Brocade Product Training: Cfp264 Brocade 4 Gbit/Sec Accelerated BCFP Instructor-Led Module 6 Brocade Silkworm Zoning

Brocade
Product Training
CFP264
Brocade 4 Gbit/sec Accelerated BCFP
Instructor-Led Module 6
Brocade SilkWorm Zoning
Brocade Education Services
2006 Brocade Communications Systems, Incorporated.

CFP264 ILT 0806 1

Revision CFP264 ILT 0806
Page 6-1
Objectives
Following this module and associated lab, an attendee should
be able to:
Understand the basic concepts associated with Zoning
Iimplement a Zoning scheme using the command line
syntax
Activate or deactivate a Default Zone
Ddifferentiate between Hardware and Session
enforcement
Add a new switch to an existing fabric with Zoning enabled
State the best practices that should be considered when
implementing Zoning

CFP264 ILT 0806 2

Page 6-2
Zoning Overview
Server 4
Server in the Red zone sees the disks in Loop 1

Server in the Blue zone sees the two disk Arrays
Server in the Green zone sees the disks in Loop 1 and one disk Array
Server 4 sees no disk
No server sees the disks in Loop 2
CFP264 ILT 0806 3
A zone is a specified group of fabric-connected devices, also called zone members.

Any device, or zone member, connected to the fabric can be included in one or
more zones. Devices can communicate only with devices that are in the same zone.
After zoning has been enabled, if a device is not explicitly defined in a zone that
device is considered not to exist. In the example above both Server 4 and Loop 2
are not defined. When Server 4 queries the fabric to discover what devices it can
see, Zoning rejects the request because it is not defined in any zone. Likewise,
when the Servers in the Red, Blue and Green zones query the fabric, none of them
will see the disk in Loop 2 because it is not defined in any zone. The device will be
isolated and will be inaccessible by other devices in the fabric. Devices that attach
to the fabric need to be added to a new or existing zone before their ability to
communicate is enabled.
After the zone members are grouped into zones, zones are grouped into a zone
configuration and the zone configuration can then be enabled. When enabled, the
zone configuration is distributed to all switches in the fabric and an RSCN is
delivered by each switch to its local nodes that are effected by changes in the
enabled zone configuration.
The Fabric OS Administrators Guide describes zoning concepts in more detail.

Page 6-3
Process to Implement Zoning
Prepare
Create a detailed diagram of the fabric
All switches require a Zoning license
Define
Establish a naming convention
Identify members by port or WWN
Create aliases, zones, zone configuration
Exclude E_Ports
Analyze zone configuration
Can be done with CLI, Web Tools, Fabric Manager or
SAN Health
Enable the zone configuration
Verify there is accessibility between zone members
CFP264 ILT 0806 4
Create a detailed switch diagram of the fabric showing ISL connectivity. This
will help account for every switch in the fabric and the E_Ports that are in
use. Expand each switch diagram to show every port (F_Port, FL_Port).
Switch ports that are not in use should remain disabled with a
portcfgpersistentdisable command.
Define a naming convention to help identify and reference devices in the
fabric. Naming conventions can also be used when creating zones and zone
configurations.
The zoning syntax when creating a zoning set ultimately defines what zoning
scheme will be enforced as the frame is delivered to the destination port.
More information on this will follow.
Analyze the zones to ensure that all nodes are members of the correct
zone(s). When the aliases have been added to zones and the zones are
added to the zone configuration, enable the zone configuration and test from
the host that each target can be accessed. For fabrics with multiple zones
enabled, it is generally best to configure one zone at a time and then test it
with the Zone Analyzer available in Web Tools. If you create all the zones
without testing each zone as it is created, it is difficult to debug. After the first
zone is setup in the fabric, the user may plug in devices and then test the
connections to confirm that everything is functioning properly.

Page 6-4
Hierarchy of Objects
Members
or Aliases
Zones
Config

CFP264 ILT 0806 5
Member:
Alias is given a name, e.g. Server_1, Disk_Array_2.
Physical Fabric port number or area number.
Node World Wide Name - Obtained using nsshow or switchshow.
Port World Wide Name Obtained using nsshow or portloginshow.
64 characters maximum: A-Z, a-z, 0-9 and the _ are allowed.
Zone:
Is given a name, e.g. Red_Zone.
Contains two or more members and uses a ; as a separator.
The same member can be in multiple zones.
Zone definition is persistent; it remains until deleted or changed by an
administrator.
Configuration:
Is given a name, e.g. Production_Cfg.
Is one or more zones.
Configuration may be disabled or one configuration may be in effect from any
switch in the fabric.
An administrator selects which configuration is currently enabled.
A configuration is saved when enabled and then distributed to the remaining
switches in the fabric where it is enabled and saved.

Page 6-5
Zone Management
Zoning can be managed using:
Command Line Interface (CLI)
Web Tools
Fabric Manager
Use the zonehelp command to display help information
Create Delete Add Remove Show
Alias alicreate alidelete aliadd aliremove alishow
Zone zonecreate zonedelete zoneadd zoneremove zoneshow
Zone cfgcreate cfgdelete cfgadd cfgremove cfgshow

Config
Fabric OS Zone Management Commands

CFP264 ILT 0806 6
The following commands are used to create/modify the defined zone configuration:
*create Creates a new alias, zone or configuration
*delete Deletes the entire alias, zone or configuration
*add Adds a member to an existing alias, zone or configuration
*remove Removes one or more members from an existing alias, zone
or configuration
*show Displays alias, zone and/or configuration information
Web Tools and Fabric Manager provide a GUI that makes the administration of
zoning easier.

