U.S. patent application number 12/976200 was filed with the patent office on 2012-06-28 for apparatus and methods to aggregate fcoe (fibre channel over ethernet) filter rules of a single interface in a single or few rules on a first-hop fcoe networking element.
This patent application is currently assigned to JUNIPER NETWORKS, INC.. Invention is credited to Ronak SHAH, Amit SHUKLA.
Application Number | 20120163395 12/976200 |
Document ID | / |
Family ID | 46316751 |
Filed Date | 2012-06-28 |
United States Patent
Application |
20120163395 |
Kind Code |
A1 |
SHUKLA; Amit ; et
al. |
June 28, 2012 |
APPARATUS AND METHODS TO AGGREGATE FCOE (FIBRE CHANNEL OVER
ETHERNET) FILTER RULES OF A SINGLE INTERFACE IN A SINGLE OR FEW
RULES ON A FIRST-HOP FCOE NETWORKING ELEMENT
Abstract
In one embodiment, an apparatus can include a filter module
configured to receive multiple Media Access Control (MAC) addresses
associated with multiple virtual ports instantiated at a first
network device. Each virtual port from the multiple virtual ports
can be associated with a MAC address from the multiple MAC
addresses. The filter module can be configured to define a filter
to be applied to a data frame sent between the first network device
and a network switch, the filter being based at least in part on a
MAC address prefix included in each MAC address from the plurality
of MAC addresses. The MAC address prefix can include an identifier
uniquely associated with a second network device at which the
filter module operates.
Inventors: |
SHUKLA; Amit; (Sunnyvale,
CA) ; SHAH; Ronak; (Sunnyvale, CA) |
Assignee: |
JUNIPER NETWORKS, INC.
Sunnyvale
CA
|
Family ID: |
46316751 |
Appl. No.: |
12/976200 |
Filed: |
December 22, 2010 |
Current U.S.
Class: |
370/409 |
Current CPC
Class: |
H04L 61/6004 20130101;
H04L 61/6045 20130101; H04L 12/56 20130101; H04L 45/74 20130101;
H04L 61/20 20130101; H04L 45/745 20130101; H04L 61/10 20130101;
H04L 61/6022 20130101 |
Class at
Publication: |
370/409 |
International
Class: |
H04L 12/56 20060101
H04L012/56 |
Claims
1. An apparatus, comprising: a filter module configured to receive
a plurality of Media Access Control (MAC) addresses associated with
a plurality of virtual ports instantiated at a first network
device, each virtual port from the plurality of virtual ports being
associated with a MAC address from the plurality of MAC addresses,
the filter module configured to define a filter to be applied to a
data frame sent between the first network device and a network
switch, the filter being based at least in part on a MAC address
prefix included in each MAC address from the plurality of MAC
addresses, the MAC address prefix to include an identifier uniquely
associated with a second network device at which the filter module
operates.
2. The apparatus of claim 1, wherein the identifier includes a
24-bit organizationally unique identifier (OUI) associated with the
second network device.
3. The apparatus of claim 1, wherein the filter allows transmission
of the data frame to the network switch when a portion of a source
address included in the data frame matches the MAC address
prefix.
4. The apparatus of claim 1, wherein the MAC address prefix has a
length greater than 24 bits.
5. The apparatus of claim 1, wherein the filter module includes a
command-line interface for configuration of the identifier by a
user.
6. The apparatus of claim 1, wherein the MAC address prefix is
based at least in part on a Fibre Channel ID (FCID) prefix
associated with each virtual port from the plurality of virtual
ports.
7. An apparatus, comprising: an initialization module configured to
define a plurality of Fibre Channel IDs (FCIDs) and a plurality of
Media Access Control (MAC) addresses, each FCID from the plurality
of FCIDs and each MAC address from the plurality of MAC addresses
uniquely associated with a virtual N-port from a plurality of
virtual N-ports instantiated at a network device, each MAC address
from the plurality of MAC addresses being defined based at least in
part on (1) a gateway ID associated with the apparatus and (2) an
FCID from the plurality of FCIDs uniquely associated with that MAC
address; a filter module configured to define a filter to be
applied to a data frame sent from any virtual N-port from the
plurality of virtual N-ports, the filter being based at least in
part on a common MAC address portion included in each MAC address
from the plurality of MAC addresses; and a switching module
configured to be operatively coupled to the network device, the
switching module configured to send the data frame to the network
switch based at least in part on the filter.
8. The apparatus of claim 7, wherein the common MAC address portion
has a length of fewer than 48 bits.
9. The apparatus of claim 7, wherein the common MAC address portion
is based at least in part on a common FCID portion included in each
FCID from the plurality of FCIDs, the common FCID portion having a
length of less than 24 bits, the length being based at least in
part on a total number of virtual N-ports instantiated at the
network device.
10. The apparatus of claim 7, wherein the filter allows
transmission of the data frame to the network switch when a portion
of a source address included in the data frame matches the common
MAC address portion.
11. The apparatus of claim 7, wherein the network device is a first
network device, the filter is a first filter, the data frame is a
first data frame, the plurality of FCIDs is a first plurality of
FCIDs, the plurality of MAC addresses is a first plurality of MAC
addresses, the plurality of virtual N-ports is a first plurality of
virtual N-ports, the initialization module is further configured to
define a second plurality of FCIDs and a second plurality of MAC
addresses, each FCID from the second plurality of FCIDs and each
MAC address from the second plurality of MAC addresses uniquely
associated with a virtual N-port from a second plurality of virtual
N-ports instantiated at a second network device, each MAC address
from the second plurality of MAC addresses being defined based at
least in part on (1) the gateway ID and (2) an FCID from the second
plurality of FCIDs uniquely associated with that MAC address, the
filter module is further configured to define a second filter to be
applied to a second data frame sent from any virtual N-port from
the second plurality of virtual N-ports, the second filter being
based at least in part on a second common MAC address portion
included in each MAC address from the second plurality of MAC
addresses, and the switching module configured to be operatively
coupled to the second network device, the switching module
configured to send the second data frame to the network switch
based at least in part on the second filter.
12. The apparatus of claim 7, wherein the plurality of FCIDs is a
first plurality of FCIDs, the plurality of MAC addresses is a first
plurality of MAC addresses, the plurality of virtual N-ports
instantiated at the network devices is a first plurality of virtual
N-ports instantiated at the network device, the plurality of FCIDs
is a first plurality of FCIDs, the filter is a first filter, the
data frame is a first data frame, the initialization module is
further configured to define a second plurality of FCIDs and a
second plurality of MAC addresses, each FCID from the second
plurality of FCIDs and each MAC address from the second plurality
of MAC addresses uniquely associated with a virtual N-port from a
second plurality of virtual N-ports instantiated at the network
device, each MAC address from the second plurality of MAC addresses
being defined based at least in part on (1) the OUI and (2) an FCID
from the second plurality of FCIDs uniquely associated with that
MAC address, the filter module is further configured to define a
second filter to be applied to a second data frame sent from any
virtual N-port from a second plurality of virtual N-ports
instantiated at the network device, the second filter being based
at least in part on a second common MAC address portion included in
each MAC address from the second plurality of MAC addresses, the
second common MAC address portion being different from the first
common MAC address portion, and the switching module configured to
send the second data frame to the network switch based at least in
part on the second filter.
13. The apparatus of claim 7, wherein the common MAC address
portion includes a common FCID portion included in each FCID from
the plurality of FCIDs.
14. The apparatus of claim 7, wherein the data frame includes a
first FCID from the plurality of FCIDs uniquely associated with a
virtual N-port from the plurality of virtual N-ports, and the
switching module is configured to send the data frame to the
network switch such that the network switch sends the data frame to
a virtual F-port based at least in part on the first FCID.
15. An apparatus implemented in at least one of a memory or a
processing device, comprising: a module configured to detect one or
more Fibre Channel over Ethernet (FCoE) frames transmitted between
a network device and an FCoE switch, the module configured to
receive a Fibre Channel fabric login frame from the network switch;
a switching policy module configured to define a switching policy
to be applied to a data frame sent between any of a plurality of
virtual N-ports instantiated at the network device and the FCoE
switch, the switching policy being based at least in part on a
Media Access Control (MAC) address prefix included in the Fibre
Channel fabric login frame, the MAC address prefix being based at
least in part on a common MAC address portion included in each of a
plurality of MAC addresses associated with the plurality of virtual
N-ports; and a switching module operatively coupled to the network
device and the FCoE switch, the switching module configured to send
the data frame to the FCoE switch based at least in part on the
switching policy.
16. The apparatus of claim 15, wherein the Fibre Channel fabric
login frame is a Fabric Login (FLOGI) frame that includes a length
of the MAC address prefix, the length of the MAC address prefix
being greater than 24 bits.
17. The apparatus of claim 15, wherein the common MAC address
portion is based at least in part on an Organizationally Unique
Identifier (OUI) and a common Fibre Channel ID (FCID) portion
included in each of a plurality of FCIDs corresponding to the
plurality of virtual N-ports.
