RE: [PATCH 4/4] IB/rxe: exchange the 2 udp ports

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: linux-rdma-owner@xxxxxxxxxxxxxxx [mailto:linux-rdma-
> owner@xxxxxxxxxxxxxxx] On Behalf Of Jason Gunthorpe
> Sent: Tuesday, May 15, 2018 9:46 AM
> To: Yanjun Zhu <yanjun.zhu@xxxxxxxxxx>
> Cc: Tom Talpey <tom@xxxxxxxxxx>; Moni Shoua <monis@xxxxxxxxxxxx>;
> dledford@xxxxxxxxxx; linux-rdma@xxxxxxxxxxxxxxx
> Subject: Re: [PATCH 4/4] IB/rxe: exchange the 2 udp ports
> 
> On Tue, May 15, 2018 at 08:24:37PM +0800, Yanjun Zhu wrote:
> >
> >
> > On 2018/5/15 3:41, Jason Gunthorpe wrote:
> > >On Mon, May 14, 2018 at 09:42:31AM +0800, Yanjun Zhu wrote:
> > >>
> > >>On 2018/5/13 19:49, Tom Talpey wrote:
> > >>>On 5/12/2018 9:00 PM, Yanjun Zhu wrote:
> > >>>>
> > >>>>On 2018/5/12 22:24, Tom Talpey wrote:
> > >>>>>On 5/12/2018 9:54 AM, Zhu Yanjun wrote:
> > >>>>>>When udp port 4791 is blocked, the udp port 4891 is used and
> > >>>>>>vice versa.
> > >>>>>Port 4891 is currently unassigned in the IANA registry. Do you
> > >>>>>intend to request this?
> > >>>>Yes. If this patch is merged, I will request it.
> > >>>That is improper - the standards assignment must come first. In my
> > >>>opinion the firewall reasoning will be rejected by the IANA, and
> > >>>there's no guarantee what number will be assigned in any case. The
> > >>>process is defined here: https://tools.ietf.org/html/rfc6335
> > >>>
> > >>>Do the hard stuff first; develop a solid justification why this is
> > >>>a good and proper approach, before deploying it on the IP Internet
> > >>>by making it part of Linux.
> > >>Thanks a lot for your suggestions. I will request the udp port now.
> > Hi, Jason
> >
> > I checked the Annex 17: RoCEv2. From this spec, the udp is specified
> > to carry rdma.
> > This feature is based on the above. And it is transparent to RDMA.
> > That is, RDMA will not detect udp port exchange. And this feature is
> > helpful to RDMA.
> 
> IBTA controls the port numbers that rocev2 uses, and how it should intereact if
> there are suddently two port numbers.
> 
> > So I do not know why IBTA do not want to give us a ROCE related port.
> > I will request the port with IETF.
> >
> > If I can get the port, will you merge these patches into mainline?
> 
I don't think this is right direction.
I don't see there is any problem here that requires IBTA or IETF's attention.
In fact this method is creating more security issues and requires mores administrative hand holding where now administrator needs to block multiple UDP ports to disable RoCE.
Leon already explained this.

What is the inspiration for administrator to block port 4791 and not port 4891, where the service is offered on port 4791.
Why vxlan UDP encapsulation doesn't face this problem, which likely/might have wider user base.
You intent to create a software extension which bypasses administrative policy; - not a good idea.

Again rxe will not be able have control of the udp ports that it intend to use, even if it is coded this way currently.
It will be ib_core. So the patches in current form won't make progress until the ib_core rework is finished.
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux