Professional Documents
Culture Documents
Brocade, the Brocade B-weave logo, Fabric OS, File Lifecycle Manager, MyView, Secure Fabric OS,
SilkWorm, and StorageX are registered trademarks and the Brocade B-wing symbol and Tapestry are
trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
FICON is a registered trademark of IBM Corporation in the U.S. and other countries. All other brands,
products, or service names are or may be trademarks or service marks of, and are used to identify,
products or services of their respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty,
expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered
by Brocade. Brocade reserves the right to make changes to this document at any time, without notice,
and assumes no responsibility for its use. This informational document describes features that may not
be currently available. Contact a Brocade sales office for information on feature and product availability.
Export of technical data contained in this document may require an export license from the United
States government.
Objective: The BCFD Nutshell guide is designed to help you prepare for the BCFD Certification, exam number
143-260.
Audience: The BCFD Nutshell self-study guide is intended for those who have successfully completed the
CFD 200 Brocade 8 Gb Certified Fabric Designer course, and who wish to undertake self-study or review
activities before taking the actual BCFD exam. The BCFD guide is not intended as a substitute for classroom
training or hands-on time with Brocade products.
How to make the most of the BCFD guide: The BCFD guide summarizes the key topics on the BCFD exam for
you in an easy to use format. It is organized closely around the exam objectives. We suggest this guide be
used in conjunction with our free online knowledge assessment test - CFD 201 BCFD Knowledge Assessment.
To benefit from the BCFD guide, we strongly recommend you have successfully completed the CFD 200
Brocade 8 Gb Certified Fabric Designer course.
We hope you find this useful in your journey towards BCFD Certification, and we welcome your feedback by
sending an email to jcannata@brocade.com.
Table of Contents
1 - Data Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
How to Assess Current and Target SAN Infrastructure Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Tools to Assess the Current SAN Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
SAN Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Top Talker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Fabric Watch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Current SAN Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Target SAN Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
SAN Design Installation Plan Documentation Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Gathering Business Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Key Items to Collect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2 - Design Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Designing a Solution To Meet Customer Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Hardware Products - Switches, Directors and Backbone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
B-Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Hardware Products - Fabric Extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Availability Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Design Assessment Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Reference Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Data to Gather. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3 - Management and Monitoring Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Tools for Gathering Monitoring Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Applying Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
FCIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4 - Hardware/Software Products and Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Interoperability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Fabric OS and M-EOS Interop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Interop Modes Introduced in FOS v6.x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
FC Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Integrated Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Access Gateway Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Access Gateway Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
F_Port Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Brocade DCX Backbone ICLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Software Products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Adaptive Networking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Port Fencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Cascaded FICON Requirements and Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
5 - Distance Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
FCIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
FCIP Performance Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
The IPPerf Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Supported FCIP Platform Connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Supported FCIP Tunnel Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
FCIP FastWrite and Tape Pipelining. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
FCIP FastWrite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Tape Pipelining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
List of Tables
Switch Attribute Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
FC Router Platforms Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
List of Figures
Sample SAN Health Report ....................................................................................................................................................................................................... 8
B-Series Switches ................................................................................................................................................................................................................... 13
Ports on Demand Increments ................................................................................................................................................................................................ 14
Buffer Credits .......................................................................................................................................................................................................................... 14
Backbone and Directors ......................................................................................................................................................................................................... 15
Single Switch Topology ........................................................................................................................................................................................................... 16
Cascade and Ring Topologies ................................................................................................................................................................................................ 17
Full Mesh Topology ................................................................................................................................................................................................................. 18
Core/Edge Topology................................................................................................................................................................................................................ 19
Non-resilient vs. Resilient....................................................................................................................................................................................................... 20
Fibre Channel Routed Fabric ................................................................................................................................................................................................. 25
Brocade 7500E and FR4-18i Routers................................................................................................................................................................................... 26
Access Gateway ...................................................................................................................................................................................................................... 29
Access Gateway Use Case...................................................................................................................................................................................................... 30
Scalability Using Access Gateway .......................................................................................................................................................................................... 30
F_Port Trunking ....................................................................................................................................................................................................................... 31
Two DCX Bacbones With ICLs ................................................................................................................................................................................................ 32
Port Fencing Concept.............................................................................................................................................................................................................. 34
FCIP Implementation Example............................................................................................................................................................................................... 35
FCIP Tunnels on a GbE Port ................................................................................................................................................................................................... 36
Brocade 7500 & FR4-18i ....................................................................................................................................................................................................... 36
IPPerf Example ........................................................................................................................................................................................................................ 38
Single Fabric Using VE_Port-to-VE_Port Connection............................................................................................................................................................. 39
Two Routed Fabrics Using VEX_Port-to-VE_Port Connection ............................................................................................................................................... 39
FCIP FastWrite......................................................................................................................................................................................................................... 40
Tape Pipelining........................................................................................................................................................................................................................ 41
FastWrite and Pipeling Problem Installation......................................................................................................................................................................... 42
Local Proximity ........................................................................................................................................................................................................................ 45
Remote Proximity .................................................................................................................................................................................................................... 46
Benefits of Trunking................................................................................................................................................................................................................ 47
Fabric Without Open Trunking ............................................................................................................................................................................................... 49
Fabric With Open Trunking ..................................................................................................................................................................................................... 49
Oversubscription Ratio ........................................................................................................................................................................................................... 50
Migration Process Phases ...................................................................................................................................................................................................... 54
M-Series Migration to B-Series Using Routers ...................................................................................................................................................................... 55
Merging Fabric OS and M-EOS Fabrics................................................................................................................................................................................. 56
Inserting DCXs at the Core ..................................................................................................................................................................................................... 57
RADIUS Configuration ............................................................................................................................................................................................................. 59
ACL Policies ............................................................................................................................................................................................................................. 61
Sample NDA ............................................................................................................................................................................................................................ 62
Sample Question..................................................................................................................................................................................................................... 63
Example Exam Score .............................................................................................................................................................................................................. 64
1 - Data Collection
supportshow is a simple way of gathering the state of each switch in the SAN. It can be a time-consuming
process. Also related to this would be uploading the switch configuration files.
