Академический Документы
Профессиональный Документы
Культура Документы
Brocade, the Brocade B-weave logo, Fabric OS, File Lifecycle Manager, MyView, Secure Fabric OS,
SilkWorm, and StorageX are registered trademarks and the Brocade B-wing symbol and Tapestry are
trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
FICON is a registered trademark of IBM Corporation in the U.S. and other countries. All other brands,
products, or service names are or may be trademarks or service marks of, and are used to identify,
products or services of their respective owners.
Notice: This document is for informational purposes only and does not set forth aniy warranty,
expressed or implied , concerning any equipment, equipment feature, or service offered or to be offered
by Brocade. Brocade reserves the right to make changes to this document at any time, without notice,
and assumes no responsibility for its use. This informational document describes features that may not
be currently available. Contact a Brocade sales office for information on feature and product availability.
Export of technical data contained in this document may require an export license from the United
States government.
CFP 380
CFP380 Internal Use Only Course Introduction
Revision 0110 1- 1
CFP380 Internal Use Only Course Introduction
Course Overview
• CFP380 is a blended learning class based on Fabric OS v6.3.0 that
combines instructor-led training and web-based training (WBT) eStudy
materials and consists of:
- 3 days of Instructor-led training for more hands-on time to reinforce all blended
learning (web-based and instructor-led)
- 4 hours of Web-based training eStudy materials provide additional material that
you can access after this class is complete
• This course, along with Virtual Fabric training will help you prepare for the
Brocade Certified Fabric Professional (BCFP) certification exam
#143-070
• The CFP 380 blended learning course will NOT cover all of the BCFP
content. Candidates interested in preparing for the BCFP exam should
also take:
- AFS141 Introduction to Brocade Virtual Fabrics web-based training (6 hours
WBT)
CFP380 web-based training does not have to be completed before the instructor-led
training
Revision 0110 1- 2
CFP380 Internal Use Only Course Introduction
Course Objectives
After completing this course, attendees should be able to:
• Implement Brocade Fibre Channel to Fibre Channel Routing (FC-
FC Routing)
The information on the slide above reflect the objectives of both the instructor-led
training section and the web-based training section of the CFP380 blended learning
course.
The CFP380 web-based training course objectives are noted with (WBT).
Revision 0110 1- 3
CFP380 Internal Use Only Course Introduction
~
0
0
C 2009 Brocade Commun ca1 ans Systems Inc 4
Al I R ghTS Reserved
The information on the slide above reflect the objectives of both the instructor-led
training section and the web-based training section of the CFP380 blended learning
course.
The CFP380 web-based training course objectives are noted with (WBT).
Revision 0110 1- 4
CFP380 Internal Use Only Course Introduction
Revision 0110 1- 5
CFP380 Internal Use Only Course Introduction
Revision 0110 1- 6
CFP380 Internal Use Only Course Introduction
The scope of this course does not cover th,e FCoE related products. For
information regarding the FCoE family of products, refer to the Brocade FCoE 101
Introduction to Fibre Channel over Ethernet (FCoE) course.
Revision 0110 1- 7
CFP380 Internal Use Only Course Introduction
Course Prerequisites
• Before taking this course, attendees should have completed:
- 6 months work experience associated with SCSI storage and SANs
- Introduction to Fibre Channel Concepts course or equivalent
knowledge
- Introduction to L2 Administration and Theory course or equivalent
knowledge
Revision 0110 1- 8
CFP380 Internal Use Only Course Introduction
Footnote 1: Remember, the CFP 380 blended learning course does NOT cover all
of the BCFP content. Candidates interested in preparing for the BCFP exam should
also take the AFS141 Introduction to Brocade Virtual Fabrics web-based train ing
which must be purchased separately.
Revision 0110 1- 9
CFP380 Internal Use Only Course Introduction
Revision 0110 1 - 10
CFP380 Internal Use Only Course Introduction
PEARSON
'\J\J~
• Pearson VU E is our chosen certification test delivery vendor. They
operate 5000+ testing centers worldwide. To register for an exam
or locate the nearest testing center:
Visit http://www.pearsonvue.com/brocade
Call 866-361-5817 toll-free in North America
Visit http:l/www.pearsonvue.com for other contact numbers worldwide
(some locations may not have toll-free numbers)
In countries where English is not the primary language, examinees are given an additional
30 minutes. The following is a list of countries where VUE considers English to be the
primary language: Australia, Belize, Bermuda, Canada, Ireland, New Zealand, South Africa,
the United Kingdom and the United States.
No student may take the exam more than 2 times in a two week period. Pearson VUE
accepts many of the major world currencies. All examinees are required to accept a non-
disclosure agreement. This agreement means the examinee will not discuss or disclose any
of the questions or exam contents. Failure to comply with the agreement may result in
forfeiture of certification status and benefits.
Pearson:
Visit
Call 866-361-5817 toll-free in North America
Visit for other contact numbers worldwide (some
locations may not have toll-free numbers)
Revision 0110 1 - 11
CFP380 Internal Use Only Course Introduction
Webassessor
Online Secured Testing Technology
No student may take the exam more than two times in a two week period. Kryterion accepts
credit cards for payment. All examinees are required to accept a non-disclosure agreement.
This agreement means the examinee will not discuss or disclose any of the questions or
exam contents. Faillure to comply with the agreement may result in forfeiture of certification
status and benefits.
Webassessor:
g-BROCADE
Revision 0110 1 - 12
CFP380 Internal Use Only Course Introduction
Revision 0110 1 - 13
CFP380 Internal Use Only Course Introduction
Revision 0110 1 - 14
CFP380 Internal Use Only Course Introduction
Introductions
• Please take a moment and share with us:
- Your name
- Your employer
- Your location
- Your background with switches, SANs, Fibre Channel, storage,
systems, and networking
- Your goals in attending this training course
- An interesting fact about yourself
Revision 0110 1 - 15
CFP380 Internal Use Only Course Introduction
Revision 0110 1 - 16
CFP380 Internal Use Only FC-to-FC Routing Theory
Revision 0110 2- 1
CFP380 Internal Use Only FC-to-FC Routing Theory
Objectives
• After completing this module and associated lab exercises,
attendees will be able to:
- Describe Fibre Channel-to-Fibre Channel routing (FC-FC routing) and
related hardware
- Compare physical frame flow versus logical frame flow between routed
fabrics
FC-FC Routing
• Fabric OS provides L3
Fabric OS Fabric OS
Fibre Channel-to-Fibre Fabric 1 Fabric 2
Channel routing (FC-FC
Routing) between
fabrics
• FC-FC routing is
supported between the
following fabric types: M-EOS
Fabric 3
- Fabric OS-to-Fabric OS
- Fabric OS-to-M-EOS
- M-EOS-to-M-EOS
Revision 0110 2- 3
CFP380 Internal Use Only FC-to-FC Routing Theory
is accomplished
through the use of a
Fibre Channel router
(FC router)1
• Logical connectivity
is accomplished
through the use of
Logical Storage Area
Networks (LSANs ),
by creating uniquely
named zones called
"LSAN zones" •Host WWN 10:00:00: • Host WWN 10:00:00:
FC-FC routing was introduced in Fabric OS v5.1 on the Brocade 7500 and Brocade
FR4-18i blade . FC-FC routing is also known as, FCRS (Fibre Channel Routing
Service), FC-to-FC routing , FCR, FC routing and routed SANs.
BROCADE
EDUCATION SOLUTIONS
Revision 0110 2- 5
CFP380 Internal Use Only FC-to-FC Routing Theory
The interconnection
point for edge fabrics,
containing at least one
FC router
- The simplest backbone
fabric is a one FC
router fabric, with no
direct or indirect E Port
connectivity to other
FC routers Simple Backbone Simple Backbone
Fabric 1 Fabric 2
Above, each router represents a "simple backbone fabric" in the routed fabric. There
is no E_Port to E_ Port connectivity between the two routers
Revision 0110 2- 7
CFP380 Internal Use Only FC-to-FC Routing Theory
Above, each router represents a "simple backbone fabric" in the routed fabric. There
is no E_Port to E_ Port connectivity between the two routers.
Footnote 1:
The FC router backbone fabric and Virtual Fabric base switch share the same FID.
Edge fabrics use separate FIDs for VF and FC routing. The FC router in the
backbone assigns an edge fabric FID with the edge fabric having no awareness of
the FC routing FID assigned to it while a VF enabled edge fabric would have the
FID configured locally within the edge fabric.
Footnote 2:
Backbone fabric IDs (FID) can be administratively configured using
fcrconfigu r e . It is necessa ry to invoke fosconfig --disable fer prior to
fc r conf igu r e and the switch must be disabled using swi tch d is a b le .
Edge fabric FID values can only be viewed from the swi tchshow output of the
router (not on the edge fabric). Each EX_Port will show the assigned FID value.
Revision 01 10 2-8
CFP380 Internal Use Only FC-to-FC Routing Theory
Footnote 1:
When using FCIP, the port is called a VEX_Port (Virtual EX_Port). A VEX_Port
communicates with a standard VE_Port (Virtual E_Port) on the other side of an IP
Network.
Revision 0110 2 - 10
CFP380 Internal Use Only FC-to-FC Routing Theory
Footnote 2:
router : adrnin> portcfgexport
Usage: portcfgexport [SlotNumber/ ] PortNumber
[-a 1-enable 2-disable] [ -f fid( l. . 128)]
[- r r a tov] [-e e_d_tov] [-d domain]
[ -p 0-native 1-core 2-extended edge]
[-m 0-Brocade 1-0pen 2-McDATA Fabric , 3-McDATA Fabric
Legacy ]
[-t 1-Enable 2-Disable]
The portcfgexport command is used to configure a FC port as an EX_Port. The
command has a single required argument - the port on which the command is to
operate - and several optional parameters:
-a : Sets the port to be enabled (1) or disabled (2).
-f : Fabric ID (1 -128) for the edge fabric attached to this port; default value is
the port number divided by 3 plus 2 rounded down.
-r : R_A_ TOV used for port negotiation, in msecs (2000 - 12000). Default:
10000.
-e: E_D_TOV used for port negotiation, in msecs (1000 - 60000). Default:
2000.
-d: Preferred front phantom domain ID (1-239). Default: 160.
-p: Port ID format of the edge fabric (1-core, 2-extended edge, 3-native).
Default: Core PIO.
-t : Auto-negotiate fabric parameters (1-enable, 2-disable). Default: enabled .
The command displays the currently configured values for the specified port when
no optional parameters are specified.
Footnote 3:
The addition of an IFL (creation of an EX_Port) between the router and the edge
fabric will not cause the fabrics to merge.
When all IFLs are removed, FOS detects this condition and forwards an RSCN to
the applicable remote fabrics.
The removal of an IFL will not introduce a fabric reconfiguration on the edge fabric.
The Owner IFL has a special role. It is the IFL that performs the ROI (request
domain ID) forthe Translate Phantom domain when it comes online. The Owner IFL
can be viewed via the OwnerDid field in the fcrxlateconf ig command.
All exported devices from one remote routed fabric are "hanging off' just one
phantom translate domain (xd) on the local fabric. For each remote routed fabric
that shares (imports) physical devices, a separate and distinct translate (xlate)
domain (virtual domain) is created in the local fabric.
Revision 01 10 2 - 11
CFP380 Internal Use Only FC-to-FC Routing Theory
An LSAN is implemented using LSAN zoning which includes devices from two or
more routed fabrics.
An LSAN zone defines device communication between autonomous SANs but only
allows designated devices in those SANs to communicate. They are defined in
each fabric, whether edge or backbone, that will share devices (devices that will be
exported/imported).
Zone names are not case sensitive, e.g. "LSAN_", or "lsan_", or "LSan_", ...
Configured the same way standard zones are and subject to normal zoning
enforcement
LSAN zones are compatible with Fabric OS and M-EOS. FC router uses LSAN
defined zones to determine which devices need to be imported (phantoms) into
which routed fabrics. LSAN zones must be configured in fabrics where the physical
devices exist. The router performs zoning enforcement for edge fabrics at the
ingress router EX_ Port.
Revision 0110 2 - 12
CFP380 Internal Use Only FC-to-FC Routing Theory
- Sharing is accomplished
through the creation and
enabling of LSAN zones
,,,,..
- This logical! domain
is where the imported
devices log1ically exist
(
fe EX_Port
jO E_POll
- - FO
- xo
Footnote 1: Front Domain: A front domain represents the router in an edge fabric.
Front domains are not created in a backbone fabric. Instead, they are a tier domain
between the translate domains (xd) and the edge fabric. Imported devices are NOT
attached to front domains, they are attached to translate domains . FD's do not
have a scalability effect. Virtual links between front and translate domains do not
count as hops in hop-count limitations.
Revision 0110 2 - 13
CFP380 Internal Use Only FC-to-FC Routing Theory
The terms Export and Import are based on the view of the FC router. Physical
devices within a fabric need to be exported out of a fabric and the logical device
representing the physical device needs to be imported to the remote fabric.
Revision 0110 2 - 14
CFP380 Internal Use Only FC-to-FC Routing Theory
1. FCRP Edge
Fabric Protocol
2. FCRP Backbone
Fabric Protocol
. .
Backbone Fa bric FC Routers "talk" aaoss I Backbone Fabric
~B fabric using FCRP J
Revision 0110 2 - 15
CFP380 Internal Use Only FC-to-FC Routing Theory
BROCADE
EDUCATION SOLUTIONS
Revision 0110 2 - 16
CFP380 Internal Use Only FC-to-FC Routing Theory
Backbone Fabric
FlO • 100
• EX_Port
f
0
- -
l-
E_Polt
FO
XO Edge Fabric
Edge Fabric
Revision 0110 2 - 17
CFP380 Internal Use Only FC-to-FC Routing Theory
Backbone Fabric
FID "' 100
Edge Fabric
Edge Fabric
Revision 0110 2 - 18
CFP380 Internal Use Only FC-to-FC Routing Theory
BROCADE
EDUCATION SOLUTIONS
Revision 0110 2 - 19
CFP380 Internal Use Only FC-to-FC Routing Theory
Integrated Routing
• Condor2 and GoldenEye2 ASICs provide FC-FC Integrated
Routing (IR) on a per-port basis1
• An Integrated Routing license is required to allow configuration of
FC-FC routing capable ports called EX_Ports2
- License enforcement is checked on configuration and when enabling
the EX Port3
• Integrated Routing is currently supported on:4
- Brocade FC8, FX8 and FS8 blades in the DCX and DCX-4S chassis5
- Brocade 5100, 5300, 7800 and Brocade Encryption Switch (BES)
• Supports trunking on EX_ Ports
• Integrated Routing is disabled by default6
Footnote 1: The web-based training Hardware module for this class has additional
information on ASICs and hardware platforms
Revision 0110 2 - 20
CFP380 Internal Use Only FC-to-FC Routing Theory
Footnote 4:
Not supported on:
• DCX and DCX-4S ICL ports
• FC 10-6 1O Gbps blade
• 8 Gbps blades in the Brocade 48000
• Brocade 300
• All 4 Gbps switches and blades except the Brocade 7500 and FR4-18i
• All embedded switches both 4 and 8 Gbps
Footnote 5:
FC8 are 8 Gbps port blades, FX8 is the distance extension blade and FS8 is the
encryption blade. FC routing over FCIP ports, VEX_ Ports , is not supported on the
FX8-24 blade but is supported on the Brocade 7800.
Footnote 6:
Use the fosconf ig - - enable fer to enable FC-FC routing.
Revision 0110 2 - 21
CFP380 Internal Use Only FC-to-FC Routing Theory
Revision 0110 2 - 22
CFP380 Internal Use Only FC-to-FC Routing Theory
- EX_Ports are not supported in the Base Switch with Virtual Fabrics
enabled 3
Footnote 1: The web-based training Hardware module for this class has additional
information on ASICs and hardware platforms
Footnote 3: Only Condor2 and GoldenEye2 based EX_Ports and VEX_Ports are
supported in a Virtual Fabric Base Switch.
Revision 0110 2 - 23
CFP380 Internal Use Only FC-to-FC Routing Theory
DCX
EX Port
Edge
Replacing FR4-18i blade with an FC8 blade retains EX_ Port configuration for the
first 16 ports and all other ports are cleared.
Configured EX_ Ports do not affect behavior. In other words, offline FR4-18i I 7500
EX_ Ports do not affect ability to configure Condor2/GoldenEye2 EX_ Ports and vice
versa. If a Condor2 blade is replaced with another Condor2 blade, all configuration
information remains.
Revision 0110 2 - 24
CFP380 Internal Use Only FC-to-FC Routing Theory
BROCADE
EDUCATION SOLUTIONS
Revision 0110 2 - 25
CFP380 Internal Use Only FC-to-FC Routing Theory
EX_Port Trunking
• Fabric OS v6.1 and v6.2 use master port trunking of EX_Ports
- When a master port goes offline, slave ports in the trunk go
offline/online to select the new master port1
Footnote 1: Lowest backend port number becomes new master port not the lowest
front end switch port number (normal user port). A backend port is an internal
switch port number and may be higher then the user port number.
Revision 0110 2 - 26
CFP380 Internal Use Only FC-to-FC Routing Theory
FC Router 1 will process all LSAN zones for Edge Fabric 1, 2, and 3 but not 4. FC
Router 2 will process all LSAN zones for Edge Fabric 1, 3 and 4 but not 2.
Footnote 1:
The size of this database limits the number of FC routers and devices. Without
LSAN zone binding, the maximum number of LSAN devices is 10,000. With LSAN
zone binding, the Fe-Fe routed fabric can import more than 10,000 devices and the
backbone fabric can support more FC routers and CPU consumption by an FC
router is lower.
Footnote 2:
LSAN zone binding uses an FC router matrix, which specifies pairs of FC routers in
the backbone fabric that can access each other, and an LSAN fabric matrix, which
specifies pairs of edge fabrics that can access each other.
You set up LSAN zone binding using the fcrLsanMatr i x command. This
command has two options: - fer and - lsan . The - fer option is for creating
and updating the IFC router matrix, and the - lsan option is used for creating and
updating the LSAN fabric matrix. The FC router and LSAN fabric matrix databases
are automatically distributed to all FC routers in the backbone fabric_
router : admin> fcrlsanm.a trix --add -fer <WWNl> <WWN2>
r outer : admin> fcrlsanmatrix --add -lsan <FIDl> <FID2>
r ou ter : admin> fcrlsanmatrix --apply -all
Revision 01 10 2 - 27
CFP380 Internal Use Only FC-to-FC Routing Theory
LSAN Tagging
• FC routers with Fabric OS 6.2 and greater support two types of
optional LSAN tags used for special processing 1
Footnote 1: Supported on both 4Gbps and 8Gbps router platforms running Fabric
Os v6.2 or later.
Footnote 2: LSAN tags are added, removed and viewed from the FC router using
the f cr l san command:
router : admi n> fcrlsan --help
Usage : fc rl san [ --add - enforce I - speed <tag>]
[-- remove - enforce I - speed <tag> ]
[--show - enforce I - speed I - a l l]
[--h e l p)
Revision 0110 2 - 28
CFP380 Internal Use Only FC-to-FC Routing Theory
- None defined
enforcement tag LSAN Zones
• LSAN_Enf1_F1-F2
and normal LSAN • LSAN_Enl2_F1·F3
• LSAN_Enf4_F3-F4
- _Edge Fabric 3
- Supports up to 8
enforcement tags ----~---~-
· ~_12_
. E_
n~-
. E~
n~~
per FC router
~~
Edge Fabric 2
• LSAN_Enf4_F3-F4
FC Router 1 has enforcement tags Enf1, Enf2 and Enf3 defined and will only
process LSAN zones that use the Ent1, Enf2 or Enf3 tag . FC Router 1 will only
process a subset of LSAN zones from Edge Fabric 3 and 4. FC Router 2 has
enforcement tags Enf2, Enf3 and Enf4 defined and will only processes LSANs that
use the Enf2, Enf3 or Enf4 tag1. FC Router 2 will only process a subset of LSAN
zones from Edge Fabric 1 and no LSAN zones from Edge Fabric 2.
Footnote 1: Speed tags: Certain hosts are very sensitive to timeout and retry
during target discovery process. FC router tends to take a long time, more than 5
seconds, to present proxy devices and setup path for proxy devices. Due to many
constraints of hardware and protocol, FC router is unable to improve the
import/export process to satisfy those sensitive hosts. FC router treats speed
tagged LSANs differently by always importing these targets to the hosts. The status
of these targets in the speed tagged LSANs remains Imported and the name server
in the host fabric will always retain a PIO for them. This allows sensitive hosts to do
discovery faster for these targets.
Revision 01 10 2 - 30
CFP380 Internal Use Only FC-to-FC Routing Theory
Revision 0110 2 - 31
CFP380 Internal Use Only FC-to-FC Routing Theory
Revision 0110 2 - 32
CFP380 Internal Use Only FC-to-FC Routing Theory
Revision 0110 2 - 33
CFP380 Internal Use Only FC-to-FC Routing Theory
support1
- M-EOS v07.00 and
higher
- No VEX Ports
- M-EOS not
supported
in the backbone
fabric
M-EOS
Fabric 3
Footnote 1: Fabric OS 6.3 EX_Ports can also connect to edge fabrics using M-i10K
directors in McDATAOpen Mode operating in 239 Domain mode.
For the latest list of Brocade tested and approved platforms, firmware revisions, and
scalability guidelines, visit www.brocade.com.
These requirements reflect testing performed by Brocade, and may be different
from those specified by your Brocade switch provider. As always, your switch
provider sets the guidelines and definitions that you should follow.
Revision 0110 2 - 34
CFP380 Internal Use Only FC-to-FC Routing Theory
Summary
• FC-FC routing services allows device access between two or more fabrics
without merging the fabrics
• An edge fabric is a fabric that is attached to one or more FC router ports
• A backbone fabric is the interconnection point for edge fabrics, consisting
of FC routers and perhaps L2 switches
• FID uniquely identifies each fabric participating in routed fabrics
• EX_ Port is an FC router port used to connect to an edge fabric
• IFLs are the links between edge fabric E_ Ports and the FC router
EX Ports
• An LSAN is a logical storage area network that spans multiple physical
fabrics
• LSAN zones are used to define which devices are to be shared between
fabrics
Revision 0110 2 - 35
CFP380 Internal Use Only FC-to-FC Routing Theory
Summary (cont.)
• FC routers export physical devices from a fabric and import logical device
to a fabric
• Front domain are logical domain created in the edge fabric when
EX Ports are enabled
• Translate domain are log1ical domain created when routed fabrics share
devices by defining LSAN zones
• Increases the FC router scalability by controlling which devices are
exported and imported:
- LSAN Zone Binding at the edge fabric level
- Enforcement tagging at the LSAN zone level
• Use speed tagging when FC router needs to import targets to a routed
fabric before the host is online
Revision 0110 2 - 36
CFP380 Internal Use Only FC-to-FC Routing Theory
Revision 0110 2 - 37
CFP380 Internal Use Only FC-to-FC Routing Theory
BROCADE
EDUCATION SOLUTIONS
Revision 0110 2 - 38
CFP380 Internal Use Only FC-to-FC Routing Theory
Fabric2 Fabric1 ;
~-
Ex_3 e DRP2
FCIP
FCR2
BS Fabric
• Ell_P0<1
~~, '...~, VE_Pon
In the above topology, FCR2 has two DRPs (EX_2 and EX_3) to route the frames
from Fabric 1 to Fabric 2. Prior to Fabric OS release 6.2, FCR2 would use both
DRP1 (EX_2) and DRP2 (EX_3) across FCIP link to route the frames to Fabric 2 . In
Fabric OS v6.2.0 and higher, FCR2 uses DRP1 (EX_2) only, as that DRP is the only
local DRP.
Revision 01 10 2 - 39
CFP380 Internal Use Only FC-to-FC Routing Theory
Fabric 2 Fabric 1
Ex_3 • ORP2
/
FCR2
88 Fabric _,,,,
e EX_Poon
~~, '~-i VE_Pon
Revision 0110 2 - 40
CFP380 Internal Use Only FC-to-FC Routing Theory
------~~----~--~~~;;~;~~;~-------~~~~~~~~~~~~~:~;:~~~~~~~~~::,~~ Local
FC Router WWN : 10 : 00 : 00 : 05 : le : 39 : 51 : 67 , Dom ID : 5 , Info : 10 . 33 . 36 . 96 , " FA4-18 "
EX_Port FID Neighbor Switch Info {enet IP , WWN, name)
------------------------------------------------------------------------
151 2 10 . 33 . 35 . 80 l0 : 00 : 00 : 05 : le : 38 : 0 l : e "810 3 " * ~ Remote
Revision 0110 2 - 41
CFP380 Internal Use Only FC-to-FC Routing Theory
Revision 0110 2 - 42
CFP380 Internal Use Only FC-to-FC Routing Administration
Revision 0110 3- 1
CFP380 Internal Use Only FC-to-FC Routing Administration
Objectives
• After completing this module and associated lab exercises,
attendees will be able to:
- Discuss FC-FC routing implementation using CLI and DCFM
BROCADE
EDUCATION SOLUTIONS
Revision 0110 3- 3
CFP380 Internal Use Only FC-to-FC Routing Administration
Domam 3 Domain 98
_....,._ex
....-...,P_orte ,.:=-...:::: ~--~~
300 5100
Footnote 1: The swi tchshow command also displays the switch interoperability
and secure mode information.
Revision 01 10 3- 5
CFP380 Internal Use Only FC-to-FC Routing Administration
Use the fddcfg (Fabric Data Distribution configuration) command to verify and
specify the fabric-wide consistency policies:
sec accep t
DCC accept
PWD accep t
• Tolerant policies display: "SCC ; DCC"
FCS accept • Strict policies display: "sec : s ; occ : s"
AUTH accept •A strict SCC and a tolerant DCC policy
IPFILTER accept
output displays: "sec : S ; DCC"
Revision 01 10 3-6
CFP380 Internal Use Only FC-to-FC Routing Administration
To manage the consistency of the sec and DCC databases across the fabric, there
is a Fabric Wide Consistency Policy. This policy defines whether the Switch
Connection Control (SCC) and Device Connection Control (DCC) databases are·
distributed automatically or manually when a database changes or a new switch
joins a fabric. The SCC database determines which switches will be allowed to join
the fabric. The DCC database determines which devices will be allowed to attach to
a switch. These databases are called ACLdatabases'.
There are three levels of fabric-wide consistency that can be specifi,ed for the SCC
and DCC databases:
1. Not defined (absent): Fabric-wide consistency policy is not defined (default). A
switch that has an absent fabric-wide policy can have ACL databases. These
AGL databases can be changed by a manual distribution from another switch.
2. Tolerant: Switches are not required to have the same ACL databases. Switches
with absent and tolerant policies can be part of the same fabric. This provides
greater flexibility for pre-Fabric OS v5.2 and non-Fabric OS switches. Switches
can have the same, different, or no ACl databases. The switch SCC policies in
each fabric must contain all switches in the combined fabric. The switch DCC
policies in each fabric must contain all the devices attached to expected
switches in each fabric. Given the above-If a switch has a different database
from the rest of the fabric, it remains in the fabric. SCC and DCC database
distribution is .automatic; when a database is changed on any switch, that
database is automatically distributed to the rest of the fabric.
3. Strict: Switches in the fabric always have the same ACL databases/ Ensures that
SCC and DCC policies are consistent on all switches in a fabric. To join a fabric,
a new switch must have exactly the same sec and DCC databases as the
rest of the fabric - or no database at all. sec and DCC database distribution is
automatic. If a new switch joins the fabric with no database, the ACL database in
the existing fabric is automatically written to the new switch. When a database is
changed on any switch, that database is automatically distributed to the rest of
the fabric. If one switch in a fabric has a strict policy, all switches in the fabric
must also have a strict policy.
Footnote 1: The fosconfig --d i sabl e fer command disables the upper layer
FC Routing Service in Fabric OS while the Layer 2 switching remains enabled. The
command has no arguments or optional parameters. In the example above, the FC
Routing service was in the default disabled state, as indicated in the command
output.
When using the f oseonfig --disable fer command, keep these
considerations in mind:
• All EX_Ports on the switch must first be disabled (portdisab l e or
b l adedisable).
• The swi tehdis able command must also be run before the FC routing
service can be disabled.
• Display the current state of the FC Routing service with the familiar
swi tehshow command.
The fc r confi g u re command configures the fabric ID of the backbone Fabric. The
command is menu-driven, and has no arguments or optional parameters. The
Fabric OS default fabric ID value is 1; as shown above, the fabric ID has been set to
100.
The fos e onf ig --enable f er command enables the FC Routing Service in
Fabric OS.
With VF enabled, the backbone fabric and default switch use the same FID.
Revision 01 10 3- 8
CFP380 Internal Use Only FC-to-FC Routing Administration
( EdgeFl0100
Footnote 1:
The example on this slide persistently disables port 3 and then configures it as an
EX_Port. When configuring routing over an FCIP tunnel, the p ortc f gve xpo rt
command is used.
Footnote 2:
The p o rtdisab l e command can also be used but is not recommended. All FC
ports on the Brocade FR4-18i and Brocade 7500 are persistently disabled at the
factory.
Footnote 3:
Port modes include interoperability modes. See -m port mode parameter below.
Footnote 4:
If the front domain ID is not specified the default domain ID assigned to the first FD
in an edge fabric is 160.
Revision 01 10 3-9
CFP380 Internal Use Only FC-to-FC Routing Administration
The portc f gexport command is used to place an FC port into EX_Port mode
portcfgexport [slotnumber/ Jportnumber [- a admin] [=f
fab ricid] [ -r r atov] [ -e edt ov ] [-d dornain i d ] [ - p p i dforrnat]
[ -t fabric_parameter] [ -m po rtrnode ]
Required argument: slotnumber /po r t nurnber .
Optional arguments:
- a adrnin Specify whether to ( 1 -enable , 2 -disable) this port as an
EX_ Port. If 2 is specified, the port will not be disabled, but will no longer be
configured as an EX_Port. portcfgdef aul t can also be used to disable
EX Port mode.
-f fabricid Specify the fabric ID. Valid values are 1-128.
- r ratov Specify the R_A_ TOV used for port negotiation. Valid values are 2000
- 120000.
-e edtov Specify the E_ D_ TOV used for port negotiation. Valid values are 1000
- 60000.
- t fabric parameter Specify whether to (! - enable , 2 - disable )
negotiation Of the fabric parameters RA_ TOV and ED_ TOV.
-d dornainid Specify the preferred domain ID. Valid values are 1-239.
-p pidforrnat Specify the Port ID format. (0-native , 1-core , 2-
extended edge ). This operand is applicable only when port mode is set to 0
(Brocade Native mode).
-rn portmode Specify the Port mode (0: Brocade Native mode, 1: M-Series
Open Fabric 1.0 mode (and Brocade lnterop mode), 2: M-Series McDATA Fabric
mode used when the neighboring M-Series switch is running OS version such .as
6.0.2 or later, 3: M-Series Fabric Legacy mode, for the legacy M-Series ED5000
platform)
If no optional arguments are specified, the current port configuration will be
displayed.
Revision 01 10 3 - 10
CFP380 Internal Use Only FC-to-FC Routing Administration
Enable EX Port
• Enable the EX_ Port and verify EX_ Port configuration:
BB_B51 : admi n> p ortcfgpersiste ntena ble 3
<truncated output>
In the example above, port 3 o n the Brocade 5100 is configured with the following
settings:
EX Port Mode : Enabled
Fabric ID : 10
Front Phantom :
State : OK WWN is assigned from a
Current Domain ID : 120 poll of WWNs by the FC
router to represent the
WWN : 50 : 00 : 51 : e7 : e2 : 62 : ee : Oa
EX Port front domain
Fabric parameters :
R A TOV: 10000
E D TOV : 2000
PID format : core
Revision 01 10 3 - 11
CFP380 Internal Use Only FC-to-FC Routing Administration
Footnote 1: EX_Port trunks will appear as E_Port trunks in the edge fabric. E_ Port
trunking is implemented with the familiar CLI commands: swi tchshow,
trunkshow, portcfgtrunkport, and swi tchcfgtrunk. Please note that
trunking is enabled by default.
Footnote 2: Although multiple IFLs may link a single router to an edge switch, only
one front domain will be presented to the edge fabric on behalf of that router.
Revision 01 10 3 - 12
CFP380 Internal Use Only FC-to-FC Routing Administration
• LSAN zones are zones that begin with the characters LSAN
Lsan , lsan , etc.
Revision 0110 3 - 13
CFP380 Internal Use Only FC-to-FC Routing Administration
• Create LSAN zones using whatever tool you normally use (DCFM,
Web Tools or CLl) 1
Effective configuration :
cfg : Edge_CFG
zone : LSAN_Backbonel_Edgel
10 : 00 : 00 : 05 : 1e : 57 : 7c : 79
22 : 00 : 00 : 20 : 37 : dd : d9 : 29
Effective configuration :
cfg : BB_CFG
zone : lsan_backbonel_edgel
10 : 00 : 00 : 05 : 1e : 57 : 7c : 79
22 : 00 : 00 : 20 : 37 : dd : d9 : 29
Footnote 1: The tools used to configure LSAN zoning are irrelevant - use your
favorite tool. The important point is that the LSAN zones exist in each fabric, and
are being enforced within the fabric as part of the Effective configuration (Fabric
OS) or active Zone Set (M-EOS).
Revision 0110 3 - 14
CFP380 Internal Use Only FC-to-FC Routing Administration
The lsanzone show command will display all currently-active LSAN zones that the
backbone fabric is enforcing.
l sa n zoneshow [- s] [ - f fa b ricID] [-w wwn] [- z zonename]
Search parameters - f , - w, and - z allow searching for LSAN zones based on fabric
ID, WWN of an LSAN zone member, or LSAN zone name.
- f fabriclD: Display LSAN zones in the specified fabric.
-w wwn: Display LSAN zones containing the specified port
WWN. (Format XX:XX:XX:XX:XX: XX:XX:XX)
- z zonename: Display LSAN zones with the specified zone name.
