draft-ietf-rddp-ddp-04.txt   draft-ietf-rddp-ddp-05.txt 
Remote Direct Data Placement Work Group Hemal Shah Remote Direct Data Placement Work Group Hemal Shah
INTERNET-DRAFT Intel Corporation INTERNET-DRAFT Intel Corporation
Category: Standards Track James Pinkerton Category: Standards Track James Pinkerton
draft-ietf-rddp-ddp-04.txt Microsoft Corporation draft-ietf-rddp-ddp-05.txt Microsoft Corporation
Renato Recio Renato Recio
IBM Corporation IBM Corporation
Paul Culley Paul Culley
Hewlett-Packard Company Hewlett-Packard Company
Expires: August, 2005 February, 2005 Expires: January, 2006 July, 2005
Direct Data Placement over Reliable Transports Direct Data Placement over Reliable Transports
Status of this Memo Status of this Memo
By submitting this Internet-Draft, I certify that any applicable By submitting this Internet-Draft, each author represents that any
patent or other IPR claims of which I am aware of have been applicable patent or other IPR claims of which he or she is aware
disclosed, and any of which I become aware will be disclosed, in have been or will be disclosed, and any of which he or she becomes
accordance with RFC 3668. aware will be disclosed, in accordance with Section 6 of BCP 79.
By submitting this Internet-Draft, I accept the provisions of
Section 4 of RFC 3667.
This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress." reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html The list of Internet-Draft http://www.ietf.org/1id-abstracts.html.
Shadow Directories can be accessed at
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Abstract Abstract
The Direct Data Placement protocol provides information to Place the The Direct Data Placement protocol provides information to Place the
incoming data directly into an upper layer protocol's receive buffer incoming data directly into an upper layer protocol's receive buffer
without intermediate buffers. This removes excess CPU and memory without intermediate buffers. This removes excess CPU and memory
utilization associated with transferring data through the utilization associated with transferring data through the
intermediate buffers. intermediate buffers.
Shah, et. al. Expires August 2005 1 Shah, et. al. Expires January 2006 1
Table of Contents Table of Contents
Status of this Memo...............................................1 Status of this Memo...............................................1
Abstract..........................................................1 Abstract..........................................................1
1 Introduction................................................4 1 Introduction................................................4
1.1 Architectural Goals.........................................4 1.1 Architectural Goals.........................................4
1.2 Protocol Overview...........................................5 1.2 Protocol Overview...........................................5
1.3 DDP Layering................................................6 1.3 DDP Layering................................................6
2 Glossary....................................................9 2 Glossary....................................................9
2.1 General.....................................................9 2.1 General.....................................................9
skipping to change at line 100 skipping to change at line 95
8.3.2 Privileged Resources Manager Requirement..................29 8.3.2 Privileged Resources Manager Requirement..................29
8.4 Security Services for DDP..................................30 8.4 Security Services for DDP..................................30
9 IANA Considerations........................................32 9 IANA Considerations........................................32
10 References.................................................33 10 References.................................................33
10.1 Normative References......................................33 10.1 Normative References......................................33
10.2 Informative References....................................33 10.2 Informative References....................................33
11 Appendix...................................................34 11 Appendix...................................................34
11.1 Receive Window sizing.....................................34 11.1 Receive Window sizing.....................................34
12 Author's Addresses.........................................35 12 Author's Addresses.........................................35
13 Acknowledgments............................................36 13 Acknowledgments............................................36
14 Full Copyright Statement...................................39 14 Intellectual Property Statement............................39
15 Disclaimer.................................................40
16 Copyright Notice...........................................41
Shah, et. al. Expires August 2005 2 Shah, et. al. Expires January 2006 2
Table of Figures Table of Figures
Figure 1 DDP Layering.............................................7 Figure 1 DDP Layering.............................................7
Figure 2 MPA, DDP, and RDMAP Header Alignment.....................8 Figure 2 MPA, DDP, and RDMAP Header Alignment.....................8
Figure 3 DDP Control Field.......................................15 Figure 3 DDP Control Field.......................................15
Figure 4 Tagged Buffer DDP Header................................16 Figure 4 Tagged Buffer DDP Header................................16
Figure 5 Untagged Buffer DDP Header..............................17 Figure 5 Untagged Buffer DDP Header..............................17
Figure 6 DDP Segment Format......................................18 Figure 6 DDP Segment Format......................................18
Shah, et. al. Expires August 2005 3 Shah, et. al. Expires January 2006 3
1 Introduction 1 Introduction
Direct Data Placement Protocol (DDP) enables an Upper Layer Protocol Direct Data Placement Protocol (DDP) enables an Upper Layer Protocol
(ULP) to send data to a Data Sink without requiring the Data Sink to (ULP) to send data to a Data Sink without requiring the Data Sink to
Place the data in an intermediate buffer - thus when the data Place the data in an intermediate buffer - thus when the data
arrives at the Data Sink, the network interface can Place the data arrives at the Data Sink, the network interface can Place the data
directly into the ULP's buffer. This can enable the Data Sink to directly into the ULP's buffer. This can enable the Data Sink to
consume substantially less memory bandwidth than a buffered model consume substantially less memory bandwidth than a buffered model
because the Data Sink is not required to move the data from the because the Data Sink is not required to move the data from the
skipping to change at line 165 skipping to change at line 162
without a need for a copy, even if incoming DDP Segments arrive without a need for a copy, even if incoming DDP Segments arrive
out of order. This requires the protocol to separate Data out of order. This requires the protocol to separate Data
Placement of ULP Payload contained in an incoming DDP Segment Placement of ULP Payload contained in an incoming DDP Segment
from Data Delivery of completed ULP Messages. from Data Delivery of completed ULP Messages.
* If the LLP supports multiple LLP streams within a LLP * If the LLP supports multiple LLP streams within a LLP
Connection, provide the above capabilities independently on Connection, provide the above capabilities independently on
each LLP stream and enable the capability to be exported on a each LLP stream and enable the capability to be exported on a
per LLP stream basis to the ULP. per LLP stream basis to the ULP.
Shah, et. al. Expires August 2005 4 Shah, et. al. Expires January 2006 4
1.2 Protocol Overview 1.2 Protocol Overview
DDP supports two basic data transfer models - a Tagged Buffer data DDP supports two basic data transfer models - a Tagged Buffer data
transfer model and an Untagged Buffer data transfer model. transfer model and an Untagged Buffer data transfer model.
The Tagged Buffer data transfer model requires the Data Sink to send The Tagged Buffer data transfer model requires the Data Sink to send
the Data Source an identifier for the ULP buffer, referred to as a the Data Source an identifier for the ULP buffer, referred to as a
Steering Tag (STag). The STag is transferred to the Data Source Steering Tag (STag). The STag is transferred to the Data Source
using a ULP defined method. Once the Data Source ULP has an STag for using a ULP defined method. Once the Data Source ULP has an STag for
skipping to change at line 221 skipping to change at line 218
Buffer Model, a DDP Message can only start at offset 0. Buffer Model, a DDP Message can only start at offset 0.
* The Tagged Buffer Model allows multiple DDP Messages targeted * The Tagged Buffer Model allows multiple DDP Messages targeted
to a Tagged Buffer with a single ULP buffer Advertisement. The to a Tagged Buffer with a single ULP buffer Advertisement. The
Untagged Buffer Model requires associating a receive ULP buffer Untagged Buffer Model requires associating a receive ULP buffer
for each DDP Message targeted to an Untagged Buffer. for each DDP Message targeted to an Untagged Buffer.
Either data transfer model Places a ULP Message into a DDP Message. Either data transfer model Places a ULP Message into a DDP Message.
Each DDP Message is then sliced into DDP Segments that are intended Each DDP Message is then sliced into DDP Segments that are intended
Shah, et. al. Expires August 2005 5 Shah, et. al. Expires January 2006 5
to fit within a lower-layer-protocol's (LLP) Maximum Upper Layer to fit within a lower-layer-protocol's (LLP) Maximum Upper Layer
Protocol Data Unit (MULPDU). Thus the ULP can post arbitrary size Protocol Data Unit (MULPDU). Thus the ULP can post arbitrary size
ULP Messages, containing up to 2^32 - 1 octets of ULP Payload, and ULP Messages, containing up to 2^32 - 1 octets of ULP Payload, and
DDP slices the ULP message into DDP Segments which are reassembled DDP slices the ULP message into DDP Segments which are reassembled
transparently at the Data Sink. transparently at the Data Sink.
