Re: iSCSI Some Thoughts on Digests

To: Black_David@emc.com
Subject: Re: iSCSI Some Thoughts on Digests
From: Glen Turner <glen.turner@aarnet.edu.au>
Date: Sat, 09 Dec 2000 17:14:45 +1030
CC: ips@ece.cmu.edu
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Organization: Australian Academic and Research Network
References: <0F31E5C394DAD311B60C00E029101A07041012E1@corpmx9.isus.emc.com>
Sender: owner-ips@ece.cmu.edu

Black_David@emc.com wrote:
> 
> This appears to answer the original question about why CRC digests
> have been proposed as iSCSI-specific ;-).  The end to end 32 bit
> CRC requirement is somewhat specific to iSCSI, since protocols
> such as http are quite happy without it.

Hi David,

The short answer is that HTTP is *not* "quite happy without it".

Stone and Partridge's paper in the ACM SIGCOMM 2000 Proceedings
shows that errors that have a source other than the link layer
are disturbingly common.

iSCSI also needs better data integrity then HTTP because it is used in
a mode where errors across time will accumulate.  For example,
an error per 100000 web pages viewed has no effect that is not
solved by hitting the Reload button.  An error per 100000 files
written would lead to an error every time the unlucky file was read.

> For the purposes of the original question, I don't think the position
> that security is needed whenever integrity is needed (which lead to
> the notion of using IPsec for 32 bit CRC-grade integrity) is tenable.  I
> would expect to see all sorts of private and semi-private addressing
> used with iSCSI, including LANs/VLANs that won't switch/route layer
> 3 addresses, and folks who believe that they're safe behind a firewall.

The main problem with IPSec is that it may not protect
the data from corruption if it is offloaded.  For example,
a DMA or memory bit error would still be undetected.

A technology choice that is implemented by the CPU is
desirable.  For this reason, the IEEE CRC32 isn't too
flash a choice either, as it is a bit-twiddling rather
than word-twiddling checksum[1].

The crypto digests are simply overkill -- they don't provide
protection from malicious alteration when used in the iSCSI 
protocol and when used for detecting non-malicious alteration
they are less efficient than a CRC.

Finally, a common algorithm is desirable.  This is because
hosts will already have an implmentation of that common
algorithm (with its tables, etc) in the kernel memory which
can be re-used.

With all these considerations, the IEEE CRC32 (and initialised
with 0xffffffff) is probably the best option.

Note that the draft needs to insist upon a CPU implementation
of the checksum/CRC if it is to be effective.  Implementations
that implement the checksum/CRC on some soft or offload
processor should be discouraged as this limits the modes
of detectable failures.

Glen

[1] The bit twiddling can be avoided by table lookup, but
    that simply moves the argument to one of relative memory
    consumption.

-- 
 Glen Turner                                 Network Engineer
 (08) 8303 3936      Australian Academic and Research Network
 glen.turner@aarnet.edu.au          http://www.aarnet.edu.au/
--
 The revolution will not be televised, it will be digitised

Follow-Ups:
- Re: iSCSI Some Thoughts on Digests
  - From: "Bernard D. Aboba" <aboba@internaut.com>

References:
- RE: iSCSI Some Thoughts on Digests
  - From: Black_David@emc.com

Prev by Date: Re: Three states for a binary bit (was Re: TCP (and SCTP) sucks onhigh speed networks)
Next by Date: iSCSI: target reset revisited
Prev by thread: RE: iSCSI Some Thoughts on Digests
Next by thread: Re: iSCSI Some Thoughts on Digests
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:06:06 2001
6315 messages in chronological order