Brocade Communications Systems Brocade 6505 Administrator's Manual
  1. Manuals
  2. Brands
  3. Brocade Communications Systems Manuals
  4. Switch
  5. 6505
  6. Administrator's manual

Brocade Communications Systems Brocade 6505 Administrator's Manual

Fabric os fcip
Hide thumbs Also See for Brocade 6505:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual
53-1002474-01
®
15 December 2011
Fabric OS FCIP
Administrator's Guide
Supporting Fabric OS v7.0.1

Advertisement

Table of Contents
loading

Related Manuals for Brocade Communications Systems Brocade 6505

Summary of Contents for Brocade Communications Systems Brocade 6505

  • Page 1 53-1002474-01 ® 15 December 2011 Fabric OS FCIP Administrator’s Guide Supporting Fabric OS v7.0.1...
  • Page 2 Copyright © 2009-2011 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, NetIron, SAN Health, ServerIron, and TurboIron are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, CloudPlex, MLX, VCS, VDX, and When the Mission Is Critical, the Network Is Brocade are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
  • Page 3 Document History Title Publication number Summary of changes Date Fabric OS FCIP Administrator’s Guide 53-1001349-01 New document. July 2009 Fabric OS FCIP Administrator’s Guide 53-1001349-02 Various changes and October 2009 corrections. Fabric OS FCIP Administrator’s Guide 53-1001755-01 New document for Fabric OS January 2010 version 6.3.1.
  • Page 4 Fabric OS FCIP Administrator’s Guide 53-1002474-01...

  • Page 5: Table Of Contents

    Contents About This Document In this chapter ..........ix How this document is organized .
  • Page 6 FCIP trunking ..........15 Design for redundancy and fault tolerance .
  • Page 7 Deleting an IP route on a Brocade 7800 FX8-24 blade ..50 Deleting an FCIP tunnel on a Brocade 7800 FX8-24 blade ..50 Deleting an FCIP circuit on a Brocade 7800 FX8-24 blade ..51 Virtual Fabrics and the Brocade 7800 FX8-24 blade.
  • Page 8 Managing the VLAN tag table....... 72 Chapter 4 FCIP Management and Troubleshooting In this chapter .

  • Page 9: About This Document

    About This Document In this chapter • How this document is organized ........ix •...

  • Page 10: What's New In This Document

    What’s new in this document Major new additions or deletions in this document support the following: • Preface. Added location of serial number label for the Brocade 6505 switch. • Chapter 1 Added support for printer emulation in Table 1, “FCIP capabilities by platform,” under the FICON extension row and referenced statement that this is not supported on FR4-18i blades.

  • Page 11: Document Conventions

    Document conventions This section describes text formatting conventions and important notice formats used in this document. Text formatting The narrative-text formatting conventions that are used are as follows: bold text Identifies command names Identifies the names of user-manipulated GUI elements Identifies keywords and operands Identifies text to enter at the GUI or CLI italic text...

  • Page 12: Notes, Cautions, And Warnings

    Notes, cautions, and warnings The following notices and statements are used in this manual. They are listed below in order of increasing severity of potential hazards. NOTE A note provides a tip, guidance, or advice, emphasizes important information, or provides a reference to related information.

  • Page 13: Additional Information

    Additional information This section lists additional Brocade and industry-specific documentation that you might find helpful. Brocade resources To get up-to-the-minute information, go to http://my.brocade.com and register at no cost for a user ID and password. For additional Brocade documentation, visit the Brocade SAN Info Center and click the Resource Library location: http://www.brocade.com Release notes are available on the MyBrocade website and are also bundled with the Fabric OS...

  • Page 14: Document Feedback

    • Serial console and Telnet session logs • syslog message logs 2. Switch Serial Number The switch serial number and corresponding bar code are provided on the serial number label, as illustrated below: *FT00X0054E9* FT00X0054E9 The serial number label is located as follows: •...

  • Page 15: Fcip Overview

    Chapter FCIP Overview In this chapter • FCIP platforms and supported features......1 •...
  • Page 16 FCIP platforms and supported features TABLE 1 FCIP capabilities by platform (Continued) Capabilities 7800 switch FX8-24 blade FR4-18i blade Protocol acceleration • FCIP Fastwrite • Open Systems Tape Pipelining OSTP read OSTP write • Marking DSCP • Marking 802.1P - VLAN tagging •...

  • Page 17: Fcip Concepts

    FCIP concepts FCIP concepts Fibre Channel over IP (FCIP) enables you to use existing IP wide area network (WAN) infrastructure to connect Fibre Channel SANs. FCIP supports applications such as remote data replication (RDR), centralized SAN backup, and data migration over very long distances that are impractical or very costly using native Fibre Channel connections.
  • Page 18 IP WAN network considerations Fabric OS FCIP Administrator’s Guide 53-1002474-01...

