Some embodiments described herein relate generally to network switching, and more particularly to switching policies and filters for improved Fibre Channel over Ethernet (FCoE) network switching.
Many modern networks include hardware devices and/or software (executing in hardware) configured to transfer data frames according to one or both of the Ethernet and Fibre Channel networking standards. To allow for interoperability between Ethernet and Fibre Channel resources, these networks often employ a third network protocol known as Fibre Channel over Ethernet (“FCoE”). By encapsulating Fibre Channel frames within an FCoE frame, a network device such as an FCoE gateway can route Fibre Channel frames from one Fibre Channel device to another over an Ethernet network.
FCoE-to-Fibre Channel gateways (“FCoE gateways”) thus are typically capable of: (1) relaying, to a Fibre Channel device (such as a switch), a Fibre Channel frame extracted from an FCoE frame, and (2) encapsulating a received Fibre Channel frame within an FCoE frame that can be forwarded, via an Ethernet network, to another Fibre Channel device (such as a Fibre Channel peripheral processing device). As part of its switching responsibilities, an FCoE gateway may adhere to one or more switching policies, rules or filters that dictate specific switching behavior. Many such filters dictate, for example, whether an FCoE gateway should deliver, drop, or re-direct a received frame based on the frame's type, format, and/or contents.
While such filters allow for more intelligent switching, storage space for these filters is sometimes limited due to scale and cost constraints. More particularly, when an FCoE gateway assigns a distinct Media Access Control (“MAC”) address to each virtual Fibre Channel port instantiated at a peripheral Fibre Channel device, the presence of a filter rule for each MAC address/virtual port pair can result in inefficient use of filter storage space. Thus, a need exists for methods and apparatus to minimize the amount of storage space (i.e., memory) used to store such filters associated with the switching of FCoE frames to Fibre Channel devices.
Additionally, because devices executing on the periphery of a switch fabric system are often untrusted, a need further can exist for methods and apparatus to define one or more filters and/or switching policies to: 1) ensure that all data frames and/or packets received from a peripheral processing device include appropriate header and/or address information, and/or 2) prevent transmission of data frames including “spoofed” sender identity information.