AU2001275252A1 - Hardware-enforced loop-level hard zoning for fibre channel switch fabric - Google Patents

Hardware-enforced loop-level hard zoning for fibre channel switch fabric

Info

Publication number
AU2001275252A1
AU2001275252A1 AU2001275252A AU7525201A AU2001275252A1 AU 2001275252 A1 AU2001275252 A1 AU 2001275252A1 AU 2001275252 A AU2001275252 A AU 2001275252A AU 7525201 A AU7525201 A AU 7525201A AU 2001275252 A1 AU2001275252 A1 AU 2001275252A1
Authority
AU
Australia
Prior art keywords
fabric
hardware
fibre channel
zoning
point
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
AU2001275252A
Inventor
Frank R. Dropps
William R. George
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
QLogic Switch Products LLC
Original Assignee
QLogic Switch Products LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by QLogic Switch Products LLC filed Critical QLogic Switch Products LLC
Publication of AU2001275252A1 publication Critical patent/AU2001275252A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/356Switches specially adapted for specific applications for storage area networks
    • H04L49/357Fibre channel switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/30Peripheral units, e.g. input or output ports
    • H04L49/3009Header conversion, routing tables or routing tags
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/351Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/40Constructional details, e.g. power supply, mechanical construction or backplane
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99939Privileged access

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Electronic Switches (AREA)
  • Switches With Compound Operations (AREA)
  • Switches Operated By Changes In Physical Conditions (AREA)
  • Near-Field Transmission Systems (AREA)

Abstract

Hardware-enforced zoning is provided in Fibre Channel switches to protect against breaching of assigned zones in a switch network which can occur with software-based zoning techniques. The invention provides logic for performing a hardware-based validation of the Source ID S_ID of frames both at the point where the frame enters the Fibre Channel fabric, and at the point where the frame leaves the fabric. The S_ID is verified against an inclusion list or table of allowable S_IDs, which can be unique for each fabric port. The invention provides a way to increase the range of sources an inclusion table can express, by implementing wild cards, on an entry-by entry basis. If the S_ID is valid, it will enter the fabric and route normally. If invalid, the frame will not be routed but will be disposed of by the fabric according to FC rules. This prevents incorrect S_IDs from breaching the table-driven zoning at the point where frames exit the fabric, to prevent unauthorized access to devices connected to the switch network.
AU2001275252A 2000-06-05 2001-06-05 Hardware-enforced loop-level hard zoning for fibre channel switch fabric Abandoned AU2001275252A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US20941300P 2000-06-05 2000-06-05
US60209413 2000-06-05
PCT/US2001/018159 WO2001095566A2 (en) 2000-06-05 2001-06-05 Hardware-enforced loop-level hard zoning for fibre channel switch fabric

Publications (1)

Publication Number Publication Date
AU2001275252A1 true AU2001275252A1 (en) 2001-12-17

Family

ID=22778655

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2001275252A Abandoned AU2001275252A1 (en) 2000-06-05 2001-06-05 Hardware-enforced loop-level hard zoning for fibre channel switch fabric

Country Status (9)

Country Link
US (2) US7248580B2 (en)
EP (1) EP1290837B1 (en)
JP (1) JP4741039B2 (en)
KR (1) KR100670084B1 (en)
AT (1) ATE376735T1 (en)
AU (1) AU2001275252A1 (en)
CA (1) CA2410932C (en)
DE (1) DE60131079T2 (en)
WO (1) WO2001095566A2 (en)

