Zoning in Brocade FC SAN switch for beginners

Dear reader, Welcome to the fiber channel world.

When you are learning Storage Area Network and
Storage technology the instructor will often talk
about zoning and zones. Data access from a
centralized location to hosts in data centers is
achieved using a switched network. Zoning allows
us to create a path from host to a storage array. In
other words, zoning is a process in which the
fabric is logically partitioned. In this article, we
discuss what is zoning and how it is done on a
Brocade switch.

F iber Channel switch is a networking device which enables a large

number of hosts to connect with one or many storage arrays. A storage

array can be directly attached to a host. Due to the limited number of
ports available on the array, a switched network is necessary for it to
connect to a large number of hosts. A switched network is a high-speed
network with one or many fiber channel switches. This switched
network is referred as Fabric. In a fabric, the initiator will be able to
reach a target that is across many hops. Each switch will at least
connect to another switch and it is called an ISL (Inter-Switch Link).
Please keep in mind that what we discuss in this article applies only to
SAN fabrics and switches using fiber channel technology. Most people
will refer to a single switch as a “fabric” this is simply wrong. The fabric
is virtual and not physical. Therefore, a switch is a fabric device. One or
more switches form a fabric.

Why Zone?

Typically most SAN switches will have at least 8 to 16 ports. At most

SAN directors will have the ports more than 250. In a traditional data
center, fabric and the storage array is given more importance and are
always redundant to avoid unexpected and unnecessary downtime. A
single switch with 8 ports can connect to 8 different devices or 4
devices (two connections per device for redundancy). What if the
switch itself goes offline? In that case, nothing can be done. Therefore,
even a small server room with SAN fabric is designed with two or more
switches for redundancy.

Why zone? The answer is, to be able to avoid unnecessary traffic

between devices participating in fabric and to enhance security. By
creating zones we are logically partitioning the fabric so that the
communication happens only with the intended devices. Most popular
vendors of storage networking are Brocade and Cisco. Devices from
both these vendors do the same thing but the configuration greatly
varies. In this article, we discuss how we perform zoning in fiber
channel switches manufactured by Brocade. Before jumping into the
procedure let’s spend some time to understand the basics of zoning.

Basics of Zoning

Each device in a fiber channel fabric will have a unique Word Wide
Name (WWN). WWN is a unique identifier which is burned into the
hardware. Each vendor gets their own identifier. It is a 64-bit address.
It is similar to an MAC address that you find in a NIC. There are two
types of WWNs,

 Word Wide Node Name (WWNN)

 Word Wide Port Name (WWPN)

What this means in terms of zoning is that we can identify devices in

fabric using WWNN or WWPN. The idea is to bind WWPN’s of
intended devices (ports) together. This binding is called zoning and it
enables the devices to communicate with each other. The following
picture describes our environment for which we are going to perform
zoning. The steps illustrated in the article must be performed on the
switch shell access. If you are by any chance logged in to the GUI, login
to switch using SSH or Telnet.
Preparation

When you access shell of a device you carry a great responsibility.

Executing wrong commands or typos will cause adverse effects, In
order to avoid such mistakes, we must note down the WWN’s of the
device which we are going to zone together and must decide on naming
convention for them. Most IT organization follows a uniform naming
convention. To see the devices which are logged into the switch the
following commands can be executed,
switch:admin> switchshow

The output of this command can be seen in the following image,

The 10:XX:XX:XX:XX:XX:XX:XX that you see on the image is the
WWPN of the device connecting in that port. It can be a storage array,
HBA port or another switch. We will use this WWPN of the connecting
device to zone with another. As an example let’s assume the following
values,
Switch Port 1 – HBA1 - 10:00:ff:05:1e:4b:d5:30Switch Port 2 – HBA2
- 10:00:ff:05:80:00:48:a5Switch Port 12 - Storage Array port1 -
50:01:10:80:00:ad:33:e8Switch Port 13 - Storage Array port2 -
50:02:10:80:00:ac:f5:54

In the next step we are going to zone HBA1 with Storage Array port 1
and HBA2 with Storage Array port2.

Brocade Switch Zoning Steps

The WWPN that we just noted down is not easy to remember and it is
not easy to type while zoning. To reduce the complexity and to avoid
error we create an “Alias” for each WWPN or a group of WWPN’s. Alias
is a logical group of a single WWPN or a number of WWPN’s.

Step 1: Let’s assign an alias for each WWPN Following is the syntax,
switch:admin> alicreate “HostPort1”,
“10:00:ff:05:1e:4b:d5:30″switch:admin> alicreate “HostPort2”,
“10:00:ff:05:80:00:48:a5″switch:admin> alicreate “StoragePort1”,
“50:01:10:80:00:ad:33:e8″switch:admin> alicreate “StoragePort2”,
“50:02:10:80:00:ac:f5:54″

To verify run command, alishow “HostPort1” and so on.

