequence.
> > > >
> > > > In case (a), no X bit was required, since the target knows nothing
> > > of
> > > > the original command. In case (b), no X bit is required again,
since
> > > > the
> > > > (ExpCmdSN, MaxCmdSN) window would have advanced and the target can
> > > > silently discard the received retry and continue working on the
> > > > original
> > > > command received.
> > > >
> > > > Removal of the X bit in the SCSI Command PDU has the following
> > > > benefits
> > > > :
> > > >
> > > > a) The CmdSN rules at the target are simplified. No need to look
at
> > > X
> > > > bit, only validate received CmdSN with (ExpCmdSN, MaxCmdSN)
window.
> > > >
> > > > b) The reject reason code "command already in progress" can be
> > > > removed.
> > > > There's no need for this reject reason code anymore, since X bit
> > > > itself
> > > > is not required, and the targets can silently discard commands
> > > outside
> > > > the command window and continue to work on the original instance
of
> > > > the
> > > > command already being processed at the target.
> > > >
> > > > c) Less work for the target and less resources consumed since it
no
> > > > longer needs to generate a Reject PDU of type "command in
progress".
> > > > It
> > > > can just silently discard any command PDU outside the (ExpCmdSN,
> > > > MaxCmdSN) window.
> > > >
> > > > d) Less code for the target, since it does not need :
> > > > - any Reject code paths when it receives X bit command PDUs that
are
> > > > already in progress.
> > > > - No special casing of CmdSN checking rules.
> > > > - No overheads of verifying a received command based on its
> > > initiator
> > > > task tag, to check if the task is currently active, prior to
sending
> > > a
> > > > Reject response with "command in progress".
> > > >
> > > > Comments ?
> > > >
> > > > Thanks,
> > > > Santosh
> > > >
> > > > --
> > > > ##################################
> > > > Santosh Rao
> > > > Software Design Engineer,
> > > > HP-UX iSCSI Driver Team,
> > > > Hewlett Packard, Cupertino.
> > > > email : santoshr@cup.hp.com
> > > > Phone : 408-447-3751
> > > > ##################################
> >
> >
> > Santosh Rao
> > <santoshr@cup. To: IPS Reflector
> <ips@ece.cmu.edu>
> > hp.com> cc:
> > Sent by: Subject: Re: iSCSI -
Change
> Proposal X bit
> > owner-ips@ece.
> > cmu.edu
> >
> >
> > 23-10-01 22:50
> > Please respond
> > to Santosh Rao
> >
> >
> >
> > Julian Satran wrote:
> > >
> > > However in order to drop "old" commands that might in the pipe on a
> > > sluggish connection - removing the X bit will require the initiator
to
> > > issue an immediate NOP requiring a NOP response on every open
> connection
> > > whenever CmdSN wraps around (becomes equal to InitCmdSN).
> >
> > Julian,
> >
> > Can you please explain further the corner case you are describing
above
> > ? Are you suggesting that special action should be taken every time
> > CmdSN wraps around, in case there were holes in the CmdSN sequence at
> > the wrap time ? Why is that ?
> >
> > Here's my understanding of how this plays out :
> >
> > Rule 1)
> > The CmdSN management rules at the target should be handling CmdSN wrap
> > case and the initiator cannot issue more than 2^32 -1 commands beyond
> > the last ExpCmdSN update it has received from the target, since the
> > target MUST NOT transmit a MaxCmdSN that is more than 2**31 - 1 above
> > the last ExpCmdSN. (per Section 2.2.2.1)
> >
> > Rule 2)
> > Any holes that occur in the CmdSN sequence are attempted to be plugged
> > by the initiator by re-issuing the original command. If the CmdSN
never
> > got acknowledged and the I/O's ULP timeout expired, the initiator MUST
> > perform session recovery. (per Section 8.6)
> >
> > Thus, going by the above 2 rules, if the CmdSN sequence wraps upto
> > ExpCmdSN, the initiator will not be able to issue further commands,
> > since the target will keep the CmdSN window closed. The window can
only
> > re-open when the CmdSN holes are plugged allowing ExpCmdSN and
thereby,
> > MaxCmdSN to advance. (rule 1 above).
> >
> > Under the above circumstances, the initiator will possibly try to plug
> > the CmdSN hole by re-issuing the original command. It may do this 1 or
> > more times before its ULP timeout expires. Either the holes get
plugged
> > and the windoe re-opens, or ULP timeout occurs without the
corresponding
> > CmdSN for that I/O having been acknowledged, resulting in session
> > logout. (rule 2 above).
> >
> > What is required over and beyond the above ? Why does removal of X-bit
> > require an immediate NOP to be issued every time CmdSN wraps and a
hole
> > exists in the CmdSN sequence (??).
> >
> > Regards,
> > Santosh
--
##################################
Santosh Rao
Software Design Engineer,
HP-UX iSCSI Driver Team,
Hewlett Packard, Cupertino.
email : santoshr@cup.hp.com
Phone : 408-447-3751
##################################
Home Last updated: Thu Oct 25 14:17:36 2001 7397 messages in chronological order |