Brocade Zoning

Introduction to SANs
Brocade Zoning
Rev. 4.21
Brocade Zoning
Rev. 4.21
Brocade Zoning
Security Comparisons
Data access can be implemented at several different levels within the SAN environment. Each of these has advantages and disadvantages. The level selected will be chosen for the particular needs of the customers SAN environment. Host level security offers a single point of management for a large data center. Hosts with many different operating systems can be managed by Open View Storage Area Manager, as clients. However, a host that lacks the software may be unaware of the disk allocations and may access and corrupt storage in the SAN. Switch level security may be more secure than host security, but can be constrained by the topology. Port zoning is very limiting for topologies that have many devices connected through hubs. Switch level zoning cannot separate LUN access for a given device. Device level security is highly secure, but may require time-consuming administration to implement. Not all devices have this function. Firmware changes on these devices may alter the security function, and can impact the availability of the device.
Rev. 4.21
Brocade Zoning
Overview Brocade Zoning Product

Microsoft Windows and HP-UX do not interact well on the same fabric. If the hbas of the two operating systems see each other, data corruption can occur. Another example for creating zones is to secure devices from each other, such as: payroll, engineering data, corporate finance. You cannot zone down to the LUN level. This is accomplished using Secure Manager or Selective Storage Presentation.
Rev. 4.21
Brocade Zoning
Zoning Example
Zones may be configured dynamically. The number of zones and zone members are effectively unlimited. Zones vary in size and shape, depending on the number of Fabric connected devices and device locations. Devices may be members of more than one zone. This is called overlapping zones. In addition, multiple configurations can be created, as an example, for enterprise backup and for normal work access. Zone members see only members in their zones and, therefore, access only one another. A device not included in a zone is not able to access any devices devices.
Rev. 4.21
Brocade Zoning
Rev. 4.21
Brocade Zoning
Zone Enforcement
Soft zoning Soft zoning is software enforced Brocade zoning. The zoning enforcement is implemented in the firmware, using the entries of the Simple Name Server to determine if the transaction is allowed. The members of the zones must be good citizens. A good citizen is a member that uses the Name Server, supports RSCN (Remote State Change Notification) and does not circumvent the Name Server for access to other ports. A bad citizen is a node that probes the switch, either because of malfunction or malice, to access a device that it should not access. What this means is if there is a server/HBA/Driver that will probe the ports on the switch, that server/HBA/Driver would be able to talk to any device it found because it did not use the Name Server and behave properly. In the Brocade 2x00 Silkworm switches, WWN zoning is software enforced. The term soft zoning became used to mean the same thing as World-wide Name zoning. In the Brocade 3x00 Silkworm switches, WWN zoning can be hardware enforced. It is important to separate the enforcement from the format for zoning. Hard zoning Hard zoning is hardware enforced zoning. Zoning is enforced by the ASIC. It is not vulnerable to probing by a bad citizen node. In the Brocade 2x00 Silkworm switches, port zoning is enforced in the hardware. The term hard zoning came to mean the same thing as port zoning. With the 3x00 Silkworm switches, WWN zoning is also hard zoning. This terminology is no longer valid.
Rev. 4.21
Brocade Zoning
Brocade 2x00 zoning

Zoning is enabled differently on the 2x00 family and the 3x00 family. On the 2x00 Silkworm switches, WWN zoning is enforced with software, relying on Simple Name Server entries for validation. WWN zoning has been called soft zoning because of this implementation. Port zoning is enforced in the ASIC hardware. Port zoning has been called hard zoning because of this implementation. However, this naming is no longer correct because of the changes in the 3x00 Silkworm switches. The references to hard and soft zoning must be differentiated from those to port and WWN zoning. Hardware enforced zoning is inherently more secure than software enforced zoning. A node, through malice or malfunction, may succeed in accessing a port outside its zone if it bypasses the Simple Name Server and probes directly for WWNs.
Rev. 4.21
Brocade Zoning
2x00 Silkworm Zoning Examples

