[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
iSCSI - IPSEC target and transport mode
- To: ips@ece.cmu.edu
- Subject: iSCSI - IPSEC target and transport mode
- From: Pierre Labat <pierre_labat@hp.com>
- Date: Tue, 26 Mar 2002 15:33:43 -0800
- Content-Type: multipart/alternative;boundary="------------9A44B409A733EEC983810100"
- Organization: Hewlett Packard iSCSI-SISL
- Sender: owner-ips@ece.cmu.edu
Hello,
Based on what has been decided in Minneapolis could you confirm
that the following 4 points till hold true for iSCSI.
(1)
RFC2401 Chapter 4.1 page 10 "a host must support both tunnel mode
and transport mode".
(2)
A target that "consumes" the IP destination address (inner in the
case
of a tunnel) MUST support the transport mode because of (1)
In this case the target is defined as a "host" in IPSEC terminology.
"consume" means rip off the IP header, don't forward the IP datagram.
(3)
As a consequence of (1) and (2):
An initiator (an IPSEC host) that talks with a target that "consumes"
its IP address (inner if tunnel) is guaranteed that it can use
the transport mode.
Because the target has to support it based on (2).
(4)
When tunnel mode to a target is used where destination address
(inner)
is the same as the outer address,
that means the target is not an IPSEC gateway but
an IPSEC host, and transport mode could be used instead of transport
mode for this SA.
Regards,
Pierre