HARDWARE-ENFORCED LOOP AND NPIV HARD ZONING FOR FIBRE CHANNEL SWITCH FABRIC

US 20080095152A1
Filed: 09/20/2007
Published: 04/24/2008
Est. Priority Date: 06/05/2000
Status: Active Grant

First Claim

Patent Images

1. A method of hard-zoning protection for loop-level addresses in Fibre Channel switching, comprising:

receiving a frame at a port of a Fibre Channel fabric;

comparing the S_ID of the frame to the native ID of the port, and based on the comparison, routing a valid frame to its destination port;

at the destination port, comparing the frame'"'"'s S_ID to an inclusion list of sources permitted under the zoning to transmit to the destination port and for loop addresses and N Port ID Virtualization (NPIV) addresses, comparing the zone of the destination and the zone of the source;

for valid frames, transmitting the frame through the destination port.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Hardware-enforced zoning is provided in Fibre Channel switches to protect against breaching of assigned zones in a switch network which can occur with software-based zoning techniques. The invention provides logic for performing a hardware-based validation of the Source ID S_ID of frames both at the point where the frame enters the Fibre Channel fabric, and at the point where the frame leaves the fabric. The S_ID is verified against an inclusion list or table of allowable S_IDs, which can be unique for each fabric port. The invention provides a way to increase the range of sources an inclusion table can express, by implementing wild cards, on an entry-by entry basis. If the S_ID is valid, it will enter the fabric and route normally. If invalid, the frame will not be routed but will be disposed of by the fabric according to FC rules. This prevents incorrect S_IDs from breaching the table-driven zoning at the point where frames exit the fabric, to prevent unauthorized access to devices connected to the switch network.

Citations

25 Claims

1. A method of hard-zoning protection for loop-level addresses in Fibre Channel switching, comprising:
- receiving a frame at a port of a Fibre Channel fabric;
  
  comparing the S_ID of the frame to the native ID of the port, and based on the comparison, routing a valid frame to its destination port;
  
  at the destination port, comparing the frame'"'"'s S_ID to an inclusion list of sources permitted under the zoning to transmit to the destination port and for loop addresses and N Port ID Virtualization (NPIV) addresses, comparing the zone of the destination and the zone of the source;
  
  for valid frames, transmitting the frame through the destination port.
- View Dependent Claims (2, 3, 4)
- - 2. A method according to claim 1 wherein comparing the frame S_ID to an inclusion list includes simultaneous comparison of S_IDs using a content addressable memory associated with the destination port.
  - 3. A method according to claim 1 wherein the inclusion list includes wild card designations to disable the comparison of Fibre Channel Port value or Port and Area value.
  - 4. A method according to claim 1 wherein the inclusion list includes an entry defining a range of S_ID values, and additional entries defining exceptions to the range, and wherein the comparison of permitted S_IDs is based on the range and exceptions.

5. A Fibre Channel switch, comprising:
- a port connectable as a source port to receive frames;
  
  an S_ID validator associated with the source port and operable to compare the frame S_ID to the native ID of the source port when used as a F_Port, F_Port supporting N_Port ID Virtualization (NPIV), or FL_Port, and operative to route valid frames through the switch fabric;
  
  a port receiving a frame routed through the fabric as a destination port having a unique inclusion table of valid S_IDs and zones;
  
  a destination port S_ID validator operably associated with the destination port to compare S_ID and zones of frames routed to it through the fabric against the inclusion list and to transmit only frames with valid sources and zones through the destination port to loop and NPIV destinations.
- View Dependent Claims (6, 7, 8, 9)
- - 6. A Fibre Channel switch according to claim 5, wherein the destination port S_ID validator includes a content addressable memory operative to simultaneously compare the frame S_ID to entries in inclusion table.
  - 7. A Fibre Channel switch according to claim 5, wherein the defined zoning includes multiple zones or multiple overlapping zones.
  - 8. A Fibre Channel switch according to claim 5, wherein the inclusion table includes wild card designations and wherein the destination port validator is operable in response thereto to disable the comparison of Fibre Channel Port value or Port and Area value.
  - 9. A Fibre Channel switch according to claim 5, wherein the inclusion table can express a designation defining a range of S_ID values and additional entries defining exceptions to the range, and wherein the destination port validator is operable in response thereto accept the range but not the exceptions.

