What is new is the SW12000 / FOS v4

3/11/02
Silkworm 12000
Version 4.0
Zoning with Bloom
Self Paced Training
By :
Todd Einck
Overview
Advanced Zoning software limits access to data by segmenting a fabric into virtual private SANs. On 1
Gb/sec and 2 Gb/sec switches, software-enforced zoning prevents hosts from discovering unauthorized
target devices. Hardware-enforced zoning prevents a host from accessing a device that is authorized. This
provides the most secure zoning available. In addition, Advanced Zoning on 2 Gb/sec switches enables
hardware enforcement for devices identified by World Wide Name (WWN), which is new functionality
that was not available in the SilkWorm 2000 series switches, which could only do soft WWN zoning. With
WWN zoning, zone enforcement is adjusted automatically, even if a device moves to another port. This
new zoning model allows for the continued flexibility that traditional software-enhanced zoning provides
plus garners the security benefits of legacy hardware-enforced zoning.
SW12000 Chassis slots and Logical Switch Slot Designations
The SW12000 chassis slots are numbered from 1-10. Chassis slots 1-4 comprise Logical Switch 0, and
chassis slots 7-10 comprise Logical Switch 1. Chassis slots 5 and 6 are the Control Processors (CP0/CP1).
When speaking in Logical Switches terminology, the slot numbering is Slot 0 – 3.
SW12000 “Port” to “Area” Mapping
The SW12000 16-port boards are labeled with port numbers (physical port numbers). These boards can be
moved from slot to slot. In doing so, the "logical port numbers” change, hence the introduction of the
“area” number. This use of the ‘area’ number is essential when zoning by “port”.
A mapping of port to area follows:
SW0 slot 0
- Area numbers range from 0 to 15
- Port numbers range from 0 to 15
SW0 slot 1
- Area numbers range from 16 to 31
- Port numbers range from 0 to 15
SW0 slot 2
- Area numbers range from 32 to 47
- Port numbers range from 0 to 15
SW0 slot 3
- Area numbers range from 48 to 63
- Port numbers range from 0 to 15
SW1 slot 0
- Area numbers range from 0 to 15
- Port numbers range from 0 to 15
SW1 slot 1
- Area numbers range from 16 to 31
- Port numbers range from 0 to 15
SW1 slot 2
- Area numbers range from 32 to 47
- Port numbers range from 0 to 15
SW1 slot 3
- Area numbers range from 48 to 63
- Port numbers range from 0 to 15
Mapping ‘port’ numbers to ‘area’ numbers formula
For chassis slots 1 to 4:
Area or logical port number = physical port number + (chassis slot number –1) * 16
For chassis slots 7 to 10:
Area or logical port number = physical port number + (chassis slot number – 7) * 16
Also, the switchShow command output can be used to determine the corresponding area.
Zoning Enforcement
Zones can be comprised of:
- DomainID/port
- WWN
- Mixed
- Broadcast
(port designated)
( Node WWN or Port WWN)
(port and WWN designated)
There are three types of zones enforcments:
- HARD PORT – If all of the members of a zone are defined by <Domain, Port> (Referred to as zoning by
Port). Port zoning with the SW12000 utilized the “Area numbers” in place of the port number
- HARD WWN – If all of the members of a zone are defined by their WWN names. The WWN can be
either the Port_WWN or the Node_WWN.
- SOFT – If some members of a zone are defined by their WWN names while remaining are defined by
Port. This type reverts soft enforcement, also known as Name Server enforced.
What is Soft Enforcement?
Under soft zoning enforcement, the NameServer restricts the visibility to other devices in the Fabric. When
a device comes on line and queries the NameServer for devices, the NameServer will only inform it of
other devices that it is zoned with. If the device misbehaves, and is aware of other devices that are not in
its zone, it will be able to access those devices.
What is Hard Enforcement?
Under hard enforcement, the ASIC hardware controls what ports can access. Zoning by Port’s only or
WWN’s only are hardware enforceable under FOS 3.x and 4.x. Broadcast zones are also hardware
enforced.
When implementing Zoning under the Loom ASIC ( FOS 2.x) , if any zone in the ‘effective’ configuration
(cfg1) contains mixed port and WWN elements, then every zone in the ‘effective’ configuration (cfg1) will
be soft enforced.
Zoning under Bloom (FOS 3.x and 4.x), zoning enforcement occurs at the granularity of each zone, not the
configuration. Only zones that have mixed port and WWN entries will be soft enforced, not the entire
‘effective’ configuration (cfg1).
How to determine zone enforcement type for a given port?
Run the “portZoneShow” command.
