53-1002919-01 26 July 2013 Access Gateway Administrator’s Guide Supporting Fabric OS v7.2.
Copyright © 2013 Brocade Communications Systems, Inc. All Rights Reserved. ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners.
Document History Document title Publication number Summary of changes Publication date Access Gateway Administrator’s Guide 53-1000430-01 First version. January 2007 Access Gateway Administrator’s Guide 53-1000633-01 Added support for the 200E. June 2007 Access Gateway Administrator’s Guide 53-1000605-01 Added support for new policies and changes to N_Port mappings. October 2007 Access Gateway Administrator’s Guide 53-1000605-02 Added support for the March 2008 300 and 4424 models.
iv Access Gateway Administrator’s Guide 53-1002919-01
Contents About This Document How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . xiv What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Access Gateway mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 F_Port Static Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Device mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Considerations for Access Gateway mapping . . . . . . . . . . . . . . 28 N_Port configurations . . . . . . . . . . . . . . . . . . . . .
Persistent ALPA policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Enabling the Persistent ALPA policy . . . . . . . . . . . . . . . . . . . . . . 48 Disabling the Persistent ALPA policy. . . . . . . . . . . . . . . . . . . . . . 49 Persistent ALPA device data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Clearing ALPA values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Persistent ALPA policy considerations . . . . . . . . . . . . . . .
Chapter 4 SAN Configuration with Access Gateway Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . . 73 Considerations for connecting multiple devices . . . . . . . . . . . . 73 Direct target attachment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Considerations for direct target attachment . . . . . . . . . . . . . . . 74 Target aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Access Gateway cascading. . .
Figures Figure 1 Switch function in Native mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Figure 2 Switch function in Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Figure 3 Port usage comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Figure 4 Diagnostic port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
x Access Gateway Administrator’s Guide 53-1002919-01
Tables Table 1 Fabric OS components supported on Access Gateway . . . . . . . . . . . . . . . . . . . . . 3 Table 2 Behavior of sending AG switch and receiving fabric switch with different policies configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Table 3 Behavior of sending device (HBA) and receiving AG switch with different policies configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xii Access Gateway Administrator’s Guide 53-1002919-01
About This Document • How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii • Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv • What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv • Notice to the reader . . . . . . . . . . . . . . . . . . . . .
Supported hardware and software In those instances in which procedures or parts of procedures documented here apply to some switches but not to others, this guide identifies which switches are supported and which are not. Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc., for Fabric OS v7.1.0, documenting all possible configurations and scenarios is beyond the scope of this document.
• Chapter 3 - Added new section, “Duplicate PWWN handling during device login” on page 68. - Removed “Considerations for the Brocade 8000” section. - Added support for portcfgtrunkport command in Access Gateway. • Appendix A - Removed “Login Rejected by FC stack” problem for Brocade 8000. For further information, refer to the release notes. Document conventions This section describes text formatting conventions and important notices formats.
... Repeat the previous element, for example “member[;member...]” value Fixed values following arguments are printed in plain font. For example, --show WWN | Boolean. Elements are exclusive. Example: --show -mode egress | ingress Notes, cautions, and warnings The following notices appear in this document. NOTE A note provides a tip, guidance, or advice, emphasizes important information, or provides a reference to related information.
Key terms for Access Gateway For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary at: http://www.snia.org/education/dictionary For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary. The following terms are used in this manual to describe Access Gateway mode and its components.
Additional information This section lists additional Brocade and industry-specific documentation that you might find helpful. Brocade resources To get up-to-the-minute information, go to http://my.brocade.com to register at no cost for a user ID and password. White papers, online demonstrations, and data sheets are available through the Brocade website at: http://www.brocade.com/products-solutions/products/index.page For additional Brocade documentation, visit the Brocade website: http://www.brocade.
Getting technical help Contact your switch support supplier for hardware, firmware, and software support, including product repairs and part ordering. To expedite your call, have the following information available: 1.
xx Access Gateway Administrator’s Guide 53-1002919-01
Chapter Access Gateway Basic Concepts 1 • Brocade Access Gateway overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 • Fabric OS features in Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . 3 • Access Gateway port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 • Access Gateway hardware considerations. . . . . . . . . . . . . . . . . . . . . . . . . . .
1 Brocade Access Gateway overview For comparison, Figure 1 illustrates switch function in Native mode and Figure 2 illustrates switch function in AG mode.