10. A method of routing frames in Fibre Channel switching, comprising:
- receiving a frame at a source port of a Fibre Channel Fabric, wherein the frame includes a 24 bit source identifier (S_ID) and the frame includes a 24 bit destination identifier (D_ID) including 8 least significant bits to identify loop and N_Port ID Virtualization (NPIV) destinations;
  
  routing the frame from the source port to its destination port; and
  
  validating the frame at the destination port, including;
  
  producing a destination zone mask for arbitrated loops and NPIV using the 8 least significant bits of the D_ID received at the destination port and producing a source zone mask for arbitrated loops and NPIV associated with the 24 bit S_ID received at the destination port; and
  
  comparing the source zone mask to the destination zone mask; and
  
  if the frame is valid, transmitting the frame through the destination port.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10, wherein:
    - validating the frame at the destination port includes;
      
      comparing the S_ID of the frame against all entries of S_ID stored in an inclusion list of sources permitted to be transmitted to the destination port; and
      
      if a match is found when comparing the S_ID of the frame against all entries of S_ID, comparing the source zone mask associated with the S_ID against the destination zone mask;
      
      comparing the S_ID of the frame against all entries of S_ID stored in the inclusion list includes simultaneously comparing the S_ID of the frame against all entries of S_ID stored in the inclusion list;
      
      the S_ID includes 16 least significant bits, and the inclusion list is configured to allow wild card designations to disable the comparison of either the 8 least significant bits of the S_ID or the 16 least significant bits of the S_ID;
      
      if a single match is found when comparing the S_ID of the frame against all entries of S_ID, providing a hit to a hard zoning state machine that enables the frame to be accepted; and
      
      if more than one match is found when comparing the S_ID of the frame against all entries of S_ID, providing a multiple hit to a hard zoning state machine that rejects the frame.
  - 12. The method of claim 10, wherein producing the destination zone mask using the 8 least significant bits of the D ID received at the destination port includes programming a table that includes an entry for every allowed 8 least significant bits, wherein each entry includes a destination zone mask associated with the allowed 8 least significant bits of the D ID for the entry.
  - 13. The method of claim 10, wherein the source port has a Native ID, and wherein:
    - routing the frame from the source port to its destination port includes validating the frame at the source port; and
      
      validating the frame at the source port includes comparing the S_ID of the frame received at the source port to the Native ID of the source port.

14. A Fibre Channel switch, comprising:
- a source port connectable to receive a frame, wherein the frame includes a 24 bit source identifier (S_ID), and the frame includes a 24 bit destination identifier (D ID) including 8 least significant bits to identify loop and N_Port ID Virtualization (NPIV) destinations;
  
  a router operative to route the frame through a fabric of the switch;
  
  a destination port configured to receive the frame routed through the fabric;
  
  a destination port S_ID validator configured to validate the frame received at the destination port, the validator including;
  
  an inclusion table of allowed S_IDs;
  
  an S_ID comparator configured to compare the S_ID of the frame received at the destination port to the inclusion table of allowable S_IDs to identify an S_ID match;
  
  a source zone mask generator configured to generate a source zone mask for the frame with the S_ID match;
  
  a destination zone mask generator configured to compare the 8 least significant D_ID bits of the frame received at the destination port to a list of allowable loop and NPIV destinations and generate a destination zone mask if the 8 least significant bits of the frame received at the destination port is allowable; and
  
