Access Gateway Administrator’s Guide Supporting Fabric OS v5.2.
Copyright © 2007, Brocade Communications Systems, Incorporated. ALL RIGHTS RESERVED. Brocade, the Brocade B weave logo, Fabric OS, File Lifecycle Manager, MyView, Secure Fabric OS, SilkWorm, and StorageX are registered trademarks and Tapestry is a trademark of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners.
Contents About This Document Chapter 1 Chapter 2 Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 How this document is organized. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Notes, cautions, and warnings . .
Chapter 3 Chapter 4 Enabling Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Using Web Tools to enable Access Gateway mode . . . . . . . . . . . . . . . . . 2-2 Using the CLI to enable Access Gateway mode. . . . . . . . . . . . . . . . . . . . 2-4 Disabling Access Gateway Mode Before you begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Backing up the switch configuration . . . . . . . . . . . . . . .
Access Gateway system messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
vi Access Gateway Administrator’s Guide Publication Number: 53-1000430-01
About This Document This document is a procedural guide to help SAN administrators configure and manage Brocade Access Gateway. Supported hardware and software This document is specific to Fabric OS v5.2.1 or higher running on the Brocade SilkWorm 4012, 4016, 4020, and 4024 embedded switches. When procedures or parts of procedures documented here apply to some switches but not to others, this guide identifies which switches are supported and which are not.
Document conventions This section describes text formatting conventions and important notices formats.
Key terms For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary at: http://www.snia.org/education/dictionary. For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary. The following terms are used in this manual to describe Access Gateway mode and its components. Access Gateway (AG) Fabric OS mode for embedded switches that reduces SAN (storage area network) deployment complexity by leveraging NPIV (N_Port ID virtualization).
• • • • Fabric OS MIB Reference Fabric OS Message Reference Web Tools Administrator’s Guide Brocade Glossary The following documentation is available for SilkWorm embedded switches: • • • • SilkWorm 4016 Hardware Reference Manual SilkWorm 4016 QuickStart Guide SilkWorm 4020 Hardware Reference Manual SilkWorm 4020 QuickStart Guide For practical discussions about SAN design, implementation, and maintenance, you can obtain Building SANs with Brocade Fabric Switches through: http://www.amazon.
Getting technical help Contact your switch support supplier for hardware, firmware, and software support, including product repairs and part ordering. To expedite your call, have the following information available: 1. General Information • • • • • • • • • 2.
3. World Wide Name (WWN) • Brocade 5000, SilkWorm 200E, 3014, 3016, 3250, 3800, 3850, 3900, 4012, 4018, 4020, 4024, 4100, 4900, and 7500 switches and SilkWorm 24000, and 48000 directors: Provide the license ID. Use the licenseIdShow command to display the license ID. • SilkWorm Multiprotocol Router Model AP7420: Provide the switch WWN. Use the switchShow command to display the switch WWN. • All other SilkWorm switches: Provide the switch WWN. Use the wwn command to display the switch WWN.
Chapter Introduction to the Brocade Access Gateway 1 This chapter describes the functions of Brocade Access Gateway. The SilkWorm 4012, 4016, 4020, and 4024 embedded switches running Fabric OS v5.2.1 or higher support Access Gateway (AG).
1 Access Gateway port types The following figure compares a configuration that connects eight hosts to the fabric using Brocade Access Gateway to the same configuration with standard fabric switches.
Access Gateway port types 1 Comparing FC port configurations Brocade Access Gateway multiplexes host connections to the fabric. It presents an F_Port to the host and an N_Port to an edge fabric switch. Using N_Port ID virtualization (NPIV), Brocade Access Gateway allows multiple FC initiators to access the SAN on the same physical port. This reduces the hardware requirements and management overhead of hosts to the SAN connections.
