Method and apparatus for reliably and asymmetrically distributing security information within a fibre channel fabric

Assignee

• Cisco Technology, Inc. · US

Inventors

• Claudio Desanti · San Jose, US
• Silvano Gai · San Jose, US
• Fabio R. Maino · Palo Alto, US
• Maurilio Cometto · Palo Alto, US
• Sachin Jain · Fremont, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/102
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A reliable asymmetric method for distributing security information within a Fiber Channel Fabric. The Switching Fabric includes a set of security servers, which maintain among themselves a replicated copy of the Fabric security databases using the currently defined Merge and Change protocols. The other Switches of the Fabric are configured as client-Switches. They maintain only the subset of the authorization and authentication information required for their correct operation. A client-Switch queries the security server when a new end-device is connected to it, or when it is connected to the Fabric. When the security configuration of the Fabric changes by an administrative action, a security server solicits the client-Switches to update their information. In an alternative embodiment, the end-devices may query directly the security server, usually for authentication purposes. A Fabric with a plurality of security servers balances among them the load of inquiries from clients, and is more reliable because it continues to operate in the event of failure of one or more servers. Reliability is achieved in a stateless manner through the FSPF protocol, the Fiber Channel routing protocol.…