SAN Health
• A tool that automates the documentation of a SAN
- For SAN design purposes
• SAN Health is a free utility that helps you create:
- Comprehensive documentation
- Historical performance graphs
- Detailed topology diagrams
- Best practice recommendations
Top Talker
• The Top Talker (TT) is an enhancement to Advanced Performance Monitor end-to-end monitors
- First available in Fabric OS v6.0
- When enabled, these monitors determine which SID-DID pairs are the major users of switch F_Port
bandwidth
- Can be enabled on specific switch E_Ports or F_Ports in the fabric
Fabric Watch
• A licensed product that monitors switch thresholds
At A Glance – Comprehensive
SAN Visibility
- Obtain customer’s target time for pilot and first implementation; assess overall time line
- Document all switch vendor and SAN partner information
- Document all support providers
2 - Design Assessment
Before designing a SAN, it is important to identify the resources that are available to use as “building blocks”
in your infrastructure design.
Before discussing design concepts, here are the Brocade products and services that you may use in a design:
• Hardware solutions:
- Switches
- Directors and Backbones
- Fabric routing and extension products
- Server connectivity options
- Access Gateway
• Software solutions
- FC Routing
- FCIP
- Trunking
- Adaptive Networking
- Zoning
- FICON
B-Series Switches
Topologies
Single Switch
• The simplest DCF solution has only a single switch
o For higher availability, start with two unconnected switches
• Pro: Locality between server and storage; well-suited to higher-port count switches
• Con: Single fault domain
Cascade
Ring
Figure 7: Cascade and Ring Topologies
Full Mesh
• The full mesh topology connects each switch to every other switch in the DCF
• Pro: Provides more paths than Cascade or Ring; can add new servers or storage to any open port
(maximum of one hop to any device); can leverage ISL Trunking; can increase locality
• Con: Does not scale well; only a single, lowest-cost path, so cannot leverage DPS
Full Mesh
Figure 8: Full Mesh Topology
Core/Edge
• For better scalability, the Core/Edge Topology specializes the role of the switch:
- Connect servers and storage to switches at the Edge
- Connect switches at the Core to the Edge switches
• The result is a resilient topology with two Core switches
• The Core/Edge topology improves scalability, availability, and performance
- Adding a new Edge switch requires connections only to the Core switches, which makes this a
highly scalable topology
- There are always two equal-cost paths between any two Edge switches which leverages DPS and
ISL Trunking
- Having two Core switches makes this is a highly resilient topology
The Core/Edge topology shown above modifies the “connect-to-all-switches” methodology of the Full Mesh to
achieve better scalability. The switches to which servers and storage are attached are moved to the outside –
or “Edge” – of the topology. The Edge switches are not connected directly to each other; instead, they are
connected into a fabric through two or more connection-only switches at the “Core” of the fabric.
In the example above, the two Brocade DCX Backbones are acting as the Core switches, while four Brocade
5300 switches are placed as the Edge switches.
Availability
• A redundant SAN solution is based on at least two resilient fabrics
• Design for long term maintenance, which will allow you to test new solutions on one fabric while
maintaining data flow through the other fabric
• Make each fabric resilient enough to survive hardware, software, user and site failures
• When assessing the availability of the fabric, a well-connected SAN should avoid single points of failure
(SPOFs): any component that, if failed, results in devices and/or switch(es) becoming disconnected from
the fabric
- Can include: ISLs, ports, switches, HBAs, storage ports, fabric itself
• Fabrics with no SPOFs are considered resilient fabrics
- Each server has at least 2 HBAs, multi-path software and is connected to both fabrics
- Each storage system has at least 2 storage ports; with connections into different fabrics
- Using Directors or Backbones greatly improves availability
Availability Levels
• There are four basic levels of availability in a Core/Edge-based design:
• Level 1: Single fabric, single Core: Not Highly Available
- Fabric and Core are single points of failure (SPOFs)
• Level 2: Single fabric, multi-Core: Not Highly Available
- Core is no longer an SPOF; fabric is an SPOF
• Level 3: Two fabrics, single Core: Highly Available (better if a Director is the Core)
- No SPOFs; most popular deployment – but not the highest HA level
• Level 4: Two fabrics, multi-Core: Most Highly Available
- No SPOFs; more faults caught in the fabrics, rather than at the HBA/storage level
Reference Sources
There are several different types of documentation required for a design assessment. They range from
technical manuals to tools or methods to collect certain specific pieces of information. Technical manuals
include:
• Admin Guides
• EFCM or Fabric Manager User Manuals
• SAN Health Documentation
• Advanced Performance Monitor Manual
• Hardware Reference Manuals
Data to Gather
Security
Repositories
Zoning
FCIP
Managing of FCIP can be achieved with any of the GUI products designed for management.