Page 6-6
Zone Aliases
The use of aliases is optional but aids in the understanding of the zoning
structure and content
Naming
May be up to 64 characters
Are case sensitive
Members
<domain, port> or <domain, area>
Node World Wide Name - from nsshow
Port World Wide Name - from nsshow or portloginshow
Sample naming conventions
SRV for Server SRV_SunHost1
STO for Storage STO_Entprise
TPE for Tape TPE_Drive1
VRA for Virtual Appliance VRA_Prod2

CFP264 ILT 0806 7
Zone objects identified by port number or area number are specified as a pair of decimal numbers
d,area, where d is the Domain ID of the switch and area is the area number on that switch. If the
switch is replaced that is referenced by <domain, port> or <domain, area>, the new switch should be
configured with the predecessors Domain ID. If a Domain ID is changed to a new value, all zones
that referenced the predecessors domain number will need to be updated with the successors value.
Worldwide Names are specified as a 16 digit hexadecimal number separated by colons, for example
10:00:00:90:69:00:00:8a. When node name is used to specify a zone object, all ports on that device
are in the zone. When port name is used to specify a zone object, only that single port is in the zone.
Zone aliases simplify repetitive entry of zone objects such as port numbers or NWWN. For
example, the name Eng could be used as an alias for 10:00:00:80:33:3f:aa:11. An alias is a name
assigned to a device or group of devices. By creating an alias you can assign a familiar name to a
device, or you can group multiple devices into a single name. This can simplify cumbersome entries
and it allows an intuitive naming structure such as using NT_Storage to define all NT storage ports in
the fabric.
When a zoned host is returned the list of network targets (referenced by <domain,port> or PWWN or
NWWN) by the Name Server, the host will send a PLOGI request to the destination addresses. If the
PLOGI frame is allowed to pass at the egress port and the target at the destination address replies
an accept to the PLOGI request, the Brocade switch and Zoning has completed its responsibility of
networking the source and destination. Limiting the amount of LUNs and target IDs that the host can
access when the SCSI inquiry command is sent, is the responsibility by the storage provisioning
software located at the storage device.

Page 6-7
Zoning Example
1. Plan for your zoning scheme to meet objectives
Eng Host 2. Create Aliases

Mkt Host >alicreate Eng_Host,1,0
>alicreate Eng_Stor,s1wwn; s2wwn
>alicreate Mkt_Host,1,16
Domain 1 >alicreate Mkt_Stor,s3wwn; s4wwn; s5wwn
3. Create Zones
>zonecreate Zone_Eng,Eng_Host; Eng_Stor
>zonecreate Zone_Mkt,Mkt_Host; Mkt_Stor
4. Create Configuration
>cfgcreate Cfg_EngMkt,Zone_Eng; Zone_Mkt
S1 S3
S2 S5
S4

CFP264 ILT 0806 8
This example should not be viewed as a best practice but rather an example that
shows how a domain, port and WWN would be coded. The CLI is used to illustrate
the zoning structure. Once this is understood, the Web Tools GUI would be a better
tool to use.
Zoning has a very systematic yet simple approach to implementing:
Zoning requires prior planning. What are your goals? How will you achieve them?
Create members using aliases.
Create zones using alias members.
Create a configuration using zones.
Enable the zone configuration throughout the fabric.
Note: A cfgenable also saves the defined configuration and the name of the
effective configuration to flash memory.

Page 6-8
Zoning Example (cont.)
sw4100:admin> cfgshow
Eng Host Defined configuration:
Mkt Host cfg: Cfg_EngMkt
Zone_Eng; Zone_Mkt
zone: Zone_Eng Eng_Host; Eng_Stor
zone: Zone_Mkt Mkt_Host; Mkt_Stor
Domain 1
alias: Eng_Stor 21:00:00:20:37:87:48:e7;
21:00:00:20:37:87:23:e2
alias: Eng_Host 1,0
alias: Mkt_Stor 21:00:00:20:37:87:49:29;
21:00:00:20:37:87:e5:20;
21:00:00:20:37:87:20:c5
alias: Mkt_Host 1,16
S1 S3
S2 S5 Effective configuration:
no configuration in effect
S4

CFP264 ILT 0806 9
A cfgshow displays the defined configuration and since zoning has not been
enabled, there is no effective configuration. Zoning is fabric-wide, thus any switch
can be used to display the current zoning configurations.
The defined configuration is the Zoning Database and contains all zone objects that
have been created. It is possible to have several zone configurations but only one
can be enabled.

Page 6-9
Zoning Example (cont.)
Eng Host
Mkt Host 5. Enable Configuration
>cfgenable Cfg_EngMkt
Domain 1
S1 S3
S2 S5
S4

CFP264 ILT 0806 10
Note: A cfgenable also saves the defined configuration and the name of the
effective configuration to flash memory.

Page 6-10
Zoning Example (cont.) sw4100:admin> cfgshow
Defined configuration:
cfg: Cfg_EngMkt
Zone_Eng; Zone_Mkt
zone: Zone_Eng Eng_Host; Eng_Stor
Eng Host
Mkt Host zone: Zone_Mkt Mkt_Host; Mkt_Stor
alias: Eng_Stor 21:00:00:20:37:87:48:e7;

21:00:00:20:37:87:23:e2
Domain 1 alias: Eng_Host 1,0

alias: Mkt_Stor 21:00:00:20:37:87:49:29;
21:00:00:20:37:87:e5:20;
21:00:00:20:37:87:20:c5
alias: Mkt_Host 1,16
Effective configuration:
cfg: Cfg_EngMkt
zone: Zone_Eng 1,0;
S1 S3 21:00:00:20:37:87:23:e2;
S2 S5 21:00:00:20:37:87:48:e7
zone: Zone_Mkt 1,16;
S4 21:00:00:20:37:87:e5:20;
21:00:00:20:37:87:49:29;
21:00:00:20:37:87:20:c5
CFP264 ILT 0806 11
Since zoning is now enabled, the configuration in effect is displayed.

