Re: iSCSI ERT: data SACK/replay buffer/"semi-transport"

To: ips@ece.cmu.edu
Subject: Re: iSCSI ERT: data SACK/replay buffer/"semi-transport"
From: Stephen Bailey <steph@cs.uchicago.edu>
Date: Mon, 09 Apr 2001 18:22:32 -0400
In-Reply-To: Message from Venkat Rangan <venkat@rhapsodynetworks.com> of "Mon, 09 Apr 2001 14:53:23 PDT." <15851BD69CFCD41186B100B0D0AABE650C1B49@med.corp.rhapsodynetworks.com>
References: <15851BD69CFCD41186B100B0D0AABE650C1B49@med.corp.rhapsodynetworks.com>
Sender: owner-ips@ece.cmu.edu

Venkat,

> Not to beat a dead horse, the reason link level CRCs may not be of
> much help is because of the following.

I understand.  My point is that when you start talking about `bit
error rates', you're usually in path which covered by link error
detection.

The packet permutations which the TCP checksum (and other e2e checks)
protect against are usually not meaningfully discussed in bit error
rate terms.  Not that CRC isn't a good (or even better) end-to-end
mechanism, it's just that that what we have is checksum, and for these
types of errors, it's still pretty darned likely to detect them.

When I mentioned link error detection, I was explicitly trying to
factor out detecting that portion of the error behavior with an end to
end check.

> So, the escape rate depends quite a bit on number of middle boxes and the
> exposure of data paths. How much do we rely on middle boxes to never
> introduce an error during the exposure?

No.  However, middlebox-proofing we do will be circumvented when the
middle box decides it wants to look in iSCSI as a L7 protocol.  I know
it sounds horrible, but there are zillions of companies doing this for
HTTP now.  The reason why middle boxes manipulate the data is because
that allows them to provide the desired behavior.  It seems like a
really natural product idea for some people (personally I don't get
it) to plumb HTTP and iSCSI (hey, why not CIFS, NFS, SIP and RTP while
we're at it :^) into one big, happy L7 router/switch type box.
Fundamentally, if the middle box is going to diddle in the payload,
there's not squat we can do.

An ultimate solution to this is to run secured end-to-end.  That will
keep those middleboxes from messing with the data :^) The ones that
want and need to will just break.  As long as the protocol is
in-the-clear (and without a security significant digest), there's a
lot less we can do.  The box vendors seem to operate on the `easier to
get forgiveness than permission' model.

I am somewhat ambivalent about CRC digests (I'd rather have end-to-end
security and kill all those birds with the same stone), but what I'm
really averse to is assuming that digest failures are frequent, and a
less than brute force (connection bounce) recovery mechanism is
required.

Steph

Follow-Ups:
- Re: iSCSI ERT: data SACK/replay buffer/"semi-transport"
  - From: Michael Krause <krause@cup.hp.com>

References:
- RE: iSCSI ERT: data SACK/replay buffer/"semi-transport"
  - From: Venkat Rangan <venkat@rhapsodynetworks.com>

Prev by Date: Re: iSCSI ERT: data SACK/replay buffer/"semi-transport"
Next by Date: RE: iSCSI ERT: data SACK/replay buffer/"semi-transport"
Prev by thread: RE: iSCSI ERT: data SACK/replay buffer/"semi-transport"
Next by thread: Re: iSCSI ERT: data SACK/replay buffer/"semi-transport"
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:05:08 2001
6315 messages in chronological order