rfc4018.txt

一个学习iSCSI协议的文档

   2. Find all of the iSCSI Target Names that may allow access to a
      given initiator:

        Service: service:iscsi:target
        Scope:   initiator-scope-list
        Query:   (auth-name=iqn.1998-03.com.example:hostid.045A7B)

   3. Find all of the iSCSI Target Names that may allow access to
      any initiator:

        Service: service:iscsi:target
        Scope:   initiator-scope-list
        Query:   (auth-name=any)

   4. Find all of the iSCSI Target Names that may allow access to
      this initiator, or that will allow access to any initiator:

        Service: service:iscsi:target
        Scope:   initiator-scope-list
        Query:   &(auth-name=iqn.1998-03.com.example:hostid.045A7B)
                  (auth-name=any)





Bakke & Hufferd             Standards Track                    [Page 12]

RFC 4018                    iSCSI and SLPv2                   April 2005


   5. Find all of the iSCSI Target Names that may allow access to
      a given CHAP user name:

        Service: service:iscsi:target
        Scope:   initiator-scope-list
        Query:   (auth-cred=chap/my-user-name)

   6. Find all of the iSCSI Target Names that may allow access to a
      given initiator that supports two IP addresses, a CHAP credential
      and SRP credential, and an initiator name:

        Service: service:iscsi:target
        Scope:   initiator-scope-list
        Query:   &(|(auth-name=iqn.com.example:host47)(auth-name=any)
        |(auth-addr=192.0.2.3)(auth-addr=192.0.2.131)(auth-addr=any)
        |(auth-cred=chap/foo)(auth-cred=srp/my-user-name)
         (auth-cred=any))

   7. Find the iSCSI Target Names from which the given initiator is
      allowed to boot:

        Service: service:iscsi:target
        Scope:   initiator-scope-list
        Query:   (boot-list=iqn.1998-03.com.example:hostid.045A7B)

   8. In addition, a management service may wish to discover all
      targets:

        Service: service:iscsi:target
        Scope:   management-server-scope-list
        Query:   <empty-string>

   More details on booting from an iSCSI target are defined in [BOOT].

   Name of submitter: Mark Bakke
   Language of service template: en
   Security Considerations: see section 6.

   Template Text:
   -------------------------template begins here-----------------------
   template-type=iscsi:target
   template-version=1.0

   template-description=

     This is a concrete service type.  The iscsi:target service type is
     used to register individual target addresses to be discovered
     by others.  UAs will generally search for these by including one of



Bakke & Hufferd             Standards Track                    [Page 13]

RFC 4018                    iSCSI and SLPv2                   April 2005


     the following:

     - the iSCSI target name
     - iSCSI initiator identifiers (iSCSI name, credential, IP address)
     - the service URL

   template-url-syntax=
     url-path    = hostport "/" iscsi-name [ "/" identity ]
     hostport    = host [ ":" port ]
     host        = hostname / hostnumber  ; DNS name or IP address
     hostname    = *( domainlabel "." ) toplabel
     alphanum    = ALPHA / DIGIT
     domainlabel = alphanum / alphanum *[alphanum / "-"] alphanum
     toplabel    = ALPHA / ALPHA *[ alphanum / "-" ] alphanum
     hostnumber  = ipv4-number / ipv6-addr  ; IPv4 or IPv6 address
     ipv4-number = 1*3DIGIT 3("." 1*3DIGIT)
     ipv6-addr   = "[" ipv6-number "]"
     ipv6-number =                              6( h16 ":" ) ls32
                   /                       "::" 5( h16 ":" ) ls32
                   / [               h16 ] "::" 4( h16 ":" ) ls32
                   / [ *1( h16 ":" ) h16 ] "::" 3( h16 ":" ) ls32
                   / [ *2( h16 ":" ) h16 ] "::" 2( h16 ":" ) ls32
                   / [ *3( h16 ":" ) h16 ] "::"    h16 ":"   ls32
                   / [ *4( h16 ":" ) h16 ] "::"              ls32
                   / [ *5( h16 ":" ) h16 ] "::"              h16
                   / [ *6( h16 ":" ) h16 ] "::"
     ls32        = ( h16 ":" h16 ) / ipv4-number
                   ; least-significant 32 bits of ipv6 address
     h16         = 1*4HEXDIG
     port        = 1*DIGIT
     iscsi-name  = iscsi-char ; iSCSI target name
     identity    = iscsi-char ; optional identity string
     iscsi-char  = ALPHA / DIGIT / escaped / ":" / "-" / "."
                   ; Intended to allow UTF-8 encoded strings
     escaped     = 1*("\" HEXDIG HEXDIG)
     ;
     ; The iscsi-name part of the URL is required and must be the iSCSI
     ; name of the target being registered.
     ; A device representing multiple targets must individually
     ; register each target/address combination with SLP.
     ; The identity part of the URL is optional, and is used to
     ; indicate an identity that is allowed to access this target.
     ;
     ; Example (split into two lines for clarity):
     ; service:iscsi:target://192.0.2.3:3260/
     ;                      iqn.2001-04.com.example:sn.45678
     ;
     ; IPv6 addresses are also supported; they use the notation



Bakke & Hufferd             Standards Track                    [Page 14]

RFC 4018                    iSCSI and SLPv2                   April 2005


     ; specified above and in [RFC3513], section 2.2

   iscsi-name = string
   # The iSCSI Name of this target.
   # This must match the iscsi-name in the url-path.