Fabric OS features in Access Gateway mode FIGURE 2 1 Switch function in Access Gateway mode Fabric OS features in Access Gateway mode Table 1 lists Fabric OS components that are supported on a switch when AG mode is enabled. “Yes” indicates that the feature is supported in Access Gateway mode. “No” indicates that the feature is not provided in AG mode. “NA” indicates the feature is not applicable in Access Gateway mode.
1 Fabric OS features in Access Gateway mode TABLE 1 4 Fabric OS components supported on Access Gateway (Continued) Feature Support Buffer Credit Recovery (CR) Yes Refer to “Buffer credit recovery support” on page 6. Config Download/Upload Yes Device Authentication Yes Refer to “Device authentication support” on page 6. DHCP Yes Diagnostic Port (D_Port) Yes Refer to “D_Port support” on page 32.
Fabric OS features in Access Gateway mode TABLE 1 Fabric OS components supported on Access Gateway (Continued) Feature Support Manufacturing Diagnostics Yes N_Port ID Virtualization (NPIV) Yes Name Server NA Native Interoperability Mode NA Network Time Protocol (NTP) No (no relevance from fabric perspective)2 Open E_Port NA Performance Monitor Yes Persistent ALPA Yes Port Decommission No Port Mirroring No QuickLoop, QuickLoop Fabric Assist No Remote Authentication Dial-In User Ser
1 Fabric OS features in Access Gateway mode Buffer credit recovery support This Fabric OS feature is supported on 8 Gbps and 16 Gbps platforms in following configurations: • Between AG switch F_Port and Brocade HBA port using Adapter v3.2 or greater firmware or any device supporting credit recovery, This feature only works at the maximum supported speed of the HBA port (8 Gbps or 16 Gbps). • Between AG switch N_Port and Brocade fabric switch or cascaded AG switch F_Port.
Fabric OS features in Access Gateway mode 1 • Access Gateway switch N_Port connected to Brocade fabric switch F_Port. The N_port should enable authentication when authentication is enabled on the connected switch. This can be done by enabling switch policy on the AG switch and device policy on the fabric switch. • Access Gateway switch F_Port connected to an HBA. The F_Port also should enable authentication when the connected device is sending login request with authentication enabled.
1 Fabric OS features in Access Gateway mode TABLE 2 Behavior of sending AG switch and receiving fabric switch with different policies configured AG switch with switch policy mode on AG switch with switch policy off Fabric switch with device policy mode ON Fabric switch with device policy mode PASSIVE Fabric switch with device policy mode OFF Authorization negotiation accept Authorization negotiation accept Authorization negotiation - reject DH-CHAP/FCAP: Success - N_Port Failure - disable DH-CH
Access Gateway port types 1 Limitations and considerations • Authentication policy is not supported on cascaded AG switch configurations. • Authentication is not supported between an AG switch running Fabric OS v7.1.0 or later and a fabric running Fabric OS earlier than v7.1.0. If the AG switch is connected to fabric switch running Fabric OS earlier than v7.1.0, the AG switch N_Ports will disable if authentication is enabled on both switches.
1 Access Gateway port types Figure 3 shows a comparison of the types of ports a switch in AG mode uses to the type of ports that a switch uses in standard mode.
Access Gateway hardware considerations 1 Table 4 shows a comparison of port configurations between AG and a standard fabric switch. TABLE 4 Port configurations Port type Available on Access Gateway? Available on Fabric switch? F_Port Yes Connects hosts and targets to Access Gateway. Yes Connects devices, such as hosts, HBAs, and storage to the fabric. N_Port Yes Connects Access Gateway to a fabric switch. NA N_Ports are not supported. E_Port NA ISL is not supported.
1 12 Access Gateway hardware considerations Access Gateway Administrator’s Guide 53-1002919-01
Chapter 2 Configuring Ports in Access Gateway Mode • Enabling and disabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . • Access Gateway mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • N_Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • D_Port support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Enabling and disabling Access Gateway mode 7. Enter the ag --modeshow command to verify that AG mode is enabled. switch:admin> ag --modeshow Access Gateway mode is enabled. You can display the port mappings and status of the host connections to the fabric on Access Gateway. 8. Enter the ag --mapshow command to display all the mapped ports. The ag --mapshow command shows all enabled N_Ports, even if those N_Ports are not connected. 9.
Access Gateway mapping TABLE 5 2 Port state description (Continued) State Description Lock_Ref Locking to the reference signal Testing Running diagnostics Offline Connection not established (only for virtual ports) Online Port is up and running Access Gateway mapping When operating in AG mode, you must specify pre-provisioned routes that AG will use to direct traffic from the devices (hosts or targets) on its F_Ports to the ports connected to the fabric using its N_Ports.
