HP StorageWorks 2/16V HP StorageWorks Fabric OS 5.2.0b Release Notes (AA-RWEYB - Page 17
Tunnel mode in Encapsulating Security Payload ESP
View all HP StorageWorks 2/16V manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 17 highlights
FC Routing Security Diagnostics HA IPSec for B-Series MP Router blade (FR4-18i) • If an HP StorageWorks MP Router is present in the backbone fabric, the command fcrDisable may take up to 8 minutes to complete. If the MP Router is replaced by a B-Series MP Router blade (FR4-18i) or an HP StorageWorks 400 MP Router, the command completes immediately. • EX_Port trunking is not enabled by default. Remove any password enforced expiration of admin or root accounts before downgrading firmware to 5.0.1 or lower versions. • All offline diagnostics commands should be used only when the switch is disabled. • POST can fail if new SFPs are added during POST. SFPs should only be added while the switch is "online" or if the switch is powered off. • When you use the diagnostic commands systemVerification and diagSetBurnin, the switch or blade will fault when the burn-in error log is full. Clear the burn-in log before running systemVerification or diagSetBurnin. • If there are ISLs present on the switch that are not used for routing because they have higher linkcosts, disable the links before running spinfab. If there is an already segmented port and backbone devices are exported to an edge fabric, a build fabric/fabric reconfiguration can occur after running haFailover. Ensure that there are no segmented ports before upgrading firmware. • IPSec implementation details: -Pre-shared key -Main mode (IKE negotiation protocol) -Tunnel mode in Encapsulating Security Payload (ESP) • IPSec specific statistics not provided. • No NAT or IPV6 support • FastWrite and Tape Pipelining will not be supported in conjunction with secure tunnels. • Jumbo frames will not be supported on secure tunnels. • ICMP redirect is not supported for IPSec-enabled tunnels. • Only a single secure tunnel will be allowed on a port. Non-secure tunnels will not be allowed on the same port as secure tunnels. • Modify operations are not allowed on secure tunnels. To change the configuration of a secure tunnel, you must first delete the tunnel and then recreate it with the desired options. • Only a single route is supported on an interface with a secure tunnel. • An IPSec tunnel cannot be created using the same local IP address if ipperf is active and using the same local IP address (source IP address). • Unidirectional supported throughput is ~104Mbytes/sec and bidirectional supported throughput is ~90Mbytes/sec. • An IPSec tunnel takes longer to come online than a non-IPSec tunnel. Fabric OS 5.2.0b 17