- s state: Display state information for the device, valid states include:
Configured - Device is configured to be in an LSAN, but the device is not
imported nor does it exist in this fabric.
EXIST - Device exists in this fabric (the fabric of the zone entry).
Ini t ializing - Device is in an intermediate state. It is not yet imported into
the fabric.
Imported - Device has been imported (proxy created) into this fabric.
In this example, you can see which devices actually exist in the fabric listed (EXI ST)
and which ones are projected into that fabric ( I mpo rted).
Revision 01 10 3 - 15
CFP380 Internal Use Only FC-to-FC Routing Administration
Backbone Fabric:
BB B5l : admin> fabricshow
Switch ID Worldwide Name Enet IP Addr FC IP Addr Name
Footnote 1: When devices are shared with the edge fabric using LSAN zones, a
translate domain will be added to the local backbone fabric representing the remote
edge fabric but front domains are not needed as the backbone fabric is router port
aware.
Revision 01 10 3 - 16
CFP380 Internal Use Only FC-to-FC Routing Administration
Edge Fabric:
Edge B30 : admin> fabricshow
Switch ID Worldwide Name Enet IP Addr FC IP Addr Name
ffcOl 50 : 00 : 51 : e7 : e2 : 64 : ef : Ol 0 . 0 . 0 . 0
c03 10 : 00 : 00 : 05 : 1e : Ob : 96 : 8f 10 . 255 . 240 . 31
8 50 : 00 : 5l : e7 : e2 : 62 : ee : Oa 0 . 0 . 0 . 0
switches
The xlate domain and front domains do not have an Ene t I P Addr assigned. This
w1·11_aways
I b_e th .
__ e case since . I, not ph_ys1ca_
th ey are Iog1ca_ . I doma1ns.
.
Revision 0110 3 - 17
CFP380 Internal Use Only FC-to-FC Routing Administration
In the example 0111 the next page, the swi tchshow command output includes the
following information related to FC Routing functionality and the newly-created
EX Port:
•The switch is a Brocade 5100 (switch Type : 66 . 1).
• The FC router service is enabled (Fe router : ON).
• ThefabriclDforthebackbone(FC rou ter back bone Fabric ID : 10 0).
• Port 3 is online and configured as an EX_Port connection to the edge fabric
(10 : 00 : 00:05 : 1e : Ob : 96 : 8f " Edge B30 " fabric id = 10 ).
• Because devices are shared between the backbone and the edge a translate
domain (XO) is created in the backbone fabric to display the shared (imported)
devices from this edge fabric. (E- Port 50 : 00 : 51 : e7 : e2 : 64 : ef : 02
" fcr_ xd_l_lO ")
To create a trunk, additionally configure and enable ports as EX_Ports to the edge
fabric following all normal trunking requirements. Again verify output with the
swi tchshow command.
EX_Port Trunking is administered using the same CLI commands as E_ Port
trunking: swi tchshow, trunkshow, portcfgtrunkport, and
swi tchcfgtrunk.
Revision 01 10 3 - 18
CFP380 Internal Use Only FC-to-FC Routing Administration
0 0 620000 NS No Module FC
1 1 620100 id N4 Online FC Loopback- >Port 1
2 2 620200 id N4 Online FC Loopback->Port 2
3 3 620300 id NS Online FC EX-Port
10 : 00 : 00 : 05 : 1e : Ob : 96 : 8f " Edge- B30 " (fabric id = 10 )
E- Port 50 : 00 : 5l : e7 : e2 : 64 : ef : 02
" fer xd 1- 10"
4 4 620400 id NS In_ Sync FC Disabled
5 5 620500 id NS Online FC Loopback->Port 10
6 6 620600 id N2 Online FC L- Port 4 public
7 7 620700 NS No Module FC<Truncated Output>
Revision 0110 3 - 19
CFP380 Internal Use Only FC-to-FC Routing Administration
In the example above, the fcrfabricshow command output indicates that the
backbone fabric includes one router, with the following information:
• WWN = 10:00:00:05:1e:7e:26:2e
• Domain ID = 98
• IP address= 10.255.240.33
• Switch name= BB B51
This router has one EX_Port with the following information:
• EX Port Number= 3
• FID=10
• IP address= 10.255.240.31
• WWN = 10:00:00:05:1e:Ob:96:8f
• Switch name= Edge_B30
Revision 0110 3 - 20
CFP380 Internal Use Only FC-to-FC Routing Administration
10 10 : 00 : 00 : 05 : le : 57 : 7c : 79 030100
100 22 : 00 : 00 : 20 : 37 : dd : d9 : 29 6206e4
Total devices displayed : 2
• In the command output we see the two physical devices that are currently
being shared across the backbone fabric:
- Edge fabric (FIO 10) has one physical device PIO 030100
- Backbone fabric (FIO 100) has one physical device PIO 6206e4
Revision 0110 3 - 21
CFP380 Internal Use Only FC-to-FC Routing Administration
• In the command output we see the two proxy devices that aire currently
being shared across the backbone fabric:
- The format of the proxy address is XXfYYY, with xx indicating the translate domain ID,
and YYY is a value beginning at 001 1
In the f crproxyde vshow command output above, we see the two proxy devices
that are currently being shared across the backbone fabric:
• In the edge fabric (Fabric ID 10), there is one proxy device (WWN -
22:00:00:20:37:dd:d9:29), matching the physical device attached to the
backbone fabric (Fabric ID 100). The FC address of the proxy device
(Ox01f001) confirms that it is the first proxy device connected to translate
domain 1.
• In the backbone fabric (Fabric ID 100), there is one proxy device (WWN -
10:00:00:05: 1e:57:7c:79), matching the physical device attached to the edge
fabric (Fabric ID 10).
Note: Besides using CLI commands to verify devices, ports, zones, proxies, etc.,
verification can be achieved using SAN Health and DCFM
Footnote 1: The YYY portion of the PIO numbering increments as follows 001 , 101 ,
201 , 301 , 401 , ..., f01 , 002, 102, 202, 302, 402, ... This incrementing scheme is
used to better utilize the VCs when the frame traverses an ISL in the edge fabric.
Note, the device area field begins with -!!fand AL_ PA field is not 00, if using core
PIO.
Revision 01 10 3 - 22
CFP380 Internal Use Only FC-to-FC Routing Administration
You can identify imported proxy devices in nsallshow output by their 24-bit
address:
1. The Domain ID will be the Domain ID of the translate (xlate) domain used for
representing the -emote" Fabric ID where the imported device physically exists.
2. The Area (port#) will be in the range of OxfO - Oxff.
3. The AL_PA will be non-zero, starting at 01 and ending at FF. Examples: 08f003,
03fd22, 47fe17
Revision 0110 3 - 23
CFP380 Internal Use Only FC-to-FC Routing Administration
Footnote 1:
The nscamshow command displays the Name Server Cache Manager output. The
Name Server Cache Manager contains a cache of the Name Server information for
all other switches in the fabric including the logical front and translate domains.
Revision 0110 3 - 24
CFP380 Internal Use Only FC-to-FC Routing Administration
Revision 0110 3 - 25
CFP380 Internal Use Only FC-to-FC Routing Administration
BROCADE
EDUCATION SOLUTIONS
Revision 0110 3 - 26
CFP380 Internal Use Only FC-to-FC Routing Administration
Revision 0110 3 - 27
CFP380 Internal Use Only FC-to-FC Routing Administration
~..:.10.2SS240.47 - FC Router
x Waining EJ
.. FCR Set!'llce Is -
Lise< carrd ,,,.,,. FCR relete<I feature.
~ Ho
Note: The switch must be disabled to change the backbone fabric ID, valid range
for backbone fabric IDs is 1-128.
Revision 0110 3 - 28
CFP380 Internal Use Only FC-to-FC Routing Administration
Configuring an EX_
. Port
.!'-210.25 outer
~~ ~Po=~rU-~~=No=--~=
~QJ me P<>r=l Sl=-~~H
«v ce:=lh.~. . :ciiiiiiiiiiiiiiiiiiiiiiiiiiix~ dPcrt
l. Se.lect Port
3. Confinnation
4. Report
To configure an EX port:
1. In the FC Router window click the EX_Ports folder tab
2. Click the New button to launch the Port Configuration Wizard
3. Select the port from the list and click Add
4. Click Next
Revision 01 10 3 - 29
CFP380 Internal Use Only FC-to-FC Routing Administration
Configuring an EX_
. Port (cont.)
1. Select Port
FellrlcD:
2. Specify Polis Parametel'S
• BrocedoNoliYe-
3. Confumation
McOola Febrlc-
,... ()pefl-
'6'
\"V
4. Report
MCOATAfebrlclegacy
Revision 01 10 3 - 30
CFP380 Internal Use Only FC-to-FC Routing Administration
Configuring an EX_
. Port (cont.)
L SdeclPort
4. Confinnalion
Speed
Ingres: R.ce ~)
Al.Ao
Noe-zed
UtNormol
...
I
5. Report long Distonce -
Revision 01 10 3 - 31
CFP380 Internal Use Only FC-to-FC Routing Administration
Configuring an EX_
. Port (cont.)
Revision 01 10 3 - 32
CFP380 Internal Use Only FC-to-FC Routing Administration
Configuring an EX_
. Port (cont.)
3. Specify FC Parameurs
4. Confirmation
5. Report
Revision 01 10 3 - 33
CFP380 Internal Use Only FC-to-FC Routing Administration
- AddlionolPo... fallrlcl>
Olftne 2
El 098(R11-ST08-BS1) Noyt aenemo YJtrw Oelab Ii.di ConftgU"ollOll Port is now online
Iii Port •
PersjStenl ~
P"'1I ..
4(0x4
~
~
IAn Levels Name ---,(De
_ vic
_ ~T
is 0 RSL11_srs RSL11_srs • j
B 0 R11-ST08-BS1 R11-ST08-B ... • swilc
4 20:0A:00:05:1
Ji 22:00:00:04:C
4 22:00:00:20:3"
® 22:00:00:20:3. J
Ji 20:05:00:05:11 RSL1 1_ST8
~T
R11-ST08-830
RSL11_ST8_Edge1
Revision 0110 3 - 34
CFP380 Internal Use Only FC-to-FC Routing Administration
a.J 0 ~ ~ -~
. . - - - - - - - - - ; FC~Ch
VltYw /IJI. ,__
s;,£1: Swleh______,
Pot! (lr014>S
FCTr~ •
f'Tr-.ng
Revision 0110 3 - 35
CFP380 Internal Use Only FC-to-FC Routing Administration
To configure front domains on an edge fabric use the Configure Routing Domain
IDs dialog (cont.):
2. Select the domain in the edge fabric you wish to change (Note: The FD must
be online before you can change it)
3. Click the right arrow to add it to the Selected Switches list
4. In the Domain ID column use the pull-down menu to select the new domain
ID
5. Click OK
Revision 0110 3 - 36
CFP380 Internal Use Only FC-to-FC Routing Administration
BR0CADE
1
EDUCATION SOLUTIONS
Revision 0110 3 - 37
CFP380 Internal Use Only FC-to-FC Routing Administration
Cii. D
N.leYoie
El O , . RS1.11_sra
El <::>1111.st0&-1161
,i 20;0AJlllOS.1
~
Z"""41
--r-~----L.._,
01
a220000CMC I-'-"--- ---..
• 2200001113
a22000020;3
a 2005;ooos.11
8 0 • RSl.ll_Slll..Ed!le
fCh~
p TredllMhOCCng
•
•
<s> r
111
RSI.I
...__o .....,,_.,.
Ill
m O q.OS1.11_$1>.-1
-- - .s-
•I
Revision 0110 3 - 38
CFP380 Internal Use Only FC-to-FC Routing Administration
Note: The 5 and 10 entries under switch R11-ST08-B51 are loopback ports and
show up because the view has been changed to "Occupied Ports-en a prior
screen.
Revision 0110 3 - 39
CFP380 Internal Use Only FC-to-FC Routing Administration
Febrtcs
Zone Oestno00n febrics 13 ~ RSL11_ST8
8 (i!I LSAN_Newlone RSL11_ST8,RSl11_ST8_Edge1 (i!I LSAN_}lewlone
8 ~ RSl 11_ST8_Ed!le1
(i!I LSAN_}lewlone
You 01e abcM..C 10 ectivale LS.AN zones i1 the febrlcs. For the LS.AN 1ones that corHin offine de\ltces tx.t are
nol ossignod lo #Jlt'f clher f-. tho zones wt be pushed lo tho f-wh«e lho...., devices belorog lo.
tt lhe<e Is no adrYe zone confl!µ'.iion In tho,_ _ the LSAN zones wt be _,hod 10, ozone oonfl!µ'IDon wt be
created h the $Wlch to contan the LSAN zones
Ou'n!l the L S A N - . the cwr.n I.() on the ,..,.ed •Ob1cs wt be ~ed
tt o newty u..,.ed LSAN zone hes the ._,..,,.es an exlslng zone In the ?°'*'II
dalobose, tho new <one defnboo wil ovetwrlo ll>O e>dslng zone
Note: To refresh the Zoning dialog click Ok to close the window, then reopen by
going to Configure -+ Zoning
Revision 01 10 3 - 40
CFP380 Internal Use Only FC-to-FC Routing Administration
- Cl x
Zcrilg Sccpe RSl.11_ST6_Edgo1 Zone 06 Fable lone 06 • Zone 06 Opcrtllon Zone 06 Edit •
G ~R11-ST08-B30
Type WNH
lA.es-
•
1' Fild
~ : I
I
•• Zones
IEJINJt:SAN'J
8
lone
1rco:01to01JSEAOATET
ij )FCD:01ft01)SEAOATET
~ (FCD.030100) 6rocecle
9 Fild
:
•• Zone Conf90
Ila&JINJLSAN_New~·I
LSAN_CF0_20091
1ii3J _g AeWete...
Z<dlgPclcieo
1 I
C 2009 Brocade Commun ca1 ans Systems Inc 41
Al I R ghTS Reserved
LSAN zones can be added to existing zoning configurations. If the fabric already
has an active zone configuration place the new LSAN zone into that configuration
and write the changes to the fabric.
The most important thing to remember is that LSAN zones are administered just like
any other zone
ZoneDB I
Paential Members
•
•Zones
AllevelS ....
l!I 0 0 c,,p RSL11_ST8
~
2..J
r- I
"'"'=l_SAN_,Jl!ew
· ID _ Zone---.[------.1
1611 (fCI0:6206e2] SE.a.GATE TECHNOLOGY~
s. Acliv8te ...
l ~""""'""-~!
Revision 0110 3 - 41
CFP380 Internal Use Only FC-to-FC Routing Administration
BR0CADE
1
EDUCATION SOLUTIONS
Revision 0110 3 - 42
CFP380 Internal Use Only FC-to-FC Routing Administration
-
FCR ROl.te< Port Cost 1000 SW
10;00:00;05:1e.lix9t.6f
Nome R11-STOS.B30
Pv4Address 10.255240.46
Pv6Address 8
To access EX_Port and E_Port properties select Element Manager --+ Ports:
View All•
B
u
J,
!Aii Levels c;
0
~
~ 1cuc::1 •-
Revision 0110 3 - 43
CFP380 Internal Use Only FC-to-FC Routing Administration
El LSANF.,.cs !1!«"90LSANfll>ric
mJ SIMIMj)Mi
6.'! R11.sTQ8.851 (1) Oenerll
D ,
Type Edge
febrioSWtch- R11-Sll)8.830
SWtchWll\N 1(UIQ:Oil05. l«Ob;9161
SW.ch PY•
Pod'Wll\N Stole
~Co 1D.OQOQ05 - Exls! Phl""""PO
030100 ~
- - --
ProxyLSAN-.
"
Vendor ""'
~·Tee
P<wt"NNH
220QOQ2& -ed
9.C.e Proxy PO
011101
-- 1
Phy$col Fob Phi"""" Fob Phyalcll PO """"
R11-ST08-B51 6206ei ~
1D.oi
,,
~eTee 220Q002n - 01 !001 1 R11.sT08-B51 6206e1
Open the FC Router window and click the LSAN Fabrics tab
• From here you can view switches involved in LSANs
• Selecting a switch from the navigation pane allows you to view LSAN specific
information for that switch
• LSAN zones
• Physical LSAN devices
• Proxy LSAN devices
Clicking the Manage LSAN Fabric button will launch Element Manager for the
selected switch
Revision 01 10 3 - 44
CFP380 Internal Use Only FC-to-FC Routing Administration
~I.SANO.--.
Venc:IOf _. Port~ StMe
- fob l'hyOiOej Fob- Pl> --
·Soo\111• rec 220000.20" e.bl R11-Sl08-B51 6206el 20"000020"
~·Tee .• 2200.00.~ Ellbl R11-sT08-851 6106e2 20.00.00:20.
v..- ...
Br_ Co
................
10;00:0005 -ed
Stole Proxyfabric:D~
011001
- f o b ~Fob Pl'Y8
2 R11-STOll-830 0301
The LSAN Zones folder tab provides a condensed view of LSAN zones configured
for managed switches
• Selecting a zone from the navigation pane displays information for that zone
display:
• General
•Zone name
• Fabric ID
• Switch name
• Fabric type
• Physical LSAN devices
• Proxy LSAN devices
Revision 0110 3 - 45
CFP380 Internal Use Only FC-to-FC Routing Administration
"°"YLSNtl>Ma
Yencb .. Pc.Iv.wt Sl.lle PrcxryF.t:incOPrmyFlbrt: ,ProxyPI> Phylicm!Fatrtcm ~FabrcSWtd'!Nllme fhra:jctlPI) NodlWNrf
&ocodeC. 1000ll005 - I ffll.$W$.8SIOll001 > "11~ ll)Ol()O l0.00000511
The LSAN Devices tab shows a list of physical and proxy devices. Properties can
be viewed for any device by selecting it from the navigation tree
Revision 01 10 3 - 46
CFP380 Internal Use Only FC-to-FC Routing Administration
El:JLSAHO.-
a lll~D1Ycn
°""'"
PartWHt
i>•oOOOQ.OS.ta56:c*
e>noooo20S1dit:01
o......nr..-ic
"-YPD .,.,.,
t(fttt..ST-..1)
~-·
Revision 01 10 3 - 47
CFP380 Internal Use Only FC-to-FC Routing Administration
BROCADE
EDUCATION SOLUTIONS
Revision 0110 3 - 48
CFP380 Internal Use Only FC-to-FC Routing Administration
Footnote 1: Example output when both devices are online and correctly
configured .
Revision 0110 3 - 49
CFP380 Internal Use Only FC-to-FC Routing Administration
The lsanzoneshow command will display all currently-active LSAN zones that the
backbone fabric is enforcing.
lsanzoneshow [-s) [-f fabricID] [-w wwn] [-z zonename]
Search parameters -f, -w , and -z allow searching for LSAN zones based on fa.bric
ID, WWN of an LSAN zone member, or LSAN zone name.
- f fabriclD : Display LSAN zones in the specified fabric.
-w wwn: Display LSAN zones containing the specified port
WWN. (Format XX:XX:XX:XX:XX:XX:XX:XX)
-z zonename: Display LSAN zones with the specified zone name.
-s state: Display state information for the device, valid states include:
Configured - Device is configured to be in an LSAN, but the device is not
imported nor does it exist in this fabric.
EXIST - Device exists in this fabric (the fabric of the zone entry).
Initializing - Device is in an intermediate state. It is not yet imported into
the fabric.
Imported - Device has been imported (proxy created) into this fabric.
In this example, you can see which devices actually exist in the fabric listed (EXIST )
and which ones are projected into that fabric (Imported).
In the f crproxydevshow command output above, we see the two proxy devices
that are currently being shared across the backbone fabric:
• In the edge fabric (Fabric ID 10), there is one proxy device (WWN -
22:00:00:20:37:dd:d9:29), matching the physical device attached to the
backbone fabric (Fabric ID 100). The FC address of the proxy device
(Ox01f001) confirms that it is the first proxy device connected to translate
domain 1.
• In the backbone fabric (Fabric ID 100), there is one proxy device (WWN -
10:00:00:05:1e:57:7c:79), matching the physical device attached to the edge
fabric (Fabric ID 10).
Note: Besides using CU commands to verify devices, ports, zones, proxies, etc.,
verification can be achieved using SAN Health and DCFM
Revision 01 10 3 - 50
CFP380 Internal Use Only FC-to-FC Routing Administration
<Truncated Output>
Revision 0110 3 - 51
CFP380 Internal Use Only FC-to-FC Routing Administration
Port Limits :
Max proxy devices : 2000
Max NR Ports : 1000
Currently Used(column 1 : proxy, column 2 : NR_Ports) :
216 I 2 l
Revision 01 10 3 - 52
CFP380 Internal Use Only FC-to-FC Routing Administration
In the example above, the error message indicates that a FC router port 4 changed
from a non FCR port to an FCR port.
The F CR- * error messages are documented in the System Error Message
Reference Manual.
Revision 0110 3 - 53
CFP380 Internal Use Only FC-to-FC Routing Administration
• Use the cfgsh ow command from the edge fabrics to verify device
connectivity1:
Brocade : admin> cfgshow
<Truncated Output>
Effective configuration :
cfg : LSAN CFG 20091103
zone : LSAN Newzone
10 : 00 : 00 : 05 : le : 56 : c8 : 2d
22 : 00 : 00 : 20 : 37 : ef : 43 : 38
22 : 00 : 00 : 20 : 37 : de : Ol : e0
Footnote 1:
The zone s how command will give the same information in slightly different format.
FC-FC routing connectivity can also be verified with the fcping command
Revision 0110 3 - 54
CFP380 Internal Use Only FC-to-FC Routing Administration
Revision 0110 3 - 55
CFP380 Internal Use Only FC-to-FC Routing Administration
Revision 0110 3 - 56
CFP380 Internal Use Only FC-to-FC Routing Administration
Revision 0110 3 - 57
CFP380 Internal Use Only FC-to-FC Routing Administration
Summary
• In this module, we discussed:
FC Routing implementation from CU and DCFM
1. Enable FC routing
2. Configuring EX_Ports
3. Define LSAN zones
- Commands and DCFM tools used to verify routing and connectivity
• Edge fabric
• switchshow
• fabricshow
• cfgshow
• Backbone fabric
• lsanzoneshow -s
• fcrfabrics how
• fcrproxydevshow
• DCFM FC Router window
Revision 0110 3 - 58
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
BROCADE
EDUCATION SOLUTIONS
Revision 0110 7 - 59
CFP380 Internal Use Only FC-to-FC Routing Administration
Revision 0110 3 - 60
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 1
CFP380 Internal Use Only FCIP Theory
Objectives
Upon completion of this module, you should be able to:
• Describe the Brocade 7800 Extension Switch and Brocade FX8-24
Extension Blade features
• Describe the components of the new Brocade extension products
- FCIP circuits
- FCIP Trunking
- FCIP tunnel
• Discuss new software features:
- Adaptive Rate Limiting
- FCIP QoS
FCIP - Overview
• The Fibre Channel-over-IP (FCIP) protocol connects Fibre
Channel switches over an IP network
- IP packets generated by an FCIP-compliant port navigate the IP
network to reach the destination end point
- Implementation uses standards-based TCP, it interoperates with
regular network equipment
Server Storage
Brocade DCX-4S
with FXS-24 Blade Brocade 7800 ~
WAN
Secondary Site
Footnote 1: Distances that utilize native FC can span 500km; these solutions
incorporate dark fiber, C/DWDM, and form a single fabric.
For additional FCIP details, reference RFC 3821 - Fibre Channel Over TCP/IP
(FCIP).
Brocade does not recommend FCIP for use in every distance extension scenario:
no technical solution can be all things to all people. FCIP has inherent performance,
reliability, data integrity, and manageability limitations when compared to native FC
solutions. Delay and packet loss may create bottlenecks in IP networks. FCIP can
support very long distances, as long as the carrier network is extremely high
performance and reliable. FCIP is typically deployed when long-haul applications
are not business critical, and do not need especially high performance. FCIP may
not be suitable for tape, since tape usage will often fail if packets are dropped. In
addition to its performance limitations, FCIP troubleshooting and performance
analysis requires evaluating all aspects of the IP LAN and WAN networks in addition
to all FC nodes, switches, and routers, which can make it more complex to manage
than other extension options.
Revision 01 10 4-4
CFP380 Internal Use Only FCIP Theory
Server Storage
Brocade DCX-4$
with FX8-24 Blade Brocade 7800 ~
WAN
TCP J
J
LINK J r---
---P-HY
- --J r> WAN
After FC frames destined for devices at the remote side are encapsulated into TCP
packets, a standard IP header is added to each packet. The packet is then sent to
the next hop (usually an Ethernet router).
FCIP Encapsulation
• Before an FC frame is sent out through FCI P over an Ethernet link,
the transmitting FCIP port encapsulates the FC frame in the
payload of each of the four protocols in the stack: FCIP, TCP, IP,
and Ethernet
• The receiving FCIP port de-encapsulates the Ethernet, IP, TCP,
and FCIP headers; reassembles the FC frame (if it was
fragmented); and forwards the FC frame into the FC fabric
FC
BROCADE
EDUCATION SOLUTIONS
Revision 0110 4 - 10
CFP380 Internal Use Only FCIP Theory
D FC Ports
0 FCIPPorts
[:J Combo Ports
Switch 10 Pullout 16 FC Ports - 8f4/2/1 Gbps - SFP 6 GbE Po rts - 1 Gbps - SFP
Footnote 1: The top two GbE ports (GEO and GE1) are configured for copper via
built-in RJ45. In standard configuration, users have the option of using either the top
two GbE ports, which are configured for copper SFPs, or the bottom two, left-most,
GbE ports (GEO and GE1) which are configured for optical SFPs. The remaining
four GbE ports can use either optical or copper via SFP module up to 1 Gbps. It is
possible to configure GEO as copper and GE1 as optical and vice versa.
GolclonEyo2
FCASIC
Cavium
Combo Ports
Ethernet
I\
nu
.a x 1G SFP
tt tt
2x 2 J;
1GSFP 1G
Revision 0110 4 - 11
CFP380 Internal Use Only FCIP Theory
·.....
· · · · 1•
·········•
••••••••
·········
•••••••••
••••••••
__ .... ·-
•
•
·······"'··
g·········
••••••••
• , •••••••••
, ........
•••••••• .. (i,.~
l
1SOW Power Supply
with 2 Integrated Fans
Both weight and power consumption numbers assume Brocade 7800 with two
power supply/fan FRUs and zero SFPs installed.
Revision 01 10 4 - 12
CFP380 Internal Use Only FCIP Theory
The base unit has 2 GbE ports available for use. They can be the two copper ports,
or the two fibre ports. The default is copper.
Revision 0110 4 - 13
CFP380 Internal Use Only FCIP Theory
Please refer to the Release Notes for the most up-to-date information.
Enabling either of the 2 x10 GbE ports requires a 10 GbE license, which is a slot-
based license.
Footnote 1 : The supported operational modes are:
• 10 x 1 GbE port
• 10 x 1 GbE ports and 1 x 10 GbE port
• 2 x 10 GbE ports
Revision 01 10 4 - 14
CFP380 Internal Use Only FCIP Theory
12 x 8 Gbit/sec FC Ports
•c
a. "'
""IZu
!
10 x 1G FCIP --~ 10G (xGE1)
!
10G (xGEO)
Revision 0110 4 - 15
CFP380 Internal Use Only FCIP Theory
3 FC Trunk Groups
Footnote 1: Typically, port groups for Condor2 AS ICs are 8-port trunk groups.
There are 40 ports on a Condor2 ASIC. As seen in the notes section of the previous
slide, there is a 5-port trunk to each of the four Blaster FPGAs. By definition, a trunk
must be created from the same octet. This means that each octet from a Blaster
trunk octet has 3 ports remaining in the octet. Thus, Brocade engineers used the
available ports to create 2 other 2-port trunks to use some of the remaining ports.
Weig1ht: 3.2 kg (7.0 lb)1
Dimensions:
Width: 3.60 cm (1.41 in)
Height: 42.06 cm (16.56 in)
Depth: 29.89 cm (11.77 in)
Power Consumption: 235 Watts nominal
Approximate weight with 0 SFPs installed. The minimum power consumption of the
Brocade FX8-24 Extension Blade is 235 watts with 0 optical SFPs installed running
at 8 Gbps.
Revision 0110 4 - 16
CFP380 Internal Use Only FCIP Theory
XGbE
lG Mode
10G Mode
Dual Mode
-
GEO GEl GE2 GE3 GE4 GES GE6 GE7 GE8 GE9 X<iEO XGEl
Revision 01 10 4 - 17
CFP380 Internal Use Only FCIP Theory
Available Licenses
• Fabric OS v6.3.0 available licenses for new extension products:
- 87800 Port Upgrade
• B7800 4/2 to B7800 16/6
- 10 GbE FCIP(FX8-24 only)
• Slot-based
- Integrated Routing
- Advanced Extension
• Slot-based
• FCIP Trunking
•Adaptive Rate Limiting
- Brocade Accelerator for FICON
- FICON Management Server (CUP)
Revision 0110 4 - 18
CFP380 Internal Use Only FCIP Theory
Fibre channel routing Requires Integrated Routi ng Requires Integrated Routing Requires Integrated Routin g
license license license
VEX_Port support Requires Integrated Routing Requires Integrated Routing Not lnduded'
hcense license
FCIPtunnel Included lnduded Included
Number or FCIP tunnels 2per syslem Up to sys1em hmlt 1 Up to system limit•
FCIP trunking Requ~es Advan ced Extension Requires Advanced Extension Requires Advanced Extensi on'
license license license
Adaptive Rate Umhlng Requ~es Advanced Extension Requires Advanced Extension Requires Advanced Extensi on'
license ricense Hcense
FCIP Qo:S Included lnduded lnduded
FICON CUP N/A Requires FICON CUP license Requires FICON CUP licerlse
TCP performance graphing In Web Tools Included lnduded Included
Footnote 1:
FCIP Tunnels:
•87800 - up to 8 VE_Ports
•FX8-24 - up to 20 VE_Ports
FCIP Trunking:
•87800 - up to 4 circuits per trunk
•FX8-24 - up to 4 circuits per trunk for 1 GbE; up to 10 circuits per trunk for 10
GbE
Footnote 2: 10 GbE, Advanced Extension and FICON Accelerator licenses for FX8-
24 supported in DCX and DCX-48 are slot based licenses
Footnote 3: Not supported in initial Fabric OS v6.3.0 release.
Revision 0110 4 - 19
CFP380 Internal Use Only FCIP Theory
Optics
Brocade Branded Brocade orderable PIN
1/2/4 Gbps and GbE SWL XBR-000139 (1-pack), XBR-000141 (8-pack), XBR-000158 (128-pack)
GbE copper XBR-000190 (1-pack)
1/2/4 Gbps LWL - 4km XBR-000142 (1-pack) and XBR-000143 (8-pack)
1/2/4 Gbps LWL - 1Okm XBR-000144 (1-pack) and XBR-000157 (8-pack)
1/2/4 Gbps ELWL - 30km XBR-000146 (1 -pack)
2/4/8 Gbps SFP+ SWL XBR-000147 (1 -pack), XBR-000148 (8-pack), XBR-000159 (128-pack)
2/4/8 Gbps SFP+ LWL- 1Okm XBR-000153 (1-pack), XBR-000172 (8-pack)
2/4/8 Gbps SFP+ ELWL - 25km XBR-000174 (1-pack)
10 GbE SFP+ SR XBR-000180 (1 -pack), XBR-000181 (8-pack)
10 GbE SFP+ LR XBR-000182 (1-pack), XBR-000183 (8-pack)
~:~;:.~eCA ~ ~
57·\000012.01 2:1C,,tC.J~
M•d• In Ch•n• ~
SN UAAo&076200000MH
SFP+
Revision 0110 4 - 20
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 21
CFP380 Internal Use Only FCIP Theory
BROCADE
EDUCATION SOLUTIONS
Revision 0110 4 - 22
CFP 380 Internal Use Only FCIP Theory
1. FC ingress
2. VE Port
3. FCIP tunnel (contains trunked circuits 0 and 1)
4. Multiple circuits (circuits 0 and 1)
5. Ethernet interface, one physical GbE port for each circuit
• Multiple circuits can reside on one physical port
Revision 0110 4 - 23
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 24
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 25
CFP380 Internal Use Only FCIP Theory
10G mode
10G mode
Footnote 1: There are 8 VE_ Ports for 6 physical ge ports on the 7800 16/6. An
FX8-24 blade can support 20 VE_Ports, and therefore 20 FCIP tunnels. Each FCIP
tunnel is associated with a specific VE_Port. On FX8-24 blades, and on the 7800
switch, VE_Ports do not have to be associated with a particular GbE port.
VE_Ports 12 through 21 may use GbE ports geO through ge9, or they may use XGE
port 1. VE_Ports 22 through 31 can only be used by XGE port 0. The total
bandwidth cannot exceed 20 Gbps.
Revision 0110 4 - 26
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 27
CFP380 Internal Use Only FCIP Theory
FCIP Circuit
• An FCIP circuit is a logical connection created between two IP
address end points
~
X) WAN )(
IP Router IP Router
10.0.0.1 10.0.1.1
The 7500E and 7500 switches and the FR4-18i blade support only one connection
per GbE port, so strictly speaking, the FCIP circuit concept does not apply
Revision 0110 4 - 28
CFP380 Internal Use Only FCIP Theory
FCIP Tunnels
• Collection of one or more FCIP circuits that create one logical
connection between 2 FCIP devices1
• Each FCIP tunnel presents a VE_Port to the FC fabric
• Tunnel can span multiple physical ports
• Multiple FCIP circuits from different 1 GbE interfaces added to a
VE/FCIP tunnel increases the bandwidth available to an FCIP
tunnel
-·
87800
Tunnel Example: 87800
-·
- 2 Gbps tunnel created
- 4 circuit aggregated tunnel
- Each circuit 512 Mbps
VE ports and GbE ports are no longer 1 :1 associated as they were on the 7500 and
FR4-18i.
VE and GbE ports can have a 1:1 association, but they are not limited by the
design.
Footnote 1: Configuring a tunnel with more than one circuit requires an Advanced
Extension license. Without a license present, a second circuit will not be allowed to
be configured. The administrator will receive a message stating as such.
