No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
FCoE Principles

FCoE Principles

This section describes the implementation of FCoE.

Basic Concepts of FCoE

In Figure 10-38, FCoE involves the following entities: ENode, FCF, FIP, FSB, Fabric, FCoE Virtual Link, Interface Role, and FCoE VLAN.
Figure 10-38 FCoE networking
  • ENode

    An ENode is a converged network adapter (CNA) that supports FCoE and FC. In Figure 10-39, a traditional server has two network adapters installed: network interface card (NIC) connected to a LAN and a host bus adapter (HBA) connected to a SAN. The CNA provides both NIC and HBA functions. It can forward Ethernet data, process FCoE frames, and encapsulate or decapsulate FCoE frames.
    Figure 10-39 Difference between a traditional server and FCoE server
  • FCF

    An FCoE forwarder (FCF) is a switch supporting both FCoE and FC, and is used to connect the SAN and LAN. An FCF can forward FCoE packets and encapsulate or decapsulate FCoE frames.

  • FIP

    The FCoE Initialization Protocol (FIP) is a Layer 2 protocol that discovers FC terminals on an FCoE network, implements fabric login, and establishes FCoE virtual links. An ENode can log in to the fabric using FIP to communicate with the target FC device. FIP can also maintain FCoE virtual links.

    For details about FIP, see FIP Protocol.

  • FSB

    A FIP Snooping Bridge (FSB) is a switch running FIP snooping. The FSB itself does not support FC. FIP snooping enables the FSB to obtain FCoE virtual link information by listening on FIP packets. This function is used to control FCoE virtual link setup and prevent malicious attacks.

  • Fabric

    A fabric is the network topology where network nodes are connected through one or more switches.

  • FCoE Virtual Link

    An FCoE virtual link is a point-to-point logical link between FCoE devices, for example, between an ENode and FCF. The connection between an ENode and FCF is not point-to-point when the ENode and FCF are connected through a lossless Ethernet network. The FCoE virtual link is used to solve this problem.

  • Interface role

    On the traditional FC network, FC devices are connected through FC interfaces. FC interfaces are classified into node ports (N_Ports) and fabric ports (F_Ports):
    • N_Port: FC device interface that connects to an FC switch. An FC device can be a server or storage device.
    • F_Port: FC switch interface that connects to an FC device and provides fabric access services for the FC device.

    FCoE inherits the interface roles of FC. On an FCoE virtual link between an ENode and an FCF, the ENode interface is a VN_Port and the FCF interface is a VF_Port.

  • FCoE VLAN

    FCoE frames are forwarded in specified VLANs. In the FC protocol stack, FC devices support multiple virtual storage area networks (VSANs), which are similar to Ethernet VLANs. FC traffic in different VSANs is identified by FCoE VLANs during FCoE encapsulation. By doing this, FCoE frames carry only FCoE VLAN information and do not need to carry VSAN information, because VSANs are differentiated by FCoE VLANs.

    NOTE:
    • An FCoE virtual link corresponds to one FCoE VLAN.

    • An FCoE VLAN carries only FCoE traffic and does not carry any Ethernet traffic such as IP traffic.

FCoE Encapsulation

FCoE encapsulates FC frames into Ethernet frames so that FC traffic can be transmitted on an Ethernet network. From the FC perspective, FCoE is a different way of transmitting FC traffic. From the Ethernet perspective, FCoE is just another upper layer protocol to carry Ethernet frames.

FCoE Protocol Stack
As shown in Figure 10-40, the FC protocol stack is divided into five layers:
  • FC-0: defines the media type.
  • FC-1: defines the frame encoding mode.
  • FC-2: defines the frame format and flow control functions.
  • FC-3: defines universal services.
  • FC-4: defines mapping from the upper-layer protocol to the FC protocol.
Figure 10-40 Mapping from FC to FCoE

As shown in Figure 10-40, FC-0 and FC-1 in the FCoE protocol stack map Physical and MAC layers in IEEE 802.3 Ethernet respectively. The FCoE protocol stack adds an adaptation layer between the upper-layer FC protocol stack and lower-layer Ethernet protocol stack.

FCoE Frame Encapsulation

FCoE encapsulates an FC frame into an Ethernet frame. Figure 10-41 shows FCoE frame encapsulation.

Figure 10-41 FCoE frame encapsulation
  • The Ethernet Header defines the source and destination MAC addresses, Ethernet frame type, and FCoE VLAN.
  • The FCoE Header specifies the FCoE frame version number and control information.
  • Similar to an FC frame, the FC Header in a FCoE frame carries the source and destination addresses.
NOTE:

In the Ethernet Header, the Ethernet type value is FCoE_TYPE (8906h).

