summaryrefslogtreecommitdiff
path: root/utils
diff options
context:
space:
mode:
Diffstat (limited to 'utils')
-rw-r--r--utils/open-isns/doc/rfc2608.txt3027
-rw-r--r--utils/open-isns/doc/rfc3279.txt1515
-rw-r--r--utils/open-isns/doc/rfc3720.txt14395
-rw-r--r--utils/open-isns/doc/rfc3722.txt451
-rw-r--r--utils/open-isns/doc/rfc4018.txt1291
-rw-r--r--utils/open-isns/doc/rfc4171.txt6891
6 files changed, 0 insertions, 27570 deletions
diff --git a/utils/open-isns/doc/rfc2608.txt b/utils/open-isns/doc/rfc2608.txt
deleted file mode 100644
index fa7de62..0000000
--- a/utils/open-isns/doc/rfc2608.txt
+++ /dev/null
@@ -1,3027 +0,0 @@
-
-
-
-
-
-
-Network Working Group E. Guttman
-Request for Comments: 2608 C. Perkins
-Updates: 2165 Sun Microsystems
-Category: Standards Track J. Veizades
- @Home Network
- M. Day
- Vinca Corporation
- June 1999
-
-
- Service Location Protocol, Version 2
-
-Status of This Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (1999). All Rights Reserved.
-
-Abstract
-
- The Service Location Protocol provides a scalable framework for the
- discovery and selection of network services. Using this protocol,
- computers using the Internet need little or no static configuration
- of network services for network based applications. This is
- especially important as computers become more portable, and users
- less tolerant or able to fulfill the demands of network system
- administration.
-
-Table of Contents
-
- 1. Introduction 3
- 1.1. Applicability Statement . . . . . . . . . . . . . . . 3
- 2. Terminology 4
- 2.1. Notation Conventions . . . . . . . . . . . . . . . . . 4
- 3. Protocol Overview 5
- 4. URLs used with Service Location 8
- 4.1. Service: URLs . . . . . . . . . . . . . . . . . . . . 9
- 4.2. Naming Authorities . . . . . . . . . . . . . . . . . 10
- 4.3. URL Entries . . . . . . . . . . . . . . . . . . . . . 10
- 5. Service Attributes 10
- 6. Required Features 12
- 6.1. Use of Ports, UDP, and Multicast . . . . . . . . . . 13
-
-
-
-Guttman, et al. Standards Track [Page 1]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- 6.2. Use of TCP . . . . . . . . . . . . . . . . . . . . . 14
- 6.3. Retransmission of SLP messages . . . . . . . . . . . 15
- 6.4. Strings in SLP messages . . . . . . . . . . . . . . . 16
- 6.4.1. Scope Lists in SLP . . . . . . . . . . . . . . 16
- 7. Errors 17
- 8. Required SLP Messages 17
- 8.1. Service Request . . . . . . . . . . . . . . . . . . . 19
- 8.2. Service Reply . . . . . . . . . . . . . . . . . . . . 21
- 8.3. Service Registration . . . . . . . . . . . . . . . . . 22
- 8.4. Service Acknowledgment . . . . . . . . . . . . . . . . 23
- 8.5. Directory Agent Advertisement. . . . . . . . . . . . . 24
- 8.6. Service Agent Advertisement. . . . . . . . . . . . . . 25
- 9. Optional Features 26
- 9.1. Service Location Protocol Extensions . . . . . . . . . 27
- 9.2. Authentication Blocks . . . . . . . . . . . . . . . . 28
- 9.2.1. SLP Message Authentication Rules . . . . . . . 29
- 9.2.2. DSA with SHA-1 in Authentication Blocks . . . 30
- 9.3. Incremental Service Registration . . . . . . . . . . 30
- 9.4. Tag Lists . . . . . . . . . . . . . . . . . . . . . . 31
- 10. Optional SLP Messages 32
- 10.1. Service Type Request . . . . . . . . . . . . . . . . 32
- 10.2. Service Type Reply . . . . . . . . . . . . . . . . . 32
- 10.3. Attribute Request . . . . . . . . . . . . . . . . . . 33
- 10.4. Attribute Reply . . . . . . . . . . . . . . . . . . . 34
- 10.5. Attribute Request/Reply Examples . . . . . . . . . . . 34
- 10.6. Service Deregistration . . . . . . . . . . . . . . . 36
- 11. Scopes 37
- 11.1. Scope Rules . . . . . . . . . . . . . . . . . . . . . 37
- 11.2. Administrative and User Selectable Scopes. . . . . . . 38
- 12. Directory Agents 38
- 12.1. Directory Agent Rules . . . . . . . . . . . . . . . . 39
- 12.2. Directory Agent Discovery . . . . . . . . . . . . . . 39
- 12.2.1. Active DA Discovery . . . . . . . . . . . . . 40
- 12.2.2. Passive DA Advertising . . . . . . . . . . . . 40
- 12.3. Reliable Unicast to DAs and SAs. . . . . . . . . . . . 41
- 12.4. DA Scope Configuration . . . . . . . . . . . . . . . 41
- 12.5. DAs and Authentication Blocks. . . . . . . . . . . . . 41
- 13. Protocol Timing Defaults 42
- 14. Optional Configuration 43
- 15. IANA Considerations 44
- 16. Internationalization Considerations 45
- 17. Security Considerations 46
- A. Appendix: Changes to the Service Location Protocol from
- v1 to v2 48
- B. Appendix: Service Discovery by Type: Minimal SLPv2 Features 48
- C. Appendix: DAAdverts with arbitrary URLs 49
- D. Appendix: SLP Protocol Extensions 50
- D.1. Required Attribute Missing Option . . . . . . . . . . 50
-
-
-
-Guttman, et al. Standards Track [Page 2]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- E. Acknowledgments 50
- F. References 51
- G. Authors' Addresses 53
- H. Full Copyright Statement 54
-
-1. Introduction
-
- The Service Location Protocol (SLP) provides a flexible and scalable
- framework for providing hosts with access to information about the
- existence, location, and configuration of networked services.
- Traditionally, users have had to find services by knowing the name of
- a network host (a human readable text string) which is an alias for a
- network address. SLP eliminates the need for a user to know the name
- of a network host supporting a service. Rather, the user supplies
- the desired type of service and a set of attributes which describe
- the service. Based on that description, the Service Location
- Protocol resolves the network address of the service for the user.
-
- SLP provides a dynamic configuration mechanism for applications in
- local area networks. Applications are modeled as clients that need
- to find servers attached to any of the available networks within an
- enterprise. For cases where there are many different clients and/or
- services available, the protocol is adapted to make use of nearby
- Directory Agents that offer a centralized repository for advertised
- services.
-
- This document updates SLPv1 [RFC 2165], correcting protocol errors,
- adding some enhancements and removing some requirements. This
- specification has two parts. The first describes the required
- features of the protocol. The second describes the extended features
- of the protocol which are optional, and allow greater scalability.
-
-1.1. Applicability Statement
-
- SLP is intended to function within networks under cooperative
- administrative control. Such networks permit a policy to be
- implemented regarding security, multicast routing and organization of
- services and clients into groups which are not be feasible on the
- scale of the Internet as a whole.
-
- SLP has been designed to serve enterprise networks with shared
- services, and it may not necessarily scale for wide-area service
- discovery throughout the global Internet, or in networks where there
- are hundreds of thousands of clients or tens of thousands of
- services.
-
-
-
-
-
-
-Guttman, et al. Standards Track [Page 3]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-2. Terminology
-
- User Agent (UA)
- A process working on the user's behalf to establish
- contact with some service. The UA retrieves service
- information from the Service Agents or Directory Agents.
-
- Service Agent (SA) A process working on the behalf of one or more
- services to advertise the services.
-
- Directory Agent (DA) A process which collects service
- advertisements. There can only be one DA present per
- given host.
-
- Service Type Each type of service has a unique Service Type
- string.
-
- Naming Authority The agency or group which catalogues given
- Service Types and Attributes. The default Naming
- Authority is IANA.
-
- Scope A set of services, typically making up a logical
- administrative group.
-
- URL A Universal Resource Locator [8].
-
-2.1. Notation Conventions
-
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in RFC 2119 [9].
-
- Syntax Syntax for string based protocols follow the
- conventions defined for ABNF [11].
-
- Strings All strings are encoded using the UTF-8 [23]
- transformation of the Unicode [6] character set and
- are NOT null terminated when transmitted. Strings
- are preceded by a two byte length field.
-
- <string-list> A comma delimited list of strings with the
- following syntax:
-
- string-list = string / string `,' string-list
-
- In format diagrams, any field ending with a \ indicates a variable
- length field, given by a prior length field in the protocol.
-
-
-
-
-Guttman, et al. Standards Track [Page 4]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-3. Protocol Overview
-
- The Service Location Protocol supports a framework by which client
- applications are modeled as 'User Agents' and services are advertised
- by 'Service Agents.' A third entity, called a 'Directory Agent'
- provides scalability to the protocol.
-
- The User Agent issues a 'Service Request' (SrvRqst) on behalf of the
- client application, specifying the characteristics of the service
- which the client requires. The User Agent will receive a Service
- Reply (SrvRply) specifying the location of all services in the
- network which satisfy the request.
-
- The Service Location Protocol framework allows the User Agent to
- directly issue requests to Service Agents. In this case the request
- is multicast. Service Agents receiving a request for a service which
- they advertise unicast a reply containing the service's location.
-
- +------------+ ----Multicast SrvRqst----> +---------------+
- | User Agent | | Service Agent |
- +------------+ <----Unicast SrvRply------ +---------------+
-
- In larger networks, one or more Directory Agents are used. The
- Directory Agent functions as a cache. Service Agents send register
- messages (SrvReg) containing all the services they advertise to
- Directory Agents and receive acknowledgements in reply (SrvAck).
- These advertisements must be refreshed with the Directory Agent or
- they expire. User Agents unicast requests to Directory Agents
- instead of Service Agents if any Directory Agents are known.
-
- +-------+ -Unicast SrvRqst-> +-----------+ <-Unicast SrvReg- +--------+
- | User | | Directory | |Service |
- | Agent | | Agent | | Agent |
- +-------+ <-Unicast SrvRply- +-----------+ -Unicast SrvAck-> +--------+
-
- User and Service Agents discover Directory Agents two ways. First,
- they issue a multicast Service Request for the 'Directory Agent'
- service when they start up. Second, the Directory Agent sends an
- unsolicited advertisement infrequently, which the User and Service
- Agents listen for. In either case the Agents receive a DA
- Advertisement (DAAdvert).
-
- +---------------+ --Multicast SrvRqst-> +-----------+
- | User or | <--Unicast DAAdvert-- | Directory |
- | Service Agent | | Agent |
- +---------------+ <-Multicast DAAdvert- +-----------+
-
-
-
-
-
-Guttman, et al. Standards Track [Page 5]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- Services are grouped together using 'scopes'. These are strings
- which identify services which are administratively identified. A
- scope could indicate a location, administrative grouping, proximity
- in a network topology or some other category. Service Agents and
- Directory Agents are always assigned a scope string.
-
- A User Agent is normally assigned a scope string (in which case the
- User Agent will only be able to discover that particular grouping of
- services). This allows a network administrator to 'provision'
- services to users. Alternatively, the User Agent may be configured
- with no scope at all. In that case, it will discover all available
- scopes and allow the client application to issue requests for any
- service available on the network.
-
- +---------+ Multicast +-----------+ Unicast +-----------+
- | Service | <--SrvRqst-- | User | --SrvRqst-> | Directory |
- | Agent | | Agent | | Agent |
- | Scope=X | Unicast | Scope=X,Y | Unicast | Scope=Y |
- +---------+ --SrvRply--> +-----------+ <-SrvRply-- +-----------+
-
- In the above illustration, the User Agent is configured with scopes X
- and Y. If a service is sought in scope X, the request is multicast.
- If it is sought in scope Y, the request is unicast to the DA.
- Finally, if the request is to be made in both scopes, the request
- must be both unicast and multicast.
-
- Service Agents and User Agents may verify digital signatures provided
- with DAAdverts. User Agents and Directory Agents may verify service
- information registered by Service Agents. The keying material to use
- to verify digital signatures is identified using a SLP Security
- Parameter Index, or SLP SPI.
-
- Every host configured to generate a digital signature includes the
- SLP SPI used to verify it in the Authentication Block it transmits.
- Every host which can verify a digital signature must be configured
- with keying material and other parameters corresponding with the SLP
- SPI such that it can perform verifying calculations.
-
- SAs MUST accept multicast service requests and unicast service
- requests. SAs MAY accept other requests (Attribute and Service Type
- Requests). SAs MUST listen for multicast DA Advertisements.
-
- The features described up to this point are required to implement. A
- minimum implementation consists of a User Agent, Service Agent or
- both.
-
- There are several optional features in the protocol. Note that DAs
- MUST support all these message types, but DA support is itself
-
-
-
-Guttman, et al. Standards Track [Page 6]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- optional to deploy on networks using SLP. UAs and SAs MAY support
- these message types. These operations are primarily for interactive
- use (browsing or selectively updating service registrations.) UAs
- and SAs either support them or not depending on the requirements and
- constraints of the environment where they will be used.
-
- Service Type Request A request for all types of service on the
- network. This allows generic service browsers
- to be built.
-
- Service Type Reply A reply to a Service Type Request.
-
- Attribute Request A request for attributes of a given type of
- service or attributes of a given service.
-
- Attribute Reply A reply to an Attribute Request.
-
- Service Deregister A request to deregister a service or some
- attributes of a service.
-
- Service Update A subsequent SrvRqst to an advertisement.
- This allows individual dynamic attributes to
- be updated.
-
- SA Advertisement In the absence of Directory Agents, a User
- agent may request Service Agents in order
- to discover their scope configuration. The
- User Agent may use these scopes in requests.
-
- In the absence of Multicast support, Broadcast MAY be used. The
- location of DAs may be staticly configured, discovered using SLP as
- described above, or configured using DHCP. If a message is too large,
- it may be unicast using TCP.
-
- A SLPv2 implementation SHOULD support SLPv1 [22]. This support
- includes:
-
- 1. SLPv2 DAs are deployed, phasing out SLPv1 DAs.
-
- 2. Unscoped SLPv1 requests are considered to be of DEFAULT scope.
- SLPv1 UAs MUST be reconfigured to have a scope if possible.
-
- 3. There is no way for an SLPv2 DA to behave as an unscoped SLPv1
- DA. SLPv1 SAs MUST be reconfigured to have a scope if possible.
-
- 4. SLPv2 DAs answer SLPv1 requests with SLPv1 replies and SLPv2
- requests with SLPv2 replies.
-
-
-
-
-Guttman, et al. Standards Track [Page 7]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- 5. SLPv2 DAs use registrations from SLPv1 and SLPv2 in the same
- way. That is, incoming requests from agents using either version
- of the protocol will be matched against this common set of
- registered services.
-
- 6. SLPv2 registrations which use Language Tags which are greater
- than 2 characters long will be inaccessible to SLPv1 UAs.
-
- 7. SLPv2 DAs MUST return only service type strings in SrvTypeRply
- messages which conform to SLPv1 service type string syntax, ie.
- they MUST NOT return Service Type strings for abstract service
- types.
-
- 8. SLPv1 SrvRqsts and AttrRqsts by Service Type do not match Service
- URLs with abstract service types. They only match Service URLs
- with concrete service types.
-
- SLPv1 UAs will not receive replies from SLPv2 SAs and SLPv2 UAs will
- not receive replies from SLPv1 SAs. In order to interoperate UAs and
- SAs of different versions require a SLPv2 DA to be present on the
- network which supports both protocols.
-
- The use of abstract service types in SLPv2 presents a backward
- compatibility issue for SLPv1. It is possible that a SLPv1 UA will
- request a service type which is actually an abstract service type.
- Based on the rules above, the SLPv1 UA will never receive an abstract
- Service URL reply. For example, the service type 'service:x' in a
- SLPv1 AttrRqst will not return the attributes of 'service:x:y://orb'.
- If the request was made with SLPv2, it would return the attributes of
- this service.
-
-4. URLs used with Service Location
-
- A Service URL indicates the location of a service. This URL may be
- of the service: scheme [13] (reviewed in section 4.1), or any other
- URL scheme conforming to the URI standard [8], except that URLs
- without address specifications SHOULD NOT be advertised by SLP. The
- service type for an 'generic' URL is its scheme name. For example,
- the service type string for "http://www.srvloc.org" would be "http".
-
- Reserved characters in URLs follow the rules in RFC 2396 [8].
-
-
-
-
-
-
-
-
-
-
-Guttman, et al. Standards Track [Page 8]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-4.1. Service: URLs
-
- Service URL syntax and semantics are defined in [13]. Any network
- service may be encoded in a Service URL.
-
- This section provides an introduction to Service URLs and an example
- showing a simple application of them, representing standard network
- services.
-
- A Service URL may be of the form:
-
- "service:"<srvtype>"://"<addrspec>
-
- The Service Type of this service: URL is defined to be the string up
- to (but not including) the final `:' before <addrspec>, the address
- specification.
-
- <addrspec> is a hostname (which should be used if possible) or dotted
- decimal notation for a hostname, followed by an optional `:' and
- port number.
-
- A service: scheme URL may be formed with any standard protocol name
- by concatenating "service:" and the reserved port [1] name. For
- example, "service:tftp://myhost" would indicate a tftp service. A
- tftp service on a nonstandard port could be
- "service:tftp://bad.glad.org:8080".
-
- Service Types SHOULD be defined by a "Service Template" [13], which
- provides expected attributes, values and protocol behavior. An
- abstract service type (also described in [13]) has the form
-
- "service:<abstract-type>:<concrete-type>".
-
- The service type string "service:<abstract-type>" matches all
- services of that abstract type. If the concrete type is included
- also, only these services match the request. For example: a SrvRqst
- or AttrRqst which specifies "service:printer" as the Service Type
- will match the URL service:printer:lpr://hostname and
- service:printer:http://hostname. If the requests specified
- "service:printer:http" they would match only the latter URL.
-
- An optional substring MAY follow the last `.' character in the
- <srvtype> (or <abstract-type> in the case of an abstract service type
- URL). This substring is the Naming Authority, as described in Section
- 9.6. Service types with different Naming Authorities are quite
- distinct. In other words, service:x.one and service:x.two are
- different service types, as are service:abstract.one:y and
- service:abstract.two:y.
-
-
-
-Guttman, et al. Standards Track [Page 9]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-4.2. Naming Authorities
-
- A Naming Authority MAY optionally be included as part of the Service
- Type string. The Naming Authority of a service defines the meaning
- of the Service Types and attributes registered with and provided by
- Service Location. The Naming Authority itself is typically a string
- which uniquely identifies an organization. IANA is the implied
- Naming Authority when no string is appended. "IANA" itself MUST NOT
- be included explicitly.
-
- Naming Authorities may define Service Types which are experimental,
- proprietary or for private use. Using a Naming Authority, one may
- either simply ignore attributes upon registration or create a local-
- use only set of attributes for one's site. The procedure to use is
- to create a 'unique' Naming Authority string and then specify the
- Standard Attribute Definitions as described above. This Naming
- Authority will accompany registration and queries, as described in
- Sections 8.1 and 8.3. Service Types SHOULD be registered with IANA
- to allow for Internet-wide interoperability.
-
-4.3. URL Entries
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Reserved | Lifetime | URL Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- |URL len, contd.| URL (variable length) \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- |# of URL auths | Auth. blocks (if any) \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- SLP stores URLs in protocol elements called URL Entries, which
- associate a length, a lifetime, and possibly authentication
- information along with the URL. URL Entries, defined as shown above,
- are used in Service Replies and Service Registrations.
-
-5. Service Attributes
-
- A service advertisement is often accompanied by Service Attributes.
- These attributes are used by UAs in Service Requests to select
- appropriate services.
-
- The allowable attributes which may be used are typically specified by
- a Service Template [13] for a particular service type. Services
- which are advertised according to a standard template MUST register
- all service attributes which the standard template requires. URLs
- with schemes other than "service:" MAY be registered with attributes.
-
-
-
-Guttman, et al. Standards Track [Page 10]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- Non-standard attribute names SHOULD begin with "x-", because no
- standard attribute name will ever have those initial characters.
-
- An attribute list is a string encoding of the attributes of a
- service. The following ABNF [11] grammar defines attribute lists:
-
- attr-list = attribute / attribute `,' attr-list
- attribute = `(' attr-tag `=' attr-val-list `)' / attr-tag
- attr-val-list = attr-val / attr-val `,' attr-val-list
- attr-tag = 1*safe-tag
- attr-val = intval / strval / boolval / opaque
- intval = [-]1*DIGIT
- strval = 1*safe-val
- boolval = "true" / "false"
- opaque = "\FF" 1*escape-val
- safe-val = ; Any character except reserved.
- safe-tag = ; Any character except reserved, star and bad-tag.
- reserved = `(' / `)' / `,' / `\' / `!' / `<' / `=' / `>' / `~' / CTL
- escape-val = `\' HEXDIG HEXDIG
- bad-tag = CR / LF / HTAB / `_'
- star = `*'
-
- The <attr-list>, if present, MUST be scanned prior to evaluation for
- all occurrences of the escape character `\'. Reserved characters
- MUST be escaped (other characters MUST NOT be escaped). All escaped
- characters must be restored to their value before attempting string
- matching. For Opaque values, escaped characters are not converted -
- they are interpreted as bytes.
-
- Boolean Strings which have the form "true" or "false" can
- only take one value and may only be compared with
- '='. Booleans are case insensitive when compared.
-
- Integer Strings which take the form [-] 1*<digit> and fall
- in the range "-2147483648" to "2147483647" are
- considered to be Integers. These are compared using
- integer comparison.
-
- String All other Strings are matched using strict lexical
- ordering (see Section 6.4).
-
- Opaque Opaque values are sequences of bytes. These are
- distinguished from Strings since they begin with
- the sequence "\FF". This, unescaped, is an illegal
- UTF-8 encoding, indicating that what follows is a
- sequence of bytes expressed in escape notation which
- constitute the binary value. For example, a '0' byte
- is encoded "\FF\00".
-
-
-
-Guttman, et al. Standards Track [Page 11]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- A string which contains escaped values other than from the reserved
- set of characters is illegal. If such a string is included in an
- <attr-list>, <tag-list> or search filter, the SA or DA which receives
- it MUST return a PARSE_ERROR to the message.
-
- A keyword has only an <attr-tag>, and no values. Attributes can have
- one or multiple values. All values are expressed as strings.
-
- When values have been advertised by a SA or are registered in a DA,
- they can take on implicit typing rules for matching incoming
- requests.
-
- Stored values must be consistent, i.e., x=4,true,sue,\ff\00\00 is
- disallowed. A DA or SA receiving such an <attr-list> MUST return an
- INVALID_REGISTRATION error.
-
-6. Required Features
-
- This section defines the minimal implementation requirements for SAs
- and UAs as well as their interaction with DAs. A DA is not required
- for SLP to function, but if it is present, the UA and SA MUST
- interact with it as defined below.
-
- A minimal implementation may consist of either a UA or SA or both.
- The only required features of a UA are that it can issue SrvRqsts
- according to the rules below and interpret DAAdverts, SAAdverts and
- SrvRply messages. The UA MUST issue requests to DAs as they are
- discovered. An SA MUST reply to appropriate SrvRqsts with SrvRply or
- SAAdvert messages. The SA MUST also register with DAs as they are
- discovered.
-
- UAs perform discovery by issuing Service Request messages. SrvRqst
- messages are issued, using UDP, following these prioritized rules:
-
- 1. A UA issues a request to a DA which it has been configured with
- by DHCP.
-
- 2. A UA issues requests to DAs which it has been statically
- configured with.
-
- 3. UA uses multicast/convergence SrvRqsts to discover DAs, then uses
- that set of DAs. A UA that does not know of any DAs SHOULD retry
- DA discovery, increasing the waiting interval between subsequent
- attempts exponentially (doubling the wait interval each time.)
- The recommended minimum waiting interval is CONFIG_DA_FIND
- seconds.
-
-
-
-
-
-Guttman, et al. Standards Track [Page 12]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- 4. A UA with no knowledge of DAs sends requests using multicast
- convergence to SAs. SAs unicast replies to UAs according to the
- multicast convergence algorithm.
-
- UAs and SAs are configured with a list of scopes to use according to
- these prioritized rules:
-
- 1. With DHCP.
-
- 2. With static configuration. The static configuration may be
- explicitly set to NO SCOPE for UAs, if the User Selectable Scope
- model is used. See section 11.2.
-
- 3. In the absence of configuration, the agent's scope is "DEFAULT".
-
- A UA MUST issue requests with one or more of the scopes it has been
- configured to use.
-
- A UA which has been statically configured with NO SCOPE LIST will use
- DA or SA discovery to determine its scope list dynamically. In this
- case it uses an empty scope list to discover DAs and possibly SAs.
- Then it uses the scope list it obtains from DAAdverts and possibly
- SAAdverts in subsequent requests.
-
- The SA MUST register all its services with any DA it discovers, if
- the DA advertises any of the scopes it has been configured with. A
- SA obtains information about DAs as a UA does. In addition, the SA
- MUST listen for multicast unsolicited DAAdverts. The SA registers by
- sending SrvReg messages to DAs, which reply with SrvReg messages to
- indicate success. SAs register in ALL the scopes they were
- configured to use.
-
-6.1. Use of Ports, UDP, and Multicast
-
- DAs MUST accept unicast requests and multicast directory agent
- discovery service requests (for the service type "service:directory-
- agent").
-
- SAs MUST accept multicast requests and unicast requests both. The SA
- can distinguish between them by whether the REQUEST MCAST flag is set
- in the SLP Message header.
-
- The Service Location Protocol uses multicast for discovering DAs and
- for issuing requests to SAs by default.
-
- The reserved listening port for SLP is 427. This is the destination
- port for all SLP messages. SLP messages MAY be transmitted on an
- ephemeral port. Replies and acknowledgements are sent to the port
-
-
-
-Guttman, et al. Standards Track [Page 13]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- from which the request was issued. The default maximum transmission
- unit for UDP messages is 1400 bytes excluding UDP and other headers.
-
- If a SLP message does not fit into a UDP datagram it MUST be
- truncated to fit, and the OVERFLOW flag is set in the reply message.
- A UA which receives a truncated message MAY open a TCP connection
- (see section 6.2) with the DA or SA and retransmit the request, using
- the same XID. It MAY also attempt to make use of the truncated reply
- or reformulate a more restrictive request which will result in a
- smaller reply.
-
- SLP Requests messages are multicast to The Administratively Scoped
- SLP Multicast [17] address, which is 239.255.255.253. The default
- TTL to use for multicast is 255.
-
- In isolated networks, broadcasts will work in place of multicast. To
- that end, SAs SHOULD and DAs MUST listen for broadcast Service
- Location messages at port 427. This allows UAs which do not support
- multicast the use of Service Location on isolated networks.
-
- Setting multicast TTL to less than 255 (the default) limits the range
- of SLP discovery in a network, and localizes service information in
- the network.
-
-6.2. Use of TCP
-
- A SrvReg or SrvDeReg may be too large to fit into a datagram. To
- send such large SLP messages, a TCP (unicast) connection MUST be
- established.
-
- To avoid the need to implement TCP, one MUST insure that:
-
- - UAs never issue requests larger than the Path MTU. SAs can omit
- TCP support only if they never have to receive unicast requests
- longer than the path MTU.
-
- - UAs can accept replies with the 'OVERFLOW' flag set, and make use
- of the first result included, or reformulate the request.
-
- - Ensure that a SA can send a SrvRply, SrvReg, or SrvDeReg in
- a single datagram. This means limiting the size of URLs,
- the number of attributes and the number of authenticators
- transmitted.
-
- DAs MUST be able to respond to UDP and TCP requests, as well as
- multicast DA Discovery SrvRqsts. SAs MUST be able to respond to TCP
- unless the SA will NEVER receive a request or send a reply which will
- exceed a datagram in size (e.g., some embedded systems).
-
-
-
-Guttman, et al. Standards Track [Page 14]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- A TCP connection MAY be used for a single SLP transaction, or for
- multiple transactions. Since there are length fields in the message
- headers, SLP Agents can send multiple requests along a connection and
- read the return stream for acknowledgments and replies.
-
- The initiating agent SHOULD close the TCP connection. The DA SHOULD
- wait at least CONFIG_CLOSE_CONN seconds before closing an idle
- connection. DAs and SAs SHOULD close an idle TCP connection after
- CONFIG_CLOSE_CONN seconds to ensure robust operation, even when the
- initiating agent neglects to close it. See Section 13 for timing
- rules.
-
-6.3. Retransmission of SLP messages
-
- Requests which fail to elicit a response are retransmitted. The
- initial retransmission occurs after a CONFIG_RETRY wait period.
- Retransmissions MUST be made with exponentially increasing wait
- intervals (doubling the wait each time). This applies to unicast as
- well as multicast SLP requests.
-
- Unicast requests to a DA or SA should be retransmitted until either a
- response (which might be an error) has been obtained, or for
- CONFIG_RETRY_MAX seconds.
-
- Multicast requests SHOULD be reissued over CONFIG_MC_MAX seconds
- until a result has been obtained. UAs need only wait till they
- obtain the first reply which matches their request. That is,
- retransmission is not required if the requesting agent is prepared to
- use the 'first reply' instead of 'as many replies as possible within
- a bounded time interval.'
-
- When SLP SrvRqst, SrvTypeRqst, and AttrRqst messages are multicast,
- they contain a <PRList> of previous responders. Initially the
- <PRList> is empty. When these requests are unicast, the <PRList> is
- always empty.
-
- Any DA or SA which sees its address in the <PRList> MUST NOT respond
- to the request.
-
- The message SHOULD be retransmitted until the <PRList> causes no
- further responses to be elicited or the previous responder list and
- the request will not fit into a single datagram or until
- CONFIG_MC_MAX seconds elapse.
-
- UAs which retransmit a request use the same XID. This allows a DA or
- SA to cache its reply to the original request and then send it again,
- should a duplicate request arrive. This cached information should
- only be held very briefly. XIDs SHOULD be randomly chosen to avoid
-
-
-
-Guttman, et al. Standards Track [Page 15]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- duplicate XIDs in requests if UAs restart frequently.
-
-6.4. Strings in SLP messages
-
- The escape character is a backslash (UTF-8 0x5c) followed by the two
- hexadecimal digits of the escaped character. Only reserved
- characters are escaped. For example, a comma (UTF-8 0x29) is escaped
- as `\29', and a backslash `\' is escaped as `\5c'. String lists used
- in SLP define the comma to be the delimiter between list elements, so
- commas in data strings must be escaped in this manner. Backslashes
- are the escape character so they also must always be escaped when
- included in a string literally.
-
- String comparison for order and equality in SLP MUST be case
- insensitive inside the 0x00-0x7F subrange of UTF-8 (which corresponds
- to ASCII character encoding). Case insensitivity SHOULD be supported
- throughout the entire UTF-8 encoded Unicode [6] character set.
-
- The case insensitivity rule applies to all string matching in SLPv2,
- including Scope strings, SLP SPI strings, service types, attribute
- tags and values in query handling, language tags, previous responder
- lists. Comparisons of URL strings, however, is case sensitive.
-
- White space (SPACE, CR, LF, TAB) internal to a string value is folded
- to a single SPACE character for the sake of string comparisons.
- White space preceding or following a string value is ignored for the
- purposes of string comparison. For example, " Some String "
- matches "SOME STRING".
-
- String comparisons (using comparison operators such as `<=' or `>=')
- are done using lexical ordering in UTF-8 encoded characters, not
- using any language specific rules.
-
- The reserved character `*' may precede, follow or be internal to a
- string value in order to indicate substring matching. The query
- including this character matches any character sequence which
- conforms to the letters which are not wildcarded.
-
-6.4.1. Scope Lists in SLP
-
- Scope Lists in SLPv2 have the following grammar:
-
- scope-list = scope-val / scope-val `,' scope-list
- scope-val = 1*safe
- safe = ; Any character except reserved.
- reserved = `(' / `)' / `,' / `\' / `!' / `<' / `=' / `>' / `~' / CTL
- / `;' / `*' / `+'
- escape-val = `\' HEXDIG HEXDIG
-
-
-
-Guttman, et al. Standards Track [Page 16]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- Scopes which include any reserved characters must replace the escaped
- character with the escaped-val format.
-
-7. Errors
-
- If the Error Code in a SLP reply message is nonzero, the rest of the
- message MAY be truncated. No data is necessarily transmitted or
- should be expected after the header and the error code, except
- possibly for some optional extensions to clarify the error, for
- example as in section D.1.
-
- Errors are only returned for unicast requests. Multicast requests
- are silently discarded if they result in an error.
-
- LANGUAGE_NOT_SUPPORTED = 1: There is data for the service type in
- the scope in the AttrRqst or SrvRqst, but not in the requested
- language.
- PARSE_ERROR = 2: The message fails to obey SLP syntax.
- INVALID_REGISTRATION = 3: The SrvReg has problems -- e.g., a zero
- lifetime or an omitted Language Tag.
- SCOPE_NOT_SUPPORTED = 4: The SLP message did not include a scope in
- its <scope-list> supported by the SA or DA.
- AUTHENTICATION_UNKNOWN = 5: The DA or SA receives a request for an
- unsupported SLP SPI.
- AUTHENTICATION_ABSENT = 6: The DA expected URL and ATTR
- authentication in the SrvReg and did not receive it.
- AUTHENTICATION_FAILED = 7: The DA detected an authentication error in
- an Authentication block.
- VER_NOT_SUPPORTED = 9: Unsupported version number in message header.
- INTERNAL_ERROR = 10: The DA (or SA) is too sick to respond.
- DA_BUSY_NOW = 11: UA or SA SHOULD retry, using exponential back off.
- OPTION_NOT_UNDERSTOOD = 12: The DA (or SA) received an unknown option
- from the mandatory range (see section 9.1).
- INVALID_UPDATE = 13: The DA received a SrvReg without FRESH set, for
- an unregistered service or with inconsistent Service Types.
- MSG_NOT_SUPPORTED = 14: The SA received an AttrRqst or SrvTypeRqst
- and does not support it.
- REFRESH_REJECTED = 15: The SA sent a SrvReg or partial SrvDereg to a
- DA more frequently than the DA's min-refresh-interval.
-
-8. Required SLP Messages
-
- All length fields in SLP messages are in network byte order. Where '
- tuples' are defined, these are sequences of bytes, in the precise
- order listed, in network byte order.
-
- SLP messages all begin with the following header:
-
-
-
-
-Guttman, et al. Standards Track [Page 17]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Version | Function-ID | Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Length, contd.|O|F|R| reserved |Next Ext Offset|
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Next Extension Offset, contd.| XID |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Language Tag Length | Language Tag \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Message Type Abbreviation Function-ID
-
- Service Request SrvRqst 1
- Service Reply SrvRply 2
- Service Registration SrvReg 3
- Service Deregister SrvDeReg 4
- Service Acknowledge SrvAck 5
- Attribute Request AttrRqst 6
- Attribute Reply AttrRply 7
- DA Advertisement DAAdvert 8
- Service Type Request SrvTypeRqst 9
- Service Type Reply SrvTypeRply 10
- SA Advertisement SAAdvert 11
-
- SAs and UAs MUST support SrvRqst, SrvRply and DAAdvert. SAs MUST
- also support SrvReg, SAAdvert and SrvAck. For UAs and SAs, support
- for other messages are OPTIONAL.
-
- - Length is the length of the entire SLP message, header included.
- - The flags are: OVERFLOW (0x80) is set when a message's length
- exceeds what can fit into a datagram. FRESH (0x40) is set on
- every new SrvReg. REQUEST MCAST (0x20) is set when multicasting
- or broadcasting requests. Reserved bits MUST be 0.
- - Next Extension Offset is set to 0 unless extensions are used.
- The first extension begins at 'offset' bytes, from the message's
- beginning. It is placed after the SLP message data. See
- Section 9.1 for how to interpret unrecognized SLP Extensions.
- - XID is set to a unique value for each unique request. If the
- request is retransmitted, the same XID is used. Replies set
- the XID to the same value as the xid in the request. Only
- unsolicited DAAdverts are sent with an XID of 0.
- - Lang Tag Length is the length in bytes of the Language Tag field.
- - Language Tag conforms to [7]. The Language Tag in a reply MUST
- be the same as the Language Tag in the request. This field must
- be encoded 1*8ALPHA *("-" 1*8ALPHA).
-
-
-
-
-Guttman, et al. Standards Track [Page 18]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- If an option is specified, and not included in the message, the
- receiver MUST respond with a PARSE_ERROR.
-
-8.1. Service Request
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Service Location header (function = SrvRqst = 1) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of <PRList> | <PRList> String \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of <service-type> | <service-type> String \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of <scope-list> | <scope-list> String \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of predicate string | Service Request <predicate> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of <SLP SPI> string | <SLP SPI> String \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- In order for a Service to match a SrvRqst, it must belong to at least
- one requested scope, support the requested service type, and match
- the predicate. If the predicate is present, the language of the
- request (ignoring the dialect part of the Language Tag) must match
- the advertised service.
-
- <PRList> is the Previous Responder List. This <string-list> contains
- dotted decimal notation IP (v4) addresses, and is iteratively
- multicast to obtain all possible results (see Section 6.3). UAs
- SHOULD implement this discovery algorithm. SAs MUST use this to
- discover all available DAs in their scope, if they are not already
- configured with DA addresses by some other means.
-
- A SA silently drops all requests which include the SA's address in
- the <PRList>. An SA which has multiple network interfaces MUST check
- if any of the entries in the <PRList> equal any of its interfaces.
- An entry in the PRList which does not conform to an IPv4 dotted
- decimal address is ignored: The rest of the <PRList> is processed
- normally and an error is not returned.
-
- Once a <PRList> plus the request exceeds the path MTU, multicast
- convergence stops. This algorithm is not intended to find all
- instances; it finds 'enough' to provide useful results.
-
- The <scope-list> is a <string-list> of configured scope names. SAs
- and DAs which have been configured with any of the scopes in this
- list will respond. DAs and SAs MUST reply to unicast requests with a
-
-
-
-Guttman, et al. Standards Track [Page 19]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- SCOPE_NOT_SUPPORTED error if the <scope-list> is omitted or fails to
- include a scope they support (see Section 11). The only exceptions
- to this are described in Section 11.2.
-
- The <service-type> string is discussed in Section 4. Normally, a
- SrvRqst elicits a SrvRply. There are two exceptions: If the
- <service-type> is set to "service:directory-agent", DAs respond to
- the SrvRqst with a DAAdvert (see Section 8.5.) If set to
- "service:service-agent", SAs respond with a SAAdvert (see Section
- 8.6.) If this field is omitted, a PARSE_ERROR is returned - as this
- field is REQUIRED.
-
- The <predicate> is a LDAPv3 search filter [14]. This field is
- OPTIONAL. Services may be discovered simply by type and scope.
- Otherwise, services are discovered which satisfy the <predicate>. If
- present, it is compared to each registered service. If the attribute
- in the filter has been registered with multiple values, the filter is
- compared to each value and the results are ORed together, i.e.,
- "(x=3)" matches a registration of (x=1,2,3); "(!(Y=0))" matches
- (y=0,1) since Y can be nonzero. Note the matching is case
- insensitive. Keywords (i.e., attributes without values) are matched
- with a "presence" filter, as in "(keyword=*)".
-
- An incoming request term MUST have the same type as the attribute in
- a registration in order to match. Thus, "(x=33)" will not match '
- x=true', etc. while "(y=foo)" will match 'y=FOO'.
- "(|(x=33)(y=foo))" will be satisfied, even though "(x=33)" cannot be
- satisfied, because of the `|' (boolean disjunction).
-
- Wildcard matching MUST be done with the '=' filter. In any other
- case, a PARSE_ERROR is returned. Request terms which include
- wildcards are interpreted to be Strings. That is, (x=34*) would
- match 'x=34foo', but not 'x=3432' since the first value is a String
- while the second value is an Integer; Strings don't match Integers.
-
- Examples of Predicates follow. <t> indicates the service type of the
- SrvRqst, <s> gives the <scope-list> and <p> is the predicate string.
-
- <t>=service:http <s>=DEFAULT <p>= (empty string)
- This is a minimal request string. It matches all http
- services advertised with the default scope.
-
- <t>=service:pop3 <s>=SALES,DEFAULT <p>=(user=wump)
- This is a request for all pop3 services available in
- the SALES or DEFAULT scope which serve mail to the user
- `wump'.
-
-
-
-
-
-Guttman, et al. Standards Track [Page 20]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- <t>=service:backup <s>=BLDG 32 <p>=(&(q<=3)(speed>=1000))
- This returns the backup service which has a queue length
- less than 3 and a speed greater than 1000. It will
- return this only for services registered with the BLDG 32
- scope.
-
- <t>=service:directory-agent <s>=DEFAULT <p>=
- This returns DAAdverts for all DAs in the DEFAULT scope.
-
- DAs are discovered by sending a SrvRqst with the service type set to
- "service:directory-agent". If a predicate is included in the
- SrvRqst, the DA SHOULD respond only if the predicate can be satisfied
- with the DA's attributes. The <scope-list> MUST contain all scopes
- configured for the UA or SA which is discovering DAs.
-
- The <SLP SPI> string indicates a SLP SPI that the requester has been
- configured with. If this string is omitted, the responder does not
- include any Authentication Blocks in its reply. If it is included,
- the responder MUST return a reply which has an associated
- authentication block with the SLP SPI in the SrvRqst. If no replies
- may be returned because the SLP SPI is not supported, the responder
- returns an AUTHENTICATION_UNKNOWN error.
-
-8.2. Service Reply
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Service Location header (function = SrvRply = 2) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Error Code | URL Entry count |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | <URL Entry 1> ... <URL Entry N> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- The service reply contains zero or more URL entries (see Section
- 4.3). A service reply with zero URL entries MUST be returned in
- response to a unicast Service Request, if no matching URLs are
- present. A service reply with zero URL entries MUST NOT be sent in
- response to a multicast or broadcast service request (instead, if
- there was no match found or an error processing the request, the
- service reply should not be generated at all).
-
- If the reply overflows, the UA MAY simply use the first URL Entry in
- the list. A URL obtained by SLP may not be cached longer than
- Lifetime seconds, unless there is a URL Authenticator block present.
-
-
-
-
-
-Guttman, et al. Standards Track [Page 21]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- In that case, the cache lifetime is indicated by the Timestamp in the
- URL Authenticator (see Section 9.2).
-
- An authentication block is returned in the URL Entries, including the
- SLP SPI in the SrvRqst. If no SLP SPI was included in the request,
- no Authentication Blocks are returned in the reply. URL
- Authentication Blocks are defined in Section 9.2.1.
-
- If a SrvRply is sent by UDP, a URL Entry MUST NOT be included unless
- it fits entirely without truncation.
-
-8.3. Service Registration
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Service Location header (function = SrvReg = 3) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | <URL-Entry> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of service type string | <service-type> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of <scope-list> | <scope-list> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of attr-list string | <attr-list> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- |# of AttrAuths |(if present) Attribute Authentication Blocks...\
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- The <entry> is a URL Entry (see section 4.3). The Lifetime defines
- how long a DA can cache the registration. SAs SHOULD reregister
- before this lifetime expires (but SHOULD NOT more often than once per
- second). The Lifetime MAY be set to any value between 0 and 0xffff
- (maximum, around 18 hours). Long-lived registrations remain stale
- longer if the service fails and the SA does not deregister the
- service.
-
- The <service-type> defines the service type of the URL to be
- registered, regardless of the scheme of the URL. The <scope-list>
- MUST contain the names of all scopes configured for the SA, which the
- DA it is registering with supports. The default value for the
- <scope-list> is "DEFAULT" (see Section 11).
-
- The SA MUST register consistently with all DAs. If a SA is
- configured with scopes X and Y and there are three DAs, whose scopes
- are "X", "Y" and "X,Y" respectively, the SA will register the with
- all three DAs in their respective scopes. All future updates and
- deregistrations of the service must be sent to the same set of DAs in
-
-
-
-Guttman, et al. Standards Track [Page 22]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- the same scopes the service was initially registered in.
-
- The <attr-list>, if present, specifies the attributes and values to
- be associated with the URL by the DA (see Section 5).
-
- A SA configured with the ability to sign service registrations MUST
- sign each of the URLs and Attribute Lists using each of the keys it
- is configured to use, and the DA it is registering with accepts.
- (The SA MUST acquire DAAdverts for all DAs it will register with to
- obtain the DA's SLP SPI list and attributes, as described in Section
- 8.5). The SA supplies a SLP SPI in each authentication block
- indicating the SLP SPI configuration required to verify the digital
- signature. The format of the digital signatures used is defined in
- section 9.2.1.
-
- Subsequent registrations of previously registered services MUST
- contain the same list of SLP SPIs as previous ones or else DAs will
- reject them, replying with an AUTHENTICATION_ABSENT error.
-
- A registration with the FRESH flag set will replace *entirely* any
- previous registration for the same URL in the same language. If the
- FRESH flag is not set, the registration is an "incremental"
- registration (see Section 9.3).
-
-8.4. Service Acknowledgment
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Service Location header (function = SrvAck = 5) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Error Code |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- A DA returns a SrvAck to an SA after a SrvReg. It carries only a two
- byte Error Code (see Section 7).
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Guttman, et al. Standards Track [Page 23]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-8.5. Directory Agent Advertisement
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Service Location header (function = DAAdvert = 8) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Error Code | DA Stateless Boot Timestamp |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- |DA Stateless Boot Time,, contd.| Length of URL |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- \ URL \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Length of <scope-list> | <scope-list> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Length of <attr-list> | <attr-list> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Length of <SLP SPI List> | <SLP SPI List> String \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | # Auth Blocks | Authentication block (if any) \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- The Error Code is set to 0 when the DAAdvert is multicast. If the
- DAAdvert is being returned due to a unicast SrvRqst (ie. a request
- without the REQUEST MCAST flag set) the DA returns the same errors a
- SrvRply would.
-
- The <scope-list> of the SrvRqst must either be omitted or include a
- scope which the DA supports. The DA Stateless Boot Timestamp
- indicates the state of the DA (see section 12.1).
-
- The DA MAY include a list of its attributes in the DAAdvert. This
- list SHOULD be kept short, as the DAAdvert must fit into a datagram
- in order to be multicast.
-
- A potential scaling problem occurs in SLPv2 if SAs choose too low a
- Lifetime. In this case, an onerous amount of reregistration occurs
- as more services are deployed. SLPv2 allows DAs to control SAs
- frequency of registration. A DA MAY reissue a DAAdvert with a new
- set of attributes at any time, to change the reregistration behavior
- of SAs. These apply only to subsequent registrations; existing
- service registrations with the DA retain their registered lifetimes.
-
- If the DAAdvert includes the attribute "min-refresh-interval" it MUST
- be set to a single Integer value indicating a number of seconds. If
- this attribute is present SAs MUST NOT refresh any particular service
- advertisement more frequently than this value. If SrvReg with the
- FRESH FLAG not set or SrvDereg with a non-empty tag list updating a
-
-
-
-Guttman, et al. Standards Track [Page 24]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- particular service are received more often than the value for the
- DA's advertised "min-refresh-interval" attribute the DA SHOULD reject
- the message and return a REFRESH_REJECTED error in the SrvAck.
-
- The URL is "service:directory-agent://"<addr> of the DA, where <addr>
- is the dotted decimal numeric address of the DA. The <scope-list> of
- the DA MUST NOT be NULL.
-
- The SLP SPI List is the list of SPIs that the DA is capable of
- verifying. SAs MUST NOT register services with authentication blocks
- for those SLP SPIs which are not on the list. DAs will reject
- service registrations which they cannot verify, returning an
- AUTHENTICATION_UNKNOWN error.
-
- The format of DAAdvert signatures is defined in Section 9.2.1.
-
- The SLP SPI which is used to verify the DAAdvert is included in the
- Authentication Block. When DAAdverts are multicast, they may have to
- transmit multiple DAAdvert Authentication Blocks. If the DA is
- configured to be able to generate signatures for more than one SPI,
- the DA MUST include one Authentication Block for each SPI. If all
- these Authentication Blocks do not fit in a single datagram (to
- multicast or broadcast) the DA MUST send separate DAAdverts so that
- Authentication Blocks for all the SPIs the DA is capable of
- generating are sent.
-
- If the DAAdvert is being sent in response to a SrvRqst, the DAAdvert
- contains only the authentication block with the SLP SPI in the
- SrvRqst, if the DA is configured to be able to produce digital
- signatures using that SLP SPI. If the SrvRqst is unicast to the DA
- (the REQUEST MCAST flag in the header is not set) and an unsupported
- SLP SPI is included, the DA replies with a DAAdvert with the Error
- Code set to an AUTHENTICATION_UNKNOWN error.
-
- UAs SHOULD be configured with SLP SPIs that will allow them to verify
- DA Advertisements. If the UA is configured with SLP SPIs and
- receives a DAAdvert which fails to be verified using one of them, the
- UA MUST discard it.
-
-8.6. Service Agent Advertisement
-
- User Agents MUST NOT solicit SA Advertisements if they have been
- configured to use a particular DA, if they have been configured with
- a <scope-list> or if DAs have been discovered. UAs solicit SA
- Advertisements only when they are explicitly configured to use User
- Selectable scopes (see Section 11.2) in order to discover the scopes
- that SAs support. This allows UAs without scope configuration to
- make use of either DAs or SAs without any functional difference
-
-
-
-Guttman, et al. Standards Track [Page 25]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- except performance.
-
- A SA MAY be configured with attributes, and SHOULD support the
- attribute 'service-type' whose value is all the service types of
- services represented by the SA. SAs MUST NOT respond if the SrvRqst
- predicate is not satisfied. For example, only SAs offering 'nfs'
- services SHOULD respond with a SAAdvert to a SrvRqst for service type
- "service:service-agent" which includes a predicate "(service-
- type=nfs)".
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Service Location header (function = SAAdvert = 11) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Length of URL | URL \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Length of <scope-list> | <scope-list> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Length of <attr-list> | <attr-list> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | # auth blocks | authentication block (if any) \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- The SA responds only to multicast SA discovery requests which either
- include no <scope-list> or a scope which they are configured to use.
-
- The SAAdvert MAY include a list of attributes the SA supports. This
- attribute list SHOULD be kept short so that the SAAdvert will not
- exceed the path MTU in size.
-
- The URL is "service:service-agent://"<addr> of the SA, where <addr>
- is the dotted decimal numeric address of the SA. The <scope-list> of
- the SA MUST NOT be null.
-
- The SAAdvert contains one SAAdvert Authentication block for each SLP
- SPI the SA can produce Authentication Blocks for. If the UA can
- verify the Authentication Block of the SAAdvert, and the SAAdvert
- fails to be verified, the UA MUST discard it.
-
-9. Optional Features
-
- The features described in this section are not mandatory. Some are
- useful for interactive use of SLP (where a user rather than a program
- will select services, using a browsing interface for example) and for
- scalability of SLP to larger networks.
-
-
-
-
-
-Guttman, et al. Standards Track [Page 26]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-9.1. Service Location Protocol Extensions
-
- The format of a Service Location Extension is:
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Extension ID | Next Extension Offset |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Offset, contd.| Extension Data \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Extension IDs are assigned in the following way:
-
- 0x0000-0x3FFF Standardized. Optional to implement. Ignore if
- unrecognized.
- 0x4000-0x7FFF Standardized. Mandatory to implement. A UA or SA
- which receives this option in a reply and does not understand
- it MUST silently discard the reply. A DA or SA which receives
- this option in a request and does not understand it MUST return
- an OPTION_NOT_UNDERSTOOD error.
- 0x8000-0x8FFF For private use (not standardized). Optional to
- implement. Ignore if unrecognized.
- 0x9000-0xFFFF Reserved.
-
- The three byte offset to next extension indicates the position of the
- next extension as offset from the beginning of the SLP message.
-
- The offset value is 0 if there are no extensions following the
- current extension.
-
- If the offset is 0, the length of the current Extension Data is
- determined by subtracting total length of the SLP message as given in
- the SLP message header minus the offset of the current extension.
-
- Extensions defined in this document are in Section D. See section 15
- for procedures that are required when specifying new SLP extensions.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Guttman, et al. Standards Track [Page 27]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-9.2. Authentication Blocks
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Block Structure Descriptor | Authentication Block Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Timestamp |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | SLP SPI String Length | SLP SPI String \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Structured Authentication Block ... \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Authentication blocks are returned with certain SLP messages to
- verify that the contents have not been modified, and have been
- transmitted by an authorized agent. The authentication data
- (contained in the Structured Authentication Block) is typically case
- sensitive. Even though SLP registration data (e.g., attribute
- values) are typically are not case sensitive, the case of the
- registration data has to be preserved by the registering DA so that
- UAs will be able to verify the data used for calculating digital
- signature data.
-
- The Block Structure Descriptor (BSD) identifies the format of the
- Authenticator which follows. BSDs 0x0000-0x7FFF will be maintained
- by IANA. BSDs 0x8000-0x8FFF are for private use.
-
- The Authentication Block Length is the length of the entire block,
- starting with the BSD.
-
- The Timestamp is the time that the authenticator expires (to prevent
- replay attacks.) The Timestamp is a 32-bit unsigned fixed-point
- number of seconds relative to 0h on 1 January 1970. SAs use this
- value to indicate when the validity of the digital signature expires.
- This Timestamp will wrap back to 0 in the year 2106. Once the value
- of the Timestamp wraps, the time at which the Timestamp is relative
- to resets. For example, after 06h28 and 16 seconds 5 February 2106,
- all Timestamp values will be relative to that epoch date.
-
- The SLP Security Parameters Index (SPI) string identifies the key
- length, algorithm parameters and keying material to be used by agents
- to verify the signature data in the Structured Authentication Block.
- The SLP SPI string has the same grammar as the <scope-val> defined in
- Section 6.4.1.
-
- Reserved characters in SLP SPI strings must be escaped using the same
- convention as used throughout SLPv2.
-
-
-
-Guttman, et al. Standards Track [Page 28]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- SLP SPIs deployed in a site MUST be unique. An SLP SPI used for
- BSD=0x0002 must not be the same as used for some other BSD.
-
- All SLP agents MUST implement DSA [20] (BSD=0x0002). SAs MUST
- register services with DSA authentication blocks, and they MAY
- register them with other authentication blocks using other
- algorithms. SAs MUST use DSA authentication blocks in SrvDeReg
- messages and DAs MUST use DSA authentication blocks in unsolicited
- DAAdverts.
-
-9.2.1. SLP Message Authentication Rules
-
- The sections below define how to calculate the value to apply to the
- algorithm identified by the BSD value. The components listed are
- used as if they were a contiguous single byte aligned buffer in the
- order given.
-
- URL
- 16-bit Length of SLP SPI String, SLP SPI String.
- 16-bit Length of URL, URL,
- 32-bit Timestamp.
-
- Attribute List
- 16-bit Length of SLP SPI String, SLP SPI String,
- 16-bit length of <attr-list>, <attr-list>,
- 32-bit Timestamp.
-
- DAAdvert
- 16-bit Length of SLP SPI String, SLP SPI String,
- 32-bit DA Stateless Boot Timestamp,
- 16-bit Length of URL, URL,
- 16-bit Length of <attr-list>, <attr-list>,
- 16-bit Length of DA's <scope-list>, DA's <scope-list>,
- 16-bit Length of DA's <SLP SPI List>, DA's <SLP SPI List>,
- 32-bit Timestamp.
-
- The first SLP SPI is the SLP SPI in the Authentication
- Block. This SLP SPI indicates the keying material and other
- parameters to use to verify the DAAdvert. The SLP SPI List is
- the list of SLP SPIs the DA itself supports, and is able to
- verify.
-
- SAAdvert
- 16-bit Length of SLP SPI String, SLP SPI String,
- 16-bit Length of URL, URL,
- 16-bit Length of <attr-list>, <attr-list>,
- 16-bit Length of <scope-list>, <scope-list>,
- 32-bit Timestamp.
-
-
-
-Guttman, et al. Standards Track [Page 29]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-9.2.2 DSA with SHA-1 in Authentication Blocks
-
- BSD=0x0002 is defined to be DSA with SHA-1. The signature
- calculation is defined by [20]. The signature format conforms to
- that in the X.509 v3 certificate:
-
- 1. The signature algorithm identifier (an OID)
- 2. The signature value (an octet string)
- 3. The certificate path.
-
- All data is represented in ASN.1 encoding:
-
- id-dsa-with-sha1 ID ::= {
- iso(1) member-body(2) us(840) x9-57 (10040)
- x9cm(4) 3 }
-
- i.e., the ASN.1 encoding of 1.2.840.10040.4.3 followed immediately
- by:
-
- Dss-Sig-Value ::= SEQUENCE {
- r INTEGER,
- s INTEGER }
-
- i.e., the binary ASN.1 encoding of r and s computed using DSA and
- SHA-1. This is followed by a certificate path, as defined by X.509
- [10], [2], [3], [4], [5].
-
- Authentication Blocks for BSD=0x0002 have the following format. In
- the future, BSDs may be assigned which have different formats.
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | ASN.1 encoded DSA signature \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-9.3. Incremental Service Registration
-
- Incremental registrations update attribute values for a previously
- registered service. Incremental service registrations are useful
- when only a single attribute has changed, for instance. In an
- incremental registration, the FRESH flag in the SrvReg header is NOT
- set.
-
- The new registration's attributes replace the previous
- registration's, but do not affect attributes which were included
- previously and are not present in the update.
-
-
-
-
-Guttman, et al. Standards Track [Page 30]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- For example, suppose service:x://a.org has been registered with
- attributes A=1, B=2, C=3. If an incremental registration comes for
- service:x://a.org with attributes C=30, D=40, then the attributes for
- the service after the update are A=1, B=2, C=30, D=40.
-
- Incremental registrations MUST NOT be performed for services
- registered with Authentication Blocks. These must be registered with
- ALL attributes, with the FRESH flag in the SrvReg header set. DAs
- which receive such registration messages return an
- AUTHENTICATION_FAILED error.
-
- If the FRESH flag is not set and the DA does not have a prior
- registration for the service, the incremental registration fails with
- error code INVALID_UPDATE.
-
- The SA MUST use the same <scope-list> in an update message as was
- used in the prior registration. If this is not done, the DA returns
- a SCOPE_NOT_SUPPORTED error. In order to change the scope of a
- service advertisement it MUST be deregistered first and reregistered
- with a new <scope-list>.
-
- The SA MUST use the same <service-type> in an update message as was
- used in a prior registration of the same URL. If this is not done,
- the DA returns an INVALID_UPDATE error.
-
-9.4. Tag Lists
-
- Tag lists are used in SrvDeReg and AttrReq messages. The syntax of a
- <tag-list> item is:
-
- tag-filter = simple-tag / substring
- simple-tag = 1*filt-char
- substring = [initial] any [final]
- initial = 1*filt-char
- any = `*' *(filt-char `*')
- final = 1*filt-char
- filt-char = Any character excluding <reserved> and <bad-tag> (see
- grammar in Section 5).
-
- Wild card characters in a <tag-list> item match arbitrary sequences
- of characters. For instance "*bob*" matches "some bob I know",
- "bigbob", "bobby" and "bob".
-
-
-
-
-
-
-
-
-
-Guttman, et al. Standards Track [Page 31]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-10. Optional SLP Messages
-
- The additional requests provide features for user interaction and for
- efficient updating of service advertisements with dynamic attributes.
-
-10.1. Service Type Request
-
- The Service Type Request (SrvTypeRqst) allows a UA to discover all
- types of service on a network. This is useful for general purpose
- service browsers.
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Service Location header (function = SrvTypeRqst = 9) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of PRList | <PRList> String \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of Naming Authority | <Naming Authority String> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of <scope-list> | <scope-list> String \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- The <PRList> list and <scope-list> are interpreted as in Section 8.1.
-
- The Naming Authority string, if present in the request, will limit
- the reply to Service Type strings with the specified Naming
- Authority. If the Naming Authority string is absent, the IANA
- registered service types will be returned. If the length of the
- Naming Authority is set to 0xFFFF, the Naming Authority string is
- omitted and ALL Service Types are returned, regardless of Naming
- Authority.
-
-10.2. Service Type Reply
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Service Location header (function = SrvTypeRply = 10) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Error Code | length of <srvType-list> |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | <srvtype--list> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- The service-type Strings (as described in Section 4.1) are provided
- in <srvtype-list>, which is a <string-list>.
-
-
-
-
-Guttman, et al. Standards Track [Page 32]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- If a service type has a Naming Authority other than IANA it MUST be
- returned following the service type string and a `.' character.
- Service types with the IANA Naming Authority do not include a Naming
- Authority string.
-
-10.3. Attribute Request
-
- The Attribute Request (AttrRqst) allows a UA to discover attributes
- of a given service (by supplying its URL) or for an entire service
- type. The latter feature allows the UA to construct a query for an
- available service by selecting desired features. The UA may request
- that all attributes are returned, or only a subset of them.
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Service Location header (function = AttrRqst = 6) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of PRList | <PRList> String \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of URL | URL \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of <scope-list> | <scope-list> string \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of <tag-list> string | <tag-list> string \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | length of <SLP SPI> string | <SLP SPI> string \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- The <PRList>, <scope-list> and <SLP SPI> string are interpreted as in
- Section 8.1.
-
- The URL field can take two forms. It can simply be a Service Type
- (see Section 4.1), such as "http" or "service:tftp". In this case,
- all attributes and the full range of values for each attribute of all
- services of the given Service Type is returned.
-
- The URL field may alternatively be a full URL, such as
- "service:printer:lpr://igore.wco.ftp.com:515/draft" or
- "nfs://max.net/znoo". In this, only the registered attributes for
- the specified URL are returned.
-
- The <tag-list> field is a <string-list> of attribute tags, as defined
- in Section 9.4 which indicates the attributes to return in the
- AttrRply. If <tag-list> is omitted, all attributes are returned.
- <tag-list> MUST be omitted and a full URL MUST be included when
- attributes when a SLP SPI List string is included, otherwise the DA
- will reply with an AUTHENTICATION_FAILED error.
-
-
-
-Guttman, et al. Standards Track [Page 33]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-10.4. Attribute Reply
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Service Location header (function = AttrRply = 7) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Error Code | length of <attr-list> |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | <attr-list> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- |# of AttrAuths | Attribute Authentication Block (if present) \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- The format of the <attr-list> and the Authentication Block is as
- specified for SrvReg (see Section 9.2.1).
-
- Attribute replies SHOULD be returned with the original case of the
- string registration intact, as they are likely to be human readable.
- In the case where the AttrRqst was by service type, all attributes
- defined for the service type, and all their values are returned.
-
- Although white space is folded for string matching, attribute tags
- and values MUST be returned with their original white space
- preserved.
-
- Only one copy of each attribute tag or String value should be
- returned, arbitrarily choosing one version (with respect to upper and
- lower case and white space internal to the strings): Duplicate
- attributes and values SHOULD be removed. An arbitrary version of the
- string value and tag name is chosen for the merge. For example:
- "(A=a a,b)" merged with "(a=A A,B)" may yield "(a=a a,B)".
-
-10.5. Attribute Request/Reply Examples
-
- Suppose that printer services have been registered as follows:
-
- Registered Service:
- URL = service:printer:lpr://igore.wco.ftp.com/draft
- scope-list = Development
- Lang. Tag = en
- Attributes = (Name=Igore),(Description=For developers only),
- (Protocol=LPR),(location-description=12th floor),
- (Operator=James Dornan \3cdornan@monster\3e),
- (media-size=na-letter),(resolution=res-600),x-OK
-
- URL = service:printer:lpr://igore.wco.ftp.com/draft
- scope-list = Development
-
-
-
-Guttman, et al. Standards Track [Page 34]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- Lang. Tag = de
- Attributes = (Name=Igore),(Description=Nur fuer Entwickler),
- (Protocol=LPR),(location-description=13te Etage),
- (Operator=James Dornan \3cdornan@monster\3e),
- (media-size=na-letter),(resolution=res-600),x-OK
-
- URL = service:printer:http://not.wco.ftp.com/cgi-bin/pub-prn
- scope-list = Development
- Lang. Tag = en
- Attributes = (Name=Not),(Description=Experimental IPP printer),
- (Protocol=http),(location-description=QA bench),
- (media-size=na-letter),(resolution=other),x-BUSY
-
- Notice the first printer, "Igore" is registered in both English and
- German. The `<' and `>' characters in the Operator attribute value
- which are part of the Email address had to be escaped, as they are
- reserved characters for values.
-
- Attribute tags are not translated, though attribute values may be,
- see [13].
-
- The attribute Request:
-
- URL = service:printer:lpr://igore.wco.ftp.com/draft
- scope-list = Development
- Lang. Tag = de
- tag-list = resolution,loc*
-
- receives the Attribute Reply:
-
- (location-description=13te Etage),(resolution=res-600)
-
- The attribute Request:
-
- URL = service:printer
- scope-list = Development
- Lang. Tag = en
- tag-list = x-*,resolution,protocol
-
- receives an Attribute Reply containing:
-
- (protocols=http,LPR),(resolution=res-600,other),x-OK,x-BUSY
-
- The first request is by service instance and returns the requested
- values, in German. The second request is by abstract service type
- (see Section 4) and returns values from both "Igore" and "Not".
-
-
-
-
-
-Guttman, et al. Standards Track [Page 35]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- An attribute Authentication Block is returned if an authentication
- block with the SLP SPI in the AttrRqst can be returned. Note that
- the <attr-list> returned from a DA with an Authentication Block MUST
- be identical to the <attr-list> registered by a SA, in order for the
- authentication verification calculations to be possible.
-
- A SA or DA only returns an Attribute Authentication Block if the
- AttrRqst included a full URL in the request and no tag list.
-
- If an SLP SPI is specified in a unicast request (the REQUEST MCAST
- flag in the header is not set) and the SA or DA cannot return an
- Authentication Block with that SLP SPI, an AUTHENTICATION_UNKNOWN
- error is returned. The # of Attr Auths field is set to 0 if there no
- Authentication Block is included, or 1 if an Authentication Block
- follows.
-
-10.6. Service Deregistration
-
- A DA deletes a service registration when its Lifetime expires.
- Services SHOULD be deregistered when they are no longer available,
- rather than leaving the registrations to time out.
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Service Location header (function = SrvDeReg = 4) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Length of <scope-list> | <scope-list> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | URL Entry \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Length of <tag-list> | <tag-list> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- The <scope-list> is a <string-list> (see section 2.1).
-
- The SA MUST retry if there is no response from the DA, see Section
- 12.3. The DA acknowledges a SrvDeReg with a SrvAck. Once the SA
- receives an acknowledgment indicating success, the service and/or
- attributes are no longer advertised by the DA. The DA deregisters the
- service or service attributes from every scope specified in the
- SrvDeReg which it was previously registered in.
-
- The SA MUST deregister all services with the same scope list used to
- register the service with a DA. If this is not done in the SrvDeReg
- message, the DA returns a SCOPE_NOT_SUPPORTED error. The Lifetime
- field in the URL Entry is ignored for the purposes of the SrvDeReg.
-
-
-
-
-Guttman, et al. Standards Track [Page 36]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- The <tag-list> is a <string-list> of attribute tags to deregister as
- defined in Section 9.4. If no <tag-list> is present, the SrvDeReg
- deregisters the service in all languages it has been registered in.
- If the <tag-list> is present, the SrvDeReg deregisters the attributes
- whose tags are listed in the tag spec. Services registered with
- Authentication Blocks MUST NOT include a <tag-list> in a SrvDeReg
- message: A DA will respond with an AUTHENTICATION_FAILED error in
- this case.
-
- If the service to be deregistered was registered with an
- authentication block or blocks, a URL authentication block for each
- of the SLP SPIs registered must be included in the SrvDeReg.
- Otherwise, the DA returns an AUTHENTICATION_ABSENT error. If the
- message fails to be verified by the DA, an AUTHENTICATION_FAILED
- error is returned by the DA.
-
-11. Scopes
-
- Scopes are sets of services. The primary use of Scopes is to provide
- the ability to create administrative groupings of services. A set of
- services may be assigned a scope by network administrators. A client
- seeking services is configured to use one or more scopes. The user
- will only discover those services which have been configured for him
- or her to use. By configuring UAs and SAs with scopes,
- administrators may provision services. Scopes strings are case
- insensitive. The default SCOPE string is "DEFAULT".
-
- Scopes are the primary means an administrator has to scale SLP
- deployments to larger networks. When DAs with NON-DEFAULT scopes are
- present on the network, further gains can be had by configuring UAs
- and SAs to have a predefined non-default scope. These agents can
- then perform DA discovery and make requests using their scope. This
- will limit the number of replies.
-
-11.1. Scope Rules
-
- SLP messages which fail to contain a scope that the receiving Agent
- is configured to use are dropped (if the request was multicast) or a
- SCOPE_NOT_SUPPORTED error is returned (if the request was unicast).
- Every SrvRqst (except for DA and SA discovery requests), SrvReg,
- AttrRqst, SrvTypeRqst, DAAdvert, and SAAdvert message MUST include a
- <scope-list>.
-
- A UA MUST unicast its SLP messages to a DA which supports the desired
- scope, in preference to multicasting a request to SAs. A UA MAY
- multicast the request if no DA is available in the scope it is
- configured to use.
-
-
-
-
-Guttman, et al. Standards Track [Page 37]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-11.2. Administrative and User Selectable Scopes
-
- All requests and services are scoped. The two exceptions are
- SrvRqsts for "service:directory-agent" and "service:service-agent".
- These MAY have a zero-length <scope-list> when used to enable the
- user to make scope selections. In this case UAs obtain their scope
- list from DAAdverts (or if DAs are not available, from SAAdverts.)
-
- Otherwise, if SAs and UAs are to use any scope other than the default
- (i.e., "DEFAULT"), the UAs and SAs are configured with lists of
- scopes to use by system administrators, perhaps automatically by way
- of DHCP option 78 or 79 [21]. Such administrative scoping allows
- services to be provisioned, so that users will only see services they
- are intended to see.
-
- User configurable scopes allow a user to discover any service, but
- require them to do their own selection of scope. This is similar to
- the way AppleTalk [12] and SMB [19] networking allow user selection
- of AppleTalk Zone or workgroups.
-
- Note that the two configuration choices are not compatible. One
- model allows administrators control over service provision. The
- other delegates this to users (who may not be prepared to do any
- configuration of their system).
-
-12. Directory Agents
-
- DAs cache service location and attribute information. They exist to
- enhance the performance and scalability of SLP. Multiple DAs provide
- further scalability and robustness of operation, since they can each
- store service information for the same SAs, in case one of the DAs
- fails.
-
- A DA provides a centralized store for service information. This is
- useful in a network with several subnets or with many SLP Agents.
- The DA address can be dynamically configured with UAs and SAs using
- DHCP, or by using static configuration.
-
- SAs configured to use DAs with DHCP or static configuration MUST
- unicast a SrvRqst to the DA, when the SA is initialized. The SrvRqst
- omits the scope list and sets the service type of the request to
- "service:directory-agent". The DA will return a DAAdvert with its
- attributes, SLP SPI list, and other parameters which are essential
- for proper SA to DA communication.
-
- Passive detection of DAs by SAs enables services to be advertised
- consistently among DAs of the same scope. Advertisements expire if
- not renewed, leaving only transient stale registrations in DAs, even
-
-
-
-Guttman, et al. Standards Track [Page 38]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- in the case of a failure of a SA.
-
- A single DA can support many UAs. UAs send the same requests to DAs
- that they would send to SAs and expect the same results. DAs reduce
- the load on SAs, making simpler implementations of SAs possible.
-
- UAs MUST be prepared for the possibility that the service information
- they obtain from DAs is stale.
-
-12.1. Directory Agent Rules
-
- When DAs are present, each SA MUST register its services with DAs
- that support one or more of its scope(s).
-
- UAs MUST unicast requests directly to a DA (when scoping rules
- allow), hence avoiding using the multicast convergence algorithm, to
- obtain service information. This decreases network utilization and
- increases the speed at which UAs can obtain service information.
-
- DAs MUST flush service advertisements once their lifetime expires or
- their URL Authentication Block "Timestamp" of expiration is past.
-
- DAAdverts MUST include DA Stateless Boot Timestamp, in the same
- format as the Authentication Block (see Section 9.2). The Timestamp
- in the Authentication Block indicates the time at which all previous
- registrations were lost (i.e., the last stateless reboot). The
- Timestamp is set to 0 in a DAAdvert to notify UAs and SAs that the DA
- is going down. DAs MUST NOT use equal or lesser Boot Timestamps to
- previous ones, if they go down and restart without service
- registration state. This would mislead SAs to not reregister with
- the DA.
-
- DAs which receive a multicast SrvRqst for the service type
- "service:directory-agent" MUST silently discard it if the <scope-
- list> is (a) not omitted and (b) does not include a scope they are
- configured to use. Otherwise the DA MUST respond with a DAAdvert.
-
- DAs MUST respond to AttrRqst and SrvTypeRqst messages (these are
- OPTIONAL only for SAs, not DAs.)
-
-12.2. Directory Agent Discovery
-
- UAs can discover DAs using static configuration, DHCP options 78 and
- 79, or by multicasting (or broadcasting) Service Requests using the
- convergence algorithm in Section 6.3.
-
-
-
-
-
-
-Guttman, et al. Standards Track [Page 39]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- See Section 6 regarding unsolicited DAAdverts. Section 12.2.2
- describes how SAs may reduce the number of times they must reregister
- with DAs in response to unsolicited DAAdverts.
-
- DAs MUST send unsolicited DAAdverts once per CONFIG_DA_BEAT. An
- unsolicited DAAdvert has an XID of 0. SAs MUST listen for DAAdverts,
- passively, as described in Section 8.5. UAs MAY do this. If they do
- not listen for unsolicited DAAdverts, however, they will not discover
- DAs as they become available. UAs SHOULD, in this case, do periodic
- active DA discovery, see Section 6.
-
- A URL with the scheme "service:directory-agent" indicates the DA's
- location as defined in Section 8.5. For example:
- "service:directory-agent://foobawooba.org".
-
- The following sections suggest timing algorithms which enhance the
- scalability of SLP.
-
-12.2.1. Active DA Discovery
-
- After a UA or SA restarts, its initial DA discovery request SHOULD be
- delayed for some random time uniformly distributed from 0 to
- CONFIG_START_WAIT seconds.
-
- The UA or SA sends the DA Discovery request using a SrvRqst, as
- described in Section 8.1. DA Discovery requests MUST include a
- Previous Responder List. SrvRqsts for Active DA Discovery SHOULD NOT
- be sent more than once per CONFIG_DA_FIND seconds.
-
- After discovering a new DA, a SA MUST wait a random time between 0
- and CONFIG_REG_ACTIVE seconds before registering their services.
-
-12.2.2. Passive DA Advertising
-
- A DA MUST multicast (or broadcast) an unsolicited DAAdvert every
- CONFIG_DA_BEAT seconds. CONFIG_DA_BEAT SHOULD be specified to
- prevent DAAdverts from using more than 1% of the available bandwidth.
-
- All UAs and SAs which receive the unsolicited DAAdvert SHOULD examine
- its DA stateless Boot Timestamp. If it is set to 0, the DA is going
- down and no further messages should be sent to it.
-
- If a SA detects a DA it has never encountered (with a nonzero
- timestamp,) the SA must register with it. SAs MUST examine the
- DAAdvert's timestamp to determine if the DA has had a stateless
- reboot since the SA last registered with it. If so it registers with
- the DA. SAs MUST wait a random interval between 0 and
- CONFIG_REG_PASSIVE before beginning DA registration.
-
-
-
-Guttman, et al. Standards Track [Page 40]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-12.3. Reliable Unicast to DAs and SAs
-
- If a DA or SA fails to respond to a unicast UDP message in
- CONFIG_RETRY seconds, the message should be retried. The wait
- interval for each subsequent retransmission MUST exponentially
- increase, doubling each time. If a DA or SA fails to respond after
- CONFIG_RETRY_MAX seconds, the sender should consider the receiver to
- have gone down. The UA should use a different DA. If no such DA
- responds, DA discovery should be used to find a new DA. If no DA is
- available, multicast requests to SAs are used.
-
-12.4. DA Scope Configuration
-
- By default, DAs are configured with the "DEFAULT" scope.
- Administrators may add other configured scopes, in order to support
- UAs and SAs in non default scopes. The default configuration MUST
- NOT be removed from the DA unless:
-
- - There are other DAs which support the "DEFAULT" scope, or
-
- - All UAs and SAs have been configured with non-default scopes.
-
- Non-default scopes can be phased-in as the SLP deployment grows.
- Default scopes should be phased out only when the non-default scopes
- are universally configured.
-
- If a DA and SA are coresident on a host (quite possibly implemented
- by the same process), configuration of the host is considerably
- simplified if the SA supports only scopes also supported by the DA.
- That is, the SA SHOULD NOT advertise services in any scopes which are
- not supported by the coresident DA. This means that incoming requests
- can be answered by a single data store; the SA and DA registrations
- do not need to be kept separately.
-
-12.5. DAs and Authentication Blocks
-
- DAs are not configured to sign service registrations or attribute
- lists. They simply cache services registered by Service Agents. DAs
- MUST NOT accept registrations including authentication blocks for SLP
- SPIs which it is not configured with, see Section 8.5.
-
- A DA protects registrations which are made with authentication blocks
- using SLP SPIs it is configured to use. If a service S is
- registered, a subsequent registration (which will replace the
- adertisement) or a deregistration (which will remove it) MUST include
- an Authentication Block with the corresponding SLP SPI, see Section
- 8.3 and Section 10.6.
-
-
-
-
-Guttman, et al. Standards Track [Page 41]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- Example:
-
- A DA is configured to be able to verify Authentication Blocks with
- SLP SPIs "X,Y", that is X and Y.
-
- An SA registers a service with an Authentication Block with SPI "Z".
- The DA stores the registration, but discards the Authentication
- Block. If a UA requests a service with an SLP SPI string "Z", the DA
- will respond with an AUTHENTICATION_UNKNOWN error.
-
- An SA registers a service S with Authentication Blocks including SLP
- SPIs "X" and "Y". If a UA requests a service with an SLP SPI string
- "X" the DA will be able to return S (if the service type, language,
- scope and predicate of the SrvRqst match S) The DA will also return
- the Authentication Block with SLP SPI set to "X". If the DA receives
- a subsequent SrvDeReg for S (which will remove the advertisement) or
- a subsequent SrvReg for S (which will replace it), the message must
- include two URL Authentication Blocks, one each for SPIs "X" and "Y".
- If either of these were absent, the DA would return an
- AUTHENTICATION_ABSENT error.
-
-13. Protocol Timing Defaults
-
-Interval name Section Default Value Meaning
-------------------- ------- ------------- ------------------------
-CONFIG_MC_MAX 6.3 15 seconds Max time to wait for a
- complete multicast query
- response (all values.)
-CONFIG_START_WAIT 12.2.1 3 seconds Wait to perform DA
- discovery on reboot.
-CONFIG_RETRY 12.3 2 seconds Wait interval before
- initial retransmission
- of multicast or unicast
- requests.
-CONFIG_RETRY_MAX 12.3 15 seconds Give up on unicast
- request retransmission.
-CONFIG_DA_BEAT 12.2.2 3 hours DA Heartbeat, so that SAs
- passively detect new DAs.
-CONFIG_DA_FIND 12.3 900 seconds Minimum interval to wait
- before repeating Active
- DA discovery.
-CONFIG_REG_PASSIVE 12.2 1-3 seconds Wait to register services
- on passive DA discovery.
-CONFIG_REG_ACTIVE 8.3 1-3 seconds Wait to register services
- on active DA discovery.
-CONFIG_CLOSE_CONN 6.2 5 minutes DAs and SAs close idle
- connections.
-
-
-
-
-Guttman, et al. Standards Track [Page 42]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-14. Optional Configuration
-
- Broadcast Only
- Any SLP agent SHOULD be configurable to use broadcast
- only. See Sections 6.1 and 12.2.
-
- Predefined DA
- A UA or SA SHOULD be configurable to use a predefined DA.
-
- No DA Discovery
- The UA or SA SHOULD be configurable to ONLY use
- predefined and DHCP-configured DAs and perform no active
- or passive DA discovery.
-
- Multicast TTL
- The default multicast TTL is 255. Agents SHOULD be
- configurable to use other values. A lower value will
- focus the multicast convergence algorithm on smaller
- subnetworks, decreasing the number of responses and
- increases the performance of service location. This
- may result in UAs obtaining different results for the
- identical requests depending on where they are connected
- to the network.
-
- Timing Values
- Time values other than the default MAY be configurable.
- See Section 13.
-
- Scopes
- A UA MAY be configurable to support User Selectable
- scopes by omitting all predefined scopes. See
- Section 11.2. A UA or SA MUST be configurable to use
- specific scopes by default. Additionally, a UA or SA
- MUST be configurable to use specific scopes for requests
- for and registrations of specific service types. The
- scope or scopes of a DA MUST be configurable. The
- default value for a DA is to have the scope "DEFAULT" if
- not otherwise configured.
-
- DHCP Configuration
- DHCP options 78 and 79 may be used to configure SLP. If
- DA locations are configured using DHCP, these SHOULD
- be used in preference to DAs discovered actively or
- passively. One or more of the scopes configured using
- DHCP MUST be used in requests. The entire configured
- <scope-list> MUST be used in registration and DA
- configuration messages.
-
-
-
-
-Guttman, et al. Standards Track [Page 43]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- Service Template
- UAs and SAs MAY be configured by using Service Templates.
- Besides simplifying the specification of attribute
- values, this also allows them to enforce the inclusion
- of 'required' attributes in SrvRqst, SrvReg and SrvDeReg
- messages. DAs MAY be configured with templates to
- allow them to WARN UAs and SAs in these cases. See
- Section 10.4.
-
- SLP SPI for service discovery
- Agents SHOULD be configurable to support SLP SPIs using
- the following parameters: BSD=2 (DSA with SHA-1) and
- a public key identified by the SLP SPI String. In
- the future, when a Public Key Infrastructure exists,
- SLP Agents may be able to obtain public keys and
- cryptographic parameters corresponding to the names used
- in SLP SPI Strings.
-
- Note that if the SLP SPI string chosen is identical
- to a scope string, it is effectively the same as a
- Protected Scope in SLPv1. Namely, every SA advertising
- in that scope would be configured with the same Private
- Key. Every DA and UA of that scope would be configured
- with the appropriate Public Key to verify signatures
- produced by those SAs. This is a convenient way to
- configure SLP deployments in the absence of a Public Key
- Infrastructure. Currently, it would be too difficult to
- manage the keying of UAs and DAs if each SA had its own
- key.
-
- SLP SPI for Directory Agent discovery
- Agents SHOULD be configurable to support SLP SPIs as
- above, to be used when discovering DAs. This SPI SHOULD
- be sent in SrvRqsts to discover DAs and be used to verify
- multicast DAAdvert messages.
-
- SA and DA Private Key
- SAs and DAs which can generate digital signatures require
- a Private Key and a corresponding SLP SPI indentifier
- to include in the Authentication Block. The SLP SPI
- identifies the Public Key to use to verify the digital
- signature in the Authentication Block.
-
-15. IANA Considerations
-
- SLP includes four sets of identifiers which may be registered with
- IANA. The policies for these registrations (See [18]) are noted in
- each case.
-
-
-
-Guttman, et al. Standards Track [Page 44]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- The Block Structure Descriptor (BSD) identifies the format of the
- Authenticator which follows. BSDs 0x8000-0x8FFF are for Private Use.
-
- Further Block Structured Descriptor (BSD) values, from the range
- 0x0003-0x7FFF may be standardized in the future by submitting a
- document which describes:
-
- - The data format of the Structured Authenticator block.
-
- - Which cryptographic algorithm to use (including a reference
- to a technical specification of the algorithm.)
-
- - The format of any keying material required for
- preconfiguring UAs, DAs and SAs. Also include any
- considerations regarding key distribution.
-
- - Security considerations to alert others to the strengths and
- weaknesses of the approach.
-
- The IANA will assign Cryptographic BSD numbers on the basis of IETF
- Consenus.
-
- New function-IDs, in the range 12-255, may be standardized by the
- method of IETF Consensus.
-
- New SLP Extensions with types in the range 2-65535 may be registered
- following review by a Designated Expert.
-
- New error numbers in the range 15-65535 are assigned on the basis of
- a Standards Action.
-
- Protocol elements used with Service Location Protocol may also
- require IANA registration actions. SLP is used in conjunction with
- "service:" URLs and Service Templates [13]. These are standardized
- by review of a Designated Expert and a mailing list (See [13].)
-
-16. Internationalization Considerations
-
- SLP messages support the use of multiple languages by providing a
- Language Tag field in the common message header (see Section 8).
-
- Services MAY be registered in multiple languages. This provides
- attributes so that users with different language skills may select
- services interactively.
-
- Attribute tags are not translated. Attribute values may be
- translated unless the Service Template [13] defines the attribute
- values to be 'literal'.
-
-
-
-Guttman, et al. Standards Track [Page 45]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- A service which is registered in multiple languages may be queried in
- multiple languages. The language of the SrvRqst or AttrRqst is used
- to satisfy the request. If the requested language is not supported,
- a LANGUAGE_NOT_SUPPORTED error is returned. SrvRply and AttrRply
- messages are always in the same language of the request.
-
- A DA or SA MAY be configured with translations of Service Templates
- [13] for the same service type. This will allow the DA or SA to
- translate a request (say in Italian) to the language of the service
- advertisement (say in English) and then translate the reply back to
- Italian. Similarly, a UA MAY use templates to translate outgoing
- requests and incoming replies.
-
- The dialect field in the Language Tag MAY be used: Requests which
- can be fulfilled by matching a language and dialect will be preferred
- to those which match only the language portion. Otherwise, dialects
- have no effect on matching requests.
-
-17. Security Considerations
-
- SLP provides for authentication of service URLs and service
- attributes. This provides UAs and DAs with knowledge of the
- integrity of service URLs and attributes included in SLP messages.
- The only systems which can generate digital signatures are those
- which have been configured by administrators in advance. Agents
- which verify signed data may assume it is 'trustworthy' inasmuch as
- administrators have ensured the cryptographic keying of SAs and DAs
- reflects 'trustworthiness.'
-
- Service Location does not provide confidentiality. Because the
- objective of this protocol is to advertise services to a community of
- users, confidentiality might not generally be needed when this
- protocol is used in non-sensitive environments. Specialized schemes
- might be able to provide confidentiality, if needed in the future.
- Sites requiring confidentiality should implement the IP Encapsulating
- Security Payload (ESP) [3] to provide confidentiality for Service
- Location messages.
-
- If Agents are not configured to generate Authentication Blocks and
- Agents are not configured to verify them, an adversary might easily
- use this protocol to advertise services on servers controlled by the
- adversary and thereby gain access to users' private information.
- Further, an adversary using this protocol will find it much easier to
- engage in selective denial of service attacks. Sites that are in
- potentially hostile environments (e.g., are directly connected to the
- Internet) should consider the advantages of distributing keys
- associated with SLP SPIs prior to deploying the sensitive directory
- agents or service agents.
-
-
-
-Guttman, et al. Standards Track [Page 46]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- SLP is useful as a bootstrap protocol. It may be used in
- environments in which no preconfiguration is possible. In such
- situations, a certain amount of "blind faith" is required: Without
- any prior configuration it is impossible to use any of the security
- mechanisms described above. SLP will make use of the mechanisms
- provided by the Security Area of the IETF for key distribution as
- they become available. At this point it would only be possible to
- gain the benefits associated with the use of Authentication Blocks if
- cryptographic information and SLP SPIs can be preconfigured with the
- end systems before they use SLP.
-
- SLPv2 enables a number of security policies with the mechanisms it
- includes. A SLPv2 UA could, for instance, reject any SLP message
- which did not carry an authentication block which it could verify.
- This is not the only policy which is possible to implement.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Guttman, et al. Standards Track [Page 47]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-A. Appendix: Changes to the Service Location Protocol from v1 to v2
-
- SLP version 2 (SLPv2) corrects race conditions present in SLPv1 [22].
- In addition, authentication has been reworked to provide more
- flexibility and protection (especially for DA Advertisements). SLPv2
- also changes the formats and definition of many flags and values and
- reduces the number of 'required features.' SLPv2 clarifies and
- changes the use of 'Scopes', eliminating support for 'unscoped
- directory agents' and 'unscoped requests'. SLPv2 uses LDAPv3
- compatible string encodings of attributes and search filters. Other
- changes (such as Language and Character set handling) adopt practices
- recommended by the Internet Engineering Steering Group.
-
- Effort has been made to make SLPv2 operate the same whether DAs are
- present or not. For this reason, a new message (the SAAdvert) has
- been added. This allows UAs to discover scope information in the
- absence of administrative configuration and DAs. This was not
- possible in SLPv1.
-
- SLPv2 is incompatible in some respects with SLPv1. If a DA which
- supports both SLPv1 and SLPv2 with the same scope is present,
- services advertised by SAs using either version of the protocol will
- be available to both SLPv1 and SLPv2 UAs. SLPv1 DAs SHOULD be phased
- out and replace with SLPv2 DAs which support both versions of the
- protocol.
-
- SLPv1 allows services to be advertised and requested without a scope.
- Further, DAs can be configured without a scope. This is incompatible
- with SLPv2 and presents scalability problems. To facilitate this
- forward migration, SLPv1 agents MUST use scopes for all registrations
- and requests. SLPv1 DAs MUST be configured with a scope list. This
- constitutes a revision of RFC 2165 [22].
-
-B. Appendix: Service Discovery by Type: Minimal SLPv2 Features
-
- Service Agents may advertise services without attributes. This will
- enable only discovery of services by type. Service types discovered
- this way will have a Service Template [13] defined which specifies
- explicitly that no attributes are associated with the service
- advertisement. Service types associated with Service Templates which
- specify attributes MUST NOT be advertised by SAs which do not support
- attributes.
-
- While discovery of service by service type is a subset of the
- features possible using SLPv2 this form of discovery is consistent
- with the current generation of products that allow simple browsing of
- all services in a 'zone' or 'workgroup' by type. In some cases,
- attribute discovery, security and feature negotiation is handled by
-
-
-
-Guttman, et al. Standards Track [Page 48]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- application layer protocols - all that is required is the basic
- discovery of services that support a certain service.
-
- UAs requesting only service of that service type would only need to
- support service type and scope fields of the Service Request. UAs
- would still perform DA discovery and unicast SLPv2 SrvRqst messages
- to DAs in their scope once they were discovered instead of
- multicasting them.
-
- SAs would also perform DA discovery and use a SLPv2 SrvReg to
- register all their advertised services with SLPv2 DAs in their scope.
- These advertisements would needless to say contain no attribute
- string.
-
- These minimal SAs could ignore the Language Tag in requests since
- SrvRqst messages would contain no attributes, hence no strings would
- be internationalized. Further, any non-null predicate string would
- fail to match a service advertisement with no attributes, so these
- SAs would not have to parse and interpret search filters. Overflow
- will never occur in SrvRqst, SrvRply or SrvReg messages so TCP
- message handling would not have to be implemented. Finally, all
- AttrRqst messages could be dropped by the SA, since no attributes are
- supported.
-
-C. Appendix: DAAdverts with arbitrary URLs
-
- Using Active DA Discovery, a SrvRqst with its service type field set
- to "service:directory-agent". DAs will respond with a DAAdvert
- containing a URL with the "service:directory-agent:" scheme. This is
- the same DAAdvert that such a DA would multicast in unsolicited DA
- advertisements.
-
- A UA or SA which receives an unsolicited DAAdvert MUST examine the
- URL to determine if it has a recognized scheme. If the UA or SA does
- not recognize the DAAdvert's URL scheme, the DAAdvert is silently
- discarded. This document specifies only how to use URLs with the
- "service:directory-agent:" scheme.
-
- This provides the possibility for forward compatibility with future
- versions of SLP and enables other services to advertise their ability
- to serve as a clearinghouse for service location information.
-
- For example, if LDAPv3 [15] is used for service registration and
- discovery by a set of end systems, they could interpret a LDAP URL
- [16] to passively discover the LDAP server to use for this purpose.
- This document does not specify how this is done: SLPv2 agents
- without further support would simply discard this DAAdvert.
-
-
-
-
-Guttman, et al. Standards Track [Page 49]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-D. Appendix: SLP Protocol Extensions
-
-D.1. Required Attribute Missing Option
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Extension Type = 0x0001 | Extension Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Template IDVer Length | Template IDVer String \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- |Required Attr <tag-list> Length| Required Attr <tag-list> \
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Required attributes and the format of the IDVer string are defined by
- [13].
-
- If a SA or DA receives a SrvRqst or a SrvReg which fails to include a
- Required Attribute for the requested Service Type (according to the
- Service Template), it MAY return the Required Attribute Extension in
- addition to the reply corresponding to the message. The sender
- SHOULD reissue the message with a search filter including the
- attributes listed in the returned Required Attribute Extension.
- Similarly, the Required Attribute Extension may be returned in
- response to a SrvDereg message that contains a required attribute
- tag.
-
- The Template IDVer String is the name and version number string of
- the Service Template which defines the given attribute as required.
- It SHOULD be included, but can be omitted if a given SA or DA has
- been individually configured to have 'required attributes.'
-
- The Required Attribute <tag-list> MUST NOT include wild cards.
-
-E. Acknowledgments
-
- This document incorporates ideas from work on several discovery
- protocols, including RDP by Perkins and Harjono, and PDS by Michael
- Day. We are grateful for contributions by Ye Gu and Peter Ford.
- John Veizades was instrumental in the standardization of the Service
- Location Protocol. Implementors at Novell, Axis Communications and
- Sun Microsystems have contributed significantly to make this a much
- clearer and more consistent document.
-
-
-
-
-
-
-
-
-Guttman, et al. Standards Track [Page 50]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-F. References
-
- [1] Port numbers, July 1997.
- ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers.
-
- [2] ISO/IEC JTC1/SC 21. Certificate Extensions. Draft Amendment
- DAM 4 to ISO/IEC 9594-2, December 1996.
-
- [3] ISO/IEC JTC1/SC 21. Certificate Extensions. Draft Amendment
- DAM 2 to ISO/IEC 9594-6, December 1996.
-
- [4] ISO/IEC JTC1/SC 21. Certificate Extensions. Draft Amendment
- DAM 1 to ISO/IEC 9594-7, December 1996.
-
- [5] ISO/IEC JTC1/SC 21. Certificate Extensions. Draft Amendment
- DAM 1 to ISO/IEC 9594-8, December 1996.
-
- [6] Unicode Technical Report #8. The Unicode Standard, version 2.1.
- Technical report, The Unicode Consortium, 1998.
-
- [7] Alvestrand, H., "Tags for the Identification of Languages",
- RFC 1766, March 1995.
-
- [8] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform
- Resource Identifiers (URI): Generic Syntax", RFC 2396,
- August 1998.
-
- [9] Bradner, S., "Key Words for Use in RFCs to Indicate Requirement
- Levels", BCP 14, RFC 2119, March 1997.
-
- [10] CCITT. The Directory Authentication Framework. Recommendation
- X.509, 1988.
-
- [11] Crocker, D. and P. Overell, "Augmented BNF for Syntax
- Specifications: ABNF", RFC 2234, November 1997.
-
- [12] S. Gursharan, R. Andrews, and A. Oppenheimer. Inside AppleTalk.
- Addison-Wesley, 1990.
-
- [13] Guttman, E., Perkins, C. and J. Kempf, "Service Templates and
- service: Schemes", RFC 2609, June 1999.
-
- [14] Howes, T., "The String Representation of LDAP Search Filters",
- RFC 2254, December 1997.
-
- [15] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory
- Access Protocol (v3)", RFC 2251, December 1997.
-
-
-
-
-Guttman, et al. Standards Track [Page 51]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
- [16] Howes, T. and M. Smith, "The LDAP URL Format", RFC 2255,
- December 1997.
-
- [17] Meyer, D., "Administratively Scoped IP Multicast", RFC 2365,
- July 1998.
-
- [18] Narten, T. and H. Alvestrand, "Guidelines for Writing
- an IANA Considerations Section in RFCs, BCP 26, RFC 2434,
- October 1998.
-
- [19] Microsoft Networks. SMB File Sharing Protocol Extensions 3.0,
- Document Version 1.09, November 1989.
-
- [20] National Institute of Standards and Technology. Digital
- signature standard. Technical Report NIST FIPS PUB 186, U.S.
- Department of Commerce, May 1994.
-
- [21] Perkins, C. and E. Guttman, "DHCP Options for Service Location
- Protocol", RFC 2610, June 1999.
-
- [22] Veizades, J., Guttman, E., Perkins, C. and S. Kaplan, "Service
- Location Protocol", RFC 2165, July 1997.
-
- [23] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
- RFC 2279, January 1998.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Guttman, et al. Standards Track [Page 52]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-G. Authors' Addresses
-
- Erik Guttman
- Sun Microsystems
- Bahnstr. 2
- 74915 Waibstadt
- Germany
-
- Phone: +49 7263 911 701
- EMail: Erik.Guttman@sun.com
-
-
- Charles Perkins
- Sun Microsystems
- 901 San Antonio Road
- Palo Alto, CA 94040
- USA
-
- Phone: +1 650 786 6464
- EMail: cperkins@sun.com
-
-
- John Veizades
- @Home Network
- 425 Broadway
- Redwood City, CA 94043
- USA
-
- Phone: +1 650 569 5243
- EMail: veizades@home.net
-
-
- Michael Day
- Vinca Corporation.
- 1201 North 800 East
- Orem, Utah 84097 USA
-
- Phone: +1 801 376-5083
- EMail: mday@vinca.com
-
-
-
-
-
-
-
-
-
-
-
-
-Guttman, et al. Standards Track [Page 53]
-
-RFC 2608 Service Location Protocol, Version 2 June 1999
-
-
-H. Full Copyright Statement
-
- Copyright (C) The Internet Society (1999). All Rights Reserved.
-
- This document and translations of it may be copied and furnished to
- others, and derivative works that comment on or otherwise explain it
- or assist in its implementation may be prepared, copied, published
- and distributed, in whole or in part, without restriction of any
- kind, provided that the above copyright notice and this paragraph are
- included on all such copies and derivative works. However, this
- document itself may not be modified in any way, such as by removing
- the copyright notice or references to the Internet Society or other
- Internet organizations, except as needed for the purpose of
- developing Internet standards in which case the procedures for
- copyrights defined in the Internet Standards process must be
- followed, or as required to translate it into languages other than
- English.
-
- The limited permissions granted above are perpetual and will not be
- revoked by the Internet Society or its successors or assigns.
-
- This document and the information contained herein is provided on an
- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
-
-Acknowledgement
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Guttman, et al. Standards Track [Page 54]
-
diff --git a/utils/open-isns/doc/rfc3279.txt b/utils/open-isns/doc/rfc3279.txt
deleted file mode 100644
index 04e7b07..0000000
--- a/utils/open-isns/doc/rfc3279.txt
+++ /dev/null
@@ -1,1515 +0,0 @@
-
-
-
-
-
-
-Network Working Group W. Polk
-Request for Comments: 3279 NIST
-Obsoletes: 2528 R. Housley
-Category: Standards Track RSA Laboratories
- L. Bassham
- NIST
- April 2002
-
- Algorithms and Identifiers for the
- Internet X.509 Public Key Infrastructure
- Certificate and Certificate Revocation List (CRL) Profile
-
-Status of this Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2002). All Rights Reserved.
-
-Abstract
-
- This document specifies algorithm identifiers and ASN.1 encoding
- formats for digital signatures and subject public keys used in the
- Internet X.509 Public Key Infrastructure (PKI). Digital signatures
- are used to sign certificates and certificate revocation list (CRLs).
- Certificates include the public key of the named subject.
-
-Table of Contents
-
- 1 Introduction . . . . . . . . . . . . . . . . . . . . . . 2
- 2 Algorithm Support . . . . . . . . . . . . . . . . . . . . 3
- 2.1 One-Way Hash Functions . . . . . . . . . . . . . . . . 3
- 2.1.1 MD2 One-Way Hash Functions . . . . . . . . . . . . . 3
- 2.1.2 MD5 One-Way Hash Functions . . . . . . . . . . . . . 4
- 2.1.3 SHA-1 One-Way Hash Functions . . . . . . . . . . . . 4
- 2.2 Signature Algorithms . . . . . . . . . . . . . . . . . 4
- 2.2.1 RSA Signature Algorithm . . . . . . . . . . . . . . . 5
- 2.2.2 DSA Signature Algorithm . . . . . . . . . . . . . . . 6
- 2.2.3 Elliptic Curve Digital Signature Algorithm . . . . . 7
- 2.3 Subject Public Key Algorithms . . . . . . . . . . . . . 7
- 2.3.1 RSA Keys . . . . . . . . . . . . . . . . . . . . . . 8
- 2.3.2 DSA Signature Keys . . . . . . . . . . . . . . . . . 9
- 2.3.3 Diffie-Hellman Key Exchange Keys . . . . . . . . . . 10
-
-
-
-Polk, et al. Standards Track [Page 1]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- 2.3.4 KEA Public Keys . . . . . . . . . . . . . . . . . . . 11
- 2.3.5 ECDSA and ECDH Public Keys . . . . . . . . . . . . . 13
- 3 ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . 18
- 4 References . . . . . . . . . . . . . . . . . . . . . . . 24
- 5 Security Considerations . . . . . . . . . . . . . . . . . 25
- 6 Intellectual Property Rights . . . . . . . . . . . . . . 26
- 7 Author Addresses . . . . . . . . . . . . . . . . . . . . 26
- 8 Full Copyright Statement . . . . . . . . . . . . . . . . 27
-
-1 Introduction
-
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in [RFC 2119].
-
- This document specifies algorithm identifiers and ASN.1 [X.660]
- encoding formats for digital signatures and subject public keys used
- in the Internet X.509 Public Key Infrastructure (PKI). This
- specification supplements [RFC 3280], "Internet X.509 Public Key
- Infrastructure: Certificate and Certificate Revocation List (CRL)
- Profile." Implementations of this specification MUST also conform to
- RFC 3280.
-
- This specification defines the contents of the signatureAlgorithm,
- signatureValue, signature, and subjectPublicKeyInfo fields within
- Internet X.509 certificates and CRLs.
-
- This document identifies one-way hash functions for use in the
- generation of digital signatures. These algorithms are used in
- conjunction with digital signature algorithms.
-
- This specification describes the encoding of digital signatures
- generated with the following cryptographic algorithms:
-
- * Rivest-Shamir-Adelman (RSA);
- * Digital Signature Algorithm (DSA); and
- * Elliptic Curve Digital Signature Algorithm (ECDSA).
-
- This document specifies the contents of the subjectPublicKeyInfo
- field in Internet X.509 certificates. For each algorithm, the
- appropriate alternatives for the the keyUsage extension are provided.
- This specification describes encoding formats for public keys used
- with the following cryptographic algorithms:
-
- * Rivest-Shamir-Adelman (RSA);
- * Digital Signature Algorithm (DSA);
- * Diffie-Hellman (DH);
- * Key Encryption Algorithm (KEA);
-
-
-
-Polk, et al. Standards Track [Page 2]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- * Elliptic Curve Digital Signature Algorithm (ECDSA); and
- * Elliptic Curve Diffie-Hellman (ECDH).
-
-2 Algorithm Support
-
- This section describes cryptographic algorithms which may be used
- with the Internet X.509 certificate and CRL profile [RFC 3280]. This
- section describes one-way hash functions and digital signature
- algorithms which may be used to sign certificates and CRLs, and
- identifies object identifiers (OIDs) for public keys contained in a
- certificate.
-
- Conforming CAs and applications MUST, at a minimum, support digital
- signatures and public keys for one of the specified algorithms. When
- using any of the algorithms identified in this specification,
- conforming CAs and applications MUST support them as described.
-
-2.1 One-way Hash Functions
-
- This section identifies one-way hash functions for use in the
- Internet X.509 PKI. One-way hash functions are also called message
- digest algorithms. SHA-1 is the preferred one-way hash function for
- the Internet X.509 PKI. However, PEM uses MD2 for certificates [RFC
- 1422] [RFC 1423] and MD5 is used in other legacy applications. For
- these reasons, MD2 and MD5 are included in this profile. The data
- that is hashed for certificate and CRL signing is fully described in
- [RFC 3280].
-
-2.1.1 MD2 One-way Hash Function
-
- MD2 was developed by Ron Rivest for RSA Security. RSA Security has
- recently placed the MD2 algorithm in the public domain. Previously,
- RSA Data Security had granted license for use of MD2 for non-
- commercial Internet Privacy-Enhanced Mail (PEM). MD2 may continue to
- be used with PEM certificates, but SHA-1 is preferred. MD2 produces
- a 128-bit "hash" of the input. MD2 is fully described in [RFC 1319].
-
- At the Selected Areas in Cryptography '95 conference in May 1995,
- Rogier and Chauvaud presented an attack on MD2 that can nearly find
- collisions [RC95]. Collisions occur when one can find two different
- messages that generate the same message digest. A checksum operation
- in MD2 is the only remaining obstacle to the success of the attack.
- For this reason, the use of MD2 for new applications is discouraged.
- It is still reasonable to use MD2 to verify existing signatures, as
- the ability to find collisions in MD2 does not enable an attacker to
- find new messages having a previously computed hash value.
-
-
-
-
-
-Polk, et al. Standards Track [Page 3]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
-2.1.2 MD5 One-way Hash Function
-
- MD5 was developed by Ron Rivest for RSA Security. RSA Security has
- placed the MD5 algorithm in the public domain. MD5 produces a 128-
- bit "hash" of the input. MD5 is fully described in [RFC 1321].
-
- Den Boer and Bosselaers [DB94] have found pseudo-collisions for MD5,
- but there are no other known cryptanalytic results. The use of MD5
- for new applications is discouraged. It is still reasonable to use
- MD5 to verify existing signatures.
-
-2.1.3 SHA-1 One-way Hash Function
-
- SHA-1 was developed by the U.S. Government. SHA-1 produces a 160-bit
- "hash" of the input. SHA-1 is fully described in [FIPS 180-1]. RFC
- 3174 [RFC 3174] also describes SHA-1, and it provides an
- implementation of the algorithm.
-
-2.2 Signature Algorithms
-
- Certificates and CRLs conforming to [RFC 3280] may be signed with any
- public key signature algorithm. The certificate or CRL indicates the
- algorithm through an algorithm identifier which appears in the
- signatureAlgorithm field within the Certificate or CertificateList.
- This algorithm identifier is an OID and has optionally associated
- parameters. This section identifies algorithm identifiers and
- parameters that MUST be used in the signatureAlgorithm field in a
- Certificate or CertificateList.
-
- Signature algorithms are always used in conjunction with a one-way
- hash function.
-
- This section identifies OIDS for RSA, DSA, and ECDSA. The contents
- of the parameters component for each algorithm vary; details are
- provided for each algorithm.
-
- The data to be signed (e.g., the one-way hash function output value)
- is formatted for the signature algorithm to be used. Then, a private
- key operation (e.g., RSA encryption) is performed to generate the
- signature value. This signature value is then ASN.1 encoded as a BIT
- STRING and included in the Certificate or CertificateList in the
- signature field.
-
-
-
-
-
-
-
-
-
-Polk, et al. Standards Track [Page 4]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
-2.2.1 RSA Signature Algorithm
-
- The RSA algorithm is named for its inventors: Rivest, Shamir, and
- Adleman. This profile includes three signature algorithms based on
- the RSA asymmetric encryption algorithm. The signature algorithms
- combine RSA with either the MD2, MD5, or the SHA-1 one-way hash
- functions.
-
- The signature algorithm with SHA-1 and the RSA encryption algorithm
- is implemented using the padding and encoding conventions described
- in PKCS #1 [RFC 2313]. The message digest is computed using the
- SHA-1 hash algorithm.
-
- The RSA signature algorithm, as specified in PKCS #1 [RFC 2313]
- includes a data encoding step. In this step, the message digest and
- the OID for the one-way hash function used to compute the digest are
- combined. When performing the data encoding step, the md2, md5, and
- id-sha1 OIDs MUST be used to specify the MD2, MD5, and SHA-1 one-way
- hash functions, respectively:
-
- md2 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) US(840) rsadsi(113549)
- digestAlgorithm(2) 2 }
-
- md5 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) US(840) rsadsi(113549)
- digestAlgorithm(2) 5 }
-
- id-sha1 OBJECT IDENTIFIER ::= {
- iso(1) identified-organization(3) oiw(14) secsig(3)
- algorithms(2) 26 }
-
- The signature algorithm with MD2 and the RSA encryption algorithm is
- defined in PKCS #1 [RFC 2313]. As defined in PKCS #1 [RFC 2313], the
- ASN.1 OID used to identify this signature algorithm is:
-
- md2WithRSAEncryption OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
- pkcs-1(1) 2 }
-
- The signature algorithm with MD5 and the RSA encryption algorithm is
- defined in PKCS #1 [RFC 2313]. As defined in PKCS #1 [RFC 2313], the
- ASN.1 OID used to identify this signature algorithm is:
-
- md5WithRSAEncryption OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
- pkcs-1(1) 4 }
-
-
-
-
-Polk, et al. Standards Track [Page 5]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- The ASN.1 object identifier used to identify this signature algorithm
- is:
-
- sha-1WithRSAEncryption OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
- pkcs-1(1) 5 }
-
- When any of these three OIDs appears within the ASN.1 type
- AlgorithmIdentifier, the parameters component of that type SHALL be
- the ASN.1 type NULL.
-
- The RSA signature generation process and the encoding of the result
- is described in detail in PKCS #1 [RFC 2313].
-
-2.2.2 DSA Signature Algorithm
-
- The Digital Signature Algorithm (DSA) is defined in the Digital
- Signature Standard (DSS). DSA was developed by the U.S. Government,
- and DSA is used in conjunction with the SHA-1 one-way hash function.
- DSA is fully described in [FIPS 186]. The ASN.1 OID used to identify
- this signature algorithm is:
-
- id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) x9-57 (10040)
- x9cm(4) 3 }
-
- When the id-dsa-with-sha1 algorithm identifier appears as the
- algorithm field in an AlgorithmIdentifier, the encoding SHALL omit
- the parameters field. That is, the AlgorithmIdentifier SHALL be a
- SEQUENCE of one component: the OBJECT IDENTIFIER id-dsa-with-sha1.
-
- The DSA parameters in the subjectPublicKeyInfo field of the
- certificate of the issuer SHALL apply to the verification of the
- signature.
-
- When signing, the DSA algorithm generates two values. These values
- are commonly referred to as r and s. To easily transfer these two
- values as one signature, they SHALL be ASN.1 encoded using the
- following ASN.1 structure:
-
- Dss-Sig-Value ::= SEQUENCE {
- r INTEGER,
- s INTEGER }
-
-
-
-
-
-
-
-
-Polk, et al. Standards Track [Page 6]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
-2.2.3 ECDSA Signature Algorithm
-
- The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
- [X9.62]. The ASN.1 object identifiers used to identify ECDSA are
- defined in the following arc:
-
- ansi-X9-62 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) 10045 }
-
- id-ecSigType OBJECT IDENTIFIER ::= {
- ansi-X9-62 signatures(4) }
-
- ECDSA is used in conjunction with the SHA-1 one-way hash function.
- The ASN.1 object identifier used to identify ECDSA with SHA-1 is:
-
- ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
- id-ecSigType 1 }
-
- When the ecdsa-with-SHA1 algorithm identifier appears as the
- algorithm field in an AlgorithmIdentifier, the encoding MUST omit the
- parameters field. That is, the AlgorithmIdentifier SHALL be a
- SEQUENCE of one component: the OBJECT IDENTIFIER ecdsa-with-SHA1.
-
- The elliptic curve parameters in the subjectPublicKeyInfo field of
- the certificate of the issuer SHALL apply to the verification of the
- signature.
