53-1003126-01 27 June 2014 Access Gateway Administrator's Guide Supporting Fabric OS v7.3.
© 2014, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, Brocade Assurance, ADX, AnyIO, DCX, Fabric OS, FastIron, HyperEdge, ICX, MLX, MyBrocade, NetIron, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and The Effortless Network and the On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and in other countries. Other brands and product names mentioned may be trademarks of others.
Contents Preface..................................................................................................................................... 5 Document conventions......................................................................................5 Text formatting conventions.................................................................. 5 Command syntax conventions.............................................................. 5 Notes, cautions, and warnings....................................
Access Gateway policies overview............................................................... 47 Displaying current policies ............................................................... 47 Access Gateway policy enforcement matrix .................................... 47 Advanced Device Security policy ................................................................. 48 How the ADS policy works................................................................ 48 Enabling and disabling the ADS policy.......
Disabling F_Port trunking....................................................................74 Monitoring trunking .............................................................................74 AG trunking considerations for the Edge switch................................. 74 Trunking considerations for Access Gateway mode........................... 77 Upgrade and downgrade considerations for trunking in Access Gateway mode..............................................................................
4 Access Gateway Administrator's Guide 53-1003126-01
Preface ● Document conventions......................................................................................................5 ● Brocade resources............................................................................................................ 7 ● Contacting Brocade Technical Support.............................................................................7 ● Document feedback..........................................................................................................
Notes, cautions, and warnings Convention Description value In Fibre Channel products, a fixed value provided as input to a command option is printed in plain text, for example, --show WWN. [] Syntax components displayed within square brackets are optional. Default responses to system prompts are enclosed in square brackets. {x|y|z} A choice of required parameters is enclosed in curly brackets separated by vertical bars. You must select one of the options.
Brocade resources Brocade resources Visit the Brocade website to locate related documentation for your product and additional Brocade resources. You can download additional publications supporting your product at www.brocade.com. Select the Brocade Products tab to locate your product, then click the Brocade product name or image to open the individual product page. The user manuals are available in the resources module at the bottom of the page under the Documentation category.
Document feedback • • • • OEM/Solution Providers are trained and certified by Brocade to support Brocade® products. Brocade provides backline support for issues that cannot be resolved by the OEM/Solution Provider. Brocade Supplemental Support augments your existing OEM support contract, providing direct access to Brocade expertise. For more information, contact Brocade or your OEM. For questions regarding service levels and response times, contact your OEM/Solution Provider.
About This Document ● Supported hardware and software.................................................................................... 9 ● What’s new in this document............................................................................................ 9 ● Key terms for Access Gateway.......................................................................................
Key terms for Access Gateway Key terms for Access Gateway For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary at: http://www.snia.org/education/dictionary For definitions specific to Brocade and Fibre Channel, refer to the Brocade Glossary . The following terms are used in this manual to describe Access Gateway mode and its components.
Access Gateway Basic Concepts ● Brocade Access Gateway overview ...............................................................................11 ● Fabric OS features in Access Gateway mode................................................................ 13 ● Access Gateway port types.............................................................................................20 ● Access Gateway hardware considerations.....................................................................
Access Gateway Basic Concepts Refer to the figures below for a comparison between switch function in Native mode and switch function in AG mode.
Fabric OS features in Access Gateway mode Fabric OS features in Access Gateway mode In the table below, "Yes" indicates that the feature is supported in Access Gateway mode. "No" indicates that the feature is not provided in AG mode. "NA" indicates the feature is not applicable in Access Gateway mode. A single asterisk (*) indicates the feature is transparent to AG; that is, AG forwards the request to the Enterprise fabric.
Access Gateway Basic Concepts TABLE 1 Fabric OS components supported on Access Gateway (Continued) Feature Support Audit Yes Beaconing Yes Bottleneck Detection Yes Buffer Credit Recovery (CR) Yes Refer to Buffer credit recovery support on page 16 . Config Download/Upload Yes Device Authentication Yes Refer to Device authentication support on page 17. DHCP Yes Diagnostic Port (D_Port) Yes Refer to D_Port support on page 44.
Access Gateway Basic Concepts TABLE 1 Fabric OS components supported on Access Gateway (Continued) Feature Support Forward Error Correction (FEC) Yes Refer to Forward error correction support on page 16.