18. The apparatus of claim 15, wherein the switching policy
prescribes transmission of the data frame to the network switch
when a portion of a source address included in the data frame
matches the MAC address prefix.
19. The apparatus of claim 15, wherein the switching policy module
is further configured to delete the switching policy in response to
a logout of a final virtual N-port from the plurality of virtual
N-ports.
20. The apparatus of claim 15, wherein the common MAC address
portion is based at least a common Fibre Channel ID (FCID) portion
included in each of a plurality of FCIDs corresponding to the
plurality of virtual N-ports, the common FCID portion including at
least one of a common domain identifier and a common area
identifier.
Description
BACKGROUND
[0001] Some embodiments described herein relate generally to
network switching, and more particularly to switching policies and
filters for improved Fibre Channel over Ethernet (FCoE) network
switching.
[0002] Many modern computer networks include hardware devices
and/or software (executing in hardware) configured to transfer data
frames according to one or both of the Ethernet and Fibre Channel
networking standards. To allow for interoperability between
Ethernet and Fibre Channel resources, these networks often employ a
third network protocol known as Fibre Channel over Ethernet
("FCoE"). By encapsulating Fibre Channel frames within a special
Ethernet header, a network device such as an FCoE gateway can send
Fibre Channel frames from one Fibre Channel device to another over
an Ethernet network.
[0003] Typical FCoE-to-Fibre Channel gateways ("FCoE gateways")
thus are typically capable of: (1) relaying, to a Fibre Channel
device (such as a switch), a Fibre Channel frame extracted from
within an FCoE frame and (2) encapsulating a received Fibre Channel
frame within an FCoE frame that can be forwarded, via an Ethernet
network, to another Fibre Channel device (such as a peripheral
processing device). As part of its switching responsibilities, many
FCoE gateways adhere to one or more switching policies, rules or
filters that dictate specific switching behavior. Many such filters
dictate, for example, whether an FCoE gateway should deliver, drop,
or re-direct a received frame based on the frame's type, format,
and/or contents.
[0004] While such filters allow for more intelligent switching,
storage space for these filters is often limited due to scale and
cost constraints. More particularly, when an FCoE gateway assigns a
distinct Media Access Control ("MAC") address to each virtual Fibre
Channel port instantiated at a peripheral Fibre Channel device, the
presence of a filter rule for each MAC address/virtual port pair
can result in inefficient use of filter storage space. Thus, a need
exists for methods and apparatus to minimize the amount of storage
space (i.e., memory) used to store such filters associated with the
switching of FCoE frames to Fibre Channel devices.
[0005] Additionally, because devices executing on the periphery of
a switch fabric system are often untrusted, a need can further
exist for methods and apparatus to define one or more filters
and/or switching policies to: 1) check whether data frames and/or
packets received from a peripheral processing device include
appropriate header and/or address information and 2) minimize the
transmission of data frames including "spoofed" sender identity
information.
SUMMARY
[0006] In one embodiment, an apparatus can include a filter module
configured to receive multiple Media Access Control (MAC) addresses
associated with multiple virtual ports instantiated at a first
network device. Each virtual port from the multiple virtual ports
can be associated with a MAC address from the multiple MAC
addresses. The filter module can be configured to define a filter
to be applied to a data frame sent between the first network device
and a network switch, the filter being based at least in part on a
MAC address prefix included in each MAC address from the multiple
MAC addresses. The MAC address prefix can include an identifier
uniquely associated with a second network device at which the
filter module operates.
BRIEF DESCRIPTION OF THE DRAWINGS
[0007] FIG. 1 is a schematic illustration of a mixed Ethernet and
Fibre Channel portion of a network, according to an embodiment.
[0008] FIG. 2 is a schematic illustration of a gateway device of a
mixed Fibre Channel/Ethernet network portion, according to another
embodiment.
[0009] FIG. 3 is a schematic illustration of a Fibre Channel switch
of a mixed Fibre Channel/Ethernet network portion, according to
another embodiment.
[0010] FIG. 4 is a schematic illustration of a mixed Ethernet/Fibre
Channel network portion that employs a reduced number of filters
for transmitting data from a Fibre Channel switch to one or more
peripheral processing devices.
[0011] FIG. 5 is a flow chart that illustrates a method of defining
a switching policy based at least in part on a MAC address mask,
according to another embodiment.
[0012] FIG. 6 is a diagram that illustrates a switching table
including multiple filters based on MAC address masks, according to
another embodiment.
DETAILED DESCRIPTION
[0013] In some embodiments, a first-hop device (such as an
FCoE-to-Fibre Channel gateway ("FCoE gateway")) can be coupled to
one or more peripheral processing devices. The first-hop device can
be any device directly and/or operatively coupled to a peripheral
processing device (i.e., the first device encountered by any data
frame or packet sent by the peripheral processing device on its
path to destination). The first-hop device can also be coupled to a
Fibre Channel switch (such as a Fibre Channel forwarder) via one or
more devices including one or more FCoE and/or Fibre Channel ports.
The Fibre Channel switch can include one or more virtual Fibre
Channel F ports, and can be further operatively and/or physically
coupled to a Fibre Channel network. Each of the peripheral
processing devices can be physically and/or operatively coupled to
the first-hop device via one or more FCoE ports and, optionally, an
Ethernet network. Any or all of the peripheral processing devices
can include one or more virtual Fibre Channel N ports, each virtual
Fibre Channel N port being uniquely and operatively coupled to a
distinct virtual Fibre Channel F port instantiated at the Fibre
Channel switch.
[0014] The first-hop device can receive a Fibre Channel over
Ethernet Initialization Protocol (FIP) request based on a Fibre
Channel fabric login request sent from one of the virtual Fibre
Channel N ports instantiated at one of the peripheral processing
devices. The FIP request can include, for example, an FIP Fabric
Login (FLOGI) or Fabric Discovery (FDISC) request that requests a
Fibre Channel ID (FCID) and/or MAC address for the requesting
virtual Fibre Channel N port. The first-hop device can then forward
the FIP request, or alternatively define a Fibre Channel fabric
login request based on the FIP request, the Fibre Channel fabric
login request being included in a signal sent to the Fibre Channel
switch for handling. In some embodiments, the Fibre Channel switch
can next assign an FCID to the requesting virtual Fibre Channel N
port. The FCID can be based on an 8-bit domain ID associated with
the Fibre Channel switch, an 8-bit area ID associated with a set of
virtual Fibre Channel N ports of the requesting peripheral
processing device and an 8-bit port ID for the requesting virtual
Fibre Channel N port of the peripheral processing device. Having
defined the assigned FCID for the requesting virtual Fibre Channel
N Port, the Fibre Channel switch can send a signal including a
Fibre Channel fabric login response that includes the defined FCID
to the first-hop device via one of the Fibre Channel ports of the
Fibre Channel switch.
[0015] In some embodiments, the first-hop device can receive the
signal including the assigned FCID and assign a MAC address to the
requesting virtual Fibre Channel N port. Alternatively, a
second-hop device logically situated between the first-hop device
and the Fibre Channel switch can receive the signal and assign the
MAC address to the requesting Fibre Channel N port. In such
embodiments, the first-hop device can be, e.g., an Ethernet switch
or an FCoE switch, and the second-hop device can be an FCoE
gateway. (The second-hop device can be any second device
encountered by a data frame or packet sent by the peripheral
processing device on its path to destination.) The assigned MAC
address can include a first 24-bit portion based on an
organizationally unique identifier (OUI) associated with the Fibre
Channel switch. Alternatively, the assigned MAC address can include
a 24-bit portion based on a gateway ID associated with the
first-hop device and/or another device. The assigned MAC address
can further include a second 24-bit portion based on the assigned
FCID. The first-hop device or the second-hop device can also define
a MAC address mask based at least in part on a common MAC address
portion common to all MAC addresses assigned and/or to be assigned
to any virtual Fibre Channel N port instantiated at the peripheral
processing device at which the requesting virtual Fibre Channel N
port is instantiated (i.e., the peripheral processing device from
which the original FIP request was sent). The MAC address mask can
include, for example, the 24-bit OUI or gateway ID associated with
the Fibre Channel switch, as well as the common 8-bit domain ID and
common 8-bit area ID described above. The MAC address mask can
further include an initial port ID portion common to all port IDs
assigned and/or to be assigned to any virtual Fibre Channel N port
instantiated at the peripheral processing device.
[0016] Having defined and assigned the MAC address, MAC address
mask and FCID associated with the requesting virtual Fibre Channel
N port, the first-hop device or the second-hop device can define a
filter (also referred to as a "switching policy"). The filter can
be defined based at least in part on the MAC address mask. In some
embodiments, the filter can allow and/or direct the first-hop
device to send, for eventual delivery to the Fibre Channel switch,
a Fibre Channel frame encapsulated in any received FCoE frame
including a source MAC address having an initial portion that
matches the defined MAC address mask.