-
- When signing, the ECDSA algorithm generates two values. These values
- are commonly referred to as r and s. To easily transfer these two
- values as one signature, they MUST be ASN.1 encoded using the
- following ASN.1 structure:
-
- Ecdsa-Sig-Value ::= SEQUENCE {
- r INTEGER,
- s INTEGER }
-
-2.3 Subject Public Key Algorithms
-
- Certificates conforming to [RFC 3280] may convey a public key for any
- public key algorithm. The certificate indicates the algorithm
- through an algorithm identifier. This algorithm identifier is an OID
- and optionally associated parameters.
-
- This section identifies preferred OIDs and parameters for the RSA,
- DSA, Diffie-Hellman, KEA, ECDSA, and ECDH algorithms. Conforming CAs
- MUST use the identified OIDs when issuing certificates containing
-
-
-
-
-
-Polk, et al. Standards Track [Page 7]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- public keys for these algorithms. Conforming applications supporting
- any of these algorithms MUST, at a minimum, recognize the OID
- identified in this section.
-
-2.3.1 RSA Keys
-
- The OID rsaEncryption identifies RSA public keys.
-
- pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
- rsadsi(113549) pkcs(1) 1 }
-
- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1}
-
- The rsaEncryption OID is intended to be used in the algorithm field
- of a value of type AlgorithmIdentifier. The parameters field MUST
- have ASN.1 type NULL for this algorithm identifier.
-
- The RSA public key MUST be encoded using the ASN.1 type RSAPublicKey:
-
- RSAPublicKey ::= SEQUENCE {
- modulus INTEGER, -- n
- publicExponent INTEGER } -- e
-
- where modulus is the modulus n, and publicExponent is the public
- exponent e. The DER encoded RSAPublicKey is the value of the BIT
- STRING subjectPublicKey.
-
- This OID is used in public key certificates for both RSA signature
- keys and RSA encryption keys. The intended application for the key
- MAY be indicated in the key usage field (see [RFC 3280]). The use of
- a single key for both signature and encryption purposes is not
- recommended, but is not forbidden.
-
- If the keyUsage extension is present in an end entity certificate
- which conveys an RSA public key, any combination of the following
- values MAY be present:
-
- digitalSignature;
- nonRepudiation;
- keyEncipherment; and
- dataEncipherment.
-
- If the keyUsage extension is present in a CA or CRL issuer
- certificate which conveys an RSA public key, any combination of the
- following values MAY be present:
-
- digitalSignature;
- nonRepudiation;
-
-
-
-Polk, et al. Standards Track [Page 8]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- keyEncipherment;
- dataEncipherment;
- keyCertSign; and
- cRLSign.
-
- However, this specification RECOMMENDS that if keyCertSign or cRLSign
- is present, both keyEncipherment and dataEncipherment SHOULD NOT be
- present.
-
-2.3.2 DSA Signature Keys
-
- The Digital Signature Algorithm (DSA) is defined in the Digital
- Signature Standard (DSS) [FIPS 186]. The DSA OID supported by this
- profile is:
-
- id-dsa OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 1 }
-
- The id-dsa algorithm syntax includes optional domain parameters.
- These parameters are commonly referred to as p, q, and g. When
- omitted, the parameters component MUST be omitted entirely. That is,
- the AlgorithmIdentifier MUST be a SEQUENCE of one component: the
- OBJECT IDENTIFIER id-dsa.
-
- If the DSA domain parameters are present in the subjectPublicKeyInfo
- AlgorithmIdentifier, the parameters are included using the following
- ASN.1 structure:
-
- Dss-Parms ::= SEQUENCE {
- p INTEGER,
- q INTEGER,
- g INTEGER }
-
- The AlgorithmIdentifier within subjectPublicKeyInfo is the only place
- within a certificate where the parameters may be used. If the DSA
- algorithm parameters are omitted from the subjectPublicKeyInfo
- AlgorithmIdentifier and the CA signed the subject certificate using
- DSA, then the certificate issuer's DSA parameters apply to the
- subject's DSA key. If the DSA domain parameters are omitted from the
- SubjectPublicKeyInfo AlgorithmIdentifier and the CA signed the
- subject certificate using a signature algorithm other than DSA, then
- the subject's DSA domain parameters are distributed by other means.
- If the subjectPublicKeyInfo AlgorithmIdentifier field omits the
- parameters component, the CA signed the subject with a signature
- algorithm other than DSA, and the subject's DSA parameters are not
- available through other means, then clients MUST reject the
- certificate.
-
-
-
-
-Polk, et al. Standards Track [Page 9]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- The DSA public key MUST be ASN.1 DER encoded as an INTEGER; this
- encoding shall be used as the contents (i.e., the value) of the
- subjectPublicKey component (a BIT STRING) of the SubjectPublicKeyInfo
- data element.
-
- DSAPublicKey ::= INTEGER -- public key, Y
-
- If the keyUsage extension is present in an end entity certificate
- which conveys a DSA public key, any combination of the following
- values MAY be present:
-
- digitalSignature;
- nonRepudiation;
-
- If the keyUsage extension is present in a CA or CRL issuer
- certificate which conveys a DSA public key, any combination of the
- following values MAY be present:
-
- digitalSignature;
- nonRepudiation;
- keyCertSign; and
- cRLSign.
-
-2.3.3 Diffie-Hellman Key Exchange Keys
-
- The Diffie-Hellman OID supported by this profile is defined in
- [X9.42].
-
- dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
- us(840) ansi-x942(10046) number-type(2) 1 }
-
- The dhpublicnumber OID is intended to be used in the algorithm field
- of a value of type AlgorithmIdentifier. The parameters field of that
- type, which has the algorithm-specific syntax ANY DEFINED BY
- algorithm, have the ASN.1 type DomainParameters for this algorithm.
-
- DomainParameters ::= SEQUENCE {
- p INTEGER, -- odd prime, p=jq +1
- g INTEGER, -- generator, g
- q INTEGER, -- factor of p-1
- j INTEGER OPTIONAL, -- subgroup factor
- validationParms ValidationParms OPTIONAL }
-
- ValidationParms ::= SEQUENCE {
- seed BIT STRING,
- pgenCounter INTEGER }
-
-
-
-
-
-Polk, et al. Standards Track [Page 10]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- The fields of type DomainParameters have the following meanings:
-
- p identifies the prime p defining the Galois field;
-
- g specifies the generator of the multiplicative subgroup of order
- g;
-
- q specifies the prime factor of p-1;
-
- j optionally specifies the value that satisfies the equation
- p=jq+1 to support the optional verification of group parameters;
-
- seed optionally specifies the bit string parameter used as the
- seed for the domain parameter generation process; and
-
- pgenCounter optionally specifies the integer value output as part
- of the of the domain parameter prime generation process.
-
- If either of the domain parameter generation components (pgenCounter
- or seed) is provided, the other MUST be present as well.
-
- The Diffie-Hellman public key MUST be ASN.1 encoded as an INTEGER;
- this encoding shall be used as the contents (i.e., the value) of the
- subjectPublicKey component (a BIT STRING) of the SubjectPublicKeyInfo
- data element.
-
- DHPublicKey ::= INTEGER -- public key, y = g^x mod p
-
- If the keyUsage extension is present in a certificate which conveys a
- DH public key, the following values may be present:
-
- keyAgreement;
- encipherOnly; and
- decipherOnly.
-
- If present, the keyUsage extension MUST assert keyAgreement and MAY
- assert either encipherOnly and decipherOnly. The keyUsage extension
- MUST NOT assert both encipherOnly and decipherOnly.
-
-2.3.4 KEA Public Keys
-
- This section identifies the preferred OID and parameters for the
- inclusion of a KEA public key in a certificate. The Key Exchange
- Algorithm (KEA) is a key agreement algorithm. Two parties may
- generate a "pairwise key" if and only if they share the same KEA
- parameters. The KEA parameters are not included in a certificate;
- instead a domain identifier is supplied in the parameters field.
-
-
-
-
-Polk, et al. Standards Track [Page 11]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- When the SubjectPublicKeyInfo field contains a KEA key, the algorithm
- identifier and parameters SHALL be as defined in [SDN.701r]:
-
- id-keyExchangeAlgorithm OBJECT IDENTIFIER ::=
- { 2 16 840 1 101 2 1 1 22 }
-
- KEA-Parms-Id ::= OCTET STRING
-
- CAs MUST populate the parameters field of the AlgorithmIdentifier
- within the SubjectPublicKeyInfo field of each certificate containing
- a KEA public key with an 80-bit parameter identifier (OCTET STRING),
- also known as the domain identifier. The domain identifier is
- computed in three steps:
-
- (1) the KEA domain parameters (p, q, and g) are DER encoded using
- the Dss-Parms structure;
-
- (2) a 160-bit SHA-1 hash is generated from the parameters; and
-
- (3) the 160-bit hash is reduced to 80-bits by performing an
- "exclusive or" of the 80 high order bits with the 80 low order
- bits.
-
- The resulting value is encoded such that the most significant byte of
- the 80-bit value is the first octet in the octet string. The Dss-
- Parms is provided above in Section 2.3.2.
-
- A KEA public key, y, is conveyed in the subjectPublicKey BIT STRING
- such that the most significant bit (MSB) of y becomes the MSB of the
- BIT STRING value field and the least significant bit (LSB) of y
- becomes the LSB of the BIT STRING value field. This results in the
- following encoding:
-
- BIT STRING tag;
- BIT STRING length;
- 0 (indicating that there are zero unused bits in the final octet
- of y); and
- BIT STRING value field including y.
-
- The key usage extension may optionally appear in a KEA certificate.
- If a KEA certificate includes the keyUsage extension, only the
- following values may be asserted:
-
- keyAgreement;
- encipherOnly; and
- decipherOnly.
-
-
-
-
-
-Polk, et al. Standards Track [Page 12]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- If present, the keyUsage extension MUST assert keyAgreement and MAY
- assert either encipherOnly and decipherOnly. The keyUsage extension
- MUST NOT assert both encipherOnly and decipherOnly.
-
-2.3.5 ECDSA and ECDH Keys
-
- This section identifies the preferred OID and parameter encoding for
- the inclusion of an ECDSA or ECDH public key in a certificate. The
- Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
- [X9.62]. ECDSA is the elliptic curve mathematical analog of the
- Digital Signature Algorithm [FIPS 186]. The Elliptic Curve Diffie
- Hellman (ECDH) algorithm is a key agreement algorithm defined in
- [X9.63].
-
- ECDH is the elliptic curve mathematical analog of the Diffie-Hellman
- key agreement algorithm as specified in [X9.42]. The ECDSA and ECDH
- specifications use the same OIDs and parameter encodings. The ASN.1
- object identifiers used to identify these public keys are defined in
- the following arc:
-
- ansi-X9-62 OBJECT IDENTIFIER ::=
- { iso(1) member-body(2) us(840) 10045 }
-
- When certificates contain an ECDSA or ECDH public key, the
- id-ecPublicKey algorithm identifier MUST be used. The id-ecPublicKey
- algorithm identifier is defined as follows:
-
- id-public-key-type OBJECT IDENTIFIER ::= { ansi-X9.62 2 }
-
- id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 }
-
- This OID is used in public key certificates for both ECDSA signature
- keys and ECDH encryption keys. The intended application for the key
- may be indicated in the key usage field (see [RFC 3280]). The use of
- a single key for both signature and encryption purposes is not
- recommended, but is not forbidden.
-
- ECDSA and ECDH require use of certain parameters with the public key.
- The parameters may be inherited from the issuer, implicitly included
- through reference to a "named curve," or explicitly included in the
- certificate.
-
- EcpkParameters ::= CHOICE {
- ecParameters ECParameters,
- namedCurve OBJECT IDENTIFIER,
- implicitlyCA NULL }
-
-
-
-
-
-Polk, et al. Standards Track [Page 13]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- When the parameters are inherited, the parameters field SHALL contain
- implictlyCA, which is the ASN.1 value NULL. When parameters are
- specified by reference, the parameters field SHALL contain the
- named-Curve choice, which is an object identifier. When the
- parameters are explicitly included, they SHALL be encoded in the
- ASN.1 structure ECParameters:
-
- ECParameters ::= SEQUENCE {
- version ECPVer, -- version is always 1
- fieldID FieldID, -- identifies the finite field over
- -- which the curve is defined
- curve Curve, -- coefficients a and b of the
- -- elliptic curve
- base ECPoint, -- specifies the base point P
- -- on the elliptic curve
- order INTEGER, -- the order n of the base point
- cofactor INTEGER OPTIONAL -- The integer h = #E(Fq)/n
- }
-
- ECPVer ::= INTEGER {ecpVer1(1)}
-
- Curve ::= SEQUENCE {
- a FieldElement,
- b FieldElement,
- seed BIT STRING OPTIONAL }
-
- FieldElement ::= OCTET STRING
-
- ECPoint ::= OCTET STRING
-
- The value of FieldElement SHALL be the octet string representation of
- a field element following the conversion routine in [X9.62], Section
- 4.3.3. The value of ECPoint SHALL be the octet string representation
- of an elliptic curve point following the conversion routine in
- [X9.62], Section 4.3.6. Note that this octet string may represent an
- elliptic curve point in compressed or uncompressed form.
-
- Implementations that support elliptic curve according to this
- specification MUST support the uncompressed form and MAY support the
- compressed form.
-
- The components of type ECParameters have the following meanings:
-
- version specifies the version number of the elliptic curve
- parameters. It MUST have the value 1 (ecpVer1).
-
-
-
-
-
-
-Polk, et al. Standards Track [Page 14]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- fieldID identifies the finite field over which the elliptic curve
- is defined. Finite fields are represented by values of the
- parameterized type FieldID, constrained to the values of the
- objects defined in the information object set FieldTypes.
- Additional detail regarding fieldID is provided below.
-
- curve specifies the coefficients a and b of the elliptic curve E.
- Each coefficient is represented as a value of type FieldElement,
- an OCTET STRING. seed is an optional parameter used to derive the
- coefficients of a randomly generated elliptic curve.
-
- base specifies the base point P on the elliptic curve. The base
- point is represented as a value of type ECPoint, an OCTET STRING.
-
- order specifies the order n of the base point.
-
- cofactor is the integer h = #E(Fq)/n. This parameter is specified
- as OPTIONAL. However, the cofactor MUST be included in ECDH
- public key parameters. The cofactor is not required to support
- ECDSA, except in parameter validation. The cofactor MAY be
- included to support parameter validation for ECDSA keys.
- Parameter validation is not required by this specification.
-
- The AlgorithmIdentifier within SubjectPublicKeyInfo is the only place
- within a certificate where the parameters may be used. If the
- elliptic curve parameters are specified as implicitlyCA in the
- SubjectPublicKeyInfo AlgorithmIdentifier and the CA signed the
- subject certificate using ECDSA, then the certificate issuer's ECDSA
- parameters apply to the subject's ECDSA key. If the elliptic curve
- parameters are specified as implicitlyCA in the SubjectPublicKeyInfo
- AlgorithmIdentifier and the CA signed the certificate using a
- signature algorithm other than ECDSA, then clients MUST not make use
- of the elliptic curve public key.
-
- FieldID ::= SEQUENCE {
- fieldType OBJECT IDENTIFIER,
- parameters ANY DEFINED BY fieldType }
-
- FieldID is a SEQUENCE of two components, fieldType and parameters.
- The fieldType contains an object identifier value that uniquely
- identifies the type contained in the parameters.
-
- The object identifier id-fieldType specifies an arc containing the
- object identifiers of each field type. It has the following value:
-
- id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1) }
-
-
-
-
-
-Polk, et al. Standards Track [Page 15]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- The object identifiers prime-field and characteristic-two-field name
- the two kinds of fields defined in this Standard. They have the
- following values:
-
- prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
-
- Prime-p ::= INTEGER -- Field size p (p in bits)
-
- characteristic-two-field OBJECT IDENTIFIER ::= { id-fieldType 2 }
-
- Characteristic-two ::= SEQUENCE {
- m INTEGER, -- Field size 2^m
- basis OBJECT IDENTIFIER,
- parameters ANY DEFINED BY basis }
-
- The object identifier id-characteristic-two-basis specifies an arc
- containing the object identifiers for each type of basis for the
- characteristic-two finite fields. It has the following value:
-
- id-characteristic-two-basis OBJECT IDENTIFIER ::= {
- characteristic-two-field basisType(1) }
-
- The object identifiers gnBasis, tpBasis and ppBasis name the three
- kinds of basis for characteristic-two finite fields defined by
- [X9.62]. They have the following values:
-
- gnBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 1 }
-
- -- for gnBasis, the value of the parameters field is NULL
-
- tpBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 2 }
-
- -- type of parameters field for tpBasis is Trinomial
-
- Trinomial ::= INTEGER
-
- ppBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 3 }
-
- -- type of parameters field for ppBasis is Pentanomial
-
- Pentanomial ::= SEQUENCE {
- k1 INTEGER,
- k2 INTEGER,
- k3 INTEGER }
-
-
-
-
-
-
-
-Polk, et al. Standards Track [Page 16]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- The elliptic curve public key (an ECPoint which is an OCTET STRING)
- is mapped to a subjectPublicKey (a BIT STRING) as follows: the most
- significant bit of the OCTET STRING becomes the most significant bit
- of the BIT STRING, and the least significant bit of the OCTET STRING
- becomes the least significant bit of the BIT STRING. Note that this
- octet string may represent an elliptic curve point in compressed or
- uncompressed form. Implementations that support elliptic curve
- according to this specification MUST support the uncompressed form
- and MAY support the compressed form.
-
- If the keyUsage extension is present in a CA or CRL issuer
- certificate which conveys an elliptic curve public key, any
- combination of the following values MAY be present:
-
- digitalSignature;
- nonRepudiation; and
- keyAgreement.
-
- If the keyAgreement value is present, either of the following values
- MAY be present:
-
- encipherOnly; and
- decipherOnly.
-
- The keyUsage extension MUST NOT assert both encipherOnly and
- decipherOnly.
-
- If the keyUsage extension is present in a CA certificate which
- conveys an elliptic curve public key, any combination of the
- following values MAY be present:
-
- digitalSignature;
- nonRepudiation;
- keyAgreement;
- keyCertSign; and
- cRLSign.
-
- As above, if the keyUsage extension asserts keyAgreement then it MAY
- assert either encipherOnly and decipherOnly. However, this
- specification RECOMMENDS that if keyCertSign or cRLSign is present,
- keyAgreement, encipherOnly, and decipherOnly SHOULD NOT be present.
-
-
-
-
-
-
-
-
-
-
-Polk, et al. Standards Track [Page 17]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
-3 ASN.1 Module
-
- PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6)
- internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
- id-mod-pkix1-algorithms(17) }
-
- DEFINITIONS EXPLICIT TAGS ::= BEGIN
-
- -- EXPORTS All;
-
- -- IMPORTS NONE;
-
- --
- -- One-way Hash Functions
- --
-
- md2 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) rsadsi(113549)
- digestAlgorithm(2) 2 }
-
- md5 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) rsadsi(113549)
- digestAlgorithm(2) 5 }
-
- id-sha1 OBJECT IDENTIFIER ::= {
- iso(1) identified-organization(3) oiw(14) secsig(3)
- algorithms(2) 26 }
-
- --
- -- DSA Keys and Signatures
- --
-
- -- OID for DSA public key
-
- id-dsa OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
-
- -- encoding for DSA public key
-
- DSAPublicKey ::= INTEGER -- public key, y
-
- Dss-Parms ::= SEQUENCE {
- p INTEGER,
- q INTEGER,
- g INTEGER }
-
-
-
-
-
-
-Polk, et al. Standards Track [Page 18]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- -- OID for DSA signature generated with SHA-1 hash
-
- id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
-
- -- encoding for DSA signature generated with SHA-1 hash
-
- Dss-Sig-Value ::= SEQUENCE {
- r INTEGER,
- s INTEGER }
-
- --
- -- RSA Keys and Signatures
- --
-
- -- arc for RSA public key and RSA signature OIDs
-
- pkcs-1 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
-
- -- OID for RSA public keys
-
- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
-
- -- OID for RSA signature generated with MD2 hash
-
- md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
-
- -- OID for RSA signature generated with MD5 hash
-
- md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
-
- -- OID for RSA signature generated with SHA-1 hash
-
- sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
-
- -- encoding for RSA public key
-
- RSAPublicKey ::= SEQUENCE {
- modulus INTEGER, -- n
- publicExponent INTEGER } -- e
-
-
-
-
-
-
-
-
-
-
-Polk, et al. Standards Track [Page 19]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- --
- -- Diffie-Hellman Keys
- --
-
- dhpublicnumber OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) ansi-x942(10046)
- number-type(2) 1 }
-
- -- encoding for DSA public key
-
- DHPublicKey ::= INTEGER -- public key, y = g^x mod p
-
- DomainParameters ::= SEQUENCE {
- p INTEGER, -- odd prime, p=jq +1
- g INTEGER, -- generator, g
- q INTEGER, -- factor of p-1
- j INTEGER OPTIONAL, -- subgroup factor, j>= 2
- validationParms ValidationParms OPTIONAL }
-
- ValidationParms ::= SEQUENCE {
- seed BIT STRING,
- pgenCounter INTEGER }
-
- --
- -- KEA Keys
- --
-
- id-keyExchangeAlgorithm OBJECT IDENTIFIER ::=
- { 2 16 840 1 101 2 1 1 22 }
-
- KEA-Parms-Id ::= OCTET STRING
-
- --
- -- Elliptic Curve Keys, Signatures, and Curves
- --
-
- ansi-X9-62 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) 10045 }
-
- FieldID ::= SEQUENCE { -- Finite field
- fieldType OBJECT IDENTIFIER,
- parameters ANY DEFINED BY fieldType }
-
- -- Arc for ECDSA signature OIDS
-
- id-ecSigType OBJECT IDENTIFIER ::= { ansi-X9-62 signatures(4) }
-
-
-
-
-
-Polk, et al. Standards Track [Page 20]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- -- OID for ECDSA signatures with SHA-1
-
- ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 }
-
- -- OID for an elliptic curve signature
- -- format for the value of an ECDSA signature value
-
- ECDSA-Sig-Value ::= SEQUENCE {
- r INTEGER,
- s INTEGER }
-
- -- recognized field type OIDs are defined in the following arc
-
- id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1) }
-
- -- where fieldType is prime-field, the parameters are of type Prime-p
-
- prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
-
- Prime-p ::= INTEGER -- Finite field F(p), where p is an odd prime
-
- -- where fieldType is characteristic-two-field, the parameters are
- -- of type Characteristic-two
-
- characteristic-two-field OBJECT IDENTIFIER ::= { id-fieldType 2 }
-
- Characteristic-two ::= SEQUENCE {
- m INTEGER, -- Field size 2^m
- basis OBJECT IDENTIFIER,
- parameters ANY DEFINED BY basis }
-
- -- recognized basis type OIDs are defined in the following arc
-
- id-characteristic-two-basis OBJECT IDENTIFIER ::= {
- characteristic-two-field basisType(3) }
-
- -- gnbasis is identified by OID gnBasis and indicates
- -- parameters are NULL
-
- gnBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 1 }
-
- -- parameters for this basis are NULL
-
- -- trinomial basis is identified by OID tpBasis and indicates
- -- parameters of type Pentanomial
-
- tpBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 2 }
-
-
-
-
-Polk, et al. Standards Track [Page 21]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- -- Trinomial basis representation of F2^m
- -- Integer k for reduction polynomial xm + xk + 1
-
- Trinomial ::= INTEGER
-
- -- for pentanomial basis is identified by OID ppBasis and indicates
- -- parameters of type Pentanomial
-
- ppBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 3 }
-
- -- Pentanomial basis representation of F2^m
- -- reduction polynomial integers k1, k2, k3
- -- f(x) = x**m + x**k3 + x**k2 + x**k1 + 1
-
- Pentanomial ::= SEQUENCE {
- k1 INTEGER,
- k2 INTEGER,
- k3 INTEGER }
-
- -- The object identifiers gnBasis, tpBasis and ppBasis name
- -- three kinds of basis for characteristic-two finite fields
-
- FieldElement ::= OCTET STRING -- Finite field element
-
- ECPoint ::= OCTET STRING -- Elliptic curve point
-
- -- Elliptic Curve parameters may be specified explicitly,
- -- specified implicitly through a "named curve", or
- -- inherited from the CA
-
- EcpkParameters ::= CHOICE {
- ecParameters ECParameters,
- namedCurve OBJECT IDENTIFIER,
- implicitlyCA NULL }
-
- ECParameters ::= SEQUENCE { -- Elliptic curve parameters
- version ECPVer,
- fieldID FieldID,
- curve Curve,
- base ECPoint, -- Base point G
- order INTEGER, -- Order n of the base point
- cofactor INTEGER OPTIONAL } -- The integer h = #E(Fq)/n
-
- ECPVer ::= INTEGER {ecpVer1(1)}
-
-
-
-
-
-
-
-Polk, et al. Standards Track [Page 22]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- Curve ::= SEQUENCE {
- a FieldElement, -- Elliptic curve coefficient a
- b FieldElement, -- Elliptic curve coefficient b
- seed BIT STRING OPTIONAL }
-
- id-publicKeyType OBJECT IDENTIFIER ::= { ansi-X9-62 keyType(2) }
-
- id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 }
-
- -- Named Elliptic Curves in ANSI X9.62.
-
- ellipticCurve OBJECT IDENTIFIER ::= { ansi-X9-62 curves(3) }
-
- c-TwoCurve OBJECT IDENTIFIER ::= {
- ellipticCurve characteristicTwo(0) }
-
- c2pnb163v1 OBJECT IDENTIFIER ::= { c-TwoCurve 1 }
- c2pnb163v2 OBJECT IDENTIFIER ::= { c-TwoCurve 2 }
- c2pnb163v3 OBJECT IDENTIFIER ::= { c-TwoCurve 3 }
- c2pnb176w1 OBJECT IDENTIFIER ::= { c-TwoCurve 4 }
- c2tnb191v1 OBJECT IDENTIFIER ::= { c-TwoCurve 5 }
- c2tnb191v2 OBJECT IDENTIFIER ::= { c-TwoCurve 6 }
- c2tnb191v3 OBJECT IDENTIFIER ::= { c-TwoCurve 7 }
- c2onb191v4 OBJECT IDENTIFIER ::= { c-TwoCurve 8 }
- c2onb191v5 OBJECT IDENTIFIER ::= { c-TwoCurve 9 }
- c2pnb208w1 OBJECT IDENTIFIER ::= { c-TwoCurve 10 }
- c2tnb239v1 OBJECT IDENTIFIER ::= { c-TwoCurve 11 }
- c2tnb239v2 OBJECT IDENTIFIER ::= { c-TwoCurve 12 }
- c2tnb239v3 OBJECT IDENTIFIER ::= { c-TwoCurve 13 }
- c2onb239v4 OBJECT IDENTIFIER ::= { c-TwoCurve 14 }
- c2onb239v5 OBJECT IDENTIFIER ::= { c-TwoCurve 15 }
- c2pnb272w1 OBJECT IDENTIFIER ::= { c-TwoCurve 16 }
- c2pnb304w1 OBJECT IDENTIFIER ::= { c-TwoCurve 17 }
- c2tnb359v1 OBJECT IDENTIFIER ::= { c-TwoCurve 18 }
- c2pnb368w1 OBJECT IDENTIFIER ::= { c-TwoCurve 19 }
- c2tnb431r1 OBJECT IDENTIFIER ::= { c-TwoCurve 20 }
-
- primeCurve OBJECT IDENTIFIER ::= { ellipticCurve prime(1) }
-
- prime192v1 OBJECT IDENTIFIER ::= { primeCurve 1 }
- prime192v2 OBJECT IDENTIFIER ::= { primeCurve 2 }
- prime192v3 OBJECT IDENTIFIER ::= { primeCurve 3 }
- prime239v1 OBJECT IDENTIFIER ::= { primeCurve 4 }
- prime239v2 OBJECT IDENTIFIER ::= { primeCurve 5 }
- prime239v3 OBJECT IDENTIFIER ::= { primeCurve 6 }
- prime256v1 OBJECT IDENTIFIER ::= { primeCurve 7 }
-
- END
-
-
-
-Polk, et al. Standards Track [Page 23]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
-4 References
-
- [FIPS 180-1] Federal Information Processing Standards Publication
- (FIPS PUB) 180-1, Secure Hash Standard, 17 April 1995.
- [Supersedes FIPS PUB 180 dated 11 May 1993.]
-
- [FIPS 186-2] Federal Information Processing Standards Publication
- (FIPS PUB) 186, Digital Signature Standard, 27 January
- 2000. [Supersedes FIPS PUB 186-1 dated 15 December
- 1998.]
-
- [P1363] IEEE P1363, "Standard Specifications for Public-Key
- Cryptography", 2001.
-
- [RC95] Rogier, N. and Chauvaud, P., "The compression function
- of MD2 is not collision free," Presented at Selected
- Areas in Cryptography '95, May 1995.
-
- [RFC 1034] Mockapetris, P., "Domain Names - Concepts and
- Facilities", STD 13, RFC 1034, November 1987.
-
- [RFC 1319] Kaliski, B., "The MD2 Message-Digest Algorithm", RFC
- 1319, April 1992.
-
- [RFC 1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC
- 1321, April 1992.
-
- [RFC 1422] Kent, S., "Privacy Enhancement for Internet Electronic
- Mail: Part II: Certificate-Based Key Management", RFC
- 1422, February 1993.
-
- [RFC 1423] Balenson, D., "Privacy Enhancement for Internet
- Electronic Mail: Part III: Algorithms, Modes, and
- Identifiers", RFC 1423, February 1993.
-
- [RFC 2119] Bradner, S., "Key Words for Use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
- [RFC 2313] Kaliski, B., "PKCS #1: RSA Encryption Version 1.5",
- RFC 2313, March 1998.
-
- [RFC 2459] Housley, R., Ford, W., Polk, W. and D. Solo "Internet
- X.509 Public Key Infrastructure: Certificate and CRL
- Profile", RFC 2459, January, 1999.
-
- [RFC 3174] Eastlake, D. and P. Jones, "US Secure Hash Algorithm 1
- (SHA1)", RFC 3174, September 2001.
-
-
-
-
-Polk, et al. Standards Track [Page 24]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- [RFC 3280] Housley, R., Polk, W., Ford, W. and D. Solo, "Internet
- X.509 Public Key Infrastructure Certificate and
- Certificate Revocation List (CRL) Profile", RFC 3280,
- April 2002.
-
- [SDN.701r] SDN.701, "Message Security Protocol 4.0", Revision A
- 1997-02-06.
-
- [X.208] CCITT Recommendation X.208: Specification of Abstract
- Syntax Notation One (ASN.1), 1988.
-
- [X.660] ITU-T Recommendation X.660 Information Technology -
- ASN.1 encoding rules: Specification of Basic Encoding
- Rules (BER), Canonical Encoding Rules (CER) and
- Distinguished Encoding Rules (DER), 1997.
-
- [X9.42] ANSI X9.42-2000, "Public Key Cryptography for The
- Financial Services Industry: Agreement of Symmetric
- Keys Using Discrete Logarithm Cryptography", December,
- 1999.
-
- [X9.62] X9.62-1998, "Public Key Cryptography For The Financial
- Services Industry: The Elliptic Curve Digital
- Signature Algorithm (ECDSA)", January 7, 1999.
-
- [X9.63] ANSI X9.63-2001, "Public Key Cryptography For The
- Financial Services Industry: Key Agreement and Key
- Transport Using Elliptic Curve Cryptography", Work in
- Progress.
-
-5 Security Considerations
-
- This specification does not constrain the size of public keys or
- their parameters for use in the Internet PKI. However, the key size
- selected impacts the strength achieved when implementing
- cryptographic services. Selection of appropriate key sizes is
- critical to implementing appropriate security.
-
- This specification does not identify particular elliptic curves for
- use in the Internet PKI. However, the particular curve selected
- impact the strength of the digital signatures. Some curves are
- cryptographically stronger than others!
-
- In general, use of "well-known" curves, such as the "named curves"
- from ANSI X9.62, is a sound strategy. For additional information,
- refer to X9.62 Appendix H.1.3, "Key Length Considerations" and
- Appendix A.1, "Avoiding Cryptographically Weak Keys".
-
-
-
-
-Polk, et al. Standards Track [Page 25]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
- This specification supplements RFC 3280. The security considerations
- section of that document applies to this specification as well.
-
-6 Intellectual Property Rights
-
- The IETF has been notified of intellectual property rights claimed in
- regard to some or all of the specification contained in this
- document. For more information consult the online list of claimed
- rights.
-
- The IETF takes no position regarding the validity or scope of any
- intellectual property or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; neither does it represent that it
- has made any effort to identify any such rights. Information on the
- IETF's procedures with respect to rights in standards-track and
- standards- related documentation can be found in BCP-11. Copies of
- claims of rights made available for publication and any assurances of
- licenses to be made available, or the result of an attempt made to
- obtain a general license or permission for the use of such
- proprietary rights by implementors or users of this specification can
- be obtained from the IETF Secretariat.
-
-7 Author Addresses:
-
- Tim Polk
- NIST
- 100 Bureau Drive, Stop 8930
- Gaithersburg, MD 20899-8930
- USA
- EMail: tim.polk@nist.gov
-
- Russell Housley
- RSA Laboratories
- 918 Spring Knoll Drive
- Herndon, VA 20170
- USA
- EMail: rhousley@rsasecurity.com
-
- Larry Bassham
- NIST
- 100 Bureau Drive, Stop 8930
- Gaithersburg, MD 20899-8930
- USA
- EMail: lbassham@nist.gov
-
-
-
-
-
-Polk, et al. Standards Track [Page 26]
-
-RFC 3279 Algorithms and Identifiers April 2002
-
-
-8. Full Copyright Statement
-
- Copyright (C) The Internet Society (2002). All Rights Reserved.
-
- This document and translations of it may be copied and furnished to
- others, and derivative works that comment on or otherwise explain it
- or assist in its implementation may be prepared, copied, published
- and distributed, in whole or in part, without restriction of any
- kind, provided that the above copyright notice and this paragraph are
- included on all such copies and derivative works. However, this
- document itself may not be modified in any way, such as by removing
- the copyright notice or references to the Internet Society or other
- Internet organizations, except as needed for the purpose of
- developing Internet standards in which case the procedures for
- copyrights defined in the Internet Standards process must be
- followed, or as required to translate it into languages other than
- English.
-
- The limited permissions granted above are perpetual and will not be
- revoked by the Internet Society or its successors or assigns.
-
- This document and the information contained herein is provided on an
- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Acknowledgement
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Polk, et al. Standards Track [Page 27]
-
diff --git a/utils/open-isns/doc/rfc3720.txt b/utils/open-isns/doc/rfc3720.txt
deleted file mode 100644
index 2041f93..0000000
--- a/utils/open-isns/doc/rfc3720.txt
+++ /dev/null
@@ -1,14395 +0,0 @@
-
-
-
-
-
-
-Network Working Group J. Satran
-Request for Comments: 3720 K. Meth
-Category: Standards Track IBM
- C. Sapuntzakis
- Cisco Systems
- M. Chadalapaka
- Hewlett-Packard Co.
- E. Zeidner
- IBM
- April 2004
-
-
- Internet Small Computer Systems Interface (iSCSI)
-
-Status of this Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2003). All Rights Reserved.
-
-Abstract
-
- This document describes a transport protocol for Internet Small
- Computer Systems Interface (iSCSI) that works on top of TCP. The
- iSCSI protocol aims to be fully compliant with the standardized SCSI
- architecture model.
-
- SCSI is a popular family of protocols that enable systems to
- communicate with I/O devices, especially storage devices. SCSI
- protocols are request/response application protocols with a common
- standardized architecture model and basic command set, as well as
- standardized command sets for different device classes (disks, tapes,
- media-changers etc.).
-
- As system interconnects move from the classical bus structure to a
- network structure, SCSI has to be mapped to network transport
- protocols. IP networks now meet the performance requirements of fast
- system interconnects and as such are good candidates to "carry" SCSI.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 1]
-
-RFC 3720 iSCSI April 2004
-
-
-Table of Contents
-
- 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 9
- 2. Definitions and Acronyms. . . . . . . . . . . . . . . . . . . 10
- 2.1. Definitions. . . . . . . . . . . . . . . . . . . . . . 10
- 2.2. Acronyms . . . . . . . . . . . . . . . . . . . . . . . 14
- 2.3. Conventions. . . . . . . . . . . . . . . . . . . . . . 16
- 2.3.1. Word Rule. . . . . . . . . . . . . . . . . . 16
- 2.3.2. Half-Word Rule . . . . . . . . . . . . . . . 17
- 2.3.3. Byte Rule. . . . . . . . . . . . . . . . . . 17
- 3. Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . 17
- 3.1. SCSI Concepts. . . . . . . . . . . . . . . . . . . . . 17
- 3.2. iSCSI Concepts and Functional Overview . . . . . . . . 18
- 3.2.1. Layers and Sessions. . . . . . . . . . . . . 19
- 3.2.2. Ordering and iSCSI Numbering . . . . . . . . 19
- 3.2.2.1. Command Numbering and
- Acknowledging . . . . . . . . . . 20
- 3.2.2.2. Response/Status Numbering and
- Acknowledging . . . . . . . . . . 23
- 3.2.2.3. Data Sequencing . . . . . . . . 24
- 3.2.3. iSCSI Login. . . . . . . . . . . . . . . . . 24
- 3.2.4. iSCSI Full Feature Phase . . . . . . . . . . 25
- 3.2.4.1. Command Connection Allegiance . . 26
- 3.2.4.2. Data Transfer Overview. . . . . . 27
- 3.2.4.3. Tags and Integrity Checks . . . . 28
- 3.2.4.4. Task Management . . . . . . . . . 28
- 3.2.5. iSCSI Connection Termination . . . . . . . . 29
- 3.2.6. iSCSI Names. . . . . . . . . . . . . . . . . 29
- 3.2.6.1. iSCSI Name Properties . . . . . . 30
- 3.2.6.2. iSCSI Name Encoding . . . . . . . 31
- 3.2.6.3. iSCSI Name Structure. . . . . . . 32
- 3.2.6.3.1. Type "iqn." (iSCSI
- Qualified Name) . . . 32
- 3.2.6.3.2. Type "eui." (IEEE
- EUI-64 format). . . . 34
- 3.2.7. Persistent State . . . . . . . . . . . . . . 34
- 3.2.8. Message Synchronization and Steering . . . . 35
- 3.2.8.1. Sync/Steering and iSCSI PDU
- Length . . . . . . . . . . . . . 36
- 3.3. iSCSI Session Types. . . . . . . . . . . . . . . . . . 36
- 3.4. SCSI to iSCSI Concepts Mapping Model . . . . . . . . . 37
- 3.4.1. iSCSI Architecture Model . . . . . . . . . . 37
- 3.4.2. SCSI Architecture Model. . . . . . . . . . . 39
- 3.4.3. Consequences of the Model. . . . . . . . . . 41
- 3.4.3.1. I_T Nexus State . . . . . . . . . 42
- 3.5. Request/Response Summary . . . . . . . . . . . . . . . 42
- 3.5.1. Request/Response Types Carrying SCSI Payload 43
- 3.5.1.1. SCSI-Command . . . . . . . . . . 43
-
-
-
-Satran, et al. Standards Track [Page 2]
-
-RFC 3720 iSCSI April 2004
-
-
- 3.5.1.2. SCSI-Response . . . . . . . . . 43
- 3.5.1.3. Task Management Function Request. 44
- 3.5.1.4. Task Management Function Response 44
- 3.5.1.5. SCSI Data-Out and SCSI Data-In. . 44
- 3.5.1.6. Ready To Transfer (R2T) . . . . . 45
- 3.5.2. Requests/Responses carrying SCSI and iSCSI
- Payload. . . . . . . . . . . . . . . . . . . 46
- 3.5.2.1. Asynchronous Message. . . . . . . 46
- 3.5.3. Requests/Responses Carrying iSCSI Only
- Payload. . . . . . . . . . . . . . . . . . . 46
- 3.5.3.1. Text Request and Text Response. . 46
- 3.5.3.2. Login Request and Login Response. 47
- 3.5.3.3. Logout Request and Response . . . 47
- 3.5.3.4. SNACK Request . . . . . . . . . . 48
- 3.5.3.5. Reject. . . . . . . . . . . . . . 48
- 3.5.3.6. NOP-Out Request and NOP-In
- Response . . . . . . . . . . . . 48
- 4. SCSI Mode Parameters for iSCSI. . . . . . . . . . . . . . . . 48
- 5. Login and Full Feature Phase Negotiation. . . . . . . . . . . 48
- 5.1. Text Format. . . . . . . . . . . . . . . . . . . . . . 50
- 5.2. Text Mode Negotiation. . . . . . . . . . . . . . . . . 53
- 5.2.1. List negotiations. . . . . . . . . . . . . . 56
- 5.2.2. Simple-value Negotiations. . . . . . . . . . 56
- 5.3. Login Phase. . . . . . . . . . . . . . . . . . . . . . 57
- 5.3.1. Login Phase Start. . . . . . . . . . . . . . 60
- 5.3.2. iSCSI Security Negotiation . . . . . . . . . 62
- 5.3.3. Operational Parameter Negotiation During
- the Login Phase. . . . . . . . . . . . . . . 63
- 5.3.4. Connection Reinstatement . . . . . . . . . . 64
- 5.3.5. Session Reinstatement, Closure, and Timeout. 64
- 5 5.3.5.1. Loss of Nexus
- Notification. . . . . 65
- 5.3.6. Session Continuation and Failure . . . . . . 65
- 5.4. Operational Parameter Negotiation Outside the Login
- Phase. . . . . . . . . . . . . . . . . . . . . . . . . 66
- 6. iSCSI Error Handling and Recovery . . . . . . . . . . . . . . 67
- 6.1. Overview . . . . . . . . . . . . . . . . . . . . . . . 67
- 6.1.1. Background . . . . . . . . . . . . . . . . . 67
- 6.1.2. Goals. . . . . . . . . . . . . . . . . . . . 67
- 6.1.3. Protocol Features and State Expectations . . 68
- 6.1.4. Recovery Classes . . . . . . . . . . . . . . 69
- 6.1.4.1. Recovery Within-command . . . . . 69
- 6.1.4.2. Recovery Within-connection. . . . 70
- 6.1.4.3. Connection Recovery . . . . . . . 71
- 6.1.4.4. Session Recovery. . . . . . . . . 72
- 6.1.5. Error Recovery Hierarchy . . . . . . . . . . . 72
- 6.2. Retry and Reassign in Recovery . . . . . . . . . . . . 74
- 6.2.1. Usage of Retry . . . . . . . . . . . . . . . 74
-
-
-
-Satran, et al. Standards Track [Page 3]
-
-RFC 3720 iSCSI April 2004
-
-
- 6.2.2. Allegiance Reassignment. . . . . . . . . . . 75
- 6.3. Usage Of Reject PDU in Recovery. . . . . . . . . . . . 76
- 6.4. Connection Timeout Management. . . . . . . . . . . . . 76
- 6.4.1. Timeouts on Transport Exception Events . . . 77
- 6.4.2. Timeouts on Planned Decommissioning. . . . . 77
- 6.5. Implicit Termination of Tasks. . . . . . . . . . . . . 77
- 6.6. Format Errors. . . . . . . . . . . . . . . . . . . . . 78
- 6.7. Digest Errors. . . . . . . . . . . . . . . . . . . . . 78
- 6.8. Sequence Errors. . . . . . . . . . . . . . . . . . . . 80
- 6.9. SCSI Timeouts. . . . . . . . . . . . . . . . . . . . . 81
- 6.10. Negotiation Failures . . . . . . . . . . . . . . . . . 81
- 6.11. Protocol Errors. . . . . . . . . . . . . . . . . . . . 82
- 6.12. Connection Failures. . . . . . . . . . . . . . . . . . 82
- 6.13. Session Errors . . . . . . . . . . . . . . . . . . . . 83
- 7. State Transitions . . . . . . . . . . . . . . . . . . . . . . 84
- 7.1. Standard Connection State Diagrams . . . . . . . . . . 84
- 7.1.1. State Descriptions for Initiators and
- Targets. . . . . . . . . . . . . . . . . . . 84
- 7.1.2. State Transition Descriptions for Initiators
- and Targets. . . . . . . . . . . . . . . . . 85
- 7.1.3. Standard Connection State Diagram for an
- Initiator. . . . . . . . . . . . . . . . . . 88
- 7.1.4. Standard Connection State Diagram for a
- Target . . . . . . . . . . . . . . . . . . . 90
- 7.2. Connection Cleanup State Diagram for Initiators and
- Targets. . . . . . . . . . . . . . . . . . . . . . . . 92
- 7.2.1. State Descriptions for Initiators and
- Targets. . . . . . . . . . . . . . . . . . . 94
- 7.2.2. State Transition Descriptions for Initiators
- and Targets. . . . . . . . . . . . . . . . . 94
- 7.3. Session State Diagrams . . . . . . . . . . . . . . . . 95
- 7.3.1. Session State Diagram for an Initiator . . . 95
- 7.3.2. Session State Diagram for a Target . . . . . 96
- 7.3.3. State Descriptions for Initiators and
- Targets. . . . . . . . . . . . . . . . . . . 97
- 7.3.4. State Transition Descriptions for Initiators
- and Targets. . . . . . . . . . . . . . . . . 98
- 8. Security Considerations . . . . . . . . . . . . . . . . . . . 99
- 8.1. iSCSI Security Mechanisms. . . . . . . . . . . . . . . 100
- 8.2. In-band Initiator-Target Authentication. . . . . . . . 100
- 8.2.1. CHAP Considerations. . . . . . . . . . . . . 101
- 8.2.2. SRP Considerations . . . . . . . . . . . . . 103
- 8.3. IPsec. . . . . . . . . . . . . . . . . . . . . . . . . 104
- 8.3.1. Data Integrity and Authentication. . . . . . 104
- 8.3.2. Confidentiality. . . . . . . . . . . . . . . 105
- 8.3.3. Policy, Security Associations, and
- Cryptographic Key Management . . . . . . . . 105
- 9. Notes to Implementers . . . . . . . . . . . . . . . . . . . . 106
-
-
-
-Satran, et al. Standards Track [Page 4]
-
-RFC 3720 iSCSI April 2004
-
-
- 9.1. Multiple Network Adapters. . . . . . . . . . . . . . . 106
- 9.1.1. Conservative Reuse of ISIDs. . . . . . . . . 107
- 9.1.2. iSCSI Name, ISID, and TPGT Use . . . . . . . 107
- 9.2. Autosense and Auto Contingent Allegiance (ACA) . . . . 109
- 9.3. iSCSI Timeouts . . . . . . . . . . . . . . . . . . . . 109
- 9.4. Command Retry and Cleaning Old Command Instances . . . 110
- 9.5. Synch and Steering Layer and Performance . . . . . . . 110
- 9.6. Considerations for State-dependent Devices and
- Long-lasting SCSI Operations . . . . . . . . . . . . . 111
- 9.6.1. Determining the Proper ErrorRecoveryLevel. . 112
- 10. iSCSI PDU Formats . . . . . . . . . . . . . . . . . . . . . . 112
- 10.1. iSCSI PDU Length and Padding . . . . . . . . . . . . . 113
- 10.2. PDU Template, Header, and Opcodes. . . . . . . . . . . 113
- 10.2.1. Basic Header Segment (BHS) . . . . . . . . . 114
- 10.2.1.1. I . . . . . . . . . . . . . . . . 115
- 10.2.1.2. Opcode. . . . . . . . . . . . . . 115
- 10.2.1.3. Final (F) bit . . . . . . . . . . 116
- 10.2.1.4. Opcode-specific Fields. . . . . . 116
- 10.2.1.5. TotalAHSLength. . . . . . . . . . 116
- 10.2.1.6. DataSegmentLength . . . . . . . . 116
- 10.2.1.7. LUN . . . . . . . . . . . . . . . 116
- 10.2.1.8. Initiator Task Tag. . . . . . . . 117
- 10.2.2. Additional Header Segment (AHS) . . . . . . . 117
- 10.2.2.1. AHSType . . . . . . . . . . . . . 117
- 10.2.2.2. AHSLength . . . . . . . . . . . . 117
- 10.2.2.3. Extended CDB AHS. . . . . . . . . 118
- 10.2.2.4. Bidirectional Expected Read-Data
- Length AHS. . . . . . . . . . . . 118
- 10.2.3. Header Digest and Data Digest. . . . . . . . 118
- 10.2.4. Data Segment . . . . . . . . . . . . . . . . 119
- 10.3. SCSI Command . . . . . . . . . . . . . . . . . . . . . 119
- 10.3.1. Flags and Task Attributes (byte 1) . . . . . 120
- 10.3.2. CmdSN - Command Sequence Number. . . . . . . 120
- 10.3.3. ExpStatSN. . . . . . . . . . . . . . . . . . 120
- 10.3.4. Expected Data Transfer Length. . . . . . . . 121
- 10.3.5. CDB - SCSI Command Descriptor Block. . . . . 121
- 10.3.6. Data Segment - Command Data. . . . . . . . . 121
- 10.4. SCSI Response. . . . . . . . . . . . . . . . . . . . . 122
- 10.4.1. Flags (byte 1) . . . . . . . . . . . . . . . 123
- 10.4.2. Status . . . . . . . . . . . . . . . . . . . 123
- 10.4.3. Response . . . . . . . . . . . . . . . . . . 124
- 10.4.4. SNACK Tag. . . . . . . . . . . . . . . . . . 125
- 10.4.5. Residual Count . . . . . . . . . . . . . . . 125
- 10.4.6. Bidirectional Read Residual Count. . . . . . 125
- 10.4.7. Data Segment - Sense and Response Data
- Segment. . . . . . . . . . . . . . . . . . . 125
- 10.4.7.1. SenseLength . . . . . . . . . . . 126
- 10.4.7.2. Sense Data. . . . . . . . . . . . 126
-
-
-
-Satran, et al. Standards Track [Page 5]
-
-RFC 3720 iSCSI April 2004
-
-
- 10.4.8. ExpDataSN. . . . . . . . . . . . . . . . . . 127
- 10.4.9. StatSN - Status Sequence Number. . . . . . . 127
- 10.4.10. ExpCmdSN - Next Expected CmdSN from this
- Initiator. . . . . . . . . . . . . . . . . . 128
- 10.4.11. MaxCmdSN - Maximum CmdSN from this Initiator 128
- 10.5. Task Management Function Request . . . . . . . . . . . 129
- 10.5.1. Function . . . . . . . . . . . . . . . . . . 129
- 10.5.2. TotalAHSLength and DataSegmentLength . . . . 132
- 10.5.3. LUN. . . . . . . . . . . . . . . . . . . . . 132
- 10.5.4. Referenced Task Tag. . . . . . . . . . . . . 132
- 10.5.5. RefCmdSN . . . . . . . . . . . . . . . . . . 132
- 10.5.6. ExpDataSN. . . . . . . . . . . . . . . . . . 133
- 10.6. Task Management Function Response. . . . . . . . . . . 134
- 10.6.1. Response . . . . . . . . . . . . . . . . . . 134
- 10.6.2. Task Management Actions on Task Sets . . . . 136
- 10.6.3. TotalAHSLength and DataSegmentLength . . . . 137
- 10.7. SCSI Data-Out & SCSI Data-In . . . . . . . . . . . . . 137
- 10.7.1. F (Final) Bit. . . . . . . . . . . . . . . . 139
- 10.7.2. A (Acknowledge) Bit. . . . . . . . . . . . . 139
- 10.7.3. Flags (byte 1) . . . . . . . . . . . . . . . 140
- 10.7.4. Target Transfer Tag and LUN. . . . . . . . . 140
- 10.7.5. DataSN . . . . . . . . . . . . . . . . . . . 141
- 10.7.6. Buffer Offset. . . . . . . . . . . . . . . . 141
- 10.7.7. DataSegmentLength. . . . . . . . . . . . . . 141
- 10.8. Ready To Transfer (R2T). . . . . . . . . . . . . . . . 142
- 10.8.1. TotalAHSLength and DataSegmentLength . . . . 143
- 10.8.2. R2TSN. . . . . . . . . . . . . . . . . . . . 143
- 10.8.3. StatSN . . . . . . . . . . . . . . . . . . . 144
- 10.8.4. Desired Data Transfer Length and Buffer
- Offset . . . . . . . . . . . . . . . . . . . 144
- 10.8.5. Target Transfer Tag. . . . . . . . . . . . . 144
- 10.9. Asynchronous Message . . . . . . . . . . . . . . . . . 145
- 10.9.1. AsyncEvent . . . . . . . . . . . . . . . . . 146
- 10.9.2. AsyncVCode . . . . . . . . . . . . . . . . . 147
- 10.9.3. LUN. . . . . . . . . . . . . . . . . . . . . 147
- 10.9.4. Sense Data and iSCSI Event Data. . . . . . . 148
- 10.9.4.1. SenseLength . . . . . . . . . . . 148
- 10.10. Text Request . . . . . . . . . . . . . . . . . . . . . 149
- 10.10.1. F (Final) Bit. . . . . . . . . . . . . . . . 150
- 10.10.2. C (Continue) Bit . . . . . . . . . . . . . . 150
- 10.10.3. Initiator Task Tag . . . . . . . . . . . . . 150
- 10.10.4. Target Transfer Tag. . . . . . . . . . . . . 150
- 10.10.5. Text . . . . . . . . . . . . . . . . . . . . 151
- 10.11. Text Response. . . . . . . . . . . . . . . . . . . . . 152
- 10.11.1. F (Final) Bit. . . . . . . . . . . . . . . . 152
- 10.11.2. C (Continue) Bit . . . . . . . . . . . . . . 153
- 10.11.3. Initiator Task Tag . . . . . . . . . . . . . 153
- 10.11.4. Target Transfer Tag. . . . . . . . . . . . . 153
-
-
-
-Satran, et al. Standards Track [Page 6]
-
-RFC 3720 iSCSI April 2004
-
-
- 10.11.5. StatSN . . . . . . . . . . . . . . . . . . . 154
- 10.11.6. Text Response Data . . . . . . . . . . . . . 154
- 10.12. Login Request. . . . . . . . . . . . . . . . . . . . . 154
- 10.12.1. T (Transit) Bit. . . . . . . . . . . . . . . 155
- 10.12.2. C (Continue) Bit . . . . . . . . . . . . . . 155
- 10.12.3. CSG and NSG. . . . . . . . . . . . . . . . . 156
- 10.12.4. Version. . . . . . . . . . . . . . . . . . . 156
- 10.12.4.1. Version-max. . . . . . . . . . . 156
- 10.12.4.2. Version-min. . . . . . . . . . . 156
- 10.12.5. ISID . . . . . . . . . . . . . . . . . . . . 157
- 10.12.6. TSIH . . . . . . . . . . . . . . . . . . . . 158
- 10.12.7. Connection ID - CID. . . . . . . . . . . . . 158
- 10.12.8. CmdSN. . . . . . . . . . . . . . . . . . . . 159
- 10.12.9. ExpStatSN. . . . . . . . . . . . . . . . . . 159
- 10.12.10. Login Parameters . . . . . . . . . . . . . . 159
- 10.13. Login Response . . . . . . . . . . . . . . . . . . . . 160
- 10.13.1. Version-max. . . . . . . . . . . . . . . . . 160
- 10.13.2. Version-active . . . . . . . . . . . . . . . 161
- 10.13.3. TSIH . . . . . . . . . . . . . . . . . . . . 161
- 10.13.4. StatSN . . . . . . . . . . . . . . . . . . . 161
- 10.13.5. Status-Class and Status-Detail . . . . . . . 161
- 10.13.6. T (Transit) Bit. . . . . . . . . . . . . . . 164
- 10.13.7. C (Continue) Bit . . . . . . . . . . . . . . 164
- 10.13.8. Login Parameters . . . . . . . . . . . . . . 164
- 10.14. Logout Request . . . . . . . . . . . . . . . . . . . . 165
- 10.14.1. Reason Code. . . . . . . . . . . . . . . . . 167
- 10.14.2. TotalAHSLength and DataSegmentLength . . . . 168
- 10.14.3. CID. . . . . . . . . . . . . . . . . . . . . 168
- 10.14.4. ExpStatSN. . . . . . . . . . . . . . . . . . 168
- 10.14.5. Implicit termination of tasks. . . . . . . . 168
- 10.15. Logout Response. . . . . . . . . . . . . . . . . . . . 169
- 10.15.1. Response . . . . . . . . . . . . . . . . . . 170
- 10.15.2. TotalAHSLength and DataSegmentLength . . . . 170
- 10.15.3. Time2Wait. . . . . . . . . . . . . . . . . . 170
- 10.15.4. Time2Retain. . . . . . . . . . . . . . . . . 170
- 10.16. SNACK Request. . . . . . . . . . . . . . . . . . . . . 171
- 10.16.1. Type . . . . . . . . . . . . . . . . . . . . 172
- 10.16.2. Data Acknowledgement . . . . . . . . . . . . 173
- 10.16.3. Resegmentation . . . . . . . . . . . . . . . 173
- 10.16.4. Initiator Task Tag . . . . . . . . . . . . . 174
- 10.16.5. Target Transfer Tag or SNACK Tag . . . . . . 174
- 10.16.6. BegRun . . . . . . . . . . . . . . . . . . . 174
- 10.16.7. RunLength. . . . . . . . . . . . . . . . . . 174
- 10.17. Reject . . . . . . . . . . . . . . . . . . . . . . . . 175
- 10.17.1. Reason . . . . . . . . . . . . . . . . . . . 176
- 10.17.2. DataSN/R2TSN . . . . . . . . . . . . . . . . 177
- 10.17.3. StatSN, ExpCmdSN and MaxCmdSN. . . . . . . . 177
- 10.17.4. Complete Header of Bad PDU . . . . . . . . . 177
-
-
-
-Satran, et al. Standards Track [Page 7]
-
-RFC 3720 iSCSI April 2004
-
-
- 10.18. NOP-Out. . . . . . . . . . . . . . . . . . . . . . . . 178
- 10.18.1. Initiator Task Tag . . . . . . . . . . . . . 179
- 10.18.2. Target Transfer Tag. . . . . . . . . . . . . 179
- 10.18.3. Ping Data. . . . . . . . . . . . . . . . . . 179
- 10.19. NOP-In . . . . . . . . . . . . . . . . . . . . . . . . 180
- 10.19.1. Target Transfer Tag. . . . . . . . . . . . . 181
- 10.19.2. StatSN . . . . . . . . . . . . . . . . . . . 181
- 10.19.3. LUN. . . . . . . . . . . . . . . . . . . . . 181
- 11. iSCSI Security Text Keys and Authentication Methods . . . . . 181
- 11.1. AuthMethod . . . . . . . . . . . . . . . . . . . . . . 182
- 11.1.1. Kerberos . . . . . . . . . . . . . . . . . . 184
- 11.1.2. Simple Public-Key Mechanism (SPKM) . . . . . 184
- 11.1.3. Secure Remote Password (SRP) . . . . . . . . 185
- 11.1.4. Challenge Handshake Authentication Protocol
- (CHAP) . . . . . . . . . . . . . . . . . . . 186
- 12. Login/Text Operational Text Keys. . . . . . . . . . . . . . . 187
- 12.1. HeaderDigest and DataDigest. . . . . . . . . . . . . . 188
- 12.2. MaxConnections . . . . . . . . . . . . . . . . . . . . 190
- 12.3. SendTargets. . . . . . . . . . . . . . . . . . . . . . 191
- 12.4. TargetName . . . . . . . . . . . . . . . . . . . . . . 191
- 12.5. InitiatorName. . . . . . . . . . . . . . . . . . . . . 192
- 12.6. TargetAlias. . . . . . . . . . . . . . . . . . . . . . 192
- 12.7. InitiatorAlias . . . . . . . . . . . . . . . . . . . . 193
- 12.8. TargetAddress. . . . . . . . . . . . . . . . . . . . . 193
- 12.9. TargetPortalGroupTag . . . . . . . . . . . . . . . . . 194
- 12.10. InitialR2T . . . . . . . . . . . . . . . . . . . . . . 194
- 12.11. ImmediateData. . . . . . . . . . . . . . . . . . . . . 195
- 12.12. MaxRecvDataSegmentLength . . . . . . . . . . . . . . . 196
- 12.13. MaxBurstLength . . . . . . . . . . . . . . . . . . . . 196
- 12.14. FirstBurstLength . . . . . . . . . . . . . . . . . . . 197
- 12.15. DefaultTime2Wait . . . . . . . . . . . . . . . . . . . 197
- 12.16. DefaultTime2Retain . . . . . . . . . . . . . . . . . . 198
- 12.17. MaxOutstandingR2T. . . . . . . . . . . . . . . . . . . 198
- 12.18. DataPDUInOrder . . . . . . . . . . . . . . . . . . . . 198
- 12.19. DataSequenceInOrder. . . . . . . . . . . . . . . . . . 199
- 12.20. ErrorRecoveryLevel . . . . . . . . . . . . . . . . . . 199
- 12.21. SessionType. . . . . . . . . . . . . . . . . . . . . . 200
- 12.22. The Private or Public Extension Key Format . . . . . . 200
- 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 201
- 13.1. Naming Requirements. . . . . . . . . . . . . . . . . . 203
- 13.2. Mechanism Specification Requirements . . . . . . . . . 203
- 13.3. Publication Requirements . . . . . . . . . . . . . . . 203
- 13.4. Security Requirements. . . . . . . . . . . . . . . . . 203
- 13.5. Registration Procedure . . . . . . . . . . . . . . . . 204
- 13.5.1. Present the iSCSI extension item to the
- Community. . . . . . . . . . . . . . . . . . 204
- 13.5.2. iSCSI extension item review and IESG
- approval . . . . . . . . . . . . . . . . . . 204
-
-
-
-Satran, et al. Standards Track [Page 8]
-
-RFC 3720 iSCSI April 2004
-
-
- 13.5.3. IANA Registration. . . . . . . . . . . . . . 204
- 13.5.4. Standard iSCSI extension item-label format . 204
- 13.6. IANA Procedures for Registering iSCSI extension items. 205
- References. . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
- Appendix A. Sync and Steering with Fixed Interval Markers . . . . 209
- A.1. Markers At Fixed Intervals . . . . . . . . . . . . . . 209
- A.2. Initial Marker-less Interval . . . . . . . . . . . . . 210
- A.3. Negotiation. . . . . . . . . . . . . . . . . . . . . . 210
- A.3.1. OFMarker, IFMarker . . . . . . . . . . . . . 210
- A.3.2. OFMarkInt, IFMarkInt . . . . . . . . . . . . 211
- Appendix B. Examples . . . . . . . . . . . . . . . . . . . . . . 212
- B.1. Read Operation Example . . . . . . . . . . . . . . . . 212
- B.2. Write Operation Example. . . . . . . . . . . . . . . . 213
- B.3. R2TSN/DataSN Use Examples. . . . . . . . . . . . . . . 214
- B.4. CRC Examples . . . . . . . . . . . . . . . . . . . . . 217
- Appendix C. Login Phase Examples . . . . . . . . . . . . . . . . 219
- Appendix D. SendTargets Operation. . . . . . . . . . . . . . . . 229
- Appendix E. Algorithmic Presentation of Error Recovery Classes . 233
- E.1. General Data Structure and Procedure Description . . . 233
- E.2. Within-command Error Recovery Algorithms . . . . . . . 234
- E.2.1. Procedure Descriptions . . . . . . . . . . . 234
- E.2.2. Initiator Algorithms . . . . . . . . . . . . 235
- E.2.3. Target Algorithms. . . . . . . . . . . . . . 237
- E.3. Within-connection Recovery Algorithms. . . . . . . . . 240
- E.3.1. Procedure Descriptions . . . . . . . . . . . 240
- E.3.2. Initiator Algorithms . . . . . . . . . . . . 241
- E.3.3. Target Algorithms. . . . . . . . . . . . . . 243
- E.4. Connection Recovery Algorithms . . . . . . . . . . . . 243
- E.4.1. Procedure Descriptions . . . . . . . . . . . 243
- E.4.2. Initiator Algorithms . . . . . . . . . . . . 244
- E.4.3. Target Algorithms. . . . . . . . . . . . . . 246
- Appendix F. Clearing Effects of Various Events on Targets. . . . 249
- F.1. Clearing Effects on iSCSI Objects. . . . . . . . . . . 249
- F.2. Clearing Effects on SCSI Objects . . . . . . . . . . . 253
- Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . . 254
- Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . . . 256
- Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . 257
-
-1. Introduction
-
- The Small Computer Systems Interface (SCSI) is a popular family of
- protocols for communicating with I/O devices, especially storage
- devices. SCSI is a client-server architecture. Clients of a SCSI
- interface are called "initiators". Initiators issue SCSI "commands"
- to request services from components, logical units of a server known
- as a "target". A "SCSI transport" maps the client-server SCSI
- protocol to a specific interconnect. An Initiator is one endpoint of
- a SCSI transport and a target is the other endpoint.
-
-
-
-Satran, et al. Standards Track [Page 9]
-
-RFC 3720 iSCSI April 2004
-
-
- The SCSI protocol has been mapped over various transports, including
- Parallel SCSI, IPI, IEEE-1394 (firewire) and Fibre Channel. These
- transports are I/O specific and have limited distance capabilities.
-
- The iSCSI protocol defined in this document describes a means of
- transporting SCSI packets over TCP/IP (see [RFC791], [RFC793],
- [RFC1035], [RFC1122]), providing for an interoperable solution which
- can take advantage of existing Internet infrastructure, Internet
- management facilities, and address distance limitations.
-
-2. Definitions and Acronyms
-
-2.1. Definitions
-
- - Alias: An alias string can also be associated with an iSCSI Node.
- The alias allows an organization to associate a user-friendly
- string with the iSCSI Name. However, the alias string is not a
- substitute for the iSCSI Name.
-
- - CID (Connection ID): Connections within a session are identified by
- a connection ID. It is a unique ID for this connection within the
- session for the initiator. It is generated by the initiator and
- presented to the target during login requests and during logouts
- that close connections.
-
- - Connection: A connection is a TCP connection. Communication
- between the initiator and target occurs over one or more TCP
- connections. The TCP connections carry control messages, SCSI
- commands, parameters, and data within iSCSI Protocol Data Units
- (iSCSI PDUs).
-
- - iSCSI Device: A SCSI Device using an iSCSI service delivery
- subsystem. Service Delivery Subsystem is defined by [SAM2] as a
- transport mechanism for SCSI commands and responses.
-
- - iSCSI Initiator Name: The iSCSI Initiator Name specifies the
- worldwide unique name of the initiator.
-
- - iSCSI Initiator Node: The "initiator". The word "initiator" has
- been appropriately qualified as either a port or a device in the
- rest of the document when the context is ambiguous. All
- unqualified usages of "initiator" refer to an initiator port (or
- device) depending on the context.
-
- - iSCSI Layer: This layer builds/receives iSCSI PDUs and
- relays/receives them to/from one or more TCP connections that form
- an initiator-target "session".
-
-
-
-
-Satran, et al. Standards Track [Page 10]
-
-RFC 3720 iSCSI April 2004
-
-
- - iSCSI Name: The name of an iSCSI initiator or iSCSI target.
-
- - iSCSI Node: The iSCSI Node represents a single iSCSI initiator or
- iSCSI target. There are one or more iSCSI Nodes within a Network
- Entity. The iSCSI Node is accessible via one or more Network
- Portals. An iSCSI Node is identified by its iSCSI Name. The
- separation of the iSCSI Name from the addresses used by and for the
- iSCSI Node allows multiple iSCSI Nodes to use the same address, and
- the same iSCSI Node to use multiple addresses.
-
- - iSCSI Target Name: The iSCSI Target Name specifies the worldwide
- unique name of the target.
-
- - iSCSI Target Node: The "target".
-
- - iSCSI Task: An iSCSI task is an iSCSI request for which a response
- is expected.
-
- - iSCSI Transfer Direction: The iSCSI transfer direction is defined
- with regard to the initiator. Outbound or outgoing transfers are
- transfers from the initiator to the target, while inbound or
- incoming transfers are from the target to the initiator.
-
- - ISID: The initiator part of the Session Identifier. It is
- explicitly specified by the initiator during Login.
-
- - I_T nexus: According to [SAM2], the I_T nexus is a relationship
- between a SCSI Initiator Port and a SCSI Target Port. For iSCSI,
- this relationship is a session, defined as a relationship between
- an iSCSI Initiator's end of the session (SCSI Initiator Port) and
- the iSCSI Target's Portal Group. The I_T nexus can be identified
- by the conjunction of the SCSI port names; that is, the I_T nexus
- identifier is the tuple (iSCSI Initiator Name + ',i,'+ ISID, iSCSI
- Target Name + ',t,'+ Portal Group Tag).
-
- - Network Entity: The Network Entity represents a device or gateway
- that is accessible from the IP network. A Network Entity must have
- one or more Network Portals, each of which can be used to gain
- access to the IP network by some iSCSI Nodes contained in that
- Network Entity.
-
- - Network Portal: The Network Portal is a component of a Network
- Entity that has a TCP/IP network address and that may be used by an
- iSCSI Node within that Network Entity for the connection(s) within
- one of its iSCSI sessions. A Network Portal in an initiator is
- identified by its IP address. A Network Portal in a target is
- identified by its IP address and its listening TCP port.
-
-
-
-
-Satran, et al. Standards Track [Page 11]
-
-RFC 3720 iSCSI April 2004
-
-
- - Originator: In a negotiation or exchange, the party that initiates
- the negotiation or exchange.
-
- - PDU (Protocol Data Unit): The initiator and target divide their
- communications into messages. The term "iSCSI protocol data unit"
- (iSCSI PDU) is used for these messages.
-
- - Portal Groups: iSCSI supports multiple connections within the same
- session; some implementations will have the ability to combine
- connections in a session across multiple Network Portals. A Portal
- Group defines a set of Network Portals within an iSCSI Network
- Entity that collectively supports the capability of coordinating a
- session with connections spanning these portals. Not all Network
- Portals within a Portal Group need participate in every session
- connected through that Portal Group. One or more Portal Groups may
- provide access to an iSCSI Node. Each Network Portal, as utilized
- by a given iSCSI Node, belongs to exactly one portal group within
- that node.
-
- - Portal Group Tag: This 16-bit quantity identifies a Portal Group
- within an iSCSI Node. All Network Portals with the same portal
- group tag in the context of a given iSCSI Node are in the same
- Portal Group.
-
- - Recovery R2T: An R2T generated by a target upon detecting the loss
- of one or more Data-Out PDUs through one of the following means: a
- digest error, a sequence error, or a sequence reception timeout. A
- recovery R2T carries the next unused R2TSN, but requests all or
- part of the data burst that an earlier R2T (with a lower R2TSN) had
- already requested.
-
- - Responder: In a negotiation or exchange, the party that responds to
- the originator of the negotiation or exchange.
-
- - SCSI Device: This is the SAM2 term for an entity that contains one
- or more SCSI ports that are connected to a service delivery
- subsystem and supports a SCSI application protocol. For example, a
- SCSI Initiator Device contains one or more SCSI Initiator Ports and
- zero or more application clients. A Target Device contains one or
- more SCSI Target Ports and one or more device servers and
- associated logical units. For iSCSI, the SCSI Device is the
- component within an iSCSI Node that provides the SCSI
- functionality. As such, there can be at most, one SCSI Device
- within a given iSCSI Node. Access to the SCSI Device can only be
- achieved in an iSCSI normal operational session. The SCSI Device
- Name is defined to be the iSCSI Name of the node.
-
-
-
-
-
-Satran, et al. Standards Track [Page 12]
-
-RFC 3720 iSCSI April 2004
-
-
- - SCSI Layer: This builds/receives SCSI CDBs (Command Descriptor
- Blocks) and relays/receives them with the remaining command execute
- [SAM2] parameters to/from the iSCSI Layer.
-
- - Session: The group of TCP connections that link an initiator with a
- target form a session (loosely equivalent to a SCSI I-T nexus).
- TCP connections can be added and removed from a session. Across
- all connections within a session, an initiator sees one and the
- same target.
-
- - SCSI Initiator Port: This maps to the endpoint of an iSCSI normal
- operational session. An iSCSI normal operational session is
- negotiated through the login process between an iSCSI initiator
- node and an iSCSI target node. At successful completion of this
- process, a SCSI Initiator Port is created within the SCSI Initiator
- Device. The SCSI Initiator Port Name and SCSI Initiator Port
- Identifier are both defined to be the iSCSI Initiator Name together
- with (a) a label that identifies it as an initiator port
- name/identifier and (b) the ISID portion of the session identifier.
-
- - SCSI Port: This is the SAM2 term for an entity in a SCSI Device
- that provides the SCSI functionality to interface with a service
- delivery subsystem. For iSCSI, the definition of the SCSI
- Initiator Port and the SCSI Target Port are different.
-
- - SCSI Port Name: A name made up as UTF-8 [RFC2279] characters and
- includes the iSCSI Name + 'i' or 't' + ISID or Portal Group Tag.
-
-
- - SCSI Target Port: This maps to an iSCSI Target Portal Group.
-
- - SCSI Target Port Name and SCSI Target Port Identifier: These are
- both defined to be the iSCSI Target Name together with (a) a label
- that identifies it as a target port name/identifier and (b) the
- portal group tag.
-
- - SSID (Session ID): A session between an iSCSI initiator and an
- iSCSI target is defined by a session ID that is a tuple composed of
- an initiator part (ISID) and a target part (Target Portal Group
- Tag). The ISID is explicitly specified by the initiator at session
- establishment. The Target Portal Group Tag is implied by the
- initiator through the selection of the TCP endpoint at connection
- establishment. The TargetPortalGroupTag key must also be returned
- by the target as a confirmation during connection establishment
- when TargetName is given.
-
- - Target Portal Group Tag: A numerical identifier (16-bit) for an
- iSCSI Target Portal Group.
-
-
-
-Satran, et al. Standards Track [Page 13]
-
-RFC 3720 iSCSI April 2004
-
-
- - TSIH (Target Session Identifying Handle): A target assigned tag for
- a session with a specific named initiator. The target generates it
- during session establishment. Its internal format and content are
- not defined by this protocol, except for the value 0 that is
- reserved and used by the initiator to indicate a new session. It
- is given to the target during additional connection establishment
- for the same session.
-
-2.2. Acronyms
-
- Acronym Definition
- ------------------------------------------------------------
- 3DES Triple Data Encryption Standard
- ACA Auto Contingent Allegiance
- AEN Asynchronous Event Notification
- AES Advanced Encryption Standard
- AH Additional Header (not the IPsec AH!)
- AHS Additional Header Segment
- API Application Programming Interface
- ASC Additional Sense Code
- ASCII American Standard Code for Information Interchange
- ASCQ Additional Sense Code Qualifier
- BHS Basic Header Segment
- CBC Cipher Block Chaining
- CD Compact Disk
- CDB Command Descriptor Block
- CHAP Challenge Handshake Authentication Protocol
- CID Connection ID
- CO Connection Only
- CRC Cyclic Redundancy Check
- CRL Certificate Revocation List
- CSG Current Stage
- CSM Connection State Machine
- DES Data Encryption Standard
- DNS Domain Name Server
- DOI Domain of Interpretation
- DVD Digital Versatile Disk
- ESP Encapsulating Security Payload
- EUI Extended Unique Identifier
- FFP Full Feature Phase
- FFPO Full Feature Phase Only
- FIM Fixed Interval Marker
- Gbps Gigabits per Second
- HBA Host Bus Adapter
- HMAC Hashed Message Authentication Code
- I_T Initiator_Target
- I_T_L Initiator_Target_LUN
- IANA Internet Assigned Numbers Authority
-
-
-
-Satran, et al. Standards Track [Page 14]
-
-RFC 3720 iSCSI April 2004
-
-
- ID Identifier
- IDN Internationalized Domain Name
- IEEE Institute of Electrical & Electronics Engineers
- IETF Internet Engineering Task Force
- IKE Internet Key Exchange
- I/O Input - Output
- IO Initialize Only
- IP Internet Protocol
- IPsec Internet Protocol Security
- IPv4 Internet Protocol Version 4
- IPv6 Internet Protocol Version 6
- IQN iSCSI Qualified Name
- ISID Initiator Session ID
- ITN iSCSI Target Name
- ITT Initiator Task Tag
- KRB5 Kerberos V5
- LFL Lower Functional Layer
- LTDS Logical-Text-Data-Segment
- LO Leading Only
- LU Logical Unit
- LUN Logical Unit Number
- MAC Message Authentication Codes
- NA Not Applicable
- NIC Network Interface Card
- NOP No Operation
- NSG Next Stage
- OS Operating System
- PDU Protocol Data Unit
- PKI Public Key Infrastructure
- R2T Ready To Transfer
- R2TSN Ready To Transfer Sequence Number
- RDMA Remote Direct Memory Access
- RFC Request For Comments
- SAM SCSI Architecture Model
- SAM2 SCSI Architecture Model - 2
- SAN Storage Area Network
- SCSI Small Computer Systems Interface
- SN Sequence Number
- SNACK Selective Negative Acknowledgment - also
- Sequence Number Acknowledgement for data
- SPKM Simple Public-Key Mechanism
- SRP Secure Remote Password
- SSID Session ID
- SW Session Wide
- TCB Task Control Block
- TCP Transmission Control Protocol
- TPGT Target Portal Group Tag
- TSIH Target Session Identifying Handle
-
-
-
-Satran, et al. Standards Track [Page 15]
-
-RFC 3720 iSCSI April 2004
-
-
- TTT Target Transfer Tag
- UFL Upper Functional Layer
- ULP Upper Level Protocol
- URN Uniform Resource Names [RFC2396]
- UTF Universal Transformation Format
- WG Working Group
-
-2.3. Conventions
-
- In examples, "I->" and "T->" show iSCSI PDUs sent by the initiator
- and target respectively.
-
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in BCP 14 [RFC2119].
-
- iSCSI messages - PDUs - are represented by diagrams as in the
- following example:
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0| Basic Header Segment (BHS) |
- +---------------+---------------+---------------+---------------+
- ----------
- +| |
- +---------------+---------------+---------------+---------------+
-
- The diagrams include byte and bit numbering.
-
- The following representation and ordering rules are observed in this
- document:
-
- - Word Rule
- - Half-word Rule
- - Byte Rule
-
-2.3.1. Word Rule
-
- A word holds four consecutive bytes. Whenever a word has numeric
- content, it is considered an unsigned number in base 2 positional
- representation with the lowest numbered byte (e.g., byte 0) bit 0
- representing 2**31 and bit 1 representing 2**30 through lowest
- numbered byte + 3 (e.g., byte 3) bit 7 representing 2**0.
-
- Decimal and hexadecimal representation of word values map this
- representation to decimal or hexadecimal positional notation.
-
-
-
-Satran, et al. Standards Track [Page 16]
-
-RFC 3720 iSCSI April 2004
-
-
-2.3.2. Half-Word Rule
-
- A half-word holds two consecutive bytes. Whenever a half-word has
- numeric content it is considered an unsigned number in base 2
- positional representation with the lowest numbered byte (e.g., byte
- 0), bit 0 representing 2**15 and bit 1 representing 2**14 through
- lowest numbered byte + 1 (e.g., byte 1), bit 7 representing 2**0.
-
- Decimal and hexadecimal representation of half-word values map this
- representation to decimal or hexadecimal positional notation.
-
-2.3.3. Byte Rule
-
- For every PDU, bytes are sent and received in increasing numbered
- order (network order).
-
- Whenever a byte has numerical content, it is considered an unsigned
- number in base 2 positional representation with bit 0 representing
- 2**7 and bit 1 representing 2**6 through bit 7 representing 2**0.
-
-3. Overview
-
-3.1. SCSI Concepts
-
- The SCSI Architecture Model-2 [SAM2] describes in detail the
- architecture of the SCSI family of I/O protocols. This section
- provides a brief background of the SCSI architecture and is intended
- to familiarize readers with its terminology.
-
- At the highest level, SCSI is a family of interfaces for requesting
- services from I/O devices, including hard drives, tape drives, CD and
- DVD drives, printers, and scanners. In SCSI terminology, an
- individual I/O device is called a "logical unit" (LU).
-
- SCSI is a client-server architecture. Clients of a SCSI interface
- are called "initiators". Initiators issue SCSI "commands" to request
- services from components, logical units, of a server known as a
- "target". The "device server" on the logical unit accepts SCSI
- commands and processes them.
-
- A "SCSI transport" maps the client-server SCSI protocol to a specific
- interconnect. Initiators are one endpoint of a SCSI transport. The
- "target" is the other endpoint. A target can contain multiple
- Logical Units (LUs). Each Logical Unit has an address within a
- target called a Logical Unit Number (LUN).
-
- A SCSI task is a SCSI command or possibly a linked set of SCSI
- commands. Some LUs support multiple pending (queued) tasks, but the
-
-
-
-Satran, et al. Standards Track [Page 17]
-
-RFC 3720 iSCSI April 2004
-
-
- queue of tasks is managed by the logical unit. The target uses an
- initiator provided "task tag" to distinguish between tasks. Only one
- command in a task can be outstanding at any given time.
-
- Each SCSI command results in an optional data phase and a required
- response phase. In the data phase, information can travel from the
- initiator to target (e.g., WRITE), target to initiator (e.g., READ),
- or in both directions. In the response phase, the target returns the
- final status of the operation, including any errors.
-
- Command Descriptor Blocks (CDB) are the data structures used to
- contain the command parameters that an initiator sends to a target.
- The CDB content and structure is defined by [SAM2] and device-type
- specific SCSI standards.
-
-3.2. iSCSI Concepts and Functional Overview
-
- The iSCSI protocol is a mapping of the SCSI remote procedure
- invocation model (see [SAM2]) over the TCP protocol. SCSI commands
- are carried by iSCSI requests and SCSI responses and status are
- carried by iSCSI responses. iSCSI also uses the request response
- mechanism for iSCSI protocol mechanisms.
-
- For the remainder of this document, the terms "initiator" and
- "target" refer to "iSCSI initiator node" and "iSCSI target node",
- respectively (see Section 3.4.1 iSCSI Architecture Model) unless
- otherwise qualified.
-
- In keeping with similar protocols, the initiator and target divide
- their communications into messages. This document uses the term
- "iSCSI protocol data unit" (iSCSI PDU) for these messages.
-
- For performance reasons, iSCSI allows a "phase-collapse". A command
- and its associated data may be shipped together from initiator to
- target, and data and responses may be shipped together from targets.
-
- The iSCSI transfer direction is defined with respect to the
- initiator. Outbound or outgoing transfers are transfers from an
- initiator to a target, while inbound or incoming transfers are from a
- target to an initiator.
-
- An iSCSI task is an iSCSI request for which a response is expected.
-
- In this document "iSCSI request", "iSCSI command", request, or
- (unqualified) command have the same meaning. Also, unless otherwise
- specified, status, response, or numbered response have the same
- meaning.
-
-
-
-
-Satran, et al. Standards Track [Page 18]
-
-RFC 3720 iSCSI April 2004
-
-
-3.2.1. Layers and Sessions
-
- The following conceptual layering model is used to specify initiator
- and target actions and the way in which they relate to transmitted
- and received Protocol Data Units:
-
- a) the SCSI layer builds/receives SCSI CDBs (Command Descriptor
- Blocks) and passes/receives them with the remaining command
- execute parameters ([SAM2]) to/from
-
- b) the iSCSI layer that builds/receives iSCSI PDUs and
- relays/receives them to/from one or more TCP connections; the
- group of connections form an initiator-target "session".
-
- Communication between the initiator and target occurs over one or
- more TCP connections. The TCP connections carry control messages,
- SCSI commands, parameters, and data within iSCSI Protocol Data Units
- (iSCSI PDUs). The group of TCP connections that link an initiator
- with a target form a session (loosely equivalent to a SCSI I_T nexus,
- see Section 3.4.2 SCSI Architecture Model). A session is defined by
- a session ID that is composed of an initiator part and a target part.
- TCP connections can be added and removed from a session. Each
- connection within a session is identified by a connection ID (CID).
-
- Across all connections within a session, an initiator sees one
- "target image". All target identifying elements, such as LUN, are
- the same. A target also sees one "initiator image" across all
- connections within a session. Initiator identifying elements, such
- as the Initiator Task Tag, are global across the session regardless
- of the connection on which they are sent or received.
-
- iSCSI targets and initiators MUST support at least one TCP connection
- and MAY support several connections in a session. For error recovery
- purposes, targets and initiators that support a single active
- connection in a session SHOULD support two connections during
- recovery.
-
-3.2.2. Ordering and iSCSI Numbering
-
- iSCSI uses Command and Status numbering schemes and a Data sequencing
- scheme.
-
- Command numbering is session-wide and is used for ordered command
- delivery over multiple connections. It can also be used as a
- mechanism for command flow control over a session.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 19]
-
-RFC 3720 iSCSI April 2004
-
-
- Status numbering is per connection and is used to enable missing
- status detection and recovery in the presence of transient or
- permanent communication errors.
-
- Data sequencing is per command or part of a command (R2T triggered
- sequence) and is used to detect missing data and/or R2T PDUs due to
- header digest errors.
-
- Typically, fields in the iSCSI PDUs communicate the Sequence Numbers
- between the initiator and target. During periods when traffic on a
- connection is unidirectional, iSCSI NOP-Out/In PDUs may be utilized
- to synchronize the command and status ordering counters of the target
- and initiator.
-
- The iSCSI session abstraction is equivalent to the SCSI I_T nexus,
- and the iSCSI session provides an ordered command delivery from the
- SCSI initiator to the SCSI target. For detailed design
- considerations that led to the iSCSI session model as it is defined
- here and how it relates the SCSI command ordering features defined in
- SCSI specifications to the iSCSI concepts see [CORD].
-
-3.2.2.1. Command Numbering and Acknowledging
-
- iSCSI performs ordered command delivery within a session. All
- commands (initiator-to-target PDUs) in transit from the initiator to
- the target are numbered.
-
- iSCSI considers a task to be instantiated on the target in response
- to every request issued by the initiator. A set of task management
- operations including abort and reassign (see Section 10.5 Task
- Management Function Request) may be performed on any iSCSI task.
-
- Some iSCSI tasks are SCSI tasks, and many SCSI activities are related
- to a SCSI task ([SAM2]). In all cases, the task is identified by the
- Initiator Task Tag for the life of the task.
-
- The command number is carried by the iSCSI PDU as CmdSN
- (Command Sequence Number). The numbering is session-wide. Outgoing
- iSCSI PDUs carry this number. The iSCSI initiator allocates CmdSNs
- with a 32-bit unsigned counter (modulo 2**32). Comparisons and
- arithmetic on CmdSN use Serial Number Arithmetic as defined in
- [RFC1982] where SERIAL_BITS = 32.
-
- Commands meant for immediate delivery are marked with an immediate
- delivery flag; they MUST also carry the current CmdSN. CmdSN does
- not advance after a command marked for immediate delivery is sent.
-
-
-
-
-
-Satran, et al. Standards Track [Page 20]
-
-RFC 3720 iSCSI April 2004
-
-
- Command numbering starts with the first login request on the first
- connection of a session (the leading login on the leading connection)
- and command numbers are incremented by 1 for every non-immediate
- command issued afterwards.
-
- If immediate delivery is used with task management commands, these
- commands may reach the target before the tasks on which they are
- supposed to act. However their CmdSN serves as a marker of their
- position in the stream of commands. The initiator and target must
- ensure that the task management commands act as specified by [SAM2].
- For example, both commands and responses appear as if delivered in
- order. Whenever CmdSN for an outgoing PDU is not specified by an
- explicit rule, CmdSN will carry the current value of the local CmdSN
- variable (see later in this section).
-
- The means by which an implementation decides to mark a PDU for
- immediate delivery or by which iSCSI decides by itself to mark a PDU
- for immediate delivery are beyond the scope of this document.
-
- The number of commands used for immediate delivery is not limited and
- their delivery for execution is not acknowledged through the
- numbering scheme. Immediate commands MAY be rejected by the iSCSI
- target layer due to a lack of resources. An iSCSI target MUST be
- able to handle at least one immediate task management command and one
- immediate non-task-management iSCSI command per connection at any
- time.
-
- In this document, delivery for execution means delivery to the SCSI
- execution engine or an iSCSI protocol specific execution engine
- (e.g., for text requests with public or private extension keys
- involving an execution component). With the exception of the
- commands marked for immediate delivery, the iSCSI target layer MUST
- deliver the commands for execution in the order specified by CmdSN.
- Commands marked for immediate delivery may be delivered by the iSCSI
- target layer for execution as soon as detected. iSCSI may avoid
- delivering some commands to the SCSI target layer if required by a
- prior SCSI or iSCSI action (e.g., CLEAR TASK SET Task Management
- request received before all the commands on which it was supposed to
- act).
-
- On any connection, the iSCSI initiator MUST send the commands in
- increasing order of CmdSN, except for commands that are retransmitted
- due to digest error recovery and connection recovery.
-
- For the numbering mechanism, the initiator and target maintain the
- following three variables for each session:
-
-
-
-
-
-Satran, et al. Standards Track [Page 21]
-
-RFC 3720 iSCSI April 2004
-
-
- - CmdSN - the current command Sequence Number, advanced by 1 on
- each command shipped except for commands marked for immediate
- delivery. CmdSN always contains the number to be assigned to
- the next Command PDU.
- - ExpCmdSN - the next expected command by the target. The target
- acknowledges all commands up to, but not including, this
- number. The initiator treats all commands with CmdSN less than
- ExpCmdSN as acknowledged. The target iSCSI layer sets the
- ExpCmdSN to the largest non-immediate CmdSN that it can deliver
- for execution plus 1 (no holes in the CmdSN sequence).
- - MaxCmdSN - the maximum number to be shipped. The queuing
- capacity of the receiving iSCSI layer is MaxCmdSN - ExpCmdSN +
- 1.
-
- The initiator's ExpCmdSN and MaxCmdSN are derived from
- target-to-initiator PDU fields. Comparisons and arithmetic on
- ExpCmdSN and MaxCmdSN MUST use Serial Number Arithmetic as defined in
- [RFC1982] where SERIAL_BITS = 32.
-
- The target MUST NOT transmit a MaxCmdSN that is less than
- ExpCmdSN-1. For non-immediate commands, the CmdSN field can take any
- value from ExpCmdSN to MaxCmdSN inclusive. The target MUST silently
- ignore any non-immediate command outside of this range or non-
- immediate duplicates within the range. The CmdSN carried by
- immediate commands may lie outside the ExpCmdSN to MaxCmdSN range.
- For example, if the initiator has previously sent a non-immediate
- command carrying the CmdSN equal to MaxCmdSN, the target window is
- closed. For group task management commands issued as immediate
- commands, CmdSN indicates the scope of the group action (e.g., on
- ABORT TASK SET indicates which commands are aborted).
-
- MaxCmdSN and ExpCmdSN fields are processed by the initiator as
- follows:
-
- - If the PDU MaxCmdSN is less than the PDU ExpCmdSN-1 (in Serial
- Arithmetic Sense), they are both ignored.
- - If the PDU MaxCmdSN is greater than the local MaxCmdSN (in
- Serial Arithmetic Sense), it updates the local MaxCmdSN;
- otherwise, it is ignored.
- - If the PDU ExpCmdSN is greater than the local ExpCmdSN (in
- Serial Arithmetic Sense), it updates the local ExpCmdSN;
- otherwise, it is ignored.
-
- This sequence is required because updates may arrive out of order
- (e.g., the updates are sent on different TCP connections).
-
- iSCSI initiators and targets MUST support the command numbering
- scheme.
-
-
-
-Satran, et al. Standards Track [Page 22]
-
-RFC 3720 iSCSI April 2004
-
-
- A numbered iSCSI request will not change its allocated CmdSN,
- regardless of the number of times and circumstances in which it is
- reissued (see Section 6.2.1 Usage of Retry). At the target, CmdSN is
- only relevant when the command has not created any state related to
- its execution (execution state); afterwards, CmdSN becomes
- irrelevant. Testing for the execution state (represented by
- identifying the Initiator Task Tag) MUST precede any other action at
- the target. If no execution state is found, it is followed by
- ordering and delivery. If an execution state is found, it is
- followed by delivery.
-
- If an initiator issues a command retry for a command with CmdSN R on
- a connection when the session CmdSN value is Q, it MUST NOT advance
- the CmdSN past R + 2**31 -1 unless the connection is no longer
- operational (i.e., it has returned to the FREE state, see Section
- 7.1.3 Standard Connection State Diagram for an Initiator), the
- connection has been reinstated (see Section 5.3.4 Connection
- Reinstatement), or a non-immediate command with CmdSN equal or
- greater than Q was issued subsequent to the command retry on the same
- connection and the reception of that command is acknowledged by the
- target (see Section 9.4 Command Retry and Cleaning Old Command
- Instances).
-
- A target MUST NOT issue a command response or Data-In PDU with status
- before acknowledging the command. However, the acknowledgement can
- be included in the response or Data-In PDU.
-
-3.2.2.2. Response/Status Numbering and Acknowledging
-
- Responses in transit from the target to the initiator are numbered.
- The StatSN (Status Sequence Number) is used for this purpose. StatSN
- is a counter maintained per connection. ExpStatSN is used by the
- initiator to acknowledge status. The status sequence number space is
- 32-bit unsigned-integers and the arithmetic operations are the
- regular mod(2**32) arithmetic.
-
- Status numbering starts with the Login response to the first Login
- request of the connection. The Login response includes an initial
- value for status numbering (any initial value is valid).
-
- To enable command recovery, the target MAY maintain enough state
- information for data and status recovery after a connection failure.
- A target doing so can safely discard all of the state information
- maintained for recovery of a command after the delivery of the status
- for the command (numbered StatSN) is acknowledged through ExpStatSN.
-
- A large absolute difference between StatSN and ExpStatSN may indicate
- a failed connection. Initiators MUST undertake recovery actions if
-
-
-
-Satran, et al. Standards Track [Page 23]
-
-RFC 3720 iSCSI April 2004
-
-
- the difference is greater than an implementation defined constant
- that MUST NOT exceed 2**31-1.
-
- Initiators and Targets MUST support the response-numbering scheme.
-
-3.2.2.3. Data Sequencing
-
- Data and R2T PDUs transferred as part of some command execution MUST
- be sequenced. The DataSN field is used for data sequencing. For
- input (read) data PDUs, DataSN starts with 0 for the first data PDU
- of an input command and advances by 1 for each subsequent data PDU.
- For output data PDUs, DataSN starts with 0 for the first data PDU of
- a sequence (the initial unsolicited sequence or any data PDU sequence
- issued to satisfy an R2T) and advances by 1 for each subsequent data
- PDU. R2Ts are also sequenced per command. For example, the first
- R2T has an R2TSN of 0 and advances by 1 for each subsequent R2T. For
- bidirectional commands, the target uses the DataSN/R2TSN to sequence
- Data-In and R2T PDUs in one continuous sequence (undifferentiated).
- Unlike command and status, data PDUs and R2Ts are not acknowledged by
- a field in regular outgoing PDUs. Data-In PDUs can be acknowledged
- on demand by a special form of the SNACK PDU. Data and R2T PDUs are
- implicitly acknowledged by status for the command. The DataSN/R2TSN
- field enables the initiator to detect missing data or R2T PDUs.
-
- For any read or bidirectional command, a target MUST issue less than
- 2**32 combined R2T and Data-In PDUs. Any output data sequence MUST
- contain less than 2**32 Data-Out PDUs.
-
-3.2.3. iSCSI Login
-
- The purpose of the iSCSI login is to enable a TCP connection for
- iSCSI use, authentication of the parties, negotiation of the
- session's parameters and marking of the connection as belonging to an
- iSCSI session.
-
- A session is used to identify to a target all the connections with a
- given initiator that belong to the same I_T nexus. (For more details
- on how a session relates to an I_T nexus, see Section 3.4.2 SCSI
- Architecture Model).
-
- The targets listen on a well-known TCP port or other TCP port for
- incoming connections. The initiator begins the login process by
- connecting to one of these TCP ports.
-
- As part of the login process, the initiator and target SHOULD
- authenticate each other and MAY set a security association protocol
- for the session. This can occur in many different ways and is
- subject to negotiation.
-
-
-
-Satran, et al. Standards Track [Page 24]
-
-RFC 3720 iSCSI April 2004
-
-
- To protect the TCP connection, an IPsec security association MAY be
- established before the Login request. For information on using IPsec
- security for iSCSI see Chapter 8 and [RFC3723].
-
- The iSCSI Login Phase is carried through Login requests and
- responses. Once suitable authentication has occurred and operational
- parameters have been set, the session transitions to the Full Feature
- Phase and the initiator may start to send SCSI commands. The
- security policy for whether, and by what means, a target chooses to
- authorize an initiator is beyond the scope of this document. For a
- more detailed description of the Login Phase, see Chapter 5.
-
- The login PDU includes the ISID part of the session ID (SSID). The
- target portal group that services the login is implied by the
- selection of the connection endpoint. For a new session, the TSIH is
- zero. As part of the response, the target generates a TSIH.
-
- During session establishment, the target identifies the SCSI
- initiator port (the "I" in the "I_T nexus") through the value pair
- (InitiatorName, ISID). We describe InitiatorName later in this
- section. Any persistent state (e.g., persistent reservations) on the
- target that is associated with a SCSI initiator port is identified
- based on this value pair. Any state associated with the SCSI target
- port (the "T" in the "I_T nexus") is identified externally by the
- TargetName and portal group tag (see Section 3.4.1 iSCSI Architecture
- Model). ISID is subject to reuse restrictions because it is used to
- identify a persistent state (see Section 3.4.3 Consequences of the
- Model).
-
- Before the Full Feature Phase is established, only Login Request and
- Login Response PDUs are allowed. Login requests and responses MUST
- be used exclusively during Login. On any connection, the login phase
- MUST immediately follow TCP connection establishment and a subsequent
- Login Phase MUST NOT occur before tearing down a connection.
-
- A target receiving any PDU except a Login request before the Login
- phase is started MUST immediately terminate the connection on which
- the PDU was received. Once the Login phase has started, if the
- target receives any PDU except a Login request, it MUST send a Login
- reject (with Status "invalid during login") and then disconnect. If
- the initiator receives any PDU except a Login response, it MUST
- immediately terminate the connection.
-
-3.2.4. iSCSI Full Feature Phase
-
- Once the initiator is authorized to do so, the iSCSI session is in
- the iSCSI Full Feature Phase. A session is in Full Feature Phase
- after successfully finishing the Login Phase on the first (leading)
-
-
-
-Satran, et al. Standards Track [Page 25]
-
-RFC 3720 iSCSI April 2004
-
-
- connection of a session. A connection is in Full Feature Phase if
- the session is in Full Feature Phase and the connection login has
- completed successfully. An iSCSI connection is not in Full Feature
- Phase
-
- a) when it does not have an established transport connection,
-
- OR
-
- b) when it has a valid transport connection, but a successful
- login was not performed or the connection is currently logged
- out.
-
- In a normal Full Feature Phase, the initiator may send SCSI commands
- and data to the various LUs on the target by encapsulating them in
- iSCSI PDUs that go over the established iSCSI session.
-
-3.2.4.1. Command Connection Allegiance
-
- For any iSCSI request issued over a TCP connection, the corresponding
- response and/or other related PDU(s) MUST be sent over the same
- connection. We call this "connection allegiance". If the original
- connection fails before the command is completed, the connection
- allegiance of the command may be explicitly reassigned to a different
- transport connection as described in detail in Section 6.2 Retry and
- Reassign in Recovery.
-
- Thus, if an initiator issues a READ command, the target MUST send the
- requested data, if any, followed by the status to the initiator over
- the same TCP connection that was used to deliver the SCSI command.
- If an initiator issues a WRITE command, the initiator MUST send the
- data, if any, for that command over the same TCP connection that was
- used to deliver the SCSI command. The target MUST return Ready To
- Transfer (R2T), if any, and the status over the same TCP connection
- that was used to deliver the SCSI command. Retransmission requests
- (SNACK PDUs) and the data and status that they generate MUST also use
- the same connection.
-
- However, consecutive commands that are part of a SCSI linked
- command-chain task (see [SAM2]) MAY use different connections.
- Connection allegiance is strictly per-command and not per-task.
- During the iSCSI Full Feature Phase, the initiator and target MAY
- interleave unrelated SCSI commands, their SCSI Data, and responses
- over the session.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 26]
-
-RFC 3720 iSCSI April 2004
-
-
-3.2.4.2. Data Transfer Overview
-
- Outgoing SCSI data (initiator to target user data or command
- parameters) is sent as either solicited data or unsolicited data.
- Solicited data are sent in response to R2T PDUs. Unsolicited data
- can be sent as part of an iSCSI command PDU ("immediate data") or in
- separate iSCSI data PDUs.
-
- Immediate data are assumed to originate at offset 0 in the initiator
- SCSI write-buffer (outgoing data buffer). All other Data PDUs have
- the buffer offset set explicitly in the PDU header.
-
- An initiator may send unsolicited data up to FirstBurstLength as
- immediate (up to the negotiated maximum PDU length), in a separate
- PDU sequence or both. All subsequent data MUST be solicited. The
- maximum length of an individual data PDU or the immediate-part of the
- first unsolicited burst MAY be negotiated at login.
-
- The maximum amount of unsolicited data that can be sent with a
- command is negotiated at login through the FirstBurstLength key. A
- target MAY separately enable immediate data (through the
- ImmediateData key) without enabling the more general (separate data
- PDUs) form of unsolicited data (through the InitialR2T key).
-
- Unsolicited data on write are meant to reduce the effect of latency
- on throughput (no R2T is needed to start sending data). In addition,
- immediate data is meant to reduce the protocol overhead (both
- bandwidth and execution time).
-
- An iSCSI initiator MAY choose not to send unsolicited data, only
- immediate data or FirstBurstLength bytes of unsolicited data with a
- command. If any non-immediate unsolicited data is sent, the total
- unsolicited data MUST be either FirstBurstLength, or all of the data
- if the total amount is less than the FirstBurstLength.
-
- It is considered an error for an initiator to send unsolicited data
- PDUs to a target that operates in R2T mode (only solicited data are
- allowed). It is also an error for an initiator to send more
- unsolicited data, whether immediate or as separate PDUs, than
- FirstBurstLength.
-
- An initiator MUST honor an R2T data request for a valid outstanding
- command (i.e., carrying a valid Initiator Task Tag) and deliver all
- the requested data provided the command is supposed to deliver
- outgoing data and the R2T specifies data within the command bounds.
- The initiator action is unspecified for receiving an R2T request that
- specifies data, all or part, outside of the bounds of the command.
-
-
-
-
-Satran, et al. Standards Track [Page 27]
-
-RFC 3720 iSCSI April 2004
-
-
- A target SHOULD NOT silently discard data and then request
- retransmission through R2T. Initiators SHOULD NOT keep track of the
- data transferred to or from the target (scoreboarding). SCSI targets
- perform residual count calculation to check how much data was
- actually transferred to or from the device by a command. This may
- differ from the amount the initiator sent and/or received for reasons
- such as retransmissions and errors. Read or bidirectional commands
- implicitly solicit the transmission of the entire amount of data
- covered by the command. SCSI data packets are matched to their
- corresponding SCSI commands by using tags specified in the protocol.
-
- In addition, iSCSI initiators and targets MUST enforce some ordering
- rules. When unsolicited data is used, the order of the unsolicited
- data on each connection MUST match the order in which the commands on
- that connection are sent. Command and unsolicited data PDUs may be
- interleaved on a single connection as long as the ordering
- requirements of each are maintained (e.g., command N+1 MAY be sent
- before the unsolicited Data-Out PDUs for command N, but the
- unsolicited Data-Out PDUs for command N MUST precede the unsolicited
- Data-Out PDUs of command N+1). A target that receives data out of
- order MAY terminate the session.
-
-3.2.4.3. Tags and Integrity Checks
-
- Initiator tags for pending commands are unique initiator-wide for a
- session. Target tags are not strictly specified by the protocol. It
- is assumed that target tags are used by the target to tag (alone or
- in combination with the LUN) the solicited data. Target tags are
- generated by the target and "echoed" by the initiator. These
- mechanisms are designed to accomplish efficient data delivery along
- with a large degree of control over the data flow.
-
- As the Initiator Task Tag is used to identify a task during its
- execution, the iSCSI initiator and target MUST verify that all other
- fields used in task-related PDUs have values that are consistent with
- the values used at the task instantiation based on the Initiator Task
- Tag (e.g., the LUN used in an R2T PDU MUST be the same as the one
- used in the SCSI command PDU used to instantiate the task). Using
- inconsistent field values is considered a protocol error.
-
-3.2.4.4. Task Management
-
- SCSI task management assumes that individual tasks and task groups
- can be aborted solely based on the task tags (for individual tasks)
- or the timing of the task management command (for task groups), and
- that the task management action is executed synchronously - i.e., no
- message involving an aborted task will be seen by the SCSI initiator
- after receiving the task management response. In iSCSI initiators
-
-
-
-Satran, et al. Standards Track [Page 28]
-
-RFC 3720 iSCSI April 2004
-
-
- and targets interact asynchronously over several connections. iSCSI
- specifies the protocol mechanism and implementation requirements
- needed to present a synchronous view while using an asynchronous
- infrastructure.
-
-3.2.5. iSCSI Connection Termination
-
- An iSCSI connection may be terminated by use of a transport
- connection shutdown or a transport reset. Transport reset is assumed
- to be an exceptional event.
-
- Graceful TCP connection shutdowns are done by sending TCP FINs. A
- graceful transport connection shutdown SHOULD only be initiated by
- either party when the connection is not in iSCSI Full Feature Phase.
- A target MAY terminate a Full Feature Phase connection on internal
- exception events, but it SHOULD announce the fact through an
- Asynchronous Message PDU. Connection termination with outstanding
- commands may require recovery actions.
-
- If a connection is terminated while in Full Feature Phase, connection
- cleanup (see section 7) is required prior to recovery. By doing
- connection cleanup before starting recovery, the initiator and target
- will avoid receiving stale PDUs after recovery.
-
-3.2.6. iSCSI Names
-
- Both targets and initiators require names for the purpose of
- identification. In addition, names enable iSCSI storage resources to
- be managed regardless of location (address). An iSCSI node name is
- also the SCSI device name of an iSCSI device. The iSCSI name of a
- SCSI device is the principal object used in authentication of targets
- to initiators and initiators to targets. This name is also used to
- identify and manage iSCSI storage resources.
-
- iSCSI names must be unique within the operational domain of the end
- user. However, because the operational domain of an IP network is
- potentially worldwide, the iSCSI name formats are architected to be
- worldwide unique. To assist naming authorities in the construction
- of worldwide unique names, iSCSI provides two name formats for
- different types of naming authorities.
-
- iSCSI names are associated with iSCSI nodes, and not iSCSI network
- adapter cards, to ensure that the replacement of network adapter
- cards does not require reconfiguration of all SCSI and iSCSI resource
- allocation information.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 29]
-
-RFC 3720 iSCSI April 2004
-
-
- Some SCSI commands require that protocol-specific identifiers be
- communicated within SCSI CDBs. See Section 3.4.2 SCSI Architecture
- Model for the definition of the SCSI port name/identifier for iSCSI
- ports.
-
- An initiator may discover the iSCSI Target Names to which it has
- access, along with their addresses, using the SendTargets text
- request, or other techniques discussed in [RFC3721].
-
-3.2.6.1. iSCSI Name Properties
-
- Each iSCSI node, whether an initiator or target, MUST have an iSCSI
- name.
-
- Initiators and targets MUST support the receipt of iSCSI names of up
- to the maximum length of 223 bytes.
-
- The initiator MUST present both its iSCSI Initiator Name and the
- iSCSI Target Name to which it wishes to connect in the first login
- request of a new session or connection. The only exception is if a
- discovery session (see Section 2.3 iSCSI Session Types) is to be
- established. In this case, the iSCSI Initiator Name is still
- required, but the iSCSI Target Name MAY be omitted.
-
- iSCSI names have the following properties:
-
- a) iSCSI names are globally unique. No two initiators or targets
- can have the same name.
- b) iSCSI names are permanent. An iSCSI initiator node or target
- node has the same name for its lifetime.
- c) iSCSI names do not imply a location or address. An iSCSI
- initiator or target can move, or have multiple addresses. A
- change of address does not imply a change of name.
- d) iSCSI names do not rely on a central name broker; the naming
- authority is distributed.
- e) iSCSI names support integration with existing unique naming
- schemes.
- f) iSCSI names rely on existing naming authorities. iSCSI does
- not create any new naming authority.
-
- The encoding of an iSCSI name has the following properties:
-
- a) iSCSI names have the same encoding method regardless of the
- underlying protocols.
- b) iSCSI names are relatively simple to compare. The algorithm
- for comparing two iSCSI names for equivalence does not rely on
- an external server.
-
-
-
-
-Satran, et al. Standards Track [Page 30]
-
-RFC 3720 iSCSI April 2004
-
-
- c) iSCSI names are composed only of displayable characters. iSCSI
- names allow the use of international character sets but are not
- case sensitive. No whitespace characters are used in iSCSI
- names.
- d) iSCSI names may be transported using both binary and
- ASCII-based protocols.
-
- An iSCSI name really names a logical software entity, and is not tied
- to a port or other hardware that can be changed. For instance, an
- initiator name should name the iSCSI initiator node, not a particular
- NIC or HBA. When multiple NICs are used, they should generally all
- present the same iSCSI initiator name to the targets, because they
- are simply paths to the same SCSI layer. In most operating systems,
- the named entity is the operating system image.
-
- Similarly, a target name should not be tied to hardware interfaces
- that can be changed. A target name should identify the logical
- target and must be the same for the target regardless of the physical
- portion being addressed. This assists iSCSI initiators in
- determining that the two targets it has discovered are really two
- paths to the same target.
-
- The iSCSI name is designed to fulfill the functional requirements for
- Uniform Resource Names (URN) [RFC1737]. For example, it is required
- that the name have a global scope, be independent of address or
- location, and be persistent and globally unique. Names must be
- extensible and scalable with the use of naming authorities. The name
- encoding should be both human and machine readable. See [RFC1737]
- for further requirements.
-
-3.2.6.2. iSCSI Name Encoding
-
- An iSCSI name MUST be a UTF-8 encoding of a string of Unicode
- characters with the following properties:
-
- - It is in Normalization Form C (see "Unicode Normalization
- Forms" [UNICODE]).
- - It only contains characters allowed by the output of the iSCSI
- stringprep template (described in [RFC3722]).
- - The following characters are used for formatting iSCSI names:
-
- - dash ('-'=U+002d)
- - dot ('.'=U+002e)
- - colon (':'=U+003a)
-
- - The UTF-8 encoding of the name is not larger than 223 bytes.
-
-
-
-
-
-Satran, et al. Standards Track [Page 31]
-
-RFC 3720 iSCSI April 2004
-
-
- The stringprep process is described in [RFC3454]; iSCSI's use of the
- stringprep process is described in [RFC3722]. Stringprep is a method
- designed by the Internationalized Domain Name (IDN) working group to
- translate human-typed strings into a format that can be compared as
- opaque strings. Strings MUST NOT include punctuation, spacing,
- diacritical marks, or other characters that could get in the way of
- readability. The stringprep process also converts strings into
- equivalent strings of lower-case characters.
-
- The stringprep process does not need to be implemented if the names
- are only generated using numeric and lower-case (any character set)
- alphabetic characters.
-
- Once iSCSI names encoded in UTF-8 are "normalized" they may be safely
- compared byte-for-byte.
-
-3.2.6.3. iSCSI Name Structure
-
- An iSCSI name consists of two parts--a type designator followed by a
- unique name string.
