Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)
312 Fabric OS Administrator’s Guide
53-1002148-02
In-flight encryption and compression overview
14
The encryption and compression features are designed to work only with E_Ports. Encryption and
compression are also compatible with the following features:
• E_Ports with trunking, QoS, or long distance features enabled.
• Flow control modes R_RDY, VC_RDY, and EXT_VC_RDY.
• XISL ports in VF mode.
• FCP data frames and non FCP data frames except ELS and BLS frames.
FCP data frames are of Type=0x8. For encryption, R_CTL=0x1 and R_CTL=0x4 are supported.
For compression, only R_CTL=0x1 is supported.
Non FCP data frames are of Type != 0x8. Non FCP frames with ELS/BLS (R_CTL==0x2 ||
R_CTL== 0x8) are not supported.
No license is needed to configure and enable in-flight encryption or compression.
Encryption and compression restrictions
• No more than two ports on one chip can be configured with encryption, compression, or both.
This restriction equates to a maximum of four ports per FC16-32 or FC 16-48 blade, or two
ports per Brocade 6510 switch.
• The number of ports in a trunk is limited to two ports when encryption or compression is
enabled for the trunk.
• Ports must be 16 Gbps capable, although port speed can be any configurable value.
• The devices at either end of the ISL must run Fabric OS 7.0.0 or later software.
• Only E_Ports are supported.Although VE_Ports, VEX_Ports, EX_Ports, GE ports, FCoE ports,
F_Ports, F_Port trunks, ICL ports, and D_Ports cannot be configured for encryption or
compression, they can exist along the I/O path.
• The encryption feature is not supported in FIPS mode. In-flight encryption is not FIPS
compliant.
• Network Advisor does not support encryption or compression.
• Port mirroring through any encryption-enabled port or compression-enabled port is not
supported.
How encryption and compression are enabled
This feature provides encryption and decryption or compression and decompression between two
E_Ports across an ISL. You can enable encryption, compression, or encryption and compression on
an E_Port on a per port basis. By default, this feature is disabled on all ports on a switch.
Encryption and compression capabilities and configurations from each end of the ISL are
exchanged during E_Port initialization. Capabilities and configurations must match, otherwise port
segmentation or disablement occurs. If the port was configured for compression, then the
compression feature is enabled.
If the port was configured for encryption, authentication is performed and the keys needed for
encryption are generated. The encryption feature is enabled if authentication is successful. If
authentication fails, then the ports will be segmented.