[0017] Having defined the filter, a switching module included on or
at the first-hop device can apply the filter to one or more
received FCoE frames. More specifically, upon receipt of an FCoE
frame, the first-hop device can next reference the defined filter
and determine whether a predetermined portion of the source MAC
address included in the FCoE frame matches the MAC address mask
associated with the defined filter. If the portion of the source
MAC address does match the MAC address mask, the switching module
can send the Fibre Channel frame encapsulated in the FCoE frame for
delivery to the Fibre Channel switch. Upon receipt of the Fibre
Channel frame, the Fibre Channel switch can send the Fibre Channel
frame to the virtual Fibre Channel F port specified by a
destination ID ("D ID") included in the Fibre Channel frame. If the
portion of the source MAC address does not match the MAC address
mask associated with the defined filter, the first-hop device can
drop and/or reject the received FCoE frame. In this manner, the
first-hop device can employ a single filter for switching FCoE
frames received from any of a set of multiple virtual Fibre Channel
N ports instantiated at a single peripheral processing device.
[0018] FIG. 1 is a schematic illustration of a mixed Ethernet and
Fibre Channel portion of a network, according to an embodiment.
More specifically, FIG. 1 illustrates a Network Portion 100 that
includes an Ethernet Switch 110 physically and/or operatively
coupled to Peripheral Processing Devices 122-124 (via FCoE Ports
112-114, respectively) and a Fibre Channel Forwarder 130 (via FCoE
Ports 116-118). The Fibre Channel Forwarder 130 is operatively
and/or physically coupled to the Ethernet Switch 110 via the FCoE
Ports 132-134, and to a Fibre Channel Network 140. The Fibre
Channel Forwarder 130 includes a set of Virtual Fibre Channel F
Ports 181-189, and each of the Virtual Fibre Channel F Ports
181-189 is operatively coupled to at least one of the FCoE Ports
132-134. The Peripheral Processing Devices 122-124 are operatively
and/or physically coupled to the Ethernet Switch 110 via the FCoE
Ports 152, 162 and 172, respectively. The FCoE Ports 152, 162 and
172 are operatively coupled to the Virtual Fibre Channel N Ports
153-155, 163-165 and 173-175, respectively. Each of the Virtual
Fibre Channel N Ports 153-155, 163-165 and 173-175 is uniquely and
operatively coupled to one of the Virtual Fibre Channel F Ports
181-189 instantiated at the Fibre Channel Forwarder 130.
[0019] The Network Portion 100 can include a combination of
hardware and/or software (executing on hardware) configured to
transmit data between any of the Peripheral Processing Devices
122-124 and the Fibre Channel Network 140 via the Ethernet Switch
110 and the Fibre Channel Forwarder 130. The Network Portion 100
can be, for example, a portion of a data center fabric, local area
network (LAN), wide area network (WAN), storage area network (SAN),
intranet, or the Internet. Although not shown in FIG. 1, in some
embodiments, the Network Portion 100 can include a second-hop
device, such as a FCoE gateway, logically situated between the
Ethernet Switch 110 and the Fibre Channel Forwarder 130. In such
embodiments, the FCoE gateway can perform one or more of the
functions discussed below in connection with the Ethernet Switch
110 and/or the Fibre Channel Forwarder 130. Alternatively, in some
embodiments, the Network Portion 100 can not include the Ethernet
Switch 110. In such embodiments, the Fibre Channel Forwarder 130
can be configured to perform one or more of the functions discussed
below in connection with the Ethernet Switch 110.
[0020] The Ethernet Switch 110 can be configured to transmit data
based at least in part on the Ethernet and/or FCoE network
protocols via the FCoE Ports 112-114 and/or the FCoE Ports 116-118.
In some embodiments, the Ethernet Switch 110 can be an FCoE transit
switch. In such embodiments, the FCoE Ports 112-114 can be
configured to send FCoE frames to and/or receive FCoE frames from
any of the FCoE Ports 152, 162 and 172. In such embodiments, the
FCoE Ports 116-118 can be configured to send FCoE frames to and/or
receive FCoE frames from the Fibre Channel Forwarder 130, via the
FCoE Ports 132-134, respectively. In some embodiments, each of the
FCoE Ports 112-114 can be a physical Ethernet port configured to
exchange data with any of the Peripheral Processing Devices
122-124, respectively, via the FCoE Ports 152, 162 and 172,
respectively. Although not shown in FIG. 1, in some embodiments,
each of the FCoE Ports 112-114 can be physically coupled to one of
multiple Ethernet Network Interface Cards (NICs) included in the
Ethernet Switch 110. As shown in FIG. 1, each of the FCoE Ports
116-118 is uniquely coupled to one of the FCoE Ports 132-134 of the
Fibre Channel Forwarder 130. In some embodiments, each of the FCoE
Ports 116-118 can be a physical Ethernet port configured to allow
exchange of one or more FCoE frames between the Ethernet Switch 110
and the Fibre Channel Forwarder 130.
[0021] In some embodiments, the Ethernet Switch 110 can receive,
from one of the Virtual Fibre Channel N Ports 153-155, 163-165 and
173-175, a Fibre Channel over Ethernet Initialization Protocol
(FIP) login request, such as an FIP FLOGI or FIP FDISC request. In
such embodiments, the Ethernet Switch 110 can forward the FIP login
request to the Fibre Channel Forwarder 130.
[0022] In some embodiments, the Ethernet Switch 110 can receive, in
an FIP FLOGI or FIP FDISC response defined by the Fibre Channel
Forwarder 130, the predetermined FCID prefix associated with the
peripheral processing device. (The FIP FLOGI or FIP FDISC response
can be defined in accordance with one or more extensions of the FIP
protocol configured to allow inclusion of the predetermined FCID
prefix and/or other information within an FIP login response.) The
FIP FLOGI or FIP FDISC response can also include an FCID assigned
to a requesting virtual Fibre Channel N port (e.g., the Virtual
Fibre Channel N Port 153) by the Fibre Channel Forwarder 130. The
FIP FLOGI or FIP FDISC response can also optionally include an
assigned MAC address for the requesting virtual Fibre Channel N
port (optionally referred to as a source MAC address). In such
embodiments, the Ethernet Switch 110 can perform "FIP snooping" on
the received FIP FLOGI or FIP FDISC response to determine a value
of the FCID prefix and/or the source MAC address. Based on the FCID
prefix and/or the source MAC address, the Ethernet Switch 110 can
define a MAC address prefix. In some embodiments, the Ethernet
Switch 110 can receive the predetermined FCID prefix and/or the
predetermined MAC address prefix from a different device
operatively coupled to the Fibre Channel Forwarder 130 (such as an
FCoE gateway device). In some embodiments, based on the FIP
snooping action, the Ethernet Switch 110 can define and/or install
one or more switching policies, as described below.
[0023] Although not shown in FIG. 1, the Ethernet Switch 110 can
include one or more data structures indicating one or more
switching policies, rules and/or filters. For example, in some
embodiments, the Ethernet Switch 110 can include and/or be
operatively coupled to a switching table and/or filter database
(not shown in FIG. 1) for use in switching data frames sent from
one or more of the Peripheral Processing Devices 122-124 to the
Fibre Channel Forwarder 130. More specifically, the Ethernet Switch
110 can define and/or apply one or more switching policies, such as
a switching policy specifying or allowing that the Ethernet Switch
110 should only send to the Fibre Channel Forwarder 130 a Fibre
Channel frame extracted (i.e., decapsulated) from within a received
FCoE frame that has a source MAC address conforming to a
predetermined MAC address prefix. The MAC address prefix can be
based on the predetermined FCID prefix associated with the
peripheral processing device from which the FCoE frame was
received. Accordingly, the Ethernet Switch 110 can serve as a
gateway between the Peripheral Processing Devices 122-124 and the
Fibre Channel Forwarder 130, allowing for the transmission of FIP
login requests and/or FCoE frames from the Peripheral Processing
Devices 122-124 to the Fibre Channel Forwarder 130, and for the
transmission of FIP login responses and/or Fibre Channel frames
(encapsulated in FCoE frames) from the Fibre Channel Forwarder 130
to any of the Virtual Fibre Channel N Ports 153-155, 163-165 and
173-175 instantiated at the Peripheral Processing Devices 122, 123
and 124, respectively.
[0024] In some embodiments, the Ethernet Switch 110 can be
physically located within the same physical chassis as the Fibre
Channel Forwarder 130. In some embodiments the Ethernet Switch 110
can function as both an FCoE gateway and a Fibre Channel switching
device. Alternatively, the Ethernet Switch 110 and the Fibre
Channel Forwarder 130 can be located within different chasses. In
some embodiments, the Ethernet Switch 110 can include one or more
devices and or modules physically and/or operatively coupled via
cable (such as Category 5 cable) and/or one or more wireless
connections. Although not shown in FIG. 1, in some embodiments, the
Ethernet Switch 110 can alternatively be a gateway device, such as
an FCoE gateway device (as discussed in connection with FIG. 4
below). In such embodiments, the FCoE gateway can perform
substantially similar functions to those described in connection
with the Ethernet Switch 110 above, and/or additional or other
functions.
