With the introduction of the fully public switch, creating and managing large SANs is now easier than ever before. As John Vacca explains in his latest article, full fabric-based switches allow storage managers to maximize the effectiveness of currently installed private loop devices via switch zoning capabilities and naming conventions.
Hubs based on private, arbitrated loops were used to build early SANs. Although these early SANs had a theoretical maximum of 126 devices, the realistic maximum was much lower. Additionally, with many devices sharing a loop, performance often varied and troubleshooting was difficult at best.
With the introduction of the fully public switch, SAN fabrics can theoretically contain over 7.7 million nodes, and thanks to newer switch features -- particularly zoning -- creating and managing these large SANs is now easier than ever before. Best of all, full fabric-based switches allow storage managers to maximize the effectiveness of currently installed private loop devices.
SAN Switch Zoning
In order to allocate appropriate storage where it makes the most sense, switch zoning allows the SAN manager to partition the SAN into various groupings. A typical SAN switch (1Gb switch) normally supports four zone types:
- Hard zones
- Name server zones
- Broadcast zones
- Segmented loop zones
The preceding zone types give the SAN manager the flexibility to partition the SAN into logical groupings of devices that can share information. The information can be shared whether these devices use private or public fabric addressing schemes, thus maximizing the investment in the installed private loop devices.
Defining zones, or adding or changing devices within a zone of a SAN switch, is easily performed via SAN management software. The SAN manager can dynamically reconfigure the current fabric zone configuration to add or reallocate devices to existing or new zones to meet the growth needs of the company. All of this is accomplished by using a SAN Graphical User Interface (GUI).
Zoning can also be used to simplify a heterogeneous environment within the same switch fabric. By keeping these devices separated by zones to prevent conflicts between fabric devices, the SAN manager has the freedom to add any type of device to the fabric.
So named because it is programmed into the hardware, hard zoning is the most secure of any zone type in that it prevents communication from any device not in the same hard zone. Hard zones cannot overlap, and they require at least one dedicated Inter-Switch Link (ISL) for each zone that includes more than one switch. The dedicated ISL guarantees the I/O bandwidth in the hard zone. This gives the SAN manager the flexibility to balance bandwidth across all hard zones for maximum overall fabric performance. Designing hard zones for maximum performance eliminates the need to reconfigure the SAN zone when adjusting the workload and minimizing I/O bottlenecks.
A SAN switch supports a maximum of sixteen hard zones per SAN fabric. Each of these sixteen isolated hard zones can be further sub-divided into other zones via the name server, segmented loop, or broadcast zone features. This allows the SAN manager to create specific sub zones inside the hard zones. The combination of hard zones with other zone types enables the larger fabric to be carved into separate fabrics for specific uses. This maximizes switch port efficiency and reduces the number of switches required.
Name Server Zones
Name server zones are extremely flexible. They allow the SAN manager to create up to 256 named zones, using either switch ports or world wide names (WWN) to assign zones. Name server zones can overlap, and by providing load balancing for maximum data throughput under heavy workloads, all ISLs within a hard zone are available to all the name server zones. So, while there is no performance difference between a port-based name server zone and a WWN server zone, there are several reasons to choose one type over another, as discussed next.
Switch Ports Zone
The easiest way to physically map out all the devices onto a SAN is to define a name server zone that correlates with switch ports, since all devices are connected to a particular port on a specific switch. There are two instances when zones based on switch ports can create problems. First, switch port zones are relatively coarse -- all devices on the port must be included in the zone. Second, if a device is moved from one port to another, it may end up moving to a different zone. This problem is commonly found in cable or Gigabit Ethernet Interface Card (GBIC) replacements.
World Wide Names Zone
A more flexible solution is to define zones based on world wide names (WWN). With the world wide name server zone, a device is assigned to a zone according to its unique name. This gives the SAN manager total freedom to host or store the device anywhere within the SAN fabric. Regardless of the physical port that serves as its connection, a device assigned by WWN will stay in its assigned zone. This type of zoning also eases troubleshooting by allowing the SAN manager to move a device at a questionable port location to another port location to verify if the problem is with the port, the GBIC, or the cable, or if it follows the device to the other port without reconfiguring the zone.
The ability to troubleshoot down to the device level on a loop is a secondary advantage in using WWN zoning within a public fabric. For example, "just a bunch of disks" (JBODs) are often attached to a single port and are hard to troubleshoot if a single device misbehaves, especially if the loop appears as one device on a SAN. However, troubleshooting is much easier if the WWN registers problems at the device level. Additionally, the WWN naming feature can take advantage of Redundant Array of Inexpensive Disk (RAID) controllers that have the ability to present multiple Fibre Channel devices on a single arbitrated loop.
Unfortunately, there are some legacy devices currently installed that do not report a WWN to the name server. Obviously, switch port zoning is the only name server option available in these instances.
Broadcast zones are assigned to separate network traffic from that of Small Computer System Interface (SCSI), or storage traffic in a SAN environment, or a Transmission Control Protocol/Internet Protocol (TCP/IP). Broadcast zones can be set up to send broadcast messages only to those IP devices that need to receive them. By eliminating unnecessary message processing by host and storage connections that don't process IP traffic, broadcast zones reduce traffic on the fabric. Broadcast zones can be flexibly applied by creating up to 16 overlapping zones. Also, broadcast zones can overlap name server zones. However, they cannot overlap hard zones.