  • Page 19: Fcip On The 7800 Switch And Fx8-24 Blade

    Chapter FCIP on the 7800 Switch and FX8-24 Blade In this chapter • 7800 switch hardware overview........6 •...

  • Page 20: 7800 Switch Hardware Overview

    7800 switch hardware overview 7800 switch hardware overview Figure 2 shows the FC ports and GbE ports on the 7800 switch. There are 16 FC ports, numbered 0 through 15. The FC ports can operate at 1, 2, 4, or 8 Gbps. There are 6 GbE ports, numbered 0 through 5.

  • Page 21: 7800 Switch License Options

    7800 switch license options 7800 switch license options Some of the capabilities of the Brocade 7800 switch require the following feature license, as described in Table • The Advanced FICON Acceleration License enables all FICON emulation features: FICON Tape Read Pipelining FICON Tape Write Pipelining FICON IBM z/OS Global Mirror (formerly eXtended Remote Copy or XRC) Emulation FICON Teradata Emulation...

  • Page 22: Ve_Ports And Fcip Tunnels On The 7800 Switch

    FX8-24 blade hardware overview VE_Ports and FCIP tunnels on the 7800 switch A 7800 switch can support eight VE_Ports. VE_Ports are numbered from 16 through 23. Each FCIP tunnel is identified with a VE_Port number. Up to eight FCIP tunnels can be created. The 7800 switch supports VEX_Ports to avoid the need to merge fabrics.
  • Page 23 FX8-24 blade hardware overview 10GbE ports (Labeled xge0 and xge1 FC ports 0 through 5 on the sticker.) GbE ports 0 through 3 Power LED GbE ports 4 through 9 Status LED FC ports 6 through 11 FIGURE 3 FX8-24 blade FC and GbE ports Fabric OS FCIP Administrator’s Guide 53-1002474-01...

  • Page 24: Removing Fx8-24 Blades

    FX8-24 blade license options Removing FX8-24 blades ATTENTION If you are permanently removing a blade from a DCX, DCX-4S, DCX 8510-8, or DCX 8510-4 chassis to relocate to another slot in the chassis or you are removing the blade from the chassis entirely, you must follow these procedures before removing the blade.

  • Page 25: Fcip Trunking Capacity On The Fx8-24 Blade

    FX8-24 blade license options • 10 Gbps mode: VE_Ports 12 through 21 use xge1; VE_Ports 22 through 31 use xge0 NOTE In 10 Gbps mode, you can also configure VE_Ports 12 through 21 to use port xge0 as a crossport and VE_Ports 22 through 31 to use port xge1 as a crossport. Refer to “Crossports”...
  • Page 26 FX8-24 blade license options Bandwidth allocation and restrictions You cannot configure more than 10 Gbps of dedicated bandwidth on a 10GbE port. This includes both primary and secondary circuits. Following are two examples to clarify these requirements. NOTE In the following examples, configuring VE_Port 12 on xge0 is a crossport configuration. For more information on crossports, refer to “Configuring crossports”...
  • Page 27 FX8-24 blade license options Front-end bandwidth Front-end port bandwidth allocation is calculated as follows: • Each 10 GbE port is allocated 10 Gbps of front-end bandwidth. The total front-end port bandwidth allocation cannot exceed 10 Gbps per 10 GbE port. •...
  • Page 28 FX8-24 blade license options Configuring IP routes with crossports You can configure IP routes with crossport addresses, as in the following example. In the example, the route will be available for FCIP tunnel circuits using VE ports 12 through 21. portcfg iproute 8/xge0 create 1.1.1.0 255.255.255.0 192.168.11.250 --crossport portcfg iproute 8/xge0 create 1.1.1.0 255.255.255.0 192.168.11.250 –x Delete the route using the delete option instead of the create option for the portcfg iproute...

  • Page 29: Fcip Trunking

    FCIP trunking Using traceroute with crossports You can trace a route to a crossport address, as in the following example. Note that if the crossport or x options are not specified and the address is on the crossport, the portcmd command will fail with an unknown IP address.

  • Page 30: Design For Redundancy And Fault Tolerance

    FCIP trunking Design for redundancy and fault tolerance Multiple FCIP tunnels can be defined between pairs of 7800 switches or FX8-24 blades, but doing so defeats the concept of a multiple circuit FCIP tunnel. Defining two tunnels between a pair of switches or blades is not as redundant or fault tolerant as having multiple circuits in one tunnel.