Page 6-11
Enabling Zoning
Only one active zone configuration for entire fabric
Enabled with cfgenable
You do not have to disable one zone configuration to enable another
Enable one configuration over another
Saves the zone configuration (no subsequent cfgsave needed)
Saved across power cycles, reboots
Effective zone configuration displayed in switchshow
sw4100:admin> switchshow
switchName: sw4100
switchType: 32.0
switchState: Online
switchMode: Native
switchRole: Principal
switchDomain: 1
switchId: fffc01
switchWwn: 10:00:00:05:1e:34:01:e6
switchBeacon: OFF
Zoning: ON (Cfg_EngMkt)
CFP264 ILT 0806 12
A zone configuration is a group of zones that are enforced whenever that

zone configuration is enabled. A zone can be included in more than one
zone configuration.
To define a zone configuration, specify the list of zones to be included and

assign a zone configuration name. Zoning may be disabled at any time.
When a zone configuration is in effect, all zones that are members of that
configuration are in effect.
Defined configuration: The complete set of all zone objects that have been
defined in the fabric.
Effective configuration: A single zone configuration that is currently in

effect. The effective configuration is built when an administrator enables a
specified zone configuration. This configuration is compiled by checking for
undefined zone names, or zone alias names, or other issues.
Saved configuration: A copy of the defined configuration plus the name of
the effective configuration which is saved in flash memory by the cfgsave
command. There may be differences between the saved configuration and
the defined configuration if the system administrator has modified any of the
zone definitions and has not saved them.

Page 6-12
Enabling Zoning (cont.)
DEFINED EFFECTIVE
sw4100:admin> cfgenable Cfg_EngMkt CONFIGURATION CONFIGURATION
Cfg_EngMkt 1 Cfg_EngMkt
Zone_Eng Zone_Eng
Cfg_EngMkt becomes Zone_Mkt Zone_Mkt
1
effective configuration
Defined configuration
2 2
is written to flash memory 3
Name of effective configuration RAM
3
is written to flash memory
(Cfg_EngMkt) Domain
1 Flash
Note: cfgenable performs an Memory
implicit cfgsave

CFP264 ILT 0806 13
Use the cfgenable command to enable a zone configuration. The specified zone
configuration is built by checking for undefined zone names, zone alias names, or
other inconsistencies by expanding zone aliases, removing duplicate entries, and
then installing the current configuration.
If the build fails, the previous state is preserved (zoning remains disabled, or the
previous configuration remains in effect). If the build succeeds, the new
configuration replaces the previous configuration.

Page 6-13
Disabling Zoning
DEFINED EFFECTIVE
EFFECTIVE
sw4100:admin> cfgdisable CONFIGURATION CONFIGURATION
CONFIGURATION
1 Cfg_EngMkt
Cfg_EngMkt
Zone_Eng Zone_Eng
Effective configuration Zone_Mkt Zone_Mkt
1
is disabled
Defined configuration
2 2
3
set to none in flash memory
Domain
1 Flash
Memory

CFP264 ILT 0806 14
Use the cfgdisable command to disable the current zone configuration. The fabric
returns to non-zoning mode, in which all devices see each other.
This command ends and commits the current zoning transaction buffer to both
volatile and flash memory. If a transaction is open on a different switch in the fabric
when this command is run, the transaction on the other switch is automatically
aborted. A message is displayed on the other switches to indicate the aborting of
the transaction.

Page 6-14
Saving Zoning
DEFINED EFFECTIVE
sw4100:admin> cfgsave CONFIGURATION CONFIGURATION
Cfg_EngMkt Cfg_EngMkt
Zone_Eng Zone_Eng
Any changes made to the defined Zone_Mkt Zone_Mkt
1
configuration before issuing cfgsave
xxxx
Defined configuration xxxx
2 2
1
3
is written to flash memory
(Cfg_EngMkt) Domain
1 Flash
Note: cfgsave does not do a cfgenable Memory

CFP264 ILT 0806 15
Use the cfgsave command to save the current zone configuration. The defined
configuration and the name of the enabled configuration are written to flash memory
in all switches in the fabric. This allows changes to be made to the defined
configuration without an immediate enabling of them.
The saved configuration is automatically reloaded by the switch on power on and, if
a configuration was in effect at the time it was saved, the same configuration is
reinstalled with an automatic cfgenable command.
Because the saved configuration is reloaded at power on, only valid configurations
are saved. The cfgsave command verifies that the enabled configuration is valid by
performing the same tests as cfgenable. If the tests fail, an error is displayed and
the configuration is not saved. Tests might fail if a configuration has been modified
since the last cfgenable.
This command ends and commits the current transaction. If a transaction is open on
a different switch in the fabric when this command is run, the transaction on the
other switch is automatically aborted. A message is displayed on the other switches
to indicate the aborting of the transaction.
If the defined configuration is larger than the supported maximum zoning database
size, the following message is issued: Commit zone DB larger than supported -
<zone db size> greater than <max zone db size>
Note: A cfgsave does not make any changes to the effective configuration. A
cfgenable command is still needed to enable any changes made in the defined
configuration.

Page 6-15
Clearing Zoning
DEFINED EFFECTIVE
sw4100:admin> cfgclear CONFIGURATION CONFIGURATION
Cfg_EngMkt
1
Zone_Eng
Defined configuration is cleared Zone_Mkt
1
from RAM
RAM
Domain
Note: cfgclear does not disable the
effective configuration and does
1 Flash
not save anything to flash memory Memory

CFP264 ILT 0806 16
Use the cfgclear command to clear all zone information in the defined configuration.
All defined zone objects are deleted. If an attempt is made to clear the defined
configuration while a zone configuration is enabled, you are warned to first disable
the enabled zone configuration.
After using the cfgclear command, use the cfgsave command to commit the defined
and effective configuration to flash memory for all the switches in the fabric.

Page 6-16
Maximum Zoning Database Size
Determined by the amount of Flash

DEFINED EFFECTIVE
Memory available for storing the CONFIGURATION CONFIGURATION
defined configuration
Cfg_EngMkt
Amount varies by Fabric OS release Zone_Eng
Zone_Mkt
Size displayed with cfgsize
command in bytes
Zone DB max size
Committed size
Transaction size RAM
Domain
1 Flash
Memory

CFP264 ILT 0806 17
Use the cfgsize command to display the size details of the zone database. The size
details include the Zone DB maximum size, the committed size, and the transaction
size. All sizes are in bytes.
Zone DB max size is the upper limit for the defined configuration, determined by the
amount of flash memory available for storing the defined configuration.
Committed size is the size of the defined configuration currently stored in flash
memory.
Transaction size is the size of the uncommitted defined configuration. This value will
be nonzero if the defined configuration is being modified, otherwise it is 0.
sw4100:admin> cfgsize
Zone DB max size - 127726 bytes
committed - 8812
transaction - 0

Page 6-17
Maximum Zoning Database Size (cont.)
The switch with the lowest maximum

determines the maximum zoning
database size for the fabric
Zoning Database
Max DB
Size? Maximum Size by FOS
256 KB
128 KB
96 KB
v2.6.x v3.0.x v3.2.x

v3.1.x v4.0.x v4.4.x
v4.1.x v5.0.x
v4.2.x v5.1.x

CFP264 ILT 0806 18
The switch with the lowest maximum determines the maximum zoning database
size for the fabric.
If a switch attempts to join a fabric that has a zone database size greater than the
supported maximum size of the switch, a segmentation error will occur (the request
to join the fabric will be rejected) preventing the switch from joining the fabric.

Page 6-18
Zone Object Commands
You can use these commands for all zone object types:
configuration, zone and alias
zoneobjectcopy
Copies a zone object to a new zone object
zoneobjectcopy Cfg_EngMkt, Cfg_Test
zoneobjectrename
Renames a zone object
zoneobjectrename Zone_Redd, Zone_Red
zoneobjectexpunge
Deletes the zone object and removes it from the member list of all
other objects
zoneobjectexpunge Mkt_Host
CFP264 ILT 0806 19
sw4100:admin> cfgshow "*"

cfg: USA_cfg Red_zone; White_zone; Blue_zone
sw4100:admin> zoneobjectcopy "USA_cfg", "UK_cfg"
sw4100:admin> cfgshow "*"
cfg: UK_cfg Red_zone; White_zone; Blue_zone
zone: Blue_zone 1,0; 1,1
zone: Red_zone 1,2; 1,3
zone: White_zone 1,4; 1,5
sw4100:admin> zoneobjectexpunge Blue_zone"
cfg: USA_cfg Red_zone; White_zone
zone: Red_zone 1,2; 1,3
zone: White_zone 1,4; 1,5

Page 6-19
Zoning Display Commands
nsaliasshow
Displays local name server information and the defined
configuration aliases to which the device belongs
sw4100:admin> nsaliasshow
{
Type Pid COS PortName NodeName TTL(sec)
NL 0204e2; 3;21:00:00:fa:ce:00:21:1e;20:00:00:fa:ce:00:21:1e; na
FC4s: FCP [STOREX RS2999FCPH3 MT09]
Fabric Port Name: 20:04:00:60:69:01:44:22
Permanent Port Name: 21:00:00:fa:ce:00:21:1e
Aliases: Sun_Disk1
NL 0204ef; 3;21:00:00:ad:bc:04:6f:70;20:00:00:ad:bc:04:6f:70; na
FC4s: FCP [STOREX RS2999FCPH3 JB09]
Fabric Port Name: 20:04:00:60:69:01:44:22 This node has not
Permanent Port Name: 21:00:00:ad:bc:04:6f:70 been defined
in any alias
Aliases:
The Local Name Server has 2 entries }
CFP264 ILT 0806 20
This command is a duplicate of the nsshow command with the added feature of
displaying the defined configuration aliases that the device belongs to.
The message There is no entry in the Local Name Server is
displayed if there is no information in this switch, but there still may be devices
connected to other switches in the Fabric. The command nsallshow shows
information from all switches.

Page 6-20
Zoning Display Commands (cont.)
nodefind
Displays all the name server entries matching a given WWN,
PID (in hex) or alias
sw4100:admin> nodefind Disk_1

Local:
Type Pid COS PortName NodeName SCR
NL 0314d9; 3;22:00:00:04:cf:5d:dc:2d;20:00:00:04:cf:5d:dc:2d; 0
FC4s: FCP [SEAGATE ST318452FC 0001]
Fabric Port Name: 20:14:00:60:69:80:04:79
Permanent Port Name: 22:00:00:04:cf:5d:dc:2d
Device type: Physical Target
Aliases: Disk_1

CFP264 ILT 0806 21
RSL1_ST07_B41:admin> nodefind 21:00:00:04:cf:bd:56:bd

Local:
NL 0200e2; 3;21:00:00:04:cf:bd:56:bd;20:00:00:04:cf:bd:56:bd; 0
Fabric Port Name: 20:00:00:05:1e:02:a6:6d
Permanent Port Name: 21:00:00:04:cf:bd:56:bd
Aliases:
RSL1_ST07_B41:admin> nodefind 0x0200e2

Local:
NL 0200e2; 3;21:00:00:04:cf:bd:56:bd;20:00:00:04:cf:bd:56:bd; 0
Fabric Port Name: 20:00:00:05:1e:02:a6:6d
Permanent Port Name: 21:00:00:04:cf:bd:56:bd
Aliases:

Page 6-21
nszonemember
Displays the information of all online devices which are zoned
with the given device (WWN or PID)
sw4100:admin> nszonemember 0x0406e2
2 local zoned members:
NL 0406e2; 3;22:00:00:20:37:d9:6b:b3;20:00:00:20:37:d9:6b:b3; 0
Fabric Port Name: 20:06:00:60:69:50:06:78
Permanent Port Name: 22:00:00:20:37:d9:6b:b3
NL 040901; 2,3;10:00:00:00:c9:26:0e:ae;20:00:00:00:c9:26:0e:ae; 3
Fabric Port Name: 20:09:00:60:69:50:06:78
Permanent Port Name: 10:00:00:00:c9:26:0e:ae
Device type: Physical Initiator
No remote zoned members

