[openib-general] ATS and DAT "IA Address" / Connection Establishment Requirements

Caitlin Bestler caitlinb at siliquent.com
Fri Jun 24 11:11:48 PDT 2005 

I think it should be made clear that ATS is *not*
a required part of DAT. It is merely a commonly
adopted solution.

I am attaching a document prepared for the DAT
Collaborative while the definition of IA Address
was being resolved.

A quick recap on the requirements of the "IA
Address" are as follows:

1)	It walks, talks and quacks like an IPv6
	address -- but nothing says it actually
	has to be one.
2)	IPv6 Addresses already include IPv4.
3)	A Connection Request reports the local
	address that was requested, and the
	remote address. In an IP network those
	are expected to the be actual addresses
	from the IP header, subject to all
	authentication features the OS and/or
	local subnet offers. It is not a value
	that can be made up by a remote user
	at will with no risk of detection.
4)	Generally, it should be usable to set
	up a reverse connection. The generally
	is mostly a caveat about IP firewalls
	and PNAT.

The important point here is that it is totally
valid to identify the remote endpoint with a GID.

ATS was developed largely because the sourceforge
reference implementation could not rely upon the 
host OS providing DNS support for IPv6 format
addresses.

That is not an issue here. Therefore the reported
address *could* be the actual remote GID, as long
as that would be accepted in a dat_ep_connect()
call to go in the opposite direction.

Delivering the GID would provide an address that
was just as authenticated as an IP Address, and
therefore be just as good for the intended purpose
of providing authentication when the application
trusts the local network administrator.

Tunneling alleged IP Addresses supplied in user-mode
that are invisible to the network administrator does
not achieve that goal.

I also believe that ATS achieves that goal, but I'm
not an expert on IB subnet administration. But wouldn't
entry of invalid data to the ATS database be at least
visisble to the network administrator?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: IPv6_andor_GID.pdf
Type: application/octet-stream
Size: 43166 bytes
Desc: IPv6_andor_GID.pdf
URL: <http://lists.openfabrics.org/pipermail/general/attachments/20050624/c2a188ca/attachment.obj>

More information about the general mailing list