Al Hopper wrote:
On Thu, 31 May 2007, Darren J Moffat wrote:
Since you are doing iSCSI and may not be running ZFS on the initiator
(client) then I highly recommend that you run with IPsec using at
least AH (or ESP with Authentication) to protect the transport. Don't
assume that your network is reliable. ZFS won't help you here if it
isn't running on the
[Hi Darren]
Thats a curious recommendation! You don't think that TCP/IP is reliable
enough to provide iSCSI data integrity?
No I don't. Also I don't personally thing that the access control model
of iSCSI is sufficient and trust IPsec more in that respect.
Personally I would actually like to see at IPsec AH be the default for
all traffic that isn't otherwise doing a cryptographically strong
integrity check of its own.
What errors and error rates have you seen?
I have seen switches flip bits in NFS traffic such that the TCP checksum
still match yet the data was corrupted. One of the ways we saw this was
when files were being checked out of SCCS, the SCCS checksum failed.
Other ways we saw it was the compiler failing to compile untouched code.
Just like we with ZFS we don't trust the HBA and the disks to give us
correct data. With iSCSI the network is your HBA and cableing and in
part your disk controller as well. Defence in depth is a common mantra
in the security geek world, I take that forward to protecting the data
in transit too even when it isn't purely for security reasons.
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