1 Port mapping Port mapping Brocade Access Gateway uses mapping—that is, pre-provisioned routes—to direct traffic from the hosts to the fabric. When you first enable Access Gateway mode, the F_Ports are mapped to a set of predefined N_Ports, see Appendix A, “Default Port Mapping”. After the initial setup, you can manually change the mapping if required. Figure 1-3 shows a mapping with eight F_Ports evenly mapped to four N_Ports on Brocade Access Gateway.
Port initialization 1 Port initialization To ensure that all hosts are brought online when Brocade Access Gateway starts up, the ports are initialized in the following manner: 1. All N_Ports are initialized. During N_Port initialization all the F_Ports are disabled (kept OFFLINE). The ports are enabled or disabled as follows: • Enabled (online) if the port receives a fabric login event and is connected to an F_Port of an edge switch that supports NPIV (N_Port ID virtualization).
1 Failover policy Failover policy The Brocade Access Gateway N_Port failover policy allows hosts to automatically remap to an online N_Port if the N_Port they are connected to goes offline. The failover policy evenly distributes the F_Ports that are mapped to an offline N_Port among all the online N_Ports. The failover policy is a parameter of each N_Port. By default, the failover policy is enabled for all N_Ports. The following sequence describes how a failover event occurs: 1. An N_Port goes offline.
1 Failback policy The ports mapped to N_2 (F_1, F_3, and F_4) failover to N_3 and N_4. Note that the F_Ports are evenly distributed to the remaining online N_Ports and that the F_2 did not participate in the failover event.
1 Failback policy 3. The host establishes a new connection with the fabric. Example: Failback Policy In Example 3, the Brocade Access Gateway N_1 remains disabled because the corresponding F_A1 port is offline. However N_2 comes back online. (See Figure 1-5 for the original failover scenario.) The ports mapped to N_1 (F_1 and F_2) continue to be routed to N_3; the ports originally mapped to N_2 (F_3 and F_4) are disabled, rerouted to N_2, and then enabled.
Chapter Configuring Access Gateway 2 This chapter describes the initial set up required to deploy Brocade Access Gateway. Note Install and configure the switch as described in the switch’s Hardware Reference Manual before performing these procedures.
2 Enabling Access Gateway mode Enabling Access Gateway mode This sections explains how to change the switch mode from Fabric OS native mode to Access Gateway mode. Converting a switch to a Brocade Access Gateway allows you to use the switch as a device management tool that transparently connects hosts to the fabric.
Enabling Access Gateway mode 2 The Switch Admin module displays as shown below. Note To save the switch configuration, go to the Configure > Upload/Download subtab and upload the configuration file before proceeding with the next step. 3. Click the Disable radio button in the Switch Status section. 4. Click the Enable radio button in the Access Gateway Mode section. 5. Click Apply. 6. Click Yes to restart the switch in Access Gateway mode.
2 Enabling Access Gateway mode Using the CLI to enable Access Gateway mode Enabling Access Gateway mode is a disruptive process; the switch is disabled and rebooted. Once you enable Access Gateway mode, only a limited subset of Fabric OS commands are available and all fabric-related service requests are forwarded to the fabric switches. See Appendix D, “Access Gateway Commands and Messages”.
Enabling Access Gateway mode 2 To enable Access Gateway mode from the CLI 1. Connect and log in to the switch. 2. Enter the switchShow command to display the current switch configuration. The example below shows a switch in the Fabric OS Native mode (where switchMode equals Native). switch:admin> switchshow switchName: switch switchType: 43.
2 Enabling Access Gateway mode 5. Enter the ag --modeShow command to verify that Access Gateway mode has been enabled. switch:admin> ag --modeshow Access Gateway mode is enabled. 6. Enter the ag --mapShow command without any options to display all the mapped ports. The following example shows a mapping that has been reconfigured, three N_Ports 17, 19 and 20 have no mappings and are not connected to the fabric.
Chapter Disabling Access Gateway Mode 3 This chapter describes how to disable Access Gateway mode. Disabling Access Gateway mode is disruptive; the switch is disabled and rebooted.
