Difference between revisions of "Brocade Fibre Channel zoning"
Jump to navigation
Jump to search
| (4 intermediate revisions by the same user not shown) | |||
| Line 88: | Line 88: | ||
Switch:admin> |
Switch:admin> |
||
| + | |||
| + | So that's for our one initiator (storage client) system, tanstaafl. Add some now for the target (storage provider system): |
||
| + | |||
| + | Switch:admin> '''aliCreate zarathud_slot_3_port_1, 21:00:00:24:ff:57:21:ce''' |
||
| + | Switch:admin> '''aliCreate zarathud_slot_3_port_2, 21:00:00:24:ff:57:21:cf''' |
||
| + | Switch:admin> '''aliCreate zarathud_slot_2_port_0, 10:00:00:90:fa:a1:b1:3c''' |
||
| + | Switch:admin> '''aliCreate zarathud_slot_2_port_1, 10:00:00:90:fa:a1:b1:3d''' |
||
| + | Switch:admin> '''cfgSave''' |
||
| + | You are about to save the Defined zoning configuration. This |
||
| + | action will only save the changes on Defined configuration. |
||
| + | If the update includes changes to one or more traffic isolation |
||
| + | zones, you must issue the 'cfgenable' command for the changes |
||
| + | to take effect. |
||
| + | Do you want to save the Defined zoning configuration only? (yes, y, no, n): [no] '''yes''' |
||
| + | Updating flash ... |
||
| + | Switch:admin> |
||
| + | On this server, FC host1 and host9 are the Qlogic HBAs. Their WWPNs follow a different pattern than those on the Emulex cards (in slot 2.) Also, if the reader is excessively anal, the Dell server's slot naming convention could be regarded as annoying, too: disk slots on the front of the server are numbered from 0, PCIe slots and power supplies on the back of the server are numbered from 1. Additionally, Emulex numbers ports on its HBAs from 0, while Qlogic starts from 1. |
||
| + | |||
| + | === Let the FC ports communicate === |
||
| + | We are getting closer. This step will create zones that allow only specific ports to talk each other. The rules are: |
||
| + | * Employ the least privilege principal. A zone allows a single initiator port to talk with a single target port. |
||
| + | * Lots of zones is OK. The switch ASIC can handle several thousand zones at once. |
||
| + | With the rules laid out, let's do the thing: |
||
| + | Switch:admin> '''zoneCreate tanstaafl_slot_1_port_1_and_zarathud_slot_3_port_1, "tanstaafl_slot_1_port_1;zarathud_slot_3_port_1"''' |
||
| + | Switch:admin> '''zoneCreate tanstaafl_slot_1_port_1_and_zarathud_slot_3_port_2, "tanstaafl_slot_1_port_1;zarathud_slot_3_port_2"''' |
||
| + | Switch:admin> '''zoneCreate tanstaafl_slot_1_port_2_and_zarathud_slot_3_port_1, "tanstaafl_slot_1_port_2;zarathud_slot_3_port_1"''' |
||
| + | Switch:admin> '''zoneCreate tanstaafl_slot_1_port_2_and_zarathud_slot_3_port_2, "tanstaafl_slot_1_port_2;zarathud_slot_3_port_2"''' |
||
| + | Switch:admin> '''zoneCreate tanstaafl_slot_3_port_1_and_zarathud_slot_3_port_1, "tanstaafl_slot_3_port_1;zarathud_slot_3_port_1"''' |
||
| + | Switch:admin> '''zoneCreate tanstaafl_slot_3_port_1_and_zarathud_slot_3_port_2, "tanstaafl_slot_3_port_1;zarathud_slot_3_port_2"''' |
||
| + | Switch:admin> '''zoneCreate tanstaafl_slot_3_port_2_and_zarathud_slot_3_port_1, "tanstaafl_slot_3_port_2;zarathud_slot_3_port_1"''' |
||
| + | Switch:admin> '''zoneCreate tanstaafl_slot_3_port_2_and_zarathud_slot_3_port_2, "tanstaafl_slot_3_port_2;zarathud_slot_3_port_2"''' |
||
| + | Switch:admin> '''cfgSave''' |
||
| + | You are about to save the Defined zoning configuration. This |
