[openib-general] mapping between IP address and device name
Roland Dreier
roland at topspin.com
Thu Jun 23 10:31:30 PDT 2005
James> Perhaps a bit of motivation of how the GID->IP service can
James> be used is in order.
James> kDAPL uses this feature to provide the passive side of a
James> connection with the IP address of the remote peer. kDAPL
James> consumers can use this information as a weak authentication
James> mechanism.
This seems so weak as to be not useful, and rather expensive to boot.
To implement this, a system receiving a connection request would have
to perform an SA query to map the remote LID back to a GuidInfo
record, and then for each GID attached to the remote LID, somehow
retrieve the set of IP addresses configured for that GID (assuming
that is somehow even possible).
James> Could SDP make use of this service to validate a connection
James> request's source IP address?
No, SDP passes the remote peer's IP address directly as part of its
connection establishment. In fact, the SDP annex in the IBA spec
contains this rather enlightening passage:
IP over InfiniBand does not define a mechanism to perform an
inverse lookup (from an InfiniBand address to an IP address). It
is also possible for a single InfiniBand address to have many IP
addresses, providing a one-to-many mapping when attempting to
perform an inverse lookup. To resolve these issues, the complete
source and destination IP address is provided during connection
setup to enable mapping the destination and source LID/GID to an
IP address at the accepting peer of the connection.
- R.
More information about the general
mailing list