Buffer credit recovery support TABLE 1 Fabric OS components supported on Access Gateway (Continued) Feature Support Track Changes Yes Trunking Yes** User-Defined Roles Yes Value Line Options (Static POD, DPOD) Yes Virtual Fabrics No Refer to Virtual Fabrics support on page 17 .
Virtual Fabrics support Virtual Fabrics support Although you cannot enable AG mode on a switch enabled for Virtual Fabrics or enable Virtual Fabrics on an AG switch, you can connect ports on an AG switch to Virtual Fabrics. Device authentication support Devices use authentication as a mechanism to log in into switches only after exchanging DH_CHAP authorization keys. This prevents any unauthorized device from logging into switch and fabric by default.
Supported Fabric OS commands TABLE 2 Behavior of sending AG switch and receiving fabric switch with different policies configured AG switch with switch policy mode on AG switch with switch policy off Fabric switch with device policy mode ON Fabric switch with device policy mode PASSIVE Fabric switch with device policy mode OFF Authorization negotiation accept Authorization negotiation accept Authorization negotiation reject DH-CHAP/FCAP: DH-CHAP/FCAP: Success - N_Port Success - N_Port N_Port w
Limitations and considerations Limitations and considerations • • • • • • • Authentication policy is not supported on cascaded AG switch configurations. Authentication is not supported between an AG switch running Fabric OS v7.1.0 or later and a fabric running Fabric OS earlier than v7.1.0. If the AG switch is connected to fabric switch running Fabric OS earlier than v7.1.0, the AG switch N_Ports will disable if authentication is enabled on both switches.
FDMI support • • VF mode distribution is not applicable to an AG. The distribute command is not supported in AG mode. Hence, an AG cannot distribute its password database to any of the switches in native mode. FDMI support Starting with Fabric OS 7.3.0, AG can register its N_Port with FDMI devices, and the fdmishow command is supported to display the device details in AG as well. The fdmishow command in an AG will display only the local devices, and the remote device details are blocked.
Access Gateway Basic Concepts The figure below shows a comparison of the types of ports a switch in AG mode uses to the type of ports that a switch uses in standard mode. FIGURE 3 Port usage comparison You can convert a Fibre Channel port into a D_Port on AG switch and a connected fabric switch, another AG switch (cascaded configuration), or an HBA to test the link between the ports.
Access Gateway hardware considerations portDPortTest, during or after testing. Once in D_Port mode, the port does not participate in fabric operations, login to a remote device, or run data traffic. FIGURE 4 Diagnostic port configurations The table below shows a comparison of port configurations between AG and a standard fabric switch. TABLE 4 Port configurations Port type Available on Access Gateway? Available on Fabric switch? F_Port Yes Connects hosts and targets to Access Gateway.
Configuring Ports in Access Gateway Mode ● Enabling and disabling Access Gateway mode.............................................................. 23 ● Access Gateway mapping...............................................................................................25 ● N_Port configurations......................................................................................................42 ● D_Port support...............................................................................................
Port state description 9. Enter the switchShow command to display the status and port state of all ports. Refer to the Fabric OS Command Reference for examples of output. For a description of the port state, refer to Table 5 on page 24. When you disable AG mode, the switch automatically reboots and comes back online using the fabric switch configuration; the AG parameters, such as port mapping, and Failover and Failback, are automatically removed.
Access Gateway mapping Access Gateway mapping When operating in AG mode, you must specify pre-provisioned routes that AG will use to direct traffic from the devices (hosts or targets) on its F_Ports to the ports connected to the fabric using its N_Ports. This is unlike Native switch mode where the switch itself determines the best path between its F_Ports. This process of pre-provisioning routes in AG mode is called "mapping.
Port mapping Port mapping F_Ports must be mapped to N_Ports before the F_Ports can come online. The figure below shows an example in which eight F_Ports are mapped evenly to four N_Ports on a switch in AG mode. The N_Ports connect to the same fabric through different Edge switches. FIGURE 5 Port mapping example The following table describes the port mapping details for the above example.
Default port mapping Default port mapping When you first enable a switch for AG mode, the F_Ports are mapped to a set of predefined N_Ports by default. The table below describes the default port mapping for all supported hardware platforms. By default, Failover and Failback policies are enabled on all N_Ports. If you want to change the default mapping, refer to Adding F_Ports to an N_Port on page 31. Note that all F_Ports must be mapped to an N_Port before the F_Port can come online.
