summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc3821.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc3821.txt')
-rw-r--r--doc/rfc/rfc3821.txt4147
1 files changed, 4147 insertions, 0 deletions
diff --git a/doc/rfc/rfc3821.txt b/doc/rfc/rfc3821.txt
new file mode 100644
index 0000000..c41268d
--- /dev/null
+++ b/doc/rfc/rfc3821.txt
@@ -0,0 +1,4147 @@
+
+
+
+
+
+
+Network Working Group M. Rajagopal
+Request for Comments: 3821 E. Rodriguez
+Category: Standards Track R. Weber
+ July 2004
+
+
+ Fibre Channel Over TCP/IP (FCIP)
+
+Status of this Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2004).
+
+Abstract
+
+ Fibre Channel Over TCP/IP (FCIP) describes mechanisms that allow the
+ interconnection of islands of Fibre Channel storage area networks
+ over IP-based networks to form a unified storage area network in a
+ single Fibre Channel fabric. FCIP relies on IP-based network
+ services to provide the connectivity between the storage area network
+ islands over local area networks, metropolitan area networks, or wide
+ area networks.
+
+Table Of Contents
+
+ 1. Purpose, Motivation, and Objectives. . . . . . . . . . . . . . 3
+ 2. Relationship to Fibre Channel Standards. . . . . . . . . . . . 4
+ 2.1. Relevant Fibre Channel Standards . . . . . . . . . . . . 4
+ 2.2. This Specification and Fibre Channel Standards . . . . . 5
+ 3. Terminology. . . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 4. Protocol Summary . . . . . . . . . . . . . . . . . . . . . . . 7
+ 5. The FCIP Model . . . . . . . . . . . . . . . . . . . . . . . . 9
+ 5.1. FCIP Protocol Model. . . . . . . . . . . . . . . . . . . 9
+ 5.2. FCIP Link. . . . . . . . . . . . . . . . . . . . . . . . 10
+ 5.3. FC Entity. . . . . . . . . . . . . . . . . . . . . . . . 11
+ 5.4. FCIP Entity. . . . . . . . . . . . . . . . . . . . . . . 12
+ 5.5. FCIP Link Endpoint (FCIP_LEP). . . . . . . . . . . . . . 13
+ 5.6. FCIP Data Engine (FCIP_DE) . . . . . . . . . . . . . . . 14
+ 5.6.1. FCIP Encapsulation of FC Frames. . . . . . . . . 16
+ 5.6.2. FCIP Data Engine Error Detection and Recovery. . 19
+ 6. Checking FC Frame Transit Times in the IP Network. . . . . . . 22
+
+
+
+Rajagopal, et al. Standards Track [Page 1]
+
+RFC 3821 FCIP July 2004
+
+
+ 7. The FCIP Special Frame (FSF) . . . . . . . . . . . . . . . . . 23
+ 7.1. FCIP Special Frame Format. . . . . . . . . . . . . . . . 23
+ 7.2. Overview of FSF Usage in Connection Establishment. . . . 26
+ 8. TCP Connection Management. . . . . . . . . . . . . . . . . . . 28
+ 8.1. TCP Connection Establishment . . . . . . . . . . . . . . 28
+ 8.1.1. Connection Establishment Model . . . . . . . . . 28
+ 8.1.2. Creating New TCP Connections . . . . . . . . . . 29
+ 8.1.3. Processing Incoming TCP Connect Requests . . . . 32
+ 8.1.4. Simultaneous Connection Establishment. . . . . . 36
+ 8.2. Closing TCP Connections. . . . . . . . . . . . . . . . . 36
+ 8.3. TCP Connection Parameters. . . . . . . . . . . . . . . . 36
+ 8.3.1. TCP Selective Acknowledgement Option . . . . . . 36
+ 8.3.2. TCP Window Scale Option. . . . . . . . . . . . . 36
+ 8.3.3. Protection Against Sequence Number Wrap. . . . . 37
+ 8.3.4. TCP_NODELAY Option . . . . . . . . . . . . . . . 37
+ 8.4. TCP Connection Considerations. . . . . . . . . . . . . . 37
+ 8.5. Flow Control Mapping between TCP and FC. . . . . . . . . 37
+ 9. Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
+ 9.1. Threat Models. . . . . . . . . . . . . . . . . . . . . . 38
+ 9.2. FC Fabric and IP Network Deployment Models . . . . . . . 40
+ 9.3. FCIP Security Components . . . . . . . . . . . . . . . . 40
+ 9.3.1. IPsec ESP Authentication and Confidentiality . . 40
+ 9.3.2. Key Management . . . . . . . . . . . . . . . . . 41
+ 9.3.3. ESP Replay Protection and Rekeying Issues. . . . 43
+ 9.4. Secure FCIP Link Operation . . . . . . . . . . . . . . . 44
+ 9.4.1. FCIP Link Initialization Steps . . . . . . . . . 44
+ 9.4.2. TCP Connection Security Associations (SAs) . . . 44
+ 9.4.3. Handling Data Integrity and Confidentiality
+ Violations . . . . . . . . . . . . . . . . . . . 45
+ 10. Performance. . . . . . . . . . . . . . . . . . . . . . . . . . 45
+ 10.1. Performance Considerations . . . . . . . . . . . . . . . 45
+ 10.2. IP Quality of Service (QoS) Support. . . . . . . . . . . 46
+ 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 47
+ 11.1. Normative References . . . . . . . . . . . . . . . . . . 47
+ 11.2. Informative References . . . . . . . . . . . . . . . . . 49
+ 12. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 50
+ Appendix A Fibre Channel Bit and Byte Numbering Guidance. . . . . 51
+ B IANA Considerations. . . . . . . . . . . . . . . . . . 51
+ C FCIP Usage of Addresses and Identifiers. . . . . . . . 52
+ D Example of synchronization Recovery Algorithm. . . . . 53
+ E Relationship between FCIP and IP over FC (IPFC). . . . 58
+ F FC Frame Format. . . . . . . . . . . . . . . . . . . . 59
+ G FC Encapsulation Format. . . . . . . . . . . . . . . . 61
+ H FCIP Requirements on an FC Entity. . . . . . . . . . . 63
+ Editors and Contributors Acknowledgements. . . . . . . . . . . . . 69
+ Editors and Contributors Addresses . . . . . . . . . . . . . . . . 70
+ Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 74
+
+
+
+
+Rajagopal, et al. Standards Track [Page 2]
+
+RFC 3821 FCIP July 2004
+
+
+1. Purpose, Motivation, and Objectives
+
+ Warning to Readers Familiar With Fibre Channel: Both Fibre Channel
+ and IETF standards use the same byte transmission order. However,
+ the bit and byte numbering is different. See appendix A for
+ guidance.
+
+ Fibre Channel (FC) is a gigabit or multi-gigabit speed networking
+ technology primarily used to implement Storage Area Networks (SANs).
+ See section 2 for information about how Fibre Channel is standardized
+ and the relationship of this specification to Fibre Channel
+ standards. An overview of Fibre Channel can be found in [34].
+
+ This specification describes mechanisms that allow the
+ interconnection of islands of Fibre Channel SANs over IP Networks to
+ form a unified SAN in a single Fibre Channel fabric. The motivation
+ behind defining these interconnection mechanisms is a desire to
+ connect physically remote FC sites allowing remote disk access, tape
+ backup, and live mirroring.
+
+ Fibre Channel standards have chosen nominal distances between switch
+ elements that are less than the distances available in an IP Network.
+ Since Fibre Channel and IP Networking technologies are compatible, it
+ is logical to turn to IP Networking for extending the allowable
+ distances between Fibre Channel switch elements.
+
+ The fundamental assumption made in this specification is that the
+ Fibre Channel traffic is carried over the IP Network in such a manner
+ that the Fibre Channel Fabric and all Fibre Channel devices on the
+ Fabric are unaware of the presence of the IP Network. This means
+ that the FC datagrams must be delivered in such time as to comply
+ with existing Fibre Channel specifications. The FC traffic may span
+ LANs, MANs, and WANs, so long as this fundamental assumption is
+ adhered to.
+
+ The objectives of this document are to:
+
+ 1) specify the encapsulation and mapping of Fibre Channel (FC) frames
+ employing FC Frame Encapsulation [19].
+
+ 2) apply the mechanism described in 1) to an FC Fabric using an IP
+ network as an interconnect between two or more islands in an FC
+ Fabric.
+
+ 3) address any FC concerns arising from tunneling FC traffic over an
+ IP-based network, including security, data integrity (loss),
+ congestion, and performance. This will be accomplished by
+ utilizing the existing IETF-specified suite of protocols.
+
+
+
+Rajagopal, et al. Standards Track [Page 3]
+
+RFC 3821 FCIP July 2004
+
+
+ 4) be compatible with the referenced FC standards. While new work
+ may be undertaken in T11 to optimize and enhance FC Fabrics, this
+ specification REQUIRES conformance only to the referenced FC
+ standards.
+
+ 5) be compatible with all applicable IETF standards so that the IP
+ Network used to extend an FC Fabric can be used concurrently for
+ other reasonable purposes.
+
+ The objectives of this document do not include using an IP Network as
+ a replacement for the Fibre Channel Arbitrated Loop interconnect. No
+ definition is provided for encapsulating loop primitive signals for
+ transmission over an IP Network.
+
+Conventions used in this document
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14, RFC 2119 [1].
+
+2. Relationship to Fibre Channel Standards
+
+2.1. Relevant Fibre Channel Standards
+
+ FC is standardized as a family of American National Standards
+ developed by the T11 technical committee of INCITS (InterNational
+ Committee for Information Technology Standards). T11 has specified a
+ number of documents describing FC protocols, operations, and
+ services. T11 documents of interest to readers of this specification
+ include (but are not limited to):
+
+ - FC-BB - Fibre Channel Backbone [2]
+ - FC-BB-2 - Fibre Channel Backbone -2 [3]
+ - FC-SW-2 - Fibre Channel Switch Fabric -2 [4]
+ - FC-FS - Fibre Channel Framing and Signaling [5]
+
+ FC-BB and FC-BB-2 describe the relationship between an FC Fabric and
+ interconnect technologies not defined by Fibre Channel standards
+ (e.g., ATM and SONET). FC-BB-2 is the Fibre Channel document
+ describing the relationships between FC and TCP/IP, including the FC
+ use of FCIP.
+
+ FC-SW-2 describes the switch components of an FC Fabric and FC-FS
+ describes the FC Frame format and basic control features of Fibre
+ Channel.
+
+ Additional information regarding T11 activities is available on the
+ committee's web site www.t11.org.
+
+
+
+Rajagopal, et al. Standards Track [Page 4]
+
+RFC 3821 FCIP July 2004
+
+
+2.2. This Specification and Fibre Channel Standards
+
+ When considering the challenge of transporting FC Frames over an IP
+ Network, it is logical to divide the standardization effort between
+ TCP/IP requirements and Fibre Channel requirements. This
+ specification covers the TCP/IP requirements for transporting FC
+ Frames; the Fibre Channel documents described in section 2.1 cover
+ the Fibre Channel requirements.
+
+ This specification addresses only the requirements necessary to
+ properly utilize an IP Network as a conduit for FC Frames. The
+ result is a specification for an FCIP Entity (see section 5.4).
+
+ A product that tunnels an FC Fabric through an IP Network MUST
+ combine the FCIP Entity with an FC Entity (see section 5.3) using an
+ implementation specific interface. The requirements placed on an FC
+ Entity by this specification to achieve proper delivery of FC Frames
+ are summarized in appendix H. More information about FC Entities can
+ be found in the Fibre Channel standards and an example of an FC
+ Entity can be found in FC-BB-2 [3].
+
+ No attempt is being made to define a specific API between an FCIP
+ Entity and an FC Entity. The approach is to specify required
+ functional interactions between an FCIP Entity and an FC Entity (both
+ of which are required to forward FC frames across an IP Network), but
+ allow implementers to choose how these interactions will be realized.
+
+3. Terminology
+
+ Terms used to describe FCIP concepts are defined in this section.
+
+ FC End Node - An FC device that uses the connection services provided
+ by the FC Fabric.
+
+ FC Entity - The Fibre Channel specific functional component that
+ combines with an FCIP Entity to form an interface between an FC
+ Fabric and an IP Network (see section 5.3).
+
+ FC Fabric - An entity that interconnects various Nx_Ports (see [5])
+ attached to it, and is capable of routing FC Frames using only the
+ destination ID information in an FC Frame header (see appendix F).
+
+ FC Fabric Entity - A Fibre Channel specific element containing one
+ or more Interconnect_Ports (see FC-SW-2 [4]) and one or more
+ FC/FCIP Entity pairs. See FC-BB-2 [3] for details about FC Fabric
+ Entities.
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 5]
+
+RFC 3821 FCIP July 2004
+
+
+ FC Frame - The basic unit of Fibre Channel data transfer (see
+ appendix F).
+
+ FC Frame Receiver Portal - The access point through which an FC
+ Frame and time stamp enter an FCIP Data Engine from the FC Entity.
+
+ FC Frame Transmitter Portal - The access point through which a
+ reconstituted FC Frame and time stamp leave an FCIP Data Engine to
+ the FC Entity.
+
+ FC/FCIP Entity pair - The combination of one FC Entity and one FCIP
+ entity.
+
+ FCIP Data Engine (FCIP_DE) - The component of an FCIP Entity that
+ handles FC Frame encapsulation, de-encapsulation, and transmission
+ FCIP Frames through a single TCP Connection (see section 5.6).
+
+ FCIP Entity - The entity responsible for the FCIP protocol exchanges
+ on the IP Network and encompasses FCIP_LEP(s) and FCIP Control and
+ Services module (see section 5.4).
+
+ FCIP Frame - An FC Frame plus the FC Frame Encapsulation [19]
+ header, encoded SOF and encoded EOF that contains the FC Frame
+ (see section 5.6.1).
+
+ FCIP Link - One or more TCP Connections that connect one FCIP_LEP to
+ another (see section 5.2).
+
+ FCIP Link Endpoint (FCIP_LEP) - The component of an FCIP Entity
+ that handles a single FCIP Link and contains one or more FCIP_DEs
+ (see section 5.5).
+
+ Encapsulated Frame Receiver Portal - The TCP access point through
+ which an FCIP Frame is received from the IP Network by an FCIP
+ Data Engine.
+
+ Encapsulated Frame Transmitter Portal - The TCP access point through
+ which an FCIP Frame is transmitted to the IP Network by an FCIP
+ Data Engine.
+
+ FCIP Special Frame (FSF) - A specially formatted FC Frame containing
+ information used by the FCIP protocol (see section 7).
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 6]
+
+RFC 3821 FCIP July 2004
+
+
+4. Protocol Summary
+
+ The FCIP protocol is summarized as follows:
+
+ 1) The primary function of an FCIP Entity is forwarding FC Frames,
+ employing FC Frame Encapsulation described in [19].
+
+ 2) Viewed from the IP Network perspective, FCIP Entities are peers
+ and communicate using TCP/IP. Each FCIP Entity contains one or
+ more TCP endpoints in the IP-based network.
+
+ 3) Viewed from the FC Fabric perspective, pairs of FCIP Entities, in
+ combination with their associated FC Entities, forward FC Frames
+ between FC Fabric elements. The FC End Nodes are unaware of the
+ existence of the FCIP Link.
+
+ 4) FC Primitive Signals, Primitive Sequences, and Class 1 FC Frames
+ are not transmitted across an FCIP Link because they cannot be
+ encoded using FC Frame Encapsulation [19].
+
+ 5) The path (route) taken by an encapsulated FC Frame follows the
+ normal routing procedures of the IP Network.
+
+ 6) An FCIP Entity MAY contain multiple FCIP Link Endpoints, but each
+ FCIP Link Endpoint (FCIP_LEP) communicates with exactly one other
+ FCIP_LEP.
+
+ 7) When multiple FCIP_LEPs with multiple FCIP_DEs are in use,
+ selection of which FCIP_DE to use for encapsulating and
+ transmitting a given FC Frame is covered in FC-BB-2 [3]. FCIP
+ Entities do not actively participate in FC Frame routing.
+
+ 8) The FCIP Control and Services module MAY use TCP/IP quality of
+ service features (see section 10.2).
+
+ 9) It is necessary to statically or dynamically configure each FCIP
+ entity with the IP addresses and TCP port numbers corresponding to
+ FCIP Entities with which it is expected to initiate communication.
+ If dynamic discovery of participating FCIP Entities is supported,
+ the function SHALL be performed using the Service Location
+ Protocol (SLPv2) [17]. It is outside the scope of this
+ specification to describe any static configuration method for
+ participating FCIP Entity discovery. Refer to section 8.1.2.2 for
+ a detailed description of dynamic discovery of participating FCIP
+ Entities using SLPv2.
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 7]
+
+RFC 3821 FCIP July 2004
+
+
+ 10) Before creating a TCP Connection to a peer FCIP Entity, the FCIP
+ Entity attempting to create the TCP connection SHALL statically or
+ dynamically determine the IP address, TCP port, expected FC Fabric
+ Entity World Wide Name, TCP Connection Parameters, and Quality of
+ Service Information.
+
+ 11) FCIP Entities do not actively participate in the discovery of FC
+ source and destination identifiers. Discovery of FC addresses
+ (accessible via the FCIP Entity) is provided by techniques and
+ protocols within the FC architecture as described in FC-FS [5] and
+ FC-SW-2 [4].
+
+ 12) To support IP Network security (see section 9), FCIP Entities
+ MUST:
+ 1) implement cryptographically protected authentication and
+ cryptographic data integrity keyed to the authentication
+ process, and
+ 2) implement data confidentiality security features.
+
+ 13) On an individual TCP Connection, this specification relies on
+ TCP/IP to deliver a byte stream in the same order that it was
+ sent.
+
+ 14) This specification assumes the presence of and requires the use of
+ TCP and FC data loss and corruption mechanisms. The error
+ detection and recovery features described in this specification
+ complement and support these existing mechanisms.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 8]
+
+RFC 3821 FCIP July 2004
+
+
+5. The FCIP Model
+
+5.1. FCIP Protocol Model
+
+ The relationship between FCIP and other protocols is illustrated in
+ figure 1.