2 Access Gateway mapping Port mapping F_Ports must be mapped to N_Ports before the F_Ports can come online. Figure 5 on page 16 shows an example in which eight F_Ports are mapped evenly to four N_Ports on a switch in AG mode. The N_Ports connect to the same fabric through different Edge switches.
Access Gateway mapping 2 NOTE All Ports On Demand (POD) licenses must be present to use Access Gateway on the Brocade 300, 5100, 6505, and 6510. TABLE 7 .
2 Access Gateway mapping TABLE 7 18 Access Gateway default port mapping (Continued) Brocade Model Total ports F_Ports N_Ports Default port mapping 5430 16 1-10 0, 11-15 10 mapped to 0 1, 5 mapped to 11 2, 6 mapped to 12 3, 7 mapped to 13 4, 8 mapped to 14 9 mapped to 15 5431 16 4-15 0-3 4, 5, 12 mapped to 0 6, 7, 13 mapped to 1 8, 9, 14 mapped to 2 10, 11, 15 mapped to 3 5450 26 1-25 Not all ports may be present.
Access Gateway mapping TABLE 7 2 Access Gateway default port mapping (Continued) Brocade Model Total ports F_Ports N_Ports Default port mapping M6505 24 1-16 0, 17-31 1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 7, 8 mapped to 20 9, 10 mapped to 21 11, 12 mapped to 22 13, 14 mapped to 23 14, 15 mapped to 0 6510 48 0-39 40-47 0-4 mapped to 40 5-9 mapped to 41 10-14 mapped to 42 15-19 mapped to 43 20-24 mapped to 44 25-29 mapped to 45 30-34 mapped to 46 35-39 mapped to 47 6547 48
2 Access Gateway mapping • If connecting a host and target port to the same AG, you should map them to separate N_Ports and connect those N_Ports to the same fabric. • Use separate port groups for initiator and target ports. • When configuring secondary port mapping for failover and failback situations, make sure that initiator and target F_Ports will not fail over or fail back to the same N_Port. Adding F_Ports to an N_Port You can modify the default port mapping by adding F_Ports to an N_Port.
Access Gateway mapping 2 F_Port Static Mapping The F_Port Static Mapping feature allows you to change mapping of an F_Port to a different N_Port using a single Fabric OS command (staticadd or staticdel), rather than using the ag --mapdel command to delete the existing N_Port port mapping to an F_Port, and then the ag --mapadd command to map a different N_Port to the F_Port. Using two commands can be slow and can cause some time-critical applications to malfunction.
2 Access Gateway mapping Upgrade and downgrade considerations • All static mappings will be maintained when upgrading to the latest Fabric OS version. • When downgrading, you must remove all static mappings or downgrade will not be allowed. Device mapping Device mapping allows you to map individual N_Port ID Virtualization (NPIV) devices to N_Ports.
Access Gateway mapping Hosts/Targets WWN1 2 Access Gateway F_1 N_1 F_2 N_2 WWN2 PG1 F_3 N_3 WWN3 F_4 N_4 WWN4 F_5 N_5 WWN5 PG2 F_6 N_6 FIGURE 6 Example of device mapping to N_Port groups Figure 7 shows an example of device mapping to specific N_Ports. Note that you can map one or multiple WWNs to one N_Port to allow multiple devices to log in through one N_Port.
2 Access Gateway mapping Hosts/Targets Access Gateway WWN1 F_1 WWN2 F_2 N_1 N_2 WWN3 WWN4 F_3 WWN5 F_4 N_3 N_4 WWN6 WWN7 F_5 WWN8 F_6 FIGURE 7 N_5 Example device mapping to an N_Port Static versus dynamic mapping Device mapping can be classified as either “static” or “dynamic” as follows: • Device mapping to an N_Port and to an N_Port group are considered static.
Access Gateway mapping 2 Use the following steps to map one or more devices to an N_Port group or remove device mapping from an N_Port group. 1. Connect to the switch and log in using an account assigned to the admin role. 2. To add one or multiple device WWNs to an N_Port group, enter the ag --addwwnpgmapping Port_Group command with the [WWN];[WWN] option. All the listed device WWNs will use the least-loaded N_Port in the port group when they log in, unless a specific device mapping can be used instead.
2 Access Gateway mapping 3. To change all current device mappings to a different N_Port, enter the ag --addwwnmapping N_Port command with the --all option. The following command changes all the existing device mappings to use port 17. ag --addwwnmapping 17 --all 4. To remove mapping for one or multiple devices from an N_Port, enter the ag --delwwnmapping N_Port command with the [WWN];[WWN] option.
