Unsolved
This post is more than 5 years old
2 Intern
•
308 Posts
3
15863
What Is Zone? How To Setup Zone? What Is The Best Practice?
What Is Zone? How To Setup Zone? What Is The Best Practice?
What is zone or zoning? How to setup a zone on Brocade or Cisco MDS SAN switches? What's the best practice of zoning? In this article we'll try to answer these questions.
Detailed Information
What is Zone?
Zone is a logical configuration on FC-SAN switches. By adding the specific devices to a zone, the administrator can allow the devices to communicate with each other. Once a zone is configured, only the devices in this zone can talk with each other. If the device does not belong to this zone, it could not communicate with the devices in this zone.
The switch vendors used to define two kinds of zones, the hard zone and soft zone. The difference is, the hard zone is implemented by the chip, while the soft zone is implemented by the software. Now they call Domain ID or port based zone as hard zone, and the WWN based zone as soft zone. Both of them are all controlled by chips now.
Zone Types:
1. Domain ID/port (D,P) zone
This zone allows the devices connected to the ports to communicate with each other. The change of the device will not affect the zoning configuration. So you do not need to make any change to the zone configuration after replacing the host HBA card.
2. WWPN/WWNN zone
This zone allows the devices who have the specified WWN to communicate with each other. It does not care the devices connect to which ports. Once the device moves to another port, there is no need to change the zone configuration. If the switch is connected NPIV devices, WWN zone is required.
3. Mixed zone (session based hard zoning)
When a device uses D, P and WWN zones in two or more zones, the device will get into the mixed zone mode. In a mixed zone mode, the commutation relies on switch CPU’s software validation.
4. LSAN zone
LSAN zone is only used when enabled FCR (Fibre Channel Routing). It allows the devices in different fabrics to communicate via the FC router. You must install Integrated Routing license to enable this feature.
5. TI zone (Traffic Isolation Zone)
TI zone can specify one or more ISL (Inter Switch Link) dedicated for a zone, without any license.
6. QoS (Quality of Service) zone
QoS zone indicates the priority of the traffic flow between a given host/target pair. You must install Adaptive Networking license to enable this feature.
Zoneset is a collection of zones. You can only enable one zoneset on a switch. All the active zonesets in one fabric must be consistent, or it would lead to a fabric segment problem.
Alias is to simplify the zoning configuration. For each device, you can setup the alias in advance, then use these alias to replace the D, P and WWN during the setup.
Both Cisco and Brocade switches have the default zones. It allows all the connected device to communicate with each other if there is no zone configured.
How to Setup Zone?
1. Brocade CLI:
First create the alias for each zone, then create the zone and add the alias, create cfg (zoneset) and add the zones, finally enable the cfg.
Help manual:
zonehelp
Displays the current configuration:
cfgshow
Create/add, remove members/delete alias:
alicreate "aliName","member[; member...]"
aliadd "aliName","member[; member...]"
aliremove "aliName","member[; member...]"
alidelete "aliName"
Create/add, remove members/delete zone:
zonecreate "zonename", "member[;member...]"
zoneadd "zoneName", "member[;member...]"
zoneremove "zoneName", "member[;member...]"
zonedelete "zoneName"
Note: According to Zoning best practices, EMC recommends that each zone only has one initiator (host, VPLEX BE port, etc). Multiple initiators in one zone can lead to a few issues.
Create/add, remove members/delete cfg:
cfgcreate "cfgName", "member[;member...]"
cfgadd "cfgName", "member[;member...]"
cfgremove "cfgName", "member[;member...]"
cfgdelete "cfgName", "member[;member...]"
Save/enable cfg:
cfgsave
cfgenable "cfgName"
Note: Enable one cfg will disable other activated zone. There is only one activated cfg in a fabric.
Change the default zone configuration:
defzone [--noaccess | --allaccess | --show]
2. Brocade GUI:
Open WebTools and click Zone Admin, then go to the Zone Admin page.
For V6.x.x version:
For V7.x.x version:
Once get into the Zone Admin page:
Create alias:
Click New or New Alias, enter the alias name:
Then add members:
Create cfg and add members:
Finally save and activate the cfg:
Click the Save Config button,to changed save the cfg.
Click the Enable Config button, to activate the selected cfg.
