Changelog: Corrected and tabulated interface stability levels Mark
Sun Microsystems Systems Architecture Committee _________________________________________________________________ Subject: FCoE (Fibre Channel over Ethernet) Target Submitted by: Zhong Wang File: PSARC/2008/310/opinion.txt Date: July 29th, 2008. Committee: Mark Carlson (opinion written by Mark Martin), Rick Mathews. Minority: Darren J Moffat Product Approval Committee: Solaris PAC solaris-pac-opinion at sun.com 1. Summary This project provides FCoE (Fiber Channel over Ethernet) capability to Solaris based on COMSTAR (the SCSI target framework) by using selected Gigabit and 10GbE NICs, instead of special hardware adapters (CNA). 2. Decision & Precedence Information The project is approved as specified in reference [1]. The project may be delivered in a minor release. The project depends on the following projects. PSARC/2007/523 COMSTAR: Common Multiprotocol SCSI Target PSARC/2004/291 Fibre Channel HBA Port Utility PSARC/2004/571 Nemo - a.k.a. GLD v3 PSARC/2006/357 Crossbow - Network Virtualization and Resource Management 3. Interfaces ___________________________________________________ | Interfaces Imported | |___________________|_________________|___________| |Interface | Classification | Comments | |___________________|_________________|___________| |COMSTAR FCA | Committed | | |GLDv3 mac client | Committed | | |___________________|_________________|___________| ___________________________________________________ | Interfaces Exported | |___________________|_________________|___________| |Interface | Classification | Comments | |___________________|_________________|___________| |FCoE client | Committed | | |IOCTLS of fcoe and | Committed | | | fcoet drivers | | | |___________________|_________________|___________| 4. Opinion One issue raised was related to lack of support for the FC-SP protocol, which is an emerging security standard for FCoE. The project team explained that this standard was not full defined, and that security could be enabled through the network topology (i.e. protected private networks in the data centers). Further opinion on this issue can be found in the minority opinion. An additional issue raised was the lack of an RBAC profile for the fcadm command. A bug fix will be logged to address this -- it will not be part of this case. 5. Minority Opinion(s) The minority voted to deny this case based on the data security issues. FCoE has a defined security protcol FC-SP that the project team has chosen not to implement. The rationale for not implementing it is weak in the opinion of the minority. The project team stated that the risk was low because FCoE is used only on the local LAN - assuming the local LAN is secure is false it is often the most dangerous place on the network. The other part of the rationale was the project team claimed that FC-SP hadn't been widely implemented in the industry. If this is true it presents an opportunity for Sun to lead rather than trail if we can be the best and most secure implementation of FCoE that gives us a technical advantage we can market with. However based on the minorities brief search at least the following vendors have FC-SP support in at least one of their FCoE products including Solaris drivers: Emulex, Cisco, Qlogic (Solaris), Brocade (Solaris). Even if other vendors don't implement FC-SP for their FCoE implementation if Solaris does then at least Solaris to Solaris connections can be secured. FC-SP is important because it provides authentication, data integrity and data confidentiality of the data sent over the FC network. The minority also requests that the case have a TCR to document the security risks of unprotected FCoE traffic in the man pages and docs.sun.com documentation. The minority also requests Advice that the project team write a Sun Blueprint on how to adequately secure FCoE traffic in the absence of FC-SP 6. Advisory Information None. 7. Appendices 7.1. Appendix A: Technical Changes Required None. 7.2. Appendix B: Technical Changes Advised None. 7.3. Appendix C: Reference Material Unless stated otherwise, path names are relative to the case directory PSARC/2008/310. 1 Onepager File: onepager 2 Inception minutes File: 20080709-2008-310-inception 3 Issues File: issues 4 PSARC 20 Questions. File: inception-materials/fcoe_target_20q 5 Man page File: inception-materials/fcadm.man 6 Functional Specification File: inception-materials/fcoe_target_func_spec_v102.pdf 7.4 Related Non-Sun Projects Part of fcoet driver source is ported from Open-FCoE (a Linux based software FCoE implementation) under BSD license. Homepage is at http://www.open-fcoe.org PSARC/2008/310 Copyright 2008 Sun Microsystems -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: psarc_2008_310_draft_opinion.txt URL: <http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20090112/cfbaefb0/attachment.txt>