Access Gateway mapping 2 The following example enables two device WWNs. switch:admin> ag --wwnmappingenable “10:00:00:06:2b:0f:71:0c; 10:00:00:05:1e:5e:2c:11” 3. Enter the ag --wwnmappingenable command with the --all option to enable mapping for all currently available WWNs. The --all option will not affect mappings made in the future. Any mapping added for a new device (a device for which mapping is not disabled) will be enabled by default.
2 Access Gateway mapping When this behavior occurs, the VM’s WWN will be properly logged in to the fabric. The WWN appears in the output of ag --show and ag --wwnmapshow, as well as on the switch. The output from the portperfshow command displays all traffic on the port to which the ESX server port is mapped (base PID). Configuring device mapping To configure WWN mapping on VMware ESX systems, use the following steps. 1.
Access Gateway mapping 2 1. Static device mapping to N_Port (if defined) 2. Device mapping to N_Port group (if defined) For more information, refer to “Port Grouping policy” on page 41. 3. Automatic Device Load Balancing within a port group (if enabled) For more information, refer to “Port Grouping policy” on page 41. 4. Port mapping to an N_Port 5. Port mapping to an N_Port in a port group (if defined) For more information, refer to “Port Grouping policy” on page 41.
2 N_Port configurations N_Port configurations By default, on embedded switches, only the internal ports of Access Gateway are configured as F_Ports. All external ports are configured (locked) as N_Ports. On standalone switches with AG support, a preset number of ports are locked as N_Ports, and the rest of the ports operate as standard F_Ports. Although some ports are locked as N_Ports, these ports can be converted to F_Ports.
N_Port configurations 2 Displaying N_Port configurations Use the following steps to determine which ports on a switch are locked as N_Ports. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portcfgnport command. Command output will display “ON” for locked N_Ports. Unlocking N_Ports By default, on embedded switches, all external ports are configured in N_Port lock mode when you enable Access Gateway.
2 D_Port support D_Port support The Diagnostic (D_Port) feature is supported on 16 Gbps ports only in the following configurations: • AG switch connected to AG switch in cascaded configuration. • AG switch connected to Brocade fabric switch. • AG switch connected to a Brocade Host Bus Adapter (HBA). You can convert a Fibre Channel port into a D_Port on an AG switch, Brocade HBA, fabric switch, or another AG switch (cascaded configuration) to test the link between the ports.
D_Port support 2 Limitations and considerations Following are specific limitations and considerations for using D_Ports in AG switch configurations. For a complete list of D_Port limitations and considerations, refer to the Fabric OS Troubleshooting and Diagnostics Guide. • D-Port must be configured on the AG, fabric switch, cascaded AG switch, or HBA before enabling D-ports on both sides of the link. Otherwise the port will be persistently disabled.
2 34 D_Port support Access Gateway Administrator’s Guide 53-1002919-01
Chapter Managing Policies and Features in Access Gateway Mode • Access Gateway policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Advanced Device Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Automatic Port Configuration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Port Grouping policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Device Load Balancing policy .
3 Advanced Device Security policy Access Gateway policy enforcement matrix Table 8 shows which policies can be enabled at the same time. For example, in the Auto Port Configuration policy row, only N_Port Trunking and Advanced Device Security can be enabled with this policy.
Advanced Device Security policy 3 Enabling and disabling the ADS policy By default, the ADS policy is disabled. When you manually disable the ADS policy, all of the allow lists (global and per-port) are cleared. Before disabling the ADS policy, you should save the configuration using the configUpload command in case you need this configuration again. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --policyenable ads command to enable the ADS policy.
3 Advanced Device Security policy Setting the list of devices not allowed to log in 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsset command with the appropriate options to set the list of devices not allowed to log in to specific ports. In the following example, ports 11 and 12 are set to “no access.
Automatic Port Configuration policy 3 switch:admin> ag --adsadd "3;9" "20:03:08:00:88:35:a0:12;21:00:00:e0:8b:88:01:8b" WWNs added successfully to Allow Lists of the F_Port[s] Displaying the list of allowed devices on the switch 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsshow command. For each F_Port, command output will show access for all devices, a list of device WWNs, or no access.
3 Automatic Port Configuration policy Enabling and disabling the APC policy Use the following steps to enable and disable Automatic Port Configuration policy. This policy is disabled by default in Access Gateway. Enabling the APC policy 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the switchDisable command to ensure that the switch is disabled. 3. Enter the configUpload command to save the switch’s current configuration. 4.