Interoperability
FC Routing
Overview
• Many of today’s IT organizations manage multiple Storage Area Network (SAN) islands to support specific
applications, projects, and sites throughout their enterprise Data Centers
- Increasingly, administrators are having to share resources between fabrics
• Organizations can interconnect their SAN islands for greater resource utilization, scalability, and long-
distance extension
• FC Routing:
- Introduces an advanced level of device connectivity without the associated risk and complexity of
physically merging SAN islands into a single large fabric
- Supports strategic business initiatives such as disaster recovery, data migration, new data center
infrastructures, ongoing technology upgrades, and data center infrastructure consolidation
- Simplifies interconnection and support for heterogeneous SAN environments in different interoper-
ability modes
• Fibre Channel Routing can be implemented between distinct fabrics to facilitate physical and logical
connectivity
• Introducing FC Routing into your existing SAN environment requires:
- Physical Connectivity between FC fabrics
• Connect autonomous fabrics (SAN Islands) to an FC Router platform via EX_Ports
- Logical Connectivity between FC devices
• Configure and enable LSAN zones in each autonomous fabric to specify which devices will be shared
• FCR enables device sharing access across fabrics with minimal changes to the existing fabrics
• The Fibre Channel Router (FCR):
- Implements fabric-to-fabric routing (Layer 3)
- Fabrics can be B-Series, M-Series, or a mixture of B- and M-Series
- Continues to provide basic Fibre Channel switch functionality (Layer 2)
- Uses an EX_Port to prevent the fabrics from merging; an IFL forms
• Design implementation considerations related to EX_Port Physical Connectivity
- Identify a meaningful domain ID numbering convention and assign domain IDs
o A unique range of IDs for physical switches
o A unique range of IDs for translate (xlate) domains (XDs)
o A unique range of IDs for front domains (FDs)
- Identify a meaningful fabric Identification convention and assign FIDs
o A unique range of FIDs for the backbone (BB) fabrics
o A unique range of FIDs for the Edge fabrics
- Connect inter-fabric links (IFLs) to take advantage of trunking between the FCR and each edge fab-
ric
- Continue using single initiator zoning when creating LSAN zones
- Make LSAN zone names the same in each fabric sharing the devices, for easy identification
Platforms
• The Brocade FR4-18i is a bladed version of the Brocade 7500 SAN Router and both provide FC Routing
service
- As of Fabric OS v5.3, they both support FC FastWrite
o Improves SCSI write operations over long-distance ISLs
o accomplished by the creation of a Proxy Target (PT) local to the initiator and a Proxy Initiator
(PI) local to the target storage device
o
• 16 FC ports for devices, switching, and FC routing (1/2/4 Gbit/sec; F, FL, E, and EX_Ports)
• 2 GbE ports for FCIP and FC Routing
• The FR4-18i can only be installed in the Brocade 48000 Director and the Brocade DCX Backbone
• No FC Routing license required on the FR4-18i or 7500
• The Brocade 7500E SAN Router is an entry level 1U platform that supports advanced FC Routing
functionality
- Limited to 2 FC ports for devices, switching, and FC routing (1/2/4 Gbit/sec; F, FL, E, and EX_Ports)
- Redundant hot-pluggable power supplies, fans, SFPs
- Supports non-disruptive firmware activation
- License upgradeable to full Brocade 7500 capabilities
- No FC Routing license required
FC and
FC Routing
Integrated Routing
Platforms
• All ports on Brocade 5100 and 5300 8 Gbit/sec switches, as well as all ports on any FC8-xx port blade
installed in the DCX, are available for configuration as EX_Ports
- Integrated Routing is a “per-chassis” licensed feature introduced in Fabric OS v6.1
- Ports are individually configurable
- Licensing is checked upon configuration and enablement of the EX_Port
• Integrated Routing (IR) Restrictions
- Not supported on:
o Core (CR8) blades in the DCX
o Brocade 300 switches
o 8 Gbit/sec blades in the 48000
o 4 Gbit/sec switches or blades
o Embedded switches
• Integrated Routing:
- Can use any port on any 8 Gbit/sec blade in the DCX for FC routing
- Can use any port on the 5100 or 5300 for FC routing
- At 8 Gbit/sec, IR offers twice the bandwidth of the 4 Gbit/sec FCR hardware platforms
Limitations
• No M-Series switches are allowed in the Backbone fabric
• The DCX must be disabled to change the backbone fabric ID, if using FC8 blades
• Firmware Upgrade/Downgrade
- IR licensed EX_Ports must be unconfigured if downgrading below Fabric OS v6.1
• Maximum 128 EX_Ports and 48 Front Domains per DCX
Brocade 7500E
Brocade Upgrade
Capability 7500 Brocade 7500E License
Number of Fibre Channel Ports 16 2 14 additional
Redundant power supplies and fans n/a
Fibre Channel switch qualified Only 2 FC ports - no switching
FCR across FCIP links (isolation) n/a
FCR between edge fabrics Only 2 FC ports - no routing
Tunnels per Gigabit Ethernet port 8 1 7 additional/port
Committed rate per FCIP tunnel Up to 1G Up to 50 Mbps per GbE port Increased to 1G
FCIP-FW FastWrite over FCIP n/a
FC-FW FastWrite over native Fibre Channel -
Open Systems Tape Pipelining (OSTP) -
FICON emulation (XRC and tape) -
Call Home -
Hardware-based encryption -
Hardware-based compression n/a
Storage-Optimized TCP (SO-TCP) n/a
Managed by DCFM n/a
Access Gateway
F_Port Trunking
• F_Port Trunking aggregates the bandwidth of the ports connecting an Access Gateway to the edge switch in
the fabric
• Design considerations:
- Trunking license required
- Port group to port group
- Same speed
- Ports enabled for trunking on switch
- Device PIDs do not change upon failed link in the trunk
Software Products
Adaptive Networking