   portal-group = integer
   # The iSCSI portal group tag for this address.  Addresses sharing
   # the same iscsi-name and portal-group tag can be used within the
   # same iSCSI session.  Portal groups are described in [RFC3720].

   transports = string M L
   tcp
     # This is a list of transport protocols that the registered
     # entity supports.  iSCSI is currently supported over TCP,
     # but it is anticipated that it could be supported over other
     # transports, such as SCTP, in the future.
   tcp

   mgmt-entity = string O
   # The fully qualified domain name, or IP address in dotted-decimal
   # notation, of the management interface of the entity containing
   # this target.
   #

   alias = string O
   # The alias string contains a descriptive name of the target.

   auth-name = string M X
   # A list of iSCSI Initiator Names that can access this target.
   # Normal iSCSI names will be 80 characters or less; max length
   # is 255.
   # Normally, only one or a few values will be in the list.
   # Using the equivalence search on this will evaluate to "true"
   # if any one of the items in this list matches the query.
   # If this list contains the default name "any", any initiator
   # is allowed to access this target, provided it matches
   # the other auth-xxx attributes.
   #
   # This attribute contains security policy information.  If this
   # attribute is distributed via an Attribute Reply message,
   # IPsec MUST be implemented.

   auth-addr = string M X
   # A list of initiator IP addresses (or host names) which will
   # be allowed access to this target.  If this list contains the
   # default name "any", any IP address is allowed access to this
   # target, provided it matches the other auth-xxx attributes.



Bakke & Hufferd             Standards Track                    [Page 15]

RFC 4018                    iSCSI and SLPv2                   April 2005


   #
   # This attribute contains security policy information.  If this
   # attribute is distributed via an Attribute Reply message,
   # IPsec MUST be implemented.

   auth-cred = string M X
   # A list of credentials which will be allowed access to the target
   # (provided they can provide the correct password or other
   # authenticator).  Entries in this list are of the form
   # "method/identifier", where the currently defined methods are
   # "chap" and "srp", both of which take usernames as their
   # identifiers.
   #
   # This attribute contains security policy information.  If this
   # attribute is distributed via an Attribute Reply message,
   # IPsec MUST be implemented.

   boot-list = string M O
   # A list of iSCSI Initiator Names that can boot from this target.
   # This list works precisely like the auth-name attribute.  A name
   # appearing in this list must either appear in the access-list,
   # or the access-list must contain the initiator name "iscsi".
   # Otherwise, an initiator will be unable to find its boot
   # target.  If boot-list contains the name "iscsi", any host can boot
   # from it, but I am not sure if this is useful to anyone.  If this
   # attribute is not registered, this target is not "bootable".
   #
   # Note that the LUN the host boots from is not specified here; a
   # host will generally attempt to boot from LUN 0.
   #
   # It is quite possible that other attributes will need to be defined
   # here for booting as well.
   #
   # This attribute contains security policy information.  If this
   # attribute is distributed via an Attribute Reply message,
   # IPsec MUST be implemented.

   --------------------------template ends here------------------------

5.3.  iSCSI Storage Management Service Templates

   This template defines the service "service:iscsi:sms".  An entity
   supporting one or more iSCSI management service protocols may
   register itself with SLP as this service type.  iSCSI clients and
   servers wishing to discover storage management services using SLP
   will usually search for them by the protocol(s) they support:





Bakke & Hufferd             Standards Track                    [Page 16]

RFC 4018                    iSCSI and SLPv2                   April 2005


        Service: service:iscsi:sms
        Scope:   initiator-scope-list
        Query:   (protocols=isns)

   Name of submitter: Mark Bakke
   Language of service template: en
   Security Considerations: see section 6.

   Template Text:
   -------------------------template begins here-----------------------
   template-type=iscsi:sms
   template-version=1.0

   template-description=
     This is a concrete service type.  The iscsi:sms service type
     provides the capability for entities supporting iSCSI to discover
     appropriate management services.

   template-url-syntax=
     url-path   = ; The URL of the management service [RFC2608].

   protocols = string M
   # The list of protocols supported by this name service.  This
   # list may be expanded in the future.  There is no default.
   #
   # "isns"  - This management service supports the use of the iSNS
   #           protocol for access management, health monitoring, and
   #           discovery management services.  This protocol is defined
   #           in [ISNS].
   isns

   transports = string M L
   tcp
   # This is a list of transport protocols that the registered
   # entity supports.
   tcp, udp

   server-priority = integer
   # The priority a client should give this server, when choosing
   # between multiple servers with the same protocol type.
   # When multiple servers are discovered for a given protocol type,
   # this parameter indicates their relative precedence. Server
   # precedence is protocol-specific; for some protocols, the primary
   # server may have the highest server-priority value, while for







Bakke & Hufferd             Standards Track                    [Page 17]

RFC 4018                    iSCSI and SLPv2                   April 2005


   # others it may have the lowest. For example, with iSNS, the primary
   # server has the lowest value (value 0).

   --------------------------template ends here------------------------

6.  Security Considerations

   The SLPv2 security model as specified in [RFC2608] does not provide
   confidentiality but does provide an authentication mechanism for UAs
   to ensure that service advertisements only come from trusted SAs,
   with the exception that it does not provide a mechanism to
   authenticate "zero-result responses".  See [RFC3723] for a discussion