Skip to main content

SAN Switch Zoning with Brocade

Zoning in Brocade SAN Switch


Let's begin with resetting the switch completely. In my environment I have two brocade SAN Switch connecting to 2 Dell R940 server configured with VMware. The SAN switch will be having connectivity between Dell Unity 500 storage and Dell R940 servers.


Multipathing will be done between the server and storage with the help of SAN Switch. Multipathing, also called SAN multipathing or I/O multipathing, is the establishment of multiple physical routes between a server and the storage device that supports. It results in better fault tolerance and performance enhancement.


DESIGN


The idea behind zoning is that intended WWPN talk with each other . This is more like ACL in the world of Ethernet. To see the devices which are logged into the switch the following commands can be executed.

SAN-A:admin> switchshow
switchName:     SAN-A
switchType:     118.1
switchState:    Online
switchMode:     Native
switchRole:     Principal
switchDomain:   1
switchId:       fffc01
switchWwn:      10:00:88:94:71:1f:ce:d0
zoning:         OFF
switchBeacon:   OFF
HIF Mode:       OFF

Index Port Address  Media Speed   State       Proto
==================================================
   0   0   010000   id    N16     Online      FC  F-Port  50:06:01:62:49:e4:45:9f
   1   1   010100   id    N16     Online      FC  F-Port  21:00:00:24:ff:1b:c8:e2
   2   2   010200   --    N16     No_Module   FC
   3   3   010300   id    N16     No_Light    FC
   4   4   010400   id    N16     Online      FC  F-Port  50:06:01:6a:49:e4:45:9f
   5   5   010500   id    N16     Online      FC  F-Port  21:00:00:24:ff:1b:c8:74
   6   6   010600   id    N16     No_Light    FC
   7   7   010700   id    N16     No_Light    FC
   8   8   010800   id    N16     No_Light    FC
   9   9   010900   id    N16     No_Light    FC
  10  10   010a00   id    N16     No_Light    FC
  11  11   010b00   id    N16     No_Light    FC
  12  12   010c00   id    N16     No_Light    FC
  13  13   010d00   id    N16     No_Light    FC
  14  14   010e00   id    N16     No_Light    FC
  15  15   010f00   id    N16     No_Light    FC
  16  16   011000   id    N16     No_Light    FC
  17  17   011100   id    N16     No_Light    FC
  18  18   011200   id    N16     No_Light    FC
  19  19   011300   id    N16     No_Light    FC
  20  20   011400   id    N16     No_Light    FC
  21  21   011500   id    N16     No_Light    FC
  22  22   011600   id    N16     No_Light    FC
  23  23   011700   id    N16     No_Light    FC

CREATING ALIAS

To reduce the complexity and to avoid error we create an “Alias” for each WWPN or a group of WWPN’s. Alias is a logical group of a single WWPN or a number of WWPN’s.

SAN-A:admin> alicreate "Host1", "21:00:00:24:ff:1b:c8:e2"
SAN-A:admin> alicreate "Host2", "21:00:00:24:ff:1b:c8:74"
SAN-A:admin> alicreate "SPA-P2", "50:06:01:62:49:e4:45:9f"
SAN-A:admin> alicreate "SPB-P2", "50:06:01:6a:49:e4:45:9f"
SAN-A:admin> alishow
Defined configuration:
 alias: Host1   21:00:00:24:ff:1b:c8:e2
 alias: Host2   21:00:00:24:ff:1b:c8:74
 alias: SPA-P2  50:06:01:62:49:e4:45:9f
 alias: SPB-P2  50:06:01:6a:49:e4:45:9f


CREATING ZONE FILE

As per our architecture Server1 (Host1) P1 is connected to SAN-A and Server2 (Host2) is also connected to SAN-A. From the storage side Storage Process A Port 2 and Storage Processor B Port2 is connected to SAN-A.

Likewise Server1 (Host1) P2 will be connected to SAN-B and Server2 (Host2) P2 will also be connected to SAN-B.  From the storage side Storage Process A Port 3 and Storage Processor B Port 3 wiwill be connected to SAN-B as well.

Note: We will only be configuring SAN-A in this particular blog.

SAN-A:admin> zonecreate "zone1", "Host1; SPA-P2; SPB-P2"
SAN-A:admin> zonecreate "zone2", "Host2; SPA-P2; SPB-P2"
SAN-A:admin> zoneshow
Defined configuration:
 zone:  zone1   Host1; SPA-P2; SPB-P2
 zone:  zone2   Host2; SPA-P2; SPB-P2
 alias: Host1   21:00:00:24:ff:1b:c8:e2
 alias: Host2   21:00:00:24:ff:1b:c8:74
 alias: SPA-P2  50:06:01:62:49:e4:45:9f
 alias: SPB-P2  50:06:01:6a:49:e4:45:9f

Effective configuration:
 no configuration in effect

Next step is to create a configuration which will hold the zones that we just created. The following command creates a configuration named “AppServer”

SAN-A:admin> cfgcreate "AppServer1", "zone1; zone2"

We will now need to save the configuration file which we have just created and enable the AppServer for it take effect.

SAN-A:admin> cfgsave
You are about to save the Defined zoning configuration. This
action will only save the changes on Defined configuration.
If the update includes changes to one or more traffic isolation
zones, you must issue the 'cfgenable' command for the changes
to take effect.
Do you want to save the Defined zoning configuration only?  (yes, y, no, n): [no] yes
SAN-A:admin> cfgenable "AppServer1"
You are about to enable a new zoning configuration.
This action will replace the old zoning configuration with the
current configuration selected. If the update includes changes
to one or more traffic isolation zones, the update may result in
localized disruption to traffic on ports associated with
the traffic isolation zone changes.
Do you want to enable 'AppServer1' configuration  (yes, y, no, n): [no] yes
zone config "AppServer1" is in effect
Updating flash ...


