MDS Switches

Fibre Channel Overview

Storage Area Networks (SANs) are specialized, high-speed networks that connect servers to storage devices, providing block-level storage access over a dedicated infrastructure. SANs are essential for enterprises that require centralized, scalable, and high-performance storage solutions. Unlike traditional network-attached storage (NAS), which operates at the file level, SANs offer low-latency, high-throughput data transfer directly between servers and storage devices. These benefits make them ideal for mission-critical applications and large databases. SANs utilize various protocols to manage storage traffic efficiently and securely, ensuring that data is reliably transmitted and accessed across the network.
Fibre Channel, Fibre Channel over Ethernet (FCoE), and iSCSI (Internet Small Computer Systems Interface) are crucial technologies in the world of enterprise storage. They offer high-speed, reliable, and scalable solutions for data centers. Understanding these technologies is essential for organizations seeking to optimize their storage infrastructure.
Fibre Channel is a specialized, high-performance network protocol designed explicitly for SANs. Unlike traditional networking protocols, Fibre Channel is tailored to handle storage traffic, while offering low latency and high reliability. It achieves this by transporting SCSI commands, which are the instructions that computers use to read and write data, over a dedicated, lossless network.
In a typical SAN environment, Fabric Channel employs fabric switches to create a robust and scalable dedicated solely for storage communication. Within this environment, director switches play a critical role. These high-capacity, enterprise-grade switches provide central connectivity points. They offer superior fault tolerance, extensive port counts, and advanced management capabilities, making them ideal for large-scale SAN deployments.
Fibre Channel architecture is designed to achieve high data transfer speeds, currently up to 64 Gbps. It also supports a vast number of devices and can operate over distances up to 10 kilometers without the need for extenders.

Fibre Channel Ports

The Fibre Channel infrastructure facilitates communication between different interface points that are known as Fibre Channel ports. They can be found in an I/O adapter, a storage array or tape controller, or within a fabric switch.
Each Fibre Channel port on a fabric switch can function as a downlink, connecting to a node, or as an uplink, connecting to another fabric switch within the storage infrastructure. As a result, Fibre Channel interfaces can operate in different modes.
The Fibre Channel interfaces support these basic port types:
- N Port (or node port): N port is used to connect a node to a Fibre Channel switch.
- F Port (or fabric port): A port that is connected to a peripheral device (host or disk) operating as an N Port. An F Port can be attached to one N Port only.
- E Port (or expansion port): A port mode where an interface functions as a fabric expansion port. It connects to another E Port to form an Inter-Switch Link (ISL) between two switches. E Ports are used to carry frames between switches for configuration and fabric management. They also serve as pathways for frames destined for remote N Ports. It is important to note that in the context of Fibre Channel, ISL refers to the link between switches. It is not related to the Ethernet trunking protocol known as ISL. In Fibre Channel, ISL does not involve trunking.
- TE Port (or trunking expansion port): A port that you connect to another TE Port, which will create an Enhanced Inter-Switch Link (EISL) between two switches. TE Ports are specific to Cisco switches and expand the functionality of E Ports to support these functions:
  - VSAN trunking
  - Transport quality of service (QoS) parameters
  - The Fibre Channel Traceroute (fctrace) feature
- When an interface is in TE Port mode, all frames that are transmitted are in the EISL frame format, which contains VSAN information. Interconnected switches use the VSAN_ID to multiplex traffic from one or more VSANs across the same physical link.
- Note: TE Port is analogous to trunking in the Ethernet world.
TF Port (or trunking fabric port): This interface is connected to another trunking node port (TN Port) or trunked node-proxy port (TNP Port). It is used to create a link between a core switch and an N-Port Virtualization (NPV) switch or a host bus adapter (HBA) to carry tagged frames. TF Ports are specific to Cisco switches and expand the functionality of F Ports to support VSAN trunking. In the TF Port mode, all frames are transmitted in the EISL frame formation, which contains VSAN information.
FL Port (or fabric loop port): This port may be connected to one or more NL (node loop) ports (including FL ports in other switches). It is used to form a public arbitrated loop. If more than one FL Port is detected on the arbitrated loop during initialization, only one FL Port becomes operational, and the other FL ports enter nonparticipating mode. FL ports support Class 2 and Class 3 service.
Automode: Interfaces that are configured in the auto mode can operate in one of the following modes: F Port, FL Port, E Port, TE Port, or TF Port. They will automatically detect the mode to which they should be configured during interface initialization.
Note: In addition to the basic set of Fibre Channel port types, there are several other modes. These modes include the SPAN destination port (SD Port) and SPAN tunnel port (ST Port) used for Switched Port Analyzer (SPAN) functionality in storage infrastructure. There are also node-proxy ports (NP Ports) and TNP Ports, which are used to support N-Port Virtualization (NPV).

