Terry, On Fri, 2008-04-18 at 09:38 +0000, terry watson wrote: > Thanks for the response. The environment I am testing has two clusters and > one switch, > with the subnet manager running from the switch. Half the nodes are in one > partition and > half in the other (ignoring 0xffff), call them partitions A and B. I have > access to one > node in partition A as root and would like to be able to reconfigure that > node locally, > and with no access to the switch subnet manager configuration, to be able to > access nodes > in partition B.
In general, this is not a good idea IMO. As Philippe wrote, the SM (is supposed to) own the writing of those tables (rather than some low level diag utility). Even if you modify the local PKey table, it is possible for the SM to overwrite this. Also, there are several other ramifications of this depending on how the SM deals with partitions. Even if you change things locally, that may not be sufficient as the peer switch port may do partition filtering so that may need to change that too and possible more PKey tables in the network depending on what your SM does. Also, there are SA responses that depend on the SM having correct knowledge (like PathRecords and others) so the end node may not get any response on that partition for certain things. > After some reading I believe that IBIS from IBUtils should allow me to alter > the > local p_key table and therefore allow me to access nodes on partition B. Yes but it may take more than this for it to work depending on your SM. > I cannot test this until I am on-site and I am formulating a strategy before > arrival. > If it does not work this way it would be useful to know in advance. MPI is > used rather than IPoIB. Some MPIs use out of band mechanisms to create connections so the SA issues may not apply there; but I think the partition ones might and are SM dependent so your mileage may vary... > If my approach is flawed I would appreciate it if someone could point this > out. The proper way to do this is by reconfiguring your SM. -- Hal > ________________________________ > > Date: Fri, 18 Apr 2008 09:35:42 +0200 > > From: [EMAIL PROTECTED] > > To: [EMAIL PROTECTED] > > CC: [email protected] > > Subject: Re: [ofa-general] Is IBIS only for querying OpenSM? > > > > terry watson a écrit : > > > > Hi all, > > > > I will be performing some testing of partitioning used as a security > > control. Am I right in believing that IBIS will be able to set partition > > table values of the local compute node I am logged on to, even though they > > are not using OpenSM, but rather a SM on a switch? Could I then attempt to > > access a partition that I was originally excluded from accessing? > > > > I am new to Infiniband technology and would also appreciate a response from > > an expert who has views on the strength of the security that partitioning > > provides in separating two clusters that should have no interaction > > whatsoever. > > > > Thanks, > > Dave > > _________________________________________________________________ > > Discover the new Windows Vista > > http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE_______________________________________________ > > general mailing list > > [email protected] > _________________________________________________________________ > News, entertainment and everything you care about at Live.com. Get it now! > http://www.live.com/getstarted.aspx_______________________________________________ > general mailing list > [email protected] > http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general > > To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general _______________________________________________ general mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
