|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iSCSI: A list of all normative sentencesI wrote a Perl script to extract a list of all sentences from an RFC/draft that contain the normative words: MUST, SHOULD, and so on. Such a list seems more useful than the concordances that I have been sharing so far (it was actually a suggestion John made a while back). Parsing the text is not as easy as it sounds and I am still improving things. The current tool works pretty well on the text Internet drafts, and is still useful on the PDF from Julo's website (http://www.haifa.il.ibm.com/satran/ips/draft-ietf-ips-iscsi-12-95.pdf). Here (below) is the output for12-95. This information is useful (to me anyway) in order to focus on the areas where the draft is normative. I'll try and include some more useful things like section numbers and so forth, but it seemed like time was of the essence to get the draft cleaned up going in to last call - so I included what I currently have. Ignore the HTML markup (we just use that internally). Mike Smith CTO, iReady NumberOfMUSTsFound = 331 <br> @SentencesWithMUSTs : The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119. -IPsec transport mode is MAY and authentication MUST be used when encryption is used. -Padding bytes SHOULD be sent as 0 (instead of MUST be 0). -All specified keys except X-* MUST be accepted (2.8.3). MAY be discarded" into MUST be discarded. iSCSI targets and initiators MUST support at least one TCP connec-tion and MAY support several connections in a session. For this reason the task management command MUST carry the current CmdSN as a marker of their position in the stream of commands. An iSCSI target MUST be able to handle at least one immediate task management command and one immediate non-taskmanagement iSCSI request per connection at any time. With the exception of the commands marked for immediate delivery, the iSCSI target layer MUST deliver the commands for execution in the order specified by CmdSN. On any given connection, the iSCSI initiator MUST send the commands in increasing order of CmdSN, except for commands that are retransmitted due to digest error recovery and connection recovery. Comparisons and arithmetic on ExpCmdSN and MaxCmdSN MUST use Serial Number Arithmetic as defined in [RFC1982] where SERIAL_ BITS =. The target MUST NOT transmit a MaxCmdSN that is less than ExpCmdSN-1. The target MUST silently ignore any non-immediate command outside of this range or non-immediate duplicates within the range. iSCSI initiators and targets MUST support the command numbering scheme. If an initiator issues a command retry for a command with CmdSN R on a connection when the session CmdSN register is Q, it MUST NOT advance the CmdSN past R + 2** 31 -1 unless a different non-immediate command with CmdSN equal or greater than Q was issued on the same connection if the connection is still operational, and the reception of the command is acknowledged by the target (see Section 8.4 Command Retry and Cleaning Old Command Instances). The second non-immediate command when sent, MUST be sent in-order after the retried command on the same connection. A target MUST NOT issue a command response or DATA-In PDU with sta-tus before acknowledging the command. Initiators and Targets MUST support the response-numbering scheme. Data and R2T PDUs, transferred as part of some command execution, MUST be sequenced. For any given write command, a target MUST issue less than 2** 32 R2Ts. Any input or output data sequence MUST contain less than 2** 32 numbered PDUs. Any other PDU, when received at initiator or target, is a protocol error and MUST result in the connection being terminated. Login requests and responses MUST be used exclusively during Login. On any connection the login phase MUST immediately succeed TCP connection establishment and a single Login Phase is allowed before tearing down a connection. For an iSCSI request issued over a TCP connection, the corresponding response and/ or requested PDU( s) MUST be sent over the same connection. For SCSI commands that require data and/ or a parameter transfer, the (optional) data and the status for the command MUST be sent over the same TCP connection to which the SCSI command is currently alle-giant, illustrating the above rule. Thus, if an initiator issues a READ command, the target MUST send the requested data, if any, followed by the status to the initiator over the same TCP connection that was used to deliver the SCSI command. If an initiator issues a WRITE command, the initiator MUST send the data, if any, for that command over the same TCP connection that was used to deliver the SCSI command. The target MUST return Ready To Transfer (R2T), if any, and the status over the same TCP connection that was used to deliver the SCSI command. Retransmission requests (SNACK PDUs) and the data and status that they generate MUST also use the same connection. iSCSI initiators and targets MUST also enforce some ordering rules. Unsolicited data MUST be sent on every connection in the same order in which commands were sent. Each iSCSI node, whether an initiator or target, MUST have an iSCSI name. Initiators and targets MUST support the receipt of iSCSI names of up to the maximum length of 255 bytes. The initiator MUST present both its iSCSI Initiator Name and the iSCSI Target Name to which it wishes to connect in the first login request of a new session or connection. An iSCSI name MUST be a UTF-8 encoding of a string of Unicode characters, with the following properties: -it is in Normalization Form C (see "Unicode Normalization Forms" [UNICODE]) -it contains only the following characters:. One of these two type strings MUST be used when constructing an iSCSI name; any type string not listed here is not allowed, as they cannot be guaranteed to be unique. This date MUST be a date during which the naming authority owned the domain name used in this format, and SHOULD be the date on which the domain name was acquired by this naming authority. If a specific implementation performs PDU delivery to the Sync and Steering layer through multiple operations, it MUST bracket an operation set used to deliver a single PDU in a manner that the Sync and Steering Layer can understand. The Sync and Steering Layer (which is OPTIONAL) MUST retain the PDU end address within the stream for every delivered iSCSI PDU. To enable the Sync and Steering operation to perform Steering, additional information, including identifying tags and buffer offsets, MUST also be retained for every sent PDU. On the outgoing path, the Sync and Steering layer MUST map the outgoing stream addresses from iSCSI stream addresses to TCP stream sequence numbers. However, Sync and Steering MUST take into account the additional data inserted in the stream by UFL. When used in SCSI parameter data, the SCSI port name MUST be encoded as:. After being selected the same TSIH value MUST be used whenever initiator or target refer to the given session and a TSIH is required. The following definitions will be used in the rest of this document: key-name: a string of one or more characters consisting of letters, digits, dot, minus, plus, commercial at, and underscore, A key-name MUST begin with a capital letter an must not exceed 63 characters. Any iSCSI target or initiator MUST support receiving at least 16384 bytes of key= value data in a negotiation sequence except when indicating support for very long authentication items by offering or selecting authentication methods such as public key certificates in which case they MUST support receiving at least 64 kilobytes of key= value data. All negotiations are explicit (i.e., the result MUST be based only on newly exchanged or declared values). However, the Text Response for a key not understood MUST be key= NotUnderstood. All keys in Chapter 11, except for the X-extension format, MUST be supported by iSCSI initiators and targets and MUST NOT be answered with NotUnderstood. A target or initiator receiving a Text Request respective Text Response with the C flag bit set to 1 MUST answer with a Text Response or Text Request with no data segment (DataSegmentLength 0). A Text Request or Text Response PDU having the C flag bit set to 1 MUST NOT have the F bit set