DDP provides in-order Delivery for the ULP. However, DDP DDP provides in-order Delivery for the ULP. However, DDP
differentiates between Data Delivery and Data Placement. DDP differentiates between Data Delivery and Data Placement. DDP
provides enough information in each DDP Segment to allow the ULP provides enough information in each DDP Segment to allow the ULP
Payload in each inbound DDP Segment payloads to be directly Placed Payload in each inbound DDP Segment payloads to be directly Placed
skipping to change at line 272 skipping to change at line 269
DDP is intended to be LLP independent, subject to the requirements DDP is intended to be LLP independent, subject to the requirements
defined in section 3. However, DDP was specifically defined to be defined in section 3. However, DDP was specifically defined to be
part of a family of protocols that were created to work well part of a family of protocols that were created to work well
together, as shown in Figure 1 DDP Layering. For LLP protocol together, as shown in Figure 1 DDP Layering. For LLP protocol
definitions of each LLP, see [MPA], [TCP], and [SCTP]. definitions of each LLP, see [MPA], [TCP], and [SCTP].
DDP enables direct data Placement capability for any ULP, but it has DDP enables direct data Placement capability for any ULP, but it has
been specifically designed to work well with RDMAP (see [RDMA]), and been specifically designed to work well with RDMAP (see [RDMA]), and
is part of the iWARP protocol suite. is part of the iWARP protocol suite.
Shah, et. al. Expires August 2005 6 Shah, et. al. Expires January 2006 6
+-------------------+ +-------------------+
| | | |
| RDMA ULP | | RDMA ULP |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | | |
| ULP | RDMAP | | ULP | RDMAP |
| | | | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
skipping to change at line 303 skipping to change at line 300
| | | | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1 DDP Layering Figure 1 DDP Layering
If DDP is layered below RDMAP and on top of MPA and TCP, then the If DDP is layered below RDMAP and on top of MPA and TCP, then the
respective headers and payload are arranged as follows (Note: For respective headers and payload are arranged as follows (Note: For
clarity, MPA header and CRC are included but framing markers are not clarity, MPA header and CRC are included but framing markers are not
shown.): shown.):
Shah, et. al. Expires August 2005 7 Shah, et. al. Expires January 2006 7
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
// TCP Header // // TCP Header //
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MPA Header | | | MPA Header | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| | | |
skipping to change at line 330 skipping to change at line 327
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
// RDMAP ULP Payload // // RDMAP ULP Payload //
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MPA CRC | | MPA CRC |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2 MPA, DDP, and RDMAP Header Alignment Figure 2 MPA, DDP, and RDMAP Header Alignment
Shah, et. al. Expires August 2005 8 Shah, et. al. Expires January 2006 8
2 Glossary 2 Glossary
2.1 General 2.1 General
Advertisement (Advertised, Advertise, Advertisements, Advertises) - Advertisement (Advertised, Advertise, Advertisements, Advertises) -
The act of informing a Remote Peer that a local RDMA Buffer is The act of informing a Remote Peer that a local RDMA Buffer is
available to it. A Node makes available an RDMA Buffer for available to it. A Node makes available an RDMA Buffer for
incoming RDMA Read or RDMA Write access by informing its incoming RDMA Read or RDMA Write access by informing its
RDMA/DDP peer of the Tagged Buffer identifiers (STag, base RDMA/DDP peer of the Tagged Buffer identifiers (STag, base
skipping to change at line 386 skipping to change at line 383
Remote Peer - The RDMA/DDP protocol implementation on the opposite Remote Peer - The RDMA/DDP protocol implementation on the opposite
end of the connection. Used to refer to the remote entity when end of the connection. Used to refer to the remote entity when
describing protocol exchanges or other interactions between two describing protocol exchanges or other interactions between two
Nodes. Nodes.
RNIC - RDMA Enabled Network Interface Controller. In this context, RNIC - RDMA Enabled Network Interface Controller. In this context,
this would be a network I/O adapter or embedded controller with this would be a network I/O adapter or embedded controller with
iWARP functionality. iWARP functionality.
Shah, et. al. Expires August 2005 9 Shah, et. al. Expires January 2006 9
ULP - Upper Layer Protocol. The protocol layer above the protocol ULP - Upper Layer Protocol. The protocol layer above the protocol
layer currently being referenced. The ULP for RDMA/DDP is layer currently being referenced. The ULP for RDMA/DDP is
expected to be an OS, application, adaptation layer, or expected to be an OS, application, adaptation layer, or
proprietary device. The RDMA/DDP documents do not specify a ULP proprietary device. The RDMA/DDP documents do not specify a ULP
- they provide a set of semantics that allow a ULP to be - they provide a set of semantics that allow a ULP to be
designed to utilize RDMA/DDP. designed to utilize RDMA/DDP.
ULP Message - The ULP data that is handed to a specific protocol ULP Message - The ULP data that is handed to a specific protocol
layer for transmission. Data boundaries are preserved as they layer for transmission. Data boundaries are preserved as they
are transmitted through iWARP. are transmitted through iWARP.
skipping to change at line 436 skipping to change at line 433
successfully. successfully.
DDP Abortive Teardown - The act of closing a DDP Stream without DDP Abortive Teardown - The act of closing a DDP Stream without
attempting to complete in-progress and pending DDP Messages. attempting to complete in-progress and pending DDP Messages.
Data Placement (Placement, Placed, Places) - For DDP, this term is Data Placement (Placement, Placed, Places) - For DDP, this term is
specifically used to indicate the process of writing to a data specifically used to indicate the process of writing to a data
buffer by a DDP implementation. DDP Segments carry Placement buffer by a DDP implementation. DDP Segments carry Placement
information, which may be used by the receiving DDP information, which may be used by the receiving DDP
implementation to perform Data Placement of the DDP Segment ULP implementation to perform Data Placement of the DDP Segment ULP
Payload. See "Data Delivery" and ôDirect Data Placementö. Payload. See "Data Delivery" and "Direct Data Placement".
DDP Control Field - A fixed 8-bit field in the DDP Header. DDP Control Field - A fixed 8-bit field in the DDP Header.
Shah, et. al. Expires August 2005 10 Shah, et. al. Expires January 2006 10
DDP Header - The header present in all DDP Segments. The DDP Header DDP Header - The header present in all DDP Segments. The DDP Header
contains control and Placement fields that are used to define contains control and Placement fields that are used to define
the final Placement location for the ULP Payload carried in a the final Placement location for the ULP Payload carried in a
DDP Segment. DDP Segment.
DDP Message - A ULP defined unit of data interchange, which is DDP Message - A ULP defined unit of data interchange, which is
subdivided into one or more DDP Segments. This segmentation may subdivided into one or more DDP Segments. This segmentation may
occur for a variety of reasons, including segmentation to occur for a variety of reasons, including segmentation to
respect the maximum segment size of the underlying transport respect the maximum segment size of the underlying transport
protocol. protocol.
skipping to change at line 463 skipping to change at line 460
protocol. It includes a DDP Header and ULP Payload (if present). protocol. It includes a DDP Header and ULP Payload (if present).
A DDP Segment should be sized to fit within the Lower Layer A DDP Segment should be sized to fit within the Lower Layer
Protocol MULPDU. Protocol MULPDU.
DDP Stream - a sequence of DDP messages whose ordering is defined by DDP Stream - a sequence of DDP messages whose ordering is defined by
the LLP. For SCTP, a DDP Stream maps directly to an SCTP stream. the LLP. For SCTP, a DDP Stream maps directly to an SCTP stream.
For MPA, a DDP Stream maps directly to a TCP connection and a For MPA, a DDP Stream maps directly to a TCP connection and a
single DDP Stream is supported. Note that DDP has no ordering single DDP Stream is supported. Note that DDP has no ordering
guarantees between DDP Streams. guarantees between DDP Streams.
DDP Stream Identifier (ID) û An identifier for a DDP Stream. DDP Stream Identifier (ID) - An identifier for a DDP Stream.
Direct Data Placement - A mechanism whereby ULP data contained Direct Data Placement - A mechanism whereby ULP data contained
within DDP Segments may be Placed directly into its final within DDP Segments may be Placed directly into its final
destination in memory without processing of the ULP. This may destination in memory without processing of the ULP. This may
occur even when the DDP Segments arrive out of order. Out of occur even when the DDP Segments arrive out of order. Out of
order Placement support may require the Data Sink to implement order Placement support may require the Data Sink to implement
the LLP and DDP as one functional block. the LLP and DDP as one functional block.
