RE: [Ips] iSCSI: When does a connection become part of a session?
pat_thaler@agilent.com Tue, 06 January 2004 23:58 UTC
Received: from optimus.ietf.org ([132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA10807 for <ips-archive@odin.ietf.org>; Tue, 6 Jan 2004 18:58:16 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Ae154-000074-Cq for ips-archive@odin.ietf.org; Tue, 06 Jan 2004 18:57:50 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i06Nvo4b000434 for ips-archive@odin.ietf.org; Tue, 6 Jan 2004 18:57:50 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Ae154-00006v-4E for ips-web-archive@optimus.ietf.org; Tue, 06 Jan 2004 18:57:50 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA10776 for <ips-web-archive@ietf.org>; Tue, 6 Jan 2004 18:57:45 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Ae150-0007PB-00 for ips-web-archive@ietf.org; Tue, 06 Jan 2004 18:57:46 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Ae13C-0007LY-00 for ips-web-archive@ietf.org; Tue, 06 Jan 2004 18:55:57 -0500
Received: from [132.151.1.19] (helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1Ae11T-0007Hb-00 for ips-web-archive@ietf.org; Tue, 06 Jan 2004 18:54:07 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Ae11O-0008NY-78; Tue, 06 Jan 2004 18:54:02 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Ae11L-0008Mx-0C for ips@optimus.ietf.org; Tue, 06 Jan 2004 18:53:59 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA10586 for <ips@ietf.org>; Tue, 6 Jan 2004 18:53:53 -0500 (EST)
From: pat_thaler@agilent.com
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Ae11H-0007G2-00 for ips@ietf.org; Tue, 06 Jan 2004 18:53:55 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Ae0zS-0007C2-00 for ips@ietf.org; Tue, 06 Jan 2004 18:52:05 -0500
Received: from msgbas1tx.cos.agilent.com ([192.25.240.37] helo=msgbas2x.cos.agilent.com) by ietf-mx with esmtp (Exim 4.12) id 1Ae0y7-000779-00 for ips@ietf.org; Tue, 06 Jan 2004 18:50:39 -0500
Received: from relcos1.cos.agilent.com (relcos1.cos.agilent.com [130.29.152.239]) by msgbas2x.cos.agilent.com (Postfix) with ESMTP id BAE976D80; Tue, 6 Jan 2004 16:50:33 -0700 (MST)
Received: from wcosbh23.cos.agilent.com (wcosbh23.cos.agilent.com [130.29.152.145]) by relcos1.cos.agilent.com (Postfix) with ESMTP id 8938733C; Tue, 6 Jan 2004 16:50:33 -0700 (MST)
Received: from wcosmb02.cos.agilent.com ([130.29.152.96]) by wcosbh23.cos.agilent.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 6 Jan 2004 16:50:33 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C3D4AF.DF4A73AF"
Subject: RE: [Ips] iSCSI: When does a connection become part of a session?
Date: Tue, 06 Jan 2004 16:50:32 -0700
Message-ID: <CA56AF7C40BC6540BA471AD2CC8F305709C5CE@wcosmb02.cos.agilent.com>
Thread-Topic: iSCSI: When does a connection become part of a session?