[0025] Each of the Peripheral Processing Devices 122-124 can be any
combination of hardware and/or software (executing in hardware)
capable of transmitting information to and/or receiving information
from the Ethernet Switch 110. In some embodiments, one or more of
the above-described peripheral processing devices can be a server
device, an application server, a database system, a storage device,
gateway, workstation, a compute device and/or the like. Each of the
Peripheral Processing Devices 122-124 can optionally be, for
example, compute nodes, service nodes and/or storage nodes. In some
embodiments, one or more of the Peripheral Processing Devices
122-124 can perform one or more computing tasks, such as one or
more data storage, Software-as-a-Service (SAS), web service,
content request, or other computing tasks. In some embodiments, one
or more of the Peripheral Processing Devices 122-124 can be a Fibre
Channel-based device operatively and/or physically coupled to one
or more other Fibre Channel-based devices, such as a Fibre Channel
switch, a Fibre Channel fabric, a SAN, etc.
[0026] As shown in FIG. 1, the Peripheral Processing Devices
122-124 can include the FCoE Ports 152, 162 and 172, respectively,
and the Virtual Fibre Channel N Ports 153-155, 163-165 and 173-175,
respectively. In some embodiments, each of the Virtual Fibre
Channel N Ports 153-155, 163-165 and 173-175 can be configured to
send one or more Fibre Channel frames for encapsulation within an
FCoE frame and subsequent transmission by the corresponding FCoE
port from the FCoE Ports 152, 162 and 172. The appropriate FCoE
port from the FCoE Ports 152, 162 and 172 can transmit the FCoE
frame to the Ethernet Switch 110. Each of the Virtual Fibre Channel
N Ports 153-155, 163-165 and 173-175 can also be configured to
receive one or more Fibre Channel frames that have been extracted
and/or decapsulated from one or more FCoE frames, each of the FCoE
frames having been received by the corresponding FCoE port from the
FCoE Ports 152, 162 and 172 via the Ethernet Switch 110. In some
embodiments, the Peripheral Processing Devices 122-124 can be in
communication with the Ethernet Switch 110 via any suitable
connection such as, for example, an optical connection (e.g., an
optical cable and optical connectors), an electrical connection
(e.g., an electrical cable and electrical connectors) and/or the
like. Similarly stated, each of the FCoE Ports 152, 162 and 172 can
provide a communication interface through which a Peripheral
Processing Device 122-124 can be operatively coupled to the
Ethernet Switch 110. As such, the Peripheral Processing Devices
122-124 are configured to send data (e.g., Ethernet frames, FCoE
frames, data frames, data cells, etc.) to and receive data from the
Ethernet Switch 110. In some embodiments, each connection between
the Peripheral Processing Devices 122-124 and the Ethernet Switch
110 is a direct link. In other embodiments, the Peripheral
Processing Devices 122-124 can be operatively coupled to the
Ethernet Switch 110 via intermediate modules or devices. In some
embodiments, any combination of the Peripheral Processing Devices
122-124 can be physically located within the same physical chassis
as one another and/or any other device included in the Ethernet
Switch 110. In other embodiments, each of the Peripheral Processing
Devices 122-124 can be located within a different chassis.
[0027] The FCoE ports 152, 162 and 172 can be physical Ethernet
ports capable of sending and/or receiving one or more Ethernet
and/or FCoE frames. In some embodiments, each of the FCoE ports
152, 162 and 172 can be associated with and/or located on a
physical line card (not shown in FIG. 1), such as an Ethernet NIC.
In some embodiments, each of the FCoE ports 152, 162 and 172 can
include and/or be associated with a frame-formatter module (not
shown in FIG. 1) included in each of the Peripheral Processing
Devices 122-124, respectively. The frame-formatter modules can each
be configured to encapsulate Fibre Channel frames received from a
virtual Fibre Channel N port within FCoE frames for transmission to
the Fibre Channel Forwarder 130 via the Ethernet Switch 110. In
such embodiments, each such frame-formatter module can be further
configured to decapsulate and/or extract Fibre Channel frames from
within FCoE frames received via the Ethernet Switch 110.
[0028] The Virtual Fibre Channel N Ports 153-155, 163-165 and
173-175 can be virtual Fibre Channel N ports similar to those
generally associated with Fibre Channel and/or FCoE networks. In
some embodiments, one or more of the Virtual Fibre Channel N Ports
153-155, 163-165 and 173-175 can constitute one of two virtual end
nodes that define a virtual link. In such embodiments, each such
Virtual Fibre Channel N Port can each be operatively coupled to a
Virtual Fibre Channel F Port from the Virtual Fibre Channel F Ports
181-189 instantiated at the Fibre Channel Forwarder 130.
[0029] The Fibre Channel Forwarder 130 can be any combination of
hardware and/or software (executing in hardware) configured to
perform switching of Fibre Channel frames extracted from FCoE
frames received from the Ethernet Switch 110 and/or Fibre Channel
frames received from the Fibre Channel Network 140. As shown in
FIG. 1, the Fibre Channel Forwarder 130 is physically and/or
logically situated between the Ethernet Switch 110 and the Fibre
Channel Network 140, and can be configured to perform known
switching tasks on Fibre Channel frames transmitted between the
Ethernet Switch 110 and the Fibre Channel Network 140. As also
shown in FIG. 1, the Fibre Channel Forwarder 130 includes FCoE
Ports 132-134, each of which is operatively and/or physically
coupled to one of the FCoE Ports 116-118 on the Ethernet Switch
110. In some embodiments, each of the FCoE Ports 132-134 can be an
FCoE port configured to exchange one or more FCoE frames with a
single FCoE port from the FCoE Ports 116-118. The Fibre Channel
Forwarder 130 also includes the Virtual Fibre Channel F Ports
181-189. In some embodiments, each of the Virtual Fibre Channel F
Ports 181-189 can be operatively coupled to one of the Virtual
Fibre Channel N Ports 153-155, 163-165 and 173-175 instantiated at
the Peripheral Processing Devices 122, 123 and 124, respectively.
In such embodiments, each of the Virtual Fibre Channel F Ports
181-189 can exchange Fibre Channel frames with a single virtual
Fibre Channel N port from the Virtual Fibre Channel N Ports
153-155, 163-165 and 173-175, thus defining a virtual link between
those two virtual Fibre Channel ports.
[0030] In some embodiments, the Fibre Channel Forwarder 130 can
receive an FIP FLOGI request sent from one of the Peripheral
Processing Devices 122-124 via the Ethernet Switch 110. The FIP
FLOGI request can include a request for an FCID and/or a MAC
address to be assigned to a requesting virtual Fibre Channel N port
instantiated at the peripheral processing device from the
Peripheral Processing Devices 122-124. In response to the FIP FLOGI
request, the Fibre Channel Forwarder 130 can define an FCID for the
requesting virtual Fibre Channel N port. In such embodiments, the
Fibre Channel Forwarder 130 can also define a common FCID prefix to
be included in each FCID assigned to a virtual Fibre Channel N port
instantiated at the peripheral processing device at which the
requesting virtual Fibre Channel N port is instantiated. The common
FCID prefix can be defined such that each FCID assigned to a
virtual Fibre Channel N port at the peripheral processing device
includes the common FCID prefix, along with a suffix portion unique
to that FCID. The common FCID prefix can be a string of bits of
sufficient length to distinguish from all FCIDs associated with all
other virtual Fibre Channel N ports instantiated at all other
peripheral processing devices in the Network Portion 100, but
sufficiently short to allow a unique suffix to be included in each
FCID assigned to one of the virtual Fibre Channel N ports
instantiated at the peripheral processing device. In some
embodiments, a given peripheral processing device can be associated
with multiple common FCID prefixes, as necessary to provision a
unique FCID to each virtual Fibre Channel N port instantiated at
that peripheral processing device.
[0031] In some embodiments, the Fibre Channel Forwarder 130 can
also define a MAC address for the requesting virtual Fibre Channel
N port (optionally referred to as a source MAC address). The MAC
address can be based on (1) a Fibre Channel mapping prefix (such as
an OUI associated with the Fibre Channel Forwarder 130), and (2)
the assigned FCID. Having defined the MAC address based on the
Fibre Channel mapping and the assigned FCID, the Fibre Channel
Forwarder can also define a common MAC address prefix based at
least in part on the Fibre Channel mapping and the FCID prefix. The
defined MAC address prefix can thus be common to each MAC address
assigned to a virtual Fibre Channel N port at the peripheral
processing device, and sufficient to determine whether a given
assigned MAC address is associated with a virtual Fibre Channel N
port instantiated at the peripheral processing device.