-
- The iSCSI name does not define any new naming authorities. Instead,
- it supports two existing ways of designating naming authorities: an
- iSCSI-Qualified Name, using domain names to identify a naming
- authority, and the EUI format, where the IEEE Registration Authority
- assists in the formation of worldwide unique names (EUI-64 format).
-
- The type designator strings currently defined are:
-
- iqn. - iSCSI Qualified name
- eui. - Remainder of the string is an IEEE EUI-64
- identifier, in ASCII-encoded hexadecimal.
-
- These two naming authority designators were considered sufficient at
- the time of writing this document. The creation of additional naming
- type designators for iSCSI may be considered by the IETF and detailed
- in separate RFCs.
-
-3.2.6.3.1. Type "iqn." (iSCSI Qualified Name)
-
- This iSCSI name type can be used by any organization that owns a
- domain name. This naming format is useful when an end user or
- service provider wishes to assign iSCSI names for targets and/or
- initiators.
-
- To generate names of this type, the person or organization generating
- the name must own a registered domain name. This domain name does
- not have to be active, and does not have to resolve to an address; it
-
-
-
-Satran, et al. Standards Track [Page 32]
-
-RFC 3720 iSCSI April 2004
-
-
- just needs to be reserved to prevent others from generating iSCSI
- names using the same domain name.
-
- Since a domain name can expire, be acquired by another entity, or may
- be used to generate iSCSI names by both owners, the domain name must
- be additionally qualified by a date during which the naming authority
- owned the domain name. For this reason, a date code is provided as
- part of the "iqn." format.
-
- The iSCSI qualified name string consists of:
-
- - The string "iqn.", used to distinguish these names from "eui."
- formatted names.
- - A date code, in yyyy-mm format. This date MUST be a date
- during which the naming authority owned the domain name used in
- this format, and SHOULD be the first month in which the domain
- name was owned by this naming authority at 00:01 GMT of the
- first day of the month. This date code uses the Gregorian
- calendar. All four digits in the year must be present. Both
- digits of the month must be present, with January == "01" and
- December == "12". The dash must be included.
- - A dot "."
- - The reversed domain name of the naming authority (person or
- organization) creating this iSCSI name.
- - An optional, colon (:) prefixed, string within the character
- set and length boundaries that the owner of the domain name
- deems appropriate. This may contain product types, serial
- numbers, host identifiers, or software keys (e.g., it may
- include colons to separate organization boundaries). With the
- exception of the colon prefix, the owner of the domain name can
- assign everything after the reversed domain name as desired.
- It is the responsibility of the entity that is the naming
- authority to ensure that the iSCSI names it assigns are
- worldwide unique. For example, "Example Storage Arrays, Inc.",
- might own the domain name "example.com".
-
- The following are examples of iSCSI qualified names that might be
- generated by "EXAMPLE Storage Arrays, Inc."
-
- Naming String defined by
- Type Date Auth "example.com" naming authority
- +--++-----+ +---------+ +--------------------------------+
- | || | | | | |
-
- iqn.2001-04.com.example:storage:diskarrays-sn-a8675309
- iqn.2001-04.com.example
- iqn.2001-04.com.example:storage.tape1.sys1.xyz
- iqn.2001-04.com.example:storage.disk2.sys1.xyz
-
-
-
-Satran, et al. Standards Track [Page 33]
-
-RFC 3720 iSCSI April 2004
-
-
-
-3.2.6.3.2. Type "eui." (IEEE EUI-64 format)
-
- The IEEE Registration Authority provides a service for assigning
- globally unique identifiers [EUI]. The EUI-64 format is used to
- build a global identifier in other network protocols. For example,
- Fibre Channel defines a method of encoding it into a WorldWideName.
- For more information on registering for EUI identifiers, see [OUI].
-
- The format is "eui." followed by an EUI-64 identifier (16
- ASCII-encoded hexadecimal digits).
-
- Example iSCSI name:
-
- Type EUI-64 identifier (ASCII-encoded hexadecimal)
- +--++--------------+
- | || |
- eui.02004567A425678D
-
- The IEEE EUI-64 iSCSI name format might be used when a manufacturer
- is already registered with the IEEE Registration Authority and uses
- EUI-64 formatted worldwide unique names for its products.
-
- More examples of name construction are discussed in [RFC3721].
-
-3.2.7. Persistent State
-
- iSCSI does not require any persistent state maintenance across
- sessions. However, in some cases, SCSI requires persistent
- identification of the SCSI initiator port name (See Section 3.4.2
- SCSI Architecture Model and Section 3.4.3 Consequences of the Model).
-
- iSCSI sessions do not persist through power cycles and boot
- operations.
-
- All iSCSI session and connection parameters are re-initialized upon
- session and connection creation.
-
- Commands persist beyond connection termination if the session
- persists and command recovery within the session is supported.
- However, when a connection is dropped, command execution, as
- perceived by iSCSI (i.e., involving iSCSI protocol exchanges for the
- affected task), is suspended until a new allegiance is established by
- the 'task reassign' task management function. (See Section 10.5 Task
- Management Function Request.)
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 34]
-
-RFC 3720 iSCSI April 2004
-
-
-3.2.8. Message Synchronization and Steering
-
- iSCSI presents a mapping of the SCSI protocol onto TCP. This
- encapsulation is accomplished by sending iSCSI PDUs of varying
- lengths. Unfortunately, TCP does not have a built-in mechanism for
- signaling message boundaries at the TCP layer. iSCSI overcomes this
- obstacle by placing the message length in the iSCSI message header.
- This serves to delineate the end of the current message as well as
- the beginning of the next message.
-
- In situations where IP packets are delivered in order from the
- network, iSCSI message framing is not an issue and messages are
- processed one after the other. In the presence of IP packet
- reordering (i.e., frames being dropped), legacy TCP implementations
- store the "out of order" TCP segments in temporary buffers until the
- missing TCP segments arrive, upon which the data must be copied to
- the application buffers. In iSCSI, it is desirable to steer the SCSI
- data within these out of order TCP segments into the pre-allocated
- SCSI buffers rather than store them in temporary buffers. This
- decreases the need for dedicated reassembly buffers as well as the
- latency and bandwidth related to extra copies.
-
- Relying solely on the "message length" information from the iSCSI
- message header may make it impossible to find iSCSI message
- boundaries in subsequent TCP segments due to the loss of a TCP
- segment that contains the iSCSI message length. The missing TCP
- segment(s) must be received before any of the following segments can
- be steered to the correct SCSI buffers (due to the inability to
- determine the iSCSI message boundaries). Since these segments cannot
- be steered to the correct location, they must be saved in temporary
- buffers that must then be copied to the SCSI buffers.
-
- Different schemes can be used to recover synchronization. To make
- these schemes work, iSCSI implementations have to make sure that the
- appropriate protocol layers are provided with enough information to
- implement a synchronization and/or data steering mechanism. One of
- these schemes is detailed in Appendix A. - Sync and Steering with
- Fixed Interval Markers -.
-
- The Fixed Interval Markers (FIM) scheme works by inserting markers in
- the payload stream at fixed intervals that contain the offset for the
- start of the next iSCSI PDU.
-
- Under normal circumstances (no PDU loss or data reception out of
- order), iSCSI data steering can be accomplished by using the
- identifying tag and the data offset fields in the iSCSI header in
- addition to the TCP sequence number from the TCP header. The
-
-
-
-
-Satran, et al. Standards Track [Page 35]
-
-RFC 3720 iSCSI April 2004
-
-
- identifying tag helps associate the PDU with a SCSI buffer address
- while the data offset and TCP sequence number are used to determine
- the offset within the buffer.
-
- When the part of the TCP data stream containing an iSCSI PDU header
- is delayed or lost, markers may be used to minimize the damage as
- follows:
-
- - Markers indicate where the next iSCSI PDU starts and enable
- continued processing when iSCSI headers have to be dropped due to
- data errors discovered at the iSCSI level (e.g., iSCSI header CRC
- errors).
-
- - Markers help minimize the amount of data that has to be kept by
- the TCP/iSCSI layer while waiting for a late TCP packet arrival
- or recovery, because later they might help find iSCSI PDU headers
- and use the information contained in those to steer data to SCSI
- buffers.
-
-3.2.8.1. Sync/Steering and iSCSI PDU Length
-
- When a large iSCSI message is sent, the TCP segment(s) that contain
- the iSCSI header may be lost. The remaining TCP segment(s), up to
- the next iSCSI message, must be buffered (in temporary buffers)
- because the iSCSI header that indicates to which SCSI buffers the
- data are to be steered was lost. To minimize the amount of
- buffering, it is recommended that the iSCSI PDU length be restricted
- to a small value (perhaps a few TCP segments in length). During
- login, each end of the iSCSI session specifies the maximum iSCSI PDU
- length it will accept.
-
-3.3. iSCSI Session Types
-
- iSCSI defines two types of sessions:
-
- a) Normal operational session - an unrestricted session.
- b) Discovery-session - a session only opened for target
- discovery. The target MUST ONLY accept text requests with the
- SendTargets key and a logout request with the reason "close
- the session". All other requests MUST be rejected.
-
- The session type is defined during login with the key=value parameter
- in the login command.
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 36]
-
-RFC 3720 iSCSI April 2004
-
-
-3.4. SCSI to iSCSI Concepts Mapping Model
-
- The following diagram shows an example of how multiple iSCSI Nodes
- (targets in this case) can coexist within the same Network Entity and
- can share Network Portals (IP addresses and TCP ports). Other more
- complex configurations are also possible. For detailed descriptions
- of the components of these diagrams, see Section 3.4.1 iSCSI
- Architecture Model.
-
- +-----------------------------------+
- | Network Entity (iSCSI Client) |
- | |
- | +-------------+ |
- | | iSCSI Node | |
- | | (Initiator) | |
- | +-------------+ |
- | | | |
- | +--------------+ +--------------+ |
- | |Network Portal| |Network Portal| |
- | | 10.1.30.4 | | 10.1.40.6 | |
- +-+--------------+-+--------------+-+
- | |
- | IP Networks |
- | |
- +-+--------------+-+--------------+-+
- | |Network Portal| |Network Portal| |
- | | 10.1.30.21 | | 10.1.40.3 | |
- | | TCP Port 3260| | TCP Port 3260| |
- | +--------------+ +--------------+ |
- | | | |
- | ----------------- |
- | | | |
- | +-------------+ +--------------+ |
- | | iSCSI Node | | iSCSI Node | |
- | | (Target) | | (Target) | |
- | +-------------+ +--------------+ |
- | |
- | Network Entity (iSCSI Server) |
- +-----------------------------------+
-
-3.4.1. iSCSI Architecture Model
-
- This section describes the part of the iSCSI architecture model that
- has the most bearing on the relationship between iSCSI and the SCSI
- Architecture Model.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 37]
-
-RFC 3720 iSCSI April 2004
-
-
- a) Network Entity - represents a device or gateway that is
- accessible from the IP network. A Network Entity must have
- one or more Network Portals (see item d), each of which can be
- used by some iSCSI Nodes (see item (b)) contained in that
- Network Entity to gain access to the IP network.
-
- b) iSCSI Node - represents a single iSCSI initiator or iSCSI
- target. There are one or more iSCSI Nodes within a Network
- Entity. The iSCSI Node is accessible via one or more Network
- Portals (see item d). An iSCSI Node is identified by its
- iSCSI Name (see Section 3.2.6 iSCSI Names and Chapter 12).
- The separation of the iSCSI Name from the addresses used by
- and for the iSCSI node allows multiple iSCSI nodes to use the
- same addresses, and the same iSCSI node to use multiple
- addresses.
-
- c) An alias string may also be associated with an iSCSI Node.
- The alias allows an organization to associate a user friendly
- string with the iSCSI Name. However, the alias string is not
- a substitute for the iSCSI Name.
-
- d) Network Portal - a component of a Network Entity that has a
- TCP/IP network address and that may be used by an iSCSI Node
- within that Network Entity for the connection(s) within one of
- its iSCSI sessions. In an initiator, it is identified by its
- IP address. In a target, it is identified by its IP address
- and its listening TCP port.
-
- e) Portal Groups - iSCSI supports multiple connections within the
- same session; some implementations will have the ability to
- combine connections in a session across multiple Network
- Portals. A Portal Group defines a set of Network Portals
- within an iSCSI Node that collectively supports the capability
- of coordinating a session with connections that span these
- portals. Not all Network Portals within a Portal Group need
- to participate in every session connected through that Portal
- Group. One or more Portal Groups may provide access to an
- iSCSI Node. Each Network Portal, as utilized by a given iSCSI
- Node, belongs to exactly one portal group within that node.
- Portal Groups are identified within an iSCSI Node by a portal
- group tag, a simple unsigned-integer between 0 and 65535 (see
- Section 12.3 SendTargets). All Network Portals with the same
- portal group tag in the context of a given iSCSI Node are in
- the same Portal Group.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 38]
-
-RFC 3720 iSCSI April 2004
-
-
- Both iSCSI Initiators and iSCSI Targets have portal groups,
- though only the iSCSI Target Portal Groups are used directly
- in the iSCSI protocol (e.g., in SendTargets). For references
- to the initiator Portal Groups, see Section 9.1.1 Conservative
- Reuse of ISIDs.
-
- f) Portals within a Portal Group should support similar session
- parameters, because they may participate in a common session.
-
- The following diagram shows an example of one such configuration on a
- target and how a session that shares Network Portals within a Portal
- Group may be established.
-
- ----------------------------IP Network---------------------
- | | |
- +----|---------------|-----+ +----|---------+
- | +---------+ +---------+ | | +---------+ |
- | | Network | | Network | | | | Network | |
- | | Portal | | Portal | | | | Portal | |
- | +--|------+ +---------+ | | +---------+ |
- | | | | | | |
- | | Portal | | | | Portal |
- | | Group 1 | | | | Group 2 |
- +--------------------------+ +--------------+
- | | |
- +--------|---------------|--------------------|--------------------+
- | | | | |
- | +----------------------------+ +-----------------------------+ |
- | | iSCSI Session (Target side)| | iSCSI Session (Target side) | |
- | | | | | |
- | | (TSIH = 56) | | (TSIH = 48) | |
- | +----------------------------+ +-----------------------------+ |
- | |
- | iSCSI Target Node |
- | (within Network Entity, not shown) |
- +------------------------------------------------------------------+
-
-3.4.2. SCSI Architecture Model
-
- This section describes the relationship between the SCSI Architecture
- Model [SAM2] and the constructs of the SCSI device, SCSI port and I_T
- nexus, and the iSCSI constructs described in Section 3.4.1 iSCSI
- Architecture Model.
-
- This relationship implies implementation requirements in order to
- conform to the SAM2 model and other SCSI operational functions.
- These requirements are detailed in Section 3.4.3 Consequences of the
- Model.
-
-
-
-Satran, et al. Standards Track [Page 39]
-
-RFC 3720 iSCSI April 2004
-
-
- The following list outlines mappings of SCSI architectural elements
- to iSCSI.
-
- a) SCSI Device - the SAM2 term for an entity that contains one or
- more SCSI ports that are connected to a service delivery
- subsystem and supports a SCSI application protocol. For
- example, a SCSI Initiator Device contains one or more SCSI
- Initiator Ports and zero or more application clients. A SCSI
- Target Device contains one or more SCSI Target Ports and one
- or more logical units. For iSCSI, the SCSI Device is the
- component within an iSCSI Node that provides the SCSI
- functionality. As such, there can be one SCSI Device, at
- most, within an iSCSI Node. Access to the SCSI Device can
- only be achieved in an iSCSI normal operational session (see
- Section 3.3 iSCSI Session Types). The SCSI Device Name is
- defined to be the iSCSI Name of the node and MUST be used in
- the iSCSI protocol.
-
- b) SCSI Port - the SAM2 term for an entity in a SCSI Device that
- provides the SCSI functionality to interface with a service
- delivery subsystem or transport. For iSCSI, the definition of
- SCSI Initiator Port and SCSI Target Port are different.
-
- SCSI Initiator Port: This maps to one endpoint of an iSCSI
- normal operational session (see Section 3.3 iSCSI Session
- Types). An iSCSI normal operational session is negotiated
- through the login process between an iSCSI initiator node and
- an iSCSI target node. At successful completion of this
- process, a SCSI Initiator Port is created within the SCSI
- Initiator Device. The SCSI Initiator Port Name and SCSI
- Initiator Port Identifier are both defined to be the iSCSI
- Initiator Name together with (a) a label that identifies it as
- an initiator port name/identifier and (b) the ISID portion of
- the session identifier.
-
- SCSI Target Port: This maps to an iSCSI Target Portal Group.
- The SCSI Target Port Name and the SCSI Target Port Identifier
- are both defined to be the iSCSI Target Name together with (a)
- a label that identifies it as a target port name/identifier
- and (b) the portal group tag.
-
- The SCSI Port Name MUST be used in iSCSI. When used in SCSI
- parameter data, the SCSI port name MUST be encoded as:
- - The iSCSI Name in UTF-8 format, followed by
- - a comma separator (1 byte), followed by
- - the ASCII character 'i' (for SCSI Initiator Port) or the
- ASCII character 't' (for SCSI Target Port) (1 byte),
- followed by
-
-
-
-Satran, et al. Standards Track [Page 40]
-
-RFC 3720 iSCSI April 2004
-
-
- - a comma separator (1 byte), followed by
- - a text encoding as a hex-constant (see Section 5.1 Text
- Format) of the ISID (for SCSI initiator port) or the portal
- group tag (for SCSI target port) including the initial 0X
- or 0x and the terminating null (15 bytes).
-
- The ASCII character 'i' or 't' is the label that identifies
- this port as either a SCSI Initiator Port or a SCSI Target
- Port.
-
- c) I_T nexus - a relationship between a SCSI Initiator Port and a
- SCSI Target Port, according to [SAM2]. For iSCSI, this
- relationship is a session, defined as a relationship between
- an iSCSI Initiator's end of the session (SCSI Initiator Port)
- and the iSCSI Target's Portal Group. The I_T nexus can be
- identified by the conjunction of the SCSI port names or by the
- iSCSI session identifier SSID. iSCSI defines the I_T nexus
- identifier to be the tuple (iSCSI Initiator Name + 'i' + ISID,
- iSCSI Target Name + 't' + Portal Group Tag).
-
- NOTE: The I_T nexus identifier is not equal to the session
- identifier (SSID).
-
-3.4.3. Consequences of the Model
-
- This section describes implementation and behavioral requirements
- that result from the mapping of SCSI constructs to the iSCSI
- constructs defined above. Between a given SCSI initiator port and a
- given SCSI target port, only one I_T nexus (session) can exist. No
- more than one nexus relationship (parallel nexus) is allowed by
- [SAM2]. Therefore, at any given time, only one session can exist
- between a given iSCSI initiator node and an iSCSI target node, with
- the same session identifier (SSID).
-
- These assumptions lead to the following conclusions and requirements:
-
- ISID RULE: Between a given iSCSI Initiator and iSCSI Target Portal
- Group (SCSI target port), there can only be one session with a given
- value for ISID that identifies the SCSI initiator port. See Section
- 10.12.5 ISID.
-
- The structure of the ISID that contains a naming authority component
- (see Section 10.12.5 ISID and [RFC3721]) provides a mechanism to
- facilitate compliance with the ISID rule. (See Section 9.1.1
- Conservative Reuse of ISIDs.)
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 41]
-
-RFC 3720 iSCSI April 2004
-
-
- The iSCSI Initiator Node should manage the assignment of ISIDs prior
- to session initiation. The "ISID RULE" does not preclude the use of
- the same ISID from the same iSCSI Initiator with different Target
- Portal Groups on the same iSCSI target or on other iSCSI targets (see
- Section 9.1.1 Conservative Reuse of ISIDs). Allowing this would be
- analogous to a single SCSI Initiator Port having relationships
- (nexus) with multiple SCSI target ports on the same SCSI target
- device or SCSI target ports on other SCSI target devices. It is also
- possible to have multiple sessions with different ISIDs to the same
- Target Portal Group. Each such session would be considered to be
- with a different initiator even when the sessions originate from the
- same initiator device. The same ISID may be used by a different
- iSCSI initiator because it is the iSCSI Name together with the ISID
- that identifies the SCSI Initiator Port.
-
- NOTE: A consequence of the ISID RULE and the specification for the
- I_T nexus identifier is that two nexus with the same identifier
- should never exist at the same time.
-
- TSIH RULE: The iSCSI Target selects a non-zero value for the TSIH at
- session creation (when an initiator presents a 0 value at Login).
- After being selected, the same TSIH value MUST be used whenever the
- initiator or target refers to the session and a TSIH is required.
-
-3.4.3.1. I_T Nexus State
-
- Certain nexus relationships contain an explicit state (e.g.,
- initiator-specific mode pages) that may need to be preserved by the
- device server [SAM2] in a logical unit through changes or failures in
- the iSCSI layer (e.g., session failures). In order for that state to
- be restored, the iSCSI initiator should reestablish its session
- (re-login) to the same Target Portal Group using the previous ISID.
- That is, it should perform session recovery as described in Chapter
- 6. This is because the SCSI initiator port identifier and the SCSI
- target port identifier (or relative target port) form the datum that
- the SCSI logical unit device server uses to identify the I_T nexus.
-
-3.5. Request/Response Summary
-
- This section lists and briefly describes all the iSCSI PDU types
- (request and responses).
-
- All iSCSI PDUs are built as a set of one or more header segments
- (basic and auxiliary) and zero or one data segments. The header
- group and the data segment may each be followed by a CRC (digest).
-
- The basic header segment has a fixed length of 48 bytes.
-
-
-
-
-Satran, et al. Standards Track [Page 42]
-
-RFC 3720 iSCSI April 2004
-
-
-3.5.1. Request/Response Types Carrying SCSI Payload
-
-3.5.1.1. SCSI-Command
-
- This request carries the SCSI CDB and all the other SCSI execute
- command procedure call (see [SAM2]) IN arguments such as task
- attributes, Expected Data Transfer Length for one or both transfer
- directions (the latter for bidirectional commands), and Task Tag (as
- part of the I_T_L_x nexus). The I_T_L nexus is derived by the
- initiator and target from the LUN field in the request and the I_T
- nexus is implicit in the session identification.
-
- In addition, the SCSI-command PDU carries information required for
- the proper operation of the iSCSI protocol - the command sequence
- number (CmdSN) for the session and the expected status number
- (ExpStatSN) for the connection.
-
- All or part of the SCSI output (write) data associated with the SCSI
- command may be sent as part of the SCSI-Command PDU as a data
- segment.
-
-3.5.1.2. SCSI-Response
-
- The SCSI-Response carries all the SCSI execute-command procedure call
- (see [SAM2]) OUT arguments and the SCSI execute-command procedure
- call return value.
-
- The SCSI-Response contains the residual counts from the operation, if
- any, an indication of whether the counts represent an overflow or an
- underflow, and the SCSI status if the status is valid or a response
- code (a non-zero return value for the execute-command procedure call)
- if the status is not valid.
-
- For a valid status that indicates that the command has been
- processed, but resulted in an exception (e.g., a SCSI CHECK
- CONDITION), the PDU data segment contains the associated sense data.
- The use of Autosense ([SAM2]) is REQUIRED by iSCSI.
-
- Some data segment content may also be associated (in the data
- segment) with a non-zero response code.
-
- In addition, the SCSI-Response PDU carries information required for
- the proper operation of the iSCSI protocol:
-
- - The number of Data-In PDUs that a target has sent (to enable
- the initiator to check that all have arrived).
- - StatSN - the Status Sequence Number on this connection.
-
-
-
-
-Satran, et al. Standards Track [Page 43]
-
-RFC 3720 iSCSI April 2004
-
-
- - ExpCmdSN - the next Expected Command Sequence Number at the
- target.
- - MaxCmdSN - the maximum CmdSN acceptable at the target from
- this initiator.
-
-3.5.1.3 Task Management Function Request
-
- The Task Management function request provides an initiator with a way
- to explicitly control the execution of one or more SCSI Tasks or
- iSCSI functions. The PDU carries a function identifier (which task
- management function to perform) and enough information to
- unequivocally identify the task or task-set on which to perform the
- action, even if the task(s) to act upon has not yet arrived or has
- been discarded due to an error.
-
- The referenced tag identifies an individual task if the function
- refers to an individual task.
-
- The I_T_L nexus identifies task sets. In iSCSI the I_T_L nexus is
- identified by the LUN and the session identification (the session
- identifies an I_T nexus).
-
- For task sets, the CmdSN of the Task Management function request
- helps identify the tasks upon which to act, namely all tasks
- associated with a LUN and having a CmdSN preceding the Task
- Management function request CmdSN.
-
- For a Task Management function, the coordination between responses to
- the tasks affected and the Task Management function response is done
- by the target.
-
-3.5.1.4. Task Management Function Response
-
- The Task Management function response carries an indication of
- function completion for a Task Management function request including
- how it was completed (response and qualifier) and additional
- information for failure responses.
-
- After the Task Management response indicates Task Management function
- completion, the initiator will not receive any additional responses
- from the affected tasks.
-
-3.5.1.5. SCSI Data-Out and SCSI Data-In
-
- SCSI Data-Out and SCSI Data-In are the main vehicles by which SCSI
- data payload is carried between initiator and target. Data payload
- is associated with a specific SCSI command through the Initiator Task
- Tag. For target convenience, outgoing solicited data also carries a
-
-
-
-Satran, et al. Standards Track [Page 44]
-
-RFC 3720 iSCSI April 2004
-
-
- Target Transfer Tag (copied from R2T) and the LUN. Each PDU contains
- the payload length and the data offset relative to the buffer address
- contained in the SCSI execute command procedure call.
-
- In each direction, the data transfer is split into "sequences". An
- end-of-sequence is indicated by the F bit.
-
- An outgoing sequence is either unsolicited (only the first sequence
- can be unsolicited) or consists of all the Data-Out PDUs sent in
- response to an R2T.
-
- Input sequences are built to enable the direction switching for
- bidirectional commands.
-
- For input, the target may request positive acknowledgement of input
- data. This is limited to sessions that support error recovery and is
- implemented through the A bit in the SCSI Data-In PDU header.
-
- Data-In and Data-Out PDUs also carry the DataSN to enable the
- initiator and target to detect missing PDUs (discarded due to an
- error).
-
- In addition, StatSN is carried by the Data-In PDUs.
-
- To enable a SCSI command to be processed while involving a minimum
- number of messages, the last SCSI Data-In PDU passed for a command
- may also contain the status if the status indicates termination with
- no exceptions (no sense or response involved).
-
-3.5.1.6. Ready To Transfer (R2T)
-
- R2T is the mechanism by which the SCSI target "requests" the
- initiator for output data. R2T specifies to the initiator the offset
- of the requested data relative to the buffer address from the execute
- command procedure call and the length of the solicited data.
-
- To help the SCSI target associate the resulting Data-Out with an R2T,
- the R2T carries a Target Transfer Tag that will be copied by the
- initiator in the solicited SCSI Data-Out PDUs. There are no protocol
- specific requirements with regard to the value of these tags, but it
- is assumed that together with the LUN, they will enable the target to
- associate data with an R2T.
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 45]
-
-RFC 3720 iSCSI April 2004
-
-
- R2T also carries information required for proper operation of the
- iSCSI protocol, such as:
-
- - R2TSN (to enable an initiator to detect a missing R2T)
- - StatSN
- - ExpCmdSN
- - MaxCmdSN
-
-3.5.2. Requests/Responses carrying SCSI and iSCSI Payload
-
-3.5.2.1. Asynchronous Message
-
- Asynchronous Messages are used to carry SCSI asynchronous events
- (AEN) and iSCSI asynchronous messages.
-
- When carrying an AEN, the event details are reported as sense data in
- the data segment.
-
-3.5.3. Requests/Responses Carrying iSCSI Only Payload
-
-3.5.3.1. Text Request and Text Response
-
- Text requests and responses are designed as a parameter negotiation
- vehicle and as a vehicle for future extension.
-
- In the data segment, Text Requests/Responses carry text information
- using a simple "key=value" syntax.
-
- Text Request/Responses may form extended sequences using the same
- Initiator Task Tag. The initiator uses the F (Final) flag bit in the
- text request header to indicate its readiness to terminate a
- sequence. The target uses the F (Final) flag bit in the text
- response header to indicate its consent to sequence termination.
-
- Text Request and Responses also use the Target Transfer Tag to
- indicate continuation of an operation or a new beginning. A target
- that wishes to continue an operation will set the Target Transfer Tag
- in a Text Response to a value different from the default 0xffffffff.
- An initiator willing to continue will copy this value into the Target
- Transfer Tag of the next Text Request. If the initiator wants to
- restart the current target negotiation (start fresh) will set the
- Target Transfer Tag to 0xffffffff.
-
- Although a complete exchange is always started by the initiator,
- specific parameter negotiations may be initiated by the initiator or
- target.
-
-
-
-
-
-Satran, et al. Standards Track [Page 46]
-
-RFC 3720 iSCSI April 2004
-
-
-3.5.3.2. Login Request and Login Response
-
- Login Requests and Responses are used exclusively during the Login
- Phase of each connection to set up the session and connection
- parameters. (The Login Phase consists of a sequence of login
- requests and responses carrying the same Initiator Task Tag.)
-
- A connection is identified by an arbitrarily selected connection-ID
- (CID) that is unique within a session.
-
- Similar to the Text Requests and Responses, Login Requests/Responses
- carry key=value text information with a simple syntax in the data
- segment.
-
- The Login Phase proceeds through several stages (security
- negotiation, operational parameter negotiation) that are selected
- with two binary coded fields in the header -- the "current stage"
- (CSG) and the "next stage" (NSG) with the appearance of the latter
- being signaled by the "transit" flag (T).
-
- The first Login Phase of a session plays a special role, called the
- leading login, which determines some header fields (e.g., the version
- number, the maximum number of connections, and the session
- identification).
-
- The CmdSN initial value is also set by the leading login.
-
- StatSN for each connection is initiated by the connection login.
-
- A login request may indicate an implied logout (cleanup) of the
- connection to be logged in (a connection restart) by using the same
- Connection ID (CID) as an existing connection, as well as the same
- session identifying elements of the session to which the old
- connection was associated.
-
-3.5.3.3. Logout Request and Response
-
- Logout Requests and Responses are used for the orderly closing of
- connections for recovery or maintenance. The logout request may be
- issued following a target prompt (through an asynchronous message) or
- at an initiators initiative. When issued on the connection to be
- logged out, no other request may follow it.
-
- The Logout Response indicates that the connection or session cleanup
- is completed and no other responses will arrive on the connection (if
- received on the logging out connection). In addition, the Logout
- Response indicates how long the target will continue to hold
- resources for recovery (e.g., command execution that continues on a
-
-
-
-Satran, et al. Standards Track [Page 47]
-
-RFC 3720 iSCSI April 2004
-
-
- new connection) in the text key Time2Retain and how long the
- initiator must wait before proceeding with recovery in the text key
- Time2Wait.
-
-3.5.3.4. SNACK Request
-
- With the SNACK Request, the initiator requests retransmission of
- numbered-responses or data from the target. A single SNACK request
- covers a contiguous set of missing items, called a run, of a given
- type of items. The type is indicated in a type field in the PDU
- header. The run is composed of an initial item (StatSN, DataSN,
- R2TSN) and the number of missed Status, Data, or R2T PDUs. For long
- Data-In sequences, the target may request (at predefined minimum
- intervals) a positive acknowledgement for the data sent. A SNACK
- request with a type field that indicates ACK and the number of
- Data-In PDUs acknowledged conveys this positive acknowledgement.
-
-3.5.3.5. Reject
-
- Reject enables the target to report an iSCSI error condition (e.g.,
- protocol, unsupported option) that uses a Reason field in the PDU
- header and includes the complete header of the bad PDU in the Reject
- PDU data segment.
-
-3.5.3.6. NOP-Out Request and NOP-In Response
-
- This request/response pair may be used by an initiator and target as
- a "ping" mechanism to verify that a connection/session is still
- active and all of its components are operational. Such a ping may be
- triggered by the initiator or target. The triggering party indicates
- that it wants a reply by setting a value different from the default
- 0xffffffff in the corresponding Initiator/Target Transfer Tag.
-
- NOP-In/NOP-Out may also be used "unidirectional" to convey to the
- initiator/target command, status or data counter values when there is
- no other "carrier" and there is a need to update the initiator/
- target.
-
-4. SCSI Mode Parameters for iSCSI
-
- There are no iSCSI specific mode pages.
-
-5. Login and Full Feature Phase Negotiation
-
- iSCSI parameters are negotiated at session or connection
- establishment by using Login Requests and Responses (see Section
- 3.2.3 iSCSI Login) and during the Full Feature Phase (Section 3.2.4
- iSCSI Full Feature Phase) by using Text Requests and Responses. In
-
-
-
-Satran, et al. Standards Track [Page 48]
-
-RFC 3720 iSCSI April 2004
-
-
- both cases the mechanism used is an exchange of iSCSI-text-key=value
- pairs. For brevity iSCSI-text-keys are called just keys in the rest
- of this document.
-
- Keys are either declarative or require negotiation and the key
- description indicates if the key is declarative or requires
- negotiation.
-
- For the declarative keys, the declaring party sets a value for the
- key. The key specification indicates if the key can be declared by
- the initiator, target or both.
-
- For the keys that require negotiation one of the parties (the
- proposing party) proposes a value or set of values by including the
- key=value in the data part of a Login or Text Request or Response
- PDUs. The other party (the accepting party) makes a selection based
- on the value or list of values proposed and includes the selected
- value in a key=value in the data part of one of the following Login
- or Text Response or Request PDUs. For most of the keys both the
- initiator and target can be proposing parties.
-
- The login process proceeds in two stages - the security negotiation
- stage and the operational parameter negotiation stage. Both stages
- are optional but at least one of them has to be present to enable the
- setting of some mandatory parameters.
-
- If present, the security negotiation stage precedes the operational
- parameter negotiation stage.
-
- Progression from stage to stage is controlled by the T (Transition)
- bit in the Login Request/Response PDU header. Through the T bit set
- to 1, the initiator indicates that it would like to transition. The
- target agrees to the transition (and selects the next stage) when
- ready. A field in the Login PDU header indicates the current stage
- (CSG) and during transition, another field indicates the next stage
- (NSG) proposed (initiator) and selected (target).
-
- The text negotiation process is used to negotiate or declare
- operational parameters. The negotiation process is controlled by the
- F (final) bit in the PDU header. During text negotiations, the F bit
- is used by the initiator to indicate that it is ready to finish the
- negotiation and by the Target to acquiesce the end of negotiation.
-
- Since some key=value pairs may not fit entirely in a single PDU, the
- C (continuation) bit is used (both in Login and Text) to indicate
- that "more follows".
-
-
-
-
-
-Satran, et al. Standards Track [Page 49]
-
-RFC 3720 iSCSI April 2004
-
-
- The text negotiation uses an additional mechanism by which a target
- may deliver larger amounts of data to an enquiring initiator. The
- target sets a Target Task Tag to be used as a bookmark that when
- returned by the initiator, means "go on". If reset to a "neutral
- value", it means "forget about the rest".
-
- This chapter details types of keys and values used, the syntax rules
- for parameter formation, and the negotiation schemes to be used with
- different types of parameters.
-
-5.1. Text Format
-
- The initiator and target send a set of key=value pairs encoded in
- UTF-8 Unicode. All the text keys and text values specified in this
- document are to be presented and interpreted in the case in which
- they appear in this document. They are case sensitive.
-
- The following character symbols are used in this document for text
- items (the hexadecimal values represent Unicode code points):
-
- (a-z, A-Z) - letters
- (0-9) - digits
- " " (0x20) - space
- "." (0x2e) - dot
- "-" (0x2d) - minus
- "+" (0x2b) - plus
- "@" (0x40) - commercial at
- "_" (0x5f) - underscore
- "=" (0x3d) - equal
- ":" (0x3a) - colon
- "/" (0x2f) - solidus or slash
- "[" (0x5b) - left bracket
- "]" (0x5d) - right bracket
- null (0x00) - null separator
- "," (0x2c) - comma
- "~" (0x7e) - tilde
-
- Key=value pairs may span PDU boundaries. An initiator or target that
- sends partial key=value text within a PDU indicates that more text
- follows by setting the C bit in the Text or Login Request or Text or
- Login Response to 1. Data segments in a series of PDUs that have the
- C bit set to 1 and end with a PDU that have the C bit set to 0, or
- include a single PDU that has the C bit set to 0, have to be
- considered as forming a single logical-text-data-segment (LTDS).
-
- Every key=value pair, including the last or only pair in a LTDS, MUST
- be followed by one null (0x00) delimiter.
-
-
-
-
-Satran, et al. Standards Track [Page 50]
-
-RFC 3720 iSCSI April 2004
-
-
- A key-name is whatever precedes the first "=" in the key=value pair.
- The term key is used frequently in this document in place of
- key-name.
-
- A value is whatever follows the first "=" in the key=value pair up to
- the end of the key=value pair, but not including the null delimiter.
-
- The following definitions will be used in the rest of this document:
-
- standard-label: A string of one or more characters that consist of
- letters, digits, dot, minus, plus, commercial at, or underscore.
- A standard-label MUST begin with a capital letter and must not
- exceed 63 characters.
-
- key-name: A standard-label.
-
- text-value: A string of zero or more characters that consist of
- letters, digits, dot, minus, plus, commercial at, underscore,
- slash, left bracket, right bracket, or colon.
-
- iSCSI-name-value: A string of one or more characters that consist
- of minus, dot, colon, or any character allowed by the output of
- the iSCSI string-prep template as specified in [RFC3722] (see
- also Section 3.2.6.2 iSCSI Name Encoding).
-
- iSCSI-local-name-value: A UTF-8 string; no null characters are
- allowed in the string. This encoding is to be used for localized
- (internationalized) aliases.
-
- boolean-value: The string "Yes" or "No".
-
- hex-constant: A hexadecimal constant encoded as a string that
- starts with "0x" or "0X" followed by one or more digits or the
- letters a, b, c, d, e, f, A, B, C, D, E, or F. Hex-constants are
- used to encode numerical values or binary strings. When used to
- encode numerical values, the excessive use of leading 0 digits is
- discouraged. The string following 0X (or 0x) represents a base16
- number that starts with the most significant base16 digit,
- followed by all other digits in decreasing order of significance
- and ending with the least-significant base16 digit. When used to
- encode binary strings, hexadecimal constants have an implicit
- byte-length that includes four bits for every hexadecimal digit
- of the constant, including leading zeroes. For example, a
- hex-constant of n hexadecimal digits has a byte-length of (the
- integer part of) (n+1)/2.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 51]
-
-RFC 3720 iSCSI April 2004
-
-
- decimal-constant: An unsigned decimal number with the digit 0 or a
- string of one or more digits that start with a non-zero digit.
- Decimal-constants are used to encode numerical values or binary
- strings. Decimal constants can only be used to encode binary
- strings if the string length is explicitly specified. There is
- no implicit length for decimal strings. Decimal-constant MUST
- NOT be used for parameter values if the values can be equal or
- greater than 2**64 (numerical) or for binary strings that can be
- longer than 64 bits.
-
- base64-constant: base64 constant encoded as a string that starts
- with "0b" or "0B" followed by 1 or more digits or letters or plus
- or slash or equal. The encoding is done according to [RFC2045]
- and each character, except equal, represents a base64 digit or a
- 6-bit binary string. Base64-constants are used to encode
- numerical-values or binary strings. When used to encode
- numerical values, the excessive use of leading 0 digits (encoded
- as A) is discouraged. The string following 0B (or 0b) represents
- a base64 number that starts with the most significant base64
- digit, followed by all other digits in decreasing order of
- significance and ending with the least-significant base64 digit;
- the least significant base64 digit may be optionally followed by
- pad digits (encoded as equal) that are not considered as part of
- the number. When used to encode binary strings, base64-constants
- have an implicit
- byte-length that includes six bits for every character of the
- constant, excluding trailing equals (i.e., a base64-constant of n
- base64 characters excluding the trailing equals has a byte-length
- of ((the integer part of) (n*3/4)). Correctly encoded base64
- strings cannot have n values of 1, 5 ... k*4+1.
-
- numerical-value: An unsigned integer always less than 2**64 encoded
- as a decimal-constant or a hex-constant. Unsigned integer
- arithmetic applies to numerical-values.
-
- large-numerical-value: An unsigned integer that can be larger than
- or equal to 2**64 encoded as a hex constant, or
- base64-constant. Unsigned integer arithmetic applies to
- large-numeric-values.
-
- numeric-range: Two numerical-values separated by a tilde where the
- value to the right of tilde must not be lower than the value to
- the left.
-
- regular-binary-value: A binary string not longer than 64 bits
- encoded as a decimal constant, hex constant, or base64-constant.
- The length of the string is either specified by the key
- definition or is the implicit byte-length of the encoded string.
-
-
-
-Satran, et al. Standards Track [Page 52]
-
-RFC 3720 iSCSI April 2004
-
-
- large-binary-value: A binary string longer than 64 bits encoded as
- a hex-constant or base64-constant. The length of the string is
- either specified by the key definition or is the implicit
- byte-length of the encoded string.
-
- binary-value: A regular-binary-value or a large-binary-value.
- Operations on binary values are key specific.
-
- simple-value: Text-value, iSCSI-name-value, boolean-value,
- numeric-value, a numeric-range, or a binary-value.
-
- list-of-values: A sequence of text-values separated by a comma.
-
- If not otherwise specified, the maximum length of a simple-value (not
- its encoded representation) is 255 bytes, not including the delimiter
- (comma or zero byte).
-
- Any iSCSI target or initiator MUST support receiving at least 8192
- bytes of key=value data in a negotiation sequence. When proposing or
- accepting authentication methods that explicitly require support for
- very long authentication items, the initiator and target MUST support
- receiving of at least 64 kilobytes of key=value data (see Appendix
- 11.1.2 - Simple Public-Key Mechanism (SPKM) - that require support
- for public key certificates).
-
-5.2. Text Mode Negotiation
-
- During login, and thereafter, some session or connection parameters
- are either declared or negotiated through an exchange of textual
- information.
-
- The initiator starts the negotiation and/or declaration through a
- Text or Login Request and indicates when it is ready for completion
- (by setting the F bit to 1 and keeping it to 1 in a Text Request or
- the T bit in the Login Request). As negotiation text may span PDU
- boundaries, a Text or Login Request or Text or Login Response PDU
- that has the C bit set to 1 MUST NOT have the F/T bit set to 1.
-
- A target receiving a Text or Login Request with the C bit set to 1
- MUST answer with a Text or Login Response with no data segment
- (DataSegmentLength 0). An initiator receiving a Text or Login
- Response with the C bit set to 1 MUST answer with a Text or Login
- Request with no data segment (DataSegmentLength 0).
-
- A target or initiator SHOULD NOT use a Text or Login Response or Text
- or Login Request with no data segment (DataSegmentLength 0) unless
- explicitly required by a general or a key-specific negotiation rule.
-
-
-
-
-Satran, et al. Standards Track [Page 53]
-
-RFC 3720 iSCSI April 2004
-
-
- The format of a declaration is:
-
- Declarer-> <key>=<valuex>
-
- The general format of text negotiation is:
-
- Proposer-> <key>=<valuex>
- Acceptor-> <key>={<valuey>|NotUnderstood|Irrelevant|Reject}
-
- Thus a declaration is a one-way textual exchange while a negotiation
- is a two-way exchange.
-
- The proposer or declarer can either be the initiator or the target,
- and the acceptor can either be the target or initiator, respectively.
- Targets are not limited to respond to key=value pairs as proposed by
- the initiator. The target may propose key=value pairs of its own.
-
- All negotiations are explicit (i.e., the result MUST only be based on
- newly exchanged or declared values). There are no implicit
- proposals. If a proposal is not made, then a reply cannot be
- expected. Conservative design also requires that default values
- should not be relied upon when use of some other value has serious
- consequences.
-
- The value proposed or declared can be a numerical-value, a
- numerical-range defined by lower and upper values with both integers
- separated by a tilde, a binary value, a text-value, an
- iSCSI-name-value, an iSCSI-local-name-value, a boolean-value (Yes or
- No), or a list of comma separated text-values. A range, a
- large-numerical-value, an iSCSI-name-value and an
- iSCSI-local-name-value MAY ONLY be used if it is explicitly allowed.
- An accepted value can be a numerical-value, a large-numerical-value,
- a text-value, or a boolean-value.
-
- If a specific key is not relevant for the current negotiation, the
- acceptor may answer with the constant "Irrelevant" for all types of
- negotiation. However the negotiation is not considered as failed if
- the answer is "Irrelevant". The "Irrelevant" answer is meant for
- those cases in which several keys are presented by a proposing party
- but the selection made by the acceptor for one of the keys makes
- other keys irrelevant. The following example illustrates the use of
- "Irrelevant":
-
- I->T OFMarker=Yes,OFMarkInt=2048~8192
- T->I OFMarker=No,OFMarkInt=Irrelevant
-
- I->T X#vkey1=(bla,alb,None),X#vkey2=(bla,alb)
- T->I X#vkey1=None,X#vkey2=Irrelevant
-
-
-
-Satran, et al. Standards Track [Page 54]
-
-RFC 3720 iSCSI April 2004
-
-
-
- Any key not understood by the acceptor may be ignored by the acceptor
- without affecting the basic function. However, the answer for a key
- not understood MUST be key=NotUnderstood.
-
- The constants "None", "Reject", "Irrelevant", and "NotUnderstood" are
- reserved and MUST ONLY be used as described here. Violation of this
- rule is a protocol error (in particular the use of "Reject",
- "Irrelevant", and "NotUnderstood" as proposed values).
-
- Reject or Irrelevant are legitimate negotiation options where allowed
- but their excessive use is discouraged. A negotiation is considered
- complete when the acceptor has sent the key value pair even if the
- value is "Reject", "Irrelevant", or "NotUnderstood. Sending the key
- again would be a re-negotiation and is forbidden for many keys.
-
- If the acceptor sends "Reject" as an answer the negotiated key is
- left at its current value (or default if no value was set). If the
- current value is not acceptable to the proposer on the connection or
- to the session it is sent, the proposer MAY choose to terminate the
- connection or session.
-
- All keys in this document, except for the X extension formats, MUST
- be supported by iSCSI initiators and targets when used as specified
- here. If used as specified, these keys MUST NOT be answered with
- NotUnderstood.
-
- Implementers may introduce new keys by prefixing them with
- "X-", followed by their (reversed) domain name, or with new keys
- registered with IANA prefixing them with X#. For example, the entity
- owning the domain example.com can issue:
-
- X-com.example.bar.foo.do_something=3
-
- or a new registered key may be used as in:
-
- X#SuperCalyPhraGilistic=Yes
-
- Implementers MAY also introduce new values, but ONLY for new keys or
- authentication methods (see Section 11 iSCSI Security Text Keys and
- Authentication Methods), or digests (see Section 12.1 HeaderDigest
- and DataDigest).
-
- Whenever parameter action or acceptance is dependent on other
- parameters, the dependency rules and parameter sequence must be
- specified with the parameters.
-
-
-
-
-
-Satran, et al. Standards Track [Page 55]
-
-RFC 3720 iSCSI April 2004
-
-
- In the Login Phase (see Section 5.3 Login Phase), every stage is a
- separate negotiation. In the FullFeaturePhase, a Text Request
- Response sequence is a negotiation. Negotiations MUST be handled as
- atomic operations. For example, all negotiated values go into effect
- after the negotiation concludes in agreement or are ignored if the
- negotiation fails.
-
- Some parameters may be subject to integrity rules (e.g., parameter-x
- must not exceed parameter-y or parameter-u not 1 implies parameter-v
- be Yes). Whenever required, integrity rules are specified with the
- keys. Checking for compliance with the integrity rule must only be
- performed after all the parameters are available (the existent and
- the newly negotiated). An iSCSI target MUST perform integrity
- checking before the new parameters take effect. An initiator MAY
- perform integrity checking.
-
- An iSCSI initiator or target MAY terminate a negotiation that does
- not end within a reasonable time or number of exchanges.
-
-5.2.1. List negotiations
-
- In list negotiation, the originator sends a list of values (which may
- include "None") in its order of preference.
-
- The responding party MUST respond with the same key and the first
- value that it supports (and is allowed to use for the specific
- originator) selected from the originator list.
-
- The constant "None" MUST always be used to indicate a missing
- function. However, "None" is only a valid selection if it is
- explicitly proposed.
-
- If an acceptor does not understand any particular value in a list, it
- MUST ignore it. If an acceptor does not support, does not
- understand, or is not allowed to use any of the proposed options with
- a specific originator, it may use the constant "Reject" or terminate
- the negotiation. The selection of a value not proposed MUST be
- handled as a protocol error.
-
-5.2.2. Simple-value Negotiations
-
- For simple-value negotiations, the accepting party MUST answer with
- the same key. The value it selects becomes the negotiation result.
-
- Proposing a value not admissible (e.g., not within the specified
- bounds) MAY be answered with the constant "Reject" or the acceptor
- MAY select an admissible value.
-
-
-
-
-Satran, et al. Standards Track [Page 56]
-
-RFC 3720 iSCSI April 2004
-
-
- The selection by the acceptor, of a value not admissible under the
- selection rules is considered a protocol error. The selection rules
- are key-specific.
-
- For a numerical range, the value selected must be an integer within
- the proposed range or "Reject" (if the range is unacceptable).
-
- In Boolean negotiations (i.e., those that result in keys taking the
- values Yes or No), the accepting party MUST answer with the same key
- and the result of the negotiation when the received value does not
- determine that result by itself. The last value transmitted becomes
- the negotiation result. The rules for selecting the value to answer
- with are expressed as Boolean functions of the value received, and
- the value that the accepting party would have selected if given a
- choice.
-
- Specifically, the two cases in which answers are OPTIONAL are:
-
- - The Boolean function is "AND" and the value "No" is received.
- The outcome of the negotiation is "No".
- - The Boolean function is "OR" and the value "Yes" is received.
- The outcome of the negotiation is "Yes".
-
- Responses are REQUIRED in all other cases, and the value chosen and
- sent by the acceptor becomes the outcome of the negotiation.
-
-5.3. Login Phase
-
- The Login Phase establishes an iSCSI connection between an initiator
- and a target; it also creates a new session or associates the
- connection to an existing session. The Login Phase sets the iSCSI
- protocol parameters, security parameters, and authenticates the
- initiator and target to each other.
-
- The Login Phase is only implemented via Login Request and Responses.
- The whole Login Phase is considered as a single task and has a single
- Initiator Task Tag (similar to the linked SCSI commands).
-
- The default MaxRecvDataSegmentLength is used during Login.
-
- The Login Phase sequence of requests and responses proceeds as
- follows:
-
- - Login initial request
- - Login partial response (optional)
- - More Login Requests and Responses (optional)
- - Login Final-Response (mandatory)
-
-
-
-
-Satran, et al. Standards Track [Page 57]
-
-RFC 3720 iSCSI April 2004
-
-
- The initial Login Request of any connection MUST include the
- InitiatorName key=value pair. The initial Login Request of the first
- connection of a session MAY also include the SessionType key=value
- pair. For any connection within a session whose type is not
- "Discovery", the first Login Request MUST also include the TargetName
- key=value pair.
-
- The Login Final-response accepts or rejects the Login Request.
-
- The Login Phase MAY include a SecurityNegotiation stage and a
- LoginOperationalNegotiation stage or both, but MUST include at least
- one of them. The included stage MAY be empty except for the
- mandatory names.
-
- The Login Requests and Responses contain a field (CSG) that indicates
- the current negotiation stage (SecurityNegotiation or
- LoginOperationalNegotiation). If both stages are used, the
- SecurityNegotiation MUST precede the LoginOperationalNegotiation.
-
- Some operational parameters can be negotiated outside the login
- through Text Requests and Responses.
-
- Security MUST be completely negotiated within the Login Phase. The
- use of underlying IPsec security is specified in Chapter 8 and in
- [RFC3723]. iSCSI support for security within the protocol only
- consists of authentication in the Login Phase.
-
- In some environments, a target or an initiator is not interested in
- authenticating its counterpart. It is possible to bypass
- authentication through the Login Request and Response.
-
- The initiator and target MAY want to negotiate iSCSI authentication
- parameters. Once this negotiation is completed, the channel is
- considered secure.
-
- Most of the negotiation keys are only allowed in a specific stage.
- The SecurityNegotiation keys appear in Chapter 11 and the
- LoginOperationalNegotiation keys appear in Chapter 12. Only a
- limited set of keys (marked as Any-Stage in Chapter 12) may be used
- in any of the two stages.
-
- Any given Login Request or Response belongs to a specific stage; this
- determines the negotiation keys allowed with the request or response.
- It is considered to be a protocol error to send a key that is not
- allowed in the current stage.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 58]
-
-RFC 3720 iSCSI April 2004
-
-
- Stage transition is performed through a command exchange (request/
- response) that carries the T bit and the same CSG code. During this
- exchange, the next stage is selected by the target through the "next
- stage" code (NSG). The selected NSG MUST NOT exceed the value stated
- by the initiator. The initiator can request a transition whenever it
- is ready, but a target can only respond with a transition after one
- is proposed by the initiator.
-
- In a negotiation sequence, the T bit settings in one pair of Login
- Request-Responses have no bearing on the T bit settings of the next
- pair. An initiator that has a T bit set to 1 in one pair and is
- answered with a T bit setting of 0, may issue the next request with
- the T bit set to 0.
-
- When a transition is requested by the initiator and acknowledged by
- the target, both the initiator and target switch to the selected
- stage.
-
- Targets MUST NOT submit parameters that require an additional
- initiator Login Request in a Login Response with the T bit set to 1.
-
- Stage transitions during login (including entering and exit) are only
- possible as outlined in the following table:
-
- +-----------------------------------------------------------+
- |From To -> | Security | Operational | FullFeature |
- | | | | | |
- | V | | | |
- +-----------------------------------------------------------+
- | (start) | yes | yes | no |
- +-----------------------------------------------------------+
- | Security | no | yes | yes |
- +-----------------------------------------------------------+
- | Operational | no | no | yes |
- +-----------------------------------------------------------+
-
- The Login Final-Response that accepts a Login Request can only come
- as a response to a Login Request with the T bit set to 1, and both
- the request and response MUST indicate FullFeaturePhase as the next
- phase via the NSG field.
-
- Neither the initiator nor the target should attempt to declare or
- negotiate a parameter more than once during login except for
- responses to specific keys that explicitly allow repeated key
- declarations (e.g., TargetAddress). An attempt to
- renegotiate/redeclare parameters not specifically allowed MUST be
- detected by the initiator and target. If such an attempt is detected
-
-
-
-
-Satran, et al. Standards Track [Page 59]
-
-RFC 3720 iSCSI April 2004
-
-
- by the target, the target MUST respond with Login reject (initiator
- error); if detected by the initiator, the initiator MUST drop the
- connection.
-
-5.3.1. Login Phase Start
-
- The Login Phase starts with a Login Request from the initiator to the
- target. The initial Login Request includes:
-
- - Protocol version supported by the initiator.
- - iSCSI Initiator Name and iSCSI Target Name
- - ISID, TSIH, and connection Ids
- - Negotiation stage that the initiator is ready to enter.
-
- A login may create a new session or it may add a connection to an
- existing session. Between a given iSCSI Initiator Node (selected
- only by an InitiatorName) and a given iSCSI target defined by an
- iSCSI TargetName and a Target Portal Group Tag, the login results are
- defined by the following table:
-
-
- +------------------------------------------------------------------+
- |ISID | TSIH | CID | Target action |
- +------------------------------------------------------------------+
- |new | non-zero | any | fail the login |
- | | | | ("session does not exist") |
- +------------------------------------------------------------------+
- |new | zero | any | instantiate a new session |
- +------------------------------------------------------------------+
- |existing | zero | any | do session reinstatement |
- | | | | (see section 5.3.5) |
- +------------------------------------------------------------------+
- |existing | non-zero | new | add a new connection to |
- | | existing | | the session |
- +------------------------------------------------------------------+
- |existing | non-zero |existing| do connection reinstatement|
- | | existing | | (see section 5.3.4) |
- +------------------------------------------------------------------+
- |existing | non-zero | any | fail the login |
- | | new | | ("session does not exist") |
- +------------------------------------------------------------------+
-
- Determination of "existing" or "new" are made by the target.
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 60]
-
-RFC 3720 iSCSI April 2004
-
-
- Optionally, the Login Request may include:
-
- - Security parameters
- OR
- - iSCSI operational parameters
- AND/OR
- - The next negotiation stage that the initiator is ready to
- enter.
-
- The target can answer the login in the following ways:
-
- - Login Response with Login reject. This is an immediate rejection
- from the target that causes the connection to terminate and the
- session to terminate if this is the first (or only) connection of
- a new session. The T bit and the CSG and NSG fields are
- reserved.
- - Login Response with Login Accept as a final response (T bit set
- to 1 and the NSG in both request and response are set to
- FullFeaturePhase). The response includes the protocol version
- supported by the target and the session ID, and may include iSCSI
- operational or security parameters (that depend on the current
- stage).
- - Login Response with Login Accept as a partial response (NSG not
- set to FullFeaturePhase in both request and response) that
- indicates the start of a negotiation sequence. The response
- includes the protocol version supported by the target and either
- security or iSCSI parameters (when no security mechanism is
- chosen) supported by the target.
-
- If the initiator decides to forego the SecurityNegotiation stage, it
- issues the Login with the CSG set to LoginOperationalNegotiation and
- the target may reply with a Login Response that indicates that it is
- unwilling to accept the connection (see Section 10.13 Login Response)
- without SecurityNegotiation and will terminate the connection with a
- response of Authentication failure (see Section 10.13.5 Status-Class
- and Status-Detail).
-
- If the initiator is willing to negotiate iSCSI security, but is
- unwilling to make the initial parameter proposal and may accept a
- connection without iSCSI security, it issues the Login with the T bit
- set to 1, the CSG set to SecurityNegotiation, and the NSG set to
- LoginOperationalNegotiation. If the target is also ready to skip
- security, the Login Response only contains the TargetPortalGroupTag
- key (see Section 12.9 TargetPortalGroupTag), the T bit set to 1, the
- CSG set to SecurityNegotiation, and the NSG set to
- LoginOperationalNegotiation.
-
-
-
-
-
-Satran, et al. Standards Track [Page 61]
-
-RFC 3720 iSCSI April 2004
-
-
- An initiator that chooses to operate without iSCSI security, with all
- the operational parameters taking the default values, issues the
- Login with the T bit set to 1, the CSG set to
- LoginOperationalNegotiation, and the NSG set to FullFeaturePhase. If
- the target is also ready to forego security and can finish its
- LoginOperationalNegotiation, the Login Response has T bit set to 1,
- the CSG set to LoginOperationalNegotiation, and the NSG set to
- FullFeaturePhase in the next stage.
-
- During the Login Phase the iSCSI target MUST return the
- TargetPortalGroupTag key with the first Login Response PDU with which
- it is allowed to do so (i.e., the first Login Response issued after
- the first Login Request with the C bit set to 0) for all session
- types when TargetName is given and the response is not a redirection.
- The TargetPortalGroupTag key value indicates the iSCSI portal group
- servicing the Login Request PDU. If the reconfiguration of iSCSI
- portal groups is a concern in a given environment, the iSCSI
- initiator should use this key to ascertain that it had indeed
- initiated the Login Phase with the intended target portal group.
-
-5.3.2. iSCSI Security Negotiation
-
- The security exchange sets the security mechanism and authenticates
- the initiator user and the target to each other. The exchange
- proceeds according to the authentication method chosen in the
- negotiation phase and is conducted using the Login Requests' and
- responses' key=value parameters.
-
- An initiator directed negotiation proceeds as follows:
-
- - The initiator sends a Login Request with an ordered list of the
- options it supports (authentication algorithm). The options are
- listed in the initiator's order of preference. The initiator MAY
- also send private or public extension options.
-
- - The target MUST reply with the first option in the list it
- supports and is allowed to use for the specific initiator unless
- it does not support any, in which case it MUST answer with
- "Reject" (see Section 5.2 Text Mode Negotiation). The parameters
- are encoded in UTF8 as key=value. For security parameters, see
- Chapter 11.
-
- - When the initiator considers that it is ready to conclude the
- SecurityNegotiation stage, it sets the T bit to 1 and the NSG to
- what it would like the next stage to be. The target will then
- set the T bit to 1 and set the NSG to the next stage in the Login
- Response when it finishes sending its security keys. The next
-
-
-
-
-Satran, et al. Standards Track [Page 62]
-
-RFC 3720 iSCSI April 2004
-
-
- stage selected will be the one the target selected. If the next
- stage is FullFeaturePhase, the target MUST respond with a Login
- Response with the TSIH value.
-
- If the security negotiation fails at the target, then the target MUST
- send the appropriate Login Response PDU. If the security negotiation
- fails at the initiator, the initiator SHOULD close the connection.
-
- It should be noted that the negotiation might also be directed by the
- target if the initiator does support security, but is not ready to
- direct the negotiation (propose options).
-
-5.3.3. Operational Parameter Negotiation During the Login Phase
-
- Operational parameter negotiation during the login MAY be done:
-
- - Starting with the first Login Request if the initiator does not
- propose any security/integrity option.
-
- - Starting immediately after the security negotiation if the
- initiator and target perform such a negotiation.
-
- Operational parameter negotiation MAY involve several Login
- Request-Response exchanges started and terminated by the initiator.
- The initiator MUST indicate its intent to terminate the negotiation
- by setting the T bit to 1; the target sets the T bit to 1 on the last
- response.
-
- If the target responds to a Login Request that has the T bit set to 1
- with a Login Response that has the T bit set to 0, the initiator
- should keep sending the Login Request (even empty) with the T bit set
- to 1, while it still wants to switch stage, until it receives the
- Login Response that has the T bit set to 1 or it receives a key that
- requires it to set the T bit to 0.
-
- Some session specific parameters can only be specified during the
- Login Phase of the first connection of a session (i.e., begun by a
- Login Request that contains a zero-valued TSIH) - the leading Login
- Phase (e.g., the maximum number of connections that can be used for
- this session).
-
- A session is operational once it has at least one connection in
- FullFeaturePhase. New or replacement connections can only be added
- to a session after the session is operational.
-
- For operational parameters, see Chapter 12.
-
-
-
-
-
-Satran, et al. Standards Track [Page 63]
-
-RFC 3720 iSCSI April 2004
-
-
-5.3.4. Connection Reinstatement
-
- Connection reinstatement is the process of an initiator logging in
- with an ISID-TSIH-CID combination that is possibly active from the
- target's perspective, which causes the implicit logging out of the
- connection corresponding to the CID, and reinstating a new Full
- Feature Phase iSCSI connection in its place (with the same CID).
- Thus, the TSIH in the Login PDU MUST be non-zero and the CID does not
- change during a connection reinstatement. The Login Request performs
- the logout function of the old connection if an explicit logout was
- not performed earlier. In sessions with a single connection, this
- may imply the opening of a second connection with the sole purpose of
- cleaning up the first. Targets MUST support opening a second
- connection even when they do not support multiple connections in Full
- Feature Phase if ErrorRecoveryLevel is 2 and SHOULD support opening a
- second connection if ErrorRecoveryLevel is less than 2.
-
- If the operational ErrorRecoveryLevel is 2, connection reinstatement
- enables future task reassignment. If the operational
- ErrorRecoveryLevel is less than 2, connection reinstatement is the
- replacement of the old CID without enabling task reassignment. In
- this case, all the tasks that were active on the old CID must be
- immediately terminated without further notice to the initiator.
-
- The initiator connection state MUST be CLEANUP_WAIT (section 7.1.3)
- when the initiator attempts a connection reinstatement.
-
- In practical terms, in addition to the implicit logout of the old
- connection, reinstatement is equivalent to a new connection login.
-
-5.3.5. Session Reinstatement, Closure, and Timeout
-
- Session reinstatement is the process of the initiator logging in with
- an ISID that is possibly active from the target's perspective. Thus
- implicitly logging out the session that corresponds to the ISID and
- reinstating a new iSCSI session in its place (with the same ISID).
- Therefore, the TSIH in the Login PDU MUST be zero to signal session
- reinstatement. Session reinstatement causes all the tasks that were
- active on the old session to be immediately terminated by the target
- without further notice to the initiator.
-
- The initiator session state MUST be FAILED (Section 7.3 Session State
- Diagrams) when the initiator attempts a session reinstatement.
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 64]
-
-RFC 3720 iSCSI April 2004
-
-
- Session closure is an event defined to be one of the following:
-
- - A successful "session close" logout.
- - A successful "connection close" logout for the last Full Feature
- Phase connection when no other connection in the session is
- waiting for cleanup (Section 7.2 Connection Cleanup State Diagram
- for Initiators and Targets) and no tasks in the session are
- waiting for reassignment.
-
- Session timeout is an event defined to occur when the last connection
- state timeout expires and no tasks are waiting for reassignment.
- This takes the session to the FREE state (N6 transition in the
- session state diagram).
-
-5.3.5.1. Loss of Nexus Notification
-
- The iSCSI layer provides the SCSI layer with the "I_T nexus loss"
- notification when any one of the following events happens:
-
- a) Successful completion of session reinstatement.
- b) Session closure event.
- c) Session timeout event.
-
- Certain SCSI object clearing actions may result due to the
- notification in the SCSI end nodes, as documented in Appendix F.
- - Clearing Effects of Various Events on Targets -.
-
-5.3.6. Session Continuation and Failure
-
- Session continuation is the process by which the state of a
- preexisting session continues to be used by connection reinstatement
- (Section 5.3.4 Connection Reinstatement), or by adding a connection
- with a new CID. Either of these actions associates the new transport
- connection with the session state.
-
- Session failure is an event where the last Full Feature Phase
- connection reaches the CLEANUP_WAIT state (Section 7.2 Connection
- Cleanup State Diagram for Initiators and Targets), or completes a
- successful recovery logout, thus causing all active tasks (that are
- formerly allegiant to the connection) to start waiting for task
- reassignment.
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 65]
-
-RFC 3720 iSCSI April 2004
-
-
-5.4. Operational Parameter Negotiation Outside the Login Phase
-
- Some operational parameters MAY be negotiated outside (after) the
- Login Phase.
-
- Parameter negotiation in Full Feature Phase is done through Text
- requests and responses. Operational parameter negotiation MAY
- involve several Text request-response exchanges, which the initiator
- always starts and terminates using the same Initiator Task Tag. The
- initiator MUST indicate its intent to terminate the negotiation by
- setting the F bit to 1; the target sets the F bit to 1 on the last
- response.
-
- If the target responds to a Text request with the F bit set to 1 and
- with a Text response with the F bit set to 0, the initiator should
- keep sending the Text request (even empty) with the F bit set to 1,
- while it still wants to finish the negotiation, until it receives the
- Text response with the F bit set to 1. Responding to a Text request
- with the F bit set to 1 with an empty (no key=value pairs) response
- with the F bit set to 0 is discouraged.
-
- Targets MUST NOT submit parameters that require an additional
- initiator Text request in a Text response with the F bit set to 1.
-
- In a negotiation sequence, the F bit settings in one pair of Text
- request-responses have no bearing on the F bit settings of the next
- pair. An initiator that has the F bit set to 1 in a request and is
- being answered with an F bit setting of 0 may issue the next request
- with the F bit set to 0.
-
- Whenever the target responds with the F bit set to 0, it MUST set the
- Target Transfer Tag to a value other than the default 0xffffffff.
-
- An initiator MAY reset an operational parameter negotiation by
- issuing a Text request with the Target Transfer Tag set to the value
- 0xffffffff after receiving a response with the Target Transfer Tag
- set to a value other than 0xffffffff. A target may reset an
- operational parameter negotiation by answering a Text request with a
- Reject PDU.
-
- Neither the initiator nor the target should attempt to declare or
- negotiate a parameter more than once during any negotiation sequence
- without an intervening operational parameter negotiation reset,
- except for responses to specific keys that explicitly allow repeated
- key declarations (e.g., TargetAddress). If detected by the target,
- this MUST result in a Reject PDU with a reason of "protocol error".
- The initiator MUST reset the negotiation as outlined above.
-
-
-
-
-Satran, et al. Standards Track [Page 66]
-
-RFC 3720 iSCSI April 2004
-
-
- Parameters negotiated by a text exchange negotiation sequence only
- become effective after the negotiation sequence is completed.
-
-6. iSCSI Error Handling and Recovery
-
-6.1. Overview
-
-6.1.1. Background
-
- The following two considerations prompted the design of much of the
- error recovery functionality in iSCSI:
-
- i) An iSCSI PDU may fail the digest check and be dropped, despite
- being received by the TCP layer. The iSCSI layer must
- optionally be allowed to recover such dropped PDUs.
- ii) A TCP connection may fail at any time during the data
- transfer. All the active tasks must optionally be allowed to
- continue on a different TCP connection within the same
- session.
-
- Implementations have considerable flexibility in deciding what degree
- of error recovery to support, when to use it and by which mechanisms
- to achieve the required behavior. Only the externally visible
- actions of the error recovery mechanisms must be standardized to
- ensure interoperability.
-
- This chapter describes a general model for recovery in support of
- interoperability. See Appendix E. - Algorithmic Presentation of
- Error Recovery Classes - for further detail on how the described
- model may be implemented. Compliant implementations do not have to
- match the implementation details of this model as presented, but the
- external behavior of such implementations must correspond to the
- externally observable characteristics of the presented model.
-
-6.1.2. Goals
-
- The major design goals of the iSCSI error recovery scheme are as
- follows:
-
- a) Allow iSCSI implementations to meet different requirements by
- defining a collection of error recovery mechanisms that
- implementations may choose from.
- b) Ensure interoperability between any two implementations
- supporting different sets of error recovery capabilities.
- c) Define the error recovery mechanisms to ensure command
- ordering even in the face of errors, for initiators that
- demand ordering.
-
-
-
-
-Satran, et al. Standards Track [Page 67]
-
-RFC 3720 iSCSI April 2004
-
-
- d) Do not make additions in the fast path, but allow moderate
- complexity in the error recovery path.
- e) Prevent both the initiator and target from attempting to
- recover the same set of PDUs at the same time. For example,
- there must be a clear "error recovery functionality
- distribution" between the initiator and target.
-
-6.1.3. Protocol Features and State Expectations
-
- The initiator mechanisms defined in connection with error recovery
- are:
-
- a) NOP-OUT to probe sequence numbers of the target (section
- 10.18)
- b) Command retry (section 6.2.1)
- c) Recovery R2T support (section 6.7)
- d) Requesting retransmission of status/data/R2T using the SNACK
- facility (section 10.16)
- e) Acknowledging the receipt of the data (section 10.16)
- f) Reassigning the connection allegiance of a task to a different
- TCP connection (section 6.2.2)
- g) Terminating the entire iSCSI session to start afresh (section
- 6.1.4.4)
-
- The target mechanisms defined in connection with error recovery are:
-
- a) NOP-IN to probe sequence numbers of the initiator (section
- 10.19)
- b) Requesting retransmission of data using the recovery R2T
- feature (section 6.7)
- c) SNACK support (section 10.16) d) Requesting that parts of
- read data be acknowledged (section 10.7.2)
- e) Allegiance reassignment support (section 6.2.2)
- f) Terminating the entire iSCSI session to force the initiator to
- start over (section 6.1.4.4)
-
- For any outstanding SCSI command, it is assumed that iSCSI, in
- conjunction with SCSI at the initiator, is able to keep enough
- information to be able to rebuild the command PDU, and that outgoing
- data is available (in host memory) for retransmission while the
- command is outstanding. It is also assumed that at the target,
- incoming data (read data) MAY be kept for recovery or it can be
- reread from a device server.
-
- It is further assumed that a target will keep the "status & sense"
- for a command it has executed if it supports status retransmission.
- A target that agrees to support data retransmission is expected to be
- prepared to retransmit the outgoing data (i.e., Data-In) on request
-
-
-
-Satran, et al. Standards Track [Page 68]
-
-RFC 3720 iSCSI April 2004
-
-
- until either the status for the completed command is acknowledged, or
- the data in question has been separately acknowledged.
-
-6.1.4. Recovery Classes
-
- iSCSI enables the following classes of recovery (in the order of
- increasing scope of affected iSCSI tasks):
-
- - Within a command (i.e., without requiring command restart).
- - Within a connection (i.e., without requiring the connection to
- be rebuilt, but perhaps requiring command restart).
- - Connection recovery (i.e., perhaps requiring connections to be
- rebuilt and commands to be reissued).
- - Session recovery.
-
- The recovery scenarios detailed in the rest of this section are
- representative rather than exclusive. In every case, they detail the
- lowest class recovery that MAY be attempted. The implementer is left
- to decide under which circumstances to escalate to the next recovery
- class and/or what recovery classes to implement. Both the iSCSI
- target and initiator MAY escalate the error handling to an error
- recovery class, which impacts a larger number of iSCSI tasks in any
- of the cases identified in the following discussion.
-
- In all classes, the implementer has the choice of deferring errors to
- the SCSI initiator (with an appropriate response code), in which case
- the task, if any, has to be removed from the target and all the side
- effects, such as ACA, must be considered.
-
- Use of within-connection and within-command recovery classes MUST NOT
- be attempted before the connection is in Full Feature Phase.
-
- In the detailed description of the recovery classes, the mandating
- terms (MUST, SHOULD, MAY, etc.) indicate normative actions to be
- executed if the recovery class is supported and used.
-
-6.1.4.1. Recovery Within-command
-
- At the target, the following cases lend themselves to
- within-command recovery:
-
- - Lost data PDU - realized through one of the following:
-
- a) Data digest error - dealt with as specified in Section 6.7
- Digest Errors, using the option of a recovery R2T.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 69]
-
-RFC 3720 iSCSI April 2004
-
-
- b) Sequence reception timeout (no data or
- partial-data-and-no-F-bit) - considered an implicit sequence
- error and dealt with as specified in Section 6.8 Sequence
- Errors, using the option of a recovery R2T.
- c) Header digest error, which manifests as a sequence reception
- timeout or a sequence error - dealt with as specified in
- Section 6.8 Sequence Errors, using the option of a recovery
- R2T.
-
- At the initiator, the following cases lend themselves to
- within-command recovery:
-
- Lost data PDU or lost R2T - realized through one of the
- following:
-
- a) Data digest error - dealt with as specified in Section 6.7
- Digest Errors, using the option of a SNACK.
- b) Sequence reception timeout (no status) or response reception
- timeout - dealt with as specified in Section 6.8 Sequence
- Errors, using the option of a SNACK.
- c) Header digest error, which manifests as a sequence reception
- timeout or a sequence error - dealt with as specified in
- Section 6.8 Sequence Errors, using the option of a SNACK.
-
- To avoid a race with the target, which may already have a recovery
- R2T or a termination response on its way, an initiator SHOULD NOT
- originate a SNACK for an R2T based on its internal timeouts (if any).
- Recovery in this case is better left to the target.
-
- The timeout values used by the initiator and target are outside the
- scope of this document. Sequence reception timeout is generally a
- large enough value to allow the data sequence transfer to be
- complete.
-
-6.1.4.2. Recovery Within-connection
-
- At the initiator, the following cases lend themselves to
- within-connection recovery:
-
- - Requests not acknowledged for a long time. Requests are
- acknowledged explicitly through ExpCmdSN or implicitly by
- receiving data and/or status. The initiator MAY retry
- non-acknowledged commands as specified in Section 6.2 Retry and
- Reassign in Recovery.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 70]
-
-RFC 3720 iSCSI April 2004
-
-
- - Lost iSCSI numbered Response. It is recognized by either
- identifying a data digest error on a Response PDU or a Data-In
- PDU carrying the status, or by receiving a Response PDU with a
- higher StatSN than expected. In the first case, digest error
- handling is done as specified in Section 6.7 Digest Errors using
- the option of a SNACK. In the second case, sequence error
- handling is done as specified in Section 6.8 Sequence Errors,
- using the option of a SNACK.
-
- At the target, the following cases lend themselves to
- within-connection recovery:
-
- - Status/Response not acknowledged for a long time. The target MAY
- issue a NOP-IN (with a valid Target Transfer Tag or otherwise)
- that carries the next status sequence number it is going to use
- in the StatSN field. This helps the initiator detect any missing
- StatSN(s) and issue a SNACK for the status.
-
- The timeout values used by the initiator and the target are outside
- the scope of this document.
-
-6.1.4.3. Connection Recovery
-
- At an iSCSI initiator, the following cases lend themselves to
- connection recovery:
-
- - TCP connection failure: The initiator MUST close the connection.
- It then MUST either implicitly or explicitly logout the failed
- connection with the reason code "remove the connection for
- recovery" and reassign connection allegiance for all commands
- still in progress associated with the failed connection on one or
- more connections (some or all of which MAY be newly established
- connections) using the "Task reassign" task management function
- (see Section 10.5.1 Function). For an initiator, a command is in
- progress as long as it has not received a response or a Data-In
- PDU including status.
-
- Note: The logout function is mandatory. However, a new connection
- establishment is only mandatory if the failed connection was the
- last or only connection in the session.
-
- - Receiving an Asynchronous Message that indicates one or all
- connections in a session has been dropped. The initiator MUST
- handle it as a TCP connection failure for the connection(s)
- referred to in the Message.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 71]
-
-RFC 3720 iSCSI April 2004
-
-
- At an iSCSI target, the following cases lend themselves to connection
- recovery:
-
- - TCP connection failure. The target MUST close the connection and,
- if more than one connection is available, the target SHOULD send
- an Asynchronous Message that indicates it has dropped the
- connection. Then, the target will wait for the initiator to
- continue recovery.
-
-6.1.4.4. Session Recovery
-
- Session recovery should be performed when all other recovery attempts
- have failed. Very simple initiators and targets MAY perform session
- recovery on all iSCSI errors and rely on recovery on the SCSI layer
- and above.
-
- Session recovery implies the closing of all TCP connections,
- internally aborting all executing and queued tasks for the given
- initiator at the target, terminating all outstanding SCSI commands
- with an appropriate SCSI service response at the initiator, and
- restarting a session on a new set of connection(s) (TCP connection
- establishment and login on all new connections).
-
- For possible clearing effects of session recovery on SCSI and iSCSI
- objects, refer to Appendix F. - Clearing Effects of Various Events on
- Targets -.
-
-6.1.5. Error Recovery Hierarchy
-
- The error recovery classes described so far are organized into a
- hierarchy for ease in understanding and to limit the implementation
- complexity. With few and well defined recovery levels
- interoperability is easier to achieve. The attributes of this
- hierarchy are as follows:
-
- a) Each level is a superset of the capabilities of the previous
- level. For example, Level 1 support implies supporting all
- capabilities of Level 0 and more.
- b) As a corollary, supporting a higher error recovery level means
- increased sophistication and possibly an increase in resource
- requirements.
- c) Supporting error recovery level "n" is advertised and
- negotiated by each iSCSI entity by exchanging the text key
- "ErrorRecoveryLevel=n". The lower of the two exchanged values
- is the operational ErrorRecoveryLevel for the session.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 72]
-
-RFC 3720 iSCSI April 2004
-
-
- The following diagram represents the error recovery hierarchy.
-
- +
- /
- / 2 \ <-- Connection recovery
- +-----+
- / 1 \ <-- Digest failure recovery
- +---------+
- / 0 \ <-- Session failure recovery
- +-------------+
-
- The following table lists the error recovery capabilities expected
- from the implementations that support each error recovery level.
-
- +-------------------+--------------------------------------------+
- |ErrorRecoveryLevel | Associated Error recovery capabilities |
- +-------------------+--------------------------------------------+
- | 0 | Session recovery class |
- | | (Section 6.1.4.4 Session Recovery) |
- +-------------------+--------------------------------------------+
- | 1 | Digest failure recovery (See Note below.) |
- | | plus the capabilities of ER Level 0 |
- +-------------------+--------------------------------------------+
- | 2 | Connection recovery class |
- | | (Section 6.1.4.3 Connection Recovery) |
- | | plus the capabilities of ER Level 1 |
- +-------------------+--------------------------------------------+
-
- Note: Digest failure recovery is comprised of two recovery classes:
- Within-Connection recovery class (Section 6.1.4.2 Recovery Within-
- connection) and Within-Command recovery class (Section 6.1.4.1
- Recovery Within-command).
-
- When a defined value of ErrorRecoveryLevel is proposed by an
- originator in a text negotiation, the originator MUST support the
- functionality defined for the proposed value and additionally, the
- functionality corresponding to any defined value numerically less
- than the proposed. When a defined value of ErrorRecoveryLevel is
- returned by a responder in a text negotiation, the responder MUST
- support the functionality corresponding to the ErrorRecoveryLevel it
- is accepting.
-
- When either party attempts to use error recovery functionality beyond
- what is negotiated, the recovery attempts MAY fail unless an a priori
- agreement outside the scope of this document exists between the two
- parties to provide such support.
-
-
-
-
-
-Satran, et al. Standards Track [Page 73]
-
-RFC 3720 iSCSI April 2004
-
-
- Implementations MUST support error recovery level "0", while the rest
- are OPTIONAL to implement. In implementation terms, the above
- striation means that the following incremental sophistication with
- each level is required.
-
- +-------------------+---------------------------------------------+
- |Level transition | Incremental requirement |
- +-------------------+---------------------------------------------+
- | 0->1 | PDU retransmissions on the same connection |
- +-------------------+---------------------------------------------+
- | 1->2 | Retransmission across connections and |
- | | allegiance reassignment |
- +-------------------+---------------------------------------------+
-
-6.2. Retry and Reassign in Recovery
-
- This section summarizes two important and somewhat related iSCSI
- protocol features used in error recovery.
-
-6.2.1. Usage of Retry
-
- By resending the same iSCSI command PDU ("retry") in the absence of a
- command acknowledgement (by way of an ExpCmdSN update) or a response,
- an initiator attempts to "plug" (what it thinks are) the
- discontinuities in CmdSN ordering on the target end. Discarded
- command PDUs, due to digest errors, may have created these
- discontinuities.
-
- Retry MUST NOT be used for reasons other than plugging command
- sequence gaps, and in particular, cannot be used for requesting PDU
- retransmissions from a target. Any such PDU retransmission requests
- for a currently allegiant command in progress may be made using the
- SNACK mechanism described in section 10.16, although the usage of
- SNACK is OPTIONAL.
-
- If initiators, as part of plugging command sequence gaps as described
- above, inadvertently issue retries for allegiant commands already in
- progress (i.e., targets did not see the discontinuities in CmdSN
- ordering), the duplicate commands are silently ignored by targets as
- specified in section 3.2.2.1.
-
- When an iSCSI command is retried, the command PDU MUST carry the
- original Initiator Task Tag and the original operational attributes
- (e.g., flags, function names, LUN, CDB etc.) as well as the original
- CmdSN. The command being retried MUST be sent on the same connection
- as the original command unless the original connection was already
- successfully logged out.
-
-
-
-
-Satran, et al. Standards Track [Page 74]
-
-RFC 3720 iSCSI April 2004
-
-
-6.2.2. Allegiance Reassignment
-
- By issuing a "task reassign" task management request (Section 10.5.1
- Function), the initiator signals its intent to continue an already
- active command (but with no current connection allegiance) as part of
- connection recovery. This means that a new connection allegiance is
- requested for the command, which seeks to associate it to the
- connection on which the task management request is being issued.
- Before the allegiance reassignment is attempted for a task, an
- implicit or explicit Logout with the reason code "remove the
- connection for recovery" ( see section 10.14) MUST be successfully
- completed for the previous connection to which the task was
- allegiant.
-
- In reassigning connection allegiance for a command, the targets
- SHOULD continue the command from its current state. For example,
- when reassigning read commands, the target SHOULD take advantage of
- the ExpDataSN field provided by the Task Management function request
- (which must be set to zero if there was no data transfer) and bring
- the read command to completion by sending the remaining data and
- sending (or resending) the status. ExpDataSN acknowledges all data
- sent up to, but not including, the Data-In PDU and or R2T with DataSN
- (or R2TSN) equal to ExpDataSN. However, targets may choose to
- send/receive all unacknowledged data or all of the data on a
- reassignment of connection allegiance if unable to recover or
- maintain an accurate state. Initiators MUST not subsequently request
- data retransmission through Data SNACK for PDUs numbered less than
- ExpDataSN (i.e., prior to the acknowledged sequence number). For all
- types of commands, a reassignment request implies that the task is
- still considered in progress by the initiator and the target must
- conclude the task appropriately if the target returns the "Function
- Complete" response to the reassignment request. This might possibly
- involve retransmission of data/R2T/status PDUs as necessary, but MUST
- involve the (re)transmission of the status PDU.
-
- It is OPTIONAL for targets to support the allegiance reassignment.
- This capability is negotiated via the ErrorRecoveryLevel text key
- during the login time. When a target does not support allegiance
- reassignment, it MUST respond with a Task Management response code of
- "Allegiance reassignment not supported". If allegiance reassignment
- is supported by the target, but the task is still allegiant to a
- different connection, or a successful recovery Logout of the
- previously allegiant connection was not performed, the target MUST
- respond with a Task Management response code of "Task still
- allegiant".
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 75]
-
-RFC 3720 iSCSI April 2004
-
-
- If allegiance reassignment is supported by the target, the Task
- Management response to the reassignment request MUST be issued before
- the reassignment becomes effective.
-
- If a SCSI Command that involves data input is reassigned, any SNACK
- Tag it holds for a final response from the original connection is
- deleted and the default value of 0 MUST be used instead.
-
-6.3. Usage Of Reject PDU in Recovery
-
- Targets MUST NOT implicitly terminate an active task by sending a
- Reject PDU for any PDU exchanged during the life of the task. If the
- target decides to terminate the task, a Response PDU (SCSI, Text,
- Task, etc.) must be returned by the target to conclude the task. If
- the task had never been active before the Reject (i.e., the Reject is
- on the command PDU), targets should not send any further responses
- because the command itself is being discarded.
-
- The above rule means that the initiator can eventually expect a
- response on receiving Rejects, if the received Reject is for a PDU
- other than the command PDU itself. The non-command Rejects only have
- diagnostic value in logging the errors, and they can be used for
- retransmission decisions by the initiators.
-
- The CmdSN of the rejected command PDU (if it is a non-immediate
- command) MUST NOT be considered received by the target (i.e., a
- command sequence gap must be assumed for the CmdSN), even though the
- CmdSN of the rejected command PDU may be reliably ascertained. Upon
- receiving the Reject, the initiator MUST plug the CmdSN gap in order
- to continue to use the session. The gap may be plugged either by
- transmitting a command PDU with the same CmdSN, or by aborting the
- task (see section 6.9 on how an abort may plug a CmdSN gap).
-
- When a data PDU is rejected and its DataSN can be ascertained, a
- target MUST advance ExpDataSN for the current data burst if a
- recovery R2T is being generated. The target MAY advance its
- ExpDataSN if it does not attempt to recover the lost data PDU.
-
-6.4. Connection Timeout Management
-
- iSCSI defines two session-global timeout values (in seconds)
- - Time2Wait and Time2Retain - that are applicable when an iSCSI Full
- Feature Phase connection is taken out of service either intentionally
- or by an exception. Time2Wait is the initial "respite time" before
- attempting an explicit/implicit Logout for the CID in question or
- task reassignment for the affected tasks (if any). Time2Retain is
- the maximum time after the initial respite interval that the task
- and/or connection state(s) is/are guaranteed to be maintained on the
-
-
-
-Satran, et al. Standards Track [Page 76]
-
-RFC 3720 iSCSI April 2004
-
-
- target to cater to a possible recovery attempt. Recovery attempts
- for the connection and/or task(s) SHOULD NOT be made before Time2Wait
- seconds, but MUST be completed within Time2Retain seconds after that
- initial Time2Wait waiting period.
-
-6.4.1. Timeouts on Transport Exception Events
-
- A transport connection shutdown or a transport reset without any
- preceding iSCSI protocol interactions informing the end-points of the
- fact causes a Full Feature Phase iSCSI connection to be abruptly
- terminated. The timeout values to be used in this case are the
- negotiated values of defaultTime2Wait (Section 12.15
- DefaultTime2Wait) and DefaultTime2Retain (Section 12.16
- DefaultTime2Retain) text keys for the session.
-
-6.4.2. Timeouts on Planned Decommissioning
-
- Any planned decommissioning of a Full Feature Phase iSCSI connection
- is preceded by either a Logout Response PDU, or an Async Message PDU.
- The Time2Wait and Time2Retain field values (section 10.15) in a
- Logout Response PDU, and the Parameter2 and Parameter3 fields of an
- Async Message (AsyncEvent types "drop the connection" or "drop all
- the connections"; section 10.9.1) specify the timeout values to be
- used in each of these cases.
-
- These timeout values are only applicable for the affected connection,
- and the tasks active on that connection. These timeout values have
- no bearing on initiator timers (if any) that are already running on
- connections or tasks associated with that session.
-
-6.5. Implicit Termination of Tasks
-
- A target implicitly terminates the active tasks due to iSCSI protocol
- dynamics in the following cases:
-
- a) When a connection is implicitly or explicitly logged out with
- the reason code of "Close the connection" and there are active
- tasks allegiant to that connection.
-
- b) When a connection fails and the connection state eventually
- times out (state transition M1 in Section 7.2.2 State
- Transition Descriptions for Initiators and Targets) and there
- are active tasks allegiant to that connection.
-
- c) When a successful Logout with the reason code of "remove the
- connection for recovery" is performed while there are active
- tasks allegiant to that connection, and those tasks eventually
-
-
-
-
-Satran, et al. Standards Track [Page 77]
-
-RFC 3720 iSCSI April 2004
-
-
- time out after the Time2Wait and Time2Retain periods without
- allegiance reassignment.
-
- d) When a connection is implicitly or explicitly logged out with
- the reason code of "Close the session" and there are active
- tasks in that session.
-
- If the tasks terminated in the above cases a), b, c) and d)are SCSI
- tasks, they must be internally terminated as if with CHECK CONDITION
- status. This status is only meaningful for appropriately handling
- the internal SCSI state and SCSI side effects with respect to
- ordering because this status is never communicated back as a
- terminating status to the initiator. However additional actions may
- have to be taken at SCSI level depending on the SCSI context as
- defined by the SCSI standards (e.g., queued commands and ACA, in
- cases a), b), and c), after the tasks are terminated, the target MUST
- report a Unit Attention condition on the next command processed on
- any connection for each affected I_T_L nexus with the status of CHECK
- CONDITION, and the ASC/ASCQ value of 47h/7Fh - "SOME COMMANDS CLEARED
- BY ISCSI PROTOCOL EVENT" , etc. - see [SAM2] and [SPC3]).
-
-6.6. Format Errors
-
- The following two explicit violations of PDU layout rules are format
- errors:
-
- a) Illegal contents of any PDU header field except the Opcode
- (legal values are specified in Section 10 iSCSI PDU Formats).
- b) Inconsistent field contents (consistent field contents are
- specified in Section 10 iSCSI PDU Formats).
-
- Format errors indicate a major implementation flaw in one of the
- parties.
-
- When a target or an initiator receives an iSCSI PDU with a format
- error, it MUST immediately terminate all transport connections in the
- session either with a connection close or with a connection reset and
- escalate the format error to session recovery (see Section 6.1.4.4
- Session Recovery).
-
-6.7. Digest Errors
-
- The discussion of the legal choices in handling digest errors below
- excludes session recovery as an explicit option, but either party
- detecting a digest error may choose to escalate the error to session
- recovery.
-
-
-
-
-
-Satran, et al. Standards Track [Page 78]
-
-RFC 3720 iSCSI April 2004
-
-
- When a target or an initiator receives any iSCSI PDU, with a header
- digest error, it MUST either discard the header and all data up to
- the beginning of a later PDU or close the connection. Because the
- digest error indicates that the length field of the header may have
- been corrupted, the location of the beginning of a later PDU needs to
- be reliably ascertained by other means such as the operation of a
- sync and steering layer.
-
- When a target receives any iSCSI PDU with a payload digest error, it
- MUST answer with a Reject PDU with a reason code of
- Data-Digest-Error and discard the PDU.
-
- - If the discarded PDU is a solicited or unsolicited iSCSI data
- PDU (for immediate data in a command PDU, non-data PDU rule
- below applies), the target MUST do one of the following:
- a) Request retransmission with a recovery R2T.
- b) Terminate the task with a response PDU with a CHECK
- CONDITION Status and an iSCSI Condition of "protocol service
- CRC error" (Section 10.4.7.2 Sense Data). If the target
- chooses to implement this option, it MUST wait to receive
- all the data (signaled by a Data PDU with the final bit set
- for all outstanding R2Ts) before sending the response PDU.
- A task management command (such as an abort task) from the
- initiator during this wait may also conclude the task.
- - No further action is necessary for targets if the discarded PDU
- is a non-data PDU. In case of immediate data being present on
- a discarded command, the immediate data is implicitly recovered
- when the task is retried (see section 6.2.1), followed by the
- entire data transfer for the task.
-
- When an initiator receives any iSCSI PDU with a payload digest error,
- it MUST discard the PDU.
-
- - If the discarded PDU is an iSCSI data PDU, the initiator MUST do
- one of the following:
-
- a) Request the desired data PDU through SNACK. In response to the
- SNACK, the target MUST either resend the data PDU or reject the
- SNACK with a Reject PDU with a reason code of "SNACK reject" in
- which case:
- i) If the status has not already been sent for the command,
- the target MUST terminate the command with a CHECK
- CONDITION Status and an iSCSI Condition of "SNACK rejected"
- (Section 10.4.7.2 Sense Data).
- ii) If the status was already sent, no further action is
- necessary for the target. The initiator in this case MUST
- wait for the status to be received and then discard it, so
- as to internally signal the completion with CHECK CONDITION
-
-
-
-Satran, et al. Standards Track [Page 79]
-
-RFC 3720 iSCSI April 2004
-
-
- Status and an iSCSI Condition of "protocol service CRC
- error" (Section 10.4.7.2 Sense Data).
- b) Abort the task and terminate the command with an error.
-
- - If the discarded PDU is a response PDU, the initiator MUST do one
- of the following:
-
- a) Request PDU retransmission with a status SNACK.
- b) Logout the connection for recovery and continue the tasks on a
- different connection instance as described in Section 6.2 Retry
- and Reassign in Recovery.
- c) Logout to close the connection (abort all the commands
- associated with the connection).
-
- - No further action is necessary for initiators if the discarded PDU
- is an unsolicited PDU (e.g., Async, Reject). Task timeouts as in
- the initiator waiting for a command completion, or process
- timeouts, as in the target waiting for a Logout, will ensure that
- the correct operational behavior will result in these cases
- despite the discarded PDU.
-
-6.8. Sequence Errors
-
- When an initiator receives an iSCSI R2T/data PDU with an out of order
- R2TSN/DataSN or a SCSI response PDU with an ExpDataSN that implies
- missing data PDU(s), it means that the initiator must have detected a
- header or payload digest error on one or more earlier R2T/data PDUs.
- The initiator MUST address these implied digest errors as described
- in Section 6.7 Digest Errors. When a target receives a data PDU with
- an out of order DataSN, it means that the target must have hit a
- header or payload digest error on at least one of the earlier data
- PDUs. The target MUST address these implied digest errors as
- described in Section 6.7 Digest Errors.
-
- When an initiator receives an iSCSI status PDU with an out of order
- StatSN that implies missing responses, it MUST address the one or
- more missing status PDUs as described in Section 6.7 Digest Errors.
- As a side effect of receiving the missing responses, the initiator
- may discover missing data PDUs. If the initiator wants to recover
- the missing data for a command, it MUST NOT acknowledge the received
- responses that start from the StatSN of the relevant command, until
- it has completed receiving all the data PDUs of the command.
-
- When an initiator receives duplicate R2TSNs (due to proactive
- retransmission of R2Ts by the target) or duplicate DataSNs (due to
- proactive SNACKs by the initiator), it MUST discard the duplicates.
-
-
-
-
-
-Satran, et al. Standards Track [Page 80]
-
-RFC 3720 iSCSI April 2004
-
-
-6.9. SCSI Timeouts
-
- An iSCSI initiator MAY attempt to plug a command sequence gap on the
- target end (in the absence of an acknowledgement of the command by
- way of ExpCmdSN) before the ULP timeout by retrying the
- unacknowledged command, as described in Section 6.2 Retry and
- Reassign in Recovery.
-
- On a ULP timeout for a command (that carried a CmdSN of n), if the
- iSCSI initiator intends to continue the session, it MUST abort the
- command by either using an appropriate Task Management function
- request for the specific command, or a "close the connection" Logout.
- When using an ABORT TASK, if the ExpCmdSN is still less than (n+1),
- the target may see the abort request while missing the original
- command itself due to one of the following reasons:
-
- - Original command was dropped due to digest error.
- - Connection on which the original command was sent was
- successfully logged out. Upon logout, the unacknowledged
- commands issued on the connection being logged out are
- discarded.
-
- If the abort request is received and the original command is missing,
- targets MUST consider the original command with that RefCmdSN to be
- received and issue a Task Management response with the response code:
- "Function Complete". This response concludes the task on both ends.
- If the abort request is received and the target can determine (based
- on the Referenced Task Tag) that the command was received and
- executed and also that the response was sent prior to the abort, then
- the target MUST respond with the response code of "Task Does Not
- Exist".
-
-6.10. Negotiation Failures
-
- Text request and response sequences, when used to set/negotiate
- operational parameters, constitute the negotiation/parameter setting.
- A negotiation failure is considered to be one or more of the
- following:
-
- - None of the choices, or the stated value, is acceptable to one
- of the sides in the negotiation.
- - The text request timed out and possibly terminated.
- - The text request was answered with a Reject PDU.
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 81]
-
-RFC 3720 iSCSI April 2004
-
-
- The following two rules should be used to address negotiation
- failures:
-
- - During Login, any failure in negotiation MUST be considered a
- login process failure and the Login Phase must be terminated,
- and with it, the connection. If the target detects the
- failure, it must terminate the login with the appropriate Login
- Response code.
-
- - A failure in negotiation, while in the Full Feature Phase, will
- terminate the entire negotiation sequence that may consist of a
- series of text requests that use the same Initiator Task Tag.
- The operational parameters of the session or the connection
- MUST continue to be the values agreed upon during an earlier
- successful negotiation (i.e., any partial results of this
- unsuccessful negotiation MUST NOT take effect and MUST be
- discarded).
-
-6.11. Protocol Errors
-
- Mapping framed messages over a "stream" connection, such as TCP,
- makes the proposed mechanisms vulnerable to simple software framing
- errors. On the other hand, the introduction of framing mechanisms to
- limit the effects of these errors may be onerous on performance for
- simple implementations. Command Sequence Numbers and the above
- mechanisms for connection drop and reestablishment help handle this
- type of mapping errors.
-
- All violations of iSCSI PDU exchange sequences specified in this
- document are also protocol errors. This category of errors can only
- be addressed by fixing the implementations; iSCSI defines Reject and
- response codes to enable this.
-
-6.12. Connection Failures
-
- iSCSI can keep a session in operation if it is able to
- keep/establish at least one TCP connection between the initiator and
- the target in a timely fashion. Targets and/or initiators may
- recognize a failing connection by either transport level means (TCP),
- a gap in the command sequence number, a response stream that is not
- filled for a long time, or by a failing iSCSI NOP (acting as a ping).
- The latter MAY be used periodically to increase the speed and
- likelihood of detecting connection failures. Initiators and targets
- MAY also use the keep-alive option on the TCP connection to enable
- early link failure detection on otherwise idle links.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 82]
-
-RFC 3720 iSCSI April 2004
-
-
- On connection failure, the initiator and target MUST do one of the
- following:
-
- - Attempt connection recovery within the session (Section 6.1.4.3
- Connection Recovery).
-
- - Logout the connection with the reason code "closes the
- connection" (Section 10.14.5 Implicit termination of tasks),
- re-issue missing commands, and implicitly terminate all active
- commands. This option requires support for the
- within-connection recovery class (Section 6.1.4.2 Recovery
- Within-connection).
-
- - Perform session recovery (Section 6.1.4.4 Session Recovery).
-
- Either side may choose to escalate to session recovery (via the
- initiator dropping all the connections, or via an Async Message that
- announces the similar intent from a target), and the other side MUST
- give it precedence. On a connection failure, a target MUST terminate
- and/or discard all of the active immediate commands regardless of
- which of the above options is used (i.e., immediate commands are not
- recoverable across connection failures).
-
-6.13. Session Errors
-
- If all of the connections of a session fail and cannot be
- reestablished in a short time, or if initiators detect protocol
- errors repeatedly, an initiator may choose to terminate a session and
- establish a new session.
-
- In this case, the initiator takes the following actions:
-
- - Resets or closes all the transport connections.
- - Terminates all outstanding requests with an appropriate
- response before initiating a new session. If the same I_T
- nexus is intended to be reestablished, the initiator MUST
- employ session reinstatement (see section 5.3.5).
-
- When the session timeout (the connection state timeout for the last
- failed connection) happens on the target, it takes the following
- actions:
-
- - Resets or closes the TCP connections (closes the session).
- - Terminates all active tasks that were allegiant to the
- connection(s) that constituted the session.
-
- A target MUST also be prepared to handle a session reinstatement
- request from the initiator, that may be addressing session errors.
-
-
-
-Satran, et al. Standards Track [Page 83]
-
-RFC 3720 iSCSI April 2004
-
-
-7. State Transitions
-
- iSCSI connections and iSCSI sessions go through several well-defined
- states from the time they are created to the time they are cleared.
-
- The connection state transitions are described in two separate but
- dependent state diagrams for ease in understanding. The first
- diagram, "standard connection state diagram", describes the
- connection state transitions when the iSCSI connection is not waiting
- for, or undergoing, a cleanup by way of an explicit or implicit
- Logout. The second diagram, "connection cleanup state diagram",
- describes the connection state transitions while performing the iSCSI
- connection cleanup.
-
- The "session state diagram" describes the state transitions an iSCSI
- session would go through during its lifetime, and it depends on the
- states of possibly multiple iSCSI connections that participate in the
- session.
-
- States and state transitions are described in the text, tables and
- diagrams. The diagrams are used for illustration. The text and the
- tables are the governing specification.
-
-7.1. Standard Connection State Diagrams
-
-7.1.1. State Descriptions for Initiators and Targets
-
- State descriptions for the standard connection state diagram are as
- follows:
-
- -S1: FREE
- -initiator: State on instantiation, or after successful
- connection closure.
- -target: State on instantiation, or after successful connection
- closure.
- -S2: XPT_WAIT
- -initiator: Waiting for a response to its transport connection
- establishment request.
- -target: Illegal
- -S3: XPT_UP
- -initiator: Illegal
- -target: Waiting for the Login process to commence.
- -S4: IN_LOGIN
- -initiator: Waiting for the Login process to conclude, possibly
- involving several PDU exchanges.
- -target: Waiting for the Login process to conclude, possibly
- involving several PDU exchanges.
-
-
-
-
-Satran, et al. Standards Track [Page 84]
-
-RFC 3720 iSCSI April 2004
-
-
- -S5: LOGGED_IN
- -initiator: In Full Feature Phase, waiting for all internal,
- iSCSI, and transport events.
- -target: In Full Feature Phase, waiting for all internal, iSCSI,
- and transport events.
- -S6: IN_LOGOUT
- -initiator: Waiting for a Logout response.
- -target: Waiting for an internal event signaling completion of
- logout processing.
- -S7: LOGOUT_REQUESTED
- -initiator: Waiting for an internal event signaling readiness to
- proceed with Logout.
- -target: Waiting for the Logout process to start after having
- requested a Logout via an Async Message.
- -S8: CLEANUP_WAIT
- -initiator: Waiting for the context and/or resources to initiate
- the cleanup processing for this CSM.
- -target: Waiting for the cleanup process to start for this CSM.
-
-7.1.2. State Transition Descriptions for Initiators and Targets
-
- -T1:
- -initiator: Transport connect request was made (e.g., TCP SYN
- sent).
- -target: Illegal
- -T2:
- -initiator: Transport connection request timed out, a transport
- reset was received, or an internal event of receiving a
- Logout response (success) on another connection for a
- "close the session" Logout request was received.
- -target:Illegal
- -T3:
- -initiator: Illegal
- -target: Received a valid transport connection request that
- establishes the transport connection.
- -T4:
- -initiator: Transport connection established, thus prompting the
- initiator to start the iSCSI Login.
- -target: Initial iSCSI Login Request was received.
- -T5:
- -initiator: The final iSCSI Login Response with a Status-Class
- of zero was received.
- -target: The final iSCSI Login Request to conclude the Login
- Phase was received, thus prompting the target to send the
- final iSCSI Login Response with a Status-Class of zero.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 85]
-
-RFC 3720 iSCSI April 2004
-
-
- -T6:
- -initiator: Illegal
- -target: Timed out waiting for an iSCSI Login, transport
- disconnect indication was received, transport reset was
- received, or an internal event indicating a transport
- timeout was received. In all these cases, the connection is
- to be closed.
- -T7:
- -initiator - one of the following events caused the transition:
- - The final iSCSI Login Response was received with a
- non-zero Status-Class.
- - Login timed out.
- - A transport disconnect indication was received.
- - A transport reset was received.
- - An internal event was received indicating a transport
- timeout.
- - An internal event of receiving a Logout response (success)
- on another connection for a "close the session" Logout
- request was received.
-
- In all these cases, the transport connection is closed.
-
- -target - one of the following events caused the transition:
- - The final iSCSI Login Request to conclude the Login Phase
- was received, prompting the target to send the final iSCSI
- Login Response with a non-zero Status-Class.
- - Login timed out.
- - Transport disconnect indication was received.
- - Transport reset was received.
- - An internal event indicating a transport timeout was
- received.
- - On another connection a "close the session" Logout request
- was received.
- In all these cases, the connection is to be closed.
- -T8:
- -initiator: An internal event of receiving a Logout response
- (success) on another connection for a "close the session"
- Logout request was received, thus closing this connection
- requiring no further cleanup.
- -target: An internal event of sending a Logout response
- (success) on another connection for a "close the session"
- Logout request was received, or an internal event of a
- successful connection/session reinstatement is received,
- thus prompting the target to close this connection cleanly.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 86]
-
-RFC 3720 iSCSI April 2004
-
-
- -T9, T10:
- -initiator: An internal event that indicates the readiness to
- start the Logout process was received, thus prompting an
- iSCSI Logout to be sent by the initiator.
- -target: An iSCSI Logout request was received.
- -T11, T12:
- -initiator: Async PDU with AsyncEvent "Request Logout" was
- received.
- -target: An internal event that requires the decommissioning of
- the connection is received, thus causing an Async PDU with
- an AsyncEvent "Request Logout" to be sent.
- -T13:
- -initiator: An iSCSI Logout response (success) was received, or
- an internal event of receiving a Logout response (success)
- on another connection for a "close the session" Logout
- request was received.
- -target: An internal event was received that indicates
- successful processing of the Logout, which prompts an iSCSI
- Logout response (success) to be sent; an internal event of
- sending a Logout response (success) on another connection
- for a "close the session" Logout request was received; or an
- internal event of a successful connection/session
- reinstatement is received. In all these cases, the
- transport connection is closed.
-
- -T14:
- -initiator: Async PDU with AsyncEvent "Request Logout" was
- received again.
- -target: Illegal
- -T15, T16:
- -initiator: One or more of the following events caused this
- transition:
- -Internal event that indicates a transport connection
- timeout was received thus prompting transport RESET or
- transport connection closure.
- -A transport RESET.
- -A transport disconnect indication.
- -Async PDU with AsyncEvent "Drop connection" (for this CID).
- -Async PDU with AsyncEvent "Drop all connections".
- -target: One or more of the following events caused this
- transition:
- -Internal event that indicates a transport connection
- timeout was received, thus prompting transport RESET or
- transport connection closure.
- -An internal event of a failed connection/session
- reinstatement is received.
- -A transport RESET.
- -A transport disconnect indication.
-
-
-
-Satran, et al. Standards Track [Page 87]
-
-RFC 3720 iSCSI April 2004
-
-
- -Internal emergency cleanup event was received which prompts
- an Async PDU with AsyncEvent "Drop connection" (for this
- CID), or event "Drop all connections".
- -T17:
- -initiator: One or more of the following events caused this
- transition:
- -Logout response, (failure i.e., a non-zero status) was
- received, or Logout timed out.
- -Any of the events specified for T15 and T16.
- -target: One or more of the following events caused this
- transition:
- -Internal event that indicates a failure of the Logout
- processing was received, which prompts a Logout response
- (failure, i.e., a non-zero status) to be sent.
- -Any of the events specified for T15 and T16.
- -T18:
- -initiator: An internal event of receiving a Logout response
- (success) on another connection for a "close the session"
- Logout request was received.
- -target: An internal event of sending a Logout response
- (success) on another connection for a "close the session"
- Logout request was received, or an internal event of a
- successful connection/session reinstatement is received. In
- both these cases, the connection is closed.
-
- The CLEANUP_WAIT state (S8) implies that there are possible iSCSI
- tasks that have not reached conclusion and are still considered busy.
-
-7.1.3. Standard Connection State Diagram for an Initiator
-
- Symbolic names for States:
-
- S1: FREE
- S2: XPT_WAIT
- S4: IN_LOGIN
- S5: LOGGED_IN
- S6: IN_LOGOUT
- S7: LOGOUT_REQUESTED
- S8: CLEANUP_WAIT
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 88]
-
-RFC 3720 iSCSI April 2004
-
-
- States S5, S6, and S7 constitute the Full Feature Phase operation of
- the connection.
-
- The state diagram is as follows:
-
- -------<-------------+
- +--------->/ S1 \<----+ |
- T13| +->\ /<-+ \ |
- | / ---+--- \ \ |
- | / | T2 \ | |
- | T8 | |T1 | | |
- | | | / |T7 |
- | | | / | |
- | | | / | |
- | | V / / |
- | | ------- / / |
- | | / S2 \ / |
- | | \ / / |
- | | ---+--- / |
- | | |T4 / |
- | | V / | T18
- | | ------- / |
- | | / S4 \ |
- | | \ / |
- | | ---+--- | T15
- | | |T5 +--------+---------+
- | | | /T16+-----+------+ |
- | | | / -+-----+--+ | |
- | | | / / S7 \ |T12| |
- | | | / +->\ /<-+ V V
- | | | / / -+----- -------
- | | | / /T11 |T10 / S8 \
- | | V / / V +----+ \ /
- | | ---+-+- ----+-- | -------
- | | / S5 \T9 / S6 \<+ ^
- | +-----\ /--->\ / T14 |
- | ------- --+----+------+T17
- +---------------------------+
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 89]
-
-RFC 3720 iSCSI April 2004
-
-
- The following state transition table represents the above diagram.
- Each row represents the starting state for a given transition, which
- after taking a transition marked in a table cell would end in the
- state represented by the column of the cell. For example, from state
- S1, the connection takes the T1 transition to arrive at state S2.
- The fields marked "-" correspond to undefined transitions.
-
- +----+---+---+---+---+----+---+
- |S1 |S2 |S4 |S5 |S6 |S7 |S8 |
- ---+----+---+---+---+---+----+---+
- S1| - |T1 | - | - | - | - | - |
- ---+----+---+---+---+---+----+---+
- S2|T2 |- |T4 | - | - | - | - |
- ---+----+---+---+---+---+----+---+
- S4|T7 |- |- |T5 | - | - | - |
- ---+----+---+---+---+---+----+---+
- S5|T8 |- |- | - |T9 |T11 |T15|
- ---+----+---+---+---+---+----+---+
- S6|T13 |- |- | - |T14|- |T17|
- ---+----+---+---+---+---+----+---+
- S7|T18 |- |- | - |T10|T12 |T16|
- ---+----+---+---+---+---+----+---+
- S8| - |- |- | - | - | - | - |
- ---+----+---+---+---+---+----+---+
-
-7.1.4. Standard Connection State Diagram for a Target
-
- Symbolic names for States:
-
- S1: FREE
- S3: XPT_UP
- S4: IN_LOGIN
- S5: LOGGED_IN
- S6: IN_LOGOUT
- S7: LOGOUT_REQUESTED
- S8: CLEANUP_WAIT
-
- States S5, S6, and S7 constitute the Full Feature Phase operation of
- the connection.
