U.S. patent application number 12/259197 was filed with the patent office on 2009-07-02 for lun based hard zoning in fibre channel switches.
Invention is credited to Frank R. Dropps, William J. Gustafson, Gary M. Papenfuss.
Application Number | 20090168772 12/259197 |
Document ID | / |
Family ID | 34084965 |
Filed Date | 2009-07-02 |
United States Patent
Application |
20090168772 |
Kind Code |
A1 |
Dropps; Frank R. ; et
al. |
July 2, 2009 |
LUN BASED HARD ZONING IN FIBRE CHANNEL SWITCHES
Abstract
A method and system for implementing LUN based hard zoning in a
fibre channel network is provided. A LUN field in a Fibre Channel
SCSI command frame is compared with a list of LUNS that are allowed
for a particular frame source; and the frame is forwarded if the
LUN is allowed for the frame source. The comparison is performed by
a port receiving the frame by using an address look up table
("ALUT"). Hard zoning is based on various frame fields and/or ALUT
control codes. Also provided is a method for processing a reply to
a SCSI REPORT LUN command from an initiator. The method includes,
intercepting a reply to a REPORT LUN command; editing the reply to
remove unauthorized LUNs; and sending the edited reply to the
initiator.
Inventors: |
Dropps; Frank R.; (Maple
Grove, MN) ; Gustafson; William J.; (Apple Valley,
MN) ; Papenfuss; Gary M.; (St. Paul, MN) |
Correspondence
Address: |
KLEIN, O'NEILL & SINGH, LLP
43 CORPORATE PARK, SUITE 204
IRVINE
CA
92606
US
|
Family ID: |
34084965 |
Appl. No.: |
12/259197 |
Filed: |
October 27, 2008 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
10894492 |
Jul 20, 2004 |
7466700 |
|
|
12259197 |
|
|
|
|
60503812 |
Sep 19, 2003 |
|
|
|
60537933 |
Jan 21, 2004 |
|
|
|
60488757 |
Jul 21, 2003 |
|
|
|
60532965 |
Dec 29, 2003 |
|
|
|
60504038 |
Sep 19, 2003 |
|
|
|
60495212 |
Aug 14, 2003 |
|
|
|
60495165 |
Aug 14, 2003 |
|
|
|
60503809 |
Sep 19, 2003 |
|
|
|
60505381 |
Sep 23, 2003 |
|
|
|
60505195 |
Sep 23, 2003 |
|
|
|
60557613 |
Mar 30, 2004 |
|
|
|
60505075 |
Sep 23, 2003 |
|
|
|
60504950 |
Sep 19, 2003 |
|
|
|
60532967 |
Dec 29, 2003 |
|
|
|
60532966 |
Dec 29, 2003 |
|
|
|
60550250 |
Mar 4, 2004 |
|
|
|
60569436 |
May 7, 2004 |
|
|
|
60532963 |
Dec 29, 2003 |
|
|
|
60572197 |
May 18, 2004 |
|
|
|
Current U.S.
Class: |
370/389 |
Current CPC
Class: |
G06F 21/85 20130101 |
Class at
Publication: |
370/389 |
International
Class: |
H04L 12/56 20060101
H04L012/56 |
Claims
1-30. (canceled)
31. A method for a switch element having a port for receiving and
transmitting network information, comprising: (a) configuring the
port for intercepting a reply to a command received from an
initiator requesting information regarding a logical unit number
(LUN) at a target using LUN zoning; wherein the port intercepts the
reply to the command and routes the reply to a processor for the
switch element; (b) editing the reply to the command; wherein the
processor edits the reply to delete information regarding any LUN
that the initiator is not authorized to access; and (c) sending the
edited reply to the initiator without the deleted unauthorized LUN
information in step (b).
32. The method of claim 31, wherein the command is a REPORT LUN
command used for discovering a LUN on a small computer systems
interface (SCSI) storage device.
33. The method of claim 31, wherein an alias cache for the port is
configured to identify the reply to the command which is routed to
the processor if the target uses LUN zoning.
34. The method of claim 33, wherein after the edited reply is sent
to the initiator, the processor clears the alias cache entries
associated with the reply.
35. The method of claim 31, wherein the port identifies the reply
to the command by matching one or more fields in the reply with one
or more fields of the command.
36. The method of claim 31, wherein the port is configured to route
the command to the processor.
37. The method of claim 36, wherein based on the fields in the
command, the processor determines if the target is using LUN zoning
and configures the port to automatically route the reply to the
command to the processor for editing.
38. A method for a switch element having a port for receiving and
transmitting information, comprising: (a) configuring the port for
intercepting a reply to a command received from an initiator
requesting information regarding a logical unit number (LUN) at a
target using LUN zoning; wherein the port identifies the reply to
the command by matching one or more fields in the reply with one or
more fields of the command and routes the reply to a processor for
the switch element; and wherein the port also routes the command to
the processor and the processor determines if the target is using
LUN zoning and configures the port to automatically route the reply
to the command to the processor; (b) editing the reply to the
command; wherein the processor edits the reply to delete
information regarding any LUN that the initiator is not authorized
to access; and (c) sending the edited reply to the initiator
without the deleted unauthorized LUN information in step (b).
39. The method of claim 38, wherein the command is a REPORT LUN
command used for discovering a LUN on a small computer systems
interface (SCSI) storage device.
40. The method of claim 38, wherein an alias cache for the port is
configured to identity the reply to the command, which is routed to
the processor if the target uses LUN zoning.
41. The method of claim 40, wherein after the edited reply is sent
to the initiator, the processor clears the alias cache entries
associated with the reply.
42. A switch element tor receiving and transmitting information,
comprising: (a) a port for receiving and transmitting the
information; wherein the port is configured to intercept a reply to
a command received from an initiator requesting information
regarding a logical unit number (LUN) at a target using LUN zoning;
wherein after the port intercepts the reply to the command, the
port routes the reply to a processor for the switch element; and
wherein the processor edits the reply to delete information
regarding any LUN that the initiator is not authorized to access;
and the port sends the edited reply to the initiator without the
deleted unauthorized LUN information.
43. The switch element of claim 42, wherein the command is a REPORT
LUN command used for discovering a LUN on a small computer systems
interface (SCSI) storage device.
44. The switch element of claim 42, wherein the port includes an
alias cache that is configured to identify the reply to the
command.
45. The switch element of claim 44, wherein after the edited reply
is sent to the initiator, the processor clears the alias cache
entries associated with the reply.
46. The switch element of claim 42, wherein the port identifies the
reply to the command by matching one or more fields in the reply
with one or more fields of the command.
