***SPAM*** RE: [ofa-general] Is IBIS only for querying OpenSM?

[Hal Rosenstock]

Terry,

On Fri, 2008-04-18 at 09:38 +0000, terry watson wrote:
> Thanks for the response. The environment I am testing has two clusters and one switch, 
> with the subnet manager running from the switch. Half the nodes are in one partition and 
> half in the other (ignoring 0xffff), call them partitions A and B. I have access to one 
> node in partition A as root and would like to be able to reconfigure that node locally, 
> and with no access to the switch subnet manager configuration, to be able to access nodes 
> in partition B.

In general, this is not a good idea IMO. As Philippe wrote, the SM (is
supposed to) own the writing of those tables (rather than some low level
diag utility). Even if you modify the local PKey table, it is possible
for the SM to overwrite this. Also, there are several other
ramifications of this depending on how the SM deals with partitions.
Even if you change things locally, that may not be sufficient as the
peer switch port may do partition filtering so that may need to change
that too and possible more PKey tables in the network depending on what
your SM does. Also, there are SA responses that depend on the SM having
correct knowledge (like PathRecords and others) so the end node may not
get any response on that partition for certain things.

> After some reading I believe that IBIS from IBUtils should allow me to alter the 
> local p_key table and therefore allow me to access nodes on partition B.

Yes but it may take more than this for it to work depending on your SM.

>  I cannot test this until I am on-site and I am formulating a strategy before arrival. 
> If it does not work this way it would be useful to know in advance. MPI is used rather than IPoIB. 

Some MPIs use out of band mechanisms to create connections so the SA
issues may not apply there; but I think the partition ones might and are
SM dependent so your mileage may vary...

> If my approach is flawed I would appreciate it if someone could point this out.

The proper way to do this is by reconfiguring your SM.

-- Hal

> ________________________________
> > Date: Fri, 18 Apr 2008 09:35:42 +0200
> > From: philippe.gregoire at cea.fr
> > To: terrywatson at live.com
> > CC: general at lists.openfabrics.org
> > Subject: Re: [ofa-general] Is IBIS only for querying OpenSM?
> > 
> > terry watson a écrit :
> > 
> > Hi all,
> > 
> > I will be performing some testing of partitioning used as a security control. Am I right in believing that IBIS will be able to set partition table values of the local compute node I am logged on to, even though they are not using OpenSM, but rather a SM on a switch? Could I then attempt to access a partition that I was originally excluded from accessing?
> > 
> > I am new to Infiniband technology and would also appreciate a response from an expert who has views on the strength of the security that partitioning provides in separating two clusters that should have no interaction whatsoever.
> > 
> > Thanks,
> > Dave
> > _________________________________________________________________
> > Discover the new Windows Vista
> > http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE_______________________________________________
> > general mailing list
> > general at lists.openfabrics.org
> _________________________________________________________________
> News, entertainment and everything you care about at Live.com. Get it now!
> http://www.live.com/getstarted.aspx_______________________________________________
> general mailing list
> general at lists.openfabrics.org
> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general
> 
> To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general