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 90]
-
-RFC 3720 iSCSI April 2004
-
-
- The state diagram is as follows:
-
- -------<-------------+
- +--------->/ S1 \<----+ |
- T13| +->\ /<-+ \ |
- | / ---+--- \ \ |
- | / | T6 \ | |
- | T8 | |T3 | | |
- | | | / |T7 |
- | | | / | |
- | | | / | |
- | | V / / |
- | | ------- / / |
- | | / S3 \ / |
- | | \ / / | T18
- | | ---+--- / |
- | | |T4 / |
- | | V / |
- | | ------- / |
- | | / S4 \ |
- | | \ / |
- | | ---+--- T15 |
- | | |T5 +--------+---------+
- | | | /T16+-----+------+ |
- | | | / -+-----+---+ | |
- | | | / / S7 \ |T12| |
- | | | / +->\ /<-+ V V
- | | | / / -+----- -------
- | | | / /T11 |T10 / S8 \
- | | V / / V \ /
- | | ---+-+- ------- -------
- | | / S5 \T9 / S6 \ ^
- | +-----\ /--->\ / |
- | ------- --+----+--------+T17
- +---------------------------+
-
- The following state transition table represents the above diagram,
- and follows the conventions described for the initiator diagram.
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 91]
-
-RFC 3720 iSCSI April 2004
-
-
- +----+---+---+---+---+----+---+
- |S1 |S3 |S4 |S5 |S6 |S7 |S8 |
- ---+----+---+---+---+---+----+---+
- S1| - |T3 | - | - | - | - | - |
- ---+----+---+---+---+---+----+---+
- S3|T6 |- |T4 | - | - | - | - |
- ---+----+---+---+---+---+----+---+
- S4|T7 |- |- |T5 | - | - | - |
- ---+----+---+---+---+---+----+---+
- S5|T8 |- |- | - |T9 |T11 |T15|
- ---+----+---+---+---+---+----+---+
- S6|T13 |- |- | - |- |- |T17|
- ---+----+---+---+---+---+----+---+
- S7|T18 |- |- | - |T10|T12 |T16|
- ---+----+---+---+---+---+----+---+
- S8| - |- |- | - | - | - | - |
- ---+----+---+---+---+---+----+---+
-
-7.2. Connection Cleanup State Diagram for Initiators and Targets
-
- Symbolic names for states:
-
- R1: CLEANUP_WAIT (same as S8)
- R2: IN_CLEANUP
- R3: FREE (same as S1)
-
- Whenever a connection state machine (e.g., CSM-C) enters the
- CLEANUP_WAIT state (S8), it must go through the state transitions
- described in the connection cleanup state diagram either a) using a
- separate full-feature phase connection (let's call it CSM-E) in the
- LOGGED_IN state in the same session, or b) using a new transport
- connection (let's call it CSM-I) in the FREE state that is to be
- added to the same session. In the CSM-E case, an explicit logout for
- the CID that corresponds to CSM-C (either as a connection or session
- logout) needs to be performed to complete the cleanup. In the CSM-I
- case, an implicit logout for the CID that corresponds to CSM-C needs
- to be performed by way of connection reinstatement (section 5.3.4)
- for that CID. In either case, the protocol exchanges on CSM-E or
- CSM-I determine the state transitions for CSM-C. Therefore, this
- cleanup state diagram is only applicable to the instance of the
- connection in cleanup (i.e., CSM-C). In the case of an implicit
- logout for example, CSM-C reaches FREE (R3) at the time CSM-I reaches
- LOGGED_IN. In the case of an explicit logout, CSM-C reaches FREE
- (R3) when CSM-E receives a successful logout response while
- continuing to be in the LOGGED_IN state.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 92]
-
-RFC 3720 iSCSI April 2004
-
-
- An initiator must initiate an explicit or implicit connection logout
- for a connection in the CLEANUP_WAIT state, if the initiator intends
- to continue using the associated iSCSI session.
-
- The following state diagram applies to both initiators and targets.
-
- -------
- / R1 \
- +--\ /<-+
- / ---+---
- / | \ M3
- M1 | |M2 |
- | | /
- | | /
- | | /
- | V /
- | ------- /
- | / R2 \
- | \ /
- | -------
- | |
- | |M4
- | |
- | |
- | |
- | V
- | -------
- | / R3 \
- +---->\ /
- -------
-
- The following state transition table represents the above diagram,
- and follows the same conventions as in earlier sections.
-
- +----+----+----+
- |R1 |R2 |R3 |
- -----+----+----+----+
- R1 | - |M2 |M1 |
- -----+----+----+----+
- R2 |M3 | - |M4 |
- -----+----+----+----+
- R3 | - | - | - |
- -----+----+----+----+
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 93]
-
-RFC 3720 iSCSI April 2004
-
-
-7.2.1. State Descriptions for Initiators and Targets
-
- -R1: CLEANUP_WAIT (Same as S8)
- -initiator: Waiting for the internal event to initiate the
- cleanup processing for CSM-C.
- -target: Waiting for the cleanup process to start for CSM-C.
- -R2: IN_CLEANUP
- -initiator: Waiting for the connection cleanup process to
- conclude for CSM-C.
- -target: Waiting for the connection cleanup process to conclude
- for CSM-C.
- -R3: FREE (Same as S1)
- -initiator: End state for CSM-C.
- -target: End state for CSM-C.
-
-7.2.2. State Transition Descriptions for Initiators and Targets
-
- -M1: One or more of the following events was received:
- -initiator:
- -An internal event that indicates connection state timeout.
- -An internal event of receiving a successful Logout response
- on a different connection for a "close the session"
- Logout.
- -target:
- -An internal event that indicates connection state timeout.
- -An internal event of sending a Logout response (success) on
- a different connection for a "close the session" Logout
- request.
-
- -M2: An implicit/explicit logout process was initiated by the
- initiator.
- -In CSM-I usage:
- -initiator: An internal event requesting the connection (or
- session) reinstatement was received, thus prompting a
- connection (or session) reinstatement Login to be sent
- transitioning CSM-I to state IN_LOGIN.
- -target: A connection/session reinstatement Login was
- received while in state XPT_UP.
- -In CSM-E usage:
- -initiator: An internal event that indicates that an
- explicit logout was sent for this CID in state LOGGED_IN.
- -target: An explicit logout was received for this CID in
- state LOGGED_IN.
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 94]
-
-RFC 3720 iSCSI April 2004
-
-
- -M3: Logout failure detected
- -In CSM-I usage:
- -initiator: CSM-I failed to reach LOGGED_IN and arrived into
- FREE instead.
- -target: CSM-I failed to reach LOGGED_IN and arrived into
- FREE instead.
- -In CSM-E usage:
- -initiator: CSM-E either moved out of LOGGED_IN, or Logout
- timed out and/or aborted, or Logout response (failure)
- was received.
- -target: CSM-E either moved out of LOGGED_IN, Logout timed
- out and/or aborted, or an internal event that indicates a
- failed Logout processing was received. A Logout response
- (failure) was sent in the last case.
-
- -M4: Successful implicit/explicit logout was performed.
-
- - In CSM-I usage:
- -initiator: CSM-I reached state LOGGED_IN, or an internal
- event of receiving a Logout response (success) on another
- connection for a "close the session" Logout request was
- received.
- -target: CSM-I reached state LOGGED_IN, or an internal event
- of sending a Logout response (success) on a different
- connection for a "close the session" Logout request was
- received.
- - In CSM-E usage:
- -initiator: CSM-E stayed in LOGGED_IN and received a Logout
- response (success), or an internal event of receiving a
- Logout response (success) on another connection for a
- "close the session" Logout request was received.
- -target: CSM-E stayed in LOGGED_IN and an internal event
- indicating a successful Logout processing was received,
- or an internal event of sending a Logout response
- (success) on a different connection for a "close the
- session" Logout request was received.
-
-7.3. Session State Diagrams
-
-7.3.1. Session State Diagram for an Initiator
-
- Symbolic Names for States:
-
- Q1: FREE
- Q3: LOGGED_IN
- Q4: FAILED
-
- State Q3 represents the Full Feature Phase operation of the session.
-
-
-
-Satran, et al. Standards Track [Page 95]
-
-RFC 3720 iSCSI April 2004
-
-
- The state diagram is as follows:
-
- -------
- / Q1 \
- +------>\ /<-+
- / ---+--- |
- / | |N3
- N6 | |N1 |
- | | |
- | N4 | |
- | +--------+ | /
- | | | | /
- | | | | /
- | | V V /
- -+--+-- -----+-
- / Q4 \ N5 / Q3 \
- \ /<---\ /
- ------- -------
-
- The state transition table is as follows:
-
- +----+----+----+
- |Q1 |Q3 |Q4 |
- -----+----+----+----+
- Q1 | - |N1 | - |
- -----+----+----+----+
- Q3 |N3 | - |N5 |
- -----+----+----+----+
- Q4 |N6 |N4 | - |
- -----+----+----+----+
-
-7.3.2. Session State Diagram for a Target
-
- Symbolic Names for States:
-
- Q1: FREE
- Q2: ACTIVE
- Q3: LOGGED_IN
- Q4: FAILED
- Q5: IN_CONTINUE
-
- State Q3 represents the Full Feature Phase operation of the session.
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 96]
-
-RFC 3720 iSCSI April 2004
-
-
- The state diagram is as follows:
-
- -------
- +------------------>/ Q1 \
- / +-------------->\ /<-+
- | | ---+--- |
- | | ^ | |N3
- N6 | |N11 N9| V N1 |
- | | +------ |
- | | / Q2 \ |
- | | \ / |
- | --+---- +--+--- |
- | / Q5 \ | |
- | \ / N10 | |
- | +-+---+------------+ |N2 /
- | ^ | | | /
- |N7| |N8 | | /
- | | | | V /
- -+--+-V V----+-
- / Q4 \ N5 / Q3 \
- \ /<-------------\ /
- ------- -------
-
- The state transition table is as follows:
-
- +----+----+----+----+----+
- |Q1 |Q2 |Q3 |Q4 |Q5 |
- -----+----+----+----+----+----+
- Q1 | - |N1 | - | - | - |
- -----+----+----+----+----+----+
- Q2 |N9 | - |N2 | - | - |
- -----+----+----+----+----+----+
- Q3 |N3 | - | - |N5 | - |
- -----+----+----+----+----+----+
- Q4 |N6 | - | - | - |N7 |
- -----+----+----+----+----+----+
- Q5 |N11 | - |N10 |N8 | - |
- -----+----+----+----+----+----+
-
-7.3.3. State Descriptions for Initiators and Targets
-
- -Q1: FREE
- -initiator: State on instantiation or after cleanup.
- -target: State on instantiation or after cleanup.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 97]
-
-RFC 3720 iSCSI April 2004
-
-
- -Q2: ACTIVE
- -initiator: Illegal.
- -target: The first iSCSI connection in the session transitioned
- to IN_LOGIN, waiting for it to complete the login process.
-
- -Q3: LOGGED_IN
- -initiator: Waiting for all session events.
- -target: Waiting for all session events.
-
- -Q4: FAILED
- -initiator: Waiting for session recovery or session
- continuation.
- -target: Waiting for session recovery or session continuation.
-
- -Q5: IN_CONTINUE
- -initiator: Illegal.
- -target: Waiting for session continuation attempt to reach a
- conclusion.
-
-7.3.4. State Transition Descriptions for Initiators and Targets
-
- -N1:
- -initiator: At least one transport connection reached the
- LOGGED_IN state.
- -target: The first iSCSI connection in the session had reached
- the IN_LOGIN state.
-
- -N2:
- -initiator: Illegal.
- -target: At least one iSCSI connection reached the LOGGED_IN
- state.
-
- -N3:
- -initiator: Graceful closing of the session via session closure
- (Section 5.3.6 Session Continuation and Failure).
- -target: Graceful closing of the session via session closure
- (Section 5.3.6 Session Continuation and Failure) or a
- successful session reinstatement cleanly closed the session.
-
- -N4:
- -initiator: A session continuation attempt succeeded.
- -target: Illegal.
-
- -N5:
- -initiator: Session failure (Section 5.3.6 Session Continuation
- and Failure) occurred.
- -target: Session failure (Section 5.3.6 Session Continuation and
- Failure) occurred.
-
-
-
-Satran, et al. Standards Track [Page 98]
-
-RFC 3720 iSCSI April 2004
-
-
- -N6:
- -initiator: Session state timeout occurred, or a session
- reinstatement cleared this session instance. This results
- in the freeing of all associated resources and the session
- state is discarded.
- -target: Session state timeout occurred, or a session
- reinstatement cleared this session instance. This results
- in the freeing of all associated resources and the session
- state is discarded.
-
- -N7:
- -initiator: Illegal.
- -target: A session continuation attempt is initiated.
-
- -N8:
- -initiator: Illegal.
- -target: The last session continuation attempt failed.
-
- -N9:
- -initiator: Illegal.
- -target: Login attempt on the leading connection failed.
-
- -N10:
- -initiator: Illegal.
- -target: A session continuation attempt succeeded.
-
- -N11:
- -initiator: Illegal.
- -target: A successful session reinstatement cleanly closed the
- session.
-
-8. Security Considerations
-
- Historically, native storage systems have not had to consider
- security because their environments offered minimal security risks.
- That is, these environments consisted of storage devices either
- directly attached to hosts or connected via a Storage Area Network
- (SAN) distinctly separate from the communications network. The use
- of storage protocols, such as SCSI, over IP-networks requires that
- security concerns be addressed. iSCSI implementations MUST provide
- means of protection against active attacks (e.g., pretending to be
- another identity, message insertion, deletion, modification, and
- replaying) and passive attacks (e.g., eavesdropping, gaining
- advantage by analyzing the data sent over the line).
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 99]
-
-RFC 3720 iSCSI April 2004
-
-
- Although technically possible, iSCSI SHOULD NOT be configured without
- security. iSCSI configured without security should be confined, in
- extreme cases, to closed environments without any security risk.
- [RFC3723] specifies the mechanisms that must be used in order to
- mitigate risks fully described in that document.
-
- The following section describes the security mechanisms provided by
- an iSCSI implementation.
-
-8.1. iSCSI Security Mechanisms
-
- The entities involved in iSCSI security are the initiator, target,
- and the IP communication end points. iSCSI scenarios in which
- multiple initiators or targets share a single communication end point
- are expected. To accommodate such scenarios, iSCSI uses two separate
- security mechanisms: In-band authentication between the initiator and
- the target at the iSCSI connection level (carried out by exchange of
- iSCSI Login PDUs), and packet protection (integrity, authentication,
- and confidentiality) by IPsec at the IP level. The two security
- mechanisms complement each other. The in-band authentication
- provides end-to-end trust (at login time) between the iSCSI initiator
- and the target while IPsec provides a secure channel between the IP
- communication end points.
-
- Further details on typical iSCSI scenarios and the relation between
- the initiators, targets, and the communication end points can be
- found in [RFC3723].
-
-8.2. In-band Initiator-Target Authentication
-
- During login, the target MAY authenticate the initiator and the
- initiator MAY authenticate the target. The authentication is
- performed on every new iSCSI connection by an exchange of iSCSI Login
- PDUs using a negotiated authentication method.
-
- The authentication method cannot assume an underlying IPsec
- protection, because IPsec is optional to use. An attacker should
- gain as little advantage as possible by inspecting the authentication
- phase PDUs. Therefore, a method using clear text (or equivalent)
- passwords is not acceptable; on the other hand, identity protection
- is not strictly required.
-
- The authentication mechanism protects against an unauthorized login
- to storage resources by using a false identity (spoofing). Once the
- authentication phase is completed, if the underlying IPsec is not
- used, all PDUs are sent and received in clear. The authentication
-
-
-
-
-
-Satran, et al. Standards Track [Page 100]
-
-RFC 3720 iSCSI April 2004
-
-
- mechanism alone (without underlying IPsec) should only be used when
- there is no risk of eavesdropping, message insertion, deletion,
- modification, and replaying.
-
- Section 11 iSCSI Security Text Keys and Authentication Methods
- defines several authentication methods and the exact steps that must
- be followed in each of them, including the iSCSI-text-keys and their
- allowed values in each step. Whenever an iSCSI initiator gets a
- response whose keys, or their values, are not according to the step
- definition, it MUST abort the connection. Whenever an iSCSI target
- gets a response whose keys, or their values, are not according to the
- step definition, it MUST answer with a Login reject with the
- "Initiator Error" or "Missing Parameter" status. These statuses are
- not intended for cryptographically incorrect values such as the CHAP
- response, for which "Authentication Failure" status MUST be
- specified. The importance of this rule can be illustrated in CHAP
- with target authentication (see Section 11.1.4 Challenge Handshake
- Authentication Protocol (CHAP)) where the initiator would have been
- able to conduct a reflection attack by omitting his response key
- (CHAP_R) using the same CHAP challenge as the target and reflecting
- the target's response back to the target. In CHAP, this is prevented
- because the target must answer the missing CHAP_R key with a Login
- reject with the "Missing Parameter" status.
-
- For some of the authentication methods, a key specifies the identity
- of the iSCSI initiator or target for authentication purposes. The
- value associated with that key MAY be different from the iSCSI name
- and SHOULD be configurable. (CHAP_N, see Section 11.1.4 Challenge
- Handshake Authentication Protocol (CHAP) and SRP_U, see Section
- 11.1.3 Secure Remote Password (SRP)).
-
-8.2.1. CHAP Considerations
-
- Compliant iSCSI initiators and targets MUST implement the CHAP
- authentication method [RFC1994] (according to Section 11.1.4
- Challenge Handshake Authentication Protocol (CHAP) including the
- target authentication option).
-
- When CHAP is performed over a non-encrypted channel, it is vulnerable
- to an off-line dictionary attack. Implementations MUST support use
- of up to 128 bit random CHAP secrets, including the means to generate
- such secrets and to accept them from an external generation source.
- Implementations MUST NOT provide secret generation (or expansion)
- means other than random generation.
-
- An administrative entity of an environment in which CHAP is used with
- a secret that has less than 96 random bits MUST enforce IPsec
- encryption (according to the implementation requirements in Section
-
-
-
-Satran, et al. Standards Track [Page 101]
-
-RFC 3720 iSCSI April 2004
-
-
- 8.3.2 Confidentiality) to protect the connection. Moreover, in this
- case IKE authentication with group pre-shared cryptographic keys
- SHOULD NOT be used unless it is not essential to protect group
- members against off-line dictionary attacks by other members.
-
- CHAP secrets MUST be an integral number of bytes (octets). A
- compliant implementation SHOULD NOT continue with the login step in
- which it should send a CHAP response (CHAP_R, Section 11.1.4
- Challenge Handshake Authentication Protocol (CHAP)) unless it can
- verify that the CHAP secret is at least 96 bits, or that IPsec
- encryption is being used to protect the connection.
-
- Any CHAP secret used for initiator authentication MUST NOT be
- configured for authentication of any target, and any CHAP secret used
- for target authentication MUST NOT be configured for authentication
- of any initiator. If the CHAP response received by one end of an
- iSCSI connection is the same as the CHAP response that the receiving
- endpoint would have generated for the same CHAP challenge, the
- response MUST be treated as an authentication failure and cause the
- connection to close (this ensures that the same CHAP secret is not
- used for authentication in both directions). Also, if an iSCSI
- implementation can function as both initiator and target, different
- CHAP secrets and identities MUST be configured for these two roles.
- The following is an example of the attacks prevented by the above
- requirements:
-
- Rogue wants to impersonate Storage to Alice, and knows that a
- single secret is used for both directions of Storage-Alice
- authentication.
-
- Rogue convinces Alice to open two connections to Rogue, and Rogue
- identifies itself as Storage on both connections.
-
- Rogue issues a CHAP challenge on connection 1, waits for Alice to
- respond, and then reflects Alice's challenge as the initial
- challenge to Alice on connection 2.
-
- If Alice doesn't check for the reflection across connections,
- Alice's response on connection 2 enables Rogue to impersonate
- Storage on connection 1, even though Rogue does not know the
- Alice-Storage CHAP secret.
-
- Originators MUST NOT reuse the CHAP challenge sent by the Responder
- for the other direction of a bidirectional authentication.
- Responders MUST check for this condition and close the iSCSI TCP
- connection if it occurs.
-
-
-
-
-
-Satran, et al. Standards Track [Page 102]
-
-RFC 3720 iSCSI April 2004
-
-
- The same CHAP secret SHOULD NOT be configured for authentication of
- multiple initiators or multiple targets, as this enables any of them
- to impersonate any other one of them, and compromising one of them
- enables the attacker to impersonate any of them. It is recommended
- that iSCSI implementations check for use of identical CHAP secrets by
- different peers when this check is feasible, and take appropriate
- measures to warn users and/or administrators when this is detected.
-
- When an iSCSI initiator or target authenticates itself to
- counterparts in multiple administrative domains, it SHOULD use a
- different CHAP secret for each administrative domain to avoid
- propagating security compromises across domains.
-
- Within a single administrative domain:
- - A single CHAP secret MAY be used for authentication of an initiator
- to multiple targets.
- - A single CHAP secret MAY be used for an authentication of a target
- to multiple initiators when the initiators use an external server
- (e.g., RADIUS) to verify the target's CHAP responses and do not know
- the target's CHAP secret.
-
- If an external response verification server (e.g., RADIUS) is not
- used, employing a single CHAP secret for authentication of a target
- to multiple initiators requires that all such initiators know that
- target secret. Any of these initiators can impersonate the target to
- any other such initiator, and compromise of such an initiator enables
- an attacker to impersonate the target to all such initiators.
- Targets SHOULD use separate CHAP secrets for authentication to each
- initiator when such risks are of concern; in this situation it may be
- useful to configure a separate logical iSCSI target with its own
- iSCSI Node Name for each initiator or group of initiators among which
- such separation is desired.
-
-8.2.2. SRP Considerations
-
- The strength of the SRP authentication method (specified in
- [RFC2945]) is dependent on the characteristics of the group being
- used (i.e., the prime modulus N and generator g). As described in
- [RFC2945], N is required to be a Sophie-German prime (of the form
- N = 2q + 1, where q is also prime) and the generator g is a primitive
- root of GF(n). In iSCSI authentication, the prime modulus N MUST be
- at least 768 bits.
-
- The list of allowed SRP groups is provided in [RFC3723].
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 103]
-
-RFC 3720 iSCSI April 2004
-
-
-8.3. IPsec
-
- iSCSI uses the IPsec mechanism for packet protection (cryptographic
- integrity, authentication, and confidentiality) at the IP level
- between the iSCSI communicating end points. The following sections
- describe the IPsec protocols that must be implemented for data
- integrity and authentication, confidentiality, and cryptographic key
- management.
-
- An iSCSI initiator or target may provide the required IPsec support
- fully integrated or in conjunction with an IPsec front-end device.
- In the latter case, the compliance requirements with regard to IPsec
- support apply to the "combined device". Only the "combined device"
- is to be considered an iSCSI device.
-
- Detailed considerations and recommendations for using IPsec for iSCSI
- are provided in [RFC3723].
-
-8.3.1. Data Integrity and Authentication
-
- Data authentication and integrity is provided by a cryptographic
- keyed Message Authentication Code in every sent packet. This code
- protects against message insertion, deletion, and modification.
- Protection against message replay is realized by using a sequence
- counter.
-
- An iSCSI compliant initiator or target MUST provide data integrity
- and authentication by implementing IPsec [RFC2401] with ESP [RFC2406]
- in tunnel mode and MAY provide data integrity and authentication by
- implementing IPsec with ESP in transport mode. The IPsec
- implementation MUST fulfill the following iSCSI specific
- requirements:
-
- - HMAC-SHA1 MUST be implemented [RFC2404].
- - AES CBC MAC with XCBC extensions SHOULD be implemented
- [RFC3566].
-
- The ESP anti-replay service MUST also be implemented.
-
- At the high speeds iSCSI is expected to operate, a single IPsec SA
- could rapidly cycle through the 32-bit IPsec sequence number space.
- In view of this, it may be desirable in the future for an iSCSI
- implementation that operates at speeds of 1 Gbps or greater to
- implement the IPsec sequence number extension [SEQ-EXT].
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 104]
-
-RFC 3720 iSCSI April 2004
-
-
-8.3.2. Confidentiality
-
- Confidentiality is provided by encrypting the data in every packet.
- When confidentiality is used it MUST be accompanied by data integrity
- and authentication to provide comprehensive protection against
- eavesdropping, message insertion, deletion, modification, and
- replaying.
-
- An iSCSI compliant initiator or target MUST provide confidentiality
- by implementing IPsec [RFC2401] with ESP [RFC2406] in tunnel mode and
- MAY provide confidentiality by implementing IPsec with ESP in
- transport mode, with the following iSCSI specific requirements:
-
- - 3DES in CBC mode MUST be implemented [RFC2451].
- - AES in Counter mode SHOULD be implemented [RFC3686].
-
- DES in CBC mode SHOULD NOT be used due to its inherent weakness. The
- NULL encryption algorithm MUST also be implemented.
-
-8.3.3. Policy, Security Associations, and Cryptographic Key Management
-
- A compliant iSCSI implementation MUST meet the cryptographic key
- management requirements of the IPsec protocol suite. Authentication,
- security association negotiation, and cryptographic key management
- MUST be provided by implementing IKE [RFC2409] using the IPsec DOI
- [RFC2407] with the following iSCSI specific requirements:
-
- - Peer authentication using a pre-shared cryptographic key MUST be
- supported. Certificate-based peer authentication using digital
- signatures MAY be supported. Peer authentication using the
- public key encryption methods outlined in IKE sections 5.2 and
- 5.3[7] SHOULD NOT be used.
-
- - When digital signatures are used to achieve authentication, an
- IKE negotiator SHOULD use IKE Certificate Request Payload(s) to
- specify the certificate authority. IKE negotiators SHOULD check
- the pertinent Certificate Revocation List (CRL) before accepting
- a PKI certificate for use in IKE authentication procedures.
-
- - Conformant iSCSI implementations MUST support IKE Main Mode and
- SHOULD support Aggressive Mode. IKE main mode with pre-shared
- key authentication method SHOULD NOT be used when either the
- initiator or the target uses dynamically assigned IP addresses.
- While in many cases pre-shared keys offer good security,
- situations in which dynamically assigned addresses are used force
- the use of a group pre-shared key, which creates vulnerability to
- a man-in-the-middle attack.
-
-
-
-
-Satran, et al. Standards Track [Page 105]
-
-RFC 3720 iSCSI April 2004
-
-
- - In the IKE Phase 2 Quick Mode, exchanges for creating the Phase 2
- SA, the Identity Payload, fields MUST be present. ID_IPV4_ADDR,
- ID_IPV6_ADDR (if the protocol stack supports IPv6) and ID_FQDN
- Identity payloads MUST be supported; ID_USER_FQDN SHOULD be
- supported. The IP Subnet, IP Address Range, ID_DER_ASN1_DN, and
- ID_DER_ASN1_GN formats SHOULD NOT be used. The ID_KEY_ID
- Identity Payload MUST NOT be used.
-
- Manual cryptographic keying MUST NOT be used because it does not
- provide the necessary re-keying support.
-
- When IPsec is used, the receipt of an IKE Phase 2 delete message
- SHOULD NOT be interpreted as a reason for tearing down the iSCSI TCP
- connection. If additional traffic is sent on it, a new IKE Phase 2
- SA will be created to protect it.
-
- The method used by the initiator to determine whether the target
- should be connected using IPsec is regarded as an issue of IPsec
- policy administration, and thus not defined in the iSCSI standard.
-
- If an iSCSI target is discovered via a SendTargets request in a
- discovery session not using IPsec, the initiator should assume that
- it does not need IPsec to establish a session to that target. If an
- iSCSI target is discovered using a discovery session that does use
- IPsec, the initiator SHOULD use IPsec when establishing a session to
- that target.
-
-9. Notes to Implementers
-
- This section notes some of the performance and reliability
- considerations of the iSCSI protocol. This protocol was designed to
- allow efficient silicon and software implementations. The iSCSI task
- tag mechanism was designed to enable Direct Data Placement (DDP - a
- DMA form) at the iSCSI level or lower.
-
- The guiding assumption made throughout the design of this protocol is
- that targets are resource constrained relative to initiators.
-
- Implementers are also advised to consider the implementation
- consequences of the iSCSI to SCSI mapping model as outlined in
- Section 3.4.3 Consequences of the Model.
-
-9.1. Multiple Network Adapters
-
- The iSCSI protocol allows multiple connections, not all of which need
- to go over the same network adapter. If multiple network connections
- are to be utilized with hardware support, the iSCSI protocol
-
-
-
-
-Satran, et al. Standards Track [Page 106]
-
-RFC 3720 iSCSI April 2004
-
-
- command-data-status allegiance to one TCP connection ensures that
- there is no need to replicate information across network adapters or
- otherwise require them to cooperate.
-
- However, some task management commands may require some loose form of
- cooperation or replication at least on the target.
-
-9.1.1. Conservative Reuse of ISIDs
-
- Historically, the SCSI model (and implementations and applications
- based on that model) has assumed that SCSI ports are static, physical
- entities. Recent extensions to the SCSI model have taken advantage
- of persistent worldwide unique names for these ports. In iSCSI
- however, the SCSI initiator ports are the endpoints of dynamically
- created sessions, so the presumptions of "static and physical" do not
- apply. In any case, the model clauses (particularly, Section 3.4.2
- SCSI Architecture Model) provide for persistent, reusable names for
- the iSCSI-type SCSI initiator ports even though there does not need
- to be any physical entity bound to these names.
-
- To both minimize the disruption of legacy applications and to better
- facilitate the SCSI features that rely on persistent names for SCSI
- ports, iSCSI implementations SHOULD attempt to provide a stable
- presentation of SCSI Initiator Ports (both to the upper OS-layers and
- to the targets to which they connect). This can be achieved in an
- initiator implementation by conservatively reusing ISIDs. In other
- words, the same ISID should be used in the Login process to multiple
- target portal groups (of the same iSCSI Target or different iSCSI
- Targets). The ISID RULE (Section 3.4.3 Consequences of the Model)
- only prohibits reuse to the same target portal group. It does not
- "preclude" reuse to other target portal groups. The principle of
- conservative reuse "encourages" reuse to other target portal groups.
- When a SCSI target device sees the same (InitiatorName, ISID) pair in
- different sessions to different target portal groups, it can identify
- the underlying SCSI Initiator Port on each session as the same SCSI
- port. In effect, it can recognize multiple paths from the same
- source.
-
-9.1.2. iSCSI Name, ISID, and TPGT Use
-
- The designers of the iSCSI protocol envisioned there being one iSCSI
- Initiator Node Name per operating system image on a machine. This
- enables SAN resource configuration and authentication schemes based
- on a system's identity. It supports the notion that it should be
- possible to assign access to storage resources based on "initiator
- device" identity.
-
-
-
-
-
-Satran, et al. Standards Track [Page 107]
-
-RFC 3720 iSCSI April 2004
-
-
- When there are multiple hardware or software components coordinated
- as a single iSCSI Node, there must be some (logical) entity that
- represents the iSCSI Node that makes the iSCSI Node Name available to
- all components involved in session creation and login. Similarly,
- this entity that represents the iSCSI Node must be able to coordinate
- session identifier resources (ISID for initiators) to enforce both
- the ISID and TSIH RULES (see Section 3.4.3 Consequences of the
- Model).
-
- For targets, because of the closed environment, implementation of
- this entity should be straightforward. However, vendors of iSCSI
- hardware (e.g., NICs or HBAs) intended for targets, SHOULD provide
- mechanisms for configuration of the iSCSI Node Name across the portal
- groups instantiated by multiple instances of these components within
- a target.
-
- However, complex targets making use of multiple Target Portal Group
- Tags may reconfigure them to achieve various quality goals. The
- initiators have two mechanisms at their disposal to discover and/or
- check reconfiguring targets - the discovery session type and a key
- returned by the target during login to confirm the TPGT. An
- initiator should attempt to "rediscover" the target configuration
- anytime a session is terminated unexpectedly.
-
- For initiators, in the long term, it is expected that operating
- system vendors will take on the role of this entity and provide
- standard APIs that can inform components of their iSCSI Node Name and
- can configure and/or coordinate ISID allocation, use, and reuse.
-
- Recognizing that such initiator APIs are not available today, other
- implementations of the role of this entity are possible. For
- example, a human may instantiate the (common) Node name as part of
- the installation process of each iSCSI component involved in session
- creation and login. This may be done either by pointing the
- component to a vendor-specific location for this datum or to a
- system-wide location. The structure of the ISID namespace (see
- Section 10.12.5 ISID and [RFC3721]) facilitates implementation of the
- ISID coordination by allowing each component vendor to independently
- (of other vendor's components) coordinate allocation, use, and reuse
- of its own partition of the ISID namespace in a vendor-specific
- manner. Partitioning of the ISID namespace within initiator portal
- groups managed by that vendor allows each such initiator portal group
- to act independently of all other portal groups when selecting an
- ISID for a login; this facilitates enforcement of the ISID RULE (see
- Section 3.4.3 Consequences of the Model) at the initiator.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 108]
-
-RFC 3720 iSCSI April 2004
-
-
- A vendor of iSCSI hardware (e.g., NICs or HBAs) intended for use in
- initiators MUST implement a mechanism for configuring the iSCSI Node
- Name. Vendors, and administrators must ensure that iSCSI Node Names
- are unique worldwide. It is therefore important that when one
- chooses to reuse the iSCSI Node Name of a disabled unit, not to
- re-assign that name to the original unit unless its worldwide
- uniqueness can be ascertained again.
-
- In addition, a vendor of iSCSI hardware must implement a mechanism to
- configure and/or coordinate ISIDs for all sessions managed by
- multiple instances of that hardware within a given iSCSI Node. Such
- configuration might be either permanently pre-assigned at the factory
- (in a necessarily globally unique way), statically assigned (e.g.,
- partitioned across all the NICs at initialization in a locally unique
- way), or dynamically assigned (e.g., on-line allocator, also in a
- locally unique way). In the latter two cases, the configuration may
- be via public APIs (perhaps driven by an independent vendor's
- software, such as the OS vendor) or via private APIs driven by the
- vendor's own software.
-
-9.2. Autosense and Auto Contingent Allegiance (ACA)
-
- Autosense refers to the automatic return of sense data to the
- initiator in case a command did not complete successfully. iSCSI
- initiators and targets MUST support and use autosense.
-
- ACA helps preserve ordered command execution in the presence of
- errors. As iSCSI can have many commands in-flight between initiator
- and target, iSCSI initiators and targets SHOULD support ACA.
-
-9.3. iSCSI Timeouts
-
- iSCSI recovery actions are often dependent on iSCSI time-outs being
- recognized and acted upon before SCSI time-outs. Determining the
- right time-outs to use for various iSCSI actions (command
- acknowledgements expected, status acknowledgements, etc.) is very
- much dependent on infrastructure (hardware, links, TCP/IP stack,
- iSCSI driver). As a guide, the implementer may use an average
- Nop-Out/Nop-In turnaround delay multiplied by a "safety factor"
- (e.g., 4) as a good estimate for the basic delay of the iSCSI stack
- for a given connection. The safety factor should account for the
- network load variability. For connection teardown the implementer
- may want to consider also the TCP common practice for the given
- infrastructure.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 109]
-
-RFC 3720 iSCSI April 2004
-
-
- Text negotiations MAY also be subject to either time-limits or limits
- in the number of exchanges. Those SHOULD be generous enough to avoid
- affecting interoperability (e.g., allowing each key to be negotiated
- on a separate exchange).
-
- The relation between iSCSI timeouts and SCSI timeouts should also be
- considered. SCSI timeouts should be longer than iSCSI timeouts plus
- the time required for iSCSI recovery whenever iSCSI recovery is
- planned. Alternatively, an implementer may choose to interlock iSCSI
- timeouts and recovery with SCSI timeouts so that SCSI recovery will
- become active only where iSCSI is not planned to, or failed to,
- recover.
-
- The implementer may also want to consider the interaction between
- various iSCSI exception events - such as a digest failure - and
- subsequent timeouts. When iSCSI error recovery is active, a digest
- failure is likely to result in discovering a missing command or data
- PDU. In these cases, an implementer may want to lower the timeout
- values to enable faster initiation for recovery procedures.
-
-9.4. Command Retry and Cleaning Old Command Instances
-
- To avoid having old, retried command instances appear in a valid
- command window after a command sequence number wrap around, the
- protocol requires (see Section 3.2.2.1 Command Numbering and
- Acknowledging) that on every connection on which a retry has been
- issued, a non-immediate command be issued and acknowledged within a
- 2**31-1 commands interval from the CmdSN of the retried command.
- This requirement can be fulfilled by an implementation in several
- ways.
-
- The simplest technique to use is to send a (non-retry) non-immediate
- SCSI command (or a NOP if no SCSI command is available for a while)
- after every command retry on the connection on which the retry was
- attempted. As errors are deemed rare events, this technique is
- probably the most effective, as it does not involve additional checks
- at the initiator when issuing commands.
-
-9.5. Synch and Steering Layer and Performance
-
- While a synch and steering layer is optional, an initiator/target
- that does not have it working against a target/initiator that demands
- synch and steering may experience performance degradation caused by
- packet reordering and loss. Providing a synch and steering mechanism
- is recommended for all high-speed implementations.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 110]
-
-RFC 3720 iSCSI April 2004
-
-
-9.6. Considerations for State-dependent Devices and Long-lasting SCSI
- Operations
-
- Sequential access devices operate on the principle that the position
- of the device is based on the last command processed. As such,
- command processing order and knowledge of whether or not the previous
- command was processed is of the utmost importance to maintain data
- integrity. For example, inadvertent retries of SCSI commands when it
- is not known if the previous SCSI command was processed is a
- potential data integrity risk.
-
- For a sequential access device, consider the scenario in which a SCSI
- SPACE command to backspace one filemark is issued and then re-issued
- due to no status received for the command. If the first SPACE
- command was actually processed, the re-issued SPACE command, if
- processed, will cause the position to change. Thus, a subsequent
- write operation will write data to the wrong position and any
- previous data at that position will be overwritten.
-
- For a medium changer device, consider the scenario in which an
- EXCHANGE MEDIUM command (the SOURCE ADDRESS and DESTINATION ADDRESS
- are the same thus performing a swap) is issued and then re-issued due
- to no status received for the command. If the first EXCHANGE MEDIUM
- command was actually processed, the re-issued EXCHANGE MEDIUM
- command, if processed, will perform the swap again. The net effect
- is that a swap was not performed thus leaving a data integrity
- exposure.
-
- All commands that change the state of the device (as in SPACE
- commands for sequential access devices, and EXCHANGE MEDIUM for
- medium changer device), MUST be issued as non-immediate commands for
- deterministic and in order delivery to iSCSI targets.
-
- For many of those state changing commands, the execution model also
- assumes that the command is executed exactly once. Devices
- implementing READ POSITION and LOCATE provide a means for SCSI level
- command recovery and new tape-class devices should support those
- commands. In their absence a retry at SCSI level is difficult and
- error recovery at iSCSI level is advisable.
-
- Devices operating on long latency delivery subsystems and performing
- long lasting SCSI operations may need mechanisms that enable
- connection replacement while commands are running (e.g., during an
- extended copy operation).
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 111]
-
-RFC 3720 iSCSI April 2004
-
-
-9.6.1. Determining the Proper ErrorRecoveryLevel
-
- The implementation and use of a specific ErrorRecoveryLevel should be
- determined based on the deployment scenarios of a given iSCSI
- implementation. Generally, the following factors must be considered
- before deciding on the proper level of recovery:
-
- a) Application resilience to I/O failures.
- b) Required level of availability in the face of transport
- connection failures.
- c) Probability of transport layer "checksum escape". This in
- turn decides the iSCSI digest failure frequency, and thus the
- criticality of iSCSI-level error recovery. The details of
- estimating this probability are outside the scope of this
- document.
-
-
- A consideration of the above factors for SCSI tape devices as an
- example suggests that implementations SHOULD use ErrorRecoveryLevel=1
- when transport connection failure is not a concern and SCSI level
- recovery is unavailable, and ErrorRecoveryLevel=2 when the connection
- failure is also of high likelihood during a backup/retrieval.
-
- For extended copy operations, implementations SHOULD use
- ErrorRecoveryLevel=2 whenever there is a relatively high likelihood
- of connection failure.
-
-10. iSCSI PDU Formats
-
- All multi-byte integers that are specified in formats defined in this
- document are to be represented in network byte order (i.e., big
- endian). Any field that appears in this document assumes that the
- most significant byte is the lowest numbered byte and the most
- significant bit (within byte or field) is the lowest numbered bit
- unless specified otherwise.
-
- Any compliant sender MUST set all bits not defined and all reserved
- fields to zero unless specified otherwise. Any compliant receiver
- MUST ignore any bit not defined and all reserved fields unless
- specified otherwise. Receipt of reserved code values in defined
- fields MUST be reported as a protocol error.
-
- Reserved fields are marked by the word "reserved", some abbreviation
- of "reserved", or by "." for individual bits when no other form of
- marking is technically feasible.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 112]
-
-RFC 3720 iSCSI April 2004
-
-
-10.1. iSCSI PDU Length and Padding
-
- iSCSI PDUs are padded to the closest integer number of four byte
- words. The padding bytes SHOULD be sent as 0.
-
-10.2. PDU Template, Header, and Opcodes
-
- All iSCSI PDUs have one or more header segments and, optionally, a
- data segment. After the entire header segment group a header-digest
- MAY follow. The data segment MAY also be followed by a data-digest.
-
- The Basic Header Segment (BHS) is the first segment in all of the
- iSCSI PDUs. The BHS is a fixed-length 48-byte header segment. It
- MAY be followed by Additional Header Segments (AHS), a Header-Digest,
- a Data Segment, and/or a Data-Digest.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 113]
-
-RFC 3720 iSCSI April 2004
-
-
- The overall structure of an iSCSI PDU is as follows:
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0/ Basic Header Segment (BHS) /
- +/ /
- +---------------+---------------+---------------+---------------+
- 48/ Additional Header Segment 1 (AHS) (optional) /
- +/ /
- +---------------+---------------+---------------+---------------+
- / Additional Header Segment 2 (AHS) (optional) /
- +/ /
- +---------------+---------------+---------------+---------------+
- ----
- +---------------+---------------+---------------+---------------+
- / Additional Header Segment n (AHS) (optional) /
- +/ /
- +---------------+---------------+---------------+---------------+
- ----
- +---------------+---------------+---------------+---------------+
- k/ Header-Digest (optional) /
- +/ /
- +---------------+---------------+---------------+---------------+
- l/ Data Segment(optional) /
- +/ /
- +---------------+---------------+---------------+---------------+
- m/ Data-Digest (optional) /
- +/ /
- +---------------+---------------+---------------+---------------+
-
- All PDU segments and digests are padded to the closest integer number
- of four byte words. For example, all PDU segments and digests start
- at a four byte word boundary and the padding ranges from 0 to 3
- bytes. The padding bytes SHOULD be sent as 0.
-
- iSCSI response PDUs do not have AH Segments.
-
-10.2.1. Basic Header Segment (BHS)
-
- The BHS is 48 bytes long. The Opcode and DataSegmentLength fields
- appear in all iSCSI PDUs. In addition, when used, the Initiator Task
- Tag and Logical Unit Number always appear in the same location in the
- header.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 114]
-
-RFC 3720 iSCSI April 2004
-
-
- The format of the BHS is:
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|I| Opcode |F| Opcode-specific fields |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| LUN or Opcode-specific fields |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20/ Opcode-specific fields /
- +/ /
- +---------------+---------------+---------------+---------------+
- 48
-
-10.2.1.1 I
-
- For request PDUs, the I bit set to 1 is an immediate delivery marker.
-
-10.2.1.2. Opcode
-
- The Opcode indicates the type of iSCSI PDU the header encapsulates.
-
- The Opcodes are divided into two categories: initiator opcodes and
- target opcodes. Initiator opcodes are in PDUs sent by the initiator
- (request PDUs). Target opcodes are in PDUs sent by the target
- (response PDUs).
-
- Initiators MUST NOT use target opcodes and targets MUST NOT use
- initiator opcodes.
-
- Initiator opcodes defined in this specification are:
-
- 0x00 NOP-Out
- 0x01 SCSI Command (encapsulates a SCSI Command Descriptor Block)
- 0x02 SCSI Task Management function request
- 0x03 Login Request
- 0x04 Text Request
- 0x05 SCSI Data-Out (for WRITE operations)
- 0x06 Logout Request
- 0x10 SNACK Request
- 0x1c-0x1e Vendor specific codes
-
-
-
-Satran, et al. Standards Track [Page 115]
-
-RFC 3720 iSCSI April 2004
-
-
-
- Target opcodes are:
-
- 0x20 NOP-In
- 0x21 SCSI Response - contains SCSI status and possibly sense
- information or other response information.
- 0x22 SCSI Task Management function response
- 0x23 Login Response
- 0x24 Text Response
- 0x25 SCSI Data-In - for READ operations.
- 0x26 Logout Response
- 0x31 Ready To Transfer (R2T) - sent by target when it is ready
- to receive data.
- 0x32 Asynchronous Message - sent by target to indicate certain
- special conditions.
- 0x3c-0x3e Vendor specific codes
- 0x3f Reject
-
- All other opcodes are reserved.
-
-10.2.1.3. Final (F) bit
-
- When set to 1 it indicates the final (or only) PDU of a sequence.
-
-10.2.1.4. Opcode-specific Fields
-
- These fields have different meanings for different opcode types.
-
-10.2.1.5. TotalAHSLength
-
- Total length of all AHS header segments in units of four byte words
- including padding, if any.
-
- The TotalAHSLength is only used in PDUs that have an AHS and MUST be
- 0 in all other PDUs.
-
-10.2.1.6. DataSegmentLength
-
- This is the data segment payload length in bytes (excluding padding).
- The DataSegmentLength MUST be 0 whenever the PDU has no data segment.
-
-10.2.1.7. LUN
-
- Some opcodes operate on a specific Logical Unit. The Logical Unit
- Number (LUN) field identifies which Logical Unit. If the opcode does
- not relate to a Logical Unit, this field is either ignored or may be
- used in an opcode specific way. The LUN field is 64-bits and should
-
-
-
-
-Satran, et al. Standards Track [Page 116]
-
-RFC 3720 iSCSI April 2004
-
-
- be formatted in accordance with [SAM2]. For example, LUN[0] from
- [SAM2] is BHS byte 8 and so on up to LUN[7] from [SAM2], which is BHS
- byte 15.
-
-10.2.1.8. Initiator Task Tag
-
- The initiator assigns a Task Tag to each iSCSI task it issues. While
- a task exists, this tag MUST uniquely identify the task session-wide.
- SCSI may also use the initiator task tag as part of the SCSI task
- identifier when the timespan during which an iSCSI initiator task tag
- must be unique extends over the timespan during which a SCSI task tag
- must be unique. However, the iSCSI Initiator Task Tag must exist and
- be unique even for untagged SCSI commands.
-
-10.2.2. Additional Header Segment (AHS)
-
- The general format of an AHS is:
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0| AHSLength | AHSType | AHS-Specific |
- +---------------+---------------+---------------+---------------+
- 4/ AHS-Specific /
- +/ /
- +---------------+---------------+---------------+---------------+
- x
-
-10.2.2.1. AHSType
-
- The AHSType field is coded as follows:
-
- bit 0-1 - Reserved
-
- bit 2-7 - AHS code
-
- 0 - Reserved
- 1 - Extended CDB
- 2 - Expected Bidirectional Read Data Length
- 3 - 63 Reserved
-
-10.2.2.2. AHSLength
-
- This field contains the effective length in bytes of the AHS
- excluding AHSType and AHSLength and padding, if any. The AHS is
- padded to the smallest integer number of 4 byte words (i.e., from 0
- up to 3 padding bytes).
-
-
-
-Satran, et al. Standards Track [Page 117]
-
-RFC 3720 iSCSI April 2004
-
-
-10.2.2.3. Extended CDB AHS
-
- The format of the Extended CDB AHS is:
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0| AHSLength (CDBLength-15) | 0x01 | Reserved |
- +---------------+---------------+---------------+---------------+
- 4/ ExtendedCDB...+padding /
- +/ /
- +---------------+---------------+---------------+---------------+
- x
-
- This type of AHS MUST NOT be used if the CDBLength is less than 17.
- The length includes the reserved byte 3.
-
-10.2.2.4. Bidirectional Expected Read-Data Length AHS
-
- The format of the Bidirectional Read Expected Data Transfer Length
- AHS is:
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0| AHSLength (0x0005) | 0x02 | Reserved |
- +---------------+---------------+---------------+---------------+
- 4| Expected Read-Data Length |
- +---------------+---------------+---------------+---------------+
- 8
-
-10.2.3. Header Digest and Data Digest
-
- Optional header and data digests protect the integrity of the header
- and data, respectively. The digests, if present, are located,
- respectively, after the header and PDU-specific data, and cover
- respectively the header and the PDU data, each including the padding
- bytes, if any.
-
- The existence and type of digests are negotiated during the Login
- Phase.
-
- The separation of the header and data digests is useful in iSCSI
- routing applications, in which only the header changes when a message
- is forwarded. In this case, only the header digest should be
- recalculated.
-
-
-
-Satran, et al. Standards Track [Page 118]
-
-RFC 3720 iSCSI April 2004
-
-
- Digests are not included in data or header length fields.
-
- A zero-length Data Segment also implies a zero-length data-digest.
-
-10.2.4. Data Segment
-
- The (optional) Data Segment contains PDU associated data. Its
- payload effective length is provided in the BHS field -
- DataSegmentLength. The Data Segment is also padded to an integer
- number of 4 byte words.
-
-10.3. SCSI Command
-
- The format of the SCSI Command PDU is:
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|I| 0x01 |F|R|W|. .|ATTR | Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| Logical Unit Number (LUN) |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| Expected Data Transfer Length |
- +---------------+---------------+---------------+---------------+
- 24| CmdSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpStatSN |
- +---------------+---------------+---------------+---------------+
- 32/ SCSI Command Descriptor Block (CDB) /
- +/ /
- +---------------+---------------+---------------+---------------+
- 48/ AHS (Optional) /
- +---------------+---------------+---------------+---------------+
- x/ Header Digest (Optional) /
- +---------------+---------------+---------------+---------------+
- y/ (DataSegment, Command Data) (Optional) /
- +/ /
- +---------------+---------------+---------------+---------------+
- z/ Data Digest (Optional) /
- +---------------+---------------+---------------+---------------+
-
-
-
-
-Satran, et al. Standards Track [Page 119]
-
-RFC 3720 iSCSI April 2004
-
-
-10.3.1. Flags and Task Attributes (byte 1)
-
- The flags for a SCSI Command are:
-
- bit 0 (F) is set to 1 when no unsolicited SCSI Data-Out PDUs follow
- this PDU. When F=1 for a write and if Expected Data
- Transfer Length is larger than the DataSegmentLength, the
- target may solicit additional data through R2T.
-
- bit 1 (R) is set to 1 when the command is expected to input data.
-
- bit 2 (W) is set to 1 when the command is expected to output data.
-
- bit 3-4 Reserved.
-
- bit 5-7 contains Task Attributes.
-
- Task Attributes (ATTR) have one of the following integer values (see
- [SAM2] for details):
-
- 0 - Untagged
- 1 - Simple
- 2 - Ordered
- 3 - Head of Queue
- 4 - ACA
- 5-7 - Reserved
-
- Setting both the W and the F bit to 0 is an error. Either or both of
- R and W MAY be 1 when either the Expected Data Transfer Length and/or
- Bidirectional Read Expected Data Transfer Length are 0, but they MUST
- NOT both be 0 when the Expected Data Transfer Length and/or
- Bidirectional Read Expected Data Transfer Length are not 0 (i.e.,
- when some data transfer is expected the transfer direction is
- indicated by the R and/or W bit).
-
-10.3.2. CmdSN - Command Sequence Number
-
- Enables ordered delivery across multiple connections in a single
- session.
-
-10.3.3. ExpStatSN
-
- Command responses up to ExpStatSN-1 (mod 2**32) have been received
- (acknowledges status) on the connection.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 120]
-
-RFC 3720 iSCSI April 2004
-
-
-10.3.4. Expected Data Transfer Length
-
- For unidirectional operations, the Expected Data Transfer Length
- field contains the number of bytes of data involved in this SCSI
- operation. For a unidirectional write operation (W flag set to 1 and
- R flag set to 0), the initiator uses this field to specify the number
- of bytes of data it expects to transfer for this operation. For a
- unidirectional read operation (W flag set to 0 and R flag set to 1),
- the initiator uses this field to specify the number of bytes of data
- it expects the target to transfer to the initiator. It corresponds
- to the SAM2 byte count.
-
- For bidirectional operations (both R and W flags are set to 1), this
- field contains the number of data bytes involved in the write
- transfer. For bidirectional operations, an additional header segment
- MUST be present in the header sequence that indicates the
- Bidirectional Read Expected Data Transfer Length. The Expected Data
- Transfer Length field and the Bidirectional Read Expected Data
- Transfer Length field correspond to the SAM2 byte count
-
- If the Expected Data Transfer Length for a write and the length of
- the immediate data part that follows the command (if any) are the
- same, then no more data PDUs are expected to follow. In this case,
- the F bit MUST be set to 1.
-
- If the Expected Data Transfer Length is higher than the
- FirstBurstLength (the negotiated maximum amount of unsolicited data
- the target will accept), the initiator MUST send the maximum amount
- of unsolicited data OR ONLY the immediate data, if any.
-
- Upon completion of a data transfer, the target informs the initiator
- (through residual counts) of how many bytes were actually processed
- (sent and/or received) by the target.
-
-10.3.5. CDB - SCSI Command Descriptor Block
-
- There are 16 bytes in the CDB field to accommodate the commonly used
- CDBs. Whenever the CDB is larger than 16 bytes, an Extended CDB AHS
- MUST be used to contain the CDB spillover.
-
-10.3.6. Data Segment - Command Data
-
- Some SCSI commands require additional parameter data to accompany the
- SCSI command. This data may be placed beyond the boundary of the
- iSCSI header in a data segment. Alternatively, user data (e.g., from
- a WRITE operation) can be placed in the data segment (both cases are
-
-
-
-
-
-Satran, et al. Standards Track [Page 121]
-
-RFC 3720 iSCSI April 2004
-
-
- referred to as immediate data). These data are governed by the rules
- for solicited vs. unsolicited data outlined in Section 3.2.4.2 Data
- Transfer Overview.
-
-10.4. SCSI Response
-
- The format of the SCSI Response PDU is:
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|.| 0x21 |1|. .|o|u|O|U|.| Response | Status |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| Reserved |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| SNACK Tag or Reserved |
- +---------------+---------------+---------------+---------------+
- 24| StatSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpCmdSN |
- +---------------+---------------+---------------+---------------+
- 32| MaxCmdSN |
- +---------------+---------------+---------------+---------------+
- 36| ExpDataSN or Reserved |
- +---------------+---------------+---------------+---------------+
- 40| Bidirectional Read Residual Count or Reserved |
- +---------------+---------------+---------------+---------------+
- 44| Residual Count or Reserved |
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
- / Data Segment (Optional) /
- +/ /
- +---------------+---------------+---------------+---------------+
- | Data-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 122]
-
-RFC 3720 iSCSI April 2004
-
-
-10.4.1. Flags (byte 1)
-
- bit 1-2 Reserved.
-
- bit 3 - (o) set for Bidirectional Read Residual Overflow. In this
- case, the Bidirectional Read Residual Count indicates the number
- of bytes that were not transferred to the initiator because the
- initiator's Expected Bidirectional Read Data Transfer Length was
- not sufficient.
-
- bit 4 - (u) set for Bidirectional Read Residual Underflow. In this
- case, the Bidirectional Read Residual Count indicates the number
- of bytes that were not transferred to the initiator out of the
- number of bytes expected to be transferred.
-
- bit 5 - (O) set for Residual Overflow. In this case, the Residual
- Count indicates the number of bytes that were not transferred
- because the initiator's Expected Data Transfer Length was not
- sufficient. For a bidirectional operation, the Residual Count
- contains the residual for the write operation.
-
- bit 6 - (U) set for Residual Underflow. In this case, the Residual
- Count indicates the number of bytes that were not transferred out
- of the number of bytes that were expected to be transferred. For
- a bidirectional operation, the Residual Count contains the
- residual for the write operation.
-
- bit 7 - (0) Reserved.
-
- Bits O and U and bits o and u are mutually exclusive (i.e., having
- both o and u or O and U set to 1 is a protocol error). For a
- response other than "Command Completed at Target", bits 3-6 MUST be
- 0.
-
-10.4.2. Status
-
- The Status field is used to report the SCSI status of the command (as
- specified in [SAM2]) and is only valid if the Response Code is
- Command Completed at target.
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 123]
-
-RFC 3720 iSCSI April 2004
-
-
- Some of the status codes defined in [SAM2] are:
-
- 0x00 GOOD
- 0x02 CHECK CONDITION
- 0x08 BUSY
- 0x18 RESERVATION CONFLICT
- 0x28 TASK SET FULL
- 0x30 ACA ACTIVE
- 0x40 TASK ABORTED
-
- See [SAM2] for the complete list and definitions.
-
- If a SCSI device error is detected while data from the initiator is
- still expected (the command PDU did not contain all the data and the
- target has not received a Data PDU with the final bit Set), the
- target MUST wait until it receives a Data PDU with the F bit set in
- the last expected sequence before sending the Response PDU.
-
-10.4.3. Response
-
- This field contains the iSCSI service response.
-
- iSCSI service response codes defined in this specification are:
-
- 0x00 - Command Completed at Target
- 0x01 - Target Failure
- 0x80-0xff - Vendor specific
-
- All other response codes are reserved.
-
- The Response is used to report a Service Response. The mapping of
- the response code into a SCSI service response code value, if needed,
- is outside the scope of this document. However, in symbolic terms
- response value 0x00 maps to the SCSI service response (see [SAM2] and
- [SPC3]) of TASK COMPLETE or LINKED COMMAND COMPLETE. All other
- Response values map to the SCSI service response of SERVICE DELIVERY
- OR TARGET FAILURE.
-
- If a PDU that includes SCSI status (Response PDU or Data-In PDU
- including status) does not arrive before the session is terminated,
- the SCSI service response is SERVICE DELIVERY OR TARGET FAILURE.
-
- A non-zero Response field indicates a failure to execute the command
- in which case the Status and Flag fields are undefined.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 124]
-
-RFC 3720 iSCSI April 2004
-
-
-10.4.4. SNACK Tag
-
- This field contains a copy of the SNACK Tag of the last SNACK Tag
- accepted by the target on the same connection and for the command for
- which the response is issued. Otherwise it is reserved and should be
- set to 0.
-
- After issuing a R-Data SNACK the initiator must discard any SCSI
- status unless contained in an SCSI Response PDU carrying the same
- SNACK Tag as the last issued R-Data SNACK for the SCSI command on the
- current connection.
-
- For a detailed discussion on R-Data SNACK see Section 10.16 SNACK
- Request.
-
-10.4.5. Residual Count
-
- The Residual Count field MUST be valid in the case where either the U
- bit or the O bit is set. If neither bit is set, the Residual Count
- field is reserved. Targets may set the residual count and initiators
- may use it when the response code is "completed at target" (even if
- the status returned is not GOOD). If the O bit is set, the Residual
- Count indicates the number of bytes that were not transferred because
- the initiator's Expected Data Transfer Length was not sufficient. If
- the U bit is set, the Residual Count indicates the number of bytes
- that were not transferred out of the number of bytes expected to be
- transferred.
-
-10.4.6. Bidirectional Read Residual Count
-
- The Bidirectional Read Residual Count field MUST be valid in the case
- where either the u bit or the o bit is set. If neither bit is set,
- the Bidirectional Read Residual Count field is reserved. Targets may
- set the Bidirectional Read Residual Count and initiators may use it
- when the response code is "completed at target". If the o bit is
- set, the Bidirectional Read Residual Count indicates the number of
- bytes that were not transferred to the initiator because the
- initiator's Expected Bidirectional Read Transfer Length was not
- sufficient. If the u bit is set, the Bidirectional Read Residual
- Count indicates the number of bytes that were not transferred to the
- initiator out of the number of bytes expected to be transferred.
-
-10.4.7. Data Segment - Sense and Response Data Segment
-
- iSCSI targets MUST support and enable autosense. If Status is CHECK
- CONDITION (0x02), then the Data Segment MUST contain sense data for
- the failed command.
-
-
-
-
-Satran, et al. Standards Track [Page 125]
-
-RFC 3720 iSCSI April 2004
-
-
- For some iSCSI responses, the response data segment MAY contain some
- response related information, (e.g., for a target failure, it may
- contain a vendor specific detailed description of the failure).
-
- If the DataSegmentLength is not 0, the format of the Data Segment is
- as follows:
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|SenseLength | Sense Data |
- +---------------+---------------+---------------+---------------+
- x/ Sense Data /
- +---------------+---------------+---------------+---------------+
- y/ Response Data /
- / /
- +---------------+---------------+---------------+---------------+
- z|
-
-10.4.7.1. SenseLength
-
- Length of Sense Data.
-
-10.4.7.2. Sense Data
-
- The Sense Data contains detailed information about a check condition
- and [SPC3] specifies the format and content of the Sense Data.
-
- Certain iSCSI conditions result in the command being terminated at
- the target (response Command Completed at Target) with a SCSI Check
- Condition Status as outlined in the next table:
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 126]
-
-RFC 3720 iSCSI April 2004
-
-
- +--------------------------+----------+---------------------------+
- | iSCSI Condition |Sense | Additional Sense Code & |
- | |Key | Qualifier |
- +--------------------------+----------+---------------------------+
- | Unexpected unsolicited |Aborted | ASC = 0x0c ASCQ = 0x0c |
- | data |Command-0B| Write Error |
- +--------------------------+----------+---------------------------+
- | Incorrect amount of data |Aborted | ASC = 0x0c ASCQ = 0x0d |
- | |Command-0B| Write Error |
- +--------------------------+----------+---------------------------+
- | Protocol Service CRC |Aborted | ASC = 0x47 ASCQ = 0x05 |
- | error |Command-0B| CRC Error Detected |
- +--------------------------+----------+---------------------------+
- | SNACK rejected |Aborted | ASC = 0x11 ASCQ = 0x13 |
- | |Command-0B| Read Error |
- +--------------------------+----------+---------------------------+
-
- The target reports the "Incorrect amount of data" condition if during
- data output the total data length to output is greater than
- FirstBurstLength and the initiator sent unsolicited non-immediate
- data but the total amount of unsolicited data is different than
- FirstBurstLength. The target reports the same error when the amount
- of data sent as a reply to an R2T does not match the amount
- requested.
-
-10.4.8. ExpDataSN
-
- The number of R2T and Data-In (read) PDUs the target has sent for the
- command.
-
- This field MUST be 0 if the response code is not Command Completed at
- Target or the target sent no Data-In PDUs for the command.
-
-10.4.9. StatSN - Status Sequence Number
-
- StatSN is a Sequence Number that the target iSCSI layer generates per
- connection and that in turn, enables the initiator to acknowledge
- status reception. StatSN is incremented by 1 for every
- response/status sent on a connection except for responses sent as a
- result of a retry or SNACK. In the case of responses sent due to a
- retransmission request, the StatSN MUST be the same as the first time
- the PDU was sent unless the connection has since been restarted.
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 127]
-
-RFC 3720 iSCSI April 2004
-
-
-10.4.10. ExpCmdSN - Next Expected CmdSN from this Initiator
-
- ExpCmdSN is a Sequence Number that the target iSCSI returns to the
- initiator to acknowledge command reception. It is used to update a
- local variable with the same name. An ExpCmdSN equal to MaxCmdSN+1
- indicates that the target cannot accept new commands.
-
-10.4.11. MaxCmdSN - Maximum CmdSN from this Initiator
-
- MaxCmdSN is a Sequence Number that the target iSCSI returns to the
- initiator to indicate the maximum CmdSN the initiator can send. It
- is used to update a local variable with the same name. If MaxCmdSN
- is equal to ExpCmdSN-1, this indicates to the initiator that the
- target cannot receive any additional commands. When MaxCmdSN changes
- at the target while the target has no pending PDUs to convey this
- information to the initiator, it MUST generate a NOP-IN to carry the
- new MaxCmdSN.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 128]
-
-RFC 3720 iSCSI April 2004
-
-
-10.5. Task Management Function Request
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|I| 0x02 |1| Function | Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| Logical Unit Number (LUN) or Reserved |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| Referenced Task Tag or 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 24| CmdSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpStatSN |
- +---------------+---------------+---------------+---------------+
- 32| RefCmdSN or Reserved |
- +---------------+---------------+---------------+---------------+
- 36| ExpDataSN or Reserved |
- +---------------+---------------+---------------+---------------+
- 40/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
-10.5.1. Function
-
- The Task Management functions provide an initiator with a way to
- explicitly control the execution of one or more Tasks (SCSI and iSCSI
- tasks). The Task Management function codes are listed below. For a
- more detailed description of SCSI task management, see [SAM2].
-
- 1 - ABORT TASK - aborts the task identified by the Referenced Task
- Tag field.
-
- 2 - ABORT TASK SET - aborts all Tasks issued via this session on the
- logical unit.
-
- 3 - CLEAR ACA - clears the Auto Contingent Allegiance condition.
-
-
-
-
-
-Satran, et al. Standards Track [Page 129]
-
-RFC 3720 iSCSI April 2004
-
-
- 4 - CLEAR TASK SET - aborts all Tasks in the appropriate task set as
- defined by the TST field in the Control mode page (see [SPC3]).
-
- 5 - LOGICAL UNIT RESET
-
- 6 - TARGET WARM RESET
-
- 7 - TARGET COLD RESET
-
- 8 - TASK REASSIGN - reassigns connection allegiance for the task
- identified by the Referenced Task Tag field to this connection,
- thus resuming the iSCSI exchanges for the task.
-
- For all these functions, the Task Management function response MUST
- be returned as detailed in Section 10.6 Task Management Function
- Response. All these functions apply to the referenced tasks
- regardless of whether they are proper SCSI tasks or tagged iSCSI
- operations. Task management requests must act on all the commands
- from the same session having a CmdSN lower than the task management
- CmdSN. LOGICAL UNIT RESET, TARGET WARM RESET and TARGET COLD RESET
- may affect commands from other sessions or commands from the same
- session with CmdSN equal or exceeding CmdSN.
-
- If the task management request is marked for immediate delivery, it
- must be considered immediately for execution, but the operations
- involved (all or part of them) may be postponed to allow the target
- to receive all relevant tasks. According to [SAM2], for all the
- tasks covered by the Task Management response (i.e., with CmdSN lower
- than the task management command CmdSN) but except the Task
- Management response to a TASK REASSIGN, additional responses MUST NOT
- be delivered to the SCSI layer after the Task Management response.
- The iSCSI initiator MAY deliver to the SCSI layer all responses
- received before the Task Management response (i.e., it is a matter of
- implementation if the SCSI responses, received before the Task
- Management response but after the task management request was issued,
- are delivered to the SCSI layer by the iSCSI layer in the initiator).
- The iSCSI target MUST ensure that no responses for the tasks covered
- by a task management function are delivered to the iSCSI initiator
- after the Task Management response except for a task covered by a
- TASK REASSIGN.
-
- For ABORT TASK SET and CLEAR TASK SET, the issuing initiator MUST
- continue to respond to all valid target transfer tags (received via
- R2T, Text Response, NOP-In, or SCSI Data-In PDUs) related to the
- affected task set, even after issuing the task management request.
- The issuing initiator SHOULD however terminate (i.e., by setting the
- F-bit to 1) these response sequences as quickly as possible. The
- target on its part MUST wait for responses on all affected target
-
-
-
-Satran, et al. Standards Track [Page 130]
-
-RFC 3720 iSCSI April 2004
-
-
- transfer tags before acting on either of these two task management
- requests. In case all or part of the response sequence is not
- received (due to digest errors) for a valid TTT, the target MAY treat
- it as a case of within-command error recovery class (see Section
- 6.1.4.1 Recovery Within-command) if it is supporting
- ErrorRecoveryLevel >= 1, or alternatively may drop the connection to
- complete the requested task set function.
-
- If an ABORT TASK is issued for a task created by an immediate command
- then RefCmdSN MUST be that of the Task Management request itself
- (i.e., CmdSN and RefCmdSN are equal); otherwise RefCmdSN MUST be set
- to the CmdSN of the task to be aborted (lower than CmdSN).
-
- If the connection is still active (it is not undergoing an implicit
- or explicit logout), ABORT TASK MUST be issued on the same connection
- to which the task to be aborted is allegiant at the time the Task
- Management Request is issued. If the connection is implicitly or
- explicitly logged out (i.e., no other request will be issued on the
- failing connection and no other response will be received on the
- failing connection), then an ABORT TASK function request may be
- issued on another connection. This Task Management request will then
- establish a new allegiance for the command to be aborted as well as
- abort it (i.e., the task to be aborted will not have to be retried or
- reassigned, and its status, if issued but not acknowledged, will be
- reissued followed by the Task Management response).
-
- At the target an ABORT TASK function MUST NOT be executed on a Task
- Management request; such a request MUST result in Task Management
- response of "Function rejected".
-
- For the LOGICAL UNIT RESET function, the target MUST behave as
- dictated by the Logical Unit Reset function in [SAM2].
-
- The implementation of the TARGET WARM RESET function and the TARGET
- COLD RESET function is OPTIONAL and when implemented, should act as
- described below. The TARGET WARM RESET is also subject to SCSI
- access controls on the requesting initiator as defined in [SPC3].
- When authorization fails at the target, the appropriate response as
- described in Section 10.6 Task Management Function Response MUST be
- returned by the target. The TARGET COLD RESET function is not
- subject to SCSI access controls, but its execution privileges may be
- managed by iSCSI mechanisms such as login authentication.
-
- When executing the TARGET WARM RESET and TARGET COLD RESET functions,
- the target cancels all pending operations on all Logical Units known
- by the issuing initiator. Both functions are equivalent to the
- Target Reset function specified by [SAM2]. They can affect many
- other initiators logged in with the servicing SCSI target port.
-
-
-
-Satran, et al. Standards Track [Page 131]
-
-RFC 3720 iSCSI April 2004
-
-
- The target MUST treat the TARGET COLD RESET function additionally as
- a power on event, thus terminating all of its TCP connections to all
- initiators (all sessions are terminated). For this reason, the
- Service Response (defined by [SAM2]) for this SCSI task management
- function may not be reliably delivered to the issuing initiator port.
-
- For the TASK REASSIGN function, the target should reassign the
- connection allegiance to this new connection (and thus resume iSCSI
- exchanges for the task). TASK REASSIGN MUST ONLY be received by the
- target after the connection on which the command was previously
- executing has been successfully logged-out. The Task Management
- response MUST be issued before the reassignment becomes effective.
- For additional usage semantics see Section 6.2 Retry and Reassign in
- Recovery.
-
- At the target a TASK REASSIGN function request MUST NOT be executed
- to reassign the connection allegiance of a Task Management function
- request, an active text negotiation task, or a Logout task; such a
- request MUST result in Task Management response of "Function
- rejected".
-
- TASK REASSIGN MUST be issued as an immediate command.
-
-10.5.2. TotalAHSLength and DataSegmentLength
-
- For this PDU TotalAHSLength and DataSegmentLength MUST be 0.
-
-10.5.3. LUN
-
- This field is required for functions that address a specific LU
- (ABORT TASK, CLEAR TASK SET, ABORT TASK SET, CLEAR ACA, LOGICAL UNIT
- RESET) and is reserved in all others.
-
-10.5.4. Referenced Task Tag
-
- The Initiator Task Tag of the task to be aborted for the ABORT TASK
- function or reassigned for the TASK REASSIGN function. For all the
- other functions this field MUST be set to the reserved value
- 0xffffffff.
-
-10.5.5. RefCmdSN
-
- If an ABORT TASK is issued for a task created by an immediate command
- then RefCmdSN MUST be that of the Task Management request itself
- (i.e., CmdSN and RefCmdSN are equal).
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 132]
-
-RFC 3720 iSCSI April 2004
-
-
- For an ABORT TASK of a task created by non-immediate command RefCmdSN
- MUST be set to the CmdSN of the task identified by the Referenced
- Task Tag field. Targets must use this field as described in section
- 10.6.1 when the task identified by the Referenced Task Tag field is
- not with the target.
-
- Otherwise, this field is reserved.
-
-10.5.6. ExpDataSN
-
- For recovery purposes, the iSCSI target and initiator maintain a data
- acknowledgement reference number - the first input DataSN number
- unacknowledged by the initiator. When issuing a new command, this
- number is set to 0. If the function is TASK REASSIGN, which
- establishes a new connection allegiance for a previously issued Read
- or Bidirectional command, ExpDataSN will contain an updated data
- acknowledgement reference number or the value 0; the latter
- indicating that the data acknowledgement reference number is
- unchanged. The initiator MUST discard any data PDUs from the
- previous execution that it did not acknowledge and the target MUST
- transmit all Data-In PDUs (if any) starting with the data
- acknowledgement reference number. The number of retransmitted PDUs
- may or may not be the same as the original transmission depending on
- if there was a change in MaxRecvDataSegmentLength in the
- reassignment. The target MAY also send no more Data-In PDUs if all
- data has been acknowledged.
-
- The value of ExpDataSN MUST be 0 or higher than the DataSN of the
- last acknowledged Data-In PDU, but not larger than DataSN+1 of the
- last Data-In PDU sent by the target. Any other value MUST be ignored
- by the target.
-
- For other functions this field is reserved.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 133]
-
-RFC 3720 iSCSI April 2004
-
-
-10.6. Task Management Function Response
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|.| 0x22 |1| Reserved | Response | Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------------------------------------------------------+
- 8/ Reserved /
- / /
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| Reserved |
- +---------------+---------------+---------------+---------------+
- 24| StatSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpCmdSN |
- +---------------+---------------+---------------+---------------+
- 32| MaxCmdSN |
- +---------------+---------------+---------------+---------------+
- 36/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
- For the functions ABORT TASK, ABORT TASK SET, CLEAR ACA, CLEAR TASK
- SET, LOGICAL UNIT RESET, TARGET COLD RESET, TARGET WARM RESET and
- TASK REASSIGN, the target performs the requested Task Management
- function and sends a Task Management response back to the initiator.
- For TASK REASSIGN, the new connection allegiance MUST ONLY become
- effective at the target after the target issues the Task Management
- Response.
-
-10.6.1. Response
-
- The target provides a Response, which may take on the following
- values:
-
- a) 0 - Function complete.
- b) 1 - Task does not exist.
- c) 2 - LUN does not exist.
- d) 3 - Task still allegiant.
- e) 4 - Task allegiance reassignment not supported.
-
-
-
-
-Satran, et al. Standards Track [Page 134]
-
-RFC 3720 iSCSI April 2004
-
-
- f) 5 - Task management function not supported.
- g) 6 - Function authorization failed.
- h) 255 - Function rejected.
-
- All other values are reserved.
-
- For a discussion on usage of response codes 3 and 4, see Section
- 6.2.2 Allegiance Reassignment.
-
- For the TARGET COLD RESET and TARGET WARM RESET functions, the target
- cancels all pending operations across all Logical Units known to the
- issuing initiator. For the TARGET COLD RESET function, the target
- MUST then close all of its TCP connections to all initiators
- (terminates all sessions).
-
- The mapping of the response code into a SCSI service response code
- value, if needed, is outside the scope of this document. However, in
- symbolic terms Response values 0 and 1 map to the SCSI service
- response of FUNCTION COMPLETE. All other Response values map to the
- SCSI service response of FUNCTION REJECTED. If a Task Management
- function response PDU does not arrive before the session is
- terminated, the SCSI service response is SERVICE DELIVERY OR TARGET
- FAILURE.
-
- The response to ABORT TASK SET and CLEAR TASK SET MUST only be issued
- by the target after all of the commands affected have been received
- by the target, the corresponding task management functions have been
- executed by the SCSI target, and the delivery of all responses
- delivered until the task management function completion have been
- confirmed (acknowledged through ExpStatSN) by the initiator on all
- connections of this session. For the exact timeline of events, refer
- to Section 10.6.2 Task Management Actions on Task Sets.
-
- For the ABORT TASK function,
-
- a) If the Referenced Task Tag identifies a valid task leading to
- a successful termination, then targets must return the
- "Function complete" response.
- b) If the Referenced Task Tag does not identify an existing task,
- but if the CmdSN indicated by the RefCmdSN field in the Task
- Management function request is within the valid CmdSN window
- and less than the CmdSN of the Task Management function
- request itself, then targets must consider the CmdSN received
- and return the "Function complete" response.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 135]
-
-RFC 3720 iSCSI April 2004
-
-
- c) If the Referenced Task Tag does not identify an existing task
- and if the CmdSN indicated by the RefCmdSN field in the Task
- Management function request is outside the valid CmdSN window,
- then targets must return the "Task does not exist" response.
-
-10.6.2. Task Management Actions on Task Sets
-
- The execution of ABORT TASK SET and CLEAR TASK SET Task Management
- function requests consists of the following sequence of events in the
- specified order on each of the entities.
-
- The initiator:
-
- a) Issues ABORT TASK SET/CLEAR TASK SET request.
- b) Continues to respond to each target transfer tag received
- for the affected task set.
- c) Receives any responses for the tasks in the affected task
- set (may process them as usual because they are guaranteed
- to be valid).
- d) Receives the task set management response, thus concluding
- all the tasks in the affected task set.
-
- The target:
-
- a) Receives the ABORT TASK SET/CLEAR TASK SET request.
- b) Waits for all target transfer tags to be responded to and
- for all affected tasks in the task set to be received.
- c) Propagates the command to and receives the response from the
- target SCSI layer.
- d) Takes note of last-sent StatSN on each of the connections in
- the iSCSI sessions (one or more) sharing the affected task
- set, and waits for acknowledgement of each StatSN (may
- solicit for acknowledgement by way of a NOP-In). If some
- tasks originate from non-iSCSI I_T_L nexi then the means by
- which the target insures that all affected tasks have
- returned their status to the initiator are defined by the
- specific protocol.
-
- e) Sends the task set management response to the issuing
- initiator.
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 136]
-
-RFC 3720 iSCSI April 2004
-
-
-10.6.3. TotalAHSLength and DataSegmentLength
-
- For this PDU TotalAHSLength and DataSegmentLength MUST be 0.
-
-10.7. SCSI Data-Out & SCSI Data-In
-
- The SCSI Data-Out PDU for WRITE operations has the following format:
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|.| 0x05 |F| Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| LUN or Reserved |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| Target Transfer Tag or 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 24| Reserved |
- +---------------+---------------+---------------+---------------+
- 28| ExpStatSN |
- +---------------+---------------+---------------+---------------+
- 32| Reserved |
- +---------------+---------------+---------------+---------------+
- 36| DataSN |
- +---------------+---------------+---------------+---------------+
- 40| Buffer Offset |
- +---------------+---------------+---------------+---------------+
- 44| Reserved |
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
- / DataSegment /
- +/ /
- +---------------+---------------+---------------+---------------+
- | Data-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 137]
-
-RFC 3720 iSCSI April 2004
-
-
- The SCSI Data-In PDU for READ operations has the following format:
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|.| 0x25 |F|A|0 0 0|O|U|S| Reserved |Status or Rsvd |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| LUN or Reserved |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| Target Transfer Tag or 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 24| StatSN or Reserved |
- +---------------+---------------+---------------+---------------+
- 28| ExpCmdSN |
- +---------------+---------------+---------------+---------------+
- 32| MaxCmdSN |
- +---------------+---------------+---------------+---------------+
- 36| DataSN |
- +---------------+---------------+---------------+---------------+
- 40| Buffer Offset |
- +---------------+---------------+---------------+---------------+
- 44| Residual Count |
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
- / DataSegment /
- +/ /
- +---------------+---------------+---------------+---------------+
- | Data-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
- Status can accompany the last Data-In PDU if the command did not end
- with an exception (i.e., the status is "good status" - GOOD,
- CONDITION MET or INTERMEDIATE CONDITION MET). The presence of status
- (and of a residual count) is signaled though the S flag bit.
- Although targets MAY choose to send even non-exception status in
- separate responses, initiators MUST support non-exception status in
- Data-In PDUs.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 138]
-
-RFC 3720 iSCSI April 2004
-
-
-10.7.1. F (Final) Bit
-
- For outgoing data, this bit is 1 for the last PDU of unsolicited data
- or the last PDU of a sequence that answers an R2T.
-
- For incoming data, this bit is 1 for the last input (read) data PDU
- of a sequence. Input can be split into several sequences, each
- having its own F bit. Splitting the data stream into sequences does
- not affect DataSN counting on Data-In PDUs. It MAY be used as a
- "change direction" indication for Bidirectional operations that need
- such a change.
-
- DataSegmentLength MUST not exceed MaxRecvDataSegmentLength for the
- direction it is sent and the total of all the DataSegmentLength of
- all PDUs in a sequence MUST not exceed MaxBurstLength (or
- FirstBurstLength for unsolicited data). However the number of
- individual PDUs in a sequence (or in total) may be higher than the
- MaxBurstLength (or FirstBurstLength) to MaxRecvDataSegmentLength
- ratio (as PDUs may be limited in length by the sender capabilities).
- Using DataSegmentLength of 0 may increase beyond what is reasonable
- for the number of PDUs and should therefore be avoided.
-
- For Bidirectional operations, the F bit is 1 for both the end of the
- input sequences and the end of the output sequences.
-
-10.7.2. A (Acknowledge) Bit
-
- For sessions with ErrorRecoveryLevel 1 or higher, the target sets
- this bit to 1 to indicate that it requests a positive acknowledgement
- from the initiator for the data received. The target should use the
- A bit moderately; it MAY only set the A bit to 1 once every
- MaxBurstLength bytes, or on the last Data-In PDU that concludes the
- entire requested read data transfer for the task from the target's
- perspective, and it MUST NOT do so more frequently. The target MUST
- NOT set to 1 the A bit for sessions with ErrorRecoveryLevel=0. The
- initiator MUST ignore the A bit set to 1 for sessions with
- ErrorRecoveryLevel=0.
-
- On receiving a Data-In PDU with the A bit set to 1 on a session with
- ErrorRecoveryLevel greater than 0, if there are no holes in the read
- data until that Data-In PDU, the initiator MUST issue a SNACK of type
- DataACK except when it is able to acknowledge the status for the task
- immediately via ExpStatSN on other outbound PDUs if the status for
- the task is also received. In the latter case (acknowledgement
- through ExpStatSN), sending a SNACK of type DataACK in response to
- the A bit is OPTIONAL, but if it is done, it must not be sent after
- the status acknowledgement through ExpStatSN. If the initiator has
- detected holes in the read data prior to that Data-In PDU, it MUST
-
-
-
-Satran, et al. Standards Track [Page 139]
-
-RFC 3720 iSCSI April 2004
-
-
- postpone issuing the SNACK of type DataACK until the holes are
- filled. An initiator also MUST NOT acknowledge the status for the
- task before those holes are filled. A status acknowledgement for a
- task that generated the Data-In PDUs is considered by the target as
- an implicit acknowledgement of the Data-In PDUs if such an
- acknowledgement was requested by the target.
-
-10.7.3. Flags (byte 1)
-
- The last SCSI Data packet sent from a target to an initiator for a
- SCSI command that completed successfully (with a status of GOOD,
- CONDITION MET, INTERMEDIATE or INTERMEDIATE CONDITION MET) may also
- optionally contain the Status for the data transfer. As Sense Data
- cannot be sent together with the Command Status, if the command is
- completed with an error, then the response and sense data MUST be
- sent in a SCSI Response PDU (i.e., MUST NOT be sent in a SCSI Data
- packet). If Status is sent with the data, then a SCSI Response PDU
- MUST NOT be sent as this would violate SCSI rules (a single status).
- For Bidirectional commands, the status MUST be sent in a SCSI
- Response PDU.
-
- bit 2-4 - Reserved.
-
- bit 5-6 - used the same as in a SCSI Response. These bits are
- only valid when S is set to 1. For details see Section
- 10.4.1 Flags (byte 1).
-
- bit 7 S (status)- set to indicate that the Command Status field
- contains status. If this bit is set to 1, the F bit
- MUST also be set to 1.
-
- The fields StatSN, Status, and Residual Count only have meaningful
- content if the S bit is set to 1 and their values are defined in
- Section 10.4 SCSI Response.
-
-10.7.4. Target Transfer Tag and LUN
-
- On outgoing data, the Target Transfer Tag is provided to the target
- if the transfer is honoring an R2T. In this case, the Target
- Transfer Tag field is a replica of the Target Transfer Tag provided
- with the R2T.
-
- On incoming data, the Target Transfer Tag and LUN MUST be provided by
- the target if the A bit is set to 1; otherwise they are reserved.
- The Target Transfer Tag and LUN are copied by the initiator into the
- SNACK of type DataACK that it issues as a result of receiving a SCSI
- Data-In PDU with the A bit set to 1.
-
-
-
-
-Satran, et al. Standards Track [Page 140]
-
-RFC 3720 iSCSI April 2004
-
-
- The Target Transfer Tag values are not specified by this protocol
- except that the value 0xffffffff is reserved and means that the
- Target Transfer Tag is not supplied. If the Target Transfer Tag is
- provided, then the LUN field MUST hold a valid value and be
- consistent with whatever was specified with the command; otherwise,
- the LUN field is reserved.
-
-10.7.5. DataSN
-
- For input (read) or bidirectional Data-In PDUs, the DataSN is the
- input PDU number within the data transfer for the command identified
- by the Initiator Task Tag.
-
- R2T and Data-In PDUs, in the context of bidirectional commands, share
- the numbering sequence (see Section 3.2.2.3 Data Sequencing).
-
- For output (write) data PDUs, the DataSN is the Data-Out PDU number
- within the current output sequence. The current output sequence is
- either identified by the Initiator Task Tag (for unsolicited data) or
- is a data sequence generated for one R2T (for data solicited through
- R2T).
-
-10.7.6. Buffer Offset
-
- The Buffer Offset field contains the offset of this PDU payload data
- within the complete data transfer. The sum of the buffer offset and
- length should not exceed the expected transfer length for the
- command.
-
- The order of data PDUs within a sequence is determined by
- DataPDUInOrder. When set to Yes, it means that PDUs have to be in
- increasing Buffer Offset order and overlays are forbidden.
-
- The ordering between sequences is determined by DataSequenceInOrder.
- When set to Yes, it means that sequences have to be in increasing
- Buffer Offset order and overlays are forbidden.
-
-10.7.7. DataSegmentLength
-
- This is the data payload length of a SCSI Data-In or SCSI Data-Out
- PDU. The sending of 0 length data segments should be avoided, but
- initiators and targets MUST be able to properly receive 0 length data
- segments.
-
- The Data Segments of Data-In and Data-Out PDUs SHOULD be filled to
- the integer number of 4 byte words (real payload) unless the F bit is
- set to 1.
-
-
-
-
-Satran, et al. Standards Track [Page 141]
-
-RFC 3720 iSCSI April 2004
-
-
-10.8. Ready To Transfer (R2T)
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|.| 0x31 |1| Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| LUN |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| Target Transfer Tag |
- +---------------+---------------+---------------+---------------+
- 24| StatSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpCmdSN |
- +---------------+---------------+---------------+---------------+
- 32| MaxCmdSN |
- +---------------+---------------+---------------+---------------+
- 36| R2TSN |
- +---------------+---------------+---------------+---------------+
- 40| Buffer Offset |
- +---------------+---------------+---------------+---------------+
- 44| Desired Data Transfer Length |
- +---------------------------------------------------------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
- When an initiator has submitted a SCSI Command with data that passes
- from the initiator to the target (WRITE), the target may specify
- which blocks of data it is ready to receive. The target may request
- that the data blocks be delivered in whichever order is convenient
- for the target at that particular instant. This information is
- passed from the target to the initiator in the Ready To Transfer
- (R2T) PDU.
-
- In order to allow write operations without an explicit initial R2T,
- the initiator and target MUST have negotiated the key InitialR2T to
- No during Login.
-
- An R2T MAY be answered with one or more SCSI Data-Out PDUs with a
- matching Target Transfer Tag. If an R2T is answered with a single
- Data-Out PDU, the Buffer Offset in the Data PDU MUST be the same as
-
-
-
-Satran, et al. Standards Track [Page 142]
-
-RFC 3720 iSCSI April 2004
-
-
- the one specified by the R2T, and the data length of the Data PDU
- MUST be the same as the Desired Data Transfer Length specified in the
- R2T. If the R2T is answered with a sequence of Data PDUs, the Buffer
- Offset and Length MUST be within the range of those specified by R2T,
- and the last PDU MUST have the F bit set to 1. If the last PDU
- (marked with the F bit) is received before the Desired Data Transfer
- Length is transferred, a target MAY choose to Reject that
-
- PDU with "Protocol error" reason code. DataPDUInOrder governs the
- Data-Out PDU ordering. If DataPDUInOrder is set to Yes, the Buffer
- Offsets and Lengths for consecutive PDUs MUST form a continuous
- non-overlapping range and the PDUs MUST be sent in increasing offset
- order.
-
- The target may send several R2T PDUs. It, therefore, can have a
- number of pending data transfers. The number of outstanding R2T PDUs
- are limited by the value of the negotiated key MaxOutstandingR2T.
- Within a connection, outstanding R2Ts MUST be fulfilled by the
- initiator in the order in which they were received.
-
- R2T PDUs MAY also be used to recover Data Out PDUs. Such an R2T
- (Recovery-R2T) is generated by a target upon detecting the loss of
- one or more Data-Out PDUs due to:
-
- - Digest error
- - Sequence error
- - Sequence reception timeout
-
- A Recovery-R2T carries the next unused R2TSN, but requests part of or
- the entire data burst that an earlier R2T (with a lower R2TSN) had
- already requested.
-
- DataSequenceInOrder governs the buffer offset ordering in consecutive
- R2Ts. If DataSequenceInOrder is Yes, then consecutive R2Ts MUST
- refer to continuous non-overlapping ranges except for Recovery-R2Ts.
-
-10.8.1. TotalAHSLength and DataSegmentLength
-
- For this PDU TotalAHSLength and DataSegmentLength MUST be 0.
-
-10.8.2. R2TSN
-
- R2TSN is the R2T PDU input PDU number within the command identified
- by the Initiator Task Tag.
-
- For bidirectional commands R2T and Data-In PDUs share the input PDU
- numbering sequence (see Section 3.2.2.3 Data Sequencing).
-
-
-
-
-Satran, et al. Standards Track [Page 143]
-
-RFC 3720 iSCSI April 2004
-
-
-10.8.3. StatSN
-
- The StatSN field will contain the next StatSN. The StatSN for this
- connection is not advanced after this PDU is sent.
-
-10.8.4. Desired Data Transfer Length and Buffer Offset
-
- The target specifies how many bytes it wants the initiator to send
- because of this R2T PDU. The target may request the data from the
- initiator in several chunks, not necessarily in the original order of
- the data. The target, therefore, also specifies a Buffer Offset that
- indicates the point at which the data transfer should begin, relative
- to the beginning of the total data transfer. The Desired Data
- Transfer Length MUST NOT be 0 and MUST not exceed MaxBurstLength.
-
-10.8.5. Target Transfer Tag
-
- The target assigns its own tag to each R2T request that it sends to
- the initiator. This tag can be used by the target to easily identify
- the data it receives. The Target Transfer Tag and LUN are copied in
- the outgoing data PDUs and are only used by the target. There is no
- protocol rule about the Target Transfer Tag except that the value
- 0xffffffff is reserved and MUST NOT be sent by a target in an R2T.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 144]
-
-RFC 3720 iSCSI April 2004
-
-
-10.9. Asynchronous Message
-
- An Asynchronous Message may be sent from the target to the initiator
- without correspondence to a particular command. The target specifies
- the reason for the event and sense data.
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|.| 0x32 |1| Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| LUN or Reserved |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 20| Reserved |
- +---------------+---------------+---------------+---------------+
- 24| StatSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpCmdSN |
- +---------------+---------------+---------------+---------------+
- 32| MaxCmdSN |
- +---------------+---------------+---------------+---------------+
- 36| AsyncEvent | AsyncVCode | Parameter1 or Reserved |
- +---------------+---------------+---------------+---------------+
- 40| Parameter2 or Reserved | Parameter3 or Reserved |
- +---------------+---------------+---------------+---------------+
- 44| Reserved |
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
- / DataSegment - Sense Data and iSCSI Event Data /
- +/ /
- +---------------+---------------+---------------+---------------+
- | Data-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
- Some Asynchronous Messages are strictly related to iSCSI while others
- are related to SCSI [SAM2].
-
- StatSN counts this PDU as an acknowledgeable event (StatSN is
- advanced), which allows for initiator and target state
- synchronization.
-
-
-
-Satran, et al. Standards Track [Page 145]
-
-RFC 3720 iSCSI April 2004
-
-
-10.9.1. AsyncEvent
-
- The codes used for iSCSI Asynchronous Messages (events) are:
-
- 0 - a SCSI Asynchronous Event is reported in the sense data.
- Sense Data that accompanies the report, in the data segment,
- identifies the condition. The sending of a SCSI Event
- (Asynchronous Event Reporting in SCSI terminology) is
- dependent on the target support for SCSI asynchronous event
- reporting (see [SAM2]) as indicated in the standard INQUIRY
- data (see [SPC3]). Its use may be enabled by parameters in
- the SCSI Control mode page (see [SPC3]).
-
- 1 - target requests Logout. This Async Message MUST be sent on
- the same connection as the one requesting to be logged out.
- The initiator MUST honor this request by issuing a Logout as
- early as possible, but no later than Parameter3 seconds.
- Initiator MUST send a Logout with a reason code of "Close the
- connection" OR "Close the session" to close all the
- connections. Once this message is received, the initiator
- SHOULD NOT issue new iSCSI commands on the connection to be
- logged out. The target MAY reject any new I/O requests that
- it receives after this Message with the reason code "Waiting
- for Logout". If the initiator does not Logout in Parameter3
- seconds, the target should send an Async PDU with iSCSI event
- code "Dropped the connection" if possible, or simply terminate
- the transport connection. Parameter1 and Parameter2 are
- reserved.
-
- 2 - target indicates it will drop the connection. The Parameter1
- field indicates the CID of the connection that is going to be
- dropped.
-
- The Parameter2 field (Time2Wait) indicates, in seconds, the
- minimum time to wait before attempting to reconnect or
- reassign.
-
- The Parameter3 field (Time2Retain) indicates the maximum time
- allowed to reassign commands after the initial wait (in
- Parameter2).
-
- If the initiator does not attempt to reconnect and/or reassign
- the outstanding commands within the time specified by
- Parameter3, or if Parameter3 is 0, the target will terminate
- all outstanding commands on this connection. In this case, no
- other responses should be expected from the target for the
- outstanding commands on this connection.
-
-
-
-
-Satran, et al. Standards Track [Page 146]
-
-RFC 3720 iSCSI April 2004
-
-
- A value of 0 for Parameter2 indicates that reconnect can be
- attempted immediately.
-
- 3 - target indicates it will drop all the connections of this
- session.
-
- Parameter1 field is reserved.
-
- The Parameter2 field (Time2Wait) indicates, in seconds, the
- minimum time to wait before attempting to reconnect. The
- Parameter3 field (Time2Retain) indicates the maximum time
- allowed to reassign commands after the initial wait (in
- Parameter2).
-
- If the initiator does not attempt to reconnect and/or reassign
- the outstanding commands within the time specified by
- Parameter3, or if Parameter3 is 0, the session is terminated.
-
- In this case, the target will terminate all outstanding
- commands in this session; no other responses should be
- expected from the target for the outstanding commands in this
- session. A value of 0 for Parameter2 indicates that reconnect
- can be attempted immediately.
-
- 4 - target requests parameter negotiation on this connection. The
- initiator MUST honor this request by issuing a Text Request
- (that can be empty) on the same connection as early as
- possible, but no later than Parameter3 seconds, unless a Text
- Request is already pending on the connection, or by issuing a
- Logout Request. If the initiator does not issue a Text
- Request the target may reissue the Asynchronous Message
- requesting parameter negotiation.
-
- 255 - vendor specific iSCSI Event. The AsyncVCode details the
- vendor code, and data MAY accompany the report.
-
- All other event codes are reserved.
-
-10.9.2. AsyncVCode
-
- AsyncVCode is a vendor specific detail code that is only valid if the
- AsyncEvent field indicates a vendor specific event. Otherwise, it is
- reserved.
-
-10.9.3. LUN
-
- The LUN field MUST be valid if AsyncEvent is 0. Otherwise, this
- field is reserved.
-
-
-
-Satran, et al. Standards Track [Page 147]
-
-RFC 3720 iSCSI April 2004
-
-
-10.9.4. Sense Data and iSCSI Event Data
-
- For a SCSI event, this data accompanies the report in the data
- segment and identifies the condition.
-
- For an iSCSI event, additional vendor-unique data MAY accompany the
- Async event. Initiators MAY ignore the data when not understood
- while processing the rest of the PDU.
-
- If the DataSegmentLength is not 0, the format of the DataSegment is
- as follows:
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|SenseLength | Sense Data |
- +---------------+---------------+---------------+---------------+
- x/ Sense Data /
- +---------------+---------------+---------------+---------------+
- y/ iSCSI Event Data /
- / /
- +---------------+---------------+---------------+---------------+
- z|
-
-10.9.4.1. SenseLength
-
- This is the length of Sense Data. When the Sense Data field is empty
- (e.g., the event is not a SCSI event) SenseLength is 0.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 148]
-
-RFC 3720 iSCSI April 2004
-
-
-10.10. Text Request
-
- The Text Request is provided to allow for the exchange of information
- and for future extensions. It permits the initiator to inform a
- target of its capabilities or to request some special operations.
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|I| 0x04 |F|C| Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| LUN or Reserved |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| Target Transfer Tag or 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 24| CmdSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpStatSN |
- +---------------+---------------+---------------+---------------+
- 32/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
- / DataSegment (Text) /
- +/ /
- +---------------+---------------+---------------+---------------+
- | Data-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
- An initiator MUST have at most one outstanding Text Request on a
- connection at any given time.
-
- On a connection failure, an initiator must either explicitly abort
- any active allegiant text negotiation task or must cause such a task
- to be implicitly terminated by the target.
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 149]
-
-RFC 3720 iSCSI April 2004
-
-
-10.10.1. F (Final) Bit
-
- When set to 1, indicates that this is the last or only text request
- in a sequence of Text Requests; otherwise, it indicates that more
- Text Requests will follow.
-
-10.10.2. C (Continue) Bit
-
- When set to 1, indicates that the text (set of key=value pairs) in
- this Text Request is not complete (it will be continued on subsequent
- Text Requests); otherwise, it indicates that this Text Request ends a
- set of key=value pairs. A Text Request with the C bit set to 1 MUST
- have the F bit set to 0.
-
-10.10.3. Initiator Task Tag
-
- The initiator assigned identifier for this Text Request. If the
- command is sent as part of a sequence of text requests and responses,
- the Initiator Task Tag MUST be the same for all the requests within
- the sequence (similar to linked SCSI commands). The I bit for all
- requests in a sequence also MUST be the same.
-
-10.10.4. Target Transfer Tag
-
- When the Target Transfer Tag is set to the reserved value 0xffffffff,
- it tells the target that this is a new request and the target resets
- any internal state associated with the Initiator Task Tag (resets the
- current negotiation state).
-
- The target sets the Target Transfer Tag in a text response to a value
- other than the reserved value 0xffffffff whenever it indicates that
- it has more data to send or more operations to perform that are
- associated with the specified Initiator Task Tag. It MUST do so
- whenever it sets the F bit to 0 in the response. By copying the
- Target Transfer Tag from the response to the next Text Request, the
- initiator tells the target to continue the operation for the specific
- Initiator Task Tag. The initiator MUST ignore the Target Transfer
- Tag in the Text Response when the F bit is set to 1.
-
- This mechanism allows the initiator and target to transfer a large
- amount of textual data over a sequence of text-command/text-response
- exchanges, or to perform extended negotiation sequences.
-
- If the Target Transfer Tag is not 0xffffffff, the LUN field MUST be
- sent by the target in the Text Response.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 150]
-
-RFC 3720 iSCSI April 2004
-
-
- A target MAY reset its internal negotiation state if an exchange is
- stalled by the initiator for a long time or if it is running out of
- resources.
-
- Long text responses are handled as in the following example:
-
- I->T Text SendTargets=All (F=1,TTT=0xffffffff)
- T->I Text <part 1> (F=0,TTT=0x12345678)
- I->T Text <empty> (F=1, TTT=0x12345678)
- T->I Text <part 2> (F=0, TTT=0x12345678)
- I->T Text <empty> (F=1, TTT=0x12345678)
- ...
- T->I Text <part n> (F=1, TTT=0xffffffff)
-
-10.10.5. Text
-
- The data lengths of a text request MUST NOT exceed the iSCSI target
- MaxRecvDataSegmentLength (a per connection and per direction
- negotiated parameter). The text format is specified in Section 5.2
- Text Mode Negotiation.
-
- Chapter 11 and Chapter 12 list some basic Text key=value pairs, some
- of which can be used in Login Request/Response and some in Text
- Request/Response.
-
- A key=value pair can span Text request or response boundaries. A
- key=value pair can start in one PDU and continue on the next. In
- other words the end of a PDU does not necessarily signal the end of a
- key=value pair.
-
- The target responds by sending its response back to the initiator.
- The response text format is similar to the request text format. The
- text response MAY refer to key=value pairs presented in an earlier
- text request and the text in the request may refer to earlier
- responses.
-
- Chapter 5 details the rules for the Text Requests and Responses.
-
- Text operations are usually meant for parameter setting/
- negotiations, but can also be used to perform some long lasting
- operations.
-
- Text operations that take a long time should be placed in their own
- Text request.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 151]
-
-RFC 3720 iSCSI April 2004
-
-
-10.11. Text Response
-
- The Text Response PDU contains the target's responses to the
- initiator's Text request. The format of the Text field matches that
- of the Text request.
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|.| 0x24 |F|C| Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| LUN or Reserved |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| Target Transfer Tag or 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 24| StatSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpCmdSN |
- +---------------+---------------+---------------+---------------+
- 32| MaxCmdSN |
- +---------------+---------------+---------------+---------------+
- 36/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
- / DataSegment (Text) /
- +/ /
- +---------------+---------------+---------------+---------------+
- | Data-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
-10.11.1. F (Final) Bit
-
- When set to 1, in response to a Text Request with the Final bit set
- to 1, the F bit indicates that the target has finished the whole
- operation. Otherwise, if set to 0 in response to a Text Request with
- the Final Bit set to 1, it indicates that the target has more work to
- do (invites a follow-on text request). A Text Response with the F
- bit set to 1 in response to a Text Request with the F bit set to 0 is
- a protocol error.
-
-
-
-Satran, et al. Standards Track [Page 152]
-
-RFC 3720 iSCSI April 2004
-
-
- A Text Response with the F bit set to 1 MUST NOT contain key=value
- pairs that may require additional answers from the initiator.
-
- A Text Response with the F bit set to 1 MUST have a Target Transfer
- Tag field set to the reserved value of 0xffffffff.
-
- A Text Response with the F bit set to 0 MUST have a Target Transfer
- Tag field set to a value other than the reserved 0xffffffff.
-
-10.11.2. C (Continue) Bit
-
- When set to 1, indicates that the text (set of key=value pairs) in
- this Text Response is not complete (it will be continued on
- subsequent Text Responses); otherwise, it indicates that this Text
- Response ends a set of key=value pairs. A Text Response with the C
- bit set to 1 MUST have the F bit set to 0.
-
-10.11.3. Initiator Task Tag
-
- The Initiator Task Tag matches the tag used in the initial Text
- Request.
-
-10.11.4. Target Transfer Tag
-
- When a target has more work to do (e.g., cannot transfer all the
- remaining text data in a single Text Response or has to continue the
- negotiation) and has enough resources to proceed, it MUST set the
- Target Transfer Tag to a value other than the reserved value of
- 0xffffffff. Otherwise, the Target Transfer Tag MUST be set to
- 0xffffffff.
-
- When the Target Transfer Tag is not 0xffffffff, the LUN field may be
- significant.
-
- The initiator MUST copy the Target Transfer Tag and LUN in its next
- request to indicate that it wants the rest of the data.
-
- When the target receives a Text Request with the Target Transfer Tag
- set to the reserved value of 0xffffffff, it resets its internal
- information (resets state) associated with the given Initiator Task
- Tag (restarts the negotiation).
-
- When a target cannot finish the operation in a single Text Response,
- and does not have enough resources to continue, it rejects the Text
- Request with the appropriate Reject code.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 153]
-
-RFC 3720 iSCSI April 2004
-
-
- A target may reset its internal state associated with an Initiator
- Task Tag (the current negotiation state), state expressed through the
- Target Transfer Tag if the initiator fails to continue the exchange
- for some time. The target may reject subsequent Text Requests with
- the Target Transfer Tag set to the "stale" value.
-
-10.11.5. StatSN
-
- The target StatSN variable is advanced by each Text Response sent.
-
-10.11.6. Text Response Data
-
- The data lengths of a text response MUST NOT exceed the iSCSI
- initiator MaxRecvDataSegmentLength (a per connection and per
- direction negotiated parameter).
-
- The text in the Text Response Data is governed by the same rules as
- the text in the Text Request Data (see Section 10.10.5 Text).
-
- Although the initiator is the requesting party and controls the
- request-response initiation and termination, the target can offer
- key=value pairs of its own as part of a sequence and not only in
- response to the initiator.
-
-10.12. Login Request
-
- After establishing a TCP connection between an initiator and a
- target, the initiator MUST start a Login Phase to gain further access
- to the target's resources.
-
- The Login Phase (see Chapter 5) consists of a sequence of Login
- Requests and Responses that carry the same Initiator Task Tag.
-
- Login Requests are always considered as immediate.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 154]
-
-RFC 3720 iSCSI April 2004
-
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|1| 0x03 |T|C|.|.|CSG|NSG| Version-max | Version-min |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| ISID |
- + +---------------+---------------+
- 12| | TSIH |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| CID | Reserved |
- +---------------+---------------+---------------+---------------+
- 24| CmdSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpStatSN or Reserved |
- +---------------+---------------+---------------+---------------+
- 32| Reserved |
- +---------------+---------------+---------------+---------------+
- 36| Reserved |
- +---------------+---------------+---------------+---------------+
- 40/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 48/ DataSegment - Login Parameters in Text request Format /
- +/ /
- +---------------+---------------+---------------+---------------+
-
-10.12.1. T (Transit) Bit
-
- If set to 1, indicates that the initiator is ready to transit to the
- next stage.
-
- If the T bit is set to 1 and NSG is FullFeaturePhase, then this also
- indicates that the initiator is ready for the Final Login Response
- (see Chapter 5).
-
-10.12.2. C (Continue) Bit
-
- When set to 1, indicates that the text (set of key=value pairs) in
- this Login Request is not complete (it will be continued on
- subsequent Login Requests); otherwise, it indicates that this Login
- Request ends a set of key=value pairs. A Login Request with the C
- bit set to 1 MUST have the T bit set to 0.
-
-
-
-
-Satran, et al. Standards Track [Page 155]
-
-RFC 3720 iSCSI April 2004
-
-
-10.12.3. CSG and NSG
-
- Through these fields, Current Stage (CSG) and Next Stage (NSG), the
- Login negotiation requests and responses are associated with a
- specific stage in the session (SecurityNegotiation,
- LoginOperationalNegotiation, FullFeaturePhase) and may indicate the
- next stage to which they want to move (see Chapter 5). The next
- stage value is only valid when the T bit is 1; otherwise, it is
- reserved.
-
- The stage codes are:
-
- - 0 - SecurityNegotiation
- - 1 - LoginOperationalNegotiation
- - 3 - FullFeaturePhase
-
- All other codes are reserved.
-
-10.12.4. Version
-
- The version number of the current draft is 0x00. As such, all
- devices MUST carry version 0x00 for both Version-min and Version-max.
-
-10.12.4.1. Version-max
-
- Maximum Version number supported.
-
- All Login Requests within the Login Phase MUST carry the same
- Version-max.
-
- The target MUST use the value presented with the first Login Request.
-
-10.12.4.2. Version-min
-
- All Login Requests within the Login Phase MUST carry the same
- Version-min. The target MUST use the value presented with the first
- Login Request.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 156]
-
-RFC 3720 iSCSI April 2004
-
-
-10.12.5. ISID
-
- This is an initiator-defined component of the session identifier and
- is structured as follows (see [RFC3721] and Section 9.1.1
- Conservative Reuse of ISIDs for details):
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 8| T | A | B | C |
- +---------------+---------------+---------------+---------------+
- 12| D |
- +---------------+---------------+
-
- The T field identifies the format and usage of A, B, C, and D as
- indicated below:
-
- T
-
- 00b OUI-Format
- A&B are a 22 bit OUI
- (the I/G & U/L bits are omitted)
- C&D 24 bit qualifier
- 01b EN - Format (IANA Enterprise Number)
- A - Reserved
- B&C EN (IANA Enterprise Number)
- D - Qualifier
- 10b "Random"
- A - Reserved
- B&C Random
- D - Qualifier
- 11b A,B,C&D Reserved
-
- For the T field values 00b and 01b, a combination of A and B (for
- 00b) or B and C (for 01b) identifies the vendor or organization whose
- component (software or hardware) generates this ISID. A vendor or
- organization with one or more OUIs, or one or more Enterprise
- Numbers, MUST use at least one of these numbers and select the
- appropriate value for the T field when its components generate ISIDs.
- An OUI or EN MUST be set in the corresponding fields in network byte
- order (byte big-endian).
-
- If the T field is 10b, B and C are set to a random 24-bit unsigned
- integer value in network byte order (byte big-endian). See [RFC3721]
- for how this affects the principle of "conservative reuse".
-
-
-
-
-
-Satran, et al. Standards Track [Page 157]
-
-RFC 3720 iSCSI April 2004
-
-
- The Qualifier field is a 16 or 24-bit unsigned integer value that
- provides a range of possible values for the ISID within the selected
- namespace. It may be set to any value within the constraints
- specified in the iSCSI protocol (see Section 3.4.3 Consequences of
- the Model and Section 9.1.1 Conservative Reuse of ISIDs).
-
- The T field value of 11b is reserved.
-
- If the ISID is derived from something assigned to a hardware adapter
- or interface by a vendor, as a preset default value, it MUST be
- configurable to a value assigned according to the SCSI port behavior
- desired by the system in which it is installed (see Section 9.1.1
- Conservative Reuse of ISIDs and Section 9.1.2 iSCSI Name, ISID, and
- TPGT Use). The resultant ISID MUST also be persistent over power
- cycles, reboot, card swap, etc.
-
-10.12.6. TSIH
-
- TSIH must be set in the first Login Request. The reserved value 0
- MUST be used on the first connection for a new session. Otherwise,
- the TSIH sent by the target at the conclusion of the successful login
- of the first connection for this session MUST be used. The TSIH
- identifies to the target the associated existing session for this new
- connection.
-
- All Login Requests within a Login Phase MUST carry the same TSIH.
-
- The target MUST check the value presented with the first Login
- Request and act as specified in Section 5.3.1 Login Phase Start.
-
-10.12.7. Connection ID - CID
-
- A unique ID for this connection within the session.
-
- All Login Requests within the Login Phase MUST carry the same CID.
-
- The target MUST use the value presented with the first Login Request.
-
- A Login Request with a non-zero TSIH and a CID equal to that of an
- existing connection implies a logout of the connection followed by a
- Login (see Section 5.3.4 Connection Reinstatement). For the details
- of the implicit Logout Request, see Section 10.14 Logout Request.