to 1. The responding party MUST respond with the same key and select first value that it supports (and is allowed to use for the specific originator) selected from the originator list. The constant "None" MUST always be used to indicate a missing function. If a responder does not understand any particular value in a list it MUST ignore it. For simple-value negotiations, the responding party MUST respond with the same key. For boolean negotiations (keys taking the values Yes or No), the responding party MUST respond with the same key and the result of the negotiation when the received value does not determine that result by itself. The initial login request of any connection MUST include the InitiatorName key= value pair. For any connection within a session whose type is not "Discovery", the first login request MUST also include the TargetName key= value pair. The Login Phase MAY include a SecurityNegotiation stage and a LoginOperationalNegotiation stage and MUST include at least one of them, but the included stage MAY be empty except for the mandatory names. If both stages are used, the SecurityNegotiation MUST precede the LoginOperationalNegotiation. Security MUST be completely negotiated within the Login Phase. During this exchange, the next stage is selected by the target and MUST NOT exceed the value stated by the initiator. Targets MUST NOT submit parameters that require an additional initiator login request in a login response with the T bit set to 1. The Login Final-Response that accepts a Login Command can come only as a response to a Login command with the T bit set to 1, and both the command and response MUST have FullFeaturePhase in the NSG field. If detected by the target this MUST result in a Login reject (initiator error). The initiator MUST drop the connection. If the iSCSI target implementation supports altering the portal group configuration (including adding, deleting, and swapping of portals in a portal group), it MUST return the TargetPortalGroupTag key carrying the tag value of the servicing portal group. If the reconfiguration of iSCSI portal groups is a concern in a given environment, the iSCSI initiator MUST use this key to ascertain that it had indeed initiated the Login Phase with the intended target portal group. -The target MUST reply with the first option in the list it supports and is allowed to use for the specific initiator unless it does not support any in which case it MUST answer with "Reject" (see also Section 4.2 Text Mode Negotiation). -The initiator must be aware of the imminent completion of the SecurityNegotiation stage and MUST set the T bit to 1 and the NSG to what it would like the next stage to be. If the next stage is FullFeaturePhase, the target MUST respond with a Login Response with the Session ID and the protocol version. If the security negotiation fails at the target, then the target MUST send the appropriate Login Response PDU. The initiator MUST indicate its intent to terminate the negotiation by setting the T bit to 1; the target sets the T bit to 1 on the last response. Whenever parameter action or acceptance are dependent on other parameters, the dependent parameters MUST be sent after the parameters on which they depend. Thus, the TSIH in the Login PDU MUST be non-zero and CID does not change during a connection reinstatement. The initiator connection state MUST be CLEANUP_ WAIT (section 5.1) for attempting a connection reinstatement. Thus, the TSIH in the Login PDU MUST be zero to signal ses-sion reinstatement. The initiator session state MUST be FAILED (Section 5.3 Session State Diagrams) for attempting a session reinstatement. The initiator MUST indicate its intent to terminate the negotiation by setting the F bit to 1; the target sets the F bit to 1 on the last response. Targets MUST NOT submit parameters that require an additional initiator text request in a text response with the F bit set to 1. Whenever parameter action or acceptance is dependent on other parameters, the dependent parameters MUST be sent after the parameters on which they depend; if sent within the same command, a response for a parameter might imply responses for others. Whenever the target responds with the F bit set to 0, it MUST set the Target Transfer Tag to a value other than the default 0xffffffff. If detected by the target this MUST result in a Reject with a reason of "protocol error". The initiator MUST reset the negotiation as outlined above. Retry MUST NOT be used for reasons other than plugging command sequence gaps. If initiators, as part of plugging command sequence gaps as described above, inadvertently issue retries for allegiant commands already in progress (i.e., targets did not see the discontinuities in CmdSN ordering), targets MUST silently discard the duplicate requests if the CmdSN window had not advanced by then. Targets MUST support the retry functionality described above. When an iSCSI command is retried, the command PDU MUST carry the original Initiator Task Tag and the original operational attributes (e.g., flags, function names, LUN, CDB etc.) as well as the original CmdSN. The command being retried MUST be sent on the same connection as the original command unless the original connection was already successfully logged out. When a target does not support allegiance reassignment, it MUST respond with a task management response code of "Task failover not supported". If allegiance reassignment is supported by the target, but the task is still allegiant to a different connection, the target MUST respond with a task management response code of "Task still allegiant". Targets MUST NOT implicitly terminate an active task by sending a Reject PDU for any PDU exchanged during the life of the task. The CmdSN of the rejected command PDU (if it carried one) MUST NOT be considered received by the target (i.e., a command sequence gap must be assumed for the CmdSN), even though the CmdSN can be reliably ascertained in this case. When a data PDU is rejected and its DataSN can be ascertained, a target MUST advance ExpDataSN for the current data burst if a recovery R2T is being generated. When a target or an initiator receives an iSCSI PDU with a format error, it MUST immediately terminate all transport connections in the session either with a connection close or with a connection reset and escalate the format error to session recovery (see Section 6.12.4 Session Recovery). When a target receives any iSCSI PDU with a header digest error, it MUST silently discard the PDU. When a target receives any iSCSI PDU with a payload digest error, it MUST answer with a Reject iSCSI PDU with a Reason-code of DataDigest-Error and discard the PDU. -If the discarded PDU is a solicited or unsolicited iSCSI data PDU (for immediate data in a command PDU, non-data PDU rule below applies), the target MUST do one of the following: a) Request retransmission with a recovery R2T. If the target chooses to implement this option, it MUST wait to receive all the data (signaled by a Data PDU with the final bit set for all outstanding R2Ts) before sending the response PDU. When an initiator receives any iSCSI PDU with a header digest error, it MUST discard the PDU. When an initiator receives any iSCSI PDU with a payload digest error, it MUST discard the PDU. -If the discarded PDU is an iSCSI data PDU, the initiator MUST do one of the following: a) Request the desired data PDU through SNACK. In its turn, the target MUST either resend the data PDU or, reject the SNACK with a Reject PDU with a reason-code of "SNACK Reject" in which case: i) if the status had not already been sent for the com-mand, the target MUST terminate the command with an iSCSI response reason( Section 9.4.3 Response) of "SNACK rejected". Initiator in this case MUST inter-nally signal the completion with the "SNACK rejected" reason (Section 9.4.3 Response) disregarding any received status PDU, but must wait for the status to be received before doing so. -If the discarded PDU is a response PDU, the initiator MUST do one of the following: a) Request PDU retransmission with a status SNACK. The initiator MUST address these implied digest errors as described in Section 6.5 Digest Errors. Target MUST address these implied digest errors as described