RFC 3723:Securing Block Storage Protocols over IP
RFC-Ref

1 - 2 - 3 - 6 - 8 - 9 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

FCIP

Click on the red underlined text to get to the source

1. Introduction
... iSCSI, iFCP and FCIP), as well as storage discovery protocols (iSNS and SLPv2). ...
... FCIP Overview ...
... FCIP, defined in [FCIP], is a pure FC encapsulation ...
... FC switches. FCIP differs from iFCP in that no interception or emulation of fabric ...
... services is involved. One or more TCP connections are bound to an FCIP Link, which is used to realize Inter-Switch Links (ISLs) between ...
... Links (ISLs) between pairs of Fibre Channel entities. FCIP Frame Encapsulation is described in [RFC3643 ...
... RFC3643]. FCIP does not have a native, in-band security mechanism. Rather, it ...
... IKE as the key management protocol. FCIP uses TCP to provide congestion control, error detection and ...
... technical committee. FCIP Fibre Channel over IP ...
... Fibre Channel over IP (FCIP) is a protocol for interconnecting Fibre Channel islands over IP ...
... in a single Fibre Channel fabric. The principal FCIP interface point to the IP Network ...
... interface point to the IP Network is the FCIP Entity. The FCIP Link ...
... IP Network is the FCIP Entity. The FCIP Link represents one or more TCP connections that exist between a pair ...
... represents one or more TCP connections that exist between a pair of FCIP Entities. HBA ...
... including iSCSI, iFCP and FCIP. iSCSI ...
... management, while iSCSI may use iSNS for discovery, and FCIP does not use iSNS. ...
... RFC3720], iFCP [iFCP] and FCIP [FCIP] standards track documents, they are reproduced here for convenience. ...


2. Block Storage Protocol Security
... IP Block storage protocols such as iSCSI, iFCP and FCIP are used to transmit SCSI commands over IP ...
... iSNS]) process. iSCSI can use SLPv2 or iSNS. FCIP only uses SLPv2, and iFCP ...
... Since iFCP and FCIP devices are the last line of defense for a whole Fibre Channel ...
... When iFCP or FCIP devices are deployed within enterprise networks, IP addresses will be typically be statically assigned as is the case ...
... IP block storage protocols such as iSCSI, iFCP and FCIP. FCIP ...
... FCIP. FCIP implementations may allow enabling and disabling security mechanisms at the granularity of an FCIP Link. For iFCP ...
... FCIP implementations may allow enabling and disabling security mechanisms at the granularity of an FCIP Link. For iFCP, the granularity corresponds to an iFCP Portal ...
... deployments. iSCSI may use iSNS for discovery, and FCIP does not use iSNS. iSNS applications store iSCSI and FC ...
... discussed in [RFC3347] Section 3.2. iFCP and FCIP devices will typically be embedded systems deployed on racks in air-conditioned data center facilities. Such embedded systems may include hardware ...
... IP block storage protocols (iFCP, FCIP) SHOULD NOT use the ID_USER_FQDN Identity Payload ...
... Both iSCSI and FCIP protocols use SLPv2 as a way to discover peer entities and management ...
... attack against the peer. Given the potential value of iSCSI targets and FCIP entities, leaking of such information not only increases the possibility of an attack ...
... security functionality, iSCSI and FCIP implementations supporting SLPv2 security SHOULD protect SLPv2 ...
... The usage of SLPv2 by FCIP is described in [FCIPSLP]. FCIP Entities ...
... SLPv2 by FCIP is described in [FCIPSLP]. FCIP Entities assume that once the IKE identity ...
... assume that once the IKE identity of a peer is established, the FCIP Entity Name carried in FCIP ...
... FCIP Entity Name carried in FCIP Short Frame is also implicitly accepted as the authenticated peer. Any such association ...
... IKE identity and the FCIP Entity Name is administratively established. ...
... characteristics, revealing service information constitutes a security risk. As an example, the FCIP Entity Name may reveal a WWN from which an attacker ...
... critical infrastructure of substantial value, and so iSCSI and FCIP security implementations supporting SLPv2 ...


4. iFCP and FCIP Security Issues
... iFCP and FCIP Security Issues ...
... iFCP and FCIP Authentication Requirements ...
... iFCP and FCIP are peer-to-peer protocols. iFCP and FCIP ...
... FCIP are peer-to-peer protocols. iFCP and FCIP sessions may be initiated by either or both peer gateways ...
... iFCP and FCIP are transport protocols that encapsulate SCSI ...
... operating system, and user identities are transparent to the iFCP and FCIP protocols. iFCP gateways ...
... FCIP Interaction with IPsec and IKE ...
... FCIP Entities establish tunnels with other FCIP Entities in order to ...
... FCIP Entities establish tunnels with other FCIP Entities in order to transfer IP encapsulated ...
... encapsulated FC frames. Each tunnel is a separate FCIP Link, and can encapsulate multiple TCP connections. The binding ...
... binding of TCP connections to an FCIP Link is performed using the Fibre Channel World Wide Names ...
... World Wide Names (WWNs) of the two FCIP Entities. FCIP ...
... FCIP Entities. FCIP Entities may have more than one interface and IP address, and it ...
... interface and IP address, and it is possible for an FCIP Link to contain multiple TCP connections whose FCIP ...
... FCIP Link to contain multiple TCP connections whose FCIP endpoint IP Addresses are different. In this case, an IKE ...
... IKE Phase 1 SA is typically established for each FCIP endpoint IP Address ...
... Each TCP connection within an FCIP Link corresponds to an IKE Phase 2 (Quick Mode ...
... replay attacks. FCIP implementations MAY provide administrative management of Confidentiality ...
... management interface. FCIP Entities do not require any user-level authentication, since all ...
... user-level authentication, since all FCIP Entities participate in a machine-level tunnel function. FCIP ...
... FCIP Entities participate in a machine-level tunnel function. FCIP uses SLP for discovery, but not to distribute security policies ...


5. Security Considerations
... iSCSI, iFCP or FCIP gateway or TCP proxy ...
... frame CRC (iFCP and FCIP) is necessary to protect against errors introduced by the firewall. ...
... existing while remaining in compliance, iSCSI, iFCP or FCIP security implementations can implement IPsec ...
... confidentiality for iSCSI, iFCP, and FCIP, 3DES in CBC mode [RFC2451] MUST be supported and AES ...
... transport for iSCSI, iFCP or FCIP then path MTU discovery, described in [RFC1191 ...
... smartcard. For iFCP and FCIP, the certificate credentials provided will almost ...
... authenticate both the machine as well as the user. Since iFCP and FCIP have no equivalent of iSCSI Login, for these protocols ...
... IP addresses are typically statically assigned (such as with iFCP and FCIP), since in this situation individual pre-shared keys are possible within IKE ...
... authentication process may eventually also apply to iFCP and FCIP as well. While iSCSI ...


6. IANA Considerations
... iFCP protocol in [iFCP], Section 12; and for the FCIP protocol in [FCIP], Appendix B. ...


7. References
... Rajagopal, M., et al., "Fibre Channel over TCP/IP (FCIP)", Work in Progress, August 2002. ...
... Petersen, D., "Finding FCIP Entities Using SLPv2", Work in Progress, September 2002. ...

1 - 2 - 3 - 6 - 8 - 9 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org