Segmented Loop Zoning
Segmented Loop Zoning (SLZ), on the other hand, enables private devices to be zoned much as if they were part of the public fabric. With the freedom to locate the ports in each zone on any switch in the fabric, the SAN manager can create up to 256 non-overlapping SLZs in a fabric. And with all ISLs shared between switches, these zones can extend across and up to six cascaded or mesh switches in a fabric.
Managing Truly Flexible SAN Fabric Designs
The real power of zoning lies in its ability to be used in a combination of zone types. Hard zones, the most secure of all zoning, allow the fabric to be partitioned into multiple, independent, virtual fabrics. The entire fabric is transparently treated as a single hard zone if no hard zones are defined.
Other zones can be overlapped within hard zones, which allows some ports to be dedicated to private legacy devices using SLZs. For efficient SAN utilization and ease of management, all other ports can be zoned using the port and WWN name server zones to allow all devices to be connected. Finally, in order to limit the impact of IP broadcasts on SCSI devices, broadcast zones can be used if IP traffic is present. All zone types can be configured on fabrics of any size, with no limitations as to which ports or devices in a fabric can be placed into a zone for maximum ease in growing large fabrics.
Combination Zoning Examples
A few real-world examples of the benefits of creating sub-zones within a hard zone include:
- Allowing private loop devices to share the same switch with public devices. Both private and public devices will operate independently using the same switch, thus reducing the number of switches necessary to build the fabric.
- Dedicating an ISL from one switch to another within a zone.
- Dedicating known I/O bandwidth within a zone.
- Overlapping specific port or WWN groups dynamically on the fly for data backup and then reconfiguring the zones to their original configuration.
- Limiting IP broadcasts to specific devices in multiple zones within the hard zone, and overlap those broadcast ports with name server zone ports to communicate to other devices in the SAN.
- Segregating specific company departments.
The New Hierarchy In Zoning
A new hierarchy within a zone set is defined by the latest American National Standards Institute (ANSI) standards.
The highest level of the zoning hierarchy is a zone set. Assigned zones are contained in the zone set, and assigned members are contained in the zones. Thus, in a single fabric, there can be several zone sets; however, only one zone set can be active at any one time. For example, in order to perform backup when moving a tape library from one server to another, multiple zone sets are especially helpful for dynamic reconfiguration of the SANs.
The administrator simply deactivates the old zone set and activates the new in order to change zone sets. While this can be done without bringing down the SAN, when I/O activity is present in the SAN, it should not be performed. Instead, when the SAN is idle, active zone sets should be changed.
Now called "members," zones are made up of a group of assigned devices (similar to an original SAN switch). Additionally, within the zone set, all device members assigned in the zone can belong to one or multiple zones. With multiple storage devices, this capability helps facilitate the sharing of backup devices.
Within a zone, members are simply devices. With a SAN switch, member devices can be assigned to a zone via the port number, Fibre Channel Address (FCA), or the world wide name (WWN). So, within a SAN, any member can be assigned to multiple zones.
According to the Fibre Channel third-generation generic services (FC-GS-3) standard, a hard zone is defined as "a zone that is enforced by the fabric, often as a hardware function. The fabric will forward frames among zone members within a hard zone. However, the fabric prohibits frames from being forwarded to members not within a hard zone."
Hard zoning is the most secure zoning type (as with a SAN switch). The fabric enforces the hard zones and will only forward frames among other hard zone members, as the hard zone device table is created and stored at the Application-Specific Integrated Circuit (ASIC) level of the switch. In addition, a SAN switch can also support a maximum of sixty-three (63) hard zones within a fabric. Furthermore, hard zones can overlap and contain both broadcast zones and name servers. All hard zone members are defined by port number/domain.
According to the FC-GS-3 standard, a soft zone "consists of zone members who are made visible to each other through client service requests. Typically, soft zones contain zone members that are visible to devices via the name server exposure of zone members. The fabric does not enforce a soft zone."
As with a SAN switch, name server zones are extremely flexible. Broadcast zones can be overlapped by name server zones. Also, all ISLs within a hard zone are available to the name server zones. Additionally, there's no maximum to the number of name server zones that can be created with a SAN switch. For example, the newest ANSI standards identify three member-address schemes that are used in name server zoning:
- Fibre Channel Address (FCA)
- World wide name (WWN)
Thus, each address member can coexist in the same zone.
Summary And Conclusions
SAN switch zoning capabilities and naming conventions help storage managers make informed decisions regarding their switch purchases. In order to easily create and manage SANs that include both private and public devices, Fibre Channel switches should be added to Storage Area Networks (SANs) to give storage managers tremendous flexibility. The switch's capability to create zones is the key to these highly flexible, manageable SANs or partitions within the total SAN fabric.
It is also important to understand how zoning is accomplished within the fabric as storage managers evaluate switches from various vendors. Fibre Channel switch vendors developed their own naming conventions and features prior to the Fibre Channel Switch Fabric second generation (FC-SW-2) specification. Now that the FC-SW-2 specification has been completed and approved, any switch that is fully FC-SW-2 compliant will coexist in a SAN fabric, regardless of the vendor.
John Vacca is an information technology consultant and internationally known author based in Pomeroy, Ohio. Since 1982, John has authored 39 books and more than 485 articles in the areas of advanced storage, computer security and aerospace technology. John was also a configuration management specialist, computer specialist, and the computer security official for NASA's space station program (Freedom) and the International Space Station Program, from 1988 until his early retirement from NASA in 1995. John was also one of the security consultants for the MGM movie titled : "AntiTrust," which was released on January 12, 2001. John can be reached on the Internet at firstname.lastname@example.org.