• Adaptive Networking is a suite of tools and capabilities that enable optimized behavior in a SAN
• Traffic Isolation Zones
- Provides the ability to dedicate ISLs to specific hosts and targets; no license required
- Uses zoning to implement
- Available on all 4 & 8 Gbit/sec switches running Fabric OS 6.x
- Does not supersede FSPF rules
- Can dedicate an ISL to high priority traffic
- Can force high volume, low priority traffic onto an ISL to limit its effect on the fabric
• Ingress Rate Limiting
- Restricts speed of traffic from a particular device to the switch port
- ASIC delays the return of BB credits to the external device
- Design considerations:
o Adaptive Networking license required
o Available only on an 8 Gbit/sec capable F_Port or FL_Port
o Can proactively avoid congestion
o Can reduce existing congestion
o Can offer flexible bandwidth limit services based on requirements
o Rate limit in effect for port whether congestion occurs or not
- Ingress Rate Limiting is designed to help alleviate choke points in the fabric caused by slow drain
devices, congested ISLs, etc.
• QoS SID/DID Traffic Prioritization
- Allows prioritization of the traffic flow between a given host and target as having low, medium or
high priority
- By default, all flows are assigned medium priority
- Uses zoning to implement low and high priorities
- Hosts and targets must be connected to ports on Condor2 or GoldenEye2 ASICs
- Adaptive Networking license required
• Top Talkers
- Determines the largest users of F_Port bandwidth by monitoring all flows (SID-DID pairs) through
one or more switch F_Ports on any switch in the fabric
- Top Talker (TT) is an enhancement to APM end-to-end monitors
- APM license required
- When enabled, these monitors determine which SID-DID pairs are the major users of switch F_Port
bandwidth
- Can be enabled on specific switch E_Ports or F_Ports in the fabric
- Only supported on Condor, Condor2 and GoldenEye2 based switches
Port Fencing
• Fabric OS v6.1 adds the Port Fencing feature, which disables a port operating outside the bounds of
normal operation
- Based on Fabric Watch event monitoring
- Requires a Fabric Watch license to configure and use
• Configurable only through CLI
• Once a port is disabled, user intervention is necessary for the port to be enabled
• The following Fabric Watch classes support Port Fencing:
- Port class
- E_Port class
- F/FL Port class
• The following areas under each class support Port Fencing:
- Link loss
- Sync loss
- Protocol error
- Invalid words
- Invalid CRCs
• Only the Fabric Watch “above” event will be monitored for Port Fencing
5 - Distance Solutions
FCIP
• Applications for FCIP include:
- Backup, consolidation, mirroring, business continuity solutions
- Longer-than-FC-distance connectivity
- Existing IP-based networks connect two sites, but not dark fiber
- FICON connectivity over long distance
• Fibre Channel continues to be the dominant choice for Storage Area Networks (SANs)
• Fibre Channel provides a reliable, high-speed, and low-latency transport for SCSI Initiators and Targets
• Brocade does not recommend FCIP for use in every distance extension scenario
• The Fibre Channel-over-IP (FCIP) protocol connects Fibre Channel switches over a GbE-based network
- IP packets generated by an FCIP-compliant port are IPv4 compliant, so that they can navigate any
IP network to reach the destination end point
- Implementation uses standards-based TCP, which interoperates with regular network equipment
• FCIP is a tunneling protocol that allows a transparent interconnection of geographically distributed SAN
islands through an IP-based network
- Allows remote disk access, tape backup, and live mirroring
- From the fabric view, an FCIP link is an ISL, transporting all needed FC control and data frames
between switches - the IP network is invisible to the fabric
- The FC fabric and protocols are invisible to the TCP/IP network
• An FCIP tunnel is represented in a Brocade fabric as a Virtual E_Port (VE_Port)
- No different from E_Ports, except underlying transport is IP
• Since the VE_Port emulates an E_Port on either end of the FCIP tunnel:
- Standard E_Port link initialization occurs
- The FCIP platforms at both ends of the link merge to form a single fabric
• VE_Ports do not support ISL Trunking, but support exchange-based routing (Dynamic Path Selection)
• Some FCIP platforms support FC routing over an FCIP tunnel, creating a Virtual EX_Port (VEX_Port)
- Allows long-distance FCIP connections with fabric-to-fabric isolation
- VEX_Ports are no different from EX_Ports, except underlying transport is IP
• On FCIP platforms that support FC routing, there are these additional rules:
- A GbE port can have VEX_Ports only or VE_Ports only, but not a mix of both
- A VEX_Port connects only to a VE_Port – it may not connect to another VEX_Port
• There can be multiple VEX-to-VE port connections to each Edge fabric, but do not have EX-to-E and VEX-to-
VE connections to the same Edge fabric
• The Brocade 7500 SAN Router and the Brocade FR4-18i Director Blade both support FCIP
- 2 GbE ports with up to 8 tunnels/VE_Port or VEX_Port port
- Must be all VE_Ports or all VEX_Ports per GbE port
- SACK, hardware compression, traffic shaping, and jumbo frames can be enabled on a per-tunnel
basis
• Supported platform-to-platform connections are:
- Brocade 7500(E)/FR4-18i VE_Port <-> Brocade 7500(E)/FR4-18i VE_Port
- Brocade 7500(E)/FR4-18i VEX_Port <-> Brocade 7500(E)/FR4-18i VE_Port
Selective Acknowledgement (SACK) improves loss detection, retransmission techniques, and enables faster
recovery. SACK is an extension to a protocol which allows the acknowledge reception of specific packets or
messages. The SACK option allows the receiver to acknowledge multiple lost packets in a single ACK, enabling
faster recovery.
