Network Working Group J. Satran
Request for Comments: 3720 K. Meth
Category: Standards Track IBM
April 2004 Internet Small Computer Systems Interface (iSCSI)
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright (C) The Internet Society (2003). All Rights Reserved.
This document describes a transport protocol for Internet Small
Computer Systems Interface (iSCSI) that works on top of TCP. The
iSCSI protocol aims to be fully compliant with the standardized SCSI
SCSI is a popular family of protocols that enable systems to
communicate with I/O devices, especially storage devices. SCSI
protocols are request/response application protocols with a common
standardized architecture model and basic command set, as well as
standardized command sets for different device classes (disks, tapes,
As system interconnects move from the classical bus structure to a
network structure, SCSI has to be mapped to network transport
protocols. IP networks now meet the performance requirements of fast
system interconnects and as such are good candidates to "carry" SCSI.
The SCSI protocol has been mapped over various transports, including
Parallel SCSI, IPI, IEEE-1394 (firewire) and Fibre Channel. These
transports are I/O specific and have limited distance capabilities.
The iSCSI protocol defined in this document describes a means of
transporting SCSI packets over TCP/IP (see [RFC791], [RFC793],
[RFC1035], [RFC1122]), providing for an interoperable solution which
can take advantage of existing Internet infrastructure, Internet
management facilities, and address distance limitations.
2. Definitions and Acronyms
- Alias: An alias string can also be associated with an iSCSI Node.
The alias allows an organization to associate a user-friendly
string with the iSCSI Name. However, the alias string is not a
substitute for the iSCSI Name.
- CID (Connection ID): Connections within a session are identified by
a connection ID. It is a unique ID for this connection within the
session for the initiator. It is generated by the initiator and
presented to the target during login requests and during logouts
that close connections.
- Connection: A connection is a TCP connection. Communication
between the initiator and target occurs over one or more TCP
connections. The TCP connections carry control messages, SCSI
commands, parameters, and data within iSCSI Protocol Data Units
- iSCSI Device: A SCSI Device using an iSCSI service delivery
subsystem. Service Delivery Subsystem is defined by [SAM2] as a
transport mechanism for SCSI commands and responses.
- iSCSI Initiator Name: The iSCSI Initiator Name specifies the
worldwide unique name of the initiator.
- iSCSI Initiator Node: The "initiator". The word "initiator" has
been appropriately qualified as either a port or a device in the
rest of the document when the context is ambiguous. All
unqualified usages of "initiator" refer to an initiator port (or
device) depending on the context.
- iSCSI Layer: This layer builds/receives iSCSI PDUs and
relays/receives them to/from one or more TCP connections that form
an initiator-target "session".
- iSCSI Name: The name of an iSCSI initiator or iSCSI target.
- iSCSI Node: The iSCSI Node represents a single iSCSI initiator or
iSCSI target. There are one or more iSCSI Nodes within a Network
Entity. The iSCSI Node is accessible via one or more Network
Portals. An iSCSI Node is identified by its iSCSI Name. The
separation of the iSCSI Name from the addresses used by and for the
iSCSI Node allows multiple iSCSI Nodes to use the same address, and
the same iSCSI Node to use multiple addresses.
- iSCSI Target Name: The iSCSI Target Name specifies the worldwide
unique name of the target.
- iSCSI Target Node: The "target".
- iSCSI Task: An iSCSI task is an iSCSI request for which a response
- iSCSI Transfer Direction: The iSCSI transfer direction is defined
with regard to the initiator. Outbound or outgoing transfers are
transfers from the initiator to the target, while inbound or
incoming transfers are from the target to the initiator.
- ISID: The initiator part of the Session Identifier. It is
explicitly specified by the initiator during Login.
- I_T nexus: According to [SAM2], the I_T nexus is a relationship
between a SCSI Initiator Port and a SCSI Target Port. For iSCSI,
this relationship is a session, defined as a relationship between
an iSCSI Initiator's end of the session (SCSI Initiator Port) and
the iSCSI Target's Portal Group. The I_T nexus can be identified
by the conjunction of the SCSI port names; that is, the I_T nexus
identifier is the tuple (iSCSI Initiator Name + ',i,'+ ISID, iSCSI
Target Name + ',t,'+ Portal Group Tag).
- Network Entity: The Network Entity represents a device or gateway
that is accessible from the IP network. A Network Entity must have
one or more Network Portals, each of which can be used to gain
access to the IP network by some iSCSI Nodes contained in that
- Network Portal: The Network Portal is a component of a Network
Entity that has a TCP/IP network address and that may be used by an
iSCSI Node within that Network Entity for the connection(s) within
one of its iSCSI sessions. A Network Portal in an initiator is
identified by its IP address. A Network Portal in a target is
identified by its IP address and its listening TCP port.