Run the “filterPortShow --slot <slot> <port>” command.
Lab Excercise
Using as few as four devices, set up the following configuration.
- Validate that the devices are functioning correctly from the switch perspective using
switchshow and nsshow.
UlyssesSW0:admin> switchshow
switchName:
UlyssesSW0
switchType:
10.1
switchState:
Online
switchRole:
Principal
switchDomain:
1
switchId:
fffc01
switchWwn:
10:00:00:60:69:80:04:b2
switchBeacon:
OFF
blade1: Beacon: OFF
blade2: Beacon: OFF
Area Slot Port Gbic Speed State
=====================================
0
1
0
-N2
No_Module
1
1
1
-N2
No_Module
2
1
2
-N2
No_Module
3
1
3
-N2
No_Module
4
1
4
-N2
No_Module
5
1
5
-N2
No_Module
6
1
6
id
N2
No_Light
7
1
7
-N2
No_Module
8
1
8
id
N2
No_Light
9
1
9
-N2
No_Module
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
1
1
1
1
1
1
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
10
11
12
13
14
15
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
---id
id
id
------id
------id
id
id
N2
N2
N2
N2
N1
N1
N2
N2
N2
N2
N2
N2
N2
N2
N2
N2
N2
N2
N2
N2
N1
N1
No_Module
No_Module
No_Module
Online
Online
Online
No_Module
No_Module
No_Module
No_Module
No_Module
No_Module
No_Light
No_Module
No_Module
No_Module
No_Module
No_Module
No_Module
Online
Online
Online
F-Port
L-Port
F-Port
20:00:00:01:73:00:35:67
1 private, 5 phantom
21:00:00:e0:8b:04:a6:3b
F-Port
F-Port
L-Port
21:00:00:e0:8b:04:03:76
21:00:00:e0:8b:01:98:62
2 public
UlyssesSW0:admin> nsshow
The Local Name Server has 7 entries {
Type Pid
COS
PortName
NodeName
TTL(sec)
N
010d00;
2,3;20:00:00:01:73:00:35:67;10:00:00:01:73:00:35:67; na
FC4s: FCIP FCP
Fabric Port Name: 20:0d:00:60:69:80:04:b2
NL
010e01;
3;50:05:08:b1:00:04:d4:20;50:05:08:b1:00:04:d4:20; na
FC4s: FCP
Fabric Port Name: 20:0e:00:60:69:80:04:b2
N
010f00;
3;21:00:00:e0:8b:04:a6:3b;20:00:00:e0:8b:04:a6:3b; na
FC4s: FCP
Fabric Port Name: 20:0f:00:60:69:80:04:b2
N
011d00;
3;21:00:00:e0:8b:04:03:76;20:00:00:e0:8b:04:03:76; na
FC4s: FCP
Fabric Port Name: 20:1d:00:60:69:80:04:b2
N
011e00;
3;21:00:00:e0:8b:01:98:62;20:00:00:e0:8b:01:98:62; na
FC4s: FCP
Fabric Port Name: 20:1e:00:60:69:80:04:b2
NL
011fe8;
3;22:00:00:20:37:d8:d6:e5;20:00:00:20:37:d8:d6:e5; na
FC4s: FCP [SEAGATE ST318304FC
0005]
Fabric Port Name: 20:1f:00:60:69:80:04:b2
NL
011fef;
3;22:00:00:20:37:d8:d6:8f;20:00:00:20:37:d8:d6:8f; na
FC4s: FCP [SEAGATE ST318304FC
0005]
Fabric Port Name: 20:1f:00:60:69:80:04:b2
}
- Add zoning configuration, similar to the following, based on your set of devices.
UlyssesSW0:admin> cfgshow
Defined configuration:
no configuration defined
Effective configuration:
no configuration in effect
UlyssesSW0:admin> zonecreate "port_zone", "1,13; 1,14; 1,15"
UlyssesSW0:admin> zonecreate "wwn_zone", "20:00:00:e0:8b:04:03:76"
UlyssesSW0:admin> zoneadd "wwn_zone", "20:00:00:e0:8b:01:98:62; 20:00:00:20:37:d8:d6:e5;
20:00:00:20:37:d8:d6:8f"
UlyssesSW0:admin> cfgcreate "cfg1", "port_zone; wwn_zone"
UlyssesSW0:admin> cfgshow
Defined configuration:
cfg:
cfg1
port_zone; wwn_zone
zone: port_zone
1,13; 1,14; 1,15
zone: wwn_zone
20:00:00:e0:8b:04:03:76; 20:00:00:e0:8b:01:98:62;
20:00:00:20:37:d8:d6:e5; 20:00:00:20:37:d8:d6:8f
Effective configuration:
no configuration in effect
- Note that the portzoneshow command only displays information about the
‘effective’ configuration.