CFP264 ILT 0806 22
Also can use the WWN:

sw4100:admin> nszonemember 22:00:00:20:37:d9:6b:b3

Page 6-22
nszonemember -u
Displays all unzoned devices in the entire fabric
sw4100:admin> nszonemember -u
Pid: 0x041ea9; Aliases: stor32b_1
Pid: 0x041eaa; Aliases: stor32b_2
Pid: 0x041eab; Aliases: stor32b_3
Pid: 0x041eac; Aliases: stor32b_4
Pid: 0x041fad; Aliases: stor32a_5
Pid: 0x041fae; Aliases: stor32a_6
Pid: 0x041fb1; Aliases: stor32a_7
Pid: 0x041fb2; Aliases: stor32a_8
Pid: 0x062800; Aliases:
Totally 9 unzoned devices in the fabric.

CFP264 ILT 0806 23
Some useful options with nszonemember:

-a Displays each local devices online zoned data, including PID and zone alias.
-u Displays all unzoned devices in the entire fabric.

Page 6-23
Additional Zone Management Commands
cfgtransshow
Displays the current zoning transaction information
cfgtransabort
Aborts the current zoning transaction (anything since the
last save)
cfgactvshow
Displays the zoning effective configuration

CFP264 ILT 0806 24
sw4100:admin> cfgtransshow
There is no outstanding zone transactions
sw4100:admin> cfgclear
Do you really want to clear all configurations? (yes, y, no, n):
[no] y
Clearing All zoning configurations...
sw4100:admin> cfgtransshow
Current transaction token is 271010736
It is abortable
sw4100:admin> cfgtransabort
sw4100:admin> cfgactvshow
cfg: Cfg_EngMkt
zone: Zone_Eng 1,0;
21:00:00:20:37:87:23:e2;
21:00:00:20:37:87:48:e7
zone: Zone_Mkt 1,16;
21:00:00:20:37:87:e5:20;
21:00:00:20:37:87:49:29;
21:00:00:20:37:87:20:c5
Page 6-24
Default Zoning
In early versions of Fabric OS, when zoning was not
implemented or a cfgdisable command was issued, all
devices in the fabric could access each other
In Fabric OS v5.1.0, you can now create a default zone:
Controls what device access is allowed within a fabric when zoning
is not enabled
Enable all device access with defzone --allaccess (default)
Disable all device access with defzone --noaccess
How it works:
When a user-specified zone configuration is not enabled, defzone
is in effect
When a user-specified zone configuration is enabled, the defzone
is overridden

CFP264 ILT 0806 25
The new default zone feature can enable or disable device access within a
fabric. Default zones are based on the FC-GS standard, but are not
supported when the switch or Director is in interop mode.
The defzone allaccess is the default because it matches how zoning
worked prior to Fabric OS v5.1.0.

Page 6-25
Default Zoning (cont.)
defzone Command
Two underscore
To create a no-access default zone characters used
in all instances
defzone --noaccess
Creates the following (hidden) zone configuration
cfgcreate d__efault__Cfg, d__efault__Zone
zonecreate d__efault__Zone,00:00:00:00:00:00:00:01
To create an all-access default zone

defzone --allaccess
Does the equivalent of the following zoning commands
cfgdelete d__efault__Cfg
zonedelete d__efault__Zone
Changes must be committed to the fabric

Normally a cfgsave will be used
A cfgenable or cfgdisable can be used since each includes an
implied save
CFP264 ILT 0806 26
The new defzone command configures a default zone configuration and

displays the current configuration. The command has no optional
parameters, and takes one of three required arguments:
--allaccess Create a default zone that enables all device-to-
device access within the fabric. This is the default behavior in Fabric
OS v5.1, and matches the default behavior in a non-zoned fabric.
--noaccess Create a default zone that disables all device-to-
device access within the fabric.
--show Display the current default zone.
Names beginning with d__efault__ are reserved for default zoning use
(note: two underscore characters are used in each instance.)
Note: The setting of the defzone command is stored in the zoning

transaction buffer. Normally, a cfgsave is used to commit the zoning
transaction to the entire fabric. A cfgenable or cfgdisable will do the
commit since each command does an implied cfgsave. Because the
setting is stored in the zoning transaction buffer, a cfgtransabort could
be used to abort the defzone command.

Page 6-26
Default Zoning
defzone Command (cont.)
Display the current default zone
If Zoning is not
sw4100:admin> defzone --show enabled, devices
Default Zone Access Mode in the fabric can not
access each other
committed - No Access
transaction - No Transaction

CFP264 ILT 0806 27

Page 6-27
Default Zoning
On a Fabric OS v5.1.0 switch, the cfgactvshow and
cfgshow commands do not display the default zone or zone
configuration
On switches running releases earlier than Fabric OS v5.1.0,

the d__efault__Cfg and d__efault__Zone can be
seen, but not managed
With defzone set to noaccess, perform all zoning tasks
from a switch running Fabric OS v5.1
A cfgdisable issued from a switch running an earlier
version is rejected

CFP264 ILT 0806 28
From a switch running earlier versions of Fabric OS, the zone* commands
cannot manage the default zone, and the cfg* commands cannot manage
the default zone configuration.
For example, attempting to disable d__efault__Cfg on a Fabric OS
v5.0.1 switch results in the following error message:
RCSRCA_SFC_REJECTED
Sfc Was Rejected: Remote Switch Unable To Process.