Families Citing this family (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6697359B1 (en) * 1999-07-02 2004-02-24 Ancor Communications, Inc. High performance switch fabric element and switch systems
EP1238486B1 (en) * 1999-12-10 2008-10-15 Qlogic Switch Products, Inc. Method and apparatus for credit-based flow control in Fibre Channel systems
ATE376735T1 (en) 2000-06-05 2007-11-15 Qlogic Switch Products Inc HARDWARE FORCED LOOP LEVEL HARD ZONING FOR FIBER CHANNEL SWITCH ARRANGEMENT
US7978695B2 (en) * 2000-06-05 2011-07-12 Qlogic Switch Products, Inc. Hardware-enforced loop and NPIV hard zoning for fibre channel switch fabric
US20030055932A1 (en) * 2001-09-19 2003-03-20 Dell Products L.P. System and method for configuring a storage area network
US20030140128A1 (en) * 2002-01-18 2003-07-24 Dell Products L.P. System and method for validating a network
US7230929B2 (en) * 2002-07-22 2007-06-12 Qlogic, Corporation Method and system for dynamically assigning domain identification in a multi-module fibre channel switch
US7154886B2 (en) * 2002-07-22 2006-12-26 Qlogic Corporation Method and system for primary blade selection in a multi-module fiber channel switch
US7397768B1 (en) 2002-09-11 2008-07-08 Qlogic, Corporation Zone management in a multi-module fibre channel switch
US6886141B1 (en) 2002-10-07 2005-04-26 Qlogic Corporation Method and system for reducing congestion in computer networks
US7152132B2 (en) * 2003-07-16 2006-12-19 Qlogic Corporation Method and apparatus for improving buffer utilization in communication networks
US7646767B2 (en) * 2003-07-21 2010-01-12 Qlogic, Corporation Method and system for programmable data dependant network routing
US7477655B2 (en) * 2003-07-21 2009-01-13 Qlogic, Corporation Method and system for power control of fibre channel switches
US7558281B2 (en) * 2003-07-21 2009-07-07 Qlogic, Corporation Method and system for configuring fibre channel ports
US7573909B2 (en) * 2003-07-21 2009-08-11 Qlogic, Corporation Method and system for programmable data dependant network routing
US7580354B2 (en) * 2003-07-21 2009-08-25 Qlogic, Corporation Multi-speed cut through operation in fibre channel switches
US7894348B2 (en) 2003-07-21 2011-02-22 Qlogic, Corporation Method and system for congestion control in a fibre channel switch
US7684401B2 (en) 2003-07-21 2010-03-23 Qlogic, Corporation Method and system for using extended fabric features with fibre channel switch elements
US7430175B2 (en) 2003-07-21 2008-09-30 Qlogic, Corporation Method and system for managing traffic in fibre channel systems
US7406092B2 (en) 2003-07-21 2008-07-29 Qlogic, Corporation Programmable pseudo virtual lanes for fibre channel systems
US7447224B2 (en) * 2003-07-21 2008-11-04 Qlogic, Corporation Method and system for routing fibre channel frames
US7792115B2 (en) 2003-07-21 2010-09-07 Qlogic, Corporation Method and system for routing and filtering network data packets in fibre channel systems
US7420982B2 (en) 2003-07-21 2008-09-02 Qlogic, Corporation Method and system for keeping a fibre channel arbitrated loop open during frame gaps
US7466700B2 (en) * 2003-07-21 2008-12-16 Qlogic, Corporation LUN based hard zoning in fibre channel switches
US7525983B2 (en) * 2003-07-21 2009-04-28 Qlogic, Corporation Method and system for selecting virtual lanes in fibre channel switches
JP4210922B2 (en) * 2003-10-27 2009-01-21 ソニー株式会社 Imaging apparatus and method
US7103504B1 (en) 2003-11-21 2006-09-05 Qlogic Corporation Method and system for monitoring events in storage area networks
US7340167B2 (en) * 2004-04-23 2008-03-04 Qlogic, Corporation Fibre channel transparent switch for mixed switch fabrics
US7930377B2 (en) 2004-04-23 2011-04-19 Qlogic, Corporation Method and system for using boot servers in networks
US7669190B2 (en) 2004-05-18 2010-02-23 Qlogic, Corporation Method and system for efficiently recording processor events in host bus adapters
US8295299B2 (en) 2004-10-01 2012-10-23 Qlogic, Corporation High speed fibre channel switch element
US7676611B2 (en) 2004-10-01 2010-03-09 Qlogic, Corporation Method and system for processing out of orders frames
US8335231B2 (en) * 2005-04-08 2012-12-18 Cisco Technology, Inc. Hardware based zoning in fibre channel networks
US8464238B1 (en) 2006-01-31 2013-06-11 Qlogic, Corporation Method and system for managing storage area networks
US20070220124A1 (en) * 2006-03-16 2007-09-20 Dell Products L.P. System and method for automatically creating and enabling zones in a network
US7770208B2 (en) * 2006-03-28 2010-08-03 International Business Machines Corporation Computer-implemented method, apparatus, and computer program product for securing node port access in a switched-fabric storage area network
US7769842B2 (en) * 2006-08-08 2010-08-03 Endl Texas, Llc Storage management unit to configure zoning, LUN masking, access controls, or other storage area network parameters
US7613816B1 (en) 2006-11-15 2009-11-03 Qlogic, Corporation Method and system for routing network information
US7769931B1 (en) * 2007-02-15 2010-08-03 Emc Corporation Methods and systems for improved virtual data storage management
US8321908B2 (en) 2007-06-15 2012-11-27 Cisco Technology, Inc. Apparatus and method for applying network policy at a network device
US8031703B2 (en) * 2008-08-14 2011-10-04 Dell Products, Lp System and method for dynamic maintenance of fabric subsets in a network
CN101626343B (en) * 2009-08-05 2012-04-04 华为技术有限公司 Method and apparatus for exchanging data packet, and communication device
US8958429B2 (en) 2010-12-22 2015-02-17 Juniper Networks, Inc. Methods and apparatus for redundancy associated with a fibre channel over ethernet network
US8364852B1 (en) * 2010-12-22 2013-01-29 Juniper Networks, Inc. Methods and apparatus to generate and update fibre channel firewall filter rules using address prefixes
US9893989B2 (en) 2013-06-24 2018-02-13 Hewlett Packard Enterprise Development Lp Hard zoning corresponding to flow
US11100023B2 (en) * 2017-09-28 2021-08-24 Intel Corporation System, apparatus and method for tunneling validated security information
US11922043B2 (en) * 2021-06-08 2024-03-05 EMC IP Holding Company LLC Data migration between storage systems