3 Before you begin Before you begin Always back up the current configuration before enabling or disabling Access Gateway mode. Enabling Access Gateway mode clears the security and zone databases. Disabling Access Gateway mode clears the F_Port to N_Port mapping. Backing up the switch configuration If the switch was configured as a fabric switch, save the configuration before setting up the switch in Access Gateway mode. To back up a configuration file using Web Tools 1. Launch the Switch Admin module.
Disabling Access Gateway mode 3 Disabling Access Gateway mode Access Gateway mode transforms the switch into a device management tool. After Access Gateway mode is disabled, the switch starts in Fabric OS Native mode, and the standard set of Fabric OS commands are available.
3 Disabling Access Gateway mode Using the CLI to disable Access Gateway mode After you disable Access Gateway mode, use the instructions in the Fabric OS Administrator’s Guide to reconfigure the switch and join it to the fabric. Note Disabling Access Gateway mode clears the current Access Gateway mode configuration and reboots the switch. To disable Access Gateway mode 1. Connect and log in to the switch. 2. Enter the ag --modeshow command to verify that the switch is in Access Gateway mode.
Notes on joining the switch to a fabric 3 Notes on joining the switch to a fabric After the switch reboots when Access Gateway mode is disabled, the default zone is set to no access. Therefore the switch does not imediately join the fabric to which it is connected. Use one of the following methods to join the switch to the fabric: • If you saved a Fabric OS configuration before enbling AG mode, download the configuration using the configDownload command.
3 3-6 Notes on joining the switch to a fabric Access Gateway Administrator’s Guide Publication Number: 53-1000430-01
Chapter Managing Ports in Access Gateway mode 4 This chapter explains how to use the CLI to manage the ports on Brocade Access Gateway. Note The Access Gateway port management functions are not available from Web Tools.
4 Determining the mapping and port status Determining the mapping and port status This section explains how to display the current mapping and port status. Displaying the port mapping This section explains how to display the mapped routes of the host connections to the fabric on Brocade Access Gateway. F_Ports are mapped to N_Ports. See the Fabric OS Command Reference for more details on using the ag command with the --mapshow operand. To display all mappings 1. Connect and log in to the switch. 2.
Determining the mapping and port status 4 To display an N_Port map 1. Connect and log in to the switch. 2. Enter the ag --mapshow command and specify the port number to display the N_Port failover and failback policies and the mapped F_Ports. N_Port Number of the port. Failover Indicates whether or not the failover policy is enabled (1) or disabled (0) on the N_Port. Failback Indicates whether or not the failback policy is enabled (1) or disabled (0) on the N_Port.
4 Configuring port maps To display the port status 1. Connect and log in to the switch. 2. Enter the switchShow command without any options to display the status of all ports. switch:admin> switchshow switchName: switch switchType: 43.
Configuring port maps 4 Adding F_Ports Adding an F_Port to an N_Ports routes that traffic to and from the fabric through the specified N_Port. When failover is enabled and the N_Port goes offline or otherwise fails, the F_Port is automatically routed to another N_Port that is connected to the same fabric. An F_Port can be assigned to only one N_Port at a time. If the F_Port has been assigned to an another N_Port, you must remove it from the N_Port before you can add it in this procedure.
4 Configuring port maps Where the f_portlist can contain multiple F_Port numbers separated by semicolons, for example “17;18”. switch:admin> ag --mapadd 13 6 F-Port to N-Port mapping has been updated successfully 4. Enter the ag --mapshow command with the n_portnumber operand to display a list of mapped F_Ports. Verify that the F_Ports you added appear in the list.
Managing the failover and failback policies 4 Managing the failover and failback policies The failover and failback policies determine the behavior of the F_Port if the N_Port they are mapped to goes OFFLINE or is disabled. By default, the failover policy is enabled and the failback policy is enabled. This section explains how to change the policy settings. Both the failover and failback processes are disruptive.
