|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iFCP Last Call comments[E] Editorial, [T] Technical ------ iFCP -10 ---------- [E] Remove Change Log in the version after a successful WG Last Call. [E] Section 2.1 - Definitions Terms needed to clarify the concepts presented in this document are presented here. [E] I don't like the usage of "clarify". How about "Terms used to describe the concepts presented in this document are defined here." ? Address-translation mode û A mode of gateway operation in which the scope of N_PORT fabric addresses for locally attached [E] Some tool has helpfully inserted a non-ASCII character. MS Word AutoCorrect is a likely suspect. Hunt all of these down and fix them, then discipline the tool severely ;-). FC-4 - The fibre channel application layer. This layer is functionally equivalent to the TCP/IP application layer. [T] I don't understand this. Are you equating FC-4 with OSI layer 7? If so, I'm not sure that is correct, and it might be better to leave out this attempted analogy. -- Section 3.2 - Fabric Topologies a) Arbitrated Loop -- A series of N_PORTs connected together in daisy-chain fashion. Data transmission between N_PORTs requires arbitration for control of the loop in a manner similar to a token ring network. [T] That's not a fabric topology, unless the loop is fabric attached, in which case you're in case c), Mixed Fabric. iFCP can't support an FC-AL loop that isn't fabric-attached. Depending on the topology, the N_PORT and fabric port variants through which a fibre channel device is attached to the network may be one of the following: Fabric Topology Fabric Port Type N_PORT Variant --------------- ---------------- -------------- Loop L_PORT NL_PORT Switched F_PORT N_PORT Mixed FL_PORT NL_PORT F_PORT N_PORT [T] I believe the Loop line in this table does not match the other lines and if so, this is one more reason to leave non-fabric-attached FC-AL out of this description. -- Section 3.3.1 - Fabric-Supplied Link Services All switched fabrics must provide the following services: Fabric F_PORT server û Services an N_PORT request to access the fabric for communications. [E] "request" --> "requests" -- Section 4.4 - iFCP Fabric Properties As discussed below, an unbounded iFCP fabric may have any number of switch elements and gateways. [E] It's not "any", but the limit is a very large number by comparison to 239. At some point the need to reuse 24-bit addresses for outbound traffic from a single FC link behind an iFCP gateway will be a problem. This comment also applies to the second paragraph in Section 4.4.2. -- 4.5 - The iFCP N_PORT Address Model In the iFCP protocol, an N_PORT is represented by the following addresses: [E] "addresses" --> "types of addresses" to avoid implying that there's only one alias. Different gateways will assign different aliases to the same N_PORT. The mode of gateway operation is settable in an implementation- specific manner. The implementation MUST NOT allow the mode to be changed after the gateway begins processing fibre channel frame traffic. [E] Might want to add a MUST that a gateway cannot operate in more than one mode at the same time, and a repeat of the (implied) requirement that all gateways in an iFCP fabric MUST operate in the same mode. -- 4.6 - Operation in Address Transparent Mode b) When interoperating with locally attached fibre channel switch elements, each iFCP gateway MUST assume control of DOMAIN_ID assignments in accordance with the appropriate fibre channel standard or vendor-specific protocol specification. [T] This is ok, but turns up another requirement that needs to be explicitly stated earlier. Any given FC N_PORT MUST NOT be behind more than one iFCP gateway. Address Transparent mode satisfies this because only one gateway can become the principal switch, so the others presumably shut down, but Address Translation mode appears to have the potential for seriously nasty misbehavior unless the "iFCP gateway MUST become the principal switch" requirement is imposed on it also. Need to add a sentence or two on how an iFCP gateway can be assured of becoming the principal switch. Beyond this, the fact that any Fabric Attached FC-AL loop can have only one FL port completes the picture, ensuring that a loop can't stitch two gateway domains together. Requiring the iFCP gateway to be the principal switch also avoids problems with the gateway being unable to obtain sufficient Domain IDs from the principal switch. -- Section 5.2.2.2 - Creating an iFCP Session The gateway SHALL initiate the creation of an iFCP session in response to a PLOGI ELS directed to a remote N_PORT from a locally attached N_PORT as described in the following steps. a) Using the D_ID field in the PLOGI frame header, locate the remote N_PORT descriptor. If