+
+ +------------------------+ FCIP Link +------------------------+
+ | FCIP |===========| FCIP |
+ +--------+------+--------+ +--------+------+--------+
+ | FC-2 | | TCP | | TCP | | FC-2 |
+ +--------+ +--------+ +--------+ +--------+
+ | FC-1 | | IP | | IP | | FC-1 |
+ +--------+ +--------+ +--------+ +--------+
+ | FC-0 | | LINK | | LINK | | FC-0 |
+ +--------+ +--------+ +--------+ +--------+
+ | | PHY | | PHY | |
+ | +--------+ +--------+ |
+ | | | |
+ | | IP Network | |
+ V +--------------------+ V
+ to Fibre to Fibre
+ Channel Channel
+ Fabric Fabric
+
+ Key: FC-0 - Fibre Channel Physical Media Layer
+ FC-1 - Fibre Channel Encode and Decode Layer
+ FC-2 - Fibre Channel Framing and Flow Control Layer
+ TCP - Transmission Control Protocol
+ IP - Internet Protocol
+ LINK - IP Link Layer
+ PHY - IP Physical Layer
+
+ Figure 1: FCIP Protocol Stack Model
+
+ Note that the objective of the FCIP Protocol is to create and
+ maintain one or more FCIP Links to transport data.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 9]
+
+RFC 3821 FCIP July 2004
+
+
+5.2. FCIP Link
+
+ The FCIP Link is the basic unit of service provided by the FCIP
+ Protocol to an FC Fabric. As shown in figure 2, an FCIP Link
+ connects two portions of an FC Fabric using an IP Network as a
+ transport to form a single FC Fabric.
+
+ /\/\/\/\/\/\ /\/\/\/\/\/\ /\/\/\/\/\/\
+ \ FC / \ IP / \ FC /
+ / Fabric \=========/ Network \=========/ Fabric \
+ \/\/\/\/\/\/ \/\/\/\/\/\/ \/\/\/\/\/\/
+ | |
+ |<--------- FCIP Link -------->|
+
+ Figure: 2 FCIP Link Model
+
+ At the points where the ends of the FCIP Link meet portions of the FC
+ Fabric, an FCIP Entity (see section 5.4) combines with an FC Entity
+ as described in section 5.3 to serve as the interface between FC and
+ IP.
+
+ An FCIP Link SHALL contain at least one TCP Connection and MAY
+ contain more than one TCP Connection. The endpoints of a single TCP
+ Connection are FCIP Data Engines (see section 5.6). The endpoints of
+ a single FCIP Link are FCIP Link Endpoints (see section 5.5).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 10]
+
+RFC 3821 FCIP July 2004
+
+
+5.3. FC Entity
+
+ An implementation that tunnels an FC Fabric through an IP Network
+ MUST combine an FC Entity with an FCIP Entity (see section 5.4) to
+ form a complete interface between the FC Fabric and IP Network as
+ shown in figure 3. An FC Fabric Entity may contain multiple
+ instances of the FC/FCIP Entity pair shown on either the right-hand
+ or left-hand side of figure 3.
+
+ |<--------- FCIP Link -------->|
+ | |
+ +----------+ /\/\/\/\/\/\ +----------+
+ | FCIP | \ IP / | FCIP |
+ | Entity |=========/ Network \=========| Entity |
+ +----------+ \/\/\/\/\/\/ +----------+
+ | FC | | FC |
+ | Entity | | Entity |
+ +----------+ +----------+
+ | |
+ /\/\/\/\/\/\ /\/\/\/\/\/\
+ \ FC / \ FC /
+ / Fabric \ / Fabric \
+ \/\/\/\/\/\/ \/\/\/\/\/\/
+
+ Figure 3: Model for Two Connected FC/FCIP Entity Pairs
+
+ In general, the combination of an FCIP Link and two FC/FCIP Entity
+ pairs is intended to provide a non-Fibre Channel backbone transport
+ between Fibre Channel components. For example, this combination can
+ be used to function as the hard-wire connection between two Fibre
+ Channel switches.
+
+ The interface between the FC and FCIP Entities is implementation
+ specific. The functional requirements placed on an FC Entity by this
+ specification are listed in appendix H. More information about FC
+ Entities can be found in the Fibre Channel standards and an example
+ of an FC Entity can be found in FC-BB-2 [3].
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 11]
+
+RFC 3821 FCIP July 2004
+
+
+5.4. FCIP Entity
+
+ The model for an FCIP Entity is shown in figure 4.
+
+ .......................................................
+ : FCIP Entity :
+ : :
+ : +-----------+ :
+ : | FCIP | :
+ : |Control and|------------------------------------+ :
+ : | Services | | :
+ : | Module | | :
+ : +-----------+ | :
+ : | +--------------------+ | :
+ : | +-------+--------------------+|----+ | :
+ : | |+-----+--------------------+|----+| | :
+ : | ||+----| FCIP Link Endpoint |----+|| | :
+ : | ||| +--------------------+ ||| | :
+ :.............................................|||.....:
+ | ||| ||| |
+ | ||| ||| o<--+
+ | ||| unique TCP ||| | |
+ | ||| connections-->||| | |
+ | ||| ||| | |
+ +----------+ /\/\/\/\/\/\ |
+ | FC | \ IP / |
+ | Entity | / Network \ |
+ +----------+ \/\/\/\/\/\/ |
+ | |
+ /\/\/\/\/\/\ +------------------+
+ \ FC / +->TCP port for
+ / Fabric \ incoming
+ \/\/\/\/\/\/ connections
+
+ Figure 4: FCIP Entity Model
+
+ The FCIP Entity receives TCP connect requests on behalf of the
+ FCIP_LEPs that it manages. In support of this, the FCIP Entity is
+ the sole owner of at least one TCP port/IP Address combination used
+ to form TCP Connections. The TCP port may be the FCIP well known
+ port at a given IP Address. An FC Fabric to IP Network interface
+ product SHALL provide each FC/FCIP Entity pair contained in the
+ product with a unique combination of FC Fabric Entity World Wide
+ Identifier and FC/FCIP Entity Identifier values (see section 7).
+
+ An FCIP Entity contains an FCIP Control and Services Module to
+ control FCIP link initialization, FCIP link dissolution, and to
+ provide the FC Entity with an interface to key IP Network features.
+
+
+
+Rajagopal, et al. Standards Track [Page 12]
+
+RFC 3821 FCIP July 2004
+
+
+ The interfaces to the IP Network features are implementation
+ specific, however, REQUIRED TCP/IP functional support is specified in
+ this document, including:
+
+ - TCP Connections - see section 8
+ - Security - see section 9
+ - Performance - see section 10
+ - Dynamic Discovery - see section 8.1.2.2
+
+ The FCIP Link Endpoints in an FCIP Entity provide the FC Frame
+ encapsulation and transmission features of FCIP.
+
+5.5. FCIP Link Endpoint (FCIP_LEP)
+
+ As shown in figure 5, the FCIP Link Endpoint contains one FCIP Data
+ Engine for each TCP Connection in the FCIP Link.
+
+ ................................................
+ : FCIP Link Endpoint :
+ : +------------------+ :
+ : +-------+------------------+|----+ :
+ : |+-----+------------------+|----+| :
+ : ||+----| FCIP Data Engine |----+|| :
+ : ||| +------------------+ ||| :
+ :..............................................:
+ ||| |||
+ +----------+ /\/\/\/\/\/\
+ | FC | \ IP /
+ | Entity | / Network \
+ +----------+ \/\/\/\/\/\/
+ |
+ /\/\/\/\/\/\
+ \ FC /
+ / Fabric \
+ \/\/\/\/\/\/
+
+ Figure 5: FCIP Link Endpoint Model
+
+ Each time a TCP Connection is formed with a new FC/FCIP Entity pair
+ (including all the actions described in section 8.1), the FCIP
+ Entity SHALL create a new FCIP Link Endpoint containing one FCIP Data
+ Engine.
+
+ An FCIP_LEP is a transparent data translation point between an FC
+ Entity and an IP Network. A pair of FCIP_LEPs communicating over one
+ or more TCP Connections create an FCIP Link to join two islands of an
+ FC Fabric, producing a single FC Fabric.
+
+
+
+
+Rajagopal, et al. Standards Track [Page 13]
+
+RFC 3821 FCIP July 2004
+
+
+ The IP Network over which the two FCIP_LEPs communicate is not aware
+ of the FC payloads that it is carrying. Likewise, the FC End Nodes
+ connected to the FC Fabric are unaware of the TCP/IP based transport
+ employed in the structure of the FC Fabric.
+
+ An FCIP_LEP uses normal TCP based flow control mechanisms for
+ managing its internal resources and matching them with the advertised
+ TCP Receiver Window Size (see sections 8.3.2, 8.5). An FCIP_LEP MAY
+ communicate with its local FC Entity counterpart to coordinate flow
+ control.
+
+5.6. FCIP Data Engine (FCIP_DE)
+
+ The model for one of the multiple FCIP_DEs that MAY be present in an
+ FCIP_LEP is shown in figure 6.
+
+ +--------------------------------+
+ | |
+ F |-+ +------------------+ +-|
+ C |p| | Encapsulation | |p| N
+ -->|1|--->| Engine |--->|2|--> e
+ E |-+ +------------------+ +-| t
+ n | | I w
+ t |-+ +------------------+ +-| P o
+ i |p| | De-Encapsulation | |p| r
+ t <--|4|<---| Engine |<---|3|<-- k
+ y |-+ +------------------+ +-|
+ | |
+ +--------------------------------+
+
+ Figure 6: FCIP Data Engine Model
+
+ Data enters and leaves the FCIP_DE through four portals (p1 - p4).
+ The portals do not process or examine the data that passes through
+ them. They are only the named access points where the FCIP_DE
+ interfaces with the external world. The names of the portals are as
+ follows:
+
+ p1) FC Frame Receiver Portal - The interface through which an FC
+ Frame and time stamp enters an FCIP_DE from the FC Entity.
+
+ p2) Encapsulated Frame Transmitter Portal - The TCP interface through
+ which an FCIP Frame is transmitted to the IP Network by an
+ FCIP_DE.
+
+ p3) Encapsulated Frame Receiver Portal - The TCP interface through
+ which an FCIP Frame is received from the IP Network by an
+ FCIP_DE.
+
+
+
+Rajagopal, et al. Standards Track [Page 14]
+
+RFC 3821 FCIP July 2004
+
+
+ p4) FC Frame Transmitter Portal - The interface through which a
+ reconstituted FC Frame and time stamp exits an FCIP_DE to the FC
+ Entity.
+
+ The work of the FCIP_DE is done by the Encapsulation and De-
+ Encapsulation Engines. The Engines have two functions:
+
+ 1) Encapsulating and de-encapsulating FC Frames using the
+ encapsulation format described in FC Frame Encapsulation [19] and
+ in section 5.6.1 of this document, and
+
+ 2) Detecting some data transmission errors and performing minimal
+ error recovery as described in section 5.6.2.
+
+ Data flows through a pair of IP Network connected FCIP_DEs in the
+ following seven steps:
+
+ 1) An FC Frame and time stamp arrives at the FC Frame Receiver Portal
+ and is passed to the Encapsulation Engine. The FC Frame is
+ assumed to have been processed by the FC Entity according to the
+ applicable FC rules and is not validated by the FCIP_DE. If the
+ FC Entity is in the Unsynchronized state with respect to a time
+ base as described in the FC Frame Encapsulation [19]
+ specification, the time stamp delivered with the FC Frame SHALL be
+ zero.
+
+ 2) In the Encapsulation Engine, the encapsulation format described in
+ FC Frame Encapsulation [19] and in section 5.6.1 of this document
+ SHALL be applied to prepare the FC Frame and associated time stamp
+ for transmission over the IP Network.
+
+ 3) The entire encapsulated FC Frame (a.k.a. the FCIP Frame) SHALL be
+ passed to the Encapsulated Frame Transmitter Portal where it SHALL
+ be inserted in the TCP byte stream.
+
+ 4) Transmission of the FCIP Frame over the IP Network follows all the
+ TCP rules of operation. This includes, but is not limited to, the
+ in-order delivery of bytes in the stream, as specified by TCP [6].
+
+ 5) The FCIP Frame arrives at the partner FCIP Entity where it enters
+ the FCIP_DE through the Encapsulated Frame Receiver Portal and is
+ passed to the De-Encapsulation Engine for processing.
+
+ 6) The De-Encapsulation Engine SHALL validate the incoming TCP byte
+ stream as described in section 5.6.2.2 and SHALL de-encapsulate
+ the FC Frame and associated time stamp according to the
+ encapsulation format described in FC Frame Encapsulation [19] and
+ in section 5.6.1 of this document.
+
+
+
+Rajagopal, et al. Standards Track [Page 15]
+
+RFC 3821 FCIP July 2004
+
+
+ 7) In the absence of errors, the de-encapsulated FC Frame and time
+ stamp SHALL be passed to the FC Frame Transmitter Portal for
+ delivery to the FC Entity. Error handling is discussed in section
+ 5.6.2.2.
+
+ Every FC Frame that arrives at the FC Frame Receiver Portal SHALL be
+ transmitted on the IP Network as described in steps 1 through 4
+ above. In the absence of errors, data bytes arriving at the
+ Encapsulated Frame Receiver Portal SHALL be de-encapsulated and
+ forwarded to the FC Frame Transmitter Portal as described in steps 5
+ through 7.
+
+5.6.1. FCIP Encapsulation of FC Frames
+
+ The FCIP encapsulation of FC Frames employs FC Frame Encapsulation
+ [19].
+
+ The features from FC Frame Encapsulation that are unique to
+ individual protocols SHALL be applied as follows for the FCIP
+ encapsulation of FC Frames.
+
+ The Protocol# field SHALL contain 1 in accordance with the IANA
+ Considerations annex of FC Frame Encapsulation [19].
+
+ The Protocol Specific field SHALL have the format shown in figure 7.
+ Note: the word numbers in figure 7 are relative to the complete FC
+ Frame Encapsulation header, not to the Protocol Specific field.
+
+ W|------------------------------Bit------------------------------|
+ o| |
+ r| 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3|
+ d|0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1|
+ +---------------------------------------------------------------+
+ 1| replication of encapsulation word 0 |
+ +---------------+---------------+---------------+---------------+
+ 2| pFlags | Reserved | -pFlags | -Reserved |
+ +---------------+---------------+---------------+---------------+
+
+ Figure 7: FCIP Usage of FC Frame Encapsulation Protocol Specific
+ field
+
+ Word 1 of the Protocol Specific field SHALL contain an exact copy of
+ word 0 in FC Frame Encapsulation [19].
+
+ The pFlags (protocol specific flags) field provides information about
+ the protocol specific usage of the FC Encapsulation Header. Figure 8
+ shows the defined pFlags bits.
+
+
+
+
+Rajagopal, et al. Standards Track [Page 16]
+
+RFC 3821 FCIP July 2004
+
+
+ |----------------Bit--------------------|
+ | |
+ | 0 1 2 3 4 5 6 7 |
+ +----+-----------------------------+----+
+ | Ch | Reserved | SF |
+ +----+-----------------------------+----+
+
+ Figure 8: pFlags Field Bits
+
+ The SF (Special Frame) bit indicates whether the FCIP Frame is an
+ encapsulated FC Frame or an FSF (FCIP Special Frame, see section 7).
+ When the FCIP Frame contains an encapsulated FC Frame, the SF bit
+ SHALL be 0. When the FCIP Frame is an FSF, the SF bit SHALL be 1.
+
+ The FSF SHALL only be sent as the first bytes transmitted in each
+ direction on a newly formed TCP Connection and only one FSF SHALL be
+ transmitted in each direction at that time (see section 8.1). After
+ that all FCIP Frames SHALL have the SF bit set to 0.
+
+ The Ch (Changed) bit indicates whether an echoed FSF has been
+ intentionally altered (see section 8.1.3). The Ch bit SHALL be 0
+ unless the FSF bit is 1. When the initial TCP Connection FSF is
+ sent, the Ch bit SHALL be 0. If the recipient of a TCP connect
+ request echoes the FSF without any changes, then the Ch bit SHALL
+ continue to be 0. If the recipient of a TCP connect request alters
+ the FSF before echoing it, then the Ch bit SHALL be changed to 1.
+
+ The -pFlags field SHALL contain the ones complement of the contents
+ of the pFlags field.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 17]
+
+RFC 3821 FCIP July 2004
+
+
+ Table 1 summarizes the usage of the pFlags SF and Ch bits.
+
+ +----+----+------------+--------------------------------------+
+ | | | Originated | |
+ | SF | Ch | or Echoed | Validity/Description |
+ +----+----+------------+--------------------------------------+
+ | 0 | 0 | n/a | Encapsulated FC Frame |
+ +----+----+------------+--------------------------------------+
+ | 0 | 1 | n/a | Always Illegal |
+ +----+----+------------+--------------------------------------+
+ | 1 | 0 | Originated | Originated FSF |
+ +----+----+------------+--------------------------------------+
+ | 1 | 1 | Originated | Always Illegal |
+ +----+----+------------+--------------------------------------+
+ | 1 | 0 | Echoed | Echoed FSF without changes |
+ +----+----+------------+--------------------------------------+
+ | 1 | 1 | Echoed | Echoed FSF with changes |
+ +----+----+------------+--------------------------------------+
+ | Note 1: Echoed FSFs may contain changes resulting from |
+ | transmission errors, necessitating the comparison between |
+ | sent and received FSF bytes by the FSF originator described |
+ | in section 8.1.2.3. |
+ | |
+ | Note 2: Column positions in this table do not reflect the |
+ | bit positions of the SF and Ch bits in the pFlags field. |
+ +-------------------------------------------------------------+
+
+ Table 1: pFlags SF and Ch bit usage summary
+
+ The Reserved pFlags bits SHALL be 0.
+
+ The Reserved field (bits 23-16 in word 2): SHALL contain 0.
+
+ The -Reserved field (bits 7-0 in word 2): SHALL contain 255 (or
+ 0xFF).