Revision 01 10 4 - 29
CFP380 Internal Use Only FCIP Theory
FCIP Trunking
• When more than one circuit is added to a tunnel , the bandwidth of
all active circuits within the tunnel will be aggregated together to
form a trunk (requires Advanced Extension license )1
• Purpose is two-fold:
- Increase tunnel bandwidth
- Provide failover paths in the event of a network failure
• The functionality of FCIP trunking will be transparent to the
applications using the FCIP tunnel
Tunnel 1
FCIP trunking requires multiple FCIP circuits, therefore FCIP trunking cannot be
implemented on the 7500E, 7500 switch, and the FR4-18i blade.
Footnote 1: Configuring a tunnel with more than one circuit requires an Advanced
Extension license. Without a license present, a second circuit will not be allowed to
be configured. The administrator will receive a message stating as such.
Revision 0110 4 - 30
CFP380 Internal Use Only FCIP Theory
Circuit 1
+ + +
Circuit 2
(
Revision 0110 4 - 31
CFP380 Internal Use Only FCIP Theory
Circuit Metric
• Each circuit will be configured with a metric of 0 (active) or 1 (standby)
• The metric will be used by the tunnel supervisor to determine which circuit
or circuits will be used as active circuits
• Metric 0 circuits have the lowest metric and will be designated the active
circuits and will be used for all data transfers
• Metric 1 circuits are classified as standby circuits. It is in standby mode in
the event that all metric 0 circuits fail .
MetricO
MeuicO
Metric 1
87800
Revision 0110 4 - 32
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 33
CFP380 Internal Use Only FCIP Theory
Revision 01 10 4 - 34
CFP 380 Internal Use Only FCIP Theory
Circuit Scalability
FX8-24 blade
Footnote 1: 10 tunnels for all 1 GbE ports and 10 tunnels per 10 GbE port
Footnote 2: 10 tunnels per 10 GbE port
Revision 0110 4 - 35
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 36
CFP380 Internal Use Only FCIP Theory
. geO
0 gt1
• gel
0 gel
Footnote 1: IP address subnets are used so that the TCP supervisor can route
packets to the destination subnets. The FCIP subsystem contains an IP routing
table that directs packets with a tunnel destination to the correct circuits and
tunnels.
Footnote 2: The 87800 contains 6 x 1 Gbps connections between field-
programmable gate arrays (FPGAs) and the Ethernet ports.
Footnote 3: If multiple circuits are configured on the same physical port, they can
contain addresses from the same subnet or different subnets.
Footnote 4: For the FX8-24, each FCIP complex has ten 1 Gbps connections
between FPGAs and the Ethernet ports. This is the reason that the XGE ports
require 10 circuits to achieve 10 Gbps bandwidth.
Revision 0110 4 - 37
CFP380 Internal Use Only FCIP Theory
·Packet loss re-transmissions are compounded when errors are bursty. Selective
Acknowledgement (SACK) is an extension to a protocol which allows the
acknowledge reception of specific packets or messages.
The SACK option RFC 2883 [18] allows the receiver to acknowledge multiple lost
packets in a single ACK, enabling faster recovery. An FCIP Entity may negotiate
use of TCP SACK and use it for faster recovery from lost packets and holes in TCP
sequence number space.
Footnote 1: SACK improves loss detection, retransmission techniques, and
enables faster recovery.
Revision 0110 4 - 38
CFP380 Internal Use Only FCIP Theory
Hardware Compression
• Both the Brocade 7800 and FX8-24 have hardware compression
capabilities
• Performed by hardware on an individual FC frame and is
configured on a tunnel basis
FCIP Subsystem
Compress? FCIP Encapsulation
Revision 0110 4 - 39
CFP380 Internal Use Only FCIP Theory
Software Compression
• The 7800 provides an additional feature named Advanced
Compression , which is software compression
- Meant to provide higher compression ratios when dealing with lower
bandwidth
• Compression is configured by creating or modifying a tunnel using
the port cf g fcipt umnel command
• Compression options1 :
- 0: Off
- 1: Standard (hardware compression)
- 2: Moderate (7800 switch only)
- 3: Aggressive (7800 switch only)
Revision 0110 4 - 40
CFP380 Internal Use Only FCIP Theory
BR0CADE
1
EDUCATION SOLUTIONS
Revision 0110 4 - 41
CFP380 Internal Use Only FCIP Theory
VE16
VE17
geO
gel
ge2
Circuits
G
ge3
Circuits
B7800
Revision 0110 4 - 42
CFP380 Internal Use Only FCIP Theory
geO
gel
ge2
ge3
87800
Revision 0110 4 - 43
CFP380 Internal Use Only FCIP Theory
...
B7800
Revision 0110 4 - 44
CFP380 Internal Use Only FCIP Theory
....----''-----~
.
1ox 1~sec circuits "' 10
Gbit/secTunnel ( \ _
- \...,,
Giami
xgeO
xgel
FX8-24
D l 0 Gbit/sec Tunnel
D 5 Gbit/sec Tunnel
• 5 Gbit/sec Tunnel
Revision 0110 4 - 45
CFP380 Internal Use Only FCIP Theory
xge 1 ·Disabled
geO
gel
ge2
ge3
geS
ge6
gel
ge8
O 10 Gbit/sec Tunnel
Note: The m aximum circuits that can be configured for a
D 4 Gbit/secTunnel
• 4 Gbit/secTunnel
tunnel using 1 GbE ports is 4 circuits.
Ports ge4 and ge9 are available to be used, but are not in the example above.
Revision 0110 4 - 46
CFP380 Internal Use Only FCIP Theory
BR0CADE
1
EDUCATION SOLUTIONS
Revision 0110 4 - 47
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 48
CFP380 Internal Use Only FCIP Theory
Best practice is to use a commit rate that uses 90% of the bandwidth allocated to
the FCIP traffic. In this example, both devices are configured for 100% of the total
bandwidth of the WAN gateway, which means that the router is oversubscribed 2:1.
This configuration can lead to many dropped frames and errors.
Revision 0110 4 - 49
CFP380 Internal Use Only FCIP Theory
The configuration above is a better solution than the previous slide, but still has
shortcomings. While the router is not oversubscribed, the bandwidth available for
the WAN is not fully utilized when there is either a failure of one of the devices, or a
simple case of a device needing less bandwidth than what is configured. This can
leave the link underutilized during certain times.
Revision 0110 4 - 50
CFP380 Internal Use Only FCIP Theory
ARL
Minimum 1/2 OC-3
Maximum OC-3
ARL
Minimum 1/2 OC-3
Maximum OC-3
Revision 01 10 4 - 51
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 52
CFP380 Internal Use Only FCIP Theory
0
90° ~Tunnel 1
80o/o 'ltl--~-\-~~~~-,,.£~~~~----:::-J!l'!-::..._~~~~-
-a-Tunnel 2
70%
60% -Max Commit
50% - Min Commit
40%
30% This interface steps up
20% to fully utilize the
10% ~-~...-~~~~.r---t.~~~~~~~~~~--
- available WAN BW. It
oo stops seeking a ceiling
at the maximum
............. ....- ......
The 2nd interface ..................... ...- N N N N N
starts by c laiming
its minimum Offline equipment/link results Blips are TCP
configured rate in available BW testing the ceiling
Revision 0110 4 - 53
CFP380 Internal Use Only FCIP Theory
BR0CADE
1
EDUCATION SOLUTIONS
Revision 0110 4 - 54
CFP380 Internal Use Only FCIP Theory
. ...T!'El.'£1m:i1i
- 1
0 Class F
Data All
3
Data
4 Data
Traffic
5
6
Data
Class 3 Multicast
--
7 Broadcast/Multicast
Revision 0110 4 - 55
CFP380 Internal Use Only FCIP Theory
RxQueue
The QoS feature only comes into play if there is contention on the link. If there is no
congestion on the link QoS will not engage.
The order of operations during congestion is as follows and repeats as necessary:
1. VCO then,
2. 6 frames of High priority traffic then,
3. 3 frames of Medium priority traffic then,
4. 1 frame of Low priority traffic
000~~~1
vco } { O DDI
:1::tm===o;; ;O
; ;;: ; ;g; ;: 1 TUl
x •o u.eue
_ _. ,
Low l• T• I• l• ll I;::.
._= _=_=_=_=_=_==._..!•= I
Rx Queue
Revision 01 10 4 - 56
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 57
CFP380 Internal Use Only FCIP Theory
0 F-Class /
• High
/
0 Medium
O Low
/
Revision 0110 4 - 58
CFP380 Internal Use Only FCIP Theory
• High Prio<lty
LI ~lurn Priority
• Low Prlo<ily
Revision 0110 4 - 59
CFP380 Internal Use Only FCIP Theory
Summary
• Brocade 7800 Extension Switch and Brocade FX8-24 Extension
Blade features include ... ..
• Brocade extension products components include
- FCIP circuits
- FCIP Trunking
- FCIP tunnel
• Software features include:
- FCIP QoS
- Adaptive Rate Limiting
Revision 0110 4 - 60
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 61
CFP380 Internal Use Only FCIP Theory
BROCADE
EDUCATION SOLUTIONS
Revision 0110 4 - 62
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 63
CFP380 Internal Use Only FCIP Theory
• - Write Command R
equest
Transfer Ready
-
2xRTI
• - Data Transfer
Status
-
O 2009 Brocade Commun cal1ons Sys•ems Inc 64
Al R1gh's Reserved
Revision 0110 4 - 64
CFP380 Internal Use Only FCIP Theory
:_;
FCIPover -......
- Write Command R
...
-
equest
Transfer Ready
...
Data Transfer
~ransfer Ready
lxRTI Status
-
O 2009 Brocade Commun cal1ons Sys•ems Inc 65
Al R1gh's Reserved
Revision 0110 4 - 65
CFP380 Internal Use Only FCIP Theory
OSTP Write
Remote Acks
MP-75008
Revision 011 O 4 - 66
CFP380 Internal Use Only FCIP Theory
~
FC
•=
c......__,.
II
FCIPWAN ·=
·=
~ ,.
II
II
FC
ii
WRT CM01 ~
WRT_O.t01 ["""""'" WRT CM01
XFER ROY 1A XFER ROY 1A XFE.R ROY 1A
DATA OUT 1A
DATA OUT 1A
'
- Ii·
DATA OUT 1A
DATA OUT 1A :
DATA OUT 1A
OATA_OUT 1A
"i'
XFR ROY 18
XFER_ROY 18
DATA OUT 18 1- XFR_ROY 18
DATA OUT 18 I~ F;
DATA OUT 18
:
~
OATA_OUT 18
RSP1
WRT_CMD2
I DATA~OUT 18
RSP 1
,,
1•1,:
l'• '
DATA OUT 18
RSP1
II
WRT C /11102 WRT_CMD2
XFER_ROY2 XFER_RDY2 XFER ROY 2
DATA OUT 2
·I
OATA_OUT2
: DATA OUT2
DATA_OUT 2
f DATA OUT2 :? :
DATA OUT 2
RSP2
WRITE FILE.MARK
... RSP2
WRITE FILEMARK
...
RSP2
WRITE FILE.MARK
FCP_RSP
,, ..,
RSP
FCP_RSP
Revision 0110 4 - 67
CFP380 Internal Use Only FCIP Theory
OSTP Write
Host Initiator Local Channel Extender Remote Channel Extender Tape Target
(Proxy Target) (Proxy Initiator)
FC FCIPWAN FC
WRT_CMD 1
WRT_CMDl
XFER ROY 1 WRT_CM0 1
DATA OUT 1 XFER_RDY 1A
DATA OUT 1
DATA_OUT 1A
OATA_OUT 1
DATA_OUT 1
DATA_OUT1A
RSP 1
~
XFER_ROY 18
WRT_CMD2
WRT_CMD2 DATA_OUT1B
XFER ROY 2
DATA_OUT 2
OATA_OUT 2
DATA_OUT1B
RSP 1
OATA_OUT2 WRT_CM02
DATA_OUT2
RSP2 XFER_RDY2
WRITE_FILEMARK DATA_OUT2
WRITE_FILEMARK
DATA_OUT2
RSP2
WRITE_FILEMARK
RSP RSP
RSP
Revision 0110 4 - 68
CFP380 Internal Use Only FCIP Theory
OSTP Read
Revision 0110 4 - 69
CFP380 Internal Use Only FCIP Theory
OSTP Read
• After receiving the first read command, the remote router will
automatically respond locally with another read command after
each read 1/0 it receives from the tape controller
• The remote router pre-issues read commands for multiple data
blocks to maintain full utilization of bandwidth with links that have
significant latency
• Immediately after the host requests the next read 1/0, the local
router can respond with the data from its buffer
• This is possible because of the sequential nature of tape
Revision 0110 4 - 70
CFP380 Internal Use Only FCIP Theory
FC FCIPWAN FC
READ CMD1
READ_CMD1
READ_CMD1
READ CMD2
READ_CMD2
READ_CMD2
DATA_OUT 2 OATA_OUT2 DATA OUT2
Revision 0110 4 - 71
CFP380 Internal Use Only FCIP Theory
OSTP Read
FC FCIP WAN FC
READ CMD1
READ_CMD1
READ_CMD1
DATA_OUT 1 OATA_OUT 1 DATA OUT 1
Revision 0110 4 - 72
CFP380 Internal Use Only FCIP Theory
OSTP
What is Not Accelerated
Revision 0110 4 - 73
CFP380 Internal Use Only FCIP Theory
Revision 0110 4 - 74
CFP380 Internal Use Only FCIP Administration
Revision 0110 5- 1
CFP380 Internal Use Only FCIP Administration
Objectives
• After completing this module and associated lab exercises,
attendees will be able to:
- Configure and verify a VE_Port-to-VE_Port connection between the
Brocade 7800 and the Brocade FX8-24 Extension Blade
- Review CLI and DCFM configuration procedures
Revision 0110 5- 3
CFP380 Internal Use Only FCIP Administration
CLI - portcfggernediatype
• Can be used to configure the media type (on 87800 only)
• Allowed on ports GEO .and GE1 only
• Two media types allowed - Copper (default) and Optical
• The media type is configured using the command:
portcfggemediatype ge<Oll> <copper l optical>
The default media type is copper. The copper ports are RJ45 ports. The optical
ports are SFP ports.
Revision 0110 5- 5
CFP380 Internal Use Only FC IP Administration
XGbE
1G Mode
10G Mode
Dual Mode
GEO GE1 GU GE3 GE4 GE5 GE6 GE7 GE8 GE9 XGEO XGE1
Revision 01 10 5-6
CFP380 Internal Use Only FCIP Administration
Revision 01 10 5-9
CFP380 Internal Use Only FCIP Administration
Server Storage
Brocade DCX-4S
with FXS-24 Blade
Brocade 7800
IP Router
Port 8/geO
(FC port 8/12)
VE_Port
. -. .. Port geO
(FC port 16)
VE_Port
Footnote 1: While disabling the port is supported, it is recommended that the port
be persistently disabled during the tunnel configuration.
Revision 0110 5 - 10
CFP380 Internal Use Only FCIP Administration
Create IP Interface
• Create an IP interface using the portcf g command with the ipif
operand:
• portcfg ipif [slot/] ge port create ip_addr netmask MTU
- Required args for ipif include:
• ipaddr- Unicast 1Pv4 address
• netmask - Contiguous 1Pv4 bitmask
• mt u _ s i z e - 1500 Bytes
Revision 0110 5 - 11
CFP380 Internal Use Only FCIP Administration
IP Subnet Rules
• Each circuit that is included in a tunnel must use a different subnet
for each GbE interface it spans
- There cannot be multiple IP addresses on the same subnet spread
across multiple GE ports
• An GbE port can host multiple circuits that participate in multiple
tunnels. These circuits do not need to be in the same subnet, but
can be
• Circuits that make up a tunnel on a 10 GbE interface can reside in
the same subnet
Revision 0110 5 - 12
CFP380 Internal Use Only FCIP Administration
Brocade DCX-4S
with FXS-24 Blade
Brocade 7800
VE_Port
192.168.1.24
--- VE_Port
192.168.11 .78
Revision 0110 5 - 13
CFP380 Internal Use Only FCIP Administration
BrOCilldo OCX-4S
with FX8·24 Blade
VE_Pon VE_Pon
1112168124 • - - - 192.168 11 78
The port s h ow ipi f [slot / ] port command displays the interface ID, IP
address, netmask, and MTU slide for each IP interface.
The command po r tshow ipif a ll displays all interfaces.
Revision 0110 5 - 14
CFP380 Internal Use Only FCIP Administration
Define an IP Route
• After defining the IP interface of the remote switch, define
destination routes on an interface by configuring an IP route
- Add IP routes when crossing subnets
• IP routes are not necessary if both endpoints reside in the same subnet
- A maximum of 32 routes can be added per GbE port1
- Use the portcf g iproute command:
portcfg iproute [slot/] [ge] create <destination ip_address>
<netmask> <local gateway> <metric> (weight)
- Specify the ip_address and netmas k of the destination tunnel
• Specify the IP address of the local gateway responsible for forwarding
frames to destination IP address (must be on same subnet as local device)
• Use the default metric of 0 (if configuring more than one route you can make
the second one less preferred by setting a higher metric)
Revision 0110 5 - 15
CFP380 Internal Use Only FCIP Administration
• On the Brocade DCX-4S, add a route on port 8/geO to the remote IP interface
192 . 168 . 11 . 78 through local gateway 192 . 168 . 1 . 1 with a default metric of 0:
DCX : admin> portcfg iproute 8/geO create 192.168.11.0
255.255.255.0 192 . 168 . 1 . l 0
• On the Brocade 7800, add a route on port geO to the remote IP interface
192 . 168 . 1. 2 4 through local gateway 192 . 168 . 11 . 1 with a default metric of O:
B7800 : admin> portcfg iproute geO create 192.168.1.0
255.255.255.0 192 . 168.11.l 0
VE_Po11
192.168.1.24
--- VE_Port
192.168.11 .78
Revision 0110 5 - 16
CFP380 Internal Use Only FCIP Administration
192 . 168 . 1.0 255 . 255 . 255 . 0 192 . 168 . 11.1 0 Interface
Gateway 192.168 1 1
VE_P011
192.168.1 2•
. --. VE_POl1
192.168.11.78
Revision 0110 5 - 17
CFP380 Internal Use Only FCIP Administration
Server Storage
Brocade DCX-CS
with FXtl-24 Blado
Brocade 7800
VE_Poo VE_Poo
192. 168.1.24 •• - • 192.168.11.78
Revision 0110 5 - 18
CFP380 Internal Use Only FCIP Administration
max
1 192 . 168 . 1 . 1 16 ms 0 ms 0 ms
2 192 . 168 . 11 . 78 16 ms 0 ms 0 ms
Traceroute complete .
Revision 0110 5 - 19
CFP380 Internal Use Only FCIP Administration
Brocade DCX-45
with FXS-24 Blade
Brocade 7800
VE_Port
192.168.1.24
•
Revision 0110 5 - 20
CFP380 Internal Use Only FCIP Administration
VE_ Port
VE_Port
192.168.1.24 • - - - 192.168.11.78
Tunnel O (!Port 8/12) Tunnel O (Port 16)
CircuitO Circuit O
Optionally, a value can be set for a minimum and a maximum committed rate to configure the tunnel
for Adaptive Rate Limiting (ARL), which allows for a more effective sharing of bandwidth between
applications. The valid range is 1544. Kbps - 1000000 Kbps. Both sides of the tunnel must have
matching configurations.
-b I --min-comm-rate minimum
Modifies the minimum committed traffic rate on the FCIP circuit O in Kbps.
-B I --max-comm-rate maximum
Modifies the maximum committed traffic rate on the FCIP circuit 0 in Kbps.
Revision 0110 5 - 21
CFP380 Internal Use Only FCIP Administration
Add Circuits
• Once a tunnel is created, additional circuits can be configured to
provide redundancy and bandwidth
portcfg fcipc i rcui t [s l ot/]ve_ port option circu it ID option s
[arguments ] [optional_arguments ]
Revision 0110 5 - 22
CFP380 Internal Use Only FCIP Administration
• On the 7800, create an IP interface on port geO with an MTU size of 1500:
87800 : adrnin> portcfg ipif l gel lcreate (192 .168 .12=::±!) 255. 255. 255. 0 1500
Operation Succeeded
• On the DCX-4S, add a route on port 8/ge1 to the remote IP interface
192 . 168 . 12 . 78 through !local gateway 192 . 168 . 2 . 1 with a default metric of O:
DCX : admin> portcfg iproute 8/gel create 192 .168.12 . 0 255.255.255.0
192.168.2.l 0
• On the 7800, add a route on port ge1 to the remote IP interface 192 . 168 . 2 . 2 4
through local gateway 192 . 168 . 12 . 1 with a default metric of o:
B7800 : adrni n> portcfg iproute gel create 192.168 .2.0 255.255.255.0
192.168.12.1 0
Revision 0110 5 - 23
CFP380 Internal Use Only FCIP Administration
Revision 0110 5 - 24
CFP380 Internal Use Only FCIP Administration
Tunnel ID : 8/12
Tunnel Description :
Admin Status : Enabled
Oper Status : Up
Compression : Off
Fastwrite : Off
Tape Acceleration : Off
TPerf Option : Off
IPSec : Disabled
Remote WWN : 10 : 00 : 00 : 05 : 1e : SS : a1 : 80
Local WWN : 10 : 00 : 00 : 05 : le : 92 : db : OO
Peer WWN : 10 : 00 : 00 : 05 : le : SS : a1 : 80
Circuit Count : 2
Flags : OxOOOOOOOO
FICON : Off
Revision 0110 5 - 25
CFP380 Internal Use Only FCIP Administration
Tunnel Circuit OpStatus Flags Uptime TxMBps RxMBps ConnCnt CommRt Met
ConnCnt =Connection count. Increments the times the circuit has been initialized.
Revision 0110 5 - 26
CFP380 Internal Use Only FC IP Administration
15 15 No Module
16 16 Offline Disabled (Persistent)
17 17 No Module
<Truncated Output>
B78 00 : admin> portcfgpersistentenable 16
Footnote 1: VE Ports are virtual E Ports established over a FCIP tunnel. Some of
the parameters that cause VE_Ports to segment include domain overlap, zoning,
incompatible fabric parameters. Note that these are the same parameters that will
cause E_Ports to segment (see fabstatss h ow help information).
DCX : admin> fabstatsshow
Description Count
Revision 01 10 5 - 27
CFP380 Internal Use Only FC IP Administration
15 15 No_Modu le
16 16 Online VE - Port 10 : 00 : 00 : 05 : le : 36 : 04 : 06 " DCX- 4S " ( downstream)
17 17 No Modu le
<Truncated Outpu t >
geO id lG Onli ne
~:~:i: ; isool
Name : Rl - STOl - 8780 0
Path Cou nt : 1
Hops : 1
Out Por t : 8/1 2
I n.Eorts : 119
[ Total Bandwi dth : 0 . 2 5 6 Gbp s (adj usted)
Bandwi dth Demand : 390 %
F lags ; D
The metric is derived from two paths at 100 Mbps, subtracted from 2000 1800. =
Total Bandwidth is derived from .128 Gbps per 100 Mbps. 200 x .128 0.256 Gbps. =
Revision 01 10 5 - 28
CFP380 Internal Use Only FCIP Administration
BROCADE
EDUCATION SOLUTIONS
Revision 0110 5 - 29
CFP380 Internal Use Only FCIP Administration
Revision 0110 5 - 30
CFP380 Internal Use Only FCIP Administration
- Fabric,
·-·
IB ~ll!-"91. . . .
..~..-.es
...4191. . . .
,
....
.....oo.- '
~
Switch,
Tunnel
J
--·-
...,,_..,,(an ..,"'
~-
·--...........
W2tU • t t
displays
-- 'llJlll)llH
details of
-
_,...c--,._,....~
i::~•1 )••1fOfXX11
selection
in upper table
-- ... -
C 2009 Brocade Commun cat ens Syst ems Inc 31
Al I R ghTS Reserved
Revision 0110 5 - 31
CFP380 Internal Use Only FCIP Administration
VEXPort
Revision 0110 5 - 32
CFP380 Internal Use Only FCIP Administration
;~ Select Sw1tcill Ef
Revision 0110 5 - 33
CFP380 Internal Use Only FCIP Administration
__J De=~ion
OK
Revision 0110 5 - 34
CFP380 Internal Use Only FCIP Administration
In otdef to ~e the tl.llnel conf9,r.Clon, P lnlef1oces on bolh ends of lhe tl.llnel need to
be defhd by ~ on the Add Cl-cult bttlon.
Revision 0110 5 - 35
CFP380 Internal Use Only FCIP Administration
·-........-
$wtl.c hOf\oSettino9' SWil:thTWO~
configuration page
·-........
R1.$T01.0CX-4S 111.$1('1~
"""" •a> ra>
--)
'II.ANO
(Bit* er 1 ·4'&',f"OSVer - 8.0.D)
• ~(15'&.1000Mbll)
-..
1!.~
...-...
~
--)
'II.ANO ~., Swtc:hOrw
Revision 0110 5 - 36
CFP380 Internal Use Only FCIP Administration
IP Route
IPAddress fl'Mcte:n~ • Pv4
Subnet i----t- • f'AMeu 11121fllt 12
•Nb--
...__ uo11111
...__
""'**.....
-
Defd~ew9 . . ~U1W'9h~Padll-HI Oe1'U etlllltd ll!l'IO . .mow p ad!SMS
.J o.-.~-..-.c. o ... ~,..,.._..
°""'"'
Revision 0110 5 - 37
CFP380 Internal Use Only FCIP Administration
MTUSt1•(12'0·2)4f)
Set bandwidth of
•
--
COll'!f!ICed(1 ,St&..1COO...,.)
'lit.c
in this
release),
VLANID
--<->
15'44
committed rates
""'""""""""-
Footnote 1: Entering the same value in both fields is effectively setting a committed
rate w ithout using Adaptive Rate Limiting (ARL).
Revision 0110 5 - 38
CFP380 Internal Use Only FCIP Administration
® t:mml·@§MbijiiiiiiiiQ!.!, -
t:.....
.......
..
.,_...
Revision 0110 5 - 39
CFP380 Internal Use Only FCIP Administration
-(Mbls)
• ~ed(1.544-1000Mbls)
Mmun MalCilun
!!SL I ~ =mJ
Circuit - from c..rert-.....-
Add Circuit ;:::rsmmmiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii~
page ~•NM!CM"91t0tlht111V'1111atlt . . . . anlNMllclecl&'Wlcf'lr.d• aeconcla....wt•utlcMd
MlltUll o--. '*°o.tl<f'.-w1eet)st'CUib9 Mt 't>lor eck;tlnlJe .........
_ -
5""".d'IOMS4mlr!Q9 S..mtwoSett.-. Sillld$wtch fVll'O
s-.....
,,,
fh-STOt.OOC-'$
,_ "1.$101-
"'"'
""""'_ '"'
-- _
Yenty P ComecWty
....... ....... '"""
....._.
... . .,........
,,.. ...,,.. . .....
"""""
Tunnel
M4o...A
---Y
O 2009 Brocade Commun cal1ons Sys•ems Inc
OK c....t
40
-
Al R1gh's Reserved
Revision 0110 5 - 40
CFP380 Internal Use Only FCIP Administration
Revision 0110 5 - 41
CFP380 Internal Use Only FCIP Administration
Rollback
• If any errors are encountered when configuring the tunnel I circuits, the option is given to
rollback the configuration
...
~·""f«t.,h!KltP'tCfl«•
,__.,,loc.lls:Y1oldlP..-,_.....,
~·IOU•cn. . lrK#f""Nf<fttl ..... 1'1 ~
FwMSn11Ktf,..olitlC:ftP101M.... Si.i«..-.
~..,..,., .., • • •we(ft ~
~1'1Qll.n'llll~an_.1W'ldl.~
........ ~&'oNC:cnt.mlllnf~,... ~
~UWll~M~l..Cd'I $'&.CC..-,
~ . . . k1Uf'f(lr1 Sitt.....
,.....,.. JWtd\.............
~~·~tAt•onhr..Us-<dCtl lll G
~•"°'-"'on1NllX.al1""-Ulli il ooes
1-.,toeclltP"*'l.u
Mlo1tll
~
~1COIT*1toh.-.-ldl .-r-cr~Gtlj
,_~,..-.11.,._,.P•Ol..t•_. ~
~.,,..to1Cll"t r..ar.P'tdl MliontcJ
~.,,.~~ .... ,-..~.AllonM
""Mll"'il'-*lwtd't.lU'ftlll~--~
~..,.,......,..Ol'l,_. .....(11 ...,..
~ . . , . . . . port "'**'
0o'llQ,IWW"C-tof<llOIK*-.,M,_~~""""~'-.lld10tcll:llP.,...,_,.,
ICOJDi,oomedtohc'WllCtl 9mlt' ~otifltt.,..,, . .
Revision 0110 5 - 42
CFP380 Internal Use Only FCIP Administration
Rollback Status
• Displayed after clicking the Rollback button
•.; roP Tunlll'l/Circun Confl&0raUon Rl!port [g)
--
F.....,
===-~~~~~~~~~~~~'...
.;
I+
.,;
=--
P#Mb'19t1C11t1•'td'l1U"ne1nrorwm;oncti11...
51-.n lfn"oMnug.
Sutc.dld
====.:i=s-..,..Ch =~CllletePl'Wleu«U:t'llcomtctlON~Ch
Ptlt11!Ar"9toc.al!S~PrMt.... sueutdld
-
errcrt
Revision 0110 5 - 43
CFP380 Internal Use Only FCIP Administration
BROCADE
EDUCATION SOLUTIONS
Revision 0110 5 - 44
CFP380 Internal Use Only FCIP Administration
Tperf
• Tperf (tunnel performance) is a tunnel test tool that was added in
Fabric OS v6.3.0 to provide an alternative to IPPERF
- Tperf is only supported on the 7800 and FX8-24 platform s
- IPPERF is only supported on the 7500 and FR4-18i platforms
• The intent is to provide a network bandwidth reliability test tool that
utilizes test data between a pair of switches to determine the
network characteristics between the switches
• With the advent of FCIP Trunking, a new tool is required with the
ability to generate and report on the sending of test data over an
FCIP Tunnel
- IPPERF was GE source and destination IP Address specific, therefore
it was not suited to the newly implemented FCIP Tunnels on the 7800
and FX8-24 platforms
Revision 0110 5 - 45
CFP380 Internal Use Only FCIP Administration
Tperf (cont.)
• There are two main modes of operation for FCIP Tunnels:
- Primary mode of operation is as a VE port
- Tperf tunnel
• An FCIP tunnel cannot be in both modes at the same time
- When the FCIP tunnel is modified or created to be a tperf tunnel, there
is no associated online VE port with that FCIP tunnel
• The intent was to 100°/o separate a test tunnel from an on line
VE_ Port path
• A tperf tunnel will consume bandwidth, so care must be taken
when creating a tperf tunnel on the same device that hosts a
production tunnel
Revision 0110 5 - 46
CFP380 Internal Use Only FCIP Administration
Tperf (cont.)
• TPerf option requires two separate FCIP devices to function
- One device plays the role of a sink (destination) and the other device plays the
role of the source
• User must specify that the tunnel is a TPerf tunnel by:
- Creating a new tunnel
- Or modifying an existing tunnel using the TPerf flag - T <O 11>
• The -sink command must be run before the - source . Once the
- source command runs, traffic will be generated.
