Securing Block Storage Protocols over IP
RFC 3723
Document | Type |
RFC - Proposed Standard
(April 2004; No errata)
Updated by RFC 7146
|
|
---|---|---|---|
Authors | Franco Travostino , Jesse Walker , Josh Tseng , Bernard Aboba , Venkat Rangan | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3723 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Allison Mankin | ||
Send notices to | <ElizabethRodriguez@ieee.org> |
Network Working Group B. Aboba Request for Comments: 3723 Microsoft Category: Standards Track J. Tseng McDATA Corporation J. Walker Intel V. Rangan Brocade Communications Systems Inc. F. Travostino Nortel Networks April 2004 Securing Block Storage Protocols over IP Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This document discusses how to secure block storage and storage discovery protocols running over IP (Internet Protocol) using IPsec and IKE (Internet Key Exchange). Threat models and security protocols are developed for iSCSI (Internet Protocol Small Computer System Interface), iFCP (Internet Fibre Channel Storage Networking) and FCIP (Fibre Channel over TCP/IP), as well as the iSNS (Internet Storage Name Server) and SLPv2 (Service Location Protocol v2) discovery protocols. Performance issues and resource constraints are analyzed. Table of Contents 1. Introduction ................................................. 3 1.1. iSCSI Overview ......................................... 3 1.2. iFCP Overview .......................................... 4 1.3. FCIP Overview .......................................... 4 1.4. IPsec Overview ......................................... 4 1.5. Terminology ............................................ 6 1.6. Requirements Language .................................. 7 Aboba, et al. Standards Track [Page 1] RFC 3723 Securing Block Storage Protocols over IP April 2004 2. Block Storage Protocol Security .............................. 7 2.1. Security Requirements ................................. 7 2.2. Resource Constraints ................................... 10 2.3. Security Protocol ...................................... 12 2.4. iSCSI Authentication ................................... 16 2.5. SLPv2 Security ......................................... 18 2.6. iSNS Security .......................................... 24 3. iSCSI security Inter-Operability Guidelines .................. 28 3.1. iSCSI Security Issues .................................. 28 3.2. iSCSI and IPsec Interaction ............................ 29 3.3. Initiating a New iSCSI Session ......................... 30 3.4. Graceful iSCSI Teardown ................................ 31 3.5. Non-graceful iSCSI Teardown ............................ 31 3.6. Application Layer CRC .................................. 32 4. iFCP and FCIP Security Issues ................................ 34 4.1. iFCP and FCIP Authentication Requirements .............. 34 4.2. iFCP Interaction with IPsec and IKE .................... 34 4.3. FCIP Interaction with IPsec and IKE .................... 35 5. Security Considerations ...................................... 36 5.1. Transport Mode Versus Tunnel Mode ...................... 36 5.2. NAT Traversal .......................................... 39 5.3. IKE Issues ............................................. 40 5.4. Rekeying Issues ........................................ 40 5.5. Transform Issues ....................................... 43 5.6. Fragmentation Issues ................................... 45 5.7. Security Checks ........................................ 46 5.8. Authentication Issues .................................. 47 5.9. Use of AES in Counter Mode ............................. 51 6. IANA Considerations .......................................... 51 6.1. Definition of Terms .................................... 52 6.2. Recommended Registration Policies ...................... 52 7. Normative References ......................................... 52 8. Informative References ....................................... 54 9. Acknowledgments .............................................. 58Show full document text