ACCESS CONTROL LIST MANAGEMENT IN AN FCoE ENVIRONMENT

US 20090296726A1
Filed: 06/03/2009
Published: 12/03/2009
Est. Priority Date: 06/03/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

sending a deregister message through an Ethernet bridge to a Fibre Channel Forwarder (FCF) of a fabric in a Fibre Channel over Ethernet (FCoE) network, the deregister message including a MAC address of a virtual machine (VM) and instructing the FCF to temporarily suspend its fabric session with the VM.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Fibre Channel Forwarder (FCF) suspends a fabric session with a virtual machine (VM) in response to receipt of a deregister message from the virtual machine through an Ethernet bridge and transmits a deregister acceptance message to the VM. The Ethernet bridge detects the messages and updates its Access Control List (ACL) to remove the MAC address of the VM. While the fabric session is suspended, a virtual machine may migrate to another physical machine without terminating its connection to the fabric. After migration, the FCF resumes its fabric session with the VM in response to receipt of a register message from the VM through a second Ethernet bridge. The FCF responds to the register message with a register acceptance message. The Ethernet bridge detects the messages and updates its Access Control List (ACL) to add the MAC address of the VM.

241 Citations

27 Claims

1. A method, comprising:
- sending a deregister message through an Ethernet bridge to a Fibre Channel Forwarder (FCF) of a fabric in a Fibre Channel over Ethernet (FCoE) network, the deregister message including a MAC address of a virtual machine (VM) and instructing the FCF to temporarily suspend its fabric session with the VM.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method according to claim 1, wherein the deregister message further instructs the FCF to suspend checking for a loss of Link Keep Alive messaging for a predefined duration.
  - 3. A method according to claim 1, wherein the deregister message further instructs the FCF to suspend the fabric session for a predetermined period of time.
  - 4. A method according to claim 1, further comprising:
    - initiating migration of the virtual machine from a first physical machine to a second physical machine, after sending the deregister messages through the Ethernet bridge to the FCF.
  - 5. A method according to claim 1, further comprising:
    - detecting the deregister acceptance message at Ethernet bridge coupled between the VM and the FCF; and
      
      updating an Access Control List (ACL) of the Ethernet bridge by removing the MAC address of the VM.
  - 6. A method according to claim 5, further comprising:
    - detecting the deregister message at the Ethernet bridge using Fibre Channel over Ethernet Initialization Protocol (FIP) snooping.
  - 7. A method according to claim 1, further comprising:
    - sending a deregister acceptance message from the FCF through the Ethernet bridge to the VM to acknowledge receipt of the deregister message at the FCF.
  - 8. A method according to claim 7, further comprising:
    - detecting the deregister acceptance message at the Ethernet bridge; and
      
      updating the Access Control List (ACL) of the Ethernet bridge by removing the MAC address of the VM.

9. A method, comprising:
- migrating a virtual machine connected to a fabric in a Fibre Channel over Ethernet (FCoE) network from a first physical machine in the FCoE network to a second physical machine in the FCoE network while maintaining a connection with the fabric.
- View Dependent Claims (10)
- - 10. A method according to claim 9, wherein the fabric connection is suspended during the migrating.

11. A method, comprising:
- sending a register message through an Ethernet bridge to a Fibre Channel Forwarder (FCF) of a fabric in a Fibre Channel over Ethernet (FCoE) network, the register message including the MAC address of a virtual machine (VM) and instructing the FCF to resume a fabric session with the VM.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. A method according to claim 11, further comprising:
    - receiving migration of the VM before sending the register message.
  - 13. A method according to claim 11, wherein the register message further instructs the FCF to resume checking for a loss of Link Keep Alive messaging.
  - 14. A method according to claim 11, further comprising:
    - detecting the register message at the Ethernet bridge; and
      
      adding the MAC address of the VM to an Access Control List (ACL) of the Ethernet bridge.
  - 15. A method according to claim 11, further comprising:
    - sending a register acceptance message from the FCF to the VM through the Ethernet bridge to acknowledge receipt of the register message at the FCF.
  - 16. A method according to claim 11, further comprising:
    - detecting the register acceptance message from the FCF at the Ethernet bridge; and
      
      adding the MAC address of the VM to an Access Control List (ACL) of the Ethernet bridge.

17. A method, comprising:
- updating an Access Control List (ACL) of an Ethernet bridge connectable to a Fibre Channel over Ethernet (FCoE) network based on a detected message.
- View Dependent Claims (18, 23)
- - 18. A method according to claim 17, wherein the detected message is destined for an FCF in the FCoE network.
  - 23. Apparatus according to claim 18, wherein the Ethernet bridge is communicatively coupled to a virtual machine (VM) and removes a MAC address of a VM from the ACL in response to detection of a deregister acceptance message.

19. Apparatus, comprising:
- an Ethernet bridge including memory storing an Access Control List (ACL) configured to detect a message addressed to another device on a FCoE network, wherein the Ethernet bridge updates the ACL in accordance with the detected message.
- View Dependent Claims (20, 21, 22)
- - 20. Apparatus according to claim 19, wherein the Ethernet bridge is communicatively coupled to a virtual machine (VM) and adds a MAC address of the VM to the ACL in response to detection of a register message.
  - 21. Apparatus according to claim 19, wherein the Ethernet bridge is communicatively coupled to a virtual machine (VM) and adds a MAC address of a VM to the ACL in response to detection of a register acceptance message.
  - 22. Apparatus according to claim 19, wherein the Ethernet bridge is communicatively coupled to a virtual machine (VM) and removes a MAC address of a VM from the ACL in response to detection of a deregister message.

24. Apparatus, comprising:
- a Fibre Channel Forwarder (FCF) device configured to suspend and restore a fabric session with a virtual machine.
- View Dependent Claims (25, 26)
- - 25. Apparatus according to claim 24, wherein the FCF is further configured to suspend the fabric session with a virtual machine in response to receipt of a deregister message.
  - 26. Apparatus according to claim 24, wherein the FCF is further configured to resume the fabric session with a virtual machine in response to receipt of a register message.

27. A system, comprising:
- a Fibre Channel Forwarder (FCF) device configured to suspend and restore fabric sessions on an FCoE network;
  
  a first Ethernet bridge including a memory storing an Access Control List (ACL) and configured to detect a deregister message addressed to the FCF and update the ACL in accordance with the deregister message; and
  
  a second Ethernet bridge including a memory storing an Access Control List (ACL) and configured to detect a register message addressed to the FCF and update the ACL in accordance with the register message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Brocade Communications Systems, Inc. (Broadcom, Inc.)
Original Assignee
Brocade Communications Systems, Inc. (Broadcom, Inc.)
Inventors
Snively, Robert Norman, Ghanwani, Anoop, Snively, Sandra

Application Number

US12/477,816
Publication Number

US 20090296726A1
Time in Patent Office

Days
Field of Search
US Class Current

370/401
CPC Class Codes

H04L 45/66   Layer 2 routing, e.g. in Et...

H04L 49/351   for local area network [LAN...

H04L 49/357   Fibre channel switches

H04L 49/602   Multilayer or multiprotocol...

H04L 49/70   Virtual switches

H04L 67/1097   for distributed storage of ...

ACCESS CONTROL LIST MANAGEMENT IN AN FCoE ENVIRONMENT

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

241 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESS CONTROL LIST MANAGEMENT IN AN FCoE ENVIRONMENT

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

241 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links