HP StorageWorks 4/32B HP StorageWorks Fabric OS 5.3.1 release notes (AA-RWEYI- - Page 13

Topic FC Routing Security Diagnostics HA IPSec for B-Series MP Router Blade (FR4-18i) Fabric Merge Description • If an HP StorageWorks MP Router is present in the backbone fabric, the command fcrDisable may take up to 8 minutes to complete. If the MP Router is replaced by a B-Series MP Router Blade (FR4-18i) or an HP StorageWorks 400 MP Router, the command completes immediately. • EX_Port trunking is not enabled by default. • FCR switch does not support an edge fabric with one McDATA switch set to 'never principal'. The EX_Port connected to that edge fabric will not come up. • FCR switch does not support edge fabrics that consist of McDATA switches with 'domain ID offset'. The EX_Port connected to that edge fabric may fail the RDI process and will not come up. EX_Ports come up disabled (failed to init in time) if attached to a Native mode switch running EOS 9.x that has non-default DID offset configured. • Device discovery may fail when an HBA uses the GA_NXT name server query to discover devices through an FCR switch since the query is mishandled by the FCR. Remove any password enforced expiration of admin or root accounts before downgrading firmware to 5.0.1 or earlier versions. • All offline diagnostics commands should be used only when the switch is disabled. • Installing new SFPs during POST may cause POST to fail. Install SFPs only when the switch is online or if the switch is powered off. • When you use the diagnostic commands systemVerification and diagSetBurnin, the switch or Blade faults when the burn-in error log is full. Clear the burn-in log before running systemVerification or diagSetBurnin. • If there ISLs reside on the switch that are not used for routing because they have higher link costs, disable the links before running spinfab. If there is an already segmented port and backbone devices are exported to an edge fabric, a build fabric/fabric reconfiguration can occur after running haFailover. Ensure that there no segmented port exist before upgrading firmware. • IPSec implementation details: • Pre-shared key • Main mode (IKE negotiation protocol) • Tunnel mode in Encapsulating Security Payload (ESP) • IPSec specific statistics not provided. • No NAT or IPV6 support • FastWrite and Tape Pipelining will not be supported in conjunction with secure tunnels. • Jumbo frames will not be supported on secure tunnels. • ICMP redirect is not supported for IPSec-enabled tunnels. • Only a single secure tunnel will be allowed on a port. Non-secure tunnels will not be allowed on the same port as secure tunnels. • Modify operations are not allowed on secure tunnels. To change the configuration of a secure tunnel, you must first delete the tunnel and then re-create it with the desired options. • Only a single route is supported on an interface with a secure tunnel. • An IPSec tunnel cannot be created using the same local IP address if ipperf is active and using the same local IP address (source IP address). • Unidirectional supported throughput is ~104Mbytes/sec and bidirectional supported throughput is ~90Mbytes/sec. • An IPSec tunnel takes longer to come online than a non-IPSec tunnel. Do not try to merge fabrics with conflicting domain IDs over a VE_Port. Before merging two fabrics over FC-IP with VE_Ports at each end, HP recommends that all domain ID and zoning conflicts be resolved. HP StorageWorks Fabric OS 5.3.1 release notes 13