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 158]
-
-RFC 3720 iSCSI April 2004
-
-
-10.12.8. CmdSN
-
- CmdSN is either the initial command sequence number of a session (for
- the first Login Request of a session - the "leading" login), or the
- command sequence number in the command stream if the login is for a
- new connection in an existing session.
-
- Examples:
-
- - Login on a leading connection - if the leading login carries
- the CmdSN 123, all other Login Requests in the same Login Phase
- carry the CmdSN 123 and the first non-immediate command in
- FullFeaturePhase also carries the CmdSN 123.
-
- - Login on other than a leading connection - if the current CmdSN
- at the time the first login on the connection is issued is 500,
- then that PDU carries CmdSN=500. Subsequent Login Requests
- that are needed to complete this Login Phase may carry a CmdSN
- higher than 500 if non-immediate requests that were issued on
- other connections in the same session advance CmdSN.
-
- If the Login Request is a leading Login Request, the target MUST use
- the value presented in CmdSN as the target value for ExpCmdSN.
-
-10.12.9. ExpStatSN
-
- For the first Login Request on a connection this is ExpStatSN for the
- old connection and this field is only valid if the Login Request
- restarts a connection (see Section 5.3.4 Connection Reinstatement).
-
- For subsequent Login Requests it is used to acknowledge the Login
- Responses with their increasing StatSN values.
-
-10.12.10. Login Parameters
-
- The initiator MUST provide some basic parameters in order to enable
- the target to determine if the initiator may use the target's
- resources and the initial text parameters for the security exchange.
-
- All the rules specified in Section 10.10.5 Text for text requests
- also hold for Login Requests. Keys and their explanations are listed
- in Chapter 11 (security negotiation keys) and Chapter 12 (operational
- parameter negotiation keys). All keys in Chapter 12, except for the
- X extension formats, MUST be supported by iSCSI initiators and
- targets. Keys in Chapter 11 only need to be supported when the
- function to which they refer is mandatory to implement.
-
-
-
-
-
-Satran, et al. Standards Track [Page 159]
-
-RFC 3720 iSCSI April 2004
-
-
-10.13. Login Response
-
- The Login Response indicates the progress and/or end of the Login
- Phase.
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|.| 0x23 |T|C|.|.|CSG|NSG| Version-max | Version-active|
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| ISID |
- + +---------------+---------------+
- 12| | TSIH |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| Reserved |
- +---------------+---------------+---------------+---------------+
- 24| StatSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpCmdSN |
- +---------------+---------------+---------------+---------------+
- 32| MaxCmdSN |
- +---------------+---------------+---------------+---------------+
- 36| Status-Class | Status-Detail | Reserved |
- +---------------+---------------+---------------+---------------+
- 40/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 48/ DataSegment - Login Parameters in Text request Format /
- +/ /
- +---------------+---------------+---------------+---------------+
-
-10.13.1. Version-max
-
- This is the highest version number supported by the target.
-
- All Login Responses within the Login Phase MUST carry the same
- Version-max.
-
- The initiator MUST use the value presented as a response to the first
- Login Request.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 160]
-
-RFC 3720 iSCSI April 2004
-
-
-10.13.2. Version-active
-
- Indicates the highest version supported by the target and initiator.
- If the target does not support a version within the range specified
- by the initiator, the target rejects the login and this field
- indicates the lowest version supported by the target.
-
- All Login Responses within the Login Phase MUST carry the same
- Version-active.
-
- The initiator MUST use the value presented as a response to the first
- Login Request.
-
-10.13.3. TSIH
-
- The TSIH is the target assigned session identifying handle. Its
- internal format and content are not defined by this protocol except
- for the value 0 that is reserved. With the exception of the Login
- Final-Response in a new session, this field should be set to the TSIH
- provided by the initiator in the Login Request. For a new session,
- the target MUST generate a non-zero TSIH and ONLY return it in the
- Login Final-Response (see Section 5.3 Login Phase).
-
-10.13.4. StatSN
-
- For the first Login Response (the response to the first Login
- Request), this is the starting status Sequence Number for the
- connection. The next response of any kind, including the next Login
- Response, if any, in the same Login Phase, will carry this number +
- 1. This field is only valid if the Status-Class is 0.
-
-10.13.5. Status-Class and Status-Detail
-
- The Status returned in a Login Response indicates the execution
- status of the Login Phase. The status includes:
-
- Status-Class
- Status-Detail
-
- 0 Status-Class indicates success.
-
- A non-zero Status-Class indicates an exception. In this case,
- Status-Class is sufficient for a simple initiator to use when
- handling exceptions, without having to look at the Status-Detail.
- The Status-Detail allows finer-grained exception handling for more
- sophisticated initiators and for better information for logging.
-
-
-
-
-
-Satran, et al. Standards Track [Page 161]
-
-RFC 3720 iSCSI April 2004
-
-
- The status classes are as follows:
-
- 0 - Success - indicates that the iSCSI target successfully
- received, understood, and accepted the request. The numbering
- fields (StatSN, ExpCmdSN, MaxCmdSN) are only valid if
- Status-Class is 0.
-
- 1 - Redirection - indicates that the initiator must take further
- action to complete the request. This is usually due to the
- target moving to a different address. All of the redirection
- status class responses MUST return one or more text key
- parameters of the type "TargetAddress", which indicates the
- target's new address. A redirection response MAY be issued by
- a target prior or after completing a security negotiation if a
- security negotiation is required. A redirection SHOULD be
- accepted by an initiator even without having the target
- complete a security negotiation if any security negotiation is
- required, and MUST be accepted by the initiator after the
- completion of the security negotiation if any security
- negotiation is required.
-
- 2 - Initiator Error (not a format error) - indicates that the
- initiator most likely caused the error. This MAY be due to a
- request for a resource for which the initiator does not have
- permission. The request should not be tried again.
-
- 3 - Target Error - indicates that the target sees no errors in the
- initiator's Login Request, but is currently incapable of
- fulfilling the request. The initiator may re-try the same
- Login Request later.
-
- The table below shows all of the currently allocated status codes.
- The codes are in hexadecimal; the first byte is the status class and
- the second byte is the status detail.
-
- -----------------------------------------------------------------
- Status | Code | Description
- |(hex) |
- -----------------------------------------------------------------
- Success | 0000 | Login is proceeding OK (*1).
- -----------------------------------------------------------------
- Target moved | 0101 | The requested iSCSI Target Name (ITN)
- temporarily | | has temporarily moved
- | | to the address provided.
- -----------------------------------------------------------------
- Target moved | 0102 | The requested ITN has permanently moved
- permanently | | to the address provided.
- -----------------------------------------------------------------
-
-
-
-Satran, et al. Standards Track [Page 162]
-
-RFC 3720 iSCSI April 2004
-
-
- Initiator | 0200 | Miscellaneous iSCSI initiator
- error | | errors.
- ----------------------------------------------------------------
- Authentication| 0201 | The initiator could not be
- failure | | successfully authenticated or target
- | | authentication is not supported.
- -----------------------------------------------------------------
- Authorization | 0202 | The initiator is not allowed access
- failure | | to the given target.
- -----------------------------------------------------------------
- Not found | 0203 | The requested ITN does not
- | | exist at this address.
- -----------------------------------------------------------------
- Target removed| 0204 | The requested ITN has been removed and
- | |no forwarding address is provided.
- -----------------------------------------------------------------
- Unsupported | 0205 | The requested iSCSI version range is
- version | | not supported by the target.
- -----------------------------------------------------------------
- Too many | 0206 | Too many connections on this SSID.
- connections | |
- -----------------------------------------------------------------
- Missing | 0207 | Missing parameters (e.g., iSCSI
- parameter | | Initiator and/or Target Name).
- -----------------------------------------------------------------
- Can't include | 0208 | Target does not support session
- in session | | spanning to this connection (address).
- -----------------------------------------------------------------
- Session type | 0209 | Target does not support this type of
- not supported | | of session or not from this Initiator.
- -----------------------------------------------------------------
- Session does | 020a | Attempt to add a connection
- not exist | | to a non-existent session.
- -----------------------------------------------------------------
- Invalid during| 020b | Invalid Request type during Login.
- login | |
- -----------------------------------------------------------------
- Target error | 0300 | Target hardware or software error.
- -----------------------------------------------------------------
- Service | 0301 | The iSCSI service or target is not
- unavailable | | currently operational.
- -----------------------------------------------------------------
- Out of | 0302 | The target has insufficient session,
- resources | | connection, or other resources.
- -----------------------------------------------------------------
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 163]
-
-RFC 3720 iSCSI April 2004
-
-
- (*1) If the response T bit is 1 in both the request and the matching
- response, and the NSG is FullFeaturePhase in both the request and the
- matching response, the Login Phase is finished and the initiator may
- proceed to issue SCSI commands.
-
- If the Status Class is not 0, the initiator and target MUST close the
- TCP connection.
-
- If the target wishes to reject the Login Request for more than one
- reason, it should return the primary reason for the rejection.
-
-10.13.6. T (Transit) bit
-
- The T bit is set to 1 as an indicator of the end of the stage. If
- the T bit is set to 1 and NSG is FullFeaturePhase, then this is also
- the Final Login Response (see Chapter 5). A T bit of 0 indicates a
- "partial" response, which means "more negotiation needed".
-
- A Login Response with a T bit set to 1 MUST NOT contain key=value
- pairs that may require additional answers from the initiator within
- the same stage.
-
- If the status class is 0, the T bit MUST NOT be set to 1 if the T bit
- in the request was set to 0.
-
-10.13.7. C (Continue) Bit
-
- When set to 1, indicates that the text (set of key=value pairs) in
- this Login Response is not complete (it will be continued on
- subsequent Login Responses); otherwise, it indicates that this Login
- Response ends a set of key=value pairs. A Login Response with the C
- bit set to 1 MUST have the T bit set to 0.
-
-10.13.8. Login Parameters
-
- The target MUST provide some basic parameters in order to enable the
- initiator to determine if it is connected to the correct port and the
- initial text parameters for the security exchange.
-
- All the rules specified in Section 10.11.6 Text Response Data for
- text responses also hold for Login Responses. Keys and their
- explanations are listed in Chapter 11 (security negotiation keys) and
- Chapter 12 (operational parameter negotiation keys). All keys in
- Chapter 12, except for the X extension formats, MUST be supported by
- iSCSI initiators and targets. Keys in Chapter 11, only need to be
- supported when the function to which they refer is mandatory to
- implement.
-
-
-
-
-Satran, et al. Standards Track [Page 164]
-
-RFC 3720 iSCSI April 2004
-
-
-10.14. Logout Request
-
- The Logout Request is used to perform a controlled closing of a
- connection.
-
- An initiator MAY use a Logout Request to remove a connection from a
- session or to close an entire session.
-
- After sending the Logout Request PDU, an initiator MUST NOT send any
- new iSCSI requests on the closing connection. If the Logout Request
- is intended to close the session, new iSCSI requests MUST NOT be sent
- on any of the connections participating in the session.
-
- When receiving a Logout Request with the reason code of "close the
- connection" or "close the session", the target MUST terminate all
- pending commands, whether acknowledged via ExpCmdSN or not, on that
- connection or session respectively.
-
- When receiving a Logout Request with the reason code "remove
- connection for recovery", the target MUST discard all requests not
- yet acknowledged via ExpCmdSN that were issued on the specified
- connection, and suspend all data/status/R2T transfers on behalf of
- pending commands on the specified connection.
-
- The target then issues the Logout Response and half-closes the TCP
- connection (sends FIN). After receiving the Logout Response and
- attempting to receive the FIN (if still possible), the initiator MUST
- completely close the logging-out connection. For the terminated
- commands, no additional responses should be expected.
-
- A Logout for a CID may be performed on a different transport
- connection when the TCP connection for the CID has already been
- terminated. In such a case, only a logical "closing" of the iSCSI
- connection for the CID is implied with a Logout.
-
- All commands that were not terminated or not completed (with status)
- and acknowledged when the connection is closed completely can be
- reassigned to a new connection if the target supports connection
- recovery.
-
- If an initiator intends to start recovery for a failing connection,
- it MUST use the Logout Request to "clean-up" the target end of a
- failing connection and enable recovery to start, or the Login Request
- with a non-zero TSIH and the same CID on a new connection for the
- same effect (see Section 10.14.3 CID). In sessions with a single
- connection, the connection can be closed and then a new connection
- reopened. A connection reinstatement login can be used for recovery
- (see Section 5.3.4 Connection Reinstatement).
-
-
-
-Satran, et al. Standards Track [Page 165]
-
-RFC 3720 iSCSI April 2004
-
-
- A successful completion of a Logout Request with the reason code of
- "close the connection" or "remove the connection for recovery"
- results at the target in the discarding of unacknowledged commands
- received on the connection being logged out. These are commands that
- have arrived on the connection being logged out, but have not been
- delivered to SCSI because one or more commands with a smaller CmdSN
- has not been received by iSCSI. See Section 3.2.2.1 Command
- Numbering and Acknowledging. The resulting holes the in command
- sequence numbers will have to be handled by appropriate recovery (see
- Chapter 6) unless the session is also closed.
-
- The entire logout discussion in this section is also applicable for
- an implicit Logout realized via a connection reinstatement or session
- reinstatement. When a Login Request performs an implicit Logout, the
- implicit Logout is performed as if having the reason codes specified
- below:
-
- Reason code Type of implicit Logout
- -------------------------------------------
- 0 session reinstatement
- 1 connection reinstatement when
- the operational ErrorRecoveryLevel < 2
- 2 connection reinstatement when
- the operational ErrorRecoveryLevel = 2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 166]
-
-RFC 3720 iSCSI April 2004
-
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|I| 0x06 |1| Reason Code | Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------------------------------------------------------+
- 8/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| CID or Reserved | Reserved |
- +---------------+---------------+---------------+---------------+
- 24| CmdSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpStatSN |
- +---------------+---------------+---------------+---------------+
- 32/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
-10.14.1. Reason Code
-
- Reason Code indicates the reason for Logout as follows:
-
- 0 - close the session. All commands associated with the session
- (if any) are terminated.
-
- 1 - close the connection. All commands associated with connection
- (if any) are terminated.
-
- 2 - remove the connection for recovery. Connection is closed and
- all commands associated with it, if any, are to be prepared
- for a new allegiance.
-
- All other values are reserved.
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 167]
-
-RFC 3720 iSCSI April 2004
-
-
-10.14.2. TotalAHSLength and DataSegmentLength
-
- For this PDU TotalAHSLength and DataSegmentLength MUST be 0.
-
-10.14.3. CID
-
- This is the connection ID of the connection to be closed (including
- closing the TCP stream). This field is only valid if the reason code
- is not "close the session".
-
-10.14.4. ExpStatSN
-
- This is the last ExpStatSN value for the connection to be closed.
-
-10.14.5. Implicit termination of tasks
-
- A target implicitly terminates the active tasks due to the iSCSI
- protocol in the following cases:
-
- a) When a connection is implicitly or explicitly logged out with
- the reason code of "Close the connection" and there are active
- tasks allegiant to that connection.
-
- b) When a connection fails and eventually the connection state
- times out (state transition M1 in Section 7.2.2 State
- Transition Descriptions for Initiators and Targets) and there
- are active tasks allegiant to that connection.
-
- c) When a successful recovery Logout is performed while there are
- active tasks allegiant to that connection, and those tasks
- eventually time out after the Time2Wait and Time2Retain
- periods without allegiance reassignment.
-
- d) When a connection is implicitly or explicitly logged out with
- the reason code of "Close the session" and there are active
- tasks in that session.
-
- If the tasks terminated in any of the above cases are SCSI tasks,
- they must be internally terminated as if with CHECK CONDITION status.
- This status is only meaningful for appropriately handling the
- internal SCSI state and SCSI side effects with respect to ordering
- because this status is never communicated back as a terminating
- status to the initiator. However additional actions may have to be
- taken at SCSI level depending on the SCSI context as defined by the
- SCSI standards (e.g., queued commands and ACA, in cases a), b), and
- c), after the tasks are terminated, the target MUST report a Unit
- Attention condition on the next command processed on any connection
- for each affected I_T_L nexus with the status of CHECK CONDITION, and
-
-
-
-Satran, et al. Standards Track [Page 168]
-
-RFC 3720 iSCSI April 2004
-
-
- the ASC/ASCQ value of 47h/7Fh - "SOME COMMANDS CLEARED BY ISCSI
- PROTOCOL EVENT" - etc. - see [SAM2] and [SPC3]).
-
-10.15. Logout Response
-
- The Logout Response is used by the target to indicate if the cleanup
- operation for the connection(s) has completed.
-
- After Logout, the TCP connection referred by the CID MUST be closed
- at both ends (or all connections must be closed if the logout reason
- was session close).
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|.| 0x26 |1| Reserved | Response | Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------------------------------------------------------+
- 8/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag |
- +---------------+---------------+---------------+---------------+
- 20| Reserved |
- +---------------+---------------+---------------+---------------+
- 24| StatSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpCmdSN |
- +---------------+---------------+---------------+---------------+
- 32| MaxCmdSN |
- +---------------+---------------+---------------+---------------+
- 36| Reserved |
- +---------------------------------------------------------------+
- 40| Time2Wait | Time2Retain |
- +---------------+---------------+---------------+---------------+
- 44| Reserved |
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 169]
-
-RFC 3720 iSCSI April 2004
-
-
-10.15.1. Response
-
- Logout Response:
-
- 0 - connection or session closed successfully.
-
- 1 - CID not found.
-
- 2 - connection recovery is not supported. If Logout reason code
- was recovery and target does not support it as indicated by the
- ErrorRecoveryLevel.
-
- 3 - cleanup failed for various reasons.
-
-10.15.2. TotalAHSLength and DataSegmentLength
-
- For this PDU TotalAHSLength and DataSegmentLength MUST be 0.
-
-10.15.3. Time2Wait
-
- If the Logout Response code is 0 and if the operational
- ErrorRecoveryLevel is 2, this is the minimum amount of time, in
- seconds, to wait before attempting task reassignment. If the Logout
- Response code is 0 and if the operational ErrorRecoveryLevel is less
- than 2, this field is to be ignored.
-
- This field is invalid if the Logout Response code is 1.
-
- If the Logout response code is 2 or 3, this field specifies the
- minimum time to wait before attempting a new implicit or explicit
- logout.
-
- If Time2Wait is 0, the reassignment or a new Logout may be attempted
- immediately.
-
-10.15.4. Time2Retain
-
- If the Logout response code is 0 and if the operational
- ErrorRecoveryLevel is 2, this is the maximum amount of time, in
- seconds, after the initial wait (Time2Wait), the target waits for the
- allegiance reassignment for any active task after which the task
- state is discarded. If the Logout response code is 0 and if the
- operational ErrorRecoveryLevel is less than 2, this field is to be
- ignored.
-
- This field is invalid if the Logout response code is 1.
-
-
-
-
-
-Satran, et al. Standards Track [Page 170]
-
-RFC 3720 iSCSI April 2004
-
-
- If the Logout response code is 2 or 3, this field specifies the
- maximum amount of time, in seconds, after the initial wait
- (Time2Wait), the target waits for a new implicit or explicit logout.
-
- If it is the last connection of a session, the whole session state is
- discarded after Time2Retain.
-
- If Time2Retain is 0, the target has already discarded the connection
- (and possibly the session) state along with the task states. No
- reassignment or Logout is required in this case.
-
-10.16. SNACK Request
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|.| 0x10 |1|.|.|.| Type | Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| LUN or Reserved |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag or 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 20| Target Transfer Tag or SNACK Tag or 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 24| Reserved |
- +---------------+---------------+---------------+---------------+
- 28| ExpStatSN |
- +---------------+---------------+---------------+---------------+
- 32/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 40| BegRun |
- +---------------------------------------------------------------+
- 44| RunLength |
- +---------------------------------------------------------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
- If the implementation supports ErrorRecoveryLevel greater than zero,
- it MUST support all SNACK types.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 171]
-
-RFC 3720 iSCSI April 2004
-
-
- The SNACK is used by the initiator to request the retransmission of
- numbered-responses, data, or R2T PDUs from the target. The SNACK
- request indicates the numbered-responses or data "runs" whose
- retransmission is requested by the target, where the run starts with
- the first StatSN, DataSN, or R2TSN whose retransmission is requested
- and indicates the number of Status, Data, or R2T PDUs requested
- including the first. 0 has special meaning when used as a starting
- number and length:
-
- - When used in RunLength, it means all PDUs starting with the
- initial.
- - When used in both BegRun and RunLength, it means all
- unacknowledged PDUs.
-
- The numbered-response(s) or R2T(s), requested by a SNACK, MUST be
- delivered as exact replicas of the ones that the target transmitted
- originally except for the fields ExpCmdSN, MaxCmdSN, and ExpDataSN,
- which MUST carry the current values. R2T(s)requested by SNACK MUST
- also carry the current value of StatSN.
-
- The numbered Data-In PDUs, requested by a Data SNACK MUST be
- delivered as exact replicas of the ones that the target transmitted
- originally except for the fields ExpCmdSN and MaxCmdSN, which MUST
- carry the current values and except for resegmentation (see Section
- 10.16.3 Resegmentation).
-
- Any SNACK that requests a numbered-response, Data, or R2T that was
- not sent by the target or was already acknowledged by the initiator,
- MUST be rejected with a reason code of "Protocol error".
-
-10.16.1. Type
-
- This field encodes the SNACK function as follows:
-
- 0-Data/R2T SNACK - requesting retransmission of one or more Data-
- In or R2T PDUs.
-
- 1-Status SNACK - requesting retransmission of one or more numbered
- responses.
-
- 2-DataACK - positively acknowledges Data-In PDUs.
-
- 3-R-Data SNACK - requesting retransmission of Data-In PDUs with
- possible resegmentation and status tagging.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 172]
-
-RFC 3720 iSCSI April 2004
-
-
- All other values are reserved.
-
- Data/R2T SNACK, Status SNACK, or R-Data SNACK for a command MUST
- precede status acknowledgement for the given command.
-
-10.16.2. Data Acknowledgement
-
- If an initiator operates at ErrorRecoveryLevel 1 or higher, it MUST
- issue a SNACK of type DataACK after receiving a Data-In PDU with the
- A bit set to 1. However, if the initiator has detected holes in the
- input sequence, it MUST postpone issuing the SNACK of type DataACK
- until the holes are filled. An initiator MAY ignore the A bit if it
- deems that the bit is being set aggressively by the target (i.e.,
- before the MaxBurstLength limit is reached).
-
- The DataACK is used to free resources at the target and not to
- request or imply data retransmission.
-
- An initiator MUST NOT request retransmission for any data it had
- already acknowledged.
-
-10.16.3. Resegmentation
-
- If the initiator MaxRecvDataSegmentLength changed between the
- original transmission and the time the initiator requests
- retransmission, the initiator MUST issue a R-Data SNACK (see Section
- 10.16.1 Type). With R-Data SNACK, the initiator indicates that it
- discards all the unacknowledged data and expects the target to resend
- it. It also expects resegmentation. In this case, the retransmitted
- Data-In PDUs MAY be different from the ones originally sent in order
- to reflect changes in MaxRecvDataSegmentLength. Their DataSN starts
- with the BegRun of the last DataACK received by the target if any was
- received; otherwise it starts with 0 and is increased by 1 for each
- resent Data-In PDU.
-
- A target that has received a R-Data SNACK MUST return a SCSI Response
- that contains a copy of the SNACK Tag field from the R-Data SNACK in
- the SCSI Response SNACK Tag field as its last or only Response. For
- example, if it has already sent a response containing another value
- in the SNACK Tag field or had the status included in the last Data-In
- PDU, it must send a new SCSI Response PDU. If a target sends more
- than one SCSI Response PDU due to this rule, all SCSI responses must
- carry the same StatSN (see Section 10.4.4 SNACK Tag). If an
- initiator attempts to recover a lost SCSI Response (with a
- Status SNACK, see Section 10.16.1 Type) when more than one response
- has been sent, the target will send the SCSI Response with the latest
- content known to the target, including the last SNACK Tag for the
- command.
-
-
-
-Satran, et al. Standards Track [Page 173]
-
-RFC 3720 iSCSI April 2004
-
-
- For considerations in allegiance reassignment of a task to a
- connection with a different MaxRecvDataSegmentLength, refer to
- Section 6.2.2 Allegiance Reassignment.
-
-10.16.4. Initiator Task Tag
-
- For Status SNACK and DataACK, the Initiator Task Tag MUST be set to
- the reserved value 0xffffffff. In all other cases, the Initiator
- Task Tag field MUST be set to the Initiator Task Tag of the
- referenced command.
-
-10.16.5. Target Transfer Tag or SNACK Tag
-
- For an R-Data SNACK, this field MUST contain a value that is
- different from 0 or 0xffffffff and is unique for the task (identified
- by the Initiator Task Tag). This value MUST be copied by the iSCSI
- target in the last or only SCSI Response PDU it issues for the
- command.
-
- For DataACK, the Target Transfer Tag MUST contain a copy of the
- Target Transfer Tag and LUN provided with the SCSI Data-In PDU with
- the A bit set to 1.
-
- In all other cases, the Target Transfer Tag field MUST be set to the
- reserved value of 0xffffffff.
-
-10.16.6. BegRun
-
- The DataSN, R2TSN, or StatSN of the first PDU whose retransmission is
- requested (Data/R2T and Status SNACK), or the next expected DataSN
- (DataACK SNACK).
-
- BegRun 0 when used in conjunction with RunLength 0 means resend all
- unacknowledged Data-In, R2T or Response PDUs.
-
- BegRun MUST be 0 for a R-Data SNACK.
-
-10.16.7. RunLength
-
- The number of PDUs whose retransmission is requested.
-
- RunLength 0 signals that all Data-In, R2T, or Response PDUs carrying
- the numbers equal to or greater than BegRun have to be resent.
-
- The RunLength MUST also be 0 for a DataACK SNACK in addition to
- R-Data SNACK.
-
-
-
-
-
-Satran, et al. Standards Track [Page 174]
-
-RFC 3720 iSCSI April 2004
-
-
-10.17. Reject
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|.| 0x3f |1| Reserved | Reason | Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 16| 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 20| Reserved |
- +---------------+---------------+---------------+---------------+
- 24| StatSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpCmdSN |
- +---------------+---------------+---------------+---------------+
- 32| MaxCmdSN |
- +---------------+---------------+---------------+---------------+
- 36| DataSN/R2TSN or Reserved |
- +---------------+---------------+---------------+---------------+
- 40| Reserved |
- +---------------+---------------+---------------+---------------+
- 44| Reserved |
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
- xx/ Complete Header of Bad PDU /
- +/ /
- +---------------+---------------+---------------+---------------+
- yy/Vendor specific data (if any) /
- / /
- +---------------+---------------+---------------+---------------+
- zz| Data-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
- Reject is used to indicate an iSCSI error condition (protocol,
- unsupported option, etc.).
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 175]
-
-RFC 3720 iSCSI April 2004
-
-
-10.17.1. Reason
-
- The reject Reason is coded as follows:
-
- +------+----------------------------------------+------------------+
- | Code | Explanation | Can the original |
- | (hex)| | PDU be re-sent? |
- +------+----------------------------------------+------------------+
- | 0x01 | Reserved | no |
- | | | |
- | 0x02 | Data (payload) Digest Error | yes (Note 1) |
- | | | |
- | 0x03 | SNACK Reject | yes |
- | | | |
- | 0x04 | Protocol Error (e.g., SNACK request for| no |
- | | a status that was already acknowledged)| |
- | | | |
- | 0x05 | Command not supported | no |
- | | | |
- | 0x06 | Immediate Command Reject - too many | yes |
- | | immediate commands | |
- | | | |
- | 0x07 | Task in progress | no |
- | | | |
- | 0x08 | Invalid Data ACK | no |
- | | | |
- | 0x09 | Invalid PDU field | no (Note 2) |
- | | | |
- | 0x0a | Long Operation Reject - Can't generate | yes |
- | | Target Transfer Tag - out of resources | |
- | | | |
- | 0x0b | Negotiation Reset | no |
- | | | |
- | 0x0c | Waiting for Logout | no |
- +------+----------------------------------------+------------------+
-
- Note 1: For iSCSI, Data-Out PDU retransmission is only done if the
- target requests retransmission with a recovery R2T. However, if this
- is the data digest error on immediate data, the initiator may choose
- to retransmit the whole PDU including the immediate data.
-
- Note 2: A target should use this reason code for all invalid values
- of PDU fields that are meant to describe a task, a response, or a
- data transfer. Some examples are invalid TTT/ITT, buffer offset, LUN
- qualifying a TTT, and an invalid sequence number in a SNACK.
-
- All other values for Reason are reserved.
-
-
-
-
-Satran, et al. Standards Track [Page 176]
-
-RFC 3720 iSCSI April 2004
-
-
- In all the cases in which a pre-instantiated SCSI task is terminated
- because of the reject, the target MUST issue a proper SCSI command
- response with CHECK CONDITION as described in Section 10.4.3
- Response. In these cases in which a status for the SCSI task was
- already sent before the reject, no additional status is required. If
- the error is detected while data from the initiator is still expected
- (i.e., the command PDU did not contain all the data and the target
- has not received a Data-Out PDU with the Final bit set to 1 for the
- unsolicited data, if any, and all outstanding R2Ts, if any), the
- target MUST wait until it receives the last expected Data-Out PDUs
- with the F bit set to 1 before sending the Response PDU.
-
- For additional usage semantics of Reject PDU, see Section 6.3 Usage
- Of Reject PDU in Recovery.
-
-10.17.2. DataSN/R2TSN
-
- This field is only valid if the rejected PDU is a Data/R2T SNACK and
- the Reject reason code is "Protocol error" (see Section 10.16 SNACK
- Request). The DataSN/R2TSN is the next Data/R2T sequence number that
- the target would send for the task, if any.
-
-10.17.3. StatSN, ExpCmdSN and MaxCmdSN
-
- These fields carry their usual values and are not related to the
- rejected command. StatSN is advanced after a Reject.
-
-10.17.4. Complete Header of Bad PDU
-
- The target returns the header (not including digest) of the PDU in
- error as the data of the response.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 177]
-
-RFC 3720 iSCSI April 2004
-
-
-10.18. NOP-Out
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|I| 0x00 |1| Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| LUN or Reserved |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag or 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 20| Target Transfer Tag or 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 24| CmdSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpStatSN |
- +---------------+---------------+---------------+---------------+
- 32/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
- / DataSegment - Ping Data (optional) /
- +/ /
- +---------------+---------------+---------------+---------------+
- | Data-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
- A NOP-Out may be used by an initiator as a "ping request" to verify
- that a connection/session is still active and all its components are
- operational. The NOP-In response is the "ping echo".
-
- A NOP-Out is also sent by an initiator in response to a NOP-In.
-
- A NOP-Out may also be used to confirm a changed ExpStatSN if another
- PDU will not be available for a long time.
-
- Upon receipt of a NOP-In with the Target Transfer Tag set to a valid
- value (not the reserved 0xffffffff), the initiator MUST respond with
- a NOP-Out. In this case, the NOP-Out Target Transfer Tag MUST
- contain a copy of the NOP-In Target Transfer Tag.
-
-
-
-
-
-Satran, et al. Standards Track [Page 178]
-
-RFC 3720 iSCSI April 2004
-
-
-10.18.1. Initiator Task Tag
-
- The NOP-Out MUST have the Initiator Task Tag set to a valid value
- only if a response in the form of NOP-In is requested (i.e., the
- NOP-Out is used as a ping request). Otherwise, the Initiator Task
- Tag MUST be set to 0xffffffff.
-
- When a target receives the NOP-Out with a valid Initiator Task Tag,
- it MUST respond with a Nop-In Response (see Section 10.19 NOP-In).
-
- If the Initiator Task Tag contains 0xffffffff, the I bit MUST be set
- to 1 and the CmdSN is not advanced after this PDU is sent.
-
-10.18.2. Target Transfer Tag
-
- A target assigned identifier for the operation.
-
- The NOP-Out MUST only have the Target Transfer Tag set if it is
- issued in response to a NOP-In with a valid Target Transfer Tag. In
- this case, it copies the Target Transfer Tag from the NOP-In PDU.
- Otherwise, the Target Transfer Tag MUST be set to 0xffffffff.
-
- When the Target Transfer Tag is set to a value other than 0xffffffff,
- the LUN field MUST also be copied from the NOP-In.
-
-10.18.3. Ping Data
-
- Ping data are reflected in the NOP-In Response. The length of the
- reflected data are limited to MaxRecvDataSegmentLength. The length
- of ping data are indicated by the DataSegmentLength. 0 is a valid
- value for the DataSegmentLength and indicates the absence of ping
- data.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 179]
-
-RFC 3720 iSCSI April 2004
-
-
-10.19. NOP-In
-
- Byte/ 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0|.|.| 0x20 |1| Reserved |
- +---------------+---------------+---------------+---------------+
- 4|TotalAHSLength | DataSegmentLength |
- +---------------+---------------+---------------+---------------+
- 8| LUN or Reserved |
- + +
- 12| |
- +---------------+---------------+---------------+---------------+
- 16| Initiator Task Tag or 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 20| Target Transfer Tag or 0xffffffff |
- +---------------+---------------+---------------+---------------+
- 24| StatSN |
- +---------------+---------------+---------------+---------------+
- 28| ExpCmdSN |
- +---------------+---------------+---------------+---------------+
- 32| MaxCmdSN |
- +---------------+---------------+---------------+---------------+
- 36/ Reserved /
- +/ /
- +---------------+---------------+---------------+---------------+
- 48| Header-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
- / DataSegment - Return Ping Data /
- +/ /
- +---------------+---------------+---------------+---------------+
- | Data-Digest (Optional) |
- +---------------+---------------+---------------+---------------+
-
- NOP-In is either sent by a target as a response to a NOP-Out, as a
- "ping" to an initiator, or as a means to carry a changed ExpCmdSN
- and/or MaxCmdSN if another PDU will not be available for a long time
- (as determined by the target).
-
- When a target receives the NOP-Out with a valid Initiator Task Tag
- (not the reserved value 0xffffffff), it MUST respond with a NOP-In
- with the same Initiator Task Tag that was provided in the NOP-Out
- request. It MUST also duplicate up to the first
- MaxRecvDataSegmentLength bytes of the initiator provided Ping Data.
- For such a response, the Target Transfer Tag MUST be 0xffffffff.
-
-
-
-
-
-Satran, et al. Standards Track [Page 180]
-
-RFC 3720 iSCSI April 2004
-
-
- Otherwise, when a target sends a NOP-In that is not a response to a
- Nop-Out received from the initiator, the Initiator Task Tag MUST be
- set to 0xffffffff and the Data Segment MUST NOT contain any data
- (DataSegmentLength MUST be 0).
-
-10.19.1. Target Transfer Tag
-
- If the target is responding to a NOP-Out, this is set to the reserved
- value 0xffffffff.
-
- If the target is sending a NOP-In as a Ping (intending to receive a
- corresponding NOP-Out), this field is set to a valid value (not the
- reserved 0xffffffff).
-
- If the target is initiating a NOP-In without wanting to receive a
- corresponding NOP-Out, this field MUST hold the reserved value of
- 0xffffffff.
-
-10.19.2. StatSN
-
- The StatSN field will always contain the next StatSN. However, when
- the Initiator Task Tag is set to 0xffffffff, StatSN for the
- connection is not advanced after this PDU is sent.
-
-10.19.3. LUN
-
- A LUN MUST be set to a correct value when the Target Transfer Tag is
- valid (not the reserved value 0xffffffff).
-
-11. iSCSI Security Text Keys and Authentication Methods
-
- Only the following keys are used during the SecurityNegotiation stage
- of the Login Phase:
-
- SessionType
- InitiatorName
- TargetName
- TargetAddress
- InitiatorAlias
- TargetAlias
- TargetPortalGroupTag
- AuthMethod and the keys used by the authentication methods
- specified under Section 11.1 AuthMethod along with all of
- their associated keys as well as Vendor Specific
- Authentication Methods.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 181]
-
-RFC 3720 iSCSI April 2004
-
-
- Other keys MUST NOT be used.
-
- SessionType, InitiatorName, TargetName, InitiatorAlias, TargetAlias,
- and TargetPortalGroupTag are described in Chapter 12 as they can be
- used also in the OperationalNegotiation stage.
-
- All security keys have connection-wide applicability.
-
-11.1. AuthMethod
-
- Use: During Login - Security Negotiation Senders: Initiator and
- Target Scope: connection
-
- AuthMethod = <list-of-values>
-
- The main item of security negotiation is the authentication method
- (AuthMethod).
-
- The authentication methods that can be used (appear in the
- list-of-values) are either those listed in the following table or are
- vendor-unique methods:
-
- +------------------------------------------------------------+
- | Name | Description |
- +------------------------------------------------------------+
- | KRB5 | Kerberos V5 - defined in [RFC1510] |
- +------------------------------------------------------------+
- | SPKM1 | Simple Public-Key GSS-API Mechanism |
- | | defined in [RFC2025] |
- +------------------------------------------------------------+
- | SPKM2 | Simple Public-Key GSS-API Mechanism |
- | | defined in [RFC2025] |
- +------------------------------------------------------------+
- | SRP | Secure Remote Password |
- | | defined in [RFC2945] |
- +------------------------------------------------------------+
- | CHAP | Challenge Handshake Authentication Protocol|
- | | defined in [RFC1994] |
- +------------------------------------------------------------+
- | None | No authentication |
- +------------------------------------------------------------+
-
- The AuthMethod selection is followed by an "authentication exchange"
- specific to the authentication method selected.
-
- The authentication method proposal may be made by either the
- initiator or the target. However the initiator MUST make the first
- step specific to the selected authentication method as soon as it is
-
-
-
-Satran, et al. Standards Track [Page 182]
-
-RFC 3720 iSCSI April 2004
-
-
- selected. It follows that if the target makes the authentication
- method proposal the initiator sends the first keys(s) of the exchange
- together with its authentication method selection.
-
- The authentication exchange authenticates the initiator to the
- target, and optionally, the target to the initiator. Authentication
- is OPTIONAL to use but MUST be supported by the target and initiator.
-
- The initiator and target MUST implement CHAP. All other
- authentication methods are OPTIONAL.
-
- Private or public extension algorithms MAY also be negotiated for
- authentication methods. Whenever a private or public extension
- algorithm is part of the default offer (the offer made in absence of
- explicit administrative action) the implementer MUST ensure that CHAP
- is listed as an alternative in the default offer and "None" is not
- part of the default offer.
-
- Extension authentication methods MUST be named using one of the
- following two formats:
-
- a) Z-reversed.vendor.dns_name.do_something=
- b) Z<#><IANA-registered-string>=
-
- Authentication methods named using the Z- format are used as private
- extensions. Authentication methods named using the Z# format are
- used as public extensions that must be registered with IANA and MUST
- be described by an informational RFC.
-
- For all of the public or private extension authentication methods,
- the method specific keys MUST conform to the format specified in
- Section 5.1 Text Format for standard-label.
-
- To identify the vendor for private extension authentication methods,
- we suggest you use the reversed DNS-name as a prefix to the proper
- digest names.
-
- The part of digest-name following Z- and Z# MUST conform to the
- format for standard-label specified in Section 5.1 Text Format.
-
- Support for public or private extension authentication methods is
- OPTIONAL.
-
- The following subsections define the specific exchanges for each of
- the standardized authentication methods. As mentioned earlier the
- first step is always done by the initiator.
-
-
-
-
-
-Satran, et al. Standards Track [Page 183]
-
-RFC 3720 iSCSI April 2004
-
-
-11.1.1. Kerberos
-
- For KRB5 (Kerberos V5) [RFC1510] and [RFC1964], the initiator MUST
- use:
-
- KRB_AP_REQ=<KRB_AP_REQ>
-
- where KRB_AP_REQ is the client message as defined in [RFC1510].
-
- The default principal name assumed by an iSCSI initiator or target
- (prior to any administrative configuration action) MUST be the iSCSI
- Initiator Name or iSCSI Target Name respectively, prefixed by the
- string "iscsi/".
-
- If the initiator authentication fails, the target MUST respond with a
- Login reject with "Authentication Failure" status. Otherwise, if the
- initiator has selected the mutual authentication option (by setting
- MUTUAL-REQUIRED in the ap-options field of the KRB_AP_REQ), the
- target MUST reply with:
-
- KRB_AP_REP=<KRB_AP_REP>
-
- where KRB_AP_REP is the server's response message as defined in
- [RFC1510].
-
- If mutual authentication was selected and target authentication
- fails, the initiator MUST close the connection.
-
- KRB_AP_REQ and KRB_AP_REP are binary-values and their binary length
- (not the length of the character string that represents them in
- encoded form) MUST not exceed 65536 bytes.
-
-11.1.2. Simple Public-Key Mechanism (SPKM)
-
- For SPKM1 and SPKM2 [RFC2025], the initiator MUST use:
-
- SPKM_REQ=<SPKM-REQ>
-
- where SPKM-REQ is the first initiator token as defined in [RFC2025].
-
- [RFC2025] defines situations where each side may send an error token
- that may cause the peer to re-generate and resend its last token.
- This scheme is followed in iSCSI, and the error token syntax is:
-
- SPKM_ERROR=<SPKM-ERROR>
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 184]
-
-RFC 3720 iSCSI April 2004
-
-
- However, SPKM-DEL tokens that are defined by [RFC2025] for fatal
- errors will not be used by iSCSI. If the target needs to send a
- SPKM-DEL token, it will, instead, send a Login "login reject" message
- with the "Authentication Failure" status and terminate the
- connection. If the initiator needs to send a SPKM-DEL token, it will
- close the connection.
-
- In the following sections, we assume that no SPKM-ERROR tokens are
- required.
-
- If the initiator authentication fails, the target MUST return an
- error. Otherwise, if the AuthMethod is SPKM1 or if the initiator has
- selected the mutual authentication option (by setting mutual-state
- bit in the options field of the REQ-TOKEN in the SPKM-REQ), the
- target MUST reply with:
-
- SPKM_REP_TI=<SPKM-REP-TI>
-
- where SPKM-REP-TI is the target token as defined in [RFC2025].
-
- If mutual authentication was selected and target authentication
- fails, the initiator MUST close the connection. Otherwise, if the
- AuthMethod is SPKM1, the initiator MUST continue with:
-
- SPKM_REP_IT=<SPKM-REP-IT>
-
- where SPKM-REP-IT is the second initiator token as defined in
- [RFC2025]. If the initiator authentication fails, the target MUST
- answer with a Login reject with "Authentication Failure" status.
-
- SPKM requires support for very long authentication items.
-
- All the SPKM-* tokens are binary-values and their binary length (not
- the length of the character string that represents them in encoded
- form) MUST not exceed 65536 bytes.
-
-11.1.3. Secure Remote Password (SRP)
-
- For SRP [RFC2945], the initiator MUST use:
-
- SRP_U=<U> TargetAuth=Yes /* or TargetAuth=No */
-
- The target MUST answer with a Login reject with the "Authorization
- Failure" status or reply with:
-
- SRP_GROUP=<G1,G2...> SRP_s=<s>
-
- Where G1,G2... are proposed groups, in order of preference.
-
-
-
-Satran, et al. Standards Track [Page 185]
-
-RFC 3720 iSCSI April 2004
-
-
- The initiator MUST either close the connection or continue with:
-
- SRP_A=<A> SRP_GROUP=<G>
-
- Where G is one of G1,G2... that were proposed by the target.
-
- The target MUST answer with a Login reject with the "Authentication
- Failure" status or reply with:
-
- SRP_B=<B>
-
- The initiator MUST close the connection or continue with:
-
- SRP_M=<M>
-
- If the initiator authentication fails, the target MUST answer with a
- Login reject with "Authentication Failure" status. Otherwise, if the
- initiator sent TargetAuth=Yes in the first message (requiring target
- authentication), the target MUST reply with:
-
- SRP_HM=<H(A | M | K)>
-
- If the target authentication fails, the initiator MUST close the
- connection.
-
- Where U, s, A, B, M, and H(A | M | K) are defined in [RFC2945] (using
- the SHA1 hash function, such as SRP-SHA1) and G,Gn (Gn stands for
- G1,G2...) are identifiers of SRP groups specified in [RFC3723]. G,
- Gn, and U are text strings, s,A,B,M, and H(A | M | K) are
- binary-values. The length of s,A,B,M and H(A | M | K) in binary form
- (not the length of the character string that represents them in
- encoded form) MUST not exceed 1024 bytes.
-
- For the SRP_GROUP, all the groups specified in [RFC3723] up to 1536
- bits (i.e., SRP-768, SRP-1024, SRP-1280, SRP-1536) must be supported
- by initiators and targets. To guarantee interoperability, targets
- MUST always offer "SRP-1536" as one of the proposed groups.
-
-11.1.4. Challenge Handshake Authentication Protocol (CHAP)
-
- For CHAP [RFC1994], in the first step, the initiator MUST send:
-
- CHAP_A=<A1,A2...>
-
- Where A1,A2... are proposed algorithms, in order of preference.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 186]
-
-RFC 3720 iSCSI April 2004
-
-
- In the second step, the target MUST answer with a Login reject with
- the "Authentication Failure" status or reply with:
-
- CHAP_A=<A> CHAP_I=<I> CHAP_C=<C>
-
- Where A is one of A1,A2... that were proposed by the initiator.
-
- In the third step, the initiator MUST continue with:
-
- CHAP_N=<N> CHAP_R=<R>
-
- or, if it requires target authentication, with:
-
- CHAP_N=<N> CHAP_R=<R> CHAP_I=<I> CHAP_C=<C>
-
- If the initiator authentication fails, the target MUST answer with a
- Login reject with "Authentication Failure" status. Otherwise, if the
- initiator required target authentication, the target MUST either
- answer with a Login reject with "Authentication Failure" or reply
- with:
-
- CHAP_N=<N> CHAP_R=<R>
-
- If target authentication fails, the initiator MUST close the
- connection.
-
- Where N, (A,A1,A2), I, C, and R are (correspondingly) the Name,
- Algorithm, Identifier, Challenge, and Response as defined in
- [RFC1994], N is a text string, A,A1,A2, and I are numbers, and C and
- R are large-binary-values and their binary length (not the length of
- the character string that represents them in encoded form) MUST not
- exceed 1024 bytes.
-
- For the Algorithm, as stated in [RFC1994], one value is required to
- be implemented:
-
- 5 (CHAP with MD5)
-
- To guarantee interoperability, initiators MUST always offer it as one
- of the proposed algorithms.
-
-12. Login/Text Operational Text Keys
-
- Some session specific parameters MUST only be carried on the leading
- connection and cannot be changed after the leading connection login
- (e.g., MaxConnections, the maximum number of connections). This
-
-
-
-
-
-Satran, et al. Standards Track [Page 187]
-
-RFC 3720 iSCSI April 2004
-
-
- holds for a single connection session with regard to connection
- restart. The keys that fall into this category have the use: LO
- (Leading Only).
-
- Keys that can only be used during login have the use: IO (initialize
- only), while those that can be used in both the Login Phase and Full
- Feature Phase have the use: ALL.
-
- Keys that can only be used during Full Feature Phase use FFPO (Full
- Feature Phase only).
-
- Keys marked as Any-Stage may also appear in the SecurityNegotiation
- stage while all other keys described in this chapter are operational
- keys.
-
- Keys that do not require an answer are marked as Declarative.
-
- Key scope is indicated as session-wide (SW) or connection-only (CO).
-
- Result function, wherever mentioned, states the function that can be
- applied to check the validity of the responder selection. Minimum
- means that the selected value cannot exceed the offered value.
- Maximum means that the selected value cannot be lower than the
- offered value. AND means that the selected value must be a possible
- result of a Boolean "and" function with an arbitrary Boolean value
- (e.g., if the offered value is No the selected value must be No). OR
- means that the selected value must be a possible result of a Boolean
- "or" function with an arbitrary Boolean value (e.g., if the offered
- value is Yes the selected value must be Yes).
-
-12.1. HeaderDigest and DataDigest
-
- Use: IO
- Senders: Initiator and Target
- Scope: CO
-
- HeaderDigest = <list-of-values>
- DataDigest = <list-of-values>
-
- Default is None for both HeaderDigest and DataDigest.
-
- Digests enable the checking of end-to-end, non-cryptographic data
- integrity beyond the integrity checks provided by the link layers and
- the covering of the whole communication path including all elements
- that may change the network level PDUs such as routers, switches, and
- proxies.
-
-
-
-
-
-Satran, et al. Standards Track [Page 188]
-
-RFC 3720 iSCSI April 2004
-
-
- The following table lists cyclic integrity checksums that can be
- negotiated for the digests and that MUST be implemented by every
- iSCSI initiator and target. These digest options only have error
- detection significance.
-
- +---------------------------------------------+
- | Name | Description | Generator |
- +---------------------------------------------+
- | CRC32C | 32 bit CRC |0x11edc6f41|
- +---------------------------------------------+
- | None | no digest |
- +---------------------------------------------+
-
- The generator polynomial for this digest is given in
- hex-notation (e.g., 0x3b stands for 0011 1011 and the polynomial is
- x**5+X**4+x**3+x+1).
-
- When the Initiator and Target agree on a digest, this digest MUST be
- used for every PDU in Full Feature Phase.
-
- Padding bytes, when present in a segment covered by a CRC, SHOULD be
- set to 0 and are included in the CRC.
-
- The CRC MUST be calculated by a method that produces the same
- results as the following process:
-
- - The PDU bits are considered as the coefficients of a
- polynomial M(x) of degree n-1; bit 7 of the lowest numbered
- byte is considered the most significant bit (x^n-1), followed
- by bit 6 of the lowest numbered byte through bit 0 of the
- highest numbered byte (x^0).
-
- - The most significant 32 bits are complemented.
-
- - The polynomial is multiplied by x^32 then divided by G(x). The
- generator polynomial produces a remainder R(x) of degree <= 31.
-
- - The coefficients of R(x) are considered a 32 bit sequence.
-
- - The bit sequence is complemented and the result is the CRC.
-
- - The CRC bits are mapped into the digest word. The x^31
- coefficient in bit 7 of the lowest numbered byte of the digest
- continuing through to the byte up to the x^24 coefficient in
- bit 0 of the lowest numbered byte, continuing with the x^23
- coefficient in bit 7 of next byte through x^0 in bit 0 of the
- highest numbered byte.
-
-
-
-
-Satran, et al. Standards Track [Page 189]
-
-RFC 3720 iSCSI April 2004
-
-
- - Computing the CRC over any segment (data or header) extended
- to include the CRC built using the generator 0x11edc6f41 will
- always get the value 0x1c2d19ed as its final remainder (R(x)).
- This value is given here in its polynomial form (i.e., not
- mapped as the digest word).
-
- For a discussion about selection criteria for the CRC, see
- [RFC3385]. For a detailed analysis of the iSCSI polynomial, see
- [Castagnoli93].
-
- Private or public extension algorithms MAY also be negotiated for
- digests. Whenever a private or public digest extension algorithm is
- part of the default offer (the offer made in absence of explicit
- administrative action) the implementer MUST ensure that CRC32C is
- listed as an alternative in the default offer and "None" is not
- part of the default offer.
-
- Extension digest algorithms MUST be named using one of the following
- two formats:
-
- a) Y-reversed.vendor.dns_name.do_something=
- b) Y<#><IANA-registered-string>=
-
- Digests named using the Y- format are used for private purposes
- (unregistered). Digests named using the Y# format (public extension)
- must be registered with IANA and MUST be described by an
- informational RFC.
-
- For private extension digests, to identify the vendor, we suggest
- you use the reversed DNS-name as a prefix to the proper digest
- names.
-
- The part of digest-name following Y- and Y# MUST conform to the
- format for standard-label specified in Section 5.1 Text Format.
-
- Support for public or private extension digests is OPTIONAL.
-
-12.2. MaxConnections
-
- Use: LO
- Senders: Initiator and Target
- Scope: SW
- Irrelevant when: SessionType=Discovery
-
- MaxConnections=<numerical-value-from-1-to-65535>
-
- Default is 1.
- Result function is Minimum.
-
-
-
-Satran, et al. Standards Track [Page 190]
-
-RFC 3720 iSCSI April 2004
-
-
-
- Initiator and target negotiate the maximum number of connections
- requested/acceptable.
-
-12.3. SendTargets
-
- Use: FFPO
- Senders: Initiator
- Scope: SW
-
- For a complete description, see Appendix D. - SendTargets
- Operation -.
-
-12.4. TargetName
-
- Use: IO by initiator, FFPO by target - only as response to a
- SendTargets, Declarative, Any-Stage
-
- Senders: Initiator and Target
- Scope: SW
-
- TargetName=<iSCSI-name-value>
-
- Examples:
-
- TargetName=iqn.1993-11.com.disk-vendor:diskarrays.sn.45678
- TargetName=eui.020000023B040506
-
- The initiator of the TCP connection MUST provide this key to the
- remote endpoint in the first login request if the initiator is not
- establishing a discovery session. The iSCSI Target Name specifies
- the worldwide unique name of the target.
-
- The TargetName key may also be returned by the "SendTargets" text
- request (which is its only use when issued by a target).
-
- TargetName MUST not be redeclared within the login phase.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 191]
-
-RFC 3720 iSCSI April 2004
-
-
-12.5. InitiatorName
-
- Use: IO, Declarative, Any-Stage
- Senders: Initiator
- Scope: SW
-
- InitiatorName=<iSCSI-name-value>
-
- Examples:
-
- InitiatorName=iqn.1992-04.com.os-vendor.plan9:cdrom.12345
- InitiatorName=iqn.2001-02.com.ssp.users:customer235.host90
-
- The initiator of the TCP connection MUST provide this key to the
- remote endpoint at the first Login of the Login Phase for every
- connection. The InitiatorName key enables the initiator to identify
- itself to the remote endpoint.
-
- InitiatorName MUST not be redeclared within the login phase.
-
-12.6. TargetAlias
-
- Use: ALL, Declarative, Any-Stage
- Senders: Target
- Scope: SW
-
- TargetAlias=<iSCSI-local-name-value>
-
- Examples:
-
- TargetAlias=Bob-s Disk
- TargetAlias=Database Server 1 Log Disk
- TargetAlias=Web Server 3 Disk 20
-
- If a target has been configured with a human-readable name or
- description, this name SHOULD be communicated to the initiator during
- a Login Response PDU if SessionType=Normal (see Section 12.21
- SessionType). This string is not used as an identifier, nor is it
- meant to be used for authentication or authorization decisions. It
- can be displayed by the initiator's user interface in a list of
- targets to which it is connected.
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 192]
-
-RFC 3720 iSCSI April 2004
-
-
-12.7. InitiatorAlias
-
- Use: ALL, Declarative, Any-Stage
- Senders: Initiator
- Scope: SW
-
- InitiatorAlias=<iSCSI-local-name-value>
-
- Examples:
-
- InitiatorAlias=Web Server 4
- InitiatorAlias=spyalley.nsa.gov
- InitiatorAlias=Exchange Server
-
- If an initiator has been configured with a human-readable name or
- description, it SHOULD be communicated to the target during a Login
- Request PDU. If not, the host name can be used instead. This string
- is not used as an identifier, nor is meant to be used for
- authentication or authorization decisions. It can be displayed by
- the target's user interface in a list of initiators to which it is
- connected.
-
-12.8. TargetAddress
-
- Use: ALL, Declarative, Any-Stage
- Senders: Target
- Scope: SW
-
- TargetAddress=domainname[:port][,portal-group-tag]
-
- The domainname can be specified as either a DNS host name, a
- dotted-decimal IPv4 address, or a bracketed IPv6 address as specified
- in [RFC2732].
-
- If the TCP port is not specified, it is assumed to be the
- IANA-assigned default port for iSCSI (see Section 13 IANA
- Considerations).
-
- If the TargetAddress is returned as the result of a redirect status
- in a login response, the comma and portal group tag MUST be omitted.
-
- If the TargetAddress is returned within a SendTargets response, the
- portal group tag MUST be included.
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 193]
-
-RFC 3720 iSCSI April 2004
-
-
- Examples:
-
- TargetAddress=10.0.0.1:5003,1
- TargetAddress=[1080:0:0:0:8:800:200C:417A],65
- TargetAddress=[1080::8:800:200C:417A]:5003,1
- TargetAddress=computingcenter.example.com,23
-
- Use of the portal-group-tag is described in Appendix D.
- - SendTargets Operation -. The formats for the port and
- portal-group-tag are the same as the one specified in Section 12.9
- TargetPortalGroupTag.
-
-12.9. TargetPortalGroupTag
-
- Use: IO by target, Declarative, Any-Stage
- Senders: Target
- Scope: SW
-
- TargetPortalGroupTag=<16-bit-binary-value>
-
- Examples:
- TargetPortalGroupTag=1
-
- The target portal group tag is a 16-bit binary-value that uniquely
- identifies a portal group within an iSCSI target node. This key
- carries the value of the tag of the portal group that is servicing
- the Login request. The iSCSI target returns this key to the
- initiator in the Login Response PDU to the first Login Request PDU
- that has the C bit set to 0 when TargetName is given by the
- initiator.
-
- For the complete usage expectations of this key see Section 5.3 Login
- Phase.
-
-12.10. InitialR2T
-
- Use: LO
- Senders: Initiator and Target
- Scope: SW
- Irrelevant when: SessionType=Discovery
-
- InitialR2T=<boolean-value>
-
- Examples:
-
- I->InitialR2T=No
- T->InitialR2T=No
-
-
-
-
-Satran, et al. Standards Track [Page 194]
-
-RFC 3720 iSCSI April 2004
-
-
- Default is Yes.
- Result function is OR.
-
- The InitialR2T key is used to turn off the default use of R2T for
- unidirectional and the output part of bidirectional commands, thus
- allowing an initiator to start sending data to a target as if it has
- received an initial R2T with Buffer Offset=Immediate Data Length and
- Desired Data Transfer Length=(min(FirstBurstLength, Expected Data
- Transfer Length) - Received Immediate Data Length).
-
- The default action is that R2T is required, unless both the initiator
- and the target send this key-pair attribute specifying InitialR2T=No.
- Only the first outgoing data burst (immediate data and/or separate
- PDUs) can be sent unsolicited (i.e., not requiring an explicit R2T).
-
-12.11. ImmediateData
-
- Use: LO
- Senders: Initiator and Target
- Scope: SW
- Irrelevant when: SessionType=Discovery
-
- ImmediateData=<boolean-value>
-
- Default is Yes.
- Result function is AND.
-
- The initiator and target negotiate support for immediate data. To
- turn immediate data off, the initiator or target must state its
- desire to do so. ImmediateData can be turned on if both the
- initiator and target have ImmediateData=Yes.
-
- If ImmediateData is set to Yes and InitialR2T is set to Yes
- (default), then only immediate data are accepted in the first burst.
-
- If ImmediateData is set to No and InitialR2T is set to Yes, then the
- initiator MUST NOT send unsolicited data and the target MUST reject
- unsolicited data with the corresponding response code.
-
- If ImmediateData is set to No and InitialR2T is set to No, then the
- initiator MUST NOT send unsolicited immediate data, but MAY send one
- unsolicited burst of Data-Out PDUs.
-
- If ImmediateData is set to Yes and InitialR2T is set to No, then the
- initiator MAY send unsolicited immediate data and/or one unsolicited
- burst of Data-Out PDUs.
-
-
-
-
-
-Satran, et al. Standards Track [Page 195]
-
-RFC 3720 iSCSI April 2004
-
-
- The following table is a summary of unsolicited data options:
-
- +----------+-------------+------------------+--------------+
- |InitialR2T|ImmediateData| Unsolicited |Immediate Data|
- | | | Data Out PDUs | |
- +----------+-------------+------------------+--------------+
- | No | No | Yes | No |
- +----------+-------------+------------------+--------------+
- | No | Yes | Yes | Yes |
- +----------+-------------+------------------+--------------+
- | Yes | No | No | No |
- +----------+-------------+------------------+--------------+
- | Yes | Yes | No | Yes |
- +----------+-------------+------------------+--------------+
-
-12.12. MaxRecvDataSegmentLength
-
- Use: ALL, Declarative
- Senders: Initiator and Target
- Scope: CO
-
- MaxRecvDataSegmentLength=<numerical-value-512-to-(2**24-1)>
-
- Default is 8192 bytes.
-
- The initiator or target declares the maximum data segment length in
- bytes it can receive in an iSCSI PDU.
-
- The transmitter (initiator or target) is required to send PDUs with a
- data segment that does not exceed MaxRecvDataSegmentLength of the
- receiver.
-
- A target receiver is additionally limited by MaxBurstLength for
- solicited data and FirstBurstLength for unsolicited data. An
- initiator MUST NOT send solicited PDUs exceeding MaxBurstLength nor
- unsolicited PDUs exceeding FirstBurstLength (or
- FirstBurstLength-Immediate Data Length if immediate data were sent).
-
-12.13. MaxBurstLength
-
- Use: LO
- Senders: Initiator and Target
- Scope: SW
- Irrelevant when: SessionType=Discovery
-
- MaxBurstLength=<numerical-value-512-to-(2**24-1)>
-
-
-
-
-
-Satran, et al. Standards Track [Page 196]
-
-RFC 3720 iSCSI April 2004
-
-
- Default is 262144 (256 Kbytes).
- Result function is Minimum.
-
- The initiator and target negotiate maximum SCSI data payload in bytes
- in a Data-In or a solicited Data-Out iSCSI sequence. A sequence
- consists of one or more consecutive Data-In or Data-Out PDUs that end
- with a Data-In or Data-Out PDU with the F bit set to one.
-
-12.14. FirstBurstLength
-
- Use: LO
- Senders: Initiator and Target
- Scope: SW
- Irrelevant when: SessionType=Discovery
- Irrelevant when: ( InitialR2T=Yes and ImmediateData=No )
-
- FirstBurstLength=<numerical-value-512-to-(2**24-1)>
-
- Default is 65536 (64 Kbytes).
- Result function is Minimum.
-
- The initiator and target negotiate the maximum amount in bytes of
- unsolicited data an iSCSI initiator may send to the target during the
- execution of a single SCSI command. This covers the immediate data
- (if any) and the sequence of unsolicited Data-Out PDUs (if any) that
- follow the command.
-
- FirstBurstLength MUST NOT exceed MaxBurstLength.
-
-12.15. DefaultTime2Wait
-
- Use: LO
- Senders: Initiator and Target
- Scope: SW
-
- DefaultTime2Wait=<numerical-value-0-to-3600>
-
- Default is 2.
- Result function is Maximum.
-
- The initiator and target negotiate the minimum time, in seconds, to
- wait before attempting an explicit/implicit logout or an active task
- reassignment after an unexpected connection termination or a
- connection reset.
-
- A value of 0 indicates that logout or active task reassignment can be
- attempted immediately.
-
-
-
-
-Satran, et al. Standards Track [Page 197]
-
-RFC 3720 iSCSI April 2004
-
-
-12.16. DefaultTime2Retain
-
- Use: LO Senders: Initiator and Target Scope: SW
-
- DefaultTime2Retain=<numerical-value-0-to-3600>
-
- Default is 20. Result function is Minimum.
-
- The initiator and target negotiate the maximum time, in seconds after
- an initial wait (Time2Wait), before which an active task reassignment
- is still possible after an unexpected connection termination or a
- connection reset.
-
- This value is also the session state timeout if the connection in
- question is the last LOGGED_IN connection in the session.
-
- A value of 0 indicates that connection/task state is immediately
- discarded by the target.
-
-12.17. MaxOutstandingR2T
-
- Use: LO
- Senders: Initiator and Target
- Scope: SW
-
- MaxOutstandingR2T=<numerical-value-from-1-to-65535>
- Irrelevant when: SessionType=Discovery
-
- Default is 1.
- Result function is Minimum.
-
- Initiator and target negotiate the maximum number of outstanding R2Ts
- per task, excluding any implied initial R2T that might be part of
- that task. An R2T is considered outstanding until the last data PDU
- (with the F bit set to 1) is transferred, or a sequence reception
- timeout (Section 6.1.4.1 Recovery Within-command) is encountered for
- that data sequence.
-
-12.18. DataPDUInOrder
-
- Use: LO
- Senders: Initiator and Target
- Scope: SW
- Irrelevant when: SessionType=Discovery
-
- DataPDUInOrder=<boolean-value>
-
-
-
-
-
-Satran, et al. Standards Track [Page 198]
-
-RFC 3720 iSCSI April 2004
-
-
- Default is Yes.
- Result function is OR.
-
- No is used by iSCSI to indicate that the data PDUs within sequences
- can be in any order. Yes is used to indicate that data PDUs within
- sequences have to be at continuously increasing addresses and
- overlays are forbidden.
-
-12.19. DataSequenceInOrder
-
- Use: LO
- Senders: Initiator and Target
- Scope: SW
- Irrelevant when: SessionType=Discovery
-
- DataSequenceInOrder=<boolean-value>
-
- Default is Yes.
- Result function is OR.
-
- A Data Sequence is a sequence of Data-In or Data-Out PDUs that end
- with a Data-In or Data-Out PDU with the F bit set to one. A Data-Out
- sequence is sent either unsolicited or in response to an R2T.
- Sequences cover an offset-range.
-
- If DataSequenceInOrder is set to No, Data PDU sequences may be
- transferred in any order.
-
- If DataSequenceInOrder is set to Yes, Data Sequences MUST be
- transferred using continuously non-decreasing sequence offsets (R2T
- buffer offset for writes, or the smallest SCSI Data-In buffer offset
- within a read data sequence).
-
- If DataSequenceInOrder is set to Yes, a target may retry at most the
- last R2T, and an initiator may at most request retransmission for the
- last read data sequence. For this reason, if ErrorRecoveryLevel is
- not 0 and DataSequenceInOrder is set to Yes then MaxOustandingR2T
- MUST be set to 1.
-
-12.20. ErrorRecoveryLevel
-
- Use: LO
- Senders: Initiator and Target
- Scope: SW
-
- ErrorRecoveryLevel=<numerical-value-0-to-2>
-
-
-
-
-
-Satran, et al. Standards Track [Page 199]
-
-RFC 3720 iSCSI April 2004
-
-
- Default is 0.
- Result function is Minimum.
-
- The initiator and target negotiate the recovery level supported.
-
- Recovery levels represent a combination of recovery capabilities.
- Each recovery level includes all the capabilities of the lower
- recovery levels and adds some new ones to them.
-
- In the description of recovery mechanisms, certain recovery classes
- are specified. Section 6.1.5 Error Recovery Hierarchy describes the
- mapping between the classes and the levels.
-
-12.21. SessionType
-
- Use: LO, Declarative, Any-Stage
- Senders: Initiator
- Scope: SW
-
- SessionType= <Discovery|Normal>
-
- Default is Normal.
-
- The initiator indicates the type of session it wants to create. The
- target can either accept it or reject it.
-
- A discovery session indicates to the Target that the only purpose of
- this Session is discovery. The only requests a target accepts in
- this type of session are a text request with a SendTargets key and a
- logout request with reason "close the session".
-
- The discovery session implies MaxConnections = 1 and overrides both
- the default and an explicit setting.
-
-12.22. The Private or Public Extension Key Format
-
- Use: ALL
- Senders: Initiator and Target
- Scope: specific key dependent
-
- X-reversed.vendor.dns_name.do_something=
-
- or
-
- X<#><IANA-registered-string>=
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 200]
-
-RFC 3720 iSCSI April 2004
-
-
- Keys with this format are used for public or private extension
- purposes. These keys always start with X- if unregistered with IANA
- (private) or X# if registered with IANA (public).
-
- For unregistered keys, to identify the vendor, we suggest you use the
- reversed DNS-name as a prefix to the key-proper.
-
- The part of key-name following X- and X# MUST conform to the format
- for key-name specified in Section 5.1 Text Format.
-
- For IANA registered keys the string following X# must be registered
- with IANA and the use of the key MUST be described by an
- informational RFC.
-
- Vendor specific keys MUST ONLY be used in normal sessions.
-
- Support for public or private extension keys is OPTIONAL.
-
-13. IANA Considerations
-
- This section conforms to [RFC2434].
-
- The well-known user TCP port number for iSCSI connections assigned by
- IANA is 3260 and this is the default iSCSI port. Implementations
- needing a system TCP port number may use port 860, the port assigned
- by IANA as the iSCSI system port; however in order to use port 860,
- it MUST be explicitly specified - implementations MUST NOT default to
- use of port 860, as 3260 is the only allowed default.
-
- Extension keys, authentication methods, or digest types for which a
- vendor or group of vendors intend to provide publicly available
- descriptions MUST be described by an RFC and MUST be registered with
- IANA.
-
- The IANA has set up the following three registries:
-
- a) iSCSI extended key registry
- b) iSCSI authentication methods registry
- c) iSCSI digests registry
-
- [RFC3723] also instructs IANA to maintain a registry for the values
- of the SRP_GROUP key. The format of these values must conform to the
- one specified for iSCSI extension item-label in Section 13.5.4
- Standard iSCSI extension item-label format.
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 201]
-
-RFC 3720 iSCSI April 2004
-
-
- For the iSCSI authentication methods registry and the iSCSI digests
- registry, IANA MUST also assign a 16-bit unsigned integer number (the
- method number for the authentication method and the digest number for
- the digest).
-
- The following initial values for the registry for authentication
- methods are specified by the standards action of this document:
-
- Authentication Method | Number |
- +----------------------------------------+--------+
- | CHAP | 1 |
- +----------------------------------------+--------+
- | SRP | 2 |
- +----------------------------------------+--------+
- | KRB5 | 3 |
- +----------------------------------------+--------+
- | SPKM1 | 4 |
- +----------------------------------------+--------+
- | SPKM2 | 5 |
- +----------------------------------------+--------+
-
- All other record numbers from 0 to 255 are reserved. IANA will
- register numbers above 255.
-
- Authentication methods with numbers above 255 MUST be unique within
- the registry and MUST be used with the prefix Z#.
-
-
- The following initial values for the registry for digests are
- specified by the standards action of this document:
-
- Digest | Number |
- +----------------------------------------+--------+
- | CRC32C | 1 |
- +----------------------------------------+--------+
-
- All other record numbers from 0 to 255 are reserved. IANA will
- register numbers above 255.
-
- Digests with numbers above 255 MUST be unique within the registry and
- MUST be used with the prefix Y#.
-
- The RFC that describes the item to be registered MUST indicate in the
- IANA Considerations section the string and iSCSI registry to which it
- should be recorded.
-
- Extension Keys, Authentication Methods, and digests (iSCSI extension
- items) must conform to a number of requirements as described below.
-
-
-
-Satran, et al. Standards Track [Page 202]
-
-RFC 3720 iSCSI April 2004
-
-
-13.1. Naming Requirements
-
- Each iSCSI extension item must have a unique name in its category.
- This name will be used as a standard-label for the key, access
- method, or digest and must conform to the syntax specified in Section
- 13.5.4 Standard iSCSI extension item-label format for iSCSI extension
- item-labels.
-
-13.2. Mechanism Specification Requirements
-
- For iSCSI extension items all of the protocols and procedures used by
- a given iSCSI extension item must be described, either in the
- specification of the iSCSI extension item itself or in some other
- publicly available specification, in sufficient detail for the iSCSI
- extension item to be implemented by any competent implementor. Use
- of secret and/or proprietary methods in iSCSI extension items are
- expressly prohibited. In addition, the restrictions imposed by
- [RFC1602] on the standardization of patented algorithms must be
- respected.
-
-13.3. Publication Requirements
-
- All iSCSI extension items must be described by an RFC. The RFC may
- be informational rather than Standards-Track, although Standards
- Track review and approval are encouraged for all iSCSI extension
- items.
-
-13.4. Security Requirements
-
- Any known security issues that arise from the use of the iSCSI
- extension item must be completely and fully described. It is not
- required that the iSCSI extension item be secure or that it be free
- from risks, but that the known risks be identified. Publication of a
- new iSCSI extension item does not require an exhaustive security
- review, and the security considerations section is subject to
- continuing evaluation.
-
- Additional security considerations should be addressed by publishing
- revised versions of the iSCSI extension item specification.
-
- For each of these registries, IANA must record the registered string,
- which MUST conform to the format rules described in Section 13.5.4
- Standard iSCSI extension item-label format for iSCSI extension
- item-labels, and the RFC number that describes it. The key prefix
- (X#, Y# or Z#) is not part of the recorded string.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 203]
-
-RFC 3720 iSCSI April 2004
-
-
-13.5. Registration Procedure
-
- Registration of a new iSCSI extension item starts with the
- construction of an Internet Draft to become an RFC.
-
-13.5.1. Present the iSCSI extension item to the Community
-
- Send a proposed access type specification to the IPS WG mailing list,
- or if the IPS WG is disbanded at the registration time, to a mailing
- list designated by the IETF Transport Area Director for a review
- period of a month. The intent of the public posting is to solicit
- comments and feedback on the iSCSI extension item specification and a
- review of any security considerations.
-
-13.5.2. iSCSI extension item review and IESG approval
-
- When the one month period has passed, the IPS WG chair or a person
- nominated by the IETF Transport Area Director (the iSCSI extension
- item reviewer) forwards the Internet Draft to the IESG for
- publication as an informational RFC or rejects it. If the
- specification is a standards track document, the usual IETF
- procedures for such documents are followed.
-
- Decisions made by the iSCSI extension item reviewer must be published
- within two weeks after the month-long review period. Decisions made
- by the iSCSI extension item reviewer can be appealed through the IESG
- appeal process.
-
-13.5.3. IANA Registration
-
- Provided that the iSCSI extension item has either passed review or
- has been successfully appealed to the IESG, and the specification is
- published as an RFC, then IANA will register the iSCSI extension item
- and make the registration available to the community.
-
-13.5.4. Standard iSCSI extension item-label format
-
- The following character symbols are used iSCSI extension item-labels
- (the hexadecimal values represent Unicode code points):
-
- (a-z, A-Z) - letters
- (0-9) - digits
- "." (0x2e) - dot
- "-" (0x2d) - minus
- "+" (0x2b) - plus
- "@" (0x40) - commercial at
- "_" (0x5f) - underscore
-
-
-
-
-Satran, et al. Standards Track [Page 204]
-
-RFC 3720 iSCSI April 2004
-
-
- An iSCSI extension item-label is a string of one or more characters
- that consist of letters, digits, dot, minus, plus, commercial at, or
- underscore. An iSCSI extension item-label MUST begin with a capital
- letter and must not exceed 63 characters.
-
-13.6. IANA Procedures for Registering iSCSI extension items
-
- The identity of the iSCSI extension item reviewer is communicated to
- the IANA by the IESG. Then, the IANA only acts in response to iSCSI
- extension item definitions that are approved by the iSCSI extension
- item reviewer and forwarded by the reviewer to the IANA for
- registration, or in response to a communication from the IESG that an
- iSCSI extension item definition appeal has overturned the iSCSI
- extension item reviewer's ruling.
-
-References
-
-Normative References
-
- [CAM] ANSI X3.232-199X, Common Access Method-3.
-
- [EUI] "Guidelines for 64-bit Global Identifier (EUI-64)",
- http:
- //standards.ieee.org/regauth/oui/tutorials/EUI64.html
-
- [OUI] "IEEE OUI and Company_Id Assignments",
- http://standards.ieee.org/regauth/oui
-
- [RFC791] Postel, J., "Internet Protocol", STD 5, RFC 791,
- September 1981.
-
- [RFC793] Postel, J., "Transmission Control Protocol", STD 7,
- RFC 793, September 1981.
-
- [RFC1035] Mockapetris, P., "Domain Names - Implementation and
- Specification", STD 13, RFC 1035, November 1987.
-
- [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts-
- Communication Layer", STD 3, RFC 1122, October 1989.
-
- [RFC1510] Kohl, J. and C. Neuman, "The Kerberos Network
- Authentication Service (V5)", RFC 1510, September
- 1993.
-
- [RFC1737] Sollins, K. and L. Masinter "Functional Requirements
- for Uniform Resource Names"RFC 1737, December 1994.
-
-
-
-
-
-Satran, et al. Standards Track [Page 205]
-
-RFC 3720 iSCSI April 2004
-
-
- [RFC1964] Linn, J., "The Kerberos Version 5 GSS-API Mechanism",
- RFC 1964, June 1996.
-
- [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC
- 1982, August 1996.
-
- [RFC1994] Simpson, W., "PPP Challenge Handshake Authentication
- Protocol (CHAP)", RFC 1994, August 1996.
-
- [RFC2025] Adams, C., "The Simple Public-Key GSS-API Mechanism
- (SPKM)", RFC 2025, October 1996.
-
- [RFC2045] Borenstein, N. and N. Freed, "MIME (Multipurpose
- Internet Mail Extensions) Part One: Mechanisms for
- Specifying and Describing the Format of Internet
- Message Bodies", RFC 2045, November 1996.
-
- [RFC2119] Bradner, S. "Key Words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
- [RFC2279] Yergeau, F., "UTF-8, a Transformation Format of ISO
- 10646", RFC 2279 October 1996.
-
- [RFC2373] Hinden, R. and S. Deering, "IP Version 6 Addressing
- Architecture", RFC 2373, July 1998.
-
- [RFC2396] Berners-Lee, T., Fielding, R. and L. Masinter "Uniform
- Resource Identifiers", RFC 2396, August 1998.
-
- [RFC2401] Kent, S. and R. Atkinson, "Security Architecture for
- the Internet Protocol", RFC 2401, November 1998.
-
- [RFC2404] Madson, C. and R. Glenn, "The Use of HMAC-SHA-1-96
- within ESP and AH", RFC 2404, November 1998.
-
- [RFC2406] Kent, S. and R. Atkinson, "IP Encapsulating Security
- Payload (ESP)", RFC 2406, November 1998.
-
- [RFC2407] Piper, D., "The Internet IP Security Domain of
- Interpretation of ISAKMP", RFC 2407, November 1998.
-
- [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange
- (IKE)", RFC2409, November 1998.
-
- [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing
- an IANA Considerations Section in RFCs.", BCP 26, RFC
- 2434, October 1998.
-
-
-
-
-Satran, et al. Standards Track [Page 206]
-
-RFC 3720 iSCSI April 2004
-
-
- [RFC2451] Pereira, R. and R. Adams " The ESP CBC-Mode Cipher
- Algorithms", RFC 2451, November 1998.
-
- [RFC2732] Hinden, R., Carpenter, B. and L. Masinter, "Format for
- Literal IPv6 Addresses in URL's", RFC 2451, December
- 1999.
-
- [RFC2945] Wu, T., "The SRP Authentication and Key Exchange
- System", RFC 2945, September 2000.
-
- [RFC3066] Alvestrand, H., "Tags for the Identification of
- Languages", STD 47, RFC 3066, January 2001.
-
- [RFC3454] Hoffman, P. and M. Blanchet, "Preparation of
- Internationalized Strings ("stringprep")", RFC 3454,
- December 2002.
-
- [RFC3566] Frankel, S. and H. Herbert, "The AES-XCBC-MAC-96
- Algorithm and Its Use With IPsec", RFC 3566, September
- 2003.
-
- [RFC3686] Housley, R., "Using Advanced Encryption Standard (AES)
- Counter Mode with IPsec Encapsulating Security Payload
- (ESP)", RFC 3686, January 2004.
-
- [RFC3722] Bakke, M., "String Profile for Internet Small Computer
- Systems Interface (iSCSI) Names", RFC 3722, March
- 2004.
-
- [RFC3723] Aboba, B., Tseng, J., Walker, J., Rangan, V. and F.
- Travostino, "Securing Block Storage Protocols over
- IP", RFC 3723, March 2004.
-
- [SAM2] T10/1157D, SCSI Architecture Model - 2 (SAM-2).
-
- [SBC] NCITS.306-1998, SCSI-3 Block Commands (SBC).
-
- [SPC3] T10/1416-D, SCSI Primary Commands-3.
-
- [UNICODE] Unicode Standard Annex #15, "Unicode Normalization
- Forms", http://www.unicode.org/unicode/reports/tr15
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 207]
-
-RFC 3720 iSCSI April 2004
-
-
-Informative References
-
- [BOOT] P. Sarkar, et al., "Bootstrapping Clients using the
- iSCSI Protocol", Work in Progress, July 2003.
-
- [Castagnoli93] G. Castagnoli, S. Braeuer and M. Herrman "Optimization
- of Cyclic Redundancy-Check Codes with 24 and 32 Parity
- Bits", IEEE Transact. on Communications, Vol. 41, No.
- 6, June 1993.
-
- [CORD] Chadalapaka, M. and R. Elliott, "SCSI Command
- Ordering Considerations with iSCSI", Work in Progress.
-
- [RFC3347] Krueger, M., Haagens, R., Sapuntzakis, C. and M.
- Bakke, "Small Computer Systems Interface protocol over
- the Internet (iSCSI) Requirements and Design
- Considerations", RFC 3347, July 2002.
-
- [RFC3385] Sheinwald, D., Staran, J., Thaler, P. and V. Cavanna,
- "Internet Protocol Small Computer System Interface
- (iSCSI) Cyclic Redundancy Check (CRC)/Checksum
- Considerations", RFC 3385, September 2002.
-
- [RFC3721] Bakke M., Hafner, J., Hufferd, J., Voruganti, K. and
- M. Krueger, "Internet Small Computer Systems Interface
- (iSCSI) Naming and Discovery, RFC 3721, March 2004.
-
- [SEQ-EXT] Kent, S., "IP Encapsulating Security Payload (ESP)",
- Work in Progress, July 2002.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 208]
-
-RFC 3720 iSCSI April 2004
-
-
-Appendix A. Sync and Steering with Fixed Interval Markers
-
- This appendix presents a simple scheme for synchronization (PDU
- boundary retrieval). It uses markers that include synchronization
- information placed at fixed intervals in the TCP stream.
-
- A Marker consists of:
-
- Byte / 0 | 1 | 2 | 3 |
- / | | | |
- |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
- +---------------+---------------+---------------+---------------+
- 0| Next-iSCSI-PDU-start pointer - copy #1 |
- +---------------+---------------+---------------+---------------+
- 4| Next-iSCSI-PDU-start pointer - copy #2 |
- +---------------+---------------+---------------+---------------+
-
- The Marker scheme uses payload byte stream counting that includes
- every byte placed by iSCSI in the TCP stream except for the markers
- themselves. It also excludes any bytes that TCP counts but are not
- originated by iSCSI.
-
- Markers MUST NOT be included in digest calculation.
-
- The Marker indicates the offset to the next iSCSI PDU header. The
- Marker is eight bytes in length and contains two 32-bit offset fields
- that indicate how many bytes to skip in the TCP stream in order to
- find the next iSCSI PDU header. The marker uses two copies of the
- pointer so that a marker that spans a TCP packet boundary should
- leave at least one valid copy in one of the packets.
-
- The structure and semantics of an inserted marker are independent of
- the marker interval.
-
- The use of markers is negotiable. The initiator and target MAY
- indicate their readiness to receive and/or send markers during login
- separately for each connection. The default is No.
-
-A.1. Markers At Fixed Intervals
-
- A marker is inserted at fixed intervals in the TCP byte stream.
- During login, each end of the iSCSI session specifies the interval at
- which it is willing to receive the marker, or it disables the marker
- altogether. If a receiver indicates that it desires a marker, the
- sender MAY agree (during negotiation) and provide the marker at the
- desired interval. However, in certain environments, a sender that
- does not provide markers to a receiver that wants markers may suffer
- an appreciable performance degradation.
-
-
-
-Satran, et al. Standards Track [Page 209]
-
-RFC 3720 iSCSI April 2004
-
-
- The marker interval and the initial marker-less interval are counted
- in terms of the bytes placed in the TCP stream data by iSCSI.
-
- When reduced to iSCSI terms, markers MUST indicate the offset to a
- 4-byte word boundary in the stream. The least significant two bits
- of each marker word are reserved and are considered 0 for offset
- computation.
-
- Padding iSCSI PDU payloads to 4-byte word boundaries simplifies
- marker manipulation.
-
-A.2. Initial Marker-less Interval
-
- To enable the connection setup including the Login Phase negotiation,
- marking (if any) is only started at the first marker interval after
- the end of the Login Phase. However, in order to enable the marker
- inclusion and exclusion mechanism to work without knowledge of the
- length of the Login Phase, the first marker will be placed in the TCP
- stream as if the Marker-less interval had included markers.
-
- Thus, all markers appear in the stream at locations conforming to the
- formula: [(MI + 8) * n - 8] where MI = Marker Interval, n = integer
- number.
-
- For example, if the marker interval is 512 bytes and the login ended
- at byte 1003 (first iSCSI placed byte is 0), the first marker will be
- inserted after byte 1031 in the stream.
-
-A.3. Negotiation
-
- The following operational key=value pairs are used to negotiate the
- fixed interval markers. The direction (output or input) is relative
- to the initiator.
-
-A.3.1. OFMarker, IFMarker
-
- Use: IO
- Senders: Initiator and Target
- Scope: CO
-
- OFMarker=<boolean-value>
- IFMarker=<boolean-value>
-
- Default is No.
-
- Result function is AND.
-
-
-
-
-
-Satran, et al. Standards Track [Page 210]
-
-RFC 3720 iSCSI April 2004
-
-
- OFMarker is used to turn on or off the initiator to target markers
- on the connection. IFMarker is used to turn on or off the target to
- initiator markers on the connection.
-
- Examples:
-
- I->OFMarker=Yes,IFMarker=Yes
- T->OFMarker=Yes,IFMarker=Yes
-
- Results in the Marker being used in both directions while:
-
- I->OFMarker=Yes,IFMarker=Yes
- T->OFMarker=Yes,IFMarker=No
-
- Results in Marker being used from the initiator to the target, but
- not from the target to initiator.
-
-A.3.2. OFMarkInt, IFMarkInt
-
- Use: IO
- Senders: Initiator and Target
- Scope: CO
- OFMarkInt is Irrelevant when: OFMarker=No
- IFMarkInt is Irrelevant when: IFMarker=No
-
- Offering:
-
- OFMarkInt=<numeric-range-from-1-to-65535>
- IFMarkInt=<numeric-range-from-1-to-65535>
-
- Responding:
-
- OFMarkInt=<numeric-value-from-1-to-65535>|Reject
- IFMarkInt=<numeric-value-from-1-to-65535>|Reject
-
- OFMarkInt is used to set the interval for the initiator to target
- markers on the connection. IFMarkInt is used to set the interval for
- the target to initiator markers on the connection.
-
- For the offering, the initiator or target indicates the minimum to
- maximum interval (in 4-byte words) it wants the markers for one or
- both directions. In case it only wants a specific value, only a
- single value has to be specified. The responder selects a value
- within the minimum and maximum offered or the only value offered or
- indicates through the xFMarker key=value its inability to set and/or
- receive markers. When the interval is unacceptable the responder
- answers with "Reject". Reject is resetting the marker function in
- the specified direction (Output or Input) to No.
-
-
-
-Satran, et al. Standards Track [Page 211]
-
-RFC 3720 iSCSI April 2004
-
-
- The interval is measured from the end of a marker to the beginning of
- the next marker. For example, a value of 1024 means 1024 words (4096
- bytes of iSCSI payload between markers).
-
- The default is 2048.
-
-Appendix B. Examples
-
-B.1. Read Operation Example
-
- +------------------+-----------------------+----------------------+
- |Initiator Function| PDU Type | Target Function |
- +------------------+-----------------------+----------------------+
- | Command request |SCSI Command (READ)>>> | |
- | (read) | | |
- +------------------+-----------------------+----------------------+
- | | |Prepare Data Transfer |
- +------------------+-----------------------+----------------------+
- | Receive Data | <<< SCSI Data-In | Send Data |
- +------------------+-----------------------+----------------------+
- | Receive Data | <<< SCSI Data-In | Send Data |
- +------------------+-----------------------+----------------------+
- | Receive Data | <<< SCSI Data-In | Send Data |
- +------------------+-----------------------+----------------------+
- | | <<< SCSI Response |Send Status and Sense |
- +------------------+-----------------------+----------------------+
- | Command Complete | | |
- +------------------+-----------------------+----------------------+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 212]
-
-RFC 3720 iSCSI April 2004
-
-
-B.2. Write Operation Example
-
- +------------------+-----------------------+---------------------+
- |Initiator Function| PDU Type | Target Function |
- +------------------+-----------------------+---------------------+
- | Command request |SCSI Command (WRITE)>>>| Receive command |
- | (write) | | and queue it |
- +------------------+-----------------------+---------------------+
- | | | Process old commands|
- +------------------+-----------------------+---------------------+
- | | | Ready to process |
- | | <<< R2T | WRITE command |
- +------------------+-----------------------+---------------------+
- | Send Data | SCSI Data-Out >>> | Receive Data |
- +------------------+-----------------------+---------------------+
- | | <<< R2T | Ready for data |
- +------------------+-----------------------+---------------------+
- | | <<< R2T | Ready for data |
- +------------------+-----------------------+---------------------+
- | Send Data | SCSI Data-Out >>> | Receive Data |
- +------------------+-----------------------+---------------------+
- | Send Data | SCSI Data-Out >>> | Receive Data |
- +------------------+-----------------------+---------------------+
- | | <<< SCSI Response |Send Status and Sense|
- +------------------+-----------------------+---------------------+
- | Command Complete | | |
- +------------------+-----------------------+---------------------+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 213]
-
-RFC 3720 iSCSI April 2004
-
-
-B.3. R2TSN/DataSN Use Examples
-
- Output (write) data DataSN/R2TSN Example
-
- +------------------+-----------------------+----------------------+
- |Initiator Function| PDU Type & Content | Target Function |
- +------------------+-----------------------+----------------------+
- | Command request |SCSI Command (WRITE)>>>| Receive command |
- | (write) | | and queue it |
- +------------------+-----------------------+----------------------+
- | | | Process old commands |
- +------------------+-----------------------+----------------------+
- | | <<< R2T | Ready for data |
- | | R2TSN = 0 | |
- +------------------+-----------------------+----------------------+
- | | <<< R2T | Ready for more data |
- | | R2TSN = 1 | |
- +------------------+-----------------------+----------------------+
- | Send Data | SCSI Data-Out >>> | Receive Data |
- | for R2TSN 0 | DataSN = 0, F=0 | |
- +------------------+-----------------------+----------------------+
- | Send Data | SCSI Data-Out >>> | Receive Data |
- | for R2TSN 0 | DataSN = 1, F=1 | |
- +------------------+-----------------------+----------------------+
- | Send Data | SCSI Data >>> | Receive Data |
- | for R2TSN 1 | DataSN = 0, F=1 | |
- +------------------+-----------------------+----------------------+
- | | <<< SCSI Response |Send Status and Sense |
- | | ExpDataSN = 0 | |
- +------------------+-----------------------+----------------------+
- | Command Complete | | |
- +------------------+-----------------------+----------------------+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 214]
-
-RFC 3720 iSCSI April 2004
-
-
- Input (read) data DataSN Example
-
- +------------------+-----------------------+----------------------+
- |Initiator Function| PDU Type | Target Function |
- +------------------+-----------------------+----------------------+
- | Command request |SCSI Command (READ)>>> | |
- | (read) | | |
- +------------------+-----------------------+----------------------+
- | | | Prepare Data Transfer|
- +------------------+-----------------------+----------------------+
- | Receive Data | <<< SCSI Data-In | Send Data |
- | | DataSN = 0, F=0 | |
- +------------------+-----------------------+----------------------+
- | Receive Data | <<< SCSI Data-In | Send Data |
- | | DataSN = 1, F=0 | |
- +------------------+-----------------------+----------------------+
- | Receive Data | <<< SCSI Data-In | Send Data |
- | | DataSN = 2, F=1 | |
- +------------------+-----------------------+----------------------+
- | | <<< SCSI Response |Send Status and Sense |
- | | ExpDataSN = 3 | |
- +------------------+-----------------------+----------------------+
- | Command Complete | | |
- +------------------+-----------------------+----------------------+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 215]
-
-RFC 3720 iSCSI April 2004
-
-
- Bidirectional DataSN Example
-
- +------------------+-----------------------+----------------------+
- |Initiator Function| PDU Type | Target Function |
- +------------------+-----------------------+----------------------+
- | Command request |SCSI Command >>> | |
- | (Read-Write) | Read-Write | |
- +------------------+-----------------------+----------------------+
- | | | Process old commands |
- +------------------+-----------------------+----------------------+
- | | <<< R2T | Ready to process |
- | | R2TSN = 0 | WRITE command |
- +------------------+-----------------------+----------------------+
- | * Receive Data | <<< SCSI Data-In | Send Data |
- | | DataSN = 1, F=0 | |
- +------------------+-----------------------+----------------------+
- | * Receive Data | <<< SCSI Data-In | Send Data |
- | | DataSN = 2, F=1 | |
- +------------------+-----------------------+----------------------+
- | * Send Data | SCSI Data-Out >>> | Receive Data |
- | for R2TSN 0 | DataSN = 0, F=1 | |
- +------------------+-----------------------+----------------------+
- | | <<< SCSI Response |Send Status and Sense |
- | | ExpDataSN = 3 | |
- +------------------+-----------------------+----------------------+
- | Command Complete | | |
- +------------------+-----------------------+----------------------+
-
- *) Send data and Receive Data may be transferred simultaneously as in
- an atomic Read-Old-Write-New or sequentially as in an atomic
- Read-Update-Write (in the latter case the R2T may follow the received
- data).
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 216]
-
-RFC 3720 iSCSI April 2004
-
-
- Unsolicited and immediate output (write) data with DataSN Example
-
- +------------------+-----------------------+----------------------+
- |Initiator Function| PDU Type & Content | Target Function |
- +------------------+-----------------------+----------------------+
- | Command request |SCSI Command (WRITE)>>>| Receive command |
- | (write) |F=0 | and data |
- |+ Immediate data | | and queue it |
- +------------------+-----------------------+----------------------+
- | Send Unsolicited | SCSI Write Data >>> | Receive more Data |
- | Data | DataSN = 0, F=1 | |
- +------------------+-----------------------+----------------------+
- | | | Process old commands |
- +------------------+-----------------------+----------------------+
- | | <<< R2T | Ready for more data |
- | | R2TSN = 0 | |
- +------------------+-----------------------+----------------------+
- | Send Data | SCSI Write Data >>> | Receive Data |
- | for R2TSN 0 | DataSN = 0, F=1 | |
- +------------------+-----------------------+----------------------+
- | | <<< SCSI Response |Send Status and Sense |
- | | | |
- +------------------+-----------------------+----------------------+
- | Command Complete | | |
- +------------------+-----------------------+----------------------+
-
-B.4. CRC Examples
-
- N.B. all Values are Hexadecimal
-
- 32 bytes of zeroes:
-
- Byte: 0 1 2 3
-
- 0: 00 00 00 00
- ...
- 28: 00 00 00 00
-
- CRC: aa 36 91 8a
-
- 32 bytes of ones:
-
- Byte: 0 1 2 3
-
- 0: ff ff ff ff
- ...
- 28: ff ff ff ff
-
-
-
-
-Satran, et al. Standards Track [Page 217]
-
-RFC 3720 iSCSI April 2004
-
-
- CRC: 43 ab a8 62
-
- 32 bytes of incrementing 00..1f:
-
- Byte: 0 1 2 3
-
- 0: 00 01 02 03
- ...
- 28: 1c 1d 1e 1f
-
- CRC: 4e 79 dd 46
-
- 32 bytes of decrementing 1f..00:
-
- Byte: 0 1 2 3
-
- 0: 1f 1e 1d 1c
- ...
- 28: 03 02 01 00
-
- CRC: 5c db 3f 11
-
- An iSCSI - SCSI Read (10) Command PDU
-
- Byte: 0 1 2 3
-
- 0: 01 c0 00 00
- 4: 00 00 00 00
- 8: 00 00 00 00
- 12: 00 00 00 00
- 16: 14 00 00 00
- 20: 00 00 04 00
- 24: 00 00 00 14
- 28: 00 00 00 18
- 32: 28 00 00 00
- 36: 00 00 00 00
- 40: 02 00 00 00
- 44: 00 00 00 00
-
- CRC: 56 3a 96 d9
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 218]
-
-RFC 3720 iSCSI April 2004
-
-
-Appendix C. Login Phase Examples
-
- In the first example, the initiator and target authenticate each
- other via Kerberos:
-
- I-> Login (CSG,NSG=0,1 T=1)
- InitiatorName=iqn.1999-07.com.os:hostid.77
- TargetName=iqn.1999-07.com.example:diskarray.sn.88
- AuthMethod=KRB5,SRP,None
-
- T-> Login (CSG,NSG=0,0 T=0)
- AuthMethod=KRB5
-
- I-> Login (CSG,NSG=0,1 T=1)
- KRB_AP_REQ=<krb_ap_req>
-
- (krb_ap_req contains the Kerberos V5 ticket and authenticator
- with MUTUAL-REQUIRED set in the ap-options field)
-
- If the authentication is successful, the target proceeds with:
-
- T-> Login (CSG,NSG=0,1 T=1)
- KRB_AP_REP=<krb_ap_rep>
-
- (krb_ap_rep is the Kerberos V5 mutual authentication reply)
-
- If the authentication is successful, the initiator may proceed
- with:
-
- I-> Login (CSG,NSG=1,0 T=0) FirstBurstLength=8192
- T-> Login (CSG,NSG=1,0 T=0) FirstBurstLength=4096
- MaxBurstLength=8192
- I-> Login (CSG,NSG=1,0 T=0) MaxBurstLength=8192
- ... more iSCSI Operational Parameters
-
- T-> Login (CSG,NSG=1,0 T=0)
- ... more iSCSI Operational Parameters
-
- And at the end:
-
- I-> Login (CSG,NSG=1,3 T=1)
- optional iSCSI parameters
-
- T-> Login (CSG,NSG=1,3 T=1) "login accept"
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 219]
-
-RFC 3720 iSCSI April 2004
-
-
- If the initiator's authentication by the target is not
- successful, the target responds with:
-
- T-> Login "login reject"
-
- instead of the Login KRB_AP_REP message, and terminates the
- connection.
-
- If the target's authentication by the initiator is not
- successful, the initiator terminates the connection (without
- responding to the Login KRB_AP_REP message).
-
- In the next example only the initiator is authenticated by the
- target via Kerberos:
-
- I-> Login (CSG,NSG=0,1 T=1)
- InitiatorName=iqn.1999-07.com.os:hostid.77
- TargetName=iqn.1999-07.com.example:diskarray.sn.88
- AuthMethod=SRP,KRB5,None
-
- T-> Login-PR (CSG,NSG=0,0 T=0)
- AuthMethod=KRB5
-
- I-> Login (CSG,NSG=0,1 T=1)
- KRB_AP_REQ=krb_ap_req
-
- (MUTUAL-REQUIRED not set in the ap-options field of krb_ap_req)
-
- If the authentication is successful, the target proceeds with:
-
- T-> Login (CSG,NSG=0,1 T=1)
-
- I-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
- T-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
- . . .
-
- T-> Login (CSG,NSG=1,3 T=1)"login accept"
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 220]
-
-RFC 3720 iSCSI April 2004
-
-
- In the next example, the initiator and target authenticate each
- other via SPKM1:
-
- I-> Login (CSG,NSG=0,1 T=1)
- InitiatorName=iqn.1999-07.com.os:hostid.77
- TargetName=iqn.1999-07.com.example:diskarray.sn.88
- AuthMethod=SPKM1,KRB5,None
-
- T-> Login (CSG,NSG=0,0 T=0)
- AuthMethod=SPKM1
-
- I-> Login (CSG,NSG=0,0 T=0)
- SPKM_REQ=<spkm-req>
-
- (spkm-req is the SPKM-REQ token with the mutual-state bit in the
- options field of the REQ-TOKEN set)
-
- T-> Login (CSG,NSG=0,0 T=0)
- SPKM_REP_TI=<spkm-rep-ti>
-
- If the authentication is successful, the initiator proceeds:
-
- I-> Login (CSG,NSG=0,1 T=1)
- SPKM_REP_IT=<spkm-rep-it>
-
- If the authentication is successful, the target proceeds with:
-
- T-> Login (CSG,NSG=0,1 T=1)
-
- The initiator may proceed:
-
- I-> Login (CSG,NSG=1,0 T=0) ... iSCSI parameters
- T-> Login (CSG,NSG=1,0 T=0) ... iSCSI parameters
-
- And at the end:
-
- I-> Login (CSG,NSG=1,3 T=1)
- optional iSCSI parameters
-
- T-> Login (CSG,NSG=1,3 T=1) "login accept"
-
-
- If the target's authentication by the initiator is not
- successful, the initiator terminates the connection (without
- responding to the Login SPKM_REP_TI message).
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 221]
-
-RFC 3720 iSCSI April 2004
-
-
- If the initiator's authentication by the target is not
- successful, the target responds with:
-
- T-> Login "login reject"
-
- instead of the Login "proceed and change stage" message, and
- terminates the connection.
-
-
- In the next example, the initiator and target authenticate each
- other via SPKM2:
-
- I-> Login (CSG,NSG=0,0 T=0)
- InitiatorName=iqn.1999-07.com.os:hostid.77
- TargetName=iqn.1999-07.com.example:diskarray.sn.88
- AuthMethod=SPKM1,SPKM2
-
- T-> Login-PR (CSG,NSG=0,0 T=0)
- AuthMethod=SPKM2
-
- I-> Login (CSG,NSG=0,1 T=1)
- SPKM_REQ=<spkm-req>
-
- (spkm-req is the SPKM-REQ token with the mutual-state bit in the
- options field of the REQ-TOKEN not set)
-
- If the authentication is successful, the target proceeds with:
-
- T-> Login (CSG,NSG=0,1 T=1)
-
- The initiator may proceed:
-
- I-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
- T-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
- And at the end:
-
- I-> Login (CSG,NSG=1,3 T=1)
- optional iSCSI parameters
-
- T-> Login (CSG,NSG=1,3 T=1) "login accept"
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 222]
-
-RFC 3720 iSCSI April 2004
-
-
- In the next example, the initiator and target authenticate each
- other via SRP:
-
- I-> Login (CSG,NSG=0,1 T=1)
- InitiatorName=iqn.1999-07.com.os:hostid.77
- TargetName=iqn.1999-07.com.example:diskarray.sn.88
- AuthMethod=KRB5,SRP,None
-
- T-> Login-PR (CSG,NSG=0,0 T=0)
- AuthMethod=SRP
-
- I-> Login (CSG,NSG=0,0 T=0)
- SRP_U=<user>
- TargetAuth=Yes
-
- T-> Login (CSG,NSG=0,0 T=0)
- SRP_GROUP=SRP-1536,SRP-1024
- SRP_s=<s>
-
- I-> Login (CSG,NSG=0,0 T=0)
- SRP_GROUP=SRP-1536
- SRP_A=<A>
-
- T-> Login (CSG,NSG=0,0 T=0)
- SRP_B=<B>
-
- I-> Login (CSG,NSG=0,1 T=1)
- SRP_M=<M>
-
- If the initiator authentication is successful, the target
- proceeds:
-
- T-> Login (CSG,NSG=0,1 T=1)
- SRP_HM=<H(A | M | K)>
-
- Where N, g, s, A, B, M, and H(A | M | K) are defined in [RFC2945].
-
- If the target authentication is not successful, the initiator
- terminates the connection; otherwise, it proceeds.
-
- I-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
- T-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 223]
-
-RFC 3720 iSCSI April 2004
-
-
- And at the end:
-
- I-> Login (CSG,NSG=1,3 T=1)
- optional iSCSI parameters
-
- T-> Login (CSG,NSG=1,3 T=1) "login accept"
-
- If the initiator authentication is not successful, the target
- responds with:
-
- T-> Login "login reject"
-
- Instead of the T-> Login SRP_HM=<H(A | M | K)> message and
- terminates the connection.
-
- In the next example, the initiator and target authenticate each
- other via SRP:
-
- I-> Login (CSG,NSG=0,1 T=1)
- InitiatorName=iqn.1999-07.com.os:hostid.77
- TargetName=iqn.1999-07.com.example:diskarray.sn.88
- AuthMethod=KRB5,SRP,None
-
- T-> Login-PR (CSG,NSG=0,0 T=0)
- AuthMethod=SRP
-
- I-> Login (CSG,NSG=0,0 T=0)
- SRP_U=<user>
- TargetAuth=No
-
- T-> Login (CSG,NSG=0,0 T=0)
- SRP_GROUP=SRP-1536
- SRP_s=<s>
-
- I-> Login (CSG,NSG=0,0 T=0)
- SRP_GROUP=SRP-1536
- SRP_A=<A>
-
- T-> Login (CSG,NSG=0,0 T=0)
- SRP_B=<B>
-
- I-> Login (CSG,NSG=0,1 T=1)
- SRP_M=<M>
-
- If the initiator authentication is successful, the target
- proceeds:
-
- T-> Login (CSG,NSG=0,1 T=1)
-
-
-
-Satran, et al. Standards Track [Page 224]
-
-RFC 3720 iSCSI April 2004
-
-
-
- I-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
- T-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
- And at the end:
-
- I-> Login (CSG,NSG=1,3 T=1)
- optional iSCSI parameters
-
- T-> Login (CSG,NSG=1,3 T=1) "login accept"
-
- In the next example the initiator and target authenticate each other
- via CHAP:
-
- I-> Login (CSG,NSG=0,0 T=0)
- InitiatorName=iqn.1999-07.com.os:hostid.77
- TargetName=iqn.1999-07.com.example:diskarray.sn.88
- AuthMethod=KRB5,CHAP,None
-
- T-> Login-PR (CSG,NSG=0,0 T=0)
- AuthMethod=CHAP
-
- I-> Login (CSG,NSG=0,0 T=0)
- CHAP_A=<A1,A2>
-
- T-> Login (CSG,NSG=0,0 T=0)
- CHAP_A=<A1>
- CHAP_I=<I>
- CHAP_C=<C>
-
- I-> Login (CSG,NSG=0,1 T=1)
- CHAP_N=<N>
- CHAP_R=<R>
- CHAP_I=<I>
- CHAP_C=<C>
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 225]
-
-RFC 3720 iSCSI April 2004
-
-
- If the initiator authentication is successful, the target
- proceeds:
-
- T-> Login (CSG,NSG=0,1 T=1)
- CHAP_N=<N>
- CHAP_R=<R>
-
- If the target authentication is not successful, the initiator
- aborts the connection; otherwise, it proceeds.
-
- I-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
- T-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
- And at the end:
-
- I-> Login (CSG,NSG=1,3 T=1)
- optional iSCSI parameters
-
- T-> Login (CSG,NSG=1,3 T=1) "login accept"
-
- If the initiator authentication is not successful, the target
- responds with:
-
- T-> Login "login reject"
-
- Instead of the Login CHAP_R=<response> "proceed and change
- stage" message and terminates the connection.
-
- In the next example, only the initiator is authenticated by the
- target via CHAP:
-
- I-> Login (CSG,NSG=0,1 T=0)
- InitiatorName=iqn.1999-07.com.os:hostid.77
- TargetName=iqn.1999-07.com.example:diskarray.sn.88
- AuthMethod=KRB5,CHAP,None
-
- T-> Login-PR (CSG,NSG=0,0 T=0)
- AuthMethod=CHAP
-
- I-> Login (CSG,NSG=0,0 T=0)
- CHAP_A=<A1,A2>
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 226]
-
-RFC 3720 iSCSI April 2004
-
-
- T-> Login (CSG,NSG=0,0 T=0)
- CHAP_A=<A1>
- CHAP_I=<I>
- CHAP_C=<C>
-
- I-> Login (CSG,NSG=0,1 T=1)
- CHAP_N=<N>
- CHAP_R=<R>
-
- If the initiator authentication is successful, the target
- proceeds:
-
- T-> Login (CSG,NSG=0,1 T=1)
-
- I-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
- T-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
- And at the end:
-
- I-> Login (CSG,NSG=1,3 T=1)
- optional iSCSI parameters
-
- T-> Login (CSG,NSG=1,3 T=1) "login accept"
-
- In the next example, the initiator does not offer any security
- parameters. It therefore may offer iSCSI parameters on the Login PDU
- with the T bit set to 1, and the target may respond with a final
- Login Response PDU immediately:
-
- I-> Login (CSG,NSG=1,3 T=1)
- InitiatorName=iqn.1999-07.com.os:hostid.77
- TargetName=iqn.1999-07.com.example:diskarray.sn.88
- ... iSCSI parameters
-
- T-> Login (CSG,NSG=1,3 T=1) "login accept"
- ... ISCSI parameters
-
- In the next example, the initiator does offer security
- parameters on the Login PDU, but the target does not choose
- any (i.e., chooses the "None" values):
-
- I-> Login (CSG,NSG=0,1 T=1)
- InitiatorName=iqn.1999-07.com.os:hostid.77
- TargetName=iqn.1999-07.com.example:diskarray.sn.88
- AuthMethod=KRB5,SRP,None
-
-
-
-Satran, et al. Standards Track [Page 227]
-
-RFC 3720 iSCSI April 2004
-
-
-
- T-> Login-PR (CSG,NSG=0,1 T=1)
- AuthMethod=None
-
- I-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
- T-> Login (CSG,NSG=1,0 T=0)
- ... iSCSI parameters
-
- And at the end:
-
- I-> Login (CSG,NSG=1,3 T=1)
- optional iSCSI parameters
-
- T-> Login (CSG,NSG=1,3 T=1) "login accept"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 228]
-
-RFC 3720 iSCSI April 2004
-
-
-Appendix D. SendTargets Operation
-
- To reduce the amount of configuration required on an initiator, iSCSI
- provides the SendTargets text request. The initiator uses the
- SendTargets request to get a list of targets to which it may have
- access, as well as the list of addresses (IP address and TCP port) on
- which these targets may be accessed.
-
- To make use of SendTargets, an initiator must first establish one of
- two types of sessions. If the initiator establishes the session
- using the key "SessionType=Discovery", the session is a discovery
- session, and a target name does not need to be specified. Otherwise,
- the session is a normal, operational session. The SendTargets
- command MUST only be sent during the Full Feature Phase of a normal
- or discovery session.
-
- A system that contains targets MUST support discovery sessions on
- each of its iSCSI IP address-port pairs, and MUST support the
- SendTargets command on the discovery session. In a discovery
- session, a target MUST return all path information (target name and
- IP address-port pairs and portal group tags) for the targets on the
- target network entity which the requesting initiator is authorized to
- access.
-
- A target MUST support the SendTargets command on operational
- sessions; these will only return path information about the target to
- which the session is connected, and do not need to return information
- about other target names that may be defined in the responding
- system.
-
- An initiator MAY make use of the SendTargets as it sees fit.
-
- A SendTargets command consists of a single Text request PDU. This
- PDU contains exactly one text key and value. The text key MUST be
- SendTargets. The expected response depends upon the value, as well
- as whether the session is a discovery or operational session.
-
- The value must be one of:
-
- All
-
- The initiator is requesting that information on all relevant
- targets known to the implementation be returned. This value
- MUST be supported on a discovery session, and MUST NOT be
- supported on an operational session.
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 229]
-
-RFC 3720 iSCSI April 2004
-
-
- <iSCSI-target-name>
-
- If an iSCSI target name is specified, the session should respond
- with addresses for only the named target, if possible. This
- value MUST be supported on discovery sessions. A discovery
- session MUST be capable of returning addresses for those
- targets that would have been returned had value=All had been
- designated.
-
- <nothing>
-
- The session should only respond with addresses for the target to
- which the session is logged in. This MUST be supported on
- operational sessions, and MUST NOT return targets other than
- the one to which the session is logged in.
-
- The response to this command is a text response that contains a list
- of zero or more targets and, optionally, their addresses. Each
- target is returned as a target record. A target record begins with
- the TargetName text key, followed by a list of TargetAddress text
- keys, and bounded by the end of the text response or the next
- TargetName key, which begins a new record. No text keys other than
- TargetName and TargetAddress are permitted within a SendTargets
- response.