+
+ The CRCV (CRC Valid) Flag SHALL be set to 0.
+
+ The CRC field SHALL be set to 0.
+
+ In FCIP, the SOF and EOF codes listed as Class 2, Class 3, and Class
+ 4 in the FC Frame Encapsulation [19] are legal.
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 18]
+
+RFC 3821 FCIP July 2004
+
+
+5.6.2. FCIP Data Engine Error Detection and Recovery
+
+5.6.2.1. TCP Assistance With Error Detection and Recovery
+
+ TCP [6] requires in order delivery, generation of TCP checksums, and
+ checking of TCP checksums. Thus, the byte stream passed from TCP to
+ the FCIP_LEP will be in order and free of errors detectable by the
+ TCP checksum. The FCIP_LEP relies on TCP to perform these functions.
+
+5.6.2.2. Errors in FCIP Headers and Discarding FCIP Frames
+
+ Bytes delivered through the Encapsulated Frame Receiver Portal that
+ are not correctly delimited as defined by the FC Frame Encapsulation
+ [19] are considered to be in error.
+
+ The failure of the Protocol# and Version fields in the FCIP Frame
+ header to contain the values defined for an FCIP Frame SHALL be
+ considered an error.
+
+ Further, some errors in the encapsulation will result in the FCIP_DE
+ losing synchronization with the FC Frames in the byte stream entering
+ through the Encapsulated Frame Receiver Portal.
+
+ The Frame Length field in the FC Frame Encapsulation header is used
+ to determine where in the data stream the next FC Encapsulated Header
+ is located. The following tests SHALL be performed to verify
+ synchronization with the byte stream entering the Encapsulated Frame
+ Receiver Portal, and synchronization SHALL be considered lost if any
+ of the tests fail:
+
+ 1) Frame Length field validation -- 15 < Frame Length < 545;
+
+ 2) Comparison of Frame Length field to its ones complement; and
+
+ 3) A valid EOF is found in the word preceding the start of the next
+ FCIP header as indicated by the Frame Length field, to be tested
+ as follows:
+
+ 1) Bits 24-31 and 16-23 contain identical legal EOF values (the
+ list of legal EOF values is in the FC Frame Encapsulation
+ [19]); and
+
+ 2) Bits 8-15 and 0-7 contain the ones complement of the EOF value
+ found in bits 24-31.
+
+ Note: The range of valid Frame Length values is derived as follows.
+ The FCIP Frame header is seven words, one word each is required for
+ the encoded SOF and EOF values, the FC Frame header is six words, and
+
+
+
+Rajagopal, et al. Standards Track [Page 19]
+
+RFC 3821 FCIP July 2004
+
+
+ the FC CRC requires one word, yielding a base Frame Length of 16
+ (7+1+1+6+1) words, if no FC Payload is present. Since the FC Payload
+ is optional, any Frame Length value greater than 15 is valid. The
+ maximum FC Payload size is 528 words, meaning that any Frame Length
+ value up to and including 544 (528+16) is valid.
+
+ If synchronization is lost, the FC Frame SHALL NOT be forwarded on to
+ the FC Entity and further recovery SHALL be handled as defined by
+ section 5.6.2.3.
+
+ In addition to the tests above, the validity and positioning of the
+ following FCIP Frame information SHOULD be used to detect
+ encapsulation errors that may or may not affect synchronization:
+
+ a) Protocol# ones complement field (1 test);
+ b) Version ones complement field (1 test);
+ c) Replication of encapsulation word 0 in word 1 (1 test);
+ d) Reserved field and its ones complement (2 tests);
+ e) Flags field and its ones complement (2 tests);
+ f) CRC field is equal to zero (1 test);
+ g) SOF fields and ones complement fields (4 tests);
+ h) Format and values of FC header (1 test);
+ i) CRC of FC Frame (2 tests);
+ j) FC Frame Encapsulation header information in the next FCIP
+ Frame (1 test).
+
+ At least 3 of the 16 tests listed above SHALL be performed. Failure
+ of any of the above tests actually performed SHALL indicate an
+ encapsulation error and the FC Frame SHALL NOT be forwarded on to the
+ FC Entity. Further, such errors SHOULD be considered carefully,
+ since some may be synchronization errors.
+
+ Whenever an FCIP_DE discards bytes delivered through the Encapsulated
+ Frame Receiver Portal, it SHALL cause the FCIP Entity to notify the
+ FC Entity of the condition and provide a suitable description of the
+ reason bytes were discarded.
+
+ The burden for recovering from discarded data falls on the FC Entity
+ and other components of the FC Fabric, and is outside the scope of
+ this specification.
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 20]
+
+RFC 3821 FCIP July 2004
+
+
+5.6.2.3. Synchronization Failures
+
+ If an FCIP_DE determines that it cannot find the next FCIP Frame
+ header in the byte stream entering through the Encapsulated Frame
+ Receiver Portal, the FCIP_DE SHALL do one of the following:
+
+ a) close the TCP Connection [6] [7] and notify the FC Entity with the
+ reason for the closure;
+
+ b) recover synchronization by searching the bytes delivered by the
+ Encapsulated Frame Receiver Portal for a valid FCIP Frame header
+ having the correct properties (see section 5.6.2.2), and
+ discarding bytes delivered by the Encapsulated Frame Receiver
+ Portal until a valid FCIP Frame header is found; or
+
+ c) attempt to recover synchronization as described in b) and if
+ synchronization cannot be recovered, close the TCP Connection as
+ described in a), including notification of the FC Entity with the
+ reason for the closure.
+
+ If the FCIP_DE attempts to recover synchronization, the
+ resynchronization algorithm used SHALL meet the following
+ requirements:
+
+ a) discard or identify with an EOFa (see appendix section F.1) those
+ FC Frames and fragments of FC Frames identified before
+ synchronization has again been completely verified. The number of
+ FC Frames not forwarded may vary based on the algorithm used;
+
+ b) return to forwarding FC Frames through the FC Frame Transmitter
+ Portal only after synchronization on the transmitted FCIP Frame
+ stream has been verified; and
+
+ c) close the TCP/IP connection if the algorithm ends without
+ verifying successful synchronization. The probability of failing
+ to synchronize successfully and the time necessary to determine
+ whether or not synchronization was successful may vary with the
+ algorithm used.
+
+ An example algorithm meeting these requirements can be found in
+ appendix D.
+
+ The burden for recovering from the discarding of FCIP Frames during
+ the optional resynchronization process described in this section
+ falls on the FC Entity and other components of the FC Fabric, and is
+ outside the scope of this specification.
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 21]
+
+RFC 3821 FCIP July 2004
+
+
+6. Checking FC Frame Transit Times in the IP Network
+
+ FC-BB-2 [3] defines how the measurement of IP Network transit time is
+ performed, based on the requirements stated in the FC Frame
+ Encapsulation [19] specification. The choice to place this
+ implementation requirement on the FC Entity is based on a desire to
+ include the transit time through the FCIP Entities when computing the
+ IP Network transit time experienced by the FC Frames.
+
+ Each FC Frame that enters the FCIP_DE through the FC Frame Receiver
+ Portal SHALL be accompanied by a time stamp value that the FCIP_DE
+ SHALL place in the Time Stamp [integer] and Time Stamp [fraction]
+ fields of the encapsulation header of the FCIP Frame that contains
+ the FC Frame. If no synchronized time stamp value is available to
+ accompany the entering FC Frame, a value of zero SHALL be used.
+
+ Each FC Frame that exits the FCIP_DE through the FC Frame Transmitter
+ Portal SHALL be accompanied by the time stamp value taken from the
+ FCIP Frame that encapsulated the FC Frame.
+
+ The FC Entity SHALL use suitable internal clocks and either Fibre
+ Channel services or an SNTP Version 4 server [26] to establish and
+ maintain the required synchronized time value. The FC Entity SHALL
+ verify that the FC Entity it is communicating with on an FCIP Link is
+ using the same synchronized time source, either Fibre Channel
+ services or SNTP server.
+
+ Note that since the FC Fabric is expected to have a single
+ synchronized time value throughout, reliance on the Fibre Channel
+ services means that only one synchronized time value is needed for
+ all FCIP_DEs regardless of their connection characteristics.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 22]
+
+RFC 3821 FCIP July 2004
+
+
+7. The FCIP Special Frame (FSF)
+
+7.1. FCIP Special Frame Format
+
+ Figure 9 shows the FSF format.
+
+ W|------------------------------Bit------------------------------|
+ o| |
+ r| 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3|
+ d|0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1|
+ +---------------+---------------+---------------+---------------+
+ 0| Protocol# | Version | -Protocol# | -Version |
+ | (0x01) | (0x01) | (0xFE) | (0xFE) |
+ +---------------+---------------+---------------+---------------+
+ 1| Protocol# | Version | -Protocol# | -Version |
+ | (0x01) | (0x01) | (0xFE) | (0xFE) |
+ +---------------+---------------+---------------+---------------+
+ 2| pFlags | Reserved | -pFlags | -Reserved |
+ | | (0x00) | | (0xFF) |
+ +-----------+---+---------------+-----------+---+---------------+
+ 3| Flags | Frame Length | -Flags | -Frame Length |
+ | (0b000000)| (0b0000010011) | (0b111111)| (0b1111101100) |
+ +-----------+-------------------+-----------+-------------------+
+ 4| Time Stamp [integer] |
+ +---------------------------------------------------------------+
+ 5| Time Stamp [fraction] |
+ +---------------------------------------------------------------+
+ 6| CRC (Reserved in FCIP) |
+ | (0x00-00-00-00) |
+ +-------------------------------+-------------------------------+
+ 7| Reserved | -Reserved |
+ | (0x00-00) | (0xFF-FF) |
+ +-------------------------------+-------------------------------+
+ 8| |
+ +----- Source FC Fabric Entity World Wide Name -----+
+ 9| |
+ +---------------------------------------------------------------+
+ 10| |
+ +----- Source FC/FCIP Entity Identifier -----+
+ 11| |
+ +---------------------------------------------------------------+
+ 12| |
+ +----- Connection Nonce -----+
+ 13| |
+ +---------------+---------------+-------------------------------+
+ (Continued)
+
+ Figure 9: FSF Format (part 1 of 2)
+
+
+
+Rajagopal, et al. Standards Track [Page 23]
+
+RFC 3821 FCIP July 2004
+
+
+ W|------------------------------Bit------------------------------|
+ o| |
+ r| 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3|
+ d|0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1|
+ | |
+ | (Concluded) |
+ +---------------------------------------------------------------+
+ 14| Connection | Reserved | Connection Usage Code |
+ | Usage Flags | (0x00) | <defined in FC-BB-2> |
+ +---------------+---------------+-------------------------------+
+ 15| |
+ +----- Destination FC Fabric Entity World Wide Name -----+
+ 16| |
+ +---------------------------------------------------------------+
+ 17| K_A_TOV |
+ +-------------------------------+-------------------------------+
+ 18| Reserved | -Reserved |
+ | (0x00-00) | (0xFF-FF) |
+ +-------------------------------+-------------------------------+
+
+ Figure 9: FSF Format (part 2 of 2)
+
+ The FSF SHALL only be sent as the first bytes transmitted in each
+ direction on a newly formed TCP Connection, and only one FSF SHALL be
+ transmitted in each direction.
+
+ The contents of the FSF SHALL be as described for encapsulated FC
+ Frames, except for the fields described in this section.
+
+ All FSFs SHALL have the pFlags SF bit set to 1 (see section 5.6.1).
+
+ The Source FC Fabric Entity World Wide Name field SHALL contain the
+ Fibre Channel Name_Identifier [5] for the FC Fabric entity associated
+ with the FC/FCIP Entity pair that generates (as opposed to echoes)
+ the FSF. For example, if the FC Fabric entity is a FC Switch, the FC
+ Fabric Entity World Wide Name field SHALL contain the Switch_Name
+ [4]. The Source FC Fabric Entity World Wide Name SHALL be world wide
+ unique.
+
+ The Source FC/FCIP Entity Identifier field SHALL contain a unique
+ identifier for the FC/FCIP Entity pair that generates (as opposed to
+ echoes) the FSF. The value is assigned by the FC Fabric entity whose
+ world wide name appears in the Source FC Fabric Entity World Wide
+ Name field.
+
+ Note: The combination of the Source FC Entity World Wide Name and
+ Source FC/FCIP Entity Identifier fields uniquely identifies every
+ FC/FCIP Entity pair in the IP Network.
+
+
+
+Rajagopal, et al. Standards Track [Page 24]
+
+RFC 3821 FCIP July 2004
+
+
+ The Connection Nonce field shall contain a 64-bit random number
+ generated to uniquely identify a single TCP connect request. In
+ order to provide sufficient security for the connection nonce, the
+ Randomness Recommendations for Security [9] SHOULD be followed.
+
+ The Connection Usage Flags field identifies the types of SOF values
+ [19] to be carried on the connection as shown in figure 10.
+
+ |------------------------------Bit------------------------------|
+ | |
+ | 0 1 2 3 4 5 6 7 |
+ +-------+-------+-------+-------+-------------------------------+
+ | SOFf | SOF?2 | SOF?3 | SOF?4 | Reserved |
+ +-------+-------+-------+-------+-------------------------------+
+
+ Figure 10: Connection Usage Flags Field Format
+
+ If the SOFf bit is one, then FC Frames containing SOFf are intended
+ to be carried on the connection.
+
+ If the SOF?2 bit is one, then FC Frames containing SOFi2 and SOFn2
+ are intended to be carried on the connection.
+
+ If the SOF?3 bit is one, then FC Frames containing SOFi3 and SOFn3
+ are intended to be carried on the connection.
+
+ If the SOF?4 bit is one, then FC Frames containing SOFi4, SOFn4, and
+ SOFc4 are intended to be carried on the connection.
+
+ All or none of the SOFf, SOF?2, SOF?3, and SOF?4 bits MAY be set to
+ one. If all of the SOFf, SOF?2, SOF?3, and SOF?4 bits are zero, then
+ the types of FC Frames intended to be carried on the connection have
+ no specific relationship to the SOF code.
+
+ The FCIP Entity SHALL NOT enforce the SOF usage described by the
+ Connection Usage Flags field and SHALL only use the contents of the
+ field as described below.
+
+ The Connection Usage Code field contains Fibre Channel defined
+ information regarding the intended usage of the connection as
+ specified in FC-BB-2 [3].
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 25]
+
+RFC 3821 FCIP July 2004
+
+
+ The FCIP Entity SHALL use the contents of the Connection Usage Flags
+ and Connection Usage Code fields to locate appropriate QoS settings
+ in the "shared" database of TCP Connection information (see section
+ 8.1.1) and apply those settings to a newly formed connection.
+
+ The Destination FC Fabric Entity World Wide Name field MAY contain
+ the Fibre Channel Name_Identifier [5] for the FC Fabric entity
+ associated with the FC/FCIP Entity pair that echoes (as opposed to
+ generates) the Special Frame.
+
+ The K_A_TOV field SHALL contain the FC Keep Alive Timeout value to be
+ applied to the new TCP Connection as specified in FC-BB-2 [3].
+
+ For each new incoming TCP connect request and subsequent FSF
+ received, the FCIP Entity SHALL send the contents of the Source FC
+ Fabric Entity World Wide Name, Source FC/FCIP Identifier, Connection
+ Usage Flags and Connection Usage Code fields to the FC Entity along
+ with the other connection information (e.g., FCIP_LEP and FCIP_DE
+ information).
+
+7.2. Overview of FSF Usage in Connection Establishment
+
+ When a new TCP Connection is established, an FCIP Special Frame makes
+ one round trip from the FCIP Entity initiating the TCP connect
+ operation to the FCIP Entity receiving the TCP connect request and
+ back. This FSF usage serves three functions:
+
+ - Identification of the FCIP Link endpoints
+
+ - Conveyance of a few critical parameters shared by the FC/FCIP
+ Entity pairs involved in the FCIP Link
+
+ - Configuration discovery (used in place of SLP only when allowed by
+ site security policies)
+
+ The specific format and protocol requirements for this usage of the
+ FSF are found in sections 7.1 and 8.1.2.3. This section provides an
+ overview of the FSF usage without stating requirements.
+
+ Because FCIP is only a tunnel for a Fibre Channel Fabric and because
+ the Fabric has its own complex link setup algorithm that can be
+ employed for many FCIP link setup needs, it is desirable to minimize
+ the complexity of the FSF usage during TCP Connection setup. With
+ this in mind, this FSF usage is not a login or parameter negotiation
+ mechanism. A single FSF transits each newly established TCP
+ connection as the first bytes sent in each direction.
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 26]
+
+RFC 3821 FCIP July 2004
+
+
+ Note: This usage of the FSF cannot be eliminated entirely because a
+ newly created TCP Connection must be associated with the correct FCIP
+ Link before FC Fabric initialization of the connection can commence.
+
+ The first bytes sent from the TCP connect request initiator to the
+ receiver are an FSF identifying both the sender and who the sender
+ thinks is the receiver. If the contents of this FSF are correct and
+ acceptable to the receiver, the unchanged FSF is echoed back to the
+ sender. This send/echo process is the only set of actions that
+ allows the TCP Connection to be used to carry FC Fabric traffic. If
+ the send and unchanged echo process does not occur, the algorithm
+ followed at one or both ends of the TCP Connection results in the
+ closure of the TCP Connection (see section 8.1 for specific algorithm
+ requirements).
+
+ Note: Owing to the limited manner in which the FSF is used and the
+ requirement that the FSF be echoed without changes before a TCP
+ Connection is allowed to carry user data, no error checking beyond
+ that provided by TCP is deemed necessary.
+
+ As described above, the primary purpose of the FSF usage during TCP
+ Connection setup is identifying the FCIP Link to which the new TCP
+ Connection belongs. From these beginnings, it is only a small
+ stretch to envision using the FSF as a simplified configuration
+ discovery tool, and the mechanics of such a usage are described in
+ section 8.1.
+
+ However, use of the FSF for configuration discovery lacks the broad
+ range of capabilities provided by SLPv2 and most particularly lacks
+ the security capabilities of SLPv2. For these reasons, using the FSF
+ for configuration discovery is not appropriate for all environments.
