53-1002743-01 14 December 2012 Access Gateway Administrator’s Guide Supporting Fabric OS v7.1.
Copyright © 2007-2012 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, NetIron, SAN Health, ServerIron, and TurboIron are registered trademarks, and AnyIO, Brocade Assurance, Brocade NET Health, Brocade One, CloudPlex, MLX, VCS, VDX, and When the Mission Is Critical, the Network Is Brocade are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
Document History Document title Publication number Summary of changes Publication date Access Gateway Administrator’s Guide 53-1000430-01 First version. January 2007 Access Gateway Administrator’s Guide 53-1000633-01 Added support for the 200E. June 2007 Access Gateway Administrator’s Guide 53-1000605-01 Added support for new policies and changes to N_Port mappings. October 2007 Access Gateway Administrator’s Guide 53-1000605-02 Added support for the March 2008 300 and 4424 models.
iv Access Gateway Administrator’s Guide 53-1002743-01
Contents About This Document How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . xiv What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Access Gateway mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 F_Port Static Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Device mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Considerations for Access Gateway mapping . . . . . . . . . . . . . . 28 N_Port configurations . . . . . . . . . . . . . . . . . . . . .
Persistent ALPA policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Enabling the Persistent ALPA policy . . . . . . . . . . . . . . . . . . . . . . 48 Disabling the Persistent ALPA policy. . . . . . . . . . . . . . . . . . . . . . 49 Persistent ALPA device data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Clearing ALPA values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Persistent ALPA policy considerations . . . . . . . . . . . . . . .
Chapter 4 SAN Configuration with Access Gateway Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . . 73 Considerations for connecting multiple devices . . . . . . . . . . . . 73 Direct target attachment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Considerations for direct target attachment . . . . . . . . . . . . . . . 74 Target aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Access Gateway cascading. . .
Figures Figure 1 Switch function in Native mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Figure 2 Switch function in Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Figure 3 Port usage comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Figure 4 Diagnostic port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
x Access Gateway Administrator’s Guide 53-1002743-01
Tables Table 1 Fabric OS components supported on Access Gateway . . . . . . . . . . . . . . . . . . . . . 3 Table 2 Behavior of sending AG switch and receiving fabric switch with different policies configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Table 3 Behavior of sending device (HBA) and receiving AG switch with different policies configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xii Access Gateway Administrator’s Guide 53-1002743-01
About This Document • How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii • Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv • What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv • Notice to the reader . . . . . . . . . . . . . . . . . . . . .
Supported hardware and software In those instances in which procedures or parts of procedures documented here apply to some switches but not to others, this guide identifies which switches are supported and which are not. Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc., for Fabric OS v7.1.0, documenting all possible configurations and scenarios is beyond the scope of this document.
• Chapter 2 - Added port mapping details for the Brocade 5430 switch to “Access Gateway default port mapping” on page 17. Table 5, - Added “D_Port support” on page 32. • Chapter 3 - Added notes to “Failover policy” on page 50 and “Failback policy” on page 55 that If failover and failback policy are disabled, an F_Port mapped to an N_Port will go offline when the N_Port goes offline and it will go online when the N_Port comes online.
variable Variables are printed in italics. In the help pages, values are underlined or enclosed in angled brackets < >. ... Repeat the previous element, for example “member[;member...]” value Fixed values following arguments are printed in plain font. For example, --show WWN | Boolean. Elements are exclusive. Example: --show -mode egress | ingress Notes, cautions, and warnings The following notices appear in this document.
Corporation Referenced trademarks and products Emulex Corporation Emulex QLogic Corporation QLogic Key terms for Access Gateway For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary at: http://www.snia.org/education/dictionary For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary. The following terms are used in this manual to describe Access Gateway mode and its components.
Additional information This section lists additional Brocade and industry-specific documentation that you might find helpful. Brocade resources To get up-to-the-minute information, go to http://my.brocade.com to register at no cost for a user ID and password. White papers, online demonstrations, and data sheets are available through the Brocade website at: http://www.brocade.com/products-solutions/products/index.page For additional Brocade documentation, visit the Brocade website: http://www.brocade.
• • • • • Switch model Switch operating system version Error numbers and messages received supportSave command output Detailed description of the problem, including the switch or fabric behavior immediately following the problem, and specific questions • Description of any troubleshooting steps already performed and the results • Serial console and Telnet session logs • Syslog message logs 2.
xx Access Gateway Administrator’s Guide 53-1002743-01
Chapter Access Gateway Basic Concepts 1 • Brocade Access Gateway overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 • Fabric OS features in Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . 3 • Access Gateway port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 • Access Gateway hardware considerations. . . . . . . . . . . . . . . . . . . . . . . . . . .