Configuring Ports in Access Gateway Mode TABLE 7 Access Gateway default port mapping (Continued) Brocade Model Total Ports F_Ports N_Ports Default port mapping M5424 24 1–16 0, 17–23 1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 7, 8 mapped to 20 9, 10 mapped to 21 11, 12 mapped to 22 13, 14 mapped to 23 15, 16 mapped to 0 5430 16 1–10 0, 11–15 10 mapped to 0 1, 5 mapped to 11 2, 6 mapped to 12 3, 7 mapped to 13 4, 8 mapped to 14 9 mapped to 15 5431 16 4–15 0–3 4, 5, 12 mapped to
Configuring Ports in Access Gateway Mode TABLE 7 Access Gateway default port mapping (Continued) Brocade Model Total Ports F_Ports N_Ports Default port mapping 5460 26 6–25 0–5 6, 16 mapped to 0 7, 17 mapped to 1 8, 12, 18, and 22 mapped to 2 9, 13, 19, and 23 mapped to 3 10, 14, 20, and 24 mapped to 4 11, 15, 21, and 25 mapped to 5 5470 20 1–14 0, 15–19 1, 2 mapped to 0 3, 4 mapped to 15 5, 6, 7 mapped to 16 8, 9 mapped to 17 10, 11 mapped to 18 12, 13, 14 mapped to 19 5480 24 1–16 0, 17
Configuring Ports in Access Gateway Mode TABLE 7 Access Gateway default port mapping (Continued) Brocade Model Total Ports F_Ports N_Ports Default port mapping M6505 24 1–16 0, 17–23 1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 7, 8 mapped to 20 9, 10 mapped to 21 11, 12 mapped to 22 13, 14 mapped to 23 15, 16 mapped to 0 6510 48 0–39 40–47 0-4 mapped to 40 5–9 mapped to 41 10–14 mapped to 42 15–19 mapped to 43 20–24 mapped to 44 25–29 mapped to 45 30–34 mapped to 46 35–39 mapped to
Considerations for initiator and target ports TABLE 7 Access Gateway default port mapping (Continued) Brocade Model Total Ports F_Ports N_Ports Default port mapping 6548 28 1–16 0, 17–27 1, 13 mapped to 0 2, 14 mapped to 17 3, 15 mapped to 18 4, 16 mapped to 19 5 mapped to 20 6 mapped to 21 7 mapped to 22 8 mapped to 23 9 mapped to 24 10 mapped to 25 11 mapped to 26 12 mapped to 27 Considerations for initiator and target ports The following connections are possible for the Fibre Channel Protocol
Removing F_Ports from an N_Port The F_Port list can contain multiple F_Port numbers separated by semicolons. In the following example, F_Ports 6 and 7 are mapped to N_Port 13. switch:admin> ag --mapadd 13 "6;7" F-Port to N-Port mapping has been updated successfully 3. Enter the ag --mapshow command and specify the port number to display the list of mapped F_Ports. Verify that the added F_Ports appear in the list. Removing F_Ports from an N_Port 1.
Considerations for using F_Port Static Mapping with other AG features and policies Considerations for using F_Port Static Mapping with other AG features and policies Consider the following when using F_Port Static Mapping with Access Gateway features and policies: • • • • • • F_Port Static Mapping functions with cascaded Access Gateway configurations. Failover, failback, and preferred secondary N_Port settings are disabled for F_Ports that are statically mapped.
Configuring Ports in Access Gateway Mode • • Logins from a device mapped to a specific N_Port or N_Port group (device mapping) always have priority over unmapped devices that log in to an F_Port that has been mapped to the same N_Port or N_Port group (port mapping).
Configuring Ports in Access Gateway Mode The figure below illustrates an example of device mapping to port groups. In the example, WWNs 1, 2, and 3 can connect to any N_Port in Port Group 1 (PG1), while WWNs 4 and 5 can connect with any N_Port in Port Group 2 (PG2).
Static versus dynamic mapping The figure below shows an example of device mapping to specific N_Ports. Note that you can map one or multiple WWNs to one N_Port to allow multiple devices to log in through one N_Port.
Device mapping to port groups (recommended) • • Device mapping to an N_Port and to an N_Port group are considered static. Static mappings persists across reboots and can be saved and restored with Fabric OS configUpload and configDownload commands. Automatic Device Load Balancing, if enabled, is considered dynamic. These mappings exist only while a device is logged in. Dynamic mappings cannot be saved or edited by the administrator and do not persist across reboots.
