|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Selectively exposing Porgal Groups to InitiatorsThose are not parallel nexus, they are both examples of the same iSCSI initiator port talking to two different iSCSI target ports. Parallel nexus would be two iSCSI sessions between the same port pairs. A "SCSI nexus" is defined as a relationship between an initiator port and a target port. Marjorie > -----Original Message----- > From: Shailesh Manjrekar [mailto:shaileshm@aarohicommunications.com] > Sent: Monday, November 26, 2001 5:44 PM > To: 'John Hufferd'; 'Rahul Bhagwat' > Cc: ips@ece.cmu.edu; 'KRUEGER,MARJORIE (HP-Roseville,ex1)' > Subject: RE: Selectively exposing Porgal Groups to Initiators > > > Hi John, > > In your configuration examples, in the slide about SCSI nexi, Model 3, > entries 3 and 5 would form a parallel nexus, so as entries 4 > and 6. The > entries instead should have been : > > 3) iqn.1999-12.com.ajax.os1 > + VID=2 + ISID=3 and > eui.02004567A425678A+1 > 4) iqn.1999-12.com.ajax.os1 > + VID=5 + ISID=1 and > eui.02004567A425678A+2 > ****** ************* > 5) iqn.1992-12.com.ajax.os1 > + VID=2 + ISID=3 and > eui.02004567A425678A+2 > 6) iqn.1999-12.com.ajax.os1 > + VID=5 + ISID=1 and > eui.02004567A425678A+1 > ****** ************* > Right ? > > Regards, > Shailesh Manjrekar > Aarohi Communications. > > -----Original Message----- > From: owner-ips@ece.cmu.edu [mailto:owner-ips@ece.cmu.edu] On > Behalf Of > John Hufferd > Sent: Wednesday, November 21, 2001 12:43 PM > To: 'Rahul Bhagwat' > Cc: ips@ece.cmu.edu; KRUEGER,MARJORIE (HP-Roseville,ex1) > Subject: RE: Selectively exposing Porgal Groups to Initiators > > > Rahul, > Marjorie's answers are correct, but you might want to be very careful > with > your terms. Your point three talks about limiting Portal Groups to > specific Initiators. I am concerned about your use of the words iSCSI > Target, which could apply to a couple of different things. > > In a Target Network Entity there can be more then one iSCSI > Target Node > (SCSI Device). Each Target Node can have more then one iSCSI (SCSI) > Target > Port connected to it. Part of the name of this iSCSI (SCSI) > Target Port > includes the Portal Group Tag. So if, in your point 3, the term iSCSI > Target meant iSCSI Target Node, then you would be able to set up > different > iSCSI (SCSI) Target Ports (each with different Portal Group Tags) that > can > access the resources at the same iSCSI Target Node. The ACL > would then > probably be applied at the iSCSI (SCSI) Target Port. > > To be sure we are on the same page here, please reference the charts > that > have been placed at: > > http://www.haifa.il.ibm.com/satran/ips/iSCSIConfigurationExamples.pdf > > (Note: I use the term iSCSI (SCSI) Port to represent the concept of > "SCSI > Port" within the context of iSCSI.) > > . > . > . > John L. Hufferd > Senior Technical Staff Member (STSM) > IBM/SSG San Jose Ca > Main Office (408) 256-0403, Tie: 276-0403, eFax: (408) 904-4688 > Home Office (408) 997-6136, Cell: (408) 499-9702 > Internet address: hufferd@us.ibm.com > > > "KRUEGER,MARJORIE (HP-Roseville,ex1)" > <marjorie_krueger@hp.com>@ece.cmu.edu > on 11/21/2001 11:11:45 AM > > Sent by: owner-ips@ece.cmu.edu > > > To: "'Rahul Bhagwat'" <rahulb@veritas.com>, ips@ece.cmu.edu > cc: > Subject: RE: Selectively exposing Porgal Groups to Initiators > > > > > 1. Is it required that TargetAddresses of an iSCSI target advertised > to a > > directory service include portal group tag ? > > Yes, information is necessary to communicate to the initiator which > target > addresses can be used to form a multi-connection session. > > > 2. Is it mandatory for an Initiator to use "SendTargets" to discover > > TargetAddress for an iSCSI target (even if if has a set of > addresses > > either statically configured or found through a > directory service)? > > To my knowledge no iSCSI document has declared it mandatory, but it's > recommended to ensure the initiator has current addressing information > for > this target. > > > 3. Is it okay to restrict access to an Initiator (based on > it's iSCSI > name) > > to only a subset of total Target Portal Groups supported by the > iSCSI > > target? > > Yes > > > > > In this scenario, an Initiator may find out the > TargetAddresses for an > iSCSI > > target using a directory service, and try to connect a normal > operational > > session to any of these addresses without using SendTargets. The > > iSCSI target can return an error code for login as "Initiator not > Authorized" > > which in fact is not > > completely true. Initiator is authorized to only use a subset > > of portal groups. > > Correct, although "not completely true" is subjective. Another > perspective > is that this initiator is not authorized to use this *target port*, > which > is > completely true. > > Marjorie > > >
Home Last updated: Tue Nov 27 02:17:42 2001 7914 messages in chronological order |