Feeds

Getting secure external access to AoE disk volumes

Using MPLS to add routability to Coraid's AoE

Top 5 reasons to deploy VMware with Tegile

Comment ATA over Ethernet (AoE) protocol in the storage environment makes an interesting alternative to iSCSI and Fibre Channel. Although it is not routable, it can be made routable and thereby also independent of Ethernet itself.

AoE is a light, layer 2 protocol integrated with Ethernet frames, which makes it ideal for work inside LAN segments.

Ethernet has the virtue of being simple and easy to maintain with the ability to connect new technologies together. Standardised in June 2010 to work at the speeds of 40GbE and 100GbE (IEEE 802.3ba), Ethernet makes Fibre Channel look really weak.

AoE exploits all of these advantages and employs Ethernet broadcasts for storage discovery. Such broadcasts are naturally terminated at a router, because routers do not forward them. This feature restricts the range of AoE to the local Ethernet segment only. In cluster systems this feature provides security, ensuring that the storage cannot be externally accessed. However, this same feature gives rise to significant difficulties if external access to the AoE storage is, in fact, required (see Fig 1).

AoE network diagram

Fig. 1: Exemplar network topology

When external access is required, an edge router creates tunnels to route AoE traffic along a desired path. However, tunnels open access to the AoE storage, and expose it to the possibility of being attacked and harmed from outside. This drawback brings the biggest threat to the AoE storage infrastructure if it is not properly secured.

Unlike AoE, iSCSI protocol has at least a built-in authentication method which makes for better protected access to the storage. Unfortunately, iSCSI has also has big headers, which are processor-intensive, as is the TCP/IP stack. This makes iSCSI useless as a communications protocol for cluster systems. AoE only has the MAC address locking mechanism, which should actually be enough if we send AoE packets along private VLANs in the cloud and use an MPLS VPN path in the service provider network. Such a method of AoE routing is secure and could be a serious threat to iSCSI.

In research at University College Dublin, we have found that AoE over MPLS provides a routable protocol which can be implemented without a need for tunnels, and with a very modest increase in the header size in comparison with original AoE. As a side benefit, the resulting protocol is no longer restricted to Ethernet, because MPLS runs over whichever mix of networking technologies it faces – including ATM, SDH, Metro Ethernet, etc.

Although the performance of this routable form of AoE is degraded in comparison with its non-routable counterpart, experiments show that this degradation is surprisingly small, just 12 per cent or so, given that the gain, namely routability, is so large. More significantly, the new method also outperforms iSCSI, a protocol which comes at a much greater financial cost. ®

Bootnote

Marek Landowski is a PhD student in Electronic Engineering at University College Dublin, and was born in Starogard Gdanski, Poland in 1983. He received an MEngSc degree in Telecommunication Engineering from Gdansk University of Technology, Poland in 2007. His thesis on "FAN conception of traffic control in IP QoS networks" was researched during an Erasmus scholarship at Escuela Tecnica Superior de Ingenieros de Telecomunicacion, Universidad Politecnica de Valencia, Spain. In January 2008, Marek joined the Circuits and Systems research group at University College Dublin and since then he has been conducting PhD studies in the area of Flow Control in Communication Networks. More details on AoE can be found here (PDF/839KB).

Choosing a cloud hosting partner with confidence

More from The Register

next story
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
Want to STUFF Facebook with blatant ADVERTISING? Fine! But you must PAY
Pony up or push off, Zuck tells social marketeers
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.