Device mapping to N_Ports The following example removes all devices mapped to port group 3. ag --delwwnpgmapping 3 --all 6. Enter the ag --wwnmapshow command to display the list of WWNs mapped to port groups and verify that the correct devices have been mapped to the desired port group. Device mapping to N_Ports Use the following steps to add one or more devices to an N_Port to route all device traffic to and from the device through the specified N_Port.
Enabling device mapping The following example disables device mapping for two WWNs. switch:admin> ag --wwnmappingdisable "10:00:00:06:2b:0f:71:0c; 10:00:00:05:1e:5e: 2c:11" 3. Enter the ag--wwnmappingdisable command with the --all option to disable mapping for all available WWNs. The --all option will not affect mappings made in the future. Disabled mappings can be modified without automatically enabling them. The following example removes device mapping for all available WWNs.
VMware configuration considerations error. This also applies to using Fabric OS commands for device mapping. You could also map several devices to a new port group and then create the group without error. You can also remove one device, and then remove another device without error.
Mapping priority Mapping priority To avoid potential problems when both port and device mapping are implemented, AG uses the following priority system when verifying policies to select the N_Port where a fabric login (FLOGI) is routed. Access Gateway considers all available mappings in the following order until one can be used. NOTE Only NPIV devices can use device mapping and the automatic Device Load Balancing policy. Device Load Balancing policy is enabled per module rather than per port group.
N_Port configurations N_Port configurations By default, on embedded switches, only the internal ports of Access Gateway are configured as F_Ports. All external ports are configured (locked) as N_Ports. On standalone switches with AG support, a preset number of ports are locked as N_Ports, and the rest of the ports operate as standard F_Ports. Although some ports are locked as N_Ports, these ports can be converted to F_Ports.
Displaying N_Port configurations Displaying N_Port configurations Use the following steps to determine which ports on a switch are locked as N_Ports. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portcfgnport command. Command output will display "ON" for locked N_Ports. Unlocking N_Ports By default, on embedded switches, all external ports are configured in N_Port lock mode when you enable Access Gateway.
D_Port support D_Port support The Diagnostic (D_Port) feature is supported on 16-Gbps ports in the following configurations: • • • An AG switch connected to an AG switch in cascaded configuration (supports only static D_Port). An AG switch connected to a Brocade fabric switch (supports only static D_Port). An AG switch connected to a Brocade HBA (supports static D_Port starting with Fabric OS 7.2.0; dynamic D_Port starting with Fabric OS 7.3.0 and HBA v3.2.0).
Saving port mappings • • D__Port must be configured on the AG, fabric switch, cascaded AG switch, or HBA before enabling D_Ports on both sides of the link. Otherwise, the port will be persistently disabled. After configuring D_Port for an AG switch port, mapping will be not be retained. Static D_Port configuration cannot be made unless mappings are removed from the port. This includes F_Port-toN_Port, static, preferred, and device (WWN) mapping.
Saving port mappings 46 Access Gateway Administrator's Guide 53-1003126-01
Managing Policies and Features in Access Gateway Mode ● Access Gateway policies overview................................................................................. 47 ● Advanced Device Security policy ................................................................................... 48 ● Automatic Port Configuration policy ............................................................................... 51 ● Port Grouping policy...........................................................................
Advanced Device Security policy TABLE 8 Policy enforcement matrix (Continued) Policies Auto Port Configuration N_Port Grouping N_Port Trunking Advanced Device Security N_Port Grouping Mutually exclusive N/A Yes Yes N_Port Trunking Yes Yes N/A Yes Advanced Device Security Yes Yes Yes N/A Device Load Balancing Yes Yes Yes No Advanced Device Security policy Advanced Device Security (ADS) is a security policy that restricts access to the fabric at the AG level to a set of authorized devic
Allow lists 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --policyenable ads command to enable the ADS policy. switch:admin> ag --policyenable ads The policy ADS is enabled 3. Enter the ag - - policydisable ads command to disable the ADS policy. switch:admin> ag --policydisable ads The policy ADS is disabled NOTE Use the ag --policyshow command to determine the current status of the ADS policy.
Setting the list of devices not allowed to log in Setting the list of devices not allowed to log in 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsset command with the appropriate options to set the list of devices not allowed to log in to specific ports. In the following example, ports 11 and 12 are set to "no access.
Displaying the list of allowed devices on the switch Displaying the list of allowed devices on the switch 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsshow command. For each F_Port, command output will show access for all devices, a list of device WWNs, or no access. For more details on this command and its output, refer to the Fabric OS Command Reference Manual .