Port Grouping policy 3 Port Grouping policy Use the Port Grouping (PG) policy to partition the fabric, host, or target ports within an AG-enabled module into independently operated groups. Use the PG policy in the following situations: • When connecting the AG module to multiple physical or virtual fabrics. • When you want to isolate specific hosts to specific fabric ports for performance, security, or other reasons. How port groups work Create port groups using the ag --pgcreate command.
3 Port Grouping policy F_Port1 N_Port1 Fabric-1 Storage Array F_Port2 AG PG1 F_Port3 N_Port2 Fabric-2 F_Port4 FIGURE 10 Port group 1 (PG1) setup Adding an N_Port to a port group 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgadd command with the appropriate options to add an N_Port to a specific port group. In the following example, N_Port 14 is added to port group 3.
Port Grouping policy 3 Renaming a port group 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgrename command with the appropriate options to rename a port group. In the following example, port group 2 is renamed to MyEvenFabric. switch:admin> ag --pgrename 2 MyEvenFabric Port Group 2 has been renamed as MyEvenFabric successfully Disabling the Port Grouping policy The Port Grouping (PG) policy is enabled by default for Access Gateway.
3 Port Grouping policy Managed Fabric Name Monitoring mode When enabled, Managed Fabric Name Monitoring (MFNM) mode queries the fabric name at a specific time period. If it detects an inconsistency, for example all the N_Ports within a port group are not physically connected to the same physical or virtual fabric, it generates a RASLOG message. In “default” mode, a message is logged into RASLOG.
Port Grouping policy 3 5. Enter the agautomapbalance --show command to display the automatic login redistribution settings for port groups. In the following example, there are two port groups, 0 and 1. switch:admin> agautomapbalance --show AG Policy: pg -------------------------------------------PG_ID LB mode nport fport -------------------------------------------0 Enabled Enabled Disabled 1 Disabled - This command also displays the automatic login redistribution settings for N_Ports and F_Ports.
3 Port Grouping policy Displaying the current MFNM mode timeout value 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgfnmtov command to display the current MFNM timeout value. switch:admin> ag --pgfnmtov Fabric Name Monitoring TOV: 120 seconds Setting the current MFNM mode timeout value 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgfnmtov command, followed by a value in seconds.
Device Load Balancing policy 3 Upgrade and downgrade considerations for the Port Grouping policy Downgrading to Fabric OS v6.4.0 or earlier is supported. Note the following considerations when upgrading to Fabric OS 7.1.0: • When upgrading to Fabric OS v7.1.0 from v6.4.0, the PG policy that was enforced in Fabric OS v6.4.0 continues to be enforced in Fabric OS v7.1.0 and the port groups are retained.
3 Persistent ALPA policy Device Load Balancing policy considerations • The Device Load Balancing policy should be enabled on the edge AG of a cascaded AG configuration. • The Device Load Balancing policy is not applicable on a port group when the APC policy or Automatic Login Balancing are enabled. • If a device is mapped to a port that is currently part of a trunk, then the device will use that trunk.
Persistent ALPA policy 3 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --persistentalpaenable command to enable persistent ALPA in flexible (-f) or stringent (-s) mode. The following example shows enabling the policy in flexible mode.
3 Failover policy Clearing ALPA values You can clear the ALPA values for a specific port. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --clearalpamap command with the appropriate option to remove the PWW-to-ALPA mapping for a specific port. In the following example, the mapping for port 2 is cleared from the database. switch:admin> ag --clearalpamap 2 NOTE All the device data must be persistent in case of a reboot.
Failover policy 3 NOTE If failover and failback policy are disabled, an F_Port mapped to an N_Port will go offline when the N_Port goes offline and it will go online when the N_Port comes online. Failover configurations in Access Gateway The following sequence describes how a failover event occurs: • An N_Port goes offline. • All F_Ports mapped to that N_Port are temporarily disabled.
3 Failover policy Example 1 Hosts Host_1 Example 2 Hosts Access Gateway Fabric F_1 Host_1 Access Gateway Fabric F_1 Edge Switch (Switch_A) Host_2 F_2 F_A1 Edge Switch (Switch_A) Host_2 F_2 N_1 Host_3 Host_3 F_3 F_A2 F_3 F_A2 N_2 Host_4 F_A1 N_1 N_2 Host_4 F_4 F_4 Edge Switch (Switch_B) Host_5 F_B1 F_5 Edge Switch (Switch_B) Host_5 N_3 Host_6 F_6 F_B1 F_5 N_3 F_B2 Host_6 F_6 N_4 F_B2 N_4 Host_7 F_7 Host_7 F_7 Host_8 F_8 Host_8 F_8 Legend Physical connection Mapped o
Failover policy 3 Deleting F_Ports from a preferred secondary N_Port 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --prefdel command with the “F_Port1;F_Port2;...” N_Port options to delete F_Ports from an N_Port. The list of F_Ports must be enclosed in quotation marks. Port numbers must be separated by a semicolon. In the following example, F_Ports 3 and 9 are deleted from preferred secondary N_Port 4.
