System and method for supporting at least one of sub-management packet (SMP) firewall restrictions and traffic protection in a middleware machine environment

摘要

The system and method can provide firewall restrictions for subnet management packets (SMP) in a middleware machine environment. A secure firmware implementation may be provided by a Host Channel Adapter (HCA), which is associated with a host in a middleware machine environment. The secure firmware implementation operates to receive at least one SMP from or destined for the host, or to prevent the host from transmitting or receiving at least one SMP. . Furthermore, the secure firmware implementation may include a proxy function that can communicate with an external management component on behalf of the host. The system and method can provide protection of switch-based subnet management packet (SMP) traffic in a middleware machine environment. The middleware machine environment includes a network switch that operates to receive at least one SMP addressed to a subnet management agent (SMA) component. The network switch can check if at least one SMP contains the correct management key, and if at least one SMP does not contain the correct management key, at least one SMP is forwarded to the designated SMA To prevent that. In addition, the network switch can specify different management keys for each external port, and can enforce separate restrictions on ingress and egress SMP traffic on unique external ports.