Hardware compression maximizes throughput over WAN links without performance degradation. The
compression feature is a per-tunnel feature (disabled by default) that allows the FC data frames (but not FC
command frames) to be compressed before they are sent over the tunnel as FCIP frames. The compression is
done by hardware on a frame-by-frame basis. Compression is performed on FC data frames in the ingress
direction before they are encapsulated as FCIP frames. The latency introduced by the compression depends
on the size of frame being compressed; for a 2184 byte FC frame, the latency introduced due to compression
is about 14 microseconds.
The default Maximum Transfer Unit (MTU) size of an Ethernet packet is typically 1518 bytes. This is smaller
than the FC frame maximum of 2148 bytes, so a FC frame would be fragmented into two Ethernet frames. The
receiving end would need to reassemble the frames. This all requires processing overhead.
Different applications use protocols with different block sizes to transfer data. Block access protocols access
“blocks” of data in portions that are a multiple of the OS system block. Consider using the following guidelines
to determine block sizes: Transaction data (4-8k block size); Office automation (16-32k); Data warehousing
(64 - 256k); CAD/Design (64-128k); Multimedia (512k - 4M). Small block sizes of contiguous data mean more
I/O especially if the data is spread across the disk; large block sizes that don't use all the space read the
whole block just to get a small piece of data. Applications can be configured to allow for multiple outstanding
I/Os to occur before requiring an acknowledgement. The # of outstanding I/Os is typically 1 to 16.
FCIP FastWrite
• The FastWrite feature improves synchronous SCSI writes over FCIP
• When the initiator sends a SCSI write, the local gateway (Brocade 7500/FR4-18i) sends an XFR_RDY
immediately
- The local gateway buffers the data
- The XFR_RDY sent by the target is discarded by the remote gateway
• The final status (FCP_RSP) is always sent by the SCSI target, so if the link fails, the Write command also
fails
• The result is that only one round trip is needed, reducing overall latency
• The FCIP FastWrite feature improves the efficiency of communications by leveraging the two gateways
(Brocade 7500/FR4-18is) on either side of the link to reduce the time needed for handshaking:
- The local FCIP gateway receives all SCSI commands and data, and sends XFR_RDY messages
immediately, reducing the time needed for the first round trip (and for any XFR_RDYs sent by long
I/O transfers).
- The remote FCIP gateway receives all XFR_RDY messages from the physical target and discards
them, as the XFR_RDY has already been sent to the SCSI initiator by the local gateway.
- The remote target always generates the FCP_RSP status message, not the local gateway. This is
appropriate, as we do not want to receive a good status until the data has been safely written to
storage.
- The result: each SCSI write requires only one round trip. As the size of the write operation
increases, the efficiency of this approach increases.
• The GbE port on the local gateway buffers up to 512 Mbytes of data, sending it over the FCIP link as the
WAN bandwidth allows. This allows the initiator to keep more exchanges open, and allows the GbE port to
keep the pipe more full, improving efficiency.
Tape Pipelining
• The Tape Pipelining feature improves sequential SCSI writes over FCIP to tape devices
• The local gateway now sends two messages to the local SCSI initiator:
- Auto-responds to each SCSI write request with an XFR_RDY (as in FastWrite)
- Also auto-responds to the last data frame in each SCSI write request with a FCP_RSP message
(new)
• Results:
- FastWrite-based reductions in RTTs
- Numerous sequential I/Os are queued at the same port, resulting in a full, steady data flow through
the FCIP tunnel
• The tape pipelining process (shown above) builds on the fastwrite feature to optimize sequential I/Os to a
remote device:
- First, the FastWrite feature causes the local gateway to send a XFR_RDY message (XFR_RDY_A,
etc.) after each SCSI write command is received. This results in only one round-trip per write, a
major performance improvement.