no descriptor exists, the iFCP gateway SHALL return a response of LS_RJT, with a Reason Code of 'Unable to Perform Command Request' (0x09) and a Reason Code Explanation of 'Invalid N_PORT_ID' (0x1F). An iFCP session SHALL NOT be created. [E] Need to explain why this is ok. The answer is that a properly operating FC N_PORT will have previously issued an FC nameserver query that the gateway translated to an iSNS query, and hence when it issues PLOGI to the result of the nameserver query, the iSNS query response created the required descriptor in the gateway before being translated to the FC nameserver result. There's an implication here that remote N_PORT descriptors that result from iSNS queries translated from FC nameserver queries MUST NOT be discarded as long as any N_PORT that has issued a query for that remote N_PORT is logged into the fabric. e) If a CBIND response is returned with one of the following statuses, the PLOGI SHALL be terminated with an LS_RJT message. Depending on the CBIND failure status, the Reason Code and Reason Explanation SHALL be set to the following values specified in [FC-FS]. [E] Add a statement that this plus case f) is a comprehensive list of possible CBIND failure statuses, as specified in Section 6.1. f) A CBIND response with a CBIND STATUS of "N_PORT session already exists" indicates that the remote gateway has concurrently initiated a CBIND request to create an iFCP session between the same pair of N_PORTs. The receiving gateway SHALL terminate this attempt, return the connection to the Unbound state and prepare to respond to an incoming CBIND request as described below. [E] Add a sentence indicating that the "simultaneous open" race is dealt with by allowing the sender with the numerically larger N_PORT name to succeed in establishing the session. The gateway receiving a CBIND request SHALL respond as follows: a) If the receiver has a duplicate iFCP session in the OPEN PENDING state, then the receiving gateway SHALL compare the Source N_PORT Name in the incoming CBIND payload with the Destination N_PORT Name. b) If the Source N_PORT Name is greater, the receiver SHALL issue a CBIND response of "Success" and SHALL place the session in the OPEN state. [E] Add a sentence indicating that in case b), case c) will occur at the other gateway because N_PORT names are globally unique WWNs, and hence this gateway's duplicate session will receive a CBIND STATUS of "N_PORT session already exists" and will be terminated in due course. [T] There's no discussion of what to do if a TCP connection closes unexpectedly during this process (e.g., if closing of unbound connections is allowed at arbitrary times for reasons such as reducing the resources consumed by unbound connections). This needs to be added even if the reason in parentheses is not allowed. Upon receiving such a request, the gateway providing the connectivity probe SHALL transmit LTEST messages at the specified interval. [T] This requires liveness test (LTEST) messages even when the connection is in active use. Was that intended? -- Section 5.2.2.4 - Use of TCP Features and Settings [E] For Wrapped sequence detection, "Should use" in the table should be "SHOULD use". -- Section 5.2.3.1 - iFCP Session Completion In response to the Unbind message, either gateway may choose to close the TCP connection or return it to a pool of unbound connections. [T] This assumes that Unbind is always successful. It can fail, as documented in Section 6.2. Need to specify how to deal with this (e.g., close the TCP connection). [T] Can an iFCP gateway reduce the pool of unbound connections (e.g., due to demands for resources for other connections), possibly by closing them? If yes, need to say so, and -- Section 5.3 - IANA Considerations [E] Put this near the end of the document where IANA can more easily find it. -- Section 5.4.1 - Encapsulation Header Format Protocol# IANA-assigned protocol number identifying the protocol using the encapsulation. For iFCP the value is (/TBD/). [T] It's 2 - cite the FC Encapsulation draft's IANA Considerations section as the authority for this. -- Section 5.4.2 - SOF and EOF Delimiter Fields [E] Need to say that the format is specified in the FC Common Encapsulation document and reproduced here for convenience. SOF (bits 31-24 and bits 23-16 in word 0): iFCP uses the following subset of the SOF fields described in [ENCAP]. [T] This is a problem because these codes are being specified in more than one place. I think the FC Frame Encapsulation document is the right place for the normative specification of these codes (and see my comments against it on the need to get IANA involved). This would be ok as a list of codes that are currently valid, but the specification authority needs to be in one place. Same comment applies