+ Thus the choice to use the FSF for discovery purposes is a policy
+ choice to be included in the TCP Connection Establishment "shared"
+ database described in section 8.1.1.
+
+ When FSF-based configuration discovery is enabled, the normal TCP
+ Connection setup rules outlined above are modified as follows.
+
+ Normally, the algorithm executed by an FCIP Entity receiving an FSF
+ includes verifying that its own identification information in the
+ arriving FSF is correct and closing the TCP Connection if it is not.
+ This can be viewed as requiring the initiator of a TCP connect
+ request to know in advance the identity of the FCIP Entity that is
+ the target of that request (using SLP, for example), and through the
+ FSF effectively saying, "I think I'm talking to X." If the party at
+ the other end of the TCP connect request is really Y, then it simply
+ hangs up.
+
+
+
+
+Rajagopal, et al. Standards Track [Page 27]
+
+RFC 3821 FCIP July 2004
+
+
+ FSF-based discovery allows the "I think I'm talking to X" to be
+ replaced with "Please tell me who I am talking to?", which is
+ accomplished by replacing an explicit value in the Destination FC
+ Fabric Entity World Wide Name field with zero.
+
+ If the policy at the receiving FCIP Entity allows FSF-based
+ discovery, the zero is replaced with the correct Destination FC
+ Fabric Entity World Wide Name value in the echoed FSF. This is still
+ subject to the rules of sending with unchanged echo, and so closure
+ of TCP Connection occurs after the echoed FSF is received by the TCP
+ connect initiator.
+
+ Despite the TCP Connection closure, however, the TCP connect
+ initiator now knows the correct Destination FC Fabric Entity World
+ Wide Name identity of the FCIP Entity at a given IP Address and a
+ subsequent TCP Connection setup sequence probably will be successful.
+
+ The Ch bit in the pFlags field (see section 5.6.1) allows for
+ differentiation between changes in the FSF resulting from
+ transmission errors and changes resulting from intentional acts by
+ the FSF recipient.
+
+8. TCP Connection Management
+
+8.1. TCP Connection Establishment
+
+8.1.1. Connection Establishment Model
+
+ The description of the connection establishment process is a model
+ for the interactions between an FC Entity and an FCIP Entity during
+ TCP Connection establishment. The model is written in terms of a
+ "shared" database that the FCIP Entity consults to determine the
+ properties of the TCP Connections to be formed combined with routine
+ calls to the FC Entity when connections are successfully established.
+ Whether the FC Entity contributes information to the "shared"
+ database is not critical to this model. However, the fact that the
+ FCIP Entity MAY consult the database at any time to determine its
+ actions relative to TCP Connection establishment is important.
+
+ It is important to remember that this description is only a model for
+ the interactions between an FC Entity and an FCIP Entity. Any
+ implementation that has the same effects on the FC Fabric and IP
+ Network as those described using the model meets the requirements of
+ this specification. For example, an implementation might replace the
+ "shared" database with a routine interface between the FC and FCIP
+ Entities.
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 28]
+
+RFC 3821 FCIP July 2004
+
+
+8.1.2. Creating New TCP Connections
+
+8.1.2.1. Non-Dynamic Creation of New TCP Connections
+
+ When an FCIP Entity discovers that a new TCP Connection needs to be
+ established, it SHALL determine the IP Address to which the TCP
+ Connection is to be made and establish all enabled IP security
+ features for that IP Address as described in section 9. Then the
+ FCIP Entity SHALL determine the following information about the new
+ connection in addition to the IP Address:
+
+ - The expected Destination FC Fabric Entity World Wide Name of the
+ FC/FCIP Entity pair to which the TCP Connection is being made
+
+ - TCP Connection Parameters (see section 8.3)
+
+ - Quality of Service Information (see section 10)
+
+ Based on this information, the FCIP Entity SHALL generate a TCP
+ connect request [6] to the FCIP Well-Known Port of 3225 (or other
+ configuration specific port number) at the specified IP Address.
+
+ If the TCP connect request is rejected, the FCIP Entity SHALL act to
+ limit unnecessary repetition of attempts to establish similar
+ connections. For example, the FCIP Entity might wait 60 seconds
+ before trying to re-establish the connection.
+
+ If the TCP connect request is accepted, the FCIP Entity SHALL follow
+ the steps described in section 8.1.2.3 to complete the establishment
+ of a new FCIP_DE.
+
+ It is RECOMMENDED that an FCIP Entity not initiate TCP connect
+ requests to another FCIP Entity if incoming TCP connect requests from
+ that FCIP Entity have already been accepted.
+
+8.1.2.2. Dynamic Creation of New TCP Connections
+
+ If dynamic discovery of participating FCIP Entities is supported, the
+ function SHALL be performed using the Service Location Protocol
+ (SLPv2) [17] in the manner defined for FCIP usage [20].
+
+ Upon discovering that dynamic discovery is to be used, the FCIP
+ Entity SHALL enable IP security features for the SLP discovery
+ process as described in [20] and then:
+
+ 1) Determine the one or more FCIP Discovery Domain(s) to be used in
+ the dynamic discovery process;
+
+
+
+
+Rajagopal, et al. Standards Track [Page 29]
+
+RFC 3821 FCIP July 2004
+
+
+ 2) Establish an SLPv2 Service Agent to advertise the availability of
+ this FCIP Entity to peer FCIP Entities in the identified FCIP
+ Discovery Domain(s); and
+
+ 3) Establish an SLPv2 User Agent to locate service advertisements for
+ peer FCIP Entities in the identified FCIP Discovery Domain(s).
+
+ For each peer FCIP Entity dynamically discovered through the SLPv2
+ User Agent, the FCIP Entity SHALL establish all enabled IP security
+ features for the discovered IP Address as described in section 9 and
+ then determine the following information about the new connection:
+
+ - The expected Destination FC Fabric Entity World Wide Name of the
+ FC/FCIP Entity pair to which the TCP Connection is being made
+
+ - TCP Connection Parameters (see section 8.3)
+
+ - Quality of Service Information (see section 10)
+
+ Based on this information, the FCIP Entity SHALL generate a TCP
+ connect request [6] to the FCIP Well-Known Port of 3225 (or other
+ configuration specific port number) at the IP Address specified by
+ the service advertisement. If the TCP connect request is rejected,
+ act to limit unnecessary repetition of attempts to establish similar
+ connections. If the TCP connect request is accepted, the FCIP Entity
+ SHALL follow the steps described in section 8.1.2.3 to complete the
+ establishment of a new FCIP_DE.
+
+ It is recommended that an FCIP Entity not initiate TCP connect
+ requests to another FCIP Entity if incoming TCP connect requests from
+ that FCIP Entity have already been accepted.
+
+8.1.2.3. Connection Setup After a Successful TCP Connect Request
+
+ Whether Non-Dynamic TCP Connection creation (see section 8.1.2.1) or
+ Dynamic TCP Connection creation (see section 8.1.2.2) is used, the
+ steps described in this section SHALL be followed to take the TCP
+ Connection setup process to completion.
+
+ After the TCP connect request has been accepted, the FCIP Entity
+ SHALL send an FCIP Special Frame (FSF, see section 7) as the first
+ bytes transmitted on the newly formed connection, and retain a copy
+ of those bytes for later comparisons. All fields in the FSF SHALL be
+ filled in as described in section 7, particularly:
+
+ - The Source FC Fabric Entity World Wide Name field SHALL contain
+ the FC Fabric Entity World Wide Name for the FC/FCIP Entity pair
+ that is originating the TCP connect request;
+
+
+
+Rajagopal, et al. Standards Track [Page 30]
+
+RFC 3821 FCIP July 2004
+
+
+ - The Source FC/FCIP Entity Identifier field SHALL contain a unique
+ identifier that is assigned by the FC Fabric entity whose world
+ wide name appears in the Source FC Fabric Entity World Wide Name
+ field;
+
+ - The Connection Nonce field SHALL contain a 64-bit random number
+ that differs in value from any recently used Connection Nonce
+ value. In order to provide sufficient security for the connection
+ nonce, the Randomness Recommendations for Security [9] SHOULD be
+ followed; and
+
+ - The Destination FC Fabric Entity World Wide Name field SHALL
+ contain 0 or the expected FC Fabric Entity World Wide Name for the
+ FC/FCIP Entity pair whose destination is the TCP connect request.
+
+ After the FSF is sent on the newly formed connection, the FCIP Entity
+ SHALL wait for the FSF to be echoed as the first bytes received on
+ the newly formed connection.
+
+ The FCIP Entity MAY apply a timeout of not less than 90 seconds while
+ waiting for the echoed FSF bytes. If the timeout expires, the FCIP
+ Entity SHALL close the TCP Connection and notify the FC Entity with
+ the reason for the closure.
+
+ If the echoed FSF bytes do not exactly match the FSF bytes sent
+ (words 7 through 17 inclusive) or if the echoed Destination FC Fabric
+ Entity World Wide Name field contains zero, the FCIP Entity SHALL
+ close the TCP Connection and notify the FC Entity with the reason for
+ the closure.
+
+ The FCIP Entity SHALL only perform the following steps if the echoed
+ FSF bytes exactly match the FSF bytes sent (words 7 through 17
+ inclusive).
+
+ 1) Instantiate the appropriate Quality of Service (see section 10)
+ conditions on the newly created TCP Connection,
+
+ 2) If the IP Address and TCP Port to which the TCP Connection was
+ made is not associated with any other FCIP_LEP, create a new
+ FCIP_LEP for the new FCIP Link,
+
+ 3) Create a new FCIP_DE within the newly created FCIP_LEP to service
+ the new TCP Connection, and
+
+ 4) Inform the FC Entity of the new FCIP_LEP, FCIP_DE, Destination FC
+ Fabric Entity World Wide Name, Connection Usage Flags, and
+ Connection Usage Code.
+
+
+
+
+Rajagopal, et al. Standards Track [Page 31]
+
+RFC 3821 FCIP July 2004
+
+
+8.1.3. Processing Incoming TCP Connect Requests
+
+ The FCIP Entity SHALL listen for new TCP Connection requests [6] on
+ the FCIP Well-Known Port (3225). An FCIP Entity MAY also accept and
+ establish TCP Connections to a TCP port number other than the FCIP
+ Well-Known Port, as configured by the network administrator in a
+ manner outside the scope of this specification.
+
+ The FCIP Entity SHALL determine the following information about the
+ requested connection:
+
+ - Whether the "shared" database (see section 8.1.1) allows the
+ requested connection
+
+ - Whether IP security setup has been performed for the IP security
+ features enabled on the connection (see section 9)
+
+ If the requested connection is not allowed, the FCIP Entity SHALL
+ reject the connect request using appropriate TCP means. If the
+ requested connection is allowed, the FC Entity SHALL ensure that
+ required IP security features are enabled and accept the TCP connect
+ request.
+
+ After the TCP connect request has been accepted, the FCIP Entity
+ SHALL wait for the FSF sent by the originator of the TCP connect
+ request (see section 8.1.2) as the first bytes received on the
+ accepted connection.
+
+ The FCIP Entity MAY apply a timeout of no less than 90 seconds while
+ waiting for the FSF bytes. If the timeout expires, the FCIP Entity
+ SHALL close the TCP Connection and notify the FC Entity with the
+ reason for the closure.
+
+ Note: One method for attacking the security of the FCIP Link
+ formation process (detailed in section 9.1) depends on keeping a TCP
+ connect request open without sending an FSF. Implementations should
+ bear this in mind in the handling of TCP connect requests where the
+ FSF is not sent in a timely manner.
+
+ Upon receipt of the FSF sent by the originator of the TCP connect
+ request, the FCIP Entity SHALL inspect the contents of the following
+ fields:
+
+ - Connection Nonce,
+ - Destination FC Fabric Entity World Wide Name,
+ - Connection Usage Flags, and
+ - Connection Usage Code.
+
+
+
+
+Rajagopal, et al. Standards Track [Page 32]
+
+RFC 3821 FCIP July 2004
+
+
+ If the Connection Nonce field contains a value identical to the most
+ recently received Connection Nonce from the same IP Address, the FCIP
+ Entity SHALL close the TCP Connection and notify the FC Entity with
+ the reason for the closure.
+
+ If an FCIP Entity receives a duplicate FSF during the FCIP Link
+ formation process, it SHALL close that TCP Connection and notify the
+ FC Entity with the reason for the closure.
+
+ If the Destination FC Fabric Entity World Wide Name contains 0, the
+ FCIP Entity SHALL take one of the following three actions:
+
+ 1) Leave the Destination FC Fabric Entity World Wide Name field and
+ Ch bit both 0;
+
+ 2) Change the Destination FC Fabric Entity World Wide Name field to
+ match FC Fabric Entity World Wide Name associated with the FCIP
+ Entity that received the TCP connect request and change the Ch bit
+ to 1; or
+
+ 3) Close the TCP Connection without sending any response.
+
+ The choice between the above actions depends on the anticipated usage
+ of the FCIP Entity. The FCIP Entity may consult the "shared"
+ database when choosing between the above actions.
+
+ If:
+ a) The Destination FC Fabric Entity World Wide Name contains a non-
+ zero value that does not match the FC Fabric Entity World Wide
+ Name associated with the FCIP Entity that received the TCP connect
+ request, or
+
+ b) The contents of the Connection Usage Flags and Connection Usage
+ Code fields is not acceptable to the FCIP Entity that received the
+ TCP connect request, then the FCIP Entity SHALL take one of the
+ following two actions:
+
+ 1) Change the contents of the unacceptable fields to correct/
+ acceptable values and set the Ch bit to 1; or
+
+ 2) Close the TCP Connection without sending any response.
+
+ If the FCIP Entity makes any changes in the content of the FSF, it
+ SHALL also set the Ch bit to 1.
+
+ If any changes have been made in the received FSF during the
+ processing described above, the following steps SHALL be performed:
+
+
+
+
+Rajagopal, et al. Standards Track [Page 33]
+
+RFC 3821 FCIP July 2004
+
+
+ 1) The changed FSF SHALL be echoed to the originator of the TCP
+ connect request as the only bytes transmitted on the accepted
+ connection;
+
+ 2) The TCP Connection SHALL be closed (the FC Entity need not be
+ notified of the TCP Connection closure in this case because it is
+ not indicative of an error); and
+
+ 3) All of the additional processing described in this section SHALL
+ be skipped.
+
+ The remaining steps in this section SHALL be performed only if the
+ FCIP Entity has not changed the contents of the above mentioned
+ fields to correct/acceptable values.
+
+ If the Source FC Fabric Entity World Wide Name and Source FC/FCIP
+ Entity Identifier field values in the FSF do not match the Source FC
+ Fabric Entity World Wide Name and Source FC/FCIP Entity Identifier
+ associated with any other FCIP_LEP, the FCIP Entity SHALL:
+
+ 1) Echo the unchanged FSF to the originator of the TCP connect
+ request as the first bytes transmitted on the accepted connection;
+
+ 2) Instantiate the appropriate Quality of Service (see section 10.2)
+ conditions on the newly created TCP Connection, considering the
+ Connection Usage Flags and Connection Usage Code fields, and
+ "shared" database information (see section 8.1.1) as appropriate,
+
+ 3) Create a new FCIP_LEP for the new FCIP Link,
+
+ 4) Create a new FCIP_DE within the newly created FCIP_LEP to service
+ the new TCP Connection, and
+
+ 5) Inform the FC Entity of the new FCIP_LEP, FCIP_DE, Source FC
+ Fabric Entity World Wide Name, Source FC/FCIP Entity Identifier,
+ Connection Usage Flags, and Connection Usage Code.
+
+ If the Source FC Fabric Entity World Wide Name and Source FC/FCIP
+ Entity Identifier field values in the FCIP Special Frame match the
+ Source FC Fabric Entity World Wide Name and Source FC/FCIP Entity
+ Identifier associated with an existing FCIP_LEP, the FCIP Entity
+ SHALL:
+
+ 1) Request that the FC Entity authenticate the source of the TCP
+ connect request (see FC-BB-2 [3]), providing the following
+ information to the FC Entity for authentication purposes:
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 34]
+
+RFC 3821 FCIP July 2004
+
+
+ a) Source FC Fabric Entity World Wide Name,
+ b) Source FC/FCIP Entity Identifier, and
+ c) Connection Nonce.
+
+ The FCIP Entity SHALL NOT use the new TCP Connection for any
+ purpose until the FC Entity authenticates the source of the TCP
+ connect request. If the FC Entity indicates that the TCP connect
+ request cannot be properly authenticated, the FCIP Entity SHALL
+ close the TCP Connection and skip all of the remaining steps in
+ this section.
+
+ The definition of the FC Entity SHALL include an authentication
+ mechanism for use in response to a TCP connect request source that
+ communicates with the partner FC/FCIP Entity pair on an existing
+ FCIP Link. This authentication mechanism should use a previously
+ authenticated TCP Connection in the existing FCIP Link to
+ authenticate the Connection Nonce sent in the new TCP Connection
+ setup process. The FCIP Entity SHALL treat failure of this
+ authentication as an authentication failure for the new TCP
+ Connection setup process.
+
+ 2) Echo the unchanged FSF to the originator of the TCP connect
+ request as the first bytes transmitted on the accepted connection;
+
+ 3) Instantiate the appropriate Quality of Service (see section 10.2)
+ conditions on the newly created TCP Connection, considering the
+ Connection Usage Flags and Connection Usage Code fields, and
+ "shared" database information (see section 8.1.1) as appropriate,
+
+ 4) Create a new FCIP_DE within the existing FCIP_LEP to service the
+ new TCP Connection, and
+
+ 5) Inform the FC Entity of the FCIP_LEP, Source FC Fabric Entity
+ World Wide Name, Source FC/FCIP Entity Identifier, Connection
+ Usage Flags, Connection Usage Code, and new FCIP_DE.