Step 2: Now we are going to create two zones with two aliases in them
(1 host port and 1 storage port)
switch:admin> zonecreate “zone1”, “HostPort1;
StoragePort1”switch:admin> zonecreate “zone2”, “HostPort2;
StoragePort2”To verify run command, zoneshow “zone1” and so on.

Step 3: Next step is to create a configuration which will hold the zones
that we just created. The following command creates a configuration
named “AppServer” and then adds both zones to it.
switch:admin> cfgcreate "AppServer", "zone1;zone2"

Final Step: Now that we have created a configuration we must enable

it for it to act, following syntax enables AppServer configuration. At
any given time there can be only one active configuration. But in switch
database, there can be multiple.

Zoning In Brocade SAN Switch

January 7, 2020 by Atish patel Leave a Comment

In this post, we will discuss Zoning in the Brocade SAN switch. In addition to the
definition, we will discuss the commands for zoning in the Brocade switch.
Zoning In Brocade SAN Switch
You can also refer to our post on Zoning in Cisco MDS Switch.

Important Terms Brocade SAN Switch Zoning

Lets first discuss some of the common terminologies that are used in Brocade Zoning.

What is WWPN?

WWPN stands for World Wide Port Name. Each port in the SAN network has a
unique WWPN of a 64-bit address. In SAN network ports are identified by its
WWPN. Below is an example of WWPN
Ex : 10:xx:xx:xx:xx:xx:xx:xx

You can refer to the post on types of FC ports.

What is FC Alias Name?

Alias Name In Brocade SAN Switch is the human-readable name of WWPN. WWPN
is 64-bit addresses and difficult to remember. Hence a storage admin creates an alias
name for WWPN.

What is Zone Brocade SAN Switch?

Zone in Brocade SAN Switch is nothing but a grouping of alias members. Zoning
basically creates a secure path between two end devices for FC communication. These
members are FC alias name of Host WWPN and Storage Array WWPN.

What is an Active Zone?

Active Zone Configuration in SAN Switch consists of active zones. It means if a zone
is part of active zone config then only interaction happens between the zone members.
In a fabric, only one zone config can be in an active state.

Prerequisite Of Brocade Zoning

Before we start zoning we must collect the necessary information. Below is the
checklist you must collect before doing zoning.

 SSH Or GUI connectivity to Brocade SAN switch

 Server Name For Zoning
 WWPN  of Server HBA Port
 WWPN of Front End Storage Array Port

Steps Of Zoning in Brocade SAN Switch

Once we have the above information. Below are the steps we need to perform. These
are the overall steps of zoning in the brocade switch. In the next section, we will about
CLI commands for zoning.

1. Check Connectivity of HBA Port To Fabric.

2. Create FC Alias Name For HBA Port WWPN and Storage Array Port WWPN.
 3. Create a ZONE and add alias members.
4. Add the zone to active configuration zone
5. Save the active configuration zone
6. Enable active configuration zone

The above step may differ if you have additional features such as Enhanced zoning in
your Storage Area Network.

CLI Command for Brocade SAN Switch Zoning

You can also perform zoning via the command line. You need to use putty to connect
to the SAN switch. Below are steps to perform on CLI to create zoning on the
Brocade SAN switch.

1. Check Connectivity of HBA Port To Fabric.

nodefind 10:xx:xx:xx:xx:xx:xx:xx

2. Create FC Alias Name

alicreate “host1_hba1”,”10:xx:xx:xx:xx:xx:xx:xx”
alicreate “storage_hba1”,”50:xx:xx:xx:xx:xx:xx:xx”

3. Create a ZONE and add FC alias members.

zonecreate “zone1”, “host1_hba1; storage_hba1”

4. Add the zone to active config zone

Before we add the zone to the active config zone, we have to find it by executing the
below command.

cfgactvshow | more

You can find the active config zone at the top of the output. Once you find it now you
can add the zone into it.

cfgadd “activecfg1”,“zone1”
5. Save the active config zone

cfgsave

6. Enable active config zone

cfgenable “activecfg1“

Today’s Question on Zoning In Brocade SAN Switch

Now a tricky question for you guys. Do some research and let me know your answer
in the comment section.

