Hardware-enforced loop and NPIV hard zoning for fibre channel switch fabric

US 7,978,695 B2
Filed: 09/20/2007
Issued: 07/12/2011
Est. Priority Date: 06/05/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of routing frames in Fibre Channel switching, comprising:

receiving a frame at a source port of a Fibre Channel Fabric, wherein the frame includes a 24 bit source identifier (S_ID) and the frame includes a 24 bit destination identifier (D_ID) including 8 least significant bits to identify loop and N_Port ID Virtualization (NPIV) destinations;

routing the frame from the source port to its destination port; and

validating the frame at the destination port, wherein validating the frame at the destination port includes;

producing a destination zone mask for arbitrated loops and NPIV using the 8 least significant bits of the D_ID received at the destination port, wherein producing the destination zone mask includes using a programmable table that includes an entry for every allowed 8 least significant bits and that includes a destination zone mask associated with the allowed 8 least significant bits of the D_ID for the entry;

producing a source zone mask for the arbitrated loops and NPIV associated with the 24 bit S_ID received at the destination port;

comparing the S_ID of the frame received at the destination port against all entries of S_ID stored in an inclusion list of sources permitted to be transmitted to the destination port; and

if a match is found when comparing the S_ID of the frame against all entries of the S_ID, comparing the source zone mask associated with the S_ID against the destination zone mask, wherein the destination zone mask and the source zone mask have at least one bit that matches for valid frames; and

if the frame is valid, transmitting the frame through the destination port.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Hardware-enforced zoning is provided in Fiber Channel switches to protect against breaching of assigned zones in a switch network which can occur with software-based zoning techniques. The invention provides logic for performing a hardware-based validation of the Source ID S_ID of frames both at the point where the frame enters the Fiber Channel fabric, and at the point where the frame leaves the fabric. The S_ID is verified against an inclusion list or table of allowable S_IDs, which can be unique for each fabric port. The invention provides a way to increase the range of sources an inclusion table can express, by implementing wild cards, on an entry-by entry basis. If the S_ID is valid, it will enter the fabric and route normally. If invalid, the frame will not be routed but will be disposed of by the fabric according to FC rules. This prevents incorrect S_IDs from breaching the table-driven zoning at the point where frames exit the fabric, to prevent unauthorized access to devices connected to the switch network.

62 Citations

View as Search Results

16 Claims

1. A method of routing frames in Fibre Channel switching, comprising:
- receiving a frame at a source port of a Fibre Channel Fabric, wherein the frame includes a 24 bit source identifier (S_ID) and the frame includes a 24 bit destination identifier (D_ID) including 8 least significant bits to identify loop and N_Port ID Virtualization (NPIV) destinations;
  
  routing the frame from the source port to its destination port; and
  
  validating the frame at the destination port, wherein validating the frame at the destination port includes;
  
  producing a destination zone mask for arbitrated loops and NPIV using the 8 least significant bits of the D_ID received at the destination port, wherein producing the destination zone mask includes using a programmable table that includes an entry for every allowed 8 least significant bits and that includes a destination zone mask associated with the allowed 8 least significant bits of the D_ID for the entry;
  
  producing a source zone mask for the arbitrated loops and NPIV associated with the 24 bit S_ID received at the destination port;
  
  comparing the S_ID of the frame received at the destination port against all entries of S_ID stored in an inclusion list of sources permitted to be transmitted to the destination port; and
  
  if a match is found when comparing the S_ID of the frame against all entries of the S_ID, comparing the source zone mask associated with the S_ID against the destination zone mask, wherein the destination zone mask and the source zone mask have at least one bit that matches for valid frames; and
  
  if the frame is valid, transmitting the frame through the destination port.
- View Dependent Claims (3, 4)
- - 3. The method of claim 1, wherein producing the destination zone mask includes programming the programmable table.
  - 4. The method of claim 1, wherein the source port has a Native ID, and wherein:
    - routing the frame from the source port to its destination port includes validating the frame at the source port; and
      
      validating the frame at the source port includes comparing the S_ID of the frame received at the source port to the Native ID of the source port.

2. A method of routing frames in Fibre Channel switching, comprising:
- receiving a frame at a source port of a Fibre Channel Fabric, wherein the frame includes a 24 bit source identifier (S_ID) and the frame includes a 24 bit destination identifier (D_ID) including 8 least significant bits to identify loop and N_Port ID Virtualization (NPIV) destinations;
  
  routing the frame from the source port to its destination port; and
  
  validating the frame at the destination port, including;
  
  producing a destination zone mask for arbitrated loops and NPIV using the 8 least significant bits of the D_ID received at the destination port and producing a source zone mask for the arbitrated loops and NPIV associated with the 24 bit S_ID received at the destination port; and
  
  comparing the source zone mask to the destination zone mask; and
  
  if the frame is valid, transmitting the frame through the destination port, wherein;
  
  validating the frame at the destination port includes;
  
  comparing the S_ID of the frame against all entries of S_ID stored in an inclusion list of sources permitted to be transmitted to the destination port; and
  
  if a match is found when comparing the S_ID of the frame against all entries of S_ID, comparing the source zone mask associated with the S_ID against the destination zone mask;
  
  comparing the S_ID of the frame against all entries of S_ID stored in the inclusion list includes simultaneously comparing the S_ID of the frame against all entries of S_ID stored in the inclusion list;
  
  the S_ID includes 16 least significant bits, and the inclusion list is configured to allow wild card designations to disable the comparison of either the 8 least significant bits of the S_ID or the 16 least significant bits of the S_ID;
  
  if a single match is found when comparing the S_ID of the frame against all entries of S_ID, providing a hit to a hard zoning state machine that enables the frame to be accepted; and
  
  if more than one match is found when comparing the S_ID of the frame against all entries of S_ID, providing a multiple hit to the hard zoning state machine that rejects the frame.