3 Failover policy Deleting a preferred secondary N-Port for device mapping (optional) Use the following steps to remove a secondary N_Port where devices will connect if their first or primary N_Port, if defined, is unavailable. 1. Connect to the switch and log in using an account assigned to the admin role. 2. To delete an N_Port configured as a failover port for one or multiple devices mapped to a specific N_Port, enter the ag --delwwnfailovermapping N_Port command with the “[WWN];[WWN]” option.
Failback policy 3 3. Enter the ag --failoverdisable -pg pgid command to disable failover. switch:admin> ag --failoverdisable -pg 3 Failover policy is disabled for port group 3 Upgrade and downgrade considerations for the Failover policy Consider the following when upgrading or downgrading Fabric OS versions: • Downgrading to Fabric OS v6.4.0 or earlier is supported. • Upgrading from Fabric OS v6.4.0 to v7.1.0 or downgrading from Fabric OS v7.1.0 to v6.4.0 will not change failover settings.
3 Failback policy Ports F_1 and F_2 are mapped to N_1 and continue routing to N_3. Ports F_3 and F_4, which were originally mapped to N_2, are disabled and rerouted to N_2, and then enabled.
Failback policy 3 Enabling and disabling the Failback policy for a port group Use the following steps to enable or disable the Failback policy on all the N_Ports belonging to the same port group. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Use the following commands to enable or disable the Failback policy for a port group: • Enter the ag --failbackenable pg pgid command to enable failback on a port group.
3 Trunking in Access Gateway mode Trunking in Access Gateway mode The hardware-based Port Trunking feature enhances management, performance, and reliability of Access Gateway N_Ports when they are connected to Brocade fabrics. Port trunking combines multiple links between the switch and AG module to form a single, logical port. This enables fewer individual links, thereby simplifying management.
Trunking in Access Gateway mode 3 Trunk group creation Port trunking is enabled between two separate Fabric OS switches that support trunking and where all the ports on each switch reside in the same quad and are running the same speed. Trunk groups form when you connect two or more cables on one Fabric OS switch to another Fabric OS switch with ports in the same port group or quad. A port group or a quad is a set of sequential ports; for example, ports 0-3.
3 Trunking in Access Gateway mode Assigning a trunk area You must enable trunking on all ports to be included in a trunk area before you can create a trunk area. Use the portCfgTrunkPort or switchCfgTrunk command to enable trunking on a port or on all ports of a switch. Issue the porttrunkarea command to assign a static TA on a port or port trunk group, to remove a TA from a port or group of ports in a trunk, and to display masterless trunking information.
Trunking in Access Gateway mode 3 3. Turn on the trunk ports. Trunk ports should be turned on after issuing the secpolicyactivate command to prevent the ports from becoming disabled in the case where there is a DCC security policy violation. Enabling trunking 1. Connect to the switch and log in using an account assigned to the admin role. 2. Disable the desired ports by entering the portdisable port command for each port to be included in the TA. 3.
3 Trunking in Access Gateway mode AG trunking considerations for the Edge switch Table 10 describes the Access Gateway trunking considerations for the Edge switch. TABLE 10 Access Gateway trunking considerations for the Edge switch Category Description Area assignment You statically assign the area within the trunk group on the Edge switch. That group is the F_Port masterless trunk.
Trunking in Access Gateway mode TABLE 10 Access Gateway trunking considerations for the Edge switch (Continued) Category Description Default Area Port X is a port that has its Default Area the same as its Trunk Area. The only time you can remove port X from the trunk group is if the entire trunk group has the Trunk Area disabled. portCfgTrunkPort [slot/] port, 0 portCfgTrunkPort [slot/] port, 0 will fail if a Trunk Area is enabled on a port. The port must be Trunk Area-disabled first.
3 Trunking in Access Gateway mode TABLE 10 Access Gateway trunking considerations for the Edge switch (Continued) Category Description configDownload and configUpload If you issue the configdownload command for a port configuration that is not compatible with F_Port trunking, and the port is Trunk-Area-enabled, then the port will be persistently disabled. Note: Configurations that are not compatible with F_Port trunking are long distance, port mirroring, non-CORE_PID, and Fast Write.