to EOF. -- Section 6 - TCP Session Control Messages [E] There's an LS_COMMAND field in figure 16 and a second one in the iFCP portion of the FC Common Encapsulation header (from Section 5.4.1). LS_COMMAND For a special link service ACC response to be processed by iFCP, the LS_COMMAND field SHALL contain bits 31 through 24 of the LS_COMMAND to which the ACC applies. Otherwise the LS_COMMAND field shall be set to zero. When a single section discusses both fields, as Section 6 does, this gets confusing fast. Please rename the LS_COMMAND field in the iFCP portion of the FC Common Encapsulation header to something like ACC_LS_COMMAND or LS_COMMAND_ACC. Request LS_COMMAND Short Name iFCP Support ------- ---------- ---------- ----------- Connection Bind 0xE0 CBIND REQUIRED Unbind Connection 0xE4 UNBIND REQUIRED Test Connection Liveness 0xE5 LTEST REQUIRED [T/E] How do we know that those three values (E0, E4, and E5) will not conflict with some future usage by Fibre Channel? I think the answer is that SES=1 in the iFCP flags in the header, and would be 0 in any future use of these values in an ELS, but the use of those three values looks like an attempt to avoid conflict and should be explained. -- 6.2 - Unbind Connection (UNBIND) Unbind Status Description ------------- ----------- 0 Successful û No other status 1 û 15 Reserved 16 Failed û Unspecified Reason 18 Failed û Connection ID Invalid Others Reserved Unbind can fail, but earlier specification of the use of Unbind (e.g., in Section 5.2.3.1) assumes that it cannot fail. Description of how to deal with Failed status needs to be added there (e.g., close the TCP connection). -- Section 7.2 - Link Services Requiring Payload Address Translation For translation type 3, the receiving gateway SHALL obtain the information needed to fill in the field in the link service frame payload by converting the specified N_PORT worldwide identifier to a gateway IP address and N_PORT ID. This information MUST be obtained through an iSNS name server query. [E] This requires an iSNS query for every type 3 translation received even if it exists locally in a Remote N_PORT descriptor. It looks like this was intended due to the possibility of the descriptor being stale, but I wanted to check if that was in fact the intention. When the ACC response requires iFCP intervention, the receiving gateway MUST act as a proxy for the originator, retaining the state needed to process the response from the N_PORT to which the request was directed. [E] That doesn't parse for me. I think the intended meaning was that when an ELS request is sent whose ACC will require iFCP intervention, the ELS also requires intervention to capture the state necessary to process the ACC. -- 7.3 - Fibre Channel Link Services Processed by iFCP The following Extended and FC-4 Link Service Messages must receive special processing. [T] Process question - how does this list get coordinated with T11 so that it gets updated when T11 defines a new ELS or FC-4 LS that requires iFCP intervention? -- 7.3.1.1 - Abort Exchange (ABTX) Fields Requiring Translation Supplemental Data Address Translation Type (see (type 3 only) ------------------- section 7.2) ------------ ----------- Exchange Originator 1, 2 N/A S_ID [T] Need to specify how to choose the translation type. This comment also applies to RES, RES ACC, RLS, RSS, RRQ, RSI, REC and REC ACC. It may be best resolved by adding additional text in Section 7.2. -- 7.3.1.3 - Discover Address Accept (ADISC ACC) [E] Should the Command field be 0x20 or 0x02? Other Special Processing: The Hard Address of the ELS originator SHALL be set to 0. [T] Doesn't this also require setting the LS_COMMAND iFCP-specific field (to be renamed) in the FC Common Encapsulation header? This comment also applies to all other ACC's in Section 7. -- Section 8.2.1 - Enforcing R_A_TOV Limits [T] The rules in this section appear to allow forwarding of all frames received while in Unsynchronized mode or with a timestamp of 0,0. This looks like a formula for violating R_A_TOV - was this intended? -- Section 9.4.1 - Establishing the Broadcast Configuration The broadcast configuration is managed using facilities provided by the iSNS server. Specifically: a) An iSNS discovery domain is created and seeded with the network address of the global broadcast server N_PORT. The global server is identified as such by setting the appropriate N_PORT entity attribute. [T] There are no means for recovery from failure, so loss of the gateway performing the broadcast service results in loss of the broadcast service. This needs to be explained at a minimum, and probably corrected. -- Section 10.2.2 - Security Threats Conformant implementations of the iFCP protocol MAY use such security definitions. [T] I don't understand this sentence. What