UlyssesSW0:admin> portzoneshow
No Port-level zoning information available.
- Enable the configuration.
UlyssesSW0:admin> cfgenable "cfg1"
zone config "cfg1" is in effect
Updating flash ...
UlyssesSW0:admin> cfgshow
Defined configuration:
cfg:
cfg1
port_zone; wwn_zone
zone: port_zone
1,13; 1,14; 1,15
zone: wwn_zone
20:00:00:e0:8b:04:03:76; 20:00:00:e0:8b:01:98:62;
20:00:00:20:37:d8:d6:e5; 20:00:00:20:37:d8:d6:8f
Effective configuration:
cfg:
cfg1
zone: port_zone
1,13
1,14
1,15
zone: wwn_zone
20:00:00:e0:8b:04:03:76
20:00:00:e0:8b:01:98:62
20:00:00:20:37:d8:d6:e5
20:00:00:20:37:d8:d6:8f
- Use the portzoneshow command to display information about how a port will be
enforced.
UlyssesSW0:admin>
PORT: 0
PORT: 1
PORT: 2
PORT: 3
PORT: 4
PORT: 5
PORT: 6
PORT: 7
PORT: 8
PORT: 9
PORT: 10
portzoneshow
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
PORT: 11
PORT: 12
PORT: 13
Not Zoned
Not Zoned
Enforcement: HARD PORT
defaultSoft: 0
defaultHard: 0
PORT: 14
Enforcement: HARD PORT
defaultSoft: 0
defaultHard: 0
PORT: 15
Enforcement: HARD PORT
defaultSoft: 0
defaultHard: 0
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Enforcement: HARD WWN
defaultSoft: 0
defaultHard: 0
PORT: 30
Enforcement: HARD WWN
defaultSoft: 0
defaultHard: 0
PORT: 31
Enforcement: HARD WWN
defaultSoft: 0
defaultHard: 0
- Add a new zone to the configuration that overlaps that existing zones.
UlyssesSW0:admin> zonecreate "mixed_zone", "1,15; 20:00:00:20:37:d8:d6:e5"
UlyssesSW0:admin> cfgadd "cfg1", "mixed_zone"
UlyssesSW0:admin> cfgenable "cfg1"
zone config "cfg1" is in effect
Updating flash ...
UlyssesSW0:admin> cfgshow
Defined configuration:
cfg:
cfg1
port_zone; wwn_zone; mixed_zone
zone: mixed_zone
1,15; 20:00:00:20:37:d8:d6:e5
zone: port_zone
1,13; 1,14; 1,15
zone: wwn_zone
20:00:00:e0:8b:04:03:76; 20:00:00:e0:8b:01:98:62;
20:00:00:20:37:d8:d6:e5; 20:00:00:20:37:d8:d6:8f
Effective configuration:
cfg:
cfg1
zone: mixed_zone
1,15
20:00:00:20:37:d8:d6:e5
zone: port_zone
1,13
1,14
1,15
zone: wwn_zone
20:00:00:e0:8b:04:03:76
20:00:00:e0:8b:01:98:62
20:00:00:20:37:d8:d6:e5
20:00:00:20:37:d8:d6:8f
- Use portzoneshow command to observe the enforcement of a mixed environment.
UlyssesSW0:admin>
PORT: 0
PORT: 1
PORT: 2
portzoneshow
Not Zoned
Not Zoned
Not Zoned
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
3
4
5
6
7
8
9
10
11
12
13
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Enforcement: HARD PORT
defaultSoft: 0
defaultHard: 0
PORT: 14
Enforcement: HARD PORT
defaultSoft: 0
defaultHard: 0
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
PORT:
Enforcement: SOFT
defaultSoft: 0 defaultHard: 0
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Not Zoned
Enforcement: HARD WWN
defaultSoft: 0 defaultHard: 0
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
PORT: 30
Enforcement: HARD WWN
PORT: 31
Enforcement: SOFT
defaultSoft: 0
defaultSoft: 0
defaultHard: 0
defaultHard: 0
- Notice that the non-overlapping objects from ‘port_zone’ and ‘wwn_zone’ are still hard
enforced. The ports in the ‘mixed_zone’ will be Name Server enforced.
Zoning with WEB TOOLS Highlights
Brocade recommends that when zoning a Fabric that contains a SilkWorm 12000 through Web Tools that it
is done while being logged into the SilkWorm 12000.
