On Thu, 23 Jun 2005, Roland Dreier wrote:
James> Perhaps a bit of motivation of how the GID->IP service can James> be used is in order. James> kDAPL uses this feature to provide the passive side of a James> connection with the IP address of the remote peer. kDAPL James> consumers can use this information as a weak authentication James> mechanism. This seems so weak as to be not useful,
My understanding is that a full featured NFS implementation needs this capability.
My original email didn't state the requirement very well. We don't necessarily need to map the GID to an IP address (although that might be the best thing to do). What we really want is:
Given an InfiniBand connection request, the ability to determine an IP address of the source node in an interoperable way.
and rather expensive to boot.
Let's defer discussing how to implement it until we agree that it is required.
To implement this, a system receiving a connection request would have to perform an SA query to map the remote LID back to a GuidInfo record, and then for each GID attached to the remote LID, somehow retrieve the set of IP addresses configured for that GID (assuming that is somehow even possible). James> Could SDP make use of this service to validate a connection James> request's source IP address? No, SDP passes the remote peer's IP address directly as part of its connection establishment. In fact, the SDP annex in the IBA spec contains this rather enlightening passage: IP over InfiniBand does not define a mechanism to perform an inverse lookup (from an InfiniBand address to an IP address). It is also possible for a single InfiniBand address to have many IP addresses, providing a one-to-many mapping when attempting to perform an inverse lookup. To resolve these issues, the complete source and destination IP address is provided during connection setup to enable mapping the destination and source LID/GID to an IP address at the accepting peer of the connection. - R.
_______________________________________________ openib-general mailing list [email protected] http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