4 Managing the failover and failback policies Enabling the failback policy A switch in Access Gateway mode supports automatic F_Port failback to N_Ports when that port comes back online. By default the failback policy is enabled. When an N_Port with an enabled failback policy comes back online, the F_Ports that were originally mapped to it are automatically rerouted back to the N_Port. To enable failback 1. Connect and log in to the switch. 2.
Configuring additional F_Ports 4 Configuring additional F_Ports By default, only the internal ports of Brocade Access Gateway are configured as F_Ports. All external ports are configured (locked) as N_Ports. The internal ports connect hosts in the bladed server and external ports connect to the fabric. To connect an additional FCP initiator to an external port, reconfigure an N_Port as an F_Port as follows: 1. Remap any F_Ports on the N_Port that is being converted. See “Adding F_Ports” on page 4-5. 2.
4 Configuring additional F_Ports Unlocking N_Port mode By default, all external ports on Brocade Access Gateway are locked in N_Port mode. Access Gateway supports only two types of ports, N_Ports and F_Ports, because it connects only FCP initiators to the fabric. It does not support other types of ports, such as ISL (InterSwitch Link) ports. The port types on a fabric switch are not locked.
Appendix Default Port Mapping A The following table shows the default F_Port to N_Port maps that are automatically configured when Access Gateway mode is enabled. All N_Ports have failover enabled and failback disabled.
A A-2 Default Port Mapping Access Gateway Administrator’s Guide Publication Number: 53-1000430-01
Appendix Compatibility B In Access Gateway mode, the switch can connect to a fabric that supports NPIV. An Access Gateway can be connected to more than one fabric. Fabric OS supports NPIV in v5.0.1 and later. This section describes the supported Access Gateway configurations.
B B-2 Compatibility Access Gateway Administrator’s Guide Publication Number: 53-1000430-01
Appendix Troubleshooting C This appendix provides trouble shooting instructions. Table C-1 Troubleshooting Problem Cause Switch is not in Switch is in Native switch mode Access Gateway mode Solution 1. Disable switch using the switchDisable command. 2. Enable Access Gateway mode using the ag --modeenable command. Answer yes when prompted; the switch reboots.
C Troubleshooting Table C-1 Troubleshooting (Continued) Problem Cause Solution LUNs are not visible 1. Zoning on fabric switch is incorrect. Verify zoning on the edge switch. 2. Port mapping on Access Gateway mode switch is incorrect. 3. Failover is not working Verify that F_Ports are mapped to an online N_Port. See “Displaying the port status” on page 4-3. Perform a visual inspection of the cabling, check for issues such as wrong ports, etc. Cabling not properly connected.
Appendix Access Gateway Commands and Messages D This appendix contains the commands and messages that are new for Access Gateway mode in the Fabric OS v5.2.1 release. This appendix uses the same conventions as the Fabric OS Command References.
D Access Gateway commands Access Gateway commands ag Enables and manages Access Gateway mode to perform AG specific operations.
ag D --mapadd Adds F_Ports to existing N_Port. The traffic for the configured F_Ports to be routed to the fabric through the specified N_Port when the F_Port comes online. An F_Port can be mapped to only one N_Port. Specify the N_Port number to which the F_Ports are to be mapped. This command overwrites the existing mapping for the N_Port. Specify the list of F_Port numbers to add to the existing specified F_Port to N_Port mapping. The F_Port numbers must be separated my semicolons.
D ag Examples To display Access Gateway information: switch:admin> ag --show Name : switch NodeName : 10:00:00:05:1e:35:10:57 Number of Ports : 16 IP Address(es) : 10.115.74.54 Firmware Version : v5.2.1.v5.2.x_maint_061106_2 N_Ports : 3 F_Ports : 8 Attached N_Port information: Port PortID PortWWN FO FB IP Addr F_Ports --------------------------------------------------------------------2 0x020600 20:06:00:05:1e:34:15:c6 1 1 10.115.74.200 0;1; 3 0x020500 20:05:00:05:1e:34:15:c6 1 1 10.115.74.
