This invention relates to a technology of managing a session with a storage device connected via a network.
An internet SCSI (iSCSI) is a technology of transmitting/receiving a SCSI command used for communication between a storage device and a computer via an IP network (refer to IETF RFC3720, “Internet Small Computer Systems Interface (iSCSI)”).
According to the iSCSI, an iSCSI session is maintained between an initiator and a target for a long time. The iSCSI session includes a transmission control protocol (TCP) connection (also referred to as a session). If the TCP connection is maintained for a long time, there is a possibility that a TCP segment forged by an attacker may cause a cut-off of a connection in the middle of communication or an insertion of data (“problem of reliability latent in TCP protocol”). For the “reliability problem latent in TCP protocol”, use of a border gateway protocol (BGP) is cited as an example of maintaining the TCP connection for a long time. However, when the TCP connection of the BGP is cut off, a routing table has to be reconstructed, giving concern about a wide-ranging influence in terms of availability.
The iSCSI enables, when the TCP connection is cut off, recovery by executing re-establishment via the initiator, and subsequently transmitting a SCSI command and SCSI data again between the initiator and the target. However, a data loss may occur.
“Reliability Problem Latent in TCP Protocol”, Jul. 16, 2004, JPCERT Coordination Center, discloses a method which uses a TCP message digest 5 (MD 5) authentication option or an IP security (IPsec) for the TCP connection maintained for a long time. It also discloses a method of filtering a TCP segment forged by an attacker by passing only TCP segments from correct transmission sources via a packet filtering function of a switch or a router.