Brocade Zoning

Module 8

Objectives
This module prepares students to:
Describe zoning concept advantages and
limitations
Define the different types of zoning for Brocade
switches
Configure a multiple zone fabric
Perform merging of two fabrics with zoning
configurations

Security Comparisons
Comparisons of different security models

Host Level
(OV-SAM Allocater)

Infrastructure level
(Switch zoning)

Device Level (Secure

Manager XP/VA, Selective
Storage Presentation,
EVA/MA)

Advantages

Disadvantages

Mixed heterogeneous devices

Independent of target devices
Ease the management of a storage pool.

Management software is host/HBA specific

and must be present on all hosts in the SAN to
be effective.
Someone can plug a host into the SAN that
can see and corrupt data. This is particularly
vulnerable in a multiple campus situation.

Independent of hosts and target devices.

Safe-guard unauthorized hosts to interrupt
the SAN

Granularity is at port and node level or

WWN level (Not LUN level).
When connecting switches from different
vendors, zoning choices may be limited.
Most switch vendors use WWN zoning when
flexibility is required. (i.e. Separating devices
on loop into different zones.)

Best granularity LUN level

Best safe-guarded from anywhere

Device dependent low end array or JBOD

may not support this function.
Administration may become cumbersome for
large node counts (e.g. 200 NT servers sharing
a LUN for mail database.)
Firmware changes can disturb settings
(Secure Manager Only)

Overview Brocade zoning product

Licensed product, part of the standard HP bundle
Allows a finer segmentation of Storage Area Networks
Used to setup barriers between different operating environments
to deploy logical Fabric subsets by creating defined user groups
to create test or maintenance areas that are separate within the
Fabric
Allows the flexibility to manage a SAN to meet different closed user
groups objectives

Zoning Example

The server in the red zone sees one loop of disks and one tape
The server in the blue zone sees two storage arrays
The server in the green zone sees one loop, one array, and one
tape
No server sees loop 2

Zoning
Components
Fabric
A Hierarchical Structure
Cfg_I
Fabric may have more than one Cfg
Only one Cfg can be active
Cfg is a container for zones
Zones may overlap
Zone is a container for members
Members may be Defined with
Aliases
Member can be
A fabric physical port number
A node or port WWN
An AL_PA
An Alias

Zone_ABC
Member#1
Member#2

Member#n

Zone_XYZ

Cfg _N

Zoning enforcement
mechanisms
Soft Zoning: Name-Server assisted
Name Server restricts visibility
Always available when zoning enabled
elies o `good itize s for se urit No WWN
probing)
No reduction in performance
Hard Zoning: Hardware enforced
Available when certain rule conditions are met
through hardware logic checking
Provides additional security in addition to Soft
zoning
I hi its illegal a ess fro ` ad itize s

2x00 zoning
Mechanisms

Soft Zoning for WWNs

Hardware Zoning for Domain, Port
Enforced at fabric-level
QuickLoop Soft Zoning for AL-PAs

Granularity
(domain, port), WWNs, AL-PA (QuickLoop)

Security
Hardware enforcement is very secure
Probing possible when soft zoning

2x00 zoning examples

Hardware Zoning (2x00 Silkworm)

Port Zoning (Domain, Port) is enforced in hardware.

Hard are e for ed zo i g possi le o l he o WWN e ists i Effe ti e Co figuratio
Example:
aliCreate Host a , ,
aliCreate torage a , ,
zo eCreate p)o e , Host a; torage a
zo eCreate p)o e , , ; ,

Software Zoning (2x00 Silkworm)

oft are e for ed zo i g he WWN e ists i Effe ti e Co figuratio

Example:
aliCreate Host ,
: : : : : f:
aliCreate torage ,
: : : : : f:
zo eCreate p)o e , Host ; torage
zo eCreate p)o e ,
: : : : : f: ; : : : :
Mixed configurations are enforced in Soft zoning, as with the following command:
zo eCreate )o e
, ; WWN

: f:

3x00 zoning
Mechanism
Port-level zoning is Hardware Enforced
WWN zoning is Hardware Enforced
Mixed zones, Fabric Assist zones and Quick Loop zones remain enforced
through Name Server (Soft zoning)
Granularity
Same as in v2.x
Security
Hardware enforced zoning is very secure
Probing is still possible for ports with no hardware enforcement

