Manuel d'utilisation / d'entretien du produit 53-1003126-02 du fabricant Brocade Communications Systems
Aller à la page of 104
53-1003126-02 15 August 2014 Access Gateway Administrator's Guide Supporting Fabric OS v7.3.0.
© 2014, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, Brocade Assurance, ADX, AnyIO, DCX, Fabric OS, FastIron, HyperEdge, ICX, MLX, MyBrocade, NetIron, OpenScr.
Contents Preface..................................................................................................................................... 7 Document conventions...............................................................................
Access Gateway policies overview............................................................... 51 Displaying current policies ............................................................... 51 Access Gateway policy enforcement matrix ................
Disabling F_Port trunking.................................................................... 78 Monitoring trunking ............................................................................. 78 AG trunking considerations for the Edge switch.......
6 Access Gateway Administrator's Guide 53-1003126-02.
Preface ● Document conventions...................................................................................................... 7 ● Brocade resources.............................................................................................
Convention Description value In Fibre Channel products, a fixed value provided as input to a command option is printed in plain text, for example, --show WWN. [ ] Syntax components displayed within square brackets are optional. Default responses to system prompts are enclosed in square brackets.
Brocade resources Visit the Brocade website to locate related documentation for your product and additional Brocade resources. You can download additional publications supporting your product at www.brocade.com . Select the Brocade Products tab to locate your product, then click the Brocade product name or image to open the individual product page.
• Brocade Supplemental Support augments your existing OEM support contract, providing direct access to Brocade expertise. For more information, contact Brocade or your OEM. • For questions regarding service levels and response times, contact your OEM/Solution Provider.
About This Document ● Supported hardware and software.................................................................................. 11 ● What’s new in this document.............................................................................
Changes made for Fabric OS 7.3.0a The following content is new or significantly revised from 53-1003126-01 for this release of this document: • Updated Key terms for Access Gateway on page 12. Key terms for Access Gateway For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary at: http://www.
NPIV N_Port ID Virtualization. This is a Fibre Channel facility allowing multiple N_Port IDs to share a single physical N_Port. This allows multiple Fibre Channel initiators to occupy a single physical port, easing hardware requirements in storage area network design, especially for virtual SANs.
Key terms for Access Gateway 14 Access Gateway Administrator's Guide 53-1003126-02.
Access Gateway Basic Concepts ● Brocade Access Gateway overview ............................................................................... 15 ● Fabric OS features in Access Gateway mode.........................................................
FIGURE 1 Switch function in Native mode Access Gateway Basic Concepts 16 Access Gateway Administrator's Guide 53-1003126-02.
FIGURE 2 Switch function in Access Gateway mode Fabric OS features in Access Gateway mode In the table below, "Yes" indicates that the feature is supported in Access Gateway mode. "No" indicates that the feature is not provided in AG mode.
Fabric OS components supported on Access Gateway (Continued) TABLE 1 Feature Support Admin Domains No Audit Yes Beaconing Yes Bottleneck Detection Yes Buffer Credit Recovery (CR) Yes - Refer to Buffer credit recovery support on page 20 . Config Download/Upload Yes Device Authentication Yes Refer to Device authentication support on page 21.
Fabric OS components supported on Access Gateway (Continued) TABLE 1 Feature Support FICON (includes CUP) No Forward Error Correction (FEC) Yes Refer to Forward error correction support on page 20.
Fabric OS components supported on Access Gateway (Continued) TABLE 1 Feature Support Syslog Daemon Yes Track Changes Yes Trunking Yes** User-Defined Roles Yes Value Line Options (Static POD, DPOD) Yes Virtual Fabrics No Refer to Virtual Fabrics support on page 21 .
• A Fabric OS downgrade requires FEC to be disabled. • Specific switch platforms support this feature either in R_RDY or VC_RDY mode. Virtual Fabrics support Although you cannot enable AG mode on a switch enabled for Virtual Fabrics or enable Virtual Fabrics on an AG switch, you can connect ports on an AG switch to Virtual Fabrics.
To perform authentication with switch policy, the on and off policy modes are supported on the AG switch. To perform authentication with device policy, the on, off, and passive modes are supported on the AG switch.
For more information, refer to the Fabric OS Command Reference . Limitations and considerations • Authentication policy is not supported on cascaded AG switch configurations. • Authentication is not supported between an AG switch running Fabric OS v7.
