idnits 2.17.1 draft-ietf-ips-iscsi-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == There are 3 instances of lines with non-ascii characters in the document. == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 49) being 59 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([SAM2]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 6 instances of lines with non-RFC2606-compliant FQDNs in the document. == There are 2 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 3169 has weird spacing: '... offer any s...' == Line 3173 has weird spacing: '...s offer secur...' == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: If the Status is "accept login" (0x0000) and the F bit is 1, the initiator may proceed to issue SCSI commands. If the Status is "accept login" (0x0000) and the F bit is 0, the initiator may proceed negotiating operational parameters. The target MUST not set the Status to 0x'0000' and the F bit to 1 if the Login Command had the F bit set to 0. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: A target MUST not send more than one Login Response with the F bit set to 0. == Unrecognized Status in 'Category: standards-track', assuming Proposed Standard (Expected one of 'Standards Track', 'Full Standard', 'Draft Standard', 'Proposed Standard', 'Best Current Practice', 'Informational', 'Experimental', 'Informational', 'Historic'.) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '1' on line 38 looks like a reference -- Missing reference section? 'SAM2' on line 3663 looks like a reference -- Missing reference section? 'SAM' on line 367 looks like a reference -- Missing reference section? 'RFC1982' on line 3641 looks like a reference -- Missing reference section? 'NDT' on line 4221 looks like a reference -- Missing reference section? 'AC' on line 3619 looks like a reference -- Missing reference section? 'ALTC' on line 3621 looks like a reference -- Missing reference section? 'BOOT' on line 3622 looks like a reference -- Missing reference section? 'CAM' on line 3623 looks like a reference -- Missing reference section? 'CRC' on line 3624 looks like a reference -- Missing reference section? 'FIPS-180-1' on line 3625 looks like a reference -- Missing reference section? 'FIPS-186-2' on line 3626 looks like a reference -- Missing reference section? 'PKIX-Part1' on line 3629 looks like a reference -- Missing reference section? 'RFC793' on line 3632 looks like a reference -- Missing reference section? 'RFC1122' on line 3633 looks like a reference -- Missing reference section? 'RFC-1510' on line 3866 looks like a reference -- Missing reference section? 'RFC1766' on line 3637 looks like a reference -- Missing reference section? 'RFC1964' on line 3639 looks like a reference -- Missing reference section? 'RFC2026' on line 3643 looks like a reference -- Missing reference section? 'RFC-2044' on line 3645 looks like a reference -- Missing reference section? 'RFC2104' on line 3647 looks like a reference -- Missing reference section? 'RFC2119' on line 3649 looks like a reference -- Missing reference section? 'RFC2144' on line 3651 looks like a reference -- Missing reference section? 'RFC2234' on line 3653 looks like a reference -- Missing reference section? 'RFC2313' on line 3655 looks like a reference -- Missing reference section? 'RFC2434' on line 3656 looks like a reference -- Missing reference section? 'RFC2440' on line 3659 looks like a reference -- Missing reference section? 'RFC2945' on line 4005 looks like a reference -- Missing reference section? 'SBC' on line 3668 looks like a reference -- Missing reference section? 'SCSI2' on line 3669 looks like a reference -- Missing reference section? 'Schneier' on line 3670 looks like a reference -- Missing reference section? 'SPC' on line 3673 looks like a reference -- Missing reference section? 'Wolf94' on line 3674 looks like a reference -- Missing reference section? 'Wolf88' on line 3677 looks like a reference -- Missing reference section? 'RFC-2945' on line 3844 looks like a reference -- Missing reference section? 'RFC1510' on line 3878 looks like a reference Summary: 6 errors (**), 0 flaws (~~), 9 warnings (==), 38 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IPS Julian Satran 3 Internet Draft Daniel Smith 4 Document: draft-ietf-ips-iscsi-04.txt Kalman Meth 5 Category: standards-track Ofer Biran 6 IBM 8 Costa Sapuntzakis 9 Cisco Systems 11 Matt Wakeley 12 Agilent Technologies 14 Luciano Dalle Ore 15 Quantum 17 Paul Von Stamwitz 18 Adaptec 20 Randy Haagens 21 Hewlett-Packard Co. 23 Efri Zeidner 24 SANGate 26 Yaron Klein 27 SANRAD 29 iSCSI 31 Julian Satran Standards-Track, Expire October 2001 1 32 iSCSI February 23, 2001 34 Status of this Memo 36 This document is an Internet-Draft and is in full conformance with 37 all provisions of Section 10 of RFC2026 [1]. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF), its areas, and its working groups. Note that other 41 groups may also distribute working documents as Internet-Drafts. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or made obsolete by other documents at 44 any time. It is inappropriate to use Internet- Drafts as reference 45 material or to cite them other than as "work in progress." 46 The list of current Internet-Drafts can be accessed at 47 http://www.ietf.org/ietf/1id-abstracts.txt 48 The list of Internet-Draft Shadow Directories can be accessed at 49 http://www.ietf.org/shadow.html. 51 Abstract 53 The Small Computer Systems Interface (SCSI) is a popular family of 54 protocols for communicating with I/O devices, especially storage 55 devices. This memo describes a transport protocol for SCSI that 56 operates on top of TCP. The iSCSI protocol aims to be fully 57 compliant with the requirements laid out in the SCSI Architecture 58 Model - 2 [SAM2] document. 60 Acknowledgements 62 Besides the authors a large group of people contributed through their 63 review, comments and valuable insights to the creation of this 64 document - too many to mention them all. Nevertheless, we are 65 grateful to all of them. We are especially grateful to those that 66 found the time and patience to participate in our weekly phone 67 conferences and intermediate meetings in Almaden and Haifa and thus 68 helped shape this document: Jim Hafner, John Hufferd, Prasenjit 69 Sarkar, Meir Toledano, John Dowdy, Steve Legg, Alain Azagury (IBM), 70 Dave Nagle (CMU), David Black (EMC), John Matze (Veritas), Mark 71 Bakke, Steve DeGroote, Mark Shrandt (NuSpeed), Gabi Hecht (Gadzoox), 72 Robert Snively (Brocade), Nelson Nachum (StorAge), Uri Elzur (Intel). 73 Many more helped clean and improve this document within the IPS 74 working group. We are especially grateful to David Robinson and 75 Raghavendra Rao (Sun), Charles Monia, Joshua Tseng (Nishan), Somesh 76 Gupta, Mallikarjun C., Michael Krause, Pierre Labat, Santosh Rao 77 (HP), Stephen Byan (Genroco), Robert Elliott (Compaq), Steve Senum 79 Satran, J. Standards-Track, Expire October 2001 2 80 iSCSI February 23, 2001 82 (CISCO), Barry Reinhold (Trebia Networks). Last, but not least, 83 thanks to Ralph Weber for keeping us in-line with T10 (SCSI) 84 standardization. Thanks also Steve Hetzler for his unwavering 85 support and for coming up with such a good name for the protocol and 86 Micky Rodeh, Jai Menon, Clod Barrera and Andy Bechtolsheim for 87 helping this work happen. 89 Conventions used in this document 91 In examples, "I->" and "T->" indicate iSCSI PDUs sent by the 92 initiator and target respectively. 94 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 95 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 96 document are to be interpreted as described in RFC-2119. 98 Satran, J. Standards-Track, Expire October 2001 3 99 iSCSI February 23, 2001 101 Table of Contents 102 Status of this Memo...................................................2 103 Abstract..............................................................2 104 Acknowledgements......................................................2 105 Conventions used in this document.....................................3 106 1. Overview...........................................................9 107 1.1 SCSI Concepts...................................................9 108 1.2 iSCSI Concepts & Functional Overview...........................10 109 1.2.1 Layers & Sessions...........................................10 110 1.2.2 Ordering and iSCSI numbering................................11 111 1.2.2.1 Command numbering and acknowledging......................11 112 1.2.2.2 Response/Status numbering and acknowledging..............12 113 1.2.2.3 Data Sequencing..........................................13 114 1.2.3 iSCSI Login.................................................13 115 1.2.4 Text mode negotiation.......................................14 116 1.2.5 iSCSI Full Feature Phase....................................15 117 1.2.6 iSCSI Connection Termination................................17 118 1.2.7 Naming and addressing.......................................17 119 1.2.8 Message Synchronization and Steering........................20 120 1.2.8.1 Rationale................................................20 121 1.2.8.2 Synch and Steering functional model......................21 122 1.2.8.3 Synch and Steering and other encapsulation layers........23 123 1.2.8.4 Synch/Steering and iSCSI PDU Size........................23 124 2. iSCSI PDU Formats.................................................25 125 2.1 iSCSI PDU length and padding...................................25 126 2.2 PDU Template, Header and Opcodes...............................25 127 2.2.1 What's Next (WN)............................................26 128 2.2.2 WN specific fields..........................................26 129 2.2.2.1 WN specific fields for a next Extended CDB header segment 26 130 2.2.2.2 WN specific fields for next Bi-directional read data header 131 segment and Long Data Transfer Header............................27 132 2.2.2.3 WN specific fields for next Data header segment..........27 133 2.2.3 Header Digest and Data Digest...............................27 134 2.2.4 Basic Header Segment (BHS)..................................28 135 2.2.4.1 X........................................................28 136 2.2.4.2 Opcode...................................................28 137 2.2.4.3 Opcode-specific fields...................................29 138 2.2.4.4 LUN......................................................30 139 2.2.4.5 Initiator Task Tag.......................................30 140 2.2.5 Extended CDB Additional Header Segment......................30 141 2.2.6 Bi-directional Read Additional Header Segment...............30 142 2.2.7 Long Data Additional Header Segment.........................31 143 2.3 SCSI Command...................................................32 144 2.3.1 Flags & Task Attributes.....................................32 146 Satran, J. Standards-Track, Expire October 2001 4 147 iSCSI February 23, 2001 149 2.3.2 CmdRN.......................................................33 150 2.3.3 CmdSN - Command Sequence Number.............................33 151 2.3.4 ExpStatSN/EndDataSN - Expected Status Sequence Number.......33 152 2.3.5 Expected Data Transfer Length...............................33 153 2.3.6 CDB - SCSI Command Descriptor Block.........................33 154 2.3.7 Command-Data................................................34 155 2.4 SCSI Response..................................................35 156 2.4.1 Byte 1 - Flags..............................................35 157 2.4.2 Status/Response.............................................36 158 2.4.3 Basic Residual Count........................................36 159 2.4.4 Bidi-Read Residual Count....................................36 160 2.4.5 SR-length...................................................37 161 2.4.6 Sense or Response Data......................................37 162 2.4.7 EndDataSN...................................................37 163 2.4.8 StatSN - Status Sequence Number.............................37 164 2.4.9 ExpCmdSN - next expected CmdSN from this initiator..........37 165 2.4.10 MaxCmdSN - maximum CmdSN acceptable from this initiator....37 166 2.5 SCSI Task Management Command...................................39 167 2.5.1 Function....................................................39 168 2.5.2 Referenced Task Tag.........................................40 169 2.6 SCSI Task Management Response..................................41 170 2.6.1 Referenced Task Tag.........................................42 171 2.7 SCSI Data......................................................43 172 2.7.1 F (Final) bit...............................................44 173 2.7.2 Target Transfer Tag.........................................44 174 2.7.3 DataSN......................................................45 175 2.7.4 Buffer Offset...............................................45 176 2.7.5 Flags.......................................................45 177 2.8 Text Command...................................................47 178 2.8.1 Final (F) bit...............................................47 179 2.8.2 Initiator Task Tag..........................................47 180 2.8.3 Text........................................................48 181 2.9 Text Response..................................................50 182 2.9.1 Final (F) bit...............................................50 183 2.9.2 Initiator Task Tag..........................................50 184 2.9.3 Text Response...............................................51 185 2.10 Login Command.................................................52 186 2.10.1 X - Restart................................................52 187 2.10.2 F - final..................................................52 188 2.10.3 Version-max................................................52 189 2.10.4 Version-min................................................53 190 2.10.5 CID........................................................53 191 2.10.6 ISID.......................................................53 192 2.10.7 InitCmdSN..................................................53 193 2.10.8 ExpStatSN..................................................53 194 2.10.9 Login Parameters...........................................53 196 Satran, J. Standards-Track, Expire October 2001 5 197 iSCSI February 23, 2001 199 2.11 Login Response................................................54 200 2.11.1 Version-max................................................54 201 2.11.2 Version-active/lowest......................................54 202 2.11.3 InitStatSN.................................................55 203 2.11.4 Status-Class and Status-Detail.............................55 204 2.11.5 TSID.......................................................57 205 2.11.6 Final bit..................................................57 206 2.12 NOP-Out.......................................................58 207 2.12.1 P - Ping bit...............................................59 208 2.12.2 LUN........................................................59 209 2.12.3 Initiator Task Tag.........................................59 210 2.12.4 Target Transfer Tag........................................59 211 2.12.5 Ping Data..................................................59 212 2.13 NOP-In........................................................60 213 2.13.1 P bit......................................................60 214 2.13.2 Target Transfer Tag........................................61 215 2.14 Logout Command................................................62 216 2.14.1 CID........................................................62 217 2.14.2 ExpStatSN..................................................62 218 2.14.3 Reason Code................................................63 219 2.15 Logout Response...............................................64 220 2.15.1 Status.....................................................64 221 2.16 SACK Request..................................................65 222 2.16.1 D..........................................................65 223 2.16.2 AddRun.....................................................65 224 2.16.3 BegRun.....................................................66 225 2.16.4 RunLength..................................................66 226 2.17 Ready To Transfer (R2T).......................................67 227 2.17.1 Desired Data Transfer Length and Buffer Offset.............68 228 2.17.2 Target Transfer Tag........................................68 229 2.18 Asynchronous Message..........................................69 230 2.18.1 iSCSI Event................................................70 231 2.18.2 SCSI Event.................................................70 232 2.19 Third Party Commands..........................................71 233 2.20 Reject........................................................72 234 2.20.1 Reason.....................................................72 235 2.20.2 First Bad Byte.............................................72 236 3. SCSI mode parameters for iSCSI....................................73 237 3.1 iSCSI Disconnect-Reconnect mode page...........................73 238 3.1.1 Enable Modify Data Pointers bit.............................73 239 3.1.2 Maximum Burst Size field (16 bit)...........................73 240 3.1.3 First Burst Size field (16 bit).............................73 241 3.1.4 Other fields................................................73 242 3.2 iSCSI Logical Unit Control mode page...........................73 243 3.2.1 Protocol Identifier.........................................73 244 3.2.2 Enable CmdRN................................................73 246 Satran, J. Standards-Track, Expire October 2001 6 247 iSCSI February 23, 2001 249 3.3 iSCSI Port Control mode page...................................74 250 4. Login phase.......................................................75 251 4.1 Login phase start..............................................76 252 4.2 iSCSI Security and Integrity negotiation.......................77 253 4.3 Operational parameter negotiation during the login phase.......78 254 5. Operational parameter negotiation outside the login phase.........80 255 6. iSCSI Error Handling and Recovery.................................81 256 6.1 Format errors..................................................81 257 6.2 Digest errors..................................................81 258 6.3 Sequence errors................................................82 259 6.4 Protocol Errors................................................82 260 6.5 Connection failure.............................................82 261 6.6 Session Errors.................................................83 262 6.7 Recovery levels................................................83 263 6.7.1 Recovery within-task........................................83 264 6.7.1.1 Recovery within-connection...............................84 265 6.7.1.2 Recovery within-session..................................85 266 6.7.1.3 Session Recovery.........................................86 267 7. Notes to Implementers.............................................87 268 7.1 Multiple Network Adapters......................................87 269 7.2 Autosense and Auto Contingent Allegiance (ACA).................87 270 8. Security Considerations...........................................88 271 8.1 iSCSI Security Protection Modes................................88 272 8.1.1 No Security.................................................88 273 8.1.2 Initiator-Target Authentication.............................88 274 8.1.3 Data Integrity and Authentication...........................88 275 8.1.4 Encryption..................................................89 276 9. IANA Considerations...............................................90 277 10. References and Bibliography......................................91 278 11. Author's Addresses...............................................93 279 Appendix A. iSCSI Security and Integrity.............................95 280 01 Security keys and values........................................95 281 02 Authentication..................................................97 282 03 Login Phase examples............................................98 283 Appendix B. Examples................................................102 284 04 Read operation example.........................................102 285 05 Write operation example........................................103 286 Appendix C. Synch and Steering with Fixed Interval Markers..........104 287 06 Markers At Fixed Intervals.....................................105 288 07 Initial marker-less interval...................................105 289 Appendix D. Login/Text miscellaneous keys...........................106 290 08 MaxConnections.................................................106 291 09 TargetWWUI.....................................................106 292 10 InitiatorWWUI..................................................106 293 11 TargetAlias....................................................107 294 12 InitiatorAlias.................................................107 296 Satran, J. Standards-Track, Expire October 2001 7 297 iSCSI February 23, 2001 299 13 TargetAddress..................................................108 300 14 AccessID.......................................................108 301 15 FMarker........................................................108 302 16 RFMarkInt......................................................108 303 17 SFMarkInt......................................................109 304 18 IFMarkInt......................................................109 305 19 UseR2T.........................................................109 306 20 BidiUseR2T.....................................................110 307 21 ImmediateData..................................................110 308 22 DataPDULength..................................................110 309 23 FirstBurstSize.................................................110 310 24 ITagLength.....................................................111 311 25 EnableCmdRN....................................................111 312 26 PingMaxReplyLength.............................................111 313 27 TotalText......................................................111 314 28 KeyValueText...................................................112 315 29 MaxOutstandingR2T..............................................112 316 30 InDataOrder....................................................112 317 31 BootSession....................................................112 318 32 The Glen-Turner vendor specific key format.....................113 319 Full Copyright Statement............................................114 321 Satran, J. Standards-Track, Expire October 2001 8 322 iSCSI February 23, 2001 324 1. Overview 326 1.1 SCSI Concepts 328 The SCSI Architecture Model-2 [SAM2] describes in detail the 329 architecture of the SCSI family of I/O protocols. This section 330 provides a brief background to situate readers in the vocabulary of 331 the SCSI architecture. 333 At the highest level, SCSI is a family of interfaces for requesting 334 services from I/O devices, including hard drives, tape drives, CD and 335 DVD drives, printers, and scanners. In SCSI parlance, an individual 336 I/O device is called a "logical unit" (LU). 338 SCSI is client-server architecture. Clients of a SCSI interface are 339 called "initiators". Initiators issue SCSI "commands" to request 340 service from a logical unit. The "device server" on the logical unit 341 accepts SCSI commands and executes them. 343 A "SCSI transport" maps the client-server SCSI protocol to a specific 344 interconnect. Initiators are one endpoint of a SCSI transport. The 345 "target" is the other endpoint. A target can have multiple Logical 346 Units (LUs) behind it. Each logical unit has an address within a 347 target called a Logical Unit Number (LUN). 