Family Cites Families (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4162375A (en) * 1972-03-23 1979-07-24 Siemens Aktiengesellschaft Time-divison multiplex switching network with spatial switching stages
GB2074815B (en) * 1980-04-24 1984-06-27 Plessey Co Ltd Telecommunications switching network using digital switching modules
US4475192A (en) 1982-02-16 1984-10-02 At&T Bell Laboratories Data packet flow control scheme for switching networks
US4546468A (en) * 1982-09-13 1985-10-08 At&T Bell Laboratories Switching network control circuit
US4569043A (en) * 1983-06-22 1986-02-04 Gte Automatic Electric Inc. Arrangement for interfacing the space stage to the time stages of a T-S-T digital switching system
US4725835A (en) * 1985-09-13 1988-02-16 T-Bar Incorporated Time multiplexed bus matrix switching system
US4821034A (en) * 1987-02-06 1989-04-11 Ancor Communications, Inc. Digital exchange switch element and network
US5144622A (en) * 1988-02-15 1992-09-01 Hitachi, Ltd. Network system
US5367520A (en) * 1992-11-25 1994-11-22 Bell Communcations Research, Inc. Method and system for routing cells in an ATM switch
JPH0758770A (en) * 1993-08-12 1995-03-03 Hitachi Cable Ltd Multi-port repeater system
US5412653A (en) 1993-10-15 1995-05-02 International Business Machines Corporation Dynamic switch cascading system
GB9401092D0 (en) * 1994-01-21 1994-03-16 Newbridge Networks Corp A network management system
GB9408574D0 (en) * 1994-04-29 1994-06-22 Newbridge Networks Corp Atm switching system
US5633867A (en) * 1994-07-01 1997-05-27 Digital Equipment Corporation Local memory buffers management for an ATM adapter implementing credit based flow control
US5598541A (en) * 1994-10-24 1997-01-28 Lsi Logic Corporation Node loop port communication interface super core for fibre channel
US5687172A (en) * 1994-12-30 1997-11-11 Lucent Technologies Inc. Terabit per second distribution network
US5528591A (en) 1995-01-31 1996-06-18 Mitsubishi Electric Research Laboratories, Inc. End-to-end credit-based flow control system in a digital communication network
US5748612A (en) * 1995-08-10 1998-05-05 Mcdata Corporation Method and apparatus for implementing virtual circuits in a fibre channel system
US6047323A (en) * 1995-10-19 2000-04-04 Hewlett-Packard Company Creation and migration of distributed streams in clusters of networked computers
US5610745A (en) * 1995-10-26 1997-03-11 Hewlett-Packard Co. Method and apparatus for tracking buffer availability
JPH09247176A (en) * 1996-03-11 1997-09-19 Hitachi Ltd Asynchronous transfer mode exchange system
KR100194813B1 (en) * 1996-12-05 1999-06-15 정선종 Packet Switching Device with Multichannel / Multicast Switching Function and Packet Switching System Using the Same
US6188690B1 (en) * 1996-12-12 2001-02-13 Pmc-Sierra, Inc. Method and apparatus for high speed, scalable communication system
JP3156623B2 (en) 1997-01-31 2001-04-16 日本電気株式会社 Fiber channel fabric
US6014383A (en) * 1997-02-10 2000-01-11 Compaq Computer Corporation System and method for controlling multiple initiators in a fibre channel environment