Page 6-28
Default Zoning
When the defzone is configured as noaccess and zoning
is disabled, then the cfgshow output on a Fabric OS v5.1.0
switch is different from a switch with an earlier release
v5.0.1 v5.1.0
sw200E:admin> cfgshow sw4100:admin> cfgshow

Defined configuration: Defined configuration:
cfg: d__efault__Cfg
d__efault__Zone Effective configuration:
zone: d__efault__Zone no configuration in effect:
00:00:00:00:00:00:00:01 (No Access)
cfg: d__efault__Cfg
zone: d__efault__Zone
00:00:00:00:00:00:00:01

CFP264 ILT 0806 29
When zoning is not enabled and the default zone is set to no access,
the cfgshow output for the v5.1.0 switch is different from a switch
with an earlier release. See slide above.
Use the defzone --show command to determine which mode the

default zone is set to (Access or No Access).
sw4100:admin> defzone --show

Default Zone Access Mode
committed - No Access
transaction - No Transaction
sw4100:admin> switchshow
switchName: sw4100
switchType: 32.0
switchState: Online
switchMode: Native
switchRole: Subordinate
switchDomain: 2
switchId: fffc02
switchWwn: 10:00:00:05:1e:02:a6:6d
zoning: ON (No Access)
switchBeacon: OFF
<truncated output>

Page 6-29
Web Tools Zoning Administration
Click here
for
Zoning
Admin

CFP264 ILT 0806 30
Location of the Zone Admin icon. A login is required before the Zone
Administration screen appears.

Page 6-30
Web Tools Zoning Administration (cont.)

CFP264 ILT 0806 31
This screen allows for the creation and modification of aliases, zones and
configuration.

Page 6-31
Zoning Enforcement
Session Enforcement
Name Server restricts PLOGIs
Hardware Enforcement
Available through ASIC hardware logic checking
Denies illegal access from bad citizens1
More secure than session
Enforcement based on how members in a zone are defined

CFP264 ILT 0806 32
Devices that are Session enforced cause any PLOGIs to the device to be rejected.
Devices that are Hardware enforced cause any frames that do not comply with the
effective zone configuration to be rejected. This blocking is performed at the
transmit side of the port where the destination device is located. This is the highest
level of protection for a device.
Footnote 1: A bad citizen is best explained by defining good citizens. Good citizens
are defined as fabric devices that support RSCNs, query name server when they
receive RSCNs and only communicate with devices that the name server gives
them when they query. Bad citizens do not do one or more of these things.
The decision for what enforcement a device receives is based on how the members
in a given zone are defined. The table on the next slide describes this process.

Page 6-32
Zoning Enforcement
Non-overlapping Zones
2 & 4 Gbit/sec
Hardware Enforcement Zone Members
ASICs
Frame Filter
All PORTS
Hardware
Session Enforcement Z1=dom2,port1; dom2,port2
Trap PLOGI
Issues reject to
All WWNs
Hardware
initiator
Z2=wwn1; wwn2; wwn3
MIXED
Session
Z3=dom2,port3; wwn4

CFP264 ILT 0806 33
Hardware Enforced Zoning:

Hardware Enforced zoning is used by zones with all members defined by
their <domain id, port> or all members defined by their WWN. This the
strongest form of enforcement and will block all frames that compromise
the zone from a device that is not a member of a zone such as a bad
citizen. Destination ASIC checks SID on every frame against CAM table
entries. Overlapping zones (zone members that appear in two or more
zones) are permitted and hardware enforcement will continue as long as
the overlapping zones have either all WWNs or <domain id, port> entries.
Using all WWNs in a zone allows for the node to attach to any port in the
fabric and have hardware enforcement. Using all <domain,
port>/<domain, area> members restricts the movement of devices in the
fabric until a zone update is made.
Session Enforced Zoning :
A session enforced zone is a zoning protection that guarantees that only
members of the zone can complete PLOGI/ADISC/PDISC which
prevents any unauthorized access by devices that are not a member of
the zone. Enforcement to a zone with WWN members and <domain,
port> will change from hardware to session enforcement. The ASIC will
perform authentication using the name server to compare the SID/DID in
the primitive commands with the current zone configuration. If the current
zone configuration does not permit the devices to communicate, the
switch issues a reject to the SID, effectively blocking communications.

Page 6-33
Zoning Enforcement
Non-overlapping Zones (cont.)
Session Session
Dom, Port Enforced Enforced
2,0
Dom, Port
2,6
PURPLE
RED WWN4 Zone
Zone WWN3
0 1 2 3 4 5 6 7
Domain 2
GREEN 8 9 10 11 12 13 14 15 WWN1
Dom, Port
Zone 2,8 Condor WWN1
ASIC BLUE
Zone
Hardware Dom, Port WWN2 Hardware

Enforced 2,9 Enforced
CFP264 ILT 0806 34
Blue Zone: This zone is Hardware enforced because all devices have been
specified by WWN.
Green Zone: This zone is Hardware enforced because all devices have been
specified by Port.
Red Zone: This zone is Session enforced because a mix of port and WWN have
been specified in the zone.
Purple Zone: This zone is also Session enforced because of a mix of port and
WWN in the same zone.
Note: The Red and Purple Zones also illustrate that the type of device (initiator vs.
target) has no bearing on the type of enforcement.

Page 6-34
Zoning Enforcement
Overlapping Zones (cont.)
Dom, Port
2,0
Dom, Port
2,6
PURPLE
RED WWN4 Zone
Zone WWN3
Session
0 1 2 3 4 5 6 7
Enforced
Domain 2
GREEN 8 9 10 11 12 13 14 15 WWN1
Dom, Port
Zone 2,8 Condor WWN1 Session
ASIC Enforced
BLUE
Zone
Dom, Port Hardware WWN2 Hardware
2,9 Enforced Enforced
CFP264 ILT 0806 35
This shows the results of Hardware and Session enforced overlapping zones.
The Blue zone is defined with all WWNs (WWN1 and WWN2) and meets the rules
for Hardware enforcement. The Purple zone is defined with a mix of port and
WWNs and meets the rules for Session enforcement.
The target device WWN1 is defined in both zones. When a device is defined in
overlapping zones, where one is hardware enforced and the other is Session
enforced, the device will become Session enforced in all zones. What is important to
note is the host (WWN2) is still Hardware enforced even though the target device
(WWN1) is now Session enforced. Under these conditions, zoning enforcement is
determined at the device level, not the zone level.

