Hardware-enforced loop-level hard zoning for fibre channel switch fabric
First Claim
1. A method of hard-zoning protection for loop-level addresses in Fibre Channel switching, comprising:
- receiving a frame at a port of a Fibre Channel fabric;
comparing the S_ID of the frame to the native ID of the port, and based on the comparison, routing a valid frame to its destination F_Port or FL_Port;
at the destination port, comparing the frame'"'"'s S_ID to an includion list of sources permitted under the zoning to transmit to the destination port and for loop-level addresses, comparing the zone of the destination and the zone of the source;
for valid frames, transmitting the frame through the destination port to the attached device or loop of devices.
8 Assignments
0 Petitions
Accused Products
Abstract
Hardware-enforced zoning is provided in Fibre Channel switches to protect against breaching of assigned zones in a switch network which can occur with software-based zoning techniques. The invention provides logic for performing a hardware-based validation of the Source ID S_ID of frames both at the point where the frame enters the Fibre Channel fabric, and at the point where the frame leaves the fabric. The S_ID is verified against an inclusion list or table of allowable S_IDs, which can be unique for each fabric port. The invention provides a way to increase the range of sources an inclusion table can express, by implementing wild cards, on an entry-by entry basis. If the S_ID is valid, it will enter the fabric and route normally. If invalid, the frame will not be routed but will be disposed of by the fabric according to FC rules. This prevents incorrect S_IDs from breaching the table-driven zoning at the point where frames exit the fabric, to prevent unauthorized access to devices connected to the switch network.
139 Citations
12 Claims
-
1. A method of hard-zoning protection for loop-level addresses in Fibre Channel switching, comprising:
-
receiving a frame at a port of a Fibre Channel fabric;
comparing the S_ID of the frame to the native ID of the port, and based on the comparison, routing a valid frame to its destination F_Port or FL_Port;
at the destination port, comparing the frame'"'"'s S_ID to an includion list of sources permitted under the zoning to transmit to the destination port and for loop-level addresses, comparing the zone of the destination and the zone of the source;
for valid frames, transmitting the frame through the destination port to the attached device or loop of devices. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A Fibre Channel switch, comprising:
-
a port connectable as a source port to receive frames;
an S_ID validator associated with the source port and operable to compare the frame S_ID to the native ID or the source port when used as a F_Port or FL_Port, and operative to route valid frames through the switch fabric;
a port receiving a frame routed through the fabric as a destination F_Port or FL_Port having a unique inclusion table of valid S_IDs and zones for devices and loop devices attached to the port according to defined zoning;
a destination port S_ID validator operably associated with the destination port to compare S_ID and zones of frames routed to it through the fabric against the inclusion list and to transmit only frames with valid sources and zones to the devices and loop devices attached to the port. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification
-
- Resources
-
Current AssigneeCavium, LLC (Marvell Technology Group Limited)
-
Original AssigneeQlogic Switch Products Incorporated (Marvell Technology Group Limited)
-
InventorsDropps, Frank R., George, William R.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current370/389
-
CPC Class CodesH04L 49/3009 Header conversion, routing ...H04L 49/351 for local area network [LAN...H04L 49/357 Fibre channel switchesH04L 49/40 Constructional details, e.g...H04L 63/101 Access control lists [ACL]Y10S 707/99939 Privileged access
