Users Guide
NPIV Proxy Gateway Operation
Consider a sample scenario of NPG operation. An FX2 server chassis configured as an NPG does not join
a SAN fabric, but functions as an FCoE-FC bridge that forwards storage traffic between servers and core
SAN switches. The core switches forward SAN traffic to and from FC storage arrays.
An FX2 chassis FC port is configured as an N (node) port that logs in to an F (fabric) port on the upstream
FC core switch and creates a channel for N-port identifier virtualization. NPIV allows multiple N-port
fabric logins at the same time on a single, physical Fibre Channel link.
Converged Network Adapter (CNA) ports on servers connect to the FX2 chassis Ten-Gigabit Ethernet
ports and log in to an upstream FC core switch through the N port. Server fabric login (FLOGI) requests
are converted into fabric discovery (FDISC) requests before being forwarded to the FC core switch.
Servers use CNA ports to connect over FCoE to an Ethernet port in ENode mode on the NPIV proxy
gateway. FCoE transit with FIP snooping is automatically enabled and configured on the FX2 gateway to
prevent unauthorized access and data transmission to the SAN network. FIP is used by server CNAs to
discover an FCoE switch operating as an FCoE forwarder (FCF).
The NPIV proxy gateway aggregates multiple locally connected server CNA ports into one or more
upstream N port links, conserving the number of ports required on an upstream FC core switch while
providing an FCoE-to-FC bridging functionality. The upstream N ports on an FX2 can connect to the
same or multiple fabrics.
Using an FCoE map applied to downstream (server-facing) Ethernet ports and upstream (fabric-facing)
FC ports, you can configure the association between a SAN fabric and the FCoE VLAN that connects
servers over the NPIV proxy gateway to FC switches in the fabric. An FCoE map virtualizes the upstream
SAN fabric as an FCF to downstream CNA ports on FCoE-enabled servers as follows:
• As soon as an FC N port comes online (no shutdown command), the NPG starts sending FIP
multicast advertisements, which contain the fabric name derived from the 64-bit worldwide name
(WWN) of the principal SAN switch. (The principal switch in a fabric is the FC switch with the lowest
domain ID.)
• When you apply the FCoE map to a server-facing Ethernet port in ENode mode, ACLs are
automatically configured to allow only FCoE traffic from servers that perform a successful FLOGI on
the FC switch. All other traffic on the VLAN is denied.
You can specify one or more upstream N ports in an FCoE map. The FCoE map also contains the VLAN
ID of the dedicated VLAN used to transmit FCoE traffic between the SAN fabric and servers.
NPIV Proxy Gateway: Protocol Services
The Aggregator with the NPG provides the following protocol services:
• Fibre Channel service to create N ports and log in to an upstream FC switch.
• FCoE service to perform:
– Virtualization of FC N ports on an NPG so that they appear as FCoE FCFs to downstream servers.
– NPIV service to perform the association and aggregation of FCoE servers to upstream F ports on
core switches (through N ports on the NPG). Conversion of server FLOGIs and FDISCs, which are
NPIV Proxy Gateway
305