draft-ietf-ips-iscsi-slp-01.txt   draft-ietf-ips-iscsi-slp-02.txt 
Internet Draft Mark Bakke Internet Draft Mark Bakke
<draft-ietf-ips-iscsi-slp-01.txt> Cisco <draft-ietf-ips-iscsi-slp-02.txt> Cisco
Expires January 2002 Expires May 2002
Joe Czap Joe Czap
Jim Hafner Jim Hafner
John Hufferd John Hufferd
Kaladhar Voruganti Kaladhar Voruganti
IBM IBM
Howard Hall Howard Hall
Pirus Pirus
Jack Harwood Jack Harwood
EMC EMC
Yaron Klein Yaron Klein
Sanrad Sanrad
Marjorie Krueger Marjorie Krueger
HP HP
Lawrence Lamers Lawrence Lamers
San Valley Systems San Valley Systems
Todd Sperry Todd Sperry
Adaptec Adaptec
Joshua Tseng Joshua Tseng
Nishan Nishan
July 2001 November 2001
Finding iSCSI Targets and Name Servers Using SLP Finding iSCSI Targets and Name Servers Using SLP
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 3, line 24 skipping to change at page 3, line 17
Each of the above methods requires a small amount of configuration to Each of the above methods requires a small amount of configuration to
be done on each initiator. The ability to discover targets and name be done on each initiator. The ability to discover targets and name
services without having to configure initiators is a desirable services without having to configure initiators is a desirable
feature. The Service Location Protocol (SLP) [SLP] is an IETF feature. The Service Location Protocol (SLP) [SLP] is an IETF
standards track protocol that provides several features that will standards track protocol that provides several features that will
simplify locating iSCSI services. This document describes how SLP simplify locating iSCSI services. This document describes how SLP
can be used in iSCSI environments to discover targets, addresses can be used in iSCSI environments to discover targets, addresses
providing targets, and storage management servers. providing targets, and storage management servers.
WORK - Need to add RFC 3082 interaction and Unicast SLP commentary. This draft is a work in progress. Searching for the string "WORK" in
this document should find anything that is not considered to be
complete. The following items are still open:
WORK - Add comments about lifetime of URLs and how it is used. - Need to add RFC 3082 interaction. An initiator that is already up
and running must be notified within a reasonable amount of time
when a new target becomes available to it. This may be due to a
storage device booting, a network interface being added to the
device, a new target being created on the device, or the initiator
being added to the access-list of an existing device. Work is
under way to determine the best way to do this, either using the
experimental RFC 3082 or some modification thereof. Note that it
is a non-goal for SLP to notify an initiator when a target or one
of its service URLs is no longer accessible; the initiator will
find this out soon enough if it cares to attempt access to the
target. Note that RFC 3082 takes care of a device booting, adding
a new interface or target (and hence, a service URL), but not the
access-list change.
- Add comments about lifetime of URLs and how it is used. URLs are
registered with a finite lifetime. If the lifetime is too long, a
lot of stale URLs may hang around; if it is too short, SLP
participants will spend too much time re-registering the same old
URLs. There is a definite recommendation by the SLP folks to stick
with the default; I have to go look it up to see what it is.
- SLP can be set up to use either Unicast or Multicast. Add a
discussion on when to use each.
- Storage Name Service or Storage Management Service? Need to settle
on a generic name for things like this.
The following modifications have been made since draft-01:
- Removed the mgmt-ipaddress attribute from the template; if FQDN is
not available, the IP address may be returned in its place as a
dotted-decimal string.
- Added example for finding targets that will allow access to any
initiator.
- Updated Security Considerations to reference the IP storage
security draft.
3. Notation Conventions 3. Notation Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
4. Terminology 4. Terminology
Here are some definitions that may aid readers that are unfamiliar Here are some definitions that may aid readers that are unfamiliar
skipping to change at page 11, line 22 skipping to change at page 12, line 22
appropriately by providing an SA and registering the appropriate appropriately by providing an SA and registering the appropriate
service:iscsi:target registrations on the target's behalf; the target service:iscsi:target registrations on the target's behalf; the target
device would not have to advertise its own targets. This has no device would not have to advertise its own targets. This has no
impact on the initiator. impact on the initiator.
This allows the initiators' discovery of targets to be completely This allows the initiators' discovery of targets to be completely
interoperable regardless of which storage management service is used, interoperable regardless of which storage management service is used,
or whether one is used at all, or whether the target registrations or whether one is used at all, or whether the target registrations
are provided directly by the target or by the management service. are provided directly by the target or by the management service.