- After the data is sent by the initiator to the local gateway (FCP_DATA_A), the local FCIP port immedi-
ately responds with an FCP_RSP message (FCP_RSP_A, etc.). The initiator will interpret this as the
completion of this write, and the next write begins.
- Because FastWrite is enabled, the local FCIP port is buffering data, allowing it to keep the pipe full
and maintain a steady flow of data to the remote device. This should help reduce shoe-shining at
the remote tape device, improving the life expectancy of the tape media.
• In the prior graphic, three sequential writes (A, B, C) are shown. Note the following:
- To the SCSI initiator, the response time of the remote tape device seems almost instantaneous.
- To the remote tape device, the initiator seems to be sending a very steady stream of data, and
responds almost instantly to all XFR_RDYs.
- The longest delay in the entire process is at the end, when the WRITE_MARK message (end of I/Os)
message is sent, as only the remote tape device responds to this message.
• Since I/Os are completed/acknowledged at the local initiator, any error returned from the remote tape at
the remote FCIP port is handled at the remote FCIP Port appropriately:
- BUSY, QUEUE_FULL and other retry-able errors are retried by the remote gateway.
- For any media errors and hardware errors, the WRITE_MARK message is sent to the remote tape,
which will fail the command and send the appropriate status, which will be forwarded to the host
as-is. The initiator will then handle such hard errors appropriately.
- The Status response is intercepted by the remote gateway to allow for cleanup of any state and
resources held for the relevant SCSI Write.
• Fastwrite and tape pipelining are supported over both VE-to-VE_Port and VE-to-VEX_Port links
• When fastwrite and/or tape pipelining is enabled, you may have only one FCIP tunnel (data path) between
switches or front domains
- The same FCIP tunnel must be used to send and receive data
- If multiple FCIP tunnels are configured, traffic may return over a different path/FCIP tunnel
In the example above, we see two FCIP tunnels (0 and 1) connecting two sites. On both tunnels, fastwrite is
enabled (F = 1), as is tape pipelining (T = 1). In this configuration, data could be sent from initiator H1 to tape
T0 via tunnel 0, with traffic returning via tunnel 1. This is a problem, as the same tunnel must be used to send
and receive data when fastwrite and/or tape pipelining is enabled. For this reason, the configuration shown
above is not supported.
• Use FastWrite and Tape Pipelining to connect multiple sites to a central facility
- Remember: only one FCIP tunnel between the central facility and each remote site
SONET/SDH
• Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH) are standards for
transmission of digital information over optical networks and are often the underlying transport protocols
that carry enterprise voice, video, data and storage traffic across metropolitan and area networks
• FC-SONET/SDH is the protocol that provides the means for transporting FC frames over SONET/SDH
networks
• FC frames are commonly mapped onto a SONET or SDH payload using an International
Telecommunications Union (ITU) standard called Generic Framing Procedure (GFP)
• Like TDM, FC-SONET devices typically require enabling R_RDY flow control on FOS based switches
Quantifying Performance
• Performance in fabrics and SANs is discussed and quantified through several methods:
- Proximity of servers and storage in a fabric
- Identifying potential network contention issues
- Traffic flow between switches in a fabric
- Performance measurement
Proximity
• The proximity of servers and storage in a fabric is either local or remote
• Local (No hops) – A server is connected to the same switch as the storage that it accesses
- Can be achieved with careful planning
- Not realistic to maintain over time
- Focus on servers that need highest-levels of performance
- Improves availability in a non-redundant SAN
When a server and the storage that it accesses are local to the same switch (sometimes spoken as “they have
achieved locality”), they communicate directly, without using an ISL. In the preceding example, servers SERV1,
SERV2, and SERV3 are local if they access STOR1, but not if they access STOR2. Locality provides the fastest
access to the storage from the servers.
When creating the initial SAN design, it may be straightforward to keep servers and storage local by mapping
each server to a small group of storage systems. Over time, locality is increasingly difficult to maintain, as
storage usage patterns change with the addition of new servers and storage systems. As a result, switches
may not enough have enough ports to accommodate the demands of locality. We often limit locality only to
those servers that demand the best possible performance.
• Remote (One or more hops) – A server is connected to a different switch than the storage that it accesses
- Simplifies current and future planning
- Need techniques to monitor ISL contention over time
When a server and the storage that it accesses are connected to different switches (sometimes spoken as
“they are remote”), they communicate by sending data between the different switches through ISLs in the
fabric. In the above example, servers SERV1, SERV2, and SERV3 are remote to storage system STOR2. If we
limit the use of locality when creating the initial SAN design, most servers and storage will be remote. This
simplifies long-term maintenance as well, as new servers or storage systems can be attached to the nearest
switch without considering locality. To ensure that the ISLs are not over-burdened, we need techniques for
monitoring network contention.