||
| + | action will only save the changes on Defined configuration. |
||
| + | If the update includes changes to one or more traffic isolation |
||
| + | zones, you must issue the 'cfgenable' command for the changes |
||
| + | to take effect. |
||
| + | Do you want to save the Defined zoning configuration only? (yes, y, no, n): [no] '''yes''' |
||
| + | Updating flash ... |
||
| + | Switch:admin> |
||
| + | For this one, I did use the double quotes. The semicolons could have been escaped with a backslash instead. <code>zoneCreate</code> takes 2 arguments, just like <code>aliCreate</code> does. |
||
| + | |||
| + | We are almost there. We can also add some zones that would allow the Emulex card in zarathud to talk to the target that lives on the Qlogic card on zarathud: |
||
| + | Switch:admin> '''zoneCreate zarathud_slot_2_port_0_and_zarathud_slot_3_port_1, "zarathud_slot_2_port_0;zarathud_slot_3_port_1"''' |
||
| + | Switch:admin> '''zoneCreate zarathud_slot_2_port_0_and_zarathud_slot_3_port_2, "zarathud_slot_2_port_0;zarathud_slot_3_port_2"''' |
||
| + | Switch:admin> '''zoneCreate zarathud_slot_2_port_1_and_zarathud_slot_3_port_1, "zarathud_slot_2_port_1;zarathud_slot_3_port_1"''' |
||
| + | Switch:admin> '''zoneCreate zarathud_slot_2_port_1_and_zarathud_slot_3_port_2, "zarathud_slot_2_port_1;zarathud_slot_3_port_2"''' |
||
| + | Switch:admin> '''cfgSave''' |
||
| + | You are about to save the Defined zoning configuration. This |
||
| + | action will only save the changes on Defined configuration. |
||
| + | If the update includes changes to one or more traffic isolation |
||
| + | zones, you must issue the 'cfgenable' command for the changes |
||
| + | to take effect. |
||
| + | Do you want to save the Defined zoning configuration only? (yes, y, no, n): [no] '''yes''' |
||
| + | Updating flash ... |
||
| + | Switch:admin> |
||
| + | The defined zones and aliases can be reviewed with the <code>zoneShow</code> command |
||
| + | Switch:admin> '''zoneShow''' |
||
| + | Defined configuration: |
||
| + | zone: tanstaafl_slot_1_port_1_and_zarathud_slot_3_port_1 |
||
| + | tanstaafl_slot_1_port_1; zarathud_slot_3_port_1 |
||
| + | zone: tanstaafl_slot_1_port_1_and_zarathud_slot_3_port_2 |
||
| + | tanstaafl_slot_1_port_1; zarathud_slot_3_port_2 |
||
| + | zone: tanstaafl_slot_1_port_2_and_zarathud_slot_3_port_1 |
||
| + | tanstaafl_slot_1_port_2; zarathud_slot_3_port_1 |
||
| + | zone: tanstaafl_slot_1_port_2_and_zarathud_slot_3_port_2 |
||
| + | tanstaafl_slot_1_port_2; zarathud_slot_3_port_2 |
||
| + | zone: tanstaafl_slot_3_port_1_and_zarathud_slot_3_port_1 |
||
| + | tanstaafl_slot_3_port_1; zarathud_slot_3_port_1 |
||
| + | zone: tanstaafl_slot_3_port_1_and_zarathud_slot_3_port_2 |
||
| + | tanstaafl_slot_3_port_1; zarathud_slot_3_port_2 |
||
| + | zone: tanstaafl_slot_3_port_2_and_zarathud_slot_3_port_1 |
||
| + | tanstaafl_slot_3_port_2; zarathud_slot_3_port_1 |
||
| + | zone: tanstaafl_slot_3_port_2_and_zarathud_slot_3_port_2 |
||
| + | tanstaafl_slot_3_port_2; zarathud_slot_3_port_2 |
||
| + | zone: zarathud_slot_2_port_0_and_zarathud_slot_3_port_1 |
||
| + | zarathud_slot_2_port_0; zarathud_slot_3_port_1 |
||
| + | zone: zarathud_slot_2_port_0_and_zarathud_slot_3_port_2 |
||
| + | zarathud_slot_2_port_0; zarathud_slot_3_port_2 |
||
| + | zone: zarathud_slot_2_port_1_and_zarathud_slot_3_port_1 |
||
| + | zarathud_slot_2_port_1; zarathud_slot_3_port_1 |