[0032] Having defined the FCID, FCID prefix, MAC address and common
MAC address prefix, the Fibre Channel Forwarder 130 can send a
signal to the Ethernet Switch 110. The signal can include, for
example, an FIP FLOGI response that includes: (1) the assigned FCID
for the requesting virtual Fibre Channel N port (the assigned FCID
including the common FCID prefix, (2) the assigned MAC address for
the requesting virtual Fibre Channel N port and (3) the common MAC
address prefix. The Virtual Fibre Channel F Ports 181-189 can be
virtual Fibre Channel F ports similar to those generally associated
with Fibre Channel and/or FCoE networks. In some embodiments, one
or more of the Virtual Fibre Channel F Ports 181-189 can constitute
one of two virtual end nodes that define a virtual link. For
example, as described above, each such Virtual Fibre Channel F Port
can be uniquely associated with a Virtual Fibre Channel N Port from
the Virtual Fibre Channel N Ports 153-155, 163-165 and 173-175,
thus defining a virtual link.
[0033] In some embodiments, the Fibre Channel Forwarder 130 can
comprise multiple physical devices. In some embodiments, the Fibre
Channel Forwarder 130 can be or include a Fibre Channel Switch
Fabric, such as a multi-stage Fibre Channel fabric. In such
embodiments, the Fibre Channel Forwarder 130 can be included in,
for example, a data center, and can be define one or more logical
hierarchical elements, such as virtual data center fabrics (VDCFs)
and/or virtual local area networks (VLANs).
[0034] The Fibre Channel Network 140 can be any combination of
hardware devices and/or software modules (executing in hardware)
that together comprise a Fibre Channel network. For example,
although not shown in FIG. 1, the Fibre Channel Network 140 can
include one or more Fibre Channel-compatible servers and/or
peripheral devices connected to one or more Fibre Channel switching
devices including one or more Host Bus Adapters (HBAs). In some
embodiments, the Fibre Channel Network 140 can include one or more
subnetwork portions, such as one or more Fibre Channel zones and/or
storage area networks (SANs). As shown in FIG. 1, the Fibre Channel
Network 140 can be operatively coupled to the Peripheral Processing
Devices 122-124 via the Ethernet Switch 110 and the Fibre Channel
Forwarder 130. In such embodiments, the Fibre Channel Network 140
can thus exchange data with the Peripheral Processing Devices
122-124.
[0035] Although not shown in FIG. 1, in some embodiments the
Network Portion 100 can include a gateway device. In such
embodiments, the gateway device can be logically and/or physically
positioned between the Ethernet Switch 110 and the Fibre Channel
Forwarded 130. The gateway device can be configured to transmit
data between the Ethernet Switch 110 and the Fibre Channel
Forwarder 130, based at least in part on the Ethernet, FCoE and/or
Fibre Channel network protocols. In such embodiments, the gateway
device can be configured to send and/or receive one or more FCoE
frames to and/or from the Ethernet Switch 110, and to send and/or
receive one or more Fibre Channel frames to and/or from the Fibre
Channel Forwarder 130. In such embodiments, the gateway device can
include a Frame Formatter Module configured to: (1) encapsulate
Fibre Channel frames within FCoE frames for transmission to one of
the Peripheral Processing Devices 122-124 via the Ethernet Switch
110 and/or (2) extract (i.e., decapsulate) one or more Fibre
Channel frames from FCoE frames received from the Ethernet Switch
110 for transmission to the Fibre Channel Forwarder 130. In some
embodiments, the gateway device can perform the tasks of defining a
MAC address prefix and assigning a MAC address to a requesting
virtual Fibre Channel N port as described above in connection with
the Fibre Channel Forwarder 130. In such embodiments, the Network
Portion 100 can optionally not include the Ethernet Switch 110, and
all functions thereof described above can be performed by, for
example, the gateway device.
[0036] FIG. 2 is a schematic illustration of a gateway device of a
mixed Fibre Channel/Ethernet network portion, according to another
embodiment. More specifically, FIG. 2 is a system block diagram of
a Gateway Device 200, similar to the gateway device described in
connection with FIG. 1 above. The Gateway Device 200 includes a
Processor 230, a Memory 240, a Line Card 210 and a Line Card 220.
The Memory 240 includes a Filter Module 241, a Switching Module 242
and a Frame Formatter Module 243. The Line Card 210 includes the
Physical Ports 211 and 212, and the Line Card 220 includes the
Physical Ports 221 and 222. The Processor 230 is operatively
coupled to the Memory 240, the Line Card 210 and the Line Card 220.
In some embodiments, the Line Cards 210 and/or 220 include one or
more processors and/or memories (not shown in FIG. 2).
[0037] Similar to the FCoE Ports 112-114 of the Ethernet Switch 110
(shown in FIG. 1), the Physical Ports 211-212 and 221-222 can be
configured to communicate with Ethernet and/or peripheral
processing devices via an Ethernet Network. Additionally or
alternatively, similar to the Fibre Channel Ports 116-118 (shown in
FIG. 1), the Physical Ports 211-22 and 221-22 can be configured to
communicate with Fibre Channel devices, such as Fibre Channel
switches. For example, the Physical Ports 211-212 and 221-222 can
implement a physical layer using twisted-pair electrical signaling
via electrical cables or fiber-optic signaling via fiber-optic
cables. In some embodiments, some of the Physical Ports 211-212 and
221-222 can implement one physical layer such as twisted-pair
electrical signaling, and others of the Physical Ports 211-212 and
221-222 can implement a different physical layer, such as
fiber-optic signaling. Furthermore, the Physical Ports 211-212 and
221-222 can be configured to allow the Gateway Device 200 to
communicate with peripheral processing devices and/or switching
devices via a common protocol such as Ethernet, Fibre Channel
and/or FCoE. In some embodiments, some of the Physical Ports
211-212 and 221-222 can implement one protocol such as
Ethernet/FCoE and others of the Physical Ports 211-212 and 221-222
can implement a different protocol such as Fibre Channel. Thus, the
Gateway Device 200 can be in communication with multiple peripheral
processing and/or switching devices using homogeneous or
heterogeneous physical layers and/or protocols via the Physical
Ports 211-212 and 221-222.
[0038] In some embodiments, the Gateway Device 200 can be
configured to prepare a data frame or packet (e.g., an Ethernet or
FCoE frame and/or packet) for transmission to a peripheral
processing device (e.g., one of the Peripheral Processing Devices
122-124) or a Fibre Channel device (e.g., the Fibre Channel
Forwarder 130). For example, the Frame Formatter Module 243 can be
configured to forward, classify, and/or modify the frame
encapsulation (e.g., modify, add and/or remove a header portion,
footer portion and/or any other identifier included within the data
frame) of a data frame prior to sending the data frame to a
communication network. Additionally, the Frame Formatter Module 243
can be configured to partition and/or divide the data frame into
data cells (e.g., having fixed length payloads) prior to sending
the data cells to the switch fabric. Additional details related to
frame and/or packet classification are described in U.S. patent
application Ser. No. 12/242,168 entitled "Methods and Apparatus
Related to Packet Classification Associated with a Multi-Stage
Switch," filed Sep. 30, 2008, and U.S. patent application Ser. No.
12/242,172, entitled "Methods and Apparatus for Packet
Classification Based on Policy Vectors," filed Sep. 30, 2008, both
of which are incorporated herein by reference in their
entireties.
[0039] In some embodiments, the Gateway Device 200 can be
configured to define one or more filters, switching policies and/or
rules that dictate how and to where data frames and/or packets are
transmitted by the Gateway Device 200. For example, the Filter
Module 241 stored at the Memory 240 can be configured to define a
filter specifying that all data frames received from a particular
logical or physical address should in turn be sent to a device or
module having a specified logical or physical address.
Alternatively, the Filter Module 241 can define a filter specifying
that all data frames of a particular type (such as FCoE, Ethernet,
or Fibre Channel) should be sent via one of a specified set of
ports (such as one of the FCoE Ports 116-118 shown in FIG. 1). In
some embodiments, the Gateway Device 200 can be configured to
switch data frames and/or packets according to one or more filters.
For example, the Switching Module 242 stored at the Memory 240 can
send or forward an FCoE frame to a specified peripheral processing
device based at least in part on a filter defined by the Filter
Module 242. In some embodiments, the Gateway Device 200 can be
configured to define one or more MAC addresses associated with one
or more virtual Fibre Channel N ports instantiated at one or more
peripheral processing devices operatively coupled to the Gateway
Device 200. More specifically, the Gateway Device 200 can define
each MAC address based at least in part on a common prefix, such as
an Organizationally Unique Identifier (OUI) associated with a
switch fabric system (such as the Network Portion 100 shown in FIG.
1) and a Fibre Channel Identifier (FCID) associated with the
virtual Fibre Channel port with which the MAC address is to be
associated. In some embodiments, the Gateway Device 200 can receive
the FCID from a Fibre Channel device (e.g. the Fibre Channel
Forwarder 130 illustrated in FIG. 1). In some embodiments, the OUI
can alternatively be a common 24-bit prefix associated with the
Gateway Device 200, such as a gateway ID.
