To facilitate the management of Fibre Channel networks, an administrator may specify a zone policy defining Fibre Channel zones to restrict one or more subsets of peripheral processing devices in the network only to communicate within each subset. Such zone policies, however, are typically converted into firewall filter rules to enforce restrictions on communications outside of the network zones. The firewall filter rules are typically stored in network routers or switches using very limited ternary content addressable memory (TCAM).
In addition, in known Fibre Channel networks, each time a peripheral processing device logs into or out of a Fibre Channel network, the firewall filter rules affecting that peripheral processing device are typically generated or updated. In some TCAM-based implementations, the login of a new peripheral processing device can add to the number of firewall filter rules, or increase the length of some firewall filter rules, or a combination of both. Such generation or updating of the firewall filter rules typically involves a delay after a login or logout event by any peripheral processing device, and may disrupt subsequent network traffic. Immediately after logging into a Fibre Channel network, a newly-connected peripheral processing device typically queries the Fibre Channel network to determine with which other peripheral processing devices the newly-connected peripheral processing device is permitted to communicate. The response time to such a post-login query by a newly-connected peripheral processing device can depend on the structure or complexity of the entire set of the firewall filter rules in effect across the entire Fibre Channel network.
Thus, a need exists for methods and apparatus to compress the filter rules defined for logged-in devices, and reduce the disruption caused by login or logout events of peripheral processing devices from a Fibre Channel network.