• VF mode distribution is not applicable to an AG. • The distribute command is not supported in AG mode. Hence, an AG cannot distribute its password database to any of the switches in native mode.
FIGURE 3 Port usage comparison You can convert a Fibre Channel port into a D_Port on AG switch and a connected fabric switch, another AG switch (cascaded configuration), or an HBA to test the link between the ports.
FIGURE 4 Diagnostic port configurations The table below shows a comparison of port configurations between AG and a standard fabric switch. Port configurations TABLE 4 Port type Available on Access Gateway? Available on Fabric switch? F_Port Yes Connects hosts and targets to Access Gateway.
Configuring Ports in Access Gateway Mode ● Enabling and disabling Access Gateway mode.............................................................. 27 ● Access Gateway mapping........................................................................
9. Enter the switchShow command to display the status and port state of all ports. Refer to the Fabric OS Command Reference for examples of output. For a description of the port state, refer to Table 5 on page 28.
Access Gateway mapping When operating in AG mode, you must specify pre-provisioned routes that AG will use to direct traffic from the devices (hosts or targets) on its F_Ports to the ports connected to the fabric using its N_Ports. This is unlike Native switch mode where the switch itself determines the best path between its F_Ports.
FIGURE 5 Port mapping example The following table describes the port mapping details for the above example. Description of port mapping TABLE 6 Access Gateway Fabric F_Port N_Port Edge switch F_Port F.
NOTE Prior to Fabric OS 7.3.0, all POD licenses must be present to use the Brocade 300, 5100, 6505, and 6510 as an Access Gateway. However, Fabric OS 7.
Access Gateway default port mapping (Continued) TABLE 7 Brocade Model Total Ports F_Ports N_Ports Default port mapping M5424 24 1–16 0, 17–23 1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 .
Access Gateway default port mapping (Continued) TABLE 7 Brocade Model Total Ports F_Ports N_Ports Default port mapping 5460 26 6–25 0–5 6, 16 mapped to 0 7, 17 mapped to 1 8, 12, 18, and 22 mapped.
Access Gateway default port mapping (Continued) TABLE 7 Brocade Model Total Ports F_Ports N_Ports Default port mapping M6505 24 1–16 0, 17–23 1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 .
Access Gateway default port mapping (Continued) TABLE 7 Brocade Model Total Ports F_Ports N_Ports Default port mapping 6548 28 1–16 0, 17–27 1, 13 mapped to 0 2, 14 mapped to 17 3, 15 mapped to 18.
The F_Port list can contain multiple F_Port numbers separated by semicolons. In the following example, F_Ports 6 and 7 are mapped to N_Port 13. switch:admin> ag --mapadd 13 "6;7" F-Port to N-Port mapping has been updated successfully 3. Enter the ag --mapshow command and specify the port number to display the list of mapped F_Ports.
Considerations for using F_Port Static Mapping with other AG features and policies Consider the following when using F_Port Static Mapping with Access Gateway features and policies: • F_Port Static Mapping functions with cascaded Access Gateway configurations.
• Logins from a device mapped to a specific N_Port or N_Port group (device mapping) always have priority over unmapped devices that log in to an F_Port that has been mapped to the same N_Port or N_Port group (port mapping).
FIGURE 6 Example of device mapping to N_Port groups The figure below shows an example of device mapping to specific N_Ports. Note that you can map one or multiple WWNs to one N_Port to allow multiple devices to log in through one N_Port.
FIGURE 7 Example device mapping to an N_Port Static versus dynamic mapping Device mapping can be classified as either "static" or "dynamic" as follows: Static versus dynamic mappin.
• Device mapping to an N_Port and to an N_Port group are considered static. Static mappings persists across reboots and can be saved and restored with Fabric OS configUpload and configDownload commands. • Automatic Device Load Balancing, if enabled, is considered dynamic.
The following example removes all devices mapped to port group 3. ag --delwwnpgmapping 3 --all 6. Enter the ag --wwnmapshow command to display the list of WWNs mapped to port groups and verify that the correct devices have been mapped to the desired port group.
The following example disables device mapping for two WWNs. switch:admin> ag --wwnmappingdisable "10:00:00:06:2b:0f:71:0c; 10:00:00:05:1e:5e: 2c:11" 3. Enter the ag--wwnmappingdisable command with the --all option to disable mapping for all available WWNs.
error. This also applies to using Fabric OS commands for device mapping. You could also map several devices to a new port group and then create the group without error.