in Section 6. When an initiator receives an iSCSI status PDU with an out-of-order StatSN that implies missing responses, it MUST address the one or more missing status PDUs as described in Section 6.5 Digest Errors. If the initiator wants to recover the missing data for a command, it MUST NOT acknowledge the received responses that start from the StatSN of the interested command, until it has completed receiving all the data PDUs of the command. When an initiator receives duplicate R2TSNs (due to proactive retransmission of R2Ts by the target) or duplicate DataSNs (due to proactive SNACKs by the initiator), it MUST discard the duplicates. On a ULP timeout for a command (that carried a CmdSN of n), the iSCSI initiator MUST abort the command by either using the Abort Task task management function request, or a "close the connection" Logout if it intends to continue the session. If the abort request is received and the original command is miss-ing, targets MUST consider the original command with that RefCmdSN to be received and issue a task management response with the response code: "Function Complete". -During Login, any failure in negotiation MUST be considered a login process failure and the Login Phase must be terminated, and with it the connection. The operational parameters of the session or the connection MUST continue to be the values agreed upon during an earlier successful negotiation (i.e., any partial results of this unsuccessful negotiation must be undone). On connection failure, the initiator and target MUST do one of the following:. Either side may choose to escalate to session recovery, and the other side MUST give it precedence. On a connection failure, a target MUST terminate and/ or discard all the active immediate commands regard-less of which of the above options is used (i.e., immediate commands are not recoverable across connection failures). Use of within-connection and within-command recovery classes MUST NOT be attempted before the connection is in Full Feature Phase. The initiator MUST close the connec-tion. It then MUST either Logout the failed connection, or Login with an implied Logout, and reassign connection alle-giance for all commands still in progress associated with the failed connection on another connection (that MAY be a newly established connection) using the "Task reassign" task management function (see Section 9.5.1 Function). The initiator MUST handle it as a TCP connection failure for the connec-tion( s) referred to in the Message. The target MUST close the connection and if more than one connection is available, the target SHOULD send an Asynchronous Message that indicates it has dropped the connection. iSCSI implementations MUST provide means of protection against active attacks (e.g., pretending to be another identity, message insertion, deletion, modification, and replaying) and passive attacks (e.g., eavesdropping, gaining advantage by analyzing the data sent over the line). Whenever an iSCSI initiator gets a response whose keys, or their values, are not according to the step definition, it MUST abort the connection. Whenever an iSCSI target gets a response whose keys, or their values, are not according to the step definition, it MUST answer with a Login reject with the "Initiator Error" or "Missing Parameter" status (these statuses are not intended for cryptographically incorrect value, e.g., the CHAP response, for which "Authentication Failure" status MUST be specified). Compliant iSCSI implementation MUST implement the CHAP authentication method [RFC1994] (according to Section 10.5 Challenge Handshake. Implementations MUST support use of up to 128 bits random CHAP secrets, including the means to generate such secrets and to accept them from an external generation source. Implementations MUST NOT provide secret generation (or expansion) means other than random generation. 3.2 Confidentiality) MUST be used to protect the connection. Moreover, in this case IKE authentication with group pre-shared keys MUST NOT be used. When CHAP is used with secret shorter than 96 bits, a compliant implementation MUST NOT continue with the login unless it can verify that IPsec encryption is being used to protect the connection. Originators MUST NOT reuse the CHAP challenge sent by the Responder for the other direction of a bi-directional authentication. Responders MUST check for this condition and close the iSCSI TCP connection if it occurs. In iSCSI authentication, the prime modulus N MUST be at least 768 bits. Upon receiving N and g from the Target, the Initiator MUST verify that they match a well-known group that satisfies the above requirements and abort the connection if they do not match. An iSCSI compliant initiator or target MUST provide data integrity and authentication by implementing IPsec [RFC2401] with ESP [RFC2406] in tunnel mode and MAY provide data integrity and authentication by implementing IPsec with ESP in transport mode. The IPsec implementation MUST fulfill the following iSCSI specific requirements:. -HMAC-SHA1 MUST be implemented [RFC2404]. The ESP anti-replay service MUST also be implemented. When confidentiality is used it MUST be accompanied by data integrity and authentication to provide comprehensive protection against eavesdropping, message insertion, deletion, modification, and replaying. An iSCSI compliant initiator or target MUST provide confidentiality by implementing IPsec [RFC2401] with ESP [RFC2406] in tunnel mode and MAY provide confidentiality by implementing IPsec with ESP in transport mode. with the following iSCSI specific requirements: -3DES in CBC mode MUST be implemented [RFC2451]. The NULL encryption algorithm MUST also be implemented. A compliant iSCSI implementation MUST meet the key management requirements of the IPsec protocol suite. Authentication, security association negotiation, and key management MUST be provided by implementing IKE [RFC2409] using the IPsec DOI [RFC2407] with the following iSCSI specific requirements:. -Peer authentication using a pre-shared key MUST be sup-ported. -Both IKE Main Mode and Aggressive Mode MUST be supported. -In the IKE Phase 2 Quick Mode exchanges for creating the Phase 2 SA, the Identity Payload fields MUST be present. ID_ IPV4_ ADDR, ID_ IPV6_ ADDR (if the protocol stack supports IPv6) and ID_ FQDN Identity payloads MUST be supported; ID_ USER_ FQDN MAY be supported. The ID_ KEY_ ID Identity Payload MUST NOT be used. Manual keying MUST NOT be used because it does not provide the necessary re-keying support. iSCSI initiators and targets MUST support autosense. All commands that change the state of the device (as in SPACE com-mands for sequential access devices, and EXCHANGE MEDIUM for medium changer device), MUST be issued as non-immediate commands for deter-ministic and in order delivery to iSCSI targets. Any compliant sender MUST set all bits not defined and all reserved fields to zero unless specified otherwise. Any compliant receiver MUST ignore any bit not defined and all reserved fields unless specified otherwise. Initiators MUST NOT use target opcodes and targets MUST NOT use initiator opcodes. The TotalAHSLength is used only in PDUs that have an AHS and MUST be 0 in all other PDUs. The DataSegmentLength MUST be 0 whenever the PDU has no data segment. While a task exists, this tag MUST uniquely identify the task session-wide. For bidirectional operations, an additional header segment MUST be present in the header sequence that indicates the Bidirectional Read Expected Data Transfer Length. In this case, the F bit MUST be set to 1. If the Expected Data Transfer Length is higher than the FirstBurst-Size (the negotiated maximum amount of unsolicited data the target will accept), the initiator MUST send the maximum size of unsolic-ited data OR ONLY the immediate data. MUST be used to contain the CDB spillover. For a response other than "Command Completed at Target" bits 3-6 MUST be 0. If a SCSI device error is detected while data from the initiator is still expected (the command PDU did not contain all the data and the target has not received a Data PDU with the final bit Set), the tar-get MUST wait until it receives a Data PDU with the F bit set in the last expected sequence before sending the Response