349 A SCSI task is a SCSI command or possibly a linked set of SCSI 350 commands. Some LUs support multiple pending (queued) tasks. The queue 351 of tasks is managed by the target, though. The target uses an 352 initiator provided "task tag" to distinguish between tasks. Only one 353 command in a task can be outstanding at any given time. 355 Each SCSI command results in an optional data phase and a required 356 response phase. In the data phase, information can travel from the 357 initiator to target (e.g. WRITE), target to initiator (e.g. READ), or 358 in both directions. In the response phase, the target returns the 359 final status of the operation, including any errors. A response 360 terminates a SCSI command. For performance reasons iSCSI allows a 361 "phase-collapse" - e.g., command and its associated data may be 362 shipped together from initiator to target and data and responses may 363 be shipped together from targets. 365 Command Descriptor Blocks (CDB) is the data structure used to contain 366 the command parameters to be handed by an initiator to a target. The 367 CDB content and structure is defined by [SAM] and device-type 368 specific SCSI standards. 370 Satran, J. Standards-Track, Expire October 2001 9 371 iSCSI February 23, 2001 373 1.2 iSCSI Concepts & Functional Overview 375 The iSCSI protocol is a mapping of the SCSI remote procedure 376 invocation model on top of the TCP protocol. 378 In keeping with similar protocols, the initiator and target divide 379 their communications into messages. This document will use the term 380 "iSCSI protocol data unit" (iSCSI PDU) for these messages. 382 iSCSI transfer direction is defined with regard to the initiator. 383 Outbound or outgoing transfers are transfers from initiator to target 384 while inbound or incoming transfers are from target to initiator. 386 An iSCSI task is an iSCSI request for which a response is expected. 388 1.2.1 Layers & Sessions 390 The following conceptual layering model is used in this document to 391 specify initiator and target actions and how those relate to 392 transmitted and received Protocol Data Units: 394 -the SCSI layer builds/receives SCSI CDBs (Command Descriptor 395 Blocks) and relays/receives them with the remaining command 396 execute parameters (cf. SAM-2) to/from the 397 -the iSCSI layer that builds/receives iSCSI PDUs and 398 relays/receives them to/from - one or more TCP connections that 399 form an initiator-target "session". 401 Communication between initiator and target occurs over one or more 402 TCP connections. The TCP connections carry control messages, SCSI 403 commands, parameters and data within iSCSI Protocol Data Units (iSCSI 404 PDUs). The group of TCP connections linking an initiator with a 405 target form a session (loosely equivalent to a SCSI I-T nexus). A 406 session is defined by a session ID (composed of an initiator part and 407 a target part). TCP connections can be added and removed from a 408 session. Connections within a session are identified by a connection 409 ID (CID). 411 Across all connections within a session, an initiator will see one 412 "target image". All target identifying elements, like LUN are the 413 same. In addition, across all connections within a session a target 414 will see one "initiator image". Initiator identifying elements like 415 Initiator Task Tag can be used to identify the same entity regardless 416 of the connection on which they are sent or received. 418 iSCSI targets and initiators MUST support at least one TCP connection 419 and MAY support several connections in a session. 421 Satran, J. Standards-Track, Expire October 2001 10 422 iSCSI February 23, 2001 424 1.2.2 Ordering and iSCSI numbering 426 iSCSI uses Command and Status numbering schemes and a Data sequencing 427 scheme. 429 Command numbering is session wide and is used for ordered command 430 delivery over multiple connections. It can also be used as a 431 mechanism for command flow control over a session. 433 Status numbering is per connection and is used to enable recovery 434 in case of connection failure. 436 Data sequencing is per command or part of it (R2T triggered sequence) 437 and is used to detect missing data packets due to header digest 438 errors. 440 Normally, fields in the iSCSI PDUs communicate the Sequence Numbers 441 between the initiator and target. During periods when traffic on a 442 connection is unidirectional, iSCSI NOP-message PDUs may be utilized 443 to synchronize the command and status ordering counters of the target 444 and initiator. 446 1.2.2.1 Command numbering and acknowledging 448 iSCSI supports ordered command delivery within a session. All 449 commands (initiator-to-target) are numbered. 451 Any SCSI activity is related to a task (SAM-2). The task is 452 identified by the Initiator Task Tag for the life of the task. 454 Commands in transit from the initiator SCSI layer to the SCSI target 455 layer are numbered by iSCSI and the number is carried by the iSCSI 456 PDU as CmdSN (Command-Sequence-Number). The numbering is session- 457 wide. All iSCSI PDUs that have a task association carry this number. 458 CmdSNs are allocated by the initiator iSCSI within a 32 bit unsigned 459 counter (modulo 2**32). The value 0 is reserved and used to mean 460 immediate delivery. Comparisons and arithmetic on CmdSN SHOULD use 461 Serial Number Arithmetic as defined in [RFC1982] where SERIAL_BITS = 462 32. 464 The means by which the SCSI layer may request immediate delivery for 465 a command or by which iSCSI will decide by itself to mark a PDU for 466 immediate delivery are outside the scope of this document. 468 Using immediate delivery with some commands may have unexpected side 469 effects. If used with Task Management commands those may get to the 471 Satran, J. Standards-Track, Expire October 2001 11 472 iSCSI February 23, 2001 474 SCSI task manager at the target before the tasks they where suppose 475 to act upon. 476 Whenever those effects are undesirable connection allegiance or 477 ordered delivery MAY be used. 479 CmdSNs are significant only during command delivery to the target. 480 Once the device serving part of the target SCSI has received a 481 command, CmdSN ceases to be significant. During command delivery to 482 the target, the allocated numbers are unique session wide. 484 The iSCSI target layer MUST deliver the commands to the SCSI target 485 layer in the order specified by CmdSN. 487 The initiator and target are assumed to have three counters that 488 define the numbering mechanism 489 - CmdSN - the current command Sequence Number advanced by 1 on 490 each command shipped 491 - ExpCmdSN - the next expected command by the target - 492 acknowledges all commands up to it 493 - MaxCmdSN - the maximum number to be shipped - MaxCmdSN - 494 ExpCmdSN defines the queuing capacity of the receiving iSCSI 495 layer. 497 The target MUST NOT transmit a MaxCmdSN that is more than 2**31 - 1 498 above the last ExpCmdSN. CmdSN can take any value from ExpCmdSN to 499 MaxCmdSN except 0. The target MUST silently ignore any command 500 outside this range or duplicates within the range not flagged with 501 the retry bit (the X bit in the opcode). 503 iSCSI initiators and target MUST support the command numbering 504 scheme. 506 1.2.2.2 Response/Status numbering and acknowledging 508 Responses in transit from the target to the initiator are numbered. 509 The StatSN (Status Sequence Number) is used for this purpose. StatSN 510 is a counter maintained per connection. ExpStatSN is used by the 511 initiator to acknowledge status. 513 Status numbering starts after Login. During login, there is always 514 only one outstanding command per connection and status numbering is 515 not needed. 516 The login response includes an initial value for status numbering. 518 Satran, J. Standards-Track, Expire October 2001 12 519 iSCSI February 23, 2001 521 To enable command recovery the target MAY maintain enough state to 522 enable data and status recovery after a connection failure. 523 A target can discard all the state information maintained for 524 recovery after the status delivery is acknowledged through ExpStatSN. 525 A large difference between StatSN and ExpStatSN may indicate a failed 526 connection. 528 Initiators and Targets MUST support the response-numbering scheme. 530 1.2.2.3 Data Sequencing 532 Data PDUs that are transferred as part of some command execution MUST 533 be sequenced. The DataSN field is used for data sequencing. For input 534 (read) data PDUs DataSN will start with 0 for the first data PDU and 535 advance by 1 for each subsequent data PDU. For output data, PDUs 536 DataSN will start with 0 for the first data PDU of a sequence (the 537 initial unsolicited sequence or any data PDU sequence issued to 538 satisfy a R2T) and advance by 1 for each subsequent data PDU. Unlike 539 command and status the data PDUs are not acknowledged except as 540 implied by status. The DataSN field is meant to enable the initiator 541 to detect missing data PDUs and simplify this operation at the 542 target. 0x'ffffffff' is not a valid DataSN and MUST be skipped when 543 counting (serial arithmetic). 545 1.2.3 iSCSI Login 547 The purpose of iSCSI login is to enable a TCP connection for iSCSI 548 use, authenticate the parties, negotiate the session's parameters, 549 open a security association protocol and mark the connection as 550 belonging to an iSCSI session. 552 A session is used to identify to a target all the connections with a 553 given initiator that belong to the same I_T nexus. If an initiator 554 and target are connected through more than one session, each of the 555 initiator and target perceives the other as a different entity on 556 each session (a different I_T nexus in SAM-2 parlance). 558 The targets listen on a well-known TCP port for incoming connections. 559 The initiator begins the login process by connecting to that well- 560 known TCP port. 562 As part of the login process, the initiator and target MAY wish to 563 authenticate each other and set a security association protocol for 564 the session. This can occur in many different ways and is subject to 565 negotiation. 567 Satran, J. Standards-Track, Expire October 2001 13 568 iSCSI February 23, 2001 570 Negotiation and security associations executed before the Login 571 Command are outside the scope of this document although they might 572 realize a related function (e.g., establish a IPsec tunnel). 574 The Login Command starts the iSCSI Login Phase. Within the Login 575 Phase, negotiation is carried on through parameters of the Login 576 Command and Response and optionally through intervening Text Commands 577 and Responses. The Login Response concludes the Login Phase. Once 578 suitable authentication has occurred, the target MAY authorize the 579 initiator to send SCSI commands. How the target chooses to authorize 580 an initiator is beyond the scope of this document. The target 581 indicates a successful authentication and authorization by sending a 582 login response with "login accept". Otherwise, it sends a response 583 with a "login reject", indicating a session is not established. 585 It is expected that iSCSI parameters will be negotiated after the 586 security association protocol is established, if there is a security 587 association. 589 The login message includes a session ID - composed with an initiator 590 part ISID and a target part TSID. For a new session, the TSID is 591 null. As part of the response, the target will generate a TSID. 592 Session specific parameters can be specified only for the first login 593 of a session (TSID null)(e.g., the maximum number of connections that 594 can be used for this session). Connection specific parameters (if 595 any) can be specified for any login. Thus, a session is operational 596 once it has at least one connection. 598 Any message except login and text sent on a TCP connection before 599 this connection gets into full feature phase at the initiator SHOULD 600 be ignored by the initiator. Any message except login and text 601 reaching a target on a TCP connection before the full feature phase 602 MUST be silently ignored by the target. 604 1.2.4 Text mode negotiation 606 During login and thereafter some session or connection parameters are 607 negotiated through an exchange of textual information. 609 In "list" negotiation, the offering party will send a list of values 610 for a key in its order of preference. 612 The responding party will answer with a value from the list. 614 Satran, J. Standards-Track, Expire October 2001 14 615 iSCSI February 23, 2001 617 The value "none" MUST always be used to indicate a missing function. 618 However, none is a valid selection only if it was explicitly offered 619 and it MAY be selected by omission (i.e. =none MAY be omitted). 621 The general format is: 623 Offer-> =,,..., 624 Answer-> = 626 In "numerical" negotiations, the offering and responding party state 627 a numerical value. The result of the negotiation is key dependent 628 (usually the lower or the higher of the two values). 630 1.2.5 iSCSI Full Feature Phase 632 Once the initiator is authorized to do so, the iSCSI session is in 633 iSCSI full feature phase. The initiator may send SCSI commands and 634 data to the various LUs on the target by wrapping them in iSCSI 635 messages that go over the established iSCSI session. 637 For SCSI commands that require data and/or parameter transfer, the 638 (optional) data and the status for a command must be sent over the 639 same TCP connection that was used to deliver the SCSI command (we 640 call this "connection allegiance"). Thus if an initiator issues a 641 READ command, the target must send the requested data, if any, 642 followed by the status to the initiator over the same TCP connection 643 that was used to deliver the SCSI command. If an initiator issues a 644 WRITE command, the initiator must send the data, if any, for that 645 command and the target MUST return R2T, if any, and the status over 646 the same TCP connection that was used to deliver the SCSI command. 648 However consecutive commands that are part of a SCSI linked commands 649 task MAY use different connections - connection allegiance is 650 strictly per-command and not per-task. During iSCSI Full Feature 651 Phase, the initiator and target MAY interleave unrelated SCSI 652 commands, their SCSI Data and responses, over the session. 654 Outgoing SCSI data (initiator to target - user data or command 655 parameters) will be sent as either solicited data or unsolicited 656 data. Solicited data are sent in response to Ready To Transfer (R2T) 657 PDUs. Unsolicited data can be sent as part of an iSCSI command PDU 658 ("immediate data") or in separate iSCSI data PDUs. An initiator may 659 send unsolicited data either as immediate (up to the negotiated 660 maximum PDU size - DataPDULength - disconnect-reconnect mode page) or 661 in a separate PDU sequence (up to the negotiated limit - 662 FirstBurstSize - disconnect-reconnect mode page). All subsequent data 663 have to be solicited. The maximum size of an individual data PDU or 665 Satran, J. Standards-Track, Expire October 2001 15 666 iSCSI February 23, 2001 668 the immediate-part of the initial unsolicited burst as well as the 669 initial burst size MAY be negotiated at login. 671 Targets operate in either solicited (R2T) data mode or unsolicited 672 (non R2T) data mode. A target MAY separately enable immediate data 673 without enabling the more general (separate data PDUs) form of 674 unsolicited data. 676 An initiator MUST always honor an R2T data request for a valid 677 outstanding command (i.e., carrying a valid Initiator Task Tag) and 678 provided the command is supposed to deliver outgoing data and the R2T 679 specifies data within the command bounds. 681 It is considered an error for an initiator to send unsolicited data 682 PDUs to a target operating in R2T mode (only solicited data). It is 683 also an error for an initiator to send more data, whether immediate 684 or as separate PDUs, than the SCSI limit for initial burst. An 685 initiator MAY request, at login, to send data blocks and an initial 686 burst of any size; in this case the target MUST indicate the size of 687 the initial burst and of the immediate and data blocks, it is ready 688 to accept. The agreed upon limits for the initial burst as well as 689 the maximum data PDU will be recorded (and are retrievable from) the 690 disconnect-reconnect mode page. 692 A target SHOULD NOT silently discard data and request retransmission 693 through R2T. Initiators MUST NOT perform any score boarding for data 694 and the residual count calculation is to be performed by the targets. 695 Incoming data is always implicitly solicited. SCSI Data packets are 696 matched to their corresponding SCSI commands by using Tags that are 697 specified in the protocol. 699 Initiator tags for pending commands are unique initiator-wide for a 700 session. Target tags are not strictly specified by the protocol - it 701 is assumed that those will be used by the target to tag (alone or in 702 combination with the LUN) the solicited data. Target tags are 703 generated by the target and "echoed" by the initiator. The above 704 mechanisms are designed to accomplish efficient data delivery and a 705 large degree of control over the data flow. 707 iSCSI initiators and targets MUST also enforce some ordering rules to 708 achieve deadlock-free operation. Unsolicited data MUST be sent on 709 every connection in the same order in which commands were sent. If 710 the amount of data exceeds the amount allowed for unsolicited write 711 data, the specific connection MUST be stalled - i.e., no more 712 unsolicited data will be sent on this connection until the specific 713 command has finished sending all its data and has received a 715 Satran, J. Standards-Track, Expire October 2001 16 716 iSCSI February 23, 2001 718 response. However, new commands as well as solicited data can be 719 sent on the stalled connection. A target receiving data out of order 720 or observing a connection violating the above rules SHOULD terminate 721 the session. 723 Each iSCSI session to a target is treated as if it originated from a 724 different and logically independent initiator. 726 1.2.6 iSCSI Connection Termination 728 Connection termination is assumed an exceptional event. 729 Graceful TCP connection shutdowns are done by sending TCP FINs. 730 Graceful connection shutdowns MUST only occur when there are no 731 outstanding tasks that have allegiance to the connection. A target 732 SHOULD respond rapidly to a FIN from the initiator by closing it's 733 half of the connection after waiting for all outstanding tasks that 734 have allegiance to the connection to conclude and send their status. 735 Connection termination with outstanding tasks may require recovery 736 actions. 738 Connection termination is also required as prelude to recovery. By 739 terminating a connection before starting recovery, initiator and 740 target can avoid having stale PDUs being received after recovery. In 741 this case, the initiator will send a LOGOUT request on any of the 742 operational connections of a session indicating what connection 743 should be terminated. 745 LOGOUT can also be issued by an initiator at the explicit request of 746 a target (through an Asynchronous Event PDU). 748 1.2.7 Naming and addressing 750 This section provides a summary of the naming and addressing 751 mechanisms used in iSCSI. More details are provided in a separate 752 document [NDT]. 754 All iSCSI initiators and targets are named. Each target or initiator 755 is known by a World-Wide Unique Identifier (WWUI). The WWUI is 756 independent of the location of the initiator and target, and various 757 formats are provided for naming authorities to use when generating 758 them. A special format of the ubiquitous internet domain name can be 759 used as a name; it is important not to confuse this with an address. 760 The WWUI is a UTF-8 text string, and its structure is defined in 761 [NDT]. 763 WWUIs are used in iSCSI to: 765 Satran, J. Standards-Track, Expire October 2001 17 766 iSCSI February 23, 2001 768 - Provide a target identifier for configurations that present 769 multiple targets behind a single IP address and port. 770 - Provide a method to recognize multiple paths to the same 771 device on different IP addresses and ports. 772 - Provide a symbolic address for source and destination targets 773 for use in third party commands. 774 - Provide an identifier for initiators and targets to enable 775 them to recognize each other regardless of IP address and 776 port 777 mapping on intermediary firewalls. 779 The initiator MUST present both its initiator WWUI and the target 780 WWUI to which it wishes to connect during the login phase. 782 A target MAY also provide a canonical WWUI called "iSCSI". This is 783 not a globally unique name. An initiator can log into this canonical 784 target WWUI, and use a text command called "SendTargets" to retrieve 785 a list of WWUIs that exist at that address. 787 To iSCSI the WWUI is an opaque object. 789 Beside names, iSCSI targets also have addresses. An iSCSI address 790 specifies a single path to an iSCSI target. The WWUI is part of the 791 address. An iSCSI address is given in an URL-like form, such as: 793 [:]/ 795 Where is one of: 797 - IPv4 address, in dotted decimal notation. Assumed if the 798 name contains exactly four numbers, separated by dots (.), 799 where each number is in the range 0..255. 800 - IPv6 address, in dotted decimal notation. Assumed if the 801 name contains more than four, but at most 16 numbers, separated 802 by dots (.), where each number is in the range 0..255. 803 - Fully Qualified Domain Name (FQDN - host name). Assumed if 804 the is neither an IPv4 nor an IPv6 address. 806 and is the WWUI of the target being addressed. 808 The in the address is optional; it specifies the TCP port 809 on which the target is listening for connections. If is not 810 specified, the well-known iSCSI target port is assumed. 812 Satran, J. Standards-Track, Expire October 2001 18 813 iSCSI February 23, 2001 815 The iSCSI address, or URL, is not generally used within normal 816 connections between iSCSI initiators and targets; it is primarily 817 used during discovery. Details are specified in [NDT]. 819 Examples of Worldwide Unique Identifiers: 821 com.disk-vendor.diskarrays.sn.45678 822 com.gateways.yourtargets.24 823 com.os-vendor.plan9.cdrom.12345 824 com.service-provider.users.customer235.host90 826 Examples of IPv4 addresses/names: 828 10.0.0.1/com.disk-vendor.diskarrays.sn.45678 829 10.0.0.2/iscsi 831 Examples of IPv6 addresses/names: 833 12.5.7.10.0.0.1/com.gateways.yourtargets.24 834 12.5.6.10.0.0.2/iscsi 836 For management/support tools, as well as naming services, that use a 837 text prefix to express the protocol intended (as in http:// or 838 ftp://) the following form MAY be used: 840 iSCSI://[:port][/wwui] 842 Examples: 844 iSCSI://diskfarm1.acme.com/iscsi 845 iSCSI://computingcenter.acme.com/com.disk- 846 vendor.diskarrays.sn.45678 847 iSCSI://computingcenter.acme.com:4002/com.gateways.yourtargets. 848 24 850 To provide a friendlier (to the humans!) user interface for devices 851 containing iSCSI targets and initiators, a target or initiator may 852 also provide an alias. This alias is a simple UTF-8 string, is not 853 globally unique, and is never interpreted or used to identify an 854 initiator or device within the iSCSI protocol. Its use is described 855 in [NDT]. 857 When a target has to act as an initiator for a third party command, 858 it MAY use the initiator WWUI it learned during login as required by 859 the authentication mechanism to the third party. 861 Satran, J. Standards-Track, Expire October 2001 19 862 iSCSI February 23, 2001 864 To address targets and logical units within a target, SCSI uses a 865 fixed length (8 bytes) uniform addressing scheme; in this document, 866 we call those addresses SCSI reference addresses (SRA). 868 To provide the target with the protocol specific addresses iSCSI 869 relies on the SCSI aliasing mechanism (work in progress in T10). The 870 aliasing support enables an initiator to associate protocol specific 871 addresses with SRAs; the later can be used in subsequent commands. 873 For iSCSI, a protocol specific address is a TCP address and a WWUI. 875 An initiator may use one of a few techniques to configure and/or 876 discover the target WWUIs to which it has access, along with their 877 addresses. These techniques are discussed fully in [NDT]. 879 1.2.8 Message Synchronization and Steering 881 1.2.8.1 Rationale 883 iSCSI presents a mapping of the SCSI protocol onto TCP. This 884 encapsulation is accomplished by sending iSCSI PDUs that are of 885 varying length. Unfortunately, TCP does not have a built-in mechanism 886 for signaling message boundaries at the TCP layer. iSCSI overcomes 887 this obstacle by placing the message length in the iSCSI message 888 header. This serves to delineate the end of the current message as 889 well as the beginning of the next message. 891 In situations where IP packets are delivered in-order from the 892 network, iSCSI message framing is not an issue (messages are 893 processed one after the other). In the presence of IP packet 894 reordering (e.g. frames being dropped), legacy TCP implementations 895 store the "out of order" TCP segments in temporary buffers until the 896 missing TCP segments arrive, upon which the data must be copied to 897 the application buffers. In iSCSI it is desirable to steer the SCSI 898 data within these out of order TCP segments into the pre-allocated 899 SCSI buffers rather than store them in temporary buffers. This 900 decreases the need for dedicated reassembly buffers as well as the 901 latency and bandwidth related to extra copies. 903 Unfortunately, when relying solely on the "message length in the 904 iSCSI message" scheme to delineate iSCSI messages, a missing TCP 905 segment that contains an iSCSI message header (with the message 906 length) makes it impossible to find message boundaries in subsequent 907 TCP segments. The missing TCP segment(s) must be received before any 908 of the following segments can be steered to the correct SCSI buffers 909 (due to the inability to determine the iSCSI message boundaries). 910 Since these segments cannot be steered to the correct location, they 912 Satran, J. Standards-Track, Expire October 2001 20 913 iSCSI February 23, 2001 915 must be saved in temporary buffers that must then be copied to the 916 SCSI buffers. 918 Different schemes can be used to recover synchronization (one of them 919 is detailed in an Appendix). To make those schemes work iSCSI 920 implementations have to make sure that the appropriate protocol 921 layers are provided with enough information to implement a 922 synchronization and/or data steering mechanism. 924 1.2.8.2 Synch and Steering functional model 926 We assume that iSCSI is implemented according to the following 927 layering scheme: 929 +----------------------------------+ 930 | SCSI | 931 +----------------------------------+ 932 | iSCSI | 933 +----------------------------------+ 934 | Synch and Steering | 935 +----------------------------------+ 936 | TCP | 937 +----------------------------------+ 938 | Lower Functional Layers (LFL) | 939 +----------------------------------+ 940 | IP | 941 +----------------------------------+ 942 | Link | 943 +----------------------------------+ 945 In this model LFL can be IPsec (a mechanism changing the IP stream 946 and invisible to TCP). We assume that Synch and Steering operates 947 just underneath iSCSI. Please note that an implementation may choose 948 to place Synch and Steering somewhere else in the stack provided that 949 it can translate the information kept by iSCSI in terms valid for the 950 chosen layer. 952 According to our model of layering iSCSI considers the information it 953 delivers (headers and payloads) as a contiguous stream of bytes 954 mapped to the positive integers from 0 to infinity. For all practical 955 purposes iSCSI is not supposed to have to handle infinitely long 956 streams and the stream addressing scheme will wrap around at 2**32-1. 958 It is also assumed that iSCSI will deliver to the layers beneath any 959 PDU through an indivisible (atomic) operation. If a specific 960 implementation does PDU delivery to the Synch and Steering layer 962 Satran, J. Standards-Track, Expire October 2001 21 963 iSCSI February 23, 2001 965 through multiple operations it MUST bracket an operation set used to 966 deliver a single PDU in a manner understandable to the Synch and 967 Steering Layer. 969 The Synch and Steering Layer (that itself is OPTIONAL) MUST retain 970 for every delivered iSCSI PDU the PDU end address within the stream. 971 To enable the Synch and Steering operation to perform Steering some 972 additional information including identifying tags, and buffer offsets 973 MUST be retained as well for every sent PDU. Those will be required 974 to add to every sent data item (IP packet, TCP packet or some other 975 superstructure) enough information to enable the receiver to steer it 976 to a memory location independent of any other piece. 978 If the transmission stream is built dynamically this information will 979 be used to insert Synch and Steering information in the transmission 980 stream (at first transmission or at re-transmission) either trough a 981 globally accessible table or through a call-back mechanism. If the 982 transmission stream is built statically, the Synch and Steering 983 information is just inserted in the transmission stream. 985 The retained information can be released whenever the transmitted 986 data is acknowledged by the receiver (in case of dynamically built 987 streams by deletion from the global table or by an additional 988 callback). 990 On the outgoing path, the Synch and Steering layer MUST map the 991 outgoing stream addresses from iSCSI stream addresses to TCP stream 992 sequence numbers. 994 On the incoming path, the Synch and Steering layer will extract the 995 Synch & Steering information from the TCP stream and help deliver 996 (steer) the data stream into its final address and/or recover iSCSI 997 PDU boundaries when some TCP packets are lost or received out of 998 order. The data stream seen by the receiving iSCSI layer is 999 identical to the data stream that left the sending iSCSI layer. 1001 Satran, J. Standards-Track, Expire October 2001 22 1002 iSCSI February 23, 2001 1004 1.2.8.3 Synch and Steering and other encapsulation layers 1006 We recognize that in many environments a more appropriate layering 1007 model would be the following: 1009 +----------------------------------+ 1010 | SCSI | 1011 +----------------------------------+ 1012 | iSCSI | 1013 +----------------------------------+ 1014 | Upper Functional Layers (UFL) | 1015 +----------------------------------+ 1016 | Synch and Steering | 1017 +----------------------------------+ 1018 | TCP | 1019 +----------------------------------+ 1020 | Lower Functional Layers (LFL) | 1021 +----------------------------------+ 1022 | IP | 1023 +----------------------------------+ 1024 | Link | 1025 +----------------------------------+ 1027 In this model UFL can be TLS or some other transport conversion 1028 mechanism (a mechanism changing the TCP stream but transparent to 1029 iSCSI). 1031 To be effective and act on reception of TCP packets out of order 1032 Synch and Steering has to be underneath UFL and Synch and Steering 1033 data have to be left out of any UFL transformation (encryption, 1034 compression, padding etc.). However, Synch and Steering MUST take 1035 into account the additional data inserted in the stream by UFL. 1036 Synch and Steering MAY also restrict the type of transformations UFL 1037 may do on the stream. 1039 This makes implementation of Synch and Steering in the presence of 1040 otherwise opaque UFLs less attractive. 1042 1.2.8.4 Synch/Steering and iSCSI PDU Size 1044 When a large iSCSI message is sent, the TCP segment(s) containing the 1045 iSCSI header may be lost. The remaining TCP segment(s) up to the 1046 next iSCSI message need to be buffered (in temporary buffers), since 1047 the iSCSI header that indicates what SCSI buffers, the data is to be 1048 steered to was lost. To minimize the amount of buffering, it is 1050 Satran, J. Standards-Track, Expire October 2001 23 1051 iSCSI February 23, 2001 1053 recommended that the iSCSI PDU size be restricted to a small value 1054 (perhaps a few TCP segments in length). Each end of the iSCSI session 1055 specifies during login the maximum size of an iSCSI PDU it will 1056 accept. 1058 Satran, J. Standards-Track, Expire October 2001 24 1059 iSCSI February 23, 2001 1061 2. iSCSI PDU Formats 1063 All multi-byte integers specified in formats defined in this document 1064 are to be represented in network byte order (i.e., big endian). Any 1065 bits not defined MUST be set to zero. Any reserved fields and values 1066 MUST be 0 unless specified otherwise. 1068 2.1 iSCSI PDU length and padding 1070 iSCSI PDUs are padded to an integer number of 4 byte words. 1072 2.2 PDU Template, Header and Opcodes 1074 All iSCSI PDUs begin with one or more header segments followed by 0 1075 or 1 data segments. After the entire header segment group there MAY 1076 be a header-digest. The data segment MAY also be followed by a data- 1077 digest. 1079 The first segment - and in many cases the only segment - (Basic 1080 Header Segment or BHS) is a fixed-length 44-byte header segment. 1081 It may be followed by Additional Header Segments (AHS). Each segment 1082 is preceded by a 4 byte Next-Qualifier. Thus, when we have only a 1083 BHS (with no data or digests) the net size of the iSCSI PDU is 48 1084 bytes. 1086 The overall structure of a PDU is: 1088 Byte / 0 | 1 | 2 | 3 | 1089 / | | | | 1090 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1091 +---------------+---------------+---------------+---------------+ 1092 0| WN |WN specific fields | 1093 +---------------+---------------+---------------+---------------+ 1094 4/ BHS / 1095 +/ / 1096 +---------------+---------------+---------------+---------------+ 1097 48| WN |WN specific fields | 1098 +---------------+---------------+---------------+---------------+ 1099 52/ AHS / 1100 +/ / 1101 +---------------+---------------+---------------+---------------+ 1102 ---- 1103 +---------------+---------------+---------------+---------------+ 1104 m/ Header-Digest (optional) / 1105 +/ / 1107 Satran, J. Standards-Track, Expire October 2001 25 1108 iSCSI February 23, 2001 1110 +---------------+---------------+---------------+---------------+ 1111 n/ Data Segment(optional) / 1112 +/ / 1113 +---------------+---------------+---------------+---------------+ 1114 m/ Data-Digest (optional) / 1115 +/ / 1116 +---------------+---------------+---------------+---------------+ 1118 All PDU segments and digests are padded to an integer number of 4 1119 byte words. 1121 2.2.1 What's Next (WN) 1123 This is an encoded field indicating what is the next segment as 1124 follows: 1126 bit 7 - 0 Next is another header segment. 1127 bit 6-4 Next header type code 1128 0 Extended CDB 1129 1 Bi-directional read-data transfer header 1130 2 Long Data Header 1131 3,4,5,6,7 Reserved 1132 bit 7 - 1 Next is a data segment or no additional segment 1133 (empty data segment) 1134 bit 6-4 Reserved 1135 bit 3-2 Digest info for THIS segment 1136 0 No digest follows THIS segment 1137 1 A CRC-32Q digest follows THIS segment 1138 2,3 Reserved 1139 bit 1-0 Digest info for NEXT segment 1140 0 No digest follows NEXT segment 1141 1 A CRC-32Q digest follows NEXT segment 1142 2 A CRC-64 digest follows NEXT segment 1143 3 Reserved 1145 N.B. An empty data segment MUST NOT be followed by a digest. 1146 N.B. A digest MUST NOT follow a segment that is followed by another 1147 header segment in the same PDU (i.e., only the last header segment 1148 MAY be followed by a digest). 1150 2.2.2 WN specific fields 1152 These fields carry information specific to the next segment type. 1154 2.2.2.1 WN specific fields for a next Extended CDB header segment 1156 Byte / 0 | 1 | 2 | 3 | 1158 Satran, J. Standards-Track, Expire October 2001 26 1159 iSCSI February 23, 2001 1161 / | | | | 1162 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1163 +---------------+---------------+---------------+---------------+ 1164 0| WN | Reserved | AddCDB | 1165 +---------------+---------------+---------------+---------------+ 1167 Where AddCDB is the additional CDB length in units of 4 byte words 1168 beyond the first extension word (i.e., AddCDB 0 means a 20 byte CDB, 1169 1 a 24 byte etc.). 1171 2.2.2.2 WN specific fields for next Bi-directional read data header 1172 segment and Long Data Transfer Header 1174 Byte / 0 | 1 | 2 | 3 | 1175 / | | | | 1176 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1177 +---------------+---------------+---------------+---------------+ 1178 0| WN | Reserved | 1179 +---------------+---------------+---------------+---------------+ 1181 2.2.2.3 WN specific fields for next Data header segment 1183 Byte / 0 | 1 | 2 | 3 | 1184 / | | | | 1185 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1186 +---------------+---------------+---------------+---------------+ 1187 0| WN | Data Length or Reserved | 1188 +---------------+---------------+---------------+---------------+ 1190 Whenever this is the Next-Qualifier of a Long Data Header or a Long 1191 Data Header appeared earlier, in the sequence the data length field 1192 is ignored and the data length is taken from within this long-data- 1193 header (a 32 bit field). Else, the length field is the data length. 1194 Without a Long Data Header the maximum length of a data segment is 1195 16Mbytes. 1197 2.2.3 Header Digest and Data Digest 1199 Optional header and data digests protect the integrity and 1200 authenticity of header and data, respectively. The digests, if 1201 present, appear as trailers located, respectively, after the header 1202 and PDU-specific data. 1204 The digest types are negotiated during the login phase. 1206 Satran, J. Standards-Track, Expire October 2001 27 1207 iSCSI February 23, 2001 1209 The separation of the header and data digests is useful in iSCSI 1210 routing applications, where only the header changes when a message is 1211 forwarded. In this case, only the header digest should be re- 1212 calculated. 1214 2.2.4 Basic Header Segment (BHS) 1216 The Basic Header Segment is 44 bytes long. 1217 The field of Opcode appears in all iSCSI PDUs. In addition, the 1218 Initiator Task Tag, Logical Unit Number, and Flags fields, when used, 1219 always appear in the same location in the header. 1221 Byte / 0 | 1 | 2 | 3 | 1222 / | | | | 1223 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1224 +---------------+---------------+---------------+---------------+ 1225 0|X| Opcode |F| Opcode-specific fields | 1226 | |P| | 1227 +---------------+---------------+---------------+---------------+ 1228 4| LUN or Opcode-specific fields | 1229 + + 1230 8| | 1231 +---------------+---------------+---------------+---------------+ 1232 12| Initiator Task Tag or Opcode-specific fields | 1233 +---------------+---------------+---------------+---------------+ 1234 16/ Opcode-specific fields / 1235 +/ / 1236 +---------------+---------------+---------------+---------------+ 1237 44 1239 2.2.4.1 X 1241 The first bit of the Opcode is used as a Retry/Restart indicator 1243 2.2.4.2 Opcode 1245 The Opcode indicates what type of iSCSI PDU the header encapsulates. 1246 The Opcode is further encoded as follows: 1248 b6 Response 1249 b5-0 Operation 1251 Satran, J. Standards-Track, Expire October 2001 28 1252 iSCSI February 23, 2001 1254 The opcodes are divided into two categories: initiator opcodes and 1255 target opcodes. Initiator opcodes are in PDUs sent by the initiators, 1256 and target opcodes are in PDUs sent by the target. The initiator MUST 1257 NOT send target opcodes and the target MUST NOT send initiator 1258 opcodes. Target opcodes are also called responses and are 1259 distinguished by having the Response bit (bit 6) set to 1. 1261 Valid initiator opcodes defined in this specification are: 1263 0x00 NOP-Out (from initiator to target) 1264 0x01 SCSI Command (encapsulates a SCSI Command Descriptor 1265 Block) 1266 0x02 SCSI Task Management Command 1267 0x03 Login Command 1268 0x04 Text Command 1269 0x05 SCSI Data (for WRITE operation) 1270 0x06 Logout Command 1271 0x10 SACK Request 1273 Valid target opcodes are: 1275 0x40 NOP-In (from target to initiator) 1276 0x41 SCSI Response (contains SCSI status and possibly sense 1277 information or other response information) 1278 0x42 SCSI Task Management Response 1279 0x43 Login Response 1280 0x44 Text Response 1281 0x45 SCSI Data (for READ operation) 1282 0x46 Logout Response 1283 0x50 Ready To Transfer (R2T - sent by target to initiator when 1284 it is ready to receive data from initiator) 1285 0x51 Asynchronous Message (sent by target to initiator to 1286 indicate certain special conditions) 1287 0x6f Reject 1289 Initiator opcodes 0x30-0x3f and target opcodes 0x70-0x7f are vendor 1290 specific codes. 1292 2.2.4.3 Opcode-specific fields 1294 These fields have different meanings for different messages. 1296 Satran, J. Standards-Track, Expire October 2001 29 1297 iSCSI February 23, 2001 1299 Bit 7 of the second byte is used as a Poll/Final bit (P/F bit) for 1300 some iSCSI PDUs and must be 0 in all other iSCSI PDUs. When used as 1301 a Poll bit it indicates that an answer is required. When used as a 1302 Final bit it indicates a Final PDU in a logical sequence (e.g., the 1303 last Data PDU of unsolicited or solicited data PDU sequence or the 1304 perceived final Request/Response of the Login Phase). 1306 2.2.4.4 LUN 1308 Some opcodes operate on a specific Logical Unit. The Logical Unit 1309 Number (LUN) field identifies which Logical Unit. If the opcode does 1310 not relate to a Logical Unit, this field either is ignored or may be 1311 used for some other purpose. The LUN field is 64-bits in accordance 1312 with [SAM2]. The exact format of this field can be found in the 1313 [SAM2] document. 1315 2.2.4.5 Initiator Task Tag 1317 The initiator assigns a Task Tag to each iSCSI task that it issues. 1318 While a task exists this tag MUST uniquely identify it session-wide. 1320 2.2.5 Extended CDB Additional Header Segment 1322 Byte / 0 | 1 | 2 | 3 | 1323 / | | | | 1324 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1325 +---------------+---------------+---------------+---------------+ 1326 0/ Extended CDB / 1327 +/ / 1328 +---------------+---------------+---------------+---------------+ 1330 2.2.6 Bi-directional Read Additional Header Segment 1332 Byte / 0 | 1 | 2 | 3 | 1333 / | | | | 1334 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1335 +---------------+---------------+---------------+---------------+ 1336 0| Bi-directional Read Expected Data Length | 1337 +---------------+---------------+---------------+---------------+ 1339 Satran, J. Standards-Track, Expire October 2001 30 1340 iSCSI February 23, 2001 1342 2.2.7 Long Data Additional Header Segment 1344 Byte / 0 | 1 | 2 | 3 | 1345 / | | | | 1346 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1347 +---------------+---------------+---------------+---------------+ 1348 0| Data Length | 1349 +---------------+---------------+---------------+---------------+ 1351 Satran, J. Standards-Track, Expire October 2001 31 1352 iSCSI February 23, 2001 1354 2.3 SCSI Command 1356 Byte / 0 | 1 | 2 | 3 | 1357 / | | | | 1358 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1359 +---------------+---------------+---------------+---------------+ 1360 0|X| 0x01 |F|R|W|0 0|ATTR | Reserved | CmdRN or Rsvd | 1361 +---------------+---------------+---------------+---------------+ 1362 4| Logical Unit Number (LUN) | 1363 + + 1364 8| | 1365 +---------------+---------------+---------------+---------------+ 1366 12| Initiator Task Tag | 1367 +---------------+---------------+---------------+---------------+ 1368 16| Expected Data Transfer Length | 1369 +---------------+---------------+---------------+---------------+ 1370 20| CmdSN | 1371 +---------------+---------------+---------------+---------------+ 1372 24| ExpStatSN or EndDataSN | 1373 +---------------+---------------+---------------+---------------+ 1374 28/ SCSI Command Descriptor Block (CDB) / 1375 +/ / 1376 +---------------+---------------+---------------+---------------+ 1377 44 1379 2.3.1 Flags & Task Attributes 1381 The flags field for a SCSI Command is: 1383 b7 (F) set to 1 when the immediate data that accompany the 1384 command are all the data associated with this command 1385 b6 (R) set to 1 when input data is expected 1386 b5 (W) set to 1 when output data is expected 1387 b3-4 Reserved (MUST be 0) 1388 b0-2 used to indicate Task Attributes 1390 The Task Attributes (ATTR) can have one of the following integer 1391 values (see [SAM2] for details): 1393 0 Untagged 1394 1 Simple 1395 2 Ordered 1396 3 Head of Queue 1397 4 ACA 1399 Satran, J. Standards-Track, Expire October 2001 32 1400 iSCSI February 23, 2001 1402 2.3.2 CmdRN 1404 SCSI command reference number - if present in the SCSI execute 1405 arguments 1407 2.3.3 CmdSN - Command Sequence Number 1409 Enables ordered delivery across multiple connections in a single 1410 session. 1412 2.3.4 ExpStatSN/EndDataSN - Expected Status Sequence Number 1414 Command responses up to ExpStatSN-1 (mod 2**32) have been received 1415 (acknowledges status) on the connection. If the command is a retry 1416 (the X bit is 1) this field will contain the last input DataSN number 1417 seen by the initiator for this command in a previous execution or 1418 0x'ffffffff'. 1420 2.3.5 Expected Data Transfer Length 1422 For unidirectional operations, the Expected Data Transfer Length 1423 field states the number of bytes of data involved in this SCSI 1424 operation. For a WRITE (W flag set to 1 and R flag set to 0) 1425 operation, the initiator uses this field to specify the number of 1426 bytes of data it expects to transfer for this operation. For a READ 1427 (W flag set to 0 and R flag set to 1) operation, the initiator uses 1428 this field to specify the number of bytes of data it expects the 1429 target to transfer to the initiator. It corresponds to the SAM-2 1430 byte count. 1432 If the Expected Data transfer Length for a WRITE and the length of 1433 immediate data part that follows the command (if any) are the same 1434 then no more data PDUs are expected to follow. In this case, the F 1435 bit MUST be set to 1. 1437 For bi-directional operations (both R and W flags are set to 1), this 1438 field states the number of data bytes involved in the outbound 1439 transfer. For bi-directional operations, an additional header segment 1440 MUST be present in the header sequence indicating the Expected Bi- 1441 directional Read Data Length. If this additional header segment is 1442 absent, the Expected Bi-directional Read Data Length is assumed 0. 1444 Upon completion of a data transfer, the target will inform the 1445 initiator of how many bytes were actually processed (sent or 1446 received) by the target. This will be done through residual counts. 1448 2.3.6 CDB - SCSI Command Descriptor Block 1450 Satran, J. Standards-Track, Expire October 2001 33 1451 iSCSI February 23, 2001 1453 There are 16 bytes in the CDB field to accommodate the commonly used 1454 CDB. Whenever larger CDBs are used, the CDB spillover MAY extend 1455 beyond the 48-byte header. 1457 2.3.7 Command-Data 1459 Some SCSI commands require additional parameter data to accompany the 1460 SCSI command. This data may be placed beyond the boundary of the 1461 iSCSI header (a data segment). Alternatively, user data (as from a 1462 WRITE operation) can be placed in the same PDU (both cases referred 1463 to as immediate data). Those data are governed by the general rules 1464 for solicited vs. unsolicited data. 1466 Satran, J. Standards-Track, Expire October 2001 34 1467 iSCSI February 23, 2001 1469 2.4 SCSI Response 1471 Byte / 0 | 1 | 2 | 3 | 1472 / | | | | 1473 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1474 +---------------+---------------+---------------+---------------+ 1475 0| 0x41 |Rsvd |S|o|u|O|U| Reserved (0) |Status/Response| 1476 +---------------+---------------+---------------+---------------+ 1477 4| Reserved (0) | 1478 + + 1479 8| | 1480 +---------------+---------------+---------------+---------------+ 1481 12| Initiator Task Tag | 1482 +---------------+---------------+---------------+---------------+ 1483 16| Basic Residual Count | 1484 +---------------+---------------+---------------+---------------+ 1485 20| StatSN | 1486 +---------------+---------------+---------------+---------------+ 1487 24| ExpCmdSN | 1488 +---------------+---------------+---------------+---------------+ 1489 28| MaxCmdSN | 1490 +---------------+---------------+---------------+---------------+ 1491 32| EndDataSN or Reserved (0) | 1492 +---------------+---------------+---------------+---------------+ 1493 36| SRLength | Reserved (0) | 1494 +---------------+---------------+---------------+---------------+ 1495 40| Bidi-Read Residual Count | 1496 +---------------+---------------+---------------+---------------+ 1497 44| Digests if any... | 1498 +---------------+---------------+---------------+---------------+ 1499 / Sense Data (optional) or Response Data / 1500 +/ / 1501 +---------------+---------------+---------------+---------------+ 1503 2.4.1 Byte 1 - Flags 1505 b0 (U) set for Residual Underflow. In this case, the Basic 1506 Residual Count indicates how many bytes were not transferred 1507 out of those expected to be transferred. 1508 b1 (O) set for Residual Overflow. In this case, the Basic 1509 Residual Count indicates how many bytes could not be 1510 transferred because the initiator's Expected Data Transfer 1511 Length was too small. 1512 b2 (u) same as b0 but for the read-part of a bi-directional 1513 operation 1515 Satran, J. Standards-Track, Expire October 2001 35 1516 iSCSI February 23, 2001 1518 b3 (o) same as b1 but for the read-part of a bi-directional 1519 operation 1520 b4 (S) Status-Response selector - if 1 the response contains 1521 a valid SCSI status else a valid iSCSI Response 1522 b5-7 Reserved 1524 Bits O and U are mutually exclusive and so are bits o and u. 1525 For a response (S=0) b0-b3 MUST be 0. 1527 2.4.2 Status/Response 1529 The Status field is used to report the SCSI status of the command (as 1530 specified in [SAM2]). The Response is used to report a Service 1531 Response. The exact mapping of the iSCSI response codes to SAM 1532 service response symbols is outside the scope of this document. 1534 If a SCSI device error is detected while data from the initiator are 1535 still expected (the command PDU did not contain all the data and the 1536 target has not received a Data PDU with the final bit Set) the target 1537 MUST wait until it receives the a Data PDU with the F bit set before 1538 sending the Response PDU. 1540 Valid iSCSI Response codes are: 1542 1 - Target Failure 1543 2 - Delivery Subsystem Failure 1544 3 - Unsolicited data rejected 1546 2.4.3 Basic Residual Count 1548 The Basic Residual Count field is valid only in case either the U bit 1549 or the O bit is set. If neither bit is set, the Basic Residual Count 1550 field SHOULD be zero. If the U bit is set, the Basic Residual Count 1551 indicates how many bytes were not transferred out of those expected 1552 to be transferred. If the O bit is set, the Basic Residual Count 1553 indicates how many bytes could not be transferred because the 1554 initiator's Expected Data Transfer Length was too small. 1556 2.4.4 Bidi-Read Residual Count 1558 The Bidi-Read Residual Count field is valid only in case either the u 1559 bit or the o bit is set. If neither bit is set, the Bidi-Read 1560 Residual Count field SHOULD be zero. If the u bit is set, the Bidi- 1561 Read Residual Count indicates how many bytes were not transferred to 1562 the initiator out of those expected to. If the o bit is set, the 1563 Bidi-Read Residual Count indicates how many bytes could not be 1565 Satran, J. Standards-Track, Expire October 2001 36 1566 iSCSI February 23, 2001 1568 transferred to the initiator because the initiator's Expected Bidi- 1569 Read Transfer Length was too small. 1571 2.4.5 SR-length 1573 This is the length of sense data or of the response. 1575 2.4.6 Sense or Response Data 1577 iSCSI targets MUST support and enable autosense. If the Command 1578 Status was CHECK CONDITION (0x02), then the Sense Data field will 1579 contain sense data for the failed command. 1581 For some iSCSI responses the response field MAY contain some response 1582 related information, e.g., for a target failure it may contain a 1583 (vendor specific) detailed description of the failure. 1585 2.4.7 EndDataSN 1587 One past the largest DataSN in an input (read) data PDU the target 1588 has sent for the command. 0 means no data PDUs where sent. 1590 2.4.8 StatSN - Status Sequence Number 1592 StatSN is a Sequence Number that the target iSCSI layer generates per 1593 connection and that in turn enables the initiator to acknowledge 1594 status reception. StatSN is incremented by 1 for every 1595 response/status sent on a connection except for responses sent as a 1596 result of a retry or SACK. For responses sent because of retry the 1597 StatSN used MUST be the same as the first time the PDU was sent 1598 unless the connection was restarted since then. 1600 2.4.9 ExpCmdSN - next expected CmdSN from this initiator 1602 ExpCmdSN is a Sequence Number that the target iSCSI returns to the 1603 initiator to acknowledge command reception. It is used to update a 1604 local counter with the same name. 1606 2.4.10 MaxCmdSN - maximum CmdSN acceptable from this initiator 1608 MaxCmdSN is a Sequence Number that the target iSCSI returns to the 1609 initiator to indicate the maximum CmdSN the initiator can send. It is 1610 used to update a local counter with the same name. 1612 MaxCmdSN and ExpCmdSN are processed as follows: 1614 Satran, J. Standards-Track, Expire October 2001 37 1615 iSCSI February 23, 2001 1617 -if the PDU MaxCmdSN is less than the PDU ExpCmdSN (in Serial 1618 Arithmetic Sense and with a difference bounded by 2**31-1), 1619 they are both ignored 1620 -if the PDU MaxCmdSN is less than the current MaxCmdSN (in 1621 Serial Arithmetic Sense and with a difference bounded by 2**31- 1622 1), it is ignored; else it updates MaxCmdSN 1623 -if the PDU ExpCmdSN is less than the current ExpCmdSN (in 1624 Serial Arithmetic Sense and with a difference bounded by 2**31- 1625 1), it is ignored; else it updates ExpCmdSN 1627 This sequence is required as updates may arrive out of order (they 1628 travel on different TCP connections). 1630 Satran, J. Standards-Track, Expire October 2001 38 1631 iSCSI February 23, 2001 1633 2.5 SCSI Task Management Command 1635 Byte / 0 | 1 | 2 | 3 | 1636 / | | | | 1637 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1638 +---------------+---------------+---------------+---------------+ 1639 0|X| 0x02 |0| Function | Reserved (0) | 1640 +---------------+---------------+---------------+---------------+ 1641 4| Logical Unit Number (LUN) or Reserved (0) | 1642 + + 1643 8| | 1644 +---------------+---------------+---------------+---------------+ 1645 12| Initiator Task Tag | 1646 +---------------+---------------+---------------+---------------+ 1647 16| Referenced Task Tag or Reserved (0) | 1648 +---------------+---------------+---------------+---------------+ 1649 20| CmdSN | 1650 +---------------+---------------+---------------+---------------+ 1651 24| ExpStatSN | 1652 +---------------+---------------+---------------+---------------+ 1653 28/ Reserved (0) / 1654 +/ / 1655 +---------------+---------------+---------------+---------------+ 1656 44 1658 2.5.1 Function 1660 The Task Management functions provide an initiator with a way to 1661 explicitly control the execution of one or more Tasks. The Task 1662 Management functions are summarized as follows (for a more detailed 1663 description see the [SAM2] document): 1665 1 Abort Task---aborts the task identified by the Referenced 1666 Task Tag field. 1667 2 Abort Task Set---aborts all Tasks issued by this initiator 1668 on the Logical Unit. 1669 3 Clear ACA---clears the Auto Contingent Allegiance 1670 condition. 1671 4 Clear Task Set---Aborts all Tasks (from all initiators) 1672 for the Logical Unit. 1673 5 Logical Unit Reset 1674 6 Target Warm Reset 1675 7 Target Cold Reset 1677 Satran, J. Standards-Track, Expire October 2001 39 1678 iSCSI February 23, 2001 1680 For the functions above a SCSI Task Management Response MUST be 1681 returned, using the Initiator Task Tag to identify the operation for 1682 which it is responding. 1684 For the , if SCSI control mode enables AE reporting, 1685 the target MUST send an Asynchronous Event to all other attached 1686 initiators to inform them that all pending tasks are cancelled and 1687 then enter the ACA state for any initiator for which it had pending 1688 tasks. 1690 For the and functions, the 1691 target cancels all pending operations and are both equivalent to the 1692 Target Reset as specified by SAM-2. Provided that SCSI control mode 1693 enables AE reporting, the target MUST send an Asynchronous Event to 1694 all attached initiators notifying them that the target is being 1695 reset. 1697 In addition, for the the target will enter the 1698 ACA state on all sessions and all LUs on which an AE was sent. 1700 In addition, for the the target then MUST 1701 terminate all of its TCP connections to all initiators (all sessions 1702 are terminated). However, if the target finds that it cannot send the 1703 required response or AEN it MUST continue the reset operation and it 1704 SHOULD log the condition for later retrieval. The logging operation 1705 MUST be reported through the target MIB. 1707 Further actions on reset functions are specified in the relevant SCSI 1708 documents for the specific class of devices. 1710 2.5.2 Referenced Task Tag 1712 Initiator Task Tag of the task to be aborted - for abort task 1714 Satran, J. Standards-Track, Expire October 2001 40 1715 iSCSI February 23, 2001 1717 2.6 SCSI Task Management Response 1719 Byte / 0 | 1 | 2 | 3 | 1720 / | | | | 1721 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1722 +---------------+---------------+---------------+---------------+ 1723 0| 0x42 |0| Reserved (0) | 1724 +---------------+---------------+---------------+---------------+ 1725 4| Logical Unit Number (LUN) | 1726 + + 1727 8| | 1728 +---------------+---------------+---------------+---------------+ 1729 12| Initiator Task Tag | 1730 +---------------+---------------+---------------+---------------+ 1731 16| Referenced Task Tag or Reserved (0) | 1732 +---------------+---------------+---------------+---------------+ 1733 20| StatSN | 1734 +---------------+---------------+---------------+---------------+ 1735 24| ExpCmdSN | 1736 +---------------+---------------+---------------+---------------+ 1737 28| MaxCmdSN | 1738 +---------------+---------------+---------------+---------------+ 1739 32| Response | Reserved (0) | 1740 +---------------+---------------+---------------+---------------+ 1741 36/ Reserved (0) / 1742 +/ / 1743 +---------------+---------------+---------------+---------------+ 1744 44 1746 For the functions , the target performs the 1748 requested Task Management function and sends a SCSI Task Management 1749 Response back to the initiator. The target provides a Response, which 1750 may take on the following values: 1752 0 Function Complete 1753 1 Task was not in task set 1754 255 Function Rejected 1756 For the and functions, the 1757 target cancels all pending operations. If SCSI control mode enables 1758 AE reporting, the target MUST send an Asynchronous Event to all 1759 attached initiators notifying them that the target has been reset. 1761 Satran, J. Standards-Track, Expire October 2001 41 1762 iSCSI February 23, 2001 1764 For the the target MUST then close all of its TCP 1765 connections to all initiators (terminates all sessions). 1767 The mapping of the response code into a SCSI service response code is 1768 outside the scope of this document. 1770 2.6.1 Referenced Task Tag 1772 Initiator Task Tag of the task not found 1774 Satran, J. Standards-Track, Expire October 2001 42 1775 iSCSI February 23, 2001 1777 2.7 SCSI Data 1779 The typical data transfer specifies the length of the data payload, 1780 the Target Transfer Tag provided by the receiver for this data 1781 transfer, and a buffer offset. The typical SCSI Data packet for 1782 WRITE (from initiator to target) has the following format: 1784 Byte / 0 | 1 | 2 | 3 | 1785 / | | | | 1786 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1787 +---------------+---------------+---------------+---------------+ 1788 0|0| 0x05 |F| Reserved (0) | 1789 +---------------+---------------+---------------+---------------+ 1790 4| LUN or Reserved (0) | 1791 + + 1792 8| | 1793 +---------------+---------------+---------------+---------------+ 1794 12| Initiator Task Tag | 1795 +---------------+---------------+---------------+---------------+ 1796 16| Target Transfer Tag or (0x'ffffffff') | 1797 +---------------+---------------+---------------+---------------+ 1798 20| Reserved (0) | 1799 +---------------+---------------+---------------+---------------+ 1800 24| ExpStatSN | 1801 +---------------+---------------+---------------+---------------+ 1802 28| Reserved (0) | 1803 +---------------+---------------+---------------+---------------+ 1804 32| DataSN | 1805 +---------------+---------------+---------------+---------------+ 1806 36| Buffer Offset | 1807 +---------------+---------------+---------------+---------------+ 1808 40| Reserved (0) | 1809 +---------------+---------------+---------------+---------------+ 1810 44| Digests if any... | 1811 +---------------+---------------+---------------+---------------+ 1812 / Payload / 1813 +/ / 1814 +---------------+---------------+---------------+---------------+ 1816 Satran, J. Standards-Track, Expire October 2001 43 1817 iSCSI February 23, 2001 1819 The typical SCSI Data packet for READ (from target to initiator) has 1820 the following format: 1822 Byte / 0 | 1 | 2 | 3 | 1823 / | | | | 1824 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1825 +---------------+---------------+---------------+---------------+ 1826 0| 0x45 |F| (0) |S|O|U| Reserved (0) |Status or Rsvd | 1827 +---------------+---------------+---------------+---------------+ 1828 4| Reserved (0) | 1829 + + 1830 8| | 1831 +---------------+---------------+---------------+---------------+ 1832 12| Initiator Task Tag | 1833 +---------------+---------------+---------------+---------------+ 1834 16| Reserved (0) | 1835 +---------------+---------------+---------------+---------------+ 1836 20| StatSN or Reserved (0) | 1837 +---------------+---------------+---------------+---------------+ 1838 24| ExpCmdSN | 1839 +---------------+---------------+---------------+---------------+ 1840 28| MaxCmdSN | 1841 +---------------+---------------+---------------+---------------+ 1842 32| DataSN | 1843 +---------------+---------------+---------------+---------------+ 1844 36| Buffer Offset | 1845 +---------------+---------------+---------------+---------------+ 1846 40| Residual Count | 1847 +---------------+---------------+---------------+---------------+ 1848 44| Digests if any... | 1849 +---------------+---------------+---------------+---------------+ 1850 / Payload / 1851 +/ / 1852 +---------------+---------------+---------------+---------------+ 1854 2.7.1 F (Final) bit 1856 For outgoing data, this bit is 1 for the last PDU of unsolicited data 1857 or the last PDU of a sequence answering a R2T. 1859 For incoming data, this bit is 1 for the last input data PDU 1860 associated with the command (even if it includes the status). 1862 2.7.2 Target Transfer Tag 1864 Satran, J. Standards-Track, Expire October 2001 44 1865 iSCSI February 23, 2001 1867 On outgoing data the Target Transfer Tag is provided to the target if 1868 the transfer is honoring a R2T. In this case, the Target Transfer Tag 1869 field is a replica of the Target Transfer Tag provided with the R2T. 1870 The Target Transfer Tag values are not specified by this protocol 1871 except that the all-bits-one value (0x'ffffffff') is reserved and 1872 means that the Target Transfer Tag is not supplied. If the Target 1873 Transfer Tag is provided then the LUN field MUST hold a valid value 1874 and consistent with whatever was specified with the command, else the 1875 LUN field is reserved. 1877 2.7.3 DataSN 1879 For input (read) data PDUs, the DataSN is the data PDU number 1880 (starting with 0) within the data transfer for the command identified 1881 by the Initiator Task Tag. 1883 For output (write) data PDUs, the DataSN is the data PDU number 1884 (starting with 0) within the current output sequence as identified by 1885 the Initiator Task Tag (for unsolicited data) or by the Target Task 1886 Tag and LUN (for data solicited through R2T). 1888 0x'ffffffff' is not a valid DataSN and MUST be skipped when counting 1889 (serial arithmetic) 1891 2.7.4 Buffer Offset 1893 The Buffer Offset field contains the offset of the following data 1894 against the complete data transfer. The sum of the buffer offset and 1895 length should not exceed the expected transfer length for the 1896 command. 1898 Input data ordering is governed by a disconnect-reconnect mode page 1899 bit (EMDP). If this bit is 1 the target MUST deliver packets in 1900 increasing buffer offset order. 1902 Output data within a burst (initial or any data PDU sequence that 1903 fulfils a R2T) MUST be delivered in increasing buffer offset order. 1905 2.7.5 Flags 1907 The last SCSI Data packet sent from a target to an initiator for a 1908 particular SCSI command that completed successfully may optionally 1909 also contain the Command Status for the data transfer. In this case 1910 Sense Data cannot be sent together with the Command Status. If the 1911 command completed with an error, then the response and sense data 1913 Satran, J. Standards-Track, Expire October 2001 45 1914 iSCSI February 23, 2001 1916 must be sent in a SCSI Response packet and must not be sent in a SCSI 1917 Data packet. 1919 b0-1 as in an SCSI Response 1920 b2 S (status)- set to indicate that the Command Status field 1921 contains status 1922 b3-6 not used (should be set to 0) 1923 b7 P (poll) - set to indicate data acknowledgement is 1924 requested; b7 and b2 are mutually exclusive - if S bit is set P 1925 bit MUST be ignored 1927 If the S bit is set to 1, then there is meaning to the extra fields 1928 in the SCSI Data packet (StatSN, Command Status, Residual Count). 1930 Satran, J. Standards-Track, Expire October 2001 46 1931 iSCSI February 23, 2001 1933 2.8 Text Command 1935 The Text Command is provided to allow the exchange of information and 1936 for future extensions. It permits the initiator to inform a target of 1937 its capabilities or to request some special operations. 1939 Byte / 0 | 1 | 2 | 3 | 1940 / | | | | 1941 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 1942 +---------------+---------------+---------------+---------------+ 1943 0|0| 0x04 |F| Reserved (0) | 1944 +---------------+---------------+---------------+---------------+ 1945 4| Reserved (0) | 1946 + + 1947 8| | 1948 +---------------+---------------+---------------+---------------+ 1949 12| Initiator Task Tag | 1950 +---------------+---------------+---------------+---------------+ 1951 16| Reserved (0) | 1952 +---------------+---------------+---------------+---------------+ 1953 20| CmdSN | 1954 +---------------+---------------+---------------+---------------+ 1955 24| ExpStatSN | 1956 +---------------+---------------+---------------+---------------+ 1957 28/ Reserved (0) / 1958 +/ / 1959 +---------------+---------------+---------------+---------------+ 1960 44| Digests if any... | 1961 +---------------+---------------+---------------+---------------+ 1962 / Text / 1963 +/ / 1964 +---------------+---------------+---------------+---------------+ 1966 2.8.1 Final (F) bit 1968 When set to 1 it indicates that his is the last or only text command 1969 in a sequence of commands; else it indicates that more commands will 1970 follow. 1972 2.8.2 Initiator Task Tag 1974 The initiator assigned identifier for this Text Command. 1975 If the command is sent as part of a sequence of commands (e.g., the 1976 Login Phase or a sequence of Text commands) the Initiator Task Tag 1978 Satran, J. Standards-Track, Expire October 2001 47 1979 iSCSI February 23, 2001 1981 MUST be the same for all the commands within the sequence (similar to 1982 linked SCSI commands). 1984 2.8.3 Text 1986 The initiator sends the target a set of key=value or key=list pairs 1987 encoded in UTF-8 Unicode. The key and value are separated by a '=' 1988 (0x3D) delimiter. Many key=value pairs can be included in the Text 1989 block by separating them with null (0x00) delimiters. A list is a 1990 set of values separated by comma (0x2C). Large binary items can be 1991 encoded using their hexadecimal representation (e.g., 8190 is 1992 0x1FFE). 1994 Character strings are represented as plain text. Numeric and binary 1995 values are represented using either decimal numbers or the 1996 hexadecimal 0x'ffff' notation. The result is adjusted to the specific 1997 key. 1999 The target responds by sending its response back to the initiator. 2000 The response text format is similar to the request text format. 2002 Some basic key=value pairs are described in Appendix A & D. All these 2003 keys except the X- extension formatted MUST be supported by iSCSI 2004 initiators and targets. 2006 Manufacturers may introduce new keys by prefixing them with X- 2007 followed by their (reversed) domain name, for example the company 2008 owning the domain acme.com can issue: 2010 X-com.acme.bar.foo.do_something=0000000000000003 2012 Any key that the target does not understand may be ignored without 2013 affecting basic function. 2015 Text operations are usually meant for parameter setting/negotiations 2016 but can be used also to perform some active operations. 2018 It is recommended that Text operations that will take a long time 2019 should be placed in their own Text command. If the Text Response 2020 does not contain a key that was requested, the initiator must assume 2021 that the key was not understood by the target. 2023 Targets and initiators may limit the size of the text accepted in a 2024 text command and text response as well as the size of key=value 2025 pairs. Such limits should be indicated at login. 2027 Satran, J. Standards-Track, Expire October 2001 48 2028 iSCSI February 23, 2001 2030 Satran, J. Standards-Track, Expire October 2001 49 2031 iSCSI February 23, 2001 2033 2.9 Text Response 2035 The Text Response message contains the responses of the target to the 2036 initiator's Text Command. The format of the Text field matches that 2037 of the Text Command. 2039 Byte / 0 | 1 | 2 | 3 | 2040 / | | | | 2041 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 2042 +---------------+---------------+---------------+---------------+ 2043 0| 0x44 |F| Reserved (0) | 2044 +---------------+---------------+---------------+---------------+ 2045 4| Reserved (0) | 2046 + + 2047 8| | 2048 +---------------+---------------+---------------+---------------+ 2049 12| Initiator Task Tag | 2050 +---------------+---------------+---------------+---------------+ 2051 16| Reserved (0) | 2052 +---------------+---------------+---------------+---------------+ 2053 20| StatSN | 2054 +---------------+---------------+---------------+---------------+ 2055 24| ExpCmdSN | 2056 +---------------+---------------+---------------+---------------+ 2057 28| MaxCmdSN | 2058 +---------------+---------------+---------------+---------------+ 2059 32/ Reserved (0) / 2060 +/ / 2061 +---------------+---------------+---------------+---------------+ 2062 44| Digests if any... | 2063 +---------------+---------------+---------------+---------------+ 2064 / Text / 2065 +/ / 2066 +---------------+---------------+---------------+---------------+ 2068 2.9.1 Final (F) bit 2070 When set to 1 in response to a text command with the Final bit set to 2071 1 it indicates that the target has finished it's operation. Else if 2072 set to 0 in response to a text command with the Final Bit set to 1 it 2073 indicates that the target has more work to do (invites a follow-on 2074 text command). A text response with the F bit set to 1 in response 2075 to a text command with the F bit set to 0 is a protocol error. 2077 2.9.2 Initiator Task Tag 2079 Satran, J. Standards-Track, Expire October 2001 50 2080 iSCSI February 23, 2001 2082 The Initiator Task Tag matches the tag used in the initial Text 2083 Command or the Login Initiator Task Tag. 2085 2.9.3 Text Response 2087 The Text Response field contains responses in the same key=value 2088 format as the Text Command. Appendix C lists some basic Text Commands 2089 and their Responses. If the Text Response does not contain a key 2090 that was requested, the initiator must assume that the key was not 2091 understood by the target or that the answer is =none and the two 2092 MUST be equivalent where applicable. 2094 Satran, J. Standards-Track, Expire October 2001 51 2095 iSCSI February 23, 2001 2097 2.10 Login Command 2099 After establishing a TCP connection between an initiator and a 2100 target, the initiator MUST issue a Login Command to gain further 2101 access to the target's resources. 2103 A Login Command MUST NOT be issued more than once on an iSCSI TCP 2104 connection. 2106 Byte / 0 | 1 | 2 | 3 | 2107 / | | | | 2108 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 2109 +---------------+---------------+---------------+---------------+ 2110 0|X| 0x03 |F| Reserved (0)| Version-max | Version-min | 2111 +---------------+---------------+---------------+---------------+ 2112 4| CID | Reserved (0) | 2113 +---------------+---------------+---------------+---------------+ 2114 8| ISID |TSID | 2115 +---------------+---------------+---------------+---------------+ 2116 12| Initiator Task Tag | 2117 +---------------+---------------+---------------+---------------+ 2118 16| Reserved (0) | 2119 +---------------+---------------+---------------+---------------+ 2120 20| InitCmdSN or Reserved (0) | 2121 +---------------+---------------+---------------+---------------+ 2122 24| ExpStatSN or Reserved (0) | 2123 +---------------+---------------+---------------+---------------+ 2124 28/ Reserved (0) / 2125 +/ / 2126 +---------------+---------------+---------------+---------------+ 2127 44/ Login Parameters in Text Command Format / 2128 +/ / 2129 +---------------+---------------+---------------+---------------+ 2131 2.10.1 X - Restart 2133 This is an attempt to reinstate a failed connection - CID does not 2134 change but logout first the old connection. 2136 2.10.2 F - final 2138 If set to 1 indicates that the initiator has no more parameters to 2139 set 2141 2.10.3 Version-max 2143 Satran, J. Standards-Track, Expire October 2001 52 2144 iSCSI February 23, 2001 2146 Maximum Version number supported. 2148 2.10.4 Version-min 2150 Minimum Version supported 2151 The version number of the current draft is 0x1. 2153 2.10.5 CID 2155 This is a unique id for this connection within the session. 2156 CIDs MUST NOT be reused during the life of a session (every 2157 connection ever used in a session MUST have a unique CID) 2159 2.10.6 ISID 2161 This an initiator defined session-identifier. It MUST be the same 2162 for all connections within a session. 2164 2.10.7 InitCmdSN 2166 Is significant only if TSID is zero and indicates the starting 2167 Command Sequence Number for this session; it SHOULD be zero for all 2168 other instances. 2170 2.10.8 ExpStatSN 2172 This is ExpStatSN for the old connection. 2173 This field is valid only if the X bit is set to 1. 2175 2.10.9 Login Parameters 2177 The initiator MAY provide some basic parameters in order to enable 2178 the target to determine if the initiator may in fact use the target's 2179 resources and the initial text parameters for the security exchange. 2180 The format of the parameters is as specified for the Text Command. 2181 Keys and their explanations are listed in Appendixes. 2183 Satran, J. Standards-Track, Expire October 2001 53 2184 iSCSI February 23, 2001 2186 2.11 Login Response 2188 The Login Response indicates the end of the login phase. Note that 2189 if security is established, the login response is authenticated. 2191 Byte / 0 | 1 | 2 | 3 | 2192 / | | | | 2193 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 2194 +---------------+---------------+---------------+---------------+ 2195 0| 0x83 |F| Reserved (0)| Version-max | Version-active| 2196 +---------------+---------------+---------------+---------------+ 2197 4| Reserved (0) | 2198 +---------------+---------------+---------------+---------------+ 2199 8| ISID |TSID | 2200 +---------------+---------------+---------------+---------------+ 2201 12| Initiator Task Tag | 2202 +---------------+---------------+---------------+---------------+ 2203 16| Reserved (0) | 2204 +---------------+---------------+---------------+---------------+ 2205 20| InitStatSN | 2206 +---------------+---------------+---------------+---------------+ 2207 24| ExpCmdSN | 2208 +---------------+---------------+---------------+---------------+ 2209 28| MaxCmdSN | 2210 +---------------+---------------+---------------+---------------+ 2211 32| Status-Class | Status-Detail | | 2212 +---------------+---------------+---------------+---------------+ 2213 36/ Reserved (0) / 2214 +/ / 2215 +---------------+---------------+---------------+---------------+ 2216 44| Digests if any... | 2217 +---------------+---------------+---------------+---------------+ 2218 / Login Parameters in Text Command Format / 2219 +/ / 2220 +---------------+---------------+---------------+---------------+ 2222 2.11.1 Version-max 2224 This is the highest version number supported by the target. 2226 2.11.2 Version-active/lowest 2228 Indicates the version supported (the highest supported by the target 2229 and initiator). If the target is not supporting a version within the 2231 Satran, J. Standards-Track, Expire October 2001 54 2232 iSCSI February 23, 2001 2234 range of the initiator it will reject the login and this field will 2235 indicate the lowest version supported by the target. 2237 2.11.3 InitStatSN 2239 This is the starting status Sequence Number for this connection. The 2240 value is relevant only if the F bit is set to 1. 2242 2.11.4 Status-Class and Status-Detail 2244 The Status returned in a Login Response indicates the status of the 2245 login request. The status includes: 2247 Status-Class 2248 Status-Detail 2250 The Status-Class is sufficient for a simple initiator to use when 2251 handling errors, without having to look at the Status-Detail. The 2252 Status-Detail allows finer-grained error recovery for more 2253 sophisticated initiators, as well as better information for error 2254 logging. 2256 The status classes are as follows: 2258 0 - Success - the iSCSI target successfully received, 2259 understood, and accepted the request. 2261 1 - Redirection - indicates that further action must be taken 2262 by the initiator to complete the request. This is usually due 2263 to the target moving to a different address. All of the 3 2264 status class responses MUST return one or more text key 2265 parameters of the type "TargetAddress", indicating the target's 2266 new address. 2268 2 - Initiator Error - indicates that the initiator likely 2269 caused the error. This is MAY be due to a request for a 2270 resource for which the initiator does not have permission. 2272 3 - Target Error - indicates that the target is incapable of 2273 fulfilling the request. 2275 The table below shows all of the currently allocated status codes. 2276 The codes are in hexadecimal; the first byte is the status class and 2277 the second byte is the status detail. The allowable state of the 2278 Final (F) bit in responses with each of the codes is indicated as 2279 well. 2281 Satran, J. Standards-Track, Expire October 2001 55 2282 iSCSI February 23, 2001 2284 ----------------------------------------------------------------- 2285 Status | Code | F | Description 2286 |(hex) | bit | 2287 ----------------------------------------------------------------- 2288 Accept Login | 0000 | 1/0 | Login is OK, moving to Full Feature 2289 | | | Phase (F=1) or Operational Parameter 2290 | | | Negotiation (F=0). 2291 ----------------------------------------------------------------- 2292 Authenticate | 0001 | 0 | The target WWUI exists and 2293 | | | authentication proceeds. 2294 ----------------------------------------------------------------- 2295 Target Moved | 0101 | 1 | The requested target WWUI has moved 2296 Temporarily | | | temporarily to the address provided. 2297 ----------------------------------------------------------------- 2298 Target Moved | 0102 | 1 | The requested target WWUI has moved 2299 Permanently | | | permanently to the address provided. 2300 ----------------------------------------------------------------- 2301 Proxy Required| 0103 | 1 | The initiator must use an iSCSI 2302 | | | proxy for this target; 2303 | | | address is provided. 2304 ----------------------------------------------------------------- 2305 Authentication| 0201 | 1 | The initiator authentication failed. 2306 Failed | | | 2307 ----------------------------------------------------------------- 2308 Forbidden | 0202 | 1 | The initiator is not allowed access 2309 Target | | | to the given target. 2310 ----------------------------------------------------------------- 2311 Not Found | 0203 | 1 | The requested Target WWUI does not 2312 | | | exist at this address. 2313 ----------------------------------------------------------------- 2314 Target Removed| 0204 | 1 | The requested target WWUI has been 2315 | | | removed; no forwarding address 2316 | | | provided. 2317 ----------------------------------------------------------------- 2318 Target | 0205 | 1 | Target is currently in use by 2319 Conflict | | | another initiator, and does 2320 | | | not support multiple initiators. 2321 ----------------------------------------------------------------- 2322 Target Error | 0300 | 1 | An error occurred in the iSCSI 2323 | | | target (out of resources, etc.). 2324 ----------------------------------------------------------------- 2325 Service | 0301 | 1 | The iSCSI service or target is not 2326 Unavailable | | | currently operational, usually due 2327 | | | to maintenance. 2328 ----------------------------------------------------------------- 2330 Satran, J. Standards-Track, Expire October 2001 56 2331 iSCSI February 23, 2001 2333 Unsupported | 0302 | 1 | The required version is not 2334 version | | | supported by the target. 2335 ----------------------------------------------------------------- 2337 If the Status is "accept login" (0x0000) and the F bit is 1, the 2338 initiator may proceed to issue SCSI commands. If the Status is 2339 "accept login" (0x0000) and the F bit is 0, the initiator may proceed 2340 negotiating operational parameters. The target MUST not set the 2341 Status to 0x'0000' and the F bit to 1 if the Login Command had the F 2342 bit set to 0. 2344 If the Status Class is not 0, the initiator and target MUST close the 2345 TCP connection. 2347 If the target wishes to reject the login request for more than one 2348 reason, it should return the primary reason for the rejection. 2350 2.11.5 TSID 2352 The TSID is an initiator identifying tag set by the target. A 0 in 2353 the returned TSID indicates that either the target supports only a 2354 single connection or that the ISID has already been used as a leading 2355 ISID. In both cases, the target is rejecting the login. 2357 2.11.6 Final bit 2359 Final bit is set to one in the Final Login Response. A Final bit of 0 2360 indicates a "partial" response - more negotiation needed. 2361 TSID must be returned in the partial response and the same value must 2362 be presented with the final response. 2364 Satran, J. Standards-Track, Expire October 2001 57 2365 iSCSI February 23, 2001 2367 2.12 NOP-Out 2369 Byte / 0 | 1 | 2 | 3 | 2370 / | | | | 2371 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 2372 +---------------+---------------+---------------+---------------+ 2373 0| 0x00 |P| Reserved (0) | 2374 +---------------+---------------+---------------+---------------+ 2375 4| LUN or Reserved (0) | 2376 + + 2377 8| | 2378 +---------------+---------------+---------------+---------------+ 2379 12| Initiator Task Tag or Reserved (0x'ffffffff') | 2380 +---------------+---------------+---------------+---------------+ 2381 16| Target Transfer Tag or Reserved (0x'ffffffff') | 2382 +---------------+---------------+---------------+---------------+ 2383 20| CmdSN or (0) | 2384 +---------------+---------------+---------------+---------------+ 2385 24| ExpStatSN or (0) | 2386 +---------------+---------------+---------------+---------------+ 2387 28/ Reserved (0) / 2388 +/ / 2389 +---------------+---------------+---------------+---------------+ 2390 44| Digests if any... | 2391 +---------------+---------------+---------------+---------------+ 2392 / Ping Data (optional) / 2393 +/ / 2394 +---------------+---------------+---------------+---------------+ 2396 The NOP-Out with the P bit set acts as a "ping command". 2397 This form of the NOP-Out can be used to verify that a connection is 2398 still active and all it's components are operational using in-order 2399 delivery or out-of-order delivery. It may be useful in the case where 2400 an initiator has been waiting a long time for the response to some 2401 command, and the initiator suspects that there is some problem with 2402 the connection. When a target receives the NOP-Out with the Ping bit 2403 set, it should respond with a Ping Response, duplicating as much as 2404 possible of the data that was provided in the NOP-Out. If the 2405 initiator does not receive the NOP-In within some time (determined by 2406 the initiator), or if the data returned by the NOP-In is different 2407 from the data that was in the NOP-Out, the initiator may conclude 2408 that there is a problem with the connection. The initiator will then 2409 close the connection and may try to establish a new connection. 2411 Satran, J. Standards-Track, Expire October 2001 58 2412 iSCSI February 23, 2001 2414 The NOP-Out can be sent by an initiator because of a NOP-In with the 2415 poll bit set, in which case the Target Tag will copy the NOP-In value 2416 and the P bit will be 0. 2418 2.12.1 P - Ping bit 2420 Request a NOP-In 2422 2.12.2 LUN 2424 The LUN field MUST be set whenever the Target Transfer Tag is set. 2426 2.12.3 Initiator Task Tag 2428 An initiator assigned identifier for the operation. 2430 The NOP-Out MUST have the Initiator Task Tag set only if the P bit is 2431 1. 2433 2.12.4 Target Transfer Tag 2435 A target assigned identifier for the operation. 2437 The NOP-Out MUST have the Target Tag set only if it issued in 2438 response to a NOP-In or a Data-IN with the P bit one, in which case 2439 it copies the Target Transfer Tag from the NOP-In or Data-IN PDU. 2440 When the Target Transfer Tag is set the LUN field must have the 2441 correct value for the task. 2443 2.12.5 Ping Data 2445 Ping data will be reflected in the Ping Response. Please note that 2446 the length of the reflected data is limited by a negotiated parameter 2447 and the initiator SHOULD avoid sending more than the negotiated 2448 limit. 2450 Satran, J. Standards-Track, Expire October 2001 59 2451 iSCSI February 23, 2001 2453 2.13 NOP-In 2455 Byte / 0 | 1 | 2 | 3 | 2456 / | | | | 2457 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 2458 +---------------+---------------+---------------+---------------+ 2459 0| 0x80 |P| Reserved (0) | 2460 +---------------+---------------+---------------+---------------+ 2461 4| Reserved (0) | 2462 + + 2463 8| | 2464 +---------------+---------------+---------------+---------------+ 2465 12| Initiator Task Tag or Reserved (0x'ffffffff') | 2466 +---------------+---------------+---------------+---------------+ 2467 16| Target Transfer Tag or Reserved (0x'ffffffff') | 2468 +---------------+---------------+---------------+---------------+ 2469 20| StatSN | 2470 +---------------+---------------+---------------+---------------+ 2471 24| ExpCmdSN | 2472 +---------------+---------------+---------------+---------------+ 2473 28| MaxCmdSN | 2474 +---------------+---------------+---------------+---------------+ 2475 36/ Reserved (0) / 2476 +/ / 2477 +---------------+---------------+---------------+---------------+ 2478 44| Digests if any... | 2479 +---------------+---------------+---------------+---------------+ 2480 / Return Ping Data / 2481 +/ / 2482 +---------------+---------------+---------------+---------------+ 2484 When a target receives the NOP-Out with the P bit set, it MUST 2485 respond with a NOP-In, with the same Initiator Task Tag that was 2486 provided in the Ping Command. It SHOULD also duplicate as much of the 2487 initiator provided Ping Data as allowed by a configurable target 2488 parameter. The P bit for such a response MUST be 0. 2490 2.13.1 P bit 2492 A target may issue a NOP-In on its own to test the connection and the 2493 state of the initiator. If the target wants to test the initiator, it 2494 will set the P bit to 1 to ask for an answer from the initiator. In 2495 this case the Initiator Task Tag MUST be 0x'ffffffff' and the Target 2496 Tag MUST be set (not 0x'ffffffff'). If the target wants only to test 2498 Satran, J. Standards-Track, Expire October 2001 60 2499 iSCSI February 23, 2001 2501 the connection, the P bit will be set to 0 and both tags MUST hold 2502 the reserved value 0x'ffffffff. 2504 Whenever the NOP-In is not issued in response to a NOP-Out the StatSN 2505 field will contain as usual the next StatSN but StatSN for this 2506 connection will not be advanced. 2508 2.13.2 Target Transfer Tag 2510 A target assigned identifier for the operation. 2512 Satran, J. Standards-Track, Expire October 2001 61 2513 iSCSI February 23, 2001 2515 2.14 Logout Command 2517 The Logout command is used to perform a controlled closing of a 2518 connection. 2520 An initiator MAY use a logout command to remove a connection from a 2521 session or to close an entire session. 2523 If an initiator intends to start recovery for a failing connection it 2524 MUST use the either the Logout command to "clean-up" the target end 2525 of a failing connection and enable recovery to start, or use the 2526 restart option of the Login command to the same effect. On sessions 2527 with a single connection, this might imply opening a second 2528 connection with the sole purpose of cleaning-up the first. 2530 Byte / 0 | 1 | 2 | 3 | 2531 / | | | | 2532 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 2533 +---------------+---------------+---------------+---------------+ 2534 0| 0x06 |0| Reserved (0) | 2535 +---------------+---------------+---------------+---------------+ 2536 4| CID | Reserved (0) |Reason Code | 2537 +---------------+---------------+---------------+---------------+ 2538 8| Reserved (0) | 2539 +---------------+---------------+---------------+---------------+ 2540 12| Initiator Task Tag | 2541 +---------------+---------------+---------------+---------------+ 2542 16/ Reserved (0) / 2543 +/ / 2544 +---------------+---------------+---------------+---------------+ 2545 24| ExpStatSN or (0) | 2546 +---------------+---------------+---------------+---------------+ 2547 28/ Reserved (0) / 2548 +/ / 2549 +---------------+---------------+---------------+---------------+ 2550 44 2552 2.14.1 CID 2554 The connection ID of the connection to be closed (including closing 2555 the TCP stream) 2557 2.14.2 ExpStatSN 2559 This is the ExpStatSN for the connection to be closed. 2561 Satran, J. Standards-Track, Expire October 2001 62 2562 iSCSI February 23, 2001 2564 2.14.3 Reason Code 2566 Indicate the reason for Logout: 2568 0 - Remove the connection because the session is closing 2569 1 - Remove the connection for recovery 2570 2 - Remove the connection at target's request (requested 2571 through an AEN) 2573 Satran, J. Standards-Track, Expire October 2001 63 2574 iSCSI February 23, 2001 2576 2.15 Logout Response 2578 The logout response is used by the target to indicate that the 2579 cleanup operation for the failed connection has completed. 2581 After Logout, the TCP connection MUST be closed at both ends. 2583 Byte / 0 | 1 | 2 | 3 | 2584 / | | | | 2585 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 2586 +---------------+---------------+---------------+---------------+ 2587 0| 0x86 |0| Reserved (0) | 2588 +---------------+---------------+---------------+---------------+ 2589 4| Reserved (0) | 2590 + + 2591 8| | 2592 +---------------+---------------+---------------+---------------+ 2593 12| Initiator Task Tag | 2594 +---------------+---------------+---------------+---------------+ 2595 16/ Reserved (0) / 2596 +/ / 2597 +---------------+---------------+---------------+---------------+ 2598 24| ExpCmdSN | 2599 +---------------+---------------+---------------+---------------+ 2600 28| MaxCmdSN | 2601 +---------------+---------------+---------------+---------------+ 2602 32| Status | Reserved (0) | 2603 +---------------------------------------------------------------+ 2604 36/ Reserved (0) / 2605 +/ / 2606 +---------------+---------------+---------------+---------------+ 2607 44 2609 2.15.1 Status 2611 Logout ending status: 2613 0 - connection closed successfully 2614 1 - cleanup failed 2616 Satran, J. Standards-Track, Expire October 2001 64 2617 iSCSI February 23, 2001 2619 2.16 SACK Request 2621 Byte / 0 | 1 | 2 | 3 | 2622 / | | | | 2623 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 2624 +---------------+---------------+---------------+---------------+ 2625 0| 0x10 | Reserved (0)|D| | AddRuns | 2626 +---------------+---------------+---------------+---------------+ 2627 4| Reserved (0) | 2628 + + 2629 8| | 2630 +---------------+---------------+---------------+---------------+ 2631 12| Initiator Task Tag or Reserved (0x'ffffffff') | 2632 +---------------+---------------+---------------+---------------+ 2633 16| Reserved (0) | 2634 +---------------+---------------+---------------+---------------+ 2635 20| BegRun | 2636 +---------------+---------------+---------------+---------------+ 2637 24| RunLength | 2638 +---------------+---------------+---------------+---------------+ 2639 28/ Additional Runs or Reserved (0) / 2640 +/ / 2641 +---------------+---------------+---------------+---------------+ 2642 44 2644 SACK request is used to request retransmission of status or data PDUs 2645 from the target. It also implicitly acknowledges data or status PDUs. 2646 The SACK request indicates to the target the missed status or data 2647 runs - where a run is composed of an initial missed StatSN or DataSN 2648 and the number of additional missed Status or Data PDUs (0 means only 2649 the initial). 2651 2.16.1 D 2653 If 1, indicates that this is a Data SACK; else it is a status SACK. 2654 Data SACK for a command MUST precede implicit or explicit status 2655 acknowledgement for the given command. 2656 For Data SACK the Initiator Task Tag has to be set to the Initiator 2657 Task Tag of the referenced Command. 2659 2.16.2 AddRun 2661 Runs are gaps in sequence numbers as perceived by the receiver and 2662 each run is characterized by a starting sequence and a length. 2664 Satran, J. Standards-Track, Expire October 2001 65 2665 iSCSI February 23, 2001 2667 This field specifies the number of additional runs (0, 1 or 2 are the 2668 only valid values). 2670 2.16.3 BegRun 2672 First missed DataSN or StatSN 2674 2.16.4 RunLength 2676 Number of additional missed DataSN or StatSN (if BegRun is the only 2677 one missing RunLength MUST be 0) 2679 Satran, J. Standards-Track, Expire October 2001 66 2680 iSCSI February 23, 2001 2682 2.17 Ready To Transfer (R2T) 2684 When an initiator has submitted a SCSI Command with data passing from 2685 the initiator to the target (WRITE), the target may specify which 2686 blocks of data it is ready to receive. In general, the target may 2687 request that the data blocks be delivered in whatever order is 2688 convenient for the target at that particular instant. This 2689 information is passed from the target to the initiator in the Ready 2690 To Transfer (R2T) message. 2692 In order to allow write operations without R2T, the initiator and 2693 target must have agreed to do so by both sending the UseR2T=no key- 2694 pair attribute to each other (either during Login or through the Text 2695 Command/Response mechanism). 2697 An R2T MAY be answered with one or more iSCSI Data-out PDU with a 2698 matching Target Transfer Tag. If an R2T is answered with a single 2699 Data PDU the Buffer Offset in the Data PDU MUST be the same as the 2700 one specified by the R2T and the data length of the Data PDU must not 2701 exceed the Desired Data Length specified in R2T. If the R2T is 2702 answered with a sequence of Data PDUs the Buffer Offset and Length 2703 MUST be within the range of those specified by R2T, the last PDU 2704 should have the F bit set to 1. 2706 The target may send several R2T PDUs and thus have a number of data 2707 transfers pending. All outstanding R2T should have different Target 2708 Transfer Tags. Outstanding R2Ts MUST be fulfilled by the initiator in 2709 the order they where received. 2711 Byte / 0 | 1 | 2 | 3 | 2712 / | | | | 2713 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 2714 +---------------+---------------+---------------+---------------+ 2715 0| 0x90 |0| Reserved (0) | 2716 +---------------+---------------+---------------+---------------+ 2717 4| Reserved (0) | 2718 + + 2719 8| | 2720 +---------------+---------------+---------------+---------------+ 2721 12| Initiator Task Tag | 2722 +---------------+---------------+---------------+---------------+ 2723 16| Target Transfer Tag | 2724 +---------------+---------------+---------------+---------------+ 2726 Satran, J. Standards-Track, Expire October 2001 67 2727 iSCSI February 23, 2001 2729 20| Reserved (0) | 2730 +---------------+---------------+---------------+---------------+ 2731 24| ExpCmdSN | 2732 +---------------+---------------+---------------+---------------+ 2733 28| MaxCmdSN | 2734 +---------------+---------------+---------------+---------------+ 2735 32| Desired Data Length | 2736 +---------------+---------------+---------------+---------------+ 2737 36| Buffer Offset | 2738 +---------------+---------------+---------------+---------------+ 2739 40| Reserved (0) | 2740 + + 2741 | | 2742 +---------------+---------------+---------------+---------------+ 2743 44 2745 2.17.1 Desired Data Transfer Length and Buffer Offset 2747 The target specifies how many bytes it wants the initiator to send 2748 because of this R2T message. The target may request the data from 2749 the initiator in several chunks, not necessarily in the original 2750 order of the data. The target, therefore, also specifies a Buffer 2751 Offset indicating the point at which the data transfer should begin, 2752 relative to the beginning of the total data transfer. 2754 2.17.2 Target Transfer Tag 2756 The target assigns its own tag to each R2T request that it sends to 2757 the initiator. This can be used by the target to easily identify data 2758 it receives. The Target Transfer Tag is copied in the outgoing data 2759 PDUs and used by the target only. There is no protocol rule about 2760 Target Transfer Tag, but it is assumed that it will be used to tag 2761 the response data to the target (alone or combination with the LUN). 2763 Satran, J. Standards-Track, Expire October 2001 68 2764 iSCSI February 23, 2001 2766 2.18 Asynchronous Message 2768 An Asynchronous Message may be sent from the target to the initiator 2769 without corresponding to a particular command. The target specifies 2770 the status for the event and sense data. 2772 Byte / 0 | 1 | 2 | 3 | 2773 / | | | | 2774 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 2775 +---------------+---------------+---------------+---------------+ 2776 0| 0x91 |0| Reserved (0) | 2777 +---------------+---------------+---------------+---------------+ 2778 4| Logical Unit Number (LUN) | 2779 + + 2780 8| | 2781 +---------------+---------------+---------------+---------------+ 2782 12/ Reserved (0) / 2783 +/ / 2784 +---------------+---------------+---------------+---------------+ 2785 20| StatSN | 2786 +---------------+---------------+---------------+---------------+ 2787 24| ExpCmdSN | 2788 +---------------+---------------+---------------+---------------+ 2789 28| MaxCmdSN | 2790 +---------------+---------------+---------------+---------------+ 2791 32|SCSI Event |iSCSI Event | Parameter1 or Reserved (0) | 2792 +---------------+---------------+---------------+---------------+ 2793 36| Parameter2 or Reserved (0) | Reserved (0) | 2794 +---------------+---------------+---------------+---------------+ 2795 40| Reserved (0) | 2796 +---------------+---------------+---------------+---------------+ 2797 44| Digests if any... | 2798 +---------------+---------------+---------------+---------------+ 2799 / Sense Data / 2800 +/ / 2801 +---------------+---------------+---------------+---------------+ 2803 Some Asynchronous Messages are strictly related to iSCSI while others 2804 are related to SCSI [SAM-2}. An Asynchronous Message may contain both 2805 types of events. 2807 Please note that StatSN counts this PDU as an acknowledgeable event, 2808 allowing initiator and target state synchronization. 2810 Satran, J. Standards-Track, Expire October 2001 69 2811 iSCSI February 23, 2001 2813 2.18.1 iSCSI Event 2815 The codes returned for iSCSI Asynchronous Messages (Events) are: 2817 1 Target is being reset. 2818 2 Target requests Logout - the Parameter1 field will 2819 indicate on what CID while the Parameter2 field will indicate 2820 the minimum time to reconnect in seconds 2821 3 Target indicates it will/has dropped the connection - the 2822 Parameter1 field will indicate on what CID while the Parameter2 2823 field will indicate the minimum time to reconnect in seconds 2825 2.18.2 SCSI Event 2827 The following values are defined. (See [SAM2] for details): 2829 1 An error condition was encountered after command 2830 completion. 2831 2 A newly initialized device is available to this initiator. 2832 3 Some other type of unit attention condition has occurred. 2833 4 An asynchronous event has occurred. 2835 Event 4 also includes the case when all Task Sets are being Reset by 2836 another Initiator. 2837 Sense Data accompanying the report identifies the condition. The 2838 Length parameter is set to the length of the Sense Data. 2840 For new device identification, an iSCSI target MUST support the 2841 Device Identification page. 2843 Satran, J. Standards-Track, Expire October 2001 70 2844 iSCSI February 23, 2001 2846 2.19 Third Party Commands 2848 SCSI allows every addressable entity to be either an initiator or a 2849 target. In host-to-host communication, each such entity can take on 2850 the initiator role. In typical I/O operations between a host and a 2851 peripheral subsystem, the host plays the initiator role and the 2852 peripheral subsystem plays the target role. 2854 For EXTENDED COPY and other third party SCSI commands, that involve 2855 device-to-device communication, such as (EXTENDED) COPY and COMPARE, 2856 SCSI defines a copy-manager. The copy-manager takes on the role of 2857 initiator in the device-to-device communication. The copy-manager is 2858 the "original-target" of the command and acts as initiator for a 2859 (variable) number of the devices, called sources and destinations. 2860 Sources and destinations act as targets. The whole operation is 2861 described by one "master CDB" delivered to the copy-manager and a 2862 series of descriptor blocks; each descriptor block addresses a source 2863 and destination target and LU and a description of the work to be 2864 done in terms of blocks or bytes as required by the device types. The 2865 relevant SCSI standards do not require full support of the (EXTENDED) 2866 COPY or COMPARE nor do they provide a detailed execution model. 2868 Enabling a FC copy-manager to support iSCSI sources and destinations 2869 is subject to coordination with T10. 2871 Satran, J. Standards-Track, Expire October 2001 71 2872 iSCSI February 23, 2001 2874 2.20 Reject 2876 Byte / 0 | 1 | 2 | 3 | 2877 / | | | | 2878 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 2879 +---------------+---------------+---------------+---------------+ 2880 0|0| 0xef |0| Reserved (0) | 2881 +---------------+---------------+---------------+---------------+ 2882 4/ Reserved (0) / 2883 +/ / 2884 +---------------+---------------+---------------+---------------+ 2885 36| Reason | Reserved (0) | First Bad Byte or Rsvd(0) | 2886 +---------------+---------------+---------------+---------------+ 2887 40| Reserved (0) | 2888 +/ / 2889 +---------------+---------------+---------------+---------------+ 2890 44/ Complete Header of Bad Message / 2891 +/ / 2892 +---------------+---------------+---------------+---------------+ 2893 xx 2895 It may happen that a target receives a message with a format error 2896 (inconsistent fields, reserved fields not 0, inexistent LUN etc.) or 2897 a digest error (invalid payload or header). The target returns the 2898 header of the message in error as the data of the response. 2900 2.20.1 Reason 2902 The reject Reason is coded as follows: 2904 1 - Format Error 2905 2 - Header Digest Error 2906 3 - Payload Digest Error 2907 4 - Data-SACK Reject 2908 5 - Command Restart Reject 2909 15 - Full Feature Phase Command before login 2911 2.20.2 First Bad Byte 2913 For a format error reject this is the offset of the first offending 2914 byte in the header. 2916 Satran, J. Standards-Track, Expire October 2001 72 2917 iSCSI February 23, 2001 2919 3. SCSI mode parameters for iSCSI 2921 This chapter describes fields and mode pages that control and report 2922 the behavior of the iSCSI protocol. All fields not described here 2923 MUST control the behavior of iSCSI devices as defined by the 2924 corresponding command set standard. 2926 3.1 iSCSI Disconnect-Reconnect mode page 2928 3.1.1 Enable Modify Data Pointers bit 2930 This field is used to control incoming data ordering. Incoming data 2931 PDUs can be in any order (EMDP = 1) or have to be at continuously 2932 increasing addresses (EMDP = 0). 2933 EMDP can also be set by a text-mode key=value pair (InDataOrder). 2935 3.1.2 Maximum Burst Size field (16 bit) 2937 This field is used by iSCSI to define the maximum data payload in 2938 iSCSI data PDUs or as immediate data in command PDUs in units of 512 2939 bytes. This value can also be set by a text-mode key=value pair 2940 (DataPDULength). 2942 3.1.3 First Burst Size field (16 bit) 2944 This field is used by iSCSI to define the maximum of unsolicited data 2945 an iSCSI initiator is allowed to send to the target in units of 512 2946 bytes. This value can also be set by a text-mode key=value pair 2947 (FirstBurstSize). 2949 3.1.4 Other fields 2951 No other fields in this page are used by iSCSI. 2953 3.2 iSCSI Logical Unit Control mode page 2955 3.2.1 Protocol Identifier 2957 This field is set to the iSCSI code set by T10 (xx) 2959 3.2.2 Enable CmdRN 2961 When this field is set to 1 the CmdRN field is valid. 2962 This field can also be set by a text-mode key=value pair 2963 (EnableCmdRN). 2965 Satran, J. Standards-Track, Expire October 2001 73 2966 iSCSI February 23, 2001 2968 3.3 iSCSI Port Control mode page 2970 No field in this page is used by iSCSI 2972 Satran, J. Standards-Track, Expire October 2001 74 2973 iSCSI February 23, 2001 2975 4. Login phase 2977 In the rest of this chapter whenever we mention security we mean 2978 security and/or data integrity. 2980 The login phase establishes an iSCSI session between initiator and 2981 target. It sets the iSCSI protocol parameters, security parameters, 2982 and authenticates the initiator and target to each other. 2984 Operational parameters MAY be negotiated within or outside (after) 2985 the login phase. 2987 Security MUST be completely negotiated within the Login Phase or 2988 provided by external means (e.g., IPSec). 2990 In some environments, a target or an initiator will not be interested 2991 in authenticating their counterpart. It is possible to achieve this 2992 through the Login Command and Response. 2994 The initiator and target MAY want to negotiate authentication and 2995 data integrity parameters. Once this negotiation is completed, the 2996 channel is considered secure. 2998 Authentication and a Secure Channel setup MAY be performed 2999 independent of iSCSI (as when using tunneling IPSec or some 3000 implementations of transport IPSec) in which case the Login phase can 3001 be reduced to operational parameter negotiations. 3003 The login phase is implemented via login and text commands and 3004 responses only. The login command is sent from the initiator to the 3005 target in order to start the login phase, and the login response is 3006 sent from the target to the initiator to conclude the login phase. 3007 Text messages are used to implement negotiation, establish security 3008 and set operational parameters. 3010 The whole login phase is considered as a single task and has a single 3011 Initiator Task Tag (very much like the linked SCSI commands). 3013 The login phase sequence of commands and responses proceeds as 3014 follows: 3016 - Login command (mandatory) 3017 - Login Partial-Response (optional) 3018 - Text Command(s) and Response(s) (optional) 3019 - Login Final-Response (mandatory) 3021 Satran, J. Standards-Track, Expire October 2001 75 3022 iSCSI February 23, 2001 3024 The Login Final-Response can come only as a response to a Login 3025 command with the F bit set to 1 or a Text Command with the F bit set 3026 to 1. 3028 4.1 Login phase start 3030 The login phase starts with a login request via a login command from 3031 the initiator to the target. The login request includes: 3033 -Protocol version supported by the initiator (currently 0x'01') 3034 -Session and connection Ids 3035 -Security/Integrity Parameters OR 3036 -iSCSI operational parameters 3038 A target MAY use the Initiator WWUI as part of its access control 3039 mechanism; therefore, the Initiator WWUI must be sent before the 3040 target is required to disclose its LUs. 3042 If the target WWUI is going to be used in determining the security 3043 mode or it is implicit part of authentication, then the target WWUI 3044 MUST be sent in the login command of the first connection of a 3045 session to identify the storage endpoint of the session. However, it 3046 is OPTIONAL for all the connections after the first (it will be 3047 ignored by the target for new connections within an existing 3048 session). If the target WWUI is going to be used only for access 3049 control it can be sent after the Security Context Complete is 3050 achieved. A unknown target can be accessed by using "iSCSI" as a 3051 placeholder for the WWUI. 3052 The WWUIs MUST be in text command format. 3054 The target can answer in the following ways: 3056 -Login Response with Login Reject (and Final bit 1). This is 3057 an immediate rejection from the target causing the session to 3058 terminate. 3059 -Login Response with Login Accept with session ID and iSCSI 3060 parameters and F bit set to 1. This is a valid response only 3061 if the Login Command had also the F bit set to 1. In this 3062 case, the target does not support any security or 3063 authentication mechanism and starts with the session 3064 immediately (enters full feature phase) 3066 Satran, J. Standards-Track, Expire October 2001 76 3067 iSCSI February 23, 2001 3069 -Login Response with Final bit 0 indicating the start of a 3070 negotiation sequence. The response includes the protocol 3071 version supported by the target and EITHER security/integrity 3072 parameters OR iSCSI parameters (when no security/integrity 3073 mechanism is chosen) supported by the target. It also indicates 3074 what sequence is expected next (security/integrity or iSCSI 3075 parameters negotiation). The initiator MAY decide to drop the 3076 connection if the sequence is not what it expects (e.g., an 3077 initiator expecting a security/integrity sequence and getting a 3078 response indicating that iSCSI parameters negotiation is the 3079 next phase expected by the initiator). 3081 4.2 iSCSI Security and Integrity negotiation 3083 The security exchange sets the security mechanism and authenticates 3084 the user and the target to each other. The exchange proceeds 3085 according to the algorithms that were chosen in the negotiation phase 3086 and is conducted by the text commands key=value parameters. 3088 The negotiable security mechanisms include the following modes: 3090 -Initiator-target authentication - the host and the target 3091 authenticate themselves to each other. A negotiable algorithm, 3092 e.g., Kerberos, provides this feature. 3093 -Message integrity - an integrity/authentication digest is 3094 attached to each packet. The algorithm is negotiable. 3096 Using IPsec for encryption or authentication may eliminate the 3097 need for security negotiation at the iSCSI level (for example, 3098 ISAKMP for IPsec). 3100 If security is established in the login phase note that: 3102 -After the security context negotiation is complete, each iSCSI 3103 message MUST include the appropriate digest field if any. 3105 -The iSCSI parameter negotiation (non-security parameters) 3106 SHOULD start only after security is established. This should be 3107 performed using text commands. 3109 The negotiation proceeds as follows: 3111 -The initiator sends a text command with an ordered list of the 3112 options it supports for each subject (authentication algorithm, 3113 iSCSI parameters and so on). The options are listed from the 3114 most preferable (to the initiator) to the least. 3116 Satran, J. Standards-Track, Expire October 2001 77 3117 iSCSI February 23, 2001 3119 -The target MUST reply with the first option in the list it 3120 supports. The parameters are encoded in Unicode - UTF8 as 3121 key=value. The initiator MAY send proprietary options as well. 3122 The "none" option, if allowed, MUST be included in the list, 3123 indicating no algorithm supported by the target. If security is 3124 to be established, the initiator MUST NOT send parameters other 3125 than security parameters in the login command. The general 3126 parameters should be negotiated only after security is 3127 established at the desired level. Any operational parameters 3128 sent before establishing a secure context MUST be reset by both 3129 the target and the initiator when establishing the security 3130 context. For a list of security, parameters see Appendix A. 3132 -Every party in the security negotiation will indicate that it 3133 has completed building its security context (has all the 3134 required information) by sending the key=value pair: 3136 SecurityContextComplete=Yes 3138 The other party will either offer some more parameters or 3139 answer with the same: 3141 SecurityContextComplete=Yes 3143 The party that is ready will keep sending the 3144 SecurityContextComplete=Yes pair (in addition to new security 3145 parameters if required) until the handshake is complete. 3147 If the initiator has been the last to complete the handshake it 3148 MUST NOT start sending operational parameters within the same 3149 text command; a text response including only 3150 SecurityContextComplete=Yes will conclude the security sub 3151 phase. 3153 If the target has been the last to complete the handshake, the 3154 initiator can start the operational parameter negotiation with 3155 the next text command; the security negotiation sub phase has 3156 ended with the target text response. 3158 All PDUs sent after the security negotiation sub phase MUST be 3159 built using the agreed security. 3161 4.3 Operational parameter negotiation during the login phase 3163 Operational parameter negotiation during the login MAY be done: 3165 Satran, J. Standards-Track, Expire October 2001 78 3166 iSCSI February 23, 2001 3168 - starting with the Login command if the initiator does not 3169 offer any security/ integrity option 3170 - starting immediately after the security/integrity negotiation 3171 if the initiator and target perform such a negotiation 3172 - starting immediately after the Login response with Final bit 3173 0 if the initiator does offer security/integrity options but 3174 the target chose none. 3176 Operational parameter negotiation MAY involve several request- 3177 response exchanges (login and/or text) always driven by the 3178 initiator. The initiator MUST indicate its intent to terminate the 3179 negotiation by setting the F bit to 1; the target will set the F bit 3180 to 1 on the last response and that last response must be the Login 3181 Response. 3182 If the target responds to a text or Login command with the F bit set 3183 to 1 with a text response with the F bit set to 0, or a login 3184 response with the text bit set to 0, the initiator must keep sending 3185 text command (even empty) with the F bit set to 1 until it gets the 3186 Login Response with the F bit set to 1. 3188 A target MUST not send more than one Login Response with the F bit 3189 set to 0. 3191 An initiator MUST send a single Login command per connection per 3192 session. 3194 Satran, J. Standards-Track, Expire October 2001 79 3195 iSCSI February 23, 2001 3197 5. Operational parameter negotiation outside the login phase 3199 Operational parameters MAY be negotiated outside (after) the login 3200 phase. 3202 Operational parameter negotiation MAY involve several text request- 3203 response exchanges always driven by the initiator. The initiator MUST 3204 indicate its intent to terminate the negotiation by setting the F bit 3205 to 1; the target will set the F bit to 1 on the last response. 3206 If the target responds to a text command with the F bit set to 1 with 3207 a text response with the F bit set to 0, the initiator must keep 3208 sending text command (even empty) with the F bit set to 1 until it 3209 gets the text response with the F bit set to 1. 3211 Satran, J. Standards-Track, Expire October 2001 80 3212 iSCSI February 23, 2001 3214 6. iSCSI Error Handling and Recovery 3216 For any outstanding SCSI command, it is assumed that iSCSI in 3217 conjunction with SCSI at the initiator is able to keep enough 3218 information to be able to rebuild the command PDU, and that outgoing 3219 data is available (in host memory) for retransmission while the 3220 command is outstanding. It is also assumed that at target, incoming 3221 data (read data) MAY be kept for recovery or it can be re-read from a 3222 device server. 3224 It is further assumed that a target will keep the "status & sense" 3225 for a command it has executed while the total number of outstanding 3226 commands and executed commands does not exceed its limit and status 3227 has not been acknowledged. 3229 6.1 Format errors 3231 Explicit violations of the rules stated in this document are format 3232 errors. 3234 While a session is active, whenever a target receives an iSCSI PDU 3235 with a format error, it MUST answer with a Reject iSCSI PDU with a 3236 Reason-code of Format Error. It MUST also provide a 2-byte offset of 3237 the first offending byte in the rejected PDU. 3239 When an initiator receives an iSCSI PDU with a format error, for 3240 which it has an outstanding task, it MUST abort the target task and 3241 report the error through an appropriate service response (e.g., 3242 Target Failure). The exact coding of the service response is outside 3243 the scope of this document. 3245 6.2 Digest errors 3247 When a target receives an iSCSI PDU with a header digest error or a 3248 payload digest error in an iSCSI PDU it MUST answer with a Reject 3249 iSCSI PDU with a Reason-code of Header-Digest-error or Data-Digest- 3250 Error and discard the offending PDU. If the error is a Data-Digest- 3251 Error in a Data-PDU, the target MUST either request retransmission 3252 with a R2T or answer with a Reject iSCSI PDU and abort the task. 3254 When an initiator receives an iSCSI PDU with a header digest error, 3255 it MUST discard it. When an initiator receives any iSCSI PDU other 3256 than a data PDU, with a Data-Digest-Error, and this PDU is part of a 3257 task (has an Initiator Task Tag set) it MUST discard the PDU and it 3258 MAY restart the task (reissue the command with the same Initiator 3259 Task Tag and the X-bit set to 1). If the reissued command is a SCSI 3260 command and it implies Read Data (Expected Data Length is not 0), the 3262 Satran, J. Standards-Track, Expire October 2001 81 3263 iSCSI February 23, 2001 3265 reissued command will also include the sequence number of the Next 3266 Data Packet expected by the initiator (0 if there was no data packet 3267 yet). 3269 When an initiator receives an iSCSI data PDU with a Data-Digest 3270 error, it must discard the PDU and it MUST either request the missing 3271 data PDUs through SACK or terminate the command with an error. 