Fibre Channel Zoning

Security within Fibre Channel networks is maintained through SAN zoning and logical unit (LUN) masking. Zoning is a critical security feature that restricts communication within the SAN by dividing the fabric into smaller, isolated segments. Each zone contains specific initiators (such as servers) and targets (such as storage arrays), and devices within a zone can only communicate with each other, as shown in the next figure. Zoning ensures only authorized devices access data, which enhances both security and stability. LUN masking further enhances security by controlling access on the storage array side, ensuring that only designated initiators can see and access specific LUNs on the storage array.

Fibre Channel VSANs

Fibre Channel networks also use Virtual Storage Area Networks (VSANs) to further isolate and manage traffic within the fabric, adding an extra layer of control and organization. VSANs allow multiple virtual fabrics to exist on the same physical infrastructure, enabling better utilization of resources and simplifying management. This capability is particularly useful in large environments where different departments or workloads require dedicated, isolated storage resources.

Fiber Channel Configuration

On Cisco MDS switches, F ports (fabric ports) connect to end devices like servers or storage arrays. E Ports (expansion ports) are used to connect to other switches, creating Inter-Switch Links (ISLs). For example, to configure an F Port on interface fc1/1 to connect to an end device such as a server with a Host Bus Adapter (HBA) or a storage array port, use the following commands:

MDS(config)# interface fc1/1
MDS(config-if)# switchport mode F
MDS(config-if)# no shutdown

Configure an E Port on interface fc1/2, which connects to another switch, forming an ISL, use:

MDS(config)# interface fc1/2
MDS(config-if)# switchport mode E
MDS(config-if)# no shutdown

Configure Virtual SANs (VSANs) to segment the Fibre Channel fabric into isolated environments. VSANs provide logical separation of traffic within the same physical infrastructure, similar to VLANs in Ethernet networks. To create a VSAN and assign it to a port, use:

MDS(config)# vsan database
MDS(config-vsan-db)# vsan 10 name Storage_VSAN
MDS(config)# interface fc1/1
MDS(config-if)# switchport vsan 10

Above configuration creates a VSAN with ID 10 and names it Storage_VSAN. The switchport vsan 10 command assigns the interface fc1/1 to VSAN 10, ensuring that traffic on this port is isolated within that VSAN.
After configuring the VSANs, zoning must be set up to control access between different devices within the VSAN. Zoning is crucial for security and management, as it ensures that only authorized devices can communicate. Zoning can be done based on World Wide Names (WWNs), which are unique identifiers that are assigned to each Fibre Channel device. To create a basic zone and add members to it, use:

MDS(config)# zone name Zone_A vsan 10
MDS(config-zone)# member pwwn 20:00:00:25:B5:11:22:33
MDS(config-zone)# member pwwn 50:00:00:25:B5:44:55:66
MDS(config)# zoneset name ZoneSet_A vsan 10
MDS(config-zoneset)# member Zone_A
MDS(config)# zoneset activate name ZoneSet_A vsan 10

In above example, Zone_A is created within VSAN 10. The member pwwn commands add two devices to the zone by specifying their Port World Wide Names (pWWNs). The pWWN is a unique identifier for each port in the Fibre Channel network. The zoneset command creates a set of zones, named ZoneSet_A, for VSAN 10. The zoneset activate command activates the zone set, making it effective on the fabric. Only the devices that are members of the same zone within an active zone set can communicate with each other, providing a controlled and secure environment.
To distribute the active zone set configuration across all switches in the Fibre Channel fabric, you need to ensure that all switches have a consistent view of the zoning configuration. This process is called zone set distribution, and it is critical for maintaining fabric-wide zoning consistency and proper communication between devices. All Cisco SAN switches distribute active zone sets when new E Port links come up or when a new zone set is activated in a VSAN. The zone set distribution takes effect while sending merge requests to the adjacent switch or while activating a zone set. You can enable full zone set and active zone set distribution to all switches on a per VSAN basis.

MDS(config)# zoneset distribute full vsan 10

The zoneset distribute command ensures that the active zone set (in this case, for VSAN 10) is distributed across all switches in the VSAN. This command is crucial to propagate the zone set changes and maintain zoning consistency throughout the fabric.

Fibre Channel Verification on Cisco MDS Switches

Verification of the Fibre Channel configuration is essential to ensure that the network is properly set up and all components are functioning as expected. To check the status of the interfaces, use:

MDS# show interface fc1/1
MDS# show interface fc1/2

These commands provide details on the status and configuration of the Fibre Channel interfaces. Ensure that the interfaces are "up" and operating in the correct mode (F or E).
To verify the VSAN configuration, use:

MDS# show vsan

This command displays the current VSANs configured on the switch and their status, ensuring the correct setup.
For zoning verification, use the following command to check the active zone set:

MDS# show zoneset active vsan 10

This command shows the active zone set and the zones within it, allowing you to confirm that the correct devices are zoned and active.
To further ensure the overall Fibre Channel network health and configuration consistency, use:

MDS# show flogi database

This command displays the Fibre Channel Login (FLOGI) database, which lists all devices that have successfully logged into the fabric, confirming their visibility and connectivity.
To verify the registered devices and their attributes in the fabric, ensuring proper device recognition and configuration, use:

MDS# show fcns database

This command provides information on the Fibre Channel Name Server (FCNS) database. The FCNS database contains information about all devices in the fabric and their attributes, ensuring that all devices are recognized and properly configured.
By following these steps and using the provided commands, you can successfully configure and verify a Fibre Channel network on Cisco MDS switches. Proper configuration ensures high performance, reliability, and security for your storage infrastructure, making it ready for enterprise use.

Fibre Channel Configuration Guidelines

When configuring a basic Fibre Channel setup on Cisco MDS switches, it is essential to follow some fundamental guidelines to ensure a stable and efficient network. Here is a structured approach to help you achieve this:

Planning:

VSAN and zoning configuration: Start by planning your VSAN and zoning configuration carefully to avoid conflicts and ensure security.
Unique VSAN IDs: Use unique VSAN IDs to segment traffic logically and minimize broadcast domains.

Zoning:

Single-initiator zoning: Prefer single-initiator zoning to reduce the risk of conflicts and enhance security. Single-initiator zoning allows only one initiator, such as a server's HBA, in each zone. This approach prevents multiple initiators from accessing the same storage target, reducing potential conflicts and improving data security.

Physical connections:

Secure connections: Ensure that all physical connections are secure and free of any faults, as physical layer issues can significantly impact performance.

Verification:

Regular checks: Regularly use verification commands to check interface status, FLOGI, and FCNS databases to confirm that all devices are correctly logged in and recognized by the fabric.

Documentation and best practices:

Proper documentation: Maintain proper documentation and adhere to best practices to help maintain a reliable and scalable Fibre Channel environment on your Cisco MDS switches.

Enhanced Mechanisms for Fibre Channel Configuration on Cisco DC Devices

Cisco MDS devices offer several enhanced mechanisms to streamline and optimize Fibre Channel configuration. These features include:
- Autozoning: This feature automates the creation and management of zones, reducing manual configuration efforts and minimizing the risk of configuration errors.
- Smart Zoning: Smart Zoning enhances zoning efficiency by including only relevant members in a zone. This reduces the number of zones and conserves switch resources.
- N-Port Virtualization (NPV): NPV simplifies management by reducing the number of Fibre Channel domain IDs in the fabric by forwarding traffic directly from the host to the core switch. In NPV mode, the switch does not take part in the fabric as a full Fibre Channel switch but acts as a pass-through device, reducing overhead, and simplifying management in large environments. NPV is ideal for large-scale data centers where minimizing the number of domain IDs helps in scaling the fabric efficiently.
- N-Port ID Virtualization (NPIV): NPIV enables multiple virtual ports to operate through a single physical Fibre Channel port. This enhances flexibility and allows for better utilization of existing infrastructure resources. This is useful in environments with virtual machines or multiple devices that need independent Fibre Channel identities, all sharing the same physical port. NPIV simplifies management by allowing each virtual device to be addressed separately, even though they are using the same physical connection.
- These tools and features help maintain a scalable, efficient, and secure Fibre Channel network.
The Cisco Nexus Dashboard Fabric Controller (NDFC) is designed to work with both Cisco MDS devices and Cisco Nexus switches. NDFC provides comprehensive management for both Ethernet and Fibre Channel environments, allowing for unified control and visibility across Cisco Data Center switches:
- For Cisco MDS Switches:
  - Fibre Channel Storage Networks: NDFC manages Fibre Channel storage networks, including tasks such as:
    Zoning
    VSAN (Virtual Storage Area Network) configuration
    Monitoring
- For Cisco Nexus Switches:
  - Ethernet and Fibre Channel over Ethernet (FCoE) Configurations: NDFC supports:
    Virtual Port Channels (vPC)
    VLANs
    Network overlays
These capabilities make NDFC a versatile solution for managing hybrid data center environments that utilize both Cisco Nexus and MDS platforms.

PreviousFCoE Overview NextDataCenter

Last updated 5 months ago