Mapping priority To avoid potential problems when both port and device mapping are implemented, AG uses the following priority system when verifying policies to select the N_Port where a fabric login (FLOGI) is routed. Access Gateway considers all available mappings in the following order until one can be used.
N_Port configurations By default, on embedded switches, only the internal ports of Access Gateway are configured as F_Ports. All external ports are configured (locked) as N_Ports. On standalone switches with AG support, a preset number of ports are locked as N_Ports, and the rest of the ports operate as standard F_Ports.
Displaying N_Port configurations Use the following steps to determine which ports on a switch are locked as N_Ports. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portcfgnport command. Command output will display "ON" for locked N_Ports.
D_Port support The Diagnostic (D_Port) feature is supported on 16-Gbps ports in the following configurations: • An AG switch connected to an AG switch in cascaded configuration (supports only static D_Port). • An AG switch connected to a Brocade fabric switch (supports only static D_Port).
• D__Port must be configured on the AG, fabric switch, cascaded AG switch, or HBA before enabling D_Ports on both sides of the link. Otherwise, the port will be persistently disabled. • After configuring D_Port for an AG switch port, mapping will be not be retained.
Saving port mappings 50 Access Gateway Administrator's Guide 53-1003126-02.
Managing Policies and Features in Access Gateway Mode ● Access Gateway policies overview................................................................................. 51 ● Advanced Device Security policy ........................................
Policy enforcement matrix (Continued) TABLE 8 Policies Auto Port Configuration N_Port Grouping N_Port Trunking Advanced Device Security N_Port Grouping Mutually exclusive N/A Yes Yes N_Port Trunking Y.
1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --policyenable ads command to enable the ADS policy. switch:admin> ag --policyenable ads The policy ADS is enabled 3. Enter the ag - - policydisable ads command to disable the ADS policy.
Setting the list of devices not allowed to log in 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsset command with the appropriate options to set the list of devices not allowed to log in to specific ports.
Displaying the list of allowed devices on the switch 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsshow command. For each F_Port, command output will show access for all devices, a list of device WWNs, or no access.
3. Enter the configUpload command to save the switch’s current configuration. 4. Enter the ag --policydisable pg command to disable the Port Grouping (PG) policy. 5. Enter the ag --policyenable auto command to enable the APC policy. 6. At the command prompt, type Y to enable the policy.
How port groups work Create port groups using the ag --pgcreate command. This command groups N_Ports together as "port groups." By default, any F_Ports mapped to the N_Ports belonging to a port group will become members of that port group. Port grouping fundamentally restricts failover of F_Ports to the N_Ports that belong to that group.
FIGURE 10 Port group 1 (PG1) setup Adding an N_Port to a port group 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgadd command with the appropriate options to add an N_Port to a specific port group.
Renaming a port group 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgrename command with the appropriate options to rename a port group. In the following example, port group 2 is renamed to MyEvenFabric.
other than 120 seconds using the steps under Setting the current MFNM mode timeout value on page 61. Creating a port group and enabling Automatic Login Balancing mode 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgcreate command with the appropriate options to create a port group.
• Be aware that modifying Automatic Login Balancing mode default settings using the agautomapbalance command may yield uneven distribution of F_Ports to N_Ports. In such cases, you might consider a manual login distribution that forces a rebalancing of F_Ports to N_Ports.
• APC policy and PG policy are mutually exclusive. You cannot enable these policies at the same time. • If an N_Port is added to a port group or deleted from a port group and Automatic Login Balancing mode is enabled or disabled for the port group, the N_Port maintains its original failover or failback setting.
3. The Port Grouping policy must be enabled to enable Device Load Balancing. Enter the ag -- policyshow command to determine if the Port Grouping policy is enabled. If it is not enabled, enter ag --policyenable pg to enable this policy. 4. Enter the ag --policyenable wwnloadbalance command to enable the Device Load Balancing policy.
• In "Flexible" mode, the AG logs an event that it did not receive the same (requested) ALPA from the core fabric and brings up the device with the ALPA assigned by the fabric. • In the "Stringent" mode, if the requested ALPA is not available, the server login will be rejected and the server port cannot log in to the fabric.
In the example, PWWN is the port that you want to remove from the database. Displaying device data You can view the ALPA of the host related to any ports you delete from the database. 1. Connect to the switch and log in using an account assigned to the admin role.