Hard Zoning In the 2x00 Silkworm switch, hard zoning is used to enforce Port zoning. In the examples shown, the alias for port zoning defines the device associated with the alias name using the domain and port. The alias can then be used as a member when defining a zone (pZone1). However, aliases are not required. A zone can be defined using the domain and port reference (pZone2). Soft Zoning In the 2x00 Silkworm switch, soft zoning is used to enforce World-wide Name zoning. In the examples shown, the alias for WWN zoning defines the device associated with the alias name using the world-wide name. The alias is then used as a member when defining the zone (pZone3). A fourth zone is shown where the world-wide name is directly entered in the zone definition (pZone4) Mixed Configurations Where both port and WWN references are used in the configuration definitions, the enforcement will default to software zoning.
Rev. 4.21
10
Brocade Zoning
3x00 Silkworm Zoning

The 3rd Generation ASIC on the 3x00 Silkworm switches can enforce both Port and WWN zoning. Therefore, both Port and WWN zoning are hard zones. The term hard zoning can no longer refer to port zoning.
Rev. 4.21
11
Brocade Zoning
Rev. 4.21
12
Brocade Zoning
Soft porting
In the example shown, the device identified as Host1a is defined using port zoning in Zone1, and defined using its WWN in Zone3. Either definition alone would result in Hard zoning. However, when the device is defined in each zoning type within a single configuration, the switch will not be able to enforce zoning within the ASIC. Soft zoning will be used, instead.
Rev. 4.21
13
Brocade Zoning
Error / Warning Codes

Some common error codes are shown here. They point to configuration conditions which should be corrected for proper zoning function. HARDSOFTMIX(warning) - Overlapping SOFT/FA and HARD zones. A device is defined in a soft zone or in a loop (using AL-PA) and in a hard zone. Soft zoning will be used to enforce the zoning for all zones. WWNINPORT Overlapping hard WWN and PORT zones. A device is configured in a 3x00 Silkworm switch. It is configured using WWN in a WWN zone and using the domain/port in a Port zone. Soft zoning will be used to implement the zoning. FAQLMIX Overlapping hard WWN or PORT zones with QL or FA zones A device has been configured in a Fabric Assist or QuickLoop zone using the AL-PA. The same device is defined in another zone using either the WWN or the port. DRIVERERR port-level detected unknown error NOMORECAM port-level depleted hardware resource CHECKBADWWN WWN probing detected
Rev. 4.21
14
Brocade Zoning
Port Zoning
Port zoning is defined within the Brocade switch by specifying the switch Domain and physical Port. In the example there are two zones defined: the Orange Zone and the Green Zone. Access is allowed only through the specified port. If the cable to a port is moved to another port, the device will be unavailable. If the port is down or disabled, there will be no device access on that path. This example shows alternate paths in the zones. Port zoning logic is consistent with the HP-UX address and device file structure. Port zoning cannot separate or individually identify zone members of a looplet. All devices on the loop are defined in the zone by the port. Port zoning can be a disadvantage for consolidated storage devices, like the XP family. All the LUNs accessed through the port belong to the zone.
Rev. 4.21
15
Brocade Zoning
World-wide Name Zoning