5. A Fibre Channel switch, comprising:
- a source port connectable to receive a frame, wherein the frame includes a 24 bit source identifier (S_ID), and the frame includes a 24 bit destination identifier (D_ID) including 8 least significant bits to identify loop and N_Port ID Virtualization (NPIV) destinations;
  
  a router operative to route the frame through a fabric of the switch;
  
  a destination port configured to receive the frame routed through the fabric;
  
  a destination port S_ID validator configured to validate the frame received at the destination port, the validator including;
  
  an inclusion table of allowed S_IDs;
  
  an S_ID comparator configured to compare the S_ID of the frame received at the destination port to the inclusion table of allowable S_IDs to identify an S_ID match;
  
  a source zone mask generator configured to generate a source zone mask for the frame with the S_ID match;
  
  a destination zone mask generator configured to compare the 8 least significant D_ID bits of the frame received at the destination port to a list of allowable loop and NPIV destinations and generate a destination zone mask if the 8 least significant bits of the frame received at the destination port is allowable; and
  
  a hard zoning comparator configured to compare the destination zone mask to the source zone mask, wherein the destination zone mask and the source zone mask match for valid frames.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
- - 6. The Fibre Channel switch of claim 5, wherein the S_ID comparator is configured to simultaneously compare the S_ID of the frame received at the destination port to all allowable S_IDs in the inclusion table.
  - 7. The Fibre Channel switch of claim 5, wherein the inclusion table is configured to express a designation defining a range of allowable S_IDs exceptions to the range.
  - 8. The Fibre Channel switch of claim 5, wherein:
    - the S_ID comparator is configured to generate an S_ID hit signal when a single entry of the allowable S_IDs matches the S_ID of the frame received at the destination port; and
      
      the hard zoning comparator is configured to receive the S_ID hit signal, and enable the frame received at the destination port to be accepted in response to receiving the S_ID hit signal.
  - 9. The Fibre Channel switch of claim 5, wherein:
    - the S_ID comparator is configured to generate an S_ID multiple hit signal when more than one entry of the allowable S_IDs matches the S_ID of the frame received at the destination port; and
      
      the hard zoning comparator is configured to receive the S_ID multiple hit signal, and reject the frame received at the destination port.
  - 10. The Fibre Channel switch of claim 5, further comprising a programmable hard zoning enable storage element, wherein the hard zoning comparator is configured to be disabled or enabled based on a programmed state of the hard zoning enable storage element.
  - 11. The Fibre Channel switch of claim 5, wherein:
    - the S_ID comparator is configured to generate a mux select signal representative of the allowable S_ID that resulted in the S_ID match; and
      
      the source zone mask generator is a mux configured to receive mux select signal, and is configured to generate the source zone mask for the allowable S_ID that resulted in the S_ID match.
  - 12. The Fibre Channel switch of claim 5, wherein inclusion table of allowed S_IDs is configured to be programmed by a fabric manager, and the list of allowable 8 least significant D_ID bits is configured to be programmed by the fabric manager.
  - 13. The Fibre Channel switch of claim 5, wherein the source port includes a Native ID, the switch further comprising an S_ID validator associated with the source port and operable to compare the frame S_ID to the Native ID of the source port.

14. A Fibre Channel switch, comprising:
- means for receiving a frame at a source port, wherein the frame includes a 24 bit source identifier (S_ID), and the frame includes a 24 bit destination identifier (D_ID) including 8 least significant bits to identify loop and N_Port ID Virtualization (NPIV) destinations;
  
  means for routing the frame from the source port to its destination port; and
  
  means for validating the frame at the destination port before accepting the frame for transmission at the destination port, wherein the means for validating the frame at the destination port includes;
  
  means for producing a destination zone mask for arbitrated loops and NPIV using the 8 least significant bits of the D_ID received at the destination port, wherein the means for producing the destination zone mask includes means for using a table that includes an entry for every allowed 8 least significant bits and that includes a destination zone mask associated with the allowed 8 least significant bits of the D_ID for the entry;
  
  means for producing a source zone mask for the arbitrated loops and NPIV associated with the S_ID received at the destination port;
  
  means for comparing the S_ID of the frame received at the destination port against all entries of S_ID stored in an inclusion list of sources permitted to be transmitted to the destination port; and
  
  means for comparing the source zone mask associated with the S_ID to the destination mask if a match is found when the S_ID of the frame is compared against all entries of the S_ID, wherein the destination zone mask and the source zone mask have at least one bit that matches for valid frames.
- View Dependent Claims (15, 16)
- - 15. The Fibre Channel switch of claim 14, wherein the means for validating the frame at the destination port includes means for defining a range of allowable S_ID values and at least one exception to the range.
  - 16. The Fibre Channel switch of claim 14, wherein the source port includes a Native ID, and the means for routing the frame from the source port to its destination port includes means for comparing the S_ID of the frame received at the source port to the Native ID of the source port to validate the frame at the source port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cavium, LLC (Marvell Technology Group Limited)
Original Assignee
Qlogic Switch Products Incorporated (Marvell Technology Group Limited)
Inventors
George, William R., Dropps, Frank R.
Primary Examiner(s)
Ton; Dang T
Assistant Examiner(s)
Zhao; Wei

Application Number

US11/858,684
Publication Number

US 20080095152A1
Time in Patent Office

1,391 Days
Field of Search

370/389, 370/466, 395/286
US Class Current

370/389
CPC Class Codes

H04L 49/3009 Header conversion, routing ...

H04L 49/357 Fibre channel switches

Hardware-enforced loop and NPIV hard zoning for fibre channel switch fabric

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware-enforced loop and NPIV hard zoning for fibre channel switch fabric

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links