Manualshelf

HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, December 2009)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B SAN Switch
381382383384385386387388389390
388 Configuring and monitoring FCIP extension services
When both DSCP and L2CoS are used
If an FCIP tunnel is not VLAN tagged, only DSCP is relevant. If the FCIP tunnel is VLAN tagged, both DSCP
and L2CoS are relevant, unless the VLAN is end-to-end, with no intermediate hops in the IP network.
Table 85 shows the default mapping of DSCP priorities to L2Cos priorities per tunnel ID. This may be
helpful when consulting with the network administrator. These values may be modified per FCIP tunnel.
IPSec implementation over FCIP
Internet Protocol security (IPSec) uses cryptographic security to ensure private, secure communications over
Internet Protocol networks. IPSec supports network-level data integrity, data confidentiality, data origin
authentication, and replay protection. It helps secure your SAN against network-based attacks from
untrusted computers, attacks that can result in the denial-of-service of applications, services, or the network,
data corruption, and data and user credential theft. By default, when creating an FCIP tunnel, IPSec is
disabled.
Used to provide greater security in tunneling on an FR4-18i blade or a 400 Multi-protocol Router, the IPSec
feature does not require you to configure separate security for each application that uses TCP/IP. When
configuring for IPSec, however, you must ensure that there is an FR4-18i blade or a 400 Multi-protocol
Router at each end of the FCIP tunnel. IPSec works on FCIP tunnels with or without IP compression
(IPComp), FCIP fastwrite, and tape pipelining. IPsec can be created only on tunnels using IPv4 addressing.
IPSec requires the High-Performance Extension over FCIP/FC license.
Table 85 Default Mapping of DSCP priorities to L2Cos Priorities
Virtual CIrcuit
(VC)
DSCP priority/bits L2CoS priority/bits Assigned to:
0 4 6 / 1 0111 0 7 / 111 C l a s s F
1 7 / 000111 1 / 001 Medium QoS
2 11 / 001011 3 / 011 Medium QoS
3 15 / 0 01111 3 / 0 11 M e d i u m Q o S
4 19 / 010011 3 / 011 Medium QoS
5 23 / 010111 3 / 011 Medium QoS
6 27 / 011011 0 / 000 Class 3 Multicast
7 31 / 011111 0 / 0 0 0 B r o a d c a s t / M u l t i c a s t
8 35 / 100011 0 / 000 Low Qos
9 39 / 100111 0 / 000 Low Qos
10 43 / 101011 4 / 100 High QoS
11 4 7 / 10 1111 4 / 1 0 0 H i g h Q o S
12 51 / 11 0 011 4 / 1 0 0 H i g h Q o S
13 5 5 / 11 0 111 4 / 10 0 H i g h Q o S
14 59 / 111011 4 / 100 High QoS
15 6 3 / 111111 0 / 0 0 0 - -