5.3. NAT and NAPT Considerations
Since SLP provides IP address and TCP port information within its
payload, the addresses an SA or DA advertise may not be the same as
those a UA must use if a Network Address(/Port) Translation
(NAT/NAPT) device is present between the UA and the SA. This may
result in the UA discovering address information that is unusable.
Here are a few recommendations to handle this:
- Use a fully-qualified domain name instead of IP address in service
URLs and in the mgmt-entity attribute.
- Stick with the default, IANA-assigned iSCSI TCP port number in
service URLs, wherever possible.
- If advertising service URLs through a NAT/NAPT device, and the
FQDN, IP address, or TCP port will be translated, the NAT/NAPT
device can provide an SLP proxy capability to do the translation.
5.4. Implementation Considerations
This section will answer common questions for those who are not too
familiar with SLP.
Where are the templates used? By the implementor; don't need to be
installed in a DA (not like a MIB).
Who makes use of the templates?
- Implementor of iSCSI host drivers / adapters / devices
- Network Administrator (DHCP and DA)
- Storage Administrator (DA and SA)
Integrating SLP DA or SA within a storage management server
When to use multicast and/or unicast
Using DHCP to bootstrap SLP discovery
6. iSCSI SLP Templates 6. iSCSI SLP Templates
Three templates are provided: an iSCSI target template, a management Three templates are provided: an iSCSI target template, a management
service template, and an abstract template to encapsulate the two. service template, and an abstract template to encapsulate the two.
6.1. The iSCSI Abstract Service Type Template 6.1. The iSCSI Abstract Service Type Template
This template defines the abstract service "service:iscsi". It is This template defines the abstract service "service:iscsi". It is
used as a top-level service to encapsulate all other iSCSI-related used as a top-level service to encapsulate all other iSCSI-related
services. services.
skipping to change at page 12, line 21 skipping to change at page 14, line 19
register each of them, with each of their addresses, as this service register each of them, with each of their addresses, as this service
type. type.
Initiators (and perhaps management services) wishing to discover Initiators (and perhaps management services) wishing to discover
targets in this way will generally use one of the following queries: targets in this way will generally use one of the following queries:
1. Find a specific target, given its iSCSI Target Name: 1. Find a specific target, given its iSCSI Target Name:
Service: service:iscsi:target Service: service:iscsi:target
Scope: initiator-scope-list Scope: initiator-scope-list
Query: (iscsi-name=iqn.5886.com.acme.sn.456) Query: (iscsi-name=iqn.2001-04.com.acme.sn.456)
2. Find all of the iSCSI Target Names that may allow access to a 2. Find all of the iSCSI Target Names that may allow access to a
given initiator: given initiator:
Service: service:iscsi:target Service: service:iscsi:target
Scope: initiator-scope-list Scope: initiator-scope-list
Query: (access-list=iqn.5886.com.os.hostid.045A7B) Query: (access-list=iqn.1998-03.com.os.hostid.045A7B)
3. Find the iSCSI Target Names from which the given initiator is 3. Find all of the iSCSI Target Names that may allow access to
any initiator:
Service: service:iscsi:target
Scope: initiator-scope-list
Query: (access-list=iscsi)
4. Find the iSCSI Target Names from which the given initiator is
allowed to boot: allowed to boot:
Service: service:iscsi:target Service: service:iscsi:target
Scope: initiator-scope-list Scope: initiator-scope-list
Query: (boot-list=iqn.5886.com.os.hostid.045A7B) Query: (boot-list=iqn.1998-03.com.os.hostid.045A7B)
4. In addition, a management service may wish to discover all 5. In addition, a management service may wish to discover all
targets, and assume proxy responsibility for them. It may targets:
issue a simple query for all of the targets:
Service: service:iscsi:target Service: service:iscsi:target
Scope: management-server-scope-list Scope: management-server-scope-list
Query: none Query: <empty-string>
More details on booting from an iSCSI target are defined in [BOOT]. More details on booting from an iSCSI target are defined in [BOOT].
Name of submitter: Mark Bakke Name of submitter: Mark Bakke
Language of service template: en Language of service template: en
Security Considerations: Security Considerations:
See later section. See later section.
