Purpose
This document provides a detailed overview of InfiniBand security features and offers straightforward implementation guidelines for securing the InfiniBand (IB) infrastructure. It covers security-related key components such as the Subnet Manager (SM), authentication keys and partitioning mechanisms. The document offers detailed insights into various InfiniBand security aspects, including SM security features, key management, and protection against spoofing. Practical guidelines are included to aid engineers and administrators in configuring and maintaining secure InfiniBand environments, ensuring robust protection against cyber threats.
Target Audience
This document assumes the reader is already familiar with the basic principles and aspects of InfiniBand and focuses primarily on its cybersecurity aspects. For readers who are interested in learning more about the InfiniBand technology, we recommend visiting the InfiniBand Trade Association at https://www.infinibandta.org/. For an introduction to InfiniBand, see NVIDIA InfiniBand.
Glossary
Abbreviation | Term |
AM | Aggregation Management (SHARP) |
BTH | Base Transport Header |
CC | Congestion Control |
CM | Communication Management |
CRC | Cyclic Redundancy Check |
DC | Dynamically Connected |
DR | Direct Routed |
GMP | General Management Packets |
GUI | Graphical User Interface |
GUID | Global Unique Identifier |
HCA | Host Channel Adapter |
IB | InfiniBand |
IP | Internet Protocol |
L Key | Local Key (in the context of RDMA) |
LID | Local Identifier |
LIDR | LID Routed |
MAC | Medium Access Control |
MAD | Management Datagram |
Mkey | Management Key |
MTU | Maximum Transfer Unit |
N2N | Node to Node |
NIC | Network Interface Card |
PD | Protection Domain |
PM | Performance Manager |
PMA | Performance Manager Agent |
PKey | Partition Key |
QoS | Quality of Service |
QP | Queue Pair |
R Key | Remote Key (in the context of RMDA) |
RC | Reliable Connection |
RDMA | Remote Direct Memory Access |
SA | Subnet Administrator |
SAETM | SA Enhanced Trust Model |
SHARP | Scalable Hierarchical Aggregation and Reduction |
SMA | Subnet Manager Agent |
SMP | Subnet Manager Packet |
SM | Subnet Manager |
SNMP | Simple Network Management Protocol |
SSH | Secure Shell Protocol |
UD | Unreliable connection |
UFM | Unified Fabric Manager |
VLAN | Virtual Local Area Network |
VL | Virtual Link |