Understanding FCoE Transit Switch Functionality
You can use the switch as a Fibre Channel over Ethernet (FCoE) transit switch. An FCoE transit switch is a Layer 2 data center bridging (DCB) switch that can transport FCoE frames, and when used as an access switch for FCoE devices, implements FCoE Initialization Protocol (FIP) snooping. A DCB switch transports both FCoE and Ethernet LAN traffic over the same network infrastructure while preserving the class of service (CoS) treatment that Fibre Channel (FC) traffic requires.
QFX5120 switches can be an FCoE transit switch but don’t support FIP snooping. Without FIP snooping, the FCoE gateway or CNA should filter non-FCoE traffic to Enodes.
QFX10000 switches do not support FIP snooping. Aggregation devices do not need to enable FIP snooping because FIP snooping is performed at the FCoE access edge.
An FCoE transit switch does not encapsulate or de-encapsulate FC frames in Ethernet. It is a switch that transports FC frames that have already been encapsulated in Ethernet between FCoE initiators such as servers and a storage area network (SAN) FC switch that supports both Ethernet and native FC traffic on its interfaces. The transit switch acts as a passthrough switch and is transparent to the FC switch, which detects each connection to an FCoE device as a direct point-to-point link.
When a switch acts as a transit switch, the VLANs you configure for FCoE traffic can use any of the switch ports because the traffic in both directions is standard Ethernet traffic, not native FC traffic.
The Ethernet interfaces that connect to FCoE devices must include a native VLAN to transport FIP traffic, because FIP VLAN discovery and notification frames are exchanged as untagged packets. It is a good practice to keep the native VLAN separate from the VLANs that carry FCoE traffic. FCoE VLANs should carry only FCoE traffic, but other types of untagged traffic might use the native VLAN.
Switches and QFabric system Node devices that use the original CLI (not the Enhanced Layer 2 (ELS) software) only require that you configure the native VLAN on the FCoE interfaces that belong to the FCoE VLAN by including the [set interfaces interface-name unit unit family ethernet-switching native-vlan-id native-vlan-id] statement in the configuration.
Switches that use ELS software require that you include two statements in the configuration to configure a native VLAN on FCoE interfaces. Include the [set interfaces interface-name native-vlan-id vlan-id] statement in the configuration to configure the native VLAN on the interface, and also include the [set interfaces interface-name unit unit family ethernet-switching native-vlan-id vlan-id] statement in the configuration to configure the port as a member of the native VLAN.
FCoE traffic should use a VLAN dedicated only to FCoE traffic. Do not mix FCoE traffic with standard Ethernet traffic on the same VLAN.
An FCoE VLAN (any VLAN that carries FCoE traffic) supports only Spanning Tree Protocol (STP) and link aggregation group (LAG) Layer 2 features.
FCoE traffic cannot use a standard LAG because traffic might be hashed to different physical LAG links on different transmissions. This breaks the (virtual) point-to-point link that Fibre Channel traffic requires. If you configure a standard LAG interface for FCoE traffic, FCoE traffic might be rejected by the FC SAN.
QFabric systems support a special LAG called an FCoE LAG, which enables you to transport FCoE traffic and regular Ethernet traffic (traffic that is not FCoE traffic) across the same link aggregation bundle. Standard LAGs use a hashing algorithm to determine which physical link in the LAG is used for a transmission, so communication between two devices might use different physical links in the LAG for different transmissions. An FCoE LAG ensures that FCoE traffic uses the same physical link in the LAG for requests and replies in order to preserve the virtual point-to-point link between the FCoE device converged network adapter (CNA) and the FC SAN switch across the QFabric system Node device. An FCoE LAG does not provide load balancing or link redundancy for FCoE traffic. However, regular Ethernet traffic uses the standard hashing algorithm and receives the usual LAG benefits of load balancing and link redundancy in an FCoE LAG.
IGMP snooping is enabled by default on all VLANs in all software versions before Junos OS Release 13.2. Disable IGMP snooping on FCoE VLANs if you are using software that is older than Junos OS Release 13.2.