Page 6-35
Zoning Enforcement Command
portzoneshow
Displays zoning enforcement for each online device port on
the local switch
This is an unsupported, undocumented command
RSL1_ST07_B200:admin> portzoneshow
PORT: 0 (0) F-Port Enforcement: HARD PORT defaultHard: 0 IFID: 0x43020000
PORT: 1 (1) F-Port Enforcement: HARD PORT defaultHard: 1 IFID: 0x43020001
PORT: 2 (2) Offline
<truncated output>
PORT: 0 (0) F-Port Enforcement: HARD WWN defaultHard: 0 IFID: 0x43020000
PORT: 1 (1) F-Port Enforcement: HARD WWN defaultHard: 0 IFID: 0x43020001
PORT: 2 (2) Offline
<truncated output>
PORT: 0 (0) F-Port Enforcement: SESSION BASED HARD defaultHard: 0 IFID: 0x43020000
PORT: 1 (1) F-Port Enforcement: SESSION BASED HARD defaultHard: 0 IFID: 0x43020001
PORT: 2 (2) Offline
<truncated output>

CFP264 ILT 0806 36
Some useful options with nszonemember:

-a Displays each local devices online zoned data, including PID and zone alias.
-u Displays all unzoned devices in the entire fabric.

Page 6-36
Implementation Considerations
Define all members in a zone with <domain,port> or
<domain,area>
Provides hardware enforcement
Allows devices to communicate that are connected to the ports defined
within the zone
Requires a zoning change if a device is moved to a port outside the
zone
No zoning change if the devices WWN changes
Define all members in a zone with their device WWN

Provides hardware enforcement
Allows devices to communicate that have their WWN in the same zone
Requires a zoning change if the devices WWN changes
No zoning change if a device is moved to another port in the fabric

CFP264 ILT 0806 37
These implementation considerations focus on creating zones to achieve Hardware

enforcement and identify when zoning changes are needed.

Page 6-37
Zoning Best Practices
Make all names meaningful
Create aliases to easily identify devices
Define each zone with a single HBA initiator
Define zone members with either all domain, area (port
number) or all WWNs for hardware enforcement
Consider setting default zone to noaccess to prevent any
device access when zoning is not enabled
Monitor zone database size
Analyze zones to verify correct devices are communicating
nszonemember
fcping
Web Tools zone analysis
SAN Health
Backup with a configupload
CFP264 ILT 0806 38
Zoning by single Host Bus Adapter (HBA) most closely recreates the original SCSI
bus. Each zone created has only one HBA (initiator) in the zone and all the targets
nodes are members of that zone.
Defining zone members with either all port numbers or all WWNs provides
Hardware enforcement.
Setting the default zone to no access when the fabric is first built allows devices to
connect to the fabric, do their FLOGI and Name Server update but not access any
other device connected to the fabric. This permits the physical connection to be
done in one phase and the enabling of a zone configuration to allow access to be
done in another phase.
Monitor the zone database sizing as new switches are added to the fabric. Newer
switches will tend to have a larger maximum size but the fabric may not be able to
take advantage of it due to an older FOS running on an existing switch with a lower
maximum.
With zoning enabled, check the servers to verify they have access to the desired
target devices. Also, use the nszonemember command and SAN Health as tools to
discover devices that are online but not defined in a zone, etc.

Page 6-38
Adding a New Switch to a Zoned Fabric
1. Ensure new switch has no zoning
cfgshow
cfgdisable; cfgclear; cfgsave
2. Connect switch to existing fabric
3. Defined and effective configurations are propagated to
new switch

CFP264 ILT 0806 39
A new switch is one that has not previously been connected to a fabric. Before
connecting the new switch, check to see if any zoning data exists with the cfgshow
command. If it exists, use the cfgdisable, cfgclear, and cfgsave commands to
sanitize it.
When a new switch is connected to a zoned fabric, all zone configuration data is
immediately copied from the zoned fabric into the new switch. If a zone
configuration is enabled in the fabric, then the same configuration becomes enabled
in the new switch. After this operation, the cfgshow command displays the same
output on all switches in the fabric, including the new switch.

Page 6-39
Ensure New Switch has no Zoning
sw4100:admin> cfgshow DEFINED EFFECTIVE

CONFIGURATION CONFIGURATION
no configuration defined
no configuration in effect
RAM
Domain
2 Flash
Memory

CFP264 ILT 0806 40
The cfgshow command displays the status of the defined and effective
configurations on a new switch.

Page 6-40
Connect New Switch to Existing Fabric
DEFINED EFECTIVE DEFINED EFFECTIVE

CONFIGURATION CONFIGURATION CONFIGURATION CONFIGURATION
Cfg_EngMkt Cfg_EngMkt Cfg_EngMkt Cfg_EngMkt

Zone_Eng Zone_Eng Zone_Eng Zone_Eng
Zone_Mkt Zone_Mkt Zone_Mkt Zone_Mkt
ISL
Propagate Definitions
RAM RAM
Domain Domain
1 Flash 2 Flash
Memory Memory

CFP264 ILT 0806 41
The defined and effective configurations from the existing fabric are propagated to
the new switch.

Page 6-41
Merging Two Zoned Fabrics
Zoning Segmentation Errors
Segmentation due to: Description

Occurs when zoning is enabled in both fabrics
Configuration mismatch
and the effective configurations are different.
Occurs when the name of a zone object in one
fabric is also used for a different type of zone
Type mismatch object in the other fabric.
Fabric A: alias: Mkt_Host 1,16
Fabric B: zone: Mkt_Host 1,16
Occurs when the name and type of a zone
object in one fabric is also used in the other
Content mismatch fabric but the content or order is different.
Fabric A: alias: Eng_Stor wwn2; wwn1
Fabric B: alias: Eng_Stor wwn1; wwn2

CFP264 ILT 0806 42
If the zoning changes are not done correctly, it is possible to have the merging of
the fabrics fail due to a segmentation error.
The table above shows the three possible mismatches that would cause this error.
Note: View the WBT module associated with merging two zoned fabrics.

