|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] FCIP WG Last Call Comments 34-37 - Frame Sync Recovery
First, I want to thank the FCIP authors for resolving the
issues around the recovery algorithm in Annex/Appendix C
(comments 36 and 37). I suspect they think I owe them one
(I probably do) and they will doubtless want to collect
at some point :-).
I have one remaining concern about the resolution to
Comment 34 - part of its resolution says:
b) Explicit testing of the SOF and EOF values is not MANDATORY
in this section because they must be used to reconstruct the
FC Frame prior to transmission in the FC Fabric. That process
will necessarily validate the SOF and EOF;
The EOF already had to be validated at item 3) of the list
just above this. It would be good to add the gist of b)
to the draft - SOF MUST be validated in a manner similar
to EOF before forwarding the frame, and doing it at the
same stage of processing as EOF validation is one possibility.
The proposed resolution of comment 35 is fine - it's included
here for completeness.
Thanks,
--David
----- Comments 34-37 ---------
Comment 34 Technical
-- Section 6.6.2.2 - Errors in FCIP Headers and Discarding FCIP
Frames
In addition to the tests above, the validity and positioning of
the following FCIP Frame information SHOULD be used to detect
encapsulation errors that may or may not affect synchronization:
a) Protocol # field and its ones complement (2 tests);
b) Version field and its ones complement (2 tests);
[... list continues, snipped ...]
[T] I think at least these two are MUSTs. At a minimum, the
Protocol# and Version field must be checked against expected values -
I might accept the checks against their ones complements being
SHOULDs. Same comment applies to the Flags field and SOF. Someone
MUST check the FC frame CRC before forwarding the frame, but that
responsibility could be assigned to the FC Entity.
Accepted (Partially) with the following results
1) Add to 6.6.2.2 checking Protocol# and Version#. This addition
will have to be in a separate paragraph before the current 1),
2), 3) list because it is not a synchronization issue;
2) Keep the one's complement tests in the SHOULD a), b), c) list,
but reduce the number of tests in that list by 2 (1 in a and
1 in b); and
3) Change the count of optional tests required from "5 of 18" to
"3 of 18".
Responses to other issues raised by comment
a) The Flags field is not a MUST test because it provides no
certain identification of the protocol beyond that provided by
Ralph Weber [Page 15]
Internet-Draft FCIP 1st WG Last Call April, 2002
the Protocol# field;
b) Explicit testing of the SOF and EOF values is not MANDATORY
in this section because they must be used to reconstruct the
FC Frame prior to transmission in the FC Fabric. That process
will necessarily validate the SOF and EOF; and
c) Not even the Fibre Channel standards require that the FC CRC
be validated by FC Fabric elements. FC Endnode validation of
the FC CRC is sufficient.
Comment 35 Technical
-- Section 6.6.2.2 - Errors in FCIP Headers and Discarding FCIP
Frames
At least 5 of the 18 tests listed above SHALL be performed.
Failure of any of the above tests actually performed SHALL
indicate an encapsulation error and the frame SHALL NOT be
forwarded on to the FC Entity. Further, such errors SHOULD be
considered carefully, since some may be synchronization errors.
[T] There aren't 18 tests, and I think some of the individual tests
(or subsets) are MUSTs (see previous comment). This needs to be gone
over carefully - in essence a MUST is only appropriate where failure
to apply the test carries a non-negligible risk of forwarding a bad
frame to FC.
The authors are the experts on this and need to do this analysis. I
don't understand the last "SHOULD" - what is the (testable)
requirement on an implementation?
No changes made
There are 18 tests: 2 + 2 + 1 + 2 + 2 + 1 + 4 + 1 + 2 + 1 = 18
What tests are MUSTs is covered by comment 34.
The authors have gone over the tests carefully and have concluded
that no individual test or specific group of tests associates
specifically with a non-negligible risk of forwarding a bad frame
to FC. The requirement is that a suitable number (at least 5, or
12 when the 7 required tests are included) tests is necessary to
reduce the risk of forwarding a bad frame to FC to a negligible
level. The specific tests selected depends on the implementation,
i.e., what test can be performed most efficiently in the
implementation hardware.