Adaptive Networking on Access Gateway 3 Table 11 describes the PWWN format for F_Port and N_Port trunk ports. TABLE 11 PWWN format for F_Port and N_Port trunk ports NAA = 2 2f:xx:nn:nn:nn:nn:nn:nn (1) Port WWNs for: switch FX_Ports. The valid range of xx is [0 - FF], for maximum of 256. NAA = 2 25:xx:nn:nn:nn:nn:nn:nn (1) Port WWNs for: switch FX_Ports The valid range of xx is [0 - FF], for maximum of 256.
3 Adaptive Networking on Access Gateway QoS: Ingress rate limiting Ingress rate limiting restricts the speed of traffic from a particular device to the switch port. On switches in AG mode, you must configure ingress rate limiting on F_Ports. For more information and procedures for configuring this feature, refer to “Ingress Limiting” in the Fabric OS Administrator’s Guide.
Per-Port NPIV login limit 3 Adaptive Networking on Access Gateway considerations • • • • QoS is configured in the fabric, as normal, and not on the AG module. QoS on Access Gateway is only supported on Fabric OS v6.3 and later. You should disable HBA QoS if connected to a Fabric OS v6.2 AG switch. Disable QoS on an AG port if it connects with a switch running Fabric OS v6.2. Otherwise, the port will automatically disable with an error. To recover, disable QoS on the port, and then enable the port.
3 Duplicate PWWN handling during device login Duplicate PWWN handling during device login Handling of logins from two devices using the same PWWN follows standards for all Fabric OS switches. Having two devices with the same PWWN logged into the fabric at the same time may not be desirable as there have been cases when ports coming online get stuck in G_Port state in the AG switch.
Performance Monitoring 3 Flow Monitor expands on basic performance monitoring by allowing you to monitor any hardware-supported flow parameters and define your own flows using combinations of source and destination devices, source and destination IDs, LUN IDs, CSCTL values, and frame types as parameters. Following are examples of monitors that you can replicate using Flow Monitor: • End to End Monitor - This measures the traffic in terms of word count between a pair of ports (host and target).
3 Performance Monitoring • RX_COUNT - Words in frames received at the port • TX_COUNT - Words in frames transmitted from the port To enable end-to-end performance monitoring, you must install an end-to-end monitor on an F_Port using the perfAddEEMonitor command, specifying the SID-DID pair (in hexadecimal). End-to-end monitoring on N-ports is not supported in AG mode. Complete details of the perfAddEEMonitor command parameters are provided in the Fabric OS Command Reference Manual.
Considerations for the Brocade 6505 and 6510 3 For more information on frame monitoring, including the following topics, refer to the “Frame monitoring” section in the Fabric OS Administrator’s Guide: • • • • • • • • • • General feature information Maximum number of frame monitors and offsets per port for different switch models Virtual fabric considerations Adding frame monitors to a port Removing frame monitors from a port Creating custom frame types to be monitored Deleting frame types Saving frame m
3 72 Considerations for the Brocade 6505 and 6510 Access Gateway Administrator’s Guide 53-1002919-01
Chapter 4 SAN Configuration with Access Gateway • Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . . . . . . . . • Direct target attachment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Target aggregation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Access Gateway cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 Direct target attachment Direct target attachment FCP targets can directly connect to an AG module instead of through a fabric connection, as illustrated in Figure 14.
Target aggregation 4 • Hosts and targets should be in separate port groups. • Direct target attachment configurations are not enforced. Target aggregation Access Gateway mode is normally used as host aggregation. In other words, a switch in AG mode aggregates traffic from a number of host systems onto a single uplink N_Port. Similarly, many targets can be aggregated onto to a single uplink N_Port, as shown in Figure 15. Target aggregation has many applications.
4 Access Gateway cascading Access Gateway cascading Access Gateway cascading is an advanced configuration supported in Access Gateway mode. Access Gateway cascading allows you to further increase the ratio of hosts to fabric ports to beyond what a single switch in AG mode can support. Access Gateway cascading allows you to link two Access Gateway (AG) switches back to back. The AG switch that is directly connected to the fabric is referred to as the Core AG.
Fabric and Edge switch configuration 4 • Due to high subscription ratios that could occur when cascading AGs, ensure there is enough bandwidth for all servers when creating such configurations. The subscription ratio becomes more acute in a virtual environment. Fabric and Edge switch configuration To connect devices to the fabric using Access Gateway, configure the fabric and Edge switches within the fabric that will connect to the AG module using the following parameters.