47. The switch element of claim 42, wherein the port routes the
command to the processor.
48. The method of claim 47, wherein based on the fields in the
command, the processor determines if the target is using LUN zoning
and configures the port to automatically route the reply to the
command to the processor for editing.
Description
CROSS REFERENCE TO RELATED APPLICATIONS:
[0001] This application claims priority under 35 U.S.C. .sctn.
119(e) (1) to the following provisional patent applications:
[0002] Filed on Sep. 19, 2003, Ser. No. 60/503,812, entitled
"Method and System for Fibre Channel Switches";
[0003] Filed on Jan. 21, 2004, Ser. No. 60/537,933 entitled "Method
And System For Routing And Filtering Network Data Packets In Fibre
Channel Systems";
[0004] Filed on Jul. 21, 2003, Ser. No. 60/488,757, entitled
"Method and System for Selecting Virtual Lanes in Fibre Channel
Switches";
[0005] Filed on Dec. 29, 2003, Ser. No. 60/532,965, entitled
"Programmable Pseudo Virtual Lanes for Fibre Channel Systems";
[0006] Filed on Sep. 19, 2003, Ser. No. 60/504,038, entitled
"Method and System for Reducing Latency and Congestion in Fibre
Channel Switches;
[0007] Filed on Aug. 14, 2003, Ser. No. 60/495,212, entitled
"Method and System for Detecting Congestion and Over Subscription
in a Fibre channel Network"
[0008] Filed on Aug. 14, 2003, Ser. No. 60/495,165, entitled "LUN
Based Hard Zoning in Fibre Channel Switches";
[0009] Filed on Sep. 19, 2003, Ser. No. 60/503,809, entitled "Multi
Speed Cut Through Operation in Fibre Channel Switches"
[0010] Filed on Sep. 23, 2003, Ser. No. 60/505,381, entitled
"Method and System for Improving bandwidth and reducing Idles in
Fibre Channel Switches";
[0011] Filed on Sep. 23, 2003, Ser. No. 60/505,195, entitled
"Method and System for Keeping a Fibre Channel Arbitrated Loop Open
During Frame Gaps";
[0012] Filed on Mar. 30, 2004, Ser. No. 60/557,613, entitled
"Method and System for Congestion Control based on Optimum
Bandwidth Allocation in a Fibre Channel Switch";
[0013] Filed on Sep. 23, 2003, Ser. No. 60/505,075, entitled
"Method and System for Programmable Data Dependent Network
Routing";
[0014] Filed on Sep. 19, 2003, Ser. No. 60/504,950, entitled
"Method and System for Power Control of Fibre Channel
Switches";
[0015] Filed on Dec. 29, 2003, Ser. No. 60/532,967, entitled
"Method and System for Buffer to Buffer Credit recovery in Fibre
Channel Systems Using Virtual and/or Pseudo Virtual Lane"
[0016] Filed on Dec. 29, 2003, Ser. No. 60/532,966, entitled
"Method And System For Using Extended Fabric Features With Fibre
Channel Switch Elements"
[0017] Filed on Mar. 4, 2004, Ser. No. 60/550,250,
[0018] entitled "Method And System for Programmable Data Dependent
Network Routing"
[0019] Filed on May 7, 2004, Ser. No. 60/569,436, entitled "Method
And System For Congestion Control In A Fibre Channel Switch"
[0020] Filed on May 18, 2004, Ser. No. 60/572,197, entitled "Method
and System for Configuring Fibre Channel Ports" and
[0021] Filed on Dec. 29, 2003, Ser. No. 60/532,963 entitled "Method
and System for Managing Traffic in Fibre Channel Switches".
[0022] The disclosure of the foregoing applications is incorporated
herein by reference in their entirety.
BACKGROUND
[0023] 2. Field of the Invention
[0024] The present invention relates to fibre channel systems, and
more particularly to LUN based hard zoning in fibre channel
switches.
[0025] 2. Background of the Invention
[0026] Fibre channel is a set of American National Standard
Institute (ANSI) standards, which provide a serial transmission
protocol for storage and network protocols such as HIPPI, SCSI, IP,
ATM and others. Fibre channel provides an input/output interface to
meet the requirements of both channel and network users.
[0027] Fibre channel supports three different topologies:
point-to-point, arbitrated loop and fibre channel fabric. The
point-to-point topology attaches two devices directly. The
arbitrated loop topology attaches devices in a loop. The fibre
channel fabric topology attaches host systems directly to a fabric,
which are then connected to multiple devices. The fibre channel
fabric topology allows several media types to be
interconnected.
[0028] Fibre channel is a closed system that relies on multiple
ports to exchange information on attributes and characteristics to
determine if the ports can operate together. If the ports can work
together, they define the criteria under which they
communicate.
[0029] In fibre channel, a path is established between two nodes
where the path's primary task is to transport data from one point
to another at high speed with low latency, performing only simple
error detection in hardware.
[0030] Fibre channel fabric devices include a node port or "N_Port"
that manages fabric connections. The N_port establishes a
connection to a fabric element (e.g., a switch) having a fabric
port or F_port. Fabric elements include the intelligence to handle
routing, error detection, recovery, and similar management
functions.
[0031] A fibre channel switch is a multi-port device where each
port manages a simple point-to-point connection between itself and
its attached system. Each port can be attached to a server,
peripheral, I/O subsystem, bridge, hub, router, or even another
switch. A switch receives messages from one port and automatically
routes it to another port. Multiple calls or data transfers happen
concurrently through the multi-port fibre channel switch.
[0032] Fibre channel switches use memory buffers to hold frames
received and sent across a network. Associated with these buffers
are credits, which are the number of frames that a buffer can hold
per fabric port.
[0033] Fibre Channel allows the use of Small Computer System
Interface ("SCSI") protocol in storage area networks. SCSI storage
devices are sub-divided into multiple Logical Unit Numbers
(LUNs).
[0034] In Fibre Channel Fabrics, zoning is used to control access
of devices attached to the Fabric to other devices. Hard Zoning is
zoning that is enforced on individual frames sent from one end-user
device to another end-user device by preventing delivery of frames
across zone boundaries.
[0035] Conventional techniques and standards do not allow secure
LUN based zoning for fibre channel switches. Hence, this can result
in inadvertent or malicious access by a device (s) that are not
supposed to use a particular LUN.
[0036] Therefore, what is required is a process and system that can
enforce secure; LUN based hard zoning for fibre channel
switches.
