HP StorageWorks 8/40 HP StorageWorks Fabric OS 5.2.x administrator guide (5697 - Page 371
Port Numbering on the 400 MP Router, MP Router port numbering, Tunneling and IPSec
View all HP StorageWorks 8/40 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 371 highlights
Port Numbering on the 400 MP Router You do not need to specify slot numbers for the 400 MP Router. Refer to the GbE ports as ge0 and ge1, and the Fibre Channel ports are numbered 0 through 15. Moving from left to right on the front of the chassis, the sixteen Fibre Channel ports, followed by the 2 GbE ports. You manage the SilkWorm 7500 as if it had 32 Fibre Channel ports (16 standard Fibre Channel ports, and 16 virtual Fibre Channel Ports) and 2 GbE ports. Specify port addresses using the slot and port numbers. For example, to disable VE_Port 18 on slot 1, use portDisable 1/18. To disable GbE port 1 on slot 1, use portDisable 1/ge1. FC0 Figure 29 400 MP Router port numbering Tunneling and IPSec FC15 GbE0 GbE1 Internet Protocol security (IPSec) uses cryptographic security to ensure private, secure communications over Internet Protocol networks. IPSec supports network-level data integrity, data confidentiality, data origin authentication, and replay protection. It helps secure your SAN against network-based attacks from untrusted computers, attacks that can result in the denial-of-service of applications, services, or the network, data corruption, and data and user credential theft. By default, when creating an FCIP tunnel, IPSec is disabled. FCIP tunneling with IPSec enabled will support maximum throughput as follows: • Unidirectional-approximately 104MB/sec • Bidirectional-approximately 90MB/sec Used to provide greater security in tunneling on an FR4-18i blade or a 400 MP Router, the IPSec feature does not require you to configure separate security for each application that uses TCP/IP. When configuring for IPSec, however, you must ensure that there is an FR4-18i blade or a 400 MP Router 7500 in each end of the FCIP tunnel. IPSec works on FCIP tunnels with or without IP compression (IPComp). IPSec requires an IPSec license in addition to the FCIP license. IPSec uses some terms that you should be familiar with before beginning your configuration. These are standardized terms, but are included here for your convenience. Table 90 IPSec terminology Term AES AES-XCBC AH DES Definition Advanced Encryption Standard. FIPS 197 endorses the Rijndael encryption algorithm as the approved AES for use by US Government organizations and others to protect sensitive information. It replaces DES as the encryption standard. Cipher Block Chaining. A key-dependent one-way hash function (MAC) used with AES in conjunction with the Cipher-Block-Chaining mode of operation, suitable for securing messages of varying lengths, such as IP datagrams. Authentication Header - like ESP, AH provides data integrity, data source authentication, and protection against replay attacks but does not provide confidentiality. Data Encryption Standard is the older encryption algorithm that uses a 56-bit key to encrypt blocks of 64-bit plain text. Because of the relatively shorter key length, it is not a secured algorithm and no longer approved for Federal use. Fabric OS 5.2.x administrator guide 371