Direct Data Placement Protocol (DDP) - Also, a wire protocol that Direct Data Placement Protocol (DDP) - Also, a wire protocol that
supports Direct Data Placement by associating explicit memory supports Direct Data Placement by associating explicit memory
buffer placement information with the LLP payload units. buffer placement information with the LLP payload units.
Message Offset (MO) - For the DDP Untagged Buffer Model, specifies Message Offset (MO) - For the DDP Untagged Buffer Model, specifies
the offset, in octets, from the start of a DDP Message. the offset, in octets, from the start of a DDP Message.
Message Sequence Number (MSN) - For the DDP Untagged Buffer Model, Message Sequence Number (MSN) - For the DDP Untagged Buffer Model,
specifies a sequence number that is increasing with each DDP specifies a sequence number that is increasing with each DDP
Message. Message.
Protection Domain (PD) û A Mechanism used to associate a DDP Stream Protection Domain (PD) - A Mechanism used to associate a DDP Stream
and an STag. Under this mechanism, the use of an STag is valid and an STag. Under this mechanism, the use of an STag is valid
on a DDP Stream if the STag has the same Protection Domain on a DDP Stream if the STag has the same Protection Domain
Identifier (PD ID) as the DDP Stream. Identifier (PD ID) as the DDP Stream.
Protection Domain Identifier (PD ID) û An identifier for the Protection Domain Identifier (PD ID) - An identifier for the
Protection Domain. Protection Domain.
Queue Number (QN) - For the DDP Untagged Buffer Model, identifies a Queue Number (QN) - For the DDP Untagged Buffer Model, identifies a
destination Data Sink queue for a DDP Segment. destination Data Sink queue for a DDP Segment.
Shah, et. al. Expires August 2005 11 Shah, et. al. Expires January 2006 11
Steering Tag - An identifier of a Tagged Buffer on a Node, valid as Steering Tag - An identifier of a Tagged Buffer on a Node, valid as
defined within a protocol specification. defined within a protocol specification.
STag - Steering Tag STag - Steering Tag
Tagged Buffer - A buffer that is explicitly Advertised to the Remote Tagged Buffer - A buffer that is explicitly Advertised to the Remote
Peer through exchange of an STag, Tagged Offset, and length. Peer through exchange of an STag, Tagged Offset, and length.
Tagged Buffer Model - A DDP data transfer model used to transfer Tagged Buffer Model - A DDP data transfer model used to transfer
Tagged Buffers from the Local Peer to the Remote Peer. Tagged Buffers from the Local Peer to the Remote Peer.
skipping to change at line 526 skipping to change at line 523
Untagged Buffer - A buffer that is not explicitly Advertised to the Untagged Buffer - A buffer that is not explicitly Advertised to the
Remote Peer. Remote Peer.
Untagged Buffer Model - A DDP data transfer model used to transfer Untagged Buffer Model - A DDP data transfer model used to transfer
Untagged Buffers from the Local Peer to the Remote Peer. Untagged Buffers from the Local Peer to the Remote Peer.
Untagged DDP Message - A DDP Message that targets an Untagged Untagged DDP Message - A DDP Message that targets an Untagged
Buffer. Buffer.
Shah, et. al. Expires August 2005 12 Shah, et. al. Expires January 2006 12
3 Reliable Delivery LLP Requirements 3 Reliable Delivery LLP Requirements
1. LLPs MUST expose MULPDU & MULPDU Changes. This is required so 1. LLPs MUST expose MULPDU & MULPDU Changes. This is required so
that the DDP layer can perform segmentation aligned with the that the DDP layer can perform segmentation aligned with the
MULPDU and can adapt as MULPDU changes come about. The corner MULPDU and can adapt as MULPDU changes come about. The corner
case of how to handle outstanding requests during a MULPDU case of how to handle outstanding requests during a MULPDU
change is covered by the requirements below. change is covered by the requirements below.
2. In the event of a MULPDU change, DDP MUST NOT be required by the 2. In the event of a MULPDU change, DDP MUST NOT be required by the
skipping to change at line 582 skipping to change at line 579
DDP Stream to be torn down. DDP Stream to be torn down.
9. For a specific LLP Stream, the LLP MUST provide a mechanism to 9. For a specific LLP Stream, the LLP MUST provide a mechanism to
indicate that the LLP Stream has been gracefully torn down. For indicate that the LLP Stream has been gracefully torn down. For
a specific LLP Connection, the LLP MUST provide a mechanism to a specific LLP Connection, the LLP MUST provide a mechanism to
indicate that the LLP Connection has been gracefully torn down. indicate that the LLP Connection has been gracefully torn down.
Note that if the LLP does not allow an LLP Stream to be torn Note that if the LLP does not allow an LLP Stream to be torn
down independently of the LLP Connection, the above requirements down independently of the LLP Connection, the above requirements
allow the LLP to notify DDP of both events at the same time. allow the LLP to notify DDP of both events at the same time.
Shah, et. al. Expires August 2005 13 Shah, et. al. Expires January 2006 13
10. For a specific LLP Connection, when all LLP Streams are either 10. For a specific LLP Connection, when all LLP Streams are either
gracefully torn down or are labeled as erroneous LLP streams, gracefully torn down or are labeled as erroneous LLP streams,
the LLP Connection MUST be torn down. the LLP Connection MUST be torn down.
11. The LLP MUST NOT pass a duplicate DDP Segment to the DDP Layer 11. The LLP MUST NOT pass a duplicate DDP Segment to the DDP Layer
after it has passed all the previous DDP Segments to the DDP after it has passed all the previous DDP Segments to the DDP
Layer and the associated ordering information for the previous Layer and the associated ordering information for the previous
DDP Segments and the current DDP Segment. DDP Segments and the current DDP Segment.
Shah, et. al. Expires August 2005 14 Shah, et. al. Expires January 2006 14
4 Header Format 4 Header Format
DDP has two different header formats: one for Data Placement into DDP has two different header formats: one for Data Placement into
Tagged Buffers, and the other for Data Placement into Untagged Tagged Buffers, and the other for Data Placement into Untagged
Buffers. See Section 5.1 for a description of the two models. Buffers. See Section 5.1 for a description of the two models.
4.1 DDP Control Field 4.1 DDP Control Field
The first 8 bits of the DDP Header carry a DDP Control Field that is The first 8 bits of the DDP Header carry a DDP Control Field that is
skipping to change at line 646 skipping to change at line 643
Delivered to the ULP after: Delivered to the ULP after:
. Placement of all DDP Segments of this DDP Message and all . Placement of all DDP Segments of this DDP Message and all
prior DDP Messages, and prior DDP Messages, and
. Delivery of each prior DDP Message. . Delivery of each prior DDP Message.
If the Last flag is set to zero, the DDP Segment is an If the Last flag is set to zero, the DDP Segment is an
intermediate DDP Segment. intermediate DDP Segment.
Shah, et. al. Expires August 2005 15 Shah, et. al. Expires January 2006 15
Rsvd - Reserved: 4 bits. Rsvd - Reserved: 4 bits.
Reserved for future use by the DDP protocol. This field MUST be Reserved for future use by the DDP protocol. This field MUST be
set to zero on transmit, and not checked on receive. set to zero on transmit, and not checked on receive.
DV - Direct Data Placement Protocol Version: 2 bits. DV - Direct Data Placement Protocol Version: 2 bits.
The version of the DDP Protocol in use. This field MUST be set The version of the DDP Protocol in use. This field MUST be set
to one to indicate the version of the specification described to one to indicate the version of the specification described
in this document. The value of DV MUST be the same for all the in this document. The value of DV MUST be the same for all the
skipping to change at line 701 skipping to change at line 698
specific DDP Message MUST contain the same value for this specific DDP Message MUST contain the same value for this
field. The Data Source MUST ensure that each DDP Segment within field. The Data Source MUST ensure that each DDP Segment within
a specific DDP Message contains the same value for this field. a specific DDP Message contains the same value for this field.
STag - Steering Tag: 32 bits. STag - Steering Tag: 32 bits.
