1 - 2 - 3 - 6 - 8 - 9 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X
iFCP
Click on the red underlined text to get to the source
... networks (including iSCSI,
iFCP and FCIP), as well as storage discovery protocols (iSNS and
SLPv2 ...
... iFCP Overview ...
... TCP/IP
network. iFCP allows interconnection and networking of existing
Fibre Channel devices at wire speeds over an IP network ...
... Fibre Channel devices at wire speeds over an IP network. iFCP
implementations emulate fabric services in order to improve fault
...
... IKE as the key management protocol.
iFCP uses TCP to provide congestion control, error detection and
...
... security gateways.
When iFCP or FCIP devices are deployed within enterprise networks, IP
addresses ...
... FCIP implementations may allow enabling and disabling security
mechanisms at the granularity of an FCIP Link. For iFCP, the
granularity corresponds to an iFCP Portal. For iSCSI ...
... FCIP Link. For iFCP, the
granularity corresponds to an iFCP Portal. For iSCSI, the
granularity of control is typically that of an iSCSI session ...
... iSCSI are
discussed in [RFC3347] Section 3.2. iFCP and FCIP devices will
typically be embedded systems deployed on racks in air-conditioned
...
... Identity Payload; other IP block storage
protocols (iFCP, FCIP) SHOULD NOT use the ID_USER_FQDN ...
... management
services, while the iFCP protocol is required to use iSNS for such
services. In addition, iSNS can be used to store and distribute
...
... security policy and authorization information to iSCSI and iFCP
devices. When the iSNS protocol is deployed, the interaction between
iSNS server and iSNS clients ...
... protocol messages, directing iSCSI
and iFCP devices to establish connections with rogue devices, or
weakening IPsec protection ...
... heartbeat messages. This could deceive iSCSI and
iFCP devices into using rogue iSNS servers.
[3] An attacker ...
... [3] An attacker can gain knowledge about iSCSI and iFCP devices by
snooping iSNS protocol messages ...
... attacker in mounting a direct attack on iSCSI and iFCP devices,
such as a denial-of-service attack or outright physical ...
... data
integrity MUST be supported. In addition, if iSNS is used to
distribute security policy for iFCP and iSCSI devices, then
authentication ...
...
In practice, within a single installation, iSCSI and/or iFCP devices
may have different security settings. For example, some devices may
...
... management information between iSCSI devices, iFCP gateways,
management stations, and the iSNS server. This includes the ability
...
... security settings used for communication via
the iSCSI and/or iFCP protocols.
The iSNS server stores security ...
... The iSNS server stores security settings for each iSCSI and iFCP
device interface. These security ...
... security settings required for communication via the
iSCSI and/or iFCP protocols. Use of iSNS for distribution of
security policies offers the potential to reduce the burden of manual
...
... The complete IKE/IPsec configuration of each iFCP and/or iSCSI device
can be stored in the iSNS server, including policies that are used
...
... payload format includes a series of one or more proposals that
the iSCSI or iFCP device will use when negotiating the appropriate
IPsec policy to use to protect iSCSI ...
... Fibre Channel, operating system,
and user identities are transparent to the iFCP and FCIP protocols.
...
... FCIP protocols.
iFCP gateways use Discovery Domain information obtained from the iSNS
server to determine whether the initiating Fibre Channel ...
...
A conformant iFCP Portal is capable of establishing one or more IKE
Phase-1 Security Associations ...
... Phase-1 Security Associations (SAs) to a peer iFCP Portal. A Phase-1
SA may be established when an iFCP Portal ...
... iFCP Portal. A Phase-1
SA may be established when an iFCP Portal is initialized, or may be
deferred until the first TCP connection with security requirements ...
... SA protects one or more TCP connections within the
same iFCP Portal. More specifically, the successful establishment of
an IKE Phase-2 SA ...
... management interface.
If an iFCP implementation makes use of unbound TCP connections, and
such connections ...
... TCP connections, and
such connections belong to an iFCP Portal with security requirements,
then the unbound connections ...
... Fibre Channel
frame CRC (iFCP and FCIP) is necessary to protect against errors
introduced by the firewall ...
... certificate can be stored either on the machine or on a smartcard.
For iFCP and FCIP, the certificate credentials ...
... possible to authenticate both the machine as well as the user. Since
iFCP and FCIP have no equivalent of iSCSI Login ...
... typically not of concern where IP addresses are typically statically
assigned (such as with iFCP and FCIP), since in this situation
individual pre-shared keys ...
... security, so that a similar authentication process may
eventually also apply to iFCP and FCIP as well.
...
... access control properties stem from the requirement
that two communicating iFCP gateways be known to one or more iSNS
servers before they can engage in iFCP exchanges. The optional use
...
... that two communicating iFCP gateways be known to one or more iSNS
servers before they can engage in iFCP exchanges. The optional use
of discovery domains in iSNS yields access control ...
... iSCSI protocol are described in
[RFC3720], Section 13; for the iFCP protocol in [iFCP], Section 12;
and for the FCIP ...
... Monia, C., et al., "iFCP - A Protocol for Internet Fibre Channel Storage Networking", Work in Progress, August 2002. ...