||
| + | zone: zarathud_slot_2_port_1_and_zarathud_slot_3_port_2 |
||
| + | zarathud_slot_2_port_1; zarathud_slot_3_port_2 |
||
| + | alias: tanstaafl_slot_1_port_1 |
||
| + | 50:06:0b:00:00:67:53:38 |
||
| + | alias: tanstaafl_slot_1_port_2 |
||
| + | 50:06:0b:00:00:67:53:3a |
||
| + | alias: tanstaafl_slot_3_port_1 |
||
| + | 50:06:0b:00:00:67:2c:fc |
||
| + | alias: tanstaafl_slot_3_port_2 |
||
| + | 50:06:0b:00:00:67:2c:fe |
||
| + | alias: zarathud_slot_2_port_0 |
||
| + | 10:00:00:90:fa:a1:b1:3c |
||
| + | alias: zarathud_slot_2_port_1 |
||
| + | 10:00:00:90:fa:a1:b1:3d |
||
| + | alias: zarathud_slot_3_port_1 |
||
| + | 21:00:00:24:ff:57:21:ce |
||
| + | alias: zarathud_slot_3_port_2 |
||
| + | 21:00:00:24:ff:57:21:cf |
||
| + | |||
| + | Effective configuration: |
||
| + | No Effective configuration: (No Access) |
||
| + | |||
| + | |||
| + | Switch:admin> |
||
| + | === We have some zones, but no traffic flow yet? === |
||
| + | Yes. The next-to-last thing that needs to be created is a zone configuration. This can be seen as a set of zones active on the switch fabric. Following the <code>aliCreate</code> and <code>zoneCreate</code> convention, <code>cfgCreate</code> takes two arguments: a configuration name followed by a comma and a semicolon separated list of zones. My practice has been to name the zone configurations with a datestamp and version number, like '''<code>cfg_20250416_rev_0</code>'''. But do whatever works for you... |
||
| + | |||
| + | Switch:admin> '''cfgCreate cfg_20250416_rev_0, "tanstaafl_slot_1_port_1_and_zarathud_slot_3_port_1;tanstaafl_slot_1_port_1_and_zarathud_slot_3_port_2;tanstaafl_slot_1_port_2_and_zarathud_slot_3_port_1;tanstaafl_slot_1_port_2_and_zarathud_slot_3_port_2;tanstaafl_slot_3_port_1_and_zarathud_slot_3_port_1;tanstaafl_slot_3_port_1_and_zarathud_slot_3_port_2;tanstaafl_slot_3_port_2_and_zarathud_slot_3_port_1;tanstaafl_slot_3_port_2_and_zarathud_slot_3_port_2;zarathud_slot_2_port_0_and_zarathud_slot_3_port_1;zarathud_slot_2_port_0_and_zarathud_slot_3_port_2;zarathud_slot_2_port_1_and_zarathud_slot_3_port_1;zarathud_slot_2_port_1_and_zarathud_slot_3_port_2"''' |
||
| + | |||
| + | === Last step. Apply the just created configuration === |
||
| + | This step will cause <strike>a glitch in the matrix</strike> all ports attached to the fabric to get a topology change notification. It **is** somewhat disruptive. But we are probably not handling tens of thousands of credit card transactions per second here. So a little turmoil is OK for now. |
||
| + | Switch:admin> '''cfgEnable cfg_20250416_rev_0''' |
||
| + | You are about to enable a new zoning configuration. |
||
| + | This action will replace the old zoning configuration with the |
||
| + | current configuration selected. If the update includes changes |
||
| + | to one or more traffic isolation zones, the update may result in |
||
| + | localized disruption to traffic on ports associated with |
||
| + | the traffic isolation zone changes. |
||
| + | Do you want to enable 'cfg_20250416_rev_0' configuration (yes, y, no, n): [no] '''yes''' |
||
| + | zone config "cfg_20250416_rev_0" is in effect |
||
| + | Updating flash ... |
||
| + | Switch:admin> |
||
| + | == And that's it for switch zoning == |
||
| + | Parting thoughts: |
||