-
- For the format of the TargetName, see Section 12.4 TargetName.
-
- In a discovery session, a target MAY respond to a SendTargets request
- with its complete list of targets, or with a list of targets that is
- based on the name of the initiator logged in to the session.
-
- A SendTargets response MUST NOT contain target names if there are no
- targets for the requesting initiator to access.
-
- Each target record returned includes zero or more TargetAddress
- fields.
-
- Each target record starts with one text key of the form:
-
- TargetName=<target-name-goes-here>
-
- Followed by zero or more address keys of the form:
-
- TargetAddress=<hostname-or-ipaddress>[:<tcp-port>],
- <portal-group-tag>
-
- The hostname-or-ipaddress contains a domain name, IPv4 address, or
- IPv6 address, as specified for the TargetAddress key.
-
-
-
-Satran, et al. Standards Track [Page 230]
-
-RFC 3720 iSCSI April 2004
-
-
- A hostname-or-ipaddress duplicated in TargetAddress responses for a
- given node (the port is absent or equal) would probably indicate that
- multiple address families are in use at once (IPV6 and IPV4).
-
- Each TargetAddress belongs to a portal group, identified by its
- numeric portal group tag (as in Section 12.9 TargetPortalGroupTag).
- The iSCSI target name, together with this tag, constitutes the SCSI
- port identifier; the tag only needs to be unique within a given
- target's name list of addresses.
-
- Multiple-connection sessions can span iSCSI addresses that belong to
- the same portal group.
-
- Multiple-connection sessions cannot span iSCSI addresses that belong
- to different portal groups.
-
- If a SendTargets response reports an iSCSI address for a target, it
- SHOULD also report all other addresses in its portal group in the
- same response.
-
- A SendTargets text response can be longer than a single Text Response
- PDU, and makes use of the long text responses as specified.
-
- After obtaining a list of targets from the discovery target session,
- an iSCSI initiator may initiate new sessions to log in to the
- discovered targets for full operation. The initiator MAY keep the
- discovery session open, and MAY send subsequent SendTargets commands
- to discover new targets.
-
- Examples:
-
- This example is the SendTargets response from a single target that
- has no other interface ports.
-
- Initiator sends text request that contains:
-
- SendTargets=All
-
- Target sends a text response that contains:
-
- TargetName=iqn.1993-11.com.example:diskarray.sn.8675309
-
- All the target had to return in the simple case was the target name.
- It is assumed by the initiator that the IP address and TCP port for
- this target are the same as used on the current connection to the
- default iSCSI target.
-
-
-
-
-
-Satran, et al. Standards Track [Page 231]
-
-RFC 3720 iSCSI April 2004
-
-
- The next example has two internal iSCSI targets, each accessible via
- two different ports with different IP addresses. The following is
- the text response:
-
- TargetName=iqn.1993-11.com.example:diskarray.sn.8675309
- TargetAddress=10.1.0.45:3000,1 TargetAddress=10.1.1.45:3000,2
- TargetName=iqn.1993-11.com.example:diskarray.sn.1234567
- TargetAddress=10.1.0.45:3000,1 TargetAddress=10.1.1.45:3000,2
-
- Both targets share both addresses; the multiple addresses are likely
- used to provide multi-path support. The initiator may connect to
- either target name on either address. Each of the addresses has its
- own portal group tag; they do not support spanning
- multiple-connection sessions with each other. Keep in mind that the
- portal group tags for the two named targets are independent of one
- another; portal group "1" on the first target is not necessarily the
- same as portal group "1" on the second target.
-
- In the above example, a DNS host name or an IPv6 address could have
- been returned instead of an IPv4 address.
-
- The next text response shows a target that supports spanning sessions
- across multiple addresses, and further illustrates the use of the
- portal group tags:
-
- TargetName=iqn.1993-11.com.example:diskarray.sn.8675309
-
- TargetAddress=10.1.0.45:3000,1 TargetAddress=10.1.1.46:3000,1
- TargetAddress=10.1.0.47:3000,2 TargetAddress=10.1.1.48:3000,2
- TargetAddress=10.1.1.49:3000,3
-
- In this example, any of the target addresses can be used to reach the
- same target. A single-connection session can be established to any
- of these TCP addresses. A multiple-connection session could span
- addresses .45 and .46 or .47 and .48, but cannot span any other
- combination. A TargetAddress with its own tag (.49) cannot be
- combined with any other address within the same session.
-
- This SendTargets response does not indicate whether .49 supports
- multiple connections per session; it is communicated via the
- MaxConnections text key upon login to the target.
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 232]
-
-RFC 3720 iSCSI April 2004
-
-
-Appendix E. Algorithmic Presentation of Error Recovery Classes
-
- This appendix illustrates the error recovery classes using a
- pseudo-programming-language. The procedure names are chosen to be
- obvious to most implementers. Each of the recovery classes described
- has initiator procedures as well as target procedures. These
- algorithms focus on outlining the mechanics of error recovery
- classes, and do not exhaustively describe all other aspects/cases.
- Examples of this approach are:
-
-
- - Handling for only certain Opcode types is shown.
-
- - Only certain reason codes (e.g., Recovery in Logout command)
- are outlined.
-
- - Resultant cases, such as recovery of Synchronization on a
- header digest error are considered out-of-scope in these
- algorithms. In this particular example, a header digest error
- may lead to connection recovery if some type of sync and
- steering layer is not implemented.
-
- These algorithms strive to convey the iSCSI error recovery concepts
- in the simplest terms, and are not designed to be optimal.
-
-E.1. General Data Structure and Procedure Description
-
- This section defines the procedures and data structures that are
- commonly used by all the error recovery algorithms. The structures
- may not be the exhaustive representations of what is required for a
- typical implementation.
-
- Data structure definitions -
- struct TransferContext {
- int TargetTransferTag;
- int ExpectedDataSN;
- };
-
- struct TCB { /* task control block */
- Boolean SoFarInOrder;
- int ExpectedDataSN; /* used for both R2Ts, and Data */
- int MissingDataSNList[MaxMissingDPDU];
- Boolean FbitReceived;
- Boolean StatusXferd;
- Boolean CurrentlyAllegiant;
- int ActiveR2Ts;
- int Response;
- char *Reason;
-
-
-
-Satran, et al. Standards Track [Page 233]
-
-RFC 3720 iSCSI April 2004
-
-
- struct TransferContext
- TransferContextList[MaxOutStandingR2T];
- int InitiatorTaskTag;
- int CmdSN;
-
- int SNACK_Tag;
-
- };
-
- struct Connection {
- struct Session SessionReference;
- Boolean SoFarInOrder;
- int CID;
- int State;
-
- int CurrentTimeout;
- int ExpectedStatSN;
- int MissingStatSNList[MaxMissingSPDU];
- Boolean PerformConnectionCleanup;
- };
-
- struct Session {
- int NumConnections;
- int CmdSN;
- int Maxconnections;
- int ErrorRecoveryLevel;
- struct iSCSIEndpoint OtherEndInfo;
- struct Connection ConnectionList[MaxSupportedConns];
- };
-
- Procedure descriptions -
- Receive-a-In-PDU(transport connection, inbound PDU);
- check-basic-validity(inbound PDU);
- Start-Timer(timeout handler, argument, timeout value);
- Build-And-Send-Reject(transport connection, bad PDU, reason code);
-
-E.2. Within-command Error Recovery Algorithms
-
-E.2.1. Procedure Descriptions
-
- Recover-Data-if-Possible(last required DataSN, task control
- block);
- Build-And-Send-DSnack(task control block);
- Build-And-Send-RDSnack(task control block);
- Build-And-Send-Abort(task control block);
- SCSI-Task-Completion(task control block);
- Build-And-Send-A-Data-Burst(transport connection, data-descriptor,
- task control block);
-
-
-
-Satran, et al. Standards Track [Page 234]
-
-RFC 3720 iSCSI April 2004
-
-
- Build-And-Send-R2T(transport connection, data-descriptor,
- task control block);
- Build-And-Send-Status(transport connection, task control block);
- Transfer-Context-Timeout-Handler(transfer context);
-
-
- Notes:
-
- - One procedure used in this section: Handle-Status-SNACK-
- request is defined in Within-connection recovery algorithms.
-
- - The Response processing pseudo-code, shown in the target
- algorithms, applies to all solicited PDUs that carry StatSN -
- SCSI Response, Text Response etc.
-
-E.2.2. Initiator Algorithms
-
-Recover-Data-if-Possible(LastRequiredDataSN, TCB)
-{
- if (operational ErrorRecoveryLevel > 0) {
- if (# of missing PDUs is trackable) {
- Note the missing DataSNs in TCB.
- if (the task spanned a change in
- MaxRecvDataSegmentLength) {
- if (TCB.StatusXferd is TRUE)
- drop the status PDU;
- Build-And-Send-RDSnack(TCB);
- } else {
- Build-And-Send-DSnack(TCB);
- }
- } else {
- TCB.Reason = "Protocol service CRC error";
- }
- } else {
- TCB.Reason = "Protocol service CRC error";
- }
- if (TCB.Reason == "Protocol service CRC error") {
- Clear the missing PDU list in the TCB.
- if (TCB.StatusXferd is not TRUE)
- Build-And-Send-Abort(TCB);
- }
-}
-
-Receive-a-In-PDU(Connection, CurrentPDU)
-{
- check-basic-validity(CurrentPDU);
- if (Header-Digest-Bad) discard, return;
- Retrieve TCB for CurrentPDU.InitiatorTaskTag.
-
-
-
-Satran, et al. Standards Track [Page 235]
-
-RFC 3720 iSCSI April 2004
-
-
- if ((CurrentPDU.type == Data)
- or (CurrentPDU.type = R2T)) {
- if (Data-Digest-Bad for Data) {
- send-data-SNACK = TRUE;
- LastRequiredDataSN = CurrentPDU.DataSN;
- } else {
- if (TCB.SoFarInOrder = TRUE) {
- if (current DataSN is expected) {
- Increment TCB.ExpectedDataSN.
- } else {
-
- TCB.SoFarInOrder = FALSE;
- send-data-SNACK = TRUE;
- }
- } else {
- if (current DataSN was considered missing) {
- remove current DataSN from missing PDU list.
- } else if (current DataSN is higher than expected)
-{
- send-data-SNACK = TRUE;
- } else {
- discard, return;
- }
- Adjust TCB.ExpectedDataSN if appropriate.
- }
- LastRequiredDataSN = CurrentPDU.DataSN - 1;
- }
- if (send-data-SNACK is TRUE and
- task is not already considered failed) {
- Recover-Data-if-Possible(LastRequiredDataSN, TCB);
- }
- if (missing data PDU list is empty) {
- TCB.SoFarInOrder = TRUE;
- }
- if (CurrentPDU.type == R2T) {
- Increment ActiveR2Ts for this task.
-
- Create a data-descriptor for the data burst.
- Build-And-Send-A-Data-Burst(Connection, data-descriptor,
-
- TCB);
- }
- } else if (CurrentPDU.type == Response) {
- if (Data-Digest-Bad) {
- send-status-SNACK = TRUE;
- } else {
- TCB.StatusXferd = TRUE;
- Store the status information in TCB.
-
-
-
-Satran, et al. Standards Track [Page 236]
-
-RFC 3720 iSCSI April 2004
-
-
- if (ExpDataSN does not match) {
- TCB.SoFarInOrder = FALSE;
- Recover-Data-if-Possible(current DataSN, TCB);
- }
- if (missing data PDU list is empty) {
- TCB.SoFarInOrder = TRUE;
- }
- }
- } else { /* REST UNRELATED TO WITHIN-COMMAND-RECOVERY, NOT
- SHOWN */
- }
- if ((TCB.SoFarInOrder == TRUE) and
- (TCB.StatusXferd == TRUE)) {
- SCSI-Task-Completion(TCB);
- }
-}
-
-E.2.3. Target Algorithms
-
-Receive-a-In-PDU(Connection, CurrentPDU)
-{
- check-basic-validity(CurrentPDU);
- if (Header-Digest-Bad) discard, return;
- Retrieve TCB for CurrentPDU.InitiatorTaskTag.
- if (CurrentPDU.type == Data) {
- Retrieve TContext from CurrentPDU.TargetTransferTag;
- if (Data-Digest-Bad) {
- Build-And-Send-Reject(Connection, CurrentPDU,
- Payload-Digest-Error);
- Note the missing data PDUs in MissingDataRange[].
- send-recovery-R2T = TRUE;
- } else {
- if (current DataSN is not expected) {
- Note the missing data PDUs in MissingDataRange[].
- send-recovery-R2T = TRUE;
- }
- if (CurrentPDU.Fbit == TRUE) {
- if (current PDU is solicited) {
- Decrement TCB.ActiveR2Ts.
- }
- if ((current PDU is unsolicited and
- data received is less than I/O length and
- data received is less than FirstBurstLength)
- or (current PDU is solicited and the length of
- this burst is less than expected)) {
- send-recovery-R2T = TRUE;
- Note the missing data in MissingDataRange[].
- }
-
-
-
-Satran, et al. Standards Track [Page 237]
-
-RFC 3720 iSCSI April 2004
-
-
- }
- }
- Increment TContext.ExpectedDataSN.
- if (send-recovery-R2T is TRUE and
- task is not already considered failed) {
- if (operational ErrorRecoveryLevel > 0) {
- Increment TCB.ActiveR2Ts.
- Create a data-descriptor for the data burst
- from MissingDataRange.
- Build-And-Send-R2T(Connection, data-descriptor, TCB);
- } else {
- if (current PDU is the last unsolicited)
- TCB.Reason = "Not enough unsolicited data";
- else
- TCB.Reason = "Protocol service CRC error";
- }
- }
- if (TCB.ActiveR2Ts == 0) {
- Build-And-Send-Status(Connection, TCB);
- }
- } else if (CurrentPDU.type == SNACK) {
- snack-failure = FALSE;
- if (operational ErrorRecoveryLevel > 0) {
- if (CurrentPDU.type == Data/R2T) {
- if (the request is satisfiable) {
-
- if (request for Data) {
- Create a data-descriptor for the data burst
- from BegRun and RunLength.
- Build-And-Send-A-Data-Burst(Connection,
-
- data-descriptor, TCB);
- } else { /* R2T */
- Create a data-descriptor for the data burst
- from BegRun and RunLength.
- Build-And-Send-R2T(Connection, data-descriptor,
- TCB);
- }
- } else {
- snack-failure = TRUE;
- }
- } else if (CurrentPDU.type == status) {
- Handle-Status-SNACK-request(Connection, CurrentPDU);
- } else if (CurrentPDU.type == DataACK) {
- Consider all data upto CurrentPDU.BegRun as
- acknowledged.
- Free up the retransmission resources for that data.
- } else if (CurrentPDU.type == R-Data SNACK) {
-
-
-
-Satran, et al. Standards Track [Page 238]
-
-RFC 3720 iSCSI April 2004
-
-
- Create a data descriptor for a data burst covering
- all unacknowledged data.
- Build-And-Send-A-Data-Burst(Connection,
- data-descriptor, TCB);
- TCB.SNACK_Tag = CurrentPDU.SNACK_Tag;
- if (there's no more data to send) {
- Build-And-Send-Status(Connection, TCB);
- }
- }
- } else { /* operational ErrorRecoveryLevel = 0 */
- snack-failure = TRUE;
-
- }
- if (snack-failure == TRUE) {
- Build-And-Send-Reject(Connection, CurrentPDU,
- SNACK-Reject);
- if (TCB.StatusXferd != TRUE) {
- TCB.Reason = "SNACK Rejected";
- Build-And-Send-Status(Connection, TCB);
- }
- }
-
- } else { /* REST UNRELATED TO WITHIN-COMMAND-RECOVERY, NOT SHOWN */
- }
-}
-
-Transfer-Context-Timeout-Handler(TContext)
-{
- Retrieve TCB and Connection from TContext.
- Decrement TCB.ActiveR2Ts.
- if (operational ErrorRecoveryLevel > 0 and
- task is not already considered failed) {
- Note the missing data PDUs in MissingDataRange[].
- Create a data-descriptor for the data burst
- from MissingDataRange[].
- Build-And-Send-R2T(Connection, data-descriptor, TCB);
- } else {
- TCB.Reason = "Protocol service CRC error";
- if (TCB.ActiveR2Ts = 0) {
- Build-And-Send-Status(Connection, TCB);
- }
- }
-}
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 239]
-
-RFC 3720 iSCSI April 2004
-
-
-E.3. Within-connection Recovery Algorithms
-
-E.3.1. Procedure Descriptions
-
-Procedure descriptions:
-Recover-Status-if-Possible(transport connection,
- currently received PDU);
-Evaluate-a-StatSN(transport connection, currently received PDU);
-Retransmit-Command-if-Possible(transport connection, CmdSN);
-Build-And-Send-SSnack(transport connection);
-Build-And-Send-Command(transport connection, task control block);
-Command-Acknowledge-Timeout-Handler(task control block);
-Status-Expect-Timeout-Handler(transport connection);
-Build-And-Send-Nop-Out(transport connection);
-Handle-Status-SNACK-request(transport connection, status SNACK
-PDU);
-Retransmit-Status-Burst(status SNACK, task control block);
-Is-Acknowledged(beginning StatSN, run length);
-
-Implementation-specific tunables:
-InitiatorProactiveSNACKEnabled
-
- Notes:
-
- - The initiator algorithms only deal with unsolicited Nop-In PDUs
- for generating status SNACKs. A solicited Nop-In PDU has an
- assigned StatSN, which, when out of order, could trigger the
- out of order StatSN handling in Within-command algorithms,
- again leading to Recover-Status-if-Possible.
-
-
- - The pseudo-code shown may result in the retransmission of
- unacknowledged commands in more cases than necessary. This
- will not, however, affect the correctness of the operation
- because the target is required to discard the duplicate CmdSNs.
-
- - The procedure Build-And-Send-Async is defined in the Connection
- recovery algorithms.
-
- - The procedure Status-Expect-Timeout-Handler describes how
- initiators may proactively attempt to retrieve the Status if
- they so choose. This procedure is assumed to be triggered much
- before the standard ULP timeout.
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 240]
-
-RFC 3720 iSCSI April 2004
-
-
-E.3.2. Initiator Algorithms
-
-Recover-Status-if-Possible(Connection, CurrentPDU)
-{
- if ((Connection.state == LOGGED_IN) and
- connection is not already considered failed) {
- if (operational ErrorRecoveryLevel > 0) {
- if (# of missing PDUs is trackable) {
- Note the missing StatSNs in Connection
- that were not already requested with SNACK;
- Build-And-Send-SSnack(Connection);
- } else {
- Connection.PerformConnectionCleanup = TRUE;
- }
- } else {
- Connection.PerformConnectionCleanup = TRUE;
- }
- if (Connection.PerformConnectionCleanup == TRUE) {
- Start-Timer(Connection-Cleanup-Handler, Connection, 0);
- }
- }
-}
-
-Retransmit-Command-if-Possible(Connection, CmdSN)
-{
-
- if (operational ErrorRecoveryLevel > 0) {
- Retrieve the InitiatorTaskTag, and thus TCB for the CmdSN.
- Build-And-Send-Command(Connection, TCB);
- }
-}
-
-Evaluate-a-StatSN(Connection, CurrentPDU)
-{
- send-status-SNACK = FALSE;
- if (Connection.SoFarInOrder == TRUE) {
- if (current StatSN is the expected) {
- Increment Connection.ExpectedStatSN.
- } else {
- Connection.SoFarInOrder = FALSE;
- send-status-SNACK = TRUE;
- }
- } else {
- if (current StatSN was considered missing) {
- remove current StatSN from the missing list.
- } else {
- if (current StatSN is higher than expected){
- send-status-SNACK = TRUE;
-
-
-
-Satran, et al. Standards Track [Page 241]
-
-RFC 3720 iSCSI April 2004
-
-
- } else {
- send-status-SNACK = FALSE;
- discard the PDU;
- }
- }
- Adjust Connection.ExpectedStatSN if appropriate.
- if (missing StatSN list is empty) {
- Connection.SoFarInOrder = TRUE;
- }
- }
- return send-status-SNACK;
-}
-
-Receive-a-In-PDU(Connection, CurrentPDU)
-{
- check-basic-validity(CurrentPDU);
- if (Header-Digest-Bad) discard, return;
- Retrieve TCB for CurrentPDU.InitiatorTaskTag.
- if (CurrentPDU.type == Nop-In) {
- if (the PDU is unsolicited) {
- if (current StatSN is not expected) {
- Recover-Status-if-Possible(Connection,
- CurrentPDU);
- }
- if (current ExpCmdSN is not Session.CmdSN) {
- Retransmit-Command-if-Possible(Connection,
- CurrentPDU.ExpCmdSN);
- }
- }
- } else if (CurrentPDU.type == Reject) {
- if (it is a data digest error on immediate data) {
- Retransmit-Command-if-Possible(Connection,
- CurrentPDU.BadPDUHeader.CmdSN);
- }
- } else if (CurrentPDU.type == Response) {
- send-status-SNACK = Evaluate-a-StatSN(Connection,
- CurrentPDU);
- if (send-status-SNACK == TRUE)
- Recover-Status-if-Possible(Connection, CurrentPDU);
- } else { /* REST UNRELATED TO WITHIN-CONNECTION-RECOVERY,
- * NOT SHOWN */
- }
-}
-
-Command-Acknowledge-Timeout-Handler(TCB)
-{
- Retrieve the Connection for TCB.
- Retransmit-Command-if-Possible(Connection, TCB.CmdSN);
-
-
-
-Satran, et al. Standards Track [Page 242]
-
-RFC 3720 iSCSI April 2004
-
-
-}
-
-Status-Expect-Timeout-Handler(Connection)
-{
- if (operational ErrorRecoveryLevel > 0) {
- Build-And-Send-Nop-Out(Connection);
- } else if (InitiatorProactiveSNACKEnabled){
- if ((Connection.state == LOGGED_IN) and
- connection is not already considered failed) {
- Build-And-Send-SSnack(Connection);
- }
- }
-}
-
-E.3.3. Target Algorithms
-
-Handle-Status-SNACK-request(Connection, CurrentPDU)
-{
- if (operational ErrorRecoveryLevel > 0) {
- if (request for an acknowledged run) {
- Build-And-Send-Reject(Connection, CurrentPDU,
- Protocol-Error);
- } else if (request for an untransmitted run) {
- discard, return;
- } else {
- Retransmit-Status-Burst(CurrentPDU, TCB);
- } else {
- Build-And-Send-Async(Connection, DroppedConnection,
- DefaultTime2Wait,
- DefaultTime2Retain);
- }
-}
-
-E.4. Connection Recovery Algorithms
-
-E.4.1. Procedure Descriptions
-
-Build-And-Send-Async(transport connection, reason code,
- minimum time, maximum time);
-Pick-A-Logged-In-Connection(session);
-Build-And-Send-Logout(transport connection, logout connection
- identifier, reason code);
-PerformImplicitLogout(transport connection, logout connection
- identifier, target information);
-PerformLogin(transport connection, target information);
-CreateNewTransportConnection(target information);
-Build-And-Send-Command(transport connection, task control block);
-Connection-Cleanup-Handler(transport connection);
-
-
-
-Satran, et al. Standards Track [Page 243]
-
-RFC 3720 iSCSI April 2004
-
-
-Connection-Resource-Timeout-Handler(transport connection);
-Quiesce-And-Prepare-for-New-Allegiance(session, task control
-block);
-Build-And-Send-Logout-Response(transport connection,
- CID of connection in recovery, reason
-code);
-Build-And-Send-TaskMgmt-Response(transport connection,
- task mgmt command PDU, response code);
-Establish-New-Allegiance(task control block, transport
-connection);
-Schedule-Command-To-Continue(task control block);
-
-Notes:
- - Transport exception conditions, such as unexpected connection
- termination, connection reset, and hung connection while the
- connection is in the full-feature phase, are all assumed to be
- asynchronously signaled to the iSCSI layer using the
- Transport_Exception_Handler procedure.
-
-E.4.2. Initiator Algorithms
-
- Receive-a-In-PDU(Connection, CurrentPDU) {
- check-basic-validity(CurrentPDU);
- if (Header-Digest-Bad) discard, return;
-
- Retrieve TCB from CurrentPDU.InitiatorTaskTag.
- if (CurrentPDU.type == Async) {
- if (CurrentPDU.AsyncEvent == ConnectionDropped) {
- Retrieve the AffectedConnection for
- CurrentPDU.Parameter1.
- AffectedConnection.CurrentTimeout =
- CurrentPDU.Parameter3;
- AffectedConnection.State = CLEANUP_WAIT;
- Start-Timer(Connection-Cleanup-Handler,
- AffectedConnection,
- CurrentPDU.Parameter2);
- } else if (CurrentPDU.AsyncEvent == LogoutRequest)) {
- AffectedConnection = Connection;
- AffectedConnection.State = LOGOUT_REQUESTED;
- AffectedConnection.PerformConnectionCleanup = TRUE;
- AffectedConnection.CurrentTimeout =
- CurrentPDU.Parameter3;
- Start-Timer(Connection-Cleanup-Handler,
- AffectedConnection, 0);
- } else if (CurrentPDU.AsyncEvent == SessionDropped)) {
- for (each Connection) {
- Connection.State = CLEANUP_WAIT;
- Connection.CurrentTimeout = CurrentPDU.Parameter3;
-
-
-
-Satran, et al. Standards Track [Page 244]
-
-RFC 3720 iSCSI April 2004
-
-
- Start-Timer(Connection-Cleanup-Handler,
- Connection, CurrentPDU.Parameter2);
- }
- Session.state = FAILED;
- }
-
- } else if (CurrentPDU.type == LogoutResponse) {
- Retrieve the CleanupConnection for CurrentPDU.CID.
- if (CurrentPDU.Response = failure) {
- CleanupConnection.State = CLEANUP_WAIT;
- } else {
- CleanupConnection.State = FREE;
- }
- } else if (CurrentPDU.type == LoginResponse) {
- if (this is a response to an implicit Logout) {
- Retrieve the CleanupConnection.
- if (successful) {
- CleanupConnection.State = FREE;
- Connection.State = LOGGED_IN;
- } else {
- CleanupConnection.State = CLEANUP_WAIT;
- DestroyTransportConnection(Connection);
- }
- }
- } else { /* REST UNRELATED TO CONNECTION-RECOVERY,
-
- * NOT SHOWN */
- }
- if (CleanupConnection.State == FREE) {
- for (each command that was active on CleanupConnection) {
- /* Establish new connection allegiance */
- NewConnection = Pick-A-Logged-In-Connection(Session);
- Build-And-Send-Command(NewConnection, TCB);
- }
- } }
-
- Connection-Cleanup-Handler(Connection) {
- Retrieve Session from Connection.
- if (Connection can still exchange iSCSI PDUs) {
- NewConnection = Connection;
- } else {
- Start-Timer(Connection-Resource-Timeout-Handler,
- Connection, Connection.CurrentTimeout);
- if (there are other logged-in connections) {
- NewConnection = Pick-A-Logged-In-
- Connection(Session);
- } else {
- NewConnection =
-
-
-
-Satran, et al. Standards Track [Page 245]
-
-RFC 3720 iSCSI April 2004
-
-
- CreateTransportConnection(Session.OtherEndInfo);
- Initiate an implicit Logout on NewConnection for
- Connection.CID.
- return;
- }
- }
- Build-And-Send-Logout(NewConnection, Connection.CID,
- RecoveryRemove); }
-
- Transport_Exception_Handler(Connection) {
- Connection.PerformConnectionCleanup = TRUE;
- if (the event is an unexpected transport disconnect) {
- Connection.State = CLEANUP_WAIT;
-
- Connection.CurrentTimeout = DefaultTime2Retain;
- Start-Timer(Connection-Cleanup-Handler, Connection,
- DefaultTime2Wait);
-
- } else {
- Connection.State = FREE;
- } }
-
-E.4.3. Target Algorithms
-
- Receive-a-In-PDU(Connection, CurrentPDU)
- {
- check-basic-validity(CurrentPDU);
- if (Header-Digest-Bad) discard, return;
- else if (Data-Digest-Bad) {
- Build-And-Send-Reject(Connection, CurrentPDU,
- Payload-Digest-Error);
- discard, return;
- }
- Retrieve TCB and Session.
- if (CurrentPDU.type == Logout) {
- if (CurrentPDU.ReasonCode = RecoveryRemove) {
- Retrieve the CleanupConnection from CurrentPDU.CID).
- for (each command active on CleanupConnection) {
- Quiesce-And-Prepare-for-New-Allegiance(Session,
- TCB);
- TCB.CurrentlyAllegiant = FALSE;
- }
- Cleanup-Connection-State(CleanupConnection);
- if ((quiescing successful) and (cleanup successful)) {
- Build-And-Send-Logout-Response(Connection,
- CleanupConnection.CID, Success);
- } else {
- Build-And-Send-Logout-Response(Connection,
-
-
-
-Satran, et al. Standards Track [Page 246]
-
-RFC 3720 iSCSI April 2004
-
-
- CleanupConnection.CID, Failure);
- }
- }
- } else if ((CurrentPDU.type == Login) and
- operational ErrorRecoveryLevel == 2) {
- Retrieve the CleanupConnection from CurrentPDU.CID).
- for (each command active on CleanupConnection) {
- Quiesce-And-Prepare-for-New-Allegiance(Session, TCB);
- TCB.CurrentlyAllegiant = FALSE;
- }
- Cleanup-Connection-State(CleanupConnection);
- if ((quiescing successful) and (cleanup successful)) {
- Continue with the rest of the Login processing;
- } else {
- Build-And-Send-Login-Response(Connection,
- CleanupConnection.CID, Target Error);
- }
- }
-
- } else if (CurrentPDU.type == TaskManagement) {
- if (CurrentPDU.function == "TaskReassign") {
- if (Session.ErrorRecoveryLevel < 2) {
- Build-And-Send-TaskMgmt-Response(Connection,
- CurrentPDU, "Allegiance reassignment
- not supported");
- } else if (task is not found) {
- Build-And-Send-TaskMgmt-Response(Connection,
- CurrentPDU, "Task not in task set");
- } else if (task is currently allegiant) {
- Build-And-Send-TaskMgmt-Response(Connection,
- CurrentPDU, "Task still allegiant");
- } else {
- Establish-New-Allegiance(TCB, Connection);
- TCB.CurrentlyAllegiant = TRUE;
- Schedule-Command-To-Continue(TCB);
- }
- }
- } else { /* REST UNRELATED TO CONNECTION-RECOVERY,
- * NOT SHOWN */
- }
- }
-
- Transport_Exception_Handler(Connection)
- {
- Connection.PerformConnectionCleanup = TRUE;
- if (the event is an unexpected transport disconnect) {
- Connection.State = CLEANUP_WAIT;
- Start-Timer(Connection-Resource-Timeout-Handler,
-
-
-
-Satran, et al. Standards Track [Page 247]
-
-RFC 3720 iSCSI April 2004
-
-
- Connection,
-
- (DefaultTime2Wait+DefaultTime2Retain));
- if (this Session has full-feature phase connections
- left)
- {
- DifferentConnection =
- Pick-A-Logged-In-Connection(Session);
- Build-And-Send-Async(DifferentConnection,
- DroppedConnection, DefaultTime2Wait,
- DefaultTime2Retain);
- }
- } else {
- Connection.State = FREE;
- }
- }
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 248]
-
-RFC 3720 iSCSI April 2004
-
-
-Appendix F. Clearing Effects of Various Events on Targets
-
-F.1. Clearing Effects on iSCSI Objects
-
- The following tables describe the target behavior on receiving the
- events specified in the rows of the table. The second table is an
- extension of the first table and defines clearing actions for more
- objects on the same events. The legend is:
-
- Y = Yes (cleared/discarded/reset on the event specified in the
- row). Unless otherwise noted, the clearing action is only
- applicable for the issuing initiator port.
- N = No (not affected on the event specified in the row, i.e.,
- stays at previous value).
- NA = Not Applicable or Not Defined.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 249]
-
-RFC 3720 iSCSI April 2004
-
-
- +-----+-----+-----+-----+-----+
- |IT(1)|IC(2)|CT(5)|ST(6)|PP(7)|
- +---------------------+-----+-----+-----+-----+-----+
- |connection failure(8)|Y |Y |N |N |Y |
- +---------------------+-----+-----+-----+-----+-----+
- |connection state |NA |NA |Y |N |NA |
- |timeout (9) | | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |session timeout/ |Y |Y |Y |Y |Y(14)|
- |closure/reinstatement| | | | | |
- |(10) | | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |session continuation |NA |NA |N(11)|N |NA |
- |(12) | | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |successful connection|Y |Y |Y |N |Y(13)|
- |close logout | | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |session failure (18) |Y |Y |N |N |Y |
- +---------------------+-----+-----+-----+-----+-----+
- |successful recovery |Y |Y |N |N |Y(13)|
- |Logout | | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |failed Logout |Y |Y |N |N |Y |
- +---------------------+-----+-----+-----+-----+-----+
- |connection Login |NA |NA |NA |Y(15)|NA |
- |(leading) | | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |connection Login |NA |NA |N(11)|N |Y |
- |(non-leading) | | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |target cold reset(16)|Y |Y |Y |Y |Y |
- +---------------------+-----+-----+-----+-----+-----+
- |target warm reset(16)|Y |Y |Y |Y |Y |
- +---------------------+-----+-----+-----+-----+-----+
- |LU reset(19) |Y |Y |Y |Y |Y |
- +---------------------+-----+-----+-----+-----+-----+
- |powercycle(16) |Y |Y |Y |Y |Y |
- +---------------------+-----+-----+-----+-----+-----+
-
- 1. Incomplete TTTs - Target Transfer Tags on which the target is
- still expecting PDUs to be received. Examples include TTTs received
- via R2T, NOP-IN, etc.
-
- 2. Immediate Commands - immediate commands, but waiting for
- execution on a target. For example, Abort Task Set.
-
-
-
-
-
-Satran, et al. Standards Track [Page 250]
-
-RFC 3720 iSCSI April 2004
-
-
- 5. Connection Tasks - tasks that are active on the iSCSI connection
- in question.
-
- 6. Session Tasks - tasks that are active on the entire iSCSI
- session. A union of "connection tasks" on all participating
- connections.
-
- 7. Partial PDUs (if any) - PDUs that are partially sent and waiting
- for transport window credit to complete the transmission.
-
- 8. Connection failure is a connection exception condition - one of
- the transport connections shutdown, transport connections reset, or
- transport connections timed out, which abruptly terminated the iSCSI
- full-feature phase connection. A connection failure always takes the
- connection state machine to the CLEANUP_WAIT state.
-
- 9. Connection state timeout happens if a connection spends more time
- that agreed upon during Login negotiation in the CLEANUP_WAIT state,
- and this takes the connection to the FREE state (M1 transition in
- connection cleanup state diagram).
-
- 10. These are defined in Section 5.3.5 Session Reinstatement,
- Closure, and Timeout.
-
- 11. This clearing effect is "Y" only if it is a connection
- reinstatement and the operational ErrorRecoveryLevel is less than 2.
-
- 12. Session continuation is defined in Section 5.3.6 Session
- Continuation and Failure.
-
- 13. This clearing effect is only valid if the connection is being
- logged out on a different connection and when the connection being
- logged out on the target may have some partial PDUs pending to be
- sent. In all other cases, the effect is "NA".
-
- 14. This clearing effect is only valid for a "close the session"
- logout in a multi-connection session. In all other cases, the effect
- is "NA".
-
- 15. Only applicable if this leading connection login is a session
- reinstatement. If this is not the case, it is "NA".
-
- 16. This operation affects all logged-in initiators.
-
- 18. Session failure is defined in Section 5.3.6 Session Continuation
- and Failure.
-
-
-
-
-
-Satran, et al. Standards Track [Page 251]
-
-RFC 3720 iSCSI April 2004
-
-
- 19. This operation affects all logged-in initiators and the clearing
- effects are only applicable to the LU being reset.
-
- +-----+-----+-----+-----+-----+
- |DC(1)|DD(2)|SS(3)|CS(4)|DS(5)|
- +---------------------+-----+-----+-----+-----+-----+
- |connection failure |N |Y |N |N |N |
- +---------------------+-----+-----+-----+-----+-----+
- |connection state |Y |NA |Y |N |NA |
- |timeout | | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |session timeout/ |Y |Y |Y(7) |Y |NA |
- |closure/reinstatement| | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |session continuation |N(11)|NA*12|NA |N |NA*13|
- +---------------------+-----+-----+-----+-----+-----+
- |successful connection|Y |Y |Y |N |NA |
- |close Logout | | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |session failure |N |Y |N |N |N |
- +---------------------+-----+-----+-----+-----+-----+
- |successful recovery |Y |Y |Y |N |N |
- |Logout | | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |failed Logout |N |Y(9) |N |N |N |
- +---------------------+-----+-----+-----+-----+-----+
- |connection Login |NA |NA |N(8) |N(8) |NA |
- |(leading | | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |connection Login |N(11)|NA*12|N(8) |N |NA*13|
- |(non-leading) | | | | | |
- +---------------------+-----+-----+-----+-----+-----+
- |target cold reset |Y |Y |Y |Y(10)|NA |
- +---------------------+-----+-----+-----+-----+-----+
- |target warm reset |Y |Y |N |N |NA |
- +---------------------+-----+-----+-----+-----+-----+
- |LU reset |N |Y |N |N |N |
- +---------------------+-----+-----+-----+-----+-----+
- |powercycle |Y |Y |Y |Y(10)|NA |
- +---------------------+-----+-----+-----+-----+-----+
-
- 1. Discontiguous Commands - commands allegiant to the connection in
- question and waiting to be reordered in the iSCSI layer. All "Y"s in
- this column assume that the task causing the event (if indeed the
- event is the result of a task) is issued as an immediate command,
- because the discontiguities can be ahead of the task.
-
-
-
-
-
-Satran, et al. Standards Track [Page 252]
-
-RFC 3720 iSCSI April 2004
-
-
- 2. Discontiguous Data - data PDUs received for the task in question
- and waiting to be reordered due to prior discontiguities in DataSN.
-
- 3. StatSN
-
- 4. CmdSN
-
- 5. DataSN
-
- 7. It clears the StatSN on all the connections.
-
- 8. This sequence number is instantiated on this event.
-
- 9. A logout failure drives the connection state machine to the
- CLEANUP_WAIT state, similar to the connection failure event. Hence,
- it has a similar effect on this and several other protocol aspects.
-
- 10. This is cleared by virtue of the fact that all sessions with all
- initiators are terminated.
-
- 11. This clearing effect is "Y" if it is a connection reinstatement.
-
- 12. This clearing effect is "Y" only if it is a connection
- reinstatement and the operational ErrorRecoveryLevel is 2.
-
- 13. This clearing effect is "N" only if it is a connection
- reinstatement and the operational ErrorRecoveryLevel is 2.
-
-F.2. Clearing Effects on SCSI Objects
-
- The only iSCSI protocol action that can effect clearing actions on
- SCSI objects is the "I_T nexus loss" notification (Section 4.3.5.1
- Loss of Nexus notification). [SPC3] describes the clearing effects
- of this notification on a variety of SCSI attributes. In addition,
- SCSI standards documents (such as [SAM2] and [SBC]) define additional
- clearing actions that may take place for several SCSI objects on SCSI
- events such as LU resets and power-on resets.
-
- Since iSCSI defines a target cold reset as a protocol-equivalent to a
- target power-cycle, the iSCSI target cold reset must also be
- considered as the power-on reset event in interpreting the actions
- defined in the SCSI standards.
-
- When the iSCSI session is reconstructed (between the same SCSI ports
- with the same nexus identifier) reestablishing the same I_T nexus,
- all SCSI objects that are defined to not clear on the "I_T nexus
- loss" notification event, such as persistent reservations, are
- automatically associated to this new session.
-
-
-
-Satran, et al. Standards Track [Page 253]
-
-RFC 3720 iSCSI April 2004
-
-
-Acknowledgements
-
- This protocol was developed by a design team that, in addition to the
- authors, included Daniel Smith, Ofer Biran, Jim Hafner and John
- Hufferd (IBM), Mark Bakke (Cisco), Randy Haagens (HP), Matt Wakeley
- (Agilent, now Sierra Logic), Luciano Dalle Ore (Quantum), and Paul
- Von Stamwitz (Adaptec, now TrueSAN Networks).
-
- Furthermore, a large group of people contributed to this work through
- their review, comments, and valuable insights. We are grateful to
- all of them. We especially thank those people who found the time and
- patience to take part in our weekly phone conferences and
- intermediate meetings in Almaden and Haifa, which helped shape this
- document: Prasenjit Sarkar, Meir Toledano, John Dowdy, Steve Legg,
- Alain Azagury (IBM), Dave Nagle (CMU), David Black (EMC), John Matze
- (Veritas - now Okapi Software), Steve DeGroote, Mark Schrandt
- (Cisco), Gabi Hecht (Gadzoox), Robert Snively and Brian Forbes
- (Brocade), Nelson Nachum (StorAge), and Uri Elzur (Broadcom). Many
- others helped edit and improve this document within the IPS working
- group. We are especially grateful to David Robinson and Raghavendra
- Rao (Sun), Charles Monia, Joshua Tseng (Nishan), Somesh Gupta
- (Silverback), Michael Krause, Pierre Labat, Santosh Rao, Matthew
- Burbridge, Bob Barry, Robert Elliott, Nick Martin (HP), Stephen
- Bailey (Sandburst), Steve Senum, Ayman Ghanem, Dave Peterson (Cisco),
- Barry Reinhold (Trebia Networks), Bob Russell (UNH), Eddy Quicksall
- (iVivity, Inc.), Bill Lynn and Michael Fischer (Adaptec), Vince
- Cavanna, Pat Thaler (Agilent), Jonathan Stone (Stanford), Luben
- Tuikov (Splentec), Paul Koning (EqualLogic), Michael Krueger
- (Windriver), Martins Krikis (Intel), Doug Otis (Sanlight), John
- Marberg (IBM), Robert Griswold and Bill Moody (Crossroads), Bill
- Studenmund (Wasabi Systems), Elizabeth Rodriguez (Brocade) and Yaron
- Klein (Sanrad). The recovery chapter was enhanced with the help of
- Stephen Bailey (Sandburst), Somesh Gupta (Silverback), and Venkat
- Rangan (Rhapsody Networks). Eddy Quicksall contributed some examples
- and began the Definitions section. Michael Fischer and Bob Barry
- started the Acronyms section. Last, but not least, we thank Ralph
- Weber for keeping us in line with T10 (SCSI) standardization.
-
- We would like to thank Steve Hetzler for his unwavering support and
- for coming up with such a good name for the protocol, and Micky
- Rodeh, Jai Menon, Clod Barrera, and Andy Bechtolsheim for helping
- make this work happen.
-
- In addition to this document, we recommend you acquaint yourself with
- the following in order to get a full understanding of the iSCSI
- specification: "iSCSI Naming & Discovery"[RFC3721], "Bootstrapping
- Clients using the iSCSI Protocol" [BOOT], "Securing Block Storage
- Protocols over IP" [RFC3723] documents, "iSCSI Requirements and
-
-
-
-Satran, et al. Standards Track [Page 254]
-
-RFC 3720 iSCSI April 2004
-
-
- Design Considerations" [RFC3347] and "SCSI Command Ordering
- Considerations with iSCSI" [CORD].
-
- The "iSCSI Naming & Discovery" document is authored by:
-
- Mark Bakke (Cisco), Jim Hafner, John Hufferd, Kaladhar Voruganti
- (IBM), and Marjorie Krueger (HP).
-
- The "Bootstrapping Clients using the iSCSI Protocol" document is
- authored by:
-
- Prasenjit Sarkar (IBM), Duncan Missimer (HP), and Costa
- Sapuntzakis (Cisco).
-
- The "Securing Block Storage Protocols over IP" document is authored
- by:
-
- Bernard Aboba (Microsoft), Joshua Tseng (Nishan), Jesse Walker
- (Intel), Venkat Rangan (Rhapsody Networks), and Franco
- Travostino (Nortel Networks).
-
- The "iSCSI Requirements and Design Considerations" document is
- authored by:
-
- Marjorie Krueger, Randy Haagens (HP), Costa Sapuntzakis, and Mark
- Bakke (Cisco).
-
- The "SCSI Command Ordering Considerations with iSCSI" document is
- authored by:
-
- Mallikarjun Chadalapaka, Rob Elliot (HP)
-
- We are grateful to all of them for their good work and for helping us
- correlate this document with the ones they produced.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 255]
-
-RFC 3720 iSCSI April 2004
-
-
-Authors' Addresses
-
- Julian Satran
- IBM Research Laboratory in Haifa
- Haifa University Campus - Mount Carmel
- Haifa 31905, Israel
-
- Phone +972.4.829.6264
- EMail: Julian_Satran@il.ibm.com
-
-
- Kalman Meth
- IBM Research Laboratory in Haifa
- Haifa University Campus - Mount Carmel
- Haifa 31905, Israel
-
- Phone +972.4.829.6341
- EMail: meth@il.ibm.com
-
-
- Costa Sapuntzakis
- Stanford University
- 353 Serra Mall Dr #407
- Stanford, CA 94305
-
- Phone: +1.650.723.2458
- EMail: csapuntz@alum.mit.edu
-
-
- Efri Zeidner
- XIV Ltd.
- 1 Azrieli Center,
- Tel-Aviv 67021, Israel
-
- Phone: +972.3.607.4722
- EMail: efri@xiv.co.il
-
-
- Mallikarjun Chadalapaka
- Hewlett-Packard Company
- 8000 Foothills Blvd.
- Roseville, CA 95747-5668, USA
-
- Phone: +1.916.785.5621
- EMail: cbm@rose.hp.com
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 256]
-
-RFC 3720 iSCSI April 2004
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (2004). This document is subject
- to the rights, licenses and restrictions contained in BCP 78, and
- except as set forth therein, the authors retain all their rights.
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Intellectual Property
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at ietf-
- ipr@ietf.org.
-
-Acknowledgement
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-
-
-
-Satran, et al. Standards Track [Page 257]
-
diff --git a/utils/open-isns/doc/rfc3722.txt b/utils/open-isns/doc/rfc3722.txt
deleted file mode 100644
index 0eb44ff..0000000
--- a/utils/open-isns/doc/rfc3722.txt
+++ /dev/null
@@ -1,451 +0,0 @@
-
-
-
-
-
-
-Network Working Group M. Bakke
-Request for Comments: 3722 Cisco
-Category: Standards Track April 2004
-
-
- String Profile for Internet Small Computer
- Systems Interface (iSCSI) Names
-
-Status of this Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2004). All Rights Reserved.
-
-Abstract
-
- This document describes how to prepare internationalized iSCSI names
- to increase the likelihood that name input and comparison work in
- ways that make sense for typical users throughout the world.
-
- The Internet Small Computer Systems Interface (iSCSI) protocol
- provides a way for hosts to access SCSI devices over an IP network.
- The iSCSI end-points, called initiators and targets, each have a
- globally-unique name that must be transcribable, as well as easily
- compared.
-
-1. Introduction
-
- The iSCSI protocol [RFC3720] provides a way for hosts to access SCSI
- [SAM2] devices over an IP network. The iSCSI end-points, called
- initiators and targets, each have a globally-unique name, defined in
- [RFC3721].
-
- An iSCSI name is a string of UTF-8 [RFC3629] characters that includes
- a type designator, a naming authority based on domain names, and a
- unique part within the naming authority. The unique part may be
- generated based on anything the naming authority deems useful, and
- may include user input.
-
- These names may need to be transcribed (sent between two
- administrators via email, voice, paper, etc), so a case-insensitive
- comparison would be desirable. However, these names must often be
-
-
-
-Bakke Standards Track [Page 1]
-
-RFC 3722 String Profile for iSCSI Names April 2004
-
-
- compared by initiator and target implementations, most of which are
- done in simple, embedded software. This makes case-sensitive
- comparison highly desirable for these implementors.
-
- However, a completely case-sensitive implementation would result in
- identifiers such as "example-name" and "Example-Name" being
- different, which could lead to confusion as these names are
- transcribed.
-
- The goal, then, is to generate iSCSI names that can be transcribed
- and entered by users, and also compared byte-for-byte, with minimal
- confusion. To attain these goals, iSCSI names are generalized using
- a normalized character set (converted to lower case or equivalent),
- with no white space allowed, and very limited punctuation.
-
- For those using only ASCII characters (U+0000 to U+007F), the
- following characters are allowed:
-
- - ASCII dash character ('-' = U+002d)
- - ASCII dot character ('.' = U+002e)
- - ASCII colon character (':' = U+003a)
- - ASCII lower-case characters ('a'..'z' = U+0061..U+007a)
- - ASCII digit characters ('0'..'9' = U+0030..U+0039)
-
- In addition, any upper-case characters input via a user interface
- MUST be mapped to their lower-case equivalents.
-
- This document specifies the valid character set for iSCSI names,
- along with the rules for normalizing and generating iSCSI names based
- on user input or other information that contains international
- characters.
-
- In particular, it defines the following, as required by [RFC3454]:
-
- - The intended applicability of the profile: internationalized iSCSI
- names.
-
- - The character repertoire that is the input and output to
- stringprep: Unicode 3.2, specified in section 3.
-
- - The mappings used: specified in section 4.
-
- - The Unicode normalization used: specified in section 5.
-
- - The characters that are prohibited as output: specified in section
- 6.
-
- This profile MUST be used with the iSCSI protocol.
-
-
-
-Bakke Standards Track [Page 2]
-
-RFC 3722 String Profile for iSCSI Names April 2004
-
-
-2. Terminology
-
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in [RFC2119].
-
- Examples in this document use the notation for code points and names
- from the Unicode Standard [Unicode3.2] and ISO/IEC 10646 [ISO10646].
- For example, the letter "a" may be represented as either "U+0061" or
- "LATIN SMALL LETTER A". In the lists of prohibited characters, the
- "U+" is left off to make the lists easier to read. The comments for
- character ranges are shown in square brackets (such as "[SYMBOLS]")
- and do not come from the standards.
-
-3. Character Repertoire
-
- This profile uses Unicode 3.2, as defined in [RFC3454] Appendix A.
-
-4. Mapping
-
- This profile specifies mapping using the following tables from
- [RFC3454]. The following mapping tables MUST be used when generating
- iSCSI names from Unicode characters.
-
- Table B.1
- Table B.2
-
-5. Normalization
-
- Unicode normalization form KC MUST be used with this profile, as
- described in [RFC3454].
-
-6. Prohibited Output
-
- This profile specifies prohibiting using the following tables from
- [RFC3454]. Characters appearing within these tables MUST NOT be used
- within an iSCSI name.
-
- Table C.1.1
- Table C.1.2
- Table C.2.1
- Table C.2.2
- Table C.3
- Table C.4
- Table C.5
- Table C.6
-
-
-
-
-
-Bakke Standards Track [Page 3]
-
-RFC 3722 String Profile for iSCSI Names April 2004
-
-
- Table C.7
- Table C.8
- Table C.9
-
- Important note: this profile MUST be used with the iSCSI protocol.
- The iSCSI protocol has additional naming rules that are checked
- outside of this profile.
-
- In addition, this profile adds the following prohibitions. The full
- set of prohibited characters are those from the tables above plus
- those listed individually below.
-
-6.1. Inappropriate Characters from Common Input Mechanisms
-
- u+3002 is used as if it were u+002e in many domain name input
- mechanisms used by applications, particularly in Asia. The character
- u+3002 MUST NOT be used in an iSCSI name.
-
- 3002; ideographic full stop
-
-6.2. Currently-prohibited ASCII characters
-
- Some of the ASCII characters that are currently prohibited in iSCSI
- names by [RFC3721] are also used in protocol elements such as URIs.
- Some examples are described in [RFC2396] and [RFC2732]. Note that
- there are many other RFCs that define additional URI schemes.
-
- The other characters in the range U+0000 to U+007F that are not
- currently allowed are prohibited in iSCSI names to reserve them for
- future use in protocol elements. Note that the dash (U+002D), dot
- (U+002E), and colon (U+003A) are not prohibited.
-
- The following characters MUST NOT be used in iSCSI names:
-
- 0000-002C; [ASCII CONTROL CHARACTERS and SPACE through ,]
- 002F; [ASCII /]
- 003B-0040; [ASCII ; through @]
- 005B-0060; [ASCII [ through `]
- 007B-007F; [ASCII { through DEL]
-
-7. Bidirectional Characters
-
- This profile specifies checking bidirectional strings as described in
- [RFC3454] section 6.
-
-
-
-
-
-
-
-Bakke Standards Track [Page 4]
-
-RFC 3722 String Profile for iSCSI Names April 2004
-
-
-8. Unassigned Code Points in Internationalized Domain Names
-
- If the processing in [RFC3720] specifies that a list of unassigned
- code points be used, the system uses table A.1 from [RFC3454] as its
- list of unassigned code points.
-
-9. Security Considerations
-
- ISO/IEC 10646 has many characters that look similar. In many cases,
- users of security protocols might do visual matching, such as when
- comparing the names of trusted third parties. This profile does
- nothing to map similar-looking characters together.
-
- iSCSI names may be used by an initiator to verify that a target it
- has discovered is the correct one, and by a target to verify that an
- initiator is to be allowed access. If these names are interpreted
- and compared differently by different iSCSI implementations, an
- initiator could gain access to the wrong target, or could be denied
- access to a legitimate target.
-
-10. IANA Considerations
-
- This is a profile of stringprep. It has been registered in the IANA
- "Stringprep Profiles" registry. This process is described in the
- IANA Considerations section of [RFC3454].
-
-11. Summary
-
- This document describes a stringprep profile to be used with programs
- generating names for iSCSI initiators and targets.
-
-12. Acknowledgements
-
- This document was produced as a result of discussions on iSCSI name
- formats with Joe Czap, Jim Hafner, Howard Hall, Jack Harwood, John
- Hufferd, Marjorie Krueger, Lawrence Lamers, Todd Sperry, Joshua
- Tseng, and Kaladhar Voruganti, as well as discussions on the
- normalization of names into identifiers with Paul Hoffman and Marc
- Blanchet.
-
- Thanks also to Bob Snively for suggesting the use of the nameprep
- process for iSCSI name normalization.
-
- Most of this document was copied from the stringprep profile for
- Internationalized Domain Names [RFC3491], written by Paul Hoffman and
- Marc Blanchet.
-
-
-
-
-
-Bakke Standards Track [Page 5]
-
-RFC 3722 String Profile for iSCSI Names April 2004
-
-
-13. References
-
-13.1. Normative References
-
- [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
- [RFC3454] Hoffman, P. and M. Blanchet, "Preparation of
- Internationalized Strings ("stringprep")", RFC 3454,
- December 2002.
-
- [RFC3720] Satran, J., Meth, K., Sapuntzakis, C. Chadalapaka, M.
- and E. Zeidner, "Internet Small Computer Systems
- Interface (iSCSI)", RFC 3720, April 2004.
-
-13.2. Informative References
-
- [RFC2396] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform
- Resource Identifiers", RFC 2396, August 1998.
-
- [RFC2732] Hinden, R., Carpenter, B. and L. Masinter, "Format for
- Literal IPv6 Addresses in URL's", RFC 2732, December
- 1999.
-
- [RFC3491] Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
- Profile for Internationalized Domain Names", RFC 3491,
- March 2003.
- [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
- 10646", STD 63, RFC 3629, November 2003.
-
- [RFC3721] Bakke, M., Hafner, J., Hufferd, J., Voruganti, K. and M.
- Krueger, "Internet Small Computer Systems Interface
- (iSCSI) Naming and Discovery", RFC 3721, April 2004.
-
- [SAM2] ANSI T10. "SCSI Architectural Model 2", March 2000.
-
- [Unicode3.2] The Unicode Standard, Version 3.2.0: The Unicode
- Consortium. The Unicode Standard, Version 3.2.0 is
- defined by The Unicode Standard, Version 3.0 (Reading,
- MA, Addison-Wesley, 2000. ISBN 0-201-61633-5), as
- amended by the Unicode Standard Annex #27: Unicode 3.1
- (http://www.unicode.org/unicode/reports/tr27/) and by
- the Unicode Standard Annex #28: Unicode 3.2
- (http://www.unicode.org/unicode/reports/tr28/).
-
-
-
-
-
-
-
-Bakke Standards Track [Page 6]
-
-RFC 3722 String Profile for iSCSI Names April 2004
-
-
- [ISO10646] ISO/IEC 10646-1:2000. International Standard --
- Information technology -- Universal Multiple-Octet Coded
- Character Set (UCS) -- Part 1: Architecture and Basic
- Multilingual Plane.
-
-14. Author's Address
-
- Mark Bakke
- Cisco Systems, Inc.
- 6450 Wedgwood Road
- Maple Grove, MN
- USA 55311
-
- Voice: +1 763-398-1000
- EMail: mbakke@cisco.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Bakke Standards Track [Page 7]
-
-RFC 3722 String Profile for iSCSI Names April 2004
-
-
-15. Full Copyright Statement
-
- Copyright (C) The Internet Society (2004). This document is subject
- to the rights, licenses and restrictions contained in BCP 78, and
- except as set forth therein, the authors retain all their rights.
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Intellectual Property
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at ietf-
- ipr@ietf.org.
-
-Acknowledgement
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-
-
-
-Bakke Standards Track [Page 8]
-
diff --git a/utils/open-isns/doc/rfc4018.txt b/utils/open-isns/doc/rfc4018.txt
deleted file mode 100644
index 15df58d..0000000
--- a/utils/open-isns/doc/rfc4018.txt
+++ /dev/null
@@ -1,1291 +0,0 @@
-
-
-
-
-
-
-Network Working Group M. Bakke
-Request for Comments: 4018 Cisco
-Category: Standards Track J. Hufferd
- K. Voruganti
- IBM
- M. Krueger
- HP
- T. Sperry
- Adaptec
- April 2005
-
-
- Finding Internet Small Computer Systems Interface (iSCSI) Targets
- and Name Servers by Using Service Location Protocol version 2 (SLPv2)
-
-Status of This Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2005).
-
-Abstract
-
- The iSCSI protocol provides a way for hosts to access SCSI devices
- over an IP network. This document defines the use of the Service
- Location Protocol (SLP) by iSCSI hosts, devices, and management
- services, along with the SLP service type templates that describe the
- services they provide.
-
-Table of Contents
-
- 1. Introduction................................................ 2
- 2. Notation Conventions........................................ 2
- 3. Terminology................................................. 3
- 4. Using SLP for iSCSI Service Discovery....................... 4
- 5. iSCSI SLP Templates......................................... 11
- 6. Security Considerations..................................... 18
- 7. IANA Considerations......................................... 19
- 8. Summary..................................................... 19
- 9. Normative References........................................ 19
- 10. Informative References...................................... 20
- 11. Acknowledgements............................................ 21
-
-
-
-Bakke & Hufferd Standards Track [Page 1]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
-1. Introduction
-
- iSCSI [RFC3720] is a protocol used to transport SCSI [SAM2] commands,
- data, and status across an IP network. This protocol is connection-
- oriented and is currently defined over TCP. iSCSI uses a client-
- server relationship. The client end of the connection is an
- initiator, and it sends SCSI commands; the server end of the
- connection is called a target, and it receives and executes the
- commands.
-
- There are several methods an iSCSI initiator can use to find the
- targets to which it should connect. Two of these methods can be
- accomplished without the use of SLP:
-
- - Each target and its address can be statically configured on the
- initiator.
-
- - Each address providing targets can be configured on the initiator;
- iSCSI provides a mechanism by which the initiator can query the
- address for a list of targets.
-
- The above methods are further defined in "iSCSI Naming and Discovery
- Requirements" [RFC3721].
-
- Each of the above methods requires a small amount of configuration to
- be done on each initiator. The ability to discover targets and name
- services without having to configure initiators is a desirable
- feature. The Service Location Protocol (SLP) [RFC2608] is an IETF
- standards track protocol providing several features that will
- simplify locating iSCSI services. This document describes how SLP
- can be used in iSCSI environments to discover targets, addresses
- providing targets, and storage management servers.
-
-2. Notation Conventions
-
- In this document, the key words "MUST", "MUST NOT", "REQUIRED",
- "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
- and "OPTIONAL" are to be interpreted as described in [RFC2119].
-
-
-
-
-
-
-
-
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 2]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
-3. Terminology
-
- Here are some definitions that may aid readers who are unfamiliar
- with SLP, SCSI, or iSCSI. Some of these definitions have been
- reproduced from [RFC2608] and "Finding an RSIP Server with SLP"
- [RFC3105].
-
- User Agent (UA) A process working on the client's behalf
- to establish contact with some service.
- The UA retrieves service information from
- the Service Agents or Directory Agents.
-
- Service Agent (SA) A process working on behalf of one or more
- services to advertise the services and
- their capabilities.
-
- Directory Agent (DA) A process that collects service
- advertisements. There can only be one DA
- present per given host.
-
- Scope A named set of services, typically making
- up a logical administrative group.
-
- Service Advertisement A URL, attributes, and a lifetime
- (indicating how long the advertisement is
- valid) providing service access
- information and capabilities description
- for a particular service.
-
- Initiator A logical entity, typically within a host,
- that sends SCSI commands to targets to be
- executed. An initiator is usually present
- in the form of a device driver.
-
- Target A logical entity, typically within a
- storage controller or gateway that
- receives SCSI commands from an initiator
- and executes them. A target includes one
- or more Logical Units (LUs); each LU is a
- SCSI device, such as a disk or tape drive.
-
- iSCSI Name A UTF-8 character string that serves as a
- unique identifier for iSCSI initiators and
- targets. Its format and usage is further
- defined in [RFC3721].
-
- iSCSI Client A logical entity, typically a host that
- includes at least one iSCSI Initiator.
-
-
-
-Bakke & Hufferd Standards Track [Page 3]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- iSCSI Server A logical entity, typically a storage
- controller or gateway that includes at
- least one iSCSI Target.
-
- Storage Management Server An addressable entity that provides
- management services that benefit an iSCSI
- environment. "Storage management server"
- is used as a generic term and does not
- indicate a specific protocol or service.
-
-4. Using SLP for iSCSI Service Discovery
-
- Two entities are involved in iSCSI discovery. The end result is that
- an iSCSI initiator (e.g., a host) discovers iSCSI targets, usually
- provided by storage controllers or gateways.
-
- iSCSI targets are registered with SLP as a set of service URLs, one
- for each address on which the target may be accessed. Initiators
- discover these targets by using SLP service requests. Targets that
- do not directly support SLP or that are under the control of a
- management service may be registered by a proxy service agent as part
- of the software providing this service.
-
- iSCSI entities may also use SLP to discover higher-level management
- services when these are needed.
-
- This section first describes the use of SLP for discovery of targets
- by iSCSI initiators, it then describes the use of SLP to discover
- storage management servers.
-
- This document assumes that SLPv2 will be used for discovering iSCSI-
- related services; no attempt is made to include support for SLPv1.
-
-4.1. Discovering iSCSI Targets with SLP
-
- The following diagram shows the relationship among iSCSI clients,
- servers, initiators, and targets. An iSCSI client includes at least
- one iSCSI initiator, and an SLP user agent (UA). An iSCSI server
- includes at least one iSCSI target an SLP service agent (SA). Some
- entities, such as extended copy engines, include both initiators and
- targets. These include both an SA, for its targets to be discovered,
- and a UA, for its initiator(s) to discover other targets.
-
-
-
-
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 4]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- +---------------------------------+
- | iSCSI Client |
- | +-----------+ |
- | | iSCSI | |
- | | initiator | |
- | | "myhost" | |
- | +-----------+ |
- | |
- +--------------------------+------+
- | iSCSI Driver | UA |
- +--------------------------+------+
- | TCP/UDP/IP |
- +----------------+----------------+
- | Interface 1 | Interface 2 |
- +----------------+----------------+
- | |
- +------------+ | | +------------+
- | SLP DA | | | | SLP DA |
- | (optional) |----+ IP Networks +----| (optional) |
- +------------+ | | +------------+
- | |
- +-----------------+-----------------|
- | Interface 1 | Interface 2 |
- | 192.0.2.131 | 192.0.2.3 |
- +-----------------+-----------------+
- | TCP/UDP/IP |
- +---------------------------+-------+
- | iSCSI Driver | SA |
- +---------------------------+-------|
- | |
- | +--------+ +--------+ +---------+ |
- | | iSCSI | | iSCSI | | iSCSI | |
- | | target | | target | | target | |
- | | "one" | | "two" | | "three" | |
- | +--------+ +--------+ +---------+ |
- | iSCSI Server |
- +-----------------------------------+
-
- In the above drawing, the iSCSI server has three iSCSI targets that
- the client could discover, named "one", "two" and "three". The iSCSI
- client has an iSCSI initiator with the name "myhost". The iSCSI
- client may use the initiator name in its SLP Service Requests as a
- filter to discover only targets that are configured to accept iSCSI
- connections from "myhost".
-
- Each iSCSI target and initiator has a unique name, called an iSCSI
- Name. This identifier is the same regardless of the network path
- (through adapter cards, networks, and interfaces on the storage
-
-
-
-Bakke & Hufferd Standards Track [Page 5]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- device) over which the target is discovered and accessed. For this
- example, the iSCSI names "one", "two", and "three" are used for the
- targets; the initiator uses the name "myhost". An actual iSCSI name
- would incorporate more structure, including a naming authority, and
- is not described here.
-
- Each of the iSCSI targets in the drawing can appear at two addresses,
- since two network interfaces are present. Each target would have two
- service URLs, unless a single service URL included a DNS host name
- mapping to both addresses.
-
- An iSCSI target URL consists of its fully qualified host name or IP
- address, the TCP port on which it is listening, and its iSCSI name.
- An iSCSI server must register each of its individual targets at each
- of its network addresses.
-
- The iSCSI server constructs a service advertisement of the type
- "service:iscsi:target" for each of the service URLs it wishes to
- register. The advertisement contains a lifetime, along with other
- attributes that are defined in the service template.
-
- If the server in the above drawing is listening at TCP port 3260 for
- both network addresses, the service URLs registered would be
-
- - 192.0.2.131:3260/one
-
- - 192.0.2.131:3260/two
-
- - 192.0.2.131:3260/three
-
- - 192.0.2.3:3260/one
-
- - 192.0.2.3:3260/two
-
- - 192.0.2.3:3260/three
-
- The remainder of the discovery procedure is identical to that used by
- any client/server pair implementing SLP:
-
- 1. If an SLP DA is found, the SA contacts the DA and registers the
- service advertisement. Whether or not one or more SLPv2 DAs are
- discovered, the SA maintains the advertisement itself and answers
- multicast UA queries directly.
-
- 2. When the iSCSI initiator requires contact information for an
- iSCSI target, the UA either contacts the DA by using unicast or
- the SA by using multicast. If a UA is configured with the
- address of the SA, it may avoid multicast and may contact an SA
-
-
-
-Bakke & Hufferd Standards Track [Page 6]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- by using unicast. The UA includes a query based on the
- attributes to indicate the characteristics of the target(s) it
- requires.
-
- 3. Once the UA has the host name or address of the iSCSI server, as
- well as the port number and iSCSI Target Name, it can begin the
- normal iSCSI login to the target.
-
- As information contained in the iSCSI target template may exceed
- common network datagram sizes, the SLP implementation for both UAs
- and SAs supporting this template MUST implement SLP over TCP.
-
-4.1.1. Finding Targets Based on Initiator Credentials
-
- To be allowed access to an iSCSI target, an initiator must be
- authenticated. The initiator may be required by the target to
- produce one or more of the following credentials:
-
- - An iSCSI Initiator Name
-
- - An IP address
-
- - A CHAP, SRP, or Kerberos credential
-
- - Any combination of the above
-
- Most iSCSI targets allow access to only one or two initiators. In
- the ideal discovery scenario, an initiator would send an SLP request
- and receive responses ONLY for targets to which the initiator is
- guaranteed a successful login. To achieve this goal, the iSCSI
- target template contains the following attributes, each of which
- allows a list of values:
-
- 1. auth-name: This attribute contains the list of initiator names
- allowed to access this target, or the value "any", indicating
- that no specific initiator name is required.
-
- 2. auth-addr: This attribute contains the list of host names
- and/or IP addresses that will be allowed access to this target,
- or the value "any", indicating that no specific address or
- host name is required. If a large number of addresses is to
- be allowed (perhaps a subnet), this attribute may contain the
- value "any".
-
-
-
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 7]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- 3. auth-cred: This attribute contains a list of "method/identifier"
- credentials that will be allowed access to the target, provided
- they can produce the correct password or other verifier during
- the login process. If no specific credentials are required, the
- value "any" is used.
-
- The list of valid method strings for auth-cred are defined in
- [RFC3720], section 11.1, "AuthMethod". The identifier used after the
- "/" is defined by the specific AuthMethod, also in [RFC3720].
- Examples showing initiator searches based on auth-xxxx attributes are
- shown in the target-specific template section below.
-
- Also note that the auth-xxxx attributes are considered security
- policy information. If these attributes are distributed, IPsec MUST
- be implemented as specified in the Security Implementation section
- below.
-
-4.1.2. Supporting Access by Multiple Identities to the Same Target
-
- If a target is to allow access to multiple host identities, more than
- one combination of auth-xxxx attributes will have to be allowed. In
- some of these cases, it is not possible to express the entire set of
- valid combinations of auth-xxxx attributes within a single registered
- service URL. For example, if a target can be addressed by
-
- auth-name=myhost1 AND auth-cred=CHAP/user1 (identity1)
-
- OR
-
- auth-name-myhost2 AND auth-cred=CHAP/user2 (identity2)
-
- the above cannot be specified in a single registered service URL,
- since (auth-name=myhost1, auth-name=myhost2, auth-cred=CHAP/user1,
- auth-cred=CHAP/user2) would allow either auth-name to be used with
- either auth-cred. This necessitates the ability to register a target
- and address under more than one service URL; one for (identity1) and
- one for (identity2).
-
- Because service URLs must be unique, (identity1) and (identity2) must
- each be registered under a unique service URL. For systems that
- support the configuration of multiple identities to access a target,
- the service URL must contain an additional, opaque string defining
- the identity. This appears after the iSCSI name in the URL string
- and is separated by a "/". Each registered (target-address, target-
- name, initiator-identity) tuple can then register a set of auth-xxxx
- attributes.
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 8]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
-4.1.3. Using SLP in a Non-multicast Environment
-
- In some networks, the use of multicast for discovery purposes is
- either unavailable or not allowed. These include public or service-
- provider networks that are placed between an iSCSI client and a
- server. These are probably most common between two iSCSI gateways,
- one at a storage service provider site, and one at a customer site.
-
- In these networks, an initiator may allow the addresses of one or
- more SAs to be configured instead of or in addition to its DA
- configuration. The initiator would then make unicast SLP service
- requests directly to these SAs, without the use of multicast to
- discover them first.
-
- This functionality is well within the scope of the current SLP
- protocol. The main consequence for implementors is that an initiator
- configured to make direct unicast requests to an SA will have to add
- this to the SLP API, if it is following the service location API
- defined in [RFC2614].
-
-4.2. Discovering Storage Management Services with SLP
-
- Storage management servers can be built to manage and control access
- to targets in a variety of ways. They can provide extended services
- beyond discovery, which could include storage allocation and
- management. None of these services are defined here; the intent of
- this document is to allow these services to be discovered by both
- clients and servers, in addition to the target discovery already
- being performed.
-
- The following drawing shows an iSCSI client, an iSCSI server, and a
- storage management server. To simplify the drawing, the second IP
- network is not shown but is assumed to exist. The storage management
- server would use its own protocol (smsp) to provide capabilities to
- iSCSI clients and servers; these clients and servers can both use SLP
- to discover the storage management server.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 9]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- +---------------------------+
- | iSCSI Client |
- | |
- | +-----------+ |
- | | iSCSI | |
- | | initiator | |
- | +-----------+ |
- | |
- +---------------+------+----+ +------------+
- | iSCSI Driver | smsp | UA | | SLP DA |
- +---------------+------+----+ | |
- | TCP/UDP/IP | | (optional) |
- +---------------+------+----+ +------------+
- | |
- | IP Network |
- ------------------------------------------
- | |
- | |
- +---------------+-----------+ +---------------------+
- | TCP/UDP/IP | | TCP/UDP/IP |
- +---------------+------+----+ +---------------------+
- | iSCSI Driver | smsp | UA | | SA | smsp |
- +---------------+------+----+ +---------------------+
- | | | |
- | +--------+ +--------+ | | storage mgmt server |
- | | iSCSI | | iSCSI | | | |
- | | target | | target | | +---------------------+
- | | 1 | | 2 | |
- | +--------+ +--------+ |
- | |
- | iSCSI Server |
- +---------------------------+
-
- Note the difference between the storage management server model and
- the previously defined target discovery model. When target discovery
- was used, the iSCSI Server implemented an SA, to be discovered by the
- initiator's UA. In the storage management server model, the iSCSI
- clients and servers both implement UAs, and the management server
- implements the SA.
-
- A storage management server's URL contains the domain name or IP
- address and TCP or UDP port number. No other information is
- required.
-
- The storage management server constructs a service advertisement of
- the type "service:iscsi:sms" for each of the addresses at which it
- appears. The advertisement contains the URL and a lifetime, along
- with other attributes that are defined in the service template.
-
-
-
-Bakke & Hufferd Standards Track [Page 10]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- The remainder of the discovery procedure is identical to that used to
- discover iSCSI targets, except that both initiators and targets would
- normally be "clients" of the storage management service.
-
- Targets that support a storage management service implement a UA in
- addition to the SA. A target may alternatively just implement the UA
- and allow the storage management service to advertise its targets
- appropriately by providing an SA and registering the appropriate
- service:iscsi:target registrations on the target's behalf: The target
- device would not have to advertise its own targets. This has no
- impact on the initiator.
-
- This allows the initiators' discovery of targets to be completely
- interoperable regardless of which storage management service is used,
- or whether one is used at all, or whether the target registrations
- are provided directly by the target or by the management service.
-
-4.3. Internationalization Considerations
-
- SLP allows internationalized strings to be registered and retrieved.
- Attributes in the template that are not marked with an 'L' (literal)
- will be registered in a localized manner. An "en" (English)
- localization MUST be registered, and others MAY be registered.
-
- Attributes that include non-ASCII characters will be encoded by using
- UTF-8, as discussed in [RFC3722] and [RFC3491].
-
-5. iSCSI SLP Templates
-
- Three templates are provided: an iSCSI target template, a management
- service template, and an abstract template to encapsulate the two.
-
-5.1. The iSCSI Abstract Service Type Template
-
- This template defines the abstract service "service:iscsi". It is
- used as a top-level service to encapsulate all other iSCSI-related
- services.
-
- Name of submitter: Mark Bakke
- Language of service template: en
- Security Considerations: See section 6.
-
- Template Text:
- -------------------------template begins here-----------------------
- template-type=iscsi
- template-version=1.0
-
- template-description=
-
-
-
-Bakke & Hufferd Standards Track [Page 11]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- This is an abstract service type. The purpose of the iscsi
- service type is to encompass all of the services used to support
- the iSCSI protocol.
-
- template-url-syntax=
- url-path= ; Depends on the concrete service type.
-
- --------------------------template ends here------------------------
-
-5.2. The iSCSI Target Concrete Service Type Template
-
- This template defines the service "service:iscsi:target". An entity
- containing iSCSI targets that wishes them discovered via SLP would
- register each of them, with each of their addresses, as this service
- type.
-
- Initiators (and perhaps management services) wishing to discover
- targets in this way will generally use one of the following queries:
-
- 1. Find a specific target, given its iSCSI Target Name:
-
- Service: service:iscsi:target
- Scope: initiator-scope-list
- Query: (iscsi-name=iqn.2001-04.com.example:sn.456)
-
- 2. Find all of the iSCSI Target Names that may allow access to a
- given initiator:
-
- Service: service:iscsi:target
- Scope: initiator-scope-list
- Query: (auth-name=iqn.1998-03.com.example:hostid.045A7B)
-
- 3. Find all of the iSCSI Target Names that may allow access to
- any initiator:
-
- Service: service:iscsi:target
- Scope: initiator-scope-list
- Query: (auth-name=any)
-
- 4. Find all of the iSCSI Target Names that may allow access to
- this initiator, or that will allow access to any initiator:
-
- Service: service:iscsi:target
- Scope: initiator-scope-list
- Query: &(auth-name=iqn.1998-03.com.example:hostid.045A7B)
- (auth-name=any)
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 12]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- 5. Find all of the iSCSI Target Names that may allow access to
- a given CHAP user name:
-
- Service: service:iscsi:target
- Scope: initiator-scope-list
- Query: (auth-cred=chap/my-user-name)
-
- 6. Find all of the iSCSI Target Names that may allow access to a
- given initiator that supports two IP addresses, a CHAP credential
- and SRP credential, and an initiator name:
-
- Service: service:iscsi:target
- Scope: initiator-scope-list
- Query: &(|(auth-name=iqn.com.example:host47)(auth-name=any)
- |(auth-addr=192.0.2.3)(auth-addr=192.0.2.131)(auth-addr=any)
- |(auth-cred=chap/foo)(auth-cred=srp/my-user-name)
- (auth-cred=any))
-
- 7. Find the iSCSI Target Names from which the given initiator is
- allowed to boot:
-
- Service: service:iscsi:target
- Scope: initiator-scope-list
- Query: (boot-list=iqn.1998-03.com.example:hostid.045A7B)
-
- 8. In addition, a management service may wish to discover all
- targets:
-
- Service: service:iscsi:target
- Scope: management-server-scope-list
- Query: <empty-string>
-
- More details on booting from an iSCSI target are defined in [BOOT].
-
- Name of submitter: Mark Bakke
- Language of service template: en
- Security Considerations: see section 6.
-
- Template Text:
- -------------------------template begins here-----------------------
- template-type=iscsi:target
- template-version=1.0
-
- template-description=
-
- This is a concrete service type. The iscsi:target service type is
- used to register individual target addresses to be discovered
- by others. UAs will generally search for these by including one of
-
-
-
-Bakke & Hufferd Standards Track [Page 13]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- the following:
-
- - the iSCSI target name
- - iSCSI initiator identifiers (iSCSI name, credential, IP address)
- - the service URL
-
- template-url-syntax=
- url-path = hostport "/" iscsi-name [ "/" identity ]
- hostport = host [ ":" port ]
- host = hostname / hostnumber ; DNS name or IP address
- hostname = *( domainlabel "." ) toplabel
- alphanum = ALPHA / DIGIT
- domainlabel = alphanum / alphanum *[alphanum / "-"] alphanum
- toplabel = ALPHA / ALPHA *[ alphanum / "-" ] alphanum
- hostnumber = ipv4-number / ipv6-addr ; IPv4 or IPv6 address
- ipv4-number = 1*3DIGIT 3("." 1*3DIGIT)
- ipv6-addr = "[" ipv6-number "]"
- ipv6-number = 6( h16 ":" ) ls32
- / "::" 5( h16 ":" ) ls32
- / [ h16 ] "::" 4( h16 ":" ) ls32
- / [ *1( h16 ":" ) h16 ] "::" 3( h16 ":" ) ls32
- / [ *2( h16 ":" ) h16 ] "::" 2( h16 ":" ) ls32
- / [ *3( h16 ":" ) h16 ] "::" h16 ":" ls32
- / [ *4( h16 ":" ) h16 ] "::" ls32
- / [ *5( h16 ":" ) h16 ] "::" h16
- / [ *6( h16 ":" ) h16 ] "::"
- ls32 = ( h16 ":" h16 ) / ipv4-number
- ; least-significant 32 bits of ipv6 address
- h16 = 1*4HEXDIG
- port = 1*DIGIT
- iscsi-name = iscsi-char ; iSCSI target name
- identity = iscsi-char ; optional identity string
- iscsi-char = ALPHA / DIGIT / escaped / ":" / "-" / "."
- ; Intended to allow UTF-8 encoded strings
- escaped = 1*("\" HEXDIG HEXDIG)
- ;
- ; The iscsi-name part of the URL is required and must be the iSCSI
- ; name of the target being registered.
- ; A device representing multiple targets must individually
- ; register each target/address combination with SLP.
- ; The identity part of the URL is optional, and is used to
- ; indicate an identity that is allowed to access this target.
- ;
- ; Example (split into two lines for clarity):
- ; service:iscsi:target://192.0.2.3:3260/
- ; iqn.2001-04.com.example:sn.45678
- ;
- ; IPv6 addresses are also supported; they use the notation
-
-
-
-Bakke & Hufferd Standards Track [Page 14]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- ; specified above and in [RFC3513], section 2.2
-
- iscsi-name = string
- # The iSCSI Name of this target.
- # This must match the iscsi-name in the url-path.
-
- portal-group = integer
- # The iSCSI portal group tag for this address. Addresses sharing
- # the same iscsi-name and portal-group tag can be used within the
- # same iSCSI session. Portal groups are described in [RFC3720].
-
- transports = string M L
- tcp
- # This is a list of transport protocols that the registered
- # entity supports. iSCSI is currently supported over TCP,
- # but it is anticipated that it could be supported over other
- # transports, such as SCTP, in the future.
- tcp
-
- mgmt-entity = string O
- # The fully qualified domain name, or IP address in dotted-decimal
- # notation, of the management interface of the entity containing
- # this target.
- #
-
- alias = string O
- # The alias string contains a descriptive name of the target.
-
- auth-name = string M X
- # A list of iSCSI Initiator Names that can access this target.
- # Normal iSCSI names will be 80 characters or less; max length
- # is 255.
- # Normally, only one or a few values will be in the list.
- # Using the equivalence search on this will evaluate to "true"
- # if any one of the items in this list matches the query.
- # If this list contains the default name "any", any initiator
- # is allowed to access this target, provided it matches
- # the other auth-xxx attributes.
- #
- # This attribute contains security policy information. If this
- # attribute is distributed via an Attribute Reply message,
- # IPsec MUST be implemented.
-
- auth-addr = string M X
- # A list of initiator IP addresses (or host names) which will
- # be allowed access to this target. If this list contains the
- # default name "any", any IP address is allowed access to this
- # target, provided it matches the other auth-xxx attributes.
-
-
-
-Bakke & Hufferd Standards Track [Page 15]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- #
- # This attribute contains security policy information. If this
- # attribute is distributed via an Attribute Reply message,
- # IPsec MUST be implemented.
-
- auth-cred = string M X
- # A list of credentials which will be allowed access to the target
- # (provided they can provide the correct password or other
- # authenticator). Entries in this list are of the form
- # "method/identifier", where the currently defined methods are
- # "chap" and "srp", both of which take usernames as their
- # identifiers.
- #
- # This attribute contains security policy information. If this
- # attribute is distributed via an Attribute Reply message,
- # IPsec MUST be implemented.
-
- boot-list = string M O
- # A list of iSCSI Initiator Names that can boot from this target.
- # This list works precisely like the auth-name attribute. A name
- # appearing in this list must either appear in the access-list,
- # or the access-list must contain the initiator name "iscsi".
- # Otherwise, an initiator will be unable to find its boot
- # target. If boot-list contains the name "iscsi", any host can boot
- # from it, but I am not sure if this is useful to anyone. If this
- # attribute is not registered, this target is not "bootable".
- #
- # Note that the LUN the host boots from is not specified here; a
- # host will generally attempt to boot from LUN 0.
- #
- # It is quite possible that other attributes will need to be defined
- # here for booting as well.
- #
- # This attribute contains security policy information. If this
- # attribute is distributed via an Attribute Reply message,
- # IPsec MUST be implemented.
-
- --------------------------template ends here------------------------
-
-5.3. iSCSI Storage Management Service Templates
-
- This template defines the service "service:iscsi:sms". An entity
- supporting one or more iSCSI management service protocols may
- register itself with SLP as this service type. iSCSI clients and
- servers wishing to discover storage management services using SLP
- will usually search for them by the protocol(s) they support:
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 16]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- Service: service:iscsi:sms
- Scope: initiator-scope-list
- Query: (protocols=isns)
-
- Name of submitter: Mark Bakke
- Language of service template: en
- Security Considerations: see section 6.
-
- Template Text:
- -------------------------template begins here-----------------------
- template-type=iscsi:sms
- template-version=1.0
-
- template-description=
- This is a concrete service type. The iscsi:sms service type
- provides the capability for entities supporting iSCSI to discover
- appropriate management services.
-
- template-url-syntax=
- url-path = ; The URL of the management service [RFC2608].
-
- protocols = string M
- # The list of protocols supported by this name service. This
- # list may be expanded in the future. There is no default.
- #
- # "isns" - This management service supports the use of the iSNS
- # protocol for access management, health monitoring, and
- # discovery management services. This protocol is defined
- # in [ISNS].
- isns
-
- transports = string M L
- tcp
- # This is a list of transport protocols that the registered
- # entity supports.
- tcp, udp
-
- server-priority = integer
- # The priority a client should give this server, when choosing
- # between multiple servers with the same protocol type.
- # When multiple servers are discovered for a given protocol type,
- # this parameter indicates their relative precedence. Server
- # precedence is protocol-specific; for some protocols, the primary
- # server may have the highest server-priority value, while for
-
-
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 17]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- # others it may have the lowest. For example, with iSNS, the primary
- # server has the lowest value (value 0).
-
- --------------------------template ends here------------------------
-
-6. Security Considerations
-
- The SLPv2 security model as specified in [RFC2608] does not provide
- confidentiality but does provide an authentication mechanism for UAs
- to ensure that service advertisements only come from trusted SAs,
- with the exception that it does not provide a mechanism to
- authenticate "zero-result responses". See [RFC3723] for a discussion
- of the SLPv2 [RFC2608] security model.
-
- Once a target or management server is discovered, authentication and
- authorization are handled by the iSCSI protocol, or by the management
- server's protocol. It is the responsibility of the providers of
- these services to ensure that an inappropriately advertised or
- discovered service does not compromise their security.
-
- When no security is used for SLPv2, there is a risk of distribution
- of false discovery information. The primary countermeasure for this
- risk is authentication. When this risk is a significant concern,
- IPsec SAs and iSCSI in-band authentication SHOULD be used for iSCSI
- traffic subject to this risk to ensure that iSCSI traffic only flows
- between endpoints that have participated in IKE authentication and
- iSCSI in-band authentication. For example, if an attacker
- distributes discovery information falsely claiming that it is an
- iSCSI target, it will lack the secret information necessary to
- complete IKE authentication or iSCSI in-band authentication
- successfully and therefore will be prevented from falsely sending or
- receiving iSCSI traffic.
-
- A risk remains of a denial of service attack based on repeated use of
- false discovery information that will cause initiation of IKE
- negotiation. The countermeasures for this are administrative
- configuration of each iSCSI Target to limit the peers it is willing
- to communicate with (i.e., by IP address range and/or DNS domain),
- and maintenance of a negative authentication cache to avoid
- repeatedly contacting an iSCSI Target that fails to authenticate.
- These three measures (i.e., IP address range limits, DNS domain
- limits, negative authentication cache) MUST be implemented.
-
- The auth-name, auth-addr, auth-cred, and boot-list attributes
- comprise security policy information. When these are distributed,
- IPsec MUST be implemented.
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 18]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
-6.1. Security Implementation
-
- Security for SLPv2 in an IP storage environment is specified in
- [RFC3723]. IPsec is mandatory-to-implement for IPS clients and
- servers. Thus, all IP storage clients, including those invoking SLP,
- can be assumed to support IPsec. SLP servers, however, cannot be
- assumed to implement IPsec, since there is no such requirement in
- standard SLP. In particular, SLP Directory Agents (DA) may be
- running on machines other than those running the IPS protocols.
-
- IPsec SHOULD be implemented for SLPv2 as specified in [RFC3723]; this
- includes ESP with a non-null transform to provide both authentication
- and confidentiality.
-
- When SLPv2 can be used to distribute auth-name, auth-addr, auth-cred,
- and boot-list information (see section 5.2 above), IPsec MUST be
- implemented, as these items are considered sensitive security policy
- information. If IPsec is not implemented, auth-name, auth-addr,
- auth-cred, and boot-list information MUST NOT be distributed via
- SLPv2 and MUST NOT be used if discovered via SLPv2.
-
- Because the IP storage services have their own authentication
- capabilities when located, SLPv2 authentication is OPTIONAL to
- implement and use (as discussed in more detail in [RFC3723]).
-
-7. IANA Considerations
-
- This document describes three SLP Templates. They have been reviewed
- and approved by the IESG and registered in the IANA's "SVRLOC
- Templates" registry. This process is described in the IANA
- Considerations section of [RFC2609].
-
-8. Summary
-
- This document describes how SLP can be used by iSCSI initiators to
- find iSCSI targets and storage management servers. Service type
- templates for iSCSI targets and storage management servers are
- presented.
-
-9. Normative References
-
- [RFC2608] Guttman, E., Perkins, C., Veizades, J., and M. Day,
- "Service Location Protocol, Version 2", RFC 2608, June
- 1999.
-
- [RFC2609] Guttman, E., Perkins, C., and J. Kempf, "Service
- Templates and Service: Schemes", RFC 2609, June 1999.
-
-
-
-
-Bakke & Hufferd Standards Track [Page 19]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
- [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
- [RFC3491] Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
- Profile for Internationalized Domain Names (IDN)", RFC
- 3491, March 2003.
-
- [RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6
- (IPv6) Addressing Architecture", RFC 3513, April 2003.
-
- [RFC3720] Satran, J., Meth, K., Sapuntzakis, C., Chadalapaka, M.,
- and E. Zeidner, "Internet Small Computer Systems
- Interface (iSCSI)", RFC 3720, April 2004.
-
- [RFC3722] Bakke, M., "String Profile for Internet Small Computer
- Systems Interface (iSCSI) Names", RFC 3722, April 2004.
-
- [RFC3723] Aboba, B., Tseng, J., Walker, J., Rangan, V., and F.
- Travostino, "Securing Block Storage Protocols over IP",
- RFC 3723, April 2004.
-
-10. Informative References
-
- [RFC2614] Kempf, J. and E. Guttman, "An API for Service Location",
- RFC 2614, June 1999.
-
- [SAM2] ANSI T10. "SCSI Architectural Model 2", March 2000.
-
- [RFC3721] Bakke, M., Hafner, J., Hufferd, J., Voruganti, K., and M.
- Krueger, "Internet Small Computer Systems Interface
- (iSCSI) Naming and Discovery", RFC 3721, April 2004.
-
- [ISNS] Tseng, J., Gibbons, K., Travostino, F., Du Laney, C. and
- J. Souza, "Internet Storage Name Service", Work in
- Progress, February 2004.
-
- [BOOT] Sarkar, P., Missimer, D. and C. Sapuntzakis, "A Standard
- for Bootstrapping Clients using the iSCSI Protocol", Work
- in Progress, March 2004.
-
- [RFC3105] Kempf, J. and G. Montenegro, "Finding an RSIP Server with
- SLP", RFC 3105, October 2001.
-
-
-
-
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 20]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
-11. Acknowledgements
-
- This document was produced by the iSCSI Naming and Discovery team,
- including Joe Czap, Jim Hafner, John Hufferd, and Kaladhar Voruganti
- (IBM), Howard Hall (Pirus), Jack Harwood (EMC), Yaron Klein (Sanrad),
- Marjorie Krueger (HP), Lawrence Lamers (San Valley), Todd Sperry
- (Adaptec), and Joshua Tseng (Nishan). Thanks also to Julian Satran
- (IBM) for suggesting the use of SLP for iSCSI discovery, and to Matt
- Peterson (Caldera) and James Kempf (Sun) for reviewing the document
- from an SLP perspective.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 21]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
-Authors' Addresses
-
- Mark Bakke
- Cisco Systems, Inc.
- 7900 International Drive, Suite 400
- Bloomington, MN
- USA 55425
-
- EMail: mbakke@cisco.com
-
-
- Kaladhar Voruganti
- IBM Almaden Research Center
- 650 Harry Road
- San Jose, CA 95120
-
- EMail: kaladhar@us.ibm.com
-
-
- John L. Hufferd
- IBM Storage Systems Group
- 5600 Cottle Road
- San Jose, CA 95193
-
- Phone: +1 408 997-6136
- EMail: jlhufferd@comcast.net
-
-
- Marjorie Krueger
- Hewlett-Packard Corporation
- 8000 Foothills Blvd
- Roseville, CA 95747-5668, USA
-
- Phone: +1 916 785-2656
- EMail: marjorie_krueger@hp.com
-
-
- Todd Sperry
- Adaptec, Inc.
- 691 South Milpitas Boulevard
- Milpitas, Ca. 95035
-
- Phone: +1 408 957-4980
- EMail: todd_sperry@adaptec.com
-
-
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 22]
-
-RFC 4018 iSCSI and SLPv2 April 2005
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (2005).
-
- This document is subject to the rights, licenses and restrictions
- contained in BCP 78, and except as set forth therein, the authors
- retain all their rights.
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Intellectual Property
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at ietf-
- ipr@ietf.org.
-
-Acknowledgement
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-
-Bakke & Hufferd Standards Track [Page 23]
-
diff --git a/utils/open-isns/doc/rfc4171.txt b/utils/open-isns/doc/rfc4171.txt
deleted file mode 100644
index c02487c..0000000
--- a/utils/open-isns/doc/rfc4171.txt
+++ /dev/null
@@ -1,6891 +0,0 @@
-
-
-
-
-
-
-Network Working Group J. Tseng
-Request for Comments: 4171 Riverbed Technology
-Category: Standards Track K. Gibbons
- McDATA Corporation
- F. Travostino
- Nortel
- C. Du Laney
- Rincon Research Corporation
- J. Souza
- Microsoft
- September 2005
-
-
- Internet Storage Name Service (iSNS)
-
-Status of This Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2005).
-
-Abstract
-
- This document specifies the Internet Storage Name Service (iSNS)
- protocol, used for interaction between iSNS servers and iSNS clients,
- which facilitates automated discovery, management, and configuration
- of iSCSI and Fibre Channel devices (using iFCP gateways) on a TCP/IP
- network. iSNS provides intelligent storage discovery and management
- services comparable to those found in Fibre Channel networks,
- allowing a commodity IP network to function in a capacity similar to
- that of a storage area network. iSNS facilitates a seamless
- integration of IP and Fibre Channel networks due to its ability to
- emulate Fibre Channel fabric services and to manage both iSCSI and
- Fibre Channel devices. iSNS thereby provides value in any storage
- network comprised of iSCSI devices, Fibre Channel devices (using iFCP
- gateways), or any combination thereof.
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 1]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-Table of Contents
-
- 1. Introduction................................................... 6
- 1.1. Conventions Used in This Document........................ 6
- 1.2. Purpose of This Document................................. 6
- 2. iSNS Overview.................................................. 6
- 2.1. iSNS Architectural Components ........................... 7
- 2.1.1. iSNS Protocol (iSNSP) ........................... 7
- 2.1.2. iSNS Client...................................... 7
- 2.1.3. iSNS Server...................................... 7
- 2.1.4. iSNS Database ................................... 7
- 2.1.5. iSCSI............................................ 7
- 2.1.6. iFCP............................................. 7
- 2.2. iSNS Functional Overview................................. 8
- 2.2.1. Name Registration Service........................ 8
- 2.2.2. Discovery Domain and Login Control Service....... 8
- 2.2.3. State Change Notification Service............... 10
- 2.2.4. Open Mapping between
- Fibre Channel and iSCSI Devices................. 11
- 2.3. iSNS Usage Model........................................ 11
- 2.3.1. iSCSI Initiator................................. 12
- 2.3.2. iSCSI Target.................................... 12
- 2.3.3. iSCSI-FC Gateway................................ 12
- 2.3.4. iFCP Gateway.................................... 12
- 2.3.5. Management Station.............................. 12
- 2.4. Administratively Controlled iSNS Settings............... 13
- 2.5. iSNS Server Discovery .................................. 14
- 2.5.1. Service Location Protocol (SLP)................. 14
- 2.5.2. Dynamic Host Configuration Protocol (DHCP)...... 14
- 2.5.3. iSNS Heartbeat Message.......................... 14
- 2.6. iSNS and Network Address Translation (NAT).............. 14
- 2.7. Transfer of iSNS Database Records between iSNS Servers.. 15
- 2.8. Backup iSNS Servers..................................... 17
- 2.9. Transport Protocols..................................... 19
- 2.9.1. Use of TCP for iSNS Communication............... 19
- 2.9.2. Use of UDP for iSNS Communication............... 20
- 2.9.3. iSNS Multicast and Broadcast Messages........... 20
- 2.10. Simple Network Management Protocol (SNMP) Requirements.. 21
- 3. iSNS Object Model............................................. 21
- 3.1. Network Entity Object .................................. 22
- 3.2. Portal Object .......................................... 22
- 3.3. Storage Node Object..................................... 22
- 3.4. Portal Group Object..................................... 23
- 3.5. FC Device Object........................................ 24
- 3.6. Discovery Domain Object................................. 24
- 3.7. Discovery Domain Set Object............................. 24
- 3.8. iSNS Database Model..................................... 24
- 4. iSNS Implementation Requirements.............................. 25
-
-
-
-Tseng, et al. Standards Track [Page 2]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- 4.1. iSCSI Requirements...................................... 25
- 4.1.1. Required Attributes for Support of iSCSI........ 26
- 4.1.2. Examples: iSCSI Object Model Diagrams........... 28
- 4.1.3. Required Commands and
- Response Messages for Support of iSCSI.......... 30
- 4.2. iFCP Requirements....................................... 31
- 4.2.1. Required Attributes for Support of iFCP......... 31
- 4.2.2. Example: iFCP Object Model Diagram.............. 32
- 4.2.3. Required Commands and
- Response Messages for Support of iFCP........... 34
- 5. iSNSP Message Format.......................................... 35
- 5.1. iSNSP PDU Header........................................ 35
- 5.1.1. iSNSP Version................................... 36
- 5.1.2. iSNSP Function ID............................... 36
- 5.1.3. iSNSP PDU Length................................ 36
- 5.1.4. iSNSP Flags..................................... 36
- 5.1.5. iSNSP Transaction ID............................ 36
- 5.1.6. iSNSP Sequence ID............................... 37
- 5.2. iSNSP Message Segmentation and Reassembly............... 37
- 5.3. iSNSP PDU Payload....................................... 37
- 5.3.1. Attribute Value 4-Byte Alignment................ 38
- 5.4. iSNSP Response Status Codes............................. 39
- 5.5. Authentication for iSNS Multicast and Broadcast Messages 39
- 5.6. Registration and Query Messages......................... 41
- 5.6.1. Source Attribute................................ 42
- 5.6.2. Message Key Attributes.......................... 42
- 5.6.3. Delimiter Attribute............................. 42
- 5.6.4. Operating Attributes............................ 43
- 5.6.5. Registration and Query Request Message Types ... 44
- 5.7. Response Messages....................................... 66
- 5.7.1. Status Code..................................... 66
- 5.7.2. Message Key Attributes in Response.............. 66
- 5.7.3. Delimiter Attribute in Response................. 67
- 5.7.4. Operating Attributes in Response................ 67
- 5.7.5. Registration and Query Response Message Type.... 67
- 5.8. Vendor-Specific Messages................................ 72
- 6. iSNS Attributes............................................... 73
- 6.1. iSNS Attribute Summary.................................. 73
- 6.2. Entity Identifier-Keyed Attributes...................... 76
- 6.2.1. Entity Identifier (EID)......................... 76
- 6.2.2. Entity Protocol................................. 76
- 6.2.3. Management IP Address .......................... 77
- 6.2.4. Entity Registration Timestamp .................. 77
- 6.2.5. Protocol Version Range.......................... 77
- 6.2.6. Registration Period............................. 78
- 6.2.7. Entity Index.................................... 78
- 6.2.8. Entity Next Index............................... 79
- 6.2.9. Entity ISAKMP Phase-1 Proposals................. 79
-
-
-
-Tseng, et al. Standards Track [Page 3]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- 6.2.10. Entity Certificate.............................. 79
- 6.3. Portal-Keyed Attributes................................. 80
- 6.3.1. Portal IP Address............................... 80
- 6.3.2. Portal TCP/UDP Port............................. 80
- 6.3.3. Portal Symbolic Name............................ 80
- 6.3.4. Entity Status Inquiry Interval.................. 81
- 6.3.5. ESI Port........................................ 82
- 6.3.6. Portal Index.................................... 82
- 6.3.7. SCN Port........................................ 82
- 6.3.8. Portal Next Index............................... 83
- 6.3.9. Portal Security Bitmap.......................... 83
- 6.3.10. Portal ISAKMP Phase-1 Proposals................. 84
- 6.3.11. Portal ISAKMP Phase-2 Proposals................. 84
- 6.3.12. Portal Certificate.............................. 84
- 6.4. iSCSI Node-Keyed Attributes............................. 84
- 6.4.1. iSCSI Name...................................... 85
- 6.4.2. iSCSI Node Type................................. 85
- 6.4.3. iSCSI Node Alias................................ 86
- 6.4.4. iSCSI Node SCN Bitmap .......................... 86
- 6.4.5. iSCSI Node Index................................ 87
- 6.4.6. WWNN Token...................................... 87
- 6.4.7. iSCSI Node Next Index .......................... 89
- 6.4.8. iSCSI AuthMethod................................ 89
- 6.5. Portal Group (PG) Object-Keyed Attributes............... 89
- 6.5.1. Portal Group iSCSI Name......................... 90
- 6.5.2. PG Portal IP Addr............................... 90
- 6.5.3. PG Portal TCP/UDP Port.......................... 90
- 6.5.4. Portal Group Tag (PGT).......................... 90
- 6.5.5. Portal Group Index.............................. 90
- 6.5.6. Portal Group Next Index......................... 91
- 6.6. FC Port Name-Keyed Attributes .......................... 91
- 6.6.1. FC Port Name (WWPN)............................. 91
- 6.6.2. Port ID (FC_ID)................................. 91
- 6.6.3. FC Port Type.................................... 92
- 6.6.4. Symbolic Port Name.............................. 92
- 6.6.5. Fabric Port Name (FWWN)......................... 92
- 6.6.6. Hard Address.................................... 92
- 6.6.7. Port IP Address................................. 92
- 6.6.8. Class of Service (COS).......................... 93
- 6.6.9. FC-4 Types...................................... 93
- 6.6.10. FC-4 Descriptor................................. 93
- 6.6.11. FC-4 Features .................................. 93
- 6.6.12. iFCP SCN Bitmap................................. 93
- 6.6.13. Port Role....................................... 94
- 6.6.14. Permanent Port Name (PPN)....................... 95
- 6.7. Node-Keyed Attributes .................................. 95
- 6.7.1. FC Node Name (WWNN)............................. 95
- 6.7.2. Symbolic Node Name.............................. 95
-
-
-
-Tseng, et al. Standards Track [Page 4]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- 6.7.3. Node IP Address................................. 95
- 6.7.4. Node IPA........................................ 96
- 6.7.5. Proxy iSCSI Name................................ 96
- 6.8. Other Attributes........................................ 96
- 6.8.1. FC-4 Type Code.................................. 96
- 6.8.2. iFCP Switch Name................................ 96
- 6.8.3. iFCP Transparent Mode Commands.................. 97
- 6.9. iSNS Server-Specific Attributes......................... 97
- 6.9.1. iSNS Server Vendor OUI.......................... 98
- 6.10. Vendor-Specific Attributes.............................. 98
- 6.10.1. Vendor-Specific Server Attributes............... 98
- 6.10.2. Vendor-Specific Entity Attributes............... 98
- 6.10.3. Vendor-Specific Portal Attributes............... 99
- 6.10.4. Vendor-Specific iSCSI Node Attributes........... 99
- 6.10.5. Vendor-Specific FC Port Name Attributes......... 99
- 6.10.6. Vendor-Specific FC Node Name Attributes......... 99
- 6.10.7. Vendor-Specific Discovery Domain Attributes..... 99
- 6.10.8. Vendor-Specific Discovery Domain Set Attributes. 99
- 6.10.9. Other Vendor-Specific Attributes................ 99
- 6.11. Discovery Domain Registration Attributes............... 100
- 6.11.1. DD Set ID Keyed Attributes..................... 100
- 6.11.2. DD ID Keyed Attributes......................... 101
- 7. Security Considerations...................................... 103
- 7.1. iSNS Security Threat Analysis ......................... 103
- 7.2. iSNS Security Implementation and Usage Requirements.... 104
- 7.3. Discovering Security Requirements of Peer Devices...... 105
- 7.4. Configuring Security Policies of iFCP/iSCSI Devices.... 106
- 7.5. Resource Issues........................................ 107
- 7.6. iSNS Interaction with IKE and IPSec.................... 107
- 8. IANA Considerations.......................................... 107
- 8.1. Registry of Block Storage Protocols.................... 107
- 8.2. Registry of Standard iSNS Attributes .................. 108
- 8.3. Block Structure Descriptor (BSD) Registry.............. 108
- 9. Normative References......................................... 109
- 10. Informative References....................................... 110
- Appendix A: iSNS Examples........................................ 112
- A.1. iSCSI Initialization Example........................... 112
- A.1.1. Simple iSCSI Target Registration............... 112
- A.1.2. Target Registration and DD Configuration....... 114
- A.1.3. Initiator Registration and Target Discovery.... 117
- Acknowledgements................................................. 121
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 5]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-1. Introduction
-
-1.1. Conventions Used in This Document
-
- "iSNS" refers to the storage network model and associated services
- covered in the text of this document.
-
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in [RFC2119].
-
- All frame formats are in big endian network byte order.
-
- All unused fields and bitmaps, including those that are RESERVED,
- SHOULD be set to zero when sending and ignored when receiving.
-
-1.2. Purpose of This Document
-
- This is a standards track document containing normative text
- specifying the iSNS Protocol, used by iSCSI and iFCP devices to
- communicate with the iSNS server. This document focuses on the
- interaction between iSNS servers and iSNS clients; interactions among
- multiple authoritative primary iSNS servers are a potential topic for
- future work.
-
-2. iSNS Overview
-
- iSNS facilitates scalable configuration and management of iSCSI and
- Fibre Channel (FCP) storage devices in an IP network by providing a
- set of services comparable to that available in Fibre Channel
- networks. iSNS thus allows a commodity IP network to function at a
- level of intelligence comparable to a Fibre Channel fabric. iSNS
- allows the administrator to go beyond a simple device-by-device
- management model, where each storage device is manually and
- individually configured with its own list of known initiators and
- targets. Using the iSNS, each storage device subordinates its
- discovery and management responsibilities to the iSNS server. The
- iSNS server thereby serves as the consolidated configuration point
- through which management stations can configure and manage the entire
- storage network, including both iSCSI and Fibre Channel devices.
-
- iSNS can be implemented to support iSCSI and/or iFCP protocols as
- needed; an iSNS implementation MAY provide support for one or both of
- these protocols as desired by the implementor. Implementation
- requirements within each of these protocols are further discussed in
- Section 5. Use of iSNS is OPTIONAL for iSCSI and REQUIRED for iFCP.
-
-
-
-
-
-Tseng, et al. Standards Track [Page 6]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-2.1. iSNS Architectural Components
-
-2.1.1. iSNS Protocol (iSNSP)
-
- The iSNS Protocol (iSNSP) is a flexible and lightweight protocol that
- specifies how iSNS clients and servers communicate. It is suitable
- for various platforms, including switches and targets as well as
- server hosts.
-
-2.1.2. iSNS Client
-
- iSNS clients initiate transactions with iSNS servers using the iSNSP.
- iSNS clients are processes that are co-resident in the storage
- device, and that can register device attribute information, download
- information about other registered clients in a common Discovery
- Domain (DD), and receive asynchronous notification of events that
- occur in their DD(s). Management stations are a special type of iSNS
- client that have access to all DDs stored in the iSNS.
-
-2.1.3. iSNS Server
-
- iSNS servers respond to iSNS protocol queries and requests, and
- initiate iSNS protocol State Change Notifications. Properly
- authenticated information submitted by a registration request is
- stored in an iSNS database.
-
-2.1.4. iSNS Database
-
- The iSNS database is the information repository for the iSNS
- server(s). It maintains information about iSNS client attributes. A
- directory-enabled implementation of iSNS may store client attributes
- in an LDAP directory infrastructure.
-
-2.1.5. iSCSI
-
- iSCSI (Internet SCSI) is an encapsulation of SCSI for a new
- generation of storage devices interconnected with TCP/IP [iSCSI].
-
-2.1.6. iFCP
-
- iFCP (Internet FCP) is a gateway-to-gateway protocol designed to
- interconnect existing Fibre Channel and SCSI devices using TCP/IP.
- iFCP maps the existing FCP standard and associated Fibre Channel
- services to TCP/IP [iFCP].
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 7]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-2.2. iSNS Functional Overview
-
- There are four main functions of the iSNS:
-
- 1) A Name Service Providing Storage Resource Discovery
-
- 2) Discovery Domain (DD) and Login Control Service
-
- 3) State Change Notification Service
-
- 4) Open Mapping of Fibre Channel and iSCSI Devices
-
-2.2.1. Name Registration Service
-
- The iSNS provides a registration function to allow all entities in a
- storage network to register and query the iSNS database. Both
- targets and initiators can register in the iSNS database, as well as
- query for information about other initiators and targets. This
- allows, for example, a client initiator to obtain information about
- target devices from the iSNS server. This service is modeled on the
- Fibre Channel Generic Services Name Server described in FC-GS-4, with
- extensions, operating within the context of an IP network.
-
- The naming registration service also provides the ability to obtain a
- network-unique Domain ID for iFCP gateways when one is required.
-
-2.2.2. Discovery Domain and Login Control Service
-
- The Discovery Domain (DD) Service facilitates the partitioning of
- Storage Nodes into more manageable groupings for administrative and
- login control purposes. It allows the administrator to limit the
- login process of each host to the more appropriate subset of targets
- registered in the iSNS. This is particularly important for reducing
- the number of unnecessary logins (iSCSI logins or Fibre Channel Port
- Logins), and for limiting the amount of time that the host spends
- initializing login relationships as the size of the storage network
- scales up. Storage Nodes must be in at least one common enabled DD
- in order to obtain information about each other. Devices can be
- members of multiple DDs simultaneously.
-
- Login Control allows targets to delegate their access
- control/authorization policies to the iSNS server. This is
- consistent with the goal of centralizing management of those storage
- devices using the iSNS server. The target node or device downloads
- the list of authorized initiators from the iSNS. Each node or device
- is uniquely identified by an iSCSI Name or FC Port Name. Only
-
-
-
-
-
-Tseng, et al. Standards Track [Page 8]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- initiators that match the required identification and authorization
- provided by the iSNS will be allowed access by that target Node
- during session establishment.
-
- Placing Portals of a Network Entity into Discovery Domains allows
- administrators to indicate the preferred IP Portal interface through
- which storage traffic should access specific Storage Nodes of that
- Network Entity. If no Portals of a Network Entity have been placed
- into a DD, then queries scoped to that DD SHALL report all Portals of
- that Network Entity. If one or more Portals of a Network Entity have
- been placed into a DD, then queries scoped to that DD SHALL report
- only those Portals that have been explicitly placed in the DD.
-
- DDs can be managed offline through a separate management workstation
- using the iSNSP or SNMP. If the target opts to use the Login Control
- feature of the iSNS, the target delegates management of access
- control policy (i.e., the list of initiators allowed to log in to
- that target) to the management workstations that are managing the
- configuration in the iSNS database.
-
- If administratively authorized, a target can upload its own Login
- Control list. This is accomplished using the DDReg message and
- listing the iSCSI name of each initiator to be registered in the
- target's DD.
-
- An implementation MAY decide that newly registered devices that have
- not explicitly been placed into a DD by the management station will
- be placed into a "default DD" contained in a "default DDS" whose
- initial DD Set Status value is "enabled". This makes them visible to
- other devices in the default DD. Other implementations MAY decide
- that they are registered with no DD, making them inaccessible to
- source-scoped iSNSP messages.
