SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    FCIP WG Last Call Comments 34-37 - Frame Sync Recovery



    First, I want to thank the FCIP authors for resolving the
    issues around the recovery algorithm in Annex/Appendix C
    (comments 36 and 37).  I suspect they think I owe them one
    (I probably do) and they will doubtless want to collect
    at some point :-).
    
    I have one remaining concern about the resolution to
    Comment 34 - part of its resolution says:
    
       b) Explicit testing of the SOF and EOF values is not MANDATORY
          in this section because they must be used to reconstruct the
          FC Frame prior to transmission in the FC Fabric. That process
          will necessarily validate the SOF and EOF; 
    
    The EOF already had to be validated at item 3) of the list
    just above this.  It would be good to add the gist of b)
    to the draft - SOF MUST be validated in a manner similar
    to EOF before forwarding the frame, and doing it at the
    same stage of processing as EOF validation is one possibility.
    
    The proposed resolution of comment 35 is fine - it's included
    here for completeness.
    
    Thanks,
    --David
    
    ----- Comments 34-37 ---------
    
    Comment 34 Technical
     
       -- Section 6.6.2.2 - Errors in FCIP Headers and Discarding FCIP
        Frames
     
          In addition to the tests above, the validity and positioning of
          the following FCIP Frame information SHOULD be used to detect
          encapsulation errors that may or may not affect synchronization:
     
          a)  Protocol # field and its ones complement (2 tests);
          b)  Version field and its ones complement (2 tests);
       [... list continues, snipped ...]
     
       [T] I think at least these two are MUSTs. At a minimum, the
       Protocol# and Version field must be checked against expected values -
       I might accept the checks against their ones complements being
       SHOULDs. Same comment applies to the Flags field and SOF. Someone
       MUST check the FC frame CRC before forwarding the frame, but that
       responsibility could be assigned to the FC Entity.
     
       Accepted (Partially) with the following results
     
       1) Add to 6.6.2.2 checking Protocol# and Version#. This addition
          will have to be in a separate paragraph before the current 1),
          2), 3) list because it is not a synchronization issue;
       2) Keep the one's complement tests in the SHOULD a), b), c) list,
          but reduce the number of tests in that list by 2 (1 in a and
          1 in b); and
       3) Change the count of optional tests required from "5 of 18" to
          "3 of 18".
     
       Responses to other issues raised by comment
     
       a) The Flags field is not a MUST test because it provides no 
          certain identification of the protocol beyond that provided by
    
    
    Ralph Weber                                                    [Page 15]
    
    Internet-Draft             FCIP 1st WG Last Call             April, 2002
    
    
          the Protocol# field;
       b) Explicit testing of the SOF and EOF values is not MANDATORY
          in this section because they must be used to reconstruct the
          FC Frame prior to transmission in the FC Fabric. That process
          will necessarily validate the SOF and EOF; and
       c) Not even the Fibre Channel standards require that the FC CRC
          be validated by FC Fabric elements. FC Endnode validation of
          the FC CRC is sufficient.
     
     
    Comment 35 Technical
     
       -- Section 6.6.2.2 - Errors in FCIP Headers and Discarding FCIP
        Frames
     
          At least 5 of the 18 tests listed above SHALL be performed.
          Failure of any of the above tests actually performed SHALL
          indicate an encapsulation error and the frame SHALL NOT be
          forwarded on to the FC Entity. Further, such errors SHOULD be
          considered carefully, since some may be synchronization errors.
     
       [T] There aren't 18 tests, and I think some of the individual tests
       (or subsets) are MUSTs (see previous comment). This needs to be gone
       over carefully - in essence a MUST is only appropriate where failure
       to apply the test carries a non-negligible risk of forwarding a bad
       frame to FC.
       The authors are the experts on this and need to do this analysis. I
       don't understand the last "SHOULD" - what is the (testable)
       requirement on an implementation?
     
       No changes made
     
       There are 18 tests: 2 + 2 + 1 + 2 + 2 + 1 + 4 + 1 + 2 + 1 = 18
     
       What tests are MUSTs is covered by comment 34.
     
       The authors have gone over the tests carefully and have concluded
       that no individual test or specific group of tests associates
       specifically with a non-negligible risk of forwarding a bad frame
       to FC. The requirement is that a suitable number (at least 5, or 
       12 when the 7 required tests are included) tests is necessary to
       reduce the risk of forwarding a bad frame to FC to a negligible
       level. The specific tests selected depends on the implementation,
       i.e., what test can be performed most efficiently in the
       implementation hardware.
     