Page 6-42
Other Merge Fabric Considerations
Use a Brocade router
Allows fabrics to remain autonomous
Devices can communicate between fabrics via LSAN
zones
Use Fabric Manger Fabric Merge Check
Checks each fabric for:
Duplicate Domain Ids
Incompatible fabric.ops switch configuration settings
Any zoning mismatch conditions
Check before you connect!

CFP264 ILT 0806 43
There are other considerations for merging two fabrics.

Use a Brocade router rather than merge the fabrics. A router allows each fabric to
remain autonomous but via a backbone fabric that contains a router, permits
access between devices in the fabrics through LSAN zones.
Use Fabric Manager to invoke the Fabric Merge Check. This function allows the
comparing of two fabrics and their settings that could cause a fabric segmentation
error. Best to check before you connect.

Page 6-43
Fabric Manager Fabric Merge Check

CFP264 ILT 0806 44
The Fabric Merge Check is under the Tools pull-down window.

Page 6-44
Fabric Selection
Fabric Compare Retrieving and comparing

configuration Info
Retrieving and Comparing

Zoning Data

CFP264 ILT 0806 45
In preparation for the merge check, two fabrics will be selected. In the example
above, fabric-sw51 and fabric-RSL1_BRCD47 have been selected for a check.
Once the fabrics have been selected you can select the Check button to extract
the elements from each fabric for comparison.

Page 6-45
Merging Check Results - Successful

CFP264 ILT 0806 46
At the end of the process a Merge Check Results pop up window will be
displayed. To validate all of the compared results you can select the up and
down buttons to the right to display any identified mismatches.

Page 6-46
Other Zoning Tools
SAN Health
Creates zoning tables to quickly
compare for differences
Highlights hanging zones
(zones with defined devices that
arent logged into the Name
Server)
Highlights unzoned devices
(devices logged into the Name
Server that arent defined in a
zone)
Quick check of zoning metrics
on Summary tab to see if one is
nearing the capacity of zone
database

CFP264 ILT 0806 47
SAN Health is a very good tool for cleaning up a zoning database.

Page 6-47
SAN Health Sample Zoning Spreadsheet

CFP264 ILT 0806 48

Page 6-48
Summary
Zoning logically separates the Fabric into subsets
Single HBA zoning is a good practice
Hardware enforcement denies illegal access from bad
citizen HBAs
Session enforcement restricts PLOGIs
A default zone can be set to control what device access
is allowed within a fabric when zoning is not enabled
Sanitize new switch before connecting to existing fabric

CFP264 ILT 0806 49

Page 6-49
Review Questions
1. Which command can delete a zone object and remove it from the
member list of all other objects?
2. What happens when the effective zone configurations do not

match when merging two fabrics?
3. What is the zoning enforcement for a device that is defined in one

zone by its WWN and defined in another zone by its domain,
area (zones are overlapped because of this device)?
4. What does the defzone command control?
5. What commands will give you a list of devices in a zone with your
device?

CFP264 ILT 0806 50
5. The nszonemember, cfgshow, zoneshow, and alishow commands
enabled. (noaccess or allaccess)

4. It controls what device access is allowed within a fabric when zoning is not
3. Session
2. A fabric segmentation due to a configuration mismatch
1. zoneobjectexpunge

Page 6-50
Brocade
Product Training
CFP264
Brocade 4 Gbit/sec Accelerated BCFP
End of Instructor-Led Module 6

Brocade SilkWorm Zoning
Brocade Education Services

CFP264 ILT 0806 51

Page 6-51
This page left blank for formatting

Page 6-52

Brocade Product Training: Cfp264 Brocade 4 Gbit/Sec Accelerated BCFP Instructor-Led Module 6 Brocade Silkworm Zoning

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Brocade Product Training: Cfp264 Brocade 4 Gbit/Sec Accelerated BCFP Instructor-Led Module 6 Brocade Silkworm Zoning

Uploaded by

Copyright:

Available Formats

Brocade

Brocade Education Services

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

Server in the Red zone sees the disks in Loop 1

A zone is a specified group of fabric-connected devices, also called zone members.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

Create Delete Add Remove Show

Alias alicreate alidelete aliadd aliremove alishow

Zone zonecreate zonedelete zoneadd zoneremove zoneshow

Zone cfgcreate cfgdelete cfgadd cfgremove cfgshow

Fabric OS Zone Management Commands

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

Eng Host 2. Create Aliases

2006 Brocade Communications Systems, Incorporated.

Zoning has a very systematic yet simple approach to implementing:

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

alias: Eng_Stor 21:00:00:20:37:87:48:e7;

Domain 1 alias: Eng_Host 1,0

Since zoning is now enabled, the configuration in effect is displayed.

2006 Brocade Communications Systems, Incorporated.

A zone configuration is a group of zones that are enforced whenever that

To define a zone configuration, specify the list of zones to be included and

Effective configuration: A single zone configuration that is currently in

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

Determined by the amount of Flash

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

The switch with the lowest maximum

v2.6.x v3.0.x v3.2.x

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

sw4100:admin> cfgshow "*"

2006 Brocade Communications Systems, Incorporated.

2006 Brocade Communications Systems, Incorporated.

sw4100:admin> nodefind Disk_1

2006 Brocade Communications Systems, Incorporated.

RSL1_ST07_B41:admin> nodefind 21:00:00:04:cf:bd:56:bd

RSL1_ST07_B41:admin> nodefind 0x0200e2

2006 Brocade Communications Systems, Incorporated.

No remote zoned members

2006 Brocade Communications Systems, Incorporated.

Also can use the WWN: