Tuesday, June 25, 2013

Zoning - (Storage Series Part-5)



Zoning
######

- Controls which initiators can talk to which targets

- Zoing in required, not optional

- Default zone policy is to deny everything in Data Plane

- Default zone policy can be changed per VSAN or for entire system but not recommended

> zone default-zone permit vsan 1

> system default zone


# Soft Zoning
=============

- Initiator registers with FCNS to get zoning

- Zoning enforced in the control plane but not data plane

- Initiator could manually mount the wrong target if Target FCID is known in prior


# Hard Zoning
=============

- Initiator registers with FCNS to get zoning

- Zoning enforced in the control plane & data plane

- Initiator cannot manually mount the wrong target if Target FCID is known in prior

Hard Zoning is default in NX-OS and SAN-OS


# Zone Vs Zoneset
=================

- Zone is used to create a mapping for access based upon WWPNs, FCIDs, Aliases, 
  Interface, Domain-ID etc

- Zones are then grouped together in a Zoneset

> Zoneset is overall ACL and Zone is an Access Control Entry

- Zones are applied to VSAN and then activated

# If zone is just configured and not activated - it's called a Zone Set. But when activated
   it's called Active Zone  Set. So this is how Zone set Vs Active zone set could be different

# Any changes made into Zoning doesn't go into affect unless Zoneset is re-activated

- Only one zoneset per VSAN can be "Active" in the fabric at a time

- By default only Active Zone set is advertised into the fabric not the full zone set which 
   can cause Isolation   between Switches because of having different copies of zone sets.

- sh zone status vsan 1

- sh zone

- sh zone active

- sh zoneset

- sh zoneset active

- clear zone database vsan 1

- zoneset distribute full vsan 1 ( Global mode)

- zoneset distribute vsan 1 (Exec Mode)


# Zone Config
==============


zone name ABC vsan 30 < Create Zone
 attribute read-only < Only Supported on MDS
 member pwnn
 member pwnn
 exit

zoneset name XYZ vsan 30 < Create Zoneset
 member ABC
 exit

zoneset activate name XYZ vsan 30 < Activate ZoneSet

HTH...
Deepak Arora
Evil CCIE
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)