| + | * I have two identical Brocade 5100 switches in my environment and all of the Fibre Channel HBAs I have (aside from drives in the tape library) are dual port cards. The zoning config defined here is meant to be applied to both switches. It is not important that not all ports are plugged in to either switch. When one switch dies, the cabling can be moved to the other switch without any switch configuration changes. |
||
Latest revision as of 16:24, 16 April 2025
Zoning? Forbidden zone? Neutral zone? End zone? What?
So, "zoning" is a way of limiting what devices on a Fibre Channel fabric (network) can talk to which other devices. In general, a zone will be very fine grained, allowing a single port on a server to talk to a single storage device (disk array host port, tape drive in a library, etc). These individual zones are combined into a "configuration." Multiple configurations may be defined, but only a single configuration can be activated at any given time. Some of this terminology is Brocade specific. Other manufaturers' (Cisco, Juniper, Qlogic, McDATA) management interfaces use different words, but mostly the concepts are the same.
For demonstration purposes, we're going to enable the Fibre Channel components of the Mad Cow Ceph-backed Fibre Channel target storage solution to communicate with each other.
Wipe all configurations, zones, aliases from the switch
Switch:admin> defZone --noaccess # default to no access unless allowed You are about to set the Default Zone access mode to No Access Do you want to set the Default Zone access mode to No Access ? (yes, y, no, n): [no] y Switch:admin> switchDisable # Not strictly required. Turns off all the ports while switch is being configured. Switch:admin> cfgDisable You are about to disable zoning configuration. This action will disable any previous zoning configuration enabled. Do you want to disable zoning configuration? (yes, y, no, n): [no] y Updating flash ... Effective configuration is empty. "No Access" default zone mode is ON. Switch:admin> cfgClear The Clear All action will clear all Aliases, Zones, FA Zones and configurations in the Defined configuration. Run cfgSave to commit the transaction or cfgTransAbort to cancel the transaction. Do you really want to clear all configurations? (yes, y, no, n): [no] y Switch:admin> cfgSave You are about to save the Defined zoning configuration. This action will only save the changes on Defined configuration. If the update includes changes to one or more traffic isolation zones, you must issue the 'cfgenable' command for the changes to take effect. Do you want to save the Defined zoning configuration only? (yes, y, no, n): [no] y Updating flash ... Switch:admin> switchEnable Switch:admin>
At this point there is a switch, all the (licensed) ports are turned on, but no device can talk to any other device on the switch fabric. So it is good for turning electricity into heat and noise, but not too much else.
Add some server HBAs
Where "HBA" is "host bus adapter." An HBA has one or more ports. And each port has a WWPN or world wide port name. And for purposes of zoning, we will allow these WWPN-identified devices to talk to each other over the switch fabric. Remember, a zone allows traffic between switch ports that are members of that zone. In general, a single server HBA port should see only the storage device it is consuming storage from. This is the Fibre Channel version of the least privilege principal. And there are some fabric overhead reasons to do this as well.