• Commands must be run on both devices. This example is
modifying an existing tunnel:
B7800 : admi n > portcfg fciptunnel 16 modify -T 1
DCX-4S : admi n> portcfg fciptunnel 8/12 modify - T 1
DCX-4S : admin> portcmd --tperf 8/12 -si nk
B7800 : admin> portcmd --tperf 16 -source - high - low - random
Revision 0110 5 - 47
CFP380 Internal Use Only FCIP Administration
Revision 0110 5 - 48
CFP380 Internal Use Only FCIP Administration
Tunnel ID: 16
High Priority Medium Priority Low Priority
bytes tx 241064 0 312292
bytes rx 80 0 40
PDUs tx 52 0 51
PDUs rx 2 0 1
bad CRC headers rx 0 0 0
bad CRC payloads rx 0 0 0
out of seq PDUs rx 0 0 0
flow control count 0
last rtt 0 2
Tunnel ID: 16
High Priority Medium Priority Low rriority
bytes tx 241064 0 312292
bytes rx 80 0 40
PDUs tx 52 0 51
PDUs rx 0 1
bad CRC headers rx 0 0 0
bad CRC payloads rx 0 0 0
out of seq PDUs rx 0 0 0
flow control count 0 1
last rtt 0 2
Revision 0110 5 - 49
CFP380 Internal Use Only FCIP Administration
Tunnel ID : 16
High Priority Medium Priority LOw Priority
bytes tx 521914320 0 201160 680
bytes rx 2054400 0 816600
PDUs tx 51410 0 20465
PDUs rx 51360 0 20415
bad CRC headers rx 0 0 0
bad CRC payloads rx 0 0 0
out of seq PDUs r x 0 0 0
flow c~ntrol count 0 0 0
last rt t 58 0 146
Tunnel ID : 16
High Priority Medium Priority Low Priority
bytes t x 179957856 0 310976064
bytes rx 3011120 0 1223280
PDUs tx 76828 0 30632
PDUs rx 76118 0 30582
bad CRC headers rx 0 0 0
bad CRC payloads rx 0 0
out oC seq PDUs rx 0 0 0
flow control count 0 0 0
last rt t 58 0 146
Tunnel ID : 16
High Priority Medium Priority Low Priority
bytes t x 1038072456 0 414150840
bytes rx 4088120 0 1629800
POUs tx 102253 0 40795
PDUs rx 102203 0 40745
bad CRC headers rx 0 0 0
bad CRC payloads rx 0 0
out of seq PDUs rx 0 0
flow control count 0 0 0
last rt t 58 0 146
Tunnel ID : 16
H.igh Priority Medium Priority Low Priority
bytes tx 1296ll5992 0 517345920
bytes rx 5104840 0 2036400
PDUs tx 127671 0 50960
PDUs rx 127621 0 50910
bad CRC headers rx 0 0 0
bad CRC payloads rx 0 0
out of seq PDUs rx 0 0 0
flow control count 0 0
lase rt t 58 0 146
Revision 0110 5 - 50
CFP380 Internal Use Only FCIP Administration
Tunnel ID : 16
High Priority Medium Priority Low Priority
bytes tx 1554169680 0 620541000
bytes rx 6121600 0 2443000
PDUs tx 153090 0 61125
POUS rx 153040 0 61075
bad CRC headers r.x 0 0 0
bad CRC payloads rx 0 0 0
out of seq POUs rx 0 0 0
flow control count 0 0
last rt t 58 0 146
Tunnel ID : 16
High Priority Medium Priority Low Priority
bytes tx 1812182760 0 723725 928
bytes n 7138200 0 284956-0
PDUs tx 178505 0 71289
POUs rx 178455 0 71239
bad CRC headers rx 0 0 0
bad CRC payloads rx 0 0
out of seq PDUs rx 0 0 0
flow control count 0 0
last rt t 58 0 146
Tunnel IO : 16
High Priority Medium Priority Low Priority
bytes tx 2070216144 0 826921008
bytes rx 8154880 0 3256160
POUs tx 203922 0 81454
PDUs rx 203872 0 81404
bad CRC headers rx 0 0
bad CRC payloads rx 0 0
out of seq POUs rx 0 0
flow control count O 0 0
last rtt 58 0 146
Tunnel ID : 16
High Priority Medium Priority Low P["iority
bytes tx 2328269832 0 930095784
bytes rx 9171640 0 3662680
PDUs tx 229341 0 91611
POUS rx 229291 0 91567
bad CRC headers rx 0 0 0
bad CRC payloads rx 0 0 0
out of seq PDUs rx 0 0
flow control count 0 0 0
last rt t 58 0 146
TUnnel ID : 16
High Priority Medium Priority Low Priority
bytes tx 2586313368 0 1033290864
bytes rx 10188360 0 4069280
POUs tx 254759 0 101782
PDUs rx 254709 0 101732
bad CRC headers rx 0 0 0
bad CRC payloads rx 0 0 0
out of seq POUs rx 0 0 0
flow control count 0 0 0
last rt t 58 0 146
Revision 0110 5 - 51
CFP380 Internal Use Only FCIP Administration
BROCADE
EDUCATION SOLUTIONS
Revision 0110 5 - 52
CFP380 Internal Use Only FC IP Administration
Revision 01 10 5 - 53
CFP380 Internal Use Only FC IP Administration
54
C 2009 Brocade Commun ca1 ans Systems Inc 54
Al I R ghTS Reserved
Footnote 1: Invoke the following commands to delete the tunnel created between
the Brocade 7800 port 17 Brocade DCX-4S 10/17:
From Brocade 7800: portcfgdefaul t geO; portcfgdefaul t 1 7
From Brocade DCX-4S: portcfgdefault 10/geO. Slot 10 port 17 acts as a
Virtual E_Port, it does not have and VEX_Port parameters to delete.
Note that because geO was defaulted, the FCIP parameters associated with the
connection between the Brocade 7800 port 16 and Brocade DCX-48 10/16 created
earlier would also be deleted. If the portcfgdefaul t command were invoked on
the Brocade 7800 port 16 the VEX_Port parameters would also be deleted.
Revision 01 10 5 - 54
CFP380 Internal Use Only FCIP Administration
High Availability
• When Active CP fails over, there is no impact to distance traffic
• Using slotpoweroff for the FX8-24 blade would gracefully
shutdown both FC and extension traffic
• An upgrade of Fabric OS would result in res.et of the FCIP
subsystem
- Layer 2 FC traffic is non-disruptive
- Distance (FCIP) traffic would become temporarily unavailable
Revision 0110 5 - 55
CFP380 Internal Use Only FCIP Administration
Summary
• Configuring and verifying a VE_Port-to-VE_Port connection
between a Brocade 7800 and a Brocade FX8-24 extension
blade can be done from the CLI or by us.ing DCFM
• Tunnel performance can be tested using tperf
Revision 0110 5 - 56
CFP380 Internal Use Only FCIP Administration
BROCADE
EDUCATION SOLUTIONS
Revision 0110 5 - 57
CFP380 Internal Use Only FCIP Administration
Revision 0110 5 - 58
CFP380 Internal Use Only Adaptive Networking Traffic Management
Revision 0110 6- 1
CFP380 Internal Use Only Adaptive Networking Traffic Management
Objectives
• After completing this module and associated lab exercises,
attendees will be able to:
- Define Brocade FC Adaptive Networking
- Differentiate the features of Brocade FC Adaptive Networking related to
traffic management
- Implement Quality of Service (QoS) Source ID/Destination ID
(SID/DID) traffic prioritization in the fabric
- Describe QoS traffic prioritization for Brocade HBAs
- Implement Ingress Rate Limiting (IRL) in the fabric
- Describe Target Rate Limiting (TRL) for Brocade HBAs
- Implement Traffic Isolation (Tl) zoning in the fabric
BROCADE
EDUCATION SOLUTIONS
Adaptive Networking
• Adaptive Networking is a framework concept encompassing:
- Traffic management
• Quality of Service (QoS)
• Allocates priority if congestion occurs
•Assigning data flows to a dedicated physical link (Tl zones)
• Setting bandwidth limits for a data flow (Ingress/Target Rate Limiting)
- Fabric profiling : reports information that can be utilized to best
implement QoS, Tl , IRL and TRL
•Top Talkers
• Uses internal monitoring to measure bandwidth and queue utilization
• Bottleneck detection
• Identifies devices attached to the fabric that are causing the slowing down of
traffic
While a Fabric OS license does exist with the same name, the concept of adaptive
networking goes beyond the single license.
Adaptive Networking is a suite of tools and capabilities that enable you to ensure
optimized behavior in the SAN. Even under the worst congestion conditions, the
Adaptive Networking features can maximize the fabric behavior and provide
necessary bandwidth for high-priority, mission-critical applications and connections.
Licensing
BROCADE
EDUCATION SOLUTIONS
Footnote 1 : VC bandwidth is assigned to priority types. When all priorities are being
used , High priority gets approximately 60% of total bandwidth, Medium priority gets
approximately 30%, and Low priority gets approximately 10%. If not all bandwidth is
utilized in a particular priority level, unused bandwidth can be used by other
priorities.
. /!~1111f:J1 - ilftit
I l ......___._ ......- . -...........
•
.-. -
0 Class F
1 Reserved
~
2 Data
Data
All
3
~ Data
4 Data
Traffic
5
6
Data
Class 3 Multicast
--
7 Broadcast/Multicast
.''.'__
·;-
•·.
~~·Q08 ·
-~-
~-
-._,
~- ~>J. -~ --~
ct< · -;-;
. ;,:-;:- -;;,;:-
":
-·
1'1 ::· ...
6 Class 3 Mlulticast
7 Broadcast/Multicast
8 Low Priority QoS
9 Low Priority QoS
10 High Priority QoS
11 High Priority QoS
15 Reserved
The example above illustrates the breakdown of the 8 Gbps ISL into individual VCs
and their priority assignments. Both Condor2 and Goldeneye2 AS ICs support this
model.
Revision 0110 6 - 10
CFP380 Internal Use Only Adaptive Networking Traffic Management
Footnote 1: These operations will only occur if there are enough frames in each
queue to process. Results may vary depending on the status of the fabric profile at
that moment, known as a time slice.
Revision 0110 6 - 11
CFP380 Internal Use Only Adaptive Networking Traffic Management
Contention vs Congestion
• Contention is when multiple frames arrive at the link at the same
time Host
4 Gbps Point of Contention
8Gbps
4 Gbps
4Gbps
Host
Tape
8 Gbps
Revision 0110 6 - 12
CFP380 Internal Use Only Adaptive Networking Traffic Management
VCO DDDl}TxQueue {
High D ODDDDDI
Medium DDDDDDI ====
;;::::::=:===
low l l• l• i• J• l• I I,___ _ __.
RxQueue
Revision 0110 6 - 13
CFP380 Internal Use Only Adaptive Networking Traffic Management
~::
M•<lla'Tl==:::;;;
o;;;;o;;;;o;;;;:::i .__ _.,
D l}Tx Queue { DOD~~~:
ODDI
;::::::::::::::;:::::::::::;:::::::::;::::::::
Low i• l• ,• l• I I •I
Rx Queue
Revision 0110 6 - 14
CFP380 Internal Use Only Adaptive Networking Traffic Management
Footnote 1: These numbers are generic and assume full payload frame size with a
complete variety of queued traffic. If payloads are not full, then the percentages
could vary greatly. If there are not enough frames of a particular priority in the
queue, the frames that are present will be sent and process will skip the remaining
allotment and move to the next priority, thus varying the percentage ..
For, example if there are only 4 frames of high priority traffic, but VCO has 4 frames
and medium and low priority queues each have 20 frames, then the proportion of
high priority bandwidth to the other traffic will be much less than 60% at
approximately 33% (4 high/(4 VC0+4 high+3 med+1 low))
The percentages will vary depending on the fabric profile at the moment of QoS
processing.
Revision 0110 6 - 15
CFP380 Internal Use Only Adaptive Networking Traffic Management
..:.rr.-:t:111u...·• .:u11
0 Class F
1 Reserved
~
L -~ ..~. . . . .-~,QO'B\
r=·r•I= )~;~-
6 Class 3 Multicast
7 Broadcast/Mult.icast
8 Low Priority QoS
9 Low Priority QoS -10%1
Footnote 1: Bandwidth that is actually observed in the fabric during contention for
the line is coincidental and not a set, nor directly configurable, rate. The number of
frames and their payloads of the fabric profile determine the actual bandwidth. QoS
does not use any of these metrics to determine frame priority.
Revision 0110 6 - 16
CFP380 Internal Use Only Adaptive Networking Traffic Management
QoS Zones
• Prioritization is accomplished by the use of QoS zones
- These will appear as rnormal zones
- All regular zoning rules apply
- Can be created using WWN notation or D,I (domain,index) notation
• D,I notation requires Fabric OS v6. 3.0 or later
• To distinguish QoS zones from normal zones, special prefixes are
used in the zone names:
- QOSH_ to set high priority
- QOSL_ to set low priority
- Prefixes are not case sensitive
• Default setting is medium priority, and is used when no QoS zones
a re specified or when QoS is not enforced
Revision 0110 6 - 17
CFP380 Internal Use Only Adaptive Networking Traffic Management
If a QoS zone name prefix is specified in an LSAN zone (a zone beginning with
prefix "LSAN_"), the QoS tag is ignored. Only the first prefix in a zone name is
recognized. For example, a zone with the name "LSAN_QOSH_zone1" is
recognized as an LSAN zone and not a QoS zone.
Revision 0110 6 - 18
CFP380 Internal Use Only Adaptive Networking Traffic Management
0 Class F
1 Reserved
....-~:.QQI:
-~
~.. .
:llidliiit.~. i
·- - ~
·•·
~~
J! ··~.~-· ._, !';>'
•;
6 Class 3 Multicast
7 Broadcast/Multicast
8 Low Priority QoS 1
9 Low Priority QoS 2 - 10% 1
The high and low priority sections have flow ids for each VC that can be used during
the creation of the QoS zone to designate specific VCs for use. Medium VCs do not
have a flow id.
Revision 0110 6 - 19
CFP380 Internal Use Only Adaptive Networking Traffic Management
Domain 1
Target B
~
~~F-O-S-v6-.3-~---1~
Oomain2
QoSH2_zone1
Revision 0110 6 - 20
CFP380 Internal Use Only Adaptive Networking Traffic Management
Footnote 1: QoS queue handling is executed at each link along the path that is
experiencing contention. If there is no contention at that link, all traffic is treated as
medium priority. This does not affect latency, as bandwidth is available to handle
requests at line rate.
Revision 01 10 6 - 21
CFP380 Internal Use Only Adaptive Networking Traffic Management
If the number of Buffer Usage is less than the number of Needed Buffers, the port is
operating in the buffer limited mode.
Footnote 2: By default, the value is AE, Auto Enable. =ON'or =OFFwill only appear
if the feature has been explicitly enabled or disabled, respectively.
Revision 0110 6 - 22
CFP380 Internal Use Only Adaptive Networking Traffic Management
• If QoS is enabled, additional buffer credits are allocated per port for
8 Gbps ports in LE mode
- Condor2 ASIC allocates 8 additional credits
- GoldenEye2 ASIC allocated 2 additional credits
Revision 0110 6 - 23
CFP380 Internal Use Only Adaptive Networking Traffic Management
Revision 0110 6 - 24
CFP380 Internal Use Only Adaptive Networking Traffic Management
After a firmware downgrade, the zoning configuration would be intact, however, any
zones that had a QOSX_ in the name would now be treated as regular zones. Since
earlier versions of Fabric OS do not understand the concept of QoS zoning, these
zones would be treated as normal zones.
Revision 01 10 6 - 25
CFP380 Internal Use Only Adaptive Networking Traffic Management
BROCADE
EDUCATION SOLUTIONS
Revision 0110 6 - 26
CFP380 Internal Use Only Adaptive Networking Traffic Management
Command operands:
--enab l e Enables Quality of Service (QoS)
port_ id Specifies the ID of the port on which QoS is enabled
- - disabl e Disables Quality of Service (QoS)
port_ id Specifies the ID of the port on which QoS is disabled
--q u ery Queries the QoS details
port_ i d Specifies the ID of the port for which you want to display information.
- - s t at s Displays the QoS statistics
port_ id Specifies the ID of the port for which you want to display statistical
information.
--s t a t sclr Clears the QoS statistics
port_ id Specifies the ID of the port for which you want to clear statistical
information
Revision 01 10 6 - 27
CFP380 Internal Use Only Adaptive Networking Traffic Management
BROCADE
EDUCATION SOLUTIONS
Revision 0110 6 - 28
CFP380 Internal Use Only Adaptive Networking Traffic Management
Footnote 1: The Brocade 48000 with 8 Gbps blades will support Ingress Rate
Limiting on all installed 8 Gbps ports, but QoS is limited to pass-through support in
the same way all other 4 Gbps switches operate. In other words, all 4 Gbps and 8
Gbps FC ports support QoS through the switch, but do not support QoS to/from
devices attached to the Brocade 48000.
Footnote 4: Slow drain and congestion issues will be covered in more detail in the
bottleneck detection section of this module.
Revision 0110 6 - 29
CFP380 Internal Use Only Adaptive Networking Traffic Management
SPEED
LIMIT
200
••
Mbps
e Ta pe
~
••
• • •••
• ••
Hosts
Disk
The settings for Ingress Rate Limiting are unidirectional. In the example above,
traffic returning from a target to a host would travel at full line speed, unless the
ingress side of the target's port is also throttled back. In which case, traffic would be
rate limited in both directions.
The switch ports in the example above are assumed to be capable of 8 Gbps.
Note: If Virtual Fabrics is enabled, the rate limit configuration on a port is on a per-
logical switch basis. That is, if a port is configured to have a certain rate limit value,
and the port is then moved to a different logical switch, it would have no rate limit
applied to it in the new logical switch. If that same port is moved back to the original
logical switch, it would have the original rate limit take effect again.
Revision 01 10 6 - 30
CFP380 Internal Use Only Adaptive Networking Traffic Management
Footnote 1: Rate Limit is set in Mbits/sec. For example, to set a rate limit on slot 3,
port 4 to 2 Gbps, the command syntax would be:
portcfgqos --setratelirni t 3/4 2000
SetRateLimi t allows the following rates in Mbits/sec:
• 200
• 400
• 600
• 800
• 1000
• 1500
• 2000
• 2500
• 3000
• 3500
• 4000
• 5000
• 6000
• 7000
• 8000
Revision 0110 6 - 31
CFP380 Internal Use Only Adaptive Networking Traffic Management
FCl'orb I
R!J · ST02· B51 · Web Tools Is0 1H;11p11g,gn.,
FC Ports E>cplot« : l l - Odells Ii ~ C<lntiglnljon
.-"'.........__........__
. . m·•·•"~. .._..--•mj--- x
"' Sw
AIE
Oes>edOosUnce(lm)
Tine
Fri Dee 19 2008 00:3'1:06 GMT
~ue Feb 03 2009 20:13:11 GM"
T elnet!SSH Client
Tue Feb 03 2009 20:13:22 GM"
Revision 0110 6 - 32
CFP380 Internal Use Only Adaptive Networking Traffic Management
Running portcfgsh ow command without specifying a port will show ON for any
ports that have Rate Limiting enabled. The configured speed will not be displayed .
Revision 0110 6 - 33
CFP380 Internal Use Only Adaptive Networking Traffic Management
BROCADE
EDUCATION SOLUTIONS
Revision 0110 6 - 34
CFP380 Internal Use Only Adaptive Networking Traffic Management
Command operands:
--enable Enables Quality of Service (QoS).
port_ id Specifies the ID of the port on which QoS is enabled.
--disabl e Disables Quality of Service (QoS).
port_ id Specifies the ID of the port on which QoS is disabled.
--query Queries the QoS details.
port_ id Specifies the ID of the port for which you want to display information.
--stats Displays the QoS statistics.
port_ id Specifies the ID of the port for which you want to display statistical
information.
--statsclr Clears the QoS statistics .
port_ id Specifies the ID of the port for which you want to clear statistical
information.
Revision 0110 6 - 35
CFP380 Internal Use Only Adaptive Networking Traffic Management
• BCU Commands:
bcu ratelim --enable <port_ id>
bcu ratelim --disable <port_ id>
bcu ratelim --query <port - id>
bcu ratelim --defspeed <port_id> [<11214>]
Command operands:
--enable Enables target rate limiting, if currently disabled
port_ id Specifies the ID of the port you want to enable
--disabl e Disables target rate limiting on the HBA, if currently enabled
port_ id Specifies the ID of the port you want to disable
--query Queries the target rate limiting details
port_ id Specifies the ID of the port for which you want to display
information.
--def speed Sets the default target rate limiting speed. The default TRL
speed must be supported and less than the maximum speed
at which the card can operate
port_id Specifies the ID of the port on which you want to set the
speed
speed 1 1214 Sets the default target rate limiting speed on the HBA. Options
are 1 Gbps, 2 Gbps, and 4 Gbps.
Revision 0110 6 - 36
CFP380 Internal Use Only Adaptive Networking Traffic Management
8Gbps Storage
2Gbps Tape
For all discovered remote ports, the HBA management tool and corresponding
driver will use RPSC to find their port speed capabilities and then use this
information to throttle the transmitted traffic rate to that remote port. This will
provide protection only for FCP write traffic.
At each port level, target rate limiting can be turned on/off. When on , there are 2
scenarios:
• Target supports RPSC (Report Port Speed Capabilities) ELS
• Target does not support RPSC ELS. In this case, the HBA management tool
will assume a default target speed of 1G. A hidden configuration parameter
(not exposed to user) to change this default speed setting will be available for
troubleshooting purposes.
Revision 01 10 6 - 37
CFP380 Internal Use Only Adaptive Networking Traffic Management
BROCADE
EDUCATION SOLUTIONS
Revision 0110 6 - 38
CFP380 Internal Use Only Adaptive Networking Traffic Management
This feature can aid in the control of frame flow through a fabric. Please see the
Fabric OS admin guide for a more detailed discussion of the Traffic Isolation feature.
Footnote 2: Traffic Isolation Routing has limited support for FICON FCIP in
McDATA Fabric Mode (interopmode 2), in the following configuration only:
• Brocade 7500 with E- Port connections to an M-switch and VE- Port
connections to another Brocade 7500
• Devices attached to M-switch only
Following is a sample configuration:
Devices - M-switch - Brocade 7500 - Brocade 7500 - M-switch - Devices
Revision 01 10 6 - 39
CFP380 Internal Use Only Adaptive Networking Traffic Management
Footnote 1: Routes are not being changed, but one or more are being dedicated for
use by a specific set of devices. The urouteshow command will show available· Tl-
zoned routes.
Revision 01 10 6 - 40
CFP380 Internal Use Only Adaptive Networking Traffic Management
Host A Target A
HostB
---- + 2>
3
h.
~
Host e · · ~TargetC
4
Fabric Shortest Path First (FSPF) is the protocol by which routes are selected in a
fabric . Dynamic Path Selection (DPS) is also called =Ex;hange-Based Routing'.
Revision 01 10 6 - 41
CFP380 Internal Use Only Adaptive Networking Traffic Management
Tl Zone
..
• ~ TargetC
The ISL in the Tl zone depicted above will be exclusively reserved to Tl zoned traffic
as long as there is another equivalent cost route available.
Revision 0110 6 - 42
CFP380 Internal Use Only Adaptive Networking Traffic Management
Tl Zones Analyzed
• They are called "zones", but they are really about FSPF routing
• A standard zoning configuration must be in effect for this feature to
work
• Tl zones will only appear in the defined zoning configuration , not in
the effective zoning configuration
• Tl zones can be used with McDATA Fabric mode1
- Cannot be used with McDATA Open Fabric mode
• A maximum of 255 Tl zones can be created in a single fabric 2
• Ports in a Tl zone must belong to switches that run Fabric OS
v6.0+
- For Tl zones over FC-FC routing , ports must belong to switches that
run Fabric OS v6.1 or later
Revision 01 10 6 - 43
CFP380 Internal Use Only Adaptive Networking Traffic Management
Footnote 1: If all ports in a trunk group are not included in a Tl zone, the behavior
of the Tl zone will be uncertain, as Tl zones are enforced on the trunk master only.
For example, if 3 out of 4 ISLs in a trunk group are included in a Tl zone, and the
trunk master is part of the Tl zone, behavior is normal. However, if the trunk master
fails , and the new trunk master is the ISL which is not included in the Tl zone,
behavior will be dependent on the failover setting. If failover is disabled, the Tl zone,
and thereby the dedicated route between host and target, will be broken, and no
data will flow. More information on failover on the next few slides.
Revision 0110 6 - 44
CFP380 Internal Use Only Adaptive Networking Traffic Management
Footnote 1: Traffic Isolation is a -l:S effort" facility that will work as long as it
doesn't violate the FSPF -Q\.vest cost route" rules. This means that traffic from one
Tl zone may have to share an ISL with other Tl zones and devices if no equal-cost
routes are available and failover is enabled.
If a Tl zoned E_Port fails, traffic will failover to a non-Tl zoned E_Port, if no other
equal-cost Tl zoned E_Ports exist (this behavior is dependent on the -ailover"
setting, which is covered on another slide). Also, a non-Tl zoned device will use a Tl
zoned E_Port if no equal cost .alternatives exist and failover is enabled.
If used within an AD, the E_Ports specified in a Tl zone must be in that AD's device
list (enforced during zone creation/modification).
• Since Tl zones must use D,I notation, the AD's device list must be declared
using D,I for ports that are to be used in such zones (enforced during zone
creation/modification).
• Care must be taken if using Tl zones for shared ports (E_Port or N_Port)
because of the limitation that a given port can only appear in a single Tl zone.
Conflicting members across ADs can be detected by use of zone --validate,
and -ts practices" would demand that such situations not be .allowed to
persist.
Footnote 2: If you only want one N_Port (on that switch) in the zone put the port on
a non-shared port (0-15).
Revision 0110 6 - 45
CFP380 Internal Use Only Adaptive Networking Traffic Management
Failover Enabled
• If paths within a Tl zone go offline, the Tl zone Failover setting
determines the resulting behavior
• If a "failover enabled" Tl zoned route fails:
- Traffic will be moved to another E_Port in the same Tl zone, if one is
available
- If there are no other E Ports available in that Tl zone, traffic will be
moved to an E Port outside the Tl zone, if available
- When a failed Tl zoned route is restored, traffic will be automatically
failed back to the original route1
• Using the default settings when creating a Tl zone will activate the
zone, with failover enabled
Revision 0110 6 - 46
CFP380 Internal Use Only Adaptive Networking Traffic Management
Host A Target A
Tl Zone
~
Host B / Ta<getB
~
10
9 - - - - ..
e
Revision 01 10 6 - 47
CFP380 Internal Use Only Adaptive Networking Traffic Management
Tl Zone
Domain 1
1
- - - ... 2~
3
Target C
When a zone is marked as a ----fBffic Isolation" zone (Tl zone) and failover is
enabled, the fabric will attempt to isolate all inter-switch traffic entering a switch from
a member of that zone to only those E_Ports that have been included in the zone.
In other words, the domain routes for any of the members (N_Port or E_ Port) to the
domains of other N- Port members of the zone will be set to use an E- Port included
in the zone, if it exists. Such domain routes will be used only if they are on a 4.ivest
cost" path to the target domain (i.e. the FSPF routing rules will continue to be
obeyed). The fabric will also attempt to exclude traffic from other Tl zones from
using E_Ports within a different traffic isolation zone. This Traffic Isolation is a -ts
effort" facility that will do its work only as long as doing so does not violate the FSPF
-ffiwest cost route" rules. This means that traffic from one Traffic Isolation zone may
have to share E_Ports with other Tl zones and devices when no equal-cost routes
can be found using a -prerred" E_Port. And if a -prterred" E_Port fails, traffic will
failover to a -ro-preferred" E_ Port, if no preferred E_ Ports offer a -atvvest routing
cost" route to the target domain. Similarly, a non-Tl device's traffic will use an
E_Port from a Tl zone if no equal cost alternatives exist.
Revision 01 10 6 - 48
CFP380 Internal Use Only Adaptive Networking Traffic Management
Failover Disabled
• If a "failover disabled" Tl zoned E Port fails:
- Traffic can still be moved to another E Port in the same Tl zone, if orne
is available
- Traffic cannot be moved to an E_ Port outside the Tl zone, even if one
is available
• An RSCN will be generated noting the failure of a path
• Non-Tl zoned traffic wi II not be moved onto a Tl zoned route, even
if there are no non-dedicated routes available
- If an E_port that is not in the Tl zone fails the non-Tl zoned traffic will
not move onto a Tl route
- When the Tl zoned route is restored , traffic w ill automatically be
rerouted back onto the Tl zoned route
• An RSCN will be generated noting the restoration of a path
Whether failover is enabled or disabled can be determined at the time the Tl zone is
created. The default is failover enabled.
Revision 0110 6 - 49
CFP380 Internal Use Only Adaptive Networking Traffic Management
Host A Target A
Tl Zone
~
Host B / Ta<getB
~
10
9 - - - - ..
e
Revision 0110 6 - 50
CFP380 Internal Use Only Adaptive Networking Traffic Management
Host A
Tl Zone
Domain 2
-------
C 2009 Brocade Co'Timun ca1 ans Systems nc 51
Al 1R ghts Reserved
Revision 0110 6 - 51
CFP380 Internal Use Only Adaptive Networking Traffic Management
Target A
Host A
~ain3
Note: While Host Band Target B can form a Tl zone, Host A and Target A cannot,
because of the Fabric OS v5.3 switch in the data path. However, the presence of
the Tl zone in the fabric above will not disrupt traffic flowing from Host A to Target A.
Revision 01 10 6 - 52
CFP380 Internal Use Only Adaptive Networking Traffic Management
Target A
Host A
However, it could be possible to change the link costs to make the path through
domain 4 and domain 5 the FSPF path of choice and thereby allowing a Tl zone in
that direction to function.
Revision 0110 6 - 53
CFP380 Internal Use Only Adaptive Networking Traffic Management
Domain 1 Domain 3
Host 1
1 9
~14
,
. ,,
Host 2 15 ,,
Domain 2
:r' Domain 4
6 JI ____ _
----
#
Dedicated Path
Ports in the Tl zone
Revision 01 10 6 - 54
CFP380 Internal Use Only Adaptive Networking Traffic Management
Domain 1 Domain 3
Host 1
__.. __
I - - - - Dedicated Path
# Ports in the Tl zone
Tl Failover
If failover is disabled:
• Intended for use in simple linear fabric configurations
- Ficon is the driving force behind implementing Tl zone; the Mainframe
wants to see all traffic from the source come from one and only one path,
not from two or more paths.
• Ensure that there are multiple paths between switches
• Ensure that there are non-dedicated paths through the fabric for all devices
that are not in a Tl zone
For administrative reasons, it is recommended that Tl zone definitions and regular
zone definitions match
It is recommended that the insistent Domain ID feature be enabled
• If a switch changes its active domain ID, the route is broken
Revision 01 10 6 - 55
CFP380 Internal Use Only Adaptive Networking Traffic Management
Revision 0110 6 - 56
CFP380 Internal Use Only Adaptive Networking Traffic Management
BROCADE
EDUCATION SOLUTIONS
Revision 0110 6 - 57
CFP380 Internal Use Only Adaptive Networking Traffic Management
• The default settings will enable failover and activate the Tl zone
• There are settings to disable failover and deactivate the zone
• To enable a new Tl zone, or commit any changes made, including
deactivation, a cf genable command must be issued
- Activating alone wi ll not enable a Tl zone
Revision 0110 6 - 58
CFP380 Internal Use Only Adaptive Networking Traffic Management
Host A Target A
Do ma in 1 Do main 5
··· ~
1 , 36 1. 215 - - - - 5. 10
Example 1 shows how to create a Tl zone with default settings -failover enabled,
and activate the Tl zone upon creation. In Example 2, the ~,, argument is required
because the Tl zone is being created with failover disabled, and not activating upon
creation.
To verify that the Tl zone has been enabled on the fabric, issue a cfgshow, or
zone -- show command on each switch in the data path, and verify the Tl zone
shows up in the Defined Configuration.
Revision 0110 6 - 59
CFP380 Internal Use Only Adaptive Networking Traffic Management
CLI Commands
• The zone --add command allows the addition/change of portlist
members and change status options
R8 - st02 - DCX : admin> zone --add -o n yellowzone -p
" 1 , 217 ; 5 , 11"
R8 - st02 - DCX : admi n > zone --show
Defined TI zone configuration :
Examples:
• Add port member as a portlist to an existing Tl zone
zone - - add " ye ll owzone" - p " 1 , 2 1 7 ; 5 , 11 "
Revision 0110 6 - 60
CFP380 Internal Use Only Adaptive Networking Traffic Management
Revision 0110 6 - 61
CFP380 Internal Use Only Adaptive Networking Traffic Management
Revision 0110 6 - 62
CFP380 Internal Use Only Adaptive Networking Traffic Management
Revision 0110 6 - 63
CFP380 Internal Use Only Adaptive Networking Traffic Management
Revision 0110 6 - 64
CFP380 Internal Use Only Adaptive Networking Traffic Management
Revision 0110 6 - 65
CFP380 Internal Use Only Adaptive Networking Traffic Management
- Zone Type
(
• Zcnes
• Domain;Port Index Type Domain
Fl
Allevels ~ A ~ El • NewZone
--·-
D10 lJ.-Port
....
ti11
~
NowZone
Br..,_ NetiYe - Now TI Zone
Revision 0110 6 - 66
CFP380 Internal Use Only Adaptive Networking Traffic Management
Revision 0110 6 - 67
CFP380 Internal Use Only Adaptive Networking Traffic Management
F~- ;~ zoning
CuTenl Active Zone Conflgwellor
>
TIZono~
Zone-Oloplioy Al Membe<s
0 1"TIZoneAdded Active Zone ConfWaliln
0 6 .Zone Members Added
rsai-z......eonflg
Ad.Ne Zone Conflg..a'-CllliOn ~ I 13 !i!D-Zone
El 0 .e.o (S'SI
NowZoneeoniog iJ (F00:0106e4J SEAGATE TECINll.OOY (WMI 2Z00:00:20:37.CA.36:EO)
EJ NowZone ~C0:020100JBr~~
___§t.!!_
ems Inc ~10:00:00:05:1E:S7:7C:8A
0 - IFCI0-020100 13 AdlYe n Zones
> El o ):(
0 ijl IFCD:01°""
Nowzone_;i
0 ~ IFCD 0106001
0 Q IF00-0108001
0 <::> IF00-0109001
J
J
C 2009 Brocade Co'Timun ca1 ans Systems nc 68
Al 1R ghts Reserved
Revision 0110 6 - 68
CFP380 Internal Use Only Adaptive Networking Traffic Management
Summary
• Adaptive networking is a framework concept including traffic
management and fabric profiling
• Fa bric QoS allows prioritization of high, medium and low priority
frames (requires Adaptive Networking License)
• Bandwidth can be limited and the ingress port using Ingress Rate
limiting (requires Adaptive Networking License)
• Traffic can be prioritized and rate limited starting at the HBA using
Brocade HBA QoS and Target Rate Limiting (requires Server
Application Optimization License)
• Traffic Isolation zones can control the flow of inter-switch traffic by
creating a dedicated path for traffic flowing from a specific set of
source ports (no license required)
Revision 0110 6 - 69
CFP380 Internal Use Only Adaptive Networking Traffic Management
Revision 0110 6 - 70
CFP380 Internal Use Only Adaptive Networking Traffic Management
BROCADE
EDUCATION SOLUTIONS
Revision 0110 6 - 71
CFP380 Internal Use Only Adaptive Networking Traffic Management
QoS over FC routers is supported only if Virtual Fabrics is disabled in the backbone
fabric. QoS over FC routers cannot be enabled if Virtual Fabrics is also enabled in
the backbone fabric.
Revision 0110 6 - 72
CFP380 Internal Use Only Adaptive Networking Traffic Management
The port WWN of the host or target and the port WWN of the proxy device must be
in both an LSAN zone and a QoS zone.
QoS over FC routers is supported on both EX_Ports and VEX_Ports. QoS over FC
routers is not supported on the FR4-18i blade.
Revision 01 10 6 - 73
CFP380 Internal Use Only Adaptive Networking Traffic Management
BROCADE
EDUCATION SOLUTIONS
Revision 0110 6 - 74
CFP380 Internal Use Only Adaptive Networking Traffic Management
Footnote 1: Support for Tl zones across FC-FC routing was not implemented until
Fabric OS v6.1.0.
Footnote 2: It is a best practice to have these align, however, it is not a requirement
that the LSAN and Tl zones be exactly the same. At the least, the devices that are
using the Tl paths must be in the LSANs for proper functionality.