1 Brocade Access Gateway overview FIGURE 1 2 Switch function in Native mode Access Gateway Administrator’s Guide 53-1002743-01
Fabric OS features in Access Gateway mode FIGURE 2 1 Switch function in Access Gateway mode Fabric OS features in Access Gateway mode Table 1 lists Fabric OS components that are supported on a switch when AG mode is enabled. “Yes” indicates that the feature is supported in Access Gateway mode. “No” indicates that the feature is not provided in AG mode. “NA” indicates the feature is not applicable in Access Gateway mode.
1 Fabric OS features in Access Gateway mode TABLE 1 4 Fabric OS components supported on Access Gateway (Continued) Feature Support Buffer Credit Recovery (CR) Yes Refer to “Buffer credit recovery support” on page 5. Config Download/Upload Yes Device Authentication Yes Refer to “Device authentication support” on page 6. DHCP Yes Diagnostic Port (D_Port) Yes Refer to “D_Port support” on page 32.
Fabric OS features in Access Gateway mode TABLE 1 1 Fabric OS components supported on Access Gateway (Continued) Feature Support Name Server NA Native Interoperability Mode NA Network Time Protocol (NTP) No (no relevance from fabric perspective)2 Open E_Port NA Performance Monitor Yes Persistent ALPA Yes Port Decommission No Port Mirroring No QuickLoop, QuickLoop Fabric Assist No Remote Authentication Dial-In User Service (RADIUS) Yes Resource Monitor Yes Security Yes (ADS/DCC P
1 Fabric OS features in Access Gateway mode It is highly recommended that you disable this feature on the AG switch before connecting to a switch running Fabric OS less than 7.1. Enable and disable CR using the portcfgcreditrecovery command. Refer to the Fabric OS Command Reference for more information on this command. Specific switch platforms support this feature either in R_RDY or VC_RDY mode.
Fabric OS features in Access Gateway mode 1 For details on installing FCAP certificates and creating DHCAP secrets on the switch in AG or native mode, refer to the Fabric OS Administrator’s Guide or Fabric OS Command Reference. For general information on authentication, refer to the section on authentication policy for fabric elements in the Configuring Security Policies chapter of the Fabric OS Administrator’s Guide.
1 Fabric OS features in Access Gateway mode TABLE 2 Behavior of sending AG switch and receiving fabric switch with different policies configured AG switch with switch policy mode on AG switch with switch policy off Fabric switch with device policy mode ON Fabric switch with device policy mode PASSIVE Fabric switch with device policy mode OFF Authorization negotiation accept Authorization negotiation accept Authorization negotiation - reject DH-CHAP/FCAP: Success - N_Port Failure - disable DH-CH
Access Gateway port types 1 • Authentication is not supported between an AG switch running Fabric OS v7.1.0 or later and a fabric running Fabric OS earlier than v7.1.0. If the AG switch is connected to fabric switch running Fabric OS earlier than v7.1.0, the AG switch N_Ports will disable if authentication is enabled on both switches. Devices mapped to N_Ports connected to fabrics operating with Fabric OS before v7.1.0 will also disable.
1 Access Gateway port types Access Gateway Ports Switch in AG mode Fabric Hosts N_Port Edge Switch F_Port N_Port N_Port F_Port NPIV enabled F_Port Fabric Switch Ports Fabric FIGURE 3 Hosts Switch in Native Fabric mode N_Port F_Port E_Port E_Port N_Port F_Port E_Port E_Port Fabric Switch Port usage comparison You can convert a Fibre Channel port into a D_Port on AG switch and a connected fabric switch or another AG switch (cascaded configuration) to test the link between the ports.
Access Gateway hardware considerations TABLE 4 1 Port configurations Port type Available on Access Gateway? Available on Fabric switch? F_Port Yes Connects hosts and targets to Access Gateway. Yes Connects devices, such as hosts, HBAs, and storage to the fabric. N_Port Yes Connects Access Gateway to a fabric switch. NA N_Ports are not supported. E_Port NA ISL is not supported.1 Yes Connects the switch to other switches to form a fabric.
1 12 Access Gateway hardware considerations Access Gateway Administrator’s Guide 53-1002743-01
Chapter 2 Configuring Ports in Access Gateway Mode • Enabling and disabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . • Access Gateway mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • N_Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • D_Port support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Enabling and disabling Access Gateway mode 7. Enter the ag --modeshow command to verify that AG mode is enabled. switch:admin> ag --modeshow Access Gateway mode is enabled. You can display the port mappings and status of the host connections to the fabric on Access Gateway. 8. Enter the ag --mapshow command to display all the mapped ports. The ag --mapshow command shows all enabled N_Ports, even if those N_Ports are not connected. 9.