SUMMARY OF THE PRESENT INVENTION
[0037] In one aspect of the present invention, a method for
implementing LUN based hard zoning in a fibre channel network is
provided. The method includes, comparing a LUN field in a Fibre
Channel SCSI command frame with a list of LUNS that are allowed for
a particular frame source; and forwarding the frame if the LUN is
allowed for the frame source. The comparison is performed by a port
receiving the frame by using an address look up table ("ALUT").
[0038] In yet another aspect of the present invention, a method for
processing a reply to a SCSI REPORT LUN command from an initiator
is provided. The method includes, intercepting a reply to a REPORT
LUN command; editing the reply to remove unauthorized LUNs; and
sending the edited reply to the initiator. An alias cache is set up
to identify a reply to a SCSI REPORT LUN command and route the
reply to a processor if a target for the REPORT LUN command is
using LUN zoning.
[0039] In yet another aspect of the present invention, a Fibre
Channel switch element for implementing LUN based hard zoning is
provided. The switch element includes, means for comparing a LUN
field in a Fibre Channel SCSI command frame with a list of LUNS
that are allowed for a particular frame source; and means for
forwarding the frame if the LUN is allowed for the frame source. A
port receiving the frame by using an ALUT performs the
comparison.
[0040] This brief summary has been provided so that the nature of
the invention may be understood quickly. A more complete
understanding of the invention can be obtained by reference to the
following detailed description of the preferred embodiments thereof
concerning the attached drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0041] The foregoing features and other features of the present
invention will now be described with reference to the drawings of a
preferred embodiment. In the drawings, the same components have the
same reference numerals. The illustrated embodiment is intended to
illustrate, but not to limit the invention. The drawings include
the following Figures:
[0042] FIG. 1A shows an example of a Fibre Channel network
system;
[0043] FIG. 1B shows an example of a Fibre Channel switch element,
according to one aspect of the present invention;
[0044] FIG. 1C shows a block diagram of a 20-channel switch
chassis, according to one aspect of the present invention;
[0045] FIG. 1D shows a block diagram of a Fibre Channel switch
element with sixteen GL_Ports and four 10G ports, according to one
aspect of the present invention;
[0046] FIGS. 2A-2B (jointly referred to as FIG. 2) show another
block diagram of a Fibre Channel switch element with sixteen
GL_Ports and four 10G ports, according to one aspect of the present
invention;
[0047] FIGS. 3A/3B (jointly referred to as FIG. 3) show a block
diagram of a GL_Port, according to one aspect of the present
invention;
[0048] FIGS. 4A/4B (jointly referred to as FIG. 3) show a block
diagram of XG_Port (10G) port, according to one aspect of the
present invention;
[0049] FIGS. 5A-5B (collectively referred to herein as FIG. 5),
show a system according to one aspect of the present invention for
LUN based hard zoning;
[0050] FIG. 6 shows a flow diagram for modifying SCSI LUN reports,
according to one aspect of the present invention; and
[0051] FIG. 7A-7B (collectively referred to as FIG. 7) show a flow
diagram for LUN based hard zoning frame processing, according to
one aspect of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0052] Definitions:
[0053] The following definitions are provided as they are typically
(but not exclusively) used in the fibre channel environment,
implementing the various adaptive aspects of the present
invention.
[0054] "E-Port": A fabric expansion port that attaches to another
Interconnect port to create an Inter-Switch Link.
[0055] "F_Port": A port to which non-loop N_Ports are attached to a
fabric and does not include FL_ports.
[0056] "Fibre channel ANSI Standard": The standard (incorporated
herein by reference in its entirety) describes the physical
interface, transmission and signaling protocol of a high
performance serial link for support of other high level protocols
associated with IPI, SCSI, IP, ATM and others.
[0057] "FC-1": Fibre channel transmission protocol, which includes
serial encoding, decoding and error control.
[0058] "FC-2": Fibre channel signaling protocol that includes frame
structure and byte sequences.
[0059] "FC-3": Defines a set of fibre channel services that are
common across plural ports of a node.
[0060] "FC-4": Provides mapping between lower levels of fibre
channel, IPI and SCSI command sets, HIPPI data framing, IP and
other upper level protocols.
[0061] "Fabric": The structure or organization of a group of
switches, target and host devices (NL_Port, N_ports etc.).
[0062] "Fabric Topology": This is a topology where a device is
directly attached to a fibre channel fabric that uses destination
identifiers embedded in frame headers to route frames through a
fibre channel fabric to a desired destination.
[0063] "FC-FS": Fibre channel standard (incorporated herein by
reference in its entirety) for framing and signaling, which
includes frame structure, basic link maintenance and login, and
sequence and exchange operation, incorporated herein by reference
in its entirety.
[0064] "FC-FCP-2": Fibre Channel protocol for mapping SCSI to Fibre
Channel.
[0065] "FCP_CMND": Fibre Channel frame defined in FC-FCP-2 standard
that carries SCSI commands.
[0066] "FCP_DATA": Fibre Channel frame defined in FC-FCP-2 standard
(incorporated herein by reference in its entirety) that carries
SCSI data.
[0067] "FL_Port": A L_Port that is able to perform the function of
a F_Port, attached via a link to one or more NL_Ports in an
Arbitrated Loop topology,
[0068] "Inter-Switch Link": A Link directly connecting the E_port
of one switch to the E_port of another switch.
[0069] "Port": A general reference to N. Sub.--Port or F.
Sub.--Port.
[0070] "L_Port": A port that contains Arbitrated Loop functions
associated with the Arbitrated Loop topology.
[0071] "LUN": Logical Unit Number that identifies a sub-unit within
a SCSI device (per the SAM-2 standard, incorporated herein by
reference in its entirety).
[0072] "N-Port": A direct fabric attached port.
[0073] "NL_Port": A L_Port that can perform the function of a
N_Port.
[0074] "R_CTL" An 8 bit Fibre Channel frame header field that
identifies the type of frame (per the FC-FS standard).
[0075] "SAM-2"--The standard for SCSI Architecture Model 2,
incorporated herein by reference in its entirety.
[0076] "SCSI": Small Computer Systems Interface.
[0077] "S_ID": Fibre Channel frame header field containing the
source address (per the FC-FS standard).
[0078] "SCSI initiator": A SCSI device that initiates a SCSI
input/output ("I/O") operation.
[0079] "SPC-2": Standard for SCSI Primary Commands incorporated
herein by reference in its entirety.
[0080] "SCSI target": A SCSI device that responds to I/O operations
from a SCSI initiator and typically is a storage device.