PDU. iSCSI targets MUST support and enable autosense. In the case of responses sent due to a retransmis-sion request, the StatSN MUST be the same as the first time the PDU was sent unless the connection has since been restarted. When MaxCmdSN changes at the target while the target has no pending PDUs to convey this information to the initiator, it MUST generate a NOP-IN to carry the new MaxCmdSN. For all these functions, the Task Management Function Response MUST be returned as detailed in Section 9.6 Task Management Function Response. According to [SAM2] for all the tasks covered by the task management response (i.e., with CmdSN not higher than the task management command CmdSN), additional responses MUST NOT be delivered to the SCSI layer after the task management response. The iSCSI target MUST ensure that no responses for the tasks covered by a task management function are delivered to the iSCSI initiator after the task management response. For ABORT TASK SET and CLEAR TASK SET, the issuing initiator MUST continue to respond to all valid target transfer tags (received via R2T, Text Response, NOP-In, or SCSI Data-in PDUs) related to the affected task set, even after issuing the task management request. The target on its part MUST wait for responses on all affected target transfer tags before acting on either of these two task management requests. If the connection is still active (it is not undergoing an implicit or explicit logout), ABORT TASK MUST be issued on the same connection to which the task to be aborted is allegiant at the time the Task Management Request is issued. For the LOGICAL UNIT RESET function, the target MUST behave as dictated by the Logical Unit Reset function in [SAM2]. In addition, for the TARGET COLD RESET, the target MUST then termi-nate all of its TCP connections to all initiators (all sessions are terminated). TASK REASSIGN MUST be received by the target ONLY after the connection on which the command was previously executing has been successfully logged-out. TASK REASSIGN MUST be issued as an immediate command. For all the other functions this field MUST be set to the reserved value 0xffffffff. For the ABORT TASK function, initiators MUST always set this to the CmdSN of the task identified by the Initiator Task Tag field. The initiator MUST discard any discontiguous data PDUs from the previous execution and the target MUST retransmit all data previously transmitted in Data-in PDUs (if any) starting with ExpDataSN. For the TARGET COLD RESET function, the target MUST then close all of its TCP connections to all initiators (terminates all sessions). The response to ABORT TASK SET and CLEAR TASK SET MUST be issued by the target only after all the commands affected have been received by the target, the corresponding task management functions have been executed by the SCSI target and the delivery of all responses delivered until the task management function completion have been con-firmed (acknowledged through ExpStatSN) by the initiator on all connections of this session. Although targets MAY choose to send even non-exception status in separate responses, initiators MUST support non-exception status in Data-In PDUs. DataSegmentLength MUST not exceed MaxRecvPDUDataSize for the direc-tion it is sent and the total of all the DataSegmentLength of all PDUs in a sequence MUST not exceed MaxBurstSize (or FirstBurstSize for unsolicited data). The target should use the A bit moderately; it MAY set the A bit to 1 only once every MaxBurstSize bytes or on the last Data-In PDU that concludes the entire requested read data transfer for the task from the target's perspective, and MUST NOT do so more frequently than this. On receiving a Data-In PDU with the A bit set to 1, if there are no holes in the read data until that Data-In PDU, the initiator MUST issue a SNACK of type DataACK except when it is able to acknowledge the status for the task immediately via ExpStatSN on other outbound PDUs if the status for the task is also received; in this latter case (acknowledgement through ExpStatSN) sending a SNACK of type DataACK in response to the A bit is not mandatory but if it is done it must not be sent after the status acknowledgement through ExpStatSN. If the initiator has detected holes in the read data until that Data-In PDU, it MUST postpone issuing the SNACK of type DataACK until the holes are filled. An initiator also MUST NOT acknowledge the status for the task before those holes are filled. On incoming data, the Target Transfer Tag MUST be provided by the target if the A bit is set to 1. If the Target Transfer Tag is provided, then the LUN field MUST hold a valid value and be consistent with whatever was specified with the command; otherwise, the LUN field is reserved. This field MUST ONLY be set if the S bit is set to 1. Any input or output data sequence MUST contain less than 2** 32 numbered PDUs. The sending of 0 length data segments should be avoided, but initiators and targets MUST be able to properly receive 0 length data segments. If the command is completed with an error, then the response and sense data MUST be sent in a SCSI Response PDU (i.e., MUST NOT be sent in a SCSI Data packet). For Bidirectional commands, the status MUST be sent in a SCSI Response PDU. If this bit is set to 1 the F bit MUST also be set to 1. In order to allow write operations without an explicit initial R2T, the initiator and target MUST have negotiated the key InitialR2T to No during Login. If an R2T is answered with a single Data-out PDU, the Buffer Offset in the Data PDU MUST be the same as the one specified by the R2T and the data length of the Data PDU MUST be the same as the Desired Data Transfer Length specified in the R2T. If the R2T is answered with a sequence of Data PDUs, the Buffer Offset and Length MUST be within the range of those specified by R2T, and the last PDU MUST have the F bit set to 1. If DataPDUInOrder is set to Yes, the Buffer Offsets and Lengths for consecutive PDUs MUST form a continuous non-overlapping range and the PDUs MUST be sent in increasing offset order. Within a connection, outstanding R2Ts MUST be fulfilled by the initiator in the order in which they were received. The number of R2Ts in a command MUST be less than 2** 32-1. The Desired Data Transfer Length MUST NOT be 0 and MUST not exceed MaxBurstSize. There is no protocol rule about the Target Transfer Tag except that the value 0xffffffff is reserved and MUST never be sent by a target in an R2T. This Async Message MUST be sent on the same connection as the one requesting to be logged out. The initiator MUST honor this request by issuing a Logout as early as possible, but no later than Parameter3 seconds. Initiator MUST send a Logout with a reason code of "Close the connection" (if not the only connection) OR "Close the session" to close all the connections (if using multiple connec-tions). An initiator MUST have at most one outstanding Text Request on a connection at any given time. If the command is sent as part of a sequence of text requests and responses, the Initiator Task Tag MUST be the same for all the requests within the sequence (similar to linked SCSI commands). It MUST do so whenever it sets the F bit to 0 in the response. The initiator MUST ignore the Target Transfer Tag in the Text Response when the F bit is set to 1. If the Target Transfer Tag is not 0xffffffff the LUN field MUST be the one sent by the target in the Text Response. The data lengths of a text request MUST NOT exceed the iSCSI target MaxRecvPDUDataSize (a per connection and per direction negotiated parameter). A Text Response with the F bit set to 1 MUST NOT contain key= value pairs that may require additional answers from the initiator. A Text Response with the F bit set to 1 MUST have a Target Transfer Tag field set to the reserved value of 0xffffffff. A Text Response with the F bit set to 0 MUST have a Target Transfer Tag field set to a value other than the reserved 0xffffffff. When a target has more work to do (e.g., cannot transfer all the remaining text data in a single Text Response or has to continue the negotiation) and has enough resources to proceed, it MUST set the Target Transfer Tag to a value other than the reserved value of 0xffffffff. Otherwise