Administrator Guide

FIP Snooping

The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit,

the switch functions as a FIP snooping bridge.

NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a switch stack.

Topics:

• Fibre Channel over Ethernet

• Ensure Robustness in a Converged Ethernet Network

• FIP Snooping on Ethernet Bridges

• FIP Snooping in a Switch Stack

• Using FIP Snooping

• Displaying FIP Snooping Information

• FCoE Transit Conguration Example

Fibre Channel over Ethernet

FCoE provides a converged Ethernet network that allows the combination of storage-area network (SAN) and LAN trac on a Layer 2 link

by encapsulating Fibre Channel data into Ethernet frames.

FCoE works with the Ethernet enhancements provided in data center bridging (DCB) to support lossless (no-drop) SAN and LAN trac. In

addition, DCB provides exible bandwidth sharing for dierent trac types, such as LAN and SAN, according to 802.1p priority classes of

service. DCBx should be enabled on the system before the FIP snooping feature is enabled. For more information, refer to the Data Center

Bridging (DCB) chapter.

Ensure Robustness in a Converged Ethernet Network

Fibre Channel networks used for SAN trac employ switches that operate as trusted devices. To communicate with other end devices

attached to the Fibre Channel network, end devices log into the switch to which they are attached.

Because Fibre Channel links are point-to-point, a Fibre Channel switch controls all storage trac that an end device sends and receives

over the network. As a result, the switch can enforce zoning congurations, ensure that end devices use their assigned addresses, and

secure the network from unauthorized access and denial-of-service (DoS) attacks.

To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network, FIP establishes virtual point-to-point links

between FCoE end-devices (server ENodes and target storage devices) and FCoE forwarders (FCFs) over transit FCoE-enabled bridges.

Ethernet bridges commonly provide ACLs that can emulate a point-to-point link by providing the trac enforcement required to create a

Fibre Channel-level of robustness. You can congure ACLs to emulate point-to-point links, providing control over the trac received or

transmitted into the switch. To automatically generate ACLs, use FIP snooping. In addition, FIP serves as a Layer 2 protocol to:

• Operate between FCoE end-devices and FCFs over intermediate Ethernet bridges to prevent unauthorized access to the network and

achieve the required security.

• Allow transit Ethernet bridges to eciently monitor FIP frames passing between FCoE end-devices and an FCF. To dynamically

congure ACLs on the bridge to only permit trac authorized by the FCF, use the FIP snooping data.

322 FIP Snooping