FCIP bridges Fibre Channel SANs

Fibre Channel over IP is a proposed IETF standard for linking Fibre Channel fabrics over TCP/IP network links. The protocol can be used as an alternative to connecting storage-area networks via dense wavelength division multiplexing and dark fibre. Tapping a more affordable and available IP service can dramatically reduce the monthly cost of wide-area links and extend the maximum distance between Fibre Channel sites.

FCIP transports Fibre Channel data by creating a tunnel between two endpoints in an IP network. Frames are encapsulated into TCP/IP at the sending end. At the receiving end, the IP wrapper is removed and native Fibre Channel frames are delivered to the destination fabric. This technique is commonly referred to as tunneling, and has historically been used with non-IP protocols such as AppleTalk and SNA.

The technology is implemented using FCIP gateways, which typically attach to each local SAN through an expansion-port connection to a Fibre Channel switch. All storage traffic destined for the remote site goes through the common tunnel. The Fibre Channel switch at the receiving end is responsible for directing each frame to its appropriate Fibre Channel end device.

Multiple storage conversations can concurrently travel through the FCIP tunnel, although there is no differentiation between conversations in the tunnel. From the standpoint of the IP network, the FCIP tunnel is opaque.

An IP network management tool could view the gateways on either side of the tunnel, but can’t zero in on the individual Fibre Channel transactions moving within the tunnel. The tools would thus view two FCIP gateways on either side of the tunnel, but the traffic between them would appear to be between a single source and destination, not between multiple storage hosts and targets.

Connecting Fibre Channel switches creates a single Fibre Channel fabric analogous to bridged LANs or other Layer 2 networks. This means that connecting two remote sites with FCIP gateways creates one Fibre Channel fabric that can extend over miles. This preserves Fibre Channel fabric behaviour between remote locations but could leave the bridged fabric vulnerable to fabric reconfigurations or excessive fabric-based broadcasts.

FCIP gateways are commonly sold in pairs for each tunneled link. Connecting Site A to Site B, for example, would require one pair, while connecting Site A to Site C would require an additional pair of gateways. FCIP is more suitable for point-to-point connections than multi-point connections.

Because FCIP simply wraps and unwraps Fibre Channel frames in IP, there are few ways for vendors to distinguish their gateways. Some manufacturers therefore are reducing FCIP functionality to a blade that inserts into a Fibre Channel switch.

Another proposed IETF standard, Internet Fibre Channel Protocol (iFCP), uses the same Fibre Channel frame encapsulation scheme as FCIP. However, iFCP is a more complex protocol that was designed to overcome the potential vulnerabilities of stretched fabrics, enable multi-point deployments and provide native IP addressing to individual Fibre Channel transactions.

For management, FCIP uses Service Locator Protocol (SLP) to identify FCIP gateways in the IP network. With relatively few FCIP gateways, SLP offers a suitable look-up table mechanism. ISCSI and iFCP can use SLP, but for more complex environments, the Internet Storage Name Server (iSNS) is preferred. FCIP gateways do not support iSNS.

For security, IP Security (IPSec) provides authentication, encryption and data integrity. FCIP also uses IPSec’s automatic key-management protocol, Internet Key Management, for handling the creation and management of security keys.

The FCIP standard is expected to be finalized within a year.

Clark is director of technical marketing and Nishan Systems Inc. and author of IP SANs and Designing Storage Area Networks. He can be reached attclark@nishansystems.com.