  • Page 31: Fcip Circuit Failover Capabilities

    FCIP trunking • Tunnel and circuit requirements for 7800 extension switches: You can define up to eight IP addresses for a GbE port. The 7800 switch contains up to six GbE ports. You can configure up to six circuits per tunnel spread out over any of these ports.
  • Page 32 FCIP trunking Circuit 1 - Metric 0 - Active 7800 7800 Circuit 2 - Metric 0 - Active Resend 2 FIGURE 5 Link loss and retransmission over peer lowest metric circuit NOTE Modifying a circuit metric disrupts traffic. Figure 6, circuit 1 is assigned a metric of 0, and circuit 2 is assigned a metric of 1. Both circuits are in the same FCIP tunnel.
  • Page 33 FCIP trunking • Dual mode (10 Gbps and 1 Gbps) is not supported for 10GbE failover. • Failover does not protect against Data Path (DP) complex failure. • Disabling a VE_Port will not trigger 10GbE lossless failover. In this case, route failover will occur if there is another route available, and may cause loss of frames.

  • Page 34: Failover In Ti Zones

    FCIP trunking 3. Create a tunnel with one circuit going over xge0. portcfg fciptunnel 8/22 create 192.168.11.20 192.168.11.21 1000000 -–metric 0 4. Add another circuit, going over crossport xge1, to the tunnel. portcfg fcipcircuit 8/22 create 1 192.168.10.10 192.168.10.11 1000000 -–metric NOTE If the source and destination addresses are on different subnets, you must configure IP routes for the crossport addresses.

  • Page 35: Adaptive Rate Limiting

    Adaptive Rate Limiting Adaptive Rate Limiting Adaptive Rate Limiting (ARL) is performed on FCIP circuits to change the rate in which the FCIP tunnel transmits data through the IP network. ARL uses information from the TCP connections to determine and adjust the rate limit for the FCIP circuit dynamically. This allows FCIP connections to utilize the maximum available bandwidth while providing a minimum bandwidth guarantee.
  • Page 36 QoS SID/DID priorities over an FCIP trunk • QoS medium - The default value is 30 percent of the available bandwidth. • QoS low - The default value is 20 percent of the available bandwidth. For the 7800 switch and FX8-24 blade, you can modify the default values. Note that this only changes the QoS priority distribution in the tunnel and does not reconfigure the fabric.
  • Page 37 QoS SID/DID priorities over an FCIP trunk Internal Architecture VE Port Tunnel High Priority Med. Priority Low Priority F-Class Virtual Virtual Virtual Virtual Tunnel Tunnel Tunnel Tunnel Virtual Virtual Virtual Virtual Circuit Circuit Circuit Circuit Circuit Connection Connection Connection Connection Interface GE Port FIGURE 7...

  • Page 38: Qos, Dscp, And Vlans

    QoS, DSCP, and VLANs QoS, DSCP, and VLANs Quality of Service (QoS) refers to policies for handling differences in data traffic. These policies are based on data characteristics and delivery requirements. For example, ordinary data traffic is tolerant of delays and dropped packets, but voice and video data are not. QoS policies provide a framework for accommodating these differences in data as it passes through a network.

  • Page 39: When Both Dscp And L2Cos Are Used

    QoS, DSCP, and VLANs When both DSCP and L2CoS are used If an FCIP tunnel or circuit is VLAN tagged, both DSCP and L2CoS are relevant, unless the VLAN is end-to-end, with no intermediate hops in the IP network. Table 4 shows the default mapping of DSCP priorities to L2CoS priorities.

  • Page 40: Managing The Vlan Tag Table

    QoS, DSCP, and VLANs TABLE 5 VLAN and DSCP options (Continued) Options Description L2CoS The IEEE 802.1P specification establishes eight levels of L2CoS priority. A value of 7 is the highest priority, and a value of 0 is the lowest priority. Consult with - - L2cos-f-class <n>...
  • Page 41 QoS, DSCP, and VLANs To tag frames destined for a specific host address, you must create an entry with an exact matching destination address in the table. Only frames destined for that address are tagged with the associated VLAN ID. To tag frames destined for a specific network, you must create a destination address entry for the network.

  • Page 42: Compression Options

    Compression options Compression options The following compression options are available on both the 7800 switch and the FX8-24 blade. Compression is defined on the FCIP tunnel. • Standard - This is a hardware compression mode. • Moderate - This is a combination of hardware and software compression that provides more compression than hardware compression alone.

  • Page 43: Limitations Using Ipsec Over Fcip Tunnels

    IPsec implementation over FCIP tunnels Limitations using IPsec over FCIP tunnels The following limitations apply to using IPsec: • Network Address Translation (NAT) is not supported. • Authentication Header (AH) is not supported. • IPsec-specific statistics are not supported. • There is no RAS message support for IPsec.

  • Page 44: Enabling Ipsec And Ike Policies

    Open Systems Tape Pipelining Enabling IPsec and IKE policies IPsec is enabled as an option of the portcfg fciptunnel create and modify commands. The -i option activates IPsec. The -K option specifies the IKE key. The -l (legacy) option specifies to use the IPsec connection process compatible with Fabric OS releases prior to v7.0.0.
  • Page 45 Open Systems Tape Pipelining FCIP tunnel FW=1, TA=1 FC SAN FC SAN Connection can be VE-VE or VEX-VE 172.0.1.2 FIGURE 8 Single tunnel, Fastwrite and OSTP enabled FC SAN FCIP tunnel 1 FC SAN FW=1, TA=1 FC SAN FIGURE 9 Multiple tunnels to multiple ports, Fastwrite and OSTP enabled on a per-tunnel/per-port basis Fabric OS FCIP Administrator’s Guide 53-1002474-01...

  • Page 46: Support For Ipv6 Addressing

    Support for IPv6 addressing In some cases, traffic isolation zoning TI or LS/LF configurations may be used to control the routing of SID/DID pairs to individual tunnels and provide deterministic flows between the switches, allowing the use of multiple equal cost tunnels. Refer to the Fabric OS Administrator’s Guide for more information about traffic isolation zoning.

  • Page 47: Ipv6 With Embedded Ipv4 Addresses

    Configuration preparation • The Neighbor Discovery ICMPv6 Solicitations and Advertisements are transmitted to the Layer 2 Ethernet multicast MAC address derived from the IPv6 source address (RFC 2464). • ICMPv6 message types in RFC 4443 and ICMPv6 message types used for Neighbor Discovery are supported.

  • Page 48: Configuration Steps

    Configuration steps • Determine source and destination IP addresses for circuit 0, and the minimum and maximum committed rates for circuit 0. These values are set by the portCfg fciptunnel create command. • Determine how many additional FCIP circuits you want to create. You will need the source and destination IP addresses for the circuit, and the minimum and maximum committed rates for the circuit.

  • Page 49: Enabling Xisl For Ve_Ports

    Configuration steps The following example configures a VEX_Port, enables admin, and specifies fabric ID 2 and preferred domain ID 220: switch:admin> portcfgvexport 18 -a 1 -f 2 -d 220 Enabling XISL for VE_Ports An Extended Interswitch Link (XISL) is a special ISL that can carry combined traffic for multiple logical fabrics while maintaining traffic separation for each fabric.

  • Page 50: Configuring A Gbe Or Xge Port Ip Address

    Configuration steps NOTE Before changing operating modes for a port, you must delete the port’s FCIP configuration. You must configure the desired GbE port mode of operation for the FX8-24 blade using the bladeCfgGeMode --set <mode> -slot <slot number> command. The command options are as follows.

  • Page 51: Configuring An Ip Route

    Configuration steps Storage Brocade DCX-4S with FX8-24 Blade Server Brocade 7800 Port 8/ge0 Port ge0 (FC port 8/12) (FC port 16) VE_Port VE_Port FIGURE 10 Basic sample configuration There are no addressing restrictions for IPv4 and IPv6 connections with both switches or blades in the tunnel running Fabric OS v7.0 and later.

  • Page 52: Validating Ip Connectivity

    Configuration steps Storage Brocade DCX-4S with FX8-24 Blade Server Gateway Gateway 192.168.1.1 192.168.11.1 Brocade 7800 VE_Port VE_Port 192.168.1.24 192.168.11.78 FIGURE 11 Configuring an IP route For information on configuring IP routes using crossport addresses, refer to “Configuring IP routes with crossports” on page 14.
  • Page 53 Configuration steps The following command creates the 7800 end of the tunnel. VE_Port 16 is specified. Circuit parameters are included to create circuit 0 on the 7800. The circuit parameters must match up correctly with the circuit parameters on the FX8-24 end of the circuit. The FX8-24 destination address is specified first, followed by the 7800 switch source address.
  • Page 54 Configuration steps TABLE 7 Tunnel options Option Arguments Disruptive Description Compression Short option: -c Enables compression on an FCIP tunnel. Compression is set by the portCfg Long option: --compression fciptunnel create or modify command, and Operands: 0|1|2|3|4| applies to traffic over all circuits in the tunnel.
  • Page 55 Configuration steps TABLE 7 Tunnel options (Continued) Option Arguments Disruptive Description Remote FC WWN Short Option: -n This is a fabric security feature that allows you to only allow the FCIP tunnel to come Long Option: --remote-wwn up when the correct remote WWN is <remote-WWN>...
  • Page 56 Configuration steps TABLE 8 Circuit options Option Argument Disruptive Description Committed rate <committed rate> This option may be used on a portcfg fciptunnel create command or on the portcfg fcipcircuit create command to set a Create behavior: Sets the committed rate for an FCIP circuit. When minimum and maximum this option is used on the portcfg committed rate to the value...
  • Page 57 Configuration steps TABLE 8 Circuit options (Continued) Option Argument Disruptive Description Minimum retransmit Short option: -m The minimum retransmit time, in time milliseconds. The range of valid values is Long option: 20 through 5,000 ms and the default is --min-retrans-time 100 ms.

  • Page 58: Creating Additional Fcip Circuits

    Configuration steps Keep-alive timeout option Consider the following items when configuring the keep-alive timeout option: • A FICON tunnel requires a keep-alive timeout of less than or equal to 1 second for each FCIP circuit added to a tunnel. • If the tunnel is created first with the FICON flag, then the keep-alive timeout for all added circuits will be 1 second (recommended value for FICON configurations).

  • Page 59: Fx8-24

    Configuration steps • ARL minimum and maximum rates are set per circuit. They must be the same on either end of a circuit, but individual circuits may have different rates. • You can configure standby circuits by assigning a metric. In the following example, circuit 2 is used only when circuit 1 fails.

  • Page 60: Creating A Multicircuit Tunnel (Example)

    Creating a multicircuit tunnel (example) Creating a multicircuit tunnel (example) This section provides procedures and applicable commands to create a tunnel containing six circuits between two switches or blades. Figure 13 illustrates an example of these circuits between two FX8-24 blades inside a DCX chassis. Switch 63 Switch 64 Site A...
  • Page 61 Creating a multicircuit tunnel (example) Site B portcfg ipif ge0 create 192.168.0.64 255.255.255.0 1500 portcfg ipif ge1 create 192.168.1.64 255.255.255.0 1500 portcfg ipif ge2 create 192.168.2.64 255.255.255.0 1500 portcfg ipif ge3 create 192.168.3.64 255.255.255.0 1500 portcfg ipif ge4 create 192.168.4.64 255.255.255.0 1500 portcfg ipif ge5 create 192.168.5.64 255.255.255.0 1500 2.
  • Page 62 Creating a multicircuit tunnel (example) 3. Add circuits using the portcfg fcipcircuit command. The command requires the source and destination IP addresses that you assigned to ports in step 1, as well as a bandwidth assignments. The following example commands create six circuits for the FCIP tunnel that you created in step 2.

  • Page 63: Modifying An Fcip Tunnel On A Brocade 7800 Fx8-24 Blade

    Modifying an FCIP tunnel on a Brocade 7800 FX8-24 blade 1 ge1 ---4--s 4m12s 0.00 0.00 1000/1000 2 ge2 ---4--s 4m2s 0.00 0.00 1000/1000 3 ge3 ---4--s 3m50s 0.00 0.00 1000/1000 4 ge4 ---4--s 3m34s 0.00 0.00 1000/1000 5 ge5 ---4--s 2m10s 0.00...

  • Page 64: Deleting An Ip Interface On A Brocade 7800 Fx8-24 Blade

    Deleting an IP interface on a Brocade 7800 FX8-24 blade NOTE You can modify all circuits, including circuit 0, using the portcfg fcipcircuit command. For full details on syntax and using this command, refer to the Fabric OS Command Reference Manual.

  • Page 65: Deleting An Fcip Circuit On A Brocade 7800 Fx8-24 Blade

    Deleting an FCIP circuit on a Brocade 7800 FX8-24 blade CAUTION The fciptunnel delete command does not prompt you to verify your deletion. Be sure you want to delete the tunnel before you press Enter. Deleting an FCIP circuit on a Brocade 7800 FX8-24 blade You can delete individual FCIP circuits using the portCfg fcipcircuit command with the delete option.
  • Page 66 Virtual Fabrics and the Brocade 7800 FX8-24 blade Limitations of port sharing Note the following limitations of port sharing: • Only GbE ports in the default switch can be shared by VE_Ports in different logical switches. A GbE port in a non-default switch can only be used by VE_Ports in that same logical switch. •...

  • Page 67: Fcip On The Fr4-18I Blade

    Chapter FCIP on the FR4-18i Blade In this chapter • FR4-18i blade ..........54 •...

  • Page 68: Fr4-18I Blade

    FR4-18i blade FR4-18i blade Fabric OS v 7.0 and later supports SAN extension between Brocade FR4-18i blades installed on Brocade DCX Data Center Backbone directors. The Brocade FR4-18i blade has 16 physical Fibre Channel ports and 2 physical GbE ports, as illustrated in Figure FIGURE 14 FR4-18i port numbering...

  • Page 69: Fr4-18I Blade Ports

    FCIP design considerations for the FR4-18i blade FR4-18i blade ports Each Brocade FR4-18i blade presents 16 FC ports and 16 virtual ports. Each GbE interface can support up to eight FCIP tunnels which are represented as eight virtual ports on ge0 and 8 virtual ports on ge1.

  • Page 70: Virtual Port Types

    FCIP design considerations for the FR4-18i blade Virtual port types Virtual ports may be defined as VE_Ports or VEX_Ports: • VE_Ports (virtual E_Ports) are used to create interswitch links (ISLs) through an FCIP tunnel. If VE_Ports are used on both ends of an FCIP tunnel, the fabrics connected by the tunnel are merged.