the Target Transfer Tag MUST be set to 0xffffffff. The initiator MUST copy the Target Transfer Tag and LUN in its next request to indicate that it wants the rest of the data. The data lengths of a text request MUST NOT exceed the iSCSI initia-tor MaxRecvPDUDataSize (a per connection and per direction negotiated parameter). After establishing a TCP connection between an initiator and a tar-get, the initiator MUST start a Login Phase to gain further access to the target's resources. All Login requests within the Login Phase MUST carry the same Ver-sion-max. The target MUST use the value presented with the first login request. All Login requests within the Login Phase MUST carry the same Ver-sion-min. The target MUST use the value presented with the first login request. A vendor or organization with one or more OUIs, or one or more Enterprise Numbers, MUST use at least one of these numbers and select the appropriate value for the T field when its components generate ISIDs. An OUI or EN MUST be set in the corresponding fields in network byte order (byte big-endian). If the ISID is derived from something assigned to a hardware adapter or interface by a vendor, as a preset default value, it MUST be configurable to a value assigned according to the SCSI port behavior desired by the system in which it is installed (see Section 8.1.1 Conservative Reuse of ISIDs and Section 8.1.2 iSCSI Name, ISID and TPGT Use) and the resultant ISID MUST also be persistent over power cycles, reboot, card swap etc. The reserved value 0 MUST be used on the first connection for a new session. Otherwise the TSIH sent by the target at the conclusion of successful login of the first connection for this session MUST be used. All Login requests within a Login Phase MUST carry the same TSIH. The target MUST check the value presented with the first login request and act as specified in Section 4.3.1 Login Phase Start. All Login requests within the Login Phase MUST carry the same CID. The target MUST use the value presented with the first login request. If the login request is a leading login request the target MUST use the value presented in CmdSN as the target value for ExpCmdSN. All keys in Chapter 11, except for the X-extension format, MUST be supported by iSCSI initiators and targets. All Login responses within the Login Phase MUST carry the same Version-max. The initiator MUST use the value presented as a response to the first login request. All Login responses within the Login Phase MUST carry the same Version-active. The initiator MUST use the value presented as a response to the first login request. For a new session, the target MUST generate a non-zero TSIH and return it in the Login Final-Response (see Section 4.3 Login Phase). All of the redirec-tion status class responses MUST return one or more text key parameters of the type "TargetAddress", which indicates the target's new address. If the Status Class is not 0, the initiator and target MUST close the TCP connection. A login response with a T bit set to 1 MUST NOT contain key= value pairs that may require additional answers from the initiator within the same stage. If the status class is 0, the T bit MUST NOT be set to 1 if the T bit in the request was set to 0. All keys in Chapter 11, except for the X-extension format, MUST be supported by iSCSI initiators and targets. After sending the Logout PDU, an initiator MUST NOT send any new iSCSI commands on the closing connection. If the Logout is intended to close the session, new iSCSI commands MUST NOT be sent on any of the connections participating in the session. When receiving a Logout request with the reason code of "close the connection" or "close the session", the target MUST abort all pending commands, whether acknowledged or not, on that connection or session respectively. When receiving a Logout request with the reason code "remove connection for recovery", the target MUST discard all requests not yet acknowledged that were issued on the specified connection and suspend all data/ status/ R2T transfers on behalf of pending commands on the specified connection. After receiving the Logout response and attempting to receive the FIN (if still possible), the initiator MUST completely close the loggingout connection. If an initiator intends to start recovery for a failing connection, it MUST use either the Logout command to "clean-up" the target end of a failing connection and enable recovery to start, or use the Login command with a non-zero TSIH and the same CID on a new connection for the same effect (see Section 9.14.2 CID). If the tasks terminated in any of the above cases are SCSI tasks, they MUST be internally terminated with CHECK CONDITION status with a sense key of unit attention and ASC/ ASCQ values of 0x6E/ 0x00 (COMMAND TO LOGICAL UNIT FAILED). After Logout, the TCP connection referred by the CID MUST be closed at both ends (or all connections must be closed if the logout reason was session close). The numbered-response( s) or R2T( s), requested by a SNACK, MUST be delivered as exact replicas of the ones the initiator missed except for the fields ExpCmdSN, MaxCmdSN and ExpDataSN which MUST carry the current values. The numbered Data-In PDUs, requested by a SNACK with a RunLength different from 0, MUST be delivered as exact replicas of the ones the initiator missed except the fields ExpCmdSN and MaxCmdSN which MUST carry the current values. Any SNACK that requests a numbered-response, Data, or R2T that was not sent by the target MUST be rejected with a reason code of "Protocol error". Data/ R2T SNACK for a command MUST precede status acknowledgement for the given command. For Status SNACK and DataACK, the Initiator Task Tag MUST be set to the reserved value 0xffffffff. In all other cases, the Initiator Task Tag field MUST be set to the Initiator Task Tag of the referenced command. In all other cases, the Target Transfer Tag field MUST be set to the reserved value of 0xffffffff. If the target supports recovery within connection, it MAY reject the SNACK after which it MUST issue an Asynchronous Message PDU with an iSCSI event that indicates "Request Logout". If an initiator operates at ErrorRecoveryLevel 1 or higher, it MUST issue a SNACK of type DataACK after receiving a Data-In PDU with the A bit set to 1. However, if the initiator has detected holes in the input sequence, it MUST postpone issuing the SNACK of type DataACK until the holes are filled. The RunLength MUST also be 0 for a DataACK SNACK. The first data SNACK issued after initiator's MaxRecvPDUDataSize decreased, for a command issued on the same connection before the change in MaxRecvPDUDataSize, MUST use RunLength "0" to request retransmission of any number of PDUs (including one). In all the cases in which a pre-instantiated SCSI task is terminated because of the reject, the target MUST issue a proper SCSI command response with CHECK CONDITION as described in Section 9.4.3 Response. If the error is detected while data from the initiator is still expected (the command PDU did not contain all the data and the target has not received a Data-out PDU with the Final bit 1), the target MUST wait until it receives the Data-out PDU with the F bit set to 1 before sending the Response PDU. When used as a ping command, the Initiator Task Tag MUST be set to a valid value (not the reserved 0xffffffff). Upon receipt of a NOP-In with the Target Transfer Tag set to a valid value (not the reserved 0xffffffff), the initiator MUST respond with a NOP-Out. In this case, the NOP-Out Target Transfer Tag MUST con-tain a copy of the NOP-In Target Transfer Tag. When a target receives the NOP-Out with a valid Initiator Task Tag, it MUST respond with a Nop-In Response (see NOP-In). The NOP-Out MUST have the Target Transfer Tag set only if it is issued in response to a NOP-In with a valid Target Transfer Tag. When the Target Transfer Tag is set, the LUN field MUST also be cop-ied from the NOP-In. When a target receives the NOP-Out with a valid Initiator Task Tag (not the reserved value 0xffffffff), it MUST respond with a NOP-In with the same Initiator Task Tag that was provided in the NOP-Out Command. It MUST also duplicate up to the first MaxRecvPDUDataSize bytes of the initiator provided Ping