Collect HBA WWPNs from a Linux host
In these days of sysfs on Linux, an HBA port's WWPN can be found like so:
adj@tanstaafl:~$ ls /sys/class/fc_host host4 host5 host6 host7 adj@tanstaafl:~$ grep ^0x /sys/class/fc_host/host*/port_name /sys/class/fc_host/host4/port_name:0x50060b0000672cfc /sys/class/fc_host/host5/port_name:0x50060b0000672cfe /sys/class/fc_host/host6/port_name:0x50060b0000675338 /sys/class/fc_host/host7/port_name:0x50060b000067533a adj@tanstaafl:~$
Did it this way so that we get the HBA's name (hostN) and the WWPN in the output.
Create some aliases on the FibreChannel switch
Aliases are a way to give a human-friendly name to an 8-byte WWPN. These aliases will be used in following steps when zones are created.
Switch:admin> aliCreate tanstaafl_host4, 50:06:0b:00:00:67:2c:fc Switch:admin> aliCreate tanstaafl_host5, 50:06:0b:00:00:67:2c:fe Switch:admin> aliCreate tanstaafl_host6, 50:06:0b:00:00:67:53:38 Switch:admin> aliCreate tanstaafl_host7, 50:06:0b:00:00:67:53:3a Switch:admin>
If you're reading the online help for the Brocade CLI, it shows all the the keywords and values wrapped in double quotes. If you know bash's quoting rules the double quotes are easy to avoid. The alicreate command takes 2 arguments: the alias name followed by a comma and the alias members, which may be WWPNs or actual port numbers.
Also important to note here, that with Linux especially, the name of the HBAs may well change. They are assigned sequentially as device driver modules are loaded. So perhaps it would be better to do these based on PCI-X/PCIe slot number as labelled on the server chassis instead. So instead of the above, let's do this:
Switch:admin> aliCreate tanstaafl_slot_1_port_1, 50:06:0b:00:00:67:53:38 Switch:admin> aliCreate tanstaafl_slot_1_port_2, 50:06:0b:00:00:67:53:3a Switch:admin> aliCreate tanstaafl_slot_3_port_1, 50:06:0b:00:00:67:2c:fc Switch:admin> aliCreate tanstaafl_slot_3_port_2, 50:06:0b:00:00:67:2c:fe Switch:admin> cfgSave You are about to save the Defined zoning configuration. This action will only save the changes on Defined configuration. If the update includes changes to one or more traffic isolation zones, you must issue the 'cfgenable' command for the changes to take effect. Do you want to save the Defined zoning configuration only? (yes, y, no, n): [no] yes Updating flash ... Switch:admin> aliShow Defined configuration: alias: tanstaafl_slot_1_port_1 50:06:0b:00:00:67:53:38 alias: tanstaafl_slot_1_port_2 50:06:0b:00:00:67:53:3a alias: tanstaafl_slot_3_port_1 50:06:0b:00:00:67:2c:fc alias: tanstaafl_slot_3_port_2 50:06:0b:00:00:67:2c:fe Effective configuration: No Effective configuration: (No Access) Switch:admin>
So that's for our one initiator (storage client) system, tanstaafl. Add some now for the target (storage provider system):
Switch:admin> aliCreate zarathud_slot_3_port_1, 21:00:00:24:ff:57:21:ce Switch:admin> aliCreate zarathud_slot_3_port_2, 21:00:00:24:ff:57:21:cf Switch:admin> aliCreate zarathud_slot_2_port_0, 10:00:00:90:fa:a1:b1:3c Switch:admin> aliCreate zarathud_slot_2_port_1, 10:00:00:90:fa:a1:b1:3d Switch:admin> cfgSave You are about to save the Defined zoning configuration. This action will only save the changes on Defined configuration. If the update includes changes to one or more traffic isolation zones, you must issue the 'cfgenable' command for the changes to take effect. Do you want to save the Defined zoning configuration only? (yes, y, no, n): [no] yes Updating flash ... Switch:admin>
On this server, FC host1 and host9 are the Qlogic HBAs. Their WWPNs follow a different pattern than those on the Emulex cards (in slot 2.) Also, if the reader is excessively anal, the Dell server's slot naming convention could be regarded as annoying, too: disk slots on the front of the server are numbered from 0, PCIe slots and power supplies on the back of the server are numbered from 1. Additionally, Emulex numbers ports on its HBAs from 0, while Qlogic starts from 1.
