[openib-general] IP addressing on InfiniBand networks
James Lentini
jlentini at netapp.com
Tue Jun 28 12:24:35 PDT 2005
I'd like to summarize the discussion we've been having around
addressing and start a new email thread with a more appropriate title.
First off, here is there requirement we are trying to satisfy:
kDAPL consumers use an Internet Protocol (IP) addresses to
identify remote nodes in an interoperable way.
On the active side of a connection, an InfiniBand kDAPL provider must
determine the IP address corresponding IB address (see the
dat_ep_connect() function).
On the passive side of a connection, a InfiniBand kDAPL provider must
determine a source IB address for an InfiniBand connection request.
This information can be obtain by a kDAPL consumer either in the
DAT_CONNECTION_REQUEST_EVENT's dat_cr_arrival_event_data or
dat_cr_query()'s dat_cr_param structure.
By interoperable, we mean that the solution must not introduce a
non-standard protocol or force ULPs using kDAPL to perform special
operations when using an InfiniBand network.
The first sentence of this requirement is the most important. This
is to best support the existing practice of ULPs that use IP addresses:
NFS, iSCSI, and and sockets applications. Administrators expect to be
able to configure systems using IP addresses.
Note that this feature will be used. There has been considerable
discussion on how NFS-RDMA software would make use of this feature.
Other ULPs may use this feature as well.
Of the two mappings, the second (IB address to IP address) has proven
the most difficult to implement. Here are the different
implementations that have been proposed and a brief critique of each:
+ CM Private Data
The active side of an IB connection could place its source IP
address in the CM's private data. The passive side would retrieve
the source IP from this location.
Analysis: This approach introduces a new protocol that is not
hidden from the ULP. The problem becomes where in the software
stack this would be implemented. If it was implemented in the DAT
provider, kDAPL consumers would not be able to communicate fully
with non-kDAPL consumers (the non-kDAPL consumers would not
be expecting the IP address and thus interpret the private data
incorrectly). If this were implemented in a ULP, the ULP would
not be able to use the same code for both an IB interface and an
RNIC interface.
The security of this is very week. An end node could easily present
a false IP address.
+ Address Translation Service (ATS)
Each IB node places a record containing its IP address and IB
address in the SA database. kDAPL consults these records to
map between addresses.
Analysis: This requires all IB nodes to implement a new
protocol/adhere to a new convention. The advantage is that ULPs do
not need to be aware of it.
Since a GID can have multiple IP address, there may be multiple
records with the same GID. The passive side would need a convention
for assuming which of these matches to the active side's IP.
The security of this solution is also fairly weak. The end nodes
must be trusted to place valid records in the SA. Since the
configuration of IP addresses will occur on the end nodes, it would
be difficult for the SA to validate the records. However, the SA is
a central part of the network, so it may be possible to add additional
security features if needed.
+ IPoIB
IPoIB encapsulates IP packets in InfiniBand messages. There have been
proposals to use the address resolution mechanisms in IPoIB to
implement these features. IPv4 subnets use ARP and IPv6 subnets use
Neighbor Discovery.
Analysis:
IPoIB is not free. All nodes would be need to implement it for
this to work.
The IB address -> IP address mapping on the passive side is
problematic. If a reverse lookup were available, IPoIB would require
both a GID and QP number as input. The passive side would know the GID
but the QP number.
Further more, reverse lookup is not well supported. On IPv4 subnets,
RARP is quickly becoming (already?) obsolete. Neighbor Discovery
doesn't support reverse lookup at all. [RFC 2461]
In addition to all this, IPoIB restricts an IP subnet to the same scope
as an IB subnet. If a kDAPL consumer desired to communicate between
IB subnet's, IPoIB may not be sufficient.
+ GID as an IPv6 Address
See the attachment to Caitlin Bestler's email:
http://openib.org/pipermail/openib-general/2005-June/008104.html
Analysis:
This has been the least discussed option. One issue is
that GIDs may not be easy to administer. GIDs can be specific
to a particular channel adapter since they can contain EUI-64
identifiers. Administrators avoid using Ethernet MAC addresses
in configuration files and they should be able to avoid using
adapter specific IB addresses as well. Another issue is how
dynamically assigned SM GIDs would be managed.
Are there other implementations? Is there a way to more tightly
integrate IP addressing with InfiniBand?
More information about the general
mailing list