REMOVING ALIAS FROM ZONE

.SAN-A:admin> zoneremove "zone1", "SPB-P2"
SAN-A:admin> zoneshow
Defined configuration:
 cfg:   AppServer1
                zone1; zone2
 zone:  zone1   Host1; SPA-P2
 zone:  zone2   Host2; SPA-P2; SPB-P2
 alias: Host1   21:00:00:24:ff:1b:c8:e2
 alias: Host2   21:00:00:24:ff:1b:c8:74
 alias: SPA-P2  50:06:01:62:49:e4:45:9f
 alias: SPB-P2  50:06:01:6a:49:e4:45:9f

Effective configuration:
 cfg:   AppServer1
 zone:  zone1   21:00:00:24:ff:1b:c8:e2
                50:06:01:62:49:e4:45:9f
                50:06:01:6a:49:e4:45:9f
 zone:  zone2   21:00:00:24:ff:1b:c8:74
                50:06:01:62:49:e4:45:9f
                50:06:01:6a:49:e4:45:9f


Inorder for removed alias to take effect in configuration we must save it using cfgsave and then enable the configuration as well cfgenable "AppServer1" in our case.


ADDING ALIAS IN EXISITING ZONE

SAN-A:admin> zoneadd "zone1", "SPB-P2"

SAN-A:admin> zoneshow
Defined configuration:
 cfg:   AppServer1
                zone1; zone2
 zone:  zone1   Host1; SPA-P2
 zone:  zone2   Host2; SPA-P2; SPB-P2
 alias: Host1   21:00:00:24:ff:1b:c8:e2
 alias: Host2   21:00:00:24:ff:1b:c8:74
 alias: SPA-P2  50:06:01:62:49:e4:45:9f
 alias: SPB-P2  50:06:01:6a:49:e4:45:9f

Effective configuration:
 cfg:   AppServer1
 zone:  zone1   21:00:00:24:ff:1b:c8:e2
                50:06:01:62:49:e4:45:9f
 zone:  zone2   21:00:00:24:ff:1b:c8:74
                50:06:01:62:49:e4:45:9f
                50:06:01:6a:49:e4:45:9f

You can see zone has been added but not been reflected in configuration file we will now need to save the configuration file using cfgsave command and enable the configuration cfgenable "AppServer1" to enable the configuration


REMOVING ZONE FROM CONFIGURATION FILE

SAN-A:admin> cfgremove "AppServer1", "zone1"

 We will need to save the configuration file using cfgsave and also cfgenable "AppServer1" for this to take effect in the configuration file.


ADDING ZONE TO CONFIGURATION FILE

SAN-A:admin> cfgadd "AppServer1", "zone1"

We will need to save the configuration file using cfgsave and also cfgenable "AppServer1" for this to take effect in the configuration file.

I will now conclude my blog here and will try to upload more about Fibre Channel world.


Labels:

Comments

Post a Comment

Popular posts from this blog

High Availability Palo Alto (Active/Standby)

 High Availability is usually performed in most of the data centers networks today which ensures application availability . High Availability is usually achieved in case one of the appliance goes down or have some physical or logical connectivity issues.  Achieving high availability in Palo Alto firewall is relatively very easy. Palo Alto firewall can work in both Active/Standby mode or in Active/Active. We will basically be talking about Active/Standby mode in this article. There are basically two links that needs to be configure in Palo Alto for HA. 1. Control Links Control Links are associated with control plane traffic which is mainly used for heartbeat exchanged, configuration synchronization. Dedicate HA ports are available in higher series of Palo Alto or even a HA interface can be created for some inband ports.   2. Data Links Data Links are mainly used for session synchronization, forwarding table synchronization. Dedicated HSCI Ports are available for highe...
Post a Comment
Read more

SSL Decryption FortiGate

  We have pretty much heard about SSL decryption and of malware hiding inside an encrypted traffic. A large amount of traffic in the internet is pretty much encrypted which basically means that bad things like malware, virus, ransomware can hide inside this encrypted traffic. If majority of these traffic are encrypted our Firewalls are not able to analyze these traffic which can easily infect our organization and the investment which we have done in these firewalls are wasted. There does come around a solution for this and as my topic suggest SSL Decryption also know as Deep Packet Inspection as by some IT folks. The image that I have attached down below clearly suggest about what I am trying to explain. Using deep packet inspection, the firewall simply decrypts the encrypted traffic happening  between client and server, inspects the content to find the threats and block them , then forwards it to the destination re-encrypting it . We will need to first setup the SSL/SSH in...
Post a Comment
Read more

Virtual Chassis Juniper EX 3400 (PREPROVISONED)

Juniper has always been an technology that I have always liked right from the beginning of my career when I was working as an Jr Network Administrator. The logical command as well as the hierarchy based Juniper devices has always made me love the device. Let me today talk about a very useful and an interesting topic which we usually called stack in the world of Cisco and virtual chassis in the world of Juniper, both of them mean the same thing logically make two or more than two switch as a one and configure and manage the device as a single unity. High Availability, managed configuration and maintenance are few of the benefits that a virtual chassis can provide. The configuration for virtual chassis can be found easily in the juniper sites but my objective about writing this is making it more simpler in context to Juniper's document. There are basically two ways of configuring virtual chassis in Juniper. 1.   Nonprovisioned configuration  :  The master switch assig...
Post a Comment
Read more