公开(公告)号：US09246743B2

公开(公告)日：2016-01-26

申请号：US13965610

申请日：2013-08-13

Applicant: Cisco Technology, Inc.

Inventor： Silvano Gai ,  Claudio Desanti ,  Marco Di Benedetto

IPC: H04L29/08 ,  H04L12/46 ,  H04L12/931

CPC classification number: H04L29/08702 ,  H04L12/462 ,  H04L49/351 ,  H04L49/357 ,  H04L49/602

Abstract: In one embodiment, a Fibre Channel over Ethernet (FCoE) proxy point (FPP) that is connected to one or more end-point devices is coupled to one or more other FPPs, and to a FCoE control and management plane (F-CMP) server. The FPP provides data plane functionality. The F-CMP server provides control plane functionality. At least some control and management traffic received at the FPP is proxied between the F-CMP server and the one or more end point devices connected to the FPP. FCoE traffic received at the FPP from the one or more end point devices connected to the FPP is transmitted to the one or more other FPPs without the FCoE traffic traversing the F-CMP server. The transmitting is performed by data plane functionality of the FPP operating under directions from the control plane functionality of the F-CMP server.

Abstract translation: 在一个实施例中，连接到一个或多个端点设备的光纤以太网通道（FCoE）代理点（FPoE）被耦合到一个或多个其他FPP，并耦合到FCoE控制和管理平面（F-CMP） 服务器。 FPP提供数据平面功能。 F-CMP服务器提供控制平面功能。 在F-CMP服务器和连接到FPP的一个或多个端点设备之间，代理了在FPP处接收的至少一些控制和管理流量。 从连接到FPP的一个或多个端点设备在FPP处接收到的FCoE流量被发送到一个或多个其他FPP，而FCoE流量不经过F-CMP服务器。 通过在来自F-CMP服务器的控制平面功能的方向上操作的FPP的数据平面功能执行发送。

公开(公告)号：US20150085867A1

公开(公告)日：2015-03-26

申请号：US14559415

申请日：2014-12-03

Applicant: Cisco Technology, Inc.

Inventor： Claudio Desanti ,  Silvano Gai

IPC: H04L12/721 ,  H04L12/741

CPC classification number: H04L45/44 ,  H04L45/74 ,  H04L49/357

Abstract: A distributed Fiber Channel over Ethernet (FCoE) Forwarder (FCF) and a distributed Fibre Channel Switch are described. The Distributed FCF is realized by instantiating respective connections between at least one Controlling FCF and a plurality of FCoE Data-Plane Forwarder (FDF) devices and between individual FDF devices. The Distributed FC Switch is realized by instantiating respective connections between at least one Controlling Switch and a plurality of FC Data-Plane Forwarder (FCDF) devices and between individual FCDF devices.

Abstract translation: 描述了分布式以太网光纤通道（FCoE）转发器（FCF）和分布式光纤通道交换机。 分布式FCF通过实例化至少一个控制FCF和多个FCoE数据平面转发器（FDF）设备之间以及各个FDF设备之间的相应连接来实现。 分布式FC交换机通过实例化至少一个控制交换机和多个FC数据平面转发器（FCDF）设备之间以及各个FCDF设备之间的相应连接来实现。

公开(公告)号：US10298595B2

公开(公告)日：2019-05-21

申请号：US14570902

申请日：2014-12-15

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Marco Di Benedetto ,  Claudio Desanti

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: Methods and apparatus are provided for improving both node-based and message-based security in a fiber channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fiber channel network entities into a fiber channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fiber channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.

公开(公告)号：US09871864B2

公开(公告)日：2018-01-16

申请号：US15337061

申请日：2016-10-28

Applicant: Cisco Technology, Inc.

Inventor： Claudio Desanti

IPC: G06F15/173 ,  H04L29/08 ,  H04L29/06 ,  G06F3/06 ,  H04L12/24 ,  H04L12/931

CPC classification number: H04L67/1097 ,  G06F3/06 ,  H04L29/06 ,  H04L41/00 ,  H04L49/00 ,  H04L67/1044

Abstract: Techniques are provided for the creation of a peer zone definition for use in a Fibre Channel (FC) Fabric. The peer zone definition defines a peer zone in which two or more initiator host devices are each permitted to communicate with a target device, but the two or more initiator host devices are prevented from communicating with each other. In accordance with one example, a target device and of two or more initiator host devices connected to the FC Fabric are received. A peer zone definition is created, and the peer zone definition is transmitted to the switches composing the FC Fabric for enforcement.

公开(公告)号：US20130329743A1

公开(公告)日：2013-12-12

申请号：US13965610

申请日：2013-08-13

Applicant: Cisco Technology, Inc.

Inventor： Silvano Gai ,  Claudio Desanti ,  Marco Di Benedetto

IPC: H04L29/08

CPC classification number: H04L29/08702 ,  H04L12/462 ,  H04L49/351 ,  H04L49/357 ,  H04L49/602

Abstract: In one embodiment, a Fibre Channel over Ethernet (FCoE) proxy point (FPP) that is connected to one or more end-point devices is coupled to one or more other FPPs, and to a FCoE control and management plane (F-CMP) server. The FPP provides data plane functionality. The F-CMP server provides control plane functionality. At least some control and management traffic received at the FPP is proxied between the F-CMP server and the one or more end point devices connected to the FPP. FCoE traffic received at the FPP from the one or more end point devices connected to the FPP is transmitted to the one or more other FPPs without the FCoE traffic traversing the F-CMP server. The transmitting is performed by data plane functionality of the FPP operating under directions from the control plane functionality of the F-CMP server.

