RE: Using HTTP proxies with iSCSI
"Jim Hafner/Almaden/IBM" <hafner@almaden.ibm.com> Thu, 12 October 2000 16:36 UTC
Return-Path: <owner-ips@ECE.cmu.edu>
Received: from ECE.CMU.EDU by cnoc.pdl.cs.cmu.edu id aa07884; 12 Oct 2000 12:36 EDT
Received: by ece.cmu.edu (8.9.2/8.8.8) id LAA14586 for ips-outgoing; Thu, 12 Oct 2000 11:44:07 -0400 (EDT)
X-Authentication-Warning: ece.cmu.edu: majordom set sender to owner-ips@ece.cmu.edu using -f
Received: from e34.esmtp.ibm.com (e34.co.us.ibm.com [32.97.110.132]) by ece.cmu.edu (8.9.2/8.8.8) with ESMTP id LAA14577 for <ips@ece.cmu.edu>; Thu, 12 Oct 2000 11:43:57 -0400 (EDT)
Received: from westrelay02.boulder.ibm.com (westrelay02.boulder.ibm.com [9.99.132.205]) by e34.esmtp.ibm.com (8.9.3/8.9.3) with ESMTP id LAA56652 for <ips@ece.cmu.edu>; Thu, 12 Oct 2000 11:30:52 -0400
Received: from f3n42e (d03nm042h.boulder.ibm.com [9.99.140.42]) by westrelay02.boulder.ibm.com (8.11.0m3/NCO v4.93) with ESMTP id e9CFhhp43744 for <ips@ece.cmu.edu>; Thu, 12 Oct 2000 09:43:43 -0600
Importance: Normal
Subject: RE: Using HTTP proxies with iSCSI
To: ips@ece.cmu.edu
From: Jim Hafner/Almaden/IBM <hafner@almaden.ibm.com>
Date: Thu, 12 Oct 2000 08:43:41 -0700
Message-ID: <OF7734088E.BF34C9C7-ON88256976.00565CE1@LocalDomain>
X-MIMETrack: Serialize by Router on D03NM042/03/M/IBM(Release 5.0.3 (Intl)|21 March 2000) at 10/12/2000 08:43:43 AM
MIME-Version: 1.0
Content-type: text/plain; charset="us-ascii"
Sender: owner-ips@ece.cmu.edu
Precedence: bulk
David, If we find the need for something along these lines (i.e. that your option (1) is NOT sufficient), then my proposed CONNECT has all the properties you'd like. In particular, as with https, the proxy/gateway/intermediary is NOT part of the iSCSI security context. (It might be part of lower layer security contexts like IPsec on its in and out connections, but that's not relevant and is transparent to the iSCSI layer.) Jim Hafner Black_David@emc.com@ece.cmu.edu on 10-12-2000 06:08:01 AM Sent by: owner-ips@ece.cmu.edu To: csapuntz@cisco.com, ips@ece.cmu.edu cc: Subject: RE: Using HTTP proxies with iSCSI > Just a note for future reference (not meant to spark discussion)... > > HTTP has a way of de facto standard way of setting up TCP connections through > HTTP proxies. See the CONNECT verb in section 9.9 of RFC 2616 and > the expired draft at: > > http://www.alternic.org/drafts/drafts-l-m/draft-luotonen-web-proxy-tunneling -01.html > > This mechanism could be used for iSCSI. > > This mechanism is in-band, in that it occurs on the same TCP connection, > yet out-of-band, since it is iSCSI independent. Almost, but not quite. HTTP transits proxies by using absolute URLs that contain the DNS hostname; the current direction is towards using absolute URLs for everything, but they were originally only used for proxies. CONNECT was invented for HTTPS (i.e., SSL/TLS) proxies where the hostname is/would be encrypted, and proxy participation in the security relationship between the browser and web server (which would allow the proxy to decrypt the hostname) is undesirable. --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------
- RE: Using HTTP proxies with iSCSI Black_David
- RE: Using HTTP proxies with iSCSI Jim Hafner/Almaden/IBM