Brocade SAN Fabric Zoning

 

Zoning Brocade switches: zoning overview

Storage area networks (SANs) are deployed at most larger organizations, and provide centralized administration for storage devices and management functions. When multiple clients are accessing storage resources through a SAN, you need a way to limit which targets and logical units each initiator can see. Typically LUN masking is used on the storage array to limit which initiators can see which logical units, and zoning is used on the SAN switches to limit which initiators can see which targets. In the next five blog posts, I plan to provide a step-by-step guide to zoning Brocade switches.

Brocade zoning comes in two main flavors. There is hard zoning (port-based zoning), which allows you to create a zone with a collection of switch ports. The second zoning method is soft zoning (WWN-based zoning), which allows you to create a zone with one or more WWNs. There are tons of documents that describe why you would want to use each form of zoning. I typically use the following two rules to determine which zoning method I will use:

1. Will I ever need to move the host to a different switch or port? If so, I will implement soft zoning.

2. Are there any policies that require me to lock an initiator to a specific port? If so, I will use hard zoning.

I prefer soft zoning, since it provides tons of flexibility when dealing with switch upgrades, faulty SFPs, and defective hardware. But each location has different policies, so it’s best to to take that into account each time you design or implement your zone layout.

To implement zoning on a Brocade switch, the following tasks need to be performed:

1. Add aliases for each port / WWN

2. Add the aliases to a zone

3. Add the zone to a configuration

4. Save and enable the new configuration

Brocade provides awesome zoning documentation, which you can access though the help and zonehelp commands:

 

Zoning Brocade switches: creating aliases

In my previous Brocade post, I talked about Brocade zoning, and mentioned at a high level what is required to implement zoning. Prior to jumping in and creating one or more zones in your fabric, you should add aliases to describe the devices that are going to be zoned together. An alias is a descriptive name for a WWN or port number, which makes your zone configuration much easier to read (if you are the kinda person who can spout off the WWNs of all of the devices in your fabric, you can kindly ignore this post). Brocade switches come with a number of commands to manage aliases, and these commands start with the string “ali”:

aliCreate – Creates a new alias
aliDelete – Deletes an alias
aliRemove – Removes an entry from an alias
aliRename – Renames an existing alias
aliShow – Shows the aliases

To create a new alias, you will first need to locate the WWN(s) or port(s) you want to assign to the alias. The easiest way to do this is by running switchshow on the switch (you can also use the Emulex or QLogic host utilities to gather WWN information):

Fabric1Switch1:admin> switchshow

switchName:    Fabric1Switch1

switchType:    16.2

switchState:   Online   

switchMode:    Native

switchRole:    Principal

switchDomain:  1

switchId:      fffc01

switchWwn:     10:00:00:60:69:c0:32:a4

switchBeacon:  OFF

Zoning:        ON (Brocade3200)

port  0: id N2 Online         F-Port 10:00:00:00:c9:3e:4c:eb

port  1: id N2 Online         F-Port 10:00:00:00:c9:3e:4c:ea

port  2: id N2 No_Light       

port  3: id N2 No_Light       

port  4: id N2 Online         F-Port 21:00:00:e0:8b:1d:f9:03

port  5: id N2 Online         F-Port 21:01:00:e0:8b:3d:f9:03

port  6: id N2 No_Light       

port  7: id N2 No_Light       

Once you know the port numbers or WWNs, you can run the alicreate command, passing it the name of the alias to create, as well as the port or WWN to associate with the alias (if you assign more than one port or WWN to the alias, they need to be separated with a semi-colon):

Fabric1Switch1:admin> alicreate “CentosNode2Port1″, “21:00:00:e0:8b:1d:f9:03″

After an alias is created, you can view it with the alishow command:

Fabric1Switch1:admin> alishow “CentosNode2Port1″
alias: CentosNode2Port1
21:00:00:e0:8b:1d:f9:03

If you make a typo while adding a WWN or port to an alias, you can run aliadd to add the correct WWN or port to the alias, and then execute aliremove to remove the entry that was incorrectly added. If you make a typo in the alias name, you can run alirename to rename the entry. That is all for today. In my next blog post, I will talk about how to create zones.

 

Zoning Brocade switches: creating zones

I previously talked about creating aliases on Brocade switches, and am going to use this post to discuss zone creation. Zones allow you to control initiators and targets can see each other, which enhances security by limiting access to devices connected to the SAN fabric. As previously discussed, we can assign an alias to each initiator and target. Once an alias is assigned, we can create a zone and add these aliases to it. Brocade managed zones with the zone* commands, which are listed below for reference:

zoneadd – Add a member to an existing zone
zoneCopy – Copy an existing zone
zonecreate – Create a new zone
zoneDelete – Delete a zone
zoneRemove – Remove a one from the configuration
zoneRename – Rename a zone
zoneShow – Show the list of zones

To create a new zone, we can run the zonecreate command with the name of the zone to create, and the list of aliases to add to the zone:

Fabric1Switch1:admin> zonecreate “CentOSNode2Zone1″, “NevadaPort1; CentosNode2Port1″

Once the zone is created, we can view it with the zoneshow command:

Fabric1Switch1:admin> zoneshow “CentOSNode2Zone1″

 zone:  CentOSNode2Zone1       

               NevadaPort1; CentosNode2Port1

Now that we have a zone, we need to add it to the switch configuration and then enable that configuration. I will discuss that in more detail when I discuss managing Brocade configurations.

 

 

Zoning Brocade switches: Creating configurations

I’ve previously talked about creating Brocade aliases and zones, and wanted to discuss zone configurations in this post. Brocade zone configurations allow you to group one or more zones into an administrative unit, which you can then apply to a switch. Brocade has a number of commands that can be used to manage configurations, and they start with the string “cfg”:

cfgadd – Add a member to the configuration
cfgcopy – Copy a zone configuration
cfgcreate – Create a zone configuration
cfgdelete – Delete a zone configuration
cfgremove – Remove a member from a zone configuration
cfgrename – Rename a zone configuration
cfgshow – Print zone configuration

To create a new configuration, you can run the cfgcreate command with the name of the configuration to create, and an initial zone to place in the configuration:

Fabric1Switch1:admin>cfgcreate “SANFabricOne”, “CentOSNode1Zone1″

Once the configuration is created, you can add additional zones using the cfgadd command:

Fabric1Switch1:admin> cfgadd “SANFabricOne”, “CentOSNode1Zone2″

To ensure that your changes persistent through switch reboots, you can run cfgsave to write the configuration to flash memory:

Fabric1Switch1:admin> cfgsave

Starting the Commit operation...

0x102572c0 (tRcs): May  8 08:51:37

    INFO ZONE-MSGSAVE, 4, cfgSave completes successfully.

cfgSave successfully completed

To view a configuration, you can run the cfgshow command:

Fabric1Switch1:admin> cfgshow

Defined configuration:

 cfg:   SANFabricOne   

               CentOSNode1Zone1; CentOSNode1Zone2; CentOSNode2Zone1; 

               CentOSNode2Zone2

 zone:  CentOSNode1Zone1       

               CentOSNode1Port1; NevadaPort1

 zone:  CentOSNode1Zone2       

               CentOSNode1Port2; NevadaPort2

 zone:  CentOSNode2Zone1       

               NevadaPort1; CentosNode2Port1

 zone:  CentOSNode2Zone2       

               NevadaPort2; CentosNode2Port2

 alias: CentOSNode1Port1       

               21:00:00:1b:32:04:86:c3

 alias: CentOSNode1Port2       

               21:01:00:1b:32:24:86:c3

 alias: CentosNode2Port1       

               21:00:00:e0:8b:1d:f9:03

 alias: CentosNode2Port2       

               21:01:00:e0:8b:3d:f9:03

 alias: NevadaPort1    

               10:00:00:00:c9:3e:4c:eb

 alias: NevadaPort2    

               10:00:00:00:c9:3e:4c:ea

Effective configuration:

 cfg:   SANFabricOne   

 zone:  CentOSNode1Zone1       

               21:00:00:1b:32:04:86:c3

               10:00:00:00:c9:3e:4c:eb

 zone:  CentOSNode1Zone2       

               21:01:00:1b:32:24:86:c3

               10:00:00:00:c9:3e:4c:ea

 zone:  CentOSNode2Zone1       

               10:00:00:00:c9:3e:4c:eb

               21:00:00:e0:8b:1d:f9:03

 zone:  CentOSNode2Zone2       

               10:00:00:00:c9:3e:4c:ea

               21:01:00:e0:8b:3d:f9:03

Now you may notice in the output that there is a defined and effective configuration. The effective configuration contains the configuration that is currently running on the switch, and the defined configuration contains the configuration that is saved in flash. To make the configuration in flash effective, the cfgenable command needs to be run (this should be run after you make alias/switch/configuration changes and issue a cfgsave):

Fabric1Switch1:admin> cfgenable “SANFabricOne”
Starting the Commit operation…
0x1024f980 (tRcs): Apr 29 20:44:39
INFO ZONE-MSGSAVE, 4, cfgSave completes successfully.

cfgEnable successfully completed

Once the cfgenable runs, the effective configuration will be updated to match the configuration you have defined and saved. This completes this part of the Brocade series, and the final installation will cover switch backups and putting all the pieces together.