The Steering Tag identifies the Data Sink's Tagged Buffer. The The Steering Tag identifies the Data Sink's Tagged Buffer. The
STag MUST be valid for this DDP Stream. The STag is associated STag MUST be valid for this DDP Stream. The STag is associated
with the DDP Stream through a mechanism that is outside the with the DDP Stream through a mechanism that is outside the
Shah, et. al. Expires August 2005 16 Shah, et. al. Expires January 2006 16
scope of the DDP Protocol specification. At the Data Source, scope of the DDP Protocol specification. At the Data Source,
DDP MUST set the STag field to the value specified by the ULP. DDP MUST set the STag field to the value specified by the ULP.
At the Data Sink, the DDP MUST provide the STag field when the At the Data Sink, the DDP MUST provide the STag field when the
ULP Message is delivered. Each DDP Segment within a specific ULP Message is delivered. Each DDP Segment within a specific
DDP Message MUST contain the same value for this field and MUST DDP Message MUST contain the same value for this field and MUST
be the value supplied by the ULP. The Data Source MUST ensure be the value supplied by the ULP. The Data Source MUST ensure
that each DDP Segment within a specific DDP Message contains that each DDP Segment within a specific DDP Message contains
the same value for this field. the same value for this field.
TO - Tagged Offset: 64 bits. TO - Tagged Offset: 64 bits.
skipping to change at line 754 skipping to change at line 751
RsvdULP - Reserved for use by the ULP: 40 bits. RsvdULP - Reserved for use by the ULP: 40 bits.
The RsvdULP field is opaque to the DDP protocol and can be The RsvdULP field is opaque to the DDP protocol and can be
structured in any way by the ULP. At the Data Source, DDP MUST structured in any way by the ULP. At the Data Source, DDP MUST
set RsvdULP Field to the value specified by the ULP. It is set RsvdULP Field to the value specified by the ULP. It is
transferred unmodified from the Data Source to the Data Sink. transferred unmodified from the Data Source to the Data Sink.
At the Data Sink, DDP MUST provide RsvdULP field to the ULP At the Data Sink, DDP MUST provide RsvdULP field to the ULP
when the ULP Message is Delivered. Each DDP Segment within a when the ULP Message is Delivered. Each DDP Segment within a
specific DDP Message MUST contain the same value for the specific DDP Message MUST contain the same value for the
Shah, et. al. Expires August 2005 17 Shah, et. al. Expires January 2006 17
RsvdULP field. At the Data Sink, the DDP implementation is NOT RsvdULP field. At the Data Sink, the DDP implementation is NOT
REQUIRED to verify that the same value is present in the REQUIRED to verify that the same value is present in the
RsvdULP field of each DDP Segment within a specific DDP Message RsvdULP field of each DDP Segment within a specific DDP Message
and MAY provide the value from any one of the received DDP and MAY provide the value from any one of the received DDP
Segment to the ULP when the ULP Message is Delivered. Segment to the ULP when the ULP Message is Delivered.
QN - Queue Number: 32 bits. QN - Queue Number: 32 bits.
The Queue Number identifies the Data Sink's Untagged Buffer The Queue Number identifies the Data Sink's Untagged Buffer
queue referenced by this header. Each DDP segment within a queue referenced by this header. Each DDP segment within a
skipping to change at line 802 skipping to change at line 799
Each DDP Segment MUST contain a DDP Header. Each DDP Segment may Each DDP Segment MUST contain a DDP Header. Each DDP Segment may
also contain ULP Payload. Following is the DDP Segment format: also contain ULP Payload. Following is the DDP Segment format:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DDP | | | DDP | |
| Header| ULP Payload (if any) | | Header| ULP Payload (if any) |
| | | | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6 DDP Segment Format Figure 6 DDP Segment Format
Shah, et. al. Expires August 2005 18 Shah, et. al. Expires January 2006 18
5 Data Transfer 5 Data Transfer
DDP supports multi-segment DDP Messages. Each DDP Message is DDP supports multi-segment DDP Messages. Each DDP Message is
composed of one or more DDP Segments. Each DDP Segment contains a composed of one or more DDP Segments. Each DDP Segment contains a
DDP Header. The DDP Header contains the information required by the DDP Header. The DDP Header contains the information required by the
receiver to Place any ULP Payload included in the DDP Segment. receiver to Place any ULP Payload included in the DDP Segment.
5.1 DDP Tagged or Untagged Buffer Models 5.1 DDP Tagged or Untagged Buffer Models
skipping to change at line 858 skipping to change at line 855
communicate how many buffers have been queued is outside the scope communicate how many buffers have been queued is outside the scope
of this specification. Similarly, the exact implementation of the of this specification. Similarly, the exact implementation of the
buffer queue is outside the scope of this specification. buffer queue is outside the scope of this specification.
5.2 Segmentation and Reassembly of a DDP Message 5.2 Segmentation and Reassembly of a DDP Message
At the Data Source, the DDP layer MUST segment the data contained in At the Data Source, the DDP layer MUST segment the data contained in
a ULP message into a series of DDP Segments, where each DDP Segment a ULP message into a series of DDP Segments, where each DDP Segment
contains a DDP Header and ULP Payload, and MUST be no larger than contains a DDP Header and ULP Payload, and MUST be no larger than
Shah, et. al. Expires August 2005 19 Shah, et. al. Expires January 2006 19
the MULPDU value advertised by the LLP. The ULP Message Length MUST the MULPDU value advertised by the LLP. The ULP Message Length MUST
be less than 2^32. At the Data Source, the DDP layer MUST send all be less than 2^32. At the Data Source, the DDP layer MUST send all
the data contained in the ULP message. At the Data Sink, the DDP the data contained in the ULP message. At the Data Sink, the DDP
layer MUST Place the ULP Payload contained in all valid incoming DDP layer MUST Place the ULP Payload contained in all valid incoming DDP
Segments associated with a DDP Message into the ULP Buffer. Segments associated with a DDP Message into the ULP Buffer.
DDP Message segmentation at the Data Source is accomplished by DDP Message segmentation at the Data Source is accomplished by
identifying a DDP Message (which corresponds one-to-one with a ULP identifying a DDP Message (which corresponds one-to-one with a ULP
Message) uniquely and then, for each associated DDP Segment of a DDP Message) uniquely and then, for each associated DDP Segment of a DDP
Message, by specifying an octet offset for the portion of the ULP Message, by specifying an octet offset for the portion of the ULP
skipping to change at line 913 skipping to change at line 910
of the STag effectively enables the ULP to implement of the STag effectively enables the ULP to implement
segmentation and reassembly due to ULP specific constraints. segmentation and reassembly due to ULP specific constraints.
See [RDMAP] for details of how this is done. See [RDMAP] for details of how this is done.
A different implementation of a ULP could use an Untagged DDP A different implementation of a ULP could use an Untagged DDP
Message sent after the Tagged DDP Message which details the Message sent after the Tagged DDP Message which details the
initial TO for the STag that was used in the Tagged DDP initial TO for the STag that was used in the Tagged DDP
Message. And finally, another implementation of a ULP could Message. And finally, another implementation of a ULP could
choose to always use an initial TO of zero such that no choose to always use an initial TO of zero such that no
Shah, et. al. Expires August 2005 20 Shah, et. al. Expires January 2006 20
additional message is required to convey the initial TO used in additional message is required to convey the initial TO used in
a Tagged DDP Message. a Tagged DDP Message.
Regardless of whether the ULP chooses to recover the original ULP Regardless of whether the ULP chooses to recover the original ULP
Message boundary at the Data Sink for a Tagged DDP Message, DDP Message boundary at the Data Sink for a Tagged DDP Message, DDP
supports segmentation and reassembly of the Tagged DDP Message. The supports segmentation and reassembly of the Tagged DDP Message. The
STag is used to identify the ULP Buffer at the Data Sink and the TO STag is used to identify the ULP Buffer at the Data Sink and the TO
is used to identify the octet-offset within the ULP Buffer is used to identify the octet-offset within the ULP Buffer
referenced by the STag. The ULP at the Data Source MUST specify the referenced by the STag. The ULP at the Data Source MUST specify the
STag and the initial TO when the ULP Message is handed to DDP. STag and the initial TO when the ULP Message is handed to DDP.
skipping to change at line 967 skipping to change at line 964
* SHOULD transmit DDP Segments within a DDP Message in increasing * SHOULD transmit DDP Segments within a DDP Message in increasing
MO order for Untagged DDP Messages and in increasing TO order MO order for Untagged DDP Messages and in increasing TO order
for Tagged DDP Messages. for Tagged DDP Messages.