[0081] "Switch": A fabric element conforming to the Fibre Channel
Switch standards.
[0082] In one aspect of the present invention, hard zoning is
extended to SCSI LUNs so that a SCSI initiator can access some LUNs
associated with a particular Fibre Channel port, but is denied
access to others. A method is also provided for fibre channel
switch to intercept and edit "SCSI REPORT LUNS" command so that
SCSI initiators do not try to access LUNs that they are not allowed
to use, hence, avoiding extra error reporting.
[0083] In another aspect of the present invention, by implementing
LUN based hard zoning on a Fibre Channel switch allows secure
access to individual LUNs on SCSI devices by preventing inadvertent
or malicious access by devices that are not supposed to use a
particular LUN.
[0084] Fibre Channel System:
[0085] To facilitate an understanding of the preferred embodiment,
the general architecture and operation of a fibre channel system
will be described. The specific architecture and operation of the
preferred embodiment will then be described with reference to the
general architecture of the fibre channel system.
[0086] FIG. 1A is a block diagram of a fibre channel system 100
implementing the methods and systems in accordance with the
adaptive aspects of the present invention. System 100 includes
plural devices that are interconnected. Each device includes one or
more ports, classified as node ports (N_Ports), fabric ports
(F_Ports), and expansion ports (E_Ports). Node ports may be located
in a node device, e.g. server 103, disk array 105 and storage
device 104. Fabric ports are located in fabric devices such as
switch 101 and 102. Arbitrated loop 106 may be operationally
coupled to switch 101 using arbitrated loop ports (FL_Ports).
[0087] The devices of FIG. 1A are operationally coupled via "links"
or "paths". A path may be established between two N_ports, e.g.
between server 103 and storage 104. A packet-switched path may be
established using multiple links, e.g. an N-Port in server 103 may
establish a path with disk array 105 through switch 102.
[0088] FABRIC SWITCH ELEMENT
[0089] FIG. 1B is a block diagram of a 20-port ASIC fabric element
according to one aspect of the present invention. FIG. 1B provides
the general architecture of a 20-channel switch chassis using the
20-port fabric element. Fabric element includes ASIC 20 with
non-blocking fibre channel class 2 (connectionless, acknowledged)
and class 3 (connectionless, unacknowledged) service between any
ports. It is noteworthy that ASIC 20 may also be designed for class
1 (connection-oriented) service, within the scope and operation of
the present invention as described, herein.
[0090] The fabric element of the present invention is presently
implemented as a single CMOS ASIC, and for this reason the term
"fabric element" and ASIC are used interchangeably to refer to the
preferred embodiments in this specification. Although FIG. 1B shows
20 ports, the present invention is not limited to any particular
number of ports.
[0091] ASIC 20 has 20 ports numbered in FIG. 1B as GL0 through
GL19. These ports are generic to common Fibre Channel port types,
for example, F_Port, FL_Port and E-Port. In other words, depending
upon what it is attached to, each GL port can function as any type
of port. Also, the GL port may function as a special port useful in
fabric element linking, as described below.
[0092] For illustration purposes only, all GL ports are drawn on
the same side of ASIC 20 in FIG. 1B. However, the ports may be
located on both sides of ASIC 20 as shown in other figures. This
does not imply any difference in port or ASIC design. Actual
physical layout of the ports will depend on the physical layout of
the ASIC.
[0093] Each port GL0-GL19 has transmit and receive connections to
switch crossbar 50. One connection is through receive buffer 52,
which functions to receive and temporarily hold a frame during a
routing operation. The other connection is through a transmit
buffer 54.
[0094] Switch crossbar 50 includes a number of switch crossbars for
handling specific types of data and data flow control information.
For illustration purposes only, switch crossbar 50 is shown as a
single crossbar. Switch crossbar 50 is a connectionless crossbar
(packet switch) of known conventional design, sized to connect
21.times.21 paths. This is to accommodate 20 GL ports plus a port
for connection to a fabric controller, which may be external to
ASIC 20.
[0095] In the preferred embodiments of switch chassis described
herein, the fabric controller is a firmware-programmed
microprocessor, also referred to as the input/out processor
("IOP"). IOP 66 is shown in FIG. 1C as a part of a switch chassis
utilizing one or more of ASIC 20. As seen in FIG. 1B,
bi-directional connection to IOP 66 is routed through port 67,
which connects internally to a control bus 60. Transmit buffer 56,
receive buffer 58, control register 62 and Status register 64
connect to bus 60. Transmit buffer 56 and receive buffer 58 connect
the internal connectionless switch crossbar 50 to IOP 66 so that it
can source or sink frames.
[0096] Control register 62 receives and holds control information
from IOP 66, so that IOP 66 can change characteristics or operating
configuration of ASIC 20 by placing certain control words in
register 62. IOP 66 can read status of ASIC 20 by monitoring
various codes that are placed in status register 64 by monitoring
circuits (not shown).
[0097] FIG. 1C shows a 20-channel switch chassis S2 using ASIC 20
and IOP 66. S2 will also include other elements, for example, a
power supply (not shown). The 20 GL ports correspond to channel
C0-C19. Each GL port has a serial/deserializer (SERDES) designated
as S0-S19. Ideally, the SERDES functions are implemented on ASIC 20
for efficiency, but may alternatively be external to each GL
port.
[0098] Each GL port has an optical-electric converter, designated
as OE0-OE19 connected with its SERDES through serial lines, for
providing fibre optic input/output connections, as is well known in
the high performance switch design. The converters connect to
switch channels C0-C19. It is noteworthy that the ports can connect
through copper paths or other means instead of optical-electric
converters.
[0099] FIG. 1D shows a block diagram of ASIC 20 with sixteen GL
ports and four 10 G (Gigabyte) port control modules designated as
XG0-XG3 for four 10G ports designated as XGP0-XGP3. ASIC 20 include
a control port 62A that is coupled to IOP 66 through a PCI
connection 66A.
[0100] FIG. 1E-1/1E-2 (jointly referred to as FIG. 1E) show yet
another block diagram of ASIC 20 with sixteen GL and four XG port
control modules. Each GL port control module has a Receive port
(RPORT) 69 with a receive buffer (RBUF) 69A and a transmit port 70
with a transmit buffer (TBUF) 70A, as described below in detail. GL
and XG port control modules are coupled to physical media devices
("PMD") 76 and 75 respectively.
[0101] Control port module 62A includes control buffers 62B and 62D
for transmit and receive sides, respectively. Module 62A also
includes a PCI interface module 62C that allows interface with IOP
66 via a PCI bus 66A.