-
- The iSNS server uses the Source Attribute of each iSNSP message to
- determine the originator of the request and to scope the operation to
- a set of Discovery Domains. In addition, the Node Type (specified in
- the iFCP or iSCSI Node Type bitmap field) may also be used to
- determine authorization for the specified iSNS operation. For
- example, only Control Nodes are authorized to create or delete
- discovery domains.
-
- Valid and active Discovery Domains (DDs) belong to at least one
- active Discovery Domain Set (DDS). Discovery Domains that do not
- belong to an activated DDS are not enabled. The iSNS server MUST
- maintain the state of DD membership for all Storage Nodes, even for
- those that have been deregistered. DD membership is persistent
- regardless of whether a Storage Node is actively registered in the
- iSNS database.
-
-
-
-Tseng, et al. Standards Track [Page 9]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-2.2.3. State Change Notification Service
-
- The State Change Notification (SCN) service allows the iSNS Server to
- issue notifications about network events that affect the operational
- state of Storage Nodes. The iSNS client may register for
- notifications on behalf of its Storage Nodes for notification of
- events detected by the iSNS Server. SCNs notify iSNS clients of
- explicit or implicit changes to the iSNS database; they do not
- necessarily indicate the state of connectivity to peer storage
- devices in the network. The response of a storage device to receipt
- of an SCN is implementation-specific; the policy for responding to
- SCNs is outside of the scope of this document.
-
- There are two types of SCN registrations: regular registrations and
- management registrations. Management registrations result in
- management SCNs, whereas regular registrations result in regular
- SCNs. The type of registration and SCN message is indicated in the
- SCN bitmap (see Sections 6.4.4 and 6.6.12).
-
- A regular SCN registration indicates that the Discovery Domain
- Service SHALL be used to control the distribution of SCN messages.
- Receipt of regular SCNs is limited to the discovery domains in which
- the SCN-triggering event takes place. Regular SCNs do not contain
- information about discovery domains.
-
- A management SCN registration can only by requested by Control Nodes.
- Management SCNs resulting from management registrations are not bound
- by the Discovery Domain service. Authorization to request management
- SCN registrations may be administratively controlled.
-
- The iSNS server SHOULD be implemented with hardware and software
- resources sufficient to support the expected number of iSNS clients.
- However, if resources are unexpectedly exhausted, then the iSNS
- server MAY refuse SCN service by returning an SCN Registration
- Rejected (Status Code 17). The rejection might occur in situations
- where the network size or current number of SCN registrations has
- passed an implementation-specific threshold. A client not allowed to
- register for SCNs may decide to monitor its sessions with other
- storage devices directly.
-
-
- The specific notification mechanism by which the iSNS server learns
- of the events that trigger SCNs is implementation-specific, but can
- include examples such as explicit notification messages from an iSNS
- client to the iSNS server, or a hardware interrupt to a switch-hosted
- iSNS server as a result of link failure.
-
-
-
-
-
-Tseng, et al. Standards Track [Page 10]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-2.2.4. Open Mapping between Fibre Channel and iSCSI Devices
-
- The iSNS database stores naming and discovery information about both
- Fibre Channel and iSCSI devices. This allows the iSNS server to
- store mappings of a Fibre Channel device to a proxy iSCSI device
- "image" in the IP network. Similarly, mappings of an iSCSI device to
- a "proxy WWN" can be stored under the WWNN Token field for that iSCSI
- device.
-
- Furthermore, through use of iSCSI-FC gateways, Fibre Channel-aware
- management stations can interact with the iSNS server to retrieve
- information about Fibre Channel devices, and use this information to
- manage Fibre Channel and iSCSI devices. This allows management
- functions such as Discovery Domains and State Change Notifications to
- be applied seamlessly to both iSCSI and Fibre Channel devices,
- facilitating integration of IP networks with Fibre Channel devices
- and fabrics.
-
- Note that Fibre Channel attributes are stored as iFCP attributes, and
- that the ability to store this information in the iSNS server is
- useful even if the iFCP protocol is not implemented. In particular,
- tag 101 can be used to store a "Proxy iSCSI Name" for Fibre Channel
- devices registered in the iSNS server. This field is used to
- associate the FC device with an iSCSI registration entry that is used
- for the Fibre Channel device to communicate with iSCSI devices in the
- IP network. Conversely, tag 37 (see Section 6.1) contains a WWNN
- Token field, which can be used to store an FC Node Name (WWNN) value
- used by iSCSI-FC gateways to represent an iSCSI device in the Fibre
- Channel domain.
-
- By storing the mapping between Fibre Channel and iSCSI devices in the
- iSNS server, this information becomes open to any authorized iSNS
- client wishing to retrieve and use this information. In many cases,
- this provides advantages over storing the information internally
- within an iSCSI-FC gateway, where the mapping is inaccessible to
- other devices except by proprietary mechanisms.
-
-2.3. iSNS Usage Model
-
- The following is a high-level description of how each type of device
- in a storage network can utilize iSNS. Each type of device interacts
- with the iSNS server as an iSNS client and must register itself in
- the iSNS database in order to access services provided by the iSNS.
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 11]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-2.3.1. iSCSI Initiator
-
- An iSCSI initiator will query the iSNS server to discover the
- presence and location of iSCSI target devices. It may also request
- state change notifications (SCNs) so that it can be notified of new
- targets that appear on the network after the initial bootup and
- discovery. SCNs can also inform the iSCSI initiator of targets that
- have been removed from or no longer available in the storage network,
- so that incomplete storage sessions can be gracefully terminated and
- resources for non-existent targets can be reallocated.
-
-2.3.2. iSCSI Target
-
- An iSCSI target allows itself to be discovered by iSCSI initiators by
- registering its presence in the iSNS server. It may also register
- for SCNs in order to detect the addition or removal of initiators for
- resource allocation purposes. The iSCSI target device may also
- register for Entity Status Inquiry (ESI) messages, which allow the
- iSNS to monitor the target device's availability in the storage
- network.
-
-2.3.3. iSCSI-FC Gateway
-
- An iSCSI-FC gateway bridges devices in a Fibre Channel network to an
- iSCSI/IP network. It may use the iSNS server to store FC device
- attributes discovered in the FC name server, as well as mappings of
- FC device identifiers to iSCSI device identifiers. iSNS has the
- capability to store all attributes of both iSCSI and Fibre Channel
- devices; iSCSI devices are managed through direct interaction using
- iSNS, while FC devices can be indirectly managed through iSNS
- interactions with the iSCSI-FC gateway. This allows both iSCSI and
- Fibre Channel devices to be managed in a seamless management
- framework.
-
-2.3.4. iFCP Gateway
-
- An iFCP gateway uses iSNS to emulate the services provided by a Fibre
- Channel name server for FC devices in its gateway region. iSNS
- provides basic discovery and zoning configuration information to be
- enforced by the iFCP gateway. When queried, iSNS returns information
- on the N_Port network address used to establish iFCP sessions between
- FC devices supported by iFCP gateways.
-
-2.3.5. Management Station
-
- A management station uses iSNS to monitor storage devices and to
- enable or disable storage sessions by configuring discovery domains.
- A management station usually interacts with the iSNS server as a
-
-
-
-Tseng, et al. Standards Track [Page 12]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Control Node endowed with access to all iSNS database records and
- with special privileges to configure discovery domains. Through
- manipulation of discovery domains, the management station controls
- the scope of device discovery for iSNS clients querying the iSNS
- server.
-
-2.4. Administratively Controlled iSNS Settings
-
- Some important operational settings for the iSNS server are
- configured using administrative means, such as a configuration file,
- a console port, an SNMP, or another implementation-specific method.
- These administratively-controlled settings cannot be configured using
- the iSNS Protocol, and therefore the iSNS server implementation MUST
- provide for such an administrative control interface.
-
- The following is a list of parameters that are administratively
- controlled for the iSNS server. In the absence of alternative
- settings provided by the administrator, the following specified
- default settings MUST be used.
-
- Setting Default Setting
- ------- ---------------
- ESI Non-Response Threshold 3 (see 5.6.5.13)
- Management SCNs (Control Nodes only) enabled (see 5.6.5.8)
- Default DD/DDS disabled
- DD/DDS Modification
- - Control Node enabled
- - iSCSI Target Node Type disabled
- - iSCSI Initiator Node Type disabled
- - iFCP Target Port Role disabled
- - iFCP Initiator Port Role disabled
- Authorized Control Nodes N/A
-
- ESI Non-Response Threshold: determines the number of ESI messages
- sent without receiving a response before the network
- entity is deregistered from the iSNS database.
-
- Management SCN for Control Node: determines whether a registered
- Control Node is permitted to register to receive
- Management SCNs.
-
- Default DD/DDS: determines whether a newly registered device not
- explicitly placed into a discovery domain (DD) and
- discovery domain set (DDS) is placed into a default
- DD/DDS.
-
- DD/DDS Modification: determines whether the specified type of Node is
- allowed to add, delete or update DDs and DDSs.
-
-
-
-Tseng, et al. Standards Track [Page 13]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Authorized Control Nodes: a list of Nodes identified by iSCSI Name or
- FC Port Name WWPN that are authorized to register as
- Control Nodes.
-
-2.5. iSNS Server Discovery
-
-2.5.1. Service Location Protocol (SLP)
-
- The Service Location Protocol (SLP) provides a flexible and scalable
- framework for providing hosts with access to information about the
- existence, location, and configuration of networked services,
- including the iSNS server. SLP can be used by iSNS clients to
- discover the IP address or FQDN of the iSNS server. To implement
- discovery through SLP, a Service Agent (SA) should be cohosted in the
- iSNS server, and a User Agent (UA) should be in each iSNS client.
- Each client multicasts a discovery message requesting the IP address
- of the iSNS server(s). The SA responds to this request. Optionally,
- the location of the iSNS server can be stored in the SLP Directory
- Agent (DA).
-
- Note that a complete description and specification of SLP can be
- found in [RFC2608], and is beyond the scope of this document. A
- service template for using SLP to locate iSNS servers can be found in
- [iSCSI-SLP].
-
-2.5.2. Dynamic Host Configuration Protocol (DHCP)
-
- The IP address of the iSNS server can be stored in a DHCP server to
- be downloaded by iSNS clients using a DHCP option. The DHCP option
- number to be used for distributing the iSNS server location is found
- in [iSNSOption].
-
-2.5.3. iSNS Heartbeat Message
-
- The iSNS heartbeat message is described in Section 5.6.5.14. It
- allows iSNS clients within the broadcast or multicast domain of the
- iSNS server to discover the location of the active iSNS server and
- any backup servers.
-
-2.6. iSNS and Network Address Translation (NAT)
-
- The existence of NAT will have an impact upon information retrieved
- from the iSNS server. If the iSNS client exists in an addressing
- domain different from that of the iSNS server, then IP address
- information stored in the iSNS server may not be correct when
- interpreted in the domain of the iSNS client.
-
-
-
-
-
-Tseng, et al. Standards Track [Page 14]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- There are several possible approaches to allow operation of iSNS
- within a NAT network. The first approach is to require use of the
- canonical TCP port number by both targets and initiators when
- addressing targets across a NAT boundary, and for the iSNS client not
- to query for nominal IP addresses. Rather, the iSNS client queries
- for the DNS Fully Qualified Domain Name stored in the Entity
- Identifier field when seeking addressing information. Once
- retrieved, the DNS name can be interpreted in each address domain and
- mapped to the appropriate IP address by local DNS servers.
-
- A second approach is to deploy a distributed network of iSNS servers.
- Local iSNS servers are deployed inside and outside NAT boundaries,
- with each local server storing relevant IP addresses for their
- respective NAT domains. Updates among the network of decentralized,
- local iSNS servers are handled using LDAP and appropriate NAT
- translation rules implemented within the update mechanism in each
- server.
-
- Finally, note that it is possible for an iSNS server in the private
- addressing domain behind a NAT boundary to exclusively support iSNS
- clients that are operating in the global IP addressing domain. If
- this is the case, the administrator only needs to ensure that the
- appropriate mappings are configured on the NAT gateways to allow the
- iSNS clients to initiate iSNSP sessions to the iSNS server. All
- registered addresses contained in the iSNS server are thus public IP
- addresses for use outside the NAT boundary. Care should be taken to
- ensure that there are no iSNS clients querying the server from inside
- the NAT boundary.
-
-2.7. Transfer of iSNS Database Records between iSNS Servers
-
- Transfer of iSNS database records between iSNS servers has important
- applications, including the following:
-
- 1) An independent organization needs to transfer storage information
- to a different organization. Each organization independently
- maintains its own iSNS infrastructure. To facilitate discovery
- of storage assets of the peer organization using IP, iSNS
- database records can be transferred between authoritative iSNS
- servers from each organization. This allows storage sessions to
- be established directly between devices residing in each
- organization's storage network infrastructure over a common IP
- network.
-
- 2) Multiple iSNS servers are desired for redundancy. Backup servers
- need to maintain copies of the primary server's dynamically
- changing database.
-
-
-
-
-Tseng, et al. Standards Track [Page 15]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- To support the above applications, information in an iSNS server can
- be distributed to other iSNS servers either using the iSNS protocol,
- or through out-of-band mechanisms using non-iSNS protocols. The
- following examples illustrate possible methods for transferring data
- records between iSNS servers. In the first example, a back-end LDAP
- information base is used to support the iSNS server, and the data is
- transferred using the LDAP protocol. Once the record transfer of the
- remote device is completed, it becomes visible and accessible to
- local devices using the local iSNS server. This allows local devices
- to establish sessions with remote devices (provided that firewall
- boundaries can be negotiated).
-
- +-------------------------+ +-------------------------+
- |+------+ iSNSP | | iSNSP +-----+ |
- ||dev A |<----->+------+ | | +------+<----->|dev C| |
- |+------+ | | | | | | +-----+ |
- |+------+ iSNSP |local | | | |remote| iSNSP +-----+ |
- ||dev B |<----->| iSNS | | | | iSNS |<----->|dev D| |
- |+------+ |server| | | |server| +-----+ |
- |........ +--+---+ | WAN | +---+--+ |
- |.dev C'. | | Link | | |
- |........ | ============= | |
- | | | | | |
- | +--+---+ | | +---+--+ |
- | | local|<--- <--- <--- <-|remote| |
- | | LDAP | | LDAP: | | LDAP | |
- | +------+ Xfer "dev C"| +------+ |
- +-------------------------+ +-------------------------+
- Enterprise Enterprise
- Network A Network B
-
- In the above diagram, two business partners wish to share storage
- "dev C". Using LDAP, the record for "dev C" can be transferred from
- Network B to Network A. Once accessible to the local iSNS server in
- Network A, local devices A and B can now discover and connect to "dev
- C".
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 16]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- +-------------------------+ +-------------------------+
- |+------+ iSNSP | | iSNSP +-----+ |
- ||dev A |<----->+------+ | | +------+<----->|dev C| |
- |+------+ | | | | | | +-----+ |
- |+------+ iSNSP |local | | | |remote| iSNSP +-----+ |
- ||dev B |<----->| iSNS | | | | iSNS |<----->|dev D| |
- |+------+ |server| | | |server| +-----+ |
- |........ +------+ | WAN | +---+--+ |
- |.dev C'. ^ | Link | | |
- |........ | ============= v |
- | | | | |SNMP |
- | | | | | |
- | +--+----+ | | v |
- | | SNMP |<--- <--- <--- <---- |
- | | Mgmt | | SNMP: Xfer "dev C" |
- | |Station| | | |
- | +-------+ | | |
- +-------------------------+ +-------------------------+
- Enterprise Enterprise
- Network A Network B
-
- The above diagram illustrates a second example of how iSNS records
- can be shared. This method uses an SNMP-based management station to
- retrieve (GET) the desired record for "dev C" manually, and then to
- store (SET) it on the local iSNS server directly. Once the record is
- transferred to the local iSNS server in Network A, "dev C" becomes
- visible and accessible (provided that firewall boundaries can be
- negotiated) to other devices in Network A.
-
- Other methods, including proprietary protocols, can be used to
- transfer device records between iSNS servers. Further discussion and
- explanation of these methodologies is beyond the scope of this
- document.
-
-2.8. Backup iSNS Servers
-
- This section offers a broad framework for implementation and
- deployment of iSNS backup servers. Server failover and recovery are
- topics of continuing research, and adequate resolution of issues such
- as split brain and primary server selection is dependent on the
- specific implementation requirements and deployment needs. The
- failover mechanisms discussed in this document focus on the
- interaction between iSNS clients and iSNS servers. Specifically,
- what is covered in this document includes the following:
-
- - iSNS client behavior and the iSNS protocol interaction between the
- client and multiple iSNS servers, some of which are backup
- servers.
-
-
-
-Tseng, et al. Standards Track [Page 17]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- - Required failover behaviors of the collection of iSNS servers that
- includes active and backup servers.
-
- However, note that this document does not specify the complete
- functional failover requirements of each iSNS server. In particular,
- it does not specify the complete set of protocol interactions among
- the iSNS servers that are required to achieve stable failover
- operation in an interoperable manner.
-
- For the purposes of this discussion, the specified backup mechanisms
- pertain to interaction among different logical iSNS servers. Note
- that it is possible to create multiple physical iSNS servers to form
- a single logical iSNS server cluster, and thus to distribute iSNS
- transaction processing among multiple physical servers. However, a
- more detailed discussion of the interactions between physical servers
- within a logical iSNS server cluster is beyond the scope of this
- document.
-
- Multiple logical iSNS servers can be used to provide redundancy in
- the event that the active iSNS server fails or is removed from the
- network. The methods described in Section 2.7 above can be used to
- transfer name server records to backup iSNS servers. Each backup
- server maintains a redundant copy of the name server database found
- in the primary iSNS server, and can respond to iSNS protocol messages
- in the same way as the active server. Each backup server SHOULD
- monitor the health and status of the active iSNS server, including
- checking to make sure its own database is synchronized with the
- active server's database. How each backup server accomplishes this
- is implementation-dependent, and may (or may not) include using the
- iSNS protocol. If the iSNS protocol is used, then the backup server
- MAY register itself in the active server's iSNS database as a Control
- Node, allowing it to receive state-change notifications.
-
- Generally, the administrator or some automated election process is
- responsible for initial and subsequent designation of the primary
- server and each backup server.
-
- A maximum of one logical backup iSNS server SHALL exist at any
- individual IP address, in order to avoid conflicts from multiple
- servers listening on the same canonical iSNS TCP or UDP port number.
-
- The iSNS heartbeat can also be used to coordinate the designation and
- selection of primary and backup iSNS servers.
-
- Each backup server MUST note its relative precedence in the active
- server's list of backup servers. If its precedence is not already
- known, each backup server MAY learn it from the iSNS heartbeat
- message, by noting the position of its IP address in the ordered list
-
-
-
-Tseng, et al. Standards Track [Page 18]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- of backup server IP addresses. For example, if it is the first
- backup listed in the heartbeat message, then its backup precedence is
- 1. If it is the third backup server listed, then its backup
- precedence is 3.
-
- If a backup server establishes that it has lost connectivity to the
- active server and other backup servers of higher precedence, then it
- SHOULD assume that it is the active server. The method of
- determining whether connectivity has been lost is implementation-
- specific. One possible approach is to assume that if the backup
- server does not receive iSNS heartbeat messages for a period of time,
- then connectivity to the active server has been lost. Alternatively,
- the backup server may establish TCP connections to the active server
- and other backup servers, with loss of connectivity determined
- through non-response to periodic echo or polling messages (using
- iSNSP, SNMP, or other protocols).
-
- When a backup server becomes the active server, it SHALL assume all
- active server responsibilities, including (if used) transmission of
- the iSNS heartbeat message. If transmitting the iSNS heartbeat, the
- backup server replaces the active Server IP Address and TCP/UDP Port
- entries with its own IP address and TCP/UDP Port, and begins
- incrementing the counter field from the last known value from the
- previously-active iSNS server. However, it MUST NOT change the
- original ordered list of backup server IP Address and TCP/UDP Port
- entries. If the primary backup server or other higher-precedence
- backup server returns, then the existing active server is responsible
- for ensuring that the new active server's database is up-to-date
- before demoting itself to its original status as backup.
-
- Since the primary and backup iSNS servers maintain a coordinated
- database, no re-registration by an iSNS Client is required when a
- backup server takes the active server role. Likewise, no re-
- registration by an iSNS Client is required when the previous primary
- server returns to the active server role.
-
-2.9. Transport Protocols
-
- The iSNS Protocol is transport-neutral. Query and registration
- messages are transported over TCP or UDP. iSNS heartbeat messages
- are transported using IP multicast or broadcast.
-
-2.9.1. Use of TCP for iSNS Communication
-
- It MUST be possible to use TCP for iSNS communication. The iSNS
- server MUST accept TCP connections for client registrations. To
- receive Entity Status Inquiry (ESI) (see Section 5.6.5.13) monitoring
- the use of TCP, the client registers the Portal ESI Interval and the
-
-
-
-Tseng, et al. Standards Track [Page 19]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- port number of the TCP port that will be used to receive ESI
- messages. The iSNS server initiates the TCP connection used to
- deliver the ESI message. This TCP connection does not need to be
- continuously open.
-
- To receive SCN notifications using TCP, the client registers the
- iSCSI or iFCP SCN Bitmap and the port number of the TCP port in the
- Portal used to receive SCNs. The iSNS server initiates the TCP
- connection used to deliver the SCN message. This TCP connection does
- not need to be continuously open.
-
- It is possible for an iSNS client to use the same TCP connection for
- SCN, ESI, and iSNS queries. Alternatively, separate connections may
- be used.
-
-2.9.2. Use of UDP for iSNS Communication
-
- The iSNS server MAY accept UDP messages for client registrations.
- The iSNS server MUST accept registrations from clients requesting
- UDP-based ESI and SCN messages.
-
- To receive UDP-based ESI monitoring messages, the client registers
- the port number of the UDP port in at least one Portal to be used to
- receive and respond to ESI messages from the iSNS server. If a
- Network Entity has multiple Portals with registered ESI UDP Ports,
- then ESI messages SHALL be delivered to every Portal registered to
- receive such messages.
-
- To receive UDP-based SCN notification messages, the client registers
- the port number of the UDP port in at least one Portal to be used to
- receive SCN messages from the iSNS server. If a Network Entity has
- multiple Portals with registered SCN UDP Ports, then SCN messages
- SHALL be delivered to each Portal registered to receive such
- messages.
-
- When using UDP to transport iSNS messages, each UDP datagram MUST
- contain exactly one iSNS PDU (see Section 5).
-
-2.9.3. iSNS Multicast and Broadcast Messages
-
- iSNS multicast messages are transported using IP multicast or
- broadcast. The iSNS heartbeat is the only iSNS multicast or
- broadcast message. This message is originated by the iSNS server and
- sent to all iSNS clients that are listening on the IP multicast
- address allocated for the iSNS heartbeat.
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 20]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-2.10. Simple Network Management Protocol (SNMP) Requirements
-
- The iSNS Server may be managed via the iSNS MIB [iSNSMIB] using an
- SNMP management framework [RFC3411]. For a detailed overview of the
- documents that describe the current Internet-Standard Management
- Framework, please refer to Section 7 of RFC 3410 [RFC3410]. The iSNS
- MIB provides the ability to configure and monitor an iSNS server
- without using the iSNS protocol directly. SNMP management frameworks
- have several requirements for object indexing in order for objects to
- be accessed or added.
-
- SNMP uses an Object Identifier (OID) for object identification. The
- size of each OID is restricted to a maximum of 128 sub-identifiers.
- Both the iSCSI and iFCP protocol contain identifiers, such as the
- iSCSI Name, that are greater the 128 characters in length. Using
- such identifiers as an index would result in more than 128 sub-
- identifiers per OID. In order to support objects that have key
- identifiers whose maximum length is longer than the maximum SNMP-
- supported length, the iSNS server provides secondary non-zero integer
- index identifiers. These indexes SHALL be persistent for as long as
- the server is active. Furthermore, index values for recently
- deregistered objects SHOULD NOT be reused in the short term. Object
- attributes, including indexes, are described in detail in Section 6.
-
- For SNMP based management applications to create a new entry in a
- table of objects, a valid OID must be available to specify the table
- row. The iSNS server supports this by providing, for each type of
- object that can be added via SNMP, an object attribute that returns
- the next available non-zero integer index. This allows an SNMP
- client to request an OID to be used for registering a new object in
- the server. Object attributes, including next available index
- attributes, are described in detail in Section 6.
-
-3. iSNS Object Model
-
- iSNS provides the framework for the registration, discovery, and
- management of iSCSI devices and Fibre Channel-based devices (using
- iFCP). This architecture framework provides elements needed to
- describe various storage device objects and attributes that may exist
- on an IP storage network. Objects defined in this architecture
- framework include Network Entity, Portal, Storage Node, FC Device,
- Discovery Domain, and Discovery Domain Set. Each of these objects is
- described in greater detail in the following sections.
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 21]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-3.1. Network Entity Object
-
- The Network Entity object is a container of Storage Node objects and
- Portal objects. It represents the infrastructure supporting access
- to a unique set of one or more Storage Nodes. The Entity Identifier
- attribute uniquely distinguishes a Network Entity, and is the key
- used to register a Network Entity object in an iSNS server. All
- Storage Nodes and Portals contained within a single Network Entity
- object operate as a cohesive unit.
-
- Note that it is possible for a single physical device or gateway to
- be represented by more than one logical Network Entity in the iSNS
- database. For example, one of the Storage Nodes on a physical device
- may be accessible from only a subset of the network interfaces (i.e.,
- Portals) available on that device. In this case, a logical network
- entity (i.e., a "shadow entity") is created and used to contain the
- Portals and Storage Nodes that can operate cooperatively. No object
- (Portals, Storage Nodes, etc.) can be contained in more than one
- logical Network Entity.
-
- Similarly, it is possible for a logical Network Entity to be
- supported by more than one physical device or gateway. For example,
- multiple FC-iSCSI gateways may be used to bridge FC devices in a
- single Fibre Channel network. Collectively, the multiple gateways
- can be used to support a single logical Network Entity that is used
- to contain all the devices in that Fibre Channel network.
-
-3.2. Portal Object
-
- The Portal object is an interface through which access to Storage
- Nodes within the Network Entity can be obtained. The IP address and
- TCP/UDP Port number attributes uniquely distinguish a Portal object,
- and combined are the key used to register a Portal object in an iSNS
- server. A Portal is contained in one and only one Network Entity,
- and may be contained in one or more DDs (see Section 3.6).
-
-3.3. Storage Node Object
-
- The Storage Node object is the logical endpoint of an iSCSI or iFCP
- session. In iFCP, the session endpoint is represented by the World
- Wide Port Name (WWPN). In iSCSI, the session endpoint is represented
- by the iSCSI Name of the device. For iSCSI, the iSCSI Name attribute
- uniquely distinguishes a Storage Node, and is the key used to
- register a Storage Node object in an iSNS Server. For iFCP, the FC
- Port Name (WWPN) attribute uniquely distinguishes a Storage Node, and
- is the key used to register a Storage Node object in the iSNS Server.
- Storage Node is contained in only one Network Entity object and may
- be contained in one or more DDs (see Section 3.6).
-
-
-
-Tseng, et al. Standards Track [Page 22]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-3.4. Portal Group Object
-
- The Portal Group (PG) object represents an association between a
- Portal and an iSCSI Node. Each Portal and iSCSI Storage Node
- registered in an Entity can be associated using a Portal Group (PG)
- object. The PG Tag (PGT), if non-NULL, indicates that the associated
- Portal provides access to the associated iSCSI Storage Node in the
- Entity. All Portals that have the same PGT value for a specific
- iSCSI Storage Node allow coordinated access to that node.
-
- A PG object MAY be registered when a Portal or iSCSI Storage Node is
- registered. Each Portal to iSCSI Node association is represented by
- one and only one PG object. In order for a Portal to provide access
- to an iSCSI Node, the PGT of the PG object MUST be non-NULL. If the
- PGT value registered for a specified Portal and iSCSI Node is NULL,
- or if no PGT value is registered, then the Portal does not provide
- access to that iSCSI Node in the Entity.
-
- The PGT value indicates whether access to an iSCSI Node can be
- coordinated across multiple Portals. All Portals that have the same
- PGT value for a specific iSCSI Node can provide coordinated access to
- that iSCSI Node. According to the iSCSI Specification, coordinated
- access to an iSCSI node indicates the capability of coordinating an
- iSCSI session with connections that span these Portals [iSCSI].
-
- The PG object is uniquely distinguished by the iSCSI Name, Portal IP
- Address, and Portal TCP Port values of the associated Storage Node
- and Portal objects. These are represented in the iSNS Server by the
- PG iSCSI Name, PG Portal IP Address, and PG Portal TCP/UDP Port
- attributes, respectively. The PG object is also uniquely
- distinguished in the iSNS Server by the PG Index value.
-
- A new PG object can only be registered by referencing its associated
- iSCSI Storage Node or Portal object. A pre-existing PG object can be
- modified or queried by using its Portal Group Index as message key,
- or by referencing its associated iSCSI Storage Node or Portal object.
- A 0-length Tag, Length, Value TLV is used to register a PGT NULL
- value.
-
- The PG object is deregistered if and only if its associated iSCSI
- Node and Portal objects are both removed.
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 23]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-3.5. Device Object
-
- The FC Device represents the Fibre Channel Node. This object
- contains information that may be useful in the management of the
- Fibre Channel device. The FC Node Name (WWNN) attribute uniquely
- distinguishes an FC Device, and is the key used to register an FC
- Device object in the iSNS Server.
-
- The FC Device is contained in one or more Storage Node objects.
-
-3.6. Discovery Domain Object
-
- Discovery Domains (DD) are a security and management mechanism used
- to administer access and connectivity to storage devices. For query
- and registration purposes, they are considered containers for Storage
- Node and Portal objects. A query by an iSNS client that is not from
- a Control Node only returns information about objects with which it
- shares at least one active DD. The only exception to this rule is
- with Portals; if Storage Nodes of a Network Entity are registered in
- the DD without Portals, then all Portals of that Network Entity are
- implicit members of that DD. The Discovery Domain ID (DD_ID)
- attribute uniquely distinguishes a Discovery Domain object, and is
- the key used to register a Discovery Domain object in the iSNS
- Server.
-
- A DD is considered active if it is a member of at least one active DD
- Set. DDs that are not members of at least one enabled DDS are
- considered disabled. A Storage Node can be a member of one or more
- DDs. An enabled DD establishes connectivity among the Storage Nodes
- in that DD.
-
-3.7. Discovery Domain Set Object
-
- The Discovery Domain Set (DDS) is a container object for Discovery
- Domains (DDs). DDSs may contain one or more DDs. Similarly, each DD
- can be a member of one or more DDSs. DDSs are a mechanism to store
- coordinated sets of DD mappings in the iSNS server. Active DDs are
- members of at least one active DD Set. Multiple DDSs may be
- considered active at the same time. The Discovery Domain Set ID
- (DDS_ID) attribute uniquely distinguishes a Discovery Domain Set
- object, and is the key used to register a Discovery Domain Set object
- in the iSNS Server.
-
-3.8. Database Model
-
- As presented to the iSNS client, each object of a specific type in
- the iSNS database MUST have an implicit internal linear ordering
- based on the key(s) for that object type. This ordering provides the
-
-
-
-Tseng, et al. Standards Track [Page 24]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- ability to respond to DevGetNext queries (see Section 5.6.5.3). The
- ordering of objects in the iSNS database SHOULD NOT be changed with
- respect to that implied ordering, as a consequence of object
- insertions and deletions. That is, the relative order of surviving
- object entries in the iSNS database SHOULD be preserved so that the
- DevGetNext message encounters generally reasonable behavior.
-
- The following diagram shows the various objects described above and
- their relationship to each other.
-
- +--------------+ +-----------+
- | NETWORK |1 *| |
- | ENTITY |----| PORTAL |
- | | | |
- +--------------+ +-----------+
- |1 |1 |*
- | | |
- | |* |
- | +----------+ |
- | | PORTAL | |
- | | GROUP | |
- | +----------+ |
- | |* |
- | | |
- |* |1 |*
- +-----------+ +--------------+ +-----------+ +-----------+
- | FC |1 *| STORAGE |* *| DISCOVERY |* *| DISCOVERY |
- | DEVICE |----| NODE |----| DOMAIN |----| DOMAIN |
- | | | | | | | SET |
- +-----------+ +--------------+ +-----------+ +-----------+
-
- * represents 0 to many possible relationships
-
-4. iSNS Implementation Requirements
-
- This section details specific requirements for support of each of
- these IP storage protocols. Implementation requirements for security
- are described in Section 7.
-
-4.1. iSCSI Requirements
-
- Use of iSNS in support of iSCSI is OPTIONAL. iSCSI devices MAY be
- manually configured with the iSCSI Name and IP address of peer
- devices, without the aid or intervention of iSNS. iSCSI devices may
- also use SLP [RFC2608] to discover peer iSCSI devices. However, iSNS
- is useful for scaling a storage network to a larger number of iSCSI
- devices.
-
-
-
-
-Tseng, et al. Standards Track [Page 25]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-4.1.1. Required Attributes for Support of iSCSI
-
- The following attributes are available to support iSCSI. Attributes
- indicated in the REQUIRED for Server column MUST be implemented by an
- iSNS server used to support iSCSI. Attributes indicated in the
- REQUIRED for Client column MUST be implemented by an iSCSI device
- that elects to use the iSNS. Attributes indicated in the K (Key)
- column uniquely identify the object type in the iSNS Server. A more
- detailed description of each attribute is found in Section 6.
-
- REQUIRED for:
- Object Attribute K Server Client
- ------ --------- - ------ ------
- NETWORK ENTITY Entity Identifier * * *
- Entity Protocol * *
- Management IP Address *
- Timestamp *
- Protocol Version Range *
- Registration Period *
- Entity Index *
- Entity IKE Phase-1 Proposal
- Entity Certificate
-
- PORTAL IP Address * * *
- TCP/UDP Port * * *
- Portal Symbolic Name *
- ESI Interval *
- ESI Port *
- Portal Index *
- SCN Port *
- Portal Security Bitmap *
- Portal IKE Phase-1 Proposal
- Portal IKE Phase-2 Proposal
- Portal Certificate
-
- PORTAL GROUP PG iSCSI Name * * *
- PG IP Address * * *
- PG TCP/UDP Port * * *
- PG Tag * *
- PG Index *
-
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 26]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- STORAGE NODE iSCSI Name * * *
- iSCSI Node Type * *
- Alias *
- iSCSI SCN Bitmap *
- iSCSI Node Index *
- WWNN Token
- iSCSI AuthMethod
- iSCSI Node Certificate
-
- DISCOVERY DOMAIN DD ID * * *
- DD Symbolic Name *
- DD Member iSCSI Node Index *
- DD Member iSCSI Name *
- DD Member Portal Index *
- DD Member Portal IP Addr *
- DD Member Portal TCP/UDP *
- DD Features *
-
- DISCOVERY DOMAIN DDS Identifier * *
- SET DDS Symbolic Name *
- DDS Status *
-
- All iSCSI user-specified and vendor-specified attributes are OPTIONAL
- to implement and use.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 27]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-4.1.2. Examples: iSCSI Object Model Diagrams
-
- The following diagram models how a simple iSCSI-based initiator and
- target is represented using database objects stored in the iSNS
- server. In this implementation, each target and initiator is
- attached to a single Portal.
-
- +----------------------------------------------------------------+
- | IP Network |
- +------------+--------------------------------------+------------+
- | |
- | |
- +-----+------+------+-----+ +-----+------+------+-----+
- | | PORTAL | | | | PORTAL | |
- | | -IP Addr 1 | | | | -IP Addr 2 | |
- | | -TCP Port 1 | | | | -TCP Port 2 | |
- | +-----+ +-----+ | | +-----+ +-----+ |
- | | | | | | | |
- | +-----+ +-----+ | | +-----+ +-----+ |
- | | PORTAL GROUP| | | | PORTAL GROUP| |
- | | -Prtl Tag 1 | | | | -Prtl Tag 2 | |
- | +-----+ +-----+ | | +-----+ +-----+ |
- | | | | | | | |
- | +--------+ +--------+ | | +-------+ +--------+ |
- | | | | | | | |
- | | STORAGE NODE | | | | STORAGE NODE | |
- | | -iSCSI Name | | | | -iSCSI Name | |
- | | -Alias: "server1"| | | | -Alias: "disk1"| |
- | | -Type: initiator | | | | -Type: target | |
- | | | | | | | |
- | +-------------------+ | | +------------------+ |
- | | | |
- | NETWORK ENTITY | | NETWORK ENTITY |
- | -Entity ID (FQDN): | | -Entity ID (FQDN): |
- | "strg1.example.com" | | "strg2.example.net" |
- | -Protocol: iSCSI | | -Protocol: iSCSI |
- | | | |
- +-------------------------+ +-------------------------+
-
- The object model can be expanded to describe more complex devices,
- such as an iSCSI device with more than one storage controller, in
- which each controller is accessible through any of multiple Portal
- interfaces, possibly using multiple Portal Groups. The storage
- controllers on this device can be accessed through alternate Portal
- interfaces if any original interface should fail. The following
- diagram describes such a device:
-
-
-
-
-
-Tseng, et al. Standards Track [Page 28]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- +---------------------------------------------------------------+
- | IP Network |
- +-------------------+-----------------------+-------------------+
- | |
- | |
- +------------+------+------+---------+------+------+------------+
- | | PORTAL 1 | | PORTAL 2 | |
- | | -IP Addr 1 | | -IP Addr 2 | |
- | | -TCP Port 1 | | -TCP Port 2 | |
- | +-----+ +-----+ +-----+ +-----+ |
- | | | | | |
- | +---------------+ +---------------------+ +---------------+ |
- | +-------+ +----------------+ +-------------------+ +------+ |
- | | | | | | | |
- | +-------+ +-------+ +------+ +--------+ +--------+ +------+ |
- | | | | | | | |
- | | STORAGE NODE 1 | | STORAGE NODE 2 | | STORAGE NODE 3 | |
- | | -iSCSI Name 1 | | -iSCSI Name 2 | | -iSCSI Name 3 | |
- | | -Alias: "disk1"| | -Alias: "disk2"| | -Alias: "disk3"| |
- | | -Type: target | | -Type: target | | -Type: target | |
- | | | | | | | |
- | +-----------------+ +-----------------+ +-----------------+ |
- | |
- | NETWORK ENTITY |
- | -Entity ID (FQDN): "dev1.example.com" |
- | -Protocol: iSCSI |
- | |
- | Portal Group Object Table |
- | Storage-Node Portal Portal-Group-Tag |
- | 1 1 10 |
- | 1 2 NULL (no access permitted) |
- | 2 1 20 |
- | 2 2 20 |
- | 3 1 30 |
- | 3 2 10 |
- | |
- +---------------------------------------------------------------+
-
- Storage Node 1 is accessible via Portal 1 with a PGT of 10. It does
- not have a Portal Group Tag (PGT) assigned for Portal 2, so Storage
- Node 1 cannot be accessed via Portal 2.
-
- Storage Node 2 can be accessed via both Portal 1 and Portal 2. Since
- Storage Node 2 has the same PGT value assigned to both Portal 1 and
- Portal 2, in this case 20, coordinated access via the Portals is
- available [iSCSI].
-
-
-
-
-
-Tseng, et al. Standards Track [Page 29]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Storage Node 3 can be accessed via Portal 1 or Portal 2. However,
- since Storage Node 3 has different PGT values assigned to each
- Portal, in this case 10 and 30, access is not coordinated [iSCSI].
- Because PGTs are assigned within the context of a Storage Node, the
- PGT value of 10 used for Storage Node 1 and Storage Node 3 are not
- interrelated.
-
-4.1.3. Required Commands and Response Messages for Support of iSCSI
-
- The following iSNSP messages and responses are available in support
- of iSCSI. Messages indicated in the REQUIRED for Server column MUST
- be implemented in iSNS servers used for iSCSI devices. Messages
- indicated in the REQUIRED for Client column MUST be implemented in
- iSCSI devices that elect to use the iSNS server.
-
- REQUIRED for:
- Message Description Abbreviation Func_ID Server Client
- ------------------- ------------ ------- ------ ------
- RESERVED 0x0000
- Device Attr Reg Request DevAttrReg 0x0001 * *
- Dev Attr Query Request DevAttrQry 0x0002 * *
- Dev Get Next Request DevGetNext 0x0003 *
- Deregister Dev Request DevDereg 0x0004 * *
- SCN Register Request SCNReg 0x0005 *
- SCN Deregister Request SCNDereg 0x0006 *
- SCN Event SCNEvent 0x0007 *
- State Change Notification SCN 0x0008 *
- DD Register DDReg 0x0009 * *
- DD Deregister DDDereg 0x000A * *
- DDS Register DDSReg 0x000B * *
- DDS Deregister DDSDereg 0x000C * *
- Entity Status Inquiry ESI 0x000D *
- Name Service Heartbeat Heartbeat 0x000E
- RESERVED 0x000F-0x00FF
- Vendor Specific 0x0100-0x01FF
- RESERVED 0x0200-0x7FFF
-
- The following are iSNSP response messages used in support of iSCSI:
-
- REQUIRED for:
- Response Message Desc Abbreviation Func_ID Server Client
- --------------------- ------------ ------- ------ ------
- RESERVED 0x8000
- Device Attr Register Rsp DevAttrRegRsp 0x8001 * *
- Device Attr Query Rsp DevAttrQryRsp 0x8002 * *
- Device Get Next Rsp DevGetNextRsp 0x8003 *
- Device Dereg Rsp DevDeregRsp 0x8004 * *
- SCN Register Rsp SCNRegRsp 0x8005 *
-
-
-
-Tseng, et al. Standards Track [Page 30]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- SCN Deregister Rsp SCNDeregRsp 0x8006 *
- SCN Event Rsp SCNEventRsp 0x8007 *
- SCN Response SCNRsp 0x8008 *
- DD Register Rsp DDRegRsp 0x8009 * *
- DD Deregister Rsp DDDeregRsp 0x800A * *
- DDS Register Rsp DDSRegRsp 0x800B * *
- DDS Deregister Rsp DDSDeregRsp 0x800C * *
- Entity Stat Inquiry Rsp ESIRsp 0x800D *
- RESERVED 0x800E-0x80FF
- Vendor Specific 0x8100-0x81FF
- RESERVED 0x8200-0xFFFF
-
-4.2. iFCP Requirements
-
- In iFCP, use of iSNS is REQUIRED. No alternatives exist for support
- of iFCP Naming & Discovery functions.
-
-4.2.1. Required Attributes for Support of iFCP
-
- The following table displays attributes that are used by iSNS to
- support iFCP. Attributes indicated in the REQUIRED for Server column
- MUST be implemented by the iSNS server that supports iFCP.
- Attributes indicated in the REQUIRED for Client column MUST be
- supported by iFCP gateways. Attributes indicated in the K (Key)
- column uniquely identify the object type in the iSNS Server. A more
- detailed description of each attribute is found in Section 6.
-
- REQUIRED for:
- Object Attribute K Server Client
- ------ --------- - ------ ------
- NETWORK ENTITY Entity Identifier * * *
- Entity Protocol * *
- Management IP Address *
- Timestamp *
- Protocol Version Range *
- Registration period
- Entity Index
- Entity IKE Phase-1 Proposal
- Entity Certificate
-
- PORTAL IP Address * * *
- TCP/UDP Port * * *
- Symbolic Name *
- ESI Interval *
- ESI Port *
- SCN Port *
- Portal IKE Phase-1 Proposal
- Portal IKE Phase-2 Proposal
-
-
-
-Tseng, et al. Standards Track [Page 31]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Portal Certificate
- Security Bitmap *
-
- STORAGE NODE FC Port Name (WWPN) * * *
- (FC Port) Port_ID * *
- FC Port Type * *
- Port Symbolic Name *
- Fabric Port Name (FWWN) *
- Hard Address *
- Port IP Address *
- Class of Service *
- FC FC-4 Types *
- FC FC-4 Descriptors *
- FC FC-4 Features *
- SCN Bitmap *
- iFCP Port Role *
- Permanent Port Name *
-
- FC DEVICE FC Node Name (WWNN) * * *
- (FC Node) Node Symbolic Name *
- Node IP Address *
- Node IPA *
- Proxy iSCSI Name
-
- DISCOVERY DOMAIN DD ID * * *
- DD Symbolic Name *
- DD Member FC Port Name *
- DD Member Portal Index *
- DD Member Portal IP Addr *
- DD Member Portal TCP/UDP *
-
- DISCOVERY DOMAIN DDS ID * *
- SET DDS Symbolic Name *
- DDS Status *
-
- OTHER Switch Name
- Preferred_ID
- Assigned_ID
- Virtual_Fabric_ID
-
- All iFCP user-specified and vendor-specified attributes are OPTIONAL
- to implement and use.
-
-4.2.2. Example: iFCP Object Model Diagram
-
- The iFCP protocol allows native Fibre Channel devices or Fibre
- Channel fabrics connected to an iFCP gateway to be directly
- internetworked using IP.
-
-
-
-Tseng, et al. Standards Track [Page 32]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- When supporting iFCP, the iSNS server stores Fibre Channel device
- attributes, iFCP gateway attributes, and Fibre Channel fabric switch
- attributes that might also be stored in an FC name server.
-
- The following diagram shows a representation of a gateway supporting
- multiple Fibre Channel devices behind it. The two Portal objects
- represent IP interfaces on the iFCP gateway that can be used to
- access any of the three Storage Node objects behind it. Note that
- the FC Device object is not contained in the Network Entity object.
- However, each FC Device has a relationship to one or more Storage
- Node objects.
-
- +--------------------------------------------------------+
- | IP Network |
- +--------+-----------------+-----------------------------+
- | |
- +-+------+------+---+------+------+----------------------+
- | | PORTAL | | PORTAL | NETWORK ENTITY |
- | | -IP Addr 1 | | -IP Addr 2 | -Entity ID (FQDN): |
- | | -TCP Port 1 | | -TCP Port 2 | "gtwy1.example.com" |
- | +-----+ +-----+ +-----+ +-----+ -Protocol: iFCP |
- | | | | | |
- | +-----+ +---------------+ +----------------------+ |
- | +-----+ +---------------+ +-------------+ +------+ |
- | | | | | | | |
- | +-----+ +-----+ +----+ +------+ +----+ +------+ |
- | |STORAGE NODE | |STORAGE NODE | |STORAGE NODE | |
- | | -WWPN 1 | | -WWPN 2 | | -WWPN 3 | |
- | | -Port ID 1 | | -Port ID 2 | | -Port ID 3 | |
- | | -FWWN 1 | | -FWWN 2 | | -FWWN 3 | |
- | | -FC COS | | -FC COS | | -FC COS | |
- | +------+------+ +-------+-----+ +----+--------+ |
- +--------|-------------------|------------|--------------+
- | | |
- +------+------+ +---+------------+---+
- | FC DEVICE | | FC DEVICE |
- | -WWNN 1 | | -WWNN 2 |
- | | | |
- +-------------+ +--------------------+
-
-
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 33]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-4.2.3. Required Commands and Response Messages for Support of iFCP
-
- The iSNSP messages and responses displayed in the following tables
- are available to support iFCP gateways. Messages indicated in the
- REQUIRED TO IMPLEMENT column MUST be supported by the iSNS server
- used by iFCP gateways. Messages indicated in the REQUIRED TO USE
- column MUST be supported by the iFCP gateways themselves.
-
- REQUIRED for:
- Message Description Abbreviation Func ID Server Client
- ------------------- ------------ ------- ------ ------
- RESERVED 0x0000
- Device Attr Reg Request DevAttrReg 0x0001 * *
- Device Attr Query Request DevAttrQry 0x0002 * *
- Device Get Next Request DevGetNext 0x0003 *
- Device Dereg Request DevDereg 0x0004 * *
- SCN Register Request SCNReg 0x0005 *
- SCN Deregister Request SCNDereg 0x0006 *
- SCN Event SCNEvent 0x0007 *
- State Change Notification SCN 0x0008 *
- DD Register DDReg 0x0009 * *
- DD Deregister DDDereg 0x000A * *
- DDS Register DDSReg 0x000B * *
- DDS Deregister DDSDereg 0x000C * *
- Entity Status Inquiry ESI 0x000D *
- Name Service Heartbeat Heartbeat 0x000E *
- Reserved Reserved 0x000F-0x0010
- Request FC_DOMAIN_ID RqstDomId 0x0011
- Release FC_DOMAIN_ID RlseDomId 0x0012
- Get FC_DOMAIN_IDs GetDomId 0x0013
- RESERVED 0x0014-0x00FF
- Vendor Specific 0x0100-0x01FF
- RESERVED 0x0200-0x7FFF
-
- The following are iSNSP response messages in support of iFCP:
-
- REQUIRED for:
- Response Message Desc Abbreviation Func_ID Server Client
- --------------------- ------------ ------- ------ ------
- RESERVED 0x8000
- Device Attr Reg Rsp DevAttrRegRsp 0x8001 * *
- Device Attr Query Rsp DevAttrQryRsp 0x8002 * *
- Device Get Next Rsp DevGetNextRsp 0x8003 *
- Device Deregister Rsp DevDeregRsp 0x8004 * *
- SCN Register Rsp SCNRegRsp 0x8005 *
- SCN Deregister Rsp SCNDeregRsp 0x8006 *
- SCN Event Rsp SCNEventRsp 0x8007 *
- SCN Rsp SCNRsp 0x8008 *
-
-
-
-Tseng, et al. Standards Track [Page 34]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- DD Register Rsp DDRegRsp 0x8009 * *
- DD Deregister Rsp DDDeregRsp 0x800A * *
- DDS Register Rsp DDSRegRsp 0x800B * *
- DDS Deregister Rsp DDSDeregRsp 0x800C * *
- Entity Status Inquiry Rsp ESIRsp 0x800D *
- NOT USED 0x800E
- RESERVED 0x800F-0x8010
- Request FC_DOMAIN_ID Rsp RqstDomIdRsp 0x8011
- Release FC_DOMAIN_ID Rsp RlseDomIdRsp 0x8012
- Get FC_DOMAIN_IDs GetDomIdRsp 0x0013
- RESERVED 0x8014-0x80FF
- Vendor Specific 0x8100-0x81FF
- RESERVED 0x8200-0xFFFF
-
-5. iSNSP Message Format
-
- The iSNSP message format is similar to the format of other common
- protocols such as DHCP, DNS and BOOTP. An iSNSP message may be sent
- in one or more iSNS Protocol Data Units (PDU). Each PDU is 4-byte
- aligned. The following describes the format of the iSNSP PDU:
-
- Byte MSb LSb
- Offset 0 15 16 31
- +---------------------+----------------------+
- 0 | iSNSP VERSION | FUNCTION ID | 4 Bytes
- +---------------------+----------------------+
- 4 | PDU LENGTH | FLAGS | 4 Bytes
- +---------------------+----------------------+
- 8 | TRANSACTION ID | SEQUENCE ID | 4 Bytes
- +---------------------+----------------------+
- 12 | |
- | PDU PAYLOAD | N Bytes
- | ... |
- +--------------------------------------------+
- 12+N | AUTHENTICATION BLOCK (Multicast/Broadcast) | L Bytes
- +--------------------------------------------+
- Total Length = 12 + N + L
-
-5.1. iSNSP PDU Header
-
- The iSNSP PDU header contains the iSNSP VERSION, FUNCTION ID, PDU
- LENGTH, FLAGS, TRANSACTION ID, and SEQUENCE ID fields as defined
- below.
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 35]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-5.1.1. iSNSP Version
-
- The iSNSP version described in this document is 0x0001. All other
- values are RESERVED. The iSNS server MAY reject messages for iSNSP
- version numbers that it does not support.
-
-5.1.2. iSNSP Function ID
-
- The FUNCTION ID defines the type of iSNS message and the operation to
- be executed. FUNCTION_ID values with the leading bit cleared
- indicate query, registration, and notification messages, whereas
- FUNCTION_ID values with the leading bit set indicate response
- messages.
-
- See Section 4 under the appropriate protocol (i.e., iSCSI or iFCP)
- for a mapping of the FUNCTION_ID value to the iSNSP Command or
- Response message. All PDUs comprising an iSNSP message must have the
- same FUNCTION_ID value.
-
-5.1.3. iSNSP PDU Length
-
- The iSNS PDU Length specifies the length of the PDU PAYLOAD field in
- bytes. The PDU Payload contains TLV attributes for the operation.
-
- Additionally, response messages contain a success/failure code. The
- PDU Length MUST be 4-byte aligned.
-
-5.1.4. iSNSP Flags
-
- The FLAGS field indicates additional information about the message
- and the type of Network Entity that generated the message. The
- following table displays the valid flags:
-
- Bit Position Enabled (1) means:
- ------------ -----------------
- 16 Sender is the iSNS client
- 17 Sender is the iSNS server
- 18 Authentication block is present
- 19 Replace flag (for DevAttrReg)
- 20 Last PDU of the iSNS message
- 21 First PDU of the iSNS message
- 22-31 RESERVED
-
-5.1.5. iSNSP Transaction ID
-
- The TRANSACTION ID MUST be set to a unique value for each
- concurrently outstanding request message. Replies MUST use the same
- TRANSACTION ID value as the associated iSNS request message. If a
-
-
-
-Tseng, et al. Standards Track [Page 36]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- message is retransmitted, the original TRANSACTION ID value MUST be
- used. All PDUs comprising an iSNSP message must have the same
- TRANSACTION ID value.
-
-5.1.6. iSNSP Sequence ID
-
- The SEQUENCE ID has a unique value for each PDU within a single
- transaction. The SEQUENCE_ID value of the first PDU transmitted in a
- given iSNS message MUST be zero (0), and each SEQUENCE_ID value in
- each PDU MUST be numbered sequentially in the order in which the PDUs
- are transmitted. Note that the two-byte SEQUENCE ID allows for up to
- 65536 PDUs per iSNS message.
-
-5.2. iSNSP Message Segmentation and Reassembly
-
- iSNS messages may be carried in one or more iSNS PDUs. If only one
- iSNS PDU is used to carry the iSNS message, then bit 21 (First PDU)
- and bit 20 in the FLAGS field (Last PDU) SHALL both be set. If
- multiple PDUs are used to carry the iSNS message, then bit 21 SHALL
- be set in the first PDU of the message, and bit 20 SHALL be set in
- the last PDU.
-
- All PDUs comprising the same iSNSP message SHALL have the same
- FUNCTION_ID and TRANSACTION_ID values. Each PDU comprising an iSNSP
- message SHALL have a unique SEQUENCE_ID value.
-
-5.3. iSNSP PDU Payload
-
- The iSNSP PDU PAYLOAD is of variable length and contains attributes
- used for registration and query operations. The attribute data items
- use a format similar to that of other protocols, such as DHCP
- [RFC2131] options. Each iSNS attribute is specified in the PDU
- Payload using Tag-Length-Value (TLV) data format, as shown below:
-
- Byte MSb LSb
- Offset 0 31
- +--------------------------------------------+
- 0 | Attribute Tag | 4 Bytes
- +--------------------------------------------+
- 4 | Attribute Length (N) | 4 Bytes
- +--------------------------------------------+
- 8 | |
- | Attribute Value | N Bytes
- | |
- +--------------------------------------------+
- Total Length = 8 + N
-
-
-
-
-
-Tseng, et al. Standards Track [Page 37]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Attribute Tag: a 4-byte field that identifies the attribute as
- defined in Section 6.1. This field contains the
- tag value from the indicated table.
-
- Attribute Length: a 4-byte field that indicates the length, in bytes,
- of the value field to follow in the TLV. For
- variable-length attributes, the value field MUST
- contain padding bytes, if necessary, in order to
- achieve 4-byte alignment. A "zero-length TLV"
- contains only the attribute tag and length fields.
-
- Attribute Value: a variable-length field containing the attribute
- value and padding bytes (if necessary).
-
- The above format is used to identify each attribute in the PDU
- Payload. Note that TLV boundaries need not be aligned with PDU
- boundaries; PDUs may carry one or more TLVs, or any fraction thereof.
- The Response Status Code, contained in response message PDU Payloads
- and described below, is not in TLV format. PDU Payloads for messages
- that do not contain iSNS attributes, such as the Name Service
- Heartbeat, do not use the TLV format.
-
-5.3.1. Attribute Value 4-Byte Alignment
-
- All attribute values are aligned to 4-byte boundaries. For variable
- length attributes, if necessary, the TLV length MUST be increased to
- the next 4-byte boundary through padding with bytes containing zero
- (0). If an attribute value is padded, a combination of the tag and
- attribute value itself is used to determine the actual value length
- and number of pad bytes. There is no explicit count of the number of
- pad bytes provided in the TLV.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 38]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-5.4. iSNSP Response Status Codes
-
- All iSNSP response messages contain a 4-byte Status Code field as the
- first field in the iSNSP PDU PAYLOAD. If the original iSNSP request
- message was processed normally by the iSNS server, or by the iSNS
- client for ESI and SCN messages, then this field SHALL contain a
- status code of 0 (Successful). A non-zero status code indicates
- rejection of the entire iSNS client request message.
-
- Status Code Status Description
- ----------- -----------------
- 0 Successful
- 1 Unknown Error
- 2 Message Format Error
- 3 Invalid Registration
- 4 RESERVED
- 5 Invalid Query
- 6 Source Unknown
- 7 Source Absent
- 8 Source Unauthorized
- 9 No Such Entry
- 10 Version Not Supported
- 11 Internal Error
- 12 Busy
- 13 Option Not Understood
- 14 Invalid Update
- 15 Message (FUNCTION_ID) Not Supported
- 16 SCN Event Rejected
- 17 SCN Registration Rejected
- 18 Attribute Not Implemented
- 19 FC_DOMAIN_ID Not Available
- 20 FC_DOMAIN_ID Not Allocated
- 21 ESI Not Available
- 22 Invalid Deregistration
- 23 Registration Feature Not Supported
- 24 and above RESERVED
-
-5.5. Authentication for iSNS Multicast and Broadcast Messages
-
- For iSNS multicast and broadcast messages (see Section 2.9.3), the
- iSNSP provides authentication capability. The following section
- details the iSNS Authentication Block, which is identical in format
- to the SLP authentication block [RFC2608]. iSNS unicast messages
- SHOULD NOT include the authentication block, but rather should rely
- upon IPSec security mechanisms.
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 39]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- If a message contains an authentication block, then the
- "Authentication block present" bit in the iSNSP PDU header FLAGS
- field SHALL be enabled.
-
- If a PKI is available with an [X.509] Certificate Authority (CA),
- then public key authentication of the iSNS server is possible. The
- authentication block leverages the DSA with SHA-1 algorithm, which
- can easily integrate into a public key infrastructure.
-
- The authentication block contains a digital signature for the
- multicast message. The digital signature is calculated on a per-PDU
- basis. The authentication block contains the following information:
-
- 1. A time stamp, to prevent replay attacks.
- 2. A structured authenticator containing a signature calculated over
- the time stamp and the message being secured.
- 3. An indicator of the cryptographic algorithm that was used to
- calculate the signature.
- 4. An indicator of the keying material and algorithm parameters,
- used to calculate the signature.
-
- The authentication block is described in the following figure:
-
- Byte MSb LSb
- Offset 0 31
- +----------------------------------+
- 0 | BLOCK STRUCTURE DESCRIPTOR | 4 Bytes
- +----------------------------------+
- 4 | AUTHENTICATION BLOCK LENGTH | 4 Bytes
- +----------------------------------+
- 8 | TIMESTAMP | 8 Bytes
- +----------------------------------+
- 16 | SPI STRING LENGTH | 4 Bytes
- +----------------------------------+
- 20 | SPI STRING | N Bytes
- +----------------------------------+
- 20 + N | STRUCTURED AUTHENTICATOR | M Bytes
- +----------------------------------+
- Total Length = 20 + N + M
-
- BLOCK STRUCTURE DESCRIPTOR (BSD): Defines the structure and algorithm
- to use for the STRUCTURED AUTHENTICATOR. BSD values from
- 0x00000000 to 0x00007FFF are assigned by IANA, while
- values 0x00008000 to 0x00008FFF are for private use.
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 40]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- AUTHENTICATION BLOCK LENGTH: Defines the length of the authentication
- block, beginning with the BSD field and running through
- the last byte of the STRUCTURED AUTHENTICATOR.
-
- TIMESTAMP: This is an 8-byte unsigned, fixed-point integer giving the
- number of seconds since 00:00:00 GMT on January 1, 1970.
-
- SPI STRING LENGTH: The length of the SPI STRING field.
-
- SPI STRING (Security Parameters Index): Index to the key and
- algorithm used by the message recipient to decode the
- STRUCTURED AUTHENTICATOR field.
-
- STRUCTURED AUTHENTICATOR: Contains the digital signature. For the
- default BSD value of 0x0002, this field SHALL contain the
- binary ASN.1 encoding of output values from the DSA with
- SHA-1 signature calculation as specified in Section 2.2.2
- of [RFC3279].
-
-5.6. Registration and Query Messages
-
- The iSNSP registration and query message PDU Payloads contain a list
- of attributes, and have the following format:
-
- +----------------------------------------+
- | Source Attribute (Requests Only) |
- +----------------------------------------+
- | Message Key Attribute[1] (if present) |
- +----------------------------------------+
- | Message Key Attribute[2] (if present) |
- +----------------------------------------+
- | . . . |
- +----------------------------------------+
- | - Delimiter Attribute - |
- +----------------------------------------+
- | Operating Attribute[1] (if present) |
- +----------------------------------------+
- | Operating Attribute[2] (if present) |
- +----------------------------------------+
- | Operating Attribute[3] (if present) |
- +----------------------------------------+
- | . . . |
- +----------------------------------------+
-
- Each Source, Message Key, Delimiter, and Operating attribute is
- specified in the PDU Payload using the Tag-Length-Value (TLV) data
- format. iSNS Registration and Query messages are sent by iSNS Clients
-
-
-
-
-Tseng, et al. Standards Track [Page 41]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- to the iSNS server IP Address and well-known TCP/UDP Port. The iSNS
- Responses will be sent to the iSNS Client IP address and TCP/UDP port
- number from the original request message.
-
-5.6.1. Source Attribute
-
- The Source Attribute is used to identify the Storage Node to the iSNS
- server for queries and other messages that require source
- identification. The Source Attribute uniquely identifies the source
- of the message. Valid Source Attribute types are shown below.
-
- Valid Source Attributes
- -----------------------
- iSCSI Name
- FC Port Name WWPN
-
- For a query operation, the Source Attribute is used to limit the
- scope of the specified operation to the Discovery Domains of which
- the source is a member. Special Control Nodes, identified by the
- Source Attribute, may be administratively configured to perform the
- specified operation on all objects in the iSNS database without
- scoping to Discovery Domains.
-
- For messages that change the contents of the iSNS database, the iSNS
- server MUST verify that the Source Attribute identifies either a
- Control Node or a Storage Node that is a part of the Network Entity
- containing the added, deleted, or modified objects.
-
-5.6.2. Message Key Attributes
-
- Message Key attributes are used to identify matching objects in the
- iSNS database for iSNS query and registration messages. If present,
- the Message Key MUST be a Registration or Query Key for an object as
- described in Sections 5.6.5 and 6.1. A Message Key is not required
- when a query spans the entire set of objects available to the Source
- or a registration is for a new Entity.
-
- iSCSI Names used in the Message Key MUST be normalized according to
- the stringprep template [STRINGPREP]. Entity Identifiers (EIDs) used
- in the Message Key MUST be normalized according to the nameprep
- template [NAMEPREP].
-
-5.6.3. Delimiter Attribute
-
- The Delimiter Attribute separates the Message Key attributes from the
- Operating Attributes in a PDU Payload. The Delimiter Attribute has a
- tag value of 0 and a length value of 0. The Delimiter Attribute is
- always 8 bytes long (a 4-byte tag field and a 4-byte length field,
-
-
-
-Tseng, et al. Standards Track [Page 42]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- all containing zeros). If a Message Key is not required for a
- message, then the Delimiter Attribute immediately follows the Source
- Attribute.
-
-5.6.4. Operating Attributes
-
- The Operating Attributes are a list of one or more key and non-key
- attributes related to the actual iSNS registration or query operation
- being performed.
-
- Operating Attributes include object key attributes and non-key
- attributes. Object key attributes uniquely identify iSNS objects.
- Key attributes MUST precede the non-key attributes of each object in
- the Operating Attributes. The tag value distinguishes the attribute
- as an object key attribute (i.e., tag=1, 16&17, 32, 64, and 96) or a
- non-key attribute. iSCSI Names used in the Operating Attributes MUST
- be normalized according to the stringprep template [STRINGPREP].
- Entity Identifiers (EIDs) used in the Operating Attributes MUST be
- normalized according to the nameprep template [NAMEPREP].
-
- The ordering of Operating Attributes in the message is important for
- determining the relationships among objects and their ownership of
- non-key attributes. iSNS protocol messages that violate these
- ordering rules SHALL be rejected with the Status Code of 2 (Message
- Format Error). See the message descriptions for proper operating
- attribute ordering requirements.
-
- Some objects are keyed by more than one object key attribute value.
- For example, the Portal object is keyed by attribute tags 16 and 17.
- When describing an object keyed by more than one key attribute, every
- object key attribute of that object MUST be listed sequentially by
- tag value in the message before non-key attributes of that object and
- key attributes of the next object. A group of key attributes of this
- kind is treated as a single logical key attribute when identifying an
- object.
-
- Non-key attributes that immediately follow key attributes MUST be
- attributes of the object referenced by the key attributes. All non-
- key attributes of an object MUST be listed before the object key
- attributes introducing the next object.
-
- Objects MUST be listed in inheritance order, according to their
- containment order. Storage Node and Portal objects and their
- respective attributes MUST follow the Network Entity object to which
- they have a relationship. Similarly, FC Device objects MUST follow
- the Storage Node object to which they have a relationship.
-
-
-
-
-
-Tseng, et al. Standards Track [Page 43]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Vendor-specific objects defined by tag values in the range 1537-2048
- have the same requirements described above.
-
-5.6.4.1. Operating Attributes for Query and Get Next Requests
-
- In Query and Get Next request messages, TLV attributes with length
- value of 0 are used to indicate which Operating Attributes are to be
- returned in the corresponding response. Operating Attribute values
- that match the TLV attributes in the original message are returned in
- the response message.
-
-5.6.5. Registration and Query Request Message Types
-
- The following describes each query and message type.
-
-5.6.5.1. Device Attribute Registration Request (DevAttrReg)
-
- The DevAttrReg message type is 0x0001. The DevAttrReg message
- provides the means for iSNS clients to update existing objects or
- register new objects. The value of the replace bit in the FLAGs
- field determines whether the DevAttrReg message updates or replaces
- an existing registration.
-
- The Source Attribute identifies the Node initiating the registration
- request.
-
- The Message Key identifies the object the DevAttrReg message acts
- upon. It MUST contain the key attribute(s) identifying an object.
- This object MUST contain all attributes and related subordinate
- object attributes that will be included in the Operating Attributes
- of the DevAttrReg PDU Payload. The key attribute(s) identifying this
- object MUST also be included among the Operating Attributes.
-
- If the Message Key contains an EID and no pre-existing objects match
- the Message Key, then the DevAttrReg message SHALL create a new
- Entity with the specified EID and any new object(s) specified by the
- Operating Attributes. The replace bit SHALL be ignored.
-
- If the Message Key does not contain an EID, and no pre-existing
- objects match the Message Key, then the DevAttrReg message SHALL be
- rejected with a status code of 3 (Invalid Registration).
-
- If the Message Key is not present, then the DevAttrReg message
- implicitly registers a new Network Entity. In this case, the replace
- bit SHALL be ignored; a new Network Entity SHALL be created.
- Existing entities, their objects, and their relationships remain
- unchanged.
-
-
-
-
-Tseng, et al. Standards Track [Page 44]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- The replace bit determines the kind of operation conducted on the
- object identified in the DevAttrReg Message Key. The replace bit
- only applies to the DevAttrReg message; it is ignored for all other
- message types.
-
- If the replace bit is set, then the objects, attributes, and
- relationships specified in the Operating Attributes SHALL replace the
- object identified by the Message Key. The object and all of its
- subordinate objects SHALL be deregistered, and the appropriate SCNs
- SHALL be sent by the iSNS server for the deregistered objects. The
- objects listed in the Operating Attributes are then used to replace
- the just-deregistered objects. Note that additional SCNs SHALL be
- sent for the newly-registered objects, if appropriate. Existing
- objects and relationships that are not identified or that are
- subordinate to the object identified by the Message Key MUST NOT be
- affected or changed.
-
- If the replace bit is not set, then the message updates the
- attributes of the object identified by the Message Key and its
- subordinate objects. Existing object containment relationships MUST
- NOT be changed. For existing objects, key attributes MUST NOT be
- modified, but new subordinate objects MAY be added.
-
- The Operating Attributes represent objects, attributes, and
- relationships that are to be registered. Multiple related objects
- and attributes MAY be registered in a single DevAttrReg message. The
- ordering of the objects in this message indicates the structure of,
- and associations among, the objects to be registered. At least one
- object MUST be listed in the Operating Attributes. Additional
- objects (if any) MUST be subordinate to the first object listed. Key
- attributes MUST precede non-key attributes of each object. A given
- object may only appear a maximum of once in the Operating Attributes
- of a message. If the Node identified by the Source Attribute is not
- a Control Node, then the objects in the operating attributes MUST be
- members of the same Network Entity as the Source Node.
-
- For example, to establish relationships between a Network Entity
- object and its Portal and Storage Node objects, the Operating
- Attributes list the key and non-key attributes of the Network Entity
- object, followed by the key and non-key attributes of each Portal and
- Storage Node object to be linked to that Network Entity. Similarly,
- an FC Device object that follows a Storage Node object is considered
- subordinate to that Storage Node.
-
- New PG objects are registered when an associated Portal or iSCSI Node
- object is registered. An explicit PG object registration MAY follow
- a Portal or iSCSI Node object registration in a DevAttrReg message.
-
-
-
-
-Tseng, et al. Standards Track [Page 45]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- When a Portal is registered, the Portal attributes MAY immediately be
- followed by a PGT attribute. The PGT attribute SHALL be followed by
- the set of PG iSCSI Names representing nodes that will be associated
- to the Portal using the indicated PGT value. Additional sets of PGTs
- and PG iSCSI Names to be associated to the registered Portal MAY
- follow. Indicated PGT values are assigned to the PG object
- associated with the newly registered Portal and to the iSCSI Storage
- Node(s) referenced immediately following the PGT attribute in the
- operating attributes.
-
- When an iSCSI Storage Node is registered, the Storage Node attributes
- MAY immediately be followed by a PGT attribute. The PGT attribute
- SHALL be followed by the set of PG Portal IP-Address, PG TCP/UDP Port
- pairs representing Portal objects that will be associated with the
- Storage Node using the indicated PGT value. Additional sets of PGTs
- and PG Portal IP-Address PG TCP/UDP Port pairs to be associated with
- the registered Storage Node MAY follow. Indicated PGT values are
- assigned to the PG object associated with the newly registered iSCSI
- Storage Node and Portal object(s) referenced immediately following
- the PGT attribute in the operating attributes.
-
- If the PGT value is not included in the Storage Node or Portal object
- registration, and if a PGT value was not previously registered for
- the relationship, then the PGT for the corresponding PG object SHALL
- be registered with a value of 0x00000001. If the PGT attribute is
- included in the registration message as a 0-length TLV, then the PGT
- value for the corresponding PG object SHALL be registered as NULL. A
- 0-length TLV for the PGT in an update registration message overwrites
- the previous PGT value with NULL, indicating that there is no
- relationship between the Storage Node and Portal.
-
- A maximum of one Network Entity object can be created or updated with
- a single DevAttrReg message. Consequently, the Operating Attributes
- MUST NOT contain more than one Network Entity object. There is no
- limit to the number of Portal, Storage Node, and FC Device objects
- that can listed in the Operating Attributes, provided they are all
- subordinate to the listed Network Entity object.
-
- If the Message Key and Operating Attributes do not contain an EID
- attribute, or if the EID attribute has a length of 0, then a new
- Network Entity object SHALL be created and the iSNS server SHALL
- supply a unique EID value for it. The assigned EID value SHALL be
- included in the DevAttrReg Response message. If the Message Key and
- Operating Attributes contain an EID that does not match the EID of an
- existing Network Entity in the iSNS database, then a new Network
- Entity SHALL be created and assigned the value contained in that EID
- attribute. Finally, if the Message Key and Operating Attributes
- contain an EID that matches the EID of an existing object in the iSNS
-
-
-
-Tseng, et al. Standards Track [Page 46]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- database, then the objects, attributes, and relationships specified
- in the Operating Attributes SHALL be appended to the existing Network
- Entity identified by the EID.
-
- A registration message that creates a new Network Entity object MUST
- contain at least one Portal or one Storage Node. If the message does
- not, then it SHALL be considered invalid and result in a response
- with Status Code of 3 (Invalid Registration).
-
- If an iSNS Server does not support a registration feature, such as
- explicit PG object registration, then the server SHALL return a
- Status Code of 23 (Registration Feature Not Supported).
-
- Note that the iSNS server may modify or reject the registration of
- certain attributes, such as ESI Interval. In addition, the iSNS
- server may assign values for additional Operating Attributes that are
- not explicitly registered in the original DevAttrReg message, such as
- the EID and WWNN Token.
-
-5.6.5.2. Device Attribute Query Request (DevAttrQry)
-
- The DevAttrQry message type is 0x0002. The DevAttrQry message
- provides an iSNS client with the means to query the iSNS server for
- object attributes.
-
- The Source Attribute identifies the Node initiating the request. For
- non-Control Nodes initiating the DevAttrQry message, the query is
- scoped to the Discovery Domains of which the initiating Node is a
- member. The DevAttrQry message SHALL only return information on
- Storage Nodes and their related parent and subordinate objects, where
- the Storage Node has a common Discovery Domain with the Node
- identified in the Source Attribute.
-
- The Message Key may contain key or non-key attributes or no
- attributes at all. If multiple attributes are used as the Message
- Key, then they MUST all be from the same object type (e.g., IP
- address and TCP/UDP Port are attributes of the Portal object type).
- A Message Key with non-key attributes may match multiple instances of
- the specific object type. A Message Key with zero-length TLV(s) is
- scoped to every object of the type indicated by the zero-length
- TLV(s). An empty Message Key field indicates the query is scoped to
- the entire database accessible by the source Node.
-
- The DevAttrQry response message returns attributes of objects listed
- in the Operating Attributes that are related to the Message Key of
- the original DevAttrQry message. The Operating Attributes of the
- DevAttrQry message contain zero-length TLVs that specify the
- attributes that are to be returned in the DevAttrQryRsp message. A
-
-
-
-Tseng, et al. Standards Track [Page 47]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Message Key containing zero-length TLVs indicates that the set of
- attributes specified in the Operating Attributes are to be returned
- for each object matching the type indicated by the Message Key.
-
- If the Message Key contains non-zero length TLVs, then Operating
- Attributes for the object matching the Message Key SHALL be returned
- in the DevAttrQryRsp message. Each attribute type (i.e., zero-length
- TLV) in the Operating Attributes indicates an attribute from the
- object matching the Message Key, or from other objects in the same
- Entity having a relationship to the object matching the Message Key,
- is to be returned in the response. The ordering of the object keys
- and associated attributes returned in the DevAttrQry response message
- SHALL be the same as in the original query message. If no objects
- match the Message Key, then the DevAttrQryRsp message SHALL NOT
- return any operating attributes. Such a message and its
- corresponding response SHALL NOT be considered an error.
-
- The Portal Group object determines whether a relationship exists
- between a given Storage Node and Portal object. If the PGT of the
- Portal Group is not NULL, then a relationship exists between the
- indicated Storage Node and Portal; if the PGT is NULL, then no
- relationship exists. Therefore, the value (NULL or not NULL) of the
- PGT attribute of each Portal Group object determines the structure
- and ordering of the DevAttrQry response to a query for Storage Nodes
- and Portals.
-
- For example, an iSNS database contains a Network Entity having two
- Portals and two Nodes. Each Storage Node has two Portal Groups, one
- with a NULL PGT value for one Portal and another with a non-NULL PGT
- value for the other Portal. The DevAttrQry message contains a
- Message Key entry matching one of the Nodes, and Operating Attributes
- with zero-length TLVs listing first the Node attributes, Portal
- attributes, and then the PG attributes. The response message SHALL
- therefore return first the matching Node object, then the requested
- attributes of the one Portal object that can be used to access the
- Storage Node (as indicated by the PGT), and finally the requested
- attributes of the PG object used to access that Storage Node. The
- order in which each object's attributes are listed is the same as the
- ordering of the object's attributes in the Operating Attributes of
- the original request message.
-
- If the Message Key Attribute contains zero-length TLV(s), then the
- query returns requested attributes for all objects matching the
- Message Key type (DD restrictions SHALL apply for non-Control Nodes).
- If multiple objects match the Message Key type, then the attributes
- for each object matching the Message Key MUST be listed before the
- attributes for the next matching object are listed in the query
-
-
-
-
-Tseng, et al. Standards Track [Page 48]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- response. In other words, the process described above must be
- iterated in the message response for each object that matches the
- Message Key type specified by the zero-length TLV(s).
-
- For example, an iSNS database contains only one Network Entity having
- two Portals and three Nodes. All PG objects in the Entity have a PGT
- value of 0x00000001. In the DevAttrQry message, the Message Key
- contains a zero-length TLV specifying a Node type, and Operating
- Attributes listing first the Node attributes, and then the Portal
- attributes. The response message will return, in the following
- order, the attributes for the first, next, and last Node objects,
- each followed by attributes for both Portals. If that same
- DevAttrQry message had instead contained a zero-length TLV specifying
- the Network Entity type, then the response message would have
- returned attributes for all three Node objects, followed by
- attributes for the two Portals.
-
- If there is no Message Key Attribute, then the query returns all
- attributes in the iSNS database (once again, DD restrictions SHALL
- apply for non-Control Nodes). All attributes matching the type
- specified by each zero-length TLV in the Operating Attributes SHALL
- be listed. All attributes of each type SHALL be listed before the
- attributes matching the next zero-length TLV are listed.
-
- For example, an iSNS database contains two Entities, each having two
- Nodes and two Portals. The DevAttrQry message contains no Message
- Key attribute, and Operating Attributes list first the Portal
- attributes, and then the Node attributes. The Operating Attributes
- of the response message will return attributes from each of the four
- Portals, followed by attributes from each of the four nodes.
-
- If a DevAttrQry message requests an attribute for which the iSNS
- server has no value, then the server SHALL NOT return the requested
- attribute in the query response. Such query and response messages
- SHALL NOT be considered errors.
-
- Registration and query messages for iSNS server-specific attributes
- (i.e., tags in the range 132 to 384) SHALL be formatted using the
- identifying key attribute of the Storage Node originating the query
- (i.e., iSCSI Name or FC Port Name WWPN) for both the Source Attribute
- and Message Key attribute. Operating Attributes SHALL include the
- TLV of the server-specific attribute being requested.
-
- DD membership can be discovered through the DevAttrQry message by
- including either DD member attributes (i.e., DD Member iSCSI Index,
- DD Member iSCSI Node, DD Member iFCP Node, DD Member Portal Index, DD
- Member Portal IP Addr, and DD Member Portal TCP/UDP) or the object
- key of the Storage Node or Portal (i.e., iSCSI Name, iSCSI Index,
-
-
-
-Tseng, et al. Standards Track [Page 49]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Portal IP Addr, Portal TCP/UDP Port, and Portal Index) in the
- Operating Attributes. Using DD member attributes SHALL return both
- registered and unregistered member Storage Nodes and/or Portals of a
- DD. DevAttrQry messages using the Storage Node and/or Portal object
- key SHALL return only member Storage Nodes or Portals that are
- currently registered in the iSNS database.
-
- The DevAttrQry message SHALL support the following minimum set of
- Message Key Attributes:
-
- Valid Message Key Attributes for Queries
- ----------------------------------------
- Entity Identifier
- Entity Protocol
- Portal IP-Address & Portal TCP/UDP Port
- Portal Index
- iSCSI Node Type
- iSCSI Name
- iSCSI Index
- PG Index
- FC Port Name WWPN
- FC Port Type
- FC-4 Type
- Discovery Domain ID
- Discovery Domain Set ID
- Source Attribute (for server-specific attributes)
- Switch Name (FC Device WWNN--for Virtual_Fabric_ID queries)
-
-5.6.5.3. Device Get Next Request (DevGetNext)
-
- The DevGetNext message type is 0x0003. This message provides the
- iSNS client with the means to retrieve each and every instance of an
- object type exactly once.
-
- The Source Attribute identifies the Node initiating the DevGetNext
- request, and is used to scope the retrieval process to the Discovery
- Domains of which the initiating Node is a member.
-
- The Message Key Attribute may be an Entity Identifier (EID), iSCSI
- Name, iSCSI Index, Portal IP Address and TCP/UDP Port, Portal Index,
- PG Index, FC Node Name WWNN, or FC Port Name WWPN. If the TLV length
- of the Message Key Attribute(s) is zero, then the first object entry
- in the iSNS database matching the Message Key type SHALL be returned
- in the Message Key of the corresponding DevGetNextRsp message. If
- non-zero-length TLV attributes are contained in the Message Key, then
- the DevGetNext response message SHALL return the next object stored
- after the object identified by the Message Key in the original
- DevGetNext request message.
-
-
-
-Tseng, et al. Standards Track [Page 50]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- If the Message Key provided matches the last object instance in the
- iSNS database, then the Status Code of 9 (No Such Entry) SHALL be
- returned in the response.
-
- The Operating Attributes can be used to specify the scope of the
- DevGetNext request, and to specify the attributes of the next object,
- which are to be returned in the DevGetNext response message. All
- Operating Attributes MUST be attributes of the object type identified
- by the Message Key. For example, if the Message Key is an Entity_ID
- attribute, then the Operating Attributes MUST NOT contain attributes
- of Portals.
-
- Non-zero-length TLV attributes in the Operating Attributes are used
- to scope the DevGetNext message. Only the next object with attribute
- values that match the non-zero-length TLV attributes SHALL be
- returned in the DevGetNext response message.
-
- Zero-length TLV attributes MUST be listed after non-zero-length
- attributes in the Operating Attributes of the DevGetNext request
- message. Zero-length TLV attributes specify the attributes of the
- next object which are to be returned in the DevGetNext response
- message.
-
- Note that there are no specific requirements concerning the order in
- which object entries are retrieved from the iSNS database; the
- retrieval order of object entries using the DevGetNext message is
- implementation specific.
-
- The iSNS client is responsible for ensuring that information acquired
- through use of the DevGetNext message is accurate and up-to-date.
- There is no assurance that the iSNS database will not change between
- successive DevGetNext request messages. If the Message Key provided
- does not match an existing database entry, then attributes for the
- next object key following the provided Message Key SHALL be returned.
- For example, an object entry may have been deleted between successive
- DevGetNext messages. This may result in a DevGetNext request in
- which the Message Key does not match an existing object entry. In
- this case, attributes for the next object stored in the iSNS database
- are returned.
-
-5.6.5.4. Device Deregister Request (DevDereg)
-
- The DevDereg message type is 0x0004. This message is used to remove
- object entries from the iSNS database. One or more objects may be
- removed through a single DevDereg message. Note that deregistered
- Storage Node objects will retain membership in their Discovery
- Domain(s) until explicit deregistration of the membership(s) or
- Discovery Domain(s).
-
-
-
-Tseng, et al. Standards Track [Page 51]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Upon receiving the DevDereg, the iSNS server removes all objects
- identified by the Operating Attribute(s), and all subordinate objects
- that are solely dependent on those identified objects. For example,
- removal of a Network Entity also results in removal of all associated
- Portal, Portal Group, Storage Node, and FC Device objects associated
- with that Network Entity. FC Device objects SHALL not be
- deregistered in this manner unless all Storage Nodes associated with
- them have been deregistered.
-
- The DevDereg request PDU Payload contains a Source Attribute and
- Operating Attribute(s); there are no Message Key Attributes. If the
- Node identified by the Source Attribute is not a Control Node, then
- it MUST be from the same Network Entity as the object(s) identified
- for removal by the Operating Attribute(s). Valid Operating
- Attributes are shown below:
-
- Valid Operating Attributes for DevDereg
- ---------------------------------------
- Entity Identifier
- Portal IP-Address & Portal TCP/UDP Port
- Portal Index
- iSCSI Name
- iSCSI Index
- FC Port Name WWPN
- FC Node Name WWNN
-
- The removal of the object may result in SCN messages to the
- appropriate iSNS clients.
-
- Attempted deregistration of non-existing entries SHALL not be
- considered an error.
-
- If all Nodes and Portals associated with a Network Entity are
- deregistered, then the Network Entity SHALL also be removed.
-
- If both the Portal and iSCSI Storage Node objects associated with a
- Portal Group object are removed, then that Portal Group object SHALL
- also be removed. The Portal Group object SHALL remain registered as
- long as either of its associated Portal or iSCSI Storage Node objects
- remain registered. If a deleted Storage Node or Portal object is
- subsequently re-registered, then a relationship between the re-
- registered object and an existing Portal or Storage Node object
- registration, indicated by the PG object, SHALL be restored.
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 52]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-5.6.5.5. SCN Register Request (SCNReg)
-
- The SCNReg message type is 0x0005. The State Change Notification
- Registration Request (SCNReg) message allows an iSNS client to
- register a Storage Node to receive State Change Notification (SCN)
- messages.
-
- The SCN notifies the Storage Node of changes to any Storage Nodes
- within any DD of which it is a member. If the Storage Node is a
- Control Node, it SHALL receive SCN notifications for changes in the
- entire network. Note that whereas SCNReg sets the SCN Bitmap field,
- the DevAttrReg message registers the UDP or TCP Port used by each
- Portal to receive SCN messages. If no SCN Port fields of any Portals
- of the Storage Node are registered to receive SCN messages, then the
- SCNReg message SHALL be rejected with Status Code 17 (SCN
- Registration Rejected).
-
- The SCNReg request PDU Payload contains a Source Attribute, a Message
- Key Attribute, and an Operating Attribute. Valid Message Key
- Attributes for a SCNReg are shown below:
-
- Valid Message Key Attributes for SCNReg
- ---------------------------------------
- iSCSI Name
- FC Port Name WWPN
-
- The node with the iSCSI Name or FC Port Name WWPN attribute that
- matches the Message Key in the SCNReg message is registered to
- receive SCNs using the specified SCN bitmap. A maximum of one Node
- SHALL be registered for each SCNReg message.
-
- The SCN Bitmap is the only operating attribute of this message, and
- it always overwrites the previous contents of this field in the iSNS
- database. The bitmap indicates the SCN event types for which the
- Node is registering.
-
- Note that the settings of this bitmap determine whether the SCN
- registration is for regular SCNs or management SCNs. Control Nodes
- MAY conduct registrations for management SCNs; iSNS clients that are
- not supporting Control Nodes MUST NOT conduct registrations for
- management SCNs. Control Nodes that register for management SCNs
- receive a copy of every SCN message generated by the iSNS server. It
- is recommended that management registrations be used only when needed
- in order to conserve iSNS server resources. In addition, a Control
- Node that conducts such registrations should be prepared to receive
- the anticipated volume of SCN message traffic.
-
-
-
-
-
-Tseng, et al. Standards Track [Page 53]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-5.6.5.6. SCN Deregister Request (SCNDereg)
-
- The SCNDereg message type is 0x0006. The SCNDereg message allows an
- iSNS client to stop receiving State Change Notification (SCN)
- messages.
-
- The SCNDereg request message PDU Payload contains a Source Attribute
- and Message Key Attribute(s). Valid Message Key Attributes for a
- SCNDereg are shown below:
-
- Valid Message Key Attributes for SCNDereg
- -----------------------------------------
- iSCSI Name
- FC Port Name WWPN
-
- The node with an iSCSI Name or FC Port Name WWPN attribute that
- matches the Message Key Attributes in the SCNDereg message is
- deregistered for SCNs. The SCN bitmap field of such Nodes are
- cleared. A maximum of one Node SHALL be deregistered for each
- SCNDereg message.
-
- There are no Operating Attributes in the SCNDereg message.
-
-5.6.5.7. SCN Event (SCNEvent)
-
- The SCNEvent message type is 0x0007. The SCNEvent is a message sent
- by an iSNS client to request generation of a State Change
- Notification (SCN) message by the iSNS server. The SCN, sent by the
- iSNS server, then notifies iFCP, iSCSI, and Control Nodes within the
- affected DD of the change indicated in the SCNEvent.
-
- Most SCNs are automatically generated by the iSNS server when Nodes
- are registered or deregistered from the directory database. SCNs are
- also generated when a network management application or Control Node
- makes changes to the DD membership in the iSNS server. However, an
- iSNS client can trigger an SCN by using SCNEvent.
-
- The SCNEvent message PDU Payload contains a Source Attribute, a
- Message Key Attribute, and an Operating Attribute. Valid Key
- Attributes for a SCNEvent are shown below:
-
- Valid Message Key Attributes for SCNEvent
- -----------------------------------------
- iSCSI Name
- FC Port Name WWPN
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 54]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- The Operating Attributes section SHALL contain the SCN Event Bitmap
- attribute. The bitmap indicates the event that caused the SCNEvent
- to be generated.
-
-5.6.5.8. State Change Notification (SCN)
-
- The SCN message type is 0x0008. The SCN is a message generated by
- the iSNS server, notifying a registered Storage Node of changes.
- There are two types of SCN registrations: regular registrations and
- management registrations. Regular SCNs notify iSNS clients of events
- within the discovery domain. Management SCNs notify Control Nodes
- that register for management SCNs of events occurring anywhere in the
- network.
-
- If no active TCP connection to the SCN recipient exists, then the SCN
- message SHALL be sent to one Portal of the registered Storage Node
- that has a registered TCP or UDP Port value in the SCN Port field.
- If more than one Portal of the Storage Node has a registered SCN Port
- value, then the SCN SHALL be delivered to any one of the indicated
- Portals, provided that the selected Portal is not the subject of the
- SCN.
-
- The types of events that can trigger an SCN message, and the amount
- of information contained in the SCN message, depend on the registered
- SCN Event Bitmap for the Storage Node. The iSCSI Node SCN Bitmap is
- described in Section 6.4.4. The iFCP SCN Bitmap is described in
- Section 6.6.12.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 55]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- The format of the SCN PDU Payload is shown below:
-
- +----------------------------------------+
- | Destination Attribute |
- +----------------------------------------+
- | Timestamp |
- +----------------------------------------+
- | Source SCN Bitmap 1 |
- +----------------------------------------+
- | Source Attribute [1] |
- +----------------------------------------+
- | Source Attribute [2](if present) |
- +----------------------------------------+
- | Source Attribute [3](if present) |
- +----------------------------------------+
- | Source Attribute [n](if present) |
- +----------------------------------------+
- | Source SCN Bitmap 2 (if present) |
- +----------------------------------------+
- | . . . |
- +----------------------------------------+
-
- All PDU Payload attributes are in TLV format.
-
- The Destination Attribute is the Node identifier that is receiving
- the SCN. The Destination Attribute can be an iSCSI Name or FC Port
- Name.
-
- The Timestamp field, using the Timestamp TLV format, described in
- Section 6.2.4, indicates the time the SCN was generated.
-
- The Source SCN Bitmap field indicates the type of SCN notification
- (i.e., regular or management SCN), and the type of event that caused
- the SCN to be generated; it does not necessarily correlate with the
- original SCN bitmap registered in the iSNS server.
-
- Following the timestamp, the SCN message SHALL list the SCN bitmap,
- followed by the key attribute (i.e., iSCSI Name or FC Port Name) of
- the Storage Node affected by the SCN event. If the SCN is a
- Management SCN, then the SCN message SHALL also list the DD_ID and/or
- DDS_ID of the Discovery Domains and Discovery Domain Sets (if any)
- that caused the change in state for that Storage Node. These
- additional attributes (i.e., DD_ID and/or DDS_ID) shall immediately
- follow the iSCSI Name or FC Port Name and precede the next SCN bitmap
- for the next notification message (if any). The SCN bitmap is used
- as a delineator for SCN messages providing multiple state change
- notifications.
-
-
-
-
-Tseng, et al. Standards Track [Page 56]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- For example, a regular SCN for notifying an iSNS client of a new
- Portal available for a particular iSCSI target would contain the SCN
- bitmap followed by the iSCSI Name of the target device as the source
- attribute. If the SCN were a management SCN, then the iSCSI Name
- would be followed by the DD_ID(s) of the shared Discovery Domains
- that allow the destination Storage Node to have visibility to the
- affected Storage Node. If a Discovery Domain Set (DDS) was enabled
- in order to provide this visibility, then the appropriate DDS_ID
- would be included as well.
-
- A management SCN is also generated to notify a Control Node of the
- creation, deletion, or modification of a Discovery Domain or
- Discovery Domain Set. In this case, the DD_ID and/or DDS_ID of the
- affected Discovery Domain and/or Discovery Domain Set would follow
- the SCN bitmap.
-
- For example, a management SCN to notify a Control Node of a new DD
- within a Discovery Domain Set would contain both the DD_ID and the
- DDS_ID of the affected Discovery Domain and Discovery Domain Set
- among the Source Attributes.
-
- See Sections 6.4.4 and 6.6.12 for additional information on the SCN
- Bitmap.
-
-5.6.5.9. DD Register (DDReg)
-
- The DDReg message type is 0x0009. This message is used to create a
- new Discovery Domain (DD), to update an existing DD Symbolic Name
- and/or DD Features attribute, and to add DD members.
-
- DDs are uniquely defined using DD_IDs. DD registration attributes
- are described in Section 6.11.
-
- The DDReg message PDU Payload contains the Source Attribute and
- optional Message Key and Operating Attributes.
-
- The Message Key, if used, contains the DD_ID of the Discovery Domain
- to be registered. If the Message Key contains a DD_ID of an existing
- DD entry in the iSNS database, then the DDReg message SHALL attempt
- to update the existing entry. If the DD_ID in the Message Key (if
- used) does not match an existing DD entry, then the iSNS server SHALL
- reject the DDReg message with a status code of 3 (Invalid
- Registration). If the DD_ID is included in both the Message Key and
- Operating Attributes, then the DD_ID value in the Message Key MUST be
- the same as the DD_ID value in the Operating Attributes.
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 57]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- A DDReg message with no Message Key SHALL result in the attempted
- creation of a new Discovery Domain (DD). If the DD_ID attribute
- (with non-zero length) is included among the Operating Attributes in
- the DDReg message, then the new Discovery Domain SHALL be assigned
- the value contained in that DD_ID attribute. Otherwise, if the DD_ID
- attribute is not contained among the Operating Attributes of the
- DDReg message, or if the DD_ID is an operating attribute with a TLV
- length of 0, then the iSNS server SHALL assign a DD_ID value. The
- assigned DD_ID value is then returned in the DDReg Response message.
- The Operating Attributes can also contain the DD Member iSCSI Node
- Index, DD Member iSCSI Name, DD Member FC Port Name, DD Member Portal
- IP Address, DD Member Portal TCP/UDP Port Number, or DD Member Portal
- Index of members to be added to the DD. It may also contain the
- DD_Symbolic_Name and/or DD_Features of the DD.
-
- This message SHALL add any DD members listed as Operating Attributes
- to the Discovery Domain specified by the DD_ID. If the DD_Features
- attribute is an Operating Attribute, then it SHALL be stored in the
- iSNS server as the feature list for the specified DD. If the
- DD_Symbolic_Name is an operating attribute and its value is unique
- (i.e., it does not match the registered DD_Symbolic_Name for another
- DD), then the value SHALL be stored in the iSNS database as the
- DD_Symbolic_Name for the specified Discovery Domain. If the value
- for the DD_Symbolic_Name is not unique, then the iSNS server SHALL
- reject the attempted DD registration with a status code of 3 (Invalid
- Registration).
-
- When creating a new DD, if the DD_Symbolic_Name is not included in
- the Operating Attributes, or if it is included with a zero-length
- TLV, then the iSNS server SHALL provide a unique DD_Symbolic_Name
- value for the created DD. The assigned DD_Symbolic_Name value SHALL
- be returned in the DDRegRsp message.
-
- When creating a new DD, if the DD_Features attribute is not included
- in the Operating Attributes, then the iSNS server SHALL assign the
- default value. The default value for DD_Features is 0.
-
- DD Member iSCSI Name, DD Member iFCP Node, DD Member Portal IP
- Address, and DD Member TCP/UDP Port Number attributes included in the
- Operating Attributes need not match currently existing iSNS database
- entries. This allows, for example, a Storage Node to be added to a
- DD even if the Storage Node is not currently registered in the iSNS
- database. A Storage Node or Portal can thereby be added to a DD at
- the time of the DDs creation, even if the Storage Node or Portal is
- not currently active in the storage network.
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 58]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- If the Operating Attributes contain a DD Member iSCSI Name value for
- a Storage Node that is currently not registered in the iSNS database,
- then the iSNS server MUST allocate an unused iSCSI Node Index for
- that Storage Node. The assigned iSCSI Node Index SHALL be returned
- in the DDRegRsp message as the DD Member iSCSI Node Index. The
- allocated iSCSI Node Index value SHALL be assigned to the Storage
- Node if and when it registers in the iSNS database.
-
- If the Operating Attributes contain a DD Member Portal IP Addr and DD
- Member Portal TCP/UDP value for a Portal that is not currently
- registered in the iSNS database, then the iSNS server MUST allocate
- an unused Portal Index value for that Portal. The assigned Portal
- Index value SHALL be returned in the DDRegRsp message as the DD
- Member Portal Index. The allocated Portal Index value SHALL be
- assigned to the Portal if and when it registers in the iSNS database.
-
- DD Member iSCSI Node Index and DD Member Portal Index attributes that
- are provided in the Operating Attributes MUST match a corresponding
- iSCSI Node Index or Portal Index of an existing Storage Node or
- Portal entry in the iSNS database. Furthermore, the DD Member iSCSI
- Node Index and DD Member Portal Index SHALL NOT be used to add
- Storage Nodes or Portals to a DD unless those Storage Nodes or
- Portals are actively registered in the iSNS database.
-
-5.6.5.10. DD Deregister (DDDereg)
-
- The DDDereg message type is 0x000A. This message allows an iSNS
- client to deregister an existing Discovery Domain (DD) and to remove
- members from an existing DD.
-
- DDs are uniquely identified using DD_IDs. DD registration attributes
- are described in Section 6.11.
-
- The DDDereg message PDU Payload contains a Source Attribute, Message
- Key Attribute, and optional Operating Attributes.
-
- The Message Key Attribute for a DDDereg message is the DD ID for the
- Discovery Domain being removed or having members removed. If the DD
- ID matches an existing DD and there are no Operating Attributes, then
- the DD SHALL be removed and a success Status Code returned. Any
- existing members of that DD SHALL remain in the iSNS database without
- membership in the just-removed DD.
-
- If the DD ID matches an existing DD and there are Operating
- Attributes matching DD members, then the DD members identified by the
- Operating Attributes SHALL be removed from the DD and a successful
- Status Code returned.
-
-
-
-
-Tseng, et al. Standards Track [Page 59]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- If a DD Member iSCSI Name identified in the Operating Attributes
- contains an iSCSI Name for a Storage Node that is not currently
- registered in the iSNS database or contained in another DD, then the
- association between that Storage Node and its pre-assigned iSCSI Node
- Index SHALL be removed. The pre-assigned iSCSI Node Index value no
- longer has an association to a specific iSCSI Name and can now be
- re-assigned.
-
- If a DD Member Portal IP Address and DD Member TCP/UDP Port
- identified in the Operating Attributes reference a Portal that is not
- currently registered in the iSNS database or contained in another DD,
- then the association between that Portal and its pre-assigned Portal
- Index SHALL be removed. The pre-assigned Portal Index value can now
- be reassigned.
-
- The attempted deregistration of non-existent DD entries SHALL not be
- considered an error.
-
-5.6.5.11. DDS Register (DDSReg)
-
- The DDSReg message type is 0x000B. This message allows an iSNS
- client to create a new Discovery Domain Set (DDS), to update an
- existing DDS Symbolic Name and/or DDS Status, or to add DDS members.
-
- DDSs are uniquely defined using DDS_IDs. DDS registration attributes
- are described in Section 6.11.1.
-
- The DDSReg message PDU Payload contains the Source Attribute and,
- optionally, Message Key and Operating Attributes.
-
- The Message Key, if used, contains the DDS_ID of the Discover Domain
- Set to be registered or modified. If the Message Key contains a
- DDS_ID of an existing DDS entry in the iSNS database, then the DDSReg
- message SHALL attempt to update the existing entry. If the DDS_ID in
- the Message Key (if used) does not match an existing DDS entry, then
- the iSNS server SHALL reject the DDSReg message with a status code of
- 3 (Invalid Registration). If the DDS_ID is included in both the
- Message Key and Operating Attributes, then the DDS_ID value in the
- Message Key MUST be the same as the DDS_ID value in the Operating
- Attributes.
-
- A DDSReg message with no Message Key SHALL result in the attempted
- creation of a new Discovery Domain Set (DDS). If the DDS_ID
- attribute (with non-zero length) is included among the Operating
- Attributes in the DDSReg message, then the new Discovery Domain Set
- SHALL be assigned the value contained in that DDS_ID attribute.
- Otherwise, if the DDS_ID attribute is not contained among the
- Operating Attributes of the DDSReg message, or if the DDS_ID is an
-
-
-
-Tseng, et al. Standards Track [Page 60]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- operating attribute with a TLV length of 0, then the iSNS server
- SHALL assign a DDS_ID value. The assigned DDS_ID value is then
- returned in the DDSReg Response message. The Operating Attributes
- can also contain the DDS_Symbolic_Name, the DDS Status, and the
- DD_IDs of Discovery Domains to be added to the DDS.
-
- When creating a new DDS, if the DDS Symbolic Name is included in the
- Operating Attributes and its value is unique (i.e., it does not match
- the registered DDS Symbolic Name for another DDS), then the value
- SHALL be stored in the iSNS database as the DDS Symbolic Name for
- that DDS. If the value for the DDS Symbolic Name is not unique, then
- the iSNS server SHALL reject the attempted DDS registration with a
- status code of 3 (Invalid Registration).
-
- When creating a new DDS, if the DDS Symbolic Name is not included in
- the Operating Attributes, or if it is included with a zero-length
- TLV, then the iSNS server SHALL provide a unique DDS Symbolic Name
- value for the created DDS. The assigned DDS Symbolic Name value
- SHALL be returned in the DDSRegRsp message.
-
- This message SHALL add any DD_IDs listed as Operating Attributes to
- the Discovery Domain Set specified by the DDS_ID Message Key
- Attribute. In addition, if the DDS_Symbolic_Name is an operating
- attribute and the value is unique, then it SHALL be stored in the
- iSNS database as the DDS_Symbolic_Name for the specified Discovery
- Domain Set.
-
- If a DD_ID listed in the Operating Attributes does not match an
- existing DD, then a new DD using the DD_ID SHALL be created. In this
- case for the new DD, the iSNS server SHALL assign a unique value for
- the DD Symbolic Name and SHALL set the DD Features attribute to the
- default value of 0. These assigned values SHALL be returned in the
- DDSRegRsp message.
-
-5.6.5.12. DDS Deregister (DDSDereg)
-
- The DDSDereg message type is 0x000C. This message allows an iSNS
- client to deregister an existing Discovery Domain Set (DDS) or to
- remove some DDs from an existing DDS.
-
- The DDSDereg message PDU Payload contains a Source Attribute, a
- Message Key Attribute, and optional Operating Attributes.
-
- The Message Key Attribute for a DDSDereg message is the DDS ID for
- the DDS being removed or having members removed. If the DDS ID
- matches an existing DDS and there are no Operating Attributes, then
-
-
-
-
-
-Tseng, et al. Standards Track [Page 61]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- the DDS SHALL be removed and a success Status Code returned. Any
- existing members of that DDS SHALL remain in the iSNS database
- without membership in the just-removed DDS.
-
- If the DDS ID matches an existing DDS, and there are Operating
- Attributes matching DDS members, then the DDS members SHALL be
- removed from the DDS and a success Status Code returned.
-
- The attempted deregistration of non-existent DDS entries SHALL not be
- considered an error.
-
-5.6.5.13. Entity Status Inquiry (ESI)
-
- The ESI message type is 0x000D. This message is sent by the iSNS
- server, and is used to verify that an iSNS client Portal is reachable
- and available. The ESI message is sent to the ESI UDP port provided
- during registration, or to the TCP connection used for ESI
- registration, depending on which communication type that is being
- used.
-
- The ESI message PDU Payload contains the following attributes in TLV
- format and in the order listed: the current iSNS timestamp, the EID,
- the Portal IP Address, and the Portal TCP/UDP Port. The format of
- this message is shown below:
-
- +----------------------------------------+
- | Timestamp |
- +----------------------------------------+
- | Entity_ID |
- +----------------------------------------+
- | Portal IP Address |
- +----------------------------------------+
- | Portal TCP/UDP Port |
- +----------------------------------------+
-
- The ESI response message PDU Payload contains a status code, followed
- by the Attributes from the original ESI message.
-
- If the Portal fails to respond to an administratively-determined
- number of consecutive ESI messages, then the iSNS server SHALL remove
- that Portal from the iSNS database. If there are no other remaining
- ESI-monitored Portals for the associated Network Entity, then the
- Network Entity SHALL also be removed. The appropriate State Change
- Notifications, if any, SHALL be triggered.
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 62]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-5.6.5.14. Name Service Heartbeat (Heartbeat)
-
- This message, if used, is only sent by the active iSNS server. It
- allows iSNS clients and backup servers listening to a broadcast or
- multicast address to discover the IP address of the primary and
- backup iSNS servers. It also allows concerned parties to monitor the
- health and status of the primary iSNS server.
-
- This message is NOT in TLV format. There is no response message to
- the Name Service Heartbeat.
-
- MSb LSb
- 0 31
- +------------------------------------------------+
- | Active Server IP-Address | 16 Bytes
- +------------------------------------------------+
- | iSNS TCP Port | iSNS UDP Port | 4 Bytes
- +------------------------------------------------+
- | Interval | 4 Bytes
- +------------------------------------------------+
- | Counter | 4 Bytes
- +------------------------------------------------+
- | RESERVED | Backup Servers | 4 Bytes
- +------------------------------------------------+
- | Primary Backup Server IP Address(if any) | 16 Bytes
- +------------------------------------------------+
- |Backup TCP Port(if any)|Backup UDP Port(if any) | 4 Bytes
- +------------------------------------------------+
- | 2nd Backup Server IP Address(if any) | 16 Bytes
- +------------------------------------------------+
- |Backup TCP Port(if any)|Backup UDP Port(if any) | 4 Bytes
- +------------------------------------------------+
- | . . . |
- +------------------------------------------------+
- | VENDOR SPECIFIC |
- +------------------------------------------------+
-
- The heartbeat PDU Payload contains the following:
-
- Active Server IP Address: the IP Address of the active iSNS server in
- IPv6 format. When this field contains an IPv4
- value, it is stored as an IPv4-mapped IPv6 address.
- That is, the most significant 10 bytes are set to
- 0x00, with the next two bytes set to 0xFFFF
- [RFC2373]. When this field contains an IPv6 value,
- the entire 16-byte field is used.
-
- Active TCP Port: the TCP Port of the server currently in use.
-
-
-
-Tseng, et al. Standards Track [Page 63]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Active UDP Port: the UDP Port of the server currently in use,
- otherwise 0.
-
- Interval: the interval, in seconds, of the heartbeat.
-
- Counter: a count that begins at 0 when this server becomes
- active. The count increments by one for each
- heartbeat sent since this server became active.
-
- Backup Servers: the number of iSNS backup servers. The IP address,
- TCP Port, and UDP Port of each iSNS backup server
- follow this field. Note that if backup servers are
- used, then the active iSNS server SHOULD be among
- the list of backup servers.
-
- The content of the remainder of this message after the list of backup
- servers is vendor-specific. Vendors may use additional fields to
- coordinate between multiple iSNS servers, and/or to identify vendor-
- specific features.
-
-5.6.5.15. Request FC_DOMAIN_ID (RqstDomId)
-
- The RqstDomId message type is 0x0011. This message is used for iFCP
- Transparent Mode to allocate non-overlapping FC_DOMAIN_ID values
- between 1 and 239. The iSNS server becomes the address assignment
- authority for the entire iFCP fabric. To obtain multiple
- FC_DOMAIN_ID values, this request must be repeated to the iSNS server
- multiple times. iSNS clients that acquire FC_DOMAIN_ID values from
- an iSNS server MUST register for ESI monitoring from that iSNS
- server.
-
- The RqstDomId PDU Payload contains three TLV attributes in the
- following order: the requesting Switch Name (WWN) as the Source
- Attribute, the Virtual_Fabric_ID as the Message Key Attribute, and
- Preferred ID as the operating attribute. The Virtual_Fabric_ID is a
- string identifying the domain space for which the iSNS server SHALL
- allocate non-overlapping integer FC_DOMAIN_ID values between 1 and
- 239. The Preferred_ID is the nominal FC_DOMAIN_ID value requested by
- the iSNS client. If the Preferred_ID value is available and has not
- already been allocated for the Virtual_Fabric_ID specified in the
- message, the iSNS server SHALL return the requested Preferred_ID
- value as the Assigned_ID to the requesting client.
-
- The RqstDomId response contains a Status Code, and the TLV attribute
- Assigned ID, which contains the integer value in the space requested.
- If no further unallocated values are available from this space, the
- iSNS server SHALL respond with the Status Code 18 "FC_DOMAIN_ID Not
- Available".
-
-
-
-Tseng, et al. Standards Track [Page 64]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Once a FC_DOMAIN_ID value has been allocated to an iSNS client by the
- iSNS server for a given Virtual_Fabric_ID, that FC_DOMAIN_ID value
- SHALL NOT be reused until it has been deallocated, or until ESI
- monitoring detects that the iSNS client no longer exists on the
- network and objects for that client are removed from the iSNS
- database.
-
- The iSNS server and client SHALL use TCP to transmit and receive
- RqstDomId, RqstDomIdRsp, RlseDomId, and RlseDomIdRsp messages.
-
-5.6.5.16. Release FC_DOMAIN_ID (RlseDomId)
-
- The RlseDomId message type is 0x0012. This message may be used by
- iFCP Transparent Mode to release integer identifier values used to
- assign 3-byte Fibre Channel PORT_ID values.
-
- The RlseDomId message contains three TLV attributes in the following
- order: the requesting EID as the Source Attribute, the
- Virtual_Fabric_ID as the Message Key Attribute, and Assigned_ID as
- the operating attribute. Upon receiving the RlseDomId message, the
- iSNS server SHALL deallocate the FC_DOMAIN_ID value contained in the
- Assigned_ID attribute for the Virtual_Fabric_ID attribute specified.
- Upon deallocation, that FC_DOMAIN_ID value can then be requested by
- and assigned to a different iSNS client.
-
- The iSNS server and client SHALL use TCP to transmit and receive
- RqstDomId, RqstDomIdRsp, RlseDomId, and RlseDomIdRsp messages.
-
-5.6.5.17. Get FC_DOMAIN_IDs (GetDomId)
-
- The GetDomId message type is 0x0013. This message is used to learn
- the currently-allocated FC_DOMAIN_ID values for a given
- Virtual_Fabric_ID.
-
- The GetDomId message PDU Payload contains a Source Attribute and
- Message Key Attribute.
-
- The Message Key Attribute for the GetDomId message is the
- Virtual_Fabric_ID. The response to this message returns all the
- FC_DOMAIN_ID values that have been allocated for the
- Virtual_Fabric_ID specified.
