![](/images/new-backgrounds/1109079/10907911x1.webp)
Chapter 4 FCIP over IP/MPLS Core
Typical Customer Requirements
•SPs providing VPN service to transport FCIP traffic to provide additional security
•Using an MPLS extranet for
Cisco Encryption Solutions
For selecting compression solutions for FCIP SAN extension, a user needs to determine the requirements for the encryption solution. These requirements may include the speed of the link that needs encryption, the type of encryption required, and the security requirements of the network. Cisco offers three
Each of these solutions offers the same configuration steps, although the
The
The
The IPSec VPNSM is supported on the Catalyst 6500 switch and the Cisco 7600 router with a minimum Native IOS level of 12.2(9)YO. For increased interoperability with other service modules and additional VPN features, it is recommended that a minimum of 12.2(14)SY be used when deploying this service module.
The choice between these solutions should be based primarily on the following two factors:
•Available link speed or bandwidth
•Security encryption policies and encryption methods required
The Cisco MDS 9000 with MLS14/2 and the Cisco 9216i support encryption with no performance impact. The MPS Service Module and the Cisco 9216i support line rate Ethernet throughput with AES encryption.
The following are encryption methods supported per module:
•
•
•VPNSM—DES, 3DES
•MDS MPS—DES, 3DES, AES192
Note An encrypted data stream is not compressible because it results in a bit stream that appears random. If encryption and compression are required together, it is important to compress the data before encrypting it.
Data Center High Availability Clusters Design Guide
| ||
|