1. Field of Invention
The present invention relates generally to a system for monitoring and filtering frames sent within a network system, and more particularly, to performing actions upon frames based upon individual frame contents.
2. Description of the Related Art
As the result of continuous advances in technology, particularly in the area of networking such as the Internet, there is an increasing demand for communications bandwidth. For example, the transmission of data over a telephone company's trunk lines, the transmission of images or video over the Internet, the transfer of large amounts of data as might be required in transaction processing, or videoconferencing implemented over a public telephone network typically require the high speed transmission of large amounts of data. Such applications create a need for data centers to be able to quickly provide their servers with large amounts of data from data storage. As such data transfer needs become more prevalent, the demand for high bandwidth and large capacity in data storage will only increase.
Efficient data storage and management are becoming increasingly important to business-critical decision-making. This data dependence has greatly increased the number of input and output transactions, or I/Os, required of computer storage systems and servers. As a result, organizations are being forced to dedicate substantial resources to managing and maintaining their storage systems.
Fibre Channel is a transmission protocol that is well-suited to meet this increasing demand, and the Fibre Channel family of standards (developed by the American National Standards Institute (ANSI)) is one example of a standard which defines a high speed communications interface for the transfer of large amounts of data via connections between a variety of hardware devices, including devices such as personal computers, workstations, mainframes, supercomputers, and storage devices. Use of Fibre Channel is proliferating in many applications, particularly client/server applications that demand high bandwidth and low latency I/O. Examples of such applications include mass storage, medical and scientific imaging, multimedia communications, transaction processing, distributed computing and distributed database processing applications.
In one aspect of the Fibre Channel standard, the communication between devices is based on the use of a fabric. The fabric is typically constructed from one or more Fibre Channel switches and each device (or group of devices, for example, in the case of loops) is coupled to the fabric. Devices coupled to the fabric are typically capable of communicating with every other device coupled to the fabric.
Conventional Fibre Channel systems freely pass frames from a source device to a destination device without individualized frame filtering or review. However, there are situations where the ability to freely communicate between all devices on a fabric is not desirable. For example, it may be desirable to screen off certain devices on a fabric in order to perform testing and/or maintenance activities on only those devices, without the risk of interfering with the other devices on the fabric. Devices may need to be segregated according to their operating system or other technical features. Certain devices may wish to receive only frames using a certain protocol. Access to or by certain devices may need to be restricted for security reasons. Additionally, the system may wish to monitor the characteristics of individual frames being sent within the fabric.
Conventional Fibre Channel fabrics do not support the filtering of individual frames from the hardware level. Devices can be prevented from communicating with each other typically only if they are actually physically separated (e.g., coupled to different fabrics). However, this method does not facilitate the ability to examine each frame and make individualized decisions concerning the actions to take for each frame.
In certain fabrics, this segregation, or zoning, can be accomplished by software present in the switches. An example of this operation is provided in U.S. patent application Ser. No. 09/426,567, entitled “Method and System for Creating and Formatting Zones Within a Fibre Channel System” by David Banks, Kumar Malavalli, David Ramsay, and Teow Kha Sin, filed Oct. 22, 1999, which is hereby incorporated by reference. The Simple Name Server present in the switches may provide software zoning providing only the information on devices that are in the zone during the log in processes of a device. However, software zoning is limited in that the entire fabric is still accessible to a “bad” device which otherwise determines devices present on the fabric. Thus, while software zoning is available, it is not sufficiently secure, and some sort of hardware protection mechanism using frame filtering is still needed.
Certain switches, such as the Silkworm 2800, provided by Brocade Communications, Inc. have limited hardware zoning which is accomplished by limited hardware frame filtering. This is also exemplified in U.S. patent application Ser. No. 09/426,567. When devices on a fabric are initialized, they receive a Worldwide Name (WWN). A portion of this WWN includes details on the domain and switch port to which they are connected. Those certain switches have the capability of monitoring the source and destination domain and port numbers of a packet and can perform zoning or filtering on that information. However, even though this port hardware zoning is a security improvement on the software zoning, it is still very limiting and is inflexible. Additionally, it is not as secure as desired, as any devices within the zone can communicate, so that the fabric must be organized so that devices do not contain material that must be secure from any other devices in the zone. This limits the end user's capabilities for designing their computer system, increasing costs and complexity.
Therefore, there is a need for improved frame filtering to be able to perform zoning at a more detailed level, particularly to the full WWN or to the logical unit number (LUN) level.