Access Gateway mapping TABLE 5 2 Port state description (Continued) State Description Lock_Ref Locking to the reference signal Testing Running diagnostics Offline Connection not established (only for virtual ports) Online Port is up and running Access Gateway mapping When operating in AG mode, you must specify pre-provisioned routes that AG will use to direct traffic from the devices (hosts or targets) on its F_Ports to the ports connected to the fabric using its N_Ports.
2 Access Gateway mapping Port mapping F_Ports must be mapped to N_Ports before the F_Ports can come online. Figure 5 on page 16 shows an example in which eight F_Ports are mapped evenly to four N_Ports on a switch in AG mode. The N_Ports connect to the same fabric through different Edge switches.
Access Gateway mapping 2 NOTE All Ports On Demand (POD) licenses must be present to use Access Gateway on the Brocade 300, 5100, 6505, and 6510. TABLE 7 .
2 Access Gateway mapping TABLE 7 18 Access Gateway default port mapping (Continued) Brocade Model Total ports F_Ports N_Ports Default port mapping 5430 16 1-10 0, 11-15 1, 5 mapped to 11 2, 6 mapped to 12 3, 7 mapped to 13 4, 8 mapped to 14 9 mapped to 15 10 mapped to 0 5450 26 1-25 Not all ports may be present.
Access Gateway mapping TABLE 7 2 Access Gateway default port mapping (Continued) Brocade Model Total ports F_Ports N_Ports Default port mapping 6510 48 0-39 40-47 0-4 mapped to 40 5-9 mapped to 41 10-14 mapped to 42 15-19 mapped to 43 20-24 mapped to 44 25-29 mapped to 45 30-34 mapped to 46 35-39 mapped to 47 8000 32 8-31 FCoE ports mapped as F_Ports.
2 Access Gateway mapping Adding F_Ports to an N_Port You can modify the default port mapping by adding F_Ports to an N_Port. Adding an F_Port to an N_Port routes that traffic to and from the fabric through the specified N_Port. You can assign an F_Port to only one primary N_Port at a time. If the F_Port is already assigned to an N_Port, you must first remove it from the N_Port before you can add it to a different N_Port. Use the following steps to add an F_Port to an N_Port. 1.
Access Gateway mapping 2 Once F_Port Static Mapping is enabled, the F_Port and all attached devices log out of the previously mapped N_Port and log in to the new N_Port. Use the following steps to remove the static mapping: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Perform one of the following steps to remove mapping: - Map the F_Port to a different N_Port using the ag --staticadd.
2 Access Gateway mapping Device mapping Device mapping allows you to map individual N_Port ID Virtualization (NPIV) devices to N_Ports. By mapping device WWNs directly to an N_Port group (recommended) or specific N_Ports, traffic from the device will always go to the same N_Port or N_Port group, regardless of the F_Port where the device logs in.
Access Gateway mapping Hosts/Targets WWN1 2 Access Gateway F_1 N_1 F_2 N_2 WWN2 PG1 F_3 N_3 WWN3 F_4 N_4 WWN4 F_5 N_5 WWN5 PG2 F_6 N_6 FIGURE 6 Example of device mapping to N_Port groups Figure 7 shows an example of device mapping to specific N_Ports. Note that you can map one or multiple WWNs to one N_Port to allow multiple devices to log in through one N_Port.
2 Access Gateway mapping Hosts/Targets Access Gateway WWN1 F_1 WWN2 F_2 N_1 N_2 WWN3 WWN4 F_3 WWN5 F_4 N_3 N_4 WWN6 WWN7 F_5 WWN8 F_6 FIGURE 7 N_5 Example device mapping to an N_Port Static versus dynamic mapping Device mapping can be classified as either “static” or “dynamic” as follows: • Device mapping to an N_Port and to an N_Port group are considered static.
Access Gateway mapping 2 Use the following steps to map one or more devices to an N_Port group or remove device mapping from an N_Port group. 1. Connect to the switch and log in using an account assigned to the admin role. 2. To add one or multiple device WWNs to an N_Port group, enter the ag --addwwnpgmapping Port_Group command with the [WWN];[WWN] option. All the listed device WWNs will use the least-loaded N_Port in the port group when they log in, unless a specific device mapping can be used instead.