+
+ Note that the originator of TCP connect requests uses the IP Address
+ and TCP Port to identify which TCP Connections belong to which
+ FCIP_LEPs while the recipient of TCP connect requests uses the Source
+ FC Fabric Entity World Wide Name, and Source FC/FCIP Entity
+ Identifier fields from the FSF to identify which TCP Connection
+ belong to which FCIP_LEPs. For this reason, an FCIP Entity that both
+ originates and receives TCP connect requests is unable to match the
+ FCIP_LEPs associated with originated TCP connect requests to the
+ FCIP_LEPs associated with received TCP connect requests.
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 35]
+
+RFC 3821 FCIP July 2004
+
+
+8.1.4. Simultaneous Connection Establishment
+
+ If two FCIP Entities perform simultaneous open operations, then two
+ TCP Connections are formed and the SF originates at one end on one
+ connection and at the other end on the other. Connection setup
+ proceeds as described above on both connections, and the steps
+ described above properly result in the formation of two FCIP Links
+ between the same FCIP Entities.
+
+ This is not an error. Fibre Channel is perfectly capable of handling
+ two approximately equal connections between FC Fabric elements.
+
+ The decision to setup pairs of FCIP Links in this manner is
+ considered to be a site policy decision that can be covered in the
+ "shared" database described in section 8.1.1.
+
+8.2. Closing TCP Connections
+
+ The FCIP Entity SHALL provide a mechanism with acknowledgement by
+ which the FC Entity is able to cause the closing of an existing TCP
+ Connection at any time. This allows the FC Entity to close TCP
+ Connections that are producing too many errors, etc.
+
+8.3. TCP Connection Parameters
+
+ In order to provide efficient management of FCIP_LEP resources as
+ well as FCIP Link resources, consideration of certain TCP Connection
+ parameters is recommended.
+
+8.3.1. TCP Selective Acknowledgement Option
+
+ The Selective Acknowledgement option RFC 2883 [18] allows the
+ receiver to acknowledge multiple lost packets in a single ACK,
+ enabling faster recovery. An FCIP Entity MAY negotiate use of TCP
+ SACK and use it for faster recovery from lost packets and holes in
+ TCP sequence number space.
+
+8.3.2. TCP Window Scale Option
+
+ The TCP Window Scale option [8] allows TCP window sizes larger than
+ 16-bit limits to be advertised by the receiver. It is necessary to
+ allow data in long fat networks to fill the available pipe. This
+ also implies buffering on the TCP sender that matches the
+ (bandwidth*delay) product of the TCP Connection. An FCIP_LEP uses
+ locally available mechanisms to set a window size that matches the
+ available local buffer resources and the desired throughput.
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 36]
+
+RFC 3821 FCIP July 2004
+
+
+8.3.3. Protection Against Sequence Number Wrap
+
+ It is RECOMMENDED that FCIP Entities implement protection against
+ wrapped sequence numbers PAWS [8]. It is quite possible that within
+ a single connection, TCP sequence numbers wrap within a timeout
+ window.
+
+8.3.4. TCP_NODELAY Option
+
+ FCIP Entities should disable the Nagle Algorithm as described in RFC
+ 1122 [7] section 4.2.3.4. By tradition, this can be accomplished by
+ setting the TCP_NODELAY option to one at the local TCP interface.
+
+8.4. TCP Connection Considerations
+
+ In idle mode, a TCP Connection "keep alive" option of TCP is normally
+ used to keep a connection alive. However, this timeout is fairly
+ large and may prevent early detection of loss of connectivity. In
+ order to facilitate faster detection of loss of connectivity, FC
+ Entities SHOULD implement some form of Fibre Channel connection
+ failure detection (see FC-BB-2 [3]).
+
+ When an FCIP Entity discovers that TCP connectivity has been lost,
+ the FCIP Entity SHALL notify the FC Entity of the failure including
+ information about the reason for the failure.
+
+8.5. Flow Control Mapping between TCP and FC
+
+ The FCIP Entity and FC Entity are connected to the IP Network and FC
+ Fabric, respectively, and they need to follow the flow control
+ mechanisms of both TCP and FC, which work independently of each
+ other.
+
+ This section provides guidelines as to how the FCIP Entity can map
+ TCP flow control to status notifications to the FC Entity.
+
+ There are two scenarios in which the flow control management becomes
+ crucial:
+
+ 1) When there is line speed mismatch between the FC and IP
+ interfaces.
+
+ Even though it is RECOMMENDED that both of the FC and IP
+ interfaces to the FC Entity and FCIP Entity, respectively, be of
+ comparable speeds, it is possible to carry FC traffic over an IP
+ Network that has a different line speed and bit error rate.
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 37]
+
+RFC 3821 FCIP July 2004
+
+
+ 2) When the FC Fabric or IP Network encounters congestion.
+
+ Even when both the FC Fabric or IP network are of comparable
+ speeds, during the course of operation, the FC Fabric or the IP
+ Network could encounter congestion due to transient conditions.
+
+ The FC Entity uses Fibre Channel mechanisms for flow control at the
+ FC Frame Receiver Portal based on information supplied by the FCIP
+ Entity regarding flow constraints at the Encapsulated Frame
+ Transmitter Portal. The FCIP Entity uses TCP mechanisms for flow
+ control at the Encapsulated Frame Receiver Portal based on
+ information supplied by the FC Entity regarding flow constraints at
+ the FC Frame Transmitter Portal.
+
+ Coordination of these flow control mechanisms, one of which is credit
+ based and the other of which is window based, depends on a
+ painstaking design that is outside the scope of this specification.
+
+9. Security
+
+ FCIP utilizes the IPsec protocol suite to provide data
+ confidentiality and authentication services, and IKE as the key
+ management protocol. This section describes the requirements for
+ various components of these protocols as used by FCIP, based on FCIP
+ operating environments. Additional consideration for use of IPsec
+ and IKE with the FCIP protocol can be found in [21]. In the event
+ that requirements in [21] conflict with requirements stated in this
+ document, the requirements in this document SHALL prevail.
+
+9.1. Threat Models
+
+ Using a general purpose, wide-area network, such as an IP Network, as
+ a functional replacement for physical cabling introduces some
+ security problems not normally encountered in Fibre Channel Fabrics.
+ FC interconnect cabling is typically protected physically from
+ outside access. Public IP Networks allow hostile parties to impact
+ the security of the transport infrastructure.
+
+ The general effect is that the security of an FC Fabric is only as
+ good as the security of the entire IP Network that carries the FCIP
+ Links used by that FC Fabric. The following broad classes of attacks
+ are possible:
+
+ 1) Unauthorized Fibre Channel elements can gain access to resources
+ through normal Fibre Channel Fabric and processes. Although this
+ is a valid threat, securing the Fibre Channel Fabrics is outside
+ the scope of this document. Securing the IP Network is the issue
+ considered in this specification.
+
+
+
+Rajagopal, et al. Standards Track [Page 38]
+
+RFC 3821 FCIP July 2004
+
+
+ 2) Unauthorized agents can monitor and manipulate Fibre Channel
+ traffic flowing over physical media used by the IP Network and
+ accessible to the agent.
+
+ 3) TCP Connections may be hijacked and used to instantiate an invalid
+ FCIP Link between two peer FCIP Entities.
+
+ 4) Valid and invalid FCIP Frames may be injected on the TCP
+ Connections.
+
+ 5) The payload of an FCIP Frame may be altered or transformed. The
+ TCP checksum, FCIP ones complement checks, and FC frame CRC do not
+ protect against this because all of them can be modified or
+ regenerated by a malicious and determined adversary.
+
+ 6) Unauthorized agents can masquerade as valid FCIP Entities and
+ disturb proper operation of the Fibre Channel Fabric.
+
+ 7) Denial of Service attacks can be mounted by injecting TCP
+ Connection requests and other resource exhaustion operations.
+
+ 8) An adversary may launch a variety of attacks against the discovery
+ process [17].
+
+ 9) An attacker may exploit the FSF authentication mechanism of the
+ FCIP Link formation process (see section 8.1.3). The attacker
+ could observe the FSF contents sent on an initial connection of an
+ FCIP Link and use the observed nonce, Source FC/FCIP Entity
+ Identifier, and other FSF contents to form an FCIP Link using the
+ attacker's own previously established connection, while
+ resetting/blocking the observed connection. Although the use of
+ timeout for reception of FSF reduces the risk of this attack, such
+ an attack is possible. See section 9.3.1 to protect against this
+ specific attack.
+
+ The existing IPsec Security Architecture and protocol suite [10]
+ offers protection from these threats. An FCIP Entity MUST implement
+ portions of the IPsec protocol suite as described in this section.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 39]
+
+RFC 3821 FCIP July 2004
+
+
+9.2. FC Fabric and IP Network Deployment Models
+
+ In the context of enabling a secure FCIP tunnel between FC SANs, the
+ following characteristics of the IP Network deployment are useful to
+ note.
+
+ 1) The FCIP Entities share a peer-to-peer relationship. Therefore,
+ the administration of security policies applies to all FCIP
+ Entities in an equal manner. This differs from a true Client-
+ Server relationship, where there is an inherent difference in how
+ security policies are administered.
+
+ 2) Policy administration as well as security deployment and
+ configuration are constrained to the set of FCIP Entities, thereby
+ posing less of a requirement on a scalable mechanism. For
+ example, the validation of credentials can be relaxed to the point
+ where deploying a set of pre-shared keys is a viable technique.
+
+ 3) TCP Connections and the IP Network are terminated at the FCIP
+ Entity. The granularity of security implementation is at the
+ level of the FCIP tunnel endpoint (or FCIP Entity), unlike other
+ applications where there is a user-level termination of TCP
+ Connections. User-level objects are not controllable by or
+ visible to FCIP Entities. All user-level security related to FCIP
+ is the responsibility of the Fibre Channel standards and is
+ outside the scope of this specification.
+
+ 4) When an FCIP Entity is deployed, its IP addresses will typically
+ be statically assigned. However, support for dynamic IP address
+ assignment, as described in [33], while typically not required,
+ cannot be ruled out.
+
+9.3. FCIP Security Components
+
+ FCIP Security compliant implementations MUST implement ESP and the
+ IPsec protocol suite based cryptographic authentication and data
+ integrity [10], as well as confidentiality using algorithms and
+ transforms as described in this section. Also, FCIP implementations
+ MUST meet the secure key management requirements of IPsec protocol
+ suite.
+
+9.3.1. IPsec ESP Authentication and Confidentiality
+
+ FCIP Entities MUST implement IPsec ESP [12] in Tunnel Mode for
+ providing Data Integrity and Confidentiality. FCIP Entities MAY
+ implement IPsec ESP in Transport Mode, if deployment considerations
+ require use of Transport Mode. When ESP is utilized, per-packet data
+ origin authentication, integrity, and replay protection MUST be used.
+
+
+
+Rajagopal, et al. Standards Track [Page 40]
+
+RFC 3821 FCIP July 2004
+
+
+ If Confidentiality is not enabled but Data Integrity is enabled, ESP
+ with NULL Encryption [15] MUST be used.
+
+ IPsec ESP for message authentication computes a cryptographic hash
+ over the payload that is protected. While IPsec ESP mandates
+ compliant implementations to support certain algorithms for deriving
+ this hash, FCIP implementations:
+
+ - MUST implement HMAC with SHA-1 [11]
+ - SHOULD implement AES in CBC MAC mode with XCBC extensions [23]
+ - DES in CBC mode SHOULD NOT be used due to inherent weaknesses
+
+ For ESP Confidentiality, FCIP Entities:
+
+ - MUST implement 3DES in CBC mode [16]
+ - SHOULD implement AES in CTR mode [22]
+ - MUST implement NULL Encryption [15]
+
+9.3.2. Key Management
+
+ FCIP Entities MUST support IKE [14] for peer authentication,
+ negotiation of Security Associations (SA), and Key Management using
+ the IPsec DOI [13]. Manual keying SHALL NOT be used for establishing
+ an SA since it does not provide the necessary elements for rekeying
+ (see section 9.3.3). Conformant FCIP implementations MUST support
+ peer authentication using pre-shared keys and MAY support peer
+ authentication using digital certificates. Peer authentication using
+ public key encryption methods outlined in IKE [14] sections 5.2 and
+ 5.3 SHOULD NOT be used.
+
+ IKE Phase 1 establishes a secure, MAC-authenticated channel for
+ communications for use by IKE Phase 2. FCIP implementations MUST
+ support IKE Main Mode and SHOULD support Aggressive Mode.
+
+ IKE Phase 1 exchanges MUST explicitly carry the Identification
+ Payload fields (IDii and IDir). Conformant FCIP implementations MUST
+ use ID_IPV4_ADDR, ID_IPV6_ADDR (if the protocol stack supports IPv6),
+ or ID_FQDN Identification Type values. The ID_USER_FQDN, IP Subnet,
+ IP Address Range, ID_DER_ASN1_DN, and ID_DER_ASN1_GN Identification
+ Type values SHOULD NOT be used. The ID_KEY_ID Identification Type
+ values MUST NOT be used. As described in [13], the port and protocol
+ fields in the Identification Payload MUST be set to zero or UDP port
+ 500.
+
+ FCIP Entities negotiate parameters for SA during IKE Phase 2 only
+ using "Quick Mode". For FCIP Entities engaged in IKE "Quick Mode",
+ there is no requirement for PFS (Perfect Forward Secrecy). FCIP
+
+
+
+
+Rajagopal, et al. Standards Track [Page 41]
+
+RFC 3821 FCIP July 2004
+
+
+ implementations MUST use either ID_IPV4_ADDR or ID_IPV6_ADDR
+ Identification Type values (based on the version of IP supported).
+ Other Identification Type values MUST NOT be used.
+
+ Since the number of Phase 2 SAs may be limited, Phase 2 delete
+ messages may be sent for idle SAs. The receipt of a Phase 2 delete
+ message SHOULD NOT be interpreted as a reason for tearing down an
+ FCIP Link or any of its TCP connections. When there is new activity
+ on that idle link, a new Phase 2 SA MUST be re-established.
+
+ For a given pair of FCIP Entities, the same IKE Phase 1 negotiation
+ can be used for all Phase 2 negotiations; i.e., all TCP Connections
+ that are bundled into the single FCIP Link can share the same Phase 1
+ results.
+
+ Repeated rekeying using "Quick Mode" on the same shared secret will
+ reduce the cryptographic properties of that secret over time. To
+ overcome this, Phase 1 SHOULD be invoked periodically to create a new
+ set of IKE shared secrets and related security parameters.
+
+ IKE Phase 1 establishment requires the following key distribution and
+ FCIP Entities:
+
+ - MUST support pre-shared IKE keys.
+ - MAY support certificate-based peer authentication using digital
+ signatures.
+ - SHOULD NOT use peer authentication using the public key encryption
+ methods outlined in sections 5.2 and 5.3 of [14].
+
+ When pre-shared keys are used, IKE Main Mode is usable only when both
+ peers of an FCIP Link use statically assigned IP addresses. When
+ support for dynamically assigned IP Addresses is attempted in
+ conjunction with Main Mode, use of group pre-shared keys would be
+ forced, and the use of group pre-shared keys in combination with Main
+ Mode is not recommended as it exposes the deployed environment to
+ man-in-the-middle attacks. Therefore, if either peer of an FCIP Link
+ uses dynamically assigned addresses, Aggressive Mode SHOULD be used
+ and Main Mode SHOULD NOT be used.
+
+ When Digital Signatures are used, either IKE Main Mode or IKE
+ Aggressive Mode may be used. In all cases, access to locally stored
+ secret information (pre-shared key, or private key for digital
+ signing) MUST be suitably restricted, since compromise of secret
+ information nullifies the security properties of IKE/IPsec protocols.
+ Such mechanisms are outside the scope of this document. Support for
+ IKE Oakley Groups [27] is not required.
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 42]
+
+RFC 3821 FCIP July 2004
+
+
+ For the purpose of establishing a secure FCIP Link, the two
+ participating FCIP Entities consult a Security Policy Database (SPD).
+ The SPD is described in IPsec [10] Section 4.4.1. FCIP Entities may
+ have more than one interface and IP Address, and it is possible for
+ an FCIP Link to contain multiple TCP connections whose FCIP endpoint
+ IP Addresses are different. In this case, an IKE Phase 1 SA is
+ established for each FCIP endpoint IP Address pair. Within IKE Phase
+ 1, FCIP implementations must support the ID_IPV4_ADDR, ID_IPV6_ADDR
+ (if the protocol stack supports IPv6), and ID_FQDN Identity Payloads.
+ If FCIP Endpoint addresses are dynamically assigned, it may be
+ beneficial to use ID_FQDN, and for this reason, IP_FQDN Identity
+ Payload MUST be supported. Other identity payloads (ID_USER_FQDN,
+ ID_DER_ASN1_GN, ID_KEY_ID) SHOULD NOT be used.
+
+ At the end of successful IKE negotiations both FCIP Entities store
+ the SA parameters in their SA database (SAD). The SAD is described
+ in IPsec [10] Section 4.4.3. The SAD contains the set of active SA
+ entries, each entry containing Sequence Counter Overflow, Sequence
+ Number Counter, Anti-replay Window, and the Lifetime of the SA. FCIP
+ Entities SHALL employ a default SA Lifetime of one hour and a default
+ Anti-replay window of 32 sequence numbers.
+
+ When a TCP Connection is established between two FCIP_DEs, two
+ unidirectional SAs are created for that connection and each SA is
+ identified in the form of a Security Parameter Index (SPI). One SA
+ is associated with the incoming traffic flow and the other SA is
+ associated with the outgoing traffic flow. The FCIP_DEs at each end
+ of the TCP connection MUST maintain the SPIs for both its incoming
+ and outgoing FCIP Encapsulated Frames.
+
+ FCIP Entities MAY provide administrative management of
+ Confidentiality usage. These management interfaces SHOULD be
+ provided in a secure manner, so as to prevent an attacker from
+ subverting the security process by attacking the management
+ interface.
+
+9.3.3. ESP Replay Protection and Rekeying Issues
+
+ FCIP Entities MUST implement Replay Protection against ESP Sequence
+ Number wrap, as described in [14]. In addition, based on the cipher
+ algorithm and the number of bits in the cipher block size, the
+ validity of the key may become compromised. In both cases, the SA
+ needs to be re-established.