Disabling the APC policy 3. Enter the configUpload command to save the switch’s current configuration. 4. Enter the ag --policydisable pg command to disable the Port Grouping (PG) policy. 5. Enter the ag --policyenable auto command to enable the APC policy. 6. At the command prompt, type Y to enable the policy. The switch is ready; a reboot is not required. Disabling the APC policy 1. Connect to the switch and log in using an account assigned to the admin role. 2.
How port groups work How port groups work Create port groups using the ag --pgcreate command. This command groups N_Ports together as "port groups." By default, any F_Ports mapped to the N_Ports belonging to a port group will become members of that port group. Port grouping fundamentally restricts failover of F_Ports to the N_Ports that belong to that group. For this reason, an N_Port cannot be member of two port groups.
Adding an N_Port to a port group connected to the redundant fabric into a single port group. It is recommended to have paths fail over to the redundant fabric when the primary fabric goes down. FIGURE 10 Port group 1 (PG1) setup Adding an N_Port to a port group 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgadd command with the appropriate options to add an N_Port to a specific port group.
Renaming a port group Renaming a port group 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgrename command with the appropriate options to rename a port group. In the following example, port group 2 is renamed to MyEvenFabric. switch:admin> ag --pgrename 2 MyEvenFabric Port Group 2 has been renamed as MyEvenFabric successfully Disabling the Port Grouping policy The Port Grouping (PG) policy is enabled by default for Access Gateway.
Creating a port group and enabling Automatic Login Balancing mode other than 120 seconds using the steps under Setting the current MFNM mode timeout value on page 57. Creating a port group and enabling Automatic Login Balancing mode 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgcreate command with the appropriate options to create a port group.
Enabling MFNM mode • cases, you might consider a manual login distribution that forces a rebalancing of F_Ports to N_Ports. To control automatic rebalancing to avoid disruptions when the Port Grouping policy is enabled, refer to Rebalancing F_Ports on page 56. Enabling MFNM mode 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgsetmodes command with the appropriate options to enable MFNM mode.
Upgrade and downgrade considerations for the Port Grouping policy • • • • • APC policy and PG policy are mutually exclusive. You cannot enable these policies at the same time. If an N_Port is added to a port group or deleted from a port group and Automatic Login Balancing mode is enabled or disabled for the port group, the N_Port maintains its original failover or failback setting. If an N_Port is deleted from a port group, it automatically gets added to port group 0.
Disabling the Device Load Balancing policy 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the configUpload command to save the switch’s current configuration. 3. The Port Grouping policy must be enabled to enable Device Load Balancing. Enter the ag -policyshow command to determine if the Port Grouping policy is enabled. If it is not enabled, enter ag --policyenable pg to enable this policy. 4.
Enabling the Persistent ALPA policy • • In "Flexible" mode, the AG logs an event that it did not receive the same (requested) ALPA from the core fabric and brings up the device with the ALPA assigned by the fabric. In the "Stringent" mode, if the requested ALPA is not available, the server login will be rejected and the server port cannot log in to the fabric. Enabling the Persistent ALPA policy By default, Persistent ALPA is disabled.
Displaying device data In the example, PWWN is the port that you want to remove from the database. Displaying device data You can view the ALPA of the host related to any ports you delete from the database. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --printalpamap command with the appropriate option to display a database entry for a specific F_Port. The following example will display an entry for F_Port 2.
Failover with port mapping N_Port goes offline. This occurs regardless of whether the Failover policy is enabled or disabled for the primary N_Port. Failover with port mapping The Failover policy allows F_Ports to automatically remap to an online N_Port if the primary N_Port goes offline. If multiple N_Ports are available for failover, the Failover policy evenly distributes the F_Ports to available N_Ports belonging to the same N_Port group.
Failover example Failover example The following example shows the failover sequence of events in a scenario where two fabric ports go offline, one after the other. Note that this example assumes that no preferred secondary N_Port is set for any of the F_Ports. • First, the Edge switch F_A1 port goes offline, as shown in Example 1 below, causing the corresponding Access Gateway N_1 port to be disabled. The ports mapped to N_1 fail over; F_1 fails over to N_2 and F_2 fails over to N_3.
