IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0894492
(2004-07-20)
|
등록번호 |
US-7466700
(2008-12-16)
|
발명자
/ 주소 |
- Dropps,Frank R.
- Gustafson,William J
- Papenfuss,Gary M.
|
출원인 / 주소 |
|
대리인 / 주소 |
Klein, O'Neill & Singh, LLP
|
인용정보 |
피인용 횟수 :
16 인용 특허 :
194 |
초록
▼
A method and system for implementing LUN based hard zoning in a fiber channel network is provided. A LUN field in a Fiber Channel SCSI command frame is compared with a list of LUNS that are allowed for a particular frame source; and the frame is forwarded if the LUN is allowed for the frame source.
A method and system for implementing LUN based hard zoning in a fiber channel network is provided. A LUN field in a Fiber Channel SCSI command frame is compared with a list of LUNS that are allowed for a particular frame source; and the frame is forwarded if the LUN is allowed for the frame source. The comparison is performed by a port receiving the frame by using an address look up table ("ALUT"). Hard zoning is based on various frame fields and/or ALUT control codes. Also provided is a method for processing a reply to a SCSI REPORT LUN command from an initiator. The method includes, intercepting a reply to a REPORT LUN command; editing the reply to remove unauthorized LUNs; and sending the edited reply to the initiator.
대표청구항
▼
What is claimed: 1. A method for processing frames using logical unit number (LUN) based hard zoning in a fibre channel network, comprising the steps of: (a) receiving a frame at a fibre channel port of a fibre channel switch element; (b) comparing a source identifier field in the frame using a loo
What is claimed: 1. A method for processing frames using logical unit number (LUN) based hard zoning in a fibre channel network, comprising the steps of: (a) receiving a frame at a fibre channel port of a fibre channel switch element; (b) comparing a source identifier field in the frame using a look up table having a plurality of entries; wherein based on a compare mask, one or more of a Domain value, an Area value and a port identifier value in the source identifier of the frame is compared with the plurality of look up table entries; (c) rejecting the frame if multiple entries in the look up table match the source identifier field in the frame; (d) rejecting the frame after a match is found in step (b) and if a control code has a first value and a LUN table address field has a first value, wherein the LUN table address field is interpreted based on the control code value; (e) transmitting the frame, after the source identifier field in the frame matches a look up table entry in step (b) and if the control code has the first value and the LUN address field has a second value, which identifies a valid LUN; (f) using a LUN value in the frame to index a LUN bit map table, if (i) the frame is an FCP_CMD, (ii) the control code has the second value and (iii) the source identifier field in the frame matches a look up table entry; and if an entry in the LUN bitmap table corresponding to the LUN value in the frame is set, then the frame is accepted, otherwise, the frame is rejected; and (g) transmitting the frame (i) if the frame is a non_FCP_CMND, (ii) if the source identifier field in the frame matches a look up table entry and (iii) if the control code has the second value. 2. The method of claim 1, wherein if the frame is rejected, then the rejected frame is disposed based on a programmable policy that is established by a user. 3. The method of claim 1, wherein the look up table for comparing the source identifier is an address look up table ("ALUT"). 4. The method of claim 3, wherein a frame's S_ID domain value is compared to ALUT entries during the comparison step. 5. The method of claim 2, wherein based on the programmable policy, a Class 3 fibre channel frame is either discarded or sent to a processor; a Class 2 Fibre Channel frame is sent to the processor; and a truncated frame without cyclic redundancy code (CRC) and end of frame (EOF) delimiter is sent to the processor so that a reject primitive is sent to acknowledge the frame. 6. The method of claim 1, wherein a first counter counts a number of hard zoning violation. 7. The method of claim 6, wherein a second counter is used to count the number of Class 3 frames that are discarded due to hard zoning violations. 8. The method of claim 7, wherein the frame is discarded regardless of a frame rejection policy if the control code has the first value ant the LUN address field has the first value, such that the first counter and the second counter values are not incremented as a measure against a denial of service attack. 9. A Fibre Channel switch element for processing Fibre Channel frames using logical unit number (LUN) based hard zoning, comprising: a port for receiving a frame with a source identifier; an address look up table (ALUT) storing a plurality of entries for routing the frame; and a compare module using a compare mask for comparing one or more of a Domain value; an Area value and a port identifier value in a source identifier in the received frame with an ALUT entry; wherein (a) the frame is rejected if multiple entries in the ALUT match the source identifier field in the frame; (b) the frame is rejected if a control code has a first value and a LUN table address field has a first value; where the control code value is used for interpreting the LUN table address field,(c) the frame is transmitted, after the source identifier field in the frame matches an ALUT entry and if the control code has the first value and the LUN address field has a second value; and (d) the frame is transmitted if the frame in a non_FCP_CMND, the source identifier field in the frame matches an ALUT entry and the control code has the second value; and wherein a LUN value in the frame is used to index a LUN bit map table, if (a) the frame is an FCP_CMD, (b) the control code has the second value and (c) the source identifier field in the frame matches a look up table entry and if an entry in the LUN bitmap table corresponding to the LUN value in the frame is set, then the frame is accepted, otherwise, the frame is rejected. 10. The switch element of claim 9, wherein if the frame is rejected, then the rejected frame is disposed based on a programmable policy that is established by a user. 11. The switch element of claim 9, wherein a frame's S_ID domain value is compared to entries stored in the ALUT. 12. The switch element of claim 10, wherein based on the programmable policy, a Class 3 fibre channel frame is either discarded or sent to processor; a Class 2 Fibre Channel frame is sent to the processor; and a truncated frame without cyclic redundancy code (CRC) and end of frame (EOF) delimiter is sent to the processor so that a reject primitive is sent to acknowledge the frame. 13. The switch element of claim 9, wherein a first counter counts a number of hard zoning violations. 14. The switch element of claim 13, wherein a second counter is used to count the number of Class 3 frames that are discarded due to hard zoning violations. 15. The switch element of claim 14, wherein the frame is discarded regardless of frame rejection policy if the control code has the first value and the LUN address field has the first value, such that the first counter and the second counter values are not incremented as a measure against a denial of service attack. 16. The method of claim 3, wherein based on an ALUT control code value frame is tossed. 17. The method of claim 3, wherein based on an ALUT control code value access is allowed to all LUNs. 18. The method of claim 3, wherein based on an ALUT control code value LUN compare is performed. 19. The switch element of claim 9, wherein based on an ALUT control code value a frame is tossed. 20. The switch element of claim 9, wherein based on an ALUT control code value access is allowed to all LUNs. 21. The switch element of claim 9, wherein based on an ALUT control code value LUN compare is performed. 22. The method of claim 1, wherein hard-zoning is performed based on a frame's S_ID value when a frame does not include LUN information. 23. The switch element of claim 9, wherein hard-zoning is performed based on a frame's S_ID value when frame does not include LUN information. 24. The method of claim 1, wherein hard-zoning is based on a frame field. 25. The switch element of claim 9, wherein hard-zoning is based on a frame field.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.