[0102] XG_Port (for example 74B) includes RPORT 72 with RBUF 71
similar to RPORT 69 and RBUF 69A and a TBUF and TPORT similar to
TBUF 70A and TPORT 70. Protocol module 73 interfaces with SERDES to
handle protocol based functionality.
[0103] GL Port:
[0104] FIGS. 3A-3B (referred to as FIG. 3) show a detailed block
diagram of a GL port as used in ASIC 20. GL port 300 is shown in
three segments, namely, receive segment (RPORT) 310, transmit
segment (TPORT) 312 and common segment 311.
[0105] Receive Segment of GL Port:
[0106] Frames enter through link 301 and SERDES 302 converts data
into 10-bit parallel data to fibre channel characters, which are
then sent to receive pipe ("Rpipe" may also be referred to as
"Rpipe1" or "Rpipe2") 303A via a de-multiplexer (DEMUX) 303. Rpipe
303A includes, parity module 305 and decoder 304. Decoder 304
decodes 10B data to 8B and parity module 305 adds a parity bit.
Rpipe 303A also performs various Fibre Channel standard functions
such as detecting a start of frame (SOF), end-of frame (EOF),
Idles, R_RDYs (fibre channel standard primitive) and the like,
which are not described since they are standard functions.
[0107] Rpipe 303A connects to smoothing FIFO (SMF) module 306 that
performs smoothing functions to accommodate clock frequency
variations between remote transmitting and local receiving
devices.
[0108] Frames received by RPORT 310 are stored in receive buffer
(RBUF) 69A, (except for certain Fibre Channel Arbitrated Loop (AL)
frames). Path 309 shows the frame entry path, and all frames
entering path 309 are written to RBUF 69A as opposed to the AL path
308.
[0109] Cyclic redundancy code (CRC) module 313 further processes
frames that enter GL port 300 by checking CRC and processing errors
according to FC_PH rules. The frames are subsequently passed to
RBUF 69A where they are steered to an appropriate output link. RBUF
69A is a link receive buffer and can hold multiple frames.
[0110] Reading from and writing to RBUF 69A are controlled by RBUF
read control logic ("RRD") 319 and RBUF write control logic ("RWT")
307, respectively. RWT 307 specifies which empty RBUF 69A slot will
be written into when a frame arrives through the data link via
multiplexer ("Mux") 313B, CRC generate module 313A and EF (external
proprietary format) module 314. EF module 314 encodes proprietary
(i.e. non-standard) format frames to standard Fibre Channel 8B
codes. Mux 313B receives input from Rx Spoof module 314A, which
encodes frames to a proprietary format (if enabled). RWT 307
controls RBUF 69A write addresses and provide the slot number to
tag writer ("TWT") 317.
[0111] RRD 319 processes frame transfer requests from RBUF 69A.
Frames may be read out in any order and multiple destinations may
get copies of the frames.
[0112] Steering state machine (SSM) 316 receives frames and
determines the destination for forwarding the frame. SSM 316
produces a destination mask, where there is one bit for each
destination. Any bit set to a certain value, for example, 1,
specifies a legal destination, and there can be multiple bits set,
if there are multiple destinations for the same frame (multicast or
broadcast).
[0113] SSM 316 makes this determination using information from
alias cache 315, steering registers 316A, control register 326
values and frame contents. IOP 66 writes all tables so that correct
exit path is selected for the intended destination port
addresses.
[0114] The destination mask from SSM 316 is sent to TWT 317 and a
RBUF tag register (RTAG) 318. TWT 317 writes tags to all
destinations specified in the destination mask from SSM 316. Each
tag identifies its corresponding frame by containing an RBUF 69A
slot number where the frame resides, and an indication that the tag
is valid.
[0115] Each slot in RBUF 69A has an associated set of tags, which
are used to control the availability of the slot. The primary tags
are a copy of the destination mask generated by SSM 316. As each
destination receives a copy of the frame, the destination mask in
RTAG 318 is cleared. When all the mask bits are cleared, it
indicates that all destinations have received a copy of the frame
and that the corresponding frame slot in RBUF 69A is empty and
available for a new frame.
[0116] RTAG 318 also has frame content information that is passed
to a requesting destination to pre-condition the destination for
the frame transfer. These tags are transferred to the destination
via a read multiplexer (RMUX) (not shown).
[0117] Transmit Segment of GL Port:
[0118] Transmit segment ("TPORT") 312 performs various transmit
functions. Transmit tag register (TTAG) 330 provides a list of all
frames that are to be transmitted. Tag Writer 317 or common segment
311 write TTAG 330 information. The frames are provided to
arbitration module ("transmit arbiter" ("TARB")) 331, which is then
free to choose which source to process and which frame from that
source to be processed next.
[0119] TTAG 330 includes a collection of buffers (for example,
buffers based on a first-in first out ("FIFO") scheme) for each
frame source. TTAG 330 writes a tag for a source and TARB 331 then
reads the tag. For any given source, there are as many entries in
TTAG 330 as there are credits in RBUF 69A.
[0120] TARB 331 is activated anytime there are one or more valid
frame tags in TTAG 330. TARB 331 preconditions its controls for a
frame and then waits for the frame to be written into TBUF 70A.
After the transfer is complete, TARB 331 may request another frame
from the same source or choose to service another source.
[0121] TBUF 70A is the path to the link transmitter. Typically,
frames don't land in TBUF 70A in their entirety. Mostly, frames
simply pass through TBUF 70A to reach output pins, if there is a
clear path.
[0122] Switch Mux 332 is also provided to receive output from
crossbar 50. Switch Mux 332 receives input from plural RBUFs (shown
as RBUF 00 to RBUF 19), and input from CPORT 62A shown as CBUF 1
frame/status. TARE 331 determines the frame source that is selected
and the selected source provides the appropriate slot number. The
output from Switch Mux 332 is sent to ALUT 323 for S_ID spoofing
and the result is fed into TBUF Tags 333.
[0123] TMUX ("TxMUX") 339 chooses which data path to connect to the
transmitter. The sources are: primitive sequences specified by IOP
66 via control registers 326 (shown as primitive 339A), and signals
as specified by Transmit state machine ("TSM") 346, frames
following the loop path, or steered frames exiting the fabric via
TBUF 70A.
[0124] TSM 346 chooses the data to be sent to the link transmitter,
and enforces all fibre Channel rules for transmission. TSM 346
receives requests to transmit from loop state machine 320, TBUF 70A
(shown as TARB request 346A) and from various other IOP 66
functions via control registers 326 (shown as IBUF Request 345A).