Template Text: Template Text:
-------------------------template begins here----------------------- -------------------------template begins here-----------------------
skipping to change at page 13, line 30 skipping to change at page 15, line 32
url-path = ipaddr [ : tcpport ] / iscsi-name url-path = ipaddr [ : tcpport ] / iscsi-name
ipaddr = DNS host name or ip address ipaddr = DNS host name or ip address
tcpport = decimal tcp port number tcpport = decimal tcp port number
iscsi-name = iSCSI target name iscsi-name = iSCSI target name
; The iscsi-name part of the URL is required and must be the iSCSI ; The iscsi-name part of the URL is required and must be the iSCSI
; name of the target being registered. ; name of the target being registered.
; A device representing multiple targets must individually ; A device representing multiple targets must individually
; register each target/address combination with SLP. ; register each target/address combination with SLP.
; ;
; Example: ; Example:
; service:iscsi:target://10.1.3.40:5003/iqn.5886.com.acme.sn.45678 ; service:iscsi:target://10.1.3.40:5003/iqn.2001-04.com.acme.sn.45678
iscsi-name = string iscsi-name = string
# The iSCSI Name of this target. # The iSCSI Name of this target.
# This must match the iscsi-name in the url-path. # This must match the iscsi-name in the url-path.
portal-group = integer portal-group = integer
# The iSCSI portal group tag for this address. Addresses sharing # The iSCSI portal group tag for this address. Addresses sharing
# the same iscsi-name and portal-group tag can be used within the # the same iscsi-name and portal-group tag can be used within the
# same iSCSI session. Portal groups are described in [ISCSI]. # same iSCSI session. Portal groups are described in [ISCSI].
transports = string M L transports = string M L
tcp tcp
# This is a list of transport protocols that the registered # This is a list of transport protocols that the registered
# entity supports. iSCSI is currently supported over TCP, # entity supports. iSCSI is currently supported over TCP,
# but it is anticipated that it could be supported over other # but it is anticipated that it could be supported over other
# transports, such as SCTP, in the future. # transports, such as SCTP, in the future.
tcp tcp
entity = string O mgmt-entity = string O
# Normally the FQDN of the management interface of the entity # The fully qualified domain name, or IP address in dotted-decimal
# containing this target. # notation, of the management interface of the entity containing
# this target.
mgmt-ipaddr = string O #
# The IP address of the management interface appropriate for SNMP, # WORK - Should this be a URL?
# web-based, or telnet management of the entity containing this # snmp://10.1.1.1
# target. # http://mydisk.ssp.com:1080/
# telnet://mydisk.ssp.com
alias = string O alias = string O
# The alias string contains a descriptive name of the target. # The alias string contains a descriptive name of the target.
access-list = string M access-list = string M
# A list of iSCSI Initiator Names that can access this target. # A list of iSCSI Initiator Names that can access this target.
# Normal iSCSI names will be 50 characters or less; max length is 255. # Normal iSCSI names will be 50 characters or less; max length is 255.
# Normally, only one or a few values will be in the list. # Normally, only one or a few values will be in the list.
# Using the equivalence search on this will evaluate to "true" # Using the equivalence search on this will evaluate to "true"
# if any one of the items in this list matches the query. # if any one of the items in this list matches the query.
skipping to change at page 15, line 23 skipping to change at page 17, line 27
template-type=iscsi:sms template-type=iscsi:sms
template-version=0.1 template-version=0.1
template-description= template-description=
This is a concrete service type. The iscsi:sms service type This is a concrete service type. The iscsi:sms service type
provides the capability for entities supporting iSCSI to discover provides the capability for entities supporting iSCSI to discover
appropriate management services. appropriate management services.
template-url-syntax= template-url-syntax=
url-path = The URL of the management service. Defined in RFC 2608. url-path = ; The URL of the management service. Defined in RFC 2608.
protocols = string M L protocols = string M L
# The list of protocols supported by this name service. This # The list of protocols supported by this name service. This
# list may be expanded in the future. There is no default. # list may be expanded in the future. There is no default.
# #
# "isns" - This management service supports the use of the iSNS # "isns" - This management service supports the use of the iSNS
# protocol for access management, health monitoring, and # protocol for access management, health monitoring, and
# discovery management services. This protocol is defined # discovery management services. This protocol is defined
# in [ISNS]. # in [ISNS].
isns isns
skipping to change at page 16, line 11 skipping to change at page 18, line 14
is an issue, particularly with respect to the information sought by is an issue, particularly with respect to the information sought by
the client about IPSEC and IKE support, then SLP authentication the client about IPSEC and IKE support, then SLP authentication
should be enabled in the network. should be enabled in the network.