  a hard zoning comparator configured to compare the destination zone mask to the source zone mask, wherein the destination zone mask and the source zone mask match for valid frames.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The Fibre Channel switch of claim 14, wherein the S_ID comparator is configured to simultaneously compare the S_ID of the frame received at the destination port to all allowable S_IDs in the inclusion table
  - 16. The Fibre Channel switch of claim 14, wherein the inclusion table is configured to express a designation defining a range of allowable S_IDs exceptions to the range.
  - 17. The Fibre Channel switch of claim 14, wherein:
    - the S_ID comparator is configured to generate an S_ID hit signal when a single entry of the allowable S_IDs matches the S_ID of the frame received at the destination port; and
      
      the hard zoning comparator is configured to receive the S_ID hit signal, and enable the frame received at the destination port to be accepted in response to receiving the S_ID hit signal.
  - 18. The Fibre Channel switch of claim 14, wherein:
    - the S_ID comparator is configured to generate an S_ID multiple hit signal when more than one entry of the allowable S_IDs matches the S_ID of the frame received at the destination port; and
      
      the hard zoning comparator is configured to receive the multiple S_ID hit signal, and reject the frame received at the destination port.
  - 19. The Fibre Channel switch of claim 14, further comprising a programmable hard zoning enable storage element, wherein the hard zoning comparator is configured to be disabled or enabled based on a programmed state of the hard zoning enable storage element.
  - 20. The Fibre Channel switch of claim 14, wherein:
    - the S_ID comparator is configured to generate a mux select signal representative of the allowable S_ID that resulted in the S_ID match; and
      
      the source zone mask generator is a mux configured to receive mux select signal, and is configured to generate the source zone mask for the allowable S_ID that resulted in the S_ID match.
  - 21. The Fibre Channel switch of claim 14, wherein inclusion table of allowed S_IDs is configured to be programmed by a fabric manager, and the list of allowable 8 least significant D_ID bits is configured to be programmed by the fabric manager.
  - 22. The Fibre Channel switch of claim 14, wherein the source port includes a Native ID, the switch further comprising an S_ID validator associated with the source port and operable to compare the frame S_ID to the Native ID of the source port.

23. A Fibre Channel switch, comprising:
- means for receiving a frame at a source port, wherein the frame includes a 24 bit source identifier (S_ID), and the frame includes a 24 bit destination identifier (D_ID) including 8 least significant bits to identify loop and N Port ID Virtualization (NPIV) destinations;
  
  means for routing the frame from the source port to its destination port; and
  
  means for validating the frame at the destination port before accepting the frame for transmission at the destination port, including;
  
  means for producing a destination zone mask for arbitrated loops and NPIV using the 8 least significant bits of the D_ID received at the destination port and producing a source zone mask for arbitrated loops and NPIV associated with the S_ID received at the destination port; and
  
  means for comparing the source zone mask to the destination mask.
- View Dependent Claims (24, 25)
- - 24. The Fibre Channel switch of claim 23, wherein the means for validating the frame at the destination port includes means for defining a range of allowable S_ID values and at least one exception to the range.
  - 25. The Fibre Channel switch of claim 23, wherein the source port includes a Native ID, and the means for routing the frame from the source port to its destination port includes means for comparing the S_ID of the frame received at the source port to the Native ID of the source port to validate the frame at the source port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cavium, LLC (Marvell Technology Group Limited)
Original Assignee
Qlogic Switch Products Incorporated (Marvell Technology Group Limited)
Inventors
George, William, Dropps, Frank

Granted Patent

US 7,978,695 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 49/3009 Header conversion, routing ...

H04L 49/357 Fibre channel switches

HARDWARE-ENFORCED LOOP AND NPIV HARD ZONING FOR FIBRE CHANNEL SWITCH FABRIC

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

HARDWARE-ENFORCED LOOP AND NPIV HARD ZONING FOR FIBRE CHANNEL SWITCH FABRIC

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links