| draft-ietf-dhc-isnsoption-00.txt | draft-ietf-dhc-isnsoption-01.txt | |||
|---|---|---|---|---|
| DHC Josh Tseng | DHC Josh Tseng | |||
| Internet Draft Nishan Systems | Internet Draft Kevin Gibbons | |||
| <draft-ietf-dhc-isnsoption-00.txt> | <draft-ietf-dhc-isnsoption-01.txt> Nishan Systems | |||
| Expires August 2002 February 2002 | Expires January 2003 July 2002 | |||
| DHCP Options for Internet Storage Name Service | DHCP Options for Internet Storage Name Service | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of [RFC2026]. | all provisions of Section 10 of [RFC2026]. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 41 | skipping to change at page 1, line 41 | |||
| Comments should be sent to the IPS mailing list (ips@ece.cmu.edu) or | Comments should be sent to the IPS mailing list (ips@ece.cmu.edu) or | |||
| to the authors. | to the authors. | |||
| Table of Contents | Table of Contents | |||
| Status of this Memo...................................................1 | Status of this Memo...................................................1 | |||
| Comments..............................................................1 | Comments..............................................................1 | |||
| Abstract..............................................................2 | Abstract..............................................................2 | |||
| Conventions used in this document.....................................2 | Conventions used in this document.....................................2 | |||
| 1.Introduction.......................................................2 | 1. Introduction......................................................2 | |||
| 2.iSNS Option for DHCP...............................................3 | 2. iSNS Option for DHCP..............................................3 | |||
| 3.Security Considerations............................................4 | 3. Security Considerations...........................................6 | |||
| 4.References.........................................................5 | 4. References........................................................6 | |||
| 5.Author's Addresses.................................................5 | 5. Author's Addresses................................................7 | |||
| Full Copyright Statement..............................................6 | Full Copyright Statement..............................................8 | |||
| DHCP Option Number for iSNS February 2002 | DHCP Option Number for iSNS February 2002 | |||
| Abstract | Abstract | |||
| This document describes the DHCP option to allow iSNS clients | This document describes the DHCP option to allow iSNS clients | |||
| devices using DHCP to automatically discover the location of the | devices using DHCP to automatically discover the location of the | |||
| iSNS server. iSNS provides discovery and management capabilities for | iSNS server. iSNS provides discovery and management capabilities for | |||
| iSCSI and Fibre Channel (FCP) storage devices in an enterprise-scale | iSCSI and Fibre Channel (FCP) storage devices in an enterprise-scale | |||
| IP storage network. iSNS provides intelligent storage management | IP storage network. iSNS provides intelligent storage management | |||
| services comparable to those found in Fibre Channel networks, | services comparable to those found in Fibre Channel networks, | |||
| skipping to change at page 3, line 37 | skipping to change at page 3, line 37 | |||
| 2. iSNS Option for DHCP | 2. iSNS Option for DHCP | |||
| This option specifies the location of the primary and backup iSNS | This option specifies the location of the primary and backup iSNS | |||
| servers and the subset of iSNS services that will be used by the | servers and the subset of iSNS services that will be used by the | |||
| iSNS client. | iSNS client. | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Code = TBD | Length | FLAGS | | | Code = TBD | Length | iSNS Function | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| | DD Access | Administrative FLAGS | | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | a1 | a2 | a3 | a4 | | | a1 | a2 | a3 | a4 | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | b1 | b2 | b3 | b4 | | | b1 | b2 | b3 | b4 | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | . . . . | | | . . . . | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| The iSNS Option specifies a list of IP addresses used by iSNS | The iSNS Option specifies a list of IP addresses used by iSNS | |||
| servers. | servers. | |||
| Length indicates the number of bytes that follow the Length field. | Length indicates the number of bytes that follow the Length field. | |||
| The minimum value for the Length field is 2 in order to account for | The minimum value for the Length field is 6 in order to account for | |||
| the FLAGS field. | the iSNS Function, Discovery Domain Access, and Administrative Flags | |||
| field. | ||||
| The format of the FLAGS field is shown below: | ||||
| iSNS Function is a bitmap field defining the iSNS server's | ||||
| operational role (i.e., how the iSNS server is to be used). The | ||||
| iSNS server's role can be as basic as to provide simple discovery | ||||
| information, or as significant as to provide IKE/IPSec security | ||||
