Skip to main content

The Architecture of Direct Data Placement (DDP) and Remote Direct Memory Access (RDMA) on Internet Protocols
draft-ietf-rddp-arch-07

Revision differences

Document history

Date Rev. By Action
2012-08-22
07 (System) post-migration administrative database adjustment to the No Objection position for Ted Hardie
2005-05-09
07 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2005-05-05
07 Amy Vezza IESG state changed to Approved-announcement sent
2005-05-05
07 Amy Vezza IESG has approved the document
2005-05-05
07 Amy Vezza Closed "Approve" ballot
2005-05-05
07 Amy Vezza State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Amy Vezza
2005-05-05
07 Sam Hartman
[Ballot comment]
I did not find this document clear at all.  I was unable to easily
tell whether Steve Bellovin's discuss text had been addressed …
[Ballot comment]
I did not find this document clear at all.  I was unable to easily
tell whether Steve Bellovin's discuss text had been addressed because
I found the document too confusing.  I suspect that at some technical
level the text has been address in that you could find changes in the
document and understand how they address Steve's comments.  However
I'm not convinced that anyone who read the document without Steve's
comments would be aware of the issues.
2005-05-05
07 Sam Hartman [Ballot Position Update] New position, Abstain, has been recorded for Sam Hartman by Sam Hartman
2005-04-11
07 Ted Hardie [Ballot Position Update] Position for Ted Hardie has been changed to No Objection from Discuss by Ted Hardie
2005-02-21
07 (System) New version available: draft-ietf-rddp-arch-07.txt
2004-11-05
07 Ted Hardie
[Ballot discuss]
I believe that the authors added the following text:

  A registered buffer is identified within DDP by its stag_t, which
    …
[Ballot discuss]
I believe that the authors added the following text:

  A registered buffer is identified within DDP by its stag_t, which
    in turn is associated with a socket.  This registration therefore
    grants a capability to the DDP peer, and the socket (using the
    underlying properties of its chosen transport and possible
    security) identifies the peer and authenticates the stag_t.

to handle the discuss comment below.  In the context of multidestination
data delivery or SCTP-style semantics, I'm not sure how this handles
the question.  I recognize that this is just the architecture document
and that actual protocol documents will get this right, but I remain
concerned that failure to handle the "what is a peer" question right
will make this work very difficult.


Original text:

It's always a bit hard to read an architecture document without the full
protocol description, as you don't have the luxury of seeing what the
bits on the wire would look like.  I think that's biting me here, as it
is not really clear to me at what layer they intend peers to be identified.
The document describes the buffer as the central component of the
architecture; reading the description of buffer, we see:


          typedef struct {
            const address_t start;
            const address_t end;
            void            set(address_t a, data_t v);
          } ddp_buffer_t;


    address_t

          a reference to local memory

    data_t

          an octet data value.

So the buffer, as expected, is only interpretable
in the local context and its identifier is , in fact, defined to
be opaque.  So no one could derive a peer identifier
from stag_t.  Yet the whole point of this is to go from
buffer @peer1 to buffer' @ peer2.  Is the peer identifier
meant to be derived from the transport layer (and, if so,
what do we do with multidestination transports)?  Or is
the peer identifier derived from a layer above DDP/RDMA
(and, if so, are there particular constraints that are placed
on that identifier, e.g. that both peer1 and peer3 would
use the same identifier for peer2)?

Any clue on this would be gratefully received....
2004-10-26
07 (System) Sub state has been changed to AD Follow up from New Id Needed
2004-10-26
06 (System) New version available: draft-ietf-rddp-arch-06.txt
2004-07-15
07 Jon Peterson State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation::AD Followup by Jon Peterson
2004-07-13
07 (System) Sub state has been changed to AD Follow up from New Id Needed
2004-07-13
05 (System) New version available: draft-ietf-rddp-arch-05.txt
2004-02-06
07 (System) Removed from agenda for telechat - 2004-02-05
2004-02-05
07 Amy Vezza State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza
2004-02-05
07 Ned Freed [Ballot Position Update] New position, No Objection, has been recorded for Ned Freed by Ned Freed
2004-02-05
07 Bert Wijnen [Ballot Position Update] New position, No Objection, has been recorded for Bert Wijnen by Bert Wijnen
2004-02-05
07 Allison Mankin [Ballot Position Update] New position, Yes, has been recorded for Allison Mankin by Allison Mankin
2004-02-04
07 Margaret Cullen [Ballot Position Update] New position, No Objection, has been recorded for Margaret Wasserman by Margaret Wasserman
2004-02-04
07 Russ Housley
[Ballot comment]
The use of TLS (as discussed briefly in the security considerations) or
  any other protocol that provides authentication will not fit well …
[Ballot comment]
The use of TLS (as discussed briefly in the security considerations) or
  any other protocol that provides authentication will not fit well into
  the proposed architecture.  The integrity check cannot be performed until
  the entire packet (or record in the case of TLS) is available in memory.
  So, the data must be copied from the I/O interface to memory, which may
  involve some reassembly, before the integrity check can be performed.
  This issue should be discussed in the security considerations.
2004-02-04
07 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded for Russ Housley by Russ Housley
2004-02-04
07 Steven Bellovin
[Ballot discuss]
I"m not convinced the security considerations is adequate.