TSM 346 also handles all credit management functions, so that Fibre
Channel connectionless frames are transmitted only when there is
link credit to do so.
[0125] Loop state machine ("LPSM") 320 controls transmit and
receive functions when GL_Port is in a loop mode. LPSM 320 operates
to support loop functions as specified by FC-AL-2.
[0126] IOP buffer ("IBUF") 345 provides IOP 66 the means for
transmitting frames for special purposes.
[0127] Frame multiplexer ("Frame Mux" or "Mux") 336 chooses the
frame source, while logic (TX spoof 334) converts D_ID and S_ID
from public to private addresses. Frame Mux 336 receives input from
Tx Spoof module 334, TBUF tags 333, and Mux 335 to select a frame
source for transmission.
[0128] EF (external proprietary format) module 338 encodes
proprietary (i.e. non-standard) format frames to standard Fibre
Channel 8B codes and CRC module 337 generates CRC data for the
outgoing frames.
[0129] Modules 340-343 put a selected transmission source into
proper format for transmission on an output link 344. Parity 340
checks for parity errors, when frames are encoded from 8B to 10B by
encoder 341, marking frames "invalid", according to Fibre Channel
rules, if there was a parity error. Phase FIFO 342A receives frames
from encode module 341 and the frame is selected by Mux 342 and
passed to SERDES 343. SERDES 343 converts parallel transmission
data to serial before passing the data to the link media. SERDES
343 may be internal or external to ASIC 20.
[0130] Common Segment of GL Port:
[0131] As discussed above, ASIC 20 include common segment 311
comprising of various modules. LPSM 320 has been described above
and controls the general behavior of TPORT 312 and RPORT 310.
[0132] A loop look up table ("LLUT") 322 and an address look up
table system ("ALUT") 323 is used for private loop proxy addressing
and hard zoning managed by firmware.
[0133] Common segment 311 also includes control register 326 that
controls bits associated with a GL_Port, status register 324 that
contains status bits that can be used to trigger interrupts, and
interrupt mask register 325 that contains masks to determine the
status bits that will generate an interrupt to IOP 66. Common
segment 311 also includes AL control and status register 328 and
statistics register 327 that provide accounting information for FC
management information base ("MIB").
[0134] Output from status register 324 may be used to generate a Fp
Peek function. This allows a status register 324 bit to be viewed
and sent to the CPORT.
[0135] Output from control register 326, statistics register 327
and register 328 (as well as 328A for an X_Port, shown in FIG. 4)
is sent to Mux 329 that generates an output signal (FP Port Reg
Out).
[0136] Output from Interrupt register 325 and status register 324
is sent to logic 335 to generate a port interrupt signal (FP Port
Interrupt).
[0137] BIST module 321 is used for conducting embedded memory
testing.
[0138] XG Port
[0139] FIGS. 4A-4B (referred to as FIG. 4) show a block diagram of
a 10G Fibre Channel port control module (XG FPORT) 400 used in ASIC
20. Various components of XG FPORT 400 are similar to GL port
control module 300 that are described above. For example, RPORT 310
and 310A, Common Port 311 and 311A, and TPORT 312 and 312A have
common modules as shown in FIGS. 3 and 4 with similar
functionality.
[0140] RPORT 310A can receive frames from links (or lanes)
301A-301D and transmit frames to lanes 344A-344D. Each link has a
SERDES (302A-302D), a de-skew module, a decode module (303B-303E)
and parity module (304A-304D). Each lane also has a smoothing FIFO
(SMF) module 305A-305D that performs smoothing functions to
accommodate clock frequency variations. Parity errors are checked
by module 403, while CRC errors are checked by module 404.
[0141] RPORT 310A uses a virtual lane ("VL") cache 402 that stores
plural vector values that are used for virtual lane assignment. In
one aspect of the present invention, VL Cache 402 may have 32
entries and two vectors per entry. IOP 66 is able to read or write
VL cache 402 entries during frame traffic. State machine 401
controls credit that is received. On the transmit side, credit
state machine 347 controls frame transmission based on credit
availability. State machine 347 interfaces with credit counters
328A.
[0142] Also on the transmit side, modules 340-343 are used for each
lane 344A-344D, i.e., each lane can have its own module 340-343.
Parity module 340 checks for parity errors and encode module 341
encodes 8-bit data to 10 bit data. Mux 342B sends the 10-bit data
to a smoothing ("TxSMF") module 342 that handles clock variation on
the transmit side. SERDES 343 then sends the data out to the
link.
[0143] LUN BASED HARD ZONING:
[0144] In one aspect of the present invention, filtering FCP_CMND
messages enforces LUN based hard zoning. A Fibre Channel switch
port checks the LUN field in the payload of a FCP_CMND Fibre
Channel frame against a list of LUNs that are allowed for a
particular source of the frame. This hard zoning is enforced on a
frame-by-frame basis. The switch port attached to the destination
of the frame performs the check. FCP_CMND frames are forwarded to
the attached port only if the LUN in the frame is an allowed LUN
for that source port. Hence, unauthorized SCSI initiator ports are
unable to perform any SCSI based operations with the zoned target
port because the FCP_CMND messages are filtered.
[0145] Fiber Channel header fields identify FCP_CMND frames as
follows:
[0146] "Type"--SCSI frames have the "Type" field equal to 8 per the
FC_FS standard.
[0147] "R_CTL": The upper 4 bits of this field are 0 (Device Data
frame) and the lower 4 bits are 6 (which indicates that it is an
"Unsolicited Command", per the FC-FS and FC-FCP-2 standard.
[0148] FIGS. 5A-5B (collectively referred to herein as FIG. 5) show
system 323 according to one aspect of the present invention for LUN
based hard zoning.
[0149] Each time an FC_CMND frame arrives from a switch port, the
S_ID 501 is compared to ALUT 323A entries (502) by compare module
500. The compare process may be performed using associative memory
hardware (not shown), or by any other lookup method, for example,
hashing.
[0150] ALUT 323A and LUN bit table 508 values are used to check
FCP_CMND frames. To illustrate the adaptive aspects of the present
invention, the following fields are used to enforce LUN based hard
zoning:
[0151] ALUT 323A Fields:
[0152] The following fields may be used for LUN zoning, according
to one aspect of the present invention:
[0153] Domain: This is an 8-bit field that is compared with bits
16-23 of the S_ID 501, if enabled.
[0154] Area: This is an 8-bit field that is compared to the bits
8-15 of the frame S_ID 501, if enabled.
[0155] Port: This is an 8-bit field that is compared to bits 0-7 of
the frame S_ID 501, if enabled.