Data. For such a response, the Target Transfer Tag MUST be 0xffffffff. When a target sends a NOP-In with the Initiator Task Tag set to 0xffffffff) it MUST NOT send any data in the data segment (DataSegmentLength MUST be 0). If the target is initiating a NOP-In without wanting to receive a corresponding NOP-Out, this field MUST hold the reserved value of 0xffffffff. A LUN MUST be set to a correct value when the Target Transfer Tag is valid (not the reserved value 0xffffffff). The initiator and target MUST implement CHAP. For KRB5 (Kerberos V5) [RFC1510], the initiator MUST use:. If the initiator authentication fails, the target MUST respond with a Login reject with "Authentication Failure" status. Otherwise, if the initiator has selected the mutual authentication option (by setting MUTUAL-REQUIRED in the ap-options field of the KRB_ AP_ REQ), the target MUST reply with: KRB_ AP_ REP=< KRB_ AP_ REP> where KRB_ AP_ REP is the server's response message as defined in [RFC1510]. If mutual authentication was selected and target authentication fails, the initiator MUST close the connection. KRB_ AP_ REQ and KRB_ AP_ REP are large-binary-values and their binary length (not the length of the character string that represents them in encoded form) MUST not exceed 65536 bytes. For SPKM1 and SPKM2 [RFC2025], the initiator MUST use: SPKM_ REQ=< SPKM-REQ> where SPKM-REQ is the first initiator token as defined in [RFC2025]. If the initiator authentication fails, the target MUST return an error. Otherwise, if the AuthMethod is SPKM1 or if the initiator has selected the mutual authentication option (by setting mutual-state bit in the options field of the REQ-TOKEN in the SPKM-REQ), the tar-get MUST reply with: SPKM_ REP_ TI=< SPKM-REP-TI> where SPKM-REP-TI is the target token as defined in [RFC2025]. If mutual authentication was selected and target authentication fails, the initiator MUST close the connection. Otherwise, if the AuthMethod is SPKM1, the initiator MUST continue with: SPKM_ REP_ IT=< SPKM-REP-IT> where SPKM-REP-IT is the second initiator token as defined in [RFC2025]. If the initiator authentication fails, the target MUST answer with a Login reject with "Authentication Failure" status. All the SPKM-* tokens are large-binary-values and their binary length (not the length of the character string that represents them in encoded form) MUST not exceed 65536 bytes. For SRP [RFC2945], the initiator MUST use: SRP_ U=< user> TargetAuth= Yes /* or TargetAuth= No */ The target MUST answer with a Login reject with the "Authorization Failure" status or reply with:. SRP_ N=< N> SRP_ g=< g> SRP_ s=< s> The initiator MUST either close the connection or continue with: SRP_ A=< A> The target MUST answer with a Login reject with the "Authentication Failure" status or reply with:. SRP_ B=< B> The initiator MUST close the connection or continue with: SRP_ M=< M> If the initiator authentication fails, the target MUST answer with a Login reject with "Authentication Failure" status. Otherwise, if the initiator sent TargetAuth= Yes in the first message (requiring target authentication), the target MUST reply with:. SRP_ HM=< H( A | M | K)> If the target authentication fails, the initiator MUST close the connection. The length of N, g, s, A, B, M in binary form (not the length of the character string that represents them in encoded form) MUST not exceed 1024 bytes. For CHAP [RFC1994], the initiator MUST use:. The target MUST answer with a Login reject with the "Authentication Failure" status or reply with:. The initiator MUST continue with: CHAP_ N=< N> CHAP_ R=< R> or, if it requires target authentication, with: CHAP_ N=< N> CHAP_ R=< R> CHAP_ I=< I> CHAP_ C=< C> If the initiator authentication fails, the target MUST answer with a Login reject with "Authentication Failure" status. Otherwise, if the initiator required target authentication, the target MUST reply with CHAP_ N=< N> CHAP_ R=< R> If target authentication fails, the initiator MUST close the connection. Where N, (A, A1, A2), I, C, and R are (correspondingly) the Name, Algorithm, Identifier, Challenge, and Response as defined in [RFC1994], N is a text string, A, A1, A2, and I are numbers, and C and R are binaryvalues and their binary length (not the length of the character string that represents them in encoded form) MUST not exceed 1024 bytes. When the Initiator and Target agree on a digest, this digest MUST be used for every PDU in Full Feature Phase. The initiator of the TCP connection MUST provide this key to the remote endpoint in the first login request if the initiator is not establishing a discovery session. host90 InitiatorName= iSCSI The initiator of the TCP connection MUST provide this key to the remote endpoint at the first Login of the Login Phase for every connection. Scope: SW TargetAlias=< iSCSI-local-name-value> Examples: TargetAlias= Bob-s Disk TargetAlias= Database Server 1 Log Disk TargetAlias= Web Server 3 Disk 20 If a target has been configured with a human-readable name or description, this name MUST be communicated to the initiator during a Login Response PDU. If ImmediateData is set to No and InitialR2T is set to Yes, then the initiator MUST NOT send unsolicited data and the target MUST reject unsolicited data with the corresponding response code. If ImmediateData is set to No and InitialR2T is set to No, then the initiator MUST NOT send unsolicited immediate data, but MAY send one unsolicited burst of Data-OUT PDUs. The responder MUST select a value that does not exceed the offered value. FirstBurstSize MUST NOT exceed MaxBurstSize. The responder MUST select a value that does not exceed the offered value. The responder MUST select a value that does not greater the offered value. The responder MUST select a value that does not exceed the offered value. If DataSequenceInOrder is set to Yes, Data Sequences MUST be transferred using continuously non-decreasing sequence offsets (R2T buffer offset for writes, or the smallest SCSI Data-In buffer offset within a read data sequence). MaxOustandingR2T MUST be set to 1 in this case. The responder MUST select a value that does not exceed the offered value. When reduced to iSCSI terms, markers MUST indicate the offset to a 4-byte word boundary in the stream. The SendTargets command MUST only be sent during the Full Feature Phase of a normal or discovery session. A system that contains targets MUST support discovery sessions on each of its IP addresses, and MUST support the SendTargets command on the discovery session. A target MUST support the SendTargets com-mand on operational sessions; these will only return address information about the target to which the session is connected, and do not return information about other targets. The text key MUST be SendTargets. This value MUST be supported on a discovery session, and MUST NOT be supported on an operational session. This value MUST be supported on discovery sessions. A discovery session MUST be capable of returning addresses for those targets that would have been returned had value= all been designated. This MUST be supported on operational sessions, and MUST NOT return targets other than the one to which the session is logged in. A SendTargets response MUST NOT not contain target names if there are no targets for the requesting initiator to access. A SendTargets response MUST NOT contain iSCSI default target names. <br> ----------------------------------------------------------------------- <br> NumberOfSHOULDsFound = 37 <br> @SentencesWithSHOULDs : The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119. -ACA is SHOULD. -Changed the FIM SHOULD to should(!). -Padding bytes SHOULD be sent as 0 (instead of MUST be 0). Initiators undertake recovery actions if the difference is greater than an implementation defined constant that SHOULD NOT exceed 2** 31-1. A graceful transport connection shutdown SHOULD be initiated by either party only when the connection is not in iSCSI Full Feature Phase. A target MAY terminate a Full Feature Phase connection on internal exception events, but it SHOULD announce the fact through an Asynchronous Message PDU. This date MUST be a date during which the naming authority owned the domain name used in this format, and SHOULD be the date on which the