HP A7533A HP StorageWorks Fabric OS 5.3.x administrator guide (5697-0244, Nove - Page 400
Disabling FC Fastwrite on a port, Tunneling and IPSec, Table 100 IPSec terminology
UPC - 829160830858
View all HP A7533A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 400 highlights
Disabling FC Fastwrite on a port To disable FC Fastwrite on a port, enter the following command. #portcfg fastwrite -disable Where is the slot in which the FR4-18i is installed. A slot number is not required for the 400 MP Router. Tunneling and IPSec Internet Protocol security (IPSec) uses cryptographic security to ensure private, secure communications over Internet Protocol networks. IPSec supports network-level data integrity, data confidentiality, data origin authentication, and replay protection. It helps secure your SAN against network-based attacks from untrusted computers, attacks that can result in the denial-of-service of applications, services, or the network, data corruption, and data and user credential theft. By default, when creating an FCIP tunnel, IPSec is disabled. FCIP tunneling with IPSec enabled will support maximum throughput as follows: • Unidirectional-approximately 104MB/sec • Bidirectional-approximately 90MB/sec Used to provide greater security in tunneling on an FR4-18i blade or a 400 MP Router, the IPSec feature does not require you to configure separate security for each application that uses TCP/IP. When configuring for IPSec, however, you must ensure that there is an FR4-18i blade or a 400 MP Router in each end of the FCIP tunnel. IPSec works on FCIP tunnels with or without IP compression (IPComp). IPSec requires an IPSec license in addition to the FCIP license. IPSec uses some terms that you should be familiar with before beginning your configuration. These are standardized terms, but are included here for your convenience. Table 100 IPSec terminology Term AES AES-XCBC AH DES 3DES ESP MD5 SHA Definition Advanced Encryption Standard. FIPS 197 endorses the Rijndael encryption algorithm as the approved AES for use by US Government organizations and others to protect sensitive information. It replaces DES as the encryption standard. Cipher Block Chaining. A key-dependent one-way hash function (MAC) used with AES in conjunction with the Cipher-Block-Chaining mode of operation, suitable for securing messages of varying lengths, such as IP datagrams. Authentication Header - like ESP, AH provides data integrity, data source authentication, and protection against replay attacks but does not provide confidentiality. Data Encryption Standard is the older encryption algorithm that uses a 56-bit key to encrypt blocks of 64-bit plain text. Because of the relatively shorter key length, it is not a secured algorithm and no longer approved for Federal use. Triple DES is a more secure variant of DES, it uses 3 different 56-bit keys to encrypt blocks of 64-bit plain text. The algorithm is FIPS-approved for use by Federal agencies. Encapsulating Security Payload is the IPSec protocol that provides confidentiality, data integrity and data source authentication of IP packets, and protection against replay attacks. Message Digest 5, like SHA-1, is a popular one-way hash function used for authentication and data integrity. Secure Hash Algorithm, like MD5, is a popular one-way hash function used for authentication and data integrity. 406 Configuring and monitoring FCIP tunneling