Managing Policies and Features in Access Gateway Mode 64 Access Gateway Administrator's Guide 53-1003126-01
Adding a preferred secondary N_Port (optional) Adding a preferred secondary N_Port (optional) F_Ports automatically fail over to any available N_Port. Alternatively, you can specify a preferred secondary N_Port in case the primary N_Port fails. If the primary N_Port goes offline, the F_Ports fail over to the preferred secondary N_Port (if it is online), then re-enable. If the secondary N_Port is offline, the F_Ports will disable. Define the preferred secondary N_Ports per F_Port.
Adding a preferred secondary N_Port for device mapping (optional) Adding a preferred secondary N_Port for device mapping (optional) Use the following steps to configure a secondary N_Port where devices will connect if their first or primary N_Port, if defined, is unavailable. 1. Connect to the switch and log in using an account assigned to the admin role. 2.
Enabling and disabling the Failover policy for a port group 3. Enter the ag --failoverenable N_Port command to enable failover. switch:admin> ag --failoverenable 13 Failover policy is enabled for port 13 4. Enter the ag --failoverdisable N_Port command to disable failover. switch:admin> ag --failoverdisable 13 Failover policy is disabled for port 13 Enabling and disabling the Failover policy for a port group The Failover policy can be enabled on a port group.
Failback policy configurations in Access Gateway Failback policy configurations in Access Gateway The following sequence describes how a failback event occurs: • • • When an N_Port comes back online, with the Failback policy enabled, the F_Ports that were originally mapped to it are temporarily disabled. The F_Port is rerouted to the primary mapped N_Port, and then re-enabled. The host establishes a new connection with the fabric.
Enabling and disabling the Failback policy on an N_Port Ports F_1 and F_2 are mapped to N_1 and continue routing to N_3. Ports F_3 and F_4, which were originally mapped to N_2, are disabled and rerouted to N_2, and then enabled. FIGURE 12 Failback behavior Enabling and disabling the Failback policy on an N_Port Use the following steps to enable or disable the Failback policy on N_Ports. 1. Connect to the switch and log in using an account assigned to the admin role. 2.
Enabling and disabling the Failback policy for a port group • Enter the ag --failbackenable n_portnumber command to enable failback. switch:admin> ag --failbackenable 13 Failback policy is enabled for port 13 • Enter the ag --failbackdisable n_portnumber command to disable failback.
Trunking in Access Gateway mode Trunking in Access Gateway mode The hardware-based Port Trunking feature enhances management, performance, and reliability of Access Gateway N_Ports when they are connected to Brocade fabrics. Port trunking combines multiple links between the switch and AG module to form a single, logical port. This enables fewer individual links, thereby simplifying management.
Trunk group creation Trunk group creation Port trunking is enabled between two separate Fabric OS switches that support trunking and where all the ports on each switch reside in the same quad and are running the same speed. Trunk groups form when you connect two or more cables on one Fabric OS switch to another Fabric OS switch with ports in the same port group or quad. A port group or a quad is a set of sequential ports; for example, ports 0-3.
Enabling the DCC policy on a trunk You can remove specified ports from a TA using the porttrunkarea --disable command, however, this command does not unassign a TA if its previously assigned Area_ID is the same address identifier (Area_ID) of the TA unless all the ports in the trunk group are specified to be unassigned. For more information on the porttrunkarea command, enter help porttrunkarea or see the Fabric OS Command Reference Manual.
Disabling F_Port trunking command forms a trunk group for ports 36-39 with index 37. These will be connected to N_Ports on an AG module. switch:admin> porttrunkarea --enable 36-39 -index 37 Trunk area 37 enabled for ports 36, 37, 38 and 39. 4. Enter the portenable port command for each port in the TA to re-enable the desired ports, such as ports 36-39. 5. Enter the switchshow command to display the switch or port information, including created trunks.
Managing Policies and Features in Access Gateway Mode TABLE 10 Access Gateway trunking considerations for the Edge switch (Continued) Category Description Authentication Authentication occurs only on the F_Port trunk master port and only once per the entire trunk. This behavior is the same as E_Port trunk master authentication.
Managing Policies and Features in Access Gateway Mode TABLE 10 Access Gateway trunking considerations for the Edge switch (Continued) Category Description Trunk Master No more than one trunk master in a trunk group. The second trunk master will be persistently disabled with reason "Area has been acquired". Fast Write When you assign a Trunk Area to a trunk group, the trunk group cannot have fast write enabled on those ports; if a port is fast- write-enabled, the port cannot be assigned a Trunk Area.