[0040] Although discussed above as being a gateway device, the
Gateway Device 200 can alternatively be an Ethernet switch, such as
the Ethernet Switch 110 discussed in connection with FIG. 1 above.
In such embodiments, the Ethernet switch can include substantially
the same hardware and/or software modules/components as described
above in connection with the Gateway Device 200. In such
embodiments, the Ethernet switch can also perform substantially the
same functions as described above in connection with the Gateway
Device 200.
[0041] FIG. 3 is a schematic illustration of a Fibre Channel
switch, according to another embodiment. More specifically, FIG. 3
is a system block diagram of a Fibre Channel Switch 300
substantially similar to the Fibre Channel Forwarder 130 described
in connection with FIG. 1 above, according to an embodiment. The
Fibre Channel Switch 300 includes a Processor 310, a Memory 320,
and a Line Card 330. The Line Card 330 includes Fibre Channel Ports
331 and 332. The Processor 310 is operatively coupled to the Memory
320 and the Line Card 330. The Memory 320 includes Virtual Fibre
Channel F Port 321 and Virtual Fibre Channel F Port 322. The Fibre
Channel Switch 300 can communicate with other Fibre Channel
devices, such as an FCoE gateway (similar to the Gateway Device 110
shown in FIG. 1), via the Fibre Channel Ports 331 and 332.
[0042] In some embodiments, the Fibre Channel Switch 300 can
perform typical network switching functions on Fibre Channel
frames. The Fibre Channel Switch 300 can, for example, receive a
Fibre Channel frame from a gateway device and send that Fibre
Channel frame to an appropriate next-hop device within a Fibre
Channel network to which the Fibre Channel Switch 300 is coupled.
In some embodiments, the Fibre Channel Switch 300 can communicate
with one or more peripheral processing devices (e.g., one of the
Peripheral Processing Devices 322-324) via the Virtual Fibre
Channel F Port 321 and/or the Virtual Fibre Channel F Port 322. For
example, the Fibre Channel Switch 300 can send a Fibre Channel
frame from the Virtual Fibre Channel F Port 321 for ultimate
transmission to a virtual Fibre Channel N port instantiated at a
peripheral processing device (e.g., the Virtual Fibre Channel N
Port 173 instantiated at the Peripheral Processing Device 124 in
FIG. 1).
[0043] FIG. 4 is a schematic illustration of a mixed Ethernet/Fibre
Channel network portion having a reduced number of filters for
switching data frames from a Fibre Channel Forwarder to one or more
peripheral processing devices, according to an embodiment. More
specifically, FIG. 4 illustrates a Network Portion 400 that
includes a Gateway Device 410 physically and/or operatively coupled
to Peripheral Processing Devices 422-424 (via Ethernet Ports
412-414) and a Fibre Channel Forwarder 430 (via Fibre Channel Ports
416-418). The Fibre Channel Forwarder 430 is operatively and/or
physically coupled to the Gateway Device 410 via the Fibre Channel
Ports 472-474, and to a Fibre Channel Network 440. The Fibre
Channel Forwarder 430 includes a set of Virtual Fibre Channel F
Ports 481-489, each of which is operatively and/or figuratively
coupled to at least one of the Fibre Channel Ports 472-474. The
Peripheral Processing Devices 422-424 are operatively and/or
physically coupled to the Gateway Device 410 via the FCoE Ports
432, 442 and 452, respectively, and to the Gateway Device 410. The
FCoE Ports 432, 442 and 452 are operatively coupled to the Virtual
Fibre Channel N Ports 433-435, 443-445 and 453-455, respectively.
Each of the Virtual Fibre Channel N Ports 433-435, 443-445 and
453-455 is operatively coupled to one of the Virtual Fibre Channel
F Ports 481-489 instantiated at the Fibre Channel Forwarder 430. In
some embodiments, each of the above-described elements shown in
FIG. 4 can be substantially similar to the like-named element(s)
shown and described in connection with FIG. 1 above.
[0044] In some embodiments, any of the FCoE Ports 432, 442 and 452
can receive a Fibre Channel fabric login request from one of the
Virtual Fibre Channel N Ports 433-435, 443-445 and 453-455, and
accordingly define an FIP request based thereon. The Fibre Channel
fabric login can be, for example, a FLOGI (Fabric Login) or FDISC
(Fabric Discovery) request, and the FIP request can be FIP FLOGI or
FIP FDISC request. The FIP request can configured to request
assignment of an FCID and/or MAC address to the Virtual Fibre
Channel N Port 433 (i.e., the virtual Fibre Channel N Port from
which the Fibre Channel fabric login request originated). The FCoE
Port can then send a signal including the FIP request to the
Gateway Device 410. For example, as shown in FIG. 4, the FCoE Port
432 of the Peripheral Processing Device 422 can receive a Fibre
Channel request from the Virtual Fibre Channel N Port 433, define
an FIP request based thereon, and send a Signal 461 including the
FIP request to the Gateway Device 410. The Gateway Device 410 can
receive the FIP request included in the Signal 461 and, as shown in
FIG. 4, send a Signal 462 to the Fibre Channel Forwarder 430. As
also shown in FIG. 4, the Gateway Device 410 can send the Signal
462 via the Fibre Channel Port 416, and the Fibre Channel Forwarder
430 can receive the Signal 462 via the Fibre Channel Port 472. The
Signal 462 can include the a Fibre Channel fabric login request
(i.e., Fibre Channel FLOGI or FDISC request) based on the FIP
request originally included in the Signal 461.
[0045] Upon receipt of the Fibre Channel fabric login request
included in the Signal 462, the Fibre Channel Forwarder 430 can
assign a Fibre Channel ID (FCID) to the Virtual Fibre Channel N
Port 433. The FCID can include an 8-bit domain ID associated with
the Fibre Channel Forwarder 430, an 8-bit area ID associated with
the set of virtual Fibre Channel N Ports 433-435 and an 8-bit port
ID associated with the Fibre Channel Port 433 of the Peripheral
Processing Device 422.
[0046] Because each of the Virtual Fibre Channel N Ports 433-435 is
instantiated at the same peripheral processing device (i.e., the
Peripheral Processing Device 422), each of the Virtual Fibre
Channel N Ports 433-435 is associated with the same domain ID and
area ID. In some embodiments, each FCID associated with one of the
Virtual Fibre Channel N Ports 433-435 can include a port ID that
includes an identical portion, such as an identical initial bit,
initial two bits, etc. Because as described above each of the
Virtual Fibre Channel N Ports 433-435 is associated with the same
destination ID (8 bits), area ID (8 bits), and, optionally, a
predetermined identical portion of the port ID (1-7 bits), each
FCID assigned by the Fibre Channel Forwarder 430 for any of the
Virtual Fibre Channel N Ports 433-435 will be identical in at least
the initial 16 bits.
[0047] Having defined the FCID for the Virtual Fibre Channel N Port
433, the Fibre Channel Forwarder 430 can send a Signal 463 to the
Gateway Device 410 via the Fibre Channel Port 472. As shown in FIG.
4, the Gateway Device 410 can receive the Signal 463 via the Fibre
Channel Port 416. In some embodiments, the Signal 463 can include
the FCID assigned to the Virtual Fibre Channel N Port 433. Upon
receipt of the Signal 463 including the FCID for the Virtual Fibre
Channel N Port 433, the Gateway Device 410 can define a MAC address
for the Virtual Fibre Channel N Port 433. In some embodiments, the
MAC address can be 48 bits in length, and can be comprised of
various component parts. For example, the MAC address can include,
in the first 24 bits, an OUI associated with the Network Portion
400 and/or the Fibre Channel Switch 430. Alternatively, the MAC
address can include, in the first 24 bits, a prefix based on a
locally-provisioned gateway ID (similar to a domain ID), the
gateway ID having been defined by, for example, an administrator of
the Network Portion 400. In some embodiments, the prefix can be
associated with and/or assigned to each of the Peripheral
Processing Devices 122-124. The MAC address can also include, in
the second 24 bits, the FCID assigned to the Virtual Fibre Channel
N Port 433 by the Fibre Channel Switch 430. As described above, the
FCID assigned to the Virtual Fibre Channel N Port 433 includes a
common destination ID, a common area ID, and, optionally, a common
predetermined port ID portion (1-7 bits) included in all FCIDs
assigned to any virtual Fibre Channel N port instantiated at the
Peripheral Processing Device 422 (i.e., any of the Virtual Fibre
Channel N Ports 433-435).Because each of the Virtual Fibre Channel
N Ports 433-435 is associated with the same first 24 bits,
destination ID (8 bits), area ID (8 bits), and, optionally, a
predetermined identical portion of the port ID (1-7 bits), each MAC
address assigned by the Gateway Device 410 to any of the Virtual
Fibre Channel N Ports 433-435 will be identical in at least the
initial 40 bits. As such, it can be determined for any virtual
Fibre Channel N port present within the Network Portion 400 whether
that virtual Fibre Channel N port is one of the Virtual Fibre
Channel N Ports 433-435 having a MAC address based on the common
40+ bit portion described above. Accordingly, the Gateway Device
410 can next define a MAC address mask associated with the
Peripheral Processing Device 422 (and thus each of the Virtual
Fibre Channel N Ports 433-435), the MAC address mask including the
common component portions described above.