  • Page 71: Compression On Fcip Tunnels

    FCIP services license Compression on FCIP tunnels Data compression can be enabled or disabled on FCIP tunnels. The default setting is to disable compression. Traffic shaping Traffic can be shaped by establishing a rate limit per tunnel. A committed rate guarantees a fixed amount of bandwidth and is assigned to a tunnel.

  • Page 72: L2Cos Quality Of Service

    IPsec implementation over FCIP L2CoS Quality of Service Refer to“VLANs and Layer 2 Quality of Service” on page 24 for a definition of Layer 2 Class of Service (L2CoS). A VLAN is a virtual LAN network. A VLAN may reside within a single physical network, or it can span several physical networks.

  • Page 73: Limitations Using Ipsec Over Fcip Tunnels

    IPsec implementation over FCIP TABLE 10 IPsec terminology (Continued) Term Definition Encapsulating Security Payload is the IPsec protocol that provides confidentiality, data integrity and data source authentication of IP packets, and protection against replay attacks. Internet Key Exchange is defined in RFC 2407, RFC 2408 and RFC 2409. IKEv2 is defined in RFC 4306.

  • Page 74: Ipsec Parameters

    IPsec implementation over FCIP 3. IKE negotiates SA parameters, setting up matching SAs in the peers. Some of the negotiated SA parameters include encryption and authentication algorithms, Diffie-Hellman key exchange, and SA lifetimes. 4. Data is transferred between IPsec peers based on the IPsec parameters and keys stored in the SA database.

  • Page 75: Creating An Ike And Ipsec Policy

    IPsec implementation over FCIP TABLE 12 Modifiable policy parameters (Continued) Parameter Description Security Association lifetime in seconds Security association lifetime in seconds. A new key is renegotiated before seconds expires. seconds must be between 28800 to 250000000 or 0. The default is 28800. PFS (Perfect Forward Secrecy) Applies only to IKE policies.

  • Page 76: Viewing Ipsec Information For An Fcip Tunnel

    Virtual Fabrics and FCIP 2. Enter the following command. policy --delete type number In the syntax, type is the policy type and number is the number assigned. For example, to delete the IPsec policy number 10: switch:admin> policy --delete ipsec 10 The policy has been successfully deleted.

  • Page 77: Options For Enhancing Tape I/O Performance

    Options for enhancing tape I/O performance Options for enhancing tape I/O performance FCIP Fastwrite and Open Systems Tape Pipelining (OSTP) are options available for enhancing open systems SCSI tape write I/O performance. FCIP Fastwrite and OSTP are implemented together. When the FCIP link is the slowest part of the network, consider using FCIP Fastwrite and OSTP. FCIP Fastwrite and OSTP are two features that provide accelerated speeds for read and write I/O over FCIP tunnels in some configurations: OSTP accelerates SCSI read and write I/Os to sequential devices (such as tape drives) over FCIP,...

  • Page 78: Fcip Fastwrite And Ostp Configurations

    Options for enhancing tape I/O performance FCIP Fastwrite and OSTP configurations To help understand the supported configurations, consider the configurations shown in the two figures below. In both cases, there are no multiple equal-cost paths. In Figure 16, there is a single tunnel with Fastwrite and OSTP enabled.

  • Page 79: Unsupported Configurations For Fastwrite And Ostp

    Options for enhancing tape I/O performance Unsupported configurations for Fastwrite and OSTP Configurations illustrated in Figure 18 are not supported with Fastwrite and OSTP. These configurations use multiple equal-cost paths. Tunnel 0 VE-VE or FW=1, TA=1 VEX-VEX FC SAN FC SAN Tunnel 1 FW=1, TA=1 Tunnel 0...

  • Page 80: Fcip Services Configuration Guidelines

    FCIP services configuration guidelines FCIP services configuration guidelines There are multiple configuration requirements and options associated with FCIP services. The following general guidelines may be helpful. The steps are presented in an order that minimizes the number of times ports need to be disabled and enabled. In practice, the steps do not have to be taken in this order.

  • Page 81: Setting Persistently Disabled Ports

    Setting persistently disabled ports Setting persistently disabled ports Ports used on an FCIP tunnel must be persistently disabled before you can configure FCIP tunnels. You must change their state from persistently enabled to persistently disabled. Once the FCIP tunnels have been fully configured on both ends of the tunnel, you can persistently enable the ports.
  • Page 82 Creating IP interfaces and routes NOTE Refer to the Fabric OS Command Reference Manual for full details on command syntax. The following example shows two routes being added to an interface: switch:admin06> portcfg iproute 8/ge0 create 192.168.11.0 255.255.255.0 192.168.100.1 1 switch:admin06>...

  • Page 83: Creating An Fcip Tunnel

    Creating an FCIP tunnel Creating an FCIP tunnel After you have verified licensing and connectivity between source and destination IP interfaces, you can configure FCIP tunnels. As you plan the tunnel configurations, be aware that uncommitted rate tunnels use a minimum of 1000 Kbps, up to a maximum of available uncommitted bandwidth on the GbE port.