Trunking considerations for Access Gateway mode TABLE 10 Access Gateway trunking considerations for the Edge switch (Continued) Category Description AD You cannot create a Trunk Area on ports with different Admin Domains. You cannot create a Trunk Area in AD255. DCC Policy DCC policy enforcement for the F_Port trunk is based on the Trunk Area; the FDISC request to a trunk port is accepted only if the WWN of the attached device is part of the DCC policy against the TA.
Upgrade and downgrade considerations for trunking in Access Gateway mode trunk will be proportional to the number of ports in that trunk. Use the ag -show command to determine the devices using a particular trunk. Upgrade and downgrade considerations for trunking in Access Gateway mode Upgrading to Fabric OS v7.1.0 and downgrading to Fabric OS v6.4.0 and earlier is supported.
Upgrade and downgrade considerations for Adaptive Networking in AG mode The figure below shows the starting point for QoS in various Brocade and non-Brocade configurations. FIGURE 13 Starting point for QoS Upgrade and downgrade considerations for Adaptive Networking in AG mode Upgrading to Fabric OS v7.1.0 from Fabric OS v6.4.0 is supported. Note the following considerations when upgrading to Fabric OS v7.1.0 from Fabric OS v6.2.X and earlier and downgrading from Fabric OS v7.1.0 to Fabric OS v6.2.
Per-Port NPIV login limit • • switch also tries to come up as a master. To avoid this issue, simply persistently enable the slave F_Port on the switch. QoS takes precedence over ingress rate limiting Ingress rate limiting is not enforced on trunked ports. Per-Port NPIV login limit The Per-Port NPIV login limit feature allows you to set a specific maximum NPIV login limit on individual ports. This feature works in both Native and Access Gateway modes.
Performance Monitoring • • PWWN will be rejected and the port will be persistently disabled with reason as "Duplicate Port WWN detected." Enforced login - The second login request will have precedence over the existing login and Access Gateway will accepts the login. Mixed - This option takes port type into consideration. The second login request will have precedence over the existing login in case of a duplicate entry exit on the F_Port with an NPIV device logged in.
Legacy performance monitoring features Access Gateway switches support flow monitors on F_Ports only, and only the ingress port parameter is supported. For more information on using Flow Monitor features for Access Gateway in Flow Vision, refer to the Flow Vision Administrator's Guide . Legacy performance monitoring features Instead of Flow Monitor, you can use the legacy end-to-end and frame monitoring features available through Advanced Performance Monitoring (APM).
Frame monitors Frame monitors Frame monitors count the number of times a frame with a particular pattern is transmitted by a port and generate alerts when thresholds are crossed. Frame monitoring is achieved by defining a filter, or frame type, for a particular purpose. The frame type can be a standard type (for example, an SCSI read command filter that counts the number of SCSI read commands that have been transmitted by the port) or a frame type that you can customize for a particular use.
Considerations for the Brocade 6505 and 6510 Considerations for the Brocade 6505 and 6510 The Brocade 6505 and 6510 can function in either Fabric OS Native mode or Brocade Access Gateway mode. These switches are shipped in Fabric OS Native mode. They are also supported in Access Gateway cascaded configurations. All POD licenses must be present to support Access Gateway for all releases prior to Fabric OS 7.3.0. However, starting with Fabric OS 7.3.0, all POD licenses are not required.
SAN Configuration with Access Gateway ● Connectivity of multiple devices overview.......................................................................85 ● Direct target attachment..................................................................................................86 ● Target aggregation..........................................................................................................87 ● Access Gateway cascading...........................................................................
Direct target attachment Direct target attachment FCP targets can directly connect to an AG module instead of through a fabric connection, as illustrated in the figure below. FIGURE 14 Direct target attachment to switch operating in AG mode Although target devices can be connected directly to AG ports, it is recommended that the switch operating in AG mode be connected to the core fabric.
Target aggregation • • • • • Direct target attachment to AG is only supported if the AG module is also connected to a core fabric. A switch module running in AG mode does not provide Name Services on its own, and routing to the target devices must be established by the core fabric. Hosts and targets cannot be mapped to the same N_Port. Redundant configurations should be maintained so that when hosts and targets fail over or fail back, they do not get mapped to a single N_Port.
Access Gateway cascading speeds (such as 1, 2, or 4 Gbps) onto a single high-speed uplink port to the core fabric. This reduces the number of core fabric ports used by target devices and allows higher scalability. FIGURE 15 Target aggregation Access Gateway cascading Access Gateway cascading is an advanced configuration supported in Access Gateway mode. Access Gateway cascading allows you to further increase the ratio of hosts to fabric ports to beyond what a single switch in AG mode can support.
