Fibre Channel
Fibre Channel is a set of standards for connecting storage devices in a fabric network. The Fibre Channel standard identifies a protocol and a collection of physical interfaces for managing computer peripheral components. This standard’s key purpose is managing large numbers of storage devices. Fibre Channel uses serial interfaces working at symbol rates from 133MB/s up to 4.25Gb/s. Optical as well as electrical signals are supported. Fibre Channel supports data transmission rates of 100MBps. It also allows 126 devices to be connected on a single network.
The channels are full duplex, offering full bandwidth and double the channel rate. Topologies comprise of point-to-point, shared loop, and switched. Fibre Channel is associated with numerous protocol layers, the most well-liked are the storage protocols SCSI (FCP) and ESCON (FICON). Fibre Channel is the primary technology used to deploy Storage Area Networks (SANs).
Fibre Channel Topologies
Fibre Channel supports three fabric topologies:
- Fabric
- Loop
- Point-to-Point
Fibre Channel Physical Connectivity
Fibre Channel supports connectivity over fiber optic cabling or copper wiring.
Fibre Channel devices using fiber optic cabling use two unidirectional fiber optic cables for each connection. One fiber optic cable is used for transmitting, the other for receiving. Fibre channel over fiber optic cable supports cable distances of up to 10Km.
Fibre Channel devices that communicate over copper cabling are limited to distances of 30m.
Fibre Channel Devices
Fibre Channel Devices include:
- Host Bust Adapters (HBA’s)
- Fibre Channel Hubs
- Fibre Channel Switches
Fibre Channel Ports
Fibre Channel uses a shorthand terminology to describe different types of connections to the Fibre Channel network.
Fibre Channel uses the term “ports” and defines seven different types of ports:
| Short Name | Descriptive Name | Device Type | Port Function |
|---|---|---|---|
| N-port | Network Port | Nodes | Node port used to connect a node to a Fibre Channel switch |
| F-port | Fabric Port | Switches | Switch port used to connect the Fibre Channel fabric to a node |
| L-port | Loop Port | Nodes | Node port used to connect a node to a Fibre Channel loop |
| NL-port | Network + Loop Port | Nodes | Node port that connects to both loops and switches |
| FL-port | Fabric + Loop Port | Switches | Switch port that connects to both loops and switches |
| E-port | Extender Port | Switches | Used to cascade Fibre Channel switches together |
| G-port | General Port | Switches | General purpose port that can be configured to emulate other port types |
Fibre Channel Standards
The American National Standards Institute (ANSI) defines the Fibre Channel standards.
FCAP (Fibre Channel Authentication Protocol)
FCAP is an optional authentication mechanism employed between any two devices or entities on a Fibre Channel network using certificates or optional keys.
FCPAP (Fibre Channel Password Authentication Protocol)
FCPAP is an optional password based authentication and key exchange protocol that is utilized in Fibre Channel Storage Area Networks (SANs).
FCPAP is used to mutually authenticate Fibre Channel ports to each other. This includes E_Ports, N_Ports, and Domain Controllers.
ESP over Fibre Channel
ESP (Encapsulating Security Payload) is an Internet standard for the authentication and encryption of IP packets. ESP is defined in RFC 2406: IP Encapsulating Security Payload (ESP).
FC-SP (Fibre Channel – Security Protocol)
Fibre Channel – Security Protocol (FC-SP) is a security protocol for Fibre Channel Protocol (FCP) and fiber connectivity (Ficon).
FC-SP is a project of Technical Committee T11 of the International Committee for Information Technology Standards (INCITS).
FC-SP is a security framework that includes protocols to enhance Fibre Channel security in several areas, including Fibre Channel device authentication, cryptographically secure key exchange, and cryptographically secure communication between Fibre Channel devices.
FC-SP is focused on protecting data in transit throughout the Fibre Channel network. FC-SP does not address the security of data that is stored on the Fibre Channel network.
ESP is widely deployed in IP networks and has been adapted for use in Fibre Channel networks. The IETF iSCSI proposal specifies ESP link authentication and optional encryption.
ESP over Fibre Channel is focused on protecting data in transit throughout the Fibre Channel network. ESP over Fibre Channel does not address the security of data that is stored on the Fibre Channel network.
SLAP (Switch Link Authentication Protocol)
SLAP is an authentication method for Fibre Channel switches that utilizes digital certificates to authenticate switch ports.
SLAP was designed to prevent the unauthorized addition of switches into a Fibre Channel network.
DH-CHAP
DH-CHAP (Diffie Hellman – Challenge Handshake Authentication Protocol) is a forthcoming Internet Standard for the authentication of devices connecting to a Fibre Channel switch.
DH-CHAP is a secure key-exchange authentication protocol that supports both switch-to-switch and host-to-switch authentication.
DH-CHAP supports MD5 and SHA-1 algorithm-based authentication.
Attacks against FCP
Attacks against FCP (Fibre Channel Protocol) include:
- Node Name / Port Name spoofing at Port Login time
- Source Port ID spoofing on data-less FCP commands
- Snooping and spoofing on FC-AL
- Snooping and Spoofing after Fabric reconfiguration
- Denial of Service attacks can be made in User mode
|
|
- SAN Zoning
SAN zoning is a method of arranging Fibre Channel devices into logical groups over the physical configuration of the fabric. SAN zoning may be utilized to implement compartmentalization of data for security purposes. Each device in a SAN may be placed into multiple zones. Hard and Soft Zoning Hard zoning is zoning which is implemented [...]...
- HBA (Host Bus Adapter)
An HBA (Host Bus Adapter) is the interface card that connects a host to a SAN (Storage Area Network). It is an electronic circuit board and/or integrated circuit adapter that offers input/output (I/O) operations and physical connectivity among a server and a storage device. Presently, the phrase Host Bus Adapter (HBA) is frequently used for [...]...
- Used Cisco Switches and Routers
Used Cisco Cisco is a worldwide leader in providing the hardware and software solutions of LAN and WAN. The head office of Cisco Company is in San Francisco and the branches and authorized dealers of Cisco currently exist in most of the countries in the world therefore Cisco hardware devices are used in every region [...]...
- What is a Momentary Switch?
A momentary switch is one that is capable of turning a device on or off when a user presses it. Momentary switches represent one of two forms of switches, the other being a traditional on/off switch. They are found in many electronic devices and are usually buttons. Momentary switches are a type of biased switch [...]...
- Common VoIP Hardware
VoIP hardware falls into several categories: VoIP Interface Cards for PCs PC Telephones VoIP Telephones VoIP Switches VoIP Gateways VoIP Routers VoIP PBX’s VoIP Telephones VoIP Interface Cards for PCs VoIP Interface cards for PCs turn your PC into a very capable VoIP telephone. Leading manufacturers of VoIP interface cards for the PC include: Digium [...]...