BLADEOS 6.5.2 Application Guide

FCoE ACL Rules

When FIP Snooping is enabled on a port, the switch automatically installs the appropriate ACLs to enforce the following rules for FCoE traffic:

￿Ensure that FIP frames from ENodes may only be addressed to FCFs.

￿Flag important FIP packets for switch processing.

￿Ensure no end device uses an FCF MAC address as its source.

￿Each FCoE port is assumed to be connected to an ENode and include ENode-specific ACLs installed, until the port is either detected or configured to be connected to an FCF.

￿Ports that are configured to have FIP snooping disabled will not have any FIP or FCoE related ACLs installed.

￿Prevent transmission of all FCoE frames from an ENode prior to its successful completion of login (FLOGI) to the FCF.

￿After successful completion of FLOGI, ensure that the ENode uses only those FCoE source addresses assigned to it by FCF.

￿After successful completion of FLOGI, ensure that all ENode FCoE source addresses originate from or are destined to the appropriate ENode port.

￿After successful completion of each FLOGI, ensure that FCoE frames may only be addressed to the FCFs that accept them.

Initially, a basic set of FCoE-related ACLs will be installed on all ports where FIP snooping is enabled. As the switch encounters FIP frames and learns about FCFs and ENodes that are attached or disconnect, ACLs are dynamically installed or expanded to provide appropriate security.

When an FCoE connection logs out, or times out (if ACL timeout is enabled), the related ACLs will be automatically removed.

FCoE-related ACLs are independent of manually configured ACLs used for regular Ethernet purposes (see “Access Control Lists” on page 75). FCoE ACLs generally have a higher priority over standard ACLs, and do not inhibit non-FCoE and non-FIP traffic.

FCoE VLANs

FCoE packets to any FCF will be confined to the VLAN advertised by the FCF (typically VLAN 1002). The appropriate VLAN must be configured on the switch with member FCF ports and must be supported by the participating CNAs. The switch will then automatically add ENode ports to the appropriate VLAN and enable tagging on those ports.

BMD00220, October 2010

Chapter 14: FCoE and CEE ￿ 197

Page 197
Image 197
Blade ICE G8124-E manual FCoE ACL Rules, FCoE VLANs

G8124-E, G8124 specifications

The Blade ICE G8124 is a cutting-edge networking solution designed for high-performance data center environments. It has emerged as a popular choice among organizations that require reliable and efficient network infrastructure to support their growing demands for bandwidth and low-latency connectivity.

One of the key features of the Blade ICE G8124 is its high port density. This networking device typically offers 24 ports of 10 Gigabit Ethernet, ensuring that businesses can connect numerous devices without requiring extensive physical space. The design is also scalable, accommodating future expansion as organizational needs grow.

Another significant aspect of the G8124 is its advanced switching capabilities. It utilizes a non-blocking architecture, enabling simultaneous data transmissions on all ports. This characteristic ensures that there is no bottleneck in the network traffic, providing the high performance needed in data-intensive applications.

The G8124 incorporates various technologies to enhance its functionalities. It supports Layer 2 and Layer 3 switching, making it versatile for different networking needs. Additionally, it features comprehensive Quality of Service (QoS) settings that prioritize critical applications, such as VoIP and video streaming, ensuring smooth operation even under heavy loads.

In terms of security, the Blade ICE G8124 provides robust measures to protect the network. It supports features such as Access Control Lists (ACLs), port security, and VLANs, allowing administrators to segment the network and restrict unauthorized access. These security capabilities are vital in today’s landscape, where cyber threats are increasingly common.

Moreover, the G8124 offers excellent management features. It includes an intuitive user interface for easy configuration and monitoring of network performance. SNMP support allows integration with network management systems, providing administrators with insights needed to optimize their operations.

Power efficiency is also a hallmark of the Blade ICE G8124. It employs energy-saving technologies that reduce operational costs, an essential factor for environmentally-conscious organizations striving to minimize their carbon footprint.

In summary, the Blade ICE G8124 stands out with its high port density, advanced switching capabilities, robust security features, and efficient management options. This networking solution is designed to meet the demands of modern data centers, providing the performance, reliability, and scalability that organizations require. With its innovative technologies, the G8124 ensures that businesses can navigate the complexities of today's networking landscape effectively.