+
+ FCIP Entities MUST use the results of IKE Phase 1 negotiation for
+ initiating an IKE Phase 2 "Quick Mode" exchange and establish new
+ SAs.
+
+
+
+
+Rajagopal, et al. Standards Track [Page 43]
+
+RFC 3821 FCIP July 2004
+
+
+ To enable smooth transition of SAs, it is RECOMMENDED that both FCIP
+ Entities refresh the SPI when the sequence number counter reaches
+ 2^31 (i.e., half the sequence number space). It also is RECOMMENDED
+ that the receiver operate with multiple SPIs for the same TCP
+ Connection for a period of 2^31 sequence number packets before aging
+ out an SPI.
+
+ When a new SPI is created for the outgoing direction, the sending
+ side SHALL begin using it for all new FCIP Encapsulated Frames.
+ Frames that are either in-flight, or re-sent due to TCP
+ retransmissions, etc. MAY use either the new SPI or the one being
+ replaced.
+
+9.4. Secure FCIP Link Operation
+
+9.4.1. FCIP Link Initialization Steps
+
+ FCIP implementations may allow enabling and disabling security
+ mechanisms at the granularity of an FCIP Link. If enabled, the
+ following FCIP Link Initialization steps MUST be followed.
+
+ When an FCIP Link is initialized, before any FCIP TCP Connections are
+ established, the local SPD is consulted to determine if IKE Phase 1
+ has been completed with the FCIP Entity in the peer FCIP Entity, as
+ identified by the WWN.
+
+ If Phase 1 is already completed, IKE Phase 2 proceeds. Otherwise,
+ IKE Phase 1 MUST be completed before IKE Phase 2 can start. Both IKE
+ Phase 1 and Phase 2 transactions use UDP Port 500. If IKE Phase 1
+ fails, the FCIP Link initialization terminates and notifies the FC
+ entity with the reason for the termination. Otherwise, the FCIP Link
+ initialization moves to TCP Connection Initialization.
+
+ As described in section 8.1, FCIP Entities exchange an FSF for
+ forming an FCIP Link. The use of ESP Confidentiality is an effective
+ countermeasure against any perceived security risks of FSF.
+
+9.4.2. TCP Connection Security Associations (SAs)
+
+ Each TCP connection MUST be protected by an IKE Phase 2 SA. Traffic
+ from one or more than one TCP connection may flow within each IPsec
+ Phase 2 SA. While it is possible for an IKE Phase 2 SA to protect
+ multiple TCP connections, all packets of a TCP connection are
+ protected using only one IKE Phase 2 SA.
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 44]
+
+RFC 3821 FCIP July 2004
+
+
+ If different Quality of Service settings are applied to TCP
+ connections, it is advisable to use a different IPsec SA for these
+ connections. Attempting to apply a different quality of service to
+ connections handled by the same IPsec SA can result in reordering,
+ and falling outside the replay window. For additional details, see
+ [21].
+
+ FCIP implementations need not verify that the IP addresses and port
+ numbers in the packet match any locally stored per-connection values,
+ leaving this check to be performed by the IPsec layer.
+
+ An implementation is free to perform several IKE Phase 2 negotiations
+ and cache them in its local SPIs, although entries in such a cache
+ can be flushed per current SA Lifetime settings.
+
+9.4.3. Handling Data Integrity and Confidentiality Violations
+
+ Upon datagram reception, when the ESP packet fails an integrity
+ check, the receiver MUST drop the datagram, which will trigger TCP
+ retransmission. If many such datagrams are dropped, a receiving FCIP
+ Entity MAY close the TCP Connection and notify the FC Entity with the
+ reason for the closure.
+
+ An implementation SHOULD follow guidelines for auditing all auditable
+ ESP events per IPsec [10] Section 7.
+
+ Integrity checks MUST be performed if Confidentiality is enabled.
+
+10. Performance
+
+10.1. Performance Considerations
+
+ Traditionally, the links between FC Fabric components have been
+ characterized by low latency and high throughput. The purpose of
+ FCIP is to provide functionality equivalent to these links using an
+ IP Network, where low latency and high throughput are not as certain.
+ It follows that FCIP Entities and their counterpart FC Entities
+ probably will be interested in optimal use of the IP Network.
+
+ Many options exist for ensuring high throughput and low latency
+ appropriate for the distances involved in an IP Network. For
+ example, a private IP Network might be constructed for the sole use
+ of FCIP Entities. The options that are within the scope of this
+ specification are discussed here.
+
+ One option for increasing the probability that FCIP data streams will
+ experience low latency and high throughput is the IP QoS techniques
+ discussed in section 10.2. This option can have value when applied
+
+
+
+Rajagopal, et al. Standards Track [Page 45]
+
+RFC 3821 FCIP July 2004
+
+
+ to a single TCP Connection. Depending on the sophistication of the
+ FC Entity, further value may be obtained by having multiple TCP
+ Connections with differing QoS characteristics.
+
+ There are many reasons why an FC Entity might request the creation of
+ multiple TCP Connections within an FCIP_LEP. These reasons include a
+ desire to provide differentiated services for different TCP data
+ connections between FCIP_LEPs, or a preference to separately queue
+ different streams of traffic not having a common in-order delivery
+ requirement.
+
+ At the time a new TCP Connection is created, the FC Entity SHALL
+ specify to the FCIP Entity the QoS characteristics (including but not
+ limited to IP per-hop-behavior) to be used for the lifetime of that
+ connection. This MAY be achieved by having:
+
+ a) only one set of QoS characteristics for all TCP Connections;
+
+ b) a default set of QoS characteristics that the FCIP Entity applies
+ in the absence of differing instructions from the FC Entity; or
+
+ c) a sophisticated mechanism for exchanging QoS requirements
+ information between the FC Entity and FCIP Entity each time a new
+ TCP Connection is created.
+
+ Once established, the QoS characteristics of a TCP Connection SHALL
+ NOT be changed, since this specification provides no mechanism for
+ the FC Entity to control such changes. The mechanism for providing
+ different QoS characteristics in FCIP is the establishment of a
+ different TCP Connections and associated FCIP_DEs.
+
+ When FCIP is used with a network with a large (bandwidth*delay)
+ product, it is RECOMMENDED that FCIP_LEPs use the TCP mechanisms
+ (window scaling and wrapped sequence protection) for Long Fat
+ Networks (LFNs) as defined in RFC 1323 [24].
+
+10.2. IP Quality of Service (QoS) Support
+
+ Many methods of providing QoS have been devised or proposed. These
+ include (but are not limited to) the following:
+
+ - Multi-Protocol Label Switching (MPLS) -- RFC 3031 [32]
+ - Differentiated Services Architecture (diffserv) -- RFC 2474 [28],
+ RFC 2475 [29], RFC 2597 [30], and RFC 2598 [31] -- and other forms
+ of per-hop-behavior (PHB)
+ - Integrated Services, RFC 1633 [25]
+ - IEEE 802.1p
+
+
+
+
+Rajagopal, et al. Standards Track [Page 46]
+
+RFC 3821 FCIP July 2004
+
+
+ The purpose of this specification is not to specify any particular
+ form of IP QoS, but rather to specify only those issues that must be
+ addressed in order to maximize interoperability between FCIP
+ equipment that has been manufactured by different vendors.
+
+ It is RECOMMENDED that some form of preferential QoS be used for FCIP
+ traffic to minimize latency and packet drops. No particular form of
+ QoS is recommended.
+
+ If a PHB IP QoS is implemented, it is RECOMMENDED that it
+ interoperate with diffserv (see RFC 2474 [28], RFC 2475 [29], RFC
+ 2597 [30], and RFC 2598 [31]).
+
+ If no form of preferential QoS is implemented, the DSCP field SHOULD
+ be set to '000000' to avoid negative impacts on other network
+ components and services that may be caused by uncontrolled usage of
+ non-zero values of the DSCP field.
+
+11. References
+
+11.1. Normative References
+
+ The references in this section were current as of the time this
+ specification was approved. This specification is intended to
+ operate with newer versions of the referenced documents and looking
+ for newer reference documents is recommended.
+
+ [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+ [2] Fibre Channel Backbone (FC-BB), ANSI INCITS.342:2001, December
+ 12, 2001.
+
+ [3] Fibre Channel Backbone -2 (FC-BB-2), ANSI INCITS.372:2003, July
+ 25, 2003.
+
+ [4] Fibre Channel Switch Fabric -2 (FC-SW-2), ANSI INCITS.355:2001,
+ December 12, 2001.
+
+ [5] Fibre Channel Framing and Signaling (FC-FS), ANSI
+ INCITS.373:2003, October 27, 2003.
+
+ [6] Postel, J., "Transmission Control Protocol", STD 7, RFC 793,
+ September 1981.
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 47]
+
+RFC 3821 FCIP July 2004
+
+
+ [7] Braden, R., "Requirements for Internet Hosts -- Communication
+ Layers", STD 3, RFC 1122, October 1989.
+
+ [8] Jacobson, V., Braden, R. and D. Borman, "TCP Extensions for High
+ Performance", RFC 1323, May 1992.
+
+ [9] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
+ Recommendations for Security", RFC 1750, December 1994.
+
+ [10] Kent, S. and R. Atkinson, "Security Architecture for the
+ Internet Protocol", RFC 2401, November 1998.
+
+ [11] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed- Hashing
+ for Message Authentication", RFC 2104, February 1997.
+
+ [12] Kent, S. and R. Atkinson, "IP Encapsulating Security Payload
+ (ESP)", RFC 2406, November 1998.
+
+ [13] Piper, D., "The Internet IP Security Domain of Interpretation of
+ ISAKMP", RFC 2407, November 1998.
+
+ [14] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)",
+ RFC 2409, November 1998.
+
+ [15] Glenn, R. and S. Kent, "The NULL Encryption Algorithm and Its
+ Use With IPsec", RFC 2410, November 1998.
+
+ [16] Pereira, R. and R. Adams, "The ESP CBC-Mode Cipher Algorithms",
+ RFC 2451, November 1998.
+
+ [17] Guttman, E., Perkins, C., Veizades, J. and M. Day, "Service
+ Location Protocol, version 2", RFC 2608, July 1999.
+
+ [18] Floyd, S., Mahdavi, J., Mathis, M. and M. Podolsky, "SACK
+ Extension", RFC 2883, July 2000.
+
+ [19] Weber, R., Rajagopal, M., Travostino, F., O'Donnell, M., Monia,
+ C. and M. Merhar, "Fibre Channel (FC) Frame Encapsulation", RFC
+ 3643, December 2003.
+
+ [20] Peterson, D., "Finding Fibre Channel over TCP/IP (FCIP) Entities
+ Using Service Location Protocol version 2 (SLPv2)", RFC 3822,
+ July 2004.
+
+ [21] Aboba, B., Tseng, J., Walker, J., Rangan, V. and F. Travostino,
+ "Securing Block Storage Protocols over IP", RFC 3723, April
+ 2004.
+
+
+
+
+Rajagopal, et al. Standards Track [Page 48]
+
+RFC 3821 FCIP July 2004
+
+
+ [22] Frankel, S., Glenn, R. and S. Kelly, "The AES-CBC Cipher
+ Algorithm and Its Use with IPsec", RFC 3602, September 2003.
+
+ [23] Frankel, S. and H. Herbert, "The AES-XCBC-MAC-96 Algorithm and
+ Its Use With IPsec", RFC 3566, September 2003.
+
+11.2. Informative References
+
+ [24] Jacobson, V., Braden, R. and D. Borman, "TCP Extensions for High
+ Performance", RFC 1323, May 1992.
+
+ [25] Braden, R., Clark, D. and S. Shenker, "Integrated Services in
+ the Internet Architecture: an Overview", RFC 1633, June 1994.
+
+ [26] Mills, D., "Simple Network Time Protocol (SNTP) Version 4 for
+ IPv4, IPv6 and OSI", RFC 2030, October 1996.
+
+ [27] Orman, H., "The OAKLEY Key Determination Protocol", RFC 2412,
+ November 1998.
+
+ [28] Nichols, K., Blake, S., Baker, F. and D. Black, "Definition of
+ the Differentiated Services Field (DS Field) in the IPv4 and
+ Ipv6 Headers", RFC 2474, December 1998.
+
+ [29] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z. and W.
+ Weiss, "An Architecture for Differentiated Services", RFC 2475,
+ December 1998.
+
+ [30] Heinanen, J., Baker, F., Weiss, W. and J. Wroclawski, "An
+ Assured Forwarding PHB", RFC 2597, June 1999.
+
+ [31] Jacobson, V., Nichols, K. and K. Poduri, "An Expedited
+ Forwarding PHB Group", RFC 2598, June 1999.
+
+ [32] Rosen, E., Viswanathan, A. and R. Callon, "Multiprotocol Label
+ Switching Architecture", RFC 3031, January, 2001.
+
+ [33] Patel, B., Aboba, B., Kelly, S. and V. Gupta, "Dynamic Host
+ Configuration Protocol (DHCPv4) Configuration of IPsec Tunnel
+ Mode", RFC 3456, January 2003.
+
+ [34] Kembel, R., "The Fibre Channel Consultant: A Comprehensive
+ Introduction", Northwest Learning Associates, 1998.
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 49]
+
+RFC 3821 FCIP July 2004
+
+
+12. Acknowledgments
+
+ The developers of this specification thank Mr. Jim Nelson for his
+ assistance with FC-FS related issues.
+
+ The developers of this specification express their appreciation to
+ Mr. Mallikarjun Chadalapaka and Mr. David Black for their detailed
+ and helpful reviews.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 50]
+
+RFC 3821 FCIP July 2004
+
+
+Appendix A - Fibre Channel Bit and Byte Numbering Guidance
+
+ Both Fibre Channel and IETF standards use the same byte transmission
+ order. However, the bit and byte numbering is different.
+
+ Fibre Channel bit and byte numbering can be observed if the data
+ structure heading, shown in figure 11, is cut and pasted at the top
+ of figure 7, figure 9, and figure 17.
+
+ W|------------------------------Bit------------------------------|
+ o| |
+ r|3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 |
+ d|1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0|
+
+ Figure 11: Fibre Channel Data Structure Bit and Byte Numbering
+
+ Fibre Channel bit numbering for the pFlags field can be observed if
+ the data structure heading, shown in figure 12, is cut and pasted at
+ the top of figure 8.
+
+ |----------------Bit--------------------|
+ | |
+ | 31 30 29 28 27 26 25 24 |
+
+ Figure 12: Fibre Channel pFlags Bit Numbering
+
+ Fibre Channel bit numbering for the Connection Usage Flags field can
+ be observed if the data structure heading, shown in figure 13, is cut
+ and pasted at the top of figure 10.
+
+ |------------------------------Bit------------------------------|
+ | |
+ | 31 30 29 28 27 26 25 24 |
+
+ Figure 13: Fibre Channel Connection Usage Flags Bit Numbering
+
+Appendix B - IANA Considerations
+
+ IANA has made the following port assignments to FCIP:
+
+ - fcip-port 3225/tcp FCIP
+ - fcip-port 3225/udp FCIP
+
+ IANA has changed the authority for these port allocations to
+ reference this RFC.
+
+ Use of UDP with FCIP is prohibited even though IANA has allocated a
+ port.
+
+
+
+Rajagopal, et al. Standards Track [Page 51]
+
+RFC 3821 FCIP July 2004
+
+
+ The FC Frame encapsulation used by this specification employs
+ Protocol# value 1, as described in the IANA Considerations appendix
+ of the FC Frame Encapsulation [19] specification.
+
+Appendix C - FCIP Usage of Addresses and Identifiers
+
+ In support of network address translators, FCIP does not use IP
+ Addresses to identify FCIP Entities or FCIP_LEPs. The only use of IP
+ Addresses for identification occurs when initiating new TCP connect
+ requests (see section 8.1.2.3) where the IP Address destination of
+ the TCP connect request is used to answer the question: "Have
+ previous TCP connect requests been made to the same destination FCIP
+ Entity?" The correctness of this assumption is further checked by
+ sending the Destination FC Fabric Entity World Wide Name in the FCIP
+ Special Frame (FSF) and having the value checked by the FCIP Entity
+ that receives the TCP connect request and FSF (see section 8.1.3).
+
+ For the purposes of processing incoming TCP connect requests, the
+ source FCIP Entity is identified by the Source FC Fabric Entity World
+ Wide Name and Source FC/FCIP Entity Identifier fields in the FSF sent
+ from the TCP connect requestor to the TCP connect recipient as the
+ first bytes following the TCP connect request (see section 8.1.2.3
+ and section 8.1.3).
+
+ FC-BB-2 [3] provides the definitions for each of the following FSF
+ fields:
+
+ - Source FC Fabric Entity World Wide Name,
+ - Source FC/FCIP Entity Identifier, and
+ - Destination FC Fabric Entity World Wide Name.
+
+ As described in section 8.1.3, FCIP Entities segregate their
+ FCIP_LEPs between:
+
+ - Connections resulting from TCP connect requests initiated by the
+ FCIP Entity, and
+
+ - Connections resulting from TCP connect requests received by the
+ FCIP Entity.
+
+ Within each of these two groups, the following information is used to
+ further identify each FCIP_LEP:
+
+ - Source FC Fabric Entity World Wide Name,
+ - Source FC/FCIP Entity Identifier, and
+ - Destination FC Fabric Entity World Wide Name.
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 52]
+
+RFC 3821 FCIP July 2004
+
+
+Appendix D - Example of Synchronization Recovery Algorithm
+
+ The contents of this annex are informative.
+
+ Synchronization may be recovered as specified in section 5.6.2.3. An
+ example of an algorithm for searching the bytes delivered to the
+ Encapsulated Frame Receiver Portal for a valid FCIP Frame header is
+ provided in this annex.
+
+ This resynchronization uses the principle that a valid FCIP data
+ stream must contain at least one valid header every 2176 bytes (the
+ maximum length of an encapsulated FC Frame). Although other data
+ patterns containing apparently valid headers may be contained in the
+ stream, the FC CRC or FCIP Frame validity of the data patterns
+ contained in the data stream will always be either interrupted by or
+ resynchronized with the valid FCIP Frame headers.
