Users Guide
6
FIP Snooping
This chapter describes about the FIP snooping concepts and conguration procedures.
Supported Modes
Standalone, PMUX, VLT
Fibre Channel over Ethernet
Fibre Channel over Ethernet (FCoE) provides a converged Ethernet network that allows the combination of storage-area network
(SAN) and LAN trac on a Layer 2 link by encapsulating Fibre Channel data into Ethernet frames.
FCoE works with Ethernet enhancements provided in data center bridging (DCB) to support lossless (no-drop) SAN and LAN trac.
In addition, DCB provides exible bandwidth sharing for dierent trac types, such as LAN and SAN, according to 802.1p priority
classes of service. For more information, refer to the Data Center Bridging (DCB) chapter.
Ensuring Robustness in a Converged Ethernet Network
Fibre Channel networks used for SAN trac employ switches that operate as trusted devices. End devices log into the switch to
which they are attached in order to communicate with the other end devices attached to the Fibre Channel network. Because Fibre
Channel links are point-to-point, a Fibre Channel switch controls all storage trac that an end device sends and receives over the
network. As a result, the switch can enforce zoning congurations, ensure that end devices use their assigned addresses, and secure
the network from unauthorized access and denial-of-service attacks.
To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network, the Fibre Channel over Ethernet
initialization protocol (FIP) establishes virtual point-to-point links between FCoE end-devices (server ENodes and target storage
devices) and FCoE forwarders (FCFs) over transit FCoE-enabled bridges.
Ethernet bridges commonly provide access control list (ACLs) that can emulate a point-to-point link by providing the trac
enforcement required to create a Fibre Channel-level of robustness. In addition, FIP serves as a Layer 2 protocol to:
• Operate between FCoE end-devices and FCFs over intermediate Ethernet bridges to prevent unauthorized access to the
network and achieve the required security.
• Allow transit Ethernet bridges to eciently monitor FIP frames passing between FCoE end-devices and an FCF, and use the FIP
snooping data to dynamically congure ACLs on the bridge to only permit trac authorized by the FCF.
FIP enables FCoE devices to discover one another, initialize and maintain virtual links over an Ethernet network, and access storage
devices in a storage area network. FIP satises the Fibre Channel requirement for point-to-point connections by creating a unique
virtual link for each connection between an FCoE end-device and an FCF via a transit switch.
FIP provides a functionality for discovering and logging in to an FCF. After discovering and logging in, FIP allows FCoE trac to be
sent and received between FCoE end-devices (ENodes) and the FCF. FIP uses its own EtherType and frame format. The below
illustration about FIP discovery, depicts the communication that occurs between an ENode server and an FCoE switch (FCF).
FIP performs the following functions:
• FIP virtual local area network (VLAN) discovery: FCoE devices (Enodes) discover the FCoE VLANs on which to transmit and
receive FIP and FCoE trac.
72
FIP Snooping