[0048] Having defined a MAC address for the Virtual Fibre Channel N
Port 433 and a MAC address mask for the Peripheral Processing
Device 422, the Gateway Device 410 can next define a filter
associated with the Virtual Fibre Channel N Port 433 and the
Peripheral Processing Device 422. More specifically, the Filter
Module 441 of the Gateway Device 410 can define a filter based at
least in part on the MAC address mask. In some embodiments, the
filter can stipulate or allow that a Fibre Channel frame included
in an FCoE frame that contains a source MAC address including an
initial portion that matches the MAC address mask be sent to the
Fibre Channel Forwarder 430. Because each MAC address assigned by
the Gateway Device 410 for any of the Virtual Fibre Channel N Ports
433-435 will include the same first 24 bits (e.g., an OUI),
destination ID, area ID, and predetermined port ID portion (as
described above), all FCoE frames sent from the Peripheral
Processing Device 422 for delivery to the Fibre Channel Forwarder
430 will include a source MAC address including an initial portion
that matches the MAC address mask. Because of this, all such source
MAC addresses will satisfy the defined filter, and as such, the
Gateway Device 410 can allow all properly-constructed Fibre Channel
frames included in FCoE frames sent from one of the Virtual Fibre
Channel N Ports 433-435 to be sent on to the Fibre Channel
Forwarder 430. In this manner, the Gateway Device 410 can define
and employ a single filter rule for switching and/or
forwarding/redirecting all FCoE frames received from the Peripheral
Processing Device 422.
[0049] Having defined the filter as described above, the Gateway
Device 410 can send, to the Virtual Fibre Channel N Port 433, an
FIP response including both the assigned MAC address and the FCID.
More specifically, the Gateway Device 410 can send a Signal 464 via
the Ethernet Port 413 and the FCoE Port 432. The Signal 464 can be
received at the FCoE Port 432. Upon arrival at the FCoE Port 432, a
frame formatter module (not shown in FIG. 4) at the Peripheral
Processing Device 422 can receive the FIP response and send, to the
Virtual Fibre Channel N Port 433, a Fibre Channel fabric login
response including the assigned MAC address and assigned FCID.
[0050] Although not explicitly shown in FIG. 4, in some
embodiments, each of the Virtual Fibre Channel N Ports 434 and 435
can perform a Fibre Channel login to the Fibre Channel Forwarder
430 via the Gateway Device 410. In this manner, each of the Virtual
Fibre Channel N Ports 434 and 435 can receive an FCID assigned by
the Fibre Channel Forwarder 430 (based at least in part on the
common FCID portion described above) and a MAC address assigned by
the Gateway Device 410 (based at least in part on the common MAC
address portion described above). Having already defined a filter
rule based on the MAC address prefix, in some embodiments the
Gateway Device 410 can define no additional filter rules associated
with the Virtual Fibre Channel N Ports 434 and 435. In some
embodiments, instead of sending a Fibre Channel FLOGI request, each
of the Virtual Fibre Channel N Ports 434 and 435 can send a Fibre
Channel FDISC request, and accordingly the Peripheral Processing
Device can send an FIP FDISC request in lieu of an FIP FLOGI
request.
[0051] Having assigned the FCID and MAC address, and defined an
associated filter rule, the Gateway Device 410 can receive a Signal
465 from the Peripheral Processing Device 424. More specifically,
the Peripheral Processing Device 424 can transmit the Signal 465
from the FCoE Port 452 to the Ethernet Port 413 of the Gateway
Device 410. The Signal 465 can include, for example, an FCoE frame
that includes a source MAC address, an initial portion of which
matches the MAC address prefix associated with the filter rule
described above. Upon receipt of the FCoE frame, the Switching
Module 442 can apply the filter defined above to the received FCoE
frame. More specifically, the Switching Module 442 can determine
that a portion of the source MAC address included in the FCoE frame
matches the defined MAC address mask (described above). Having made
this determination, the Gateway Device 410 can determine that the
received FCoE frame satisfies the defined filter. Accordingly, the
Gateway Device 410 can extract (i.e., decapsulate) the encapsulated
Fibre Channel frame from within the received FCoE frame and send
the Fibre Channel frame to the Fibre Channel Forwarder 430. More
specifically, the Gateway Device 410 can include the Fibre Channel
frame in a Signal 466, and, as shown in FIG. 4, send the Signal 466
to the Fibre Channel Forwarder 430 via the Fibre Channel Port 416
and the Fibre Channel Port 472. Upon receipt of the Signal 466, the
Fibre Channel Forwarder can send the Fibre Channel frame to an
appropriate virtual Fibre Channel F port from the Virtual Fibre
Channel F Ports 481-489.
[0052] Although not shown in FIG. 4, in some embodiments, each of
the Peripheral Processing Devices 422-424 can be operatively
coupled to the Gateway Device 410 via a network, such as an
Ethernet network. In such embodiments, upon receipt of an FIP
response from the Fibre Channel Forwarder 430, the Gateway Device
410 can associate the MAC address mask described above with the
FCoE port from which the original and corresponding FIP request was
received. In this manner, the Gateway Device 410 can associate each
FCoE port with a MAC address mask defined for the peripheral
processing device at which the FCoE port is located.
[0053] Upon receipt of an FCoE frame from one of the Peripheral
Processing Devices 422-424 (via the Ethernet network), the
Switching Module 442 can perform a lookup on a table, database
and/or file. The lookup can allow the Switching Module 442 to
determine whether the source MAC address included in the FCoE frame
and/or the MAC address mask described above is associated with the
FCoE port from which the received FCoE frame was sent. In this
manner, the Switching Module 442 can prevent MAC address
"spoofing", wherein an FCoE or other frame includes a source MAC
address other than its own, and thereby misrepresents the source of
the frame. Although not shown in FIG. 4, in such an embodiment the
Switching Module 442 can determine that a MAC address mask matching
an initial portion of a source MAC address included in a received
FCoE frame is not associated with the FCoE Port from which the
received FCoE frame was sent. Thus, the Switching Module 442 can
"drop" and/or reject the received FCoE frame, and optionally send a
signal to the sending peripheral processing device and FCoE port,
the signal including notification of the rejection of the FCoE
frame.
[0054] FIG. 5 is a flow chart that illustrates a method of defining
a switching policy based at least in part on a MAC address mask,
according to another embodiment. In some embodiments, the MAC
address mask is based at least in part on a common initial portion
included in each of one or more MAC addresses assigned to a set of
virtual Fibre Channel N ports instantiated at a network device.
[0055] A Fibre Channel switch can receive a Fibre Channel fabric
login request from a Fibre Channel device, at 500. In some
embodiments, the Fibre Channel switch can be any standard Fibre
Channel switch, such as the Fibre Channel Forwarder 300 discussed
in connection with FIG. 3 above and/or the Fibre Channel Forwarder
430 discussed in connection with FIG. 4 above. The Fibre Channel
device can be a peripheral processing device and/or server. In some
embodiments, the Fibre Channel switch can receive the Fibre Channel
fabric login request from a peripheral processing device and/or
server, the Fibre Channel fabric login request having been included
in an FIP request sent via one or more FCoE frames transferred
through an Ethernet network and/or a gateway device. The Fibre
Channel fabric login request can be, for example, a FLOGI or FDISC
request configured to request an FCID and/or a MAC address for a
virtual Fibre Channel N port instantiated at the peripheral
processing device.
[0056] The Fibre Channel switch can assign an FCID to the virtual
Fibre Channel N port instantiated at the Fibre Channel device, at
510. The FCID can be defined based at least in part on a domain ID
associated with the Fibre Channel switch and an area ID and port ID
associated with one or more virtual Fibre Channel N ports of the
peripheral processing device. In some embodiments, the FCID can be
a 24-bit string including an 8-bit domain ID, followed by an 8-bit
area ID, followed by an 8-bit port ID.
[0057] The Fibre Channel switch can next assign a MAC address to
the virtual Fibre Channel N port instantiated at the Fibre Channel
device, at 520. The MAC address can be defined based at least in
part on the FCID assigned to that virtual Fibre Channel N port by
the Fibre Channel switch. The MAC address can also be defined based
at least in part on a 24-bit OUI associated with the Fibre Channel
switch, or other common 24-bit prefix (such as a common gateway
ID). In some embodiments, the assigned MAC address can be a 48-bit
string that includes the common 24-bit prefix in the first 24 bits
and the 24-bit FCID in the second set of 24 bits. Alternatively, in
some embodiments, the MAC address can be assigned by an FCoE
gateway device logically and/or physically located between the
peripheral processing device and the Fibre Channel switch.