Once a target or management server is discovered, authentication and Once a target or management server is discovered, authentication and
authorization are handled by the iSCSI protocol, or by the management authorization are handled by the iSCSI protocol, or by the management
server's protocol. It is the responsibility of the providers of server's protocol. It is the responsibility of the providers of
these services to ensure that an inappropriately advertised or these services to ensure that an inappropriately advertised or
discovered service does not compromise their security. discovered service does not compromise their security.
7.1. IPsec Integration
Although SLPv2 security provides authentication, it does not provide
confidentiality.
The use of IPsec and IKE for SLPv2 is discussed in [IPS-SEC], and is
a work in progress. It will be discussed further here in a
subsequent draft revision.
8. Summary 8. Summary
This document describes how SLP can be used by iSCSI initiators to This document describes how SLP can be used by iSCSI initiators to
find iSCSI targets and storage management servers. Service type find iSCSI targets and storage management servers. Service type
templates for iSCSI targets and storage management servers are templates for iSCSI targets and storage management servers are
presented. presented.
9. References 9. References
[RFC2608] E. Guttman, C. Perkins, J. Veizades, M. Day. Service [RFC2608] E. Guttman, C. Perkins, J. Veizades, M. Day. Service
skipping to change at page 16, line 35 skipping to change at page 19, line 5
[RFC2614] J. Kempf, E. Guttman. An API for Service Location [RFC2614] J. Kempf, E. Guttman. An API for Service Location
RFC 2614, June 1999. RFC 2614, June 1999.
[RFC2119] S. Bradner. Key Words for Use in RFCs to Indicate [RFC2119] S. Bradner. Key Words for Use in RFCs to Indicate
Requirement Levels. RFC 2119, March 1997. Requirement Levels. RFC 2119, March 1997.
[RFC3082] J. Kempf, J Goldschmidt. Notification and Subscription for [RFC3082] J. Kempf, J Goldschmidt. Notification and Subscription for
SLP. RFC 3082, March 2001. SLP. RFC 3082, March 2001.
[ISCSI] J. Satran, et. al. "iSCSI", draft-ietf-ips-iscsi-07.txt, [ISCSI] J. Satran, et. al. "iSCSI", draft-ietf-ips-iscsi-08.txt,
July 2001. September 2001.
[SAM2] ANSI T10. "SCSI Architectural Model 2", March 2000. [SAM2] ANSI T10. "SCSI Architectural Model 2", March 2000.
[NDT] K. Voruganti, et. al. "iSCSI Naming and Discovery [NDT] K. Voruganti, et. al. "iSCSI Naming and Discovery", draft-
Requirements", draft-ietf-ips-iscsi-name-disc-02, July 2001. ietf-ips-iscsi-name-disc-03, July 2001.
[ISNS] J. Tseng, et. al. "Internet Storage Name Service", [ISNS] J. Tseng, et. al. "Internet Storage Name Service",
draft-ietf-ips-isns-04, July 2001. draft-ietf-ips-isns-05, November 2001.
[BOOT] P. Sarkar, D. Missimer, C. Sapuntzakis. "A Standard for [BOOT] P. Sarkar, D. Missimer, C. Sapuntzakis. "A Standard for
Bootstrapping Clients using the iSCSI Protocol", Bootstrapping Clients using the iSCSI Protocol",
draft-ietf-ips-iscsi-boot-02, February 2001. draft-ietf-ips-iscsi-boot-03, August 2001.
[RSIP] Kempf, J., Montenegro, G., "Finding an RSIP Server with [RSIP] Kempf, J., Montenegro, G., "Finding an RSIP Server with
SLP", draft-ietf-nat-rsip-slp-00, February 2000. SLP", draft-ietf-nat-rsip-slp-00, February 2000.
[IPS-SEC] B. Aboba, et. al., "Securing iSCSI, iFCP, and FCIP",
draft-ietf-ips-security-04, October 2001.
Author's Address: Author's Address:
Mark Bakke Mark Bakke
Cisco Systems, Inc. Cisco Systems, Inc.
6450 Wedgwood Road 6450 Wedgwood Road
Maple Grove, MN Maple Grove, MN
USA 55311 USA 55311
Voice: +1 763-398-1000 Voice: +1 763-398-1000
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/