IETF Logo Mail Archive

Re: [Ips] no DHCP-assigned InitiatorName

Julian Satran <Julian_Satran@il.ibm.com> Mon, 22 September 2008 13:29 UTC

Return-Path: <ips-bounces@ietf.org>
X-Original-To: ips-archive@optimus.ietf.org
Delivered-To: ietfarch-ips-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5CE023A6AF2; Mon, 22 Sep 2008 06:29:26 -0700 (PDT)
X-Original-To: ips@core3.amsl.com
Delivered-To: ips@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C4D763A68BA for <ips@core3.amsl.com>; Mon, 22 Sep 2008 06:29:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.998
X-Spam-Level:
X-Spam-Status: No, score=-5.998 tagged_above=-999 required=5 tests=[AWL=0.600, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mTUX-e1434Hq for <ips@core3.amsl.com>; Mon, 22 Sep 2008 06:29:20 -0700 (PDT)
Received: from mtagate3.de.ibm.com (mtagate3.de.ibm.com [195.212.29.152]) by core3.amsl.com (Postfix) with ESMTP id 408C328C0CF for <ips@ietf.org>; Mon, 22 Sep 2008 06:29:19 -0700 (PDT)
Received: from d12nrmr1607.megacenter.de.ibm.com (d12nrmr1607.megacenter.de.ibm.com [9.149.167.49]) by mtagate3.de.ibm.com (8.13.8/8.13.8) with ESMTP id m8MDT4IO278110 for <ips@ietf.org>; Mon, 22 Sep 2008 13:29:04 GMT
Received: from d12av02.megacenter.de.ibm.com (d12av02.megacenter.de.ibm.com [9.149.165.228]) by d12nrmr1607.megacenter.de.ibm.com (8.13.8/8.13.8/NCO v9.1) with ESMTP id m8MDT3PX2936854 for <ips@ietf.org>; Mon, 22 Sep 2008 15:29:03 +0200
Received: from d12av02.megacenter.de.ibm.com (loopback [127.0.0.1]) by d12av02.megacenter.de.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m8MDT0xf016670 for <ips@ietf.org>; Mon, 22 Sep 2008 15:29:00 +0200
Received: from d12mc102.megacenter.de.ibm.com (d12mc102.megacenter.de.ibm.com [9.149.167.114]) by d12av02.megacenter.de.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id m8MDT0t0016667; Mon, 22 Sep 2008 15:29:00 +0200
In-Reply-To: <48D79AA6.9040104@scalent.com>
References: <48D6F3EB.1080400@scalent.com> <OF51EB8C4B.4A802DE0-ON852574CC.003C9899-852574CC.003D1E7C@il.ibm.com> <48D79AA6.9040104@scalent.com>
To: Michael Howard <michael.howard@scalent.com>
MIME-Version: 1.0
X-KeepSent: 2B1DCFAA:18C9A07A-852574CC:004985AD; type=4; name=$KeepSent
X-Mailer: Lotus Notes Build V85_08052008 August 05, 2008
From: Julian Satran <Julian_Satran@il.ibm.com>
Message-ID: <OF2B1DCFAA.18C9A07A-ON852574CC.004985AD-852574CC.004A10C4@il.ibm.com>
Date: Mon, 22 Sep 2008 09:28:59 -0400
X-MIMETrack: Serialize by Router on D12MC102/12/M/IBM(Release 8.0.1|February 07, 2008) at 22/09/2008 16:29:00, Serialize complete at 22/09/2008 16:29:00
Cc: Sivan Tal <SIVANT@il.ibm.com>, ips@ietf.org
Subject: Re: [Ips] no DHCP-assigned InitiatorName
X-BeenThere: ips@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IP Storage <ips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ips>, <mailto:ips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ips>
List-Post: <mailto:ips@ietf.org>
List-Help: <mailto:ips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ips>, <mailto:ips-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1775872133=="
Sender: ips-bounces@ietf.org
Errors-To: ips-bounces@ietf.org

Michael,

I think that some of the OSs have the initiator name wired into the image 
and boot providers will have to set this name.
I am not sure how what exactly is required for each version.
The boot RFC defines where the image comes from but very little else.

Sivan may give you a pointer to CbCS.

Regards,
Julo





From:
Michael Howard <michael.howard@scalent.com>
To:
Julian Satran/Haifa/IBM@IBMIL
Cc:
ips@ietf.org
Date:
09/22/2008 09:19
Subject:
Re: [Ips] no DHCP-assigned InitiatorName





Julian Satran wrote:
> Michael - I am not sure what you are looking for? A standard parameter 
> as those described by the iBOOT RFC?

Yes, I am looking for a specific DHCP parameter that defines what 
InitiatorName is to be used by the iSCSI boot client.

It seems to me that the purpose of RFC4173 was/is to allow stateless 
clients to boot. The target parameters that are specified in RFC4173 are 
necessary, but not sufficient. On many commercial iSCSI target servers 
you must have the InitiatorName in order to be able to log in to the 
target. This is the case for NetApp and SANRAD, and I strongly for many 
others.

> In any case the initiator name is not the only way to control what a 
> server will access.
> 
> CbCS (stands for Credential Based Command Security) available for any 
> SCSI device at the SCSI layer (see the T10 site) is probably 
> safer/better and does not depend on things that can be so easy faked by 
> an initiator as the initiator name and may be easier to deploy.

This is not something that I am familiar with ...

*** 10 minutes later ***

I could find no reference to CbCS or Command Based Command Security at 
the NetApp support site now.netapp.com

A quick search at www.t10.org didn't turn anything up either ... I'll 
keep looking.


There may (and should) be other/better security mechanisms working their 
way through the standardization and implementation processes.

As a practical measure, I believe that a DHCP-supplied InitiatorName is 
needed because InitiatorName is required by many commercial iSCSI target 
servers.


Michael




_______________________________________________
Ips mailing list
Ips@ietf.org
https://www.ietf.org/mailman/listinfo/ips

v2.23.0 | Report a Bug | By Email