[0058] The Fibre Channel switch and/or an FCoE gateway can define a
MAC address mask, at 530. The MAC address mask can be based at
least in part on a common MAC address portion included in an
initial portion of each MAC address assigned to any virtual Fibre
Channel N port instantiated at the requesting peripheral processing
device. For example, the MAC address mask can include the common
24-bit prefix discussed above, along with a common FCID portion
included in all FCIDs assigned to any virtual Fibre Channel N port
instantiated at the requesting peripheral processing device. The
common FCID portion can include, for example, a common 8-bit domain
ID and a common 8-bit area ID. The common FCID portion can also
optionally include a common portion included in each unique 8-bit
port ID assigned to any of the virtual Fibre Channel N ports
instantiated at the peripheral processing device. In some
embodiments, the FCoE gateway can be substantially similar to the
Gateway Device 110 discussed in connection with FIG. 1 above. In
such embodiments, the FCoE gateway can receive, from the Fibre
Channel switch, a signal including a Fibre Channel fabric login
response. The Fibre Channel fabric login response can include the
assigned MAC address and/or the assigned FCID. In such embodiments,
the FCoE gateway can include a filter module configured to define
the MAC address mask as described above.
[0059] The FCoE gateway can next define a switching policy allowing
transmission of a Fibre Channel frame included in a received FCoE
frame to the Fibre Channel switch when an initial portion of a
source MAC address included in the FCoE frame matches the MAC
address mask, at 540. Thus, in such embodiments a single switching
policy enables forwarding to the Fibre Channel switch of any FCoE
frame with a source MAC address including an initial portion that
matches the MAC address mask. In this manner, the single switching
policy serves to ensure correct switching of all FCoE frames sent
from any virtual Fibre Channel N port instantiated at the
peripheral processing device. Additionally, the single switching
policy can be used by the FCoE gateway to block and/or drop any
received FCoE frames that do not include a source MAC address a
portion of which matches a predefined MAC address mask, thereby
preventing the entry of any untrusted data into the Fibre Channel
switch and/or network. In some embodiments, the Fibre Channel
switch and/or the FCoE gateway can define the switching policy
using a switching policy or filter module (e.g., a filter module
similar to the Filter Module 441 discussed in connection with FIG.
4 above).
[0060] FIG. 6 is a diagram that illustrates a table including
multiple MAC address mask/FCoE port pairs, according to another
embodiment. More specifically, FIG. 6 illustrates a Table 600 that
includes MAC Address Mask/FCoE Port Pairs 610, 620 and 630. The MAC
Address Mask/FCoE Port Pairs 610, 620 and 630 each include a unique
MAC Address Mask 612, 622 and 632, respectively, and an FCoE Port
ID 613, 623 and 633 (of the peripheral processing devices
PPD.sub.1, PPD.sub.2 and PPD.sub.3), respectively. Each of the MAC
Address Masks 612, 622 and 632 included in the MAC Address
Mask/FCoE Port Pairs 610, 620 and 630 includes a Common MAC Address
Mask Portion 637. The Common MAC Address Mask Portion 637 can be a
MAC address portion common to all MAC addresses assigned to all
virtual ports instantiated at any of the Peripheral Processing
Devices PPD.sub.1, PPD.sub.2 and PPD.sub.3. Each of the MAC Address
Masks 612, 622 and 632 can be a MAC address portion longer than the
Common MAC Address Mask Portion 637 and common to all MAC addresses
assigned to all virtual ports instantiated at the Peripheral
Processing Device PPD.sub.1, PPD.sub.2 and PPD.sub.3,
respectively.
[0061] As shown in FIG. 6, the Common MAC Address Mask Portion 637
can include a common OUI associated with a switch fabric or portion
of a switch fabric system, a common domain ID associated with a
network switch of the switch fabric system, a common area ID
associated with a set of virtual Fibre Channel N ports of a
peripheral processing device, and a common port ID portion.
Although not shown in FIG. 6, in some embodiments, the Common MAC
Address Mask Portion 637 can alternatively include another common
first 24-bit portion, such as a 24-bit gateway ID. The common port
ID portion can be a common port ID prefix included in all port IDs
associated with the network switch and/or instantiated at a given
peripheral processing device. As also shown in FIG. 6, the MAC
Address Mask 632 includes a Two-bit End Portion 639 that is
distinct from the final two bits of the MAC Address Masks 612 and
622. The MAC Address Mask/FCoE Port Pair 610 includes the MAC
Address Mask 612, which ends with the two-bit sequence 00 and the
FCoE Port ID for the PPD.sub.1, 613. The MAC Address Mask/FCoE Port
Pair 620 includes the MAC Address Mask 622, which ends with the
two-bit sequence 01 and FCoE Port ID for the PPD.sub.2, 623. The
MAC Address Mask/FCoE Port Pair 630 includes the MAC Address Mask
632, which ends with the two-bit sequence 10 and the FCoE Port ID
for the PPD.sub.3, 633. In some embodiments, the Two-bit End
Portion 639 can alternatively be a one-bit, three-bit, four-bit,
five-bit, six-bit, or seven-bit end portion. The Two-bit End
Portion 639 can have a length in bits sufficient to distinguish
each of the MAC Address Masks 612, 622 and 632 from all other MAC
address masks included in the Table 600.
[0062] In some embodiments, the Table 600 can be included in and/or
referenced by a gateway device and/or a network switch, such as the
Gateway Device 110 and/or the Fibre Channel Forwarder 130,
respectively, discussed in connection with FIG. 1 above. In such
embodiments, the Table 600 can be used by the gateway device and/or
the network switch to determine whether a source MAC address
included in a received FCoE frame is associated with the FCoE port
from which the FCoE frame was sent. For example, a gateway device
can receive an FCoE frame from, for example, a peripheral
processing device (such as one of the PPD.sub.1, the PPD.sub.2 and
the PPD.sub.3). The gateway device can then determine whether the
source MAC address included in the received FCoE frame matches a
MAC address mask from the MAC Address Masks 612, 622 and 632. If
so, the gateway device can determine, based on the Table 600,
whether the matching MAC address mask is associated with the FCoE
port from which the FCoE frame was received. If the gateway device
determines that the FCoE port associated with the matching MAC
address mask in the Table 600 is the same FCoE port from which the
FCoE frame was sent, the gateway device can decapsulate a Fibre
Channel frame included in the FCoE frame and send the Fibre Channel
frame to a Fibre Channel switch or forwarder. If, however, the
gateway device determines that the FCoE port associated with the
matching MAC address mask in the Table 600 is not the same FCoE
port from which the FCoE frame was sent, the gateway device can
determine that the received FCoE frame includes a "spoofed" (i.e.,
misrepresented) source MAC address, and can drop and/or reject the
FCoE frame, not forwarding the Fibre Channel frame encapsulated
therein on to the Fibre Channel switch or forwarder.
[0063] Some embodiments described herein relate to a computer
storage product with a non-transitory computer-readable medium
(also can be referred to as a non-transitory processor-readable
medium) having instructions or computer code thereon for performing
various computer-implemented operations. The computer-readable
medium (or processor-readable medium) is non-transitory in the
sense that it does not include transitory propagating signals per
se (e.g., a propagating electromagnetic wave carrying information
on a transmission medium such as space or a cable). The media and
computer code (also can be referred to as code) may be those
designed and constructed for the specific purpose or purposes.
Examples of non-transitory computer-readable media include, but are
not limited to: magnetic storage media such as hard disks, floppy
disks, and magnetic tape; optical storage media such as Compact
Disc/Digital Video Discs (CD/DVDs), Compact Disc-Read Only Memories
(CD-ROMs), and holographic devices; magneto-optical storage media
such as optical disks; carrier wave signal processing modules; and
hardware devices that are specially configured to store and execute
program code, such as Application-Specific Integrated Circuits
(ASICs), Programmable Logic Devices (PLDs), Read-Only Memory (ROM)
and Random-Access Memory (RAM) devices.
[0064] Examples of computer code include, but are not limited to,
micro-code or micro-instructions, machine instructions, such as
produced by a compiler, code used to produce a web service, and
files containing higher-level instructions that are executed by a
computer using an interpreter. For example, embodiments may be
implemented using Java, C++, or other programming languages (e.g.,
object-oriented programming languages) and development tools.
Additional examples of computer code include, but are not limited
to, control signals, encrypted code, and compressed code.
[0065] While various embodiments have been described above, it
should be understood that they have been presented by way of
example only, not limitation, and various changes in form and
details may be made. Any portion of the apparatus and/or methods
described herein may be combined in any combination, except
mutually exclusive combinations. The embodiments described herein
can include various combinations and/or sub-combinations of the
functions, components and/or features of the different embodiments
described. For example, in some embodiments an access switch and a
peripheral processing device in a switch fabric can be included in
a single hardware device or module.
* * * * *