Configuring FIP Snooping on the FSB
FIP snooping enables the FSB to obtain FCoE virtual link information by listening on FIP packets. This function is used to control FCoE virtual link setup and prevent malicious attacks.
Configuring an FC Instance
Context
On a traditional FC network, all FC nodes are interconnected through fabrics. FC nodes belonging to a fabric have the same attributes. FCoE carries SAN traffic over the Ethernet and uses FC instances to control FCoE traffic forwarding; therefore, an FC instance defines fabric attributes such as the FCoE VLAN.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
fcoe fc-instance-name
An FC instance is created, and the FCoE view is displayed.
By default, no FC instance is configured. The switch modules supports a maximum of 32 FC instances.
![]()
NOTE: An FC instance name is case sensitive. For example, fc1 and FC1 identify different FC instances.
- Run:
vlan vlan-id
An FCoE VLAN is added to the FC instance.
An FCoE VLAN is only used to forward FCoE traffic and FIP packets. An FCoE VLAN belongs to only one FC instance.
- Run:
commitThe configuration is committed.
Configuring a Role for an Interface
Context
- VNP-port: FCoE switch port connected to an FCF
- ENode-facing port: FCoE switch port connected to a server
NOTE: Before configuring a role for an interface, add the interface to an FCoE VLAN.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
interface interface-type interface-number
The Ethernet interface view is displayed.
- Run:
port link-type { trunk | hybrid }
The link type of the interface is configured.
By default, a port is an access port.
- Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
Or
port hybrid tagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The interface is added to an FCoE VLAN.
- Run:
fcoe role vnp
The interface is configured as a VNP-port.
By default, an Ethernet interface is an ENode-facing port.
- Run:
commitThe configuration is committed.
(Optional) Setting the Timeout Interval for Exchanging FIP Packets
Context
FIP packets are FIP Keepalive packets used to detect the FCoE virtual link status. When the FSB does not receive FIP Keepalive packets within the timeout interval, the FSB considers the FCoE virtual link faulty and terminates the FCoE virtual link.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
fcoe fc-instance-name
The FCoE view is displayed.
- Run:
fip fka-adv-period interval_value
The timeout interval for exchanging FIP packets is set.
By default, the timeout interval for exchanging FIP packets is 5 minutes.
- Run:
commitThe configuration is committed.
(Optional) Configuring FCoE Link Synchronization
Context
In an FIP snooping scenario shown in Figure 10-48, the FCF cannot immediately detect a link failure between the ENode and switch and can perform link switching only after the Keepalive timer expires. This may result in traffic interruption.
After FCoE link synchronization is enabled, the switch instructs the FCF or ENode to perform link switching immediately after detecting a link failure. This function ensures uninterrupted traffic forwarding.
(Optional) Enabling Protocol Packet Isolation
Context
In a stack containing two devices, when a server sends a VLAN Request packet, two FCFs respond to the VLAN Request packet. The server then receives two duplicate VLAN Notification packets, prolonging the response and affecting service functions. After the fcoe dual-fabric enable command is executed, FTP packets do not pass through stack interfaces, implementing protocol packet isolation in dual-plane networking.
Previous