3273 6.3 Sequence errors 3275 When an initiator receives an iSCSI data PDU with an out-of-order 3276 DataSN or a SCSI command response PDU with an EndDataSN implying 3277 missing data PDUs it MAY request the missing data PDUs through a data 3278 SACK PDU or handle this case as a connection failure. In its turn, 3279 the target MUST either reject the SACK with a Reject PDU with a 3280 reason-code of Data-SACK-Reject or resend the data PDU. 3282 When an initiator receives an iSCSI status PDU with an out-of-order 3283 StatSN implying missing responses, it MUST either request the missing 3284 response PDUs through a status SACK or handle this case as a 3285 connection failure. The target MUST reissue the missing responses. 3286 As a side effect of receiving the missing responses, the initiator 3287 might discover missing data PDUs. The initiator MUST NOT acknowledge 3288 (explicitly through ExpStatRN or implicitly through a status SACK) 3289 the received responses until it has completed receiving all the data 3290 PDUs of a SCSI command. 3292 6.4 Protocol Errors 3294 The authors recognize that mapping framed messages over a "stream" 3295 connection (like TCP) makes the proposed mechanisms vulnerable to 3296 simple software framing errors and introducing framing mechanisms may 3297 be onerous for performance and bandwidth. Command Sequence Numbers 3298 and the above mechanisms for connection drop and reestablishment will 3299 help handle this type of mapping errors. 3301 6.5 Connection failure 3303 iSCSI can keep a session in operation if it is able to keep/establish 3304 at least one TCP connection between the initiator and target in a 3305 timely fashion. It is assumed that targets and/or initiators will 3306 recognize a failing connection by either transport level means (TCP) 3307 or by a gap in the command or response stream that is not filled for 3308 a long time, or by a failing iSCSI NOP-ping (the later MAY be used 3309 periodically by highly reliable implementations). Initiators and 3310 targets MAY also use the keep-alive option on the TCP connection to 3311 enable early link failure detection on otherwise idle links. 3313 Satran, J. Standards-Track, Expire October 2001 82 3314 iSCSI February 23, 2001 3316 At connection failure, initiator and target MUST either attempt 3317 connection recovery within the session or session recovery. 3319 6.6 Session Errors 3321 If all the connections of a session fail and can't be reestablished 3322 in a short time or if initiators detect protocol errors repeatedly, 3323 an initiator may choose to terminate a session and establish a new 3324 session. It will terminate all outstanding requests with a 3325 appropriate response before initiating a new session. The target 3326 will take the following actions: 3328 - Reset the TCP connections (close the session). 3329 - Abort all Tasks in the task set for the corresponding 3330 initiator. 3332 6.7 Recovery levels 3334 iSCSI enables the following levels of recovery (in increasing 3335 coverage order): 3337 - within a task (i.e., without requiring command restart) 3338 - within a connection (i.e., without requiring the connection 3339 to be rebuilt) but perhaps requiring command restart 3340 - within a session - perhaps requiring connections to be 3341 rebuilt and commands to be reissued 3342 - session recovery 3344 The recovery scenarios detailed in the rest of this part are 3345 representative rather than exclusive. In every case they detail the 3346 lowest level recovery that MAY be attempted leaving the implementer 3347 to decide under which circumstances to raise the recovery level 3348 and/or what recovery levels to implement. 3350 At all levels, the implementer has the choice of deferring errors to 3351 the SCSI initiator (with an appropriate response code) in which case 3352 the task, if any, has to be removed from the target and all the side- 3353 effects (like ACA) have to be considered. 3355 6.7.1 Recovery within-task 3357 At target, the following cases lend themselves to within-task 3358 recovery: 3360 Satran, J. Standards-Track, Expire October 2001 83 3361 iSCSI February 23, 2001 3363 (1)Lost data PDU - a data PDU may be lost due to a header 3364 digest error or a data digest error. In case of a data digest 3365 error, the error is recognized immediately, and the target MAY 3366 request the missing data through R2T. In case of a header 3367 digest error, the target will recognize the missing data either 3368 when receiving a subsequent piece out of sequence or by a 3369 timeout in completing a sequence (no data or partial-data-and- 3370 no-F-bit). In this case, too, the target MAY request the 3371 missing data through a R2T. 3373 The time to timeout to be used by a target is outside the scope 3374 of this document. 3376 At initiator, the following cases lend themselves to within-task 3377 recovery: 3379 (1)Lost data PDU - a data PDU may be lost due to a header 3380 digest error or a data digest error. In case of a data digest 3381 error, the error is recognized immediately and the initiator 3382 MAY request the missing data through SACK. In case of a header 3383 digest error, the initiator will recognize the missing data 3384 either when receiving a subsequent piece out of sequence or by 3385 a timeout in completing a sequence (no status). In this case, 3386 too, the initiator MAY request the missing data through a SACK. 3388 The time to timeout to be used by an initiator is outside the 3389 scope of this document. 3391 Both the iSCSI target and initiator MAY resort to a more drastic, 3392 not-within-task recovery procedure in any of these cases. 3394 An initiator MAY reissue a command when missing data or status. 3396 An iSCSI target MAY reject a data-SACK and terminate the command with 3397 an iSCSI error response of SACK rejected. 3399 An iSCSI initiator MUST accept an R2T. 3401 An iSCSI target on detecting missing data MAY terminate the command 3402 with an iSCSI error response of Delivery Subsystem Failure. 3404 6.7.1.1 Recovery within-connection 3406 Satran, J. Standards-Track, Expire October 2001 84 3407 iSCSI February 23, 2001 3409 At initiator, the following cases lend themselves to within- 3410 connection recovery: 3412 (1)Lost iSCSI numbered Response recognized by either receiving 3413 it with a data digest error or receiving a Response PDU with a 3414 higher StatSN than expected. The initiator MAY request the 3415 missing responses through SACK, in which case the target MUST 3416 reissue them. 3417 (2)Requests not acknowledged for a long time. Requests are 3418 acknowledged explicitly through ExpCmdSN or implicitly by 3419 receiving data and/or status. The initiator MAY reissue non- 3420 acknowledged commands. The reissued, non-acknowledged commands 3421 MUST carry their original CmdSN and the X (retry) flag set to 3422 1. Please note that this is the only case in which the 3423 reissued command will carry the same CmdSN. 3424 N.B. While the original connection for a command is still 3425 "active" (has not been logged-out or restarted), any command 3426 MUST be retried only on the original connection. After logging 3427 out the original connection, commands can be retried on a 3428 different connection, but must still carry the original CmdSN. 3430 At target, the following cases lend themselves to within-connection 3431 recovery: 3433 (1)Status/Response not acknowledged for a long time. The target 3434 MAY issue a NOP-IN (with or with the P bit set to 1 or 0) 3435 indicating in the StatSN field the next status number it is 3436 going to issue. This will help the initiator detect missing 3437 StatSN and issue a SACK-status. 3439 The time to timeout by both initiator and target are outside the 3440 scope of this document. 3442 Both the iSCSI target and initiator MAY resort to a more drastic, 3443 not-within-connection recovery procedure in any of those cases. 3445 6.7.1.2 Recovery within-session 3447 At an iSCSI initiator, the following cases lend themselves to within 3448 session recovery: 3450 Satran, J. Standards-Track, Expire October 2001 85 3451 iSCSI February 23, 2001 3453 (1)TCP connection failure. The initiator MUST close the 3454 connection following which it MUST either Logout the failed 3455 connection, or Login with an implied Logout, and reissue all 3456 commands associated with the failed connection on another 3457 connection (that MAY be a newly established connection) with 3458 the X (retry) flag set to 1. 3460 N.B. The logout function is mandatory, while a new connection 3461 establishment is mandatory only if the failed connection was 3462 the last or only connection in the session 3464 N.B. As an alternative to Logout and reissue commands, the 3465 initiator MAY instead reset the target and terminate all 3466 outstanding commands with a service response indicating 3467 Delivery Subsystem Failure. The initiator MUST perform one of 3468 the two actions. 3470 (2)Receiving an Asynchronous Message requiring recovery Logout. 3471 The initiator MUST handle it as a TCP connection failure for 3472 the connection referred to in the message. 3474 At an iSCSI target, the following cases lend themselves to within- 3475 session recovery 3477 (1)TCP connection failure. The target MUST close the connection 3478 and then, if more than one connection is available, the target 3479 SHOULD send an Asynchronous Message indicating it has dropped 3480 the connection. Following that, the target will wait for the 3481 initiator to continue recovery. 3483 6.7.1.3 Session Recovery 3485 Session recovery is to be performed when all other recovery attempts 3486 have failed. Very simple initiators and targets MAY perform session 3487 recovery on all iSCSI errors - and thus place the burden of recovery 3488 on the SCSI layer and above. 3490 Session recovery implies and closing all TCP connections, aborting at 3491 target all executing and queued tasks for the given initiator, 3492 terminating at initiator all outstanding SCSI commands with an 3493 appropriate SCSI service response and restarting a session on a new 3494 connection set (TCP connection establishment and login on all new 3495 connections). 3497 Satran, J. Standards-Track, Expire October 2001 86 3498 iSCSI February 23, 2001 3500 7. Notes to Implementers 3502 This section notes some of the performance and reliability 3503 considerations of the iSCSI protocol. This protocol was designed to 3504 allow efficient silicon and software implementations. The iSCSI tag 3505 mechanism was designed to enable RDMA at the iSCSI level or lower. 3507 The guiding assumption made throughout the design of this protocol 3508 was that targets are resource constrained relative to initiators. 3510 7.1 Multiple Network Adapters 3512 The iSCSI protocol allows multiple connections, not all of which need 3513 go over the same network adapter. If multiple network connections are 3514 to be utilized with hardware support, the iSCSI protocol command- 3515 data-status allegiance to one TCP connection insure that there is no 3516 need to replicate information across network adapters or otherwise 3517 require them to cooperate. 3519 However, some task management commands may require some loose form of 3520 cooperation or replication at least on the target. 3522 7.2 Autosense and Auto Contingent Allegiance (ACA) 3524 Autosense refers to the automatic return of sense data to the 3525 initiator in case a command did not complete successfully. iSCSI 3526 mandates support for autosense. 3528 ACA helps preserving ordered command execution in presence of errors. 3529 As iSCSI can have many commands in-flight between initiator and 3530 target iSCSI mandates support for ACA. 3532 Satran, J. Standards-Track, Expire October 2001 87 3533 iSCSI February 23, 2001 3535 8. Security Considerations 3537 Historically, native storage systems have not had to consider 3538 security because their environments offered minimal security risks. 3539 That is, these environments consisted of storage devices either 3540 directly attached to hosts or connected via a subnet distinctly 3541 separate from the communications network. The use of storage 3542 protocols, such as SCSI, over IP networks requires that security 3543 concerns be addressed. iSCSI implementations MUST provide means of 3544 protection against active attacks (pretending as another identity, 3545 message insertion, deletion, and modification) and MAY provide means 3546 of protection against passive attacks (eavesdropping, gaining 3547 advantage by analyzing the data sent over the line). 3549 The following section describes the security protection modes that 3550 should 3551 be provided by an iSCSI implementation. 3553 Authentication and a Secure Channel setup MAY be performed 3554 independent of iSCSI (as when using tunneling IPSec or some 3555 implementations of transport IPSec). 3557 8.1 iSCSI Security Protection Modes 3559 8.1.1 No Security 3561 This mode does not authenticate nor does it encrypt data. This mode 3562 should only be used in environments where the security risk is 3563 minimal and configuration errors are improbable. 3565 8.1.2 Initiator-Target Authentication 3567 In this mode, the target authenticates the initiator and the 3568 initiator optionally authenticates the target. An attacker should not 3569 gain any advantage by inspecting the authentication phase messages 3570 (so, e.g., sending clear password is out of question). This mode 3571 protects against an unauthorized access to storage resources by using 3572 a false identity (SPOOFING). Once the authentication phase is 3573 completed, all messages are sent and received in clear. This mode 3574 should only be used when there is minimal risk to man-in-the-middle 3575 attacks, eavesdropping, message insertion, deletion, and 3576 modification. 3578 8.1.3 Data Integrity and Authentication 3580 Satran, J. Standards-Track, Expire October 2001 88 3581 iSCSI February 23, 2001 3583 This mode provides origin authentication and data integrity for every 3584 message that is sent after a security context is established. It 3585 protects against man-in-the-middle attacks, message insertion, 3586 deletion, and modification. 3588 It is possible to use different authentication mechanisms for headers 3589 and data. 3591 Every compliant iSCSI initiator and target MUST be able to provide 3592 initiator-target authentication and data integrity and 3593 authentication. This quality of protection MAY be achieved on every 3594 connection through properly configured IPSec involving only 3595 administrative (indirect) interaction with iSCSI implementations. 3597 8.1.4 Encryption 3599 This mode provides data privacy in addition to data integrity and 3600 authentication, and protects against eavesdropping, man-in-the-middle 3601 attacks, message insertion, deletion, and modification. 3603 A connection or multiple connections MAY be protected end-to-end or 3604 partial-path (gateway tunneling) by using IPSec. 3606 Satran, J. Standards-Track, Expire October 2001 89 3607 iSCSI February 23, 2001 3609 9. IANA Considerations 3611 There will be a well-known port for iSCSI connections. This well 3612 known port will be registered with IANA. 3614 Satran, J. Standards-Track, Expire October 2001 90 3615 iSCSI February 23, 2001 3617 10. References and Bibliography 3619 [AC] A detailed proposal for Access Control, Jim Hafner, 3620 T10/99-245 3621 [ALTC] Internet Draft: Alternative checksums (work in progress) 3622 [BOOT] P. Sarkar & team draft-ietf-ips-iscsi-boot-01.txt 3623 [CAM] ANSI X3.232-199X, Common Access Method-3 (Cam-3) 3624 [CRC] ISO 3309, High-Level Data Link Control (CRC 32) 3625 [FIPS-180-1] FIPS-Secure Hash Standard 3626 [FIPS-186-2] FIPS-Digital Signature Standard 3627 [NDT] M. Bakke & team, draft-ietf-ips-iSCSI- 3628 NamingAndDiscovery-00.txt 3629 [PKIX-Part1] Housley, R., et al, "Internet X.509 Public Key 3630 Infrastructure, Certificate and CRL Profile", Internet Draft, 3631 draft-ietf-pkix-ipki-part1-11.txt 3632 [RFC793] Transmission Control Protocol, RFC 793 3633 [RFC1122] Requirements for Internet Hosts-Communication Layer 3634 RFC1122, R. Braden (editor) 3635 [RFC-1510] J. Kohl, C. Neuman, "The Kerberos Network 3636 Authentication Service (V5)", September 1993. 3637 [RFC1766] Alvestrand, H., "Tags for the Identification of 3638 Languages", March 1995. 3639 [RFC1964] J. Linn, �The Kerberos Version 5 GSS-API Mechanism�, 3640 June 1996. 3641 [RFC1982] Elz, R., Bush, R., "Serial Number Arithmetic", RFC 3642 1982, August 1996. 3643 [RFC2026] Bradner, S., "The Internet Standards Process -- 3644 Revision 3", RFC 2026, October 1996. 3645 [RFC-2044] Yergeau, F., "UTF-8, a Transformation Format of 3646 Unicode and ISO 10646", October 1996. 3647 [RFC2104] Krawczyk, H., Bellare, M., and Canetti, R., "HMAC: 3648 Keyed-Hashing for Message Authentication", February 1997 3649 [RFC2119] Bradner, S. "Key words for use in RFCs to Indicate 3650 Requirement Levels", BCP 14, RFC 2119, March 1997. 3651 [RFC2144] Adams, C., "The CAST-128 Encryption Algorithm", May 3652 1997. 3653 [RFC2234] D. Crocker, P. Overell Augmented BNF for Syntax 3654 Specifications: ABNF 3655 [RFC2313] B. Kaliski, PKCS #1: RSA Encryption, Version 1.5 3656 [RFC2434] T. Narten, and H. Avestrand, "Guidelines for Writing 3657 an IANA Considerations Section in RFCs.", RFC2434, October 3658 1998. 3659 [RFC2440] Callas, J., et al, "OpenPGP Message Format", November 3660 1998. 3661 [RFC2945], Wu, T., "The SRP Authentication and Key Exhange 3662 System", September 2000. 3663 [SAM2] ANSI X3.270-1998, SCSI-3 Architecture Model (SAM-2) 3665 Satran, J. Standards-Track, Expire October 2001 91 3666 iSCSI February 23, 2001 3668 [SBC] ANSI X3.306-199X, SCSI-3 Block Commands (SBC) 3669 [SCSI2] ANSI X3.131-1994, SCSI-2 3670 [Schneier] Schneier, B., "Applied Cryptography Second Edition: 3671 protocols, algorithms, and source code in C", 2nd edition, John 3672 Wiley & Sons, New York, NY, 1996. 3673 [SPC] ANSI X3.301-199X, SCSI-3 Primary Commands (SPC) 3674 [Wolf94] J. K. Wolf et al. The Single Burst Error Detection 3675 Performance of Binary Cyclic Codes - IEEE Transactions on 3676 Communications, Vol. 42 No. 1 3677 [Wolf88] J. K. Wolf et al. The Exact Evaluation of the 3678 Probability of Undetected Error for Certain Shortened Binary 3679 CRC Codes - Proc. MILCOM 1988 pp 15.2.1-15.2.6 3681 Satran, J. Standards-Track, Expire October 2001 92 3682 iSCSI February 23, 2001 3684 11. Author's Addresses 3686 Julian Satran 3687 Kalman Meth 3688 Ofer Biran 3689 IBM, Haifa Research Lab 3690 MATAM - Advanced Technology Center 3691 Haifa 31905, Israel 3692 Phone +972 4 829 6211 3693 Email: Julian_Satran@vnet.ibm.com meth@il.ibm.com 3694 biran@il.ibm.com 3696 Daniel F. Smith 3697 IBM Almaden Research Center 3698 650 Harry Road 3699 San Jose, CA 95120-6099, USA 3700 Phone: +1 408 927 2072 3701 Email: dfsmith@almaden.ibm.com 3703 Costa Sapuntzakis 3704 Cisco Systems, Inc. 3705 170 W. Tasman Drive 3706 San Jose, CA 95134, USA 3707 Phone: +1 408 525 5497 3708 Email: csapuntz@cisco.com 3710 Randy Haagens 3711 Hewlett-Packard Company 3712 8000 Foothills Blvd. 3713 Roseville, CA 95747-5668, USA 3714 Phone: +1 (916) 785-4578 3715 E-mail: Randy_Haagens@hp.com 3717 Matt Wakeley 3718 Agilent Technologies 3719 1101 Creekside Ridge Drive 3720 Suite 100, M/S RH21 3721 Roseville, CA 95661 3722 Phone: +1 (916) 788-5670 3723 E-Mail: matt_wakeley@agilent.com 3725 Efri Zeidner 3726 SANGate 3727 Israel 3728 efri@sangate.com 3730 Satran, J. Standards-Track, Expire October 2001 93 3731 iSCSI February 23, 2001 3733 Paul von Stamwitz 3734 Adaptec, Inc. 3735 691 South Milpitas Boulevard 3736 Milpitas, CA 95035 3737 Phone: +1(408) 957-5660 3738 E-mail: paulv@corp.adaptec.com 3740 Luciano Dalle Ore 3741 Quantum Corp. 3742 Phone: +1(408) 232 6524 3743 E-mail: ldalleore@snapserver.com 3745 Yaron Klein 3746 SANRAD 3747 24 Raul Valenberg St. 3748 Tel-Aviv, 69719 Israel 3749 Phone: +972-3-7659998 3750 E-mail: klein@sanrad.com 3752 Comments may be sent to Julian Satran 3754 Satran, J. Standards-Track, Expire October 2001 94 3755 iSCSI February 23, 2001 3757 Appendix A. iSCSI Security and Integrity 3759 01 Security keys and values 3761 The parameters (keys) negotiated for security are: 3763 - Digests (HeaderDigest, DataDigest) 3764 - Authentication methods (InitAuth, TargetAuth) 3766 Digests enable checking end-to-end data integrity (beyond the 3767 integrity checks provided by the link layers and covering the whole 3768 communication path including all elements that may change the network 3769 level PDUs - like routers, switches, proxies etc.). 3771 The following table lists cyclic integrity checksums that can be 3772 negotiated for the digests and MUST be implemented by every iSCSI 3773 initiator and target. Note that these digest options have only error 3774 detection significance. 3776 +---------------------------------------------+ 3777 | Name | Description | 3778 +---------------------------------------------+ 3779 | crc-32Q | 32 bit CRC | 3780 +---------------------------------------------+ 3781 | crc-64 | 64 bit CRC | 3782 +---------------------------------------------+ 3783 | none | no digest | 3784 +---------------------------------------------+ 3786 The generator polynomials for those digests are: 3788 crc-32Q - x**32+x**31+x**24+x**22+x**16+x**14+x**8+x**7+ 3789 x**5+x**7+x**5+x**3+x+1 3790 crc-64 - TBD 3792 crc-64 MUST NOT be used for HeaderDigest. 3793 Cyclic codes are particularly well suited for hardware 3794 implementations. 3796 Implementations MAY also negotiate digests with security significance 3797 for data authentication and integrity as detailed in the following 3798 table: 3800 Satran, J. Standards-Track, Expire October 2001 95 3801 iSCSI February 23, 2001 3803 +-------------------------------------------------------------+ 3804 | Name | Description | Definition | 3805 +-------------------------------------------------------------+ 3806 | KRB5_MD5 | the SGN_CKSUM field (8 bytes) | RFC-1964 | 3807 | | of the GSS_GetMIC() token in | | 3808 | | GSS_KRB5_INTEG_C_QOP_MD5 QOP | | 3809 | | (partial MD5 ("MD2.5") ) | | 3810 +-------------------------------------------------------------+ 3811 | KRB5_DES_MD5 | the SGN_CKSUM field (8 bytes) | RFC-1964 | 3812 | | of the GSS_GetMIC() token in | | 3813 | | GSS_KRB5_INTEG_C_QOP_DES_MD5 | | 3814 | | QOP (DES MAC of MD5) | | 3815 +-------------------------------------------------------------+ 3816 | KRB5_DES_MAC | the SGN_CKSUM field (8 bytes) | RFC-1964 | 3817 | | of the GSS_GetMIC() token in | | 3818 | | GSS_KRB5_INTEG_C_QOP_ DES_MAC | | 3819 | | QOP (DES MAC) | | 3820 +-------------------------------------------------------------+ 3822 Note: the KRB5_* digests are allowed only when combined with KRB5 3823 initiator authentication method (see below). I.e., the initiator may 3824 offer one of these digests only if he also offers KRB5 as InitAuth 3825 method, and the target may respond with one of these digests only if 3826 he also responds with KRB5 as the InitAuth method. 3828 Other and proprietary algorithms MAY also be negotiated. 3829 The none value is the only one that MUST be supported. 3831 The following table details authentication methods: 3833 +-----------------------------------------------------------+ 3834 | Name | Description | 3835 +-----------------------------------------------------------+ 3836 | KERB5 | Kerberos V5 | 3837 +-----------------------------------------------------------+ 3838 | srp | Secure Remote Password | 3839 +-----------------------------------------------------------+ 3840 | none | No authentication | 3841 +-----------------------------------------------------------+ 3843 KERB5 is defined in [RFC-1510] and Secure Remote Password is defined 3844 in [RFC-2945]. 3846 Satran, J. Standards-Track, Expire October 2001 96 3847 iSCSI February 23, 2001 3849 Note: KERB5 target authentication is allowed only when combined with 3850 KERB5 client authentication. I.e., the initiator may offer KERB5 as 3851 TargetAuth method only if he also offers KERB5 as InitAuth method, 3852 and the target may respond with KERB5 for TargetAuth only if he also 3853 responds KERB5 for InitAuth. 3855 02 Authentication 3857 The authentication exchange authenticates the initiator and target to 3858 each other. Authentication is not mandatory and is distinct from the 3859 data integrity exchange. 3861 Different levels of authentication can be applied such as initiator 3862 authentication, target authentication or both. 3864 The authentication methods to be used are KERB5, SRP or proprietary. 