- Originator: In a negotiation or exchange, the party that initiates
the negotiation or exchange.
- PDU (Protocol Data Unit): The initiator and target divide their
communications into messages. The term "iSCSI protocol data unit"
(iSCSI PDU) is used for these messages.
- Portal Groups: iSCSI supports multiple connections within the same
session; some implementations will have the ability to combine
connections in a session across multiple Network Portals. A Portal
Group defines a set of Network Portals within an iSCSI Network
Entity that collectively supports the capability of coordinating a
session with connections spanning these portals. Not all Network
Portals within a Portal Group need participate in every session
connected through that Portal Group. One or more Portal Groups may
provide access to an iSCSI Node. Each Network Portal, as utilized
by a given iSCSI Node, belongs to exactly one portal group within
- Portal Group Tag: This 16-bit quantity identifies a Portal Group
within an iSCSI Node. All Network Portals with the same portal
group tag in the context of a given iSCSI Node are in the same
- Recovery R2T: An R2T generated by a target upon detecting the loss
of one or more Data-Out PDUs through one of the following means: a
digest error, a sequence error, or a sequence reception timeout. A
recovery R2T carries the next unused R2TSN, but requests all or
part of the data burst that an earlier R2T (with a lower R2TSN) had
- Responder: In a negotiation or exchange, the party that responds to
the originator of the negotiation or exchange.
- SCSI Device: This is the SAM2 term for an entity that contains one
or more SCSI ports that are connected to a service delivery
subsystem and supports a SCSI application protocol. For example, a
SCSI Initiator Device contains one or more SCSI Initiator Ports and
zero or more application clients. A Target Device contains one or
more SCSI Target Ports and one or more device servers and
associated logical units. For iSCSI, the SCSI Device is the
component within an iSCSI Node that provides the SCSI
functionality. As such, there can be at most, one SCSI Device
within a given iSCSI Node. Access to the SCSI Device can only be
achieved in an iSCSI normal operational session. The SCSI Device
Name is defined to be the iSCSI Name of the node.
- SCSI Layer: This builds/receives SCSI CDBs (Command Descriptor
Blocks) and relays/receives them with the remaining command execute
[SAM2] parameters to/from the iSCSI Layer.
- Session: The group of TCP connections that link an initiator with a
target form a session (loosely equivalent to a SCSI I-T nexus).
TCP connections can be added and removed from a session. Across
all connections within a session, an initiator sees one and the
- SCSI Initiator Port: This maps to the endpoint of an iSCSI normal
operational session. An iSCSI normal operational session is
negotiated through the login process between an iSCSI initiator
node and an iSCSI target node. At successful completion of this
process, a SCSI Initiator Port is created within the SCSI Initiator
Device. The SCSI Initiator Port Name and SCSI Initiator Port
Identifier are both defined to be the iSCSI Initiator Name together
with (a) a label that identifies it as an initiator port
name/identifier and (b) the ISID portion of the session identifier.
- SCSI Port: This is the SAM2 term for an entity in a SCSI Device
that provides the SCSI functionality to interface with a service
delivery subsystem. For iSCSI, the definition of the SCSI
Initiator Port and the SCSI Target Port are different.
- SCSI Port Name: A name made up as UTF-8 [RFC2279] characters and
includes the iSCSI Name + 'i' or 't' + ISID or Portal Group Tag.
- SCSI Target Port: This maps to an iSCSI Target Portal Group.
- SCSI Target Port Name and SCSI Target Port Identifier: These are
both defined to be the iSCSI Target Name together with (a) a label
that identifies it as a target port name/identifier and (b) the
portal group tag.
- SSID (Session ID): A session between an iSCSI initiator and an
iSCSI target is defined by a session ID that is a tuple composed of
an initiator part (ISID) and a target part (Target Portal Group
Tag). The ISID is explicitly specified by the initiator at session
establishment. The Target Portal Group Tag is implied by the
initiator through the selection of the TCP endpoint at connection
establishment. The TargetPortalGroupTag key must also be returned
by the target as a confirmation during connection establishment
when TargetName is given.
- Target Portal Group Tag: A numerical identifier (16-bit) for an
iSCSI Target Portal Group.
- TSIH (Target Session Identifying Handle): A target assigned tag for
a session with a specific named initiator. The target generates it
during session establishment. Its internal format and content are
not defined by this protocol, except for the value 0 that is
reserved and used by the initiator to indicate a new session. It
is given to the target during additional connection establishment
for the same session.