2 Access Gateway mapping 3. To change all current device mappings to a different N_Port, enter the ag --addwwnmapping N_Port command with the --all option. The following command changes all the existing device mappings to use port 17. ag --addwwnmapping 17 --all 4. To remove mapping for one or multiple devices from an N_Port, enter the ag --delwwnmapping N_Port command with the [WWN];[WWN] option.
Access Gateway mapping 2 The following example enables two device WWNs. switch:admin> ag --wwnmappingenable “10:00:00:06:2b:0f:71:0c; 10:00:00:05:1e:5e:2c:11” 3. Enter the ag --wwnmappingenable command with the --all option to enable mapping for all currently available WWNs. The --all option will not affect mappings made in the future. Any mapping added for a new device (a device for which mapping is not disabled) will be enabled by default.
2 Access Gateway mapping When this behavior occurs, the VM’s WWN will be properly logged in to the fabric. The WWN appears in the output of ag --show and ag --wwnmapshow, as well as on the switch. The output from the portperfshow command displays all traffic on the port to which the ESX server port is mapped (base PID). Configuring device mapping To configure WWN mapping on VMware ESX systems, use the following steps. 1.
Access Gateway mapping 2 1. Static device mapping to N_Port (if defined) 2. Device mapping to N_Port group (if defined) For more information, refer to “Port Grouping policy” on page 41. 3. Automatic Device Load Balancing within a port group (if enabled) For more information, refer to “Port Grouping policy” on page 41. 4. Port mapping to an N_Port 5. Port mapping to an N_Port in a port group (if defined) For more information, refer to “Port Grouping policy” on page 41.
2 N_Port configurations N_Port configurations By default, on embedded switches, only the internal ports of Access Gateway are configured as F_Ports. All external ports are configured (locked) as N_Ports. On standalone switches with AG support, a preset number of ports are locked as N_Ports, and the rest of the ports operate as standard F_Ports. Although some ports are locked as N_Ports, these ports can be converted to F_Ports.
N_Port configurations 2 Displaying N_Port configurations Use the following steps to determine which ports on a switch are locked as N_Ports. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portcfgnport command. Command output will display “ON” for locked N_Ports. Unlocking N_Ports By default, on embedded switches, all external ports are configured in N_Port lock mode when you enable Access Gateway.
2 D_Port support D_Port support You can convert a Fibre Channel port into a D_Port on an AG switch and connected fabric switch or another AG switch (cascaded configuration) to test the link between the ports. When you configure the ports on each end of the link as D_Ports, diagnostic tests automatically initiate on the link when the D_Ports go online. Once in D_Port mode, the port does not participate in fabric operations, login to a remote device, or run data traffic.
D_Port support 2 Saving port mappings Before configuring D_Ports, you must remove all mappings between the subject ports and device as they will not be retained. This includes port (N_Port to F_Port), device (WWN), static, and dynamic mapping. You can save N_Port mappings using Fabric OS commands. Once you save the mappings, you can display them so that you can manually reconfigure them after the D_Port is disabled. A command is also available to delete saved N_Port mappings.
2 34 D_Port support Access Gateway Administrator’s Guide 53-1002743-01
Chapter Managing Policies and Features in Access Gateway Mode • Access Gateway policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Advanced Device Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Automatic Port Configuration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Port Grouping policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Device Load Balancing policy .
3 Advanced Device Security policy Access Gateway policy enforcement matrix Table 8 shows which policies can be enabled at the same time. For example, in the Auto Port Configuration policy row, only N_Port Trunking and Advanced Device Security can be enabled with this policy.
Advanced Device Security policy 3 Enabling and disabling the ADS policy By default, the ADS policy is disabled. When you manually disable the ADS policy, all of the allow lists (global and per-port) are cleared. Before disabling the ADS policy, you should save the configuration using the configUpload command in case you need this configuration again. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --policyenable ads command to enable the ADS policy.
3 Advanced Device Security policy Setting the list of devices not allowed to log in 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsset command with the appropriate options to set the list of devices not allowed to log in to specific ports. In the following example, ports 11 and 12 are set to “no access.
Automatic Port Configuration policy 3 switch:admin> ag --adsadd "3;9" "20:03:08:00:88:35:a0:12;21:00:00:e0:8b:88:01:8b" WWNs added successfully to Allow Lists of the F_Port[s] Displaying the list of allowed devices on the switch 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsshow command. For each F_Port, command output will show access for all devices, a list of device WWNs, or no access.
3 Automatic Port Configuration policy Enabling and disabling the APC policy Use the following steps to enable and disable Automatic Port Configuration policy. This policy is disabled by default in Access Gateway. Enabling the APC policy 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the switchDisable command to ensure that the switch is disabled. 3. Enter the configUpload command to save the switch’s current configuration. 4.