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 65]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-5.7. Messages
-
- The iSNSP response message PDU Payloads contain a Status Code,
- followed by a list of attributes, and have the following format:
-
- MSb LSb
- 0 31
- +----------------------------------------+
- | 4-byte STATUS CODE |
- +----------------------------------------+
- | Message Key Attribute[1] (if present) |
- +----------------------------------------+
- | Message Key Attribute[2] (if present) |
- +----------------------------------------+
- | . . . |
- +----------------------------------------+
- | - Delimiter Attribute - (if present) |
- +----------------------------------------+
- | Operating Attribute[1] (if present) |
- +----------------------------------------+
- | Operating Attribute[2] (if present) |
- +----------------------------------------+
- | Operating Attribute[3] (if present) |
- +----------------------------------------+
- | . . . |
- +----------------------------------------+
-
- The iSNSP Response messages SHALL be sent to the iSNS Client IP
- Address and the originating TCP/UDP Port that was used for the
- associated registration and query message.
-
-5.7.1. Status Code
-
- The first field in an iSNSP response message PDU Payload is the
- Status Code for the operation that was performed. The Status Code
- encoding is defined in Section 5.4.
-
-5.7.2. Message Key Attributes in Response
-
- Depending on the specific iSNSP request, the response message MAY
- contain Message Key Attributes. Message Key Attributes generally
- contain the interesting key attributes that are affected by the
- operation specified in the original iSNS registration or query
- message.
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 66]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-5.7.3. Delimiter Attribute in Response
-
- The Delimiter Attribute separates the key and Operating Attributes in
- a response message, if they exist. The Delimiter Attribute has a tag
- value of 0 and a length value of 0. The Delimiter Attribute is
- effectively 8 bytes long: a 4-byte tag containing 0x00000000, and a 4
- Byte length field containing 0x00000000.
-
-5.7.4. Operating Attributes in Response
-
- The Operating Attributes in a response are the results related to the
- iSNS registration or query operation being performed. Some response
- messages will not have Operating Attributes.
-
-5.7.5. Registration and Query Response Message Types
-
- The following sections describe each query and message type.
-
-5.7.5.1. Device Attribute Registration Response (DevAttrRegRsp)
-
- The DevAttrRegRsp message type is 0x8001. The DevAttrRegRsp message
- contains the results for the DevAttrReg message with the same
- TRANSACTION ID.
-
- The Message Key in the DevAttrRegRsp message SHALL return the Message
- Key in the original registration message. If the iSNS server
- assigned the Entity Identifier for a Network Entity, then the Message
- Key Attribute field SHALL contain the assigned Entity Identifier.
-
- The Operating Attributes of the DevAttrRegRsp message SHALL contain
- the affected object's key and non-key attributes that have been
- explicitly modified or created by the original DevAttrReg message.
- Among the Operating Attributes, each modified or added non-key
- attribute SHALL be listed after its key attribute(s) in the
- DevAttrRegRsp message. Implicitly registered attributes MUST NOT be
- returned in the DevAttrRegRsp message. Implicitly registered
- attributes are those that are assigned a fixed default value or
- secondary index value by the iSNS server.
-
- Implicitly registered PG objects (i.e., PG objects that are not
- explicitly included in the registration or replace message) MUST NOT
- have their key or non-key attributes returned in the DevAttrRegRsp
- message. However, explicitly registered PG objects (i.e., those with
- PGT values that are explicitly included in the registration or
- replace message) SHALL have their PGT values returned in the
- DevAttrRegRsp message.
-
-
-
-
-
-Tseng, et al. Standards Track [Page 67]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- For example, three Portals are registered in the original DevAttrReg
- request message. Due to lack of resources, the iSNS server needs to
- modify the registered ESI Interval value of one of those Portals. To
- accomplish this, the iSNS server returns the key attributes
- identifying the Portal, followed by the non-key modified ESI Interval
- attribute value, as Operating Attributes of the corresponding
- DevAttrRegRsp message.
-
- If the iSNS server rejects a registration due to invalid attribute
- values or types, then the indicated status code SHALL be 3 (Invalid
- Registration). If this occurs, then the iSNS server MAY include the
- list of invalid attributes in the Operating Attributes of the
- DevAttrRsp message.
-
- Some attributes values (e.g., ESI Interval, Registration Period) in
- the original registration message MAY be modified by the iSNS server.
- This can occur only for a limited set of attribute types, as
- indicated in the table in Section 6.1. When this occurs, the
- registration SHALL be considered a success (with status code 0), and
- the changed value(s) indicated in the Operating Attributes of the
- DevAttrRsp message.
-
-5.7.5.2. Device Attribute Query Response (DevAttrQryRsp)
-
- The DevAttrQryRsp message type is 0x8002. The DevAttrQryRsp message
- contains the results for the DevAttrQry message with the same
- TRANSACTION ID.
-
- The Message Key in the DevAttrQryRsp message SHALL return the Message
- Key in the original query message.
-
- If no Operating Attributes are included in the original query, then
- all Operating Attributes SHALL be returned in the response.
-
- For a successful query result, the DevAttrQryRsp Operating Attributes
- SHALL contain the results of the original DevAttrQry message.
-
-5.7.5.3. Device Get Next Response (DevGetNextRsp)
-
- The DevGetNextRsp message type is 0x8003. The DevGetNextRsp message
- contains the results for the DevGetNext message with the same
- TRANSACTION ID.
-
- The Message Key Attribute field returns the object keys for the next
- object after the Message Key Attribute in the original DevGetNext
- message.
-
-
-
-
-
-Tseng, et al. Standards Track [Page 68]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- The Operating Attribute field returns the Operating Attributes of the
- next object as requested in the original DevGetNext message. The
- values of the Operating Attributes are those associated with the
- object identified by the Message Key Attribute field of the
- DevGetNextRsp message.
-
-5.7.5.4. Deregister Device Response (DevDeregRsp)
-
- The DevDeregRsp message type is 0x8004. This message is the response
- to the DevDereg request message.
-
- This message response does not contain a Message Key, but MAY contain
- Operating Attributes.
-
- In the event of an error, this response message contains the
- appropriate status code as well as a list of objects from the
- original DevDereg message that were not successfully deregistered
- from the iSNS database. This list of objects is contained in the
- Operating Attributes of the DevDeregRsp message. Note that an
- attempted deregistration of a non-existent object does not constitute
- an error, and non-existent entries SHALL not be returned in the
- DevDeregRsp message.
-
-5.7.5.5. SCN Register Response (SCNRegRsp)
-
- The SCNRegRsp message type is 0x8005. This message is the response
- to the SCNReg request message.
-
- The SCNRegRsp message does not contain any Message Key or Operating
- Attributes.
-
-5.7.5.6. SCN Deregister Response (SCNDeregRsp)
-
- The SCNDeregRsp message type is 0x8006. This message is the response
- to the SCNDereg request message.
-
- The SCNDeregRsp message does not contain any Message Key or Operating
- Attributes.
-
-5.7.5.7. SCN Event Response (SCNEventRsp)
-
- The SCNEventRsp message type is 0x8007. This message is the response
- to the SCNEvent request message.
-
- The SCNEventRsp message does not contain any Message Key or Operating
- Attributes.
-
-
-
-
-
-Tseng, et al. Standards Track [Page 69]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-5.7.5.8. SCN Response (SCNRsp)
-
- The SCNRsp message type is 0x8008. This message is sent by an iSNS
- client, and provides confirmation that the SCN message was received
- and processed.
-
- The SCNRsp response contains the SCN Destination Attribute
- representing the Node identifier that received the SCN.
-
-5.7.5.9. DD Register Response (DDRegRsp)
-
- The DDRegRsp message type is 0x8009. This message is the response to
- the DDReg request message.
-
- The Message Key in the DDRegRsp message SHALL return the Message Key
- in the original query message. If the original DDReg message did not
- have a Message Key, then the DDRegRsp message SHALL not have a
- Message Key.
-
- If the DDReg operation is successful, the DD ID of the DD created or
- updated SHALL be returned as an operating attribute of the message.
-
- If the DD Symbolic Name attribute or DD Features attribute was
- assigned or updated during the DDReg operation, then any new values
- SHALL be returned as an operating attribute of the DDRegRsp message.
-
- If the iSNS server rejects a DDReg due to invalid attribute values or
- types, then the indicated status code SHALL be 3 (Invalid
- Registration). If this occurs, then the iSNS server MAY include the
- list of invalid attributes in the Operating Attributes of the
- DDRegRsp message.
-
-5.7.5.10. DD Deregister Response (DDDeregRsp)
-
- The DDDeregRsp message type is 0x800A. This message is the response
- to the DDDereg request message.
-
- The DDDeregRsp message does not contain any Message Key or Operating
- Attributes.
-
-
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 70]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-5.7.5.11. DDS Register Response (DDSRegRsp)
-
- The DDSRegRsp message type is 0x800B. This message is the response
- to the DDSReg request message.
-
- The Message Key in the DDSRegRsp message SHALL contain the Message
- Key of the original DDSReg message. If the original DDSReg message
- did not have a Message Key, then the DDSRegRsp message SHALL NOT have
- a Message Key.
-
- If the DDSReg operation is successful, the DDS ID of the DDS created
- or updated SHALL be returned as an operating attribute of the
- message.
-
- If the DDS Symbolic Name attribute or DDS Status attribute was
- assigned or updated during the DDSRegRsp operation, then any new
- values SHALL be returned as an operating attribute of the DDSRegRsp
- message.
-
- If the iSNS server rejects a DDSReg due to invalid attribute values
- or types, then the indicated status code SHALL be 3 (Invalid
- Registration). If this occurs, then the iSNS server MAY include the
- list of invalid attributes in the Operating Attributes of the
- DDSRegRsp message.
-
-5.7.5.12. DDS Deregister Response (DDSDeregRsp)
-
- The DDSDeregRsp message type is 0x800C. This message is the response
- to the DDSDereg request message.
-
- The DDSDeregRsp message does not contain any Message Key or Operating
- Attributes.
-
-5.7.5.13. Entity Status Inquiry Response (ESIRsp)
-
- The ESIRsp message type is 0x800D. This message is sent by an iSNS
- client and provides confirmation that the ESI message was received
- and processed.
-
- The ESIRsp response message PDU Payload contains the attributes from
- the original ESI message. These attributes represent the Portal that
- is responding to the ESI. The ESIRsp Attributes are in the order
- they were provided in the original ESI message.
-
- Upon receiving the ESIRsp from the iSNS client, the iSNS server SHALL
- update the timestamp attribute for that Network Entity and Portal.
-
-
-
-
-
-Tseng, et al. Standards Track [Page 71]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-5.7.5.14. Request FC_DOMAIN_ID Response (RqstDomIdRsp)
-
- The RqstDomIdRsp message type is 0x8011. This message provides the
- response for RqstDomId.
-
- The RqstDomId response contains a Status Code and the TLV attribute
- Assigned ID, which contains the integer value in the space requested.
- If no further unallocated values are available from this space, the
- iSNS server SHALL respond with the Status Code 19 "FC_DOMAIN_ID Not
- Available".
-
- Once a FC_DOMAIN_ID value is allocated by the iSNS server, it SHALL
- NOT be reused until it has been deallocated by the iSNS client to
- which the value was assigned, or until the ESI message detects that
- the iSNS client no longer exists on the network.
-
- The iSNS server and client SHALL use TCP to transmit and receive
- RqstDomId, RqstDomIdRsp, RlseDomId, and RlseDomIdRsp messages.
-
-5.7.5.15. Release FC_DOMAIN_ID Response (RlseDomIdRsp)
-
- The RlseDomIdRsp message type is 0x8012. This message provides the
- response for RlseDomId. The response contains an Error indicating
- whether the request was successful. If the Assigned_ID value in the
- original RlseDomId message is not allocated, then the iSNS server
- SHALL respond with this message using the Status Code 20
- "FC_DOMAIN_ID Not Allocated".
-
- The iSNS server and client SHALL use TCP to transmit and receive
- RqstDomId, RqstDomIdRsp, RlseDomId, and RlseDomIdRsp messages.
-
-5.7.5.16. Get FC_DOMAIN_IDs Response (GetDomIdRsp)
-
- The GetDomIdRsp message type is 0x8013. This message is used to
- determine which FC_DOMAIN_ID values have been allocated for the
- Virtual_Fabric_ID specified in the original GetDomId request message.
-
- The GetDomId response message PDU Payload contains a Status Code
- indicating whether the request was successful, and a list of the
- Assigned IDs from the space requested. The Assigned_ID attributes
- are listed in TLV format.
-
-5.8. Vendor-Specific Messages
-
- Vendor-specific iSNSP messages have a functional ID of between 0x0100
- and 0x01FF, whereas vendor-specific responses have a functional ID of
- between 0x8100 and 0x81FF. The first Message Key Attribute in a
-
-
-
-
-Tseng, et al. Standards Track [Page 72]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- vendor-specific message SHALL be the company OUI (tag=256)
- identifying the original creator of the proprietary iSNSP message.
- The contents of the remainder of the message are vendor-specific.
-
-6. iSNS Attributes
-
- Attributes can be stored in the iSNS server using iSNSP registration
- messages, and they can be retrieved using iSNSP query messages.
- Unless otherwise indicated, these attributes are supplied by iSNS
- clients using iSNSP registration messages.
-
-6.1. iSNS Attribute Summary
-
- The complete registry of iSNS attributes is maintained by IANA, and
- the following table summarizes the initial set of iSNS attributes
- available at the time of publication of this document.
-
- Attributes Length Tag Reg Key Query Key
- ---------- ------ --- ------- ---------
- Delimiter 0 0 N/A N/A
- Entity Identifier (EID) 4-256 1 1 1|2|16&17|32|64
- Entity Protocol 4 2 1 1|2|16&17|32|64
- Management IP Address 16 3 1 1|2|16&17|32|64
- Timestamp 8 4 -- 1|2|16&17|32|64
- Protocol Version Range 4 5 1 1|2|16&17|32|64
- Registration Period 4 6 1 1|2|16&17|32|64
- Entity Index 4 7 1 1|2|16&17|32|64
- Entity Next Index 4 8 -- 1|2|16&17|32|64
- Entity ISAKMP Phase-1 var 11 1 1|2|16&17|32|64
- Entity Certificate var 12 1 1|2|16&17|32|64
- Portal IP Address 16 16 1 1|16&17|32|64
- Portal TCP/UDP Port 4 17 1 1|16&17|32|64
- Portal Symbolic Name 4-256 18 16&17 1|16&17|32|64
- ESI Interval 4 19 16&17 1|16&17|32|64
- ESI Port 4 20 16&17 1|16&17|32|64
- Portal Index 4 22 16&17 1|16&17|32|64
- SCN Port 4 23 16&17 1|16&17|32|64
- Portal Next Index 4 24 -- 1|16&17|32|64
- Portal Security Bitmap 4 27 16&17 1|16&17|32|64
- Portal ISAKMP Phase-1 var 28 16&17 1|16&17|32|64
- Portal ISAKMP Phase-2 var 29 16&17 1|16&17|32|64
- Portal Certificate var 31 16&17 1|16&17|32|64
- iSCSI Name 4-224 32 1 1|16&17|32|33
- iSCSI Node Type 4 33 32 1|16&17|32
- iSCSI Alias 4-256 34 32 1|16&17|32
- iSCSI SCN Bitmap 4 35 32 1|16&17|32
- iSCSI Node Index 4 36 32 1|16&17|32
- WWNN Token 8 37 32 1|16&17|32
-
-
-
-Tseng, et al. Standards Track [Page 73]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- iSCSI Node Next Index 4 38 -- 1|16&17|32
- iSCSI AuthMethod var 42 32 1|16&17|32
- PG iSCSI Name 4-224 48 32|16&17 1|16&17|32|52
- PG Portal IP Addr 16 49 32|16&17 1|16&17|32|52
- PG Portal TCP/UDP Port 4 50 32|16&17 1|16&17|32|52
- PG Tag (PGT) 4 51 32|16&17 1|16&17|32|52
- PG Index 4 52 32|16&17 1|16&17|32|52
- PG Next Index 4 53 -- 1|16&17|32|52
- FC Port Name WWPN 8 64 1 1|16&17|64|66|96|128
- Port ID 4 65 64 1|16&17|64
- FC Port Type 4 66 64 1|16&17|64
- Symbolic Port Name 4-256 67 64 1|16&17|64
- Fabric Port Name 8 68 64 1|16&17|64
- Hard Address 4 69 64 1|16&17|64
- Port IP-Address 16 70 64 1|16&17|64
- Class of Service 4 71 64 1|16&17|64
- FC-4 Types 32 72 64 1|16&17|64
- FC-4 Descriptor 4-256 73 64 1|16&17|64
- FC-4 Features 128 74 64 1|16&17|64
- iFCP SCN bitmap 4 75 64 1|16&17|64
- Port Role 4 76 64 1|16&17|64
- Permanent Port Name 8 77 -- 1|16&17|64
- FC-4 Type Code 4 95 -- 1|16&17|64
- FC Node Name WWNN 8 96 64 1|16&17|64|96
- Symbolic Node Name 4-256 97 96 64|96
- Node IP-Address 16 98 96 64|96
- Node IPA 8 99 96 64|96
- Proxy iSCSI Name 4-256 101 96 64|96
- Switch Name 8 128 128 128
- Preferred ID 4 129 128 128
- Assigned ID 4 130 128 128
- Virtual_Fabric_ID 4-256 131 128 128
- iSNS Server Vendor OUI 4 256 -- SOURCE Attribute
- Vendor-Spec iSNS Srvr 257-384 -- SOURCE Attribute
- Vendor-Spec Entity 385-512 1 1|2|16&17|32|64
- Vendor-Spec Portal 513-640 16&17 1|16&17|32|64
- Vendor-Spec iSCSI Node 641-768 32 16&17|32
- Vendor-Spec FC Port Name 769-896 64 1|16&17|64
- Vendor-Spec FC Node Name 897-1024 96 64|96
- Vendor-Specific DDS 1025-1280 2049 2049
- Vendor-Specific DD 1281-1536 2065 2065
- Other Vendor-Specific 1537-2048
- DD_Set ID 4 2049 2049 1|32|64|2049|2065
- DD_Set Sym Name 4-256 2050 2049 2049
- DD_Set Status 4 2051 2049 2049
- DD_Set_Next_ID 4 2052 -- 2049
- DD_ID 4 2065 2049 1|32|64|2049|2065
- DD_Symbolic Name 4-256 2066 2065 2065
-
-
-
-Tseng, et al. Standards Track [Page 74]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- DD_Member iSCSI Index 4 2067 2065 2065
- DD_Member iSCSI Name 4-224 2068 2065 2065
- DD_Member FC Port Name 8 2069 2065 2065
- DD_Member Portal Index 4 2070 2065 2065
- DD_Member Portal IP Addr 16 2071 2065 2065
- DD_Member Portal TCP/UDP 4 2072 2065 2065
- DD_Features 4 2078 2065 2065
- DD_ID Next ID 4 2079 -- 2065
-
- The following are descriptions of the columns used in the above
- table:
-
- Length: indicates the attribute length in bytes used for the TLV
- format. Variable-length identifiers are NULL-terminated
- and 4-byte aligned (NULLs are included in the length).
-
- Tag: the IANA-assigned integer tag value used to identify the
- attribute. All undefined tag values are reserved.
-
- Reg Key: indicates the tag values for the object key in DevAttrReg
- messages for registering a new attribute value in the
- database. These tags represent attributes defined as
- object keys in Section 4.
-
- Query Key: indicates the possible tag values for the Message Key and
- object key that are used in the DevAttrQry messages for
- retrieving a stored value from the iSNS database.
-
- The following is a summary of iSNS attribute tag values available for
- future allocation by IANA at the time of publication:
-
- Tag Values Reg Key Query Key
- ---------- ------- ---------
- 9-10, 13-15 1 1|2|16&17|32|64
- 21, 25-26, 30 16&17 1|16&17|32|64
- 39-41, 44-47 32 1|16&17|32
- 54-63 32|16&17 1|16&17|32|52
- 78-82, 85-94 64 1|16&17|64
- 102-127 96 64|96
- 132-255 -- SOURCE Attribute
- 2053-2064 2049 2049
- 2073-2077 2065 2065
- 2080-65535 To be assigned To be assigned
-
- Registration and query keys for attributes with tags in the range
- 2080 to 65535 are to be documented in the RFC introducing the new
- iSNS attributes. IANA will maintain registration of these values as
- required by the new RFC.
-
-
-
-Tseng, et al. Standards Track [Page 75]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- New iSNS attributes with any of the above tag values MAY also be
- designated as "read-only" attributes. The new RFC introducing these
- attributes as "read-only" SHALL document them as such, and IANA will
- record their corresponding Registration Keys (Reg Keys) as "--".
-
-6.2. Entity Identifier-Keyed Attributes
-
- The following attributes are stored in the iSNS server using the
- Entity Identifier attribute as the key.
-
-6.2.1. Entity Identifier (EID)
-
- The Entity Identifier (EID) is variable-length UTF-8 encoded NULL-
- terminated text-based description for a Network Entity. This key
- attribute uniquely identifies each Network Entity registered in the
- iSNS server. The attribute length varies from 4 to 256 bytes
- (including the NULL termination), and is a unique value within the
- iSNS server.
-
- If the iSNS client does not provide an EID during registration, the
- iSNS server SHALL generate one that is unique within the iSNS
- database. If an EID is to be generated, then the EID attribute value
- in the registration message SHALL be empty (0 length). The generated
- EID SHALL be returned in the registration response.
-
- In environments where the iSNS server is integrated with a DNS
- infrastructure, the Entity Identifier may be used to store the Fully
- Qualified Domain Name (FQDN) of the iSCSI or iFCP device. FQDNs of
- greater than 255 bytes MUST NOT be used.
-
- If FQDNs are not used, the iSNS server can be used to generate EIDs.
- EIDs generated by the iSNS server MUST begin with the string "isns:".
- iSNS clients MUST NOT generate and register EIDs beginning with the
- string "isns:".
-
- This field MUST be normalized according to the nameprep template
- [NAMEPREP] before it is stored in the iSNS database.
-
-6.2.2. Entity Protocol
-
- The Entity Protocol is a required 4-byte integer attribute that
- indicates the block storage protocol used by the registered NETWORK
- ENTITY. Values used for this attribute are assigned and maintained
- by IANA. The initial set of protocols supported by iSNS is as
- follows:
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 76]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Value Entity Protocol Type
- ----- --------------------
- 1 No Protocol
- 2 iSCSI
- 3 iFCP
- All others To be assigned by IANA
-
- 'No Protocol' is used to indicate that the Network Entity does not
- support an IP block storage protocol. A Control Node or monitoring
- Node would likely (but not necessarily) use this value.
-
- This attribute is required during initial registration of the Network
- Entity.
-
-6.2.3. Management IP Address
-
- This field contains the IP Address that may be used to manage the
- Network Entity and all Storage Nodes contained therein via the iSNS
- MIB [iSNSMIB]. Some implementations may also use this IP address to
- support vendor-specific proprietary management protocols. The
- Management IP Address is a 16-byte field that may contain an IPv4 or
- IPv6 address. When this field contains an IPv4 value, it is stored
- as an IPv4-mapped IPv6 address. That is, the most significant 10
- bytes are set to 0x00, with the next two bytes set to 0xFFFF
- [RFC2373]. When this field contains an IPv6 value, the entire 16-
- byte field is used. If this field is not set, then in-band
- management through the IP address of one of the Portals of the
- Network Entity is assumed.
-
-6.2.4. Entity Registration Timestamp
-
- This field indicates the most recent time when the Network Entity
- registration occurred or when an associated object attribute was
- updated or queried by the iSNS client registering the Network Entity.
- The time format is, in seconds, the update period since the standard
- base time of 00:00:00 GMT on January 1, 1970. This field cannot be
- explicitly registered. This timestamp TLV format is also used in the
- SCN and ESI messages.
-
-6.2.5. Protocol Version Range
-
- This field contains the minimum and maximum version of the block
- storage protocol supported by the Network Entity. The most
- significant two bytes contain the maximum version supported, and the
- least significant two bytes contain the minimum version supported.
- If a range is not registered, then the Network Entity is assumed to
-
-
-
-
-
-Tseng, et al. Standards Track [Page 77]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- support all versions of the protocol. The value 0xffff is a wildcard
- that indicates no minimum or maximum. If the Network Entity does not
- support a protocol, then this field SHALL be set to 0.
-
-6.2.6. Registration Period
-
- This 4-byte unsigned integer field indicates the maximum period, in
- seconds, that the registration SHALL be maintained by the server
- without receipt of an iSNS message from the iSNS client that
- registered the Network Entity. Entities that are not registered for
- ESI monitoring MUST have a non-zero Registration Period. If a
- Registration Period is not requested by the iSNS client and Entity
- Status Inquiry (ESI) messages are not enabled for that client, then
- the Registration Period SHALL be set to a non-zero value by the iSNS
- server. This implementation-specific value for the Registration
- Period SHALL be returned in the registration response to the iSNS
- client. The Registration Period may be set to zero, indicating its
- non-use, only if ESI messages are enabled for that Network Entity.
-
- The registration SHALL be removed from the iSNS database if an iSNS
- Protocol message is not received from the iSNS client before the
- registration period has expired. Receipt of any iSNS Protocol
- message from the iSNS client automatically refreshes the Entity
- Registration Period and Entity Registration Timestamp. To prevent a
- registration from expiring, the iSNS client should send an iSNS
- Protocol message to the iSNS server at intervals shorter than the
- registration period. Such a message can be as simple as a query for
- one of its own attributes, using its associated iSCSI Name or FC Port
- Name WWPN as the Source attribute.
-
- For an iSNS client that is supporting a Network Entity with multiple
- Storage Node objects, receipt of an iSNS message from any Storage
- Node of that Network Entity is sufficient to refresh the registration
- for all Storage Node objects of the Network Entity.
-
- If ESI support is requested as part of a Portal registration, the ESI
- Response message received from the iSNS client by the iSNS server
- SHALL refresh the registration.
-
-6.2.7. Entity Index
-
- The Entity Index is an unsigned non-zero integer value that uniquely
- identifies each Network Entity registered in the iSNS server. Upon
- initial registration of a Network Entity, the iSNS server assigns an
- unused value for the Entity Index. Each Network Entity in the iSNS
- database MUST be assigned a value for the Entity Index that is not
-
-
-
-
-
-Tseng, et al. Standards Track [Page 78]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- assigned to any other Network Entity. Furthermore, Entity Index
- values for recently deregistered Network Entities SHOULD NOT be
- reused in the short term.
-
- The Entity Index MAY be used to represent the Network Entity in
- situations when the Entity Identifier is too long or otherwise
- inappropriate. An example of this is when SNMP is used for
- management, as described in Section 2.10.
-
-6.2.8. Entity Next Index
-
- This is a virtual attribute containing a 4-byte integer value that
- indicates the next available (i.e., unused) Entity Index value. This
- attribute may only be queried; the iSNS server SHALL return an error
- code of 3 (Invalid Registration) to any client that attempts to
- register a value for this attribute. A Message Key is not required
- when exclusively querying for this attribute.
-
- The Entity Next Index MAY be used by an SNMP client to create an
- entry in the iSNS server. SNMP requirements are described in Section
- 2.10.
-
-6.2.9. Entity ISAKMP Phase-1 Proposals
-
- This field contains the IKE Phase-1 proposal, listing in decreasing
- order of preference the protection suites acceptable to protect all
- IKE Phase-2 messages sent and received by the Network Entity. This
- includes Phase-2 SAs from the iSNS client to the iSNS server as well
- as to peer iFCP and/or iSCSI devices. This attribute contains the SA
- payload, proposal payload(s), and transform payload(s) in the ISAKMP
- format defined in [RFC2408].
-
- This field should be used if the implementer wishes to define a
- single phase-1 SA security configuration used to protect all phase-2
- IKE traffic. If the implementer desires to have a different phase-1
- SA security configuration to protect each Portal interface, then the
- Portal Phase-1 Proposal (Section 6.3.10) should be used.
-
-6.2.10. Entity Certificate
-
- This attribute contains one or more X.509 certificates that are bound
- to the Network Entity. This certificate is uploaded and registered
- to the iSNS server by clients wishing to allow other clients to
- authenticate themselves and to access the services offered by that
- Network Entity. The format of the X.509 certificate is found in
- [RFC3280]. This certificate MUST contain a Subject Name with an
- empty sequence and MUST contain a SubjectAltName extension encoded
-
-
-
-
-Tseng, et al. Standards Track [Page 79]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- with the dNSName type. The Entity Identifier (Section 6.2.1) of the
- identified Entity MUST be stored in the SubjectAltName field of the
- certificate.
-
-6.3. Portal-Keyed Attributes
-
- The following Portal attributes are registered in the iSNS database
- using the combined Portal IP-Address and Portal TCP/UDP Port as the
- key. Each Portal is associated with one Entity Identifier object
- key.
-
-6.3.1. Portal IP Address
-
- This attribute is the IP address of the Portal through which a
- Storage Node can transmit and receive storage data. The Portal IP
- Address is a 16-byte field that may contain an IPv4 or IPv6 address.
- When this field contains an IPv4 address, it is stored as an IPv4-
- mapped IPv6 address. That is, the most significant 10 bytes are set
- to 0x00, with the next 2 bytes set to 0xFFFF [RFC2373]. When this
- field contains an IPv6 address, the entire 16-byte field is used.
- The Portal IP Address and the Portal TCP/UDP Port number (see 6.3.2
- below) are used as a key to identify a Portal uniquely. It is a
- required attribute for registration of a Portal.
-
-6.3.2. Portal TCP/UDP Port
-
- The TCP/UDP port of the Portal through which a Storage Node can
- transmit and receive storage data. Bits 16 to 31 represents the
- TCP/UDP port number. Bit 15 represents the port type. If bit 15 is
- set, then the port type is UDP. Otherwise it is TCP. Bits 0 to 14
- are reserved.
-
- If the field value is 0, then the port number is the implied
- canonical port number and type of the protocol indicated by the
- associated Entity Type.
-
- The Portal IP Address and the Portal TCP/UDP Port number are used as
- a key to identify a Portal uniquely. It is a required attribute for
- registration of a Portal.
-
-6.3.3. Portal Symbolic Name
-
- A variable-length UTF-8 encoded NULL-terminated text-based
- description of up to 256 bytes. The Portal Symbolic Name is a user-
- readable description of the Portal entry in the iSNS server.
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 80]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.3.4. Entity Status Inquiry Interval
-
- This field indicates the requested time, in seconds, between Entity
- Status Inquiry (ESI) messages sent from the iSNS server to this
- Network Entity. ESI messages can be used to verify that a Portal
- registration continues to be valid. To request monitoring by the
- iSNS server, an iSNS client registers a non-zero value for this
- Portal attribute using a DevAttrReg message. The client MUST
- register an ESI Port on at least one of its Portals to receive the
- ESI monitoring.
-
- If the iSNS server does not receive an expected response to an ESI
- message, it SHALL attempt an administratively configured number of
- re-transmissions of the ESI message. The ESI Interval period begins
- with the iSNS server's receipt of the last ESI Response. All re-
- transmissions MUST be sent before twice the ESI Interval period has
- passed. If no response is received from any of the ESI messages,
- then the Portal SHALL be deregistered. Note that only Portals that
- have registered a value in their ESI Port field can be deregistered
- in this way.
-
- If all Portals associated with a Network Entity that have registered
- for ESI messages are deregistered due to non-response, and if no
- registrations have been received from the client for at least two ESI
- Interval periods, then the Network Entity and all associated objects
- (including Storage Nodes) SHALL be deregistered.
-
- If the iSNS server is unable to support ESI messages or the ESI
- Interval requested, it SHALL either reject the ESI request by
- returning an "ESI Not Available" Status Code or modify the ESI
- Interval attribute by selecting its own suitable value and returning
- that value in the Operating Attributes of the registration response
- message.
-
- If at any time an iSNS client that is registered for ESI messages has
- not received an ESI message to any of its Portals as expected, then
- the client MAY attempt to query the iSNS server using a DevAttrQry
- message using its Entity_ID as the key. If the query result is the
- error "no such entry", then the client SHALL close all remaining TCP
- connections to the iSNS server and assume that it is no longer
- registered in the iSNS database. Such a client MAY attempt re-
- registration.
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 81]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.3.5. ESI Port
-
- This field contains the TCP or UDP port used for ESI monitoring by
- the iSNS server at the Portal IP Address. Bits 16 to 31 represent
- the port number. If bit 15 is set, then the port type is UDP.
- Otherwise, the port is TCP. Bits 0 to 14 are reserved.
-
- If the iSNS client registers a valid TCP or UDP port number in this
- field, then the client SHALL allow ESI messages to be received at the
- indicated TCP or UDP port. If a TCP port is registered and a pre-
- existing TCP connection from that TCP port to the iSNS server does
- not already exist, then the iSNS client SHALL accept new TCP
- connections from the iSNS server at the indicated TCP port.
-
- The iSNS server SHALL return an error if a Network Entity is
- registered for ESI monitoring and none of the Portals of that Network
- Entity has an entry for the ESI Port field. If multiple Portals have
- a registered ESI port, then the ESI message may be delivered to any
- one of the indicated Portals.
-
-6.3.6. Portal Index
-
- The Portal Index is a 4-byte non-zero integer value that uniquely
- identifies each Portal registered in the iSNS database. Upon initial
- registration of a Portal, the iSNS server assigns an unused value for
- the Portal Index of that Portal. Each Portal in the iSNS database
- MUST be assigned a value for the Portal Index that is not assigned to
- any other Portal. Furthermore, Portal Index values for recently
- deregistered Portals SHOULD NOT be reused in the short term.
-
- The Portal Index MAY be used to represent a registered Portal in
- situations where the Portal IP-Address and Portal TCP/UDP Port is
- unwieldy to use. An example of this is when SNMP is used for
- management, as described in Section 2.10.
-
-6.3.7. SCN Port
-
- This field contains the TCP or UDP port used by the iSNS client to
- receive SCN messages from the iSNS server. When a value is
- registered for this attribute, an SCN message may be received on the
- indicated port for any of the Storage Nodes supported by the Portal.
- Bits 16 to 31 contain the port number. If bit 15 is set, then the
- port type is UDP. Otherwise, the port type is TCP. Bits 0 to 14 are
- reserved.
-
- If the iSNS client registers a valid TCP or UDP port number in this
- field, then the client SHALL allow SCN messages to be received at the
- indicated TCP or UDP port. If a TCP port is registered and a pre-
-
-
-
-Tseng, et al. Standards Track [Page 82]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- existing TCP connection from that TCP port to the iSNS server does
- not already exist, then the iSNS client SHALL accept new TCP
- connections from the iSNS server at the indicated TCP port.
-
- The iSNS server SHALL return an error if an SCN registration message
- is received and none of the Portals of the Network Entity has an
- entry for the SCN Port. If multiple Portals have a registered SCN
- Port, then the SCN SHALL be delivered to any one of the indicated
- Portals of that Network Entity.
-
-6.3.8. Portal Next Index
-
- This is a virtual attribute containing a 4-byte integer value that
- indicates the next available (i.e., unused) Portal Index value. This
- attribute may only be queried; the iSNS server SHALL return an error
- code of 3 (Invalid Registration) to any client that attempts to
- register a value for this attribute. A Message Key is not required
- when exclusively querying for this attribute.
-
- The Portal Next Index MAY be used by an SNMP client to create an
- entry in the iSNS server. SNMP requirements are described in Section
- 2.10.
-
-6.3.9. Portal Security Bitmap
-
- This 4-byte field contains flags that indicate security attribute
- settings for the Portal. Bit 31 (Lsb) of this field must be 1
- (enabled) for this field to contain significant information. If Bit
- 31 is enabled, this signifies that the iSNS server can be used to
- store and distribute security policies and settings for iSNS clients
- (i.e., iSCSI devices). Bit 30 must be 1 for bits 25-29 to contain
- significant information. All other bits are reserved for non-
- IKE/IPSec security mechanisms to be specified in the future.
-
- Bit Position Flag Description
- ------------ ----------------
- 25 1 = Tunnel Mode Preferred; 0 = No Preference
- 26 1 = Transport Mode Preferred; 0 = No Preference
- 27 1 = Perfect Forward Secrecy (PFS) Enabled;
- 0 = PFS Disabled
- 28 1 = Aggressive Mode Enabled; 0 = Disabled
- 29 1 = Main Mode Enabled; 0 = MM Disabled
- 30 1 = IKE/IPSec Enabled; 0 = IKE/IPSec Disabled
- 31 (Lsb) 1 = Bitmap VALID; 0 = INVALID
- All others RESERVED
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 83]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.3.10. Portal ISAKMP Phase-1 Proposals
-
- This field contains the IKE Phase-1 proposal listing in decreasing
- order of preference of the protection suites acceptable to protect
- all IKE Phase-2 messages sent and received by the Portal. This
- includes Phase-2 SAs from the iSNS client to the iSNS server as well
- as to peer iFCP and/or iSCSI devices. This attribute contains the SA
- payload, proposal payload(s), and transform payload(s) in the ISAKMP
- format defined in [RFC2408].
-
- This field should be used if the implementer wishes to define phase-1
- SA security configuration on a per-Portal basis, as opposed to on a
- per-Network Entity basis. If the implementer desires to have a
- single phase-1 SA security configuration to protect all phase-2
- traffic regardless of the interface used, then the Entity Phase-1
- Proposal (Section 6.2.9) should be used.
-
-6.3.11. Portal ISAKMP Phase-2 Proposals
-
- This field contains the IKE Phase-2 proposal, in ISAKMP format
- [RFC2408], listing in decreasing order of preference the security
- proposals acceptable to protect traffic sent and received by the
- Portal. This field is used only if bits 31, 30, and 29 of the
-
- Security Bitmap (see 6.3.9) are enabled. This attribute contains the
- SA payload, proposal payload(s), and associated transform payload(s)
- in the ISAKMP format defined in [RFC2408].
-
-6.3.12. Portal Certificate
-
- This attribute contains one or more X.509 certificates that are a
- credential of the Portal. This certificate is used to identify and
- authenticate communications to the IP address and TCP/UDP Port
- supported by the Portal. The format of the X.509 certificate is
- specified in [RFC3280]. This certificate MUST contain a Subject Name
- with an empty sequence and MUST contain a SubjectAltName extension
- encoded with the iPAddress type. The Portal IP Address (Section
- 6.3.1) of the identified Portal SHALL be stored in the SubjectAltName
- field of the certificate.
-
-6.4. iSCSI Node-Keyed Attributes
-
- The following attributes are stored in the iSNS database using the
- iSCSI Name attribute as the key. Each set of Node-Keyed attributes
- is associated with one Entity Identifier object key.
-
- Although the iSCSI Name key is associated with one Entity Identifier,
- it is unique across the entire iSNS database.
-
-
-
-Tseng, et al. Standards Track [Page 84]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.4.1. iSCSI Name
-
- This is a variable-length UTF-8 encoded NULL-terminated text-based
- description of up to 224 bytes. This key attribute is required for
- iSCSI Storage Nodes and is provided by the iSNS client. The
- registered iSCSI Name MUST conform to the format described in [iSCSI]
- for iSCSI Names. The maximum size for an iSCSI Name is 223 bytes.
- Including the NULL character and 4-byte alignment (see Section
- 5.3.1), the maximum iSCSI Name field size is 224 bytes.
-
- If an iSCSI Name is registered without an EID key, then a Network
- Entity SHALL be created and an EID assigned. The assigned EID SHALL
- be returned in the registration response as an operating attribute.
-
- This field MUST be normalized according to the stringprep template
- [STRINGPREP] before it is stored in the iSNS database.
-
-6.4.2. iSCSI Node Type
-
- This required 32-bit field is a bitmap indicating the type of iSCSI
- Storage Node. The bit positions are defined below. A set bit (1)
- indicates that the Node has the corresponding characteristics.
-
- Bit Position Node Type
- ------------ ---------
- 29 Control
- 30 Initiator
- 31 (Lsb) Target
- All others RESERVED
-
- If the Target bit is set to 1, then the Node represents an iSCSI
- target. The Target bit MAY be set by iSNS clients using the iSNSP.
-
- If the Initiator bit is set to 1, then the Node represents an iSCSI
- initiator. The Initiator bit MAY be set by iSNS clients using the
- iSNSP.
-
- If the control bit is set to 1, then the Node represents a gateway, a
- management station, a backup iSNS server, or another device that is
- not an initiator or target, but that requires the ability to send and
- receive iSNSP messages, including state change notifications.
- Setting the control bit is an administrative task that MUST be
- performed on the iSNS server; iSNS clients SHALL NOT be allowed to
- change this bit using the iSNSP.
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 85]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- This field MAY be used by the iSNS server to distinguish among
- permissions by different iSCSI Node types for accessing various iSNS
- functions. More than one Node Type bit may be simultaneously
- enabled.
-
-6.4.3. iSCSI Node Alias
-
- This is a variable-length UTF-8 encoded NULL-terminated text-based
- description of up to 256 bytes. The Alias is a user-readable
- description of the Node entry in the iSNS database.
-
-6.4.4. iSCSI Node SCN Bitmap
-
- The iSCSI Node SCN Bitmap indicates events for which the registering
- iSNS client wishes to receive a notification message. The following
- table displays events that result in notifications, and the bit field
- in the SCN Bitmap that, when enabled, results in the corresponding
- notification.
-
- Note that this field is of dual use: it is used in the SCN
- registration process to define interested events that will trigger an
- SCN message, and it is also contained in each SCN message itself, to
- indicate the type of event that triggered the SCN message. A set bit
- (1) indicates the corresponding type of SCN.
-
- Bit Position Flag Description
- ------------ ----------------
- 24 INITIATOR AND SELF INFORMATION ONLY
- 25 TARGET AND SELF INFORMATION ONLY
- 26 MANAGEMENT REGISTRATION/SCN
- 27 OBJECT REMOVED
- 28 OBJECT ADDED
- 29 OBJECT UPDATED
- 30 DD/DDS MEMBER REMOVED (Mgmt Reg/SCN only)
- 31 (Lsb) DD/DDS MEMBER ADDED (Mgmt Reg/SCN only)
- All others RESERVED
-
- DD/DDS MEMBER REMOVED indicates that an existing member of a
- Discovery Domain and/or Discovery Domain Set has been removed.
-
- DD/DDS MEMBER ADDED indicates that a new member was added to an
- existing DD and/or DDS.
-
- OBJECT REMOVED, OBJECT ADDED, and OBJECT UPDATED indicate a Network
- Entity, Portal, Storage Node, FC Device, DD, and/or DDS object was
- removed from, added to, or updated in the Discovery Domain or in the
- iSNS database (Control Nodes only).
-
-
-
-
-Tseng, et al. Standards Track [Page 86]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Regular SCNs provide information about objects that are updated in,
- added to or removed from Discovery Domains of which the Storage Node
- is a member. An SCN or SCN registration is considered a regular SCN
- or regular SCN registration if the MANAGEMENT REGISTRATION/SCN flag
- is cleared. All iSNS clients may register for regular SCNs.
-
- Management SCNs provide information about all changes to the network,
- regardless of discovery domain membership. Registration for
- management SCNs is indicated by setting bit 26 to 1. Only Control
- Nodes may register for management SCNs. Bits 30 and 31 may only be
- enabled if bit 26 is set to 1.
-
- TARGET AND SELF INFORMATION ONLY SCNs (bit 25) provides information
- only about changes to target devices, or if the iSCSI Storage Node
- itself has undergone a change. Similarly, INITIATOR AND SELF
- INFORMATION ONLY SCNs (bit 24) provides information only about
- changes to initiator Nodes, or to the target itself.
-
-6.4.5. iSCSI Node Index
-
- The iSCSI Node Index is a 4-byte non-zero integer value used as a key
- that uniquely identifies each iSCSI Storage Node registered in the
- iSNS database. Upon initial registration of the iSCSI Storage Node,
- the iSNS server assigns an unused value for the iSCSI Node Index.
- Each iSCSI Node MUST be assigned a value for the iSCSI Node Index
- that is not assigned to any other iSCSI Storage Node. Furthermore,
- iSCSI Node Index values for recently deregistered iSCSI Storage Nodes
- SHOULD NOT be reused in the short term.
-
- The iSCSI Node Index may be used as a key to represent a registered
- Node in situations where the iSCSI Name is too long to be used as a
- key. An example of this is when SNMP is used for management, as
- described in Section 2.10.
-
- The value assigned for the iSCSI Node Index SHALL persist as long as
- the iSCSI Storage Node is registered in the iSNS database or a member
- of a Discovery Domain. An iSCSI Node Index value that is assigned
- for a Storage Node SHALL NOT be used for any other Storage Node as
- long as the original node is registered in the iSNS database or a
- member of a Discovery Domain.
-
-6.4.6. WWNN Token
-
- This field contains a globally unique 64-bit integer value that can
- be used to represent the World Wide Node Name of the iSCSI device in
- a Fibre Channel fabric. This identifier is used during the device
- registration process and MUST conform to the requirements in [FC-FS].
-
-
-
-
-Tseng, et al. Standards Track [Page 87]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- The FC-iSCSI gateway uses the value found in this field to register
- the iSCSI device in the Fibre Channel name server. It is stored in
- the iSNS server to prevent conflict when "proxy" WWNN values are
- assigned to iSCSI initiators establishing storage sessions to devices
- in the FC fabric.
-
- If the iSNS client does not assign a value for WWNN Token, then the
- iSNS server SHALL provide a value for this field upon initial
- registration of the iSCSI Storage Node. The process by which the
- WWNN Token is assigned by the iSNS server MUST conform to the
- following requirements:
-
- 1. The assigned WWNN Token value MUST be unique among all WWN
- entries in the existing iSNS database, and among all devices that
- can potentially be registered in the iSNS database.
-
- 2. Once the value is assigned, the iSNS server MUST persistently
- save the mapping between the WWNN Token value and registered
- iSCSI Name. That is, successive re-registrations of the iSCSI
- Storage Node keyed by the same iSCSI Name maintain the original
- mapping to the associated WWNN Token value in the iSNS server.
- Similarly, the mapping SHALL be persistent across iSNS server
- reboots. Once assigned, the mapping can only be changed if a
- DevAttrReg message from an authorized iSNS client explicitly
- provides a different WWNN Token value.
-
- 3. Once a WWNN Token value has been assigned and mapped to an iSCSI
- name, that WWNN Token value SHALL NOT be reused or mapped to any
- other iSCSI name.
-
- 4. The assigned WWNN Token value MUST conform to the formatting
- requirements of [FC-FS] for World Wide Names (WWNs).
-
- An iSNS client, such as an FC-iSCSI gateway or the iSCSI initiator,
- MAY register its own WWNN Token value or overwrite the iSNS Server-
- supplied WWNN Token value, if it wishes to supply its own iSCSI-FC
- name mapping. This is accomplished using the DevAttrReg message with
- the WWNN Token (tag=37) as an operating attribute. Once overwritten,
- the new WWNN Token value MUST be stored and saved by the iSNS server,
- and all requirements specified above continue to apply. If an iSNS
- client attempts to register a value for this field that is not unique
- in the iSNS database or that is otherwise invalid, then the
- registration SHALL be rejected with an Status Code of 3 (Invalid
- Registration).
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 88]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- There MAY be matching records in the iSNS database for the Fibre
- Channel device specified by the WWNN Token. These records may
- contain device attributes for that FC device registered in the Fibre
- Channel fabric name server.
-
-6.4.7. iSCSI Node Next Index
-
- This is a virtual attribute containing a 4-byte integer value that
- indicates the next available (i.e., unused) iSCSI Node Index value.
- This attribute may only be queried; the iSNS server SHALL return an
- error code of 3 (Invalid Registration) to any client that attempts to
- register a value for this attribute. A Message Key is not required
- when exclusively querying for this attribute.
-
- The iSCSI Node Next Index MAY be used by an SNMP client to create an
- entry in the iSNS server. SNMP requirements are described in Section
- 2.10.
-
-6.4.8. iSCSI AuthMethod
-
- This attribute contains a NULL-terminated string of UTF-8 text
- listing the iSCSI authentication methods enabled for this iSCSI
- Storage Node, in order of preference. The text values used to
- identify iSCSI authentication methods are embedded in this string
- attribute and delineated by a comma. The text values are identical
- to those found in the main iSCSI document [iSCSI]; additional
- vendor-specific text values are also possible.
-
- Text Value Description Reference
- ---------- ----------- ---------
- KB5 Kerberos V5 [RFC1510]
- SPKM1 Simple Public Key GSS-API [RFC2025]
- SPKM2 Simple Public Key GSS-API [RFC2025]
- SRP Secure Remote Password [RFC2945]
- CHAP Challenge Handshake Protocol [RFC1994]
- none No iSCSI Authentication
-
-6.5. Portal Group (PG) Object-Keyed Attributes
-
- The following attributes are used to associate Portal and iSCSI
- Storage Node objects. PG objects are stored in the iSNS database
- using the PG iSCSI Name, the PG Portal IP Address, and the PG Portal
- TCP/UDP Port as keys. New PG objects are implicitly or explicitly
- created at the time that the corresponding Portal and/or iSCSI
- Storage Node objects are registered. Section 3.4 has a general
- discussion of PG usage. For further details on use of Portal Groups,
- see [iSCSI].
-
-
-
-
-Tseng, et al. Standards Track [Page 89]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.5.1. Portal Group iSCSI Name
-
- This is the iSCSI Name for the iSCSI Storage Node that is associated
- with the PG object. This name MAY represent an iSCSI Storage Node
- not currently registered in the server.
-
-6.5.2. PG Portal IP Addr
-
- This is the Portal IP Address attribute for the Portal that is
- associated with the PG object. This Portal IP Address MAY be that of
- a Portal that is not currently registered in the server.
-
-6.5.3. PG Portal TCP/UDP Port
-
- This is the Portal TCP/UDP Port attribute for the Portal that is
- associated with the PG object. This Portal TCP/UDP Port MAY be that
- of a Portal that is not currently registered in the server.
-
-6.5.4. Portal Group Tag (PGT)
-
- This field is used to group Portals in order to coordinate
- connections in a session across Portals to a specified iSCSI Node.
- The PGT is a value in the range of 0-65535, or NULL. A NULL PGT
- value is registered by using 0 for the length in the TLV during
- registration. The two least significant bytes of the value contain
- the PGT for the object. The two most significant bytes are reserved.
- If a PGT value is not explicitly registered for an iSCSI Storage Node
- and Portal pair, then the PGT value SHALL be implicitly registered as
- 0x00000001.
-
-6.5.5. Portal Group Index
-
- The PG Index is a 4-byte non-zero integer value used as a key that
- uniquely identifies each PG object registered in the iSNS database.
- Upon initial registration of a PG object, the iSNS server MUST assign
- an unused value for the PG Index. Furthermore, PG Index values for
- recently deregistered PG objects SHOULD NOT be reused in the short
- term.
-
- The PG Index MAY be used as the key to reference a registered PG in
- situations where a unique index for each PG object is required. It
- MAY also be used as the message key in an iSNS message to query or
- update a pre-existing PG object. An example of this is when SNMP is
- used for management, as described in Section 2.10. The value
- assigned for the PG Index SHALL persist as long as the server is
- active.
-
-
-
-
-
-Tseng, et al. Standards Track [Page 90]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.5.6. Portal Group Next Index
-
- The PG Next Index is a virtual attribute containing a 4-byte integer
- value that indicates the next available (i.e., unused) PG Index
- value. This attribute may only be queried; the iSNS server SHALL
- return an error code of 3 (Invalid Registration) to any client that
- attempts to register a value for this attribute. A Message Key is
- not required when exclusively querying for this attribute.
-
- The Portal Group Next Index MAY be used by an SNMP client to create
- an entry in the iSNS server. SNMP requirements are described in
- Section 2.10.
-
-6.6. FC Port Name-Keyed Attributes
-
- The following attributes are registered in the iSNS database using
- the FC Port World Wide Name (WWPN) attribute as the key. Each set of
- FC Port-Keyed attributes is associated with one Entity Identifier
- object key.
-
- Although the FC Port World Wide Name is associated with one Entity
- Identifier, it is also globally unique.
-
-6.6.1. FC Port Name (WWPN)
-
- This 64-bit identifier uniquely defines the FC Port, and it is the
- World Wide Port Name (WWPN) of the corresponding Fibre Channel
- device. This attribute is the key for the iFCP Storage Node. This
- globally unique identifier is used during the device registration
- process, and it uses a value conforming to IEEE EUI-64 [EUI-64].
-
-6.6.2. Port ID (FC_ID)
-
- The Port Identifier is a Fibre Channel address identifier assigned to
- an N_Port or NL_Port during fabric login. The format of the Port
- Identifier is defined in [FC-FS]. The least significant 3 bytes
- contain this address identifier. The most significant byte is
- RESERVED.
-
-
-
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 91]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.6.3. FC Port Type
-
- Indicates the type of FC port. Encoded values for this field are
- listed in the following table:
-
- Type Description
- ---- -----------
- 0x0000 Unidentified/Null Entry
- 0x0001 Fibre Channel N_Port
- 0x0002 Fibre Channel NL_Port
- 0x0003 Fibre Channel F/NL_Port
- 0x0004-0080 RESERVED
- 0x0081 Fibre Channel F_Port
- 0x0082 Fibre Channel FL_Port
- 0x0083 RESERVED
- 0x0084 Fibre Channel E_Port
- 0x0085-00FF RESERVED
- 0xFF11 RESERVED
- 0xFF12 iFCP Port
- 0xFF13-FFFF RESERVED
-
-6.6.4. Symbolic Port Name
-
- This is a variable-length UTF-8 encoded NULL-terminated text-based
- description of up to 256 bytes that is associated with the iSNS-
- registered FC Port Name in the network.
-
-6.6.5. Fabric Port Name (FWWN)
-
- This 64-bit identifier uniquely defines the fabric port. If the port
- of the FC Device is attached to a Fibre Channel fabric port with a
- registered Port Name, then that fabric Port Name SHALL be indicated
- in this field.
-
-6.6.6. Hard Address
-
- This field is the requested hard address 24-bit NL Port Identifier,
- included in the iSNSP for compatibility with Fibre Channel Arbitrated
- Loop devices and topologies. The least significant 3 bytes of this
- field contain the address. The most significant byte is RESERVED.
-
-6.6.7. Port IP Address
-
- The Fibre Channel IP address associated with the FC Port. When this
- field contains an IPv4 value, it is stored as an IPv4-mapped IPv6
- address. That is, the most significant 10 bytes are set to 0x00,
- with the next two bytes set to 0xFFFF [RFC2373]. When an IPv6 value
- is contained in this field, then the entire 16-byte field is used.
-
-
-
-Tseng, et al. Standards Track [Page 92]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.6.8. Class of Service (COS)
-
- This 32-bit bit-map field indicates the Fibre Channel Class of
- Service types that are supported by the registered port. In the
- following table, a set bit (1) indicates a Class of Service
- supported.
-
- Bit Position Description
- ------------ -----------
- 29 Fibre Channel Class 2 Supported
- 28 Fibre Channel Class 3 Supported
-
-6.6.9. FC-4 Types
-
- This 32-byte field indicates the FC-4 protocol types supported by the
- associated port. This field can be used to support Fibre Channel
- devices and is consistent with FC-GS-4.
-
-6.6.10. FC-4 Descriptor
-
- This is a variable-length UTF-8 encoded NULL-terminated text-based
- description of up to 256 bytes that is associated with the iSNS-
- registered device port in the network. This field can be used to
- support Fibre Channel devices and is consistent with FC-GS-4.
-
-6.6.11. FC-4 Features
-
- This is a 128-byte array, 4 bits per type, for the FC-4 protocol
- types supported by the associated port. This field can be used to
- support Fibre Channel devices and is consistent with FC-GS-4.
-
-6.6.12. iFCP SCN Bitmap
-
- This field indicates the events the iSNS client is interested in.
- These events can cause SCNs to be generated. SCNs provide
- information about objects that are updated in, added to or removed
- from Discovery Domains of which the source and destination are a
- member. Management SCNs provide information about all changes to the
- network. A set bit (1) indicates the type of SCN for the bitmap as
- follows:
-
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 93]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Bit Position Flag Description
- ------------ ----------------
- 24 INITIATOR AND SELF INFORMATION ONLY
- 25 TARGET AND SELF INFORMATION ONLY
- 26 MANAGEMENT REGISTRATION/SCN
- 27 OBJECT REMOVED
- 28 OBJECT ADDED
- 29 OBJECT UPDATED
- 30 DD/DDS MEMBER REMOVED (Mgmt Reg/SCN only)
- 31 (Lsb) DD/DDS MEMBER ADDED (Mgmt Reg/SCN only)
- All others RESERVED
-
- Further information on the use of the bit positions specified above
- can be found in Section 6.4.4.
-
-6.6.13. Port Role
-
- This required 32-bit field is a bitmap indicating the type of iFCP
- Storage Node. The bit fields are defined below. A set bit indicates
- the Node has the corresponding characteristics.
-
- Bit Position Node Type
- ------------ ---------
- 29 Control
- 30 FCP Initiator
- 31 (Lsb) FCP Target
- All Others RESERVED
-
- If the 'Target' bit is set to 1, then the port represents an FC
- target. Setting of the 'Target' bit MAY be performed by iSNS clients
- using the iSNSP.
-
- If the 'Initiator' bit is set to 1, then the port represents an FC
- initiator. Setting of the 'Initiator' bit MAY be performed by iSNS
- clients using the iSNSP.
-
- If the 'Control' bit is set to 1, then the port represents a gateway,
- a management station, an iSNS backup server, or another device.
-
- This is usually a special device that is neither an initiator nor a
- target, which requires the ability to send and receive iSNSP
- messages, including state-change notifications. Setting the control
- bit is an administrative task that MUST be administratively
- configured on the iSNS server; iSNS clients SHALL NOT be allowed to
- change this bit using the iSNSP.
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 94]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- This field MAY be used by the iSNS server to distinguish among
- permissions by different iSNS clients. For example, an iSNS server
- implementation may be administratively configured to allow only
- targets to receive ESIs, or to permit only Control Nodes to add,
- modify, or delete discovery domains.
-
-6.6.14. Permanent Port Name (PPN)
-
- The Permanent Port Name can be used to support Fibre Channel devices
- and is consistent with the PPN description in FC-GS-4 [FC-GS-4]. The
- format of the PPN is identical to the FC Port Name WWPN attribute
- format.
-
-6.7. Node-Keyed Attributes
-
- The following attributes are registered in the iSNS database using
- the FC Node Name (WWNN) attribute as the key. Each set of FC Node-
- Keyed attributes represents a single device and can be associated
- with many FC Ports.
-
- The FC Node Name is unique across the entire iSNS database.
-
-6.7.1. FC Node Name (WWNN)
-
- The FC Node Name is a 64-bit identifier that is the World Wide Node
- Name (WWNN) of the corresponding Fibre Channel device. This
- attribute is the key for the FC Device. This globally unique
- identifier is used during the device registration process, and it
- uses a value conforming to IEEE EUI-64 [EUI-64].
-
-6.7.2. Symbolic Node Name
-
- This is a variable-length UTF-8 encoded NULL-terminated text-based
- description of up to 256 bytes that is associated with the iSNS-
- registered FC Device in the network.
-
-6.7.3. Node IP Address
-
- This IP address is associated with the device Node in the network.
- This field is included for compatibility with Fibre Channel. When
- this field contains an IPv4 value, it is stored as an IPv4-mapped
- IPv6 address. That is, the most significant 10 bytes are set to
- 0x00, with the next two bytes set to 0xFFFF [RFC2373]. When an IPv6
- value is contained in this field, the entire 16-byte field is used.
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 95]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.7.4. Node IPA
-
- This field is the 8-byte Fibre Channel Initial Process Associator
- (IPA) associated with the device Node in the network. The initial
- process associator is used for communication between Fibre Channel
- devices.
-
-6.7.5. Proxy iSCSI Name
-
- This is a variable-length UTF-8 encoded NULL-terminated text-based
- field that contains the iSCSI Name used to represent the FC Node in
- the IP network. It is used as a pointer to the matching iSCSI Name
- entry in the iSNS server. Its value is usually registered by an FC-
- iSCSI gateway connecting the IP network to the fabric containing the
- FC device.
-
- Note that if this field is used, there SHOULD be a matching entry in
- the iSNS database for the iSCSI device specified by the iSCSI name.
- The database entry should include the full range of iSCSI attributes
- needed for discovery and management of the "iSCSI proxy image" of the
- FC device.
-
-6.8. Other Attributes
-
- The following are not attributes of the previously-defined objects.
-
-6.8.1. FC-4 Type Code
-
- This is a 4-byte field used to provide a FC-4 type during a FC-4 Type
- query. The FC-4 types are consistent with the FC-4 Types as defined
- in FC-FS. Byte 0 contains the FC-4 type. All other bytes are
- reserved.
-
-6.8.2. iFCP Switch Name
-
- The iFCP Switch Name is a 64-bit World Wide Name (WWN) identifier
- that uniquely identifies a distinct iFCP gateway in the network.
- This globally unique identifier is used during the switch
- registration/FC_DOMAIN_ID assignment process. The iFCP Switch Name
- value used MUST conform to the requirements stated in [FC-FS] for
- World Wide Names. The iSNS server SHALL track the state of all
- FC_DOMAIN_ID values that have been allocated to each iFCP Switch
- Name. If a given iFCP Switch Name is deregistered from the iSNS
- database, then all FC_DOMAIN_ID values allocated to that iFCP Switch
- Name SHALL be returned to the unused pool of values.
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 96]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.8.3. iFCP Transparent Mode Commands
-
-6.8.3.1. Preferred ID
-
- This is a 4-byte unsigned integer field, and it is the requested
- value that the iSNS client wishes to use for the FC_DOMAIN_ID. The
- iSNS server SHALL grant the iSNS client the use of the requested
- value as the FC_DOMAIN_ID, if the requested value has not already
- been allocated. If the requested value is not available, the iSNS
- server SHALL return a different value that has not been allocated.
-
-6.8.3.2. Assigned ID
-
- This is a 4-byte unsigned integer field that is used by an iFCP
- gateway to reserve its own unique FC_DOMAIN_ID value from the range 1
- to 239. When a FC_DOMAIN_ID is no longer required, it SHALL be
- released by the iFCP gateway using the RlseDomId message. The iSNS
- server MUST use the Entity Status Inquiry message to determine
- whether an iFCP gateway is still present on the network.
-
-6.8.3.3. Virtual_Fabric_ID
-
- This is a variable-length UTF-8 encoded NULL-terminated text-based
- field of up to 256 bytes. The Virtual_Fabric_ID string is used as a
- key attribute to identify a range of non-overlapping FC_DOMAIN_ID
- values to be allocated using RqstDomId. Each Virtual_Fabric_ID
- string submitted by an iSNS client SHALL have its own range of non-
- overlapping FC_DOMAIN_ID values to be allocated to iSNS clients.
-
-
-6.9. iSNS Server-Specific Attributes
-
- Access to the following attributes may be administratively
- controlled. These attributes are specific to the iSNS server
- instance; the same value is returned for all iSNS clients accessing
- the iSNS server. Only query messages may be performed on these
- attributes. Attempted registrations of values for these attributes
- SHALL return a status code of 3 (Invalid Registration).
-
- A query for an iSNS Server-Specific attribute MUST contain the
- identifying key attribute (i.e., iSCSI Name or FC Port Name WWPN) of
- the Node originating the registration or query message as the Source
- and Message Key attributes. The Operating Attributes are the
- server-specific attributes being registered or queried.
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 97]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.9.1. iSNS Server Vendor OUI
-
- This attribute is the OUI (Organizationally Unique Identifier)
- [802-1990] identifying the specific vendor implementing the iSNS
- server. This attribute can only be queried; iSNS clients SHALL NOT be
- allowed to register a value for the iSNS Server Vendor OUI.
-
-6.10. Vendor-Specific Attributes
-
- iSNS server implementations MAY define vendor-specific attributes for
- private use. These attributes MAY be used to store optional data
- that is registered and/or queried by iSNS clients in order to gain
- optional capabilities. Note that any implementation of vendor-
- specific attributes in the iSNS server SHALL NOT impose any form of
- mandatory behavior on the part of the iSNS client.
-
- The tag values used for vendor-specific and user-specific use are
- defined in Section 6.1. To avoid misinterpreting proprietary
- attributes, the vendor's own OUI (Organizationally Unique Identifier)
- MUST be placed in the upper three bytes of the attribute value field
- itself.
-
- The OUI is defined in IEEE Std 802-1990 and is the same constant used
- to generate 48 bit Universal LAN MAC addresses. A vendor's own iSNS
- implementation will then be able to recognize the OUI in the
- attribute field and be able to execute vendor-specific handling of
- the attribute.
-
-6.10.1. Vendor-Specific Server Attributes
-
- Attributes with tags in the range 257 to 384 are vendor-specific or
- site-specific attributes of the iSNS server. Values for these
- attributes are administratively set by the specific vendor providing
- the iSNS server implementation. Query access to these attributes may
- be administratively controlled. These attributes are unique for each
- logical iSNS server instance. Query messages for these attributes
- SHALL use the key identifier (i.e., iSCSI Name or FC Port Name WWPN)
- for both the Source attribute and Message Key attribute. These
- attributes can only be queried; iSNS clients SHALL NOT be allowed to
- register a value for server attributes.
-
-6.10.2. Vendor-Specific Entity Attributes
-
- Attributes in the range 385 to 512 are vendor-specific or site-
- specific attributes used to describe the Network Entity object.
- These attributes are keyed by the Entity Identifier attribute
- (tag=1).
-
-
-
-
-Tseng, et al. Standards Track [Page 98]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.10.3. Vendor-Specific Portal Attributes
-
- Attributes in the range 513 to 640 are vendor-specific or site-
- specific attributes used to describe the Portal object. These
- attributes are keyed by the Portal IP-Address (tag=16) and Portal
- TCP/UDP Port (tag=17).
-
-6.10.4. Vendor-Specific iSCSI Node Attributes
-
- Attributes in the range 641 to 768 are vendor-specific or site-
- specific attributes used to describe the iSCSI Node object. These
- attributes are keyed by the iSCSI Name (tag=32).
-
-6.10.5. Vendor-Specific FC Port Name Attributes
-
- Attributes in the range 769 to 896 are vendor-specific or site-
- specific attributes used to describe the N_Port Port Name object.
- These attributes are keyed by the FC Port Name WWPN (tag=64).
-
-6.10.6. Vendor-Specific FC Node Name Attributes
-
- Attributes in the range 897 to 1024 are vendor-specific or site-
- specific attributes used to describe the FC Node Name object. These
- attributes are keyed by the FC Node Name WWNN (tag=96).
-
-6.10.7. Vendor-Specific Discovery Domain Attributes
-
- Attributes in the range 1025 to 1280 are vendor-specific or site-
- specific attributes used to describe the Discovery Domain object.
- These attributes are keyed by the DD_ID (tag=104).
-
-6.10.8. Vendor-Specific Discovery Domain Set Attributes
-
- Attributes in the range 1281 to 1536 are vendor-specific or site-
- specific attributes used to describe the Discovery Domain Set object.
- These attributes are keyed by the DD Set ID (tag=101)
-
-6.10.9. Other Vendor-Specific Attributes
-
- Attributes in the range 1537 to 2048 can be used for key and non-key
- attributes that describe new vendor-specific objects specific to the
- vendor's iSNS server implementation.
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 99]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.11. Discovery Domain Registration Attributes
-
-6.11.1. DD Set ID Keyed Attributes
-
-6.11.1.1. Discovery Domain Set ID (DDS ID)
-
- The DDS ID is an unsigned non-zero integer identifier used in the
- iSNS directory database as a key to indicate a Discovery Domain Set
- uniquely. A DDS is a collection of Discovery Domains that can be
- enabled or disabled by a management station. This value is used as a
- key for DDS attribute queries. When a Discovery Domain is
- registered, it is initially not in any DDS.
-
- If the iSNS client does not provide a DDS_ID in a DDS registration
- request message, the iSNS server SHALL generate a DDS_ID value that
- is unique within the iSNS database for that new DDS. The created DDS
- ID SHALL be returned in the response message. The DDS ID value of 0
- is reserved, and the DDS ID value of 1 is used for the default DDS
- (see Section 2.2.2).
-
-6.11.1.2. Discovery Domain Set Symbolic Name
-
- A variable-length UTF-8 encoded NULL-terminated text-based field of
- up to 256 bytes. This is a user-readable field used to assist a
- network administrator in tracking the DDS function. When a client
- registers a DDS symbolic name, the iSNS server SHALL verify it is
- unique. If the name is not unique, then the DDS registration SHALL
- be rejected with an "Invalid Registration" Status Code. The invalid
- attribute(s), in this case the DDS symbolic name, SHALL be included
- in the response.
-
-6.11.1.3. Discovery Domain Set Status
-
- The DDS_Status field is a 32-bit bitmap indicating the status of the
- DDS. Bit 0 of the bitmap indicates whether the DDS is Enabled (1) or
- Disabled (0). The default value for the DDS Enabled flag is Disabled
- (0).
-
- Bit Position DDS Status
- ------------ ---------
- 31 (Lsb) DDS Enabled (1) / DDS Disabled (0)
- All others RESERVED
-
-6.11.1.4. Discovery Domain Set Next ID
-
- This is a virtual attribute containing a 4-byte integer value that
- indicates the next available (i.e., unused) Discovery Domain Set
- Index value. This attribute may only be queried; the iSNS server
-
-
-
-Tseng, et al. Standards Track [Page 100]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- SHALL return an error code of 3 (Invalid Registration) to any client
- that attempts to register a value for this attribute. A Message Key
- is not required when exclusively querying for this attribute.
-
- The Discovery Domain Set Next Index MAY be used by an SNMP client to
- create an entry in the iSNS server. SNMP requirements are described
- in Section 2.10.
-
-6.11.2. DD ID Keyed Attributes
-
-6.11.2.1. Discovery Domain ID (DD ID)
-
- The DD ID is an unsigned non-zero integer identifier used in the iSNS
- directory database as a key to identify a Discovery Domain uniquely.
- This value is used as the key for any DD attribute query. If the
- iSNS client does not provide a DD_ID in a DD registration request
- message, the iSNS server SHALL generate a DD_ID value that is unique
- within the iSNS database for that new DD (i.e., the iSNS client will
- be registered in a new DD). The created DD ID SHALL be returned in
- the response message. The DD ID value of 0 is reserved, and the DD
- ID value of 1 is used for the default DD (see Section 2.2.2).
-
-6.11.2.2. Discovery Domain Symbolic Name
-
- A variable-length UTF-8 encoded NULL-terminated text-based field of
- up to 256 bytes. When a client registers a DD symbolic name, the
- iSNS server SHALL verify it is unique. If the name is not unique,
- then the DD registration SHALL be rejected with an "Invalid
- Registration" Status Code. The invalid attribute(s), in this case
- the DD symbolic name, SHALL be included in the response.
-
-6.11.2.3. Discovery Domain Member: iSCSI Node Index
-
- This is the iSCSI Node Index of a Storage Node that is a member of
- the DD. The DD may have a list of 0 to n members. The iSCSI Node
- Index is one alternative representation of membership in a Discovery
- Domain, the other alternative being the iSCSI Name. The Discovery
- Domain iSCSI Node Index is a 4-byte non-zero integer value.
-
- The iSCSI Node Index can be used to represent a DD member in
- situations where the iSCSI Name is too long to be used. An example
- of this is when SNMP is used for management, as described in Section
- 2.10.
-
- The iSCSI Node Index and the iSCSI Name stored as a member in a DD
- SHALL be consistent with the iSCSI Node Index and iSCSI Name
- attributes registered for the Storage Node object in the iSNS server.
-
-
-
-
-Tseng, et al. Standards Track [Page 101]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-6.11.2.4. Discovery Domain Member: iSCSI Name
-
- A variable-length UTF-8 encoded NULL-terminated text-based field of
- up to 224 bytes. It indicates membership for the specified iSCSI
- Storage Node in the Discovery Domain. Note that the referenced
- Storage Node does not need to be actively registered in the iSNS
- database before the iSNS client uses this attribute. There is no
- limit to the number of members that may be in a DD. Membership is
- represented by the iSCSI Name of the iSCSI Storage Node.
-
-6.11.2.5. Discovery Domain Member: FC Port Name
-
- This 64-bit identifier attribute indicates membership for an iFCP
- Storage Node (FC Port) in the Discovery Domain. Note that the
- referenced Storage Node does not need to be actively registered in
- the iSNS database before the iSNS client uses this attribute. There
- is no limit to the number of members that may be in a DD. Membership
- is represented by the FC Port Name (WWPN) of the iFCP Storage Node.
-
-6.11.2.6. Discovery Domain Member: Portal Index
-
- This attribute indicates membership in the Discovery Domain for a
- Portal. It is an alternative representation for Portal membership to
- the Portal IP Address and Portal TCP/UDP Port. The referenced Portal
- MUST be actively registered in the iSNS database before the iSNS
- client uses this attribute.
-
-6.11.2.7. Discovery Domain Member: Portal IP Address
-
- This attribute and the Portal TCP/UDP Port attribute indicate
- membership in the Discovery Domain for the specified Portal. Note
- that the referenced Portal does not need to be actively registered in
- the iSNS database before the iSNS client uses this attribute.
-
-6.11.2.8. Discovery Domain Member: Portal TCP/UDP Port
-
- This attribute and the Portal IP Address attribute indicate
- membership in the Discovery Domain for the specified Portal. Note
- that the referenced Portal does not need to be actively registered in
- the iSNS database before the iSNS client uses this attribute.
-
-6.11.2.9. Discovery Domain Features
-
- The Discovery Domain Features is a bitmap indicating the features of
- this DD. The bit positions are defined below. A bit set to 1
- indicates the DD has the corresponding characteristics.
-
-
-
-
-
-Tseng, et al. Standards Track [Page 102]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Bit Position DD Feature
- ------------ ----------
- 31 (Lsb) Boot List Enabled (1)/Boot List Disabled (0)
- All others RESERVED
-
- Boot List: this feature indicates that the target(s) in this DD
- provides boot capabilities for the member initiators, as described in
- [iSCSI-boot].
-
-6.11.2.10. Discovery Domain Next ID
-
- This is a virtual attribute containing a 4-byte integer value that
- indicates the next available (i.e., unused) Discovery Domain Index
- value. This attribute may only be queried; the iSNS server SHALL
- return an error code of 3 (Invalid Registration) to any client that
- attempts to register a value for this attribute. A Message Key is
- not required when exclusively querying for this attribute.
-
-7. Security Considerations
-
-7.1. iSNS Security Threat Analysis
-
- When the iSNS protocol is deployed, the interaction between iSNS
- server and iSNS clients is subject to the following security threats:
-
- a) An attacker could alter iSNS protocol messages, such as to direct
- iSCSI and iFCP devices to establish connections with rogue peer
- devices, or to weaken/eliminate IPSec protection for iSCSI or
- iFCP traffic.
-
- b) An attacker could masquerade as the real iSNS server using false
- iSNS heartbeat messages. This could cause iSCSI and iFCP devices
- to use rogue iSNS servers.
-
- c) An attacker could gain knowledge about iSCSI and iFCP devices by
- snooping iSNS protocol messages. Such information could aid an
- attacker in mounting a direct attack on iSCSI and iFCP devices,
- such as a denial-of-service attack or outright physical theft.
-
- To address these threats, the following capabilities are needed:
-
- a) Unicast iSNS protocol messages may need to be authenticated. In
- addition, to protect against threat c), confidentiality support
- is desirable and is REQUIRED when certain functions of iSNS
- server are utilized.
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 103]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- b) Multicast iSNS protocol messages such as the iSNS heartbeat
- message may need to be authenticated. These messages need not be
- confidential since they do not leak critical information.
-
-7.2. iSNS Security Implementation and Usage Requirements
-
- If the iSNS server is used to distribute authorizations for
- communications between iFCP and iSCSI peer devices, IPsec ESP with
- null transform MUST be implemented, and non-null transform MAY be
- implemented. If a non-null transform is implemented, then the DES
- encryption algorithm SHOULD NOT be used.
-
- If the iSNS server is used to distribute security policy for iFCP and
- iSCSI devices, then authentication, data integrity, and
- confidentiality MUST be supported and used. Where confidentiality is
- desired or required, IPSec ESP with non-null transform SHOULD be
- used, and the DES encryption algorithm SHOULD NOT be used.
-
- If the iSNS server is used to provide the boot list for clients, as
- described in Section 6.11.2.9, then the iSCSI boot client SHOULD
- implement a secure iSNS connection.
-
- In order to protect against an attacker masquerading as an iSNS
- server, client devices MUST support the ability to authenticate
- broadcast or multicast messages such as the iSNS heartbeat. The iSNS
- authentication block (which is identical in format to the SLP
- authentication block) SHALL be used for this purpose. iSNS clients
- MUST implement the iSNS authentication block and MUST support BSD
- value 0x002. If the iSNS server supports broadcast or multicast iSNS
- messages (i.e., the heartbeat), then the server MUST implement the
- iSNS authentication block and MUST support BSD value 0x002. Note
- that the authentication block is used only for iSNS broadcast or
- multicast messages and MUST NOT be used in unicast iSNS messages.
-
- There is no requirement that the communicating identities in iSNS
- protocol messages be kept confidential. Specifically, the identity
- and location of the iSNS server is not considered confidential.
-
- For protecting unicast iSNS protocol messages, iSNS servers
- supporting security MUST implement ESP in tunnel mode and MAY
- implement transport mode.
-
- All iSNS implementations supporting security MUST support the replay
- protection mechanisms of IPsec.
-
- iSNS security implementations MUST support both IKE Main Mode and
- Aggressive Mode for authentication, negotiation of security
- associations, and key management, using the IPSec DOI [RFC2407].
-
-
-
-Tseng, et al. Standards Track [Page 104]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- Manual keying SHOULD NOT be used since it does not provide the
- necessary rekeying support. Conforming iSNS security implementations
- MUST support authentication using a pre-shared key, and MAY support
- certificate-based peer authentication using digital signatures. Peer
- authentication using the public key encryption methods outlined in
- IKEs Sections 5.2 and 5.3 [RFC2409] SHOULD NOT be supported.
-
- Conforming iSNS implementations MUST support both IKE Main Mode and
- Aggressive Mode. IKE Main Mode with pre-shared key authentication
- SHOULD NOT be used when either of the peers use dynamically assigned
- IP addresses. Although Main Mode with pre-shared key authentication
- offers good security in many cases, situations where dynamically
- assigned addresses are used force the use of a group pre-shared key,
- which is vulnerable to man-in-the-middle attack. IKE Identity
- Payload ID_KEY_ID MUST NOT be used.
-
- When digital signatures are used for authentication, either IKE Main
- Mode or IKE Aggressive Mode MAY be used. In all cases, access to
- locally stored secret information (pre-shared key or private key for
- digital signing) MUST be suitably restricted, since compromise of the
- secret information nullifies the security properties of the IKE/IPsec
- protocols.
-
- When digital signatures are used to achieve authentication, an IKE
- negotiator SHOULD use IKE Certificate Request Payload(s) to specify
- the certificate authority (or authorities) that are trusted in
- accordance with its local policy. IKE negotiators SHOULD check the
- pertinent Certificate Revocation List (CRL) before accepting a PKI
- certificate for use in IKE's authentication procedures.
-
- When the iSNS server is used without security, IP block storage
- protocol implementations MUST support a negative cache for
- authentication failures. This allows implementations to avoid
- continually contacting discovered endpoints that fail authentication
- within IPsec or at the application layer (in the case of iSCSI
- Login). The negative cache need not be maintained within the IPsec
- implementation, but rather within the IP block storage protocol
- implementation.
-
-7.3. Discovering Security Requirements of Peer Devices
-
- Once communication between iSNS clients and the iSNS server has been
- secured through use of IPSec, the iSNS client devices have the
- capability to discover the security settings that they need to use
- for their peer-to-peer communications using the iSCSI and/or iFCP
- protocols. This provides a potential scaling advantage over device-
- by-device configuration of individual security policies for each
- iSCSI and iFCP device.
-
-
-
-Tseng, et al. Standards Track [Page 105]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- The iSNS server stores security settings for each iSCSI and iFCP
- device interface. These security settings, which can be retrieved by
- authorized hosts, include use or non-use of IPSec, IKE, Main Mode,
- and Aggressive Mode. For example, IKE may not be enabled for a
- particular interface of a peer device. If a peer device can learn of
- this in advance by consulting the iSNS server, it will not need to
- waste time and resources attempting to initiate an IKE phase 1
- session with that peer device interface.
-
- If iSNS is used for this purpose, then the minimum information that
- should be learned from the iSNS server is the use or non-use of IKE
- and IPSec by each iFCP or iSCSI peer device interface. This
- information is encoded in the Security Bitmap field of each Portal of
- the peer device, and is applicable on a per-interface basis for the
- peer device. iSNS queries for acquiring security configuration data
- about peer devices MUST be protected by IPSec/ESP authentication.
-
-7.4. Configuring Security Policies of iFCP/iSCSI Devices
-
- Use of iSNS for distribution of security policies offers the
- potential to reduce the burden of manual device configuration, and to
- decrease the probability of communications failures due to
- incompatible security policies. If iSNS is used to distribute
- security policies, then IPSec authentication, data integrity, and
- confidentiality MUST be used to protect all iSNS protocol messages.
-
- The complete IKE/IPSec configuration of each iFCP and/or iSCSI device
- can be stored in the iSNS server, including policies that are used
- for IKE Phase 1 and Phase 2 negotiations between client devices. The
- IKE payload format includes a series of one or more proposals that
- the iSCSI or iFCP device will use when negotiating the appropriate
- IPsec policy to use to protect iSCSI or iFCP traffic.
-
- In addition, the iSCSI Authentication Methods used by each iSCSI
- device can also be stored in the iSNS server. The iSCSI AuthMethod
- field (tag=42) contains a null-terminated string embedded with the
- text values indicating iSCSI authentication methods to be used by
- that iSCSI device.
-
- Note that iSNS distribution of security policy is not necessary if
- the security settings can be determined by other means, such as
- manual configuration or IPsec security policy distribution. If a
- network entity has already obtained its security configuration via
- other mechanisms, then it MUST NOT request security policy via iSNS.
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 106]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-7.5. Resource Issues
-
- The iSNS protocol is lightweight and will not generate a significant
- amount of traffic. iSNS traffic is characterized by occasional
- registration, notification, and update messages that do not consume
- significant amounts of bandwidth. Even software-based IPSec
- implementations should not have a problem handling the traffic loads
- generated by the iSNS protocol.
-
- To fulfill iSNS security requirements, the only additional resources
- needed beyond what is already required for iSCSI and iFCP involve the
- iSNS server. Because iSCSI and iFCP end nodes are already required
- to implement IKE and IPSec, these existing requirements can also be
- used to fulfill IKE and IPSec requirements for iSNS clients.
-
-7.6. iSNS Interaction with IKE and IPSec
-
- When IPSec security is enabled, each iSNS client with at least one
- Storage Node that is registered in the iSNS database SHALL maintain
- at least one phase-1 security association with the iSNS server. All
- iSNS protocol messages between iSNS clients and the iSNS server SHALL
- be protected by a phase-2 security association.
-
- When a Network Entity is removed from the iSNS database, the iSNS
- server SHALL send a phase-1 delete message to the associated iSNS
- client IKE peer, and tear down all phase-1 and phase-2 SAs associated
- with that iSNS client.
-
-8. IANA Considerations
-
- The well-known TCP and UDP port number for iSNS is 3205.
-
- The standards action of this RFC creates two registries to be
- maintained by IANA in support of iSNSP and assigns initial values for
- both registries. The first registry is of Block Storage Protocols
- supported by iSNS. The second registry is a detailed registry of
- standard iSNS attributes that can be registered to and queried from
- the iSNS server. Note that this RFC uses the registry created for
- Block Structure Descriptor (BSD) in Section 15 of Service Location
- Protocol, Version 2 [RFC2608].
-
-8.1. Registry of Block Storage Protocols
-
- In order to maintain a registry of block storage protocols supported
- by iSNSP, IANA will assign a 32-bit unsigned integer number for each
- block storage protocol supported by iSNS. This number is stored in
- the iSNS database as the Entity Protocol. The initial set of values
- to be maintained by IANA for Entity Protocol is indicated in the
-
-
-
-Tseng, et al. Standards Track [Page 107]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- table in Section 6.2.2. Additional values for new block storage
- protocols to be supported by iSNS SHALL be assigned by the IPS WG
- Chairperson, or by a Designated Expert [RFC2434] appointed by the
- IETF Transport Area Director.
-
-8.2. Registry of Standard iSNS Attributes
-
- IANA is responsible for creating and maintaining the Registry of
- Standard iSNS Attributes. The initial list of iSNS attributes is
- described in Section 6. For each iSNS attribute this information
- MUST include, its tag value, the attribute length, and the tag values
- for the set of permissible registration and query keys that can be
- used for that attribute. The initial list of iSNS attributes to be
- maintained by IANA is indicated in Section 6.1.
-
- Additions of new standard attributes to the Registry of Standard iSNS
- Attributes SHALL require IETF Consensus [RFC2434]. The RFC required
- for this process SHALL specify use of tag values reserved for IANA
- allocation in Section 6.1. The RFC SHALL specify as a minimum, the
- new attribute tag value, attribute length, and the set of permissible
- registration and query keys that can be used for the new attribute.
- The RFC SHALL also include a discussion of the reasons for the new
- attribute(s) and how the new attribute(s) are to be used.
-
- As part of the process of obtaining IETF Consensus, the proposed RFC
- and its supporting documentation SHALL be made available to the IPS
- WG mailing list or, if the IPS WG is disbanded at the time, to a
- mailing list designated by the IETF Transport Area Director. The
- review and comment period SHALL last at least three months before the
- IPS WG Chair or a person designated by the IETF Transport Area
- Director decides either to reject the proposal or to forward the
- draft to the IESG for publication as an RFC. When the specification
- is published as an RFC, then IANA will register the new iSNS
- attribute(s) and make the registration available to the community.
-
-8.3. Block Structure Descriptor (BSD) Registry
-
- Note that IANA is already responsible for assigning and maintaining
- values used for the Block Structure Descriptor for the iSNS
- Authentication Block (see Section 5.5). Section 15 of [RFC2608]
- describes the process for allocation of new BSD values.
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 108]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-9. Normative References
-
- [iSCSI] Satran, J., Meth, K., Sapuntzakis, C., Chadalapaka, M.,
- and E. Zeidner, "Internet Small Computer Systems
- Interface (iSCSI)", RFC 3720, April 2004.
-
- [iFCP] Monia, C., Mullendore, R., Travostino, F., Jeong, W.,
- and M. Edwards, "iFCP - A Protocol for Internet Fibre
- Channel Storage Networking", RFC 4172, September 2005.
-
- [iSNSOption] Monia, C., Tseng, J., and K. Gibbons, The IPv4 Dynamic
- Host Configuration Protocol (DHCP) Option for the
- Internet Storage Name Service, RFC 4174, September 2005.
-
- [RFC2608] Guttman, E., Perkins, C., Veizades, J., and M. Day,
- "Service Location Protocol, Version 2 ", RFC 2608, June
- 1999.
-
- [iSCSI-SLP] Bakke, M., Hufferd, J., Voruganti, K., Krueger, M., and
- T. Sperry, "Finding Internet Small Computer Systems
- Interface (iSCSI) Targets and Name Servers by Using
- Service Location Protocol version 2 (SLP), RFC 4018,
- April 2005.
-
- [iSCSI-boot] Sarkar, P., Missimer, D., and C. Sapuntzakis,
- "Bootstrapping Clients using the Internet Samll Computer
- System Interface (iSCSI) Protocol", RFC 4173, September
- 2005.
-
- [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
- [STRINGPREP] Bakke, M., "String Profile for Internet Small Computer
- Systems Interface (iSCSI) Names", RFC 3722, April 2004.
-
- [NAMEPREP] Hoffman, P. Nameprep: A Stringprep Profile for
- Internationalized Domain Names, July 2002.
-
- [RFC2407] Piper, D., "The Internet IP Security Domain of
- Interpretation for ISAKMP", RFC 2407, November 1998.
-
- [RFC2408] Maughan, D., Schertler, M., Schneider, M., and J.
- Turner, "Internet Security Association and Key
- Management Protocol (ISAKMP)", RFC 2408, November 1998.
-
- [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange
- (IKE)", RFC 2409, November 1998.
-
-
-
-
-Tseng, et al. Standards Track [Page 109]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- [EUI-64] Guidelines for 64-bit Global Identifier (EUI-64)
- Registration Authority, May 2001, IEEE
-
- [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and
- Identifiers for the Internet X.509 Public Key
- Infrastructure Certificate and Certificate Revocation
- List (CRL) Profile", RFC 3279, April 2002.
-
- [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
- X.509 Public Key Infrastructure Certificate and
- Certificate Revocation List (CRL) Profile", RFC 3280,
- April 2002.
-
- [802-1990] IEEE Standards for Local and Metropolitan Area Networks:
- Overview and Architecture, Technical Committee on
- Computer Communications of the IEEE Computer Society,
- May 31, 1990
-
- [FC-FS] Fibre Channel Framing and Signaling Interface, NCITS
- Working Draft Project 1331-D
-
-10. Informative References
-
- [iSNSMIB] Gibbons, K., et al., "Definitions of Managed Objects for
- iSNS (Internet Storage name Service)", Work in Progress,
- July 2003.
-
- [X.509] ITU-T Recommendation X.509 (1997 E): Information
- Technology - Open Systems Interconnection - The
- Directory: Authentication Framework, June 1997
-
- [FC-GS-4] Fibre Channel Generic Services-4 (work in progress),
- NCITS Working Draft Project 1505-D
-
- [RFC1510] Kohl, J. and C. Neuman, "The Kerberos Network
- Authentication Service (V5)", RFC 1510, September 1993.
-
- [RFC2025] Adams, C., "The Simple Public-Key GSS-API Mechanism
- (SPKM)", RFC 2025, October 1996.
-
- [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
- IANA Considerations Section in RFCs", BCP 26, RFC 2434,
- October 1998.
-
- [RFC2945] Wu, T., "The SRP Authentication and Key Exchange
- System", RFC 2945, September 2000.
-
-
-
-
-
-Tseng, et al. Standards Track [Page 110]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- [RFC1994] Simpson, W., "PPP Challenge Handshake Authentication
- Protocol (CHAP)", RFC 1994, August 1996.
-
- [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC
- 2131, March 1997.
-
- [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
- "Introduction and Applicability Statements for
- Internet-Standard Management Framework", RFC 3410,
- December 2002.
-
- [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An
- Architecture for Describing Simple Network Management
- Protocol (SNMP) Management Frameworks", STD 62, RFC
- 3411, December 2002.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 111]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-Appendix A: iSNS Examples
-
-A.1. iSCSI Initialization Example
-
- This example assumes an SLP Service Agent (SA) has been implemented
- on the iSNS host, and an SLP User Agent (UA) has been implemented on
- the iSNS initiator. See [RFC2608] for further details on SAs and
- UAs. This example also assumes that the target is configured to use
- the iSNS server, and have its access control policy subordinated to
- the iSNS server.
-
-A.1.1. Simple iSCSI Target Registration
-
- In this example, a simple target with a single iSCSI name registers
- with the iSNS server. The target is represented in the iSNS by an
- Entity containing one Storage Node, one Portal, and an implicitly
- registered Portal Group that provides a relationship between the
- Storage Node and Portal. The target has not been assigned a Fully
- Qualified Domain Name (FQDN) by the administrator. In this example,
- because a PG object is not explicitly registered, a Portal Group with
- a PGT of 1 is implicitly registered. In this example SLP is used to
- discover the location of the iSNS Server. An alternative is to use
- the iSNS DHCP option [iSNSOption] to discover the iSNS server.
-
- +--------------------------+------------------+-------------------+
- | iSCSI Target Device | iSNS Server |Management Station |
- +--------------------------+------------------+-------------------+
- |Discover iSNS--SLP------->| |/*mgmt station is |
- | |<--SLP--iSNS Here:| administratively |
- | | 192.0.2.100 | authorized to view|
- | | | all DDs. Device |
- | DevAttrReg--------->| | NAMEabcd was |
- |Src:(tag=32) "NAMEabcd" | | previously placed |
- |Key: <none present> | | into DDabcd along |
- |Oper Attrs: | | with devpdq and |
- |tag=1: NULL | | devrst. |
- |tag=2: "iSCSI" | | |
- |tag=16: 192.0.2.5 | | |
- |tag=17: 5001 | | |
- |tag=32: "NAMEabcd" | | |
- |tag=33: target | | |
- |tag=34: "disk 1" | | |
- | |<---DevAttrRegRsp | |
- | |SUCCESS | |
- | |Key:(tag=1) "isns:0001" |
- | |Oper Attrs: | |
- | |tag=1: "isns:0001"| |
- | |tag=2: "iSCSI" | |
-
-
-
-Tseng, et al. Standards Track [Page 112]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- | |tag=16: 192.0.2.5 | |
- | |tag=17: 5001 | |
- | |tag=32: "NAMEabcd"|/* previously |
- | |tag=33: target | placed in a DD */ |
- | |tag=34: "disk 1" | |
- | | | |
- | | SCN-------->| |
- | |(or SNMP notification) |
- | |dest:(tag=32):"MGMTname1" |
- | |time:(tag=4): <current time> |
- | |tag=35: "MGT-SCN, OBJ-ADD" |
- | |tag=32: "NAMEabcd"| |
- | | |<-------SCNRsp |
- | DevAttrQry--------->| | |
- |Src:(tag=32) "NAMEabcd" | | |
- |Key:(tag=33) "initiator" | | |
- |Oper Attrs: | | |
- |tag=16: NULL | | |
- |tag=17: NULL | | |
- |tag=32: NULL | | |
- |/*Query asks for all initr| | |
- |devices' IP address, port |<---DevAttrQryRsp | |
- |number, and Name*/ |SUCCESS | |
- | |tag=16:192.0.2.1 | |
- | |tag=17:50000 | |
- | |tag=32:"devpdq" | |
- | |tag=16:192.0.2.2 | |
- | |tag=17:50000 | |
- | |tag=32:"devrst" | |
- |/*************************| |<-----DevAttrQry |
- |Our target "NAMEabcd" | |src: "MGMTname1" |
- |discovers two initiators | key:(tag=32)"NAMEabcd"
- |in shared DDs. It will | |Op Attrs: |
- |accept iSCSI logins from | |tag=16: NULL |
- |these two identified | |tag=17: NULL |
- |initiators presented by | |tag=32: NULL |
- |iSNS | | |
- |*************************/| DevAttrQryRsp--->| |
- | |SUCCESS | |
- | |tag=16: 192.0.2.5 | |
- | |tag=17: 5001 | |
- | |tag=32: "NAMEabcd"| |
- +--------------------------+------------------+-------------------+
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 113]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-A.1.2. Target Registration and DD Configuration
-
- In this example, a more complex target, with two Storage Nodes and
- two Portals using ESI monitoring, registers with the iSNS. This
- target has been configured with a Fully Qualified Domain Name (FQDN)
- in the DNS servers, and the user wishes to use this identifier for
- the device. The target explicitly registers Portal Groups to
- describe how each Portal provides access to each Storage Node. One
- target Storage Node allows coordinated access through both Portals.
- The other Storage Node allows access, but not coordinated access,
- through both Portals.
-
- +--------------------------+------------------+-------------------+
- | iSCSI Target Device | iSNS Server |Management Station |
- +--------------------------+------------------+-------------------+
- |Discover iSNS--SLP--> | |/*mgmt station is |
- | |<--SLP--iSNS Here:| administratively |
- | | 192.0.2.100 | authorized to view|
- | DevAttrReg--> | | all DDs */ |
- |Src: | | |
- |tag=32: "NAMEabcd" | | |
- |Msg Key: | | |
- |tag=1: "jbod1.example.com"| | |
- |Oper Attrs: | | |
- |tag=1: "jbod1.example.com"| | |
- |tag=2: "iSCSI" | | |
- |tag=16: 192.0.2.4 | | |
- |tag=17: 5001 | | |
- |tag=19: 5 | | |
- |tag=20: 5002 | | |
- |tag=16: 192.0.2.5 | | |
- |tag=17: 5001 | | |
- |tag=19: 5 | | |
- |tag=20: 5002 | | |
- |tag=32: "NAMEabcd" | | |
- |tag=33: "Target" | | |
- |tag=34: "Storage Array 1" | | |
- |tag=51: 10 | | |
- |tag=49: 192.0.2.4 | | |
- |tag=50: 5001 | | |
- |tag=49: 192.0.2.5 | | |
- |tag=50: 5001 | | |
- |tag=32: "NAMEefgh" | | |
- |tag=33: "Target" | | |
- |tag=34: "Storage Array 2" |/*****************| |
- |tag=51: 20 |jbod1.example.com is |
- |tag=49: 192.0.2.4 |now registered in | |
- |tag=50: 5001 |iSNS, but is not | |
-
-
-
-Tseng, et al. Standards Track [Page 114]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- |tag=51: 30 |in any DD. Therefore, |
- |tag=49: 192.0.2.5 |no other devices | |
- |tag=50: 5001 |can "see" it. | |
- | |*****************/| |
- | |<--DevAttrRegRsp | |
- | |SUCCESS | |
- | |Msg Key: | |
- | |tag=1: "jbod1.example.com" |
- | |Oper Attrs: | |
- | |tag=1: "jbod1.example.com" |
- | |tag=2: "iSCSI" | |
- | |tag=16: 192.0.2.4 | |
- | |tag=17: 5001 | |
- | |tag=19: 5 | |
- | |tag=20: 5002 | |
- | |tag=16: 192.0.2.5 | |
- | |tag=17: 5001 | |
- | |tag=19: 5 | |
- | |tag=20: 5002 | |
- | |tag=32: "NAMEabcd"| |
- | |tag=33: "Target" | |
- | |tag=34: "Storage Array 1" |
- | |tag=48: "NAMEabcd"| |
- | |tag=49: 192.0.2.4 | |
- | |tag=50: 5001 | |
- | |tag=51: 10 | |
- | |tag=48: "NAMEabcd"| |
- | |tag=49: 192.0.2.5 | |
- | |tag=50: 5001 | |
- | |tag=51: 10 | |
- | |tag=32: "NAMEefgh"| |
- | |tag=33: "Target" | |
- | |tag=34: "Storage Array 2" |
- | |tag=43: X.509 cert| |
- | |tag=48: "NAMEefgh"| |
- | |tag=49: 192.0.2.4 | |
- | |tag=50: 5001 | |
- | |tag=51: 20 | |
- | |tag=48: "NAMEefgh"| |
- | |tag=49: 192.0.2.5 | |
- | |tag=50: 5001 | |
- | |tag=51: 30 | |
- | | | |
- | | SCN------> | |
- | | (or SNMP notification) |
- | |dest:(tag=32)"mgmt.example.com" |
- | |time:(tag=4): <current time> |
- | |tag=35: "MGT-SCN, OBJ-ADD" |
-
-
-
-Tseng, et al. Standards Track [Page 115]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- | |tag=32: "NAMEabcd"| |
- | |tag=35: "MGT-SCN, OBJ-ADD" |
- | |tag=32: "NAMEefgh"| |
- | | |<--SCNRsp |
- | | |SUCCESS |
- | | tag=32:"mgmt.example.com"|
- | | | |
- | | |<--DevAttrQry |
- | | |Src: |
- | | tag=32:"mgmt.example.com"
- | | |Msg Key: |
- | | |tag=32: "NAMEabcd" |
- | | |Oper Attrs: |
- | | |tag=16: <0-length> |
- | | |tag=17: <0-length> |
- | | |tag=32: <0-length> |
- | | | |
- | | DevAttrQryRsp--> | |
- | |SUCCESS | |
- | |Msg Key: | |
- | |tag=32: "NAMEabcd"| |
- | |Oper Attrs: | |
- | |tag=16: 192.0.2.4 | |
- | |tag=17: 5001 | |
- | |tag=32:"NAMEabcd" | |
- | |tag=16: 192.0.2.5 | |
- | |tag=17: 5001 | |
- | |tag=32:"NAMEabcd" | |
- | | |Src: |
- | | tag=32:"mgmt.example.com"
- | | |Msg Key: |
- | | |tag=32: "NAMEefgh" |
- | | |Oper Attrs: |
- | | |tag=16: <0-length> |
- | | |tag=17: <0-length> |
- | | |tag=32: <0-length> |
- | | | |
- | | DevAttrQryRsp--> | |
- | |SUCCESS | |
- | |Msg Key: | |
- | |tag=32: "NAMEefgh"| |
- | |Oper Attrs: | |
- | |tag=16: 192.0.2.4 | |
- | |tag=17: 5001 | |
- | |tag=32:"NAMEefgh" | |
- | |tag=16: 192.0.2.5 |/**Mgmt Station ***|
- | |tag=17: 5001 |displays device, |
- | |tag=32:"NAMEefgh" |the operator decides
-
-
-
-Tseng, et al. Standards Track [Page 116]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- | | |to place "NAMEabcd"|
- | | |into Domain "DDxyz"|
- |/*************************| |******************/|
- |Target is now registered | | |
- |in iSNS. It is then placed| |<--DDReg |
- |in a pre-existing DD with | |Src: |
- |DD_ID 123 by a management | tag=32:"mgmt.example.com"
- |station. | |Msg Key: |
- |*************************/| |tag=2065: 123 |
- | | |Oper Attrs: |
- | | |tag=2068: "NAMEabcd"
- | | DDRegRsp-----> | |
- | |SUCCESS | |
- | |Msg Key: | |
- | |tag=2065: 123 | |
- | |Oper Attrs: | |
- | |tag=2065: 123 | |
- +--------------------------+------------------+-------------------+
-
-A.1.3. Initiator Registration and Target Discovery
-
- The following example illustrates a new initiator registering with
- the iSNS, and discovering the target NAMEabcd from the example in
- A.1.2.
-
- +--------------------------+------------------+-------------------+
- | iSCSI Initiator | iSNS |Management Station |
- +--------------------------+------------------+-------------------+
- |Discover iSNS--SLP--> | |/*mgmt station is |
- | |<--SLP--iSNS Here:| administratively |
- | | 192.36.53.1 | authorized to view|
- |DevAttrReg--> | | all DDs ********/ |
- |Src: | | |
- |tag=32: "NAMEijkl" | | |
- |Msg Key: | | |
- |tag=1: "svr1.example.com" | | |
- |Oper Attrs: | | |
- |tag=1: "svr1.example.com" | | |
- |tag=2: "iSCSI" | | |
- |tag=16: 192.20.3.1 |/*****************| |
- |tag=17: 5001 |Device not in any | |
- |tag=19: 5 |DD, so it is | |
- |tag=20: 5002 |inaccessible by | |
- |tag=32: "NAMEijkl" |other devices | |
- |tag=33: "Initiator" |*****************/| |
- |tag=34: "Server1" | | |
- |tag=51: 11 | | |
- |tag=49: 192.20.3.1 | | |
-
-
-
-Tseng, et al. Standards Track [Page 117]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- |tag=50: 5001 | | |
- | |<--DevAttrRegRsp | |
- | |SUCCESS | |
- | |Msg Key: | |
- | |tag=1: "svr1.example.com" |
- | |Oper Attrs: | |
- | |tag=1: "svr1.example.com" |
- | |tag=2: "iSCSI" | |
- | |tag=16: 192.20.3.1| |
- | |tag=17: 5001 | |
- | |tag=19: 5 | |
- | |tag=20: 5002 | |
- | |tag=32: "NAMEijkl"| |
- | |tag=33: "Initiator" |
- | |tag=34: "Server1" | |
- | |tag=48: "NAMEijkl"| |
- | |tag=49: 192.20.3.1| |
- | |tag=50: 5001 | |
- | |tag=51: 11 | |
- | | | |
- | | SCN------> | |
- | | (or SNMP notification) |
- | |dest:(tag=32)"mgmt.example.com" |
- | |time:(tag=4): <current time> |
- | |tag=35: "MGT-SCN, OBJ-ADD" |
- | |tag=32: "NAMEijkl"| |
- | | | |
- | | |<------SCNRsp |
- | | |SUCCESS |
- | | tag=32:"mgmt.example.com"
- | | | |
- |SCNReg--> | | |
- |Src: | | |
- |tag=32: "NAMEijkl" | | |
- |Msg Key: | | |
- |tag=32: "NAMEijkl" | | |
- |Oper Attrs: | | |
- |tag=35: <TARG&SELF, OBJ-RMV/ADD/UPD> | |
- | |<--SCNRegRsp | |
- | |SUCCESS | |
- | | | |
- | | |<----DevAttrQry |
- | | |Src: |
- | | tag=32:"mgmt.example.com"
- | | |Msg Key: |
- | | |tag=32: "NAMEijkl" |
- | | |Oper Attrs: |
- | | |tag=16: <0-length> |
-
-
-
-Tseng, et al. Standards Track [Page 118]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- | | |tag=17: <0-length> |
- | | |tag=32: <0-length> |
- | | DevAttrQryRsp--->| |
- | |SUCCESS | |
- | |Msg Key: | |
- | |tag=32: "NAMEijkl"| |
- | |Oper Attrs: | |
- | |tag=16:192.20.3.1 | |
- | |tag=17: 5001 | |
- | |tag=32:"NAMEijkl" | |
- | | |/**Mgmt Station ***|
- | | |displays device, the
- | | |operator decides to|
- | | |place "NAMEijkl" into
- | | |pre-existing Disc |
- | | |Domain "DDxyz" with|
- | | |device NAMEabcd |
- | | |******************/|
- | | |<--DDReg |
- | | |Src: |
- | | tag=32:"mgmt.example.com"
- | | |Msg Key: |
- | | |tag=2065: 123 |
- | | |Oper Attrs: |
- | | |tag=2068: "NAMEijkl"
- | | | |
- | | DDRegRsp---->| |
- | |SUCCESS | |
- | |Msg Key: | |
- | |tag=2065: 123 | |
- | |Oper Attrs: | |
- | |tag=2065: 123 |/******************|
- | | |"NAMEijkl" has been|
- | | |moved to "DDxyz" |
- | | |******************/|
- | | SCN------>| |
- | |dest:(tag=32)"mgmt.example.com" |
- | |time:(tag=4): <current time> |
- | |tag=35: <MGT-SCN, DD/DDS-MBR-ADD> |
- | |tag=2065: 123 | |
- | |tag=2068: "NAMEijkl" |
- | | | |
- | | |<------SCNRsp |
- | | |SUCCESS |
- | | tag=32:"mgmt.example.com"
- | |<-----SCN | |
- | |dest:(tag=32)"NAMEijkl" |
- | |time:(tag=4): <current time> |
-
-
-
-Tseng, et al. Standards Track [Page 119]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- | |tag=35: <TARG&SELF, OBJ-ADD> |
- | |tag=32: "NAMEijkl"| |
- | SCNRsp------> | | |
- |SUCCESS | | |
- |tag=32:"NAMEijkl" | | |
- | | | |
- | |/*****************| |
- | |Note that NAMEabcd| |
- | |also receives an | |
- | |SCN that NAMEijkl | |
- | |is in the same DD | |
- | |*****************/| |
- | (to "NAMEabcd")|<-----SCN | |
- | |dest:(tag=32)"NAMEabcd" |
- | |time:(tag=4): <current time> |
- | |tag=35: <INIT&SELF, OBJ-ADD> |
- | |tag=32: "NAMEijkl"| |
- | SCNRsp------> | | |
- |SUCCESS | | |
- |tag=32:"NAMEabcd" | | |
- | | | |
- | DevAttrQry----------->| | |
- |Src: | | |
- |tag=32: "NAMEijkl" | | |
- |Msg Key: | | |
- |tag=33: "Target" | | |
- |Oper Attrs: | | |
- |tag=16: <0-length> | | |
- |tag=17: <0-length> | | |
- |tag=32: <0-length> | | |
- |tag=34: <0-length> | | |
- |tag=43: <0-length> | | |
- |tag=48: <0-length> | | |
- |tag=49: <0-length> | | |
- |tag=50: <0-length> | | |
- |tag=51: <0-length> | | |
- | |<--DevAttrQryRsp | |
- | |SUCCESS | |
- | |Msg Key: | |
- | |tag=33:"Target" | |
- | |Oper Attrs: | |
- | |tag=16: 192.0.2.4 | |
- | |tag=17: 5001 | |
- | |tag=32: "NAMEabcd"| |
- | |tag=34: "Storage Array 1" |
- | |tag=16: 192.0.2.5 | |
- | |tag=17: 5001 | |
- | |tag=32: "NAMEabcd"| |
-
-
-
-Tseng, et al. Standards Track [Page 120]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
- | |tag=34: "Storage Array 1" |
- | |tag=43: X.509 cert| |
- | |tag=48: "NAMEabcd"| |
- | |tag=49: 192.0.2.4 | |
- | |tag=50: 5001 | |
- | |tag=51: 10 | |
- | |tag=48: "NAMEabcd"| |
- | |tag=49: 192.0.2.5 | |
- | |tag=50: 5001 | |
- | |tag=51: 10 | |
- | | | |
- |/***The initiator has discovered | |
- |the target, and has everything | |
- |needed to complete iSCSI login | |
- |The same process occurs on the | |
- |target side; the SCN prompts the | |
- |target to download the list of | |
- |authorized initiators from the | |
- |iSNS (i.e., those initiators in the | |
- |same DD as the target.************/ | |
- +--------------------------+------------------+-------------------+
-
-Acknowledgements
-
- Numerous individuals contributed to the creation of this document
- through their careful review and submissions of comments and
- recommendations. We acknowledge the following persons for their
- technical contributions to this document: Mark Bakke (Cisco), John
- Hufferd (IBM), Julian Satran (IBM), Kaladhar Voruganti(IBM), Joe Czap
- (IBM), John Dowdy (IBM), Tom McSweeney (IBM), Jim Hafner (IBM), Chad
- Gregory (Intel), Yaron Klein (Sanrad), Larry Lamers (Adaptec), Jack
- Harwood (EMC), David Black (EMC), David Robinson (Sun), Alan Warwick
- (Microsoft), Bob Snead (Microsoft), Fa Yoeu (Intransa), Joe White
- (McDATA), Charles Monia (McDATA), Larry Hofer (McDATA), Ken Hirata
- (Vixel), Howard Hall (Pirus), Malikarjun Chadalapaka (HP), Marjorie
- Krueger (HP), Siva Vaddepuri (McDATA), and Vinai Singh (American
- Megatrends).
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 121]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-Authors' Addresses
-
- Josh Tseng
- Riverbed Technology
- 501 2nd Street, Suite 410
- San Francisco, CA 94107
-
- Phone: (650)274-2109
- EMail: joshtseng@yahoo.com
-
-
- Kevin Gibbons
- McDATA Corporation
- 4555 Great America Parkway
- Santa Clara, CA 95054-1208
-
- Phone: (408) 567-5765
- EMail: kevin.gibbons@mcdata.com
-
-
- Franco Travostino
- Nortel
- 600 Technology Park Drive
- Billerica, MA 01821 USA
-
- Phone: (978) 288-7708
- EMail: travos@nortel.com
-
-
- Curt du Laney
- Rincon Research Corporation
- 101 North Wilmot Road, Suite 101
- Tucson AZ 85711
-
- Phone: (520) 519-4409
- EMail: cdl@rincon.com
-
-
- Joe Souza
- Microsoft Corporation
- One Microsoft Way
- Redmond, WA 98052-6399
-
- Phone: (425) 706-3135
- EMail: joes@exmsft.com
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 122]
-
-RFC 4171 Internet Storage Name Service (iSNS) September 2005
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (2005).
-
- This document is subject to the rights, licenses and restrictions
- contained in BCP 78, and except as set forth therein, the authors
- retain all their rights.
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Intellectual Property
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at ietf-
- ipr@ietf.org.
-
-Acknowledgement
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-
-Tseng, et al. Standards Track [Page 123]
-
View Lorry Controller Status