was intended? -- Section 10.2.3 Interoperability with Security Gateways Enterprise data center networks are considered mission-critical facilities that must be isolated and protected from all possible security threats. Such networks are usually protected by security gateways, which at a minimum provide a shield against denial of service attacks. The iFCP security architecture is capable of leveraging the protective services of the existing security infrastructure, including firewall protection, NAT and NAPT services, and IPSec VPN services available on existing security gateways. [T] While this is true of iFCP, iSNS has some serious issues with NAT and NAPT, and iFCP cannot be operated without iSNS. -- Section 10.2.4 - Authentication iFCP gateways MUST use Discovery Domain information obtained from the iSNS server [ISNS] to determine whether the initiating fibre channel N_PORT should be allowed access to the target N_PORT. N_PORT identities used in the Port Login (PLOGI) process shall be considered authenticated provided the PLOGI request is received from the remote gateway over a secure, IPSec-protected connection. [T] Need to say something about the IKE identities (ID payloads) used for the authentication, and how they correspond to information obtained from iSNS - NATs/NAPTs will cause issues here. Just requiring an IPsec-protected connection isn't good enough as it may allow a node not registered with iSNS to get in. -- Section 10.2.6 Rekeying [E] I believe the security draft has changed in this area (small rekeying interval example), please check it. -- Section 10.2.7 Authorization Authorization is outside of the scope of this specification, and is seen as fully orthogonal to the iFCP security design. Such design, however, includes key authorization-enabling features in the form of Identity Payload (e.g., ID_FQDN), certificate-based authentication (e.g., with X509v3 certificates), and discovery domains [ISNS]. [T] What?? If iSNS doesn't know about an iFCP gateway, that gateway shouldn't be able to talk to any other iFCP gateway. That's access control, which counts as authorization in my book. -- Section 10.3.2 - Use of IKE and IPsec If an iFCP implementation makes use of unbound TCP connections, and such connections belong to an iFCP Portal with security requirements, then the unbound connections MUST be protected by an SA at all times just like bounded connections. [E] "bounded" --> "bound" Upon receiving an IKE Phase-2 delete message, there is no requirement to terminate the protected TCP connections or delete the associated IKE Phase-1 SA. Since an IKE Phase-2 SA may be associated with multiple TCP connections, terminating such connections might in fact be inappropriate and untimely. An iFCP Portal must instead attempt to create a new Phase-2 SA while there are outstanding iFCP sessions. [T] That's a problem. If the other side is behaving in accordance with the next paragraph ...: To minimize the number of active Phase-2 SAs, IKE Phase-2 delete messages may be sent for Phase-2 SAs whose TCP connections have not handled data traffic for a while. To minimize the use of SA resources while the associated TCP connections are idle, creation of a new SA may be deferred until new data is to be sent over the connections. ... and is deleting the Phase-2 SAs because it lacks the resources to support them, immediately creating a new Phase-2 SA in response to delete messages risks livelock (massive churn in Phase-2 SA creation/destruction). Creating a new Phase-2 SA in response to a Phase-2 delete message SHOULD be deferred until there is traffic to send over that SA. -- Section 13. - Normative References [E] RFC 2451 reference shows up twice. -- Section A.2 - Link Services Processed Transparently ACC Accept [T] Is that right? I thought this was intercepted in some cases, as indicated in Table 6. FDISC Discover F_Port Service Parameters FLOGI F_Port Login RTV Read Timeout Value [T] Definitely wrong - the iFCP gateway has to implement these itself as specified in Section 9.1. LINIT Loop Initialize LPC Loop Port Control LSTS Loop Status SCL Scan Remote Loop [T] I don't have time to check these, but I'm suspicious about whether anything that has "Loop" as part of its name can/should be forwarded transparently into an FC fabric, although SCL seems plausible. Please\ verify whether these are transparent. RSCN Registered State Change Notification SCN State Change Notification SCR State Change Registration [T] Those can't be transparent, as Section 9.2 requires the iFCP gateway to implement them. Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 249-6449 *NEW* FAX: +1 (508) 497-8500 black_david@emc.com Cell: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Mon Mar 18 08:18:11 2002 9174 messages in chronological order |