IFCP melds Fibre Channel and IP

By Prasad Pammidimukkala

Internet Fibre Channel Protocol is a standard for running Fibre Channel traffic over a TCP/IP network. Acting as a gateway, iFCP lets you link Fibre Channel RAID arrays, switches and servers to IP storage networks while preserving infrastructure investments.

IFCP works by wrapping Fibre Channel data in IP packets and mapping IP addresses to individual Fibre Channel devices. Each Fibre Channel device has its own identity in the IP network so it can individually send storage traffic to, and receive storage traffic from, other nodes in the IP network. By terminating the Fibre Channel signaling at the iFCP gateway and carrying the storage traffic over IP networks, iFCP breaks the distance barrier of traditional Fibre Channel networks, which can extend only 6.2 miles.

IFCP differs from another proposed Internet Engineering Task Force draft standard, Fibre Channel over IP (FCIP). FCIP is a simple tunneling protocol that interconnects two Fibre Channel fabrics to form one large fabric. As such, FCIP is analogous to the bridging approach for extending Layer 2 networks and doesn't offer the fault-isolation capabilities of iFCP.

When internetworking Fibre Channel fabrics, each iFCP gateway domain operates as an autonomous system whose configuration is invisible to the IP network and other iFCP gateway domains. While storage traffic between two nodes in an iFCP gateway is switched or routed using native Fibre Channel, traffic that spans multiple iFCP gateways is encapsulated into iFCP, and then mapped to an IP addresses so that it can be switched and routed through the IP network.

Each pair of Fibre Channel nodes that communicates across the IP network establishes a separate iFCP session, letting iFCP implementers tweak quality-of-service parameters at a very precise level.
Along with utilizing the built-in TCP congestion control, error detection and recovery mechanisms, iFCP also provides robust error handling on the Fibre Channel side. Error handling is done at a session level wherever possible, so as not to affect storage traffic that might be in transit between other devices.

In the same way that subnet routing provides fault isolation for Layer 2 networks, iFCP brings subnet characteristics to Fibre Channel fabrics. Fibre Channel fabric reconfigurations and state-change notification broadcasts are restricted to the individual fabric subnet. This capability enables, for the first time, massively scalable storage-area networks (SAN).

Another popular application of iFCP is SAN-to-SAN interconnection. Fibre Channel networks are connected to iFCP gateways, which in turn communicate over a metropolitan-area network or WAN.

Management and security

The Internet Storage Name Server (iSNS) facilitates automated discovery, management and configuration of iSCSI and Fibre Channel devices on a TCP/IP network. ISNS provides intelligent fabric services such as asynchronous notification to end nodes of changes in the iFCP network and segmentation of network resources into logical groups called discovery domains for management and security. In a Fibre Channel fabric, the Simple Name Server provides these services.

From a security standpoint, IP storage networks combine the elementary zoning and logical unit number masking and zoning partitioning techniques with more advanced industry-standard security features available in IP networking. IFCP relies on IP Security (IPSec) to provide authentication, encryption and data integrity. It also uses IPSec's automatic key management protocol, Internet Key Management, for handling the creation and management of security keys.

The iFCP specification is a proposed standard within the IETF IP Storage Working Group and is expected to be finalized next year. You can obtain the latest iFCP draft here.

Pammidimukkala is a director of product management for Nishan Systems and is also the iFCP subgroup chair in the SNIA IP Storage Forum. He can be reached at prasad@nishansystems.com.

This document is provided for informational purposes only. The information contained represents the current view of the author on issues discussed as of the date of publication. Because TheManageMentor must respond to changes in market conditions, it should not be interpreted to be a commitment on the part of TheManageMentor or the content author. TheManageMentor cannot guarantee the accuracy of any information presented after the date of publication. The user assumes the entire risk as to the accuracy and the use of this document.

Information Provided In This Document Is Provided "As Is" Without Warranty Of Any Kind, Either Express Or Implied, Including But Not Limited To The Implied Warranties Of Merchantability, Fitness For A Particular Purpose And Freedom From Infringement. This document may not be copied or distributed. All trademarks acknowledged.