3DES Triple Data Encryption Standard
ACA Auto Contingent Allegiance
AEN Asynchronous Event Notification
AES Advanced Encryption Standard
AH Additional Header (not the IPsec AH!)
AHS Additional Header Segment
API Application Programming Interface
ASC Additional Sense Code
ASCII American Standard Code for Information Interchange
ASCQ Additional Sense Code Qualifier
BHS Basic Header Segment
CBC Cipher Block Chaining
CD Compact Disk
CDB Command Descriptor Block
CHAP Challenge Handshake Authentication Protocol
CID Connection ID
CO Connection Only
CRC Cyclic Redundancy Check
CRL Certificate Revocation List
CSG Current Stage
CSM Connection State Machine
DES Data Encryption Standard
DNS Domain Name Server
DOI Domain of Interpretation
DVD Digital Versatile Disk
ESP Encapsulating Security Payload
EUI Extended Unique Identifier
FFP Full Feature Phase
FFPO Full Feature Phase Only
FIM Fixed Interval Marker
Gbps Gigabits per Second
HBA Host Bus Adapter
HMAC Hashed Message Authentication Code
IANA Internet Assigned Numbers Authority
IDN Internationalized Domain Name
IEEE Institute of Electrical & Electronics Engineers
IETF Internet Engineering Task Force
IKE Internet Key Exchange
I/O Input - Output
IO Initialize Only
IP Internet Protocol
IPsec Internet Protocol Security
IPv4 Internet Protocol Version 4
IPv6 Internet Protocol Version 6
IQN iSCSI Qualified Name
ISID Initiator Session ID
ITN iSCSI Target Name
ITT Initiator Task Tag
KRB5 Kerberos V5
LFL Lower Functional Layer
LO Leading Only
LU Logical Unit
LUN Logical Unit Number
MAC Message Authentication Codes
NA Not Applicable
NIC Network Interface Card
NOP No Operation
NSG Next Stage
OS Operating System
PDU Protocol Data Unit
PKI Public Key Infrastructure
R2T Ready To Transfer
R2TSN Ready To Transfer Sequence Number
RDMA Remote Direct Memory Access
RFC Request For Comments
SAM SCSI Architecture Model
SAM2 SCSI Architecture Model - 2
SAN Storage Area Network
SCSI Small Computer Systems Interface
SN Sequence Number
SNACK Selective Negative Acknowledgment - also
Sequence Number Acknowledgement for data
SPKM Simple Public-Key Mechanism
SRP Secure Remote Password
SSID Session ID
SW Session Wide
TCB Task Control Block
TCP Transmission Control Protocol
TPGT Target Portal Group Tag
TSIH Target Session Identifying Handle
TTT Target Transfer Tag
UFL Upper Functional Layer
ULP Upper Level Protocol
URN Uniform Resource Names [RFC2396]
UTF Universal Transformation Format
WG Working Group
In examples, "I->" and "T->" show iSCSI PDUs sent by the initiator
and target respectively.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119].
iSCSI messages - PDUs - are represented by diagrams as in the
Byte/ 0 | 1 | 2 | 3 |
/ | | | |
|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
0| Basic Header Segment (BHS) |
The diagrams include byte and bit numbering.
The following representation and ordering rules are observed in this
- Word Rule
- Half-word Rule
- Byte Rule
2.3.1. Word Rule
A word holds four consecutive bytes. Whenever a word has numeric
content, it is considered an unsigned number in base 2 positional
representation with the lowest numbered byte (e.g., byte 0) bit 0
representing 2**31 and bit 1 representing 2**30 through lowest
numbered byte + 3 (e.g., byte 3) bit 7 representing 2**0.
Decimal and hexadecimal representation of word values map this
representation to decimal or hexadecimal positional notation.
2.3.2. Half-Word Rule
A half-word holds two consecutive bytes. Whenever a half-word has
numeric content it is considered an unsigned number in base 2
positional representation with the lowest numbered byte (e.g., byte
0), bit 0 representing 2**15 and bit 1 representing 2**14 through
lowest numbered byte + 1 (e.g., byte 1), bit 7 representing 2**0.
Decimal and hexadecimal representation of half-word values map this
representation to decimal or hexadecimal positional notation.
2.3.3. Byte Rule
For every PDU, bytes are sent and received in increasing numbered
order (network order).
Whenever a byte has numerical content, it is considered an unsigned
number in base 2 positional representation with bit 0 representing
2**7 and bit 1 representing 2**6 through bit 7 representing 2**0.