Re: iSCSI: SendTargets & NAT

["Julian Satran" <Julian_Satran@il.ibm.com>]

Bill - you may want to read the NDT draft and the relevant part on the system structure assumption in chapter 2.
Target addresses are not used directly in the protocol and even accessing beyond a NAT you start by setting-up a TCP connection to what you think is the address.

Julo

Bill Studenmund <wrstuden@wasabisystems.com> Sent by: owner-ips@ece.cmu.edu 04/30/2002 06:03 AM Please respond to Bill Studenmund

To:        <ips@ece.cmu.edu>         cc:                 Subject:        iSCSI: SendTargets & NAT

Another concern that came up in looking into TargetAddress is that having
explicit (numeric) IP addresses in a protocol is considered bad, since it
breaks in the presence of NAT. DNS names are bad enough, but you can play
games with local DNS to get around them.

Since these elements are configured by an administrator, I'm not going to
suggest we get rid of the literal IP syntax.

Instead I'd like to propose another change to the TargetAddress entries.
I'd like to suggest a syntax which makes the IP address optional and you
give just a port. This syntax would represent something like a daemon
listening on INADDR_ANY or its IPv6 equivalent.

I'm not sure what would be a good syntax. Just ":<tcp-port>" (":3260")? Or
"*:<tcp-port>"?

In terms of the draft, the suggestion is

     Followed by zero or more address keys of the form:

       TargetAddress=<hostname-or-ipaddress>[:<tcp-port>],<portal-
         group-tag>

be described so that <hostname-or-ipaddress> can be something which
represents all IP addresses on this host.

Obviously this would be something that an admin could choose to include or
not include. I'd like us to add a way though for an admin to be able to
specify it.

Take care,

Bill