Port Grouping policy 3 Port Grouping policy Use the Port Grouping (PG) policy to partition the fabric, host, or target ports within an AG-enabled module into independently operated groups. Use the PG policy in the following situations: • When connecting the AG module to multiple physical or virtual fabrics. • When you want to isolate specific hosts to specific fabric ports for performance, security, or other reasons. How port groups work Create port groups using the ag --pgcreate command.
3 Port Grouping policy F_Port1 N_Port1 Fabric-1 Storage Array F_Port2 AG PG1 F_Port3 N_Port2 Fabric-2 F_Port4 FIGURE 10 Port group 1 (PG1) setup Adding an N_Port to a port group 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgadd command with the appropriate options to add an N_Port to a specific port group. In the following example, N_Port 14 is added to port group 3.
Port Grouping policy 3 Renaming a port group 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgrename command with the appropriate options to rename a port group. In the following example, port group 2 is renamed to MyEvenFabric. switch:admin> ag --pgrename 2 MyEvenFabric Port Group 2 has been renamed as MyEvenFabric successfully Disabling the Port Grouping policy The Port Grouping (PG) policy is enabled by default for Access Gateway.
3 Port Grouping policy Managed Fabric Name Monitoring mode When enabled, Managed Fabric Name Monitoring (MFNM) mode queries the fabric name at a specific time period. If it detects an inconsistency, for example all the N_Ports within a port group are not physically connected to the same physical or virtual fabric, it generates a RASLOG message. In “default” mode, a message is logged into RASLOG.
Port Grouping policy 3 5. Enter the agautomapbalance --show command to display the automatic login redistribution settings for port groups. In the following example, there are two port groups, 0 and 1. switch:admin> agautomapbalance --show AG Policy: pg -------------------------------------------PG_ID LB mode nport fport -------------------------------------------0 Enabled Enabled Disabled 1 Disabled - This command also displays the automatic login redistribution settings for N_Ports and F_Ports.
3 Port Grouping policy Displaying the current MFNM mode timeout value 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgfnmtov command to display the current MFNM timeout value. switch:admin> ag --pgfnmtov Fabric Name Monitoring TOV: 120 seconds Setting the current MFNM mode timeout value 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgfnmtov command, followed by a value in seconds.
Device Load Balancing policy 3 Upgrade and downgrade considerations for the Port Grouping policy Downgrading to Fabric OS v6.4.0 or earlier is supported. Note the following considerations when upgrading to Fabric OS 7.1.0: • When upgrading to Fabric OS v7.1.0 from v6.4.0, the PG policy that was enforced in Fabric OS v6.4.0 continues to be enforced in Fabric OS v7.1.0 and the port groups are retained.
3 Persistent ALPA policy Device Load Balancing policy considerations • The Device Load Balancing policy should be enabled on the edge AG of a cascaded AG configuration. • The Device Load Balancing policy is not applicable on a port group when the APC policy or Automatic Login Balancing are enabled. • If a device is mapped to a port that is currently part of a trunk, then the device will use that trunk.
Persistent ALPA policy 3 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --persistentalpaenable command to enable persistent ALPA in flexible (-f) or stringent (-s) mode. The following example shows enabling the policy in flexible mode.
3 Failover policy 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --clearalpamap command with the appropriate option to remove the PWW-to-ALPA mapping for a specific port. In the following example, the mapping for port 2 is cleared from the database. switch:admin> ag --clearalpamap 2 NOTE All the device data must be persistent in case of a reboot. During a reboot, the tables will be dumped to the persistent_NPIV_config file.
Failover policy 3 Failover configurations in Access Gateway The following sequence describes how a failover event occurs: • An N_Port goes offline. • All F_Ports mapped to that N_Port are temporarily disabled. • If the Failover policy is enabled on an offline N_Port, the F_Ports mapped to it will be distributed among available online N_Ports. If a secondary N_Port is defined for any of these F_Ports, these F_Ports will be mapped to those N_Ports.
3 Failover policy Example 1 Hosts Host_1 Example 2 Hosts Access Gateway Fabric F_1 Host_1 Access Gateway Fabric F_1 Edge Switch (Switch_A) Host_2 F_2 F_A1 Edge Switch (Switch_A) Host_2 F_2 N_1 Host_3 Host_3 F_3 F_A2 F_3 F_A2 N_2 Host_4 F_A1 N_1 N_2 Host_4 F_4 F_4 Edge Switch (Switch_B) Host_5 F_B1 F_5 Edge Switch (Switch_B) Host_5 N_3 Host_6 F_6 F_B1 F_5 N_3 F_B2 Host_6 F_6 N_4 F_B2 N_4 Host_7 F_7 Host_7 F_7 Host_8 F_8 Host_8 F_8 Legend Physical connection Mapped o
Failover policy 3 Deleting F_Ports from a preferred secondary N_Port 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --prefdel command with the “F_Port1;F_Port2;...” N_Port options to delete F_Ports from an N_Port. The list of F_Ports must be enclosed in quotation marks. Port numbers must be separated by a semicolon. In the following example, F_Ports 3 and 9 are deleted from preferred secondary N_Port 4.