FIP Protocol

Principles

The FCoE Initialization Protocol (FIP) establishes and maintains FCoE virtual links between FCoE devices, for example, between ENodes and FC forwarders (FCFs).

An FCoE virtual link is established as follows:
  1. FIP discovers an FCoE VLAN and the FC virtual interface of the remote device.
  2. FIP completes initialization tasks such as fabric login (FLOGI) and fabric discovery (FDISC) for the FCoE virtual link.
After an FCoE virtual link is set up, FIP maintains the FCoE virtual link in the following way:
  • Periodically detects whether FC virtual interfaces at both ends of the FCoE virtual link are reachable.
  • Tears down the FCoE virtual link through Fabric logout (FLOGO).
FCoE Virtual Link Setup

Figure 10-42 shows the process of setting up an FCoE virtual link between an ENode and an FCF. The ENode and FCF exchange FIP frames to establish the FCoE virtual link. After the FCoE virtual link is set up, FCoE frames are transmitted on the link.

NOTE:
  • In FIP implementation, an ENode initiates all protocol packets. An FCF also initiates unsolicited FIP Advertisement packets, as described in FIP FCF discovery.

  • FIP frames and FCoE frames have different Ethernet types and encapsulation modes. FCoE frame encapsulation is defined in traditional FC protocol, whereas FIP frame encapsulation is not defined in traditional FC protocol.

Figure 10-42 FCoE virtual link setup
An FCoE virtual link is set up through three phases: FIP VLAN discovery, FIP FCF discovery, and FIP FLOGI and FDISC. The FIP FLOGI and FDISC processes are similar to FLOGI and FDISC processes defined in traditional FC protocol.
  1. FIP VLAN discovery

    FIP VLAN discovery discovers the FCoE VLANs that will transmit FCoE frames. In this phase, an ENode can discover all the potential FCoE VLANs but does not select an FCF.

    The FIP VLAN discovery process is as follows:
    1. An ENode sends an FIP VLAN discovery request to a multicast MAC address called ALL-FCF-MAC (01-10-18-01-00-02). All FCFs listen on packets destined for this MAC address.
    2. All FCFs that are reachable in a common VLAN of the ENode report one or more FCoE VLANs to the ENode. The FCoE VLANs are available for the ENode's VN_Port login.

    FIP VLAN discovery is an optional phase as defined in FC-BB-5. An FCoE VLAN can be manually configured by an administrator, or dynamically discovered using FIP VLAN discovery.

  2. FIP FCF discovery

    ENodes use FIP FCF discovery to locate FCFs that allow logins.

    The FIP FCF discovery process is as follows:
    1. Each FCF periodically sends Discovery Advertisement messages in each configured FCoE VLAN. The Advertisement messages are destined for the multicast MAC address ALL-ENode-MAC (01-10-18-01-00-01) on which all ENodes listen. The FIP FCF discovery Advertisement message contains the FCF MAC address and FCoE virtual link parameters such as the FCF priority and timeout interval of FIP packets.
    2. The ENode obtains FCF information from the received Discovery Advertisement messages, selects an FCF with the highest priority, and sends a unicast Discovery Solicitation message to the selected FCF.
    3. After receiving the Discovery Solicitation message, the FCF sends a unicast Discovery Advertisement message, allowing the ENode to log in.

    FCFs send Discovery Advertisement messages periodically, but new ENodes joining a network do not want to wait for Discovery Advertisement messages from all FCFs. Therefore, FC-BB-5 allows ENodes to send Discovery Solicitation messages to the multicast MAC address ALL-FCF-MAC. FCFs that receive the solicitation message send a unicast Discovery Advertisement message to the requesting ENode. Based on the received Discovery Advertisement messages, the ENode selects an FCF with the highest priority to set up a virtual link.

  3. FIP FLOGI and FDISC

    After discovering all FCFs and selecting one for login, an ENode sends FIP FLOGI or FIP FDISC packets for establishing an FCoE virtual link with the VF_Port on the selected FCF. Then FCoE frames can be exchanged on the established FCoE virtual link. FIP FLOGI and FIP FDISC packets are unicast packets and correspond to FLOGI and FDISC packets in FC respectively. FIP FLOGI and FIP FDISC packets are used for allocating MAC addresses to ENodes so that the ENodes can log in to the fabric.

    FIP FLOGI is similar to FIP FDISC. The difference is as follows: FIP FLOGI refers to FCoE virtual ink setup when an ENode first logs in to the fabric. FIP FDISC refers to FCoE virtual link setup for each VM when multiple VMs exist on an ENode. FIP FLOGI is used an example.

    The FIP FLOGI process is as follows:
    1. An ENode sends an FIP FLOGI Request to the FCF.
    2. The FCF allocates a locally unique MAC address to the ENode.