ISL Trunking
• Two terms define traffic flow between directly-connected switches in a fabric:
• Load sharing – If there are two or more equal-cost paths between Brocade switches, each server is
assigned one of the equal-cost paths
- Done at the connection level, not the frame level
- Can result in overloaded or under-loaded paths in a fabric
- Available on all Brocade switches
• Trunking - If there are two or more equal-cost paths between switches, each frame is routed to the first
available equal-cost path
- Requires 4 or 8 Gbit/sec Brocade switches, special licenses, specific port selections
- 4 Gbit/sec switches: Up to eight ISLs per trunk – up to 32 Gbit/sec per trunk
- 8 Gbit/sec switches: Up to eight ISLs per trunk - up to 64 Gbit/sec per trunk
Trunking ensures that no equal-cost paths are ever overloaded by selecting the first available path when the
frame arrives. This is a much more flexible approach than load sharing that results in the complete use of the
full bandwidth of all paths in the route. There are other requirements for trunking, including judicious port
selection and selected switch products. The preceding diagram illustrates how trunking transforms an
unbalanced load sharing environment into a balanced solution.
• ISL trunks are created when the ports are all part of the same port hardware and the same port group
- Trunking license and port state change required
- On Goldeneye ASIC-based platforms (Brocade 200E), port groups have 4 ports
- On Condor/ Condor2/Goldeneye2-based platforms, port groups have 8 ports
• Trunks may be monitored by Fabric Watch
ISL Oversubscription
• Oversubscription – When more nodes could potentially contend for a resource than the resource can
simultaneously support
- Example: 4 servers share 1 ISL to reach their storage
• Congestion – In real-time, more actual traffic than available bandwidth; oversubscription that is realized
• The Brocade method for quantifying the potential for network contention is the ISL oversubscription ratio
- For each switch, it is the ratio of the bandwidth needed by HBAs to available bandwidth on the ISLs
- With all 4,8 Gbit/sec devices and switches: # servers/# ISLs
• Other methods for quantifying network contention:
- Fan-out – # of HBAs per storage port (“storage port oversubscription”)
- Fan-in – # of storage ports per HBA (“HBA oversubscription”)
Performance Measures
• There are several measures of SAN performance, and each is appropriate for different SAN applications:
- Bandwidth – Maximum data rate through a device
o Best-suited for measuring large-I/O application performance (portperfshow)
- SAN Latency – Time it takes to move data through a SAN
o Includes switch latencies (<= 2-6 µs) and cable latencies (5 ns/meter)
o Does not include latencies in servers or storage systems
o Best suited for measuring long-distance SAN solution performance
- Response Time – Total time to fetch data to a user
o Equals SAN latency plus latencies in server hardware, storage system, operating system
and application
o Best suited for measuring small-I/O application performance
Fabric Routing
• Data moves through a fabric from switch to switch and from storage to server along one or more paths that
make up a route
• FSPF calculates minimum cost paths from switch to switch
• Routing policies determine the route for each data flow. In fabrics with multiple equal-cost paths between 4
or 8 Gbit/sec switches and Directors, Dynamic Path Selection (DPS) further enhances performance
Exchange-based
• Based on the Source ID (SID), Destination ID (DID), and Fibre Channel originator exchange ID (OXID)
• Optimizes path utilization for the best performance
• Every exchange can take a different path through the fabric
• Exchange-based routing gives you additional options:
- I/O traffic is balanced across the available lowest-cost paths on an exchange-by-exchange basis
- Designed to work well with ISL trunking
- Particularly effective in core/edge SAN architectures
Port-based
• Input port from the source is assigned to an output port toward the destination switch (a route)
• Routes are allocated via round-robin assignment
• Chosen routes are used until one of the devices in the fabric goes offline or the fabric changes
Design Considerations
• 4 and 8 Gbit/sec switches use exchange-based routing (Brocade default) but can be changed to port-
based routing
• 1 and 2 Gbit/sec switches only support port-based routing
• A fabric can have switches with different routing policies
• For most configurations, the default routing policy is optimal and provides the best performance
• Change the routing policy only if there is a performance issue that is of concern, or if a particular fabric
configuration requires it
Preferred Pathing
Preferred pathing allows the administrator to configure which ISL a source port will use when communicating
to a specific domain The Preferred Path optional feature enables you to influence the route of data traffic
when traversing multiple switches or Directors in a fabric. If more than one ISL connects switches in your SAN,
this feature will be useful when you want to indicate an ISL preference for a particular flow. The data path
consists of the source port of the switch or Director being configured, the exit port of that switch or Director,
and the domain ID of the destination switch or director. Each switch or Director must be configured for its part
of the desired path for optimal performance.
Migrations
Migration Assessment
• Requires a detailed understanding of:
- Connection intent: Which hosts need to talk with which storage?
- Application dependency: Which applications must be moved together?
- Maintenance windows: Most physical work must be scheduled and performed during maintenance
windows or planned outages
- Complexity:
o There are many IT groups that must be involved (storage, SAN, OS administration, applica-
tions
o Compatibility matrix is large (host OS and maintenance level, multipathing driver, HBA
model, HBA driver, HBA firmware, FC switch OS, storage firmware)
- Risk: Must be well planned and executed
Migration Strategies
• There are several main migration strategies that most projects follow:
- Simple replacement of existing switches
- Integration or consolidation of fabrics
o Using this method, the existing fabrics are supplemented with new switches and Directors
o Host and storage connections are migrated to the new switching elements within the same
fabrics over time
o This may require the old switches/Directors to first be upgraded (firmware) and/or modified
(e.g. interoperability mode and other switch settings) prior to the new switches/Directors
being added
- Dual/parallel fabrics (rip and replace)
o Using this method, new fabrics are built using new switches and Directors
- Dual/parallel fabrics with FC Routing
o If the parallel fabric method is used, the old and new fabrics may be interconnected via
Fibre Channel routing technology
o Leverages the advantages of the parallel fabric method (separate fabrics) with those of the
integrated fabric method
Using a Router
• Just as a normal migration, to perform a non-disruptive migration, there must be redundant fabrics, so that
one fabric can be migrated while the other stays intact
• The Fabric OS SAN should also have redundant fabrics
• When the migration is complete the Fabric OS SAN will have an identical topology to the M-EOS SAN
Integrated/Consolidated Fabrics
• New switches are integrated into the existing fabrics and fabrics merge
• Hosts and storage can be moved independently
• Fabric OS + Fabric OS
• Fabric OS + M-EOS (using interoperability modes)
You can incorporate new or existing fabric components into an existing SAN by merging new switches into the
existing SAN. With a redundant fabric configuration, this would typically be done one fabric at a time, with
primary data path first followed by the secondary data path.