At the Data Sink, DDP (Note: The following rules are motivated by At the Data Sink, DDP (Note: The following rules are motivated by
LLP implementations that separate Placement and Delivery.): LLP implementations that separate Placement and Delivery.):
* MAY perform Placement of DDP Segments out of order, * MAY perform Placement of DDP Segments out of order,
Shah, et. al. Expires August 2005 21 Shah, et. al. Expires January 2006 21
* MAY perform Placement of a DDP Segment more than once, * MAY perform Placement of a DDP Segment more than once,
* MUST Deliver a DDP Message to the ULP at most once, * MUST Deliver a DDP Message to the ULP at most once,
* MUST Deliver DDP Messages to the ULP in the order they were * MUST Deliver DDP Messages to the ULP in the order they were
sent by the Data Source. sent by the Data Source.
5.4 DDP Message Completion & Delivery 5.4 DDP Message Completion & Delivery
At the Data Source, DDP Message transfer is considered completed At the Data Source, DDP Message transfer is considered completed
skipping to change at line 1004 skipping to change at line 1001
At the Data Sink, DDP MUST provide the ULP Message Length to the ULP At the Data Sink, DDP MUST provide the ULP Message Length to the ULP
when an Untagged DDP Message is Delivered. The ULP Message Length when an Untagged DDP Message is Delivered. The ULP Message Length
may be calculated by adding the MO and the ULP Payload length in the may be calculated by adding the MO and the ULP Payload length in the
last DDP Segment (with the Last flag set) of an Untagged DDP last DDP Segment (with the Last flag set) of an Untagged DDP
Message. Message.
At the Data Sink, DDP MUST provide the RsvdULP Field of the DDP At the Data Sink, DDP MUST provide the RsvdULP Field of the DDP
Message to the ULP when the DDP Message is delivered. Message to the ULP when the DDP Message is delivered.
Shah, et. al. Expires August 2005 22 Shah, et. al. Expires January 2006 22
6 DDP Stream Setup & Teardown 6 DDP Stream Setup & Teardown
This section describes LLP independent issues related to DDP Stream This section describes LLP independent issues related to DDP Stream
setup and teardown. setup and teardown.
6.1 DDP Stream Setup 6.1 DDP Stream Setup
It is expected that the ULP will use a mechanism outside the scope It is expected that the ULP will use a mechanism outside the scope
of this specification to establish an LLP Connection, and that the of this specification to establish an LLP Connection, and that the
skipping to change at line 1058 skipping to change at line 1055
torn down. torn down.
If the Local Peer LLP supports a half-closed LLP Stream, on the If the Local Peer LLP supports a half-closed LLP Stream, on the
receipt of a LLP graceful teardown request of the DDP Stream, DDP receipt of a LLP graceful teardown request of the DDP Stream, DDP
SHOULD indicate the half-closed state to the ULP, and continue to SHOULD indicate the half-closed state to the ULP, and continue to
process outbound data transfer requests normally. Following this process outbound data transfer requests normally. Following this
event, when the Local Peer ULP requests graceful teardown, DDP MUST event, when the Local Peer ULP requests graceful teardown, DDP MUST
indicate to the LLP that it SHOULD perform a graceful close of the indicate to the LLP that it SHOULD perform a graceful close of the
other half of the LLP Stream. other half of the LLP Stream.
Shah, et. al. Expires August 2005 23 Shah, et. al. Expires January 2006 23
If the Local Peer LLP supports a half-closed LLP Stream, on the If the Local Peer LLP supports a half-closed LLP Stream, on the
receipt of a ULP graceful half-close teardown request of the DDP receipt of a ULP graceful half-close teardown request of the DDP
Stream, DDP SHOULD keep data reception enabled on the other half of Stream, DDP SHOULD keep data reception enabled on the other half of
the LLP stream. the LLP stream.
6.2.2 DDP Abortive Teardown 6.2.2 DDP Abortive Teardown
As previously mentioned, DDP does not independently terminate a DDP As previously mentioned, DDP does not independently terminate a DDP
Stream. Thus any of the following fatal errors on a DDP Stream MUST Stream. Thus any of the following fatal errors on a DDP Stream MUST
cause DDP to indicate to the ULP that a fatal error has occurred: cause DDP to indicate to the ULP that a fatal error has occurred:
skipping to change at line 1088 skipping to change at line 1085
Error Numbers) and complete all outstanding ULP requests with an Error Numbers) and complete all outstanding ULP requests with an
error. If the underlying LLP Stream is still intact, DDP SHOULD error. If the underlying LLP Stream is still intact, DDP SHOULD
continue to allow the ULP to transfer additional DDP Messages on the continue to allow the ULP to transfer additional DDP Messages on the
outgoing half connection after the fatal error was indicated to the outgoing half connection after the fatal error was indicated to the
ULP. This enables the ULP to transfer an error syndrome to the ULP. This enables the ULP to transfer an error syndrome to the
Remote Peer. After indicating to the ULP a fatal error has occurred, Remote Peer. After indicating to the ULP a fatal error has occurred,
the DDP Stream MUST NOT be terminated until the Local Peer ULP the DDP Stream MUST NOT be terminated until the Local Peer ULP
indicates to the DDP layer that the DDP Stream should be abortively indicates to the DDP layer that the DDP Stream should be abortively
torndown. torndown.
Shah, et. al. Expires August 2005 24 Shah, et. al. Expires January 2006 24
7 Error Semantics 7 Error Semantics
All LLP errors reported to DDP SHOULD be passed up to the ULP. All LLP errors reported to DDP SHOULD be passed up to the ULP.
7.1 Errors detected at the Data Sink 7.1 Errors detected at the Data Sink
For non-zero length Untagged DDP Segments, the DDP Segment MUST be For non-zero length Untagged DDP Segments, the DDP Segment MUST be
validated before Placement by verifying: validated before Placement by verifying:
skipping to change at line 1142 skipping to change at line 1139
available to handle the incoming DDP Segments. available to handle the incoming DDP Segments.
For non-zero length Tagged DDP Segments, the segment MUST be For non-zero length Tagged DDP Segments, the segment MUST be
validated before Placement by verifying: validated before Placement by verifying:
1. The STag is valid for this stream. 1. The STag is valid for this stream.
2. The STag has an associated buffer that allows Placement of the 2. The STag has an associated buffer that allows Placement of the
payload. payload.
Shah, et. al. Expires August 2005 25 Shah, et. al. Expires January 2006 25
3. The TO falls in the range of legal offsets registered for the 3. The TO falls in the range of legal offsets registered for the
STag. STag.
4. The sum of the DDP Segment payload length and the TO falls in 4. The sum of the DDP Segment payload length and the TO falls in
the range of legal offsets registered for the STag. the range of legal offsets registered for the STag.
5. A 64-bit unsigned sum of the DDP Segment payload length and the 5. A 64-bit unsigned sum of the DDP Segment payload length and the
TO does not wrap. TO does not wrap.
If the DDP layer detects any of the receive errors listed in this If the DDP layer detects any of the receive errors listed in this
skipping to change at line 1190 skipping to change at line 1187
0x2 Untagged Buffer Error 0x2 Untagged Buffer Error
0x01 Invalid QN 0x01 Invalid QN
0x02 Invalid MSN - no buffer available 0x02 Invalid MSN - no buffer available
0x03 Invalid MSN - MSN range is not valid 0x03 Invalid MSN - MSN range is not valid
0x04 Invalid MO 0x04 Invalid MO
0x05 DDP Message too long for available buffer 0x05 DDP Message too long for available buffer
0x06 Invalid DDP version 0x06 Invalid DDP version
0x3 Rsvd Reserved for the use by the LLP 0x3 Rsvd Reserved for the use by the LLP
Shah, et. al. Expires August 2005 26 Shah, et. al. Expires January 2006 26
8 Security Considerations 8 Security Considerations
This section discusses both protocol-specific considerations and the This section discusses both protocol-specific considerations and the
implications of using DDP with existing security mechanisms. The implications of using DDP with existing security mechanisms. The
security requirements for the DDP implementation are provided at the security requirements for the DDP implementation are provided at the
end of the section. A more detailed analysis of the security issues end of the section. A more detailed analysis of the security issues
around the implementation and the use of the DDP can be found in around the implementation and the use of the DDP can be found in
[RDMASEC]. [RDMASEC].
8.1 Protocol-specific Security Considerations 8.1 Protocol-specific Security Considerations
The vulnerabilities of DDP to active third-party interference are no The vulnerabilities of DDP to active third-party interference are no
greater than any other protocol running over TCP. A third party, by greater than any other protocol running over transport protocols
injecting spoofed packets into the network that are Delivered to a such as TCP and SCTP over IP. A third party, by injecting spoofed
DDP Data Sink, could launch a variety of attacks that exploit DDP- packets into the network that are Delivered to a DDP Data Sink,
specific behavior. Since DDP directly or indirectly exposes memory could launch a variety of attacks that exploit DDP-specific
addresses on the wire, the Placement information carried in each DDP behavior. Since DDP directly or indirectly exposes memory addresses
Segment must be validated, including invalid STag and octet level on the wire, the Placement information carried in each DDP Segment
must be validated, including invalid STag and octet level
granularity base and bounds check, before any data is Placed. For granularity base and bounds check, before any data is Placed. For
example, a third-party adversary could inject random packets that example, a third-party adversary could inject random packets that
appear to be valid DDP Segments and corrupt the memory on a DDP Data appear to be valid DDP Segments and corrupt the memory on a DDP Data
Sink. Since DDP is IP transport protocol independent, communication Sink. Since DDP is IP transport protocol independent, communication
security mechanisms such as IPsec [IPSEC] or TLS [TLS] may be used security mechanisms such as IPsec [IPSEC] or TLS [TLS] may be used
to prevent such attacks. to prevent such attacks.
8.2 Association of an STag and a DDP Stream 8.2 Association of an STag and a DDP Stream
There are several mechanisms for associating an STag and a DDP There are several mechanisms for associating an STag and a DDP
skipping to change at line 1244 skipping to change at line 1242
Under the DDP Stream association, a DDP Stream is identified locally Under the DDP Stream association, a DDP Stream is identified locally
by a unique DDP Stream identifier (ID). An STag is associated with a by a unique DDP Stream identifier (ID). An STag is associated with a
DDP Stream by using a DDP Stream ID. In this case, for an incoming DDP Stream by using a DDP Stream ID. In this case, for an incoming
DDP Segment of a Tagged DDP Message on a DDP Stream, if the DDP DDP Segment of a Tagged DDP Message on a DDP Stream, if the DDP
Stream ID of the DDP Stream is not the same as the DDP Stream ID of Stream ID of the DDP Stream is not the same as the DDP Stream ID of
the STag targeted by the Tagged DDP Message, then the DDP Segment is the STag targeted by the Tagged DDP Message, then the DDP Segment is
not placed and the DDP layer MUST surface a local error to the ULP. not placed and the DDP layer MUST surface a local error to the ULP.
Note that the DDP Stream ID is locally defined, and cannot be Note that the DDP Stream ID is locally defined, and cannot be
directly manipulated by the Remote Peer. directly manipulated by the Remote Peer.
Shah, et. al. Expires August 2005 27 Shah, et. al. Expires January 2006 27
A ULP SHOULD associate an STag and a DDP Stream. DDP MUST support A ULP SHOULD associate an STag with at least one DDP Stream. DDP
Protection Domain association and DDP Stream association mechanisms MUST support Protection Domain association and DDP Stream
for associating an STag and a DDP Stream. association mechanisms for associating an STag and a DDP Stream.
8.3 Security Requirements 8.3 Security Requirements
[RDMASEC] defines the security model and general assumptions for [RDMASEC] defines the security model and general assumptions for
RDMAP/DDP. This subsection provides the security requirements for RDMAP/DDP. This subsection provides the security requirements for
the DDP implementation. For more details on the type of attacks, the DDP implementation. For more details on the type of attacks,
type of attackers, trust models, and resource sharing for the DDP type of attackers, trust models, and resource sharing for the DDP
implementation, the reader is referred to [RDMASEC]. implementation, the reader is referred to [RDMASEC].
DDP has several mechanisms that deal with a number of attacks. DDP has several mechanisms that deal with a number of attacks.
skipping to change at line 1295 skipping to change at line 1293
ULP. DDP MUST provide a mechanism for the ULP to establish and ULP. DDP MUST provide a mechanism for the ULP to establish and
revoke the TO range associated with the ULP Buffer referenced by revoke the TO range associated with the ULP Buffer referenced by
the STag. the STag.
2. STags are only valid for the duration established by the ULP. The 2. STags are only valid for the duration established by the ULP. The
ULP may revoke them at any time, in accordance with its own upper ULP may revoke them at any time, in accordance with its own upper
layer protocol requirements. DDP MUST provide a mechanism for the layer protocol requirements. DDP MUST provide a mechanism for the
ULP to establish and revoke STag validity. ULP to establish and revoke STag validity.
3. DDP MUST provide a mechanism for the ULP to communicate the 3. DDP MUST provide a mechanism for the ULP to communicate the
association between a STag and a specific DDP Stream. association between a STag and a specific DDP Stream.
Shah, et. al. Expires August 2005 28 Shah, et. al. Expires January 2006 28
4. A ULP may only expose memory to remote access to the extent that 4. A ULP may only expose memory to remote access to the extent that
it already had access to that memory itself. it already had access to that memory itself.
5. If an STag is not valid on a DDP Stream, DDP MUST pass the invalid 5. If an STag is not valid on a DDP Stream, DDP MUST pass the invalid
access attempt to the ULP. The ULP may provide a mechanism for access attempt to the ULP. The ULP may provide a mechanism for
terminating the DDP Stream. terminating the DDP Stream.
Further, DDP provides a mechanism that directly Places incoming Further, DDP provides a mechanism that directly Places incoming
payloads in user-mode ULP Buffers. This avoids the risks of prior payloads in user-mode ULP Buffers. This avoids the risks of prior
solutions that relied upon exposing system buffers for incoming solutions that relied upon exposing system buffers for incoming
payloads. payloads.
For the DDP implementation, two components MUST be provided: a RDMA For the DDP implementation, two components MUST be provided: a RDMA
enabled NIC (RNIC) and a Privileged Resource Manager (PRM). enabled NIC (RNIC) and a Privileged Resource Manager (PRM).
8.3.1 RNIC Requirements 8.3.1 RNIC Requirements
The RNIC MUST implement the DDP wire Protocol and perform the The RNIC MUST implement the DDP wire Protocol and perform the
security semantics described below. security semantics described below.
* An RNIC MUST ensure that a specific DDP Stream in a specific 1. An RNIC MUST ensure that a specific DDP Stream in a specific
Protection Domain cannot access an STag in a different Protection Domain cannot access an STag in a different Protection
Protection Domain. Domain.
* An RNIC MUST ensure that if an STag is limited in scope to a 2. An RNIC MUST ensure that if an STag is limited in scope to a
single DDP Stream, no other DDP Stream can use the STag. single DDP Stream, no other DDP Stream can use the STag.
* An RNIC MUST ensure that a Remote Peer is not able to access 3. An RNIC MUST ensure that a Remote Peer is not able to access
memory outside of the buffer specified when the STag was memory outside of the buffer specified when the STag was enabled
enabled for remote access. for remote access.
* An RNIC MUST provide a mechanism for the ULP to establish and 4. An RNIC MUST provide a mechanism for the ULP to establish and
revoke the association of a ULP Buffer to an STag and TO range. revoke the association of a ULP Buffer to an STag and TO range.
* An RNIC MUST provide a mechanism for the ULP to establish and 5. An RNIC MUST provide a mechanism for the ULP to establish and
revoke read, write, or read and write access to the ULP Buffer revoke read, write, or read and write access to the ULP Buffer
referenced by an STag. referenced by an STag.
* An RNIC MUST ensure that the network interface can no longer 6. An RNIC MUST ensure that the network interface can no longer
modify an advertised buffer after the ULP revokes remote access modify an advertised buffer after the ULP revokes remote access
rights for an STag. rights for an STag.
* An RNIC MUST NOT enable firmware to be loaded on the RNIC 7. An RNIC MUST NOT enable firmware to be loaded on the RNIC directly
directly from an untrusted Local Peer or Remote Peer, unless from an untrusted Local Peer or Remote Peer, unless the Peer is
the Peer is properly authenticated (by a mechanism outside the properly authenticated (by a mechanism outside the scope of this
scope of this specification. The mechanism presumably entails specification. The mechanism presumably entails authenticating
authenticating that the remote ULP has the right to perform the that the remote ULP has the right to perform the update), and the
update), and the update is done via a secure protocol, such as update is done via a secure protocol, such as IPsec.
IPsec.
8.3.2 Privileged Resources Manager Requirement 8.3.2 Privileged Resources Manager Requirement
The PRM MUST implement the security semantics described below. The PRM MUST implement the security semantics described below.
Shah, et. al. Expires August 2005 29 Shah, et. al. Expires January 2006 29
* All Non-Privileged ULP interactions with the RNIC Engine that 1. All Non-Privileged ULP interactions with the RNIC Engine that
could affect other ULPs MUST be done using the Privileged could affect other ULPs MUST be done using the Privileged Resource
Resource Manager as a proxy. Manager as a proxy.
* All ULP resource allocation requests for scarce resources MUST 2. All ULP resource allocation requests for scarce resources MUST
also be done using a Privileged Resource Manager. also be done using a Privileged Resource Manager.
* The Privileged Resource Manager MUST NOT assume different ULPs 3. The Privileged Resource Manager MUST NOT assume different ULPs
share Partial Mutual Trust unless there is a mechanism to share Partial Mutual Trust unless there is a mechanism to ensure
ensure that the ULPs do indeed share partial mutual trust. that the ULPs do indeed share partial mutual trust.
* If Non-Privileged ULPs are supported, the Privileged Resource 4. If Non-Privileged ULPs are supported, the Privileged Resource
Manager MUST verify that the Non-Privileged ULP has the right Manager MUST verify that the Non-Privileged ULP has the right to
to access a specific Data Buffer before allowing an STag for access a specific Data Buffer before allowing an STag for which
which the ULP has access rights to be associated with a the ULP has access rights to be associated with a specific Data
specific Data Buffer. Buffer.
* The Privileged Resource Manager SHOULD prevent a Local Peer 5. The Privileged Resource Manager SHOULD prevent a Local Peer from
from allocating more than its fair share of resources. allocating more than its fair share of resources.
If an RNIC provides the ability to share receive buffers across If an RNIC provides the ability to share receive buffers across
multiple DDP Streams, the combination of the RNIC and the multiple DDP Streams, the combination of the RNIC and the
Privileged Resource Manager MUST be able to detect if the Privileged Resource Manager MUST be able to detect if the Remote
Remote Peer is attempting to consume more than its fair share Peer is attempting to consume more than its fair share of
of resources so that the Local Peer can apply countermeasures resources so that the Local Peer can apply countermeasures to
to detect and prevent the attack. detect and prevent the attack.
8.4 Security Services for DDP 8.4 Security Services for DDP
DDP uses an IP based network services, therefore, all exchanged DDP DDP uses an IP based network services, therefore, all exchanged DDP
Segments are vulnerable to spoofing, tampering and information Segments are vulnerable to spoofing, tampering and information
disclosure attacks. If a DDP Stream may be subject to impersonation disclosure attacks. If a DDP Stream may be subject to impersonation
attacks, or Stream hijacking attacks, it is highly RECOMMENDED that attacks, or Stream hijacking attacks, it is highly RECOMMENDED that
the DDP Stream be authenticated, integrity protected, and protected the DDP Stream be authenticated, integrity protected, and protected
from replay attacks; it MAY use confidentiality protection to from replay attacks; it MAY use confidentiality protection to
protect from eavesdropping. protect from eavesdropping.
IPsec can be used to protect against the packet injection attacks IPsec can be used to protect against the packet injection attacks
outlined above. Because IPsec is designed to secure arbitrary IP outlined above. Because IPsec is designed to secure arbitrary IP
packet streams, including streams where packets are lost, DDP can packet streams, including streams where packets are lost, DDP can
run on top of IPsec without any change. run on top of IPsec without any change.
The DDP implementation MUST implement IPSec services as outlined in IPsec packets are processed (e.g., integrity checked and possibly
Section 2.3 of [RFC 3723]. IPsec packets are processed (e.g., decrypted) in the order they are received, and a DDP Data Sink will
integrity checked and possibly decrypted) in the order they are process the decrypted DDP Segments contained in these packets in the
received, and a DDP Data Sink will process the decrypted DDP same manner as DDP Segments contained in unsecured IP packets.
Segments contained in these packets in the same manner as DDP
Segments contained in unsecured IP packets.
The receipt of an IKE Phase 2 delete message MUST NOT be interpreted The IP Storage working group has defined the normative IPsec
as a reason for tearing down a DDP Stream. Rather, it is preferable requirements for IP Storage [RFC3723]. Portions of this
to leave the DDP Stream up, and if additional traffic is sent on it, specification are applicable to the DDP. In particular, a compliant
to bring up another IKE Phase 2 SA to protect it. This avoids the implementation of IPsec services MUST meet the requirements as
potential for continually bringing DDP Streams up and down. outlined in Section 2.3 of [RFC3723]. Without replicating the
detailed discussion in [RFC3723], this includes the following
requirements:
Shah, et. al. Expires August 2005 30 Shah, et. al. Expires January 2006 30
1. The implementation MUST support IPSec ESP [RFC 2406], as well as
the replay protection mechanisms of IPsec. When ESP is utilized,
per-packet data origin authentication, integrity and replay
protection MUST be used.
Shah, et. al. Expires August 2005 31 2. It MUST support ESP in tunnel mode and MAY implement ESP in
transport mode.
3. It MUST support IKE [RFC 2409] for peer authentication,
negotiation of security associations, and key management, using
the IPsec DOI [RFC 2407].
4. It MUST not interpret the receipt of a IKE Phase 2 delete message
as a reason for tearing down the DDP Stream. Since IPsec
acceleration hardware may only be able to handle a limited number
of active IKE Phase 2 SAs, idle SAs may be dynamically brought
down and a new SA be brought up again, if activity resumes.
5. It MUST support peer authentication using a pre-shared key, and
MAY support certificate-based peer authentication using digital
signatures. Peer authentication using the public key encryption
methods [RFC 2409] SHOULD NOT be used.
6. It MUST support IKE Main Mode and SHOULD support aggressive Mode.
IKE Main Mode with pre-shared key authentication SHOULD NOT be
used when either of the peers uses a dynamically assigned IP
address.
7. Access to locally stored secret information (pre-shared or private
key for digital signing) must be suitably restricted, since
compromise of the secret information nullifies the security
properties of the IKE/IPsec protocols.
8. It MUST follow the guidelines of Section 2.3.4 of [RFC 3723] on
the setting of IKE parameters to achieve a high level of
interoperability without requiring extensive configuration.
Furthermore, implementation and deployment of the IPsec services for
DDP should follow the Security Considerations outlined in Section 5
of [RFC 3723].
Shah, et. al. Expires January 2006 31
9 IANA Considerations 9 IANA Considerations
If DDP was enabled a priori for a ULP by connecting to a well-known If DDP was enabled a priori for a ULP by connecting to a well-known
port, this well-known port would be registered for the DDP with port, this well-known port would be registered for the DDP with
IANA. IANA. The registration of the well-known port will be the
responsibility of the ULP specification.
Shah, et. al. Expires August 2005 32 Shah, et. al. Expires January 2006 32
10 References 10 References
10.1 Normative References 10.1 Normative References
[RFC2026] Bradner, S., "The Internet Standards Process -- Revision [RFC2026] Bradner, S., "The Internet Standards Process -- Revision
3", BCP 9, RFC 2026, October 1996. 3", BCP 9, RFC 2026, October 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2406] Kent, S. and Atkinson, R., "IP Encapsulating Security
Payload (ESP)", RFC 2406, November 1998.
[RFC2407] Piper, D., "The Internet IP Security Domain of
Interpretation of ISAKMP", RFC 2407, November 1998.
[RFC2409] Harkins, D. and Carrel, D., "The Internet Key Exchange
(IKE)", RFC 2409, November 1998.
[RFC3723] Aboba, B., Tseng, J., Walker, J., Rangan, V., Travostino, [RFC3723] Aboba, B., Tseng, J., Walker, J., Rangan, V., Travostino,
F., "Securing Block Storage Protocols over IP", RFC 3723, April F., "Securing Block Storage Protocols over IP", RFC 3723, April
2004. 2004.
[MPA] Culley, P., Elzur, U., Recio, R., Bailey, S., Carrier, J., [MPA] Culley, P., Elzur, U., Recio, R., Bailey, S., Carrier, J.,
"Marker PDU Aligned Framing for TCP Specification", Internet "Marker PDU Aligned Framing for TCP Specification", Internet
Draft draft-ietf-rddp-mpa-01.txt (work in progress), July 2004 Draft draft-ietf-rddp-mpa-01.txt (work in progress), July 2004
[RDMAP] Recio, R., Culley, P., Garcia, D., Hilland, J., "An RDMA [RDMAP] Recio, R., Culley, P., Garcia, D., Hilland, J., "An RDMA
Protocol Specification", Internet Draft draft-ietf-rddp-rdmap- Protocol Specification", Internet Draft draft-ietf-rddp-rdmap-
skipping to change at line 1456 skipping to change at line 1503
[TLS] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC [TLS] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC
2246, November 1998. 2246, November 1998.
[IPSEC] Atkinson, R., Kent, S., "Security Architecture for the [IPSEC] Atkinson, R., Kent, S., "Security Architecture for the
Internet Protocol", RFC 2401, November 1998. Internet Protocol", RFC 2401, November 1998.
[RDMASEC] Pinkerton J., Deleganes E., Romanow A., Bitan S., [RDMASEC] Pinkerton J., Deleganes E., Romanow A., Bitan S.,
"DDP/RDMAP Security", draft-ietf-rddp-security-05.txt (work in "DDP/RDMAP Security", draft-ietf-rddp-security-05.txt (work in
progress), August 2004. progress), August 2004.
Shah, et. al. Expires August 2005 33 Shah, et. al. Expires January 2006 33
11 Appendix 11 Appendix
11.1 Receive Window sizing 11.1 Receive Window sizing
Reliable, sequenced, LLPs include a mechanism to advertise the Reliable, sequenced, LLPs include a mechanism to advertise the
amount of receive buffer space a sender may consume. This is amount of receive buffer space a sender may consume. This is
generally called a "receive window". generally called a "receive window".
DDP allows data to be transferred directly to predefined buffers at DDP allows data to be transferred directly to predefined buffers at
skipping to change at line 1489 skipping to change at line 1536
the rate that DDP Segments can be retired; there may be some cases the rate that DDP Segments can be retired; there may be some cases
where segment processing cannot keep up with the incoming packet where segment processing cannot keep up with the incoming packet
rate. If this occurs, one reasonable way to slow the incoming packet rate. If this occurs, one reasonable way to slow the incoming packet
rate is to reduce the receive window. rate is to reduce the receive window.
Note that the LLP should take care to comply with the applicable Note that the LLP should take care to comply with the applicable
RFCs; for instance, for TCP, receivers are highly discouraged from RFCs; for instance, for TCP, receivers are highly discouraged from
"shrinking" the receive window (reducing the right edge of the "shrinking" the receive window (reducing the right edge of the
window after it has been advertised). window after it has been advertised).
Shah, et. al. Expires August 2005 34 Shah, et. al. Expires January 2006 34
12 Author's Addresses 12 Author's Addresses
Hemal Shah Hemal Shah
Intel Corporation Intel Corporation
MS AN1-PTL1 MS AN1-PTL1
1501 South Mopac Expressway, #400 1501 South Mopac Expressway, #400
Austin, TX 78746 USA Austin, TX 78746 USA
Phone: +1 (512) 732-3963 Phone: +1 (512) 732-3963
Email: hemal.shah@intel.com Email: hemal.shah@intel.com
skipping to change at line 1522 skipping to change at line 1569
Phone: +1 (512) 838-1365 Phone: +1 (512) 838-1365
Email: recio@us.ibm.com Email: recio@us.ibm.com
Paul R. Culley Paul R. Culley
Hewlett-Packard Company Hewlett-Packard Company
20555 SH 249 20555 SH 249
Houston, TX 77070-2698 USA Houston, TX 77070-2698 USA
Phone: +1 (281) 514-5543 Phone: +1 (281) 514-5543
Email: paul.culley@hp.com Email: paul.culley@hp.com
Shah, et. al. Expires August 2005 35 Shah, et. al. Expires January 2006 35
13 Acknowledgments 13 Acknowledgments
John Carrier John Carrier
Adaptec, Inc. Adaptec, Inc.
691 S. Milpitas Blvd. 691 S. Milpitas Blvd.
Milpitas, CA 95035 USA Milpitas, CA 95035 USA
Phone: +1 (360) 378-8526 Phone: +1 (360) 378-8526
Email: john_carrier@adaptec.com Email: john_carrier@adaptec.com
skipping to change at line 1578 skipping to change at line 1625
Jim Wendt Jim Wendt
Hewlett-Packard Company Hewlett-Packard Company
8000 Foothills Boulevard 8000 Foothills Boulevard
Roseville, CA 95747-5668 USA Roseville, CA 95747-5668 USA
Phone: +1 (916) 785-5198 Phone: +1 (916) 785-5198
Email: jim_wendt@hp.com Email: jim_wendt@hp.com
Mike Krause Mike Krause
Hewlett-Packard Company, 43LN Hewlett-Packard Company, 43LN
Shah, et. al. Expires August 2005 36 Shah, et. al. Expires January 2006 36
19410 Homestead Road 19410 Homestead Road
Cupertino, CA 95014 USA Cupertino, CA 95014 USA
Phone: +1 (408) 447-3191 Phone: +1 (408) 447-3191
Email: krause@cup.hp.com Email: krause@cup.hp.com
Dave Minturn Dave Minturn
Intel Corporation Intel Corporation
MS JF1-210 MS JF1-210
5200 North East Elam Young Parkway 5200 North East Elam Young Parkway
Hillsboro, OR 97124 USA Hillsboro, OR 97124 USA
skipping to change at line 1628 skipping to change at line 1675
Phone: +1 (408) 285-6116 Phone: +1 (408) 285-6116
Email: dave.garcia@hp.com Email: dave.garcia@hp.com
Jeff Hilland Jeff Hilland
Hewlett-Packard Company Hewlett-Packard Company
20555 SH 249 20555 SH 249
Houston, Tx. 77070-2698 USA Houston, Tx. 77070-2698 USA
Phone: +1 (281) 514-9489 Phone: +1 (281) 514-9489
Email: jeff.hilland@hp.com Email: jeff.hilland@hp.com
Shah, et. al. Expires August 2005 37 Shah, et. al. Expires January 2006 37
Barry Reinhold Barry Reinhold
Lamprey Networks Lamprey Networks
Durham, NH 03824 USA Durham, NH 03824 USA
Phone: +1 (603) 868-8411 Phone: +1 (603) 868-8411
Email: bbr@LampreyNetworks.com Email: bbr@LampreyNetworks.com
Shah, et. al. Expires August 2005 38 Shah, et. al. Expires January 2006 38
14 Full Copyright Statement 14 Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology described
in this document or the extent to which any license under such
rights might or might not be available; nor does it represent that
it has made any independent effort to identify any such rights.
Information on the procedures with respect to rights in RFC
documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Shah, et. al. Expires January 2006 39
15 Disclaimer
This document and the information contained herein are provided on
an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Shah, et. al. Expires January 2006 40
16 Copyright Notice
Copyright (C) The Internet Society (2005).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document contains contributions from individuals representing This document contains contributions from individuals representing
or sponsored by ADAPTEC INC., AGILENT TECHNOLOGIES INC., BROADCOM or sponsored by ADAPTEC INC., AGILENT TECHNOLOGIES INC., BROADCOM
CORPORATION, CISCO SYSTEMS INC., EMC CORPORATION, HEWLETT-PACKARD CORPORATION, CISCO SYSTEMS INC., EMC CORPORATION, HEWLETT-PACKARD
COMPANY, INTERNATIONAL BUSINESS MACHINES CORPORATION, INTEL COMPANY, INTERNATIONAL BUSINESS MACHINES CORPORATION, INTEL
CORPORATION, MICROSOFT CORPORATION, NETWORK APPLIANCE INC. CORPORATION, MICROSOFT CORPORATION, NETWORK APPLIANCE INC.
This document and the information contained herein is provided on an Shah, et. al. Expires January 2006 41
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE.
Copyright (c) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Shah, et. al. Expires August 2005 39
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/