[openib-general] mapping between IP address and device name

Roland Dreier roland at topspin.com
Thu Jun 23 10:31:30 PDT 2005


    James> Perhaps a bit of motivation of how the GID->IP service can
    James> be used is in order.

    James> kDAPL uses this feature to provide the passive side of a
    James> connection with the IP address of the remote peer. kDAPL
    James> consumers can use this information as a weak authentication
    James> mechanism.

This seems so weak as to be not useful, and rather expensive to boot.
To implement this, a system receiving a connection request would have
to perform an SA query to map the remote LID back to a GuidInfo
record, and then for each GID attached to the remote LID, somehow
retrieve the set of IP addresses configured for that GID (assuming
that is somehow even possible).

    James> Could SDP make use of this service to validate a connection
    James> request's source IP address?

No, SDP passes the remote peer's IP address directly as part of its
connection establishment.  In fact, the SDP annex in the IBA spec
contains this rather enlightening passage:

    IP over InfiniBand does not define a mechanism to perform an
    inverse lookup (from an InfiniBand address to an IP address). It
    is also possible for a single InfiniBand address to have many IP
    addresses, providing a one-to-many mapping when attempting to
    perform an inverse lookup. To resolve these issues, the complete
    source and destination IP address is provided during connection
    setup to enable mapping the destination and source LID/GID to an
    IP address at the accepting peer of the connection.

 - R.



More information about the general mailing list