US6118776A (en) * 1997-02-18 2000-09-12 Vixel Corporation Methods and apparatus for fiber channel interconnection of private loop devices
US6185203B1 (en) * 1997-02-18 2001-02-06 Vixel Corporation Fibre channel switching fabric
US6160813A (en) * 1997-03-21 2000-12-12 Brocade Communications Systems, Inc. Fibre channel switching system and method
US5825748A (en) 1997-04-08 1998-10-20 International Business Machines Corporation Credit-based flow control checking and correction system
US5987028A (en) * 1997-05-12 1999-11-16 Industrial Technology Research Insitute Multiple channel ATM switch
US6081512A (en) * 1997-06-30 2000-06-27 Sun Microsystems, Inc. Spanning tree support in a high performance network device
US6324181B1 (en) * 1998-04-16 2001-11-27 3Com Corporation Fibre channel switched arbitrated loop
US6647019B1 (en) * 1998-04-29 2003-11-11 Pmc-Sierra, Inc. Packet-switch system
US6289386B1 (en) * 1998-05-11 2001-09-11 Lsi Logic Corporation Implementation of a divide algorithm for buffer credit calculation in a high speed serial channel
US6411599B1 (en) * 1998-05-29 2002-06-25 International Business Machines Corporation Fault tolerant switching architecture
US6330236B1 (en) * 1998-06-11 2001-12-11 Synchrodyne Networks, Inc. Packet switching method with time-based routing
US7756986B2 (en) * 1998-06-30 2010-07-13 Emc Corporation Method and apparatus for providing data management for a storage system coupled to a network
US7165152B2 (en) * 1998-06-30 2007-01-16 Emc Corporation Method and apparatus for managing access to storage devices in a storage system with access control
US6885664B2 (en) * 1998-07-22 2005-04-26 Synchrodyne Networks, Inc. Distributed switching system and method with time-based routing
US6597691B1 (en) * 1998-09-01 2003-07-22 Ancor Communications, Inc. High performance switching
JP2000134258A (en) * 1998-10-22 2000-05-12 Chokosoku Network Computer Gijutsu Kenkyusho:Kk Route control system in connection setting type network
US6765919B1 (en) * 1998-10-23 2004-07-20 Brocade Communications Systems, Inc. Method and system for creating and implementing zones within a fibre channel system
US6308220B1 (en) * 1999-01-29 2001-10-23 Neomagic Corp. Circulating parallel-search engine with random inputs for network routing table stored in a wide embedded DRAM
US6424658B1 (en) * 1999-01-29 2002-07-23 Neomagic Corp. Store-and-forward network switch using an embedded DRAM
US6697359B1 (en) * 1999-07-02 2004-02-24 Ancor Communications, Inc. High performance switch fabric element and switch systems
EP1238486B1 (en) * 1999-12-10 2008-10-15 Qlogic Switch Products, Inc. Method and apparatus for credit-based flow control in Fibre Channel systems
US6484173B1 (en) * 2000-02-07 2002-11-19 Emc Corporation Controlling access to a storage device
ATE376735T1 (en) 2000-06-05 2007-11-15 Qlogic Switch Products Inc HARDWARE FORCED LOOP LEVEL HARD ZONING FOR FIBER CHANNEL SWITCH ARRANGEMENT
US7978695B2 (en) 2000-06-05 2011-07-12 Qlogic Switch Products, Inc. Hardware-enforced loop and NPIV hard zoning for fibre channel switch fabric

