Administrator Guide
448 Fabric OS Administrator’s Guide
53-1002920-02
In-flight encryption and compression overview
16
The port speed values can be displayed through several commands, including portEncCompShow,
portShow, and switchShow.
You can change the port speed on any port that has encryption or compression enabled with the
portCfgSpeed command. If the capacity is available, the port is configured with the new speed. If
there is not enough capacity available, you cannot change the port speed.
Refer to “Setting port speeds” on page 94 for more information.
How in-flight encryption and compression are enabled
Encryption and compression capabilities and configurations from each end of the ISL are
exchanged during E_Port or EX_Port initialization. Capabilities and configurations must match,
otherwise port segmentation or disablement occurs.
If the port was configured for compression, then the compression feature is enabled.
If the port was configured for encryption, authentication is performed and the keys needed for
encryption are generated. The encryption feature is enabled if authentication is successful. If
authentication fails, then the ports are segmented.
ATTENTION
Any mismatch in configuration at either end of the IFL or authentication failure results in
segmentation or, in rare cases, the port being disabled.
The most common reasons for E_Port or EX_Port segmentation include the following situations:
• Port authentication fails.
• Encryption or compression configurations do not match at both ends.
For example, if at one end there is a switch that does not support encryption or compression,
the port will be disabled.
• An encryption or compression configuration is enabled but resources are not available, or
there are other failures preventing encryption or compression from being enabled.
• The number of available ports has reached the bandwidth limitation.
NOTE
If trunking is enabled, be aware that the ports creating the bandwidth limitation will form a
trunk group, while the rest of the ports will be segmented.
You can also decommission any port that has in-flight encryption and compression enabled. Refer
to “Port decommissioning” on page 92 for details on decommissioning ports.
Authentication and key generation for encryption and compression
The following points apply to authentication and key generation on the supported devices:
• Authentication and key generation only apply to ports that are configured for encryption. They
do not apply to ports that are only configured for compression.
• The in-flight encryption protocol supports the AES-GCM authenticated encryption block cipher
mode. A key, Initial Vector (IV), segment number, and salt are required to encrypt the data
before it is transmitted, and to decode the data after it is received on the other end of the link.