Access Gateway system messages D Access Gateway system messages AG-1001 Message , [AG-1001], ,, ERROR, , N_Port is connected to a fabric port that does not support NPIV Probable Cause Recommended Action Severity Indicates that the fabric port to which Access Gateway is connected does not support NPIV. Enable NPIV on the port connected to the Access Gateway using the portCfgNpivPort command on the fabric switch.
D AG-1004 Severity WARNING AG-1004 Message , [AG-1004], ,, ERROR, , Invalid response to fabric login (FLOGI) request from the fabric for N_Port . Probable Cause Recommended Action Severity Indicates that fabric sent an invalid response to FLOGI ELS of the specified N_Port. Verify the fabric switch's configuration.
AG-1007 D Check GBIC and other connecting cables and re-enable the F_Port using the portEnable command. Severity WARNING AG-1007 Message , [AG-1007], ,, WARNING, , FLOGI response not received for the N_Port connected to fabric Probable Cause Recommended Action Severity Indicates the N_Port which is connected to the fabric switch is not online. The N_Port has been disabled. Check the connectivity between Access Gateway N_Port and fabric switch port.
D AG-1010 If the message persists, run supportFtp (as needed) to set up automatic FTP transfers; then run the supportSave command and contact your switch service provider. Severity WARNING AG-1010 Message , [AG-1010], ,, WARNING, , PLOGI sent from N-Port failed Probable Cause Recommended Action Severity Indicates an internal problem with the Secure Fabric OS. Verify the configuration of the fabric switch..
AG-1013 Recommended Action Severity D Verify the configuration of the fabric switch.. If the message persists, run supportFtp (as needed) to set up automatic FTP transfers; then run the supportSave command and contact your switch service provider.
D D-10 AG-1014 Access Gateway Administrator’s Guide Publication Number: 53-1000430-01
Index A Access Gateway mode commands D-2 comparison 1-2 configuration 2-1 disable 3-1, 3-3, 3-4 enable 2-2, 2-4, 3-4 enable, CLI 2-5 enable, Web Tools 2-2 introduction 1-1 manage ports 4-1 messages D-5 overview 1-1 port types 1-2 switches B-1 terms i-3 ACL policies settings 2-1 B back up configuration 3-2 behavior failover policy 1-8 Brocade resources i-3 C code i-2 Access Gateway Administrator’s Guide Publication Number: 53-1000430-01 commands ag 3-4 ag --failbackDisable 4-8 ag --failbackEnable 4-8 a
D F disable Access Gateway mode failback policy 4-8 failover policy 4-7 N_Port 4-10 display mapping 4-2, 4-3 status, port 4-4 F_Port add to an N_Port 4-5 configuration 4-9 mapping, example 1-4 mapping, show 4-2 remove 4-6 settings, edge switch 2-1 status 4-3 fabric compatibility 2-1 inband queries 2-1 join 3-5 logins 2-1 Management Server Platform 2-1 merge switch 3-5 settings 2-1 zoning scheme 2-1 Fabric OS Management Server Platform Service settings 2-1 failback policy disable 4-8 enable 4-8 example 1-
M R mapping configuration 4-4 display 4-2, 4-3 example 1-4 ports 1-4 remove F_Port 4-6 show 4-2 requirements edge switch settings 2-1 fabric settings 2-1 ports B-1 resources i-3, i-4 S N N_Port disable 4-10 F_Port, add 4-5 F_Port, remove 4-6 failback, enable 4-8 failover policy, enable 4-7 lock 4-10 mapping 4-4 mapping example 1-4 remove F_Port 4-6 show map 4-2 status 4-3 unlock 4-9, 4-10 NPIV edge switch 2-1 switchMode Access Gateway mode Native 2-5 i-4 P policy failback, enable 4-8 failover, enable
Z zoning merge 3-5 schemes 2-1 setting 3-5 Index-4 Access Gateway Administrator’s Guide Publication Number: 53-1000430-01