4 Connectivity to Cisco fabrics See Table 5 on page 14 for a description of the port state. If the switch is in Native mode, you can enable AG mode; otherwise, set the switch to Native mode, and then reboot the switch. Enabling NPIV on M-EOS switches 1. Connect to the switch and log in as admin on the M-EOS switch. 2. Enable Open Systems Management Server (OSMS) services by entering the following commands. For the Mi10K switch, enter the following command.
Rejoining Fabric OS switches to a fabric 4 5. Enter the following commands to save the MDS switch connection: copy run start Your Cisco switch is now ready to connect to a switch in Access Gateway mode. Rejoining Fabric OS switches to a fabric When a switch reboots after AG mode is disabled, the Default zone is set to no access. Therefore, the switch does not immediately join the fabric to which it is connected.
4 80 Rejoining Fabric OS switches to a fabric Access Gateway Administrator’s Guide 53-1002919-01
Appendix A Troubleshooting Table 12 provides troubleshooting instructions for Access Gateway. TABLE 12 Troubleshooting Problem Cause Solution Switch is not in Access Gateway mode Switch is in Native switch mode Disable switch using the switchDisable command. Enable Access Gateway mode using the ag --modeenable command. Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command.
A Troubleshooting TABLE 12 Troubleshooting (Continued) Problem Cause Solution Access Gateway is mode not wanted Access Gateway must be disabled. Disable switch using the switchDisable command. Disable Access Gateway mode using the ag --modeDisable command. Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command. Verify that the field switchMode displays Fabric OS Native mode.
Index A Access Gateway cascading, 76 comparison to standard switches, 9 compatible fabrics, 1 connecting devices, 73 connecting two AGs, 76 description, 1 displaying information, 78 features, 3 limitations, 11 mapping description, 16 port types, 9 Access Gateway mode comparison, 2, 3 disabling, 14 port types, 9 supported firmware versions, 73 terms, xvii verifying, 14 adaptive networking, 65 AG considerations, 67 upgrade and downgrade considerations, 66 adding devices to fabric, 38 address Identifier, 60 a
commands ag --addwwnfailovermapping, 53 ag --addwwnpgmapping, 25 ag --delwwnfailovermapping, 54 ag --delwwnpgmapping, 25 ag --failbackEnable, 56, 57 ag --failbackShow, 56, 81 ag --failoverDisable, 54 ag --failoverEnable, 54, 55 ag --failoverShow, 54, 81 ag --mapAdd, 20 ag --mapDel, 20 ag --mapShow, 14, 20 ag --modeDisable, 14, 82 ag --modeEnable, 13, 81 ag --modeShow, 14 ag --policydisable wwnloadbalance, 47 ag --policyenable wwnloadbalance, 47 ag --wwnmapping, 25, 26, 53, 54 ag --wwnmappingdisable, 26 ag -
F J F_Port adding external port on embedded switch, 30 description, 9 mapping, example, 16 maximum number mapped to N_Port, 30 settings, Edge switch, 77 shared area ports, 60 trunking setup, 59 fabric compatibility, 77 inband queries, 77 join, 79 logins, 77 management server platform, 77 zoning scheme, 77 Fabric OS features supported, 3 Fabric OS management server platform service settings, 77 failback policy upgrade and downgrade considerations, 57 failback policy example, 51, 55 failover device mapping,
N N_Port configurations, 30 description, 9 displaying configurations, 31 failover in a PG, 46 mapping example, 16 masterless trunking, 58 maximum number supported, 30 multiple trunk groups, 65 trunk groups, 65 unlock, 31 unlocking, 31 N_Port configurations displaying, 31 N_Ports unlocking, 31 native switchMode, 77 non disruptive, 62 NPIV Edge switch, 77 enabling on Cisco switch, 78 enabling on M-EOS switch, 78 login limit, 67 support, 73 O optional features, xviii P per port NPIV login limit, 67 performan
port types, limitations, 62 portcfgpersistentenable command, 31 preferred secondary N_Port login balancing mode, 52 online, 51 PWWN duplicate handling during login, 68 format, 65 sharing TA trunk group, 62 Q QoS firmware downgrade, 66 ingress rate limiting, 66 SID/DID traffic prioritization, 65 trunking, 58 configuring on edge switch, 58 considerations in AG module, 65 considerations on edge switch, 62 disabling, 61 enabling, 61, 63 license, 58 U unlock N_Port, 31 upgrading, 62 V VMware configuration fo
88 Access Gateway Administrator’s Guide 53-1002919-01