Abstract translation: 在一个实施例中，连接到一个或多个端点设备的光纤以太网通道（FCoE）代理点（FPoE）被耦合到一个或多个其他FPP，并耦合到FCoE控制和管理平面（F-CMP） 服务器。 FPP提供数据平面功能。 F-CMP服务器提供控制平面功能。 在F-CMP服务器和连接到FPP的一个或多个端点设备之间，代理了在FPP处接收的至少一些控制和管理流量。 从连接到FPP的一个或多个端点设备在FPP处接收到的FCoE流量被发送到一个或多个其他FPP，而FCoE流量不经过F-CMP服务器。 通过在来自F-CMP服务器的控制平面功能的方向上操作的FPP的数据平面功能执行发送。

公开(公告)号：US20140259000A1

公开(公告)日：2014-09-11

申请号：US13785520

申请日：2013-03-05

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Claudio Desanti ,  Joe Pelissier

IPC: G06F9/445

CPC classification number: G06F8/65

Abstract: An upgrade process is provided to upgrade first and second switches in a converged network handling storage area network traffic and data network traffic, in which the first and second switches are coupled to a host, e.g., a Fibre Channel over Ethernet (FCoE) via distributed network links, e.g., Virtual PortChannel links or Distributed Resilient Interconnect (DRNI) links. The first switch is isolated from the host so that all distributed network links traffic associated with the host is transferred to the second switch. The firmware of the first switch is upgraded while all distributed network links traffic associated with the host is handled by the second switch. The firmware of the second switch is upgraded is a similar manner while all distributed network links traffic associated with the host is handled by the first switch.

Abstract translation: 提供升级过程来升级处理存储区域网络业务和数据网络流量的融合网络中的第一和第二交换机，其中第一和第二交换机通过分布式（例如，以太网光纤通道（FCoE））耦合到主机 网络链路，例如虚拟端口通道链路或分布式弹性互连（DRNI）链路。 第一个交换机与主机隔离，以便将与主机相关联的所有分布式网络链路流量传输到第二个交换机。 升级第一交换机的固件，而所有分布式网络链路与主机相关联的流量由第二交换机处理。 升级第二交换机的固件是类似的方式，而与主机相关联的所有分布式网络链路流量由第一交换机处理。

公开(公告)号：US20170048322A1

公开(公告)日：2017-02-16

申请号：US15337061

申请日：2016-10-28

Applicant: Cisco Technology, Inc.

Inventor： Claudio Desanti

IPC: H04L29/08

CPC classification number: H04L67/1097 ,  G06F3/06 ,  H04L29/06 ,  H04L41/00 ,  H04L49/00 ,  H04L67/1044

Abstract: Techniques are provided for the creation of a peer zone definition for use in a Fibre Channel (FC) Fabric. The peer zone definition defines a peer zone in which two or more initiator host devices are each permitted to communicate with a target device, but the two or more initiator host devices are prevented from communicating with each other. In accordance with one example, a target device and of two or more initiator host devices connected to the FC Fabric are received. A peer zone definition is created, and the peer zone definition is transmitted to the switches composing the FC Fabric for enforcement.

Abstract translation: 提供技术用于创建用于光纤通道（FC）结构中的对等区域定义。 对等区域定义定义对等区域，其中每个允许两个或多个发起者主机设备与目标设备通信，但是两个或更多个启动器主机设备被阻止彼此通信。 根据一个示例，接收目标设备和连接到FC Fabric的两个或更多个启动器主机设备。 创建对等域定义，并将对等域定义发送到组成FC Fabric的交换机进行强制执行。

公开(公告)号：US09515922B2

公开(公告)日：2016-12-06

申请号：US14559415

申请日：2014-12-03

Applicant: Cisco Technology, Inc.

Inventor： Claudio Desanti ,  Silvano Gai

IPC: H04L12/721 ,  H04L12/741 ,  H04L12/931

CPC classification number: H04L45/44 ,  H04L45/74 ,  H04L49/357

Abstract: A distributed Fiber Channel over Ethernet (FCoE) Forwarder (FCF) and a distributed Fiber Channel Switch are described. The Distributed FCF is realized by instantiating respective connections between at least one Controlling FCF and a plurality of FCoE Data-Plane Forwarder (FDF) devices and between individual FDF devices. The Distributed FC Switch is realized by instantiating respective connections between at least one Controlling Switch and a plurality of FC Data-Plane Forwarder (FCDF) devices and between individual FCDF devices.

Abstract translation: 描述了分布式以太网光纤通道（FCoE）转发器（FCF）和分布式光纤通道交换机。 分布式FCF通过实例化至少一个控制FCF和多个FCoE数据平面转发器（FDF）设备之间以及各个FDF设备之间的相应连接来实现。 分布式FC交换机通过实例化至少一个控制交换机和多个FC数据平面转发器（FCDF）设备之间以及各个FCDF设备之间的相应连接来实现。

公开(公告)号：US20150101029A1

公开(公告)日：2015-04-09

申请号：US14570902

申请日：2014-12-15

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Marco Di Benedetto ,  Claudio Desanti

IPC: H04L29/06

CPC classification number: H04L63/123 ,  H04L9/0838 ,  H04L9/3239 ,  H04L63/12

Abstract: Methods and apparatus are provided for improving both node-based and message-based security in a fibre channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fibre channel network entities into a fibre channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fibre channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.

Abstract translation: 提供了用于改进光纤通道网络中的基于节点和基于消息的安全性的方法和装置。 可以将实体认证和密钥交换服务的实体包括在用于将光纤信道网络实体引入光纤信道结构的现有初始化消息中，或者通过已经初始化的通信信道交换的特定消息。 可以使用认证和密钥交换服务来激活每消息认证和加密机制。 在光纤通道网络实体之间通过的消息可以使用在认证序列期间提供的信息进行加密和认证。 可以实现诸如每消息认证，机密性，完整性保护和反重放保护等安全服务。