HP StorageWorks Fabric OS 5.2.3 Release Notes (AA-RWEYD-TE, November 2007)

ManualsBrandsHP ManualsComputer AccessoriesHP B-series 48-80 Port SAN Switch Server Application Optimization LTU

Secur ity

Removeanypasswordenforcedexpirationofadmin or root accounts before

downgrading ﬁrmw ar e to 5.0.1 or earlier versions.

Diagnostics

• All ofﬂine diag

nostics commands should be used only when the switch

is disabled.

• POST can fail i

f new SFPs are added during POST. SFPs should be added

only while the switch is online or if the switch is powered off.

• When you use the diagnostic comma nds systemVerification and

diagSetBur

nin, the switch or blade faults when the burn-in error log

is full. Clear th e burn-in log before running systemVerification or

diagSetBurnin.

• If there are ISLs present on the switch that are not used for routing because

they have h

igher link costs, disable the links before running spinfab.

If there is an already segmented por t and backbone devices are exported to

an edge fabric, a build fabric/fabric reconﬁguration can occur after running

haFailover. Ensurethattherearenosegmentedportsbeforeupgrading

ﬁrmware.

IPSec for B-Series MP Router

Blade (FR 4–18i)

• IPSec implementation details:

•Pre-sharedkey

• Main mode (IKE negotiation protocol)

• Tunnel mo de in Encapsulating Securi ty Payload (ESP)

• IPSec speciﬁc statistics not provided.

• No NAT or IPV6 support

• FastWrite and Tape Pipelining will not be s upported in conjunction with

secure tunnels.

• Jumbo frames will not be supported on secure tunnels.

• ICMP redirect is not supported for IPSec-enabled tunnels.

• Onlyasinglesecuretunnelwillbeallowedonaport.Non-securetunnels

will not be allowed on the same port as secure tunnels.

• Modify operations are not allowed on secure tunnels. To change the

conﬁguration of a secure tunnel, you must ﬁrst delete the tunnel and then

re-create it with the desired options.

• Onlyasinglerouteissupportedonaninterfacewithasecuretunnel.

• An IPSec tunnel cannot be cre ated using the same local IP address if ipperf

is active and using the same local IP address ( source IP address).

• Unidirectional supported throughput is ~104Mbytes/sec and bidirectional

supported throughput is ~90Mbytes/sec.

• An IPSec tunnel takes longer to come online than a non-IPSec tunnel.

• User is not informed with the IPSec mismatch RAS event when conﬁguring

a tunnel with IPSec mismatch on either ends.

Fabric Merge

Do not try to merge fabrics with conﬂicting domain IDs over a VE_P ort. Before

merging two fabrics over FC-IP with VE_Ports at each end, HP recommends

that all domain ID and zoning conﬂicts be resolved.

Scalability

• Support for Default Zoning policies has been added to Fabric OS 5.1.0.

Typically, when you issue the cfgDisable command in a large fabric

with thousands of devices, the name server indicates to all hosts that they

can communicate with each other. To ensure that all devices in a fabric do

not see each other during a cfgDisable operation, you can activate a

Default Zone with policy set to no access. If Default zoning policies are

enabled, all cfgEnable /disable commands and zoning changes must

be run from a switch in the fabric running Fabric OS 5.1.0/5.2.0a.

• In large fabrics with more than 1,000 por ts, HP recommends that the MS

Platform Database be disabled. The Platform D B must also be disabled

before downgrading to earlier versions of Fabric OS. This can be done

using the msPLMgmtDeactivate command.

FRU insertion

The FW_FRU_INSERTED message is displayed twice when a power supply

FRU is inserted and powered on. There is no functional impact.

HP StorageWorks Fabric OS 5.2.3 release notes