Brocade Web Tools Administrator's Guide v6.0.0 (53-1000606-01, April 2008)

ManualsBrandsHP ManualsStorageBrocade BladeSystem 4/24 SAN Switch

211

212

213

214

215

216

217

218

219

220

198 Web Tools Administrator’s Guide

53-1000606-01

Understanding the FCIP Tunneling Service

FCIP-related features

Web Tools provides or supports these related features:

• A per-tunnel compression feature that allows the Fibre Channel data frames to be compressed

before they are sent over the tunnel as FCIP frames.

• Fastwrite, which is a feature that reduces the number of round-trip times required to complete

a SCSI write I/O and increases performance.

• Tape pipelining which reduces the number of round trip times required to complete a SCSI

write I/O and eliminates the sequential nature of the SCSI I/O.

• IKE/IPSec Policy, which is a framework of open standards to ensure private, secure

communications over IP networks through the use of cryptographic security services. IKE

(Internet Key Exchange) is the protocol used to set up a Security Association in the IPSec

protocol suite.

NOTE

You need an IPSec license to enable and use this feature.

IKE/IPSec

IKE/IPSec is not supported with the following protocols:

• IPv6

• ESP in transport mode

• NAT Traversal

Table 12 explains the fields and related choices to create an IKE/IPSec policy.

TABLE 12 IKE/IPSec Configuration Choices

Field Description Choices

Policy Type You can create either an IKE policy or an IPSec policy IKE

IPSec

Policy Number This parameter helps you keep track of the number of

policies you have created on your switch. You can

choose any number from 1 through 32. You can define

up to 32 IKE and 32 IPSec policies per switch.

1 through 32

Encryption Algorithm A mathematical procedure for performing encryption on

data. Through the use of an algorithm, information is

made into meaningless cipher text and requires the use

of a key to transform the data back into its original form.

3DES

AES-128

AES-256

Authentication Algorithm An encryption process or tool in which the results of text

encryption depend on all relevant authentication

elements.

SHA-1

MD5

AES-XCBC

Perfect Forward Secrecy

(PFS)

In an authenticated key agreement protocol that uses

public key cryptography, PFS is the property of

disclosure of the long-term secret keying material that is

used to derive an agreed ephemeral key that does not

compromise the secrecy of the agreed keys from earlier

runs.

IKE on/off

IPSec disabled