I see several threat issues.  The first is the tension between direct copy and packet …
[Ballot discuss]
I"m not convinced the security considerations is adequate.

I see several threat issues.  The first is the tension between direct copy and packet authentication.  In many cases, it is not possible to authenticate a packet until the entire thing has been read.  But here, the data is being copied to a receiving buffer directly from the wire, before authentication takes place.  This is especially a challenge to a multi-threaded interface --- ATM where the cells for some packet are not consecutive, perhaps -- where you might get interleaving.

More generally, authorization for access to storage has to be dependent on the connection as well as the steering tag.  Otherwise, you introduce new vulnerabilities.  This is especially problematic given that receive buffers may (according to the document) be used for data from a different socket.

Aside: I think that many of these issues, as well as the multiple receiver problem (and I do not accept the argument that requiring many different clients to use the same address is in any way comparable to any existing problem in that space), would go away if the steering tag sent over the wire to the receiver were not just opaque, but by intent a random 64- or 128-bit tag to a local buffer descriptor.  That permits easy local revocation of capabilities, as well as a defense against remote contamination attempts if the value were communicated previously over an encrypted channel.
2004-02-04
07 Steven Bellovin [Ballot Position Update] New position, Discuss, has been recorded for Steve Bellovin by Steve Bellovin
2004-02-04
07 Ted Hardie
[Ballot discuss]
It's always a bit hard to read an architecture document without the full
protocol description, as you don't have the luxury of seeing …
[Ballot discuss]
It's always a bit hard to read an architecture document without the full
protocol description, as you don't have the luxury of seeing what the
bits on the wire would look like.  I think that's biting me here, as it
is not really clear to me at what layer they intend peers to be identified.
The document describes the buffer as the central component of the
architecture; reading the description of buffer, we see:


          typedef struct {
            const address_t start;
            const address_t end;
            void            set(address_t a, data_t v);
          } ddp_buffer_t;


    address_t

          a reference to local memory

    data_t

          an octet data value.

So the buffer, as expected, is only interpretable
in the local context and its identifier is , in fact, defined to
be opaque.  So no one could derive a peer identifier
from stag_t.  Yet the whole point of this is to go from
buffer @peer1 to buffer' @ peer2.  Is the peer identifier
meant to be derived from the transport layer (and, if so,
what do we do with multidestination transports)?  Or is
the peer identifier derived from a layer above DDP/RDMA
(and, if so, are there particular constraints that are placed
on that identifier, e.g. that both peer1 and peer3 would
use the same identifier for peer2)?

Any clue on this would be gratefully received....
2004-02-04
07 Ted Hardie [Ballot Position Update] New position, Discuss, has been recorded for Ted Hardie by Ted Hardie
2004-02-04
07 Jon Peterson [Ballot Position Update] New position, Yes, has been recorded for Jon Peterson
2004-02-04
07 Jon Peterson Ballot has been issued by Jon Peterson
2004-02-04
07 Jon Peterson Created "Approve" ballot
2004-02-04
07 (System) Ballot writeup text was added
2004-02-04
07 (System) Last call text was added
2004-02-04
07 (System) Ballot approval text was added
2004-01-29
07 Jon Peterson Placed on agenda for telechat - 2004-02-05 by Jon Peterson
2004-01-29
07 Jon Peterson State Changes to IESG Evaluation from AD Evaluation::Revised ID Needed by Jon Peterson
2004-01-19
04 (System) New version available: draft-ietf-rddp-arch-04.txt
2003-12-11
07 Jon Peterson State Changes to AD Evaluation::Revised ID Needed from AD Evaluation by Jon Peterson
2003-11-25
07 Jon Peterson Comments were sent to the authors, awaiting reply.
2003-10-14
07 Jon Peterson State Changes to AD Evaluation from Publication Requested by Jon Peterson
2003-09-15
07 Natalia Syracuse Draft Added by Natalia Syracuse
2003-09-09
03 (System) New version available: draft-ietf-rddp-arch-03.txt
2003-06-27
02 (System) New version available: draft-ietf-rddp-arch-02.txt
2003-03-04
01 (System) New version available: draft-ietf-rddp-arch-01.txt
2002-12-11
00 (System) New version available: draft-ietf-rddp-arch-00.txt