HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.1.x administrator guide (5697 - Page 379

IPSec concepts and implementation over FCIP

Get HP StorageWorks 8/80 - SAN Switch PDF manuals and user guides View all HP StorageWorks 8/80 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 379 highlights

Table 86 shows the default mapping of DSCP priorities to L2Cos priorities per tunnel ID. This may be helpful when consulting with the network administrator. These values may be modified per FCIP tunnel. Table 86 Default Mapping of DSCP priorities to L2Cos Priorities Virtual CIrcuit DSCP priority/bits (VC) L2CoS priority/bits Assigned to: 0 46 / 101110 7 / 111 Class F 1 7 / 000111 1 / 001 Medium QoS 2 11 / 001011 3 / 011 3 15 / 001111 3 / 011 4 19 / 010011 3 / 011 Medium QoS Medium QoS Medium QoS 5 23 / 010111 3 / 011 Medium QoS 6 27 / 011011 0 / 000 Class 3 Multicast 7 31 / 011111 0 / 000 Broadcast/Multicast 8 35 / 100011 0 / 000 9 39 / 100111 0 / 000 10 43 / 101011 4 / 100 Low Qos Low Qos High QoS 11 47 / 101111 4 / 100 High QoS 12 51 / 110011 4 / 100 High QoS 13 55 / 110111 4 / 100 High QoS 14 59 / 111011 4 / 100 High QoS 15 63 / 111111 0 / 000 - IPSec concepts and implementation over FCIP Internet Protocol security (IPSec) uses cryptographic security to ensure private, secure communications over Internet Protocol networks. IPSec supports network-level data integrity, data confidentiality, data origin authentication, and replay protection. It helps secure your SAN against network-based attacks from untrusted computers, attacks that can result in the denial-of-service of applications, services, or the network, data corruption, and data and user credential theft. By default, when creating an FCIP tunnel, IPSec is disabled. Used to provide greater security in tunneling on an FR4-18i blade or a 400 Multi-protocol Router , the IPSec feature does not require you to configure separate security for each application that uses TCP/IP. When configuring for IPSec, however, you must ensure that there is an FR4-18i blade or a 400 Multi-protocol Router at each end of the FCIP tunnel. IPSec works on FCIP tunnels with or without IP compression (IPComp), FCIP fastwrite, and tape pipelining. IPSec requires an IPSec license in addition to the High-Performance Extension over FCIP/FC license. Fabric OS 6.1.x administrator guide 379

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
  • 457
  • 458
  • 459
  • 460
  • 461
  • 462
  • 463
  • 464
  • 465
  • 466
  • 467
  • 468
  • 469
  • 470
  • 471
  • 472
  • 473
  • 474
  • 475
  • 476
  • 477
  • 478
  • 479
  • 480
  • 481
  • 482
  • 483
  • 484
  • 485
  • 486
  • 487
  • 488
  • 489
  • 490
  • 491
  • 492
Fabric OS 6.1.x administrator guide
379
Table 86
shows the default mapping of DSCP priorities to L2Cos priorities per tunnel ID. This may be
helpful when consulting with the network administrator. These values may be modified per FCIP tunnel.
IPSec concepts and implementation over FCIP
Internet Protocol security (IPSec) uses cryptographic security to ensure private, secure communications over
Internet Protocol networks. IPSec supports network-level data integrity, data confidentiality, data origin
authentication, and replay protection. It helps secure your SAN against network-based attacks from
untrusted computers, attacks that can result in the denial-of-service of applications, services, or the network,
data corruption, and data and user credential theft. By default, when creating an FCIP tunnel, IPSec is
disabled.
Used to provide greater security in tunneling on an FR4-18i blade or a 400 Multi-protocol Router , the
IPSec feature does not require you to configure separate security for each application that uses TCP/IP.
When configuring for IPSec, however, you must ensure that there is an FR4-18i blade or a 400
Multi-protocol Router at each end of the FCIP tunnel. IPSec works on FCIP tunnels with or without IP
compression (IPComp), FCIP fastwrite, and tape pipelining.
IPSec requires an IPSec license in addition to the
High-Performance Extension over FCIP/FC license.
Table 86
Default Mapping of DSCP priorities to L2Cos Priorities
Virtual CIrcuit
(VC)
DSCP priority/bits
L2CoS priority/bits
Assigned to:
0
46 / 101110
7 / 111
Class F
1
7 / 000111
1 / 001
Medium QoS
2
11 / 001011
3 / 011
Medium QoS
3
15 / 001111
3 / 011
Medium QoS
4
19 / 010011
3 / 011
Medium QoS
5
23 / 010111
3 / 011
Medium QoS
6
27 / 011011
0 / 000
Class 3 Multicast
7
31 / 011111
0 / 000
Broadcast/Multicast
8
35 / 100011
0 / 000
Low Qos
9
39 / 100111
0 / 000
Low Qos
10
43 / 101011
4 / 100
High QoS
11
47 / 101111
4 / 100
High QoS
12
51 / 110011
4 / 100
High QoS
13
55 / 110111
4 / 100
High QoS
14
59 / 111011
4 / 100
High QoS
15
63 / 111111
0 / 000
-