Revision 0110 6 - 75
CFP380 Internal Use Only Adaptive Networking Traffic Management
--~--
.. .. .... .._.}
~
-
Revision 0110 6 - 76
CFP380 Internal Use Only Adaptive Networking Traffic Management
Footnote 1 :The -1 in the D,I entries causes issues to legacy switches in a zone
merg1e
Revision 0110 6 - 77
CFP380 Internal Use Only Adaptive Networking Traffic Management
9
Host 1
2 10
/
EX_Ports
1-1,
-1
Host2
Revision 0110 6 - 78
CFP380 Internal Use Only Adaptive Networking Traffic Management
~ ~~
- PWWN of the Target
'• '
- EX Port and VE Ports
• The Tl zone would
( Edge
Fabric 1
Edge
Fabric 2
I I
•••
have the following •
I
members: I
I
•
1 2 3 1 2
- 1, 1 (EX_Port for FC router 1)
- 1,4 (VE_Port for FC router 1) VE Ports
Footnote 1: Non-Tl data traffic is not restricted from going through the Tl path in the
backbone fabric.
Example configuration:
• Host PWWN - 10:00:00:00:00:08:00:00
• Target1 PWWN - 10:00:00:00:00:02:00:00
• Target2 PWWN - 10:00:00:00:00:03:00:00
Revision 0110 6 - 79
CFP380 Internal Use Only Adaptive Networking Traffic Management
Revision 0110 6 - 80
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Revision 0110 7- 1
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Objectives
• After completing this module, attendees will be able to:
- Interpret Top Talkers (TT) output
- Utilize bottleneck detection to proactively monitor Brocade FC SANs
BROCADE
EDUCATION SOLUTIONS
Licensing
BROCADE
EDUCATION SOLUTIONS
The Top Talker feature is based on the Advanced Performance Monitor (APM)
feature. The Top Talker feature determines the largest users of F_Port bandwidth by
monitoring all flows (SID-DID pairs) through one or more switch F_Ports on any
switch in the fabric.
This feature does not work on F_Port on cascaded Access Gateways.
Top Talker Monitors discards bandwidth information collected during the initial
stabilization. Initial stabilization is the time taken by a flow to reach the maximum
bandwidth. This time varies depending on the number of flows in the fabric and
other factors. The incubation period can be up to 14 seconds in the Brocade DCX
and DCX-4S, and up to 82 seconds in the Brocade 4100, 4900, 5000, 5100, 5300,
7500, 7500E, 7600, 7800, 8000, 48000, and Brocade Encryption Switch.
APM (cont.)
• In earlier versions of Fabric OS, APM could capture end-to-end
performance information, but not perform any further analysis
- Which SID-DID pairs are driving the most traffic?
- Which switch ports are experiencing the heaviest traffic?
1. SID1 - 010 1
2. SID2 - DID1
3. SID3 - 0104
In the example above, the busiest SID/DID pairs are shown. Advanced Performance
Monitor can measure performance quantitatively, but cannot determine the "busiest"
SID/DID pairs. Knowing the busiest devices can be a key factor in optimizing the
performance of a SAN design.
Revision 0110 7 - 10
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Footnote 1: The Adaptive Networking licensed feature introduces QoS and Ingress
Rate Limiting functions.
Revision 0110 7 - 11
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Footnote 1 : Initial stabilization period is the time taken by a flow to reach the
maximum bandwidth. This time varies depending on the number of flows in the
fabric and other factors. The stabilization period can be up to 14 seconds in the
Brocade 300, 5100, 5300, and DCX; up to 82 seconds in the Brocade 4100, 4900,
5000, and 48000. The Brocade 200E is not supported (GoldenEye ASIC).
Footnote 2: Because Top Talker identifies all possible flows on a given switch port
or switch, Top Talker may exceed the ASIC hardware resources (up to 2048 flows
per Condor2; up to 256 flows per Condor). If there are more flows than the H/W
resources can support, the Top Talker algorithm samples traffic (by looking at a new
set of 256/2048 flows every second) and extrapolates the measurement (estimating
the actual performance from the sampled data).
Interaction with other Fabric OS features:
• Administrative Domains: Top Talker monitors are placed in AD255
• FCIP and FC Routing: Not supported on VE_Ports, EX_Ports, or VEX_ Ports
• Virtual Fabrics: All logical switches in the same chassis can use either fabric
mode Top Talker monitors or port mode Top Talker and end-to-end monitors.
You cannot use fabric mode Top Talker monitors and end-to-end monitors
together on the same logical switch.
Footnote 3: If Virtual Fabrics is enabled, the maximum number of F_ Port Top Talker
monitors on an ASIC is 4.
Revision 01 10 7 - 12
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
• VE, EX, VEX and M_Ports (mirror ports) are not supported 1
Footnote 1: FC-FC routing and TopTalkers Fabric Mode cannot coexist on the
same switch. Enabling one while the other is already enabled will be prevented.
Revision 0110 7 - 13
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
• Delete an F_ Port Top Talker monitor from a switch port with the
perfttrnon --de lete [slot/] <port> command
• The perfttmon - -add ingress command adds a F_ Port Top Talker monitor
for traffic entering a switch F_ Port (receive, or Rx). The command has one
argument: the [slot]/port identifier for the port.
• The perfttmon - -add egress command adds a F_Port Top Talker monitor
for traffic exiting a switch F_Port (transmit, or Tx). The command has one
argument: the [slot]/port identifier for the port.
• The perfttmon --delete command deletes an existing F_ Port Top Talker
monitor from a port. The command has one argument: the [slot]/port identifier
for the port.
Rll - ST11 - B30 : admin> perfttmon --show 1 5
~ Display Top 5 ..- 1Refresh Interval 10 Seconds ..- 1Flow Tx ..- \ Pause I~
Top Talker Summary
Tx Ave( ... ..., Last Occured Occurances SID Source Name Source Swlt ... DID Destination Name Destination S... Port Speed % utilization
50.615 Thu Nov 19 22:24:5... 3 030100 10:00:00:05: ... R11-ST11-B... 6206EF 22:00:00:04:CF:92 ... R11-ST11-B... 2 19.53125
Thu Nov 19 22:24:5... 3 030100 10:00:00:05: ... R11-ST11-B... 6206E8 22:00:00:04:CF:BD... R11.ST11-B... 2 17.96875
Revision 01 10 7 - 14
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
The perfttmon - - show command displays the largest flows measured by the
F_Port Top Talker monitor on a port. The command has the following arguments:
• [slot]/port: The identifier for the port. A mandatory argument.
• [wwnlpid]: The format of the SID and DID identifiers - WWN (wwn) or PIO
(pid). The default is WWN format; an optional argument.
• [#of TT flows]: The number of largest-bandwidth flows to be displayed. The
default is 10 flows; an optional argument.
In the example above, the 5 largest flows through port 1/12 are displayed in PIO
format.
Footnote 1: The number of flows displayed is dependent on the hardware platform;
32 flows for Brocade 300, 5100, 5300, and FC8-xx port blades; 16 flows for
Brocade 4100, 4900, 5000, 7600, and FC4-xx port blades; 4 flows for Brocade
7500.
Revision 0110 7 - 15
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
If end-to-end monitors are present on the local switch, the command fails with the
message:
Cannot install Fabric Mode Top Talker because EE monitor is
al r eady present
If end-to-end monitors are present on remote switches running Fabric OS 6.1.0 or
later, the command succeeds; however, on the remote switches, fabric mode fails
and a raslog message is displayed on those switches.
If end-to-end monitors are present on remote switches running Fabric OS 6.0.x, the
command succeeds.
Rl l-ST1 1 -B30 : admin> perfttmon --show dom 3 5
22 : 00 : 00 : 04 : cf : bd : 89 : 5f 10: 00 : 00 : 05 : 1 e : 57 : 7c : a4 51 . 850 16 9
22 : 00 : 00 : 0 4: cf : 92 : 5c :al 1 0 : 00 : 00 : 05 : 1e : 57 : 7c : a4 44. 867 16 9
ITx+Rx (M ... ...-ls10 !source Name JSO;e Swltchi?ort ...,. fDID loestination Name l0estination Swltchll'o1
58.418 6206EF 22:00:00:04:CF:92:5C:A1 R11-ST1 1 -B51 l20:06:00:05:1 E:A1 :6A:B7 030100 10:00:00:05:1 E:S7:7C:A4 R11-ST11 -B30/20:01 :OO:OS:1E:OB:EA:
l57 .885 6 206E8 22:0():00:04:CF:BD:89:5F R11-ST1 1 -B51l20:06:00:()5:1 E:A1 :6A:B7 0301 ()() 10:00:()0:()5:1 E:57:7C:A4 R11 -ST11 -B30/2():01 :00:05:1 E:()B:EA:
Revision 0110 7 - 16
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
22 : 00 : 00 : 04 : cf : bd : 89 : 5f 10 : 00 : 00 : 05 : 1e : 57 : 7c : a4 51 . 850 16 9
22 : 00 : 00 : 04 : cf : 92 : 5c : al 10 : 00 : 00 : 05 : 1e : 57 : 7c : a4 44 . 867 16 9
Revision 0110 7 - 17
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
M4M·iil1!0Hl1U
Revision 0110 7 - 18
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
:.i:IM.lilllloM:llloll.-1:11.1~
__fj 2Q;OJ .OOQS·l Ej9
8 O ~ rs111_S12.Jn« rs111_s12_rn.c4 ~1
8 OR11·ST02.M44 R11.S102-M44 Swich ~
U1I 20:05:08:00:88:E3:33 <I J
Revision 0110 7 - 19
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Revision 0110 7 - 20
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
I.:.
~ I] !For F_Port monitors
Top S
lOSeeonds
Top6
Seconds
Top7
Seconds
Top8
Seconds
Top9
Seconds
Top10
IMh.te
Top11
Top 12 ~
Revision 0110 7 - 21
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
BROCADE
EDUCATION SOLUTIONS
Revision 0110 7 - 22
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Bottleneck Detection
• The bottleneck detection feature identifies devices attached to the
fabric that are slowing down traffic (slow drain device)
- Device is slow to process received frames and send back credit
returns
- Achieved throughput ~nto the slow drain port is lower compared to
intended throughput
2 GbiVsecbw
2 GbiVsec link
- 8 GbiVsec link
A latency bottleneck is a port where the offered load exceeds the rate at which the
other end of the link can continuously accept traffic, but does not exceed the
physical capacity of the link.
Latency bottlenecks can be caused by a device attached to the fabric that is slow to
process received frames and send back credit returns. A latency bottleneck due to
such a device can spread through the fabric and can slow down unrelated flows that
share links with the slow flow.
3 Gbit/sec bw
> 8 Gbittsec
"' 3 Gbit/sec bw
~ 2 Gbit/sec link
4 Gbit/sec link
.,_.... 8 Gbit/sec link
Revision 01 10 7 - 23
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Revision 0110 7 - 24
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Revision 0110 7 - 25
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Revision 0110 7 - 26
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
0 ... Time
An affected second is any 1 second period where the port has zero buffer credits
and a frame waiting to transmit.
In the example the averaging interval is configured for 12 seconds, during this
interval there were four affected 1 second periods giving a metric of 33.33%.
If the threshold was configured to be .3333 or less then a RAS log message wou Id
be generated.
Revision 01 10 7 - 27
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Time (s) The time window in seconds over which the bottlenecking
percentage is computed and compared with the threshold.
Quiet Time (s) The minimum number of seconds between consecutive alerts.
The -qtime option can be used to throttle alerts by specifying the
minimum number of seconds between consecutive alerts.
The --status option displays a listing of ports for which bottleneck detection is
enabled.
Revision 0110 7 - 28
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Configuration (cont.)
• To display 30 seconds of bottleneck statistics with a 5 second
interval period:
switch : admin> bottleneckmon --show -interval 5 -span
30 2/24
===========================================================
Mon Jun 15 18 : 54 : 35 UTC 2009
-----------------------------------------------------------
Pe r ce ntage of
Fr om To affected secs
Jun 15 18 : 54 : 30 Jun 15 18 : 54 : 35 80 . 00 %
Jun 15 1 8 : 54 : 25 Jun 15 1 8 : 54 : 30 40 . 00 %
Jun 15 1 8 : 54 : 20 Jun 15 1 8 : 54 : 25 0 . 00 %
Jun 15 18 : 54 : 15 Jun 15 18 : 54 : 20 0 . 00 %
Jun 15 18 : 54 : 10 Jun 15 18 : 54 : 15 20 . 00 %
Jun 15 1 8 : 5 4 : 05 Jun 15 18 : 5 4 : 10 80 . 00 %
Setting a threshold of 0.1 and a time window of 30 seconds specifies that an alert
should be sent when 10% of the one-second samples over any period of 30
seconds were affected by bottleneck conditions. The -qtime option can be used to
throttle alerts by specifying the minimum number of seconds between consecutive
alerts.
Syntax :
bot t l eneckrnon --enable [-alert ] [ - thresh t hreshold ]
[-time window] [-qtime quiet_ time ]
[slot/]port list [[slot/ ] port list ]
bottleneckrnon --disable [slot/]port list
[ [slot/] port list] ...
bottleneckrnon -- show [ - interval interval size]
[-span span size] [slo t/]port
bottleneckrnon - status
bottl eneckrnon --help
Revision 01 10 7 - 29
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Summary
• Top Talker monitors help to profile the fabric by determining the
flows (SID/DID pairs) that are the highest users of bandwidth
• Top Talkers measure bandwidth usage data in real-time and
relative to the port on w hich the monitor is installed
- Requires Advanced Performance Monitoring license
• Bottleneck detection helps to find F_Port dev ices that may be
experiencing slow drain and affected traffic w ithin the fabric
- Does not require a license
• A slow drain device is slow to process received frames and send back
credit returns
Revision 0110 7 - 30
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
BROCADE
EDUCATION SOLUTIONS
Revision 0110 7 - 31
CFP380 Internal Use Only Adaptive Networking Fabric Profiling
Revision 0110 7 - 32
CFP380 Internal Use Only NPIV and Access Gateway
Objectives
• After completing this module and associated lab, attendees will he
able to:
- Describe and implement NPIV
- Discuss Access Gateway features and functionality
BROCADE
EDUCATION SOLUTIONS
r=========J~VM_2o o_l I
~-
Brocade
HBA
Cl VM_Zone_ 1
0 VM_Zone_2
0 VM_Zone_3
• VM_Zone_4
Four separate logical traffic
nows inside single cable
NPIV Overview
• Available on all Brocade 4 and 8 Gbps switches
• Enabled on a per-port basis
• Each NPIV device is assigned a unique:
- Device PIO
- PortWWN
- NodeWWN
• To the fabric, the NPIV device acts the same as all other physical
devices in the fabric
• NPIV is defined in the FC-LS T11 standard
NPIV devices connected to the same switch port must have a unique 24-bit address
as well as a unique device WWPN.
NPIV Zoning
• Standard fabric zoning and storage LUN masking can be used with
virtual machines to isolate storage ports and LUNs to the
appropriate virtual server just as they are with physical servers
• To perform zoning to the granularity of the virtual N_Port IDs,
WWN-based zoning must be used
~
~
LUN masking
performed at the
/ _,,, storage controller level
~
ID VM_lone_1
D VM_Zone_2
Zoning performed at the
10VM_Zone_3
fabric switch level • VM_Zone_4
You can also use domain, port zoning for an NPIV port, but all the virtual PIDs
associated with the port are included in the zone. A port login (PLOGI) to a non-
existent virtual PIO is not blocked by the switch; rather, it is delivered to the device
attached to the NPIV port. In cases where the device is not capable of handling
such unexpected PLOGls, you should use WWN-based zoning.
NPIV Scalability
• Each NPIV-enabled port on the switch can support up to
255 devices1
• For the shared area ports on 48-port blades (ports 16 through 47),
the limit is 127
• The number of NPIV devices supported on shared area ports (48-
port blades) is reduced from 127 to 63 when Virtual Fabrics mode
is enabled
Footnote 1: Default value in Fabric OS is 126. To support more devices, the value
must be changed using configure.
Footnote 1: Use this parameter to set the number of virtual N_Port_IDs per port to
a value between 0 and 255. The default setting is 126.
For the Brocade 48000 director with an FC4-48 port blade or the Brocade DCX or
DCX-4S Backbone with an FC8-48 port blade: For ports 0 through 15 on the FC4-
48 and FC8-48 port blades, the maximum number of virtual N_Port_IDs per port is
255; for ports 16 through 47, the maximum number is 127.
Footnote 2: Use this parameter to set the number of virtual N_Port_IDs per switch
to a value between 0 and 126 multiplied by the number of ports you specify when
setting this parameter. The default setting is 16 multiplied by the number of ports
specified. If no ports are specified then all ports on the switch are used.
Revision 0110 8 - 10
CFP380 Internal Use Only NPIV and Access Gateway
Enabling NPIV
• Enable/disable NPIV on a FC port with the port cf gnpi vpor t
command 1
• NPIV is enabled by default
• The portcfgshow command displays the NPIV status for each
port
switch :admin> portcfqshow
Ports of Slot 0 0 1 2 3 4 5 6 7 B 9 10 11 12 13 14 15
-----------------+ --+ -- +--+--+----+--+-- +--+---- +--* -- +--+---- +--+--+--
Speed AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN
AL_PA Offset 13
Trunk Port ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON
Long Distance
VC Link !nit
Locked L_Port
Locked G_Port
Disabled E_Port
ISL R RDY Mode
RSCN Suppressed
Revision 01 10 8 - 11
CFP380 Internal Use Only NPIV and Access Gateway
Aut.hentication : Hone
portDisableReason : None
portCFla9s : 0:-:1 ....r::7:'1
portflags : Ox20b03 PRESEHT ACTIVE F _PORT G_PORT U_PQR, L!!!:!::JLOGICAL_ONLINE LOGIN NOELP ACCEPT FLOG!
portType : 18 . 0
POD Port : Port is licensed
portState : 1 Online
Protocol : FC
portPhys : 6 In_Sync portScn: 32 F_Port
port 9'~me r at i on number: 0
st.ate transit.ion count. : 0
PWWN of HBA (physical)
port Id : 010200
portlfid : 43020013
Revision 0110 8 - 12
CFP380 Internal Use Only NPIV and Access Gateway
0 0 010000 id NS No_Li9ht re
1 010100 id NS Online fC f-Port 10 : 00 : 00 : 05 : le : 56: c8 : 2a
2 2 010200 id NS Online I re r-Port l N Port + 3 NPIV public I
<truncated output >
Revision 0110 8 - 13
CFP380 Internal Use Only NPIV and Access Gateway
NPIV po rt lo gi ns h o w
• Use the portloginshow command to display the login
information for the virtual PIDs of a port
• Following is sample output from the portloginshow command:
Use this command to display port login status received from devices attached to the
specified port.
For each login, this command displays the following fields:
Type - Type of login can display one of the following:
• fd - FDISC, Discover F_Port Service Parameters or Virtual N_Port login.
• fe - FLOGI, Fabric Login to Fabric F_Port.
• ff - PLOGI, Port Login to specific N_Ports or well-known addresses like Name
Server.
PIO - The 24-bit Port ID of the attached device.
WorldWideName - The port's world wide name.
credit - The credit for this login as appropriate. This is BB (buffer-to-buffer) credit
for Flogs and EE (end-to-end) credit for PLOGls.
df_sz - The default frame size for this login.
cos - Class of Services supported. This can be a combination of the following bits:
4 - Class 2 is supported.
8 - Class 3 is supported.
Further information about each login is displayed after these columns, including the
Port ID of the well-known address or N_Port that was the target of the PLOGI, if
applicable.
Revision 01 10 8 - 14
CFP380 Internal Use Only NPIV and Access Gateway
NPIV nsshow
DEV2- ST01- 300:admin > nHhoV
~ Pid cos PorWarM HodeNasie TTL (S.K:)
010200 ; 31 10: 00 : OO: OS : 1~: Ob :e! : d l to:
n::4.3 : r c:P
Po t ~S!r'mb : (291 " Broc•dii- 8.::5 I 1. 1 . 1 I
f abr ic Port Name : 20 : 02 : 0'J : OS :l~ : Oa : 83 : 6d
010202;
No
3 ; 25 : c6: 00 : Oc : 29: 00: Oe : 76; 25 : c6 : 00 : Oc : 29: 00 : Od: 76;
PWWN of HBA (physical)
FC4~ : f CP
Port:Symb: (281 " Brocade- 8.2S t 1.1 . l I I •
Fabdc Port Haft'e : 20: 02 : 0(): 0S :le : Oa : 83 : 6d
Per manen t Port HaJM : 10: 0(): 00 : 05: le : Ob : e f: d l
Po r t: Index: 2
Shat:• Ar•": Uo
Device Shared in Ot her AD : Ho
Redirect : No
<truncated output>
Revision 0110 8 - 15
CFP380 Internal Use Only NPIV and Access Gateway
BROCADE
EDUCATION SOLUTIONS
Revision 0110 8 - 16
CFP380 Internal Use Only NPIV and Access Gateway
The Brocade Access Gateway is a Fabric OS feature (no license required) that lets
you configure your Enterprise fabric to handle additional N_Ports instead of
domains.
Switches in AG mode are logically transparent to the host and the fabric. It
increases the number of hosts to have access to the fabric without increasing the
number of switches in the fabric. This simplifies configuration and management in a
large fabric by reducing the number of domain IDs and ports.
Revision 01 10 8 - 17
CFP380 Internal Use Only NPIV and Access Gateway
Hosts
Fabric
• N Port
.'i F Port
[ ·: :· F_Port (with NPIVenabled)
The Brocade Access Gateway allows multiple Host Bus Adapters (HBAs) to access
the fabric using fewer physical ports. Instead, certain Access Gateway ports are
configured as N_Ports, with the attached hosts mapped through the N_Ports via the
N_Port ID Virtualization (NPIV) protocol. The Brocade Access Gateway is a device
management tool and provides only a subset of Fabric OS commands. Therefore it
does not consume critical fabric elements (e.g. domain IDs) that could inhibit
scalability.
The Access Gateway feature was introduced in FOS v5.3
Revision 0110 8 - 18
CFP380 Internal Use Only NPIV and Access Gateway
Supported Platforms
• Supported on the Brocade 300, 5100, VA-40FC 1 and embedded
blade server switches2
~~ .i!~;~ :~.·~~:,::~~:':'.·:·::~::~:~~~~[~~:::•;,~
Brocade 300 Brocade 51 00
Footnote 1: the VA-40FC ships with AG mode enabled by default but AG mode can
be disabled and put back into Fabric mode
Footnote 2: Current embedded switches:
8 Gbps Switches
Dell M5424 24-port for Dell PowerEdge M1 OOOe
Fujitsu 5450 26-port for PRIMERGY BX900
Hitachi 5460 26-port for BladeSymphony BS2000
HP 5480 24-port for B ladeSystem c-Class
HP 5481 24-port HP Virtual Connect for Bladesystem c-Class
HP 5410 12-port for EVA 4400-S (storage switch)
IBM 5470 20-port for BladeCenter
4 Gbps Switches
Dell 4424 24-port torr PowerEdge M1 OOOe
Fujitsu 4016 16-port for PRIMERGY BX600
Hitachi 4016 16-port for 81000 and B ladeSymphony BS320
HP 4024 24-port for B ladeSystem c-class
HuaWei 4018 18-port Embedded Switch
IBM 4020 20-port for BladeCenter
NEC 4024 24-port torr SigmaBlade
Revision 0110 8 - 19
CFP380 Internal Use Only NPIV and Access Gateway
AG Provides Scalability
• Multiple F_ Ports on an AG are mapped to a single N_Port on the
same AG
• Several N Ports on an AG can be connected to a fabric
• Every connection from an AG to a fabric can support a maximum of
255 devices, providing scalability for device attachment
e F_Port
e N_Port
Fabric
Revision 0110 8- 20
CFP380 Internal Use Only NPIV and Access Gateway
Domain ID
36 DomainlOs Domain IDs
1-4 1-4
Tradition al Brocade Blade server SAN Switches Brocade Blade Selvef SAN Switches in Access
Attached to SAN Fabric = 36 Domain IDs Gateway Mode Attached to SAN Fabric = 4 Domain IDs
Revision 0110 8 - 21
CFP380 Internal Use Only NPIV and Access Gateway
These features are on ~y disabled on the AG, but are still available in
the rest of the fabric.
• All switches must have all available POD licenses installed before
configuring a switch for AG mode
Revision 0110 8- 22
CFP380 Internal Use Only NPIV and Access Gateway
BROCADE
EDUCATION SOLUTIONS
Revision 0110 8- 23
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 24
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 25
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 26
CFP380 Internal Use Only NPIV and Access Gateway
NPIV must be enabled on the switch that the Access Gateway is connected to.
The example above shows 8 hosts (Host_1 through Host_8) connected to a Brocade 300. It
is configured as an Access Gateway with the default port map. The hosts are mapped to
the N_Ports as follows:
• F_Port O (Host_1) and F_Port 1 (Host_2) are mapped to N_Port 16
• F_Port 4 (Host_3) and F_Port 5 (Host_4) are mapped to N_Port 18
• F_Port 8 (Host_5) and F_Port 9 (Host_6) are mapped to N_Port 20
• F_Port 12 (Host_7) and F_Port 13 (Host_8) are mapped to N_Port 22
The FC addresses associated with the N_Ports and F_Ports (attached devices) are:
• The FC address for N_Port 16 = 030000. F_Port 0 (Host_1) logs in first and receives
the address 030001; F_Port 1 (Host_2) logs in second and receives the address
030002.
• The FC address for N_Port 18 = 030100. F_Port 4 (Host_3) logs in first and receives
the address 030101; F_Port 5 (Host_4) logs in second and receives the address
030102.
• The FC address for N_Port 20 = 040500. F_Port 8 (Host_5) logs in first and receives
the address 040501; F_Port 9 (Host_6) logs in second and receives the address
040502.
• The FC address for N_Port 22 = 040600. F_Port 12 (Host_7) logs in first and receives
the address 040601 ; F_Port 13 (Host_8) logs in second and receives the address
040602.
Revision 0110 8 - 27
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 28
CFP380 Internal Use Only NPIV and Access Gateway
e F_ Port - 0 FLOGI
e N_ Port FLOGIACC
Servers Fabric
Revision 0110 8- 29
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 30
CFP380 Internal Use Only NPIV and Access Gateway
Footnote 1: The Access Gateway remaps only those F_Ports that were originally
mapped to the recovered N_Ports. F_Ports mapped to still-failed N_ Ports remain
remapped.
Revision 0110 8 - 31
CFP380 Internal Use Only NPIV and Access Gateway
I Ports 16-19 1
0 N_Port
0 F_Port
This example is used to demonstrate the commands issued to put a Brocade 300 in
Access Gateway mode and show various command outputs. It is not intended to be
a "best practice" example.
Revision 0110 8- 32
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 33
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 34
CFP380 Internal Use Only NPIV and Access Gateway
16 0; 1 1 1 1 0 pgO
17 2; 3 2 1 1 0 pgO
18 4; 5 5 1 1 0 pgO
19 6; 7 6 1 1 0 pgO
20 8; 9 None 1 1 0 pgO
21 10; 11 None 1 1 0 pgO
22 12 ; 13 None 1 1 0 pgO
23 14 ; 15 None 1 1 0 pgO
The ag --mapshow command displays the mapping between the N_Ports and the
F_Ports. Each line displays the following information:
• N_Port - Port numbers of ports locked in N_Port mode.
• Configured F_Ports - List of F_Ports that are mapped to the corresponding
N Port.
• Current F_Ports - Shows the F_Ports that are currently conne-cted to the
fabric on the corresponding N_Port. In the case of failover, the Current F_Ports
and Configured F_ Ports differ.
• Failover and Failback - Indicates whether or not N_Port policy is enabled (1)
or disabled (0).
W hen the Access Gateway mode is enabled, all N_Ports belong to the default port
group, pgO.
Revision 0110 8- 35
CFP380 Internal Use Only NPIV and Access Gateway
0 16 ; 17 ; 18 ; 19 ; 20 ; pgO
21 ; 22 ; 23
<output continued on n·e xt sl.ide>
The ag --show command displays detailed information about the N_Ports and
F_Ports, including the FC address of the devices. General information includes the
switch name, the switch WWN, the number of switch ports (2 4), the IP address, the
firmware revision , the number of N_Ports ( 4) and current F_Ports ( 4 ) and the
policies enabled (pg). Port Group 0 is the default port group.
Revision 01 10 8 - 36
CFP380 Internal Use Only NPIV and Access Gateway
N Port i nformation :
Port Port I D Attached PWWN FO FB F Ports
F Port information :
Port Port ID Attached PWWN N Port Preferred N_ port Login Exceeded?
1 Ox010001 10 : 00 : 00 : 05 : le : 57 : 7c : 7d 16 None No
2 Ox010101 10 : 00 : 00 : 05 : 1e : 57 : 7c :ab 17 None No
5 Ox010201 10 : 00 : 00 : 05 : le : 56 : c8 : 39 18 None No
6 Ox010301 10 : 00 : 00 : 05 : 1e : 56 : c8 : 35 19 None No
---------------------------------------------------------------------
HBAs
attached
to 300
Revision 01 10 8 - 37
CFP380 Internal Use Only NPIV and Access Gateway
0 0 030000 id N4 No_Light FC
1 1 030100 id NB Online FC F- Port 10 : 00 : 00 : 05 : 1e : 57 : 7c : 7d Ox010001
2 2 030200 id N4 Online FC F-Port 10 : 00 : 00 : 0S : le : S7 : 7c : ab Ox0101 01
<truncated output>
5 5 030500 id N4 Online FC F-Port 10 : 00 : 00 : 05 : 1e : 56 : c8 : 39 Ox010201
6 6 030600 id N4 Online FC F-Port 10 : 00 : 00 : 05 : le : 56 : cS : 35 Ox010301
<truncated output>
16 16 031000 id NS Online FC N-Port l0 : 00 : 00 : 05 : le : 9c : bl : 73 OxOlOOOO (AoQ)
17 17 031100 id N4 Onl i ne FC N- Port 10 : 00 : 00 : 05 : 1e : 9c : b1 : 73 Ox010100 (AoQ)
18 lS 031200 id N4 Online FC N- Port 10 : 00 : 00 : 05 : 1e : 9c : bl : 73 Ox010200 (AoQ)
19 19 031300 id NS Online FC N-Port 10 : 00 : 00 : 05 : 1e : 9c : bl : 73 Ox010300 (AoQ)
< truncated output>
The swi tchshow command adds the NPIV-generated FC address for the F_ Ports
and N_ Ports. Use these addresses to verify the port map:
• F_Port port 1 (OxOlOOOl ) mapped to N_ Port port 16 ( Ox 5aOOOO )
• F_Port port 2 (Ox010101 ) mapped to N_Port port 17 (Ox5a 0100 )
• F_Port port 5 (Ox010201 ) mapped to N_ Port port 18 (Ox5a0200 )
• F_Port port 6 (Ox010301 ) mapped to N_ Port port 19 (Ox5a 0 30 0 )
AoQ = Application oriented QoS. Indicates that the link is capable of QoS. It should
appear on F and N_Ports on switches that are connected to either Brocade HBAs
with an active SAO license or Access Gateways that have a Adaptive Networking
license.
Revision 01 10 8 - 38
CFP380 Internal Use Only NPIV and Access Gateway
Revision 01 10 8 - 39
CFP380 Internal Use Only NPIV and Access Gateway
• An unconfigured N_ Port can set the F-to-N_ Port mapping with the
ag --mapse t command
The ag --mapdel command deletes one or more F_Ports from a specific N_Port on
an Access Gateway. The command has two arguments:
• N- Port: The specific N- Port.
• F_Port _ lis t : A semicolon-separated list of F_Ports whose mappings are
being remov,ed from the N_Port. When specifying multiple F_Ports, use '"' to
surround the semi-colon separated list; for a single F_Port, '"' marks are not
required. To identify ports 2, 4, 5, and 6, specify an F_Port list of "2; 4- 6".
The ag --mapadd command adds one or more F_Ports to a specific N_Port on an
Access Gateway. The command arguments are the same as with ag --mapdel.
The ag --mapset command creates an N-to-F_ Port mapping on an unconfigured
N_Port on an Access Gateway. The command arguments are the same as with ag
--mapdel and ag --mapadd.
Footnote 1: When trying to map more then one port at a time, if one port fails to
map .all the ports will fail to map. If a port already has a mapping, it must be
unmapped before it can be remapped with a mapadd or the new mapping process
will fail.
Revision 01 10 8 - 40
CFP380 Internal Use Only NPIV and Access Gateway
16 0 None 1 1 0 pgO
17 3 None 1 1 0 pgO
18 4; 5 5 1 1 0 pgO
19 1; 2 ; 6; 7 1 ;2; 6 1 1 0 pgO
20 8; 9 None 1 1 0 pgO
21 10; 11 None 1 1 0 pgO
22 12 ; 13 None 1 1 0 pgO
23 14 ; 15 None 1 1 0 pgO
In the example above, the Access Gateway port map is displayed. The default port
map has been altered so that F_Ports 1 and 2 are now mapped to N_Port 19.
Revision 01 10 8 - 41
CFP380 Internal Use Only NPIV and Access Gateway
For all the commands above, the only argument is the N_Port on which failover or
tailback is to be displayed, enabled, or disabled. For the show commands, omit the
port argument to display the settings for all N_Ports.
Revision 01 10 8 - 42
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 43
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 44
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 45
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 46
CFP380 Internal Use Only NPIV and Access Gateway
BROCADE
EDUCATION SOLUTIONS
Revision 0110 8- 47
CFP380 Internal Use Only NPIV and Access Gateway
The details for each policy will be presented later in this module.
Footnote 1 : The Brocade documentation refers to the Auto Port Configuration
policy as ,,APC' even though the command output shows "auto". Auto Port
Configuration is discussed in the appendix of this module.