Change the default zone configuration:
3. Cisco CLI:
The biggest difference between Cisco and Brocade switches is VSAN. Each VSAN can have its own zone and zoneset. Another one is enhanced zone and basic zone.
The enhanced zone will create a session once the user tries to change the zone configuration, to prevent other users from changing the same configuration. Once enabled enhanced zone, you must commit the changes and close the session before the new configuration takes effect.
The enhanced zone will automatically turn on the broadcasting zone. For MDS 9500 series, you must disable the broadcasting zone before enable the fourth-generation network interface module.
show commands:
# show fcalias vsan x
# show zoneset vsan x
# show active zoneset vsan x
# show zone status vsan x
Enable enhanced zone:
# configure terminal
(config)# zone mode enhanced vsan x
Change the alias:
(config)# fcalias name A123 vsan x
(config-fcalias)# member pwwn 10:00:00:00:00:00:00:00
(config-fcalias)# exit
(config)# zone commit vsan x
Change the zone:
(config)# zone name zone123 vsan x
(config-zone)# member interface fc1/1
(config-zone)# member pwwn 20:00:00:00:00:00:00:00
(config-zone)# member fcalias A123
(config-zone)# exit
(config)# zone commit vsan x
Change the zoneSet:
(config)# zoneset name zoneset123 vsan x
(config-zoneset)# member zone123
(config-zoneset)# exit
(config)# zone commit vsan x
Activate zoneset (valid only in basic zone mode):
(config)# zoneset activate name zoneset123 vsan 1
Disable zone’s broadcast:
(config)# no zone broadcast enable vsan x
4. Cisco GUI (similar both in DCNM and DCFM):
Open GUI then click Edit Local Full Zone Database in the zone menu.
The zone admin page is like below:
Edit the fc-alias:
Edit zone:
Look for the corresponding WWN or device alias, click Add to Zone to add them to the zone
Edit the zoneset:
Drap the configured zone to the zoneset. Confirm the changes/Activate the zoneset:
The Best Practice of Zoning?
It is easy to setup a zone, but it not easy to do it well. So we would recommend:
1. Using WWN zone (except for the customers who have special requirements or in a FICON environment). Here are the reasons:
1) Port zone ensures the security by physical isolation, but WWN zone can allow the specify device to access the zone.
2) Only WWN zone can be used in NPIV and AG environment
3) Only WWN zone can be used in IVR/FCR and tape acceleration products.
2. Using zoning and LUN masking together
Zoning takes effect in SAN switches while LUN masking does the job in storage.
3. Alias name should be clear and understandable
4. Do not use mixed zone mode in Brocade switches
There is a bug in v6.4.3 version which could make the host automatically logged out from the storage.
5. Use enhanced zone for Cisco switches
This can prevent losing the zone configuration when multiple users change it.
6. Turn off the default zone
This can avoid the unauthenticated access to the fabric.
For MDS switches running in NX-OS post 5.2(6), we recommend to use smart zoning. Smart Zoning combines the benefits of both approaches above:
Simplicity of operational management with a Single Zone for all initiators and targets of an application or cluster.
No wasted switch resources as with two member zones.
Please refer to Cisco article http://www.cisco.com/c/en/us/support/docs/storage-networking/zoning/116390-technote-smartzoning-00.html#anc3 for more details.
Translator:Roger
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
January 20th, 2015 10:00
using fcalias is not the best practices, device aliases is. Also please consider talking about SmartZoning as that negates some of the best practices your provided above.
ECN-APJ
2 Intern
2 Intern
•
308 Posts
0
January 30th, 2015 01:00
Hi dynamox,
Thanks for reading the blog carefully and raising your opinion.
We are aware that device alias is a fabric wide feature and more convenient than fcalias. However, considering multiple bugs for device alias found in NX-OS v5.x working with DCNM, we still recommend our customer to use fcalias.
Smart zoning is a new feature introduced in 5.2(6) which saves a lot of time for SAN administrators to configure zoning.
We encourage customer to use this feature and have added some recommend into this article.
Thanks again for providing your valuable suggestion.
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
January 30th, 2015 02:00
can you please point me to Cisco bug reports about device-aliases. We have been using devices aliases for at least 3 years and i have yet to find any issues.
Thanks
ECN-APJ
2 Intern
2 Intern
•
308 Posts
0
January 31st, 2015 02:00
Hi Dynamox,
Here is a brief list of the related defects.
CSCtu03947 - Device-alias add/delete doesn't update client cache right away.
Affecting: 5.2.1, 5.2.2
Fixed in: 5.2(2)S71, 5.2(2.72)S0, 5.2(2a)S3, 7.0(1)ZD(0.3)
CSCtt20652 - DCNM SAN: Device Alias CFS Regions column does not sort
Affecting: 5.2.1
Fixed in: 6.2(0.18)S0
CSCuc04839 - Device-alias instead of fcalias in the document under DCNM control panel
Affecting: 5.2(7.9)
Fixed in: Release Pending
CSCtn77734 - FM Cannot purge deleted device-aliases they show as decommissioned
Affecting: 5.0(4a)
Fixed in: 5.0(4c)S2, 5.0(6.54)S
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
January 31st, 2015 06:00
majority of those are bugs in really old 5.2.x branch of NX-OS. Folks should be on the latest 5.2.8 if only for the reason to address ShellShock vulnerabilities on NX-OS. These should not be a deterrent from using device aliases. Being able to see server name when you create IVR zones, when you run sh flogi database and others is just too great of an feature to be not considered.
Teja1988
5 Posts
0
November 13th, 2015 20:00
Below zone configuration is correct way configuration? I have noticed that one fabric it was configured with WWPN and other WWNN. Please help me on this. how to correct this? HBA1 Port WWN:10:00:00:00:c9:e1:87:1d Node WWN:20:00:00:00:c9:e1:87:1d HBA2 Port WWN: 10:00:00:00:c9:b9:52:db Node WWN: 20:00:00:00:c9:b9:52:db Switch A> zone: z_WinHostSQL01_HBA1_SANCONB_1B 50:0a:09:82:9d:c9:f1:5c 10:00:00:00:c9:e1:87:1d zone: z_WinHostSQL01_HBA1_SANCONA_0C 50:0a:09:83:8d:c9:f1:5c 10:00:00:00:c9:e1:87:1d zone: z_WinHostSQL01_HBA1_SANCONA_1A 50:0a:09:81:8d:c9:f1:5c 10:00:00:00:c9:e1:87:1d zone: z_WinHostSQL01_HBA1_SANCONB_0D 50:0a:09:84:9d:c9:f1:5c Switch A> Switch B> zone: z_WinHostSQL01_HBA2_SANCONA_0D 50:0a:09:84:8d:c9:f1:5c 20:00:00:00:c9:b9:52:db zone: z_WinHostSQL01_HBA2_SANCONA_1B 50:0a:09:82:8d:c9:f1:5c 20:00:00:00:c9:b9:52:db zone: z_WinHostSQL01_HBA2_SANCONB_0C 50:0a:09:83:9d:c9:f1:5c 20:00:00:00:c9:b9:52:db zone: z_WinHostSQL01_HBA2_SANCONB_1A 50:0a:09:83:9d:c9:f1:5c 20:00:00:00:c9:b9:52:db Switch B>
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
November 15th, 2015 12:00
zoning needs to be done using PWWN
ECN-APJ
2 Intern
2 Intern
•
308 Posts
0
November 17th, 2015 19:00
Hi Teja1988,
Agree with dynamox, EMC recommends Soft/WWPN/pWWN zoning (over Hard/Port zoning).
Teja1988
5 Posts
0
November 18th, 2015 07:00
Hi I have performed the step 2 on second fiber. Please check and update me the same.
stpe 1)
Switch B>
aliadd "WinHostSQL01_HBA2", "10:00:00:00:c9:b9:52:db"
aliremove "WinHostSQL01_HBA2", "20:00:00:00:c9:b9:52:db"
cfgsave
cfgenable "cfg_file"
Switch B>
Step 2)
Switch B>
aliadd "WinHostSQL01_HBA2", "10:00:00:00:c9:b9:52:db"
cfgsave
cfgenable "cfg_file"
Switch B>
I have just added new ali "WWPN" to the existing zone. It is okay to be put like this? any performance issue occur keeping WWPN and WWNN in same zone.
SwitchB>
zone: WinHostSQL01_HBA2_SANCONA_0D
50:0a:09:84:8d:c9:f1:5c
20:00:00:00:c9:b9:52:db
10:00:00:00:c9:b9:52:db
zone: WinHostSQL01_HBA2_SANCONA_1B
50:0a:09:82:8d:c9:f1:5c
20:00:00:00:c9:b9:52:db
10:00:00:00:c9:b9:52:db
zone: WinHostSQL01_HBA2_SANCONB_0C
50:0a:09:83:9d:c9:f1:5c
20:00:00:00:c9:b9:52:db
10:00:00:00:c9:b9:52:db
zone: WinHostSQL01_HBA2_SANCONB_1A
50:0a:09:83:9d:c9:f1:5c
20:00:00:00:c9:b9:52:db
10:00:00:00:c9:b9:52:db
SwithB>
ECN-APJ
2 Intern
2 Intern
•
308 Posts
0
November 18th, 2015 21:00
A single port HBA will have WWNN & WWPN as same.
A dual port HBA will have 1 WWNN & 2 WWPNs.
If your HBAs are all single port ones, your current configuraiton should work. But once you add a dual port HBA to your system, you must upgdate the config.
Teja1988
5 Posts
0
November 19th, 2015 08:00
Sorry if i am asking dumb question.i am new to this zoning concept.
Below is the my previous setup in both fabrics. HBA1 connected to one fabric with (PWWN). second HBA2 connected to other fabric(NWWN) as per my organization standards.
So if we keep the same configuration when ever switch takeover happened fro SwitchA to SwitchB all my mapped luns will accessible right from SwitchB?
if Yes.i simply worrying with existing concept. so i will revert back my last thread.
FYI Note: Switch uptime is 435 days. this zoning was done by year ago.we got this project recently. out of 7 windows nodes 4 was zoning configured by PWWN in both fabrics and remaining 3 are configured as below one fabric pwwn and other nwwn.
this is not an issue ?
HBA1
Port WWN:10:00:00:00:c9:e1:87:1d
Node WWN:20:00:00:00:c9:e1:87:1d
HBA2
Port WWN: 10:00:00:00:c9:b9:52:db
Node WWN: 20:00:00:00:c9:b9:52:db
Switch A>
Effective configuration: CFS_SWITCHA
zone: z_WinHostSQL01_HBA1_SANCONB_1B
50:0a:09:82:9d:c9:f1:5c
10:00:00:00:c9:e1:87:1d
zone: z_WinHostSQL01_HBA1_SANCONA_0C
50:0a:09:83:8d:c9:f1:5c
10:00:00:00:c9:e1:87:1d
zone: z_WinHostSQL01_HBA1_SANCONA_1A
50:0a:09:81:8d:c9:f1:5c
10:00:00:00:c9:e1:87:1d
zone: z_WinHostSQL01_HBA1_SANCONB_0D
50:0a:09:84:9d:c9:f1:5c
10:00:00:00:c9:e1:87:1d
Switch A>
Switch B>
Effective configuration: CFS_SWITCHB
zone: z_WinHostSQL01_HBA2_SANCONA_0D
50:0a:09:84:8d:c9:f1:5c
20:00:00:00:c9:b9:52:db
zone: z_WinHostSQL01_HBA2_SANCONA_1B
50:0a:09:82:8d:c9:f1:5c
20:00:00:00:c9:b9:52:db
zone: z_WinHostSQL01_HBA2_SANCONB_0C
50:0a:09:83:9d:c9:f1:5c
20:00:00:00:c9:b9:52:db
zone: z_WinHostSQL01_HBA2_SANCONB_1A
50:0a:09:83:9d:c9:f1:5c
20:00:00:00:c9:b9:52:db
Switch B>
Please bare me and provide the simply reply. thanks. God Bless you..!
Thanks,
Teja
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
November 22nd, 2015 06:00
there is no "takeover". Your host should be zoned to the array using Switch A and Switch B. Both switches are active at the same time, both HBAs on the host are active at the same time.
Your hosts gets zoned to multiple ports on the storage array so you need to ensure that host is running some sort of multipathing software to ensure in case of switch/hba/cable failure, your host will continue to access the storage through available paths.