domain name was acquired by this naming authority. The first Login Response PDU during the Login Phase from the iSCSI target SHOULD return the TargetPortalGroupTag key that contains the tag value of the iSCSI portal group servicing the Login Request PDU. If the security negotiation fails at the initiator, the initiator SHOULD close the connection. In reassigning connection allegiance for a command, the targets SHOULD continue the command from its current state. For example, when reassigning read commands, the target SHOULD take advantage of ExpDataSN field provided by the Task Management Function Request (which must be set to zero if there was no data transfer) and bring the read command to completion by sending the remaining data and sending (or resending) the status. To avoid a race with the target, which may already have a recovery R2T or a termination response on its way, an initiator SHOULD NOT originate a SNACK for an R2T based on its internal timeouts (if any). The target MUST close the connection and if more than one connection is available, the target SHOULD send an Asynchronous Message that indicates it has dropped the connection. Although technically possible, iSCSI SHOULD NOT be configured with-out security. -AES CBC MAC with XCBC extensions SHOULD be implemented [AESCBC]. -AES in Counter mode SHOULD be implemented [AESCTR] (NOTE: This is still subject to the IPsec WG's standardization plans). DES in CBC mode SHOULD NOT be used due to its inherent weakness. Peer authentication using the public key encryption methods outlined in IKE sections 5.2 and 5.3[ 7] SHOULD NOT be used. -When digital signatures are used to achieve authentication, an IKE negotiator SHOULD use IKE Certificate Request Payload( s) to specify the certificate authority. IKE negotia-tors SHOULD check the pertinent Certificate Revocation List (CRL) before accepting a PKI certificate for use in IKE authentication procedures. IKE main mode with pre-shared key authentication method SHOULD NOT be used when either the initiator or the target uses dynamically assigned IP addresses. The IP Subnet, IP Address Range, ID_ DER_ ASN1_ DN, ID_ DER_ ASN1_ GN formats SHOULD NOT be used. When IPsec is used the receipt of an IKE Phase 2 delete message SHOULD NOT be interpreted as a reason for tearing down the iSCSI TCP connection. As iSCSI can have many commands in-flight between initiator and target, iSCSI initiators and targets SHOULD support ACA. A consideration of the above factors for SCSI tape devices as an example suggests that implementations SHOULD use ErrorRecoveryLevel= 1 when transport connection failure is not a concern, and ErrorRecoveryLevel= 2 when the connection failure is also of high likelihood during a backup/ retrieval. The padding bytes SHOULD be 0. The padding bytes SHOULD be sent as 0. If neither bit is set, the Residual Count field SHOULD be zero. If neither bit is set, the Bidirectional Read Residual Count field SHOULD be zero. The issuing initiator SHOULD however terminate (i.e. by setting the Fbit to 1) these response sequences as quickly as possible, and it is recommended to terminate all responses with no data. The Data Segments of Data-in and Data-out PDUs SHOULD be filled to the integer number of 4 byte words (real payload) unless the F bit is set to 1. If DataSequenceInOrder is Yes, then consecutive R2Ts SHOULD refer to continuous non-overlapping ranges. Once this message is received, the initiator SHOULD NOT issue new iSCSI commands. For the Algorithm, as stated in [RFC1994], one value is required to be implemented: 5 (CHAP with MD5) To guarantee interoperability, initiators SHOULD always offer it as one of the proposed algorithms. This key SHOULD be sent by an initiator within the Login Phase, if available. If a SendTargets response reports an iSCSI address for a target, it SHOULD also report all other addresses in its portal group in the same response. <br> ----------------------------------------------------------------------- <br> NumberOfSHALLsFound = 1 <br> @SentencesWithSHALLs : The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119. <br> ----------------------------------------------------------------------- <br> NumberOfREQUIREDsFound = 5 <br> @SentencesWithREQUIREDs : The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119. Responses are REQUIRED in all other cases, and the value chosen and sent by the responder becomes the outcome of the negotiation. Otherwise, if the initiator has selected the mutual authentication option (by setting MUTUAL-REQUIRED in the ap-options field of the KRB_ AP_ REQ), the target MUST reply with: KRB_ AP_ REP=< KRB_ AP_ REP> where KRB_ AP_ REP is the server's response message as defined in [RFC1510]. I-> Login (CSG, NSG= 0,1 T= 1) KRB_ AP_ REQ=< krb_ ap_ req> (krb_ ap_ req contains the Kerberos V5 ticket and authenticator with MUTUAL-REQUIRED set in the ap-options field) If the authentication is successful, the target proceeds with: T-> Login (CSG, NSG= 0,1 T= 1) KRB_ AP_ REP=< krb_ ap_ rep> (krb_ ap_ rep is the Kerberos V5 mutual authentication reply) If the authentication is successful, the initiator may proceed with:. T-> Login-PR (CSG, NSG= 0,0 T= 0) AuthMethod= KRB5 I-> Login (CSG, NSG= 0,1 T= 1) KRB_ AP_ REQ= krb_ ap_ req (MUTUAL-REQUIRED not set in the ap-options field of krb_ ap_ req) If the authentication is successful, the target proceeds with: T-> Login (CSG, NSG= 0,1 T= 1) I-> Login (CSG, NSG= 1,0 T= 0). <br> ----------------------------------------------------------------------- <br> NumberOfRECOMMENDEDsFound = 1 <br> @SentencesWithRECOMMENDEDs : The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119. <br> ----------------------------------------------------------------------- <br> NumberOfMAYsFound = 72 <br> @SentencesWithMAYs : The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119. -IPsec transport mode is MAY and authentication MUST be used when encryption is used. MAY be discarded" into MUST be discarded. iSCSI targets and initiators MUST support at least one TCP connec-tion and MAY support several connections in a session. To enable command recovery, the target MAY maintain enough state information to enable data and status recovery after a connection failure. As part of the login process, the initiator and target MAY wish to authenticate each other and set a security association protocol for the session. In order to protect the TCP connection, an IPsec security associa-tion MAY be established before the Login request. However, consecutive commands that are part of a SCSI linked commandchain task MAY use different connections. During the iSCSI Full Feature Phase, the initiator and target MAY interleave unrelated SCSI commands, their SCSI Data, and responses over the session. A target that receives data out of order MAY terminate the session. A target MAY terminate a Full Feature Phase connection on internal exception events, but it SHOULD announce the fact through an Asynchronous Message PDU. Sync and Steering MAY also restrict the type of transformations UFL may perform on the stream. b) Discoverysession -a session opened only for target discovery; the target MAY accept only text requests with the SendTar-gets key and a logout request with reason "close the session". A range or a large-numerical-value MAY ONLY be offered if it is explicitly allowed for a key. An offer of a value not admissible (e.g., not within the specified bounds) MAY be answered with the constant "Reject" or the responder MAY select an admissible value. The initial login request of the first connection of a session MAY also include the SessionType key= value pair. The Login Phase MAY include a SecurityNegotiation stage and a LoginOperationalNegotiation stage and MUST include at least one of them, but the included stage MAY be empty except for the mandatory names. The initiator and target MAY want to negotiate authentication parameters. The initiator MAY also send proprietary options. Operational parameter negotiation during the login MAY be done:. Operational parameter negotiation MAY involve several Login requestresponse exchanges started and terminated by the initiator. Some operational parameters MAY be negotiated outside (after) the Login Phase. Operational parameter negotiation MAY