On a QFX3500 switch or on a QFabric system Node device, the same VLAN cannot be used in both transit switch mode and FCoE-FC gateway mode. (Only QFX3500 switches can be configured in FCoE-FC gateway mode.) If you configure both a transit switch and an FCoE-FC gateway on the same QFX3500 switch or QFabric system Node device, configure different FCoE VLANs for the transit switch and the FCoE-FC gateway.
To support FCoE traffic, transit switches require DCB configuration to implement the lossless transport of FCoE traffic across the Ethernet portion of the network, and transit switches on the access edge require enabling FIP snooping on the FCoE access ports.
With the exception of Virtual Chassis (VC) and mixed-mode Virtual Chassis Fabric (VCF) configurations, switches support the DCB standards for ensuring lossless transport and low latency, and provide 10-Gbps ports for FCoE traffic. VCF configurations that use only QFX5100 switches support DCB standards. For lossless transport to function correctly, you must use priority-based flow control (PFC, described in IEEE 802.1Qbb) to prevent FCoE packet loss during periods of congestion and ensure proper CoS for FCoE traffic.
On the FCoE access edge, FIP snooping adds security by filtering access. Only traffic from servers that have successfully logged in to the FC network can pass through the transit switch and reach the FC network. The Technical Committee T11 organization specifications describe two types of FIP snooping:
The FC-BB-5 specification describes VN_Port to VF_Port (VN2VF_Port) FIP snooping, which provides security for communication between FCoE device VN_Ports on the Ethernet network and FCF or FC switch VF_Ports.
The FC-BB-6 specification describes VN_Port to VN_Port (VN2VN_Port) FIP snooping, which provides security for communication between FCoE device VN_Ports on the Ethernet network.
To accommodate the larger size of Ethernet-encapsulated frames, FCoE interfaces should be configured with a maximum transmission unit (MTU) size of at least 2180 bytes.
At the access edge, a transit switch transparently connects FCoE-capable devices such as servers in an Ethernet LAN to an FC switch or to a gateway switch (hereafter referred to as the FC switch), as shown in Figure 1. The transit switch acts as a transparent DCB access layer between FCoE servers and the FC switch.
The transit switch performs FIP snooping at the ports connected to the FCoE devices. For VN2VF_Port FIP snooping, at the SAN edge, the FC switch must be able to convert the FCoE traffic to native FC traffic. (VN2VN_Port FIP snooping switches traffic between VN_Ports directly through the transit switch, without going through the FC switch, so no conversion of FCoE traffic to native FC traffic is needed.)
Encapsulated FCoE traffic flows through the transit switch to the FCoE ports on the FC switch. The FC switch removes the Ethernet encapsulation from the FCoE frames to restore the native FC frames. Native FC traffic travels out native FC ports to storage devices in the FC SAN.
Native FC traffic from storage devices flows to the FC switch FC ports, and the FC switch encapsulates that traffic in Ethernet as FCoE traffic. The FCoE traffic flows through the transit switch to the appropriate FCoE device.
The FC switch and FC fabric apply appropriate zoning checks on traffic to and from each ENode and provide FC services (for example, name server, fabric login server, or event server).
VN_Port to VN_Port FIP snooping is supported to allow FCoE initiators and targets to communicate directly through the switch without going through an FCoE forwarder (FCF) or an FC switch. An FCoE VLAN can support either VN2VF_Port FIP snooping (FC-BB-5) or VN2VN_Port FIP snooping (FC-BB-6), but not both. The same switch can have multiple FCoE VLANs configured, some FCoE VLANs for VN2VF FIP snooping traffic and others for VN2VN FIP snooping traffic.
Transit switches do not have to be FCoE access edge switches. Transit switches can be intermediate switches between a transit switch at the FCoE access edge and the FC switch. In this case, intermediate transit switches do not need to perform FIP snooping because only the access edge transit switch needs to filter traffic between the FCoE device and the FC network. Once that traffic has been processed by the FIP snooping filters, it does not need to be filtered again. However, intermediate transit switches must support DCB standards to preserve the lossless transport and other CoS characteristics required for FC traffic.