N_Port goes offline. This occurs regardless of whether the Failover policy is enabled or disabled for the primary N_Port. Failover with port mapping The Failover policy allows F_Ports to automatically remap to an online N_Port if the primary N_Port goes offline.
FIGURE 11 Failover behavior Managing Policies and Features in Access Gateway Mode Access Gateway Administrator's Guide 67 53-1003126-02.
Managing Policies and Features in Access Gateway Mode 68 Access Gateway Administrator's Guide 53-1003126-02.
Adding a preferred secondary N_Port (optional) F_Ports automatically fail over to any available N_Port. Alternatively, you can specify a preferred secondary N_Port in case the primary N_Port fails. If the primary N_Port goes offline, the F_Ports fail over to the preferred secondary N_Port (if it is online), then re-enable.
Adding a preferred secondary N_Port for device mapping (optional) Use the following steps to configure a secondary N_Port where devices will connect if their first or primary N_Port, if defined, is unavailable. 1. Connect to the switch and log in using an account assigned to the admin role.
3. Enter the ag --failoverenable N_Port command to enable failover. switch:admin> ag --failoverenable 13 Failover policy is enabled for port 13 4. Enter the ag --failoverdisable N_Port command to disable failover.
Failback policy configurations in Access Gateway The following sequence describes how a failback event occurs: • When an N_Port comes back online, with the Failback policy enabled, the F_Ports that were originally mapped to it are temporarily disabled.
FIGURE 12 Failback behavior Enabling and disabling the Failback policy on an N_Port Use the following steps to enable or disable the Failback policy on N_Ports. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --failbackshow n_portnumber command to display the failback setting.
• Enter the ag --failbackenable n_portnumber command to enable failback. switch:admin> ag --failbackenable 13 Failback policy is enabled for port 13 • Enter the ag --failbackdisable n_portnumber command to disable failback.
Trunking in Access Gateway mode The hardware-based Port Trunking feature enhances management, performance, and reliability of Access Gateway N_Ports when they are connected to Brocade fabrics. Port trunking combines multiple links between the switch and AG module to form a single, logical port.
Trunk group creation Port trunking is enabled between two separate Fabric OS switches that support trunking and where all the ports on each switch reside in the same quad and are running the same speed.
You can remove specified ports from a TA using the porttrunkarea --disable command, however, this command does not unassign a TA if its previously assigned Area_ID is the same address identifier (Area_ID) of the TA unless all the ports in the trunk group are specified to be unassigned.
command forms a trunk group for ports 36-39 with index 37. These will be connected to N_Ports on an AG module. switch:admin> porttrunkarea --enable 36-39 -index 37 Trunk area 37 enabled for ports 36, 37, 38 and 39. 4. Enter the portenable port command for each port in the TA to re-enable the desired ports, such as ports 36-39.
Access Gateway trunking considerations for the Edge switch (Continued) TABLE 10 Category Description Management Server Registered Node ID (RNID), Link Incident Record Registration (LIRR), and Query Security Attributes (QSA) Extended Link Service Requests (ELSs) are not supported on F_Port trunks.
Access Gateway trunking considerations for the Edge switch (Continued) TABLE 10 Category Description FC8-48 blades F_Port trunking does not support shared area ports on the Brocade FC8-48 blades in a 48000. F_Port trunking is supported on all ports on the Brocade FC8-48 in the DCX and DCX-4S.
Access Gateway trunking considerations for the Edge switch (Continued) TABLE 10 Category Description D,I Zoning (D,I) AD (D, I) DCC and (PWWN, I) DCC Creating a Trunk Area may remove the Index ("I") from the switch to be grouped to the Trunk Area.
Adaptive Networking on Access Gateway Adaptive Networking (AN) services ensure bandwidth for critical servers, virtual servers, or applications in addition to reducing latency and minimizing congestion. Adaptive Networking in Access Gateway works in conjunction with the Quality of Service (QoS) feature on Brocade fabrics.
FIGURE 13 Starting point for QoS Upgrade and downgrade considerations for Adaptive Networking in AG mode Upgrading to Fabric OS v7.1.0 from Fabric OS v6.4.0 is supported. Note the following considerations when upgrading to Fabric OS v7.1.0 from Fabric OS v6.