Let the FC ports communicate
We are getting closer. This step will create zones that allow only specific ports to talk each other. The rules are:
- Employ the least privilege principal. A zone allows a single initiator port to talk with a single target port.
- Lots of zones is OK. The switch ASIC can handle several thousand zones at once.
With the rules laid out, let's do the thing:
Switch:admin> zoneCreate tanstaafl_slot_1_port_1_and_zarathud_slot_3_port_1, "tanstaafl_slot_1_port_1;zarathud_slot_3_port_1" Switch:admin> zoneCreate tanstaafl_slot_1_port_1_and_zarathud_slot_3_port_2, "tanstaafl_slot_1_port_1;zarathud_slot_3_port_2" Switch:admin> zoneCreate tanstaafl_slot_1_port_2_and_zarathud_slot_3_port_1, "tanstaafl_slot_1_port_2;zarathud_slot_3_port_1" Switch:admin> zoneCreate tanstaafl_slot_1_port_2_and_zarathud_slot_3_port_2, "tanstaafl_slot_1_port_2;zarathud_slot_3_port_2" Switch:admin> zoneCreate tanstaafl_slot_3_port_1_and_zarathud_slot_3_port_1, "tanstaafl_slot_3_port_1;zarathud_slot_3_port_1" Switch:admin> zoneCreate tanstaafl_slot_3_port_1_and_zarathud_slot_3_port_2, "tanstaafl_slot_3_port_1;zarathud_slot_3_port_2" Switch:admin> zoneCreate tanstaafl_slot_3_port_2_and_zarathud_slot_3_port_1, "tanstaafl_slot_3_port_2;zarathud_slot_3_port_1" Switch:admin> zoneCreate tanstaafl_slot_3_port_2_and_zarathud_slot_3_port_2, "tanstaafl_slot_3_port_2;zarathud_slot_3_port_2" Switch:admin> cfgSave You are about to save the Defined zoning configuration. This action will only save the changes on Defined configuration. If the update includes changes to one or more traffic isolation zones, you must issue the 'cfgenable' command for the changes to take effect. Do you want to save the Defined zoning configuration only? (yes, y, no, n): [no] yes Updating flash ... Switch:admin>
For this one, I did use the double quotes. The semicolons could have been escaped with a backslash instead. zoneCreate takes 2 arguments, just like aliCreate does.