+
+ Consider the case shown in figure 14. A series of short FCIP Frames,
+ perhaps from a trace, are embedded in larger FCIP Frames, say as a
+ result of a trace file being transferred from one disk to another.
+ The headers for the short FCIP Frames are denoted SFH and the long
+ FCIP Frame headers are marked as LFH.
+
+ +-+--+-+----+-+----+-+----+-+-+-+---+-+---
+ |L| |S| |S| |S| |S| |L| |S|
+ |F| |F| |F| |F| |F| |F| |F|...
+ |H| |H| |H| |H| |H| |H| |H|
+ +-+--+-+----+-+----+-+----+-+-+-+---+-+---
+ | |
+ |<---------2176 bytes-------->|
+
+ Figure 14: Example of resynchronization data stream
+
+ A resynchronization attempt that starts just to the right of an LFH
+ will find several SFH FCIP Frames before discovering that they do not
+ represent the transmitted stream of FCIP Frames. Within 2176 bytes
+ plus or minus, however, the resynchronization attempt will encounter
+ an SFH whose length does not match up with the next SFH because the
+ LFH will fall in the middle of the short FCIP Frame pushing the next
+ header farther out in the byte stream.
+
+ Note that the resynchronization algorithm cannot forward any
+ prospective FC Frames to the FC Frame Transmitter Portal because,
+ until synchronization is completely established, there is no
+ certainty that anything that looked like an FCIP Frame really was
+ one. For example, an SFH might fortuitously contain a length that
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 53]
+
+RFC 3821 FCIP July 2004
+
+
+ points exactly to the beginning of an LFH. The LFH would identify
+ the correct beginning of a transmitted FCIP Frame, but that in no way
+ guarantees that the SFH was also a correct FCIP Frame header.
+
+ There exist some data streams that cannot be resynchronized by this
+ algorithm. If such a data stream is encountered, the algorithm
+ causes the TCP Connection to be closed.
+
+ The resynchronization assumes that security and authentication
+ procedures outside the FCIP Entity are protecting the valid data
+ stream from being replaced by an intruding data stream containing
+ valid FCIP data.
+
+ The following steps are one example of how an FCIP_DE might
+ resynchronize with the data stream entering the Encapsulated Frame
+ Receiver Portal.
+
+ 1) Search for candidate and strong headers:
+
+ The data stream entering the Encapsulated Frame Receiver Portal is
+ searched for 12 bytes in a row containing the required values for:
+
+ a) Protocol field,
+ b) Version field,
+ c) ones complement of the Protocol field,
+ d) ones complement of the Version field,
+ e) replication of encapsulation word 0 in word 1, and
+ f) pFlags field and its ones complement.
+
+ If such a 12-byte grouping is found, the FCIP_DE assumes that it
+ has identified bytes 0-2 of a candidate FCIP encapsulation header.
+
+ All bytes up to and including the candidate header byte are
+ discarded.
+
+ If no candidate header has been found after searching a specified
+ number of bytes greater than some multiple of 2176 (the maximum
+ length of an FCIP Frame), resynchronization has failed and the
+ TCP/IP connection is closed.
+
+ Word 3 of the candidate header contains the Frame Length and Flags
+ fields and their ones complements. If the fields are consistent
+ with their ones complements, the candidate header is considered a
+ strong candidate header. The Frame Length field is used to
+ determine where in the byte stream the next strong candidate
+ header should be and processing continues at step 2).
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 54]
+
+RFC 3821 FCIP July 2004
+
+
+ 2) Use multiple strong candidate headers to locate a verified
+ candidate header:
+
+ The Frame Length in one strong candidate header is used to skip
+ incoming bytes until the expected location of the next strong
+ candidate header is reached. Then the tests described in step 1)
+ are applied to see if another strong candidate header has
+ successfully been located.
+
+ All bytes skipped and all bytes in all strong candidate headers
+ processed are discarded.
+
+ Strong candidate headers continue to be verified in this way for
+ at least 4352 bytes (twice the maximum length of an FCIP Frame).
+ If at any time a verification test fails, processing restarts at
+ step 1 and a retry counter is incremented. If the retry counter
+ exceeds 3 retries, resynchronization has failed and the TCP
+ Connection is closed, and the FC entity is notified with the
+ reason for the closure.
+
+ After strong candidate headers have been verified for at least
+ 4352 bytes, the next header identified is a verified candidate
+ header, and processing continues at step 3).
+
+ Note: If a strong candidate header was part of the data content of
+ an FCIP Frame, the FCIP Frame defined by that or a subsequent
+ strong candidate header will eventually cross an actual header in
+ the byte stream. As a result it will either identify the actual
+ header as a strong candidate header or it will lose
+ synchronization again because of the extra 28 bytes in the length,
+ returning to step 1 as described above.
+
+ 3) Use multiple strong candidate headers to locate a verified
+ candidate header:
+
+ Incoming bytes are inspected and discarded until the next verified
+ candidate header is reached. Inspection of the incoming bytes
+ includes testing for other candidate headers using the criteria
+ described in step 1. Each verified candidate header is tested
+ against the tests listed in section 5.6.2.2 as would normally be
+ the case.
+
+ Verified candidate headers continue to be located and tested in
+ this way for a minimum of 4352 bytes (twice the maximum length of
+ an FCIP Frame). If all verified candidate headers encountered are
+ valid, the last verified candidate header is a valid header. At
+ this point the FCIP_DE stops discarding bytes and begins normal
+
+
+
+
+Rajagopal, et al. Standards Track [Page 55]
+
+RFC 3821 FCIP July 2004
+
+
+ FCIP de-encapsulation, including for the first time since
+ synchronization was lost, delivery of FC Frames through the FC
+ Frame Transmitter Portal according to normal FCIP rules.
+
+ If any verified candidate headers are invalid but meet all the
+ requirements of a strong candidate header, increment the retry
+ counter and return to step 2). If any verified candidate headers
+ are invalid and fail to meet the tests for a strong candidate
+ header, or if inspection of the bytes between verified candidate
+ headers discovers any candidate headers, increment the retry
+ counter and return to step 1. If the retry counter exceeds 4
+ retries, resynchronization has failed and the TCP/IP connection is
+ closed.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 56]
+
+RFC 3821 FCIP July 2004
+
+
+ A flowchart for this algorithm can be found in figure 15.
+
+ Synchronization is lost
+ |
+ _____________v_______________
+ | |
+ | Search for candidate header |
+ +----------->| |
+ | | Found Not Found |
+ | | (Strong candidate) |
+ | |_____________________________|
+ | | |
+ | | + --------->close TCP
+ | _______v_____________________ Connection
+ | | | and notify
+ | | Enough strong candidate | the FC Entity
+ | +---->| headers identified? | with the reason
+ | | | | for closure
+ | | | No Yes |
+ | | | (Verified candidate) |
+ | | |_____________________________|
+ |___________________| |
+ ^ | |
+ | | |
+ | | _______________________v_____
+ | | | |
+ | | | Enough verified candidate |
+ | | | headers validated? |
+ | | | |
+ | | | No Yes |
+ | | | (Resynchronized) |
+ | | |_____________________________|
+ | | | |
+ | | ______v__________ | Resume
+ | | | | + ---> Normal
+ | | | Synchronization | De-encapsulation
+ | | | Lost? |
+ | | | |
+ | | | No Yes |
+ | | |_________________|
+ | | | |
+ | |________| |
+ |___________________________|
+
+ Figure 15: Flow diagram of simple synchronization example
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 57]
+
+RFC 3821 FCIP July 2004
+
+
+Appendix E - Relationship between FCIP and IP over FC (IPFC)
+
+ The contents of this annex are informative.
+
+ IPFC (RFC 2625) describes the encapsulation of IP packets in FC
+ Frames. It is intended to facilitate IP communication over an FC
+ network.
+
+ FCIP describes the encapsulation of FC Frames in TCP segments, which
+ in turn are encapsulated inside IP packets for transporting over an
+ IP network. It gives no consideration to the type of FC Frame that
+ is being encapsulated. Therefore, the FC Frame may actually contain
+ an IP packet as described in the IP over FC specification (RFC
+ 2625). In such a case, the data packet would have:
+
+ - Data Link Header
+ - IP Header
+ - TCP Header
+ - FCIP Header
+ - FC Header
+ - IP Header
+
+ Note: The two IP headers would not be identical to each other. One
+ would have information pertaining to the final destination, while the
+ other would have information pertaining to the FCIP Entity.
+
+ The two documents focus on different objectives. As mentioned above,
+ implementation of FCIP will lead to IP encapsulation within IP.
+ While perhaps inefficient, this should not lead to issues with IP
+ communication. One caveat: if a Fibre Channel device is
+ encapsulating IP packets in an FC Frame (e.g., an IPFC device), and
+ that device is communicating with a device running IP over a non-FC
+ medium, a second IPFC device may need to act as a gateway between the
+ two networks. This scenario is not specifically addressed by FCIP.
+
+ There is nothing in either of the specifications to prevent a single
+ device from implementing both FCIP and IP-over-FC (IPFC), but this is
+ implementation specific, and is beyond the scope of this document.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 58]
+
+RFC 3821 FCIP July 2004
+
+
+Appendix F - FC Frame Format
+
+ Note: All users of the words "character" or "characters" in this
+ section refer to 8bit/10bit link encoding wherein each 8 bit
+ "character" within a link frame is encoded as a 10 bit "character"
+ for link transmission. These words do not refer to ASCII, Unicode,
+ or any other form of text characters, although octets from such
+ characters will occur as 8 bit "characters" for this encoding. This
+ usage is employed here for consistency with the ANSI T11 standards
+ that specify Fibre Channel.
+
+ The contents of this annex are informative.
+
+ All FC Frames have a standard format (see FC-FS [5]) much like LAN's
+ 802.x protocols. However, the exact size of each FC Frame varies
+ depending on the size of the variable fields. The size of the
+ variable field ranges from 0 to 2112-bytes as shown in the FC Frame
+ Format in figure 16, resulting in the minimum size FC Frame of 36
+ bytes and the maximum size FC Frame of 2148 bytes. Valid FC Frame
+ lengths are always a multiple of four bytes.
+
+ +------+--------+-----------+----//-------+------+------+
+ | SOF |Frame |Optional | Frame | CRC | EOF |
+ | (4B) |Header |Header | Payload | (4B) | (4B) |
+ | |(24B) |<----------------------->| | |
+ | | | Data Field = (0-2112B) | | |
+ +------+--------+-----------+----//-------+------+------+
+
+ Figure 16: FC Frame Format
+
+ SOF and EOF Delimiters
+
+ On an FC link, Start-of-Frame (SOF) and End-Of-Frame (EOF) are
+ called Ordered Sets and are sent as special words constructed from
+ the 8B/10B comma character (K28.5) followed by three additional
+ 8B/10B data characters making them uniquely identifiable in the
+ data stream.
+
+ On an FC link, the SOF delimiter serves to identify the beginning
+ of an FC Frame and prepares the receiver for FC Frame reception.
+ The SOF contains information about the FC Frame's Class of
+ Service, position within a sequence, and in some cases, connection
+ status.
+
+ The EOF delimiter identifies the end of the FC Frame and the final
+ FC Frame of a sequence. In addition, it serves to force the
+ running disparity to negative. The EOF is used to end the
+ connection in connection-oriented classes of service.
+
+
+
+Rajagopal, et al. Standards Track [Page 59]
+
+RFC 3821 FCIP July 2004
+
+
+ A special EOF delimiter called EOFa (End Of Frame - Abort) is used
+ to terminate a partial FC Frame resulting from a malfunction in a
+ link facility during transmission. Since an FCIP Entity functions
+ like a transmission link with respect to the rest of the FC
+ Fabric, FCIP_DEs may use EOFa in their error recovery procedures.
+
+ It is therefore important to preserve the information conveyed by
+ the delimiters across the IP-based network, so that the receiving
+ FCIP Entity can correctly reconstruct the FC Frame in its original
+ SOF and EOF format before forwarding it to its ultimate FC
+ destination on the FC link.
+
+ When an FC Frame is encapsulated and sent over a byte-oriented
+ interface, the SOF and EOF delimiters are represented as sequences
+ of four consecutive bytes, which carry the equivalent Class of
+ Service and FC Frame termination information as the FC ordered
+ sets.
+
+ The representation of SOF and EOF in an encapsulation FC Frame is
+ described in FC Frame Encapsulation [19].
+
+ Frame Header
+
+ The FC Frame Header is transparent to the FCIP Entity. The FC
+ Frame Header is 24 bytes long and has several fields that are
+ associated with the identification and control of the payload.
+ Current FC Standards allow up to 3 Optional Header fields [5]:
+
+ - Network_Header (16-bytes)
+ - Association_Header (32-bytes)
+ - Device_Header (up to 64-bytes).
+
+ Frame Payload
+
+ The FC Frame Payload is transparent to the FCIP Entity. An FC
+ application level payload is called an Information Unit at the
+ FC-4 Level. This is mapped into the FC Frame Payload of the FC
+ Frame. A large Information Unit is segmented using a structure
+ consisting of FC Sequences. Typically, a Sequence consists of
+ more than one FC Frame. FCIP does not maintain any state
+ information regarding the relationship of FC Frames within an FC
+ Sequence.
+
+ CRC
+
+ The FC CRC is 4 bytes long and uses the same 32-bit polynomial
+ used in FDDI and is specified in ANSI X3.139 Fiber Distributed
+ Data Interface. This CRC value is calculated over the entire FC
+
+
+
+Rajagopal, et al. Standards Track [Page 60]
+
+RFC 3821 FCIP July 2004
+
+
+ header and the FC payload; it does not include the SOF and EOF
+ delimiters.
+
+ Note: When FC Frames are encapsulated into FCIP Frames, the FC
+ Frame CRC is untouched by the FCIP Entity.
+
+Appendix G - FC Encapsulation Format
+
+ This annex contains a reproduction of the FC Encapsulation Format
+ [19] as it applies to FCIP Frames that encapsulate FC Frames. The
+ information in this annex is not intended to represent the FCIP
+ Special Frame (FSF) that is described in section 7.
+
+ The information in this annex was correct as of the time this
+ specification was approved. The information in this annex is
+ informative only.
+
+ If there are any differences between the information here and the FC
+ Encapsulation Format specification [19], the FC Encapsulation Format
+ specification takes precedence.
+
+ If there are any differences between the information here and the
+ contents of section 5.6.1, then the contents of section 5.6.1 take
+ precedence.
+
+ Figure 17 applies the requirements stated in section 5.6.1 and in the
+ FC Encapsulation Frame format resulting in a summary of the FC Frame
+ format. Where FCIP requires specific values, those values are shown
+ in hexadecimal in parentheses. Detailed requirements for the FCIP
+ usage of the FC Encapsulation Format are in section 5.6.1.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 61]
+
+RFC 3821 FCIP July 2004
+
+
+ W|------------------------------Bit------------------------------|
+ o| |
+ r| 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3|
+ d|0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1|
+ +---------------+---------------+---------------+---------------+
+ 0| Protocol# | Version | -Protocol# | -Version |
+ | (0x01) | (0x01) | (0xFE) | (0xFE) |
+ +---------------+---------------+---------------+---------------+
+ 1| Protocol# | Version | -Protocol# | -Version |
+ | (0x01) | (0x01) | (0xFE) | (0xFE) |
+ +---------------+---------------+---------------+---------------+
+ 2| pFlags | Reserved | -pFlags | -Reserved |
+ | (0x00) | (0x00) | (0xFF) | (0xFF) |
+ +-----------+---+---------------+-----------+---+---------------+
+ 3| Flags | Frame Length | -Flags | -Frame Length |
+ | (0x00) | | (0x3F) | |
+ +-----------+-------------------+-----------+-------------------+
+ 4| Time Stamp [integer] |
+ +---------------------------------------------------------------+
+ 5| Time Stamp [fraction] |
+ +---------------------------------------------------------------+
+ 6| CRC (Reserved in FCIP) |
+ | (0x00-00-00-00) |
+ +---------------+---------------+---------------+---------------+
+ 7| SOF | SOF | -SOF | -SOF |
+ +---------------+---------------+---------------+---------------+
+ 8| |
+ +----- FC Frame content (see appendix F) -----+
+ | |
+ +---------------+---------------+---------------+---------------+
+ n| EOF | EOF | -EOF | -EOF |
+ +---------------+---------------+---------------+---------------+
+
+ Figure 17: FCIP Frame Format
+
+ The names of fields are generally descriptive on their contents and
+ the FC Encapsulation Format specification [19] is referenced for
+ details. Field names preceded by a minus sign are ones complement
+ values of the named field.
+
+ Note: Figure 17 does not represent the FSF that is described in
+ section 7.
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 62]
+
+RFC 3821 FCIP July 2004
+
+
+Appendix H - FCIP Requirements on an FC Entity
+
+ The contents of this annex are informative for FCIP but might be
+ considered normative on FC-BB-2.
+
+ The capabilities that FCIP requires of an FC Entity include:
+
+ 1) The FC Entity must deliver FC Frames to the correct FCIP Data
+ Engine (in the correct FCIP Link Endpoint).
+
+ 2) Each FC Frame delivered to an FCIP_DE must be accompanied by a
+ time value synchronized with the clock maintained by the FC Entity
+ at the other end of the FCIP Link (see section 6). If a
+ synchronized time value is not available, a value of zero must
+ accompany the FC Frame.
+
+ 3) When FC Frames exit FCIP Data Engine(s) via the FC Frame
+ Transmitter Portal(s), the FC Entity should forward them to the FC
+ Fabric. However, before forwarding an FC Frame, the FC Entity
+ must compute the end-to-end transit time for the FC Frame using
+ the time value supplied by the FCIP_DE (taken from the FCIP
+ header) and a synchronized time value (see section 6). If the
+ end-to-end transit time exceeds the requirements of the FC Fabric,
+ the FC Entity is responsible for discarding the FC Frame.
+
+ 4) The only delivery ordering guarantee provided by FCIP is correctly
+ ordered delivery of FC Frames between a pair of FCIP Data Engines.