Thread-Index: AcPUmEsjy2TINHlVROqKXun0ZMGGpgADDWxw
To: Joseph.Pittman@netapp.com, ips@ietf.org
X-OriginalArrivalTime: 06 Jan 2004 23:50:33.0372 (UTC) FILETIME=[DFAFEDC0:01C3D4AF]
Sender: ips-admin@ietf.org
Errors-To: ips-admin@ietf.org
X-BeenThere: ips@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ips>, <mailto:ips-request@ietf.org?subject=unsubscribe>
List-Id: IP Storage <ips.ietf.org>
List-Post: <mailto:ips@ietf.org>
List-Help: <mailto:ips-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ips>, <mailto:ips-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=1.1 required=5.0 tests=HTML_30_40,HTML_MESSAGE, NO_REAL_NAME autolearn=no version=2.60
Joe, You raise interesting questions. For the first two items, I think I agree that your inclinations are sensible though not necessarily supported in the iSCSI draft. On the third one, I'm not sure. On 1 - treatment of MaxCmdSN and ExpCmdSN during login, it would make sense to withhold valid values for these fields at least until the security phase of Login has completed and there doesn't seem to be any reason to provide them before the last login. However, I don't find anything in the spec that supports doing this. Under the description of status class for Login Response, it says The numbering fields (StatSN, ExpCmdSN, MaxCmdSN) are only valid if Status-Class is 0. which implies that the fields are valid when Status-Class is 0 including during the security phase. On 2 - at what point in a connection reinstatement login does the old connection get closed, 5.3.4 The Login request performs the logout function of the old connection if an explicit logout was not performed earlier. which appears to indicate that it is the reception of the initial Login Request PDU that causes the logout. As you suggest, actually operating this way would leave one vulnerable to denial of service type attacks. It makes more sense to wait until at least security phase has completed to do the logout. It may make sense to wait to do close the old connection until ready to send the final login response as you suggest because this login may not succeed. However for resource constrained implementations the reinstated connection may need resources allocated to the existing connection. The state machine description might be hoped to provide more detail, but they don't seem to be entirely consistant. The definition in 7.1.2 for T8, (T13 and T18 have similar text) -target: An internal event of sending a Logout response (success) on another connection for a "close the session" Logout request was received, or an internal event of a successful connection/session reinstatement is received, thus prompting the target to close this connection cleanly. "Successful connection/session reinstatement" might be read to mean that the login for the new session successfully completed rather than just a login request was received. However note that a failed connection reinstatement causes T15 which moves the session from LOGGED_IN to CLEANUP_WAIT so a failed attempt would still disrupt an active connection. There doesn't seem to be any definition provided for successful and failed connection reinstatement. In the description of connection cleanup state transitions (7.2.2, M4) successful implicit logout appears to be defined as having reached the state LOGGED_IN on the new connection. On 3, I think connection reinstatement only applies to a connection that has completed login. The state transitions for the target connection state machine only allow for implicit logout in the LOGGED_IN state and in the states that follow it. The transition from IN_LOGIN to FREE, T4, doesn't make any mention of implicit logout or connection reinstatement. Time out or the transport going away are the things that get you from IN_LOGIN to FREE. One might get a second login attempt if there was a problem on the initial connection such as the network going down but it is probably okay to not accept it until the original attempt has disappeared due to time out or closure of the transport connection. Lack of resources would be a reasonable response. If one does have the resources, I'm not sure it is a necessary response. Regards, Pat -----Original Message----- From: ips-admin@ietf.org [mailto:ips-admin@ietf.org]On Behalf Of Pittman, Joseph Sent: Tuesday, January 06, 2004 1:02 PM To: ips@ietf.org Subject: [Ips] iSCSI: When does a connection become part of a session? I'm working on adding support for multi-connection sessions to an iSCSI target implementation, and I have some questions about when a new connection is considered to be part of a session. Consider this set of login request/response exchanges. Assume that there already exists a session with ISID=1/TSIH=2 on the target, so the initiator is trying to add a connection to an existing session. The session is operating at ErrorRecoveryLevel=2, and there already exists a connection with CID=3 within that session, so connection reinstatement is required. Initiator sends Target responds ------------------------- -------------------------- Exchange 0 LOGIN_REQ LOGIN_RESP ISID=1, TSIH=2, CID=3 ISID=1, TSIH=2, CID=3 CSG=0, T=0 CSG=0, T=0 AuthMethod=CHAP AuthMethod=CHAP ** Connection now in SecurityNegotiation phase Exchange 1 LOGIN_REQ LOGIN_RESP ISID=1, TSIH=2, CID=3 ISID=1, TSIH=2, CID=3 CSG=0, T=0 CSG=0, T=0 CHAP_A=5 CHAP_A=5 CHAP_I=x CHAP_C=x Exchange 2 LOGIN_REQ LOGIN_RESP ISID=1, TSIH=2, CID=3 ISID=1, TSIH=2, CID=3 CSG=0, T=1, NSG=1 CSG=0, T=1, NSG=1 CHAP_R=x CHAP_N=x ** Connection now in LoginOperationalNegotiation phase Exchange 3 LOGIN_REQ ISID=1, TSIH=2, CID=3 ISID=1, TSIH=2, CID=3 CSG=1, T=1, NSG=3 CSG=1, T=1, NSG=3 MaxRecvDSegLen=xxx MaxRecvDSegLen=xxx ** Connection now in FullFeaturePhase phase ** Connection has been added to the session ISID=1/TSIH=2 ** Previous connection ISID=1/TSIH=2/CID=3 has been logged out for recovery Given this example, here are a few questions: 1) When is the target supposed to consider the connection as part of the session, for the purposes of the response ExpCmdSN and MaxCmdSN fields? In general, the ExpCmdSN and MaxCmdSN fields contain information about the current command window for a session. But when does the target consider the connection to be part the session: - Before security negotiation is complete? If true, then this tells a spoofing initiator (who will eventually fail authentication) about the presence of a connection by the initiator being spoofed - After security negotiation is complete? - Only in the last login response/transition to FFP? My inclination is to only consider the connection to be part of the connection when it has successfully completed the entire login sequence, and thus to return the joined session's ExpCmdSN and MaxCmdSN only in the last login response. 2) When is the target supposed to perform the connection reinstatement algorithm, including the implicit logout for recovery of the existing ISID=1/TSIH=2/CID=3 connection? - Before security negotiation is complete? Surely not, because this allows a denial of service attack. - After security negotiation is complete? - Just before sending the last login response/transition to FFP? My inclination is to only consider the connection to be part of the connection when it has successfully completed the entire login sequence, and thus do connection reinstatement just prior to sending the last login response. 3) Here's a more esoteric question: if the login sequence for one connection ISID=1/TSIH=2/CID=3 is still in LoginOpNegotiation stage, and the initiator starts another connection with the same ISID/TSIH/CID, what is the target supposed to do? Does 'connection reinstatement' apply also to a connection which is not yet in FFP? My inclination is for the target to consider the second login request as spurious, and to return NotEnoughResources (since I am unwilling to dedicate two 'new connection' slots to the same ISID/TSIH/CID combination). I cannot find any text in the iSCSI spec that unambiguously addresses these issues. Am I missing anything? If not, would any of the authors care to give guidance? Thanks in advance for any help. -- Joe Pittman <mailto:jpittman@netapp.com> jpittman@netapp.com
- [Ips] iSCSI: When does a connection become part o… Pittman, Joseph
- RE: [Ips] iSCSI: When does a connection become pa… pat_thaler
- Re: [Ips] iSCSI: When does a connection become pa… Mallikarjun C.
- Re: [Ips] iSCSI: When does a connection become pa… wrstuden
- Re: [Ips] iSCSI: When does a connection become pa… Eddy Quicksall
- Re: [Ips] iSCSI: When does a connection become pa… Robert D. Russell
- Re: [Ips] iSCSI: When does a connection become pa… Mallikarjun C.
- Re: [Ips] iSCSI: When does a connection become pa… wrstuden
- Re: [Ips] iSCSI: When does a connection become pa… Mallikarjun C.
- Re: [Ips] iSCSI: When does a connection become pa… Paul Koning
- Re: [Ips] iSCSI: When does a connection become pa… Eddy Quicksall
- Re: [Ips] iSCSI: When does a connection become pa… Nicholas A. Bellinger
- Re: [Ips] iSCSI: When does a connection become pa… wrstuden
- Re: [Ips] iSCSI: When does a connection become pa… Nicholas A. Bellinger
- Re: CSM [Ips] iSCSI: When does a connection becom… wrstuden
- Re: CSM [Ips] iSCSI: ErrorRecoveryLevel=2 Interop… Nicholas A. Bellinger
- Re: CSM [Ips] iSCSI: ErrorRecoveryLevel=2 Interop… wrstuden
- Re: [Ips] iSCSI: When does a connection become pa… Julian Satran