  • Page 84: Managing Fcip Tunnels

    Enabling persistently disabled ports on the Brocade 7500 FR4-18i 1. Connect to the switch and log in using an account assigned to the admin role. 2. Verify the FCIP tunnel using the portShow fciptunnel command. The command syntax is as follows.

  • Page 85: Modifying And Deleting Qos Settings

    Managing FCIP tunnels 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portCfg fciptunnel command to modify FCIP tunnels. You must specify at least one characteristic to modify. The command syntax is as follows: portCfg fciptunnel [slot/] ge o|ge1 port modify tunnel_id [-b comm_rate] [-c 0|1] [-s 0|1] [-f 0|1] [-M 0|1] [-k timeout] [-m time] [-q control_dscp] [-Q data_dscp] [-p control_L2Cos] [-P data_L2Cos} [-r retransmissions] [-t 0|1]...

  • Page 86: Deleting An Ip Route On A Brocade 7500 Fr4-18I

    Managing the VLAN tag table switch:admin> portcfg fciptunnel 8/ge0 delete 6 switch:admin> portcfg fciptunnel 8/ge0 delete 7 For full details on syntax and using this command, refer to the Fabric OS Command Reference Manual. Deleting an IP route on a Brocade 7500 FR4-18i The following command deletes an IP route for a specified IPv4 address.

  • Page 87: Fcip Management And Troubleshooting

    Chapter FCIP Management and Troubleshooting In this chapter • Inband management..........73 •...

  • Page 88: Ip Routing

    Inband management IP routing The inband management interfaces are separate from the existing IP interfaces currently used for FCIP. These interfaces exist on the CP and are added and maintained on the CP routing table to ensure end-to-end connectivity. Because this routing table will be shared among all devices on the CP, including the management interface, precautions must be taken to ensure that proper connectivity is maintained.
  • Page 89 Inband management 7800 L1 Configure the inband management interfaces. portcfg mgmtif ge0 create 192.168.3.10 255.255.255.0 7800 R1 Configure the inband management interfaces. portcfg mgmtif ge0 create 192.168.3.20 255.255.255.0 Management station Access the Brocade 7800 switches through the external inband management station. telnet 192.168.3.10 Management station on a different subnet example The example configuration in...
  • Page 90 Inband management 7800 L1 1. Configure the inband management interfaces. portcfg mgmtif ge0 create 192.168.1.10 255.255.255.0 2. Configure the inband management route for the management station. portcfg mgmtroute ge0 create 192.168.3.0 255.255.255.0 192.168.1.250 7800 R1 1. Configure the inband management interfaces. portcfg mgmtif ge0 create 192.168.2.20 255.255.255.0 2.
  • Page 91 Inband management Management Router C Workstation 192.168.3.250 172.0.1.3 192.168.3.30 192.168.3.31 Router A Router B 172.0.1.0 Subnet 172.0.1.1 172.0.1.2 192.168.1.250 192.168.4.250 192.168.1.10 192.168.2.20 192.168.4.10 192.168.5.21 7800 L1 7800 R1 10.1.1.10 10.1.2.20 FIGURE 21 Redundant connection to management station 7800 L1 1. Configure the inband management interfaces. portcfg mgmtif ge0 create 192.168.1.10 255.255.255.0 portcfg mgmtif ge1 create 192.168.4.10 255.255.255.0 2.

  • Page 92: Vlan Tagging Support

    Inband management 2. Access the 7800 switches through the external inband management interfaces. telnet 192.168.1.10 VLAN tagging support To add VLAN tag entries to the VLAN tag table for inband management interfaces, use the --mgmt or -m option with the portcfg vlantag command. Complete the following steps: 1.
  • Page 93 Inband management For this example, you must configure the following: • On the management station: IP address 10.1.1.1/24 (defined) IP route to 192.168.3.20/32 via 10.1.1.10 • On the 7800 L1: CP Management address 10.1.1.10/24 Inband management address 192.168.3.10/24 IP filter forward rule with destination IP address 192.168.3.20 •...

  • Page 94: Wan Performance Analysis Tools

    WAN performance analysis tools WAN performance analysis tools WAN analysis tools are designed to test connections, trace routes, and estimate the end-to-end IP path performance characteristics between a pair of Brocade FCIP port endpoints. These tools are available as options on the portCmd command. The following options are available: •...
  • Page 95 WAN performance analysis tools The previous display shows VE_Port 16 as up, but a switchshow command for that same VE _Port will show the following: switch:admin> switchshow | grep 16 631000 Offline The Tperf command determines the path characteristics to a remote host or tunnel destination. The syntax is as follows: portcmd - -tperf [slot/] <VE_port number>...