[0156] A compare mask (a 2 bit field) controls how compare module
500 performs the comparison. The following bit values determine
what values of S_ID 501 are compared with ALUT 323A entries.
[0157] 0--ALUT entry is not valid, hence, not compared
[0158] 1--Compare Domain, Area, and port entries with frame S_ID,
Domain, Area and Port fields
[0159] 2--Compare Domain and Area entries with frame S_ID Domain
and Area fields
[0160] 3--Compare only Domain entry with frame S_ID Domain
field
[0161] A Control Code 506 defines how LUN table address field 507
is interpreted. Control Code 506 may be a 2-bit field, defined as
follows:
[0162] 0--If compare matches, use LUN address field as control
code, based on the following:
[0163] LUN address field=000, discard frame
[0164] LUN address field=001, do not check LUN (frame passes)
[0165] 2--If compare matches, then LUN table address field is used
to address the LUN bit map table (508).
[0166] LUN table address 507 is used to address a LUN table 508
entry, which contains a bit map that indicates which LUNs are
acceptable. LUN table 508 is populated by LUN bit values from a
frame and ALUT 323A, shown as 520 and 519, respectively in FIG. 5B.
Each entry in LUN table 508 is a bit map where each bit corresponds
to a particular LUN number. The total number of LUNs that are
supported depends on the size of the bit map.
[0167] The size of the LUN bit map table 508 may be 128 bits, so
bits 16-22 of the 1.sup.st payload word is used as bits 0-6 of the
LUN. With a 128-bit table, the maximum number of LUNs that can be
zoned is 128.
[0168] If LUN bit map 508 is implemented as 32 bit words, then the
address of the word is derived from bits 5-6 of the LUN field as
the lower 2 bits of the address, and the LUN table address 507 from
the matching ALUT 323A entry is derived as bits 2-n of the LUN bit
map word address. Bits 0-4 of the LUN field (shown as 511, FIG. 5B)
select one of the 32 bits in the word to check for a valid LUN
(using Multiplexer ("Mux") 510).
[0169] In one aspect, a part of the 64 bit LUN field in the
FCP_CMND frame may be limited to the first level LUN, which is
located within bits 16-31 of the 1.sup.st word of the FCP_CMND
frame payload (per standard SAM-2). If 128 bits are used for LUN
table 508 entries, then LUN values between 0 to 127 can be
checked.
[0170] As shown in FIG. 5B, LUN table value 509 and LUN bit 0:4 are
sent to gate 512 via Mux 510. Gate 512 receives the first bit of
control code 506 and the output from Mux 510. The output of gate
512 is sent to gate 513 that receive two other inputs, a value
based on if the control code 06 is equal to 0 and LUN table address
509 is equal to 1, and a value to showing if the R_CTL field is not
equal to 1. Output 516 from gate 513 is sent to gate 514 that
generates a valid frame 517 based on ALUT hit signal 503, signal
503A and output 516.
[0171] Gate 515 receives an input via gate 516A (that receives 503
and 504), Gate 515 also receives an input when the control code 50
is equal to 0 and LUN table address 509 is equal to 0. Based on the
two inputs, gate 515 generates a "toss frame" signal 518.
[0172] It is noteworthy that the present invention is not limited
to any particular logic layout, other logic combination may be used
to implement the adaptive aspects of the present invention.
[0173] The following is the outcome of S_ID 501 comparison to ALUT
323A entries 502;
[0174] If no ALUT 323A entries match an FCP_CMND frame, the frame
is rejected based on signal 518.
[0175] If multiple ALUT 323A entries match (504), the frame is
rejected based on signal 518.
[0176] If there is an ALUT 323A match (503), and Control Code 506
is 0, and LUN table address field 507 is 0, then the frame is
rejected (or tossed) based on signal 518 .
[0177] If there is an ALUT 323A match (503), and Control Code 506
is 0, and the LUN table address field 507 is 1, then the frame is
valid for all LUNs and is transmitted (shown as signal 517).
[0178] If there is an ALUT 323A match (503), and Control Code is 2,
then LUN table address field 507 Is used to address the LUN bit
map. The LUN from the FCP_CMND payload word 0, bits 16-31 (number
of bits used depends on size of bit map) is used to index bit map
table 508.
[0179] If the bit is set, the frame is valid. If the bit is not
set, the frame is rejected. If the frame is not an FCP_CMND and
does not contain a LUN field then only the ALUT 323A match and
Control Code 506 value equal to 2 is required for valid frame
transmission.
[0180] If a frame is rejected, it could either be discarded or sent
to IOP 66. A policy control code (described below) may be used to
decide the disposition of frames rejected by LUN hard zoning. The
switch in question may want to bring frames that fail LUN hard
zoning to IOP 66 so that the switch can send an FCP_RESP with a
"SCSI CHECK CONDITION" back to the initiator.
[0181] If a frame is valid, it is transmitted to the attached port.
Since LUN 0 is valid for all SCSI devices, the bit for LUN 0 is
most likely set for all LUN bit maps. This allows the "SCSI
INQUIRY" command to be processed.
[0182] FIGS. 7A-7B (collectively referred to as FIG. 7) show a flow
diagram for LUN based hard zoning frame processing. The process
starts in step S700 when a frame is ready to be transmitted from a
port. In step S701, the process compares a frame's S_ID 501 with
ALUT 323A entries. This is performed by compare module 500.
[0183] In step S702, the process determines if the S_ID domain
value matches with the ALUT domain values. If the values do not
match, then in step S708, the process determines if all ALUT 323A
entries have been compared. If all ALUT 323A entries have not been
compared the, process moves to step S709 and then back to S702.
[0184] If all ALUT entries have been compared in step S708, then in
step S711, the process determines if there are any ALUT 323A
matches. If there are no matches, then in step S710, the process
rejects the frame.
[0185] If there is a match in step S711, then the process
determines in step S712 if there are multiple matches. If there are
multiple matches, then the frame is rejected in step S710. If there
are no multiple matches, then in step S713, the LUN is validated,
as described below (FIG. 7B).
[0186] In step S703, the process determines if the Area field
comparison is enabled. If the Area field is not enabled, the
process moves to step S704. If enabled, then in step S707, the
process determines if ALUT 323A entry matches the frame area field.
If there is a match, the process moves to step S704. If there is no
match, then the process moves to step S708.
