[openib-general] Re: IP addressing on InfiniBand networks
James Lentini
jlentini at netapp.com
Tue Jun 28 15:03:24 PDT 2005
On Tue, 28 Jun 2005, Michael S. Tsirkin wrote:
> Hi, James!
>
> I dont know much about dapl, so forgive me if the question is naive:
>
> Quoting r. James Lentini <jlentini at netapp.com>:
>>
>> + CM Private Data
>>
>> The active side of an IB connection could place its source IP
>> address in the CM's private data. The passive side would retrieve
>> the source IP from this location.
>>
>> ...
>>
>> The security of this is very week. An end node could easily present
>> a false IP address.
>
> Once you have the IP from CM private data, what prevents you from resolving it
> back to hardware address (by sending an ARP request with the IP address that
> you got)?
>
> You get back the IPoIB hardware address: GID+QPN, and can verify that
> the GID matches the GID that you got from CM.
>
> The security of this seems to be at least as good as the one you get on
> regular IP networks.
>
> Does this make sense at all?
It makes total sense. Your the first person to have pointed out this
possibility. I agree with you that the security would be comparable to
IP networks given IPoIB.
More information about the general
mailing list