Port Numbering On The 400 Mp Router - HP AE370A - Brocade 4Gb SAN Switch 4/12 Administrator's Manual

Port Numbering on the 400 MP Router

You do not need to specify slot numbers for the 400 MP Router. Refer to the GbE ports as ge0 and ge1,
and the Fibre Channel ports are numbered 0 through 15. Moving from left to right on the front of the
chassis, the sixteen Fibre Channel ports, followed by the 2 GbE ports.
You manage the SilkWorm 7500 as if it had 32 Fibre Channel ports (16 standard Fibre Channel ports, and
16 virtual Fibre Channel Ports) and 2 GbE ports. Specify port addresses using the slot and port numbers.
For example, to disable VE_Port 18 on slot 1, use portDisable 1/18. To disable GbE port 1 on slot 1,
use portDisable 1/ge1.
Figure 29 400 MP Router port numbering
Tunneling and IPSec
Internet Protocol security (IPSec) uses cryptographic security to ensure private, secure communications over
Internet Protocol networks. IPSec supports network-level data integrity, data confidentiality, data origin
authentication, and replay protection. It helps secure your SAN against network-based attacks from
untrusted computers, attacks that can result in the denial-of-service of applications, services, or the network,
data corruption, and data and user credential theft. By default, when creating an FCIP tunnel, IPSec is
disabled.
FCIP tunneling with IPSec enabled will support maximum throughput as follows:
Unidirectional—approximately 104MB/sec
•
• Bidirectional—approximately 90MB/sec
Used to provide greater security in tunneling on an FR4- 1 8i blade or a 400 MP Router, the IPSec feature
does not require you to configure separate security for each application that uses TCP/IP. When
configuring for IPSec, however, you must ensure that there is an FR4- 1 8i blade or a 400 MP Router 7500 in
each end of the FCIP tunnel. IPSec works on FCIP tunnels with or without IP compression (IPComp).
IPSec requires an IPSec license in addition to the FCIP license.
IPSec uses some terms that you should be familiar with before beginning your configuration. These are
standardized terms, but are included here for your convenience.
Table 90 IPSec terminology
Term
AES
AES-XCBC
AH
DES
FC0
Definition
Advanced Encryption Standard. FIPS 197 endorses the Rijndael encryption
algorithm as the approved AES for use by US Government organizations and
others to protect sensitive information. It replaces DES as the encryption
standard.
Cipher Block Chaining. A key-dependent one-way hash function (MAC) used
with AES in conjunction with the Cipher-Block-Chaining mode of operation,
suitable for securing messages of varying lengths, such as IP datagrams.
Authentication Header - like ESP, AH provides data integrity, data source
authentication, and protection against replay attacks but does not provide
confidentiality.
Data Encryption Standard is the older encryption algorithm that uses a 56-bit
key to encrypt blocks of 64-bit plain text. Because of the relatively shorter key
length, it is not a secured algorithm and no longer approved for Federal use.
FC15 GbE0 GbE1
Fabric OS 5.2.x administrator guide 371