involve several text request-response exchanges, which the initiator always starts and terminates and uses the same Initiator Task Tag. An initiator MAY reset an operational parameter negotiation by issu-ing a Text request with the Target Transfer Tag set to the value 0xffffffff after receiving a response with the Target Transfer Tag set to a value other than 0xffffffff. It is also assumed that at the target, incoming data (read data) MAY be kept for recovery or it can be re-read from a device server. However, targets MAY choose to send/ receive the entire data on a reassignment of connection allegiance, and it is not considered an error. The target MAY advance its ExpDataSN if it does not attempt to recover the lost data PDU. An iSCSI initiator MAY attempt to plug a command sequence gap on the target end (in the absence of an acknowledgement of the command by way of ExpCmdSN) before the ULP timeout by retrying the unacknowl-edged command, as described in Section 6.1 Retry and Reassign in Recovery. The latter MAY be used periodically by highly reliable implementations. Initiators and targets MAY also use the keep-alive option on the TCP connection to enable early link failure detection on otherwise idle links. In every case, they detail the lowest class recovery that MAY be attempted. Both the iSCSI target and initiator MAY escalate the error handling to an error recovery class, which impacts a larger number of iSCSI tasks in any of the cases identified in the following discussion. It then MUST either Logout the failed connection, or Login with an implied Logout, and reassign connection alle-giance for all commands still in progress associated with the failed connection on another connection (that MAY be a newly established connection) using the "Task reassign" task management function (see Section 9.5.1 Function). Very simple initiators and targets MAY perform session recovery on all iSCSI errors and therefore place the burden of recovery on the SCSI layer and above. An iSCSI compliant initiator or target MUST provide data integrity and authentication by implementing IPsec [RFC2401] with ESP [RFC2406] in tunnel mode and MAY provide data integrity and authentication by implementing IPsec with ESP in transport mode. An iSCSI compliant initiator or target MUST provide confidentiality by implementing IPsec [RFC2401] with ESP [RFC2406] in tunnel mode and MAY provide confidentiality by implementing IPsec with ESP in transport mode. Certificate-based peer authentication using digital signatures MAY be supported. ID_ IPV4_ ADDR, ID_ IPV6_ ADDR (if the protocol stack supports IPv6) and ID_ FQDN Identity payloads MUST be supported; ID_ USER_ FQDN MAY be supported. MAY follow. The data segment MAY also be followed by a data-digest. It MAY be followed by Additional Header Segments (AHS), a Header-Digest, a Data Segment, and/ or a Data-Digest. The R and W MAY both be 1 when the corresponding Expected Data Transfer Lengths are 0, but they CANNOT both be 0 when the corresponding Expected Data Transfer Length and Bidirectional Read Expected Data Transfer Length are not 0. For some iSCSI responses, the response data segment MAY contain some response related information, (e.g., for a target failure, it may contain a vendor specific detailed description of the failure). The iSCSI initia-tor MAY deliver to the SCSI layer all responses received before the task management response (i.e., it is a matter of implementation if the SCSI responses -received before the task management response but after the task management request was issued -are delivered to the SCSI layer by the iSCSI layer in the initiator). In case all or part of the response sequence is not received (due to digest errors) for a valid TTT, the target MAY treat it as a case of within-command error recovery class (section 6.12.1) if it is supporting ErrorRecoveryLevel >= 1, or alternatively may drop the connection to complete the requested task set function. Target Reset MAY also be subject to SCSI access controls for the requesting initia-tor. Although targets MAY choose to send even non-exception status in separate responses, initiators MUST support non-exception status in Data-In PDUs. It MAY be used as a "change direction" indication for Bidirectional operations that need such a change. The target should use the A bit moderately; it MAY set the A bit to 1 only once every MaxBurstSize bytes or on the last Data-In PDU that concludes the entire requested read data transfer for the task from the target's perspective, and MUST NOT do so more frequently than this. An R2T MAY be answered with one or more SCSI Data-out PDUs with a matching Target Transfer Tag. If the last PDU (marked with the F bit) is received before the Desired Data Transfer Length is transferred, a target MAY choose to Reject that PDU with "Protocol error" reason code. The target MAY reject any new I/ O requests that it receives after this Message with the reason code "Waiting for Logout". The AsyncVCode details the vendor code, and data MAY accompany the report. For an iSCSI Event, additional vendor-unique data MAY accompany the Async event. Initiators MAY ignore the data when not understood while processing the rest of the PDU. A target MAY reset its internal negotiation state if an exchange is stalled by the initiator for a long time or if it is running out of resources. The text response MAY refer to key= value pairs presented in an earlier text request and the text in the request may refer to earlier responses. The initiator MAY provide some basic parameters in order to enable the target to determine if the initiator may use the target's resources and the initial text parameters for the security exchange. This MAY be due to a request for a resource for which the initiator does not have permission. The initiator MAY provide some basic parameters in order to enable the target to determine if the initiator may use the target's resources and the initial text parameters for the security exchange. An initiator MAY use a logout command to remove a connection from a session or to close an entire session. An iSCSI target that does not support recovery within connection MAY reject the status SNACK. If the target supports recovery within connection, it MAY reject the SNACK after which it MUST issue an Asynchronous Message PDU with an iSCSI event that indicates "Request Logout". An initiator MAY ignore the A bit if it deems that the bit is being set aggressively by the target (i.e., before the MaxBurstSize limit is reached). Proprietary algorithms MAY also be negotiated for digests. If ImmediateData is set to No and InitialR2T is set to No, then the initiator MUST NOT send unsolicited immediate data, but MAY send one unsolicited burst of Data-OUT PDUs. If ImmediateData is set to Yes and InitialR2T is set to No, then the initiator MAY send unsolicited immediate data and/ or one unsolicited burst of Data-OUT PDUs. The initiator and target MAY indicate their readiness to receive and/ or send markers during login separately for each connection. If a receiver indicates that it desires a marker, the sender MAY agree (during negotiation) and provide the marker at the desired interval. An initiator MAY make use of the SendTargets as it sees fit. A discovery session MAY respond to a SendTargets request with its complete list of targets, or with a list of targets that is based on the name of the initiator logged in to the session. The initiator MAY keep the session to a default target open, and MAY send subsequently SendTargets commands to discover new targets. <br> ----------------------------------------------------------------------- <br> NumberOfOPTIONALsFound = 4 <br> @SentencesWithOPTIONALs : The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119. The Sync and Steering Layer (which is OPTIONAL) MUST retain the PDU end address within the stream for every delivered iSCSI PDU. Specifically, the two cases in which responses are OPTIONAL are:. The TARGET RESET function (WARM and COLD) implementation is OPTIONAL and when implemented, should act as described below. <br> ----------------------------------------------------------------------- <br>
Home Last updated: Sat Jun 08 11:18:43 2002 10608 messages in chronological order |