Use of IKEv2 in the Fibre Channel Security Association Management Protocol
RFC 4595
| Document | Type |
RFC - Informational
(July 2006; Errata)
Was draft-maino-fcsp (individual in sec area)
|
|
|---|---|---|---|
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text pdf html bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4595 (Informational) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Russ Housley | ||
| Send notices to | (None) | ||
Network Working Group F. Maino
Request for Comments: 4595 Cisco Systems
Category: Informational D. Black
EMC Corporation
July 2006
Use of IKEv2 in the
Fibre Channel Security Association Management Protocol
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This document describes the use of IKEv2 to negotiate security
protocols and transforms for Fibre Channel as part of the Fibre
Channel Security Association Management Protocol. This usage
requires that IKEv2 be extended with Fibre-Channel-specific security
protocols, transforms, and name types. This document specifies these
IKEv2 extensions and allocates identifiers for them. Using new IKEv2
identifiers for Fibre Channel security protocols avoids any possible
confusion between IKEv2 negotiation for IP networks and IKEv2
negotiation for Fibre Channel.
Maino & Black Informational [Page 1]
RFC 4595 IKEv2 in FC-SP July 2006
Table of Contents
1. Introduction ....................................................3
1.1. Requirements Notation ......................................3
2. Overview ........................................................4
3. Fibre Channel Security Protocols ................................5
3.1. ESP_Header Protocol ........................................6
3.2. CT_Authentication Protocol .................................7
4. The FC SA Management Protocol ...................................9
4.1. Fibre Channel Name Identifier ..............................9
4.2. ESP_Header and CT_Authentication Protocol ID ...............9
4.3. CT_Authentication Protocol Transform Identifiers ..........10
4.4. Fibre Channel Traffic Selectors ...........................10
4.5. Negotiating Security Associations for FC and IP ...........12
5. Security Considerations ........................................12
6. IANA Considerations ............................................13
7. References .....................................................14
7.1. Normative References ......................................14
7.2. Informative References ....................................14
Maino & Black Informational [Page 2]
RFC 4595 IKEv2 in FC-SP July 2006
1. Introduction
Fibre Channel (FC) is a gigabit-speed network technology primarily
used for Storage Networking. Fibre Channel is standardized in the
T11 [T11] Technical Committee of the InterNational Committee for
Information Technology Standards (INCITS), an American National
Standard Institute (ANSI) accredited standards committee.
FC-SP (Fibre Channel Security Protocols) is a T11 Technical Committee
working group that has developed the "Fibre Channel Security
Protocols" standard [FC-SP], a security architecture for Fibre
Channel networks.
The FC-SP standard defines a set of protocols for Fibre Channel
networks that provides:
1. device-to-device (hosts, disks, switches) authentication;
2. management and establishment of secrets and security
associations;
3. data origin authentication, integrity, anti-replay protection,
confidentiality; and
4. security policies distribution.
Within this framework, a Fibre Channel device can verify the identity
of another Fibre Channel device and establish a shared secret that
will be used to negotiate security associations for security
protocols applied to Fibre Channel frames and information units. The
same framework allows for distributions within a Fibre Channel fabric
of policies that will be enforced by the fabric.
FC-SP has adapted the IKEv2 protocol [RFC4306] to provide
authentication of Fibre Channel entities and setup of security
associations.
1.1. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Show full document text