3866 For Kerberos [RFC-1510], the initiator MUST use: 3868 Authenticate= 3870 where blob contains the KRB_AP_REQ message encoded as a number. 3872 If the initiator has selected the mutual authentication option, the 3873 target MUST either return an error or use: 3875 Authenticate= 3877 Where blob contains the KRB_AP_REP message encoded as a hexadecimal 3878 string. The format of these messages is defined in [RFC1510]. 3880 For SRP [RFC2945], the initiator MUST use: 3882 Authenticate=U,A 3884 The target MUST either return an error or reply with: 3886 Authenticate=s,B 3888 The initiator MUST either abort or continue with: 3890 AuthenticateNext=M1 3892 The target MUST either return an error or reply with 3894 Satran, J. Standards-Track, Expire October 2001 97 3895 iSCSI February 23, 2001 3897 AuthenticateNext=M2 3899 Where U, A, s, B, M1 and M2 are numbers defined in [RFC2945]. 3901 03 Login Phase examples 3903 In the first example, the initiator and target authenticate each 3904 other via Kerberos: 3906 I-> Login InitiatorWWUI=com.os.hostid.77 3907 TargetWWUI=com.acme.diskarray.sn.88 3908 HeaderDigest=KRB5_MD5,KRB5_DES_MAC,crc-32Q,none 3909 DataDigest=crc-32Q,none InitAuth=srp,KERB5,none 3910 TargetAuth=KERB5,none 3912 T-> Login-PR HeaderDigest=KERB5_MD5 DataDigest=crc-32Q 3913 InitAuth=KERB5 TargetAuth=KERB5 3915 (Login-PR stands for Login-Partial-Response) 3917 I-> Text Authenticate=krb_ap_req 3918 (krb_ap_req contains the KERB5 ticket and authenticator) 3920 If the authentication is successful, the target proceeds with: 3922 T-> Text Authenticate=krb_ap_rep SecurityContextComplete=Yes 3923 krb_ap_rep is the KERB5 mutual authentication reply) 3925 If the authentication is successful, the initiator proceeds: 3927 I-> Text SecurityContextComplete=Yes 3928 T-> Text SecurityContextComplete=Yes 3930 From this point on, any Text command and each PDU thereafter 3931 will have a KERB5_MD5 digest for the header and a crc-32Q for 3932 the data. 3934 The initiator may proceed: 3936 I-> Text ... iSCSI parameters 3937 T-> Text ... iSCSI parameters 3939 And at the end: 3941 Satran, J. Standards-Track, Expire October 2001 98 3942 iSCSI February 23, 2001 3944 I-> Text optional iSCSI parameters F bit set to 1 3945 T-> Login "login accept" TargetWWUI=com.acme.diskarray.sn.88 3947 If the initiator authentication by the target was not 3948 successful, the target responds with: 3950 T-> Login "login reject" 3952 instead of the Text krb_ap_rep message, and terminates the 3953 connection. 3955 If the target authentication by the initiator was not 3956 successful, the initiator terminates the connection (without 3957 responding to the Text krb_ap_rep message). 3959 In the next example only the initiator is authenticated by the target 3960 via Kerberos: 3962 I-> Login InitiatorWWUI=com.os.hostid.77 3963 TargetWWUI=com.acme.diskarray.sn.88 3964 HeaderDigest=KRB5_MD5,KRB5_DES_MAC,crc-32Q,none 3965 DataDigest=crc-32Q,none InitAuth=srp,KERB5,none 3966 T-> Login-PR HeaderDigest=KERB5_MD5 DataDigest=crc-32Q 3967 InitAuth=KERB5 3969 I-> Text Authenticate=krb_ap_req SecurityContextComplete=Yes 3970 T-> Text SecurityContextComplete=Yes 3972 From this point on, any Text command and each PDU thereafter 3973 must have a KERB5_MD5 digest for the header and a crc-32Q for 3974 the data. 3976 I-> Text ... iSCSI parameters 3977 T-> Text ... iSCSI parameters 3979 . . . 3981 T-> Login "login accept" TargetWWUI=com.acme.diskarray.sn.88 3983 In the next example, the target authenticates the initiator via SRP. 3985 I-> Login InitiatorWWUI=com.os.hostid.77 3986 TargetWWUI=com.acme.diskarray.sn.88 HeaderDigest=crc-32Q,none 3987 DataDigest=crc-32Q,crc-64, none InitAuth=KERB5,srp,none 3988 TargetAuth=none 3990 Satran, J. Standards-Track, Expire October 2001 99 3991 iSCSI February 23, 2001 3993 T-> Login-PR HeaderDigest=crc-32Q DataDigest=crc-64 3994 InitAuth=srp 3995 I-> Text Authenticate=U,A 3996 T-> Text Authenticate=s,B 3997 I-> Text AuthenticateNext=M1 3999 If authentication is successful, the target proceeds: 4001 T-> Text AuthenticateNext=M2 SecurityContextComplete=Yes 4002 I-> Text SecurityContextComplete=Yes 4003 T-> Text SecurityContextComplete=Yes 4005 Where U, A, s, B, M1 and M2 are numbers defined in [RFC2945]. 4007 From this point on, any Text command and each PDU thereafter 4008 will have a crc-32Q digest for the header and a crc-64 for the 4009 data. 4011 I-> Text � iSCSI parameters 4012 T-> Text � iSCSI parameters 4014 And at the end: 4016 I-> Text optional iSCSI parameters and F bit set to 1 4017 T-> Login "login accept" TargetWWUI=com.acme.diskarray.sn.88 4019 If the authentication was not successful, the target responds 4020 with 4022 T-> Login "login reject" 4024 Instead of the T-> Text AuthenticateNext=M2 ... message and 4025 terminates the connection. 4027 In the next example, the initiator does not offer any 4028 security/integrity parameters, so he may offer iSCSI parameters on 4029 the Login message with the F bit set to 1, and the target may respond 4030 with a final Login message immediately: 4032 I-> Login InitiatorWWUI=com.os.hostid.77 4033 TargetWWUI=com.acme.diskarray.sn.88 ... iSCSI parameters 4034 T-> Login "login accept" 4035 TargetWWUI=com.acme.diskarray.sn.88 ... ISCSI parameters 4037 Satran, J. Standards-Track, Expire October 2001 100 4038 iSCSI February 23, 2001 4040 In the next example, the initiator does offer security/integrity 4041 parameters on the Login message, but the target does not choose 4042 any (i.e., chooses the "none" values): 4044 I-> Login InitiatorWWUI=com.os.hostid.77 4045 TargetWWUI=com.acme.diskarray.sn.88 HeaderDigest=crc-32Q,none 4046 DataDigest=crc-32Q,crc-64,none InitAuth:KERB5,srp 4047 T-> Login-PR 4049 I-> Text ... iSCSI parameters 4050 T-> Text ... iSCSI parameters 4052 And at the end: 4054 I-> Text optional iSCSI parameters F bit set to 1 4055 T-> Login "login accept" TargetWWUI=com.acme.diskarray.sn.88 4057 Note that no SecurityContextComplete=Yes is required since no 4058 security mechanism was chosen. 4060 Satran, J. Standards-Track, Expire October 2001 101 4061 iSCSI February 23, 2001 4063 Appendix B. Examples 4065 04 Read operation example 4067 |Initiator Function| Message Type | Target Function | 4068 +------------------+-----------------------+----------------------+ 4069 | Command request |SCSI Command (READ)>>> | | 4070 | (read) | | | 4071 +------------------+-----------------------+----------------------+ 4072 | | | Prepare Data Transfer| 4073 +------------------+-----------------------+----------------------+ 4074 | Receive Data | <<< SCSI Data | Send Data | 4075 +------------------+-----------------------+----------------------+ 4076 | Receive Data | <<< SCSI Data | Send Data | 4077 +------------------+-----------------------+----------------------+ 4078 | Receive Data | <<< SCSI Data | Send Data | 4079 +------------------+-----------------------+----------------------+ 4080 | | <<< SCSI Response |Send Status and Sense | 4081 +------------------+-----------------------+----------------------+ 4082 | Command Complete | | | 4083 +------------------+-----------------------+----------------------+ 4085 Satran, J. Standards-Track, Expire October 2001 102 4086 iSCSI February 23, 2001 4088 05 Write operation example 4090 +------------------+-----------------------+---------------------+ 4091 |Initiator Function| Message Type | Target Function | 4092 +------------------+-----------------------+---------------------+ 4093 | Command request |SCSI Command (WRITE)>>>| Receive command | 4094 | (write) | | and queue it | 4095 +------------------+-----------------------+---------------------+ 4096 | | | Process old commands| 4097 +------------------+-----------------------+---------------------+ 4098 | | | Ready to process | 4099 | | <<< R2T | WRITE command | 4100 +------------------+-----------------------+---------------------+ 4101 | Send Data | SCSI Data >>> | Receive Data | 4102 +------------------+-----------------------+---------------------+ 4103 | | <<< R2T | | 4104 +------------------+-----------------------+---------------------+ 4105 | | <<< R2T | | 4106 +------------------+-----------------------+---------------------+ 4107 | Send Data | SCSI Data >>> | Receive Data | 4108 +------------------+-----------------------+---------------------+ 4109 | Send Data | SCSI Data >>> | Receive Data | 4110 +------------------+-----------------------+---------------------+ 4111 | | <<< SCSI Response |Send Status and Sense| 4112 +------------------+-----------------------+---------------------+ 4113 | Command Complete | | | 4114 +------------------+-----------------------+---------------------+ 4116 Satran, J. Standards-Track, Expire October 2001 103 4117 iSCSI February 23, 2001 4119 Appendix C. Synch and Steering with Fixed Interval Markers 4121 This appendix presents a simple scheme for synchronization (PDU 4122 boundary retrieval). It uses markers including synchronization 4123 information placed at fixed intervals in the TCP stream. 4125 A Marker consists of: 4127 Byte / 0 | 1 | 2 | 3 | 4128 / | | | | 4129 |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 4130 +---------------+---------------+---------------+---------------+ 4131 0| Next-iSCSI-PDU-start pointer - copy #1 | 4132 +---------------+---------------+---------------+---------------+ 4133 4| Next-iSCSI-PDU-start pointer - copy #2 | 4134 +---------------+---------------+---------------+---------------+ 4136 The marker uses 2 copies of pointer so that a marker spanning a TCP 4137 packet boundary will leave at least one valid copy in one of the 4138 packets. 4140 The use of markers is negotiable. Initiator and target MAY indicate 4141 their readiness to receive and/or send markers, during login, 4142 separately for each connection. The default is NO. In certain 4143 environments a sender not willing to supply markers to a receiver 4144 willing to accept markers MAY suffer from a considerable performance 4145 degradation. 4147 Satran, J. Standards-Track, Expire October 2001 104 4148 iSCSI February 23, 2001 4150 06 Markers At Fixed Intervals 4152 At fixed intervals in the TCP byte stream, a "Marker" is inserted. 4153 This Marker indicates the offset to the next iSCSI message header. 4154 The Marker is eight bytes in length, and contains two 32-bit offset 4155 fields that indicate how many bytes to skip in the TCP stream to find 4156 the next iSCSI message header. There are two copies of the offset in 4157 the Marker to handle the case where the Marker straddles a TCP 4158 segment boundary. Each end of the iSCSI session specifies during 4159 login the interval of the Marker it will be receiving, or disables 4160 the Marker altogether. If a receiver indicates that it desires a 4161 Marker, the sender SHOULD agree (during negotiation) and provide the 4162 Marker at the desired interval. 4164 The marker interval (and the initial marker-less interval) are 4165 counted in terms of the TCP stream data. Anything counted in the TCP 4166 sequence-number is counted for the interval and the initial marker- 4167 less interval (this specifically includes any bytes "inserted" in the 4168 TCP stream by an UFL). 4170 When reduced to iSCSI terms markers MUST point to a 4 byte word 4171 boundary in the stream - the last 2 bits of each marker word are 4172 reserved and will be considered 0 for offset computation. 4174 Padding iSCSI PDU payloads to 4 byte word boundaries simplifies 4175 marker manipulation. 4177 07 Initial marker-less interval 4179 To enable the connection setup including the login phase negotiation, 4180 the negotiated marking will be started at a negotiated boundary in 4181 the stream. The marker-less interval will not be less than 64 kbytes 4182 and the default will be 64 kbytes. 4184 Satran, J. Standards-Track, Expire October 2001 105 4185 iSCSI February 23, 2001 4187 Appendix D. Login/Text miscellaneous keys 4189 ISID and TSID form collectively the SSID (session id). A TSID of zero 4190 indicates a leading connection. Only a leading connection login can 4191 carry session specific parameters, e.g. MaxConnections, the maximum 4192 immediate data length requested, etc.. 4194 08 MaxConnections 4196 MaxConnections= 4198 Default is 8. 4200 Initiator and target negotiate the maximum number of connections 4201 requested/acceptable. The lower of the 2 numbers is selected. 4203 09 TargetWWUI 4205 TargetWWUI= 4207 Examples: 4209 TargetWWUI=com.disk-vendor.diskarrays.sn.45678 4210 TargetWWUI=eui.020000023B040506 4211 TargetWWUI=oui.00023B.target.45 4212 TargetWWUI=iSCSI 4214 This key is provided by the initiator of the TCP connection to the 4215 remote endpoint. The Target WWUI specifies the worldwide unique name 4216 of the target. The non-unique default name "iSCSI" may be used to 4217 indicate whatever default target exists at the address to which the 4218 connection was made. 4220 The TargetWWUI key may also be returned by the "SendTargets" text 4221 command, described in [NDT]. 4223 10 InitiatorWWUI 4225 InitiatorWWUI= 4227 Examples: 4229 InitiatorWWUI=com.os-vendor.plan9.cdrom.12345 4230 InitiatorWWUI=com.service-provider.users.customer235.host90 4231 InitiatorWWUI=iSCSI 4233 Satran, J. Standards-Track, Expire October 2001 106 4234 iSCSI February 23, 2001 4236 The Initiator key enables the initiator to identify itself to the 4237 remote endpoint. The use of the default WWUI "iSCSI" is interpreted 4238 as "other side of TCP connection". The target may silently ignore 4239 this key if it does not support it, and does not need to track or 4240 verify which initiators use it. A target that supports this field 4241 may use it to allow or deny access to an initiator. 4243 11 TargetAlias 4245 TargetAlias= 4247 Examples: 4249 TargetAlias=Bob's Disk 4250 TargetAlias=Database Server 1 Log Disk 4251 TargetAlias=Web Server 3 Disk 20 4253 If a target has been configured with a human-readable name or 4254 description, it may be communicated to the initiator during a Login 4255 Response message. This string is not used as an identifier, but can 4256 be displayed by the initiator's user interface in a list of targets 4257 to which it is connected. 4259 This key is OPTIONAL, and MAY be returned by a target within a Login 4260 Response. This field may also be returned in the response to the 4261 "SendTargets" text command. 4263 12 InitiatorAlias 4265 InitiatorAlias= 4267 Examples: 4269 InitiatorAlias=Web Server 4 4270 InitiatorAlias=spyalley.nsa.gov 4271 InitiatorAlias=Exchange Server 4273 If an initiator has been configured with a human-readable name or 4274 description, it may be communicated to the initiator during a Login 4275 Request message. If not, the host name can be used instead. 4276 This string is not used as an identifier, but can be displayed by the 4277 target's user interface in a list of initiators to which it is 4278 connected. 4280 This key is OPTIONAL, and MAY be sent by an initiator within a Login 4281 Request. 4283 Satran, J. Standards-Track, Expire October 2001 107 4284 iSCSI February 23, 2001 4286 13 TargetAddress 4288 TargetAddress=domainname[:port]/wwui 4290 Examples: 4292 TargetAddress=10.0.0.1/com.disk-vendor.diskarrays.sn.45678 4293 TargetAddress=12.5.7.10.0.0.1/com.gateways.yourtargets.24 4294 TargetAddress=computingcenter.acme.com/com.disk- 4295 vendor.diskarrays.sn.45678 4297 The response to a SendTargets text command returns one or more target 4298 addresses for each target WWUI it returns. This field is used to 4299 indicate one of the known addresses of the target. 4300 14 AccessID 4302 AccessID= 4304 Deliver a SCSI AccessID to the target 4306 15 FMarker 4308 FMarker= 4310 Examples: 4312 I->FMarker=send-receive 4313 T->FMarker=send-receive 4315 results in Marker being used in both directions while 4317 I->FMarker=send-receive 4318 T->FMarker=receive 4320 results in Marker being used from the initiator to the target but not 4321 from the target to initiator. 4323 16 RFMarkInt 4325 RFMarkInt= 4327 Indicates at what interval (in 4 byte words) the receiver wants the 4328 markers. The larger of the numbers (wanted by receiver and offered by 4329 sender) is selected. The interval is measured from the beginning of a 4331 Satran, J. Standards-Track, Expire October 2001 108 4332 iSCSI February 23, 2001 4334 marker to the beginning of the next marker - e.g., a value of 1026 4335 means 1026 words (4096 bytes of "pure" payload between markers). 4337 Default is 2050. 4339 17 SFMarkInt 4341 SFMarkInt= 4343 Indicates at what interval (in 4 byte words) the sender offers to 4344 send the markers. The larger of the numbers (wanted by receiver and 4345 offered by sender) is selected. The interval is measured from the 4346 beginning of a marker to the beginning of the next marker - e.g., a 4347 value of 1026 means 1026 words (4096 bytes of "pure" payload between 4348 markers). 4350 Default is 2050. 4352 18 IFMarkInt 4354 IFMarkInt= 4356 Indicates the initial marker-less interval required by the initiator 4357 in both directions in 4 byte words. The interval is measured from the 4358 beginning of the TCP stream to the beginning of the first marker - 4359 e.g., a value of 1024 means 1024 words (4096 bytes of "pure" payload 4360 up to the first marker). 4362 Default is 4096. 4364 19 UseR2T 4366 UseR2T= 4368 Examples: 4370 I->UseR2T=no 4371 T->UseR2T=no 4373 The UseR2T key is used to turn off the default use of R2T, thus 4374 allowing an initiator to send data to a target without the target 4375 having sent an R2T to the initiator. The default action is that R2T 4376 is required, unless both the initiator and the target send this key- 4377 pair attribute specifying UseR2T:no. Once UseR2T has been set to 4378 'no', it cannot be set back to 'yes'. Note than only the first 4380 Satran, J. Standards-Track, Expire October 2001 109 4381 iSCSI February 23, 2001 4383 outgoing data item (either immediate data or a separate PDU) can be 4384 sent unsolicited by a R2T. 4386 20 BidiUseR2T 4388 BidiUseR2T= 4390 Examples: 4392 I->BidiUseR2T=no 4393 T->BidiUseR2T=no 4395 The BidiUseR2T key is used to turn off the default use of BiDiR2T, 4396 thus allowing an initiator to send data to a target without the 4397 target having sent an R2T to the initiator for the output data (write 4398 part) of a Bi-directional command (having both the R and the W bits 4399 set). The default action is that R2T is required, unless both the 4400 initiator and the target send this key-pair attribute specifying 4401 BidiUseR2T=no. Once BidiUseR2T has been set to 'no', it cannot be 4402 set back to 'yes'. Note than only the first outgoing data burst 4403 (immediate data or separate PDUs) can be sent unsolicited by a R2T. 4405 21 ImmediateData 4407 ImmediateData= 4409 Initiator and target negotiate support for immediate data. Default is 4410 yes. If ImmediateData is set to yes and UseR2T is set to yes 4411 (default) then only immediate data are accepted in the first burst. 4413 If ImmediateData is set to no and UseR2T is set to yes then the 4414 initiator MUST NOT send unsolicited data and the target MUST reject 4415 them with the corresponding response code. 4417 22 DataPDULength 4419 DataPDULength= 4421 Initiator and target negotiate the maximum data payload supported for 4422 command or data PDUs in units of 4096 bytes. Default is 16. This 4423 parameter sets the maximum-burst-size value stored in the SCSI 4424 disconnect-reconnect mode page. The value can subsequently be 4425 retrieved with the mode sense SCSI command. 4427 23 FirstBurstSize 4429 Satran, J. Standards-Track, Expire October 2001 110 4430 iSCSI February 23, 2001 4432 FirstBurstSize=> 4434 Initiator and target negotiate the maximum length supported for 4435 unsolicited data in units of 4096 bytes. Default is 16384 units . 4436 This parameter sets the first-burst-size value stored in the SCSI 4437 disconnect-reconnect mode page. The value can subsequently be 4438 retrieved with the mode sense SCSI command. 4440 24 ITagLength 4442 ITagLength= 4444 Initiator and target negotiate the significant length of the 4445 initiator tag to be used. Default is 32. 4447 25 EnableCmdRN 4449 EnableCmdRN= 4451 Default is no. 4453 Initiator and target negotiate support for CmdRN. 4455 If CmdRN is not supported by the target the CmdRN field is ignored. 4456 This parameter is setting the EnableCmdRN field stored in the SCSI 4457 Logical Unit Control mode page. 4459 26 PingMaxReplyLength 4461 PingMaxReplyLength= 4463 Initiator and target negotiate the maximum length of data contained 4464 in a ping reply. Default is DataPDULength*512. The lowest of the 2 4465 numbers is selected. 4467 PingMaxReplyLength cannot be larger than DataPDULength*512 and the 4468 target MUST reset PingMaxReplyLength to DataPDULength*512 whenever 4469 that becomes lower than the current PingMaxReplyLength. 4471 27 TotalText 4473 TotalText= 4475 Satran, J. Standards-Track, Expire October 2001 111 4476 iSCSI February 23, 2001 4478 Initiator and target indicate the total text limit for any Text or 4479 Login command. 4481 Default is DataPDULength*512. 4483 TotalText cannot be larger than DataPDULength*512 and the target MUST 4484 reset TotalText to DataPDULength*512 whenever that becomes lower than 4485 the current TotalText. 4487 28 KeyValueText 4489 KeyValueText= 4491 Initiator and target indicate the total text limit for any key=value 4492 pair including delimiter. 4494 Default is 255. 4496 KeyValueText MUST NOT be larger than TotalText 4498 29 MaxOutstandingR2T 4500 MaxOutstandingR2T= 4502 Initiator and target negotiate the maximum number of outstanding R2Ts 4503 per task. The default is 8. 4505 30 InDataOrder 4507 InDataOrder= 4509 No is used by iSCSI to indicate that the incoming data PDUs can be in 4510 any order (EMDP = 1) while yes is used to indicate that they have to 4511 be at continuously increasing addresses (EMDP = 0). 4513 This sets also the Connect-Disconnect mode page EMDP bit. 4515 The default is yes but targets MAY support no. 4517 31 BootSession 4519 BootSession= 4521 Default is no. 4523 BootSession MAY be set to yes by the Login Command indicating to the 4524 Target that the only purpose of this Session is boot. The target MAY 4526 Satran, J. Standards-Track, Expire October 2001 112 4527 iSCSI February 23, 2001 4529 restrict the type of iSCSI requests it accepts in such a Session to 4530 Logout, NOP-out, and SCSI read commands. Accepting other commands in 4531 this type of session is vendor-dependent. A target MAY reject a 4532 boot-session. 4534 32 The Glen-Turner vendor specific key format 4536 X-vendor.dns.name-xxxxx= 4538 Keys with this format will be used for vendor-specific purposes. 4539 These keys will always start with X- . 4541 To identify the vendor it is suggested to use the DNS-name as a 4542 prefix to the key-proper. 4544 Satran, J. Standards-Track, Expire October 2001 113 4545 iSCSI February 23, 2001 4547 Full Copyright Statement 4549 "Copyright (C) The Internet Society (date). All Rights Reserved. This 4550 document and translations of it may be copied and furnished to 4551 others, and derivative works that comment on or otherwise explain it 4552 or assist in its implementation may be prepared, copied, published 4553 and distributed, in whole or in part, without restriction of any 4554 kind, provided that the above copyright notice and this paragraph are 4555 included on all such copies and derivative works. However, this 4556 document itself may not be modified in any way, such as by removing 4557 the copyright notice or references to the Internet Society or other 4558 Internet organizations, except as needed for the purpose of 4559 developing Internet standards in which case the procedures for 4560 copyrights defined in the Internet Standards process must be 4561 followed, or as required to translate it into languages other than 4562 English. 4564 The limited permissions granted above are perpetual and will not be 4565 revoked by the Internet Society or its successors or assigns. 4567 This document and the information contained herein is provided on an 4568 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 4569 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 4570 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 4571 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 4572 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 4574 Satran, J. Standards-Track, Expire October 2001 114