| DHCP Option Number for iSNS February 2002 | DHCP Option Number for iSNS February 2002 | |||
| policies and certificates for the use of iSCSI and iFCP devices. The | ||||
| format of the iSNS Role bit field is shown below: | ||||
| 1 2 3 | 1 2 3 | |||
| 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Site-Spec | RESERVED |S|A|H| | | Site-Specific |RESERVED |S|A|E| | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Bit field Significance | Bit field Significance | |||
| --------- ------------ | --------- ------------ | |||
| 31 Heartbeat | 31 Enabled/Disabled | |||
| 30 Authorization | 30 Authorization/Discovery Domains | |||
| 29 Security | 29 Security | |||
| 28-22 RESERVED | 28-24 RESERVED | |||
| 21-16 Site-specific or Vendor-specific use only | 23-16 Site-specific or Vendor-specific use only | |||
| Heartbeat: Indicates whether the first IP address is the multicast | Enabled/Disabled: This bit determines the validity of the iSNS Role | |||
| address for the iSNS heartbeat message. If enabled, then a1-a4 | field. If this bit is enabled, then the contents of the remainder | |||
| contains the heartbeat multicast address and b1-b4 contains the IP | of the iSNS Role field are valid. If this bit is disabled, then the | |||
| address of the primary iSNS server, followed by the IP address(es) | contents of the iSNS Role field are invalid. | |||
| of any backup servers. If disabled, then a1-a4 contains the IP | ||||
| address of the primary iSNS server, followed by the IP address(es) | ||||
| of any backup servers. | ||||
| Authorization: Indicates the role of the iSNS server in determining | Authorization: Indicates the role of the iSNS server in determining | |||
| device access authorizations. If disabled, then the role of the | device access authorizations. If disabled, then the function of the | |||
| iSNS server is only for discovery purposes only. Discovery Domains | iSNS server is for target discovery purposes only. Discovery | |||
| MAY be used to manage the discovery process, but they do not | Domains MAY be used to manage the discovery process, but they do not | |||
| indicate necessarily indicate authorization to access discovered | necessarily indicate authorization to access discovered devices. If | |||
| devices. If enabled, then Discovery Domain/Zoning features of the | enabled, then Discovery Domain/Zoning features of the iSNS indicate | |||
| iSNS indicate device access authorizations. Devices in a common DD | device access authorizations. Devices in a common DD SHALL be | |||
| SHALL be allowed access to each other if they are successfully | allowed access to each other if they are successfully authenticated. | |||
| authenticated. Devices not in a common DD shall not be allowed to | Devices not in a common DD shall not be allowed to access each | |||
| access each other. | other. | |||
| Security: Indicates whether the iSNS client is to download and use | Security: Indicates whether the iSNS client is to download and use | |||
| the security policy configuration stored in the iSNS server. If | the security policy configuration stored in the iSNS server. If | |||
| enabled, then the AuthMethod and IKE/IPSec policy stored in the iSNS | enabled, then the AuthMethod and IKE/IPSec policy stored in the iSNS | |||
| server SHALL be used by the iSNS client for its own security policy. | server SHALL be used by the iSNS client for its own security policy. | |||
| If disabled, then the iSNS client SHALL NOT query for its own | If disabled, then the iSNS client SHALL NOT query for its own | |||
| security policy attributes in the iSNS server. | security policy attributes in the iSNS server. | |||
| Site-Specific: These bits are used to indicate site-specific or | Site-Specific: These bits are used to indicate site-specific or | |||
| vendor-specific capabilities in the indicated iSNS server. | vendor-specific capabilities in the indicated iSNS server. | |||
| Discovery Domain Access is a bit field that indicates the types of | ||||
| iSNS clients that are allowed to modify Discovery Domains. The | ||||
| format of the DD Access bit field is shown below: | ||||
| DHCP Option Number for iSNS February 2002 | ||||
| 0 1 2 3 4 5 6 7 | ||||
| +---+---+---+---+---+---+---+---+ | ||||
| | R | R | if| tf| is| ts| C | E | | ||||
| +---+---+---+---+---+---+---+---+ | ||||
| Bit field Significance | ||||
| --------- ------------ | ||||
| 7 Enabled/Disabled | ||||
| 6 Control Node | ||||
| 5 iSCSI Target | ||||
| 4 iSCSI Initiator | ||||
| 3 iFCP Target Port | ||||
| 2 iFCP Initiator Port | ||||
| 1 RESERVED | ||||
| 0 RESERVED | ||||
| Enabled/Disabled: This bit determines the validity of the DD Access | ||||
| bit field. If this bit is enabled, then the contents of the | ||||
| remainder of the DD Access field are valid. If this bit is | ||||
| disabled, then the contents of this field are invalid. | ||||
| Control Node: Determines whether Control Nodes are allowed to add, | ||||
| delete, or modify Discovery Domains. If enabled, then Control Nodes | ||||
| are allowed. If disabled, then Control Nodes are not allowed to | ||||
| modify Discovery Domains. | ||||
| iSCSI Target, iSCSI Initiator, iFCP Target Port, and iFCP Initiator | ||||
| Port: These bits determine whether the respective registered iSNS | ||||
| client (determined by iSCSI Node Type or iFCP Port Role) is allowed | ||||