+ FCIP expects the FC Entity to implement all other FC Frame
+ delivery ordering requirements.
+
+ 5) When a TCP connect request is received and that request would add
+ a new TCP Connection to an existing FCIP_LEP, the FC Entity must
+ authenticate the source of the TCP connect request before use of
+ the new TCP connection is allowed.
+
+ 6) The FC Entity may participate in determining allowed TCP
+ Connections, TCP Connection parameters, quality of service usage,
+ and security usage by modifying interactions with the FCIP Entity
+ that are modelled as a "shared" database in section 8.1.1.
+
+ 7) The FC Entity may require the FCIP Entity to perform TCP close
+ requests.
+
+ 8) The FC Entity may recover from connection failures.
+
+ 9) The FC Entity must recover from events that the FCIP Entity cannot
+ handle, such as:
+
+
+
+
+Rajagopal, et al. Standards Track [Page 63]
+
+RFC 3821 FCIP July 2004
+
+
+ a) loss of synchronization with FCIP Frame headers from the
+ Encapsulated Frame Receiver Portal requiring resetting the TCP
+ Connection; and
+
+ b) recovering from FCIP Frames that are discarded as a result of
+ synchronization problems (see section 5.6.2.2 and section
+ 5.6.2.3).
+
+ 10) The FC Entity must work cooperatively with the FCIP Entity to
+ manage flow control problems in either the IP Network or FC
+ Fabric.
+
+ 11) The FC Entity may test for failed TCP Connections.
+
+ Note that the Fibre Channel standards must be consulted for a
+ complete understanding of the requirements placed on an FC
+ Entity.
+
+ Table 2 shows the explicit interactions between the FCIP Entity
+ and the FC Entity.
+
+ +-------------+-----------------+-----------------------------------+
+ | | | Information/Parameter Passed and |
+ | | | Direction |
+ | Reference | +-----------------+-----------------+
+ | Section | Condition | FCIP Entity---> | <---FC Entity |
+ +-------------+-----------------+-----------------+-----------------+
+ | 5.6 | FC Frame ready | | Provide FC |
+ | FCIP Data | for IP transfer | | Frame and |
+ | Engine | | | time stamp at |
+ | | | | FC Frame |
+ | | | | Receiver Portal |
+ +-------------+-----------------+-----------------+-----------------+
+ | WWN = World Wide Name |
+ +-------------------------------------------------------------------+
+ | continued |
+ +-------------------------------------------------------------------+
+
+ Table 2: FC/FCIP Entity pair interactions (part 1 of 5)
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 64]
+
+RFC 3821 FCIP July 2004
+
+
+ +-------------+-----------------+-----------------------------------+
+ | | | Information/Parameter Passed and |
+ | | | Direction |
+ | Reference | +-----------------+-----------------+
+ | Section | Condition | FCIP Entity---> | <---FC Entity |
+ +-------------+-----------------+-----------------+-----------------+
+ | continued |
+ +-------------+-----------------+-----------------+-----------------+
+ | 5.6 | FCIP Frame | Provide FC | |
+ | FCIP Data | received from | Frame and | |
+ | Engine | IP Network | time stamp at | |
+ | | | FC Frame Trans- | |
+ | | | mitter Portal | |
+ +-------------+-----------------+-----------------+-----------------+
+ | 5.6.2.2 | FCIP_DE | Inform FC | |
+ | Errors | discards bytes | Entity that | |
+ | in FCIP | delivered | bytes have been | |
+ | Headers and | through | discarded with | |
+ | Discarding | Encapsulated | reason | |
+ | FCIP Frames | Frame Receiver | | |
+ | | Portal | | |
+ +-------------+-----------------+-----------------+-----------------+
+ | 5.6.2.3 | FCIP Entity | Inform FC | |
+ | Synchron- | closes TCP | Entity that TCP | |
+ | ization | Connection due | Connection has | |
+ | Failures | to synchron- | been closed | |
+ | | ization failure | with reason | |
+ | | | for closure | |
+ +-------------+-----------------+-----------------+-----------------+
+ | 8.1.2.3 | Receipt of the | Inform FC | |
+ | Connection | echoed FSF | Entity that TCP | |
+ | Setup | takes too long | Connection has | |
+ | Following a | or the FSF | been closed | |
+ | Successful | contents have | with reason | |
+ | TCP Connect | changed | for closure | |
+ | Request | | | |
+ +-------------+-----------------+-----------------+-----------------+
+ | WWN = World Wide Name |
+ +-------------------------------------------------------------------+
+ | continued |
+ +-------------------------------------------------------------------+
+
+ Table 2: FC/FCIP Entity pair interactions (part 2 of 5)
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 65]
+
+RFC 3821 FCIP July 2004
+
+
+ +-------------+-----------------+-----------------------------------+
+ | | | Information/Parameter Passed and |
+ | | | Direction |
+ | Reference | +-----------------+-----------------+
+ | Section | Condition | FCIP Entity---> | <---FC Entity |
+ +-------------+-----------------+-----------------+-----------------+
+ | continued |
+ +-------------+-----------------+-----------------+-----------------+
+ | 8.1.2.1 | New TCP | Inform FC | |
+ | Non-Dynamic | Connection | Entity of | |
+ | Creation of | created based | new or existing | |
+ | a New TCP | on "shared" | FCIP_LEP and | |
+ | Connections | database | new FCIP_DE | |
+ | | information | along with | |
+ | | | Destination FC | |
+ | | | Fabric Entity | |
+ | | | WWN, Connection | |
+ | | | Usage Flags, | |
+ | | | Connection | |
+ | | | Usage Code and | |
+ | | | Connection | |
+ | | | Nonce | |
+ +-------------+-----------------+-----------------+-----------------+
+ | 8.1.2.2 | New TCP | Inform FC | |
+ | Dynamic | Connection | Entity of | |
+ | Creation of | created based | new or existing | |
+ | a New TCP | on SLP service | FCIP_LEP and | |
+ | Connections | advertisement | new FCIP_DE | |
+ | | and "shared" | along with | |
+ | | database | Destination FC | |
+ | | information | Fabric Entity | |
+ | | | WWN, Connection | |
+ | | | Usage Flags, | |
+ | | | Connection | |
+ | | | Usage Code and | |
+ | | | Connection | |
+ | | | Nonce | |
+ +-------------+-----------------+-----------------+-----------------+
+ | WWN = World Wide Name |
+ +-------------------------------------------------------------------+
+ | continued |
+ +-------------------------------------------------------------------+
+
+ Table 2: FC/FCIP Entity pair interactions (part 3 of 5)
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 66]
+
+RFC 3821 FCIP July 2004
+
+
+ +-------------+-----------------+-----------------------------------+
+ | | | Information/Parameter Passed and |
+ | | | Direction |
+ | Reference | +-----------------+-----------------+
+ | Section | Condition | FCIP Entity---> | <---FC Entity |
+ +-------------+-----------------+-----------------+-----------------+
+ | continued |
+ +-------------+-----------------+-----------------+-----------------+
+ | 8.1.3 | New TCP | Inform FC | |
+ | Processing | Connection | Entity of | |
+ | Incoming | created based | new or existing | |
+ | TCP Connect | on incoming TCP | FCIP_LEP and | |
+ | Requests | Connect request | new FCIP_DE | |
+ | | and "shared" | along with | |
+ | | database | Source FC | |
+ | | information | Fabric Entity | |
+ | | | WWN, Source | |
+ | | | FC/FCIP Entity | |
+ | | | Identifier, | |
+ | | | Connection | |
+ | | | Usage Flags, | |
+ | | | Connection | |
+ | | | Usage Code and | |
+ | | | Connection | |
+ | | | Nonce | |
+ +-------------+-----------------+-----------------+-----------------+
+ | 8.1.3 | TCP Connect | Request FC | Yes or No |
+ | Processing | Request wants | Entity to | answer about |
+ | Incoming | to add a new | authenticate | whether the |
+ | TCP Connect | TCP Connection | the source of | source of the |
+ | Requests | to an existing | the TCP Connect | TCP Connect |
+ | | FCIP_LEP | Request | Request can be |
+ | | | | authenticated |
+ +-------------+-----------------+-----------------+-----------------+
+ | 8.1.3 | Receipt of the | Inform FC | |
+ | Processing | FSF takes too | Entity that TCP | |
+ | Incoming | long or | Connection has | |
+ | TCP Connect | duplicate | been closed | |
+ | Requests | Connection | with reason | |
+ | | Nonce value | for closure | |
+ +-------------+-----------------+-----------------+-----------------+
+ | WWN = World Wide Name |
+ +-------------------------------------------------------------------+
+ | continued |
+ +-------------------------------------------------------------------+
+
+ Table 2: FC/FCIP Entity pair interactions (part 4 of 5)
+
+
+
+
+Rajagopal, et al. Standards Track [Page 67]
+
+RFC 3821 FCIP July 2004
+
+
+ +-------------+-----------------+-----------------------------------+
+ | | | Information/Parameter Passed and |
+ | | | Direction |
+ | Reference | +-----------------+-----------------+
+ | Section | Condition | FCIP Entity---> | <---FC Entity |
+ +-------------+-----------------+-----------------+-----------------+
+ | concluded |
+ +-------------+-----------------+-----------------+-----------------+
+ | 8.2 | FC Entity | Acknowledgement | Identification |
+ | Closing TCP | determines | of TCP | of the FCIP_DE |
+ | Connections | that a TCP | Connection | whose TCP |
+ | | Connection | closure | Connection |
+ | | needs to be | | needs to be |
+ | | closed | | closed |
+ +-------------+-----------------+-----------------+-----------------+
+ | 8.4 | Discovery that | Inform FC | |
+ | TCP | TCP connectiv- | Entity that TCP | |
+ | Connection | ity has been | Connection has | |
+ | Considera- | lost | been closed | |
+ | tions | | with reason | |
+ | | | for closure | |
+ +-------------+-----------------+-----------------+-----------------+
+ | 9.4.1 | IKE phase 1 | Inform FC | |
+ | FCIP | failed, result- | Entity that TCP | |
+ | Link | ing in termin- | Connection can | |
+ | Initializ- | ation of link | not be opened | |
+ | ation Steps | initialization | with reason for | |
+ | | | failure | |
+ +-------------+-----------------+-----------------+-----------------+
+ | 9.4.3 | Excessive | Inform FC | |
+ | Handling | numbers of | Entity that TCP | |
+ | data | dropped | Connection has | |
+ | integrity | datagrams | been closed | |
+ | and confi- | detected and | with reason | |
+ | dentiality | TCP Connection | for closure | |
+ | violations | closed | | |
+ +-------------+-----------------+-----------------+-----------------+
+ | RFC 3723 | TCP Connection | Inform FC | |
+ | | closed due to | Entity that TCP | |
+ | Handling SA | SA parameter | Connection has | |
+ | parameter | mismatch | been closed | |
+ | mismatches | problems | with reason | |
+ | | | for closure | |
+ +-------------+-----------------+-----------------+-----------------+
+ | WWN = World Wide Name |
+ +-------------------------------------------------------------------+
+
+ Table 2: FC/FCIP Entity pair interactions (part 5 of 5)
+
+
+
+Rajagopal, et al. Standards Track [Page 68]
+
+RFC 3821 FCIP July 2004
+
+
+Editors and Contributors Acknowledgements
+
+ During the development of this specification, Murali Rajagopal,
+ Elizabeth Rodriguez, Vi Chau, and Ralph Weber served consecutively as
+ editors. Raj Bhagwat contributed substantially to the initial basic
+ FCIP concepts.
+
+ Venkat Rangan contributed the Security section and continues to
+ coordinate security issues with the ips Working Group and IETF.
+
+ Andy Helland contributed a substantial revision of Performance
+ section, aligning it with TCP/IP QoS concepts.
+
+ Dave Peterson contributed the dynamic discovery section and edits to
+ RFC 3822.
+
+ Anil Rijhsinghani contributed material related to the FCIP MIB and
+ edits the FCIP MIB document.
+
+ Bob Snively contributed material related to error detection and
+ recovery including the bulk of the synchronization recovery example
+ annex.
+
+ Lawrence J. Lamers contributed numerous ideas focused on keeping FCIP
+ compatible with B_Port devices.
+
+ Milan Merhar contributed several of the FCIP conceptual modifications
+ necessary to support NATs.
+
+ Don Fraser contributed material related to link failure detection and
+ reporting.
+
+ Bill Krieg contributed a restructuring of the TCP Connection setup
+ sections that made them more linear with respect to time and more
+ readable.
+
+ Several T11 leaders supported this effort and advised the editors of
+ this specification regarding coordination with T11 documents and
+ projects. These T11 leaders are: Jim Nelson (Framing and Signaling),
+ Neil Wanamaker (Framing and Signaling), Craig Carlson (Generic
+ Services), Ken Hirata (Switch Fabric), Murali Rajagopal (Backbone),
+ Steve Wilson (Switch Fabric), and Michael O'Donnell (Security
+ Protocols).
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 69]
+
+RFC 3821 FCIP July 2004
+
+
+Editors and Contributors Addresses
+
+ Neil Wanamaker
+ Akara
+ 10624 Icarus Court
+ Austin, TX 78726
+ USA
+
+ Phone: +1 512 257 7633
+ Fax: +1 512 257 7877
+ EMail: nwanamaker@akara.com
+
+ Ralph Weber
+ ENDL Texas, representing Brocade
+ Suite 102 PMB 178
+ 18484 Preston Road
+ Dallas, TX 75252
+ USA
+
+ Phone: +1 214 912 1373
+ EMail: roweber@ieee.org
+
+ Elizabeth G. Rodriguez
+ Dot Hill Systems Corp.
+ 6305 El Camino Real
+ Carlsbad, CA 92009
+ USA
+
+ Phone: +1 760 431 4435
+ EMail: elizabeth.rodriguez@dothill.com
+
+ Steve Wilson
+ Brocade Comm. Systems, Inc.
+ 1745 Technology Drive
+ San Jose, CA. 95110
+ USA
+
+ Phone: +1 408 333 8128
+ EMail: swilson@brocade.com
+
+
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 70]
+
+RFC 3821 FCIP July 2004
+
+
+ Bob Snively
+ Brocade Comm. Systems, Inc.
+ 1745 Technology Drive
+ San Jose, CA 95110
+ USA
+
+ Phone: +1 408 303 8135
+ EMail: rsnively@brocade.com
+
+ David Peterson
+ Cisco Systems - SRBU
+ 6450 Wedgwood Road
+ Maple Grove, MN 55311
+ USA
+
+ Phone: +1 763 398 1007
+ Cell: +1 612 802 3299
+ EMail: dap@cisco.com
+
+ Donald R. Fraser
+ Hewlett-Packard
+ 301 Rockrimmon Blvd., Bldg. 5
+ Colorado Springs, CO 80919
+ USA
+
+ Phone: +1 719 548 3272
+ EMail: Don.Fraser@HP.com
+
+ R. Andy Helland
+ LightSand Communications, Inc.
+ 375 Los Coches Street
+ Milpitas, CA 95035
+ USA
+
+ Phone: +1 408 404 3119
+ Fax: +1 408 941 2166
+ EMail: andyh@lightsand.com
+
+ Raj Bhagwat
+ LightSand Communications, Inc.
+ 24411 Ridge Route Dr.
+ Suite 135
+ Laguna Hills, CA 92653
+ USA
+
+ Phone: +1 949 837 1733 x104
+ EMail: rajb@lightsand.com
+
+
+
+
+Rajagopal, et al. Standards Track [Page 71]
+
+RFC 3821 FCIP July 2004
+
+
+ Bill Krieg
+ Lucent Technologies
+ 200 Lucent Lane
+ Cary, NC 27511
+ USA
+
+ Phone: +1 919 463 4020
+ Fax: +1 919 463 4041
+ EMail: bkrieg@lucent.com
+
+ Michael E. O'Donnell
+ McDATA Corporation
+ 310 Interlocken Parkway
+ Broomfield, CO 80021
+ USA
+
+ Phone: +1 303 460 4142
+ Fax: +1 303 465 4996
+ EMail: modonnell@mcdata.com
+
+ Anil Rijhsinghani
+ McDATA Corporation
+ 310 Interlocken Parkway
+ Broomfield, CO 80021
+ USA
+
+ Phone: +1 508 870 6593
+ EMail: anil.rijhsinghani@mcdata.com
+
+ Milan J. Merhar
+ 43 Nagog Park
+ Pirus Networks
+ Acton, MA 01720
+ USA
+
+ Phone: +1 978 206 9124
+ EMail: Milan@pirus.com
+
+ Craig W. Carlson
+ QLogic Corporation
+ 6321 Bury Drive
+ Eden Prairie, MN 55346
+ USA
+
+ Phone: +1 952 932 4064
+ EMail: craig.carlson@qlogic.com
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 72]
+
+RFC 3821 FCIP July 2004
+
+
+ Venkat Rangan
+ Rhapsody Networks Inc.
+ 3450 W. Warren Ave.
+ Fremont, CA 94538
+ USA
+
+ Phone: +1 510 743 3018
+ Fax: +1 510 687 0136
+ EMail: venkat@rhapsodynetworks.com
+
+ Lawrence J. Lamers
+ SAN Valley Systems, Inc.
+ 6320 San Ignacio Ave.
+ San Jose, CA 95119-1209
+ USA
+
+ Phone: +1 408 234 0071
+ EMail: ljlamers@ieee.org
+
+ Murali Rajagopal
+ Broadcom Corporation
+ 16215 Alton Parkway
+ Irvine,CA 92619
+ USA
+
+ Phone: +1 949 450 8700
+ EMail: muralir@broadcom.com
+
+ Ken Hirata
+ Vixel Corporation
+ 15245 Alton Parkway, Suite 100
+ Irvine, CA 92618
+ USA
+
+ Phone: +1 949 788 6368
+ Fax: +1 949 753 9500
+ EMail: ken.hirata@vixel.com
+
+ Vi Chau
+ USA
+ Email: vchau1@cox.net
+
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 73]
+
+RFC 3821 FCIP July 2004
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2004). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at ietf-
+ ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+
+
+
+Rajagopal, et al. Standards Track [Page 74]
+