3x00 zoning examples

The Effe ti e Co figuratio

a o tai oth hard a d soft zo es.
Hardware Zoning (3x00 Silkworm)
Port Zoning (Domain, Port) or WWN zoning is enforced in hardware.
Example:
aliCreate Host a , ,
aliCreate torage a , ,
zo eCreate p)o e , Host
zo eCreate p)o e , , ;
aliCreate Host ,
: :
aliCreate torage ,
:
zo eCreate p)o e , Host
zo eCreate p)o e ,
:

a; torage a
,
: : : f:
: : : : f:
; torage
: : : : f: ;

: f:

Software Zoning (3x00 Silkworm)

Mixed configurations are enforced in Soft zoning, as with the following command:

zo eCreate )o e
, ; WWN

Soft Porting

If a device is defined by port (D,P) in one zone and by WWN in another, the
hardware enforcement at the port will be turned OFF and the zoning control will
e o trolled Na e er er. This is alled soft porti g .
Example:
aliCreate Host a , ,
aliCreate torage a , ,
zo eCreate p)o e , Host a; torage a
zo eCreate p)o e , , ; ,
aliCreate Host a ,
: : : : : f:
aliCreate torage ,
: : : : : f:
zo eCreate p)o e , Host ; torage
zo eCreate p)o e ,
: : : : : f: ; : : : : : f:

Host1a is defined by port zoning in pZone1 and by WWN zoning in pZone3.

Zoning Rules(3x00)
ERROR/WARNING CODES

HARDSOFTMIX(warning) - Overlapping SOFT/FA and HARD zones.

WWNINPORT Overlapping hard WWN and PORT zones.
FAQLMIX Overlapping hard WWN or PORT zones with QL or FA zones
DRIVERERR port-level detected unknown error
NOMORECAM port-level depleted hardware resource
CHECKBADWWN WWN probing detected

Port Zoning
Orange Zone: Host
1,1;2,11;
O 2,11
1,1
1,8;
1,5;2,15;
1
11
1,4;2,14
8 Switch 1
1,8

Bridge

15 4

2,1

11

Switch 2

14

Green Zone:
2,1;1,11;
2,8;
2,5;1,15;
2,4; 1,14

Host
G 1,11

2,8
Bridge

5 15

14 4

DLT

DLT DLT
1,4
1,5

2,15

XP

2,14

HSG

1,14

2,4

HSG

2,5

1,15

XP

DLT

World-Wide
Name
Zoning
Green Zone:
Orange Zone:
Host O

O-L0/6;O-L0/7
O-DLTS;
O-XP1;O-XP2
O-FC1, O-FC2

B-L0/6

B-L0/7

1
8
B-DLTS

Bridge

Host
G
G-L0/6

G-L0/7

11

11

Switch 1
15 4

Switch 2

14

14 4

G-L0/6;G-L0/7
G-DLTS;
G-XP1; G-XP2
G-FC1; G-FC2

G-DLTS

Bridge

5 15

DLT

DLT DLT
B-FC1
B-XP1

B-XP2

B-FC2

HSG

XP
B-L0/6: 50:06:0b:00:00:e6:e8

G-FC1

G-FC2

HSG

G-XP1

G-XP2

XP

DLT

Zoning commands (1 of 4)
Zoning commands are issued from any switch in a
fabric (you must be logged-in to the admin
account) to manage zones, zone aliases, and zone
configurations.
This is also true when working from the zoning GUI.

All add, create, delete, and remove commands

modify the defined configuration only.
Very important: This has no effect on the effective
o figuratio u til ou e e ute a fgE a le o
a d.

Zoning
commands
(2
of
4)
Configuration commands allow you to manipulate fabric
configurations:

cfgAdd Adds a zone to a configuration.

cfgCreate Creates a zone configuration.
cfgDelete Deletes a zone configuration.
cfgRemove Removes a zone from a configuration.
cfgShow Shows the zone configurations (defined and
effective).

Alias commands allow you to manipulate zone aliases:

aliAdd Adds a member to a zone alias.

aliCreate Creates a zone alias.
aliDelete Deletes a zone alias.
aliRemove Removes a member from a zone alias.
aliShow Shows all defined aliases.

Zoning commands (3 of 4)
Zone commands allow you to manipulate zones.

zoneAdd Adds a member to a zone.

zoneCreate Creates a zone.
zoneDelete Deletes a zone.
zoneRemove Removes a member from a zone.
zoneShow Shows all defined zones.

Zoning
commands
(4
of
4)
Management commands allow you to manipulate
preexisting configurations.
cfgEnable Enables a zone configuration.
cfgDisable Disables a zone configuration (caution).
Note: You should disable the effective configuration by
enabling another configuration (for example, cfgEnable
e _ o figuratio .
cfgSave Saves all zoning information into flash memory.
(to all switches in the fabric)
cfgShow Shows all zoning information.
cfgClear Clears all zone configurations.
Must be followed by a cfgSave.
If it is your intention to get rid of all zoning fabric-wide, with
switch FW v2.6.0c, this command must be preceded by a
cfgDisable command.