3 Failover policy Deleting a preferred secondary N-Port for device mapping (optional) Use the following steps to remove a secondary N_Port where devices will connect if their first or primary N_Port, if defined, is unavailable. 1. Connect to the switch and log in using an account assigned to the admin role. 2. To delete an N_Port configured as a failover port for one or multiple devices mapped to a specific N_Port, enter the ag --delwwnfailovermapping N_Port command with the “[WWN];[WWN]” option.
Failback policy 3 3. Enter the ag --failoverdisable -pg pgid command to disable failover. switch:admin> ag --failoverdisable -pg 3 Failover policy is disabled for port group 3 Upgrade and downgrade considerations for the Failover policy Consider the following when upgrading or downgrading Fabric OS versions: • Downgrading to Fabric OS v6.4.0 or earlier is supported. • Upgrading from Fabric OS v6.4.0 to v7.1.0 or downgrading from Fabric OS v7.1.0 to v6.4.0 will not change failover settings.
3 Failback policy Ports F_1 and F_2 are mapped to N_1 and continue routing to N_3. Ports F_3 and F_4, which were originally mapped to N_2, are disabled and rerouted to N_2, and then enabled.
Failback policy 3 Enabling and disabling the Failback policy for a port group Use the following steps to enable or disable the Failback policy on all the N_Ports belonging to the same port group. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Use the following commands to enable or disable the Failback policy for a port group: • Enter the ag --failbackenable pg pgid command to enable failback on a port group.
3 Trunking in Access Gateway mode Trunking in Access Gateway mode The hardware-based Port Trunking feature enhances management, performance, and reliability of Access Gateway N_Ports when they are connected to Brocade fabrics. Port trunking combines multiple links between the switch and AG module to form a single, logical port. This enables fewer individual links, thereby simplifying management.
Trunking in Access Gateway mode 3 Trunk group creation Port trunking is enabled between two separate Fabric OS switches that support trunking and where all the ports on each switch reside in the same quad and are running the same speed. Trunk groups form when you connect two or more cables on one Fabric OS switch to another Fabric OS switch with ports in the same port group or quad. A port group or a quad is a set of sequential ports; for example, ports 0-3.
3 Trunking in Access Gateway mode Assigning a trunk area You must enable trunking on all ports to be included in a trunk area before you can create a trunk area. Use the portCfgTrunkPort or switchCfgTrunk command to enable trunking on a port or on all ports of a switch. Issue the porttrunkarea command to assign a static TA on a port or port trunk group, to remove a TA from a port or group of ports in a trunk, and to display masterless trunking information.
Trunking in Access Gateway mode 3 3. Turn on the trunk ports. Trunk ports should be turned on after issuing the secpolicyactivate command to prevent the ports from becoming disabled in the case where there is a DCC security policy violation. Enabling trunking 1. Connect to the switch and log in using an account assigned to the admin role. 2. Disable the desired ports by entering the portdisable port command for each port to be included in the TA. 3.
3 Trunking in Access Gateway mode AG trunking considerations for the Edge switch Table 10 describes the Access Gateway trunking considerations for the Edge switch. TABLE 10 Access Gateway trunking considerations for the Edge switch Category Description Area assignment You statically assign the area within the trunk group on the Edge switch. That group is the F_Port masterless trunk.
Trunking in Access Gateway mode TABLE 10 Access Gateway trunking considerations for the Edge switch (Continued) Category Description Default Area Port X is a port that has its Default Area the same as its Trunk Area. The only time you can remove port X from the trunk group is if the entire trunk group has the Trunk Area disabled. portCfgTrunkPort port, 0 portCfgTrunkPort port, 0 will fail if a Trunk Area is enabled on a port. The port must be Trunk Area-disabled first.
3 Trunking in Access Gateway mode TABLE 10 Access Gateway trunking considerations for the Edge switch (Continued) Category Description configDownload and configUpload If you issue the configdownload command for a port configuration that is not compatible with F_Port trunking, and the port is Trunk-Area-enabled, then the port will be persistently disabled. Note: Configurations that are not compatible with F_Port trunking are long distance, port mirroring, non-CORE_PID, and Fast Write.
