No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - DCN and Server Management

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configurations of Trill, FCoE, DCB, and NLB Server Cluster Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).


An ENode and an FCF can establish a direct or remote connection. FIP snooping solves security problems in remote connection mode.

Direct Connection

As shown in Figure 2-18, when an ENode is directly connected to an FCF, the FCoE virtual link and its mapped physical link are point-to-point. Although packets forwarded on the physical link are encapsulated with FCoE, FCoE frame forwarding is similar to FC frame forwarding because both ends of the physical link support FC.

Figure 2-18 Direct connection

In direct connection mode, FCoE frame processing complies with FC except for data encapsulation at the data link layer. In this mode, FCoE has the same security capabilities as FC.

The direct connection mode allows SAN administrators to use original software to manage the SAN when FCoE is used.

Remote Connection

The cost of purchasing FCFs and the large number of servers in a data center make establishing direct connections between all servers and FCFs impractical. As shown in Figure 2-19, access switches are deployed between FCFs and ENodes in remote connection mode. Access switches function as FCoE switches and cannot provide some FCF functions, such as FIP snooping bridge (FSB). In remote connection mode, one or more FCoE switches are deployed between ENodes and FCFs.

Figure 2-19 Remote connection

FIP Snooping

On an FC network, an FC switch is considered a trusted device. Other FC devices, such as ENodes, must be assigned addresses by the FC switch before they can connect to the FC network. The FC devices then log in to the FC switch. FC links are point-to-point, and an FC switch has complete control over the traffic sent and received by FC devices. Therefore, an FC switch ensures that devices use the assigned addresses to exchange packets and protect FC devices against malicious attacks.

When an FCoE switch is deployed between an ENode and an FCF, the FCoE switch forwards FCoE frames using the Ethernet protocol because it does not support the FC protocol. In this case, FCoE frames may not be destined for the FCF, and the point-to-point connection between the ENode and FCF is terminated.

To achieve robustness equivalent to that of an FC network, the FCoE switch must forward FCoE traffic from all ENodes to the FCF. FIP snooping enables the FSB to obtain FCoE virtual link information by listening for FIP packets. This function is used to control FCoE virtual link setup and prevent malicious attacks.

An FCoE switch running FIP snooping is called a FIP snooping bridge (FSB).

Updated: 2019-05-08

Document ID: EDOC1100004349

Views: 30530

Downloads: 120

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next