WWN zoning is defined within the Brocade switch by specifying the node World-Wide Name. In the example there are two zones defined: the Orange Zone and the Green Zone. The 2x00 Silkworm switch uses the Simple Name Server to identify the host and target devices. The 3x00 Silkworm switch uses the ASIC to identify the hosts and targets. WWN zoning has been called soft zoning because it is enforced through software on the 2x00 Silkworm switches. This reference is no longer valid for 3x00 Silkworm switches which use hard zoning for WWN and port zones. Access is not limited to a specified port. If the cable to a port is moved to another port, the device will still be available. However, on HP-UX, the target device now has a new devicefile name. This example shows alternate paths in the zones. WWN zoning can separate or individually identify zone members of a looplet. All devices on the loop are defined in the zone by the individual node WWNs. Usually the port WWN is specified. On 3x00 Silkworm switches, there is some performance degradation while WWN zoning is initiated. Performance will increase to normal after initialization.
Rev. 4.21
16
Brocade Zoning
Rev. 4.21
17
Brocade Zoning
Rev. 4.21
18
Brocade Zoning
Rev. 4.21
19
Brocade Zoning
Rev. 4.21
20
Brocade Zoning
Enters configuration information into SDRAM only.
Rev. 4.21
21
Brocade Zoning
Flash memory gets updated on a cfgenable
Rev. 4.21
22
Brocade Zoning
Cfgdisable only disables the effective configuration.
Rev. 4.21
23
Brocade Zoning
Cfgclear does not clear the effective (active) configuration.
Rev. 4.21
24
Brocade Zoning
If you have issued a cfgclear and then a cfgsave the switch will now save the cleared SDRAM into flash and everything in the switch will be cleared.
Rev. 4.21
25
Brocade Zoning
Creating a Configuration Example

The following sequence of commands creates and enables a configuration called Day_Time, which is made up of two zones, Red_Zone and Blue_Zone aliCreate Red_Server, 10:00:00:00:c9:20:29:22 aliCreate Blue_Server, 1,6 aliCreate Blue_Storage , 50:00:0b:00:00:07:d0:c8 aliCreate Red_Storage , 1,5 zoneCreate Red_Zone, Red_Server; Red_Storage zoneCreate Blue_Zone, Blue_Server; Blue_Storage cfgCreate Day_Time, Red_Zone; Blue_Zone cfgEnable Day_Time configUpload
Alternate forms of the commands:

zoneCreate Red_Zone ,10:00:00:00:c9:20:29:22;50:00:0b:00:00:07:d0:c8 zoneCreate Blue_Zone , 1,6;1,5
Rev. 4.21
26
Brocade Zoning
Changes to the Fabric

Adding a new Switch/Fabric: A new switch is a switch that has not previously been connected to a Fabric with ZONING configured or adding a Fabric that has not previously had Zoning configured or, been cleared by using the cfgClear command before connecting it to the Fabric. When a new switch or Fabric is connected to a zoned Fabric, all zone configuration data is immediately copied from the zoned Fabric into the new switch/Fabric. If a zone configuration is enabled in the Fabric, then the same configuration becomes enables in the new switch. After this operation, the cfgShow command displays the same output on all switches in the Fabric, including the new switch.
Rev. 4.21
27
Brocade Zoning
Rev. 4.21
29
Brocade Zoning
Rev. 4.21
30
Brocade Zoning
Rev. 4.21
31
Brocade Zoning
Rev. 4.21
32
Brocade Zoning
Rev. 4.21
33
Brocade Zoning
Learning Check
1. What is the difference between hard and soft zoning? . . 2. Describe the relationship between zone members, zones, and zoning configurations. . . 3. What is the process for merging two separate fabrics together as it pertains to zoning? . .
Rev. 4.21
34
Brocade Zoning
Rev. 4.21
35
Brocade Zoning
Rev. 4.21
36

Brocade Zoning

Enviado por

Dados do documento

Descrição original:

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Brocade Zoning

Enviado por

Direitos autorais:

Formatos disponíveis

Introduction to SANs

Overview Brocade Zoning Product

Brocade 2x00 zoning

2x00 Silkworm Zoning Examples

3x00 Silkworm Zoning

Error / Warning Codes

World-wide Name Zoning

Enters configuration information into SDRAM only.

Flash memory gets updated on a cfgenable

Cfgdisable only disables the effective configuration.

Cfgclear does not clear the effective (active) configuration.

Creating a Configuration Example

Alternate forms of the commands:

Changes to the Fabric

Você também pode gostar