CHAPTER 127
Fibre Channel over Ethernet
(FCoE)—Overview
Understanding FIP Snooping
Copyright © 2010, Juniper Networks, Inc.
Understanding FIP Snooping on page 3579
Understanding Using an FCoE Transit Switch on page 3582
Understanding Priority-Based Flow Control on page 3583
Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) snooping is a security
mechanism that is designed to prevent unauthorized access and data transmission to a
Fibre Channel (FC) network. It works by filtering traffic to permit only servers that have
logged in to the FC network to access the network. You enable FIP snooping on FCoE
VLANs when the switch is being used as an FCoE transit switch connecting FC initiators
(servers) on the Ethernet network to FCoE forwarders (FCFs) at the FC storage area
network (SAN) edge.
Through the FIP process, servers that have a converged network adapter (CNA) present
an FCoE Node (ENode) that can log in to the FC network. The login process establishes
a dedicated virtual link between the ENode and the FCF to emulate a point-to-point
connection that passes transparently through the FCoE transit switch.
The FCoE transit switch applies FIP snooping firewall filters at the edge access ports
associated with the FCoE VLANs on which you enable FIP snooping. FIP snooping provides
security for virtual links by automatically creating firewall filters based on information
gathered (snooped) about FC devices during FIP transactions.
This topic describes:
FC Network Security on page 3580
FIP Snooping Functions on page 3580
FIP Snooping Firewall Filters on page 3580
FIP Snooping Implementation on page 3581
T11 FIP Snooping Specification on page 3582
3579