| to add, delete, or modify Discovery Domains. If enabled, then the | ||||
| respective types of iSNS clients are allowed. If disabled, then | ||||
| they are not allowed to modify Discovery Domains. | ||||
| The Administrative Flags field configures the administrative | ||||
| settings for the iSNS server discovered through the DHCP option. | ||||
| The format of the Administrative Flags bit field is as follows: | ||||
| 0 1 2 3 | ||||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| | Site-Specific | RESERVED |D|M|H|E| | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| Bit field Significance | ||||
| --------- ------------ | ||||
| 31 Enabled/Disabled | ||||
| 30 Heartbeat | ||||
| 29 Management SCN's | ||||
| 28 Default Discovery Domain | ||||
| 26-8 RESERVED | ||||
| 7-0 Site-specific or Vendor-specific use only | ||||
| Enabled/Disabled: This bit determines the validity of the | ||||
| Administrative Flags field. If this bit is enabled, then the | ||||
| DHCP Option Number for iSNS February 2002 | ||||
| contents of the remainder of the Administrative Flags field are | ||||
| valid. If this bit is disabled, then the contents of this field are | ||||
| invalid, indicating that iSNS administrative settings are configured | ||||
| through alternative means other than DHCP. | ||||
| Heartbeat: Indicates whether the first IP address is the multicast | ||||
| address for the iSNS heartbeat message. If enabled, then a1-a4 | ||||
| contains the heartbeat multicast address and b1-b4 contains the IP | ||||
| address of the primary iSNS server, followed by the IP address(es) | ||||
| of any backup servers. If disabled, then a1-a4 contains the IP | ||||
| address of the primary iSNS server, followed by the IP address(es) | ||||
| of any backup servers. | ||||
| Management SCNs: Indicates whether control nodes are authorized to | ||||
| register to receive Management SCN's. Management SCN's are a | ||||
| special class of State Change Notification whose scope is the entire | ||||
| iSNS database. If enabled, then control nodes are authorized to | ||||
| register to receive Management SCN's. If disabled, then control | ||||
| nodes are not authorized to receive Management SCN's (although they | ||||
| may receive normal SCN's). | ||||
| Default Discovery Domain: Indicates whether a newly registered | ||||
| device that is not explicitly placed into a Discovery Domain (DD) | ||||
| and Discovery Domain Set (DDS) should be automatically placed into a | ||||
| default DD and DDS. If enabled, then a default DD shall contain all | ||||
| devices in the iSNS database that have not been explicitly placed | ||||
| into a DD by an iSNS client. If disabled, then devices not | ||||
| explicitly placed into a DD are not members of any DD. | ||||
| 3. Security Considerations | 3. Security Considerations | |||
| DHCP currently provides no authentication or security mechanisms. | DHCP currently provides no authentication or security mechanisms. | |||
| Potential exposures to attack are discussed in section 7 of the DHCP | Potential exposures to attack are discussed in section 7 of the DHCP | |||
| protocol specification [DHCP]. | protocol specification [DHCP]. | |||
| iSNS security considerations are discussed in [iSNS] and [SEC-IPS]. | iSNS security considerations are discussed in [iSNS] and [SEC-IPS]. | |||
| DHCP Option Number for iSNS February 2002 | ||||
| 4. References | 4. References | |||
| [DHCP] Droms, R., "Dynamic Host Configuration Protocol", RFC | [DHCP] Droms, R., "Dynamic Host Configuration Protocol", RFC | |||
| 2131, Bucknell University, March 1997. | 2131, Bucknell University, March 1997. | |||
| [iSCSI] Satran, J., et al., "iSCSI", Internet draft (work in | [iSCSI] Satran, J., et al., "iSCSI", Internet draft (work in | |||
| progress), draft-ietf-ips-iSCSI-10.txt, January 2002 | progress), draft-ietf-ips-iSCSI-13.txt, June 2002 | |||
| [iFCP] Monia, C., et al., "iFCP - A Protocol for Internet Fibre | [iFCP] Monia, C., et al., "iFCP - A Protocol for Internet Fibre | |||
| Channel Storage Networking", Internet draft (work in | Channel Storage Networking", Internet draft (work in | |||
| progress), draft-ietf-ips-ifcp-09.txt, January 2002 | progress), draft-ietf-ips-ifcp-11.txt, May 2002 | |||
| [iSNS] Tseng, J. et al., "iSNS - Internet Storage Name | [iSNS] Tseng, J. et al., "iSNS - Internet Storage Name | |||
| Service", Internet draft (work in progress), draft-ietf- | Service", Internet draft (work in progress), draft-ietf- | |||
| ips-isns-09.txt, March 2002 | ips-isns-10.txt, May 2002 | |||
| DHCP Option Number for iSNS February 2002 | ||||
| [SEC-IPS] Aboba, B., et al., "Securing IP Block Storage | [SEC-IPS] Aboba, B., et al., "Securing IP Block Storage | |||
| Protocols", draft-ietf-ips-security-09.txt, February | Protocols", draft-ietf-ips-security-13.txt, June 2002 | |||
| 2002 | ||||
| [RFC2026] Bradner, S., "The Internet Standards Process -- Revision | [RFC2026] Bradner, S., "The Internet Standards Process -- Revision | |||
| 3", BCP 9, RFC 2026, October 1996. | 3", BCP 9, RFC 2026, October 1996. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997 | Requirement Levels", BCP 14, RFC 2119, March 1997 | |||
| 5. Author's Addresses | 5. Author's Addresses | |||
| Josh Tseng | Josh Tseng | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||