[openib-general] mapping between IP address and device name

Fab Tillier ftillier at silverstorm.com
Thu Jun 23 10:43:06 PDT 2005


> From: Roland Dreier [mailto:roland at topspin.com]
> Sent: Thursday, June 23, 2005 10:32 AM
> 
>     James> Perhaps a bit of motivation of how the GID->IP service can
>     James> be used is in order.
> 
>     James> kDAPL uses this feature to provide the passive side of a
>     James> connection with the IP address of the remote peer. kDAPL
>     James> consumers can use this information as a weak authentication
>     James> mechanism.
> 
> This seems so weak as to be not useful, and rather expensive to boot.
> To implement this, a system receiving a connection request would have
> to perform an SA query to map the remote LID back to a GuidInfo
> record, and then for each GID attached to the remote LID, somehow
> retrieve the set of IP addresses configured for that GID (assuming
> that is somehow even possible).

This reverse lookup was something that I worked to accommodate in my proposed
changes to expand DAPL ATS to support multiple IP addresses.  The revised DAPL
ATS proposal establishes the notion of a primary IP address that would be used
for such validation.  However, I still think the reverse lookup (GID->IP) is
weak as there is no way to tell which IP the source really used.

IMO it would be much better to put the source and destination addresses into the
CM private data, but this supposedly creates a wire protocol which the DAT
collaborative wants to avoid at all costs.

- Fab




More information about the general mailing list