Adaptive Networking on Access Gateway 3 Table 11 describes the PWWN format for F_Port and N_Port trunk ports. TABLE 11 PWWN format for F_Port and N_Port trunk ports NAA = 2 2f:xx:nn:nn:nn:nn:nn:nn (1) Port WWNs for: switch FX_Ports. The valid range of xx is [0 - FF], for maximum of 256. NAA = 2 25:xx:nn:nn:nn:nn:nn:nn (1) Port WWNs for: switch FX_Ports The valid range of xx is [0 - FF], for maximum of 256.
3 Adaptive Networking on Access Gateway QoS: Ingress rate limiting Ingress rate limiting restricts the speed of traffic from a particular device to the switch port. On switches in AG mode, you must configure ingress rate limiting on F_Ports. For more information and procedures for configuring this feature, refer to “Ingress Limiting” in the Fabric OS Administrator’s Guide.
Per-Port NPIV login limit 3 Adaptive Networking on Access Gateway considerations • • • • QoS is configured in the fabric, as normal, and not on the AG module.. QoS on Access Gateway is only supported on Fabric OS v6.3 and later. You should disable HBA QoS if connected to a Fabric OS v6.2 AG switch. Disable QoS on an AG port if it connects with a switch running Fabric OS v6.2. Otherwise, the port will automatically disable with an error. To recover, disable QoS on the port, and then enable the port.
3 Advanced Performance Monitoring Advanced Performance Monitoring Advanced Performance Monitoring (APM) is a licensed feature that allows you to monitor traffic on a specific port. This feature supports end to end and frame monitors. The following licenses must be appropriately installed on the AG switch to use end-to-end and frame monitors: • APM • Fabric Watch You can use the following Fabric OS commands used to manage APM in switch mode to manage end to end and frame monitoring in AG mode.
Advanced Performance Monitoring 3 • Deleting a monitor Frame monitors Frame monitors count the number of times a frame with a particular pattern is transmitted by a port and generate alerts when thresholds are crossed. Frame monitoring is achieved by defining a filter, or frame type, for a particular purpose.
3 Considerations for the Brocade 8000 Limitations for using APM The following limitations apply to using APM on an AG switch: • The Top Talker and ISL monitoring features used for APM in switch mode are not supported on an AG switch. • APM on an AG switch is not supported in Web Tools. • Configuration file upload and download of end-to-end and filter monitor configurations is not supported in the Fabric OS v7.0.0 release. • When downgrading to a pre-Fabric OS v7.0.
Considerations for the Brocade 8000 3 Port trunking and QoS features Because the Brocade 8000 has limited available buffers and port trunking and QoS require more buffers than normal, consider the following points: • Do not enable QoS by itself on more than six Fibre Channel ports at a time. If you attempt to enable QoS on more than six ports, the Brocade 8000 may enter buffer-limited mode. • To enable both trunking and QoS on the Brocade 8000, it is recommended that you enable QoS first.
3 Considerations for the Brocade 6505 and 6510 • The following commands have restricted usage, mostly because the Brocade 8000 contains only eight Fibre Channel ports and does not support the Automatic Port Configuration policy: - ag --pgcreate ag --policyenable ag --policydisable portcfgdefault • To enable or disable FCoE ports, use fcoe --enable and fcoe --disable instead of portdisable and portenable.
Chapter 4 SAN Configuration with Access Gateway • Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . . . . . . . . • Direct target attachment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Target aggregation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Access Gateway cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 Direct target attachment Direct target attachment FCP targets can directly connect to an AG module instead of through a fabric connection, as illustrated in Figure 14.
Target aggregation 4 • Hosts and targets should be in separate port groups. • Direct target attachment configurations are not enforced. Target aggregation Access Gateway mode is normally used as host aggregation. In other words, a switch in AG mode aggregates traffic from a number of host systems onto a single uplink N_Port. Similarly, many targets can be aggregated onto to a single uplink N_Port, as shown in Figure 15. Target aggregation has many applications.
4 Access Gateway cascading Access Gateway cascading Access Gateway cascading is an advanced configuration supported in Access Gateway mode. Access Gateway cascading allows you to further increase the ratio of hosts to fabric ports to beyond what a single switch in AG mode can support. Access Gateway cascading allows you to link two Access Gateway (AG) switches back to back. The AG switch that is directly connected to the fabric is referred to as the Core AG.