Also Published As

Publication number Publication date
JP4741039B2 (en) 2011-08-03
US7684398B2 (en) 2010-03-23
CA2410932C (en) 2010-04-13
ATE376735T1 (en) 2007-11-15
WO2001095566A3 (en) 2002-06-13
DE60131079T2 (en) 2008-08-07
JP2004501565A (en) 2004-01-15
KR100670084B1 (en) 2007-01-17
EP1290837A2 (en) 2003-03-12
US20080002687A1 (en) 2008-01-03
EP1290837B1 (en) 2007-10-24
KR20030036216A (en) 2003-05-09
US20030179748A1 (en) 2003-09-25
WO2001095566A2 (en) 2001-12-13
CA2410932A1 (en) 2001-12-13
DE60131079D1 (en) 2007-12-06
US7248580B2 (en) 2007-07-24

Similar Documents

Publication Publication Date Title
AU2001275252A1 (en) Hardware-enforced loop-level hard zoning for fibre channel switch fabric
GB2391983A (en) Pre-boot authentication system
BR0109231A (en) Integrated security and communications system with secure communications link
WO2003024029A3 (en) Metropolitan area local access service system
CA2302264A1 (en) Methods and/or systems for selecting data sets
CA2330857A1 (en) User specific automatic data redirection system
BR0209953A (en) Local Authentication in a Communication System
WO2002057935A8 (en) Method and device for monitoring data traffic and preventing unauthorized access to a network
FI912548A0 (en) TRAODLOEST TELEFONFOERBINDELSEFOERFARANDE.
SE9702476L (en) Method and apparatus for detecting an unauthorized user access to a communication network
SE0104344D0 (en) System and procedure
FI971059A0 (en) System for processing service data in a telecommunications systemSystem for processing service data in a telecommunications systemSystem for processing service data in a telecommunications system em em
WO2001035615A3 (en) Telephone based access to instant messaging
BRPI0412595A8 (en) NON-HIERARCHICAL TELEPHONE SYSTEM, METHOD FOR OPERATING A TELEPHONE SYSTEM, AND SOFWARE
DE60121343D1 (en) LOTTERIELOSAKTIONSSPIEL
WO2002086715A3 (en) Integrated procedure for partitioning network data services among multiple subscribers
TW215482B (en) Trusted personal computer system with identification
FI964504A (en) Paper processing tools
WO2001043393A3 (en) Decoupling access control from key management in a network
ATE199538T1 (en) ANTIVIRUS COMPOUNDS
DE69703672T2 (en) Antivirus compounds
ATE199707T1 (en) ANTIVIRUS COMPOUNDS
ATE313893T1 (en) USER PASSWORD BASED PACKET SHIPPING IN VIRTUAL PRIVATE NETWORKS
IT1303569B1 (en) BACKLIT MONOBLOCK INDEX GROUP.
FR2702485B1 (en) Compositions based on cationically crosslinkable polyorganosiloxanes and their use in the field of paper anti-adhesion, protection of optical fibers and printed circuits.