Revision 0110 8- 48
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 49
CFP380 Internal Use Only NPIV and Access Gateway
.•
Host_l Doma1nlD = 3
failover to occur only within a 030001 -- - - -. 030000
Port 1 ., - - - - -
user-defined group of ports Hos1..2 .
030002
- Allows Access Gateway to be Host_3 Port4
attached to multiple edge 040401
fabrics Host_4
040402
•
- Default port group is enabled :·tios1=s1
by default and requires all : 0602ill
Ports , • :·POri 20 •
·~
060200 1 ·> .
·P 2
Fabric 2
N Ports to be connected to
the same fabric
•• • ••• ,
: Host 6 J
' 060202
·-
Port9 •
• Port 22
.
ort
..
·..•
Switch_C
Domain 10 = 6
L J
030701 ~- . 030700 Switch_D
- User-defined port groups Port 13 •• ~ Domain ID= 3
0
Host_8 Port 7
must be created to attach to 030702 ....
l • N_Port - Group2
() F_Port
~
In the example above, the Access Gateway is attached to two fabrics. Ports 16 and
18 are attached to Fabric 1 and ports 20 and 22 are attached to Fabric 2. To ensure
the F_Ports mapped to ports 16 and 18 failover only within Fabric 1, ports 16 and
18 are put into a Port Group (Group 1). Siimilarly, to ensure the F_Ports mapped to
ports 20 and 22 failover only within Fabric 2, ports 20 and 22 are put into a separate
Port Group (Group 2).
Revision 0110 8- 50
CFP380 Internal Use Only NPIV and Access Gateway
In the example above, we see the result of N_Port failover with Port Groups:
• If port 16 fails, F_ Ports 0 and 1 failover to Port 18 - the only remaining port in
Group 1. Without port groups, one of the hosts would have failed over to port
20 or 22, which is not attached to Fabric 1. After the failover, the Pl Os of the
attached hosts are updated (Host_ 1 changes from Ox030001 to Ox040403;
Host_2 changes from Ox030002 to Ox040404).
• If port 22 fails, F_Ports 12 and 13 failover to Port 20 - the only remaining port
in Group 2. Without port groups, one of the hosts would have failed over to port
16 or 18, which is not attached to Fabric 2. After the failover, the PIDs of the
attached hosts are updated (Host_? changes from Ox030701 to Ox060203;
Host_8 changes from Ox030702 to Ox060204).
Revision 01 10 8 - 51
CFP380 Internal Use Only NPIV and Access Gateway
0 16 ; 17 ; 18 ; 19 ; 20 ; pgO
21;22 ; 23
The command output above shows the default Port Group (pgO) on a Brocade 300
with the default port map in place.
Revision 0110 8- 52
CFP380 Internal Use Only NPIV and Access Gateway
0 17 ; 19 ; 2 1 ; 23 pgO
1 16 ; 18 Groupl
2 20 ; 22 Group2
Any N_Ports not put in a user-defined Port Group remain in the default Port Group
(pgO ).
Revision 0110 8- 53
CFP380 Internal Use Only NPIV and Access Gateway
Preferred N-Port provides an alternate N_ Port for F_Ports to failover to. The
F_Ports must have a primary N_Port mapping before a preferred (secondary)
N_Port can be configured.
Revision 0110 8- 54
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 55
CFP380 Internal Use Only NPIV and Access Gateway
The ag --p r ef show command displays the current Preferred N_IPorts on the
Access Gateway. The command has no arguments.
There are currently no Preferred N_Ports - the default setting.
Revision 01 10 8 - 56
CFP380 Internal Use Only NPIV and Access Gateway
0;1 20
The ag --p r e f set command sets the Preferred N Port for an F Port.
Revision 0110 8- 57
CFP380 Internal Use Only NPIV and Access Gateway
BROCADE
EDUCATION SOLUTIONS
Revision 0110 8- 58
CFP380 Internal Use Only NPIV and Access Gateway
N_Port/F_ Port Trunking provides the same benefits that ISL Trunking does in the
fabric. It aggregates the bandwidth of each link within the Trunk. Each link has an
N_Port on one side (the Access Gateway) and an F_Port on the other (Edge Switch
in the fabric). In addition, all N_ Ports within a Trunk use the same 24-bit address.
Ports used for Trunking on the edge switch must be enabled using the
portcfgtrunkport command.
Revision 01 10 8 - 59
CFP380 Internal Use Only NPIV and Access Gateway
The ports in an F_ Port trunk use a shared port area. All associated N_ Ports in the
Trunk share the same index.
Revision 0110 8- 60
CFP380 Internal Use Only NPIV and Access Gateway
PoL. ~
d?
030002
• F_ Ports on the AG configured to
any of the Trunk member N_ Ports
Host_3 '°"" :Port
.
030003
Port s, ,
Slave
030000
1
Host_S
040501
j.J Switch_B
Host_6
F Ports are load balanced across 040502
Domain ID =4
Revision 0110 8 - 61
CFP380 Internal Use Only NPIV and Access Gateway
0 F-port Master 0 0 0
1 F-port Slave 0 0 1
Revision 0110 8- 62
CFP380 Internal Use Only NPIV and Access Gateway
A non-bladed switch uses the area ID. A bladed switch uses the index number.
Revision 0110 8- 63
CFP380 Internal Use Only NPIV and Access Gateway
(no RSCNs)
• Failover is triggered when last I
member in the trunk goes offline
I
- When trunk goes offline, F_Ports Domain ID= 4
- Mapped Online
( e N_Port - - . Failed Port Maps
.;) F Port - FailOver_Pa_lh_s _ _
Revision 0110 8- 64
CFP380 Internal Use Only NPIV and Access Gateway
BROCADE
EDUCATION SOLUTIONS
Revision 0110 8- 65
CFP380 Internal Use Only NPIV and Access Gateway
to main fabric
• No license requirement
Fabric
(!) N_Port
O F_Port
Revision 01 10 8 - 66
CFP380 Internal Use Only NPIV and Access Gateway
Footnote 1: Several Edge AGs can connect into a single Core AG to support higher
consolidation ratios.
Revision 01 10 8 - 67
CFP380 Internal Use Only NPIV and Access Gateway
Persistent ALPA
• Prior to Fabric OS v6.3.0, PIDs were dynamic, meaning that every time a
device logged in, it received a new PIO
- Some operating systems cannot tolerate changing PIDs
• Fabric OS v6.3.0 supports a persistent PIO value, whereby a device will
get the same PIO it had when it originally logged in
- The device must log in using the same N_Port on the AG
• More details are provided in the Appendix
Hosts
r. N_Port
\) F_Port
·: '.• F_Port (with NPIV enabled)
Revision 0110 8- 68
CFP380 Internal Use Only NPIV and Access Gateway
Summary
• F_ Port to N_ Port mapping is set by default
• N_ Port failover and tailback is configurable
• N_ Port Grouping allows a single Access Gateway to connect to
multiple fabrics
• F_ Port Trunking aggregates bandwidth between the Access
Gateway and the edge fabric
• Cascading connects two Access Gateways for scalability
Revision 0110 8- 69
CFP380 Internal Use Only NPIV and Access Gateway
BROCADE
EDUCATION SOLUTIONS
Revision 0110 8- 70
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8 - 71
CFP380 Internal Use Only NPIV and Access Gateway
BROCADE
EDUCATION SOLUTIONS
Revision 0110 8- 72
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 73
CFP380 Internal Use Only NPIV and Access Gateway
• If using PG Policy
- Firmware upgrade from Fabric OS v6.2.x, or previous, to v6.3.0 will
disable lb mode, and thereby disable aut omapbalance
- Firmware downgrade from Fabric OS v6.3.0 to a previous version will
disable any automapb a l ance settings
- Enabling lb mode willl set automapbalance to its defaults
• Enabled on an N Port online event
• Enabled on an F Port offline event
Revision 0110 8 - 74
CFP380 Internal Use Only NPIV and Access Gateway
Only one firmware version upgrade is supported in v6.x (upgrade from v6.0.x to
v6.1.x will work; v6.0.x to v6.2.x will not).
Revision 0110 8- 75
CFP380 Internal Use Only NPIV and Access Gateway
See the following page for a description of the additions to the "ag" CLI command.
Footnote 1: The "fabric name" of a fabric is the WWN of the principal switch of the
fabric. In AG mode, when you do an "ag --show" , the output will contain a
section that tells you which N-ports are connected to which fabric (according to
fabric names).
s1ai1e11·t:1min> ao - staow
N.ne : ~Mt.cti_Sll
Nod.NarM · 10'00:00:0$·1e:3S·etu7
Number d P'"'1> - 1e
lf>Addresl(n): 10.115.74.!i3
F'lf'Tl'M'al'e Vtni«I \6.0.0
N_P'Mt '
F_PMI: 10
Pdlctes~d : pg
P4nr<lfltAJ.PA ;~
Por'IGl'Cll.P~ormllilon ·
01;3 pgO .
2 0;2 seecndFaMc -
10:00«J:OS:1e;l4;01-d7 O;l ;U
f"_Pon Information
rr"""'""°"""'
Revision 01 10 8 - 76
CFP380 Internal Use Only NPIV and Access Gateway
BROCADE
EDUCATION SOLUTIONS
Revision 0110 8- 77
CFP380 Internal Use Only NPIV and Access Gateway
Persistent ALPA
• Prior to Fabric OS v6.3.0, PIDs were dynamic, meaning that every time a
device logged in, it received a new PIO
- Some operating systems cannot tolerate changing PIDs
• Fabric OS v6.3.0 supports a persistent PIO value, whereby a device will
get the same PIO it had when it originally logged in
- The device must log in using the same N_Port on the AG
Hosts
r. N_Port
\) F_Port
·: '.• F_Port (with NPIV enabled)
Revision 0110 8- 78
CFP380 Internal Use Only NPIV and Access Gateway
The host does a login request to the AG, which forwards it on to the fabric. The
fabric responds with a PID, which the AG puts in its mapping table, persistently
assigning the PID to the PWWN for that host. The AG simultaneously sends the P IO
to the host.
Revision 0110 8- 79
CFP380 Internal Use Only NPIV and Access Gateway
If the host logs out, the PIO is kept in the mapping table on the AG.
Revision 0110 8- 80
CFP380 Internal Use Only NPIV and Access Gateway
AG
If the host logs back in using the same N_Port on the AG, the AG wi ll search its
mapping table for the PWWN of the host. When it finds the PIO associated with the
PWWN, it will request that PID from the fabric, which will respond with the
requested PIO.
Revision 0110 8 - 81
CFP380 Internal Use Only NPIV and Access Gateway
Access Gateway uses a table to maintain a list of available and used ALPAs. When
the number of entries in this table is exhausted, the host receives an error message.
You can remove some of the entries to make space using the ag
deletepwwn f romdb command.
switch : admin> ag --deletepwwnfromdb PWWN
The max number of entries in the table for each port is set through the configure CU command, as follows :
Configure ...
Revision 0110 8- 82
CFP380 Internal Use Only NPIV and Access Gateway
mod e - Specifies the manner in which the ALPA is obtained in the event
that the ALPA value is already taken by another host. Valid modes are:
- s Specifies a stringent ALPA request mode. In stringent mode, the login is
rejected if the ALPA is not available
- f Specifies a flexible ALPA request mode. In flexible mode, the host login is
accepted either with the requested ALPA value or with a differentALPA value if the
requested ALPA is not available
ag --printa l pamap F_Port - Displays the database entry for t he specified
port. An F_ Port must be specified. The output displays the PWWN-to-host-ALPA
mapping
ag --deletepwwnf r omdb PWWN - Removes the specified port WWN entry from
the database after the host has logged out
ag--clea r alpamap F_Port Clears the ALPA values for the specific F_ Port. This
command removes the PWWN-to-ALPA-value mapping from the database
Revision 0110 8- 83
CFP380 Internal Use Only NPIV and Access Gateway
BROCADE
EDUCATION SOLUTIONS
Revision 0110 8- 84
CFP380 Internal Use Only NPIV and Access Gateway
·.:·
Port 7 • Fabric_ 1
1. No pre-determined port role -
Based on the attached device or Port 9
Port 8~~Port 3
J
switch, each switch port Port 10
~-. cx!awi:n~o~g
automatically configures as F_Port Port 11 Port 2
• )
or N Port Port 12 •
..
Port 13 l, e N_Polt
F Port
Port 23
LJ • F_Port (with NPIV enabled)
When Auto Port Configuration is enabled on an Access Gateway, the first major
change is that port roles are not pre-configured as F_Port or N_Port. Instead,
Access Gateway switch ports react as regular switch ports: based on the attached
device or switch, the port automatically configures as an F_Port or N_Port. Users
can now attach devices or switches to any port, without needing to know whether a
port is locked as an N_Port or not.
In the example above, hosts have been attached to an Access Gateway with Auto
Port Configuration enabled. The following ports are configured in different modes
than the default Port Map:
• Ports 7 and 8 are configured as N_Ports because they are attached to a
switch. If Automatic Configuration was disabled and the default Port Map was
in effect, these ports would be F_Ports.
• Ports 12 and 13 are configured as F_Ports because they are attached to hosts.
If Automatic Configuration was disabled and the default Port Map was in effect,
these ports would be N_Ports.
Revision 0110 8- 85
CFP380 Internal Use Only NPIV and Access Gateway
Port 3 Switd'l A
·: '.• Domain ID = 9
.r------- { •
. ,;)
Port 13J , e N_Port
F_Port
Port23
L ·: :• F_Port (with NPIV enabled)
Revision 0110 8- 86
CFP380 Internal Use Only NPIV and Access Gateway
Port23
__ ••
• ___.
·::• F_Port (with NPIV enabled)
The third major change with Automatic Configuration is that the Port Map is not
fixed - that is, an F_Port does not always have the same Primary N_ Port. As hosts
or switches are attached to the Access Gateway, the Port Map is automatically
readjusted to ensure an even distribution of F_Ports across the N_Ports.
In the example above, a new switch port is attached to port 9, creating a new
N_Port (PID = Ox090400). As a result, the F_Ports are remapped across the three
N_Ports. This results in four of the six hosts (noted with a* symbol above) changing
their PID:
• Host_3 has changed from Ox090302 to Ox090401 .
• Host_4 has changed from Ox090202 to Ox090302.
• Host_5 has changed from Ox090303 to Ox090202.
• Host_6 has changed from Ox090203 to Ox090402.
Revision 0110 8- 87
CFP380 Internal Use Only NPIV and Access Gateway
-
- N Port Failback: Devices do not
tailback!
* :-H~st)
: 0 90203
* .••
- Mapped Online
- - · Failed port maps
- Faitover paths
The final major change with Automatic Configuration is that there is N_Port Failover,
but no N_Port Failback. When an N_Port fails, the F_Ports mapped to that N_ Port
are automatically failed over, and the Port Map is automatically readjusted to ensure
an even distribution of F_Ports across the N_Ports. However, because F_Ports do
not have a Primary N_Port, there is nothing for a failed-over F_Port to fail back to.
The absence of a Primary N_Port also means that there are no Pref,erred N_Ports
or Port Groups when Automatic Configuration is enabled.
In the example above, a new switch port is attached to port 9, creating a new
N_Port (PIO= Ox090400). As a result, the F_Ports are remapped across the three
N_Ports. This results in all of the six hosts (noted with a* symbol above) changing
their PIO:
• Host_1 has changed from Ox090301 to Ox090201 _
• Host_2 has changed from Ox090201 to Ox090401 _
• Host_3 has changed from Ox090401 to Ox090202_
• Host_ 4 has changed from Ox090302 to Ox090402_
• Host_5 has changed from Ox090202 to Ox090203_
• Host_ 6 has changed from Ox090402 to Ox090403_
Revision 0110 8- 88
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8- 89
CFP380 Internal Use Only NPIV and Access Gateway
The automatic Port Configuration (APC) policy provides the ability to automatically
discover port types (host vs. fabric) and dynamically update the routing maps when
a new connection is detected. This policy is intended for a fully hands-off operation
of Access Gateway. APC dynamically maps F_ports across available N_Ports so
they are evenly distributed. For example, when a port on an AG is connected to a
Fabric switch, the AG configures the port as an N_Port. If a host is connected to a
port on an AG, then the AG determines that it is connected and configures the port
as an F_Port and automatically maps it to an existing N_ Port with the least number
of F_Ports mapped to it.
When the APC policy is enabled, it applies to all ports on the switch. Enabling the
APC policy is disruptive and erases all existing F_Port-to-N_Port mappings.
Therefore, before enabling the APC
policy, you must disable the AG module. When you disable the APC policy, the
N_Port configuration and the F_Port-to-N_Port mapping revert back to the default
factory configurations for that platform.
Revision 01 10 8 - 90
CFP380 Internal Use Only NPIV and Access Gateway
See the following page for a description of the additions to the "ag" CLI command.
Revision 0110 8 - 91
CFP380 Internal Use Only NPIV and Access Gateway
Revision 0110 8 - 92
CFP380 Internal Use Only NPIV and Access Gateway
With APC Policy and introduction of Login Balancing in PG Policy, the F_Port to
N_Port mapping in an AG can change dynamically depending on addition/removal
of ports. Some admins might want to control this automatic rebalancing feature -
which can be achieved using the agautomapbalance CLI.
CLI Description
agautomapbal.an ce - -for ce FORCED One-lime auto login dis tribution
In case the agautomapbalance option is disabled for
N_ Port addition, F_ Port removal or both, this
command will rebalance the F _ Port lo N _ Port
mapping in a forceful mannef" only O N CE.
agautomapbal.a n ce [ - -ena.bl.e I --disa.bl.e] All the above commands will have -pg# option so
[-fport I -nport ] they can optionally be enabled or disabled on a given
[-pgf ) port group in AG
This option is a llowed only when Load balancing
Policy is enabled on this particular PG
agautomapbal.ance [ - -enab l.e I --disab1-e) All the above commands should have -all option so
[-£port I - n port ] they can optionally be enabled or disabled per entire
r-al.1- J AG module (all PGs )
This option will enable/disable auto mapping on Port
Groups which have Load balancing Policy is
enabled.
Revision 0110 8- 93
CFP380 Internal Use Only NPIV and Access Gateway
CLI Examples
• agautomapbalance --enable - fport
- Will enable automatic rebalancing of F_ Ports when an online F_ Port goes
down
• agautomapba l ance - - disab l e -nport -pg 1
- Will disable automatic rebalancing of F_ Ports when a new N_Port comes
online in PG 1
• agautomapba l ance - - enabl e - fport - all
- Will enable automatic rebalancing of F_ Ports on all Port Groups in the AG
• agautomapbalance - - force
- W ill initiate one time rebalancing of F_ Ports (APC Policy)
• agautomapba l ance --force - pg 0
- Will initiate one time rebalancing of F_ Ports in PG 0
Revision 0110 8- 94
CFP380 Internal Use Only Fabric Security
Revision 0110 9- 1
CFP380 Internal Use Only Fabric Security
Objectives
• After completing this module, attendees will be able to describe and
configure the following advanced security features:
• Policy distribution
• Fabric Configuration Server (FCS)
• Switch Connection Control (SCC)
• Device Connection Control (DCC)
• IP Filter Policies (IPFILTER)
• Advanced Device Security for Access Gateway
BROCADE
EDUCATION SOLUTIONS
M-EOS Security:
Switch Binding: (SANtegrity Binding license required) This is a list of devices and
switches that can log into a switch by specifying their WWNs in a switch
membership list.
Fabrii c Binding: (SANtegrity Binding license required) This is a list of switches that
can join a fabric by specifying their WWN and Domain ID in the Fabric Membership
list. This is required for FICON.
Port Binding: This binds a device WWN to a switch port. Only that WWN can log
into that switch port.
After Fabric OS v5.2, SFOS must be removed and policies will need to be recreated
using the new base Fabric OS policies.
Unlike the licensed Secure Fabric OS (SFOS) feature, the policies are part of base
Fabric OS.
• Not interchangeable with their equivalent SFOS policies
Footnote 1: AUTIH policy details are included in the appendix to this module.
Footnote 2: PWD policies are covered in the CFA280 course and not in this course.
BROCADE
EDUCATION SOLUTIONS
• With the exception of the DCC and ADS policies, only one policy of
each type can be activ,e2
Footnote 1: The FCS, DCC, SCC and IPFILTER policies are grouped by state and
type while the PWD and AUTH policies are only grouped by type (there is no state
for these two policies).
A policy can be in the following state:
• Active-The policy is being enforced by the switch
• Defined-The policy has been set up but is not enforced
A group of policies is called a Policy Set.
Each switch has the following two sets:
• Active policy set-Contains ACL policies being enforced by the switch
• Defined policy set-Contains a copy of all AGL policies on the switch
When a policy is activated, the defined policy either replaces the policy with the
same name in the active set or becomes a new active policy. If a policy appears in
the defined set but not in the active set, the policy was saved but has not been
activated. If a policy with the same name appears in both the defined and active
sets but they have different values, then the policy has been modified but the
changes have not been activated.
Footnote 2: There are two IP Filter types, !Pv4 and 1Pv6, each with its own active
policy, but only one policy for each IP type can be active.
Footnote 1: Policy distribution can be controlled at the switch level: Each switch
can be set to accept or reject each individual security policy
(FCS/SCC/DCC/IPFILTER/PWD/AUTH). It allows switches in a fabriic to have
different device access security settings-or no settings at all. The default switch
setting is to accept all policies.
Use the f ddcfg command to show or set each policy for Accept or Reject.
Footnote 2: The SCC, DCC, and FCS policies can be switch-centric (manually
distributed) or they can be automatically distributed to k·eep them consistent across
the fabric.
The Fabric-Wide Consistency policy dictates when a switch-level SCC and DCC
reject policy is allowed.
All other policies must be manually distributed using the distribute command.
Virtual Fabric considerations: ACL policies such as DCC, SCC, and FCS can be
configured on each logical switch. The limit for security policy database size is set to
1Mb per logical switch with an 8 MB maximum. FCS, DCC, sec, and AUTH
databases can be distributed using the -distribute command, but the PWD and
IPFILTER databases are blocked from distribution.
Fabric-wide consistency policies are configured on a per logical switch-basis and
are applied to the fabrics connected to the logical switches. Automatic policy
distribution behavior for DCC, SCC and FCS is the same as that of pre-v6.2.0
releases and are configured on a per logical switch basis.
This example shows how to set a strict SCC and tolerant DCC fabric-wide
consistency policy.
sec accept
DCC accept
PWD accept
FCS accept
AUTH accept
IPFILTER accept
Fab r ic Wide Cons i stency Policy :- " SCC : S; DCC "
Revision 0110 9 - 10
CFP380 Internal Use Only Fabric Security
Description:
Use this command to manage the Fabric Data Distribution configuration
parameters.
These parameters control the Fabric-Wide Consistency policy in non-secure mode.
Operands:
--showall
Displays the accept/reject configuration of all policy sets and the fabric-wide
consistency policy on the switch.
-- l ocalaccept po l icy_lis t
Configures the switch to accept distributions of the policies in policy_ list. The
policy_list is a semicolon separated list of supported policy sets, for example,
- SCOJCC". Supported policies are Switch Connection Control (SCC), Device
Connection Control (DCC) and Password (includes account database and password
policies) (PWD).
Revision 0110 9 - 11
CFP380 Internal Use Only Fabric Security
sec - accept
DCC - accept
PWD - accept
FCS - accept
AUTH - accept
I PFI LTER - accept
Revision 0110 9 - 12
CFP380 Internal Use Only Fabric Security
BROCADE
EDUCATION SOLUTIONS
Revision 0110 9 - 13
CFP380 Internal Use Only Fabric Security
Revision 0110 9 - 14
CFP380 Internal Use Only Fabric Security
Footnote 1 : While creating the FCS policy, the local switch WWN automatically
gets included in the list. Additional switches included in the FCS list are backup FCS
switches and other switches not included are non-FCS switches.
In this example output, the Primary FCS switch was disabled. The backup FCS
switch became the primary as indicated in the Primary column:
1 No 10 : 00 : 00 : 05 : 1e : 36 : 2e : 62 - Unknown
2 Yes 10 : 00 : 00 : 05 : 1e : 04 : 24 : 8c 4 85100
1 No 10 : 00 : 00 : 05 : 1e : 36 : 2e : 62 - Unknown
2 Yes 10 : 00 : 00 : 05 : 1e : 04 : 24 : 8c 4 85100
Revision 0110 9 - 15
CFP380 Internal Use Only Fabric Security
FCS Details
• Once the FCS policy is configured , enabled, and distributed,
switch security and fabric-wide administrative command behavior
changes
• Only the Primary FCS switch can invoke commands that affect the
entire fabric 1 , which include:
- Create or modify FCS , sec and DCC policies in a Fabric-Wide
Consistency policy enforced fabric 2
- Distribute the password database3
- Zoning
• FCS policy must be consistent across the fabric
- If the policy is inconsistent in the fabric, then you will not be able to
perform any fabric-wide configurations from the primary FCS
Footnote 1: Only the Primary FCS switch can invoke any fabric-wide commands
(aliadd, zoneadd, cfgadd, cfgcreate, def zone, passwd, etc.).
• This includes all zone configuration commands.
• Non Primary FCS switches can invoke related show commands.
Footnote 2: Only the Primary FCS switch can add, create, delete, and remove SCC
and DCC policies in a fabric with a Fabric-Wide Consistency policy of tolerant or
strict.
Footnote 3: Once an FCS policy is created, activated, and distributed across a
fabric, only the Primary FCS switch can be used to distribute the password
database.
Revision 01 10 9 - 16
CFP380 Internal Use Only Fabric Security
FCS Distribution
• The FCS policy can be automatically distributed 1 using the Fabric
Wide Consistency policy 2"" Backup
FCS Switch
Revision 0110 9 - 17
CFP380 Internal Use Only Fabric Security
FCS Configuration
• Steps to create an FCS ACL policy:
1. Create FCS policy using secpolicycreate
switch : admi n> secpo1icycreate "FCS_POLICY", "3; 4"
FCS POLICY has been created .
Footnote 1: When a policy is activated, the defined policy either replaces the policy
with the same name in the active set or becomes a new active policy. If a policy
appears in the defined set but not in the active set, the policy was saved but has not
been activated. If a policy with the same name appears in both the defined and
active sets but they have different values, then the policy has been modified but the
changes have not been activated.
FCS enforcement does not apply to pre-Fabric OS v5.3.0 switches, they will be able
to initiate all operations but fabric-wide operations can fail if FCS policy is present
on the Fabric OS v5.3.0 switches in the fabric. Once the FCS policy is activated and
distributed to all fabric switches, only the Primary FCS switch will be able to
distribute subsequent policy updates across the fabric.
The fabric in this example only has a distributed FCS policy, no other policies in this
example were activated or distributed.
Footnote 3: Sample command:
distribute -p policy_ list -d switch list
switch : admin> distribute -p FCS -d " 1 ; 3 "
FCS enforcement for the distribute command is handled differently for FCS and
other databases in an FCS activated fabric.
1. The primary or any backup FCS switch can initiate the distribution of the FCS
policy.
2. Only the Primary FCS switch can initiate the distribution for other database
distributions.
Revision 0110 9 - 18
CFP380 Internal Use Only Fabric Security
BROCADE
EDUCATION SOLUTIONS
Revision 0110 9 - 19
CFP380 Internal Use Only Fabric Security
~~~~~~~-CLlT'
~.
~.
New Switch Switch Con nection Control
& Devices (SCC) Policies
Footnote 1: Switches not included in the SCC Policy will be segmented from the
fabric. Devices not included in the DCC Policy attempting to log into ports that are
included in DCC policies will disable the port, but for ports that are not included in a
DCC Policy allow any device to attach.
Footnote 2: Device access security is a step prior to and in addition to any zoning
in providing strong security in a fabric.
With zoning enabled, device-to-device communication is secured. However, new
devices and switches may still connect to and join an existing fabric, a key breach in
a larger security plan.
Revision 0110 9 - 20
CFP380 Internal Use Only Fabric Security
10:00:00:05: 1e :08:0a:68
10:00:00:05:1e:08:0a:68
Footnote 1: FC-FC Routers are not supported in fabrics with =strtt' fabric wide
consistency policies.
Revision 0110 9 - 21
CFP380 Internal Use Only Fabric Security
Revision 01 10 9 - 22
CFP380 Internal Use Only Fabric Security
11 :22:33:44:55:66:77:aa
aa:bb:cc:44:55:66:77:77
ff:ee:dd:44:55:66:77:ff
In this example we are allowing device with WWN 11 :.... :aa to connect on domain 1
ports 1 or 3. The [] are used to include the port numbers specified and the WWN of
any device currently connected on those ports. From the help file:
(1-6) =selects ports with index 1 through 6.
(*)=selects all ports on the switch.
[3,9] = selects ports with index 3 and index 9 and all devices attached to those
ports.
[1-3,5):: selects ports with index 1 though index 3 and index 5 and all devices
attached to those ports.
[*] = selects all ports on the switch and devices currently attached to those ports.
Revision 01 10 9 - 23
CFP380 Internal Use Only Fabric Security
Revision 0110 9 - 24
CFP380 Internal Use Only Fabric Security
Revision 0110 9 - 25
CFP380 Internal Use Only Fabric Security
BROCADE
EDUCATION SOLUTIONS
Revision 0110 9 - 26
CFP380 Internal Use Only Fabric Security
IP Filter Policies
• Set of rules applied to management interfaces
• IP packets that are not in the rules are denied
- Example: to limit the permitted management stations
IP MGMT
IP Filter Policy
~ EQf1 ~
Revision 0110 9 - 27
CFP380 Internal Use Only Fabric Security
Footnote 1: Fabric OS v5.3 and later loads default IP Filter policies for both 1Pv4
and 1Pv6.
Footnote 2: Policy rules will be discussed in more detail later.
Footnote 3: There are also two default policies, one for 1Pv4 and another for 1Pv6
and some implicit policies that enable communication like syslog, from the switch
out. More information on implicit policies will be covered in following slides.
Revision 0110 9 - 28
CFP380 Internal Use Only Fabric Security
Protocol names
added to output
1Pv4 destination ports not explicitly defined in this policy will be blocked. Port 25 is
not listed so any smtp port 25/tcp Simple Mai l Transfer access to this
switch will be blocked.
When FOS v5.3 is initially loaded, two default IP Filter policies are activated:
• One for each policy type (default_ipv4 and default_ipv6)
• The default IP Filter policies cannot be deleted or changed
• When a user-defined IP Filter policy is activated, the default IP Filter policy
becomes deactivated
Revision 0110 9 - 29
CFP380 Internal Use Only Fabric Security
1Pv6
1Pv6 addresses consist of 128 bits (3.4 x 1Q38 total addresses), compared to 32 bits
(4.3 x 109 total addresses) allowed in 1Pv4.
1Pv6 addresses are represented as 8 colon-separated 16-bit hexadecimal digits.
Fabric OS supports static 1Pv6 addresses for management interfaces only.
Consecutive zeros may be dropped. For example, : 8 : is interpreted as : ooos :
and : : is : 0000 : An 1Pv6 unicast address: 2001 : DBS :: 8 : 800 : 2ooc : 417A .
Network Prefix: The netmask prefix is specified as the number of bits that comprise
the network portion of the address. The prefix is specified using a I followed by a
number. An 1Pv6 address and netmask: 2001 : DB8 :: 8 : 800 : 2ooc : 417A/64 .
Gateway: Default gateways will be learned from the network
When being configured as a local address, both an address and prefix MUST be
specified. The prefix is equivalent to a CIDR subnet mask in 1Pv4. There is no
implicit -alssfull" prefix length as in 1Pv4.
Breakdown of 2001 : DBS :: 8 : 800 : 2ooc : 417A/64
Network portion of address: 2 001 : DBS : o : o
Host portion of address: 8 : 800 : 2ooc : 41 7A
The prefix 64 is common for Ethernet LANs .
Because 1Pv6 addresses are so long, Fabric OS services have been upgraded to
allow for an 1Pv6 address or valid DNS name. Use the dnsconfig command to
configure a DNS server. The dnsconf ig command will allow for 1Pv6 addresses.
1Pv6 and DNS Support have been added to the following commands: aaaconf ig ;
configdownload; config upload ; dnsconfig ; fabricshow ;
fcrfabricshow ; firmwaredown lo ad ; ipaddrset ; ipaddrshow;
ipfilter ; seccertutil ; secfabricshow ; snmpconfig ; supportftp ;
supportsave; syslogdipadd; and tsclockserver . Web Tools support
has also been added for 1Pv6 management access. Secure Fabric OS IP policies do
not support 1Pv6.
Revision 0110 9 - 30
CFP380 Internal Use Only Fabric Security
IP Filter Rules
• An IP Filter policy is comprised of a set of rules
- Each rule has an index number identifying the rule
- There can be a maximum 256 rules within an IP Filter policy
Footnote 1: For an IP Filter policy rule, users can only select destination port
numbers in either the well-known or the registered port number range, between 0
and 49151 , inclusive. This means that customers have the ability to control how to
expose the management services hosted on a switch, but not the ability to affect the
management traffic that is initiated from a switch. A valid port number range is
represented by a dash, for example 7-30. Alternatively, for some -st.p:>rted
services", service names can also be used instead of port numbers.
TCP and UDP protocols are the only valid selections. Implicitly, ICMP type 0 and
type 8 packets are always allowed to support ICMP echo request/reply on
commands like ping and trace route .
For the action, only permit and deny are valid.
Revision 01 10 9 - 31
CFP380 Internal Use Only Fabric Security
Footnote 1: If a match is found against the first rule source address, destination
port and protocol, the corresponding action for this rule is taken, and the
subsequent rules in this policy will be ignored. If there is no match, then it is
compared against the next rule in the policy. This process continues until the
incoming packet is compared against all rules in the active policy.
If none of the rules in the policy matches the incoming packet, the two implicit rules
will be matched against the incoming packet. If the rules still don't match the packet,
the default action, which is to deny, will be taken.
Revision 0110 9 - 32
CFP380 Internal Use Only Fabric Security
Source Destination
Protocol Action
Address Port
Any 49152-65535 TCP Permit
These implicit rules ensure that needed management ports are left open.
• The Well Known Ports are those from 0 through 1023.
