Brocade Fibre Channel Networking Community

Expand all | Collapse all

How to solve FCoIP with two firewall and two NAT?

  • 1.  How to solve FCoIP with two firewall and two NAT?

    Posted 04-02-2014 12:12 AM

    In my case,I want to implement a DR by HP P6000 over FCoIP.

    My topology as follow:

    P6000storage==HP 1606(B7800)--(NAT)--Firewall---Firewall--(NAT)--HP 1606(B7800)==P6000Storage

                                  ge0:172.16.0.128   a.b.216.35                a.b.0.81      ge0:172.20.1.81

                                   gw:172.16.0.254                                                         gw:172.20.0.20

    Hp 1606's firmware is v7.0.0c.The only License is "Enhanced Group Management license" by licenseshow.

    Routes with domain id 31 & 32.

    I do as follow,by no fcipcircuit can create,alway in "InProg" status. my steps:

    local:

    portcfgpersistentdisable 16-23

    portcfg ipif ge0 create 172.16.0.128 255.255.255.0 1500

    portcfg iproute ge0 create a.b.0.0 255.255.255.0 172.16.0.254

    portcmd --ping ge0 -s 172.16.0.128 -d a.b.0.81 ##ping ok

    portcfg fciptunnel 16 create a.b.0.81 172.16.0.128 100000

    portcfg fcipcircuit 16 create 1 a.b.0.81 172.16.0.128 100000

    portcfgpersistentenable 16

     

    remote: portcfg ipif ge0 create 172.20.1.81 255.255.0.0 1500

    portcfg iproute ge0 create a.b.216.0 255.255.255.0 172.20.0.20

    portcmd --ping ge0 -s 172.20.1.81 -d a.b.216.35

    portcmd --traceroute ge0 -s 172.20.1.81 -d a.b.216.35 ##ping ok

    portcfg fciptunnel 16 create a.b.216.35 172.20.1.81 100000 -c 2

    portcfg fcipcircuit 16 create 1 a.b.216.35 172.20.1.81 100000

    portcfgpersistentenable 16

     

    admin> portshow fcipcircuit all

    ------------------------------------------------------------------------------- Tunnel Circuit OpStatus Flags Uptime TxMBps RxMBps ConnCnt CommRt Met ------------------------------------------------------------------------------- 16 1 ge0 InProg ---4--s 0s 0.00 0.00 0 100/100 0

     

    when I call brocade supporter,he told me that 7800 is not support 2 NAT? Is that true ? only have a case,use once NAT,first upgrade firmware,and with many configure

     

    any one can help me ?TKS


    #BrocadeFibreChannelNetworkingCommunity


  • 2.  Re: How to solve FCoIP with two firewall and two NAT?

    Posted 04-02-2014 01:22 AM

    hi,

     

    try using the -connection-type (default|listener|initiator) parameter. As per the FCIP Admin guide, there could be problems configuring the tunnel in a NAT environment if this parameter is not configured.

     

    rgds


    #BrocadeFibreChannelNetworkingCommunity
    #nat
    #fcip


  • 3.  Re: How to solve FCoIP with two firewall and two NAT?

    Posted 04-02-2014 05:37 AM

    tks,I will test it tomorrow

     

    Is that mean I must create 2 tunnel for send  & receive.

    try -C 2,initiator.

    >portcfg fciptunnel 16 create a.b.0.81 172.16.0.128 100000 -C 2

     

    > portshow fcipcircuit all
    -------------------------------------------------------------------------------
     Tunnel Circuit  OpStatus  Flags    Uptime  TxMBps  RxMBps ConnCnt CommRt Met/G
    -------------------------------------------------------------------------------
     16     0 ge0     Disable -I-4--s       0s    0.00    0.00    0   100/100   0/-
    -------------------------------------------------------------------------------
     Flags: circuit: s=sack v=VLAN Tagged x=crossport 4=IPv4 6=IPv6
                     L=Listener I=Initiator


    #BrocadeFibreChannelNetworkingCommunity


  • 4.  Re: How to solve FCoIP with two firewall and two NAT?

    Posted 04-03-2014 06:23 PM

    ,update my topology

     

     

     

    P6000storage==HP 1606(B7800)--(NAT)--Firewall---Firewall--(NAT)--FW(NAT)---HP 1606(B7800)==P6000Storage

                                  ge0:172.16.0.128   a.b.216.35                a.b.0.81        ?        ge0:172.20.1.81

                                   gw:172.16.0.254                                                                   gw:172.20.0.20

    It's with twice NAT remotesite......

     

    .

    after configure --conection-type with I & L at two site.portshow fcipcircuit still Inprog status. VE port is offline

    dl_1606

     Tunnel Circuit  OpStatus  Flags    Uptime  TxMBps  RxMBps ConnCnt CommRt Met/G
    -------------------------------------------------------------------------------
     16     0 ge0     InProg  -I-4--s       0s    0.00    0.00    0  1000/1000  0/-

     

     

    sy_1606:admin> portshow fcipcircuit all
    -------------------------------------------------------------------------------
     Tunnel Circuit  OpStatus  Flags    Uptime  TxMBps  RxMBps ConnCnt CommRt Met/G
    -------------------------------------------------------------------------------
     16     0 ge0     InProg  -L-4--s       0s    0.00    0.00    0  1000/1000  0/-
    -------------------------------------------------------------------------------
     Flags: circuit: s=sack v=VLAN Tagged x=crossport 4=IPv4 6=IPv6
                     L=Listener I=Initiator

     

     

    I test 3225 port with nmap.

    nmap -sU IP -p 3225

    service all up at a.b.216.35 & a.b.0.81.

     

    Any more advice?


    #BrocadeFibreChannelNetworkingCommunity


  • 5.  Re: How to solve FCoIP with two firewall and two NAT?

    Posted 04-09-2014 12:38 AM

    hi,

     

    -->>Hp 1606's firmware is v7.0.0c.The only License is "Enhanced Group Management license"

     

    show to me you have "base model" 6+2

     

    since remain port's and feature are not licensed, the VE Port show offline.

     

    however, I've answered to you email, would suggest you send me all this details, I'll try to help you with the issue if is one.


    #BrocadeFibreChannelNetworkingCommunity