HP StorageWorks 4/16 HP StorageWorks Fabric OS 6.0.1a release notes (AA-RWFMA- - Page 13

Topic IPSec for FR4-18i blade and 400 Multi-protocol Router IPv6 FCIP Tunnels Distance mode Fibre Channel Routing (FCR) switch Diagnostics High Availability (HA) Description • IPSec implementation details: • Pre-shared key • Main mode (IKE negotiation protocol) • Tunnel mode in Encapsulating Security Payload (ESP) • IPSec specific statistics not provided • No NAT or IPv6 support • Jumbo frames will not be supported on secure tunnels. • Internet Control Message Protocol (ICMP) redirect is not supported for IPSec-enabled tunnels. • Only a single secure tunnel will be allowed on a port. Non-secure tunnels will not be allowed on the same port as secure tunnels. • Modify operations are not allowed on secure tunnels. To change the configuration of a secure tunnel, you must first delete the tunnel and then recreate it with the desired options. • Only a single route is supported on an interface with a secure tunnel. • An IPSec tunnel cannot be created using the same local IP address if ipperf is active and using the same local IP address (source IP address). • Unidirectional supported throughput is approximately 104Mbytes/sec and bidirectional supported throughput is approximately 90Mbytes/sec. • An IPSec tunnel takes longer to come online than a non-IPSec tunnel. • Fabric OS 6.x does not support IPSec with VLAN tagging. • VLAN tagging support and IPSec support are mutually exclusive on a per-tunnel basis. • Fabric OS 6.x does not support compression for IPv6 FCIP Tunnels • Fabric OS 6.x does not support IPSec for IPv6 tunnels. Distance setting is not persistent. After a configuration uploads and downloads, distance settings will be lost, and the desired distance will be shown as 0. • If a Multi-protocol (MP) Router is present in the backbone fabric, the command fosconfig - disable fcr may take up to 8 minutes to complete. If the MP Router is replaced by a FR4-18i or 400 Multi-protocol Router, the command completes immediately. • EX_Port trunking is not enabled by default. • FCR switch does not support an edge fabric with one McDATA switch set to never principal. The EX_Port connected to that edge fabric will not come up. • FCR switch does not support edge fabrics that consist of McDATA switches with domain ID offset. The EX_Port connected to that edge fabric may fail the RDI process and not come up. EX_Ports come up disabled (fail to initialize in time) if attached to a Native mode switch running EOS 9.x that has non-default DID offset configured. • All offline diagnostics commands should be used only when the switch is disabled. • POST can fail if new SFPs are added during POST. SFPs should only be added while the switch is "online" or if the switch is powered off. • When you use the diagnostic commands systemVerification and diagSetBurnin, the switch or blade will fault when the burn-in error log is full. Clear the burn-in log before running systemVerification or diagSetBurnin. • If there are ISLs present on the switch that are not used for routing (due to them having higher linkcosts), disable the links before running spinfab. If there is an already segmented port and backbone devices are exported to an edge fabric, a build fabric / fabric reconfiguration can occur after running haFailover. Ensure that there are no segmented ports before upgrading firmware. HP StorageWorks Fabric OS 6.0.1a release notes 13