RE: SCSI URL scheme [WAS: Re: iSCSI: 2.2.6. Naming & mapping]

To: "Joshua Tseng" <jtseng@NishanSystems.com>, <ips@ece.cmu.edu>
Subject: RE: SCSI URL scheme [WAS: Re: iSCSI: 2.2.6. Naming & mapping]
From: "Douglas Otis" <dotis@sanlight.net>
Date: Tue, 3 Oct 2000 11:12:47 -0700
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="iso-8859-1"
Importance: Normal
In-Reply-To: <E051A48C0B57D411B975009027295E8126151A@IS~SERVER1>
Sender: owner-ips@ece.cmu.edu

Joshua,
<snip>

> What you describe might be possible (although I still think it's a bad
> idea) if the entire Internet, including all public and private networks,
> were in a single consolidated address space.  But the fact is we are
> running out of address space, and there is something called NAT defined
> in RFC1918.  Who knows, with IPv6, this may change, or it might not.  But
> it is a reality today.  To operate in an environment with NAT, you need
> proxies.  There's no way around it.  A client in a public network using
> registered IP address space should NEVER see a 10.0/8 address.  It should
> NEVER talk to a 10.0/8 address, and it shouldn't even have a 10.0/8
> address entry in its routing table.  It must first talk to a dual-homed
> proxy with at least one leg using registered IP address space, in order
> to communicate with a host with a 10.0/8 address.  In this environment
> and with these restrictions, I don't understand how you can remove the
> involvement of the proxy in the process of what you call "authentication".
>
> BTW, it's not just http--e-mail and many other applications today make
> extensive use of proxy relays as well.
>
> Josh

Yes, and most enterprise environments include a NAT.  Even homes with DSL
include NAT.  A few may even use a proxy.  That does not mean private
addresses of the target can not be shared at the time of authentication.  I
would have expected such an exchange.  As most of these things work, such
permission is in the form of a lease.  I would also expect as the map is
declared, mapping screens are established based on the permission discovered
at the time of authentication.  Before and not during use.  Using a binary
address does not mean PUBLIC addresses.  It may not even be IP.  It could be
SCSI address or perhaps an encoded address.  You do not want SCSI to look
like an HTTP server.  Especially if you wish this application to scale, you
do not want to be doing in-band name lookup and authentication.

Pleases, this is not a web server, it is a portal to SCSI devices.  A client
does not need to use a name to get a proxy to listen, try just typing the IP
of a web site.  The proxy will forgo the lookup.  Name lookup is simply a
convenience for humans.  You would not want to depend on a round-robin
selection of IPs from DNS should there be more than one such IP.  How would
you select the alternative IP, the next in the list?  All these parameters
can be concisely defined in the authentication exchange.  I can not see why
someone would wish to place a name on their SCSI portal but they could.  The
only name that needs to exist is the authentication server.  I would not
expect an address beyond the SCSI portal to be PUBLIC IPs.  I would not
expect them to be IP.  LDAP is good at doing symbolic lookup.  Let it do the
work at the time of authentication.  Don't invent a SCSI browser.

Doug

References:
- RE: SCSI URL scheme [WAS: Re: iSCSI: 2.2.6. Naming & mapping]
  - From: Joshua Tseng <jtseng@NishanSystems.com>

Prev by Date: RE: SCSI URL scheme [WAS: Re: iSCSI: 2.2.6. Naming & mapping]
Next by Date: RE: SCSI URL scheme [WAS: Re: iSCSI: 2.2.6. Naming & mapping]
Prev by thread: RE: SCSI URL scheme [WAS: Re: iSCSI: 2.2.6. Naming & mapping]
Next by thread: RE: SCSI URL scheme [WAS: Re: iSCSI: 2.2.6. Naming & mapping]
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:06:52 2001
6315 messages in chronological order