FCoE MAC address

An ENode uses different source MAC addresses to encapsulate FCoE and FIP frames. An FIP frame uses a globally unique MAC address (ENode MAC address) assigned to a converged network adapter (CNA) during manufacturing, whereas an FCoE frame uses a locally unique MAC address (unique only within the local Ethernet subnet) dynamically assigned to an ENode by an FCF during FCoE virtual link setup. For details, see FIP FLOGI and FDISC.

The locally unique MAC address is called a fabric-provided MAC address (FPMA).

In Figure 10-43, an FPMA has an FC_ID and a 24-bit FCoE MAC Address Prefix (FC-MAP). FC-BB-5 defines 256 FC-MAPs to facilitate FCoE deployment. In most cases, the default FC-MAP value 0E-FC-00 can meet deployment requirements. If FC_IDs on an Ethernet VLAN are not unique, FC_IDs may overlap, such as when different fabric or virtual storage area networks (VSANs) map to the same Ethernet VLAN. The use of different FC-MAPs solves this problem.
NOTE:

Map one FC fabric to the same Ethernet VLAN. If multiple FC fabrics run on the same Ethernet, map the FC fabrics to different VLANs.

Figure 10-43 FPMA format
FCoE Virtual Link Maintenance

FCoE virtual link monitoring

On the traditional FC network, FC can immediately detect faults on a physical link. In FCoE, FC cannot immediately detect faults on a physical link because of Ethernet encapsulation. FIP provides a Keepalive mechanism to solve the problem.

FCoE monitors an FCoE virtual link as follows:
  • An ENode periodically sends FIP Keepalive packets to an FCF. If the FCF does not receive FIP Keepalive packets within 2.5 times the keepalive interval, the FCF considers the FCoE virtual link faulty and terminates the FCoE virtual link.

  • An FCF periodically sends multicast Discovery Advertisement messages with the destination MAC address as ALL-ENode-MAC to all ENodes. If an ENode does not receive multicast Discovery Advertisement messages within 2.5 times the keepalive interval, the ENode considers the FCoE virtual link faulty and terminates the FCoE virtual link.

FLOGO

If an FCF does not receive FIP Keepalive packets from an ENode, the FCF sends an FIP Clear Virtual Link message, requesting FCoE virtual link teardown. If the ENode logs out, the ENode can send a Fabric Logout request to the FCF, requesting the FCF to delete the virtual link.

FIP Snooping

An ENode and an FCF can establish a direct connection or remote connection. FIP snooping solves security problems in remote connection mode.

Direct Connection

As shown in Figure 10-44, when an ENode is directly connected to an FCF, the FCoE virtual link and its mapping physical link are point-to-point. Although packets forwarded on the physical link are encapsulated with FCoE, FCoE frame forwarding process is similar to FC frame forwarding because both ends of the physical link support FC.

Figure 10-44 Direct connection

In direct connection mode, FCoE frame processing complies with FC except for data encapsulation at the data link layer. In this mode, FCoE has the same security as FC.

The direct connection mode allows SAN administrators to use original software to manage the SAN when FCoE is used.

Remote Connection

Because the FCF cost is high and a large number of servers are deployed in a data center, establishing direct connections between all servers and FCFs is impractical. As shown in Figure 10-45, access switches are deployed between FCFs and ENodes in remote connection mode. Access switches function as FCoE switches and cannot provide some FCF functions, such as FIP snooping bridge (FSB).

Figure 10-45 Remote connection
NOTE:

In remote connection mode, one or more FCoE switches are deployed between ENodes and FCFs.

FIP Snooping

On an FC network, an FC switch is considered a trusted device. Other FC devices such as ENodes must get addresses assigned by the FC switch before they can connect to the FC network. The FC devices then log in to the FC switch. FC links are point-to-point, and an FC switch can completely control traffic received and sent by FC devices. Therefore, an FC switch ensures that devices use the assigned addresses to exchange packets and protect FC devices against malicious attacks.

When an FCoE switch is deployed between an ENode and an FCF, FCoE frames are forwarded on the FCoE switch based on the Ethernet protocol because the FCoE switch does not support the FC protocol. In this case, FCoE frames may not be destined for the FCF, and the point-to-point connection between the ENode and FCF is terminated.

To achieve equivalent robustness as an FC network, the FCoE switch must forward FCoE traffic from all ENodes to the FCF. FIP snooping enables the FSB to obtain FCoE virtual link information by listening on FIP packets. This function is used to control FCoE virtual link setup and prevent malicious attacks.

The FCoE switch running FIP snooping is called an FIP snooping bridge (FSB).

Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 57334

Downloads: 3617

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next