Filter
Top Products
396 Fabric OS Administrator’s Guide
53-1002745-02
In-flight encryption and compression overview
14
The port level authentication security feature must be enabled before encryption configuration can
be enabled. Pre-shared secret keys should be configured on both ends of the ISL to perform
authentication. Once the link has been authenticated, the port (E_Port or EX_Port) will use the IKE
protocol to generate and exchange the keys, IV and Salt values.
At this time expiry keys are not supported. This means that the keys generated for a port will remain
the same for as long as the port is online. When a port is segmented, disabled, or taken offline,
a new and different set of keys will be generated when the port is enabled.
All members of the trunk group use the same set of keys as that of the master port, and slave ports
do not perform any key exchanges. If there is an E_Port or EX_Port change due to the master port
going offline, the same set of keys used by the trunk will continued to be used.
How encryption and compression are enabled
Encryption and compression capabilities and configurations from each end of the ISL are
exchanged during E_Port or EX_Port initialization. Capabilities and configurations must match,
otherwise port segmentation or disablement occurs. If the port was configured for compression,
then the compression feature is enabled.
If the port was configured for encryption, authentication is performed and the keys needed for
encryption are generated. The encryption feature is enabled if authentication is successful.
If authentication fails, then the ports are segmented.
You can also decommission any port that has in-flight encryption/compression enabled. See “Port
decommissioning” on page 90 for details on decommissioning ports.
Encryption and compression commands
Here are the commands most commonly associated with the encryption/compression feature.
See the Fabric OS Command Reference for more details on these commands.
portEncCompShow
The portEncCompShow command allows you to view the encryption and compression configuration
on any given port and whether it is active or not. It also shows the port speeds.
This command displays the speed of the port as part of the portStatsShow command. If the speed
is configured as AUTO NEG(otiation), the speed of the port is taken as 16G for capacity calculation
and will be displayed accordingly. The same value will be displayed as part of portEncCompShow
even if the link successfully negotiates a speed other than 16G. See also “Configuring encryption
and compression” on page 399 and the Fabric OS Command Reference for more details.
Usage: portEncCompShow [slot/]port
Example output
switch:admin> portStatsShow 16/17
16 16 011000 id N8 Online FC E-Port 10:00:00:05:33:13:71:3e "switch16
2" (downstream)
17 17 011100 id N8 Online FC E-Port 10:00:00:05:33:13:71:3e "switch16
2"
switch> portenccompshow
User Encryption Compression Config
Port configured Active configured Active Speed
---- ---------- ------ ---------- ------ -----
0NoNoNoNo