When entering Zoning from WEB TOOS, you are prompted for the type of Zoning that you will be
generating. For our example, select the Mix Level .
The following are the definitions of the zoning schemes as above.
Switch/Port Level Zoning: All zone definitions must be on ports. Aliases, zones, and configuration files
that have objects other than ports cannot be selected or operated on.
WWN Level Zoning: All zone definitions must be on WWN. Aliases, zones, and configurations that have
objects other then WWN cannot be selected or operated on.
AL_PA Zoning: All zoning operations must be on AL_PA in a QuickLoop. Aliases, zones, and
configurations that have objects other then AL_PA’s in a QL cannot be selected or operated on.
Mixed Level Zoning: Any object can be selected to be a member of the zone, alias, or configuration file.
When using WEB TOOLS for Zoning, the one major change is how a port is selected on the SW12000. To
select the appropriate port, it is now necessary to first select the slot on which the port resides.
Notice in the figure that the SW12000 contains slots and ports.
WEB TOOLS Zoning and RSCN’s
After configuring all the alias, zone, and configuration objects, it is still necessary to save and activate
them.
Using FOS 4.0, 3.x, and 2.6 under the ‘Config” (Port Config) tab, when you click ‘Ok’ or “Apply” with
the “Enable Config” radio box checked, the changes will be saved to the ‘defined” and become
“effective”. A Fabric Wide RSCN is sent out to all devices that performed an SCR (State Change
Registration).
When you click ‘Ok’ or “Apply” with the “Save Config” radio box checked under the “Config” tab , the
changes will be saved to the ‘Defined” configuration and will not become ‘effective’. No RSCN is sent out
to any devices in the Fabric.
Another point worth mentioning is that if another user changes the zoning while WEB TOOLS Zoning is
open, the “Ref Zone” button will begin to flash red. This is the same behavior as Web Tools in FOS 3.0.
QuickLoop/Fabric Assist (QLFA)
QuickLoop/Fabric Assist (QLFA) connects private loop hosts to the SAN fabric for better performance
and fault management, while protecting investments in legacy loop devices. Because many legacy
devices are designed for FC-AL configurations, Fabric OS translative mode protects investments by
supporting private loop target devices. The SW12000 running Fabric OS v4.0 currently does not
support QuickLoop or Fabric Assist directly. However, it is possible to connect switches that do support
QuickLoop or Fabric Assist to a SW12000. It is also possible to connect devices that are accessed by
QuickLoop/Fabric Assist devices to the SW12000. This means that any type of ‘target’ device may be
attached to a switch running Fabric OS v4.0 and may be included in a QuickLoop Fabric Assist zone that
has its private host attached to a switch running QuickLoop and Zoning. QuickLoop and Zoning are prerequisites for QLFA, on Fabric OS v2.3 or later (SilkWorm 2xxx) or v3.0.1 or later (SilkWorm 3800/3200).
Other Zoning Notables
- LUN Level Zoning is not supported in FOS 4.0 and FOS 3.0, but support is anticipated in FOS 4.1 and
FOS 3.1.
- According to the 12K TOI, the Zoning configuration size limit are:
FOS 4.x 128KB
FOS 3.x 128KB
FOS 2.x 96KB
When operating in a mixed 2xxx and 3xxx/SW12000 environment, the switch with smallest configuration
size will be the limiting factor. So in a mixed Fabric with SW12000 in the core and 2xxx on the edge, the
maximum zoning configuration size will be limited to 96KB.
- There's a new ‘root’ level command called 'cfgsize' which will report the size of the current zoning
configuration. More recent versions of FOS 4.0 including v4.0.0rc5 contain this command.
Sample output follows:
UlyssesSW0:root> cfgsize
Zone DB max size - 131000 bytes
commited - 332
transaction - 0
UlyssesSW0:root> cfgshow
Defined configuration:
cfg:
cfg1
port_zone; wwn_zone; mixed_zone
cfg:
mycfg
myzone
cfg:
mycfg2 myzone2
zone: mixed_zone
1,15; 20:00:00:20:37:d8:d6:e5; 20:00:00:20:37:d8:d6:8f
zone: myzone 1,30; 1,31; 1,29
zone: myzone2 1,29; 1,30; 1,31; 1,28
zone: port_zone
1,13; 1,14; 1,15
zone: wwn_zone
20:00:00:e0:8b:04:03:76; 20:00:00:e0:8b:01:98:62;
20:00:00:20:37:d8:d6:e5; 20:00:00:20:37:d8:d6:8f
Effective configuration:
cfg:
mycfg2
zone: myzone2 1,29
1,30
1,31
1,28