  • Page 96: The Ipperf Option

    WAN performance analysis tools The ipperf option NOTE The ipperf option is for FR4-18i blades. It does not work with 7800 switches and FX8-24 blades. The ipperf option allows you to specify the slot and port information for displaying performance statistics for a pair of ports.

  • Page 97: Ipperf Performance Statistics

    WAN performance analysis tools Ipperf performance statistics Table 15 lists the end-to-end IP path performance statistics that you can display using the portCmd ipperf command and option. TABLE 15 WAN tool performance characteristics Characteristic Description Bandwidth Indicates the total packets and bytes sent. Bytes/second estimates are maintained as a weighted average with a 30 second sampling frequency and also as an average rate over the entire test run.

  • Page 98: Ipperf Options

    WAN performance analysis tools 2. Configure the sender test endpoint using a similar CP CLI. The syntax for invoking the sender test endpoint using ipperf for slot8, port ge0 on an FR4-18i is as follows: portcmd --ipperf 8/ge0 -s 192.168.255.100 -d 192.168.255.10 –S For details of portcmd --ipperf syntax and output examples, refer to the Fabric OS Command Reference Manual.

  • Page 99: Portshow Command Usage

    Portshow command usage For details of command syntax and output examples, refer to the Fabric OS Command Reference Manual. Portshow command usage Use the portshow command to display operational information for Brocade 7800 switches, Brocade FX8-24 blades, and Brocade FR4-18i blades. The Fabric OS Command Reference Manual provides complete descriptions of portshow command syntax and options.

  • Page 100: Displaying Performance Statistics

    Portshow command usage Displaying performance statistics Display a summary of performance statistics for tunnels and circuits using the circuit, perf, and summary options as in the following example. switch:admin> portshow fciptunnel all --circuit --perf --summary For details of command syntax and output examples, refer to the Fabric OS Command Reference Manual.

  • Page 101: Displaying Fcip Tunnel Performance

    Portshow command usage Displaying FCIP tunnel performance (7800 switch and FX8-24 blade) The following example will display performance statistics for a tunnel on a 7800 switch. switch:admin> portshow fciptunnel 17 --perf For details of command syntax and output examples, refer to the Fabric OS Command Reference Manual.

  • Page 102: Displaying Qos Prioritization For A Circuit

    FCIP tunnel issues Displaying QoS prioritization for a circuit The following example will display QoS prioritization for an FCIP circuit on a 7800 switch. switch:admin> portshow fcipcircuit 20 1 --perf --qos For details of command syntax and output examples, refer to the Fabric OS Command Reference Manual.
  • Page 103 FCIP tunnel issues 2. Confirm IP configuration is correct on both tunnel endpoints using the following command. portshow ipif ge1 3. Enter the portCmd ping command to the remote tunnel endpoint from both endpoints. The -s value is the source IP address; the –d value is the destination IP address. portcmd --ping ge1 -s 11.1.1.1 -d 11.1.1.2 If the command is successful, then you have IP connectivity and your tunnel should come up.

  • Page 104: Fcip Links

    FCIP links 3. Confirm that traffic shaping is configured to limit the bandwidth to available using one of the following commands: portShow fciptunnel all -perf –params (FR4-18i blade) portShow fciptunnel all -perf --tcp -c (7800 switch and FX8-24 blade) Examine data from both routers. This data shows retransmissions indicating input and output rates on the tunnels.

  • Page 105: Ftrace Concepts

    FTRACE concepts • portTrace --show all • portTrace --status For issue specific to tunnel ports, run and collect the data from the following commands: • slotShow • portShow [slot number/]<geport number> If possible, run and collect the data from the following commands: •...
  • Page 106 FTRACE concepts For the FR4-18i blade, FTRACE must be manually configured and enabled using the appropriate Fabric OS command. Root access is required. Fabric OS FCIP Administrator’s Guide 53-1002474-01...

  • Page 107: Index

    Index Numerics 10GbE lossless failover failover in TI zones 7800 switch FCIP configuring a GbE port configuration guidelines configuring an IP route configuring VEX_Ports creating and FCIP circuit creating a tunnel creating interfaces creating routes DSCP gathering additional information IP compression Adaptive Rate Limiting (ARL) IPsec changeable parameters IPsec configuration...
  • Page 108 FR4-18i blade NAT limitation for IPsec (FR4-18i) frontend bandwidth NAT support for FR4-18i blade FSPF link cost calculation when ARL is used FTRACE, configuring FX8-24 blade removal Open Systems Tape Pipelining (OSTP) over-subscription guidelines for tunnels GbE port mode on the FX8-24 blade ping for crossport addresses port sharing port sharing limitations...
  • Page 109 WAN analysis tools XISL enabling for VE ports Fabric OS FCIP Administrator’s Guide 53-1002474-01...
  • Page 110 Fabric OS FCIP Administrator’s Guide 53-1002474-01...

This manual is also suitable for:

6505

Table of Contents