Some embodiments described herein relate generally to network switching, and more particularly to switching policies and filters for improved Fibre Channel over Ethernet (FCoE) network switching.
Many modern computer networks include hardware devices and/or software (executing in hardware) configured to transfer data frames according to one or both of the Ethernet and Fibre Channel networking standards. To allow for interoperability between Ethernet and Fibre Channel resources, these networks often employ a third network protocol known as Fibre Channel over Ethernet (“FCoE”). By encapsulating Fibre Channel frames within a special Ethernet header, a network device such as an FCoE gateway can send Fibre Channel frames from one Fibre Channel device to another over an Ethernet network.
Typical FCoE-to-Fibre Channel gateways (“FCoE gateways”) thus are typically capable of: (1) relaying, to a Fibre Channel device (such as a switch), a Fibre Channel frame extracted from within an FCoE frame and (2) encapsulating a received Fibre Channel frame within an FCoE frame that can be forwarded, via an Ethernet network, to another Fibre Channel device (such as a peripheral processing device). As part of its switching responsibilities, many FCoE gateways adhere to one or more switching policies, rules or filters that dictate specific switching behavior. Many such filters dictate, for example, whether an FCoE gateway should deliver, drop, or re-direct a received frame based on the frame's type, format, and/or contents.
While such filters allow for more intelligent switching, storage space for these filters is often limited due to scale and cost constraints. More particularly, when an FCoE gateway assigns a distinct Media Access Control (“MAC”) address to each virtual Fibre Channel port instantiated at a peripheral Fibre Channel device, the presence of a filter rule for each MAC address/virtual port pair can result in inefficient use of filter storage space. Thus, a need exists for methods and apparatus to minimize the amount of storage space (i.e., memory) used to store such filters associated with the switching of FCoE frames to Fibre Channel devices.
Additionally, because devices executing on the periphery of a switch fabric system are often untrusted, a need can further exist for methods and apparatus to define one or more filters and/or switching policies to: 1) check whether data frames and/or packets received from a peripheral processing device include appropriate header and/or address information and 2) minimize the transmission of data frames including “spoofed” sender identity information.