The "SHOULD" statement is intended to guide implementations.
Repeated failures of, for example, the CRC equal to zero test may
Ralph Weber [Page 16]
Internet-Draft FCIP 1st WG Last Call April, 2002
mean that synchronization has been lost. There are no hard and fast
rules here.
Comment 36 Technical
-- Section 6.6.2.3 - Synchronization Failures
If the FCIP_DE attempts to recover synchronization, the
resynchronization algorithm used SHALL meet the following
requirements:
[T] One requirement is missing, which may be part of b):
b) return to sending valid FC Frames only after synchronization
has been verified; and
[T] Verification of synchronization MUST exclude any possibility of
forwarding an FC frame that was not sent by the transmitting FCIP
Entity. This includes the scenario in which a valid encapsulated FCIP
frame occurs in the payload of an FC frame that is encapsulated and
sent over FCIP; excluding this scenario is necessary but not
sufficient to meet the requirement.
Accepted with the following results
Replace b) with: "return to forwarding FC Frames only after
synchronization on the transmitted FCIP Frame stream has been
verified; and"
Comment 37 Technical
-- Section 6.6.2.3 - Synchronization Failures
An example algorithm meeting these requirements can be found in
annex C.
[T] That doesn't meet the missing requirement that my above
comment wants to add. The problem is at step 2 of the algorithm
description.
2) Use multiple strong candidate headers to locate a verified
candidate header:
The Frame Length in one strong candidate header is used to skip
incoming bytes until the expected location of the next strong
candidate header is reached. Then the tests described in step
1) are applied to see if another strong candidate header has
successfully been located.
Ralph Weber [Page 17]
Internet-Draft FCIP 1st WG Last Call April, 2002
The "skip incoming bytes" step makes it possible that a set of valid
FC headers is interlaced in the payloads of FC frames in a fashion
that causes all the real headers to be skipped. This is a rather
unlikely, but not impossible scenario. This could be dealt with by
searching for headers instead of skipping data and aborting if a
header is found where data should have been or carrying on and
aborting if an interlaced header chain scenario arises. The
algorithm in Annex C does address the scenario of FCIP frames
occurring in FC frame payloads, but it doesn't meet the "can't be
fooled" requirement that I think should be added.
Unfortunately, this issue appears to not be resolvable within the WG.
I have had heated and lengthy offline discussion with the FCIP
Authors in which they have made clear their strong opposition to the
"missing requirement" and the need to scan rather than skip data, and
have argued that the algorithm in Annex C produces a long enough
chain of headers that the odds of having followed a chain that is
interlaced through frame payloads is small enough to be ignored.
I will have to consult the Area Directors.
Accepted with the following comment
Modifications to either step 2 or step 3 will achieve the requested
results. Because step 3 already includes complex steps such as
verifying the FC CRC value, changes in response to the comment will
be made in step 3.
Actions to be taken
1) Change the first paragraph of Annex C step 3 from:
"Incoming bytes are skipped and discarded until the next
verified candidate header is reached. Each verified candidate
header is tested against the full collection of tests listed in
section 6.6.2.2 as would normally be the case."
to:
"Incoming bytes are inspected and discarded until the next
verified candidate header is reached. Inspection of the incoming
bytes includes testing for other candidate headers using the
criteria described in step 1. Each verified candidate header is
tested against the tests listed in section 6.6.2.2 as would
normally be the case."
Ralph Weber [Page 18]
Internet-Draft FCIP 1st WG Last Call April, 2002
2) Change the second sentence in the third paragraph of Annex C
step 3 from:
"If any verified candidate headers are invalid and fail to meet
the tests for a strong candidate header, increment the retry
counter and return to step 1."
to:
"If any verified candidate headers are invalid and fail to
meet the tests for a strong candidate header or inspection
of the bytes between verified candidate headers discovers
any candidate headers, increment the retry counter and
return to step 1."
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA 01748
+1 (508) 249-6449 *NEW* FAX: +1 (508) 497-8500
black_david@emc.com Cell: +1 (978) 394-7754
---------------------------------------------------
Home Last updated: Thu Apr 25 20:18:24 2002 9800 messages in chronological order |