1. What is the purpose of cfgsave command?

2. What will happen if the cfgsave command is not executed?
Basic configuration to a fiber switch
(Zoning)
Hector Herrero / Various / Brocade, Fiber, Fibre Channel, HP, SAN, Switch, Zone, Zoning /
28 the July, the 2009

This document shows how to make a very basic configuration on a fiber switch, based on zoning
and how to set access permissions between the HBA's (Host Bus Adapter) servers and HBA's a
storage array. This example is based on an executed configuration for VMware ESX
environment, four servers have two HBAs each against a cabin that also has two cards. All this
will be joined by two switches, each HBA in each server to a switch (logically).

In this drawing looks more or less the environment set, well targeted is essential to have the
Node Name or World Wide Node Name (WWNN) and Port Number o World Wide Port Number

(WWPN) each of the adapter, since it is totally necessary to distinguish who is who 

I said, WWPN and WWNN the aim of each server and cabin, to set up zoning on the Fiber
switch, With this get secure our environment, restrict interference and easier and understandable
administration in the future. Not to be confused with cabin level assignments on a LUN, which it
is similar or the same function, but combining both configurations will obtain the best
configuration for a SAN environment. Good, how in this scheme I have two switches, all the
settings you have on a switch have to perform on the other, but with different data (WWPN,
WWNN, Name (s, alias…)
We connect the switch to a browser, will have set before you an IP address for console or
directly in the manufacturer's manual will tell us what your IP default

We introduce the user and password connection, switch my default userid and password. “OK”,
This would be the configuration console, where we see the switch, ports used, their status and
other settings. click on “Switch Admin” for a couple of basic settings,
How is rename the switch or change the IP address, firmware update you and have all the
switches with the same version, get more licenses or change the user's password USERID or
create more users for management. All this we will do the tabs “Switch”, “Network”, “Firmware
Download”, “License” or “User”. We make the changes we are interested in and click “Apply”,

Any changes we make will notify us and we have to record, To do this because we confirmed,

We already have the correct name (x example),

If we go to “Port Admin” we can manage switch ports individually,

For example, there are certain ports that we still need, are disabled by default, in this case is a
switch of a BladeCenter and external ports have them disabled, so we enable those who interests
us, right click “Persistent Enable”. In this case you do not see any server that is connected to any
port (or internal) That's because they are not charged directly drivers of the HBA or S.O. to lift
the connection, or directly is not wired! XD
We say yes to enable the port that interests us, which in this case is where I will connect my
cabin,

When enabled and I acknowledge that the harbor is 'Online', which it is the type Fabric Port…
we close.
And the main configuration is in “Zone Admin”, where we set the switch areas, that is, which
devices can see what devices.

Tab “Alias” we all devices connected to our switch, in my case are four servers with Qlogic
HBA, the other four are logically Qlogic HBA's on the other switch; and another storage array.
Here you have to configure that, the alias of the HBA's, to make it easier to understand the areas
to be set.
So first click on “New Alias”,

Indicate the name / alias that will help us understand what we are talking HBA, in my case
having an IBM N3300, with two controllers (UP and DOWN for me) the controller called 0a, as
my alias is N3300_DOWN_0a (for example) we give “OK”,
Select said HBA, we give “Add Member >>”
Ready, we have that alias with that member.
And now have to perform the same task with so many HBA's have, “New Alias”,

Alias name… “OK”,

As before, select the HBA in question & “Add Member >>”
Cast, and all…
Once we have the alias configured, create zones, that is, We allow connections between the alias,
click on the tab “Zone” and create a new zone “New Zone”,

Indicate a zone name, in this case I will call ZONA_ESX01, and allow traffic between the HBA
server ESX01 cabin and storage. “OK”,
So aliases, ESX01 selected alias alias server and storage array & “Add Member >>”,
After setting this area, we set up the other areas that interest us, this is, all flows of interest we
have, in this environment logically only be traffic / access between each ESX server with cabin,
but not between servers ESX. So we keep setting areas, “New Zone”,

The name of the area, “OK”,

Add members…
Ready, and continue with the rest…
Once created zones, We create an overall configuration of all, we enable store and said
configuration. For it, We go to the tab “Zone config”,

Indicate a name global configuration, in my case the name of the switch “CONFIG_SW10” (or
the most appropriate Believe), “OK”,
We select the areas that we have created and added as members of this configuration, “Add
Member >>”,
Store all settings from “Save Config”,

“Yes” to confirm that we recorded the configuration of the area,

And now we enable that to take effect. If you look default it is all allowed traffic and therefore
not optimized, idica us “Effective Zone Config” is “Default, All Access”.

Select the configuration you just created and “OK”,

“And” to confirm and enable this config,

And ale, we would have our well switch configured to control access.
If we go to “Port Admin” We see the port status,
And now that I have raised all teams are if they are complimentary or not, and other useful
information.