• The Registered Ports are those from 1024 through 49151
• The Dynamic or Private Ports available are those from 49152 through 65535.
Revision 0110 9 - 33
CFP380 Internal Use Only Fabric Security
Footnote 1: The ipf il ter CU can also be used to show, clone, save,
activate, and abort IP policies. Additionally, use the command to add or delete
rules that will filter IP traffic.
B5100 : admin> ipfi1ter he1p
Usage : ipfilter
--help: display the ipfilter synopsis
--create <poiicynarne> -type <ipv4 I ipv6>: create an IP filter
policy
--cione <policynarne> -from <src_policyname>: create an IP
filter policy as a copy of existing policy
--show [policynarne]: display one or all IP filter po l icy
--save [policynarne] : save one or all IP filter policy
--activate <policyname>: activate an IP filter policy
--delete <poiicynarne>: delete an IP filter policy
--addrule <policynarne> -rule <rule_number> -sip <source IP> -
dp <dest_port> -proto <protocol> -act <permit I deny>: add a
rule to an IP filter policy
--delrule <policyname> -rule <rule number>: delete a rule
from an IP filter policy
--transabort: aborts an open IP fi l ter transaction
Revision 01 10 9 - 34
CFP380 Internal Use Only Fabric Security
BROCADE
EDUCATION SOLUTIONS
Revision 0110 9 - 35
CFP380 Internal Use Only Fabric Security
11 :22:33:44:55:66:77:aa
aa:bb:cc:44 :55:66:77:77
ff:ee:dd:44 :55:66:77:ff
ADS_POLICY
F_Port WNNs Allowed
11 :22:33:44:55:66:77:aa
Revision 0110 9 - 36
CFP380 Internal Use Only Fabric Security
Footn ote 1: ALL ACCESS allows for any device to attach while NO ACCESS
denies all devices to connect.
Revision 0110 9 - 37
CFP380 Internal Use Only Fabric Security
0 ALL ACCESS
1 ALL ACCESS
2 ALL ACCESS
3 ALL ACCESS
< output truncated>
--ads show Displays the current configuration of the Access Gateway. This
includes all N_Ports and F_Ports that are currently online, failover
and tailback settings as well as any online F_Ports that are currently
mapped to N_Ports. Failover and tailback policies are displayed as
enabled (1) or disabled (0).
Revision 0110 9 - 38
CFP380 Internal Use Only Fabric Security
• Add devices to the ADS policy Allow List for specified F_Ports
B3 00 : admin> ag --adsadd "1;2" "50:00:00:e0:8a:88:02:al"
WWNs added successful ly to Allow Lists of the F_ Port[s]
• Remove devices from the ADS policy Allow List for specified F_ Ports
B300 : admin> ag --adsdel "1"
"20:03:0S:OO:S8:35:a0:12 ; 2l:OO:OO:eO:Sb:S8:01:Sb"
WWNs removed successfully from Allow Lists of the F_Port(s]
--ads set +
_Port[;F_Port2; ... ]"''WWN[;WWN2; ... ]": Sets the list of devices that are
allowed to log in to the specified F_ ports. Devices are specified by their World Wide
Names. Lists must be enclosed in double quotation marks. List members must be
separated by semicolons. The maximum number of entries in the allowed device list
is twice the per port maximum login count. Replace the WWN list with an asterisk (*)
to indicate all access on the specified F_Port list. Replace the F_Port list with an
asterisk (*) to add the specified WWNs to all the F_Ports' allow lists. A blank WWN
list(~ indicates no access. ADS policy must be enabled for this command to
succeed.
--adsadd + _Port[;F_Port2; ... ]""WWN[;WWN2; ... ]": Adds the specified WWNs to the
list of devices allowed to log in to the specified F_ports. Lists must be enclosed in
double quotation marks. List members must be separated by semicolons. Replace
the F_Port list with an asterisk. (*) to add th,e specified WWNs to all the F_Ports'
allow lists. ADS policy must be enabled for this command to succeed.
Revision 0110 9 - 39
CFP380 Internal Use Only Fabric Security
Revision 0110 9 - 40
CFP380 Internal Use Only Fabric Security
0 ALL ACCESS
1 50 : 00 : 00 : e0 : 8a : 88 : 02 : al
2 20 : 03 : 08 : 00 : 88 : 35 : a0 : 12
2l : OO : OO : e0 : 8b : 88 : 01 : 8b
50 : 00 : 00 : e0 : 8a : 88 : 02 : al
3 ALL ACCESS
4 ALL ACCESS
5 ALL ACCESS
6 ALL ACCESS
7 ALL ACCESS
8 ALL ACCESS
9 ALL ACCESS
10 ALL ACCESS
NO ACCESS
I::
14
ALL ACCESS
NO ACCESS
ALL ACCESS
15 ALL ACCESS
Revision 0110 9 - 41
CFP380 Internal Use Only Fabric Security
BROCADE
EDUCATION SOLUTIONS
ADDITIONAL RESOURCES (
Revision 0110 9 - 42
CFP380 Internal Use Only Fabric Security
Revision 0110 9 - 43
CFP380 Internal Use Only Fabric Security
Summary
• ACLs can be created to enforce f.abric security. Policy distribution
rules can be used to ensure desired levels of consistency of the
ACLs throughout the fabric.
• Fabric Configuration Server (FCS) policies create a list of
designated switches allowed to make changes to fabric-wide
services
• Switch Connection Control (SCC) policies are lists of switch WWNs
allowed to join the fabric
• Device Connection Control (DCC ) policies list device WWNs that
are allowed to login to specific ports
• IP Filter (IPFILTER) policies control IP traffic into the management
ports of the fabric switches
Revision 0110 9 - 44
CFP380 Internal Use Only Fabric Security
Summary (cont.)
• Fabric Element Authentication Policy (AUTH) creates PKI
relationships between fabric switches and devices using DH-CHAP
orFCAP
• Advanced Device Security (ADS) policies for Access Gateway list
devices that are allowed to login to specific ports
Revision 0110 9 - 45
CFP380 Internal Use Only Fabric Security
BROCADE
EDUCATION SOLUTIONS
Revision 0110 9 - 46
CFP380 Internal Use Only Fabric Security
Revision 0110 9 - 47
CFP380 Internal Use Only Fabric Security
BROCADE
EDUCATION SOLUTIONS
Revision 0110 9 - 48
CFP380 Internal Use Only Fabric Security
Footnote 1: You can use the command: authutil - - set <fcap I dhchap> to
set the authentication protocol which can then be verified using the command
authutil -show.
By default, the switch attempts FCAP authentication first and DH-CHAP second.
FCAP - Fibre Channel Authentication Protocol
Revision 01 10 9 - 49
CFP380 Internal Use Only Fabric Security
E Port Authentication
• Used for switch-switch authentication
- A secret key pair (DH-CHAP) or PKI certificates (FCAP) nave to be
configured/installed prior to activating the policy1
• E_ Port authentication supports four modes2 :
- On - Strict authentication is enforced on all E Ports
- Active - Tolerant state, can connect to a switch with any type of policy
- Passive - Default state, does not initiate authentication but will respond
- Off - Policy is off, no authentication supported
~ & ~
Certificate Certificate
Footnote 1 : If the PKI certificates are not installed prior to activating the policy,
authentication will fail and the link will be segmented.
Footnote 2 :
ON: Setting the AUTH policy to ON means that strict authentication is enforced
on all E_Ports. If the connecting switch does not support authentication or the
policy is switched to the OFF state, the ISL is disabled. During switch initialization,
authentication begins automatically on all E_Ports. In order to enforce this policy
fabric-wide, the fabric needs to have Fabric OS v5.3.0 switches only. The switch
disables the port if it is connected to a switch which does not support
authentication. Regardless of the policy, the E_Port is disabled if the DH-CHAP or
FCAP protocol fails to authenticate each other.
ACTIVE: In this state the switch is more tolerant and can connect to a switch with
any type of policy. During switch initialization, authentication begins on all E_ Ports,
but the port is not disabled if the connecting switch does not support
authentication or the AUTH policy is turned to the OFF state. The authentication
begins automatically during the E_Port initialization. A switch with this policy can
safely connect to pre-v5.3.0 switches, since it continues E_Port initialization if the
connecting switch does not support authentication. Regardless of the policy, the
E_Port gets disabled if the DH-CHAP or FCAP protocol fails to authenticate each
other.
Revision 01 10 9 - 50
CFP380 Internal Use Only Fabric Security
PASSIVE (default): In the PASSIVE stat,e the switch does not initiate
authentication, but participates in authentication if the connecting switch initiates
authentication. The switch will not start authentication on E_Ports, but accepts the
incoming authentication requests, and will not disable if the connecting switch
does not support authentication or the policy is turned to the OFF state. This is the
safest policy for switches connecting to pre-v5.3.0 switches. That means v5.3.0
switches can have authentication enabled and this will not impact the pre-v5.3.0
switches. By default the pre-v5.3.0 switches act as passive switches, since they
accept incoming authentication requests. Regardless of the policy, E_Port is
disabled if the DH-CHAP or FCAP protocol fails to authenticate each other.
OFF: This setting turns off the policy. The switch will not support authentication
and rejects any authentication negotiation request from another switch. A switch
with the policy turned OFF cannot be connected to a switch with the policy tumed
ON. The ON state is strict and disables the port if any switch rejects the
authentication. DH-CHAP shared secrets must be configured before changing the
policy from the OFF to the ON state.
The behavior of the policy between two adjacent switches is defined as follows: If
the policy is ON or active, the switch will send an authentication negotiation
request to the connecting switch. If the connecting switch does not support
authentication or the policy is OFF, the request will be rejected. Once the
authentication negotiation succeeds, the DH-CHAP authentication will be initiated.
If DH-CHAP authentication fails, the port is disabled and this is applicable in all
modes of the policy.
Revision 0110 9 - 51
CFP380 Internal Use Only Fabric Security
Device Authentication
• Device authentication policies can also be categorized as F_Port,
node port or HBA authentication policies
• Check vendor HBA compatibility matrices for protocol support1
• Device authentication on the switch supports two modes2 :
- Off- Authentication is not required
- Passive - Authentication is optional
Certificate
Revision 01 10 9 - 52
CFP380 Internal Use Only Fabric Security
Revision 0110 9 - 53
CFP380 Internal Use Only Fabric Security
BROCADE
EDUCATION SOLUTIONS
Revision 0110 9 - 54
CFP380 Internal Use Only Fabric Security
DCC Handshake
• During the login, the PWWN of the device is checked against the
DCC policy and either permitted or denied access
Revision 0110 9 - 55
CFP380 Internal Use Only Fabric Security
BROCADE
EDUCATION SOLUTIONS
Revision 0110 9 - 56
CFP380 Internal Use Only Fabric Security
o r- 0 Powe< 0
~
~
~
~
~
~
~
~
~
~
-
Sw1tchAdm1n
'!.'I DEV_ST01_DCX - Switch Administfdtion
PonAdmln
gB Admin Donulln
- - --- ·-··----··-·-··-· -··-·-·-·-·-·-- · -·-·-·--·-·------- - ...... -- ... _.. .... -·
1<t; FCR ::.1 DEV_ ST01_ DCX - Switch Administ ration
M Fabric IV
~ow Basie LI~
Wontor
IZI Perform Sw•chllama oev_STOl_OCX DomanO 4(0X4) WIMl 1000000S 1e43.1800 ft.'Od 09 2009 20 09 3S GUT-00 00
PV6
Status
Ad.Ne
r
PV• Aar1e
Revision 0110 9 - 57
CFP380 Internal Use Only Fabric Security
fWCP
Ell>emel IPSec
delaul_~
de!au ...pv•
PV6
PV• j
En:er Clone PollCy nal!'e 11ew d: =:J
=:J J
guidelines
!:••eel
Configure
Swtell
Revision 0110 9 - 58
CFP380 Internal Use Only Fabric Security
1 I A)'
2tny Rllle Order
lany RPCOl891
4 H)' SfCURERPC Source P Address l t92. 168 I s(j
'""
--
Sany SU-PtRPC/111 ICO
..,.
-
6 1fl)' Wl/AWSQ
7 1ny !llTPS/U) lcp
Protocol lcp
8 1ny SllUPll61
""•
..,.
..,.
-
9 •ny s.~mRPCt111
ACIJOn
10 any 123
II ony 600-1023 lcp
121ny 600-1023
""•
Revision 0110 9 - 59
CFP380 Internal Use Only Fabric Security
Create Poley ... Edi Poley ... Show Poley ... Detele Poley acne Polcy .. Adlvele Poley
~ Oistrb.tlon 0
tems: 3 tern Seleded: I
Flier Nonie
defOUll_lpv 4 PV4
defOUll_lj)v6 PV6 01str1bute Pohcy Conf1gurat10n
~Show IP Filler Pohcy
0 Ob:lrb.te to el the P FAer $141P0<1ed swtclle$
:s0
18
10:00;00:05.1 •d13".e«e«,RSl.6-ST03-"20(£)ft
moo.oo:os.10:11':24'8c(RSl6-ST03-4100)
10:00:00:05:1e:36:2d2(RSL6-ST03-4$()
010:00:00:05:1o:90:00:7~6.ST03-5000)
TB.r.ETl23
~7
~
SUffC/111
WWWll!IJ AddAI>>
HTTPSJ443
SUffC/111
123
Revision 0110 9 - 60
CFP380 Internal Use Only Fabric Security
COnft!µe RO<Alng Eldencled F-.C AAA 5erY'ce Trece f1CON 0.. _ ,,y -
Swlch Netwon Frmwere ~...- • __. Ucense
°"'
Acee
Pole)
Seledl'olcy(s)
1. Select l'lllity
r·
IPFitte,- f -
Ethc rnct IPSoc 2. Edit l'lllicy
l sec
Revision 0110 9 - 61
CFP380 Internal Use Only Fabric Security
I~=:n Jt----
3. DCC Policy
Defnod P<>lcy S<lt
Co1u1f&W'3tion
Conli&w-ation '°
<>
~Q!Ml!!,O'IJ'!Jltd~-ll
1 0:00.00:05..1e:0er;6f Ta(R11.ST02..e30)
5. Coalflnnation
.......
Revision 0110 9 - 62
CFP380 Internal Use Only Fabric Security
nu wtl creala a ~ poky for oech port il the fetric loc:ldng II down to t he device cornactnd or
l. Selec t Pollcy creeOng en ~ policy to dselow tJnf device to be connected to c Thb cen be done ontv when
2. s ec Polley
Co n.fig uration
~- DCCPollcy f--~-..=::=~~==,
1 lhef-e ere no oth« DCC polcies defined on the swtlch.
Creele
I FCSPolley
• Conllgw '1tloll _
4.
DCC Policy Configuration Dialog
- - - -
S. Cottllrmatlon
DCC Policy Name DCC POLICY name
Revision 0110 9 - 63
CFP380 Internal Use Only Fabric Security
l. Select Policy 0 Ttis wt aeete a FCS Policy heWlg el swlctoes W'l lhe IDie.
Ttis can be dooo>only wh!n there ls no FCS Poley defnect on Ille swlch.
3. DCC Policy
Configuration
1.$'TO'l.SSl(1, 10JXlOQ_05.le..7e..dl91)
1.sTD2~, IQOOOOO:S..le.Dllf.il le)
5. Confll1.lliltion
Revision 0110 9 - 64
CFP380 Internal Use Only Fabric Security
f"nnware~
Wide Consistency policy to strict and
R2Wl!I •
Al_L~
_ °'*
~-----~ LoglcelSWCcties insistent domain ID.
8 <P rsH 1_$12 i;:nctyptlon
s @swcc:n
13 VR11-ST02· 351~-----'-I' l'~'NNH ~SltelA ~Ac:Clot\
1000;oOos.1E:OA. ~- ..,--. -~,.lbne8frica'lg
20:01:
tO:Gloa:coao ~ t' ~r.1ine~
Ji 20:02:Wif!.I""~
20:0A;
~ 2200:00
Ji 20:05:00:
.
8 0 .(p rs111 _st2_m44 1--
[ICCN
------1
El 0R11-ST02-MCC Ml!mberlhPLal Oii r9" l_.1(2~4
4 10:00:00:05. 1 Alow*'rolti Malt\!!. Nenie _. Node'WllH DDrMn 0
0 21;00:00:20:371--
Potl
...;;._
Gf_....,.
_ _ _---! lt11.Sl0:2.830 1000.0Q:OS: 2 ,.,,_.st2 10-~ ft1 t .ST02.830 tO;OQ.OO;OS; 2
fCTr~ R1t-Sl02-8$1 1000.000S:
R11-sT02,,W.W 1000.0900
'
91(1) ...,,_...........
t#11J(Z tel ft1t-Sf02....... 10.00.oe-m. 97(1)
f'Tr~
<4
I
~====1 ·
Revision 0110 9 - 65
CFP380 Internal Use Only Fabric Security
FC~cn
lools
g:E Swtcn
_, 11$
.
1-=:.:.::..:.~~__:•..,........,,.._~
•
~
Restore
____,r_., Name
. '
L Overview
3. Select Source Select the source swtcn below. T1he selected swtcn wl provide the con•
l. Overview To modify the confogurel<ln one swccn, select e SWllcn end did( Modify t
Switch
Con Cnnfi•mmlin
4. Select
Type
IEl o ~ ,.,11 _s«)S rstl1_st05
0 R11·ST11-830 SWlcn DOif
======t=========~ 3 . Select Source
R11.ST11-830
0 R1 1.sr11.es1 R11-sr11-es1 swccn oou
Switch
4. Select
Revision 0110 9 - 66
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 1
CFP380 Internal Use Only FCIP Appendix
Objectives
• After completing this module, attendees will be able to discuss:
- FCIP concepts and terminology
- FCIP infrastructure
- FCIP as a means of extending the SAN beyond the physical
boundaries of the Data Center
Revision 0110 10 - 2
CFP380 Internal Use Only FCIP Appendix
Footnote 1: Distances that utilize native FC can span 500km; these solutions
incorporate dark fiber, C/DWDM, and form a single fabric.
For additional FCIP details, reference RFC 3821 - Fibre Channel Over TCP/IP
(FCIP).
Brocade does not recommend FCIP for use in every distance extension scenario:
no technical solution can be all things to all people. FCIP has inherent performance,
reliability, data integrity, and manageability limitations when compared to native FC
solutions. Delay and packet loss may create bottlenecks in IP networks. FCIP can
support very long distances, as long as the carrier network is extremely high
performance and reliable. FCIP is typically deployed when long-haul applications
are not business critical, and do not need especially high performance. FCIP may
not be suitable for tape, since tape usage will often fail i·f packets are dropped. In
addition to its performance limitations, FCIP troubleshooting and performance
analysis requires evaluating all aspects of the IP LAN and WAN networks in addition
to all FC nodes, switches, and routers, which can make it more complex to manage
than other extension options.
Revision 0110 10 - 3
CFP380 Internal Use Only FCIP Appendix
FCIP - Overview
• The Fibre Channel-over-IP (FCIP) protocol connects Fibre
Channel switches over a IP-based network
- IP packets generated by an FCIP-compliant port are 1Pv41 compliant,
so that they can navigate any IP network to reach the destination
end point
- Implementation uses standards-based TCP, it interoperates with
regular network equipment
Server
FCIP Platform
FCIP
(Bladed)
Platform
Revision 0110 10 - 4
CFP380 Internal Use Only FCIP Appendix
Server
Revision 0110 10 - 5
CFP380 Internal Use Only FCIP Appendix
7500E Upgrade
Capability 7500 7500E
license
" ,, -{'. ,·,
Redundant Power Supplies and Fans :ij; -
Hardware-based Encryption .. ~ -
FC Tape Pipelining (over FCIP) . ·~ - "'
FICON (Disk and Tape)
,,
-** -** "'
-**
FC-based Extension with FastWrite TM ~ -
Qualified for local FC swiitching /;(; -
"'
FC Routing between fabrics
'
''
-~ ~ - "'
Call Home ·~ - "'
FC Routing for Fault Isolation '·'ti: "'.
Per GE Port Rate Limiting (Throughput
( l.'ptofG . \l;'J. 9iR;!"'f• • Up,to ilG
Throttling) J
f,..
~11
#of FC Ports ..... 18 '" I,··
2 ,
.··;l"~Ti:&.;; .c.. ....
;:;·:;;;~~z..~ ~
Connections or Tunnels (Remote Sites) .~·~·.~ llf\'-'9'.~'f ~j
Hardware-based Compression ~r.Jir; -
Open Systems Extension w/ FastWrite™ over
fl
"' -
FCIP
Storage-Optimized TCP ~
"' -
"'
Revision 0110 10 - 6
CFP380 Internal Use Only FCIP Appendix
The Brocade 7500 SAN Router and FR4-18i Director Blade are both designed for
FC Routing and FCIP solutions. Both platforms provide 2 Gigabit Ethernet ports (1
Gbit/sec) that support FCIP with 1-8 FCIP tunnels per port. For each tunnel, you can
enable SACK, hardware-based compression, traffic shaping, and FC routing.
Footnote 1: Can be either VE_ Ports or VEX_Ports within the same GbE port.
FCIP tunnels can be created between either of these platforms, but not between a
BrocadeAP7420 and either a Brocade 7500 or FR4-18i. The port hardware used to
implement the FCIP functionality is different.
Revision 01 10 10 - 7
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 8
CFP380 Internal Use Only FCIP Appendix
After FC frames destined for devices at the remote side are encapsulated into TCP
packets, a standard IP header is added to each packet. The packet is then sent to
the next hop (usually an Ethernet router).
Revision 0110 10 - 9
CFP380 Internal Use Only FCIP Appendix
• FC Frame
Revision 0110 10 - 10
CFP380 Internal Use Only FCIP Appendix
frame end marker. The encapsulated frame itself contains a 24 byte frame
header and a 4 byte CRC, plus possible pad bytes and possible optional
headers. It may contain up to 2112 bytes of data between mandatory header
and CRC, so you can see that it overlaps the standard Ethernet frames, which
are like 1018 bytes max.
• Then the FCP SCSI information units have an additional header on them, but
there is only one header for a multi-frame unit. That is specified by FCP-3
(found in the drafts section of www . t 1 o. org ). That header information varies
significantly, since the FC frame header (encapsulated in the FCIP) contains
control information that tells what the format is.
• For additional Ethernet h,eader, trailer information see
http : //sd . wareonearth. com/-phi l /net/overhead/
TCP provides reliable data transport and delivery (TCP Windows, ACKs, ordering,
etc.).
IP provides IP "routing" capability so that packet can find its way through the
network.
Ethernet provides physical network capability (Cat 5, MAC, etc.).
Revision 0110 10 - 11
CFP380 Internal Use Only FCIP Appendix
B FCIP Entity
FCIP_LEP
FCIP Entity
FCIP_LEP I FC Entity I
Storage
Server
M"Wple
FCIP_LEPs
(Tunnels)
{
:
} Multiple
FCIP_LEPs
(Tunnels)
,, I FC Frame I
'Tl
\
(")
FCIP_LEP FCIP_LEP IFC Frame I
0
;::i.
GbE Port GbE Port
FCIP tunnels are similar to FC virtual channels with one significant difference: FCIP
tunnels require IP addresses, a TCP port, TCP parameter and QoS 1information, and
optionally the expected WWN of the other end of the link.
The FC Entity components combine with FCIP Entity components to form an
interface between a FC fabric and an IP network.
• FC Entities contain FC specific components like FPGA's. These Field
Programmable Gate A rray's (FPGA's) determine if
compression/decompression is needed on a packet and if compressions is
needed, they forward to the correct circuitry (HIFN 9360) for
compression/decompression. The FPGA's also handle TxlD translation to
ensure that the IP packet goes to the right TCP connection on the correct GbE
Port.
• The FCIP Entity is responsible for FCIP protocol exchanges on the IP network.
The FCIP Entity contains FCIP control components, at least one and possibly
multiple FCIP_ LEPs (FCIP_LEPs), and an FCIP Data Engine (FCIP_ DE).
- The FCIP control components are responsible for FCIP protocol exchanges
on the IT network.
-An FCIP link end-point (FCIP_LEP) is used to connect one end-point of a
TCP connection to the TCP FCIP LEP at the other end.
- The FCIP Data Engine (FCIP_DE) handles FC frame encapsulation, de-
encapsulation, and transmission.
Once the tunneled FC frames are in the IP network, normal IP network routing
procedures are used to transmit them through the IP network.
Revision 01 10 10 - 12
CFP380 Internal Use Only FCIP Appendix
Before creating a TCP connection to a peer FCIP Entity, the FCIP_LEP needs a
static IP address, a TCP port (TCP port 3225 is used for FCIP COS F traffic and
TCP port 3226 is used for COS 2,3 traffic),. the expected WWN of the other end of
the link, and TCP parameter a nd Quality of Service (QoS) information.
Revision 0110 10 - 13
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 14
CFP380 Internal Use Only FCIP Appendix
You can optionally create a FCIP link for faiilover: create the link, then manually
disable it; enable it on an as needed basis (if the FC connection fails).
Revision 01 10 10 - 15
CFP380 Internal Use Only FCIP Appendix
Physical topology: one port/site FC topology: Based on the FCIP tunnel definitions;
connected to the WAN each switch is connected to the others (loop)
Site 01 S"te 01 ISL from Site 01
to Site 03
As we create the Fibre Channel network topology which would be tunneled across
the FCIP network, remember that the IP network is transparent to the FC fabric. In
the diagram above, the physical topology (shown at the left) has three Brocade
7500s, each with a single GE port connected to the same WAN. The virtual
interfaces (FCIP tunnels), however, connect each Brocade 7500 to the other two
routers, creating the loop FC topology shown at the right.
Revision 0110 10 - 16
CFP380 Internal Use Only FCIP Appendix
In the diagram above, three FCIP tunnels connect two Brocade 7500s. If the
bandwidth on all the tunnels were the same, then each would have the same link
cost, and thus all the tunnels would be used for switch-to-switch traffic. In our
example, though, tunnel 2 has more bandwidth than tunnels 1 or 3. Because the
FSPF link cost for an FCIP link/tunnel is equal to 2000 - (tunnel BW in Mbits/sec),
tunnel 2 will have the lowest link cost (2000 - 100, or 1900). As a result, all inter-
switch traffic will traverse tunnel 2, leaving the bandwidth on the other two tunnels
unused. FCIP tunnels can specify a committed bandwidth as well, so that tunnel
bandwidths can he matched.
Footnote 1: If we had specified an uncommitted tunnel, then the tunnel would be
allocated 1 Mbps bandwidth (it can use up to 1Gbit/sec - committed rate tunnels)
and the link cost would be calculated by taking 2000 - BW (in Mbps) 2000 - 1 = =
1999.
Revision 0110 10 - 17
CFP380 Internal Use Only FCIP Appendix
48000 "A"
E - _,,..-::---
F
-- --
':I:- ------
Physical
Each physical FCIP port on the FCIP ports from
7500 forms two logical IFLs blade in slot 9
r--Fabric ID 02
~ta SAN A Edge)
~
_J l_
r Fabric ID 01
(Meta SAN A Backbon~
I
1 Four 1 Gbit/sec Ethernet ports come from two FR4-18i blades on the chassis
In addition to using FCIP for distance extension, you can also use the FC router
feature to isolate the primary site from potential reliability issues. To accomplish this,
we configured the FCIP ports in Fabric ID 01 as VEX_Ports, and the FCIP ports in
Fabric ID 02 as VE_Ports, creating a routed FC SAN. With the tunneled EX_ Ports
being at the "primary" site. This isolates the primary site from both the "recovery"
site fabrics and from the WAN itself. Each physical FCIP port at the primary site
contains one virtual EX_Port. Each GE port can support up to eight virtual tunnels
per FCIP port today, but in this case the customer only needed one tunnel per port.
Those tunneled VEX_Ports "look" like they form Fibre Channel IFLs from the point
of view of the fabric, even though they physically cross an IP network.
Since there are only two FCIP ports on each Brocade 7500 vs. four each Brocade
48000 chassis, each physical FCIP port on the Brocade 7500 contains two virtual
EX_Ports instead of just one, resulting in the cross-connection depicted above.
Revision 0110 10 - 18
CFP380 Internal Use Only FCIP Appendix
Observe that the two physical FCIP ports on 7500 "A" (domain 02) are labeled "E"
and "F". Each of those ports connects via FCIP to two different physical interfaces
on 48000 "A" (domain 01 ). Those ports - "A" and "C" - are located on different
blades, so that a blade, media, or cable failure or replacement will not cause a WAN
outage for fabric "A". Physical port "E" connects to physical ports "A" and "C" by
using two different logical sub-interfaces.
Revision 0110 10 - 19
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 20
CFP380 Internal Use Only FCIP Appendix
Different applications use protocols with different block sizes to transfer data. Block
access protocols access "blocks" of data in portions that are a multiple of the OS
system block. Consider using the following guidelines to determine block sizes:
Transaction data (4-8k block size); Office automation (16-32k block size); Data
warehousing (64 - 256k block size); CAD/Design (64-128k block size); Multimedia
(512k - 4M block size). Small block sizes of contiguous data mean more 1/0
especially if the data is spread across the disk; large block sizes that don't use all
the space read the whole block just to get a small piece of data.
Applications can be configured to allow multiple outstanding I/Os to occur before
requiring an acknowledgement. The #of outstanding I/O's is typically 1 to 16.
Revision 0110 10 - 21
CFP380 Internal Use Only FCIP Appendix
Revision 01 10 10 - 22
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 23
CFP380 Internal Use Only FCIP Appendix
You should also verify that data compression will not inadvertently affect the data
type or file system. Many data types (images, databases, etc) or file systems may
be already compressed (or encrypted) by their application (e.g. Oracle), and thus do
not benefit from further compression. Remember that compression (and encryption)
have a computational cost and add latency, which could negatively impact
performance.
Revision 0110 10 - 24
CFP380 Internal Use Only FCIP Appendix
..
.... ·.t·... ...... Max: 10 Mbps
,.•• • I
.•.·· I
8(
.•. •·• I
-.~--
,•'
1-~
- GMbps
[~
Non-traffic
Non-traffic shaped
average Effectivej
shaped data
I
1
haped saw-
ooth effect
L Bandwidth
I
------~ Time
A host does not know how much bandwidth is available; most hosts would try to get
as much bandwidth as possible.
• The amount of bandwidth available is variable when there are multiple hosts sending
data through the IP backbone.
• For example, a host may send 2, 4, 8, 16, 32 packets without receiving an ACK from
the other side so as to get as much bandwidth as possible. This would continue until
the congestion threshold (maximum bandwidth of the connection) is reached.
• When the destination requests a re-transmission of frames due to missing frames or
time outs, the source host will slow down. This creates the saw-tooth effect in the
figure shown above.
• The type of applications running on the network also impact effective bandwidth. This
is why integrating storage traffic with other IP traffic of emails, documents, databases
and others is not always the best practice.
In the example above, the maximum bandwidth of the connection is 10 Mbits/sec.
The application attempts to fill this pipe, but as the solid red line shows, each time
the application hits the 10 Mbits/sec maximum, the pipe fills, throttling the
application, and causing the application to halt, resulting in the "rounded sawtooth"
formation. The receiving VE_Port sees the traffic as the dotted "sawtooth" effect,
indicating the 'TCP Slow-Start" effect as the port buffers fill , then empty, then refill
again. The effective bandwidth is only 6 Mbits/sec, so 40% of the available
bandwidth is not being used.
Revision 0110 10 - 25
CFP380 Internal Use Only FCIP Appendix
.. ....
...··..
8(
.•. •·• I
....~----t -.~--
,•'
1-~
- GMbps
[~
I
I .. Non-traffic shaped
Non-traffic average Effectivej
Traffic
Non-traffic
shaped data
:
1
haped saw-
ooth effect
L Bandwidth
shaped cilata
I
Time
C 2009 Brocade Commun cat ens Systems Inc 26
Al I R ghTS Reserved
In the example above, the FCIP tunnel has traffic shaping enabled, with the
maximum bandwidth set to 10 Mbits/sec, matching the maximum link bandwidth.
Now, as the application attempts to fill this pipe, the solid blue line shows the
application hitting the 10 Mbits/sec maximum once, then holding at this bandwidth.
The resulting effective bandwidth (shown as a dotted blue line) is now 9 Mbits/sec,
an improvement of 50% over the non-traffic shaped example.
Revision 0110 10 - 26
CFP380 Internal Use Only FCIP Appendix
FCIP Platform
2148 bytes
'----~~~~~~-73_2_by_te_s~~./
1518 bytes
The default Maximum Transfer Unit (MTU) size of an Ethernet packet is typically
1518 bytes. This is smaller than the FC frame maximum of 2148 byt,e s, so a FC
frame would be broken into two Ethernet packets. The maximum MTU size of a
Gigabit Ethernet is larger than 1518 bytes.
Note that the combined size of the Ethernet, IP, TCP, and FCIP packet headers is
102 bytes (1518-1416).
In the example above , a full-sized FC frame (on the left) is encapsulated in two
standard-sized TCP/IP frames .
Revision 01 10 10 - 27
CFP380 Internal Use Only FCIP Appendix
FCIP Platform
21148 bytes
'---~~~~~~-21_4_8b~yt_es~~./
2384 bytes
The maximum size of 2384 bytes accommodates 2148 bytes of FC frame data and
102 bytes of Ethernet, IP, TCP, and FCIP headers (2384 2148 + 236). =
In the example above, jumbo packets have been enabled on the FCIP platform. As
a result, the FC frame entering the FC port can be encapsulated in a single, 2384
byte Gigabit Ethernet packet.
Revision 0110 10 - 28
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 29
CFP380 Internal Use Only FCIP Appendix
Footnote 1:
Default VC to FCIP QoS Mapping
Low
Revision 0110 10 - 30
CFP380 Internal Use Only FCIP Appendix
1Pv6 Support
• Fabric OS v6.1 +supports 1Pv61 addresses on GbE ports for FCIP
- A GbE port on the Brocade 7500/FR4-18i may have 1Pv4 and 1Pv6
interfaces simultaneously
- 1Pv6 is not supported on the GbE ports on the FC4-161P and FA4-18
blades
• Caveats:
- When an 1Pv6 address is configured on a Brocade 7500 or FR4-18i
GbE port, IPSec may not be configured on that chassis or blade
- Compression is not supported on an 1Pv6 configured FCIP tunnel
- 1Pv6 packets may not be tunneled through an 1Pv4 network
- Tunnels must be 1Pv4 <-> 1Pv4 or 1Pv6 <-> 1Pv6
Revision 0110 10 - 31
CFP380 Internal Use Only FCIP Appendix
Footnote 1: Web Tools and Fabric Manager v6.0 also support 1Pv6 addresses.