Access Gateway cascading considerations Access Gateway cascading allows you to link two Access Gateway (AG) switches back to back. The AG switch that is directly connected to the fabric is referred to as the Core AG. In this document, the AG switch connected to the device is referred to as the Edge AG. FIGURE 16 Access Gateway cascading AG cascading provides higher over-subscription because it allows you to consolidate the number of ports going to the main fabric.
Fabric and Edge switch configuration Fabric and Edge switch configuration To connect devices to the fabric using Access Gateway, configure the fabric and Edge switches within the fabric that will connect to the AG module using the following parameters. These parameters apply to Fabric OS, M-EOS, and Cisco-based fabrics: • • • Install and configure the switch as described in the switch’s hardware reference manual before performing these procedures.
Connectivity to Cisco fabrics For the Mi10K switch, enter the following command. fc osmsState vfid state In the command, vfid is the virtual fabric identification number. The state variable can be enable for the enabled state or disable for the disabled state. The osmsState variable can be enable or 1 for the enabled state or disable or 0 for the disabled state. 3. Enable NPIV functionality on the Edge fabric ports so that multiple logins are allowed for each port.
Reverting to a previous configuration • • If you saved a Fabric OS configuration before enabling AG mode, download the configuration using the configDownload command. If you want to rejoin the switch to the fabric using the fabric configuration, use the following procedure. To rejoin the Fabric OS switch to a fabric, perform the following steps: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the switchDisable command to disable the switch. 3.
Troubleshooting The following table provides troubleshooting information for Fabric OS switches in AG mode. TABLE 12 Troubleshooting Problem Cause Solution Switch is not in Access Gateway mode Switch is in Native switch mode Disable switch using the switchDisable command. Enable Access Gateway mode using the ag --modeenable command. Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command.
Troubleshooting TABLE 12 Troubleshooting (Continued) Problem Cause Solution Failover is not working Failover disabled on N_Port. Verify that the failover and failback policies are enabled, as follows: Enter the ag --failoverShow command with the port_number option. Enter the ag --failbackShow command with the port_number option. Command returns "Failback (or Failover) on N_Port port_number is supported." If it returns, "Failback (or Failover) on N_Port port_number is not supported.
Index B A Access Gateway cascading 88 comparison to standard switches 20 compatible fabrics 11 connecting devices 85 connecting two AGs 88 description 11 displaying information 90 features 13 limitations 22 mapping description 26 port types 20 Access Gateway mode comparison 11 disabling 23 port types 20 supported firmware versions 85 terms 10 verifying 23 adaptive networking AG considerations 79 upgrade and downgrade considerations 79 adding devices to fabric 50 address Identifier 72 admin domain 74 ADS
enabling switch 91 limitations with configdownload command 74 merging switch with fabric 91 re-joining switch to fabric 91 saving 91 using configdownload command 92 D E Edge switch FLOGI 90 long distance mode setting 90 NPIV 90 settings 90 end to end monitors 82 ensure port online state 43 D_Port description 20 descriptionD_Port configurations supported 44 saving port mappings 45 tests 44 daisy chaining 85 F F_Port adding external port on embedded switch 42 description 20 mapping, example 26 maximum
I configurations 42 description 20 displaying configurations 43 failover in a PG 57 mapping example 26 masterless trunking 71 maximum number supported 42 multiple trunk groups 77 trunk groups 77 unlock 43 unlocking 43 ICL ports, limitations 74 inband queries 90 initiator and target port considerations 31 J join fabric 91 N_Port configurations L displaying 43 limitations device load balancing 59 direct connections to target devices 22 loop devices not supported 22 login balancing considerations 56 lo
comparison 20 mapping 25 requirements 85 types 20 portcfgpersistentenable command 43 port group add N_Port 54 createport group add N_Port 56 delete N_Port 54 disabling 55 enabling logging balancing mode 56 login balancing mode 55 managed fabric name monitoring mode 55 remove port group 54 rename 55 port grouping policy considerations 57 downgrading considerations 58 Port Grouping policy using portcfgnport command 43 port mapping adding F_Ports to N_Ports 31 adding ports 31 adding secondary N_Port 65 co
schemes 90 setting 91 Access Gateway Administrator's Guide 53-1003126-01 99
100 Access Gateway Administrator's Guide 53-1003126-01