Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
99 views33 pages

Fabric Overview: Emc Confidential-Internal Use Only

Zoning enables access control between storage devices or user groups in a fabric. It increases security by only allowing devices within the same zone to communicate. Zones can vary in size and devices can belong to multiple zones. A zone set contains one or more zones and only one zone set can be active at a time to enforce the access controls. Zoning is administered across all switches in a fabric and changes can be made non-disruptively.

Uploaded by

Srikanth Kadiyala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
99 views33 pages

Fabric Overview: Emc Confidential-Internal Use Only

Zoning enables access control between storage devices or user groups in a fabric. It increases security by only allowing devices within the same zone to communicate. Zones can vary in size and devices can belong to multiple zones. A zone set contains one or more zones and only one zone set can be active at a time to enforce the access controls. Zoning is administered across all switches in a fabric and changes can be made non-disruptively.

Uploaded by

Srikanth Kadiyala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 33

Fabric Overview

EMC CONFIDENTIALINTERNAL USE ONLY 1


Zoning Overview

-Brocade
-Cisco
- Mcdata

EMC CONFIDENTIALINTERNAL USE ONLY 2


Zoning Overview

EMC CONFIDENTIALINTERNAL USE ONLY 3


Zoning Overview

Zoning enables you to set up access control between storage devices or


user groups. If you have administrator privileges in your fabric,
you can create zones to increase network security and to prevent data
loss or corruption. Zoning is enforced by examining the source-destination
ID field
Zoning has the following features:
A zone consists of multiple zone members.
Members in a zone can access each other; members in different zones
cannot access each other.
If zoning is not activated, all devices are members of the default zone.
If zoning is activated, any device that is not in an active zone (a zone that
is part of an active
zone set is a member of the default zone.

EMC CONFIDENTIALINTERNAL USE ONLY 4


Zoning Overview

Zones can vary in size.


Devices can belong to more than one zone.
A physical fabric can have a maximum of 16,000 members. This includes
all VSANs in the fabric.
A zone set consists of one or more zones.
A zone set can be activated or deactivated as a single entity across all
switches in the fabric.
Only one zone set can be activated at any time.
A zone can be a member of more than one zone set.
A zone switch can have a maximum of 500 zone sets.

EMC CONFIDENTIALINTERNAL USE ONLY 5


Zoning Overview

Zoning can be administered from any switch in the fabric.


When you activate a zone (from any switch), all switches in the fabric
receive the active zone set. Additionally, full zone sets are distributed to all
switches in the fabric, if this feature is enabled in the source switch.
If a new switch is added to an existing fabric, zone sets are acquired by
the new switch.
Zone changes can be configured no disruptively. New zones and zone
sets can be activated without interrupting traffic on unaffected ports or
devices.
Zone membership criteria is based mainly on WWNs or FC IDs.

EMC CONFIDENTIALINTERNAL USE ONLY 6


Types of creating zoning

Port world wide name (pWWN)Specifies the pWWN of an N port attached


to the switch as a member of the zone.
Fabric pWWNSpecifies the WWN of the fabric port (switch ports WWN).
This membership is also referred to as port-based zoning.
FC IDSpecifies the FC ID of an N port attached to the switch as a
member of the zone.
Interface and switch WWN (sWWN)Specifies the interface of a switch
identified by the sWWN. This membership is also referred to as interface-
based zoning.
Interface and domain IDSpecifies the interface of a switch identified by
the domain ID.
Domain ID and port numberSpecifies the domain ID of an MDS domain
and additionally specifies a port belonging to a non-Cisco switch
You can configure up to 8000 zones per VSAN and a maximum of 8000
zones for all VSANs on the switch.

EMC CONFIDENTIALINTERNAL USE ONLY 7


Zoning Example
a zone set with two zones, zone 1 and zone 2, in a fabric. Zone 1 provides access
from all three hosts (H1, H2, H3) to the data residing on storage systems S1 and S2. Zone 2 restricts the
data on S3 to access only by H3. Note that H3 resides in both zones

EMC CONFIDENTIALINTERNAL USE ONLY 8


Zone Set

Active and Full Zone Set Considerations Before configuring a zone set,
consider the following guidelines:
Each VSAN can have multiple zone sets but only one zone set can be
active at any given time.
When you create a zone set, that zone set becomes a part of the full zone
set.
When you activate a zone set, a copy of the zone set from the full zone set
is used to enforce zoning, and is called the active zone set. An active zone
set cannot be modified. A zone that is part of an active zone set is called an
active zone.
The administrator can modify the full zone set even if a zone set with the
same name is active.

EMC CONFIDENTIALINTERNAL USE ONLY 9


Zone Set

When the activation is done, the active zone set is automatically stored in
persistent configuration.
This enables the switch to preserve the active zone set information across
switch resets.
All other switches in the fabric receive the active zone set so they can
enforce zoning in their respective switches.
Hard and soft zoning are implemented using the active zone set.
Modifications take effect during zone set activation.
An FC ID or Nx port that is not part of the active zone set belongs to the
default zone and the default
zone information is not distributed to other switches.

EMC CONFIDENTIALINTERNAL USE ONLY 10


Zone Management

EMC CONFIDENTIALINTERNAL USE ONLY 11


Zoning Example

EMC CONFIDENTIALINTERNAL USE ONLY 12


Zoning Example (cont.)

EMC CONFIDENTIALINTERNAL USE ONLY 13


Zoning Example (cont.)

EMC CONFIDENTIALINTERNAL USE ONLY 14


Zoning Example (cont.)

EMC CONFIDENTIALINTERNAL USE ONLY 15


Saving Zoning

EMC CONFIDENTIALINTERNAL USE ONLY 16


Brocade Zoning cli

Step by Step Procedure of Zoning via Cli.

1.Create a Zone Alias using "AliCreate


SW0:admin> alicreate "SUNX4150_HBA0"

2.Add member to Alias using "Aliadd


SW0:admin> aliadd "SUNX4150_HBA0","21:00:00:1b:32:13:a8:9f

3.Create a Zone using "ZoneCreate


SW0:admin> zonecreate "CX_424_SPB4_SUNX4150_HBA0"

4. Add membet to Zone using "ZoneAdd


SW0:admin> zoneadd "CX_424_SPB4_SUNX4150_HBA0","CX_424_SPB4
EMC CONFIDENTIALINTERNAL USE ONLY 17
Brocade

5.Add a Zone to Zone configuration "CfgAdd".


SW0:admin> cfgadd
"SAN_U2_SW0_Config","CX_424_SPB4_SUNX4150_HBA0

6.Save the Configuration using "CfgSave".


SW0:admin> cfgsave

7.Enable the Configuration using "CfgEnable".


SW0:admin> cfgenable "SAN_U2_SW0_Config

Note : Always use single initiator Zone which typically include one storage
and one host wwpn.

EMC CONFIDENTIALINTERNAL USE ONLY 18


MCDATA

zone
add [zone] [member_list]
copy [zone_source] [zone_destination]
create [zone]
delete [zone]
list
members [zone]
remove [zone] [member_list]
rename [zone_old [zone_new]
type [zone] [zone_type]
zonesets [zone]

EMC CONFIDENTIALINTERNAL USE ONLY 19


MCDATA

The following is an example of the Zone Members command:

DFCSM4Gb #> zone members wwn_b0241f

The following is an example of the Zone Zonesets command:

DFCSM4Gb #> zone zonesets zone1

EMC CONFIDENTIALINTERNAL USE ONLY 20


MCDATA Zone set

zoneset
activate [zone_set]
active
add [zone_set] [zone_list]
copy [zone_set_source] [zone_set_destination]
create [zone_set]
deactivate
delete [zone_set]
list
remove [zone_set] [zone_list]
rename [zone_set_old] [zone_set_new]
zones [zone_set]

EMC CONFIDENTIALINTERNAL USE ONLY 21


MCData ZoneSet

The following is an example of the Zoneset Active command:

DFCSM4Gb #> zoneset active

The following is an example of the Zoneset List command:

DFCSM4Gb #> zoneset list

EMC CONFIDENTIALINTERNAL USE ONLY 22


Fabric Merge

EMC CONFIDENTIALINTERNAL USE ONLY 23


Cisco

Inter VSAN Routing

Port Channeling

EMC CONFIDENTIALINTERNAL USE ONLY 24


IVR

Inter-VSAN RoutingIVR
Enables devices in different VSANs to communicate
Allows selective routing between specific members of two ormore
VSANs
Traffic flow between selective devices

EMC CONFIDENTIALINTERNAL USE ONLY 25


MDS VSANs without Inter-VSAN Routing

VSAN 1 VSAN 2

Host Storage Host Storage Tape

EMC CONFIDENTIALINTERNAL USE ONLY 26


MDS VSANs with Inter-VSAN Routing (IVR)

VSAN 1 VSAN 2

Host Storage Host Storage Tape

EMC CONFIDENTIALINTERNAL USE ONLY 27


PORT CHANNELS

PortChannels refer to the aggregation of multiple physical interfaces into


one logical interface to provide higher aggregated bandwidth, load
balancing, and link redundancy

PortChannels can connect to interfaces across switching modules, so a


failure of a switc
A PortChannel has the following features and restrictions:

Provides a point-to-point connection over ISL (E ports) or EISL (TE ports).


Multiple links can be combined into a PortChannel.

Increases the aggregate bandwidth on an ISL by distributing traffic among


all functional links in the channel.
EMC CONFIDENTIALINTERNAL USE ONLY 28
Port Channeling

Load balances across multiple links and maintains optimum bandwidth


utilization. Load balancing is based on the source ID, destination ID, and
exchange ID (OX ID).

Provides high availability on an ISL. If one link fails, traffic previously


carried on this link is switched to the remaining links. If a link goes down
in a PortChannel, the upper protocol is not aware of it. To the upper
protocol, the link is still there, although the bandwidth is diminished. The
routing tables are not affected by link failure. PortChannels may contain up
to 16 physical links and may span multiple modules for added high
availability. hing module cannot bring down the PortChannel link.

EMC CONFIDENTIALINTERNAL USE ONLY 29


Port channeling

EMC CONFIDENTIALINTERNAL USE ONLY 30


Lab DEMO

Lab 1: Brocade Zoning Through GUI

Lab 2: Cisco Zoning Through CLI/GUI

Lab3 : MCDATAT Zoning Through GUI

Lab4 : IVR/Port Channeling in Cisco switches

EMC CONFIDENTIALINTERNAL USE ONLY 31


EMC

Thank you Teams

EMC CONFIDENTIALINTERNAL USE ONLY 32

You might also like