Revision 0110 10 - 32
CFP380 Internal Use Only FCIP Appendix
Footnote 1: We will go through the steps to create a VE_Port -> VE_Port tunnel
and then go through them again AND add steps to create a VEX_Port-> VE_Port
tunnel. Note: For VEX-to-VE_Port connections, additional steps are required. We
will focus on the different aspects of the configuration each time.
Create an IP interface on the tunnel, each interface is automatically given an
instance number. Each IP interface requires:
• A static IP address
• MTU size specification
• TCP ports (3225/3226) - Note: these ports are automatically assigned (not
configurable)
Use the IP interface to create an FCIP tunnel. Each tunnel configuration requires:
• A tunnel number (0-7)
• The IP address at the remote end of the link
• A maximum bandwidth allocation value for that tunnel called committed rate
(comm_rate )
Footnote 2: In addition to persistently disabling the virtual FC port, the GE port can
also be disabled.
Revision 0110 10 - 33
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 34
CFP380 Internal Use Only FCIP Appendix
Port 10fge0
(FC port 10/16)
VE_Port ---.. Port geO
(FC port 16)
VE_ Port
Revision 0110 10 - 35
CFP380 Internal Use Only FCIP Appendix
Create IP Interface
• Create an IP interface using the portcfg command with the ipif
operand : portc fg ipi f [ slot /] g e port create args
- Required args for ipif include:
• Ipaddr - Unicast 1Pv4 address
• Ne tmas k - Contiguous 1Pv4 bitma:sk
• mtu size - 1500 through 2348 Bytes
- An MTU size greater than 1500 enables jumbo packet support; you will
get a message warning you to verify that this is supported
• Note: The ipaddrsho w command has unrelated Fibre Channe l
I P Address parameters; i paddr show parameters are used for
in-band management using IP/FC, not FCIP 1
IP Address - Default: None; Range: Unicast 1Pv4 address (formerly known as class A,B,C)
in dotted decimal format. Range is 1.1 .1.1 through 223.255.255.254; Mandatory/Optional:
Mandatory; Disruptive/Non-disruptive: Adding an IP address is non-disruptive. Delete
Request will be rejected for interfaces which have FCIP tunnels on them.
Net mask - Default: None; Range: Contiguous bitmask in 1Pv4 dotted decimal format;
Mandatory/Optional: Mandatory: Disruptive/Non-disruptive- see above (I P Address
information)
MTU size - Default: None; Range: 1500 through 2384 (large enough to contain a full sized
FC data with FC and FCR headers, and FCIP, TCP, IP, Ethernet headers). If an MTU size
greater than 1500 is configured on the Interface, proper steps must be taken to insure that
the entire IP network (all the routers/switches/hosts in the path) support that MTU size.
Here is an example configuring an IP interface with an MTU size greater than 1500, notice
the message:
NDA- T01- 48K : admin> portcfg ipif 10/geO create 192.168.10.0 255.255.255.0 2100
WARNING : You are t rying to configure MTU size greater than 1500 .
Pl ease make sur e that all devices i n your I P
network can support Max Ethernet Size frames
You can a lso use CL! "port c md - - i pperf" to
find out the actual PMTU .
Operation Succeeded
Revision 0110 10 - 36
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 37
CFP380 Internal Use Only FCIP Appendix
• On the Brocade 7500, create an IP interface on port Geo with an MTU size of 1500:
B7500 : admin > portcfg ipif geO create 192.168.23 . 75 255.255.255.0 1500
Operation Succeeded
Setver Storage
Brocade 48000
with FR4-181 Blade
Brocade 7500
WAN
VE_Port VE Port
192.168.20.48 . . . - ... 192.168.23.75
This example creates IP interfaces in two different subnets using two different
mtu size specifications.
The mtu_size does not have to be the same at each end of the link. It specifies an
mtu_s ize for IP packets going out from specified IP interface.
Consider setting Path MTU to the largest size possible and then running IPPerf;
then scale back the MTU size and re-run IPPerf as needed.
Revision 0110 10 - 38
CFP380 Internal Use Only FCIP Appendix
Storage
Brocade 48000
with FR4-181 Blade
Brocade 7500
WAN
VE_Port VE Port
192.168.20.48 . . . - ... 192.168.23.75
The portshow ipif [slot/] port command displays the interface ID, IP
address, netmask, and MTU slide for each IP interface.
Revision 0110 10 - 39
CFP380 Internal Use Only FCIP Appendix
Footnote 1: Static Routes may be configured into the Presto Stack for IP routing on
the GbE WAN side. IP interface must be configured before we add a destination
route on an interface. A maximum of 32 routes can be added on one GbE port (geO
or ge1 ). Route additions do not require tearing down tunnels. The IP address and
gateway parameters use Unicast 1Pv4 address in dotted decimal format (1 .0.0.1
through 223.255.255.254); netmask uses contiguous bitmask in 1Pv4 dotted decimal
format. The associated metric (weight) value range is 0 through 255.
The specified IP address needs to be an actual IP address at the other end of the
link, not a subnet address.
When you create multiple routes to get to the other end of the link:
• To use a preferred gateway specify a metric of 0
• To configure an alternate, secondary gateways specify a higher metric value
• The higher the metric, the less preferred the route
Revision 01 10 10 - 40
CFP380 Internal Use Only FCIP Appendix
• On the Brocade 7500, add a route on port geO to the remote IP interface
192 . 168 . 2 o. 4 8 through local gateway 192 . 168 . 2 3 . 1 with a default metric
of o:
B7500 : adrnin> portcfg iproute geO create 192.168 . 20.0 255.255.255.0 192.168.23.l 0
B rocade 48000
with FR4·181 Blade
Fabnc
B
VE Pon VE_Port
192.168.20.48 • • - • .. 192.168.23.75
Revision 01 10 10 - 41
CFP380 Internal Use Only FCIP Appendix
Fabnc
B
VE_Port
192.168.20.48
--- VE_Port
192.168.23.75
The por tshow ipif [ s l ot/ ] port command displays the interface ID, IP
address, netmask, and MTU size for each IP interface.
Revision 0110 10 - 42
CFP380 Internal Use Only FCIP Appendix
Server Storage
~
Brocade 48000
with FR4-181 Blade
Brocade 7500 -
VE Port VE_Port
192.168.20.48 • - - - 192.168.23.75
Revision 0110 10 - 43
CFP380 Internal Use Only FCIP Appendix
In the example above, a ping command is issued from the new IP interface on the
Brocade 7500, to the new IP interface on the Brocade 48000.The command output
shows that the ping messages are received and returned by the Brocade 48000,
verifying IP connectivity between the IP interfaces.
Revision 0110 10 - 44
CFP380 Internal Use Only FCIP Appendix
Revision 01 10 10 - 45
CFP380 Internal Use Only FCIP Appendix
• - z size: Specifies the size, in bytes, of the trace route packet to use. The
default is 64 bytes. The total size, including ICMP/ IP headers (28 bytes without
IP options) cannot be greater than the IP MTU configured on the interface. This
operand is optional.
Revision 0110 10 - 46
CFP380 Internal Use Only FCIP Appendix
Server Storage
·~·"''°° ~~
Brocade -iaooo
with FR4·181 Slade
Fabric
B
VE Port VE_Port
192.168.20.48 . . - - - 192.168.23.75
Revision 01 10 10 - 47
CFP380 Internal Use Only FCIP Appendix
• - p: The TCP port to use when sending and receiving the test frames. If -s
was specified, this value is the remote port with whom the local port is to
connect; if - R was specified, this value is for the local port to listen for new
connections. Default: 3227
• - z: Default buffer size to use; in bytes. Default: MTU size specified for the
FCIP tunnel.
• If no optional parameters are specified, the command displays the currently
configured values for the specified port.
BW represents what the FCIP tunnel I FC .application throughput rather than the
Ethernet on the wire bytes.
WBW represents what the FCIP tunnel I FC application throughput rather than the
Ethernet on the wire bytes.
Loss(%) is the number of TCP retransmits. This number is an average rate over
the last display interval.
Delay (ms) is the TCP smoothed RTT and variance estimate in milliseconds.
Path MTU is the largest IP-layer datagram that can be transmitted over the end-to-
end path without fragmentation. This value is measured in bytes and includes the IP
header and payload.
In the example above, two switches are connected via FCIP (port geO on 7500, and
port 1 oI geO on 4 8 oOo). After creating IP interfaces on the appropriate GbE ports,
the IP Perf utility is launched, with 7 5 oo as the receiver, and 4 8 ooo as the send er.
The command output on each switch notes the "to" and "from" addresses, as well as
the slot/port indicator (slot 0 is the motherboard on the Brocade 7500).
Revision 0110 10 - 48
CFP380 Internal Use Only FCIP Appendix
Server Storage
Broc1de 48000
with FR4·18i Blide Brocade 7500
VE_PO<I VE_PO<I
192.168.20.48 • - - - 192. 168.23.75
Revision 01 10 10 - 49
CFP380 Internal Use Only FCIP Appendix
Footnote 1: The Address Resolution Protocol (ARP) is the method for finding a
host's hardware address when only its network layer address is known. ARP is
primarily used to translate IP addresses to Ethernet MAC addresses. On the
Brocade 7500 and FR4-18i, address resolution is performed once a virtual port is
configured as an FCIP tunnel and the port is enabled .
The ports how arp [ slot ] /port command output displays the IP address
associated with the given MAC address, and any related flags. In the example
above, we see that port 1O/geO on the Brocade 48000 has resolved the IP address
of the IP interface on the Brocade 7500. The MAC address of port geO is
00:05: 1e:37:3b:be.
Revision 01 10 10 - 50
CFP380 Internal Use Only FCIP Appendix
Footnote 1: The required portcfg f ciptunnel arguments are listed on the slide
above. The optional arguments are discussed on subsequent slides. Changing FCIP
tunnel arguments is disruptive to the FCIP tunnel and therefore to the overlaid FC
Ports.
Footnote 2: If the t unnel_ num is not specified, configuration will automatically be
assigned the next available tunnel number.
Footnote 3: The mandatory committed rate for the tunnel on the GbE port does not
have a default value. The range is: 0 for uncommitted and 1544 Kbits/sec (T1) to
1000000 Kbits/sec for committed.
NDA-ST02-B48 : admin> portcfg fciptunnel 10/geO create 1
192 . 168 . 1.23 192.168.1 . 2 1000000
Available Bandwidth on this GigE Port = 845000 Kbps
Tun nels with uncommitted bandwidth take 1 000 Kbps
Minimum Committed Rate for tunnels is 1544 Kbps
Tunnel Bandwidth Exceeded
Revision 0110 10 - 51
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 52
CFP380 Internal Use Only FCIP Appendix
• -n wwn specifies the remote switch WWN. If the remote WWN is configured,
the switch only accepts the incoming FCIP tunnel with the configured WWN; it
also only initiates a tunnel to the desired switch. If the remote WWN is not
configured, the switch accepts FCIP connections from any other switch.
• -s disables Selective Acknowledgement (SACK): default is on, range is on/off.
Recall that SACK allows receiver to acknowledge multiple lost packets with a
single ack and thus enabling faster recovery. *
• -£enables Fastwrite: default is off, range is on/off. Recall that Fastwrite
allows the local gateway to buffer write 1/0 operations, allowing the FCIP
tunnel bandwidth to be optimized.
• -£ -t enables Tape Pipelining: default is off, range is on/off. Recall that Tape
Pipelining optimizes tape-oriented 1/0 operations. *
*indicates parameters that must be set to the same value at both ends of the
FCIP tunnel, or the tunnel cannot form.
Revision 0110 10 - 53
CFP380 Internal Use Only FCIP Appendix
Fabric
B
VE_Port
192.168.20.48
Tunnel O(Port 10116) --- VE_Port
192.168.23.75
Tunnel O(Port 16)
In the example above, an FCIP tunnel is created between tunnel 0 on port 1O/geO
(FC port 10/16) on the Brocade FR4-18i, and tunnel 0 on port geO (FC port 16) on
the Brocade 7500. For this tunnel, compression is enabled, and the committed rate
is set to 155,000 Kbits/sec, which matches the bandwidth of the OC-3 link that
connects the two sites. This committed rate will prevent TCP slow start issues
related to trying to push more data through a pipe than it is capable of handling.
Revision 0110 10 - 54
CFP380 Internal Use Only FCIP Appendix
Tunnel ID 0
Remote IP Addr 192 . 168 . 23 . 75
Local IP Addr 192 . 168 . 20 . 48
Remote WWN Not Confi gured
Local WWN 10 : 00 : 00 : 05 : 1e : 36 : 03 : 80
Compression on
Fastwrite off
Tape Pipelining off
Committed Rate 155000 Kbps (0 . 155000 Gbps)
SACK on
Min Retransmit Time 100
Keepalive Timeout 10
Max Retransmiss i ons B
Status I nactive 1
Uptime 1 mi n ute , 56 seconds
Revision 01 10 10 - 55
CFP380 Internal Use Only FCIP Appendix
15 15 N4 No Module
16 16 Offline Disabled ( Persistent )
17 17 Offline Disabled ( Persistent )
<Truncated Output>
B7500 : admin> portcfgpersistentenabl e 16
Footnote 1: VE- Ports are virtual E- Ports established over a FCIP tunnel. Some of
the parameters that cause VE_ Ports to segment include domain overlap, zoning,
incompatible fabric parameters. Note that these are the same parameters that will
cause E_Ports to segment (see fabs tatsshow help information).
Footnote 2: In the swi tchshow output above, VE_Port 16 is persistently disabled.
Revision 0110 10 - 56
CFP380 Internal Use Only FCIP Appendix
15 15 N4 No Module
16 16 Onlin e VE-Port 10 : 00 : 00 : 05 : le : 36 : 04 : 06
" B48000 " (downstream)
17 17 Offl ine Disabled (Persistent)
<Truncated Output>
geO id lG Onli n e
Revision 0110 10 - 57
CFP380 Internal Use Only FCIP Appendix
Footnote 1: The VEX_Port configuration steps include .all of the VE_ Port
config uration steps, plus the highlighted steps, step 7 and part of step 8. We will
present only the new steps.
Footnote 2: In addition to persistently disabling the virtual FC port, the GE port can
also be disabled.
Revision 0110 10 - 58
CFP380 Internal Use Only FCIP Appendix
Revision 01 10 10 - 59
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 60
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 61
CFP380 Internal Use Only FCIP Appendix
<Truncated Output>
Revision 01 10 10 - 62
CFP380 Internal Use Only FCIP Appendix
Revision 01 10 10 - 63
CFP380 Internal Use Only FCIP Appendix
Footnote 1: Notice that this is the same output displayed on E_Ports connected to
an EX Port.
Revision 0110 10 - 64
CFP380 Internal Use Only FCIP Appendix
Brocade 48000
with FR4-18i Blade
Fabric
---
Fabric B
A
VE_Port VEX_Port
192.168.W .48 192.168.23.75
Tunnel 1 (port 10117) Tunnel 1 (port 17)
Revision 0110 10 - 65
CFP380 Internal Use Only FCIP Appendix
• The Edge Fabric A, the topo l ogysh ow output shows the FD and
xo1
B48000 : admin> topol ogyshow Metric= 1845 (2000-
/ - - + Domain : 160
3 domains in the fabric ; 155 [155000 Kbits/sec])
I Metric : 1845
Local Domain ID : 10
Domain : l \ Name : fer fd 160
\
Metric : 11845
\ Path Count : 1
Name : fer xd 1 100
\
Path Count : 1 Hops : 1
\
Hops : 2 I Out Port : 10/17
Out Port : 10/17 I In Ports : 1/8 1/15
/
~
<Truncated Output > continued here .... .. Total Bandwidth : 0 . 155 Gbps
(adjusted)
Footnote 1: Notice that the metric associated with fc r _ xd_ l _ lOO is 1 1845;
devices are "routed" towards the translative domain. The metric associated with
front domain 160 (fcr_ fd_ 160) has a committed rate tunnel metric of 1845, or
2000 - 155 (155000 Kbits/sec). If we had specified an uncommitted tunnel, then the
tunnel would be allocated 1 Mbps bandwidth (it can use up to 1Gbit/sec -
committed rate tunnels) and the link cost would be calculated by taking 2000 - BW
(in Mbps)= 2000-1 = 1999.
The 2000 metric was chosen so that these virtual FC Port routing metrics would
look similar to 1 Gbit/sec ISL metrics: start at 2000, if all the bandwidth is allocated
to one tunnel by giving it a committed rate of 1Gbit/sec or 1000000 Kbit/sec then
that tunnel would have the same metric as a 1 Gbit/sec FC link (2000 - 1000 =
1000).
Revision 01 10 10 - 66
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 67
CFP380 Internal Use Only FCIP Appendix
!.dd
PA~e.s' I I
s..t>netMasJc • l~---
MTUSae' i1soo ~
Add J Close ]
Revision 0110 10 - 68
CFP380 Internal Use Only FCIP Appendix
'"' IOl(ICH01·7SOO)
Ill !:II
81 901
10 00000518378185 on
In the FCIP Tunnel tab, the New, Edit FCIP Port, and
Edit Configuration menu items launch the GigE Port .!.l
Configuration wizard
G1gE Port# 0 · Configuration
1Ns wozard wl Qlide you tlY0<.9> Gigf Port cor/91'otlon. n hos the tolowrov steps :
1. Overview
I. Set..., tine locol IP tntetfeceswlich wi be usedbyf<IP Tu:inels
2. Configure IP Interfaces
z. Set..., the IP ROU;os f0< tho do>tlnotloo IP Addresses. lhs st<1> Is cptlonol.
11 no IP Routes are specfied, deld routes wl be used.
3. Configure IP Routes
4. Select TUMel
S. Corfun the GlgE Port settrogs &. save to the switch.
S. FC!P Tunnel Configuration
6. A iU'lmlW'f tJ al the changes made on the <wtch wl be rej>Orted .and
6. Confumation and Save to Switch Ol"'f errors enco.rtered clmO the set i.c> wl be flaooed.
WARXING : GiVf POtt Conllgur- b o cls>uptive process. Doto trOMl'er throucJh the GiVf
7. Report pOtt / fCIP Tunnel moy be Interrupted os o result o( the FlNJSH button oct1on.
The wizard will walk you through the configuration steps displayed above.
Revision 0110 10 - 69
CFP380 Internal Use Only FCIP Appendix
~ ; giJ
~
J fC Perts IGi\ePMs I
I liil Pcr; O •
(W Pcrt I Heath
iiil Pert 2
!iii Pert 3 10 9 Persistent o mine EX· Port N4 Yes Yes lrue tlue
Iii Pert 1 11 10 No_Modute Omlne EX· Port N4 Yes Yes true tiue
Perts 12 11 No_Module om1ne U-Port N4 Yes Yes true oue
Pcrt6
13 12 Online Healthy F·POrt N2 Yes Yes 1rue t1ue
Pert 7
(W Pcrt8 1' 13 Persistent o m1ne U-Port N4 Yes Yes true tJue
Iii Pert 9 15 14 Persistent Omlne U-Port N4 Yes Yes true l!Ue
Iii Pert 10 16 15 Persistent o m1ne U-Port N4 Yes Yes llue liue
iii Pert ti
17 16 Persistent om1ne U-Port Yes Yes false l!Ue
iii Pert 12
Iii Pert 13 Persistent o m1ne U-Port Yes Yes false l!Ue
iii Pert l<f 19 18 Persistent om1ne U-Port Yes Yes false IJUe
Iii Pert 15 20 19 Persistent o m1ne U-Port Yes Yes false tJue
Clil Pert 16 21 20 Persistent Omlne U-Port Yes false
Yes tJue
llill Pert 17
1111Pert18 22 21 Persistent o mlne U-Port Yes Yes false l!Ue
1111Pert19 23 22 Persistent om1ne U-Port Yes Yes false tiue
-~~
Select the port from the list at the left to monitor and manage port-specific general
information, port statistics, and FCIP tunnel information.
[f.:u"i'tsJI <.q Ports J
0 101(NDA·T01·7SO: •
liil Port 0 1.-------
liii Port 1
fdot Ena'! 01 abl !'_ersistent Poorsistent Ennbloo Disable En•.11
Configuration " - • e Enable Disable Irunklng Trunking NPJV
iii Port 2
!iii Port 3
Iii Port 4 General
!iii Port 5
iiil Port 6 Port Number 16
[iii Port 7 Port Name
(m!Port8
l (iii Port 9
Port protocol FCIP
1- (iii Port 10 Port WWN 20:10:00:05:1 e:37:8a:8 5
liii Port ti Port Media
[ii Port 12
liil Port 13 Port Type U-Port
liil Port 14 Allowed Port Type VE-Port
liil Port 15
t
mi
mi
mmPort 17
Bandwidth Allocaled
Long Distance Mode
0 1550
NIA
lilt Port 18 Desired Distance (km) NIA
ii'iJ Port 19
Port status Persistent Disabled
WI Pc.t ZO
t ml Port 21 Controllable Yes
I.ill Port ZZ licensed Yes
ml Port 23
I.ill Port 24 Heatth Oftllne
lilil Port 2S Pnrt Index 16
liil Port 26 Trunking Enabled false
ml Port 27
ml Port 28 NPIV Enabled true
> ml Port 29 Additional Port Info Persistently disabled port
~~~ :? ~
• ___J...!.J • ...!.J
I I AD: ADO User: adOO I Role: A<iMl
Revision 0110 10 - 70
CFP380 Internal Use Only FCIP Appendix
~o
<!> O
The tabrte that Chis- &-'\lr1tch (acflng 11 an FCR) ts part ons knOWn as ltd backbone fabric You can conntct mis S'Mltt'l to 0Che1
fabnu lhrough EX·Pon' These olh.er t11>r1cs are cantd 1ctge fabncs They remain f'IOlated and do not merge'Mth the 1>ac:kbon1 tabnc
AN t.abrtu. tncludmg tht batl<bone fat:lrit, haw Iii uniqu• Fa.blic tD from the FCR pers:pec'fttie
The fabric that this switch (acting as an FCR) Is part of is known as the backbone fabric. You can connect this switch to other
fabrics through EX-Ports. These other fabrics are called edge fabrics. They remain Isolated and do not merge wilh the backbone fabric.
All fabrics. including the backbone fabric. have a unique Fabric ID from the FCR perspective.
An FCR allows sharing of devices between edge fabrics and between the e dge fabric and the backbone fabric.
To share devices between any two fabrics, you must create an LSAN zone in both fabrics containing the WllJNs (World Wide Names)
of the devices to be shared. LSAN zones are configured the same way as regularzones. The only difference between a regular zone
and an LSAN zone Is thatthe name of an LSAN zone should begin with LSAN_ or tsan_ (not case s ensitive) and It should contain
only port WVVN members.
As part of the configuration ofFCR, you should follow the procedure given below. Please note that, to view or
configure other switches, you wlll have lo launch Web Tools on those switches.
1. Ensure lhattne backbone fabric ID of the switch Is the same as that of ol11er FCRs In the backbone fabric. This panel
displays the backbone fabric ID.
2. Ensure that the ports to be configured as EX-Ports are etther nol connected or are disabled.
3. Configure EX-Ports by clicking lhe New task in the !ask bar under the EX-Ports lab. As part oflhis configuration,
supply a fabric ID for the fabric lo which the portwlll gel connected. You can choose any unique fabric ID. as tong as
it Is consistenlfor an EX-Ports Illa! connectto me same edge fabric.
4. Connect the EX-Ports to the proper edge fabric if they are not already connected.
5. Configure LSAN zones on the fabrics thatwlll share devices using the Zone Administration module of Web Tools.
6. View the EX-Ports, LSAN Fabrics, LSAN Zones a.nd LSAN Devices tabs to make sure that your configuration has succeed ed.
Revision 0110 10 - 71
CFP 380 Internal Use Only FCIP Appendix
Revision 0110 10 - 72
CFP380 Internal Use Only FCIP Appendix
The switches that can utilize a Fabric OS FCIP license are the Brocade 7500(E) and
the Brocade 48000 with a Brocade FR4-18i blade.
Revision 0110 10 - 73
CFP380 Internal Use Only FCIP Appendix
Configuration files have virtual port port cf g key values. Even though the
16 FCIP Virtual/ILogical ports exist statically, the portcfg key value pair for
these ports is optional and when not explicitly present in the config file, those
ports will be assumed to have default configuration . Below is a sample
configuration file FCIP section:
KEY VALUE
Port Config Mode
portCfg . SlO . PO . MODE : FCI P
IP Interfaces
portCfg . S10 . PO . IFO : Idx=O , Ip= OxcOa8 14 0a , Mask= Oxffff ffOO , Mtu=2348
portCfg . S10 . P0 . IFl : Idx=l , Ip=Oxc0a8 14 14 ,Mask=Oxf fff ff00 ,Mt u =2348
Arp Entries
portCfg . S10 . P0 . ARPO : Idx=O , Ip=c0a81764 , Mac=00 : 06 : 5b : eb : 35 : ef
IP Routes
portCfg . Sl0 . PO . ROUTEO :Idx=3 ,Ip=Oxc0a81764 ,Mask=Oxffffff00 , Gateway=O
xc0a81401 , Metric= O
portCfg . Sl0 . PO . ROUTEl : Idx=3 , Ip=Oxc0a817c8 , Mask=Oxffffff00 , Gateway=O
xc0a8140 1, Metric=O
Revision 0110 10 - 74
CFP380 Internal Use Only FCIP Appendix
FCIP Tunnels
portCfg . Sl0 . PO . FCIPTUNNELO : Idx= O, Remip=Oxc0a81764 , Locip=OxcOa
8 1 40a , RemWwn=OO : OO : OO : OO : OO : OO : OO : OO , LocWwn=l0 : 00 : 00 : 05 :1e : 36
: 04 : 06 , Comp=l, FWrt=O , CommRt=l55000 , Sack=l , MinRetrTm=l00 , KpAlv
=1 0 , Max Retr=8 , PthMtu =O , WanTOV=O , TapeAcc=O , IKE=O ,I PSEC=O , KEY=O
portCfg . Sl0 . PO . FCIPTUNNELl : Idx=l , Remip=OxcOa817c4 , Locip=Oxc0a
81414 , RemWwn= 00 : 00 : 00 : 00 : 00 : 00 : 00 : 00 , LocWwn=lO : OO : OO : OS : le : 36
: 04 : 06 , Comp= l , FWrt= O, CommRt=l55000 , Sack= l , MinRetrTm=l00 , KpAlv
= 1 0 , MaxRetr=8 , PthMtu=O , WanTOV=O , TapeAcc=O , IKE=O , IPSEC=O , KEY=O
Revision 0110 10 - 75
CFP380 Internal Use Only FCIP Appendix
Footnote 1: Invoke the following commands to delete the tunnel created between
the Brocade 7500 port 17 Brocade 48000 10/17:
• From Brocade 7500: portcfgdefaul t geO ; portcfgdefaul t 17
•From Brocade48000: portcfgdefault 10/geO. Slot 10port17 acts as a
Virtual E_Port, it does not have and VEX_Port parameters to delete.
Note that because geO was defaulted, the FCIP parameters associated with the
connection between the Brocade 7500 port 16 and Brocade 48000 10/16 created
earlier would also be deleted. If the portcfgdefaul t command were invoked on
the Brocade 7500 port 16, the VEX_Port parameters would also be deleted.
Revision 0110 10 - 76
CFP380 Internal Use Only FCIP Appendix
Additionally, check with your Brocade 7500/FR4-18i provider for the latest
compatibility information.
You can additionally use Web Tools FCIP statistics along with portshow
fc i ptunnel and ipif statistical information to examine network characteristics.
One way to try to eliminate certain parts of the network that may be the cause of
packet loss is to do the ping test along various segments along the path. The first
place to start testing is the local "default gateway". This is the first router that all your
data is transmitted to on the network. If there is high packet loss on this segment,
then the problem is localized to your service provider's network.
Footnote 1: Ping may be filtered in the network.
Example networking commands include: ping, netstat , t racerout e , trace r t ,
tcpdump, if con fig , route. Some of these commands are OS dependent.
Revision 0110 10 - 77
CFP380 Internal Use Only FCIP Appendix
See the latest version of Fabric OS System Error Message Reference Manual (Publication
Number: 53-1000046-0x) for the most up to date FCIP error messag ing.
Validate the output of the following commands:
• swi t chshow
• fabricshow
• topo l ogyshow
• portshow
• fcr fabri cshow
• fcrphydevshow
• fcrproxydevshow
• fcrproxyconfig
• fcrtrou teshow
• fcrxlateconfig
• f cr r esou r ceshow
• l sanzoneshow - s
• fcp i ng
• portcmd --pi ng
The supports ave command output includes information from the following CU
commands: fcrproxydevshow , fcrphydevshow , portcfgexport, fcrxlateconfig,
fcrrouteshow, lsanzoneshow and fcrfabr i cshow.
Revision 0110 10 - 78
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 79
CFP380 Internal Use Only FCIP Appendix
Summary
• In this module, we discussed:
- FCIP concepts and terminology
- FCIP infrastructure
- FCIP as a means of extending the SAN beyond the physical
boundaries of the Data Center
Revision 0110 10 - 80
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 81
CFP380 Internal Use Only FCIP Appendix
BROCADE
EDUCATION SOLUTIONS
Revision 0110 10 - 82
CFP380 Internal Use Only FCIP Appendix
A Virtual LAN is a logical or virtual LAN network within a single physical network, or
logical network that can span several physical networks.
• A traditional LAN requires all devices within a network to be part of the same
broadcasUmulticast domain, and thus, the same LAN boundary. This may force
unrelated devices and applications to be part of the same domain. It may also
force related devices that are in physically separate domains to be routed from
one domain to the other.
• In a VLAN, devices that were traditionally part of different LAN boundaries can
now be a ,,member' of a single network. In contrast, larger physical networks
containing many devices can now be broken down into multiple smaller
networks.
• VLANs are enforced on layer 2 Ethernet switches. In comparison, the
Differentiated Services feature introduced in Fabric OS v5.3 is enforced on
layer 3 Ethernet routers.
VLANs are defined in the IEEE 802.1Q standard.
Revision 01 10 10 - 83
CFP380 Internal Use Only FCIP Appendix
EtherType = TCI
Ox8100
Footnote 1: The IEEE 802.1Q standard does not encapsulate the Ethernet frame in
another header. Instead, 802.1 Q uses Ethernet II framing, also known as DIX
Ethernet (named after the major participants in the framing of the protocol: Digital
Equipment Corporation, Intel, Xerox), to define an upper- layer protocol. Switches
that support Ethernet 11 framing interpret the two-byte field that follows the
destination and source addresses as an EtherType that immediately identifies an
upper-layer protocol.
Revision 01 10 10 - 84
CFP380 Internal Use Only FCIP Appendix
EtherType = VLANID
Ox8100
Footnote 1: The VLAN ID (VID) is a 12-bit field that specifies the VLAN to which the
frame belongs. A value of 0 means that the frame doesn't belong to any VLAN; in
this case the 802.1Q tag specifies only a priority and is referred to as a priority tag.
A value of OxFFF is reserved for implementation use. All other values may be used
as VLAN identifiers, allowing up to 4094 VLANs. On bridges, VLAN 1 is often
reserved for management.
Revision 0110 10 - 85
CFP380 Internal Use Only FCIP Appendix
EtherType = 0 VLANID
Ox8100
Footnote 1: The Class of Service (CoS) value is a 3-bit field within a layer 2
Ethernet frame header when using VLANs. It specifies a priority value of between 0
(signifying best-effort) and 7 (signifying priority real-time data) that can be used by
Quality of Service disciplines to differentiate traffic. Unlike Quality of Service (QoS),
traffic management protocols like Differentiated Services, Class of Service
technologies do not guarantee a level of service in terms of bandwidth and delivery
time; they offer a "best-effort". On the other hand, Cos technology is simpler to
manage and more scalable as a network grows in structure and traffic volume. One
can think of CoS as "coarsely-grained" traffic control and QoS as "finely-grained"'
traffic control.
Footnote 2: The Canonical Format Indicator (CFI) is a 1-bit value that is always set
to zero for Ethernet switches. CFI is used for compatibility between Ethernet and
Token Ring networks. If a frame received at an Ethernet port has a CFI set to 1,
then that frame should not be bridged to an untagged port.
Revision 0110 10 - 86
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 87
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 88
CFP380 Internal Use Only FCIP Appendix
Revision 0110 10 - 89
CFP380 Internal Use Only FCIP Appendix
B48000 : adrnin> po l icy --crea te ipsec 10 -en c AES-256 -auth AES-XCBC -secli f e 4 3200
B7500 : adrni n> pol i c y --cre a t e ipsec 10 -enc AES-256 -au th AES-XCBC -seclife 43200
Disp l ay/ delete one/all IPSec policy : policy --s h ow/--del ete ipsec [<policyID>] lal l
Revision 0110 10 - 90
CFP380 Internal Use Only FCIP Appendix
Revision 01 10 10 - 91
CFP380 Internal Use Only FCIP Appendix
Brocade 48000
with FR4-18i Blade
Brocade 7500
WAN
Fabric
B
VE_Port
192.168.20.48
Tunnel 0 (Port 10/16) -- VE_Port
192.168.23.75
Tunnel 0 (Port 16)
In the command above, FCIP tunnels are created on the Brocade 48000 and 7500,
using the same tunnel IDs, remote IP address, local IP address, and committee
rates are used. On both switches, IPSec policy 1 O and IKE policy 11 are selected,
and the IKE key is ipsec123456789.
Reminder: Create policies and configure security related parameters over a secure
link.
Revision 01 10 10 - 92