Zone Management Commands (1 of 5)

Brocade SilkWorm
Configuration
Definitions

Create
Configurations
aliCreate
zoneCreate
cfgCreate

Enabled
Configuration

cfgEngMkt
ZoneEng
ZoneMkt

SDRAM

Switch
Domain
1

Flash
Memory

Zone Management Commands (2 of 5)

cfgEnable

cfgEngMkt

Brocade SilkWorm
Configuration
Definitions
cfgEngMkt
ZoneEng
ZoneMkt

Enabled
Configuration

cfgEngMkt
ZoneEng
ZoneMkt

SDRAM

Switch
Domain
1

Flash
Memory

Zone Management Commands (3 of 5)

cfgDisable
Brocade SilkWorm
Configuration
Definitions
cfgEngMkt
ZoneEng
ZoneMkt

Enabled
Configuration

cfgEngMkt
ZoneEng
ZoneMkt

SDRAM

Switch
Domain
1

Flash
Memory

Zone Management Commands (4 of 5)

cfgclear
Brocade SilkWorm
Enabled
Configuration

Configuration
Definitions

cfgEngMkt
ZoneEng
ZoneMkt

SDRAM

Switch
Domain
1

Flash
Memory

Zone Management Commands (5 of 5)

cfgSave
Brocade SilkWorm
Configuration
Definitions
cfgEngMkt
ZoneEng
ZoneMkt

Enabled
Configuration

cfgEngMkt
ZoneEng
ZoneMkt

SDRAM

Switch
Domain
1

Flash
Memory

Writes name
Only to
flash

Creating a Configuration Example

=> aliCreate Alias_Name,member;member;member

=> zoneCreate Zone_Name,Alias_Name;1,2; WWN
=> cfgCreate cfg_Name,Zone_Name;Zone_Name
=> cfgEnable cfg_Name
=> cfgSave cfg_Name
=> configUpload host_IP,user,/file_name,password

Changes to the Fabric

Adding a new switch/fabric
Not previously had zoning or cfgClear command has been run
When added, all zone configuration data is copied from the zoned fabric into the
new switch/fabric

Merging two switches/fabric

If both fabrics have identical zone configuration data and the same configuration
is enabled, fabrics join for one larger fabric
If fabrics have different zone configuration data, the ISL is segmented. One
switch configuration may become disabled.

Splitting fabric
If an ISL goes down, causing a fabric to split into two separate fabrics, then each
new fabric retains the same zone configuration
Fabric will re-merge when ISL is back up and no zone changes have been made

Zoning Example #1
ZoneG is enabled. Which devices can Host A see?
Which devices can Host B see?

Host A

0/2/0/0

0/4/0/0

Host B

0/2/0/0

0/4/0/0

ZoneG: 6,0; 6,3

3
7

Switch
6

15

3
8

Switch
7

15 0

DLT

DLT
FC10

XP

FC10

XP

Zoning Example #2a

1)No ISL: ZoneB on Domain6. No Zone on Domain7.
Which devices can Host A see? Which devices can Host B see?

Host A

Host B

ZoneB: 6,0; 6,3; 6,7; 6, 15

3
7

Switch
6

15

Switch
7

15 0

DLT

DLT
FC10

XP

FC10

XP

Zoning Example #2b

After connecting the ISL, which devices can Host A see?
Which devices can Host B see?

Host A

Host B

ZoneB: 6,0; 6,3; 6,7; 6, 15

3
7

Switch
6

15

Switch
7

15 0

DLT

DLT
FC10

XP

FC10

XP

Zoning Example #3a

No ISL: ZoneB on Domain6. ZoneG on Domain7.
Which devices can Host A see? Which devices can Host B see ?

Host A

Host B

ZoneB: 6,0; 6,3

ZoneG: 7,0; 7,3

3
7

Switch
6

15

Switch
7

15 0

DLT

DLT
FC10

XP

FC10

XP

Zoning Example #3b

After connecting the ISL, which devices can Host A see?
Which devices can Host B see?

Host A

Host B

ZoneB: 6,0; 6,3

ZoneG: 7,0; 7,3

3
7

Switch
6

15

Switch
7

15 0

DLT

DLT
FC10

XP

FC10

XP

Learning check

Lab title
Lab #