       The "SHOULD" statement is intended to guide implementations.
       Repeated failures of, for example, the CRC equal to zero test may
    
    
    Ralph Weber                                                    [Page 16]
    
    Internet-Draft             FCIP 1st WG Last Call             April, 2002
    
    
       mean that synchronization has been lost. There are no hard and fast
       rules here.
     
    Comment 36 Technical
     
       -- Section 6.6.2.3 - Synchronization Failures
     
          If the FCIP_DE attempts to recover synchronization, the
          resynchronization algorithm used SHALL meet the following
          requirements:
     
       [T] One requirement is missing, which may be part of b):
     
          b)  return to sending valid FC Frames only after synchronization
              has been verified; and
     
       [T] Verification of synchronization MUST exclude any possibility of
       forwarding an FC frame that was not sent by the transmitting FCIP
       Entity. This includes the scenario in which a valid encapsulated FCIP
       frame occurs in the payload of an FC frame that is encapsulated and
       sent over FCIP; excluding this scenario is necessary but not
       sufficient to meet the requirement.
     
       Accepted with the following results
     
       Replace b) with: "return to forwarding FC Frames only after
       synchronization on the transmitted FCIP Frame stream has been
       verified; and"
     
    Comment 37 Technical
     
       -- Section 6.6.2.3 - Synchronization Failures
     
          An example algorithm meeting these requirements can be found in
          annex C.
     
       [T] That doesn't meet the missing requirement that my above 
       comment wants to add. The problem is at step 2 of the algorithm
       description.
     
          2)  Use multiple strong candidate headers to locate a verified
              candidate header:
     
              The Frame Length in one strong candidate header is used to skip
              incoming bytes until the expected location of the next strong
              candidate header is reached. Then the tests described in step
              1) are applied to see if another strong candidate header has
              successfully been located.
    
    
    Ralph Weber                                                    [Page 17]
    
    Internet-Draft             FCIP 1st WG Last Call             April, 2002
    
    
     
       The "skip incoming bytes" step makes it possible that a set of valid
       FC headers is interlaced in the payloads of FC frames in a fashion
       that causes all the real headers to be skipped. This is a rather
       unlikely, but not impossible scenario. This could be dealt with by
       searching for headers instead of skipping data and aborting if a
       header is found where data should have been or carrying on and
       aborting if an interlaced header chain scenario arises. The
       algorithm in Annex C does address the scenario of FCIP frames
       occurring in FC frame payloads, but it doesn't meet the "can't be
       fooled" requirement that I think should be added.
     
       Unfortunately, this issue appears to not be resolvable within the WG.
       I have had heated and lengthy offline discussion with the FCIP
       Authors in which they have made clear their strong opposition to the
       "missing requirement" and the need to scan rather than skip data, and
       have argued that the algorithm in Annex C produces a long enough
       chain of headers that the odds of having followed a chain that is
       interlaced through frame payloads is small enough to be ignored.
       I will have to consult the Area Directors.
     
       Accepted with the following comment
     
       Modifications to either step 2 or step 3 will achieve the requested
       results. Because step 3 already includes complex steps such as
       verifying the FC CRC value, changes in response to the comment will
       be made in step 3.
     
       Actions to be taken
     
       1) Change the first paragraph of Annex C step 3 from:
     
           "Incoming bytes are skipped and discarded until the next
           verified candidate header is reached. Each verified candidate
           header is tested against the full collection of tests listed in
           section 6.6.2.2 as would normally be the case."
     
       to:
     
           "Incoming bytes are inspected and discarded until the next
           verified candidate header is reached. Inspection of the incoming
           bytes includes testing for other candidate headers using the
           criteria described in step 1. Each verified candidate header is
           tested against the tests listed in section 6.6.2.2 as would
           normally be the case."
     
     
     
    
    
    Ralph Weber                                                    [Page 18]
    
    Internet-Draft             FCIP 1st WG Last Call             April, 2002
    
    
       2) Change the second sentence in the third paragraph of Annex C
          step 3 from:
     
           "If any verified candidate headers are invalid and fail to meet
           the tests for a strong candidate header, increment the retry
           counter and return to step 1."
     
       to:
     
           "If any verified candidate headers are invalid and fail to
           meet the tests for a strong candidate header or inspection
           of the bytes between verified candidate headers discovers
           any candidate headers, increment the retry counter and
           return to step 1."
     
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
    black_david@emc.com         Cell: +1 (978) 394-7754
    ---------------------------------------------------
    


Home

Last updated: Thu Apr 25 20:18:24 2002
9800 messages in chronological order