• QoS takes precedence over ingress rate limiting • Ingress rate limiting is not enforced on trunked ports. Per-Port NPIV login limit The Per-Port NPIV login limit feature allows you to set a specific maximum NPIV login limit on individual ports. This feature works in both Native and Access Gateway modes.
device logged in. The first login takes precedence over the second login request in case of a duplicate entry exit on the F_Port without any NPIV device logged in. You can configure different handling of duplicate PWWNs other than the default operation using the configure command through the F_Port login parameters.
Legacy performance monitoring features Instead of Flow Monitor, you can use the legacy end-to-end and frame monitoring features available through Advanced Performance Monitoring (APM). These legacy features are available on platforms using Fabric OS 7.
frame type, for a particular purpose. The frame type can be a standard type (for example, an SCSI read command filter that counts the number of SCSI read commands that have been transmitted by the port) or a frame type that you can customize for a particular use.
Considerations for the Brocade 6505 and 6510 The Brocade 6505 and 6510 can function in either Fabric OS Native mode or Brocade Access Gateway mode. These switches are shipped in Fabric OS Native mode. They are also supported in Access Gateway cascaded configurations.
SAN Configuration with Access Gateway ● Connectivity of multiple devices overview....................................................................... 89 ● Direct target attachment.................................................................
FIGURE 14 Direct target attachment to switch operating in AG mode Although target devices can be connected directly to AG ports, it is recommended that the switch operating in AG mode be connected to the core fabric.
Target aggregation Access Gateway mode is normally used as host aggregation. In other words, a switch in AG mode aggregates traffic from a number of host systems onto a single uplink N_Port. Similarly, many targets can be aggregated onto to a single uplink N_Port, as shown in the figure below.
Access Gateway cascading Access Gateway cascading is an advanced configuration supported in Access Gateway mode. Access Gateway cascading allows you to further increase the ratio of hosts to fabric ports to beyond what a single switch in AG mode can support.
• Due to high subscription ratios that could occur when cascading AGs, ensure there is enough bandwidth for all servers when creating such configurations. The subscription ratio becomes more acute in a virtual environment. • Starting with Fabric OS 7.
If the switch is in Native mode, you can enable AG mode; otherwise, set the switch to Native mode, and then reboot the switch. Enabling NPIV on M-EOS switches 1. Connect to the switch and log in as admin on the M-EOS switch. 2. Enable Open Systems Management Server (OSMS) services by entering the following commands.
Rejoining Fabric OS switches to a fabric When a switch reboots after AG mode is disabled, the Default zone is set to no access. Therefore, the switch does not immediately join the fabric to which it is connected.
Reverting to a previous configuration 96 Access Gateway Administrator's Guide 53-1003126-02.
Troubleshooting The following table provides troubleshooting information for Fabric OS switches in AG mode. Troubleshooting TABLE 12 Problem Cause Solution Switch is not in Access Gateway mode Switch is in Native switch mode Disable switch using the switchDisable command.
Troubleshooting (Continued) TABLE 12 Problem Cause Solution Failover is not working Failover disabled on N_Port. Verify that the failover and failback policies are enabled, as follows: Enter the ag --failoverShow command with the port_number option. Enter the ag --failbackShow command with the port_number option.
Index A Access Gateway cascading 92 comparison to standard switches 24 compatible fabrics 15 connecting devices 89 connecting two AGs 92 description 15 displaying information 94 features 17 limitation.
enabling switch 95 limitations with configdownload command 78 merging switch with fabric 95 re-joining switch to fabric 95 saving 95 using configdownload command 95 D D_Port description 24 description.
I ICL ports, limitations 78 inband queries 93 initiator and target port considerations 35 J join fabric 95 L limitations device load balancing 63 direct connections to target devices 26 loop devices n.
comparison 24 mapping 29 requirements 89 types 24 portcfgpersistentenable command 47 port group add N_Port 58 createport group add N_Port 60 delete N_Port 58 disabling 59 enabling logging balancing mo.
schemes 93 setting 95 Access Gateway Administrator's Guide 103 53-1003126-02.
104 Access Gateway Administrator's Guide 53-1003126-02.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté Brocade Communications Systems 53-1003126-02 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Brocade Communications Systems 53-1003126-02 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Brocade Communications Systems 53-1003126-02, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Brocade Communications Systems 53-1003126-02 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Brocade Communications Systems 53-1003126-02, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Brocade Communications Systems 53-1003126-02.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Brocade Communications Systems 53-1003126-02. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Brocade Communications Systems 53-1003126-02 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.