Fabric and Edge switch configuration 4 • Due to high subscription ratios that could occur when cascading AGs, ensure there is enough bandwidth for all servers when creating such configurations. The subscription ratio becomes more acute in a virtual environment. Fabric and Edge switch configuration To connect devices to the fabric using Access Gateway, configure the fabric and Edge switches within the fabric that will connect to the AG module using the following parameters.
4 Connectivity to Cisco fabrics See Table 5 on page 14 for a description of the port state. If the switch is in Native mode, you can enable AG mode; otherwise, set the switch to Native mode, and then reboot the switch. Enabling NPIV on M-EOS switches 1. Connect to the switch and log in as admin on the M-EOS switch. 2. Enable Open Systems Management Server (OSMS) services by entering the following commands. For the Mi10K switch, enter the following command.
Rejoining Fabric OS switches to a fabric 4 5. Enter the following commands to save the MDS switch connection: copy run start Your Cisco switch is now ready to connect to a switch in Access Gateway mode. Rejoining Fabric OS switches to a fabric When a switch reboots after AG mode is disabled, the Default zone is set to no access. Therefore, the switch does not immediately join the fabric to which it is connected.
4 80 Rejoining Fabric OS switches to a fabric Access Gateway Administrator’s Guide 53-1002743-01
Appendix A Troubleshooting Table 12 provides troubleshooting instructions for Access Gateway. TABLE 12 Troubleshooting Problem Cause Solution Switch is not in Access Gateway mode Switch is in Native switch mode Disable switch using the switchDisable command. Enable Access Gateway mode using the ag --modeenable command. Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command.
A Troubleshooting TABLE 12 Troubleshooting (Continued) Problem Cause Solution Access Gateway is mode not wanted Access Gateway must be disabled. Disable switch using the switchDisable command. Disable Access Gateway mode using the ag --modeDisable command. Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command. Verify that the field switchMode displays Fabric OS Native mode.
Index A Access Gateway cascading, 76 comparison to standard switches, 9 compatible fabrics, 1 connecting devices, 73 connecting two AGs, 76 description, 1 displaying information, 78 features, 3 limitations, 11 mapping description, 16 port types, 9 Access Gateway mode comparison, 2, 3 disabling, 14 port types, 9 supported firmware versions, 73 terms, xvii verifying, 14 adaptive networking, 65 AG considerations, 67 upgrade and downgrade considerations, 66 adding devices to fabric, 38 address Identifier, 60 a
commands ag --addwwnfailovermapping, 53 ag --addwwnpgmapping, 25 ag --delwwnfailovermapping, 54 ag --delwwnpgmapping, 25 ag --failbackEnable, 56, 57 ag --failbackShow, 56, 81 ag --failoverDisable, 54 ag --failoverEnable, 54, 55 ag --failoverShow, 54, 81 ag --mapAdd, 20 ag --mapDel, 20 ag --mapShow, 14, 20 ag --modeDisable, 14, 82 ag --modeEnable, 13, 81 ag --modeShow, 14 ag --policydisable wwnloadbalance, 47 ag --policyenable wwnloadbalance, 47 ag --wwnmapping, 25, 26, 53, 54 ag --wwnmappingdisable, 26 ag -
F J F_Port adding external port on embedded switch, 30 description, 9 mapping, example, 16 maximum number mapped to N_Port, 30 settings, Edge switch, 77 shared area ports, 60 trunking setup, 59 fabric compatibility, 77 inband queries, 77 join, 79 logins, 77 management server platform, 77 zoning scheme, 77 Fabric OS features supported, 3 Fabric OS management server platform service settings, 77 failback policy upgrade and downgrade considerations, 57 failback policy example, 51, 55 failover device mapping,
N N_Port configurations, 30 description, 9 displaying configurations, 31 failover in a PG, 46 mapping example, 16 masterless trunking, 58 maximum number supported, 30 multiple trunk groups, 65 trunk groups, 65 unlock, 31 unlocking, 31 N_Port configurations displaying, 31 N_Ports unlocking, 31 native switchMode, 77 non disruptive, 62 NPIV Edge switch, 77 enabling on Cisco switch, 78 enabling on M-EOS switch, 78 login limit, 67 support, 73 O optional features, xviii P per port NPIV login limit, 67 performan
Q U QoS firmware downgrade, 66 ingress rate limiting, 66 SID/DID traffic prioritization, 65 unlock N_Port, 31 upgrading, 62 V R VMware configuration for device mapping, 28 removing devices from switch, 38 removing trunk ports, 62 requirements, ports, 73 Z S zoning schemes, 77 setting, 79 settings FLOGI, 77 inband queries, 77 management server platform, 77 zone, no access, 79 static vs.
88 Access Gateway Administrator’s Guide 53-1002743-01
