Ipsec Implementation Over Fcip - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.2 administrator guide (5697-0016, may 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (518 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
Table 91
Default Mapping of DSCP priorities to L2Cos Priorities (continued)
Virtual
CIrcuit (VC)
3
4
5
6
7
8
9
10
1 1
12
13
14
15
IPSec implementation over FCIP
Internet Protocol security (IPsec) uses cryptographic security to ensure private, secure communications over
Internet Protocol networks. IPsec supports network-level data integrity, data confidentiality, data origin
authentication, and replay protection. It helps secure your SAN against network-based attacks from
untrusted computers, attacks that can result in the denial-of-service of applications, services, or the network,
data corruption, and data and user credential theft. By default, when creating an FCIP tunnel, IPsec is
disabled.
Used to provide greater security in tunneling on a B-Series Multi-Protocol Router Blade or an HP
StorageWorks 400 Multi-Protocol Router, the IPsec feature does not require you to configure separate
security for each application that uses TCP/IP. When configuring for IPsec, however, you must ensure that
there is a B-Series Multi-Protocol Router Blade or an HP StorageWorks 400 Multi-Protocol Router at each
end of the FCIP tunnel. IPsec works on FCIP tunnels with or without IP compression (IPComp), FCIP
Fastwrite, and Tape Pipelining. IPsec can be created only on tunnels using IPv4 addressing.
IPsec requires the High-Performance Extension over FCIP/FC license.
IPsec uses some terms that you should be familiar with before beginning your configuration. These are
standard terms, but are included here for your convenience.
Table 92
IPsec terminology
Term
AES
AES-XCBC
AH
DES
3DES
460 Configuring and monitoring FCIP extension services
DSCP priority/bits
15 / 001 1 1 1
19 / 01001 1
23 / 0101 1 1
27 / 01 101 1
31 / 01 1 1 1 1
35 / 10001 1
39 / 1001 1 1
43 / 10101 1
47 / 101 1 1 1
51 / 1 1001 1
55 / 1 101 1 1
59 / 1 1 101 1
63 / 1 1 1 1 1 1
Definition
Advanced Encryption Standard. FIPS 197 endorses the Rijndael encryption algorithm as
the approved AES for use by US Government organizations and others to protect
sensitive information. It replaces DES as the encryption standard.
Cipher Block Chaining. A key-dependent one-way hash function (MAC) used with AES
in conjunction with the Cipher-Block-Chaining mode of operation, suitable for securing
messages of varying lengths, such as IP datagrams.
Authentication Header - like ESP, AH provides data integrity, data source authentication,
and protection against replay attacks but does not provide confidentiality.
Data Encryption Standard is the older encryption algorithm that uses a 56-bit key to
encrypt blocks of 64-bit plain text. Because of the relatively shorter key length, it is not a
secured algorithm and no longer approved for Federal use.
Triple DES is a more secure variant of DES. It uses three different 56-bit keys to encrypt
blocks of 64-bit plain text. The algorithm is FIPS-approved for use by Federal agencies.
L2CoS priority/bits
3 / 01 1
3 / 01 1
3 / 01 1
0 / 000
0 / 000
0 / 000
0 / 000
4 / 100
4 / 100
4 / 100
4 / 100
4 / 100
0 / 000
Assigned to:
Medium QoS
Medium QoS
Medium QoS
Class 3 Multicast
Broadcast/Multicast
Low Qos
Low Qos
High QoS
High QoS
High QoS
High QoS
High QoS
-
Hide quick links:
Advertisement
Table of Contents