[0187] In step S704, the process determines if Port field
comparison is enabled. If the port field comparison is enabled,
then the port field of the frame is compared to the ALUT 323A port
field in step S706. If the fields do not match, the process moves
to step S708. If the frame and ALUT 323A port fields match, then
the process moves to step S705, where an ALUT match is confirmed
and the process moves to step S708.
[0188] In step S714, the process determines if the frames R_CTL
field value is equal to that of the FCP-CMD (for example 06), then
in step S715, control code 506 and LUN address 507 is obtained from
the matching ALUT 323A entry. If the R_CTL field of the frame is
not equal to the FCP_CMND value, then in step S722, the process
accepts the frame for transmission.
[0189] In step S716, the process determines if the control code 506
value is zero. If the control code 506 is zero, then in step S716A,
the process determines if LUN address 507 is zero. If it is zero,
then the frame is tossed in step S723.
[0190] If the LUN address 507 is 1 (i.e. not 0), as determined in
step S721, then the frame is accepted in step S722.
[0191] If the LUN address 507 is not equal to 1, then the frame is
rejected in step S720,
[0192] In step S717, the process determines if the control code 506
is 2. If it is, then in step S718, the LUN address from ALUT 323A
is used to get the LUN bitmap and if the LUN bit for the frame LUN
is set in step S719, then the frame is accepted in step S722,
otherwise it is rejected in step S720.
[0193] It is noteworthy that the foregoing process is not limited
to any particular code or bit value. Any value(s) may be designated
to implement the foregoing process steps.
[0194] Rejected Frame Disposition:
[0195] The frames that are rejected may be disposed by a
programmable policy. In one aspect of the present invention, the
frame may be disposed as follows:
[0196] Class 3 frames:
[0197] Discard frame; or
[0198] Send frame to IOP 66
[0199] Class 2 frames:
[0200] Send frame to IOP 66
[0201] Send truncated frame (FC header minus CRC and EOF code) to
IOP 66.
[0202] Since Class 2 frames acknowledge all data frames, the
truncated frame is sent to IOP 66 so that a class 2 "F_RJT"
primitive can be used to acknowledge the frame. The frame can be
truncated to avoid moving the entire frame if the payload is not
going to be used.
[0203] Statistics Counters/Status Registers:
[0204] In one aspect of the present invention, statistics counters
327 includes two counters for ports using LUN hard zoning:
[0205] A first counter counts the number of hard zoning violations
that are detected; and
[0206] A second counter counts the number of class 3 frames that
are discarded because of hard zoning violations.
[0207] It is noteworthy that an ALUT 323A entry with control code
506 value of 0 and LUN map address 507 value of 0 causes a frame to
be tossed (step S720), regardless of the rejected frame policy. In
this case, the statistic counters 327 are not incremented. This can
be used against a denial of service attack (flooding a port with
frames, and forcing the port to process them). If detected, an ALUT
323A entry can be programmed to toss the frames, avoiding any
further overhead in processing or transmitting the frames. Status
Register 324 bit indicates violations and tossing of different
frame classes.
[0208] Modifying SCSI REPORT LUNS Reply Data (Soft LUN Zoning)
[0209] SCSI initiators use the "REPORT LUNS" command to discover
LUNs on a SCSI target. If some of the LUNS reported by the reply to
REPORT LUNS command are filtered by LUN hard zoning, attempts by
the initiator to access these will fail causing errors to be
reported. To prevent this, in one aspect of the present invention,
a method is provided to intercept the reply to a REPORT LUNS
command, edit the reply to remove unauthorized LUNs, and then pass
it to the initiator.
[0210] Alias cache 315 allows frames to be routed depending on
multiple fields in the header or payload. One of the routing
choices is to send the frame to IOP 66 processor. A reply to a
REPORT LUNS command is identified by matching the Fibre Channel
header fields S_ID, D_ID, and OX_ID of the reply to the D_ID, S_ID,
and OX_ID of the original REPORT LUNS command. To edit the reply,
the REPORT LUNS commands are intercepted by IOP 66 to get the
fields needed.
[0211] In one aspect of the present invention, the following
procedure is used:
[0212] On all switch ports that receive FCP_CMND REPORTS LUNS
commands from a SCSI initiator for the targets where LUN zoning is
being applied to, alias cache 315 is set up to route REPORT LUNS
commands to IOP 66, for example if: [0213] R_CTL=hex 06 (FCP_CMND);
[0214] Type=hex 08 (SCSI FCP protocol); [0215] Payload word 3, most
significant byte=hex A0 (REPORTS LUNS command); and [0216] then
route to IOP 66.
[0217] When a REPORT LUNS command is sent to IOP 66, it checks if
the destination is a target using LUN zoning. If it is, alias cache
315 for that port is programmed to route the reply frame to IOP 66,
for example: [0218] If R_CTL=hex 01 (FCP_DATA); [0219] D_ID=S_ID of
REPORTS LUNS command; [0220] OX_ID=OX_ID of REPORT LUNS command;
and [0221] then route to IOP 66; and [0222] then the trapped REPORT
LUNS command is sent to its destination.
[0223] When the reply for REPORT LUNS is sent to IOP 66, IOP 66
removes the LUNs in the payload that are not authorized for the
initiator. It then clears alias cache 315 entries for the reply.
The edited REPORT LUNS reply is then sent to the original command
initiator.
[0224] FIG. 6 shows a flow diagram for the foregoing process for
modifying SCSI LUN REPORTS. The process starts in step S600 with
the first port.
[0225] In step S601, alias cache 315 is set to intercept FCP REPORT
LUN commands, so that the commands are routed to IOP 66. For
example, if, R_CTL=hex 06
[0226] (FCP_CMND); Type=hex 08 (SCSI FCP protocol); and payload
word 3, most significant byte=hex A0 (REPORTS LUNS command), then a
REPORT LUN command is routed to IOP 66.
[0227] The process moves to the next port in step S602, until all
the ports are set in step S603.
[0228] In step S604, the process determines if a REPORT LUN command
is received. If true, then in step S605, alias cache 315 of the
destination port is set to route the reply to the REPORT LUN
command to IOP 66.
[0229] If a REPORT LUN command is not received in step S604, then
the process determines if a reply has been received in step S606.
If a reply is not received, the process goes back to step S604.
[0230] If a reply is received in step S606, then in step S607,
unauthorized LUN data is removed from the reply data and the reply
is sent to the destination. Thereafter, alias cache 315 entry are
cleared for replies and the process moves back to step S604.
[0231] Although the present invention has been described with
reference to specific embodiments, these embodiments are
illustrative only and not limiting. Many other applications and
embodiments of the present invention will be apparent in light of
this disclosure and the following claims.
* * * * *