[openib-general] mapping between IP address and device name
Hal Rosenstock
halr at voltaire.com
Fri Jun 24 06:40:02 PDT 2005
On Thu, 2005-06-23 at 13:31, Roland Dreier wrote:
> James> Perhaps a bit of motivation of how the GID->IP service can
> James> be used is in order.
>
> James> kDAPL uses this feature to provide the passive side of a
> James> connection with the IP address of the remote peer. kDAPL
> James> consumers can use this information as a weak authentication
> James> mechanism.
>
> This seems so weak as to be not useful, and rather expensive to boot.
> To implement this, a system receiving a connection request would have
> to perform an SA query to map the remote LID back to a GuidInfo
> record, and then for each GID attached to the remote LID,
I think this part is simpler than this. Aren't the primary/alternate
GIDs in the CM REQ ?
> somehow
> retrieve the set of IP addresses configured for that GID (assuming
> that is somehow even possible).
>
> James> Could SDP make use of this service to validate a connection
> James> request's source IP address?
>
> No, SDP passes the remote peer's IP address directly as part of its
> connection establishment. In fact, the SDP annex in the IBA spec
> contains this rather enlightening passage:
>
> IP over InfiniBand does not define a mechanism to perform an
> inverse lookup (from an InfiniBand address to an IP address). It
> is also possible for a single InfiniBand address to have many IP
> addresses, providing a one-to-many mapping when attempting to
> perform an inverse lookup. To resolve these issues, the complete
> source and destination IP address is provided during connection
> setup to enable mapping the destination and source LID/GID to an
> IP address at the accepting peer of the connection.
DAPL/IBAT does this a different way. DAPL/IBAT uses SA ServiceRecords to
handle the inverse mapping. It can handle the many IPs to single GID
issue. The only limitation is that the passive side couldn't know
unambiguously which of those IPs for that GID was used (when there are
multiple IPs).
-- Hal
More information about the general
mailing list