SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: is 1 Gbps a MUST?



    Vince,
    
    I read this as limiting IP block storage security protocols for iSCSI to those which can be done at wire speed using some current technology.  This does not mean that each implementation must do so, nor that it must be possible to do it both in hardware and also in software.  It means to me, if no-one can make it run at wire speed using current technology, we must not select it.
    
    If neither software with acceptable CPU overhead, nor a suitable hardware implementation are possible, the protocol is disqualified.
    
    Thanks,
    Nick
    > -----Original Message-----
    > From: CAVANNA,VICENTE V (A-Roseville,ex1)
    > [mailto:vince_cavanna@agilent.com]
    > Sent: Thursday, February 21, 2002 5:07 PM
    > To: 'ips@ece.cmu.edu'
    > Cc: SHEEHY,DAVE (A-Americas,unix1); CAVANNA,VICENTE V 
    > (A-Roseville,ex1);
    > THALER,PAT (A-Roseville,ex1)
    > Subject: is 1 Gbps a MUST?
    > 
    > 
    > If my interpretation is correct, the current (and earlier 
    > ones too) security
    > draft at  
    > http://www.drizzle.com/~aboba/RDMA/draft-ietf-ips-security-10.txt
    > seems to say that an IPSec implementation MUST be capable of 
    > running at 1
    > Gbps. I quote from the draft:
    > "Given current networking technology, IP block storage 
    > security solutions
    > must be implementable at 1 Gbps in terms of CPU overhead 
    > and/or availability
    > of suitable hardware implementations and should be 
    > implementable at 10 Gbps
    > in the near future. 10 Gbps implementations are desirable but 
    > are not an
    > absolute requirement as implementation feasibility at these 
    > speeds is not
    > yet demonstrated. "
    > On the other hand I hear a lot of talk about TOEs in hardware 
    > and IPSec in
    > software. Given that, once IPSec is turned on, *every* 
    > incoming packet must
    > be inspected to confirm compliance with the security policy, 
    > I find it hard
    > to believe that a software implementation can be claimed to 
    > be compliant. In
    > fact a software implementation implies introducing a 
    > bottleneck in front of
    > the TOE.
    > Am I misinterpreting the requirement or am I underestimating 
    > the potential
    > performance of a software implementation?
    > Vince Cavanna
    > Agilent Technologies
    >  
    > 
    


Home

Last updated: Thu Feb 21 23:18:14 2002
8836 messages in chronological order