This option would best leverage existing assets in the new architecture. However, this option would also be the
most disruptive to the existing storage environment. While many of the key tasks could be performed in a
phased approach, much of the front-end work would impact entire fabrics at once. When merging SAN fabric
components, storage administrators must consider the intricacies of characteristics such as uniqueness of
Domain IDs, PID compatibility, and FOS compatibility. In many cases, resolving these issues would require that
host and fabric components be modified prior to the introduction of a new switch into the fabric. These
modifications would affect the entire SAN fabric and thus impact all hosts with a data path through the fabric.
As a result, this method would require considerable planning and carry greater risk.
There is much planning and preparation that must occur at the front end to facilitate this type of migration. In
fact, the effort required for a successful merge grows exponentially with the number of SANs involved.
Merging many small SANs from multiple vendors into a core-to-edge architecture would be less feasible than if
it were only one or two SANs.
Why Do It?
• Next-generation ASIC family, the Condor2 and GoldenEye2 ASICs, introduces new features and also
extends current features found in 4 Gbit/sec Fabric OS switches, which include more:
- Buffer credits
- Virtual channels
- Ports per ASIC
• Higher-performance ISLs facilitate fabric architectures that minimize bottlenecks and enable optimum use
of fabric resources
• Selecting an architecture that accommodates both moderate and high performance requirements
provides the ability to implement a variety of applications without having to micro-manage the
infrastructure
• For some applications, 2 Gbit/sec or 4 Gbit/sec may be adequate
8 - Security
Access Control
Password Rules
• Password rules are enforced only when defining new passwords
• Set password strength policy by specifying the minimum number of:
- Lowercase letters
- Uppercase letters
- Digits (0-9)
- Punctuation characters
- Minimum length
• Limit password re-use by setting the password history policy
- Passwords kept in history
• Avoid stale passwords by setting a password expiration policy
- Minimum age
- Maximum age
- Expiration warning (days)
• Set the account lockout policy
- Password failures allowed
- Set lockout duration (minutes)
• User-defined accounts:
- Unique role with a set of pre-defined permissions
- Expand ability to track account access
- Audit administrative activities
RADIUS: The Remote Authentication Dial-In User Service (or RADIUS) is a protocol for carrying authentication,
authorization, and accounting (aaa) information about remote user access between a Network Access Server
(which desires to authenticate its links) and a shared Authentication Server. RADIUS is an open standard
(IETF RFC 2865 and RFC 2866).
Client/server: The RADIUS client must pass user information to designated RADIUS servers, and act on the
returned response. The RADIUS server receives user connection requests, authenticates the users, and then
returns all configuration information needed for the RADIUS client to deliver service. In this case, a Brocade
switch is configured as a Network Access Server that acts as a RADIUS client.
Network Security: To ensure that user names and passwords remain private, all client/server communication
is encrypted, and authenticated with a shared secret key. RADIUS is focused on authenticating, authorizing,
and accounting remote user access – in particular, logins and logouts. RADIUS does not perform these roles
for devices or switches entering a fabric – these roles continue to be handled by existing Fibre Channel
protocols.
In a fabric with switches running a mix of Fabric OS versions, the way a switch authenticates users depends
on whether a RADIUS server is set up for that switch. For a switch with RADIUS support and configuration
enabled, authentication bypasses the local password database. On a RADIUS-enabled switch, logins through
the serial port are not authenticated with the RADIUS server, but through the local switch database. For a
switch with RADIUS support or configuration disabled, authentication uses switch local account names and
passwords.
The Access Control List (ACL) feature provides the strong device access features created in Fabric OS with a
minimum of management overhead. ACLs can be deployed flexibly, so that device access security can be
implemented on only those switches that need it. Because pre-Fabric OS v5.2 switches can co-exist in the
same fabric as ACL-secured switches, ACLs can be used in any mix of Brocade switches.
The switch password database can be distributed manually throughout a fabric. This could create uniform
login credentials in environments not using RADIUS for user authentication.
Once you agree to the non-disclosure terms, the timed exam will begin. This is a sample of how the questions
will look. In this example, you see a multiple-choice question.
This is a sample of the score sheet you will see at the end of the exam. You also see the breakdown of how
many questions there are in each section of the exam. A hard copy of this will be printed at the testing center.
It is vital that you obtain and save this hard copy as proof and validation.