We are almost there. We can also add some zones that would allow the Emulex card in zarathud to talk to the target that lives on the Qlogic card on zarathud:
Switch:admin> zoneCreate zarathud_slot_2_port_0_and_zarathud_slot_3_port_1, "zarathud_slot_2_port_0;zarathud_slot_3_port_1" Switch:admin> zoneCreate zarathud_slot_2_port_0_and_zarathud_slot_3_port_2, "zarathud_slot_2_port_0;zarathud_slot_3_port_2" Switch:admin> zoneCreate zarathud_slot_2_port_1_and_zarathud_slot_3_port_1, "zarathud_slot_2_port_1;zarathud_slot_3_port_1" Switch:admin> zoneCreate zarathud_slot_2_port_1_and_zarathud_slot_3_port_2, "zarathud_slot_2_port_1;zarathud_slot_3_port_2" Switch:admin> cfgSave You are about to save the Defined zoning configuration. This action will only save the changes on Defined configuration. If the update includes changes to one or more traffic isolation zones, you must issue the 'cfgenable' command for the changes to take effect. Do you want to save the Defined zoning configuration only? (yes, y, no, n): [no] yes Updating flash ... Switch:admin>
The defined zones and aliases can be reviewed with the zoneShow command
Switch:admin> zoneShow Defined configuration: zone: tanstaafl_slot_1_port_1_and_zarathud_slot_3_port_1 tanstaafl_slot_1_port_1; zarathud_slot_3_port_1 zone: tanstaafl_slot_1_port_1_and_zarathud_slot_3_port_2 tanstaafl_slot_1_port_1; zarathud_slot_3_port_2 zone: tanstaafl_slot_1_port_2_and_zarathud_slot_3_port_1 tanstaafl_slot_1_port_2; zarathud_slot_3_port_1 zone: tanstaafl_slot_1_port_2_and_zarathud_slot_3_port_2 tanstaafl_slot_1_port_2; zarathud_slot_3_port_2 zone: tanstaafl_slot_3_port_1_and_zarathud_slot_3_port_1 tanstaafl_slot_3_port_1; zarathud_slot_3_port_1 zone: tanstaafl_slot_3_port_1_and_zarathud_slot_3_port_2 tanstaafl_slot_3_port_1; zarathud_slot_3_port_2 zone: tanstaafl_slot_3_port_2_and_zarathud_slot_3_port_1 tanstaafl_slot_3_port_2; zarathud_slot_3_port_1 zone: tanstaafl_slot_3_port_2_and_zarathud_slot_3_port_2 tanstaafl_slot_3_port_2; zarathud_slot_3_port_2 zone: zarathud_slot_2_port_0_and_zarathud_slot_3_port_1 zarathud_slot_2_port_0; zarathud_slot_3_port_1 zone: zarathud_slot_2_port_0_and_zarathud_slot_3_port_2 zarathud_slot_2_port_0; zarathud_slot_3_port_2 zone: zarathud_slot_2_port_1_and_zarathud_slot_3_port_1 zarathud_slot_2_port_1; zarathud_slot_3_port_1 zone: zarathud_slot_2_port_1_and_zarathud_slot_3_port_2 zarathud_slot_2_port_1; zarathud_slot_3_port_2 alias: tanstaafl_slot_1_port_1 50:06:0b:00:00:67:53:38 alias: tanstaafl_slot_1_port_2 50:06:0b:00:00:67:53:3a alias: tanstaafl_slot_3_port_1 50:06:0b:00:00:67:2c:fc alias: tanstaafl_slot_3_port_2 50:06:0b:00:00:67:2c:fe alias: zarathud_slot_2_port_0 10:00:00:90:fa:a1:b1:3c alias: zarathud_slot_2_port_1 10:00:00:90:fa:a1:b1:3d alias: zarathud_slot_3_port_1 21:00:00:24:ff:57:21:ce alias: zarathud_slot_3_port_2 21:00:00:24:ff:57:21:cf Effective configuration: No Effective configuration: (No Access) Switch:admin>
We have some zones, but no traffic flow yet?
Yes. The next-to-last thing that needs to be created is a zone configuration. This can be seen as a set of zones active on the switch fabric. Following the aliCreate and zoneCreate convention, cfgCreate takes two arguments: a configuration name followed by a comma and a semicolon separated list of zones. My practice has been to name the zone configurations with a datestamp and version number, like cfg_20250416_rev_0. But do whatever works for you...
Switch:admin> cfgCreate cfg_20250416_rev_0, "tanstaafl_slot_1_port_1_and_zarathud_slot_3_port_1;tanstaafl_slot_1_port_1_and_zarathud_slot_3_port_2;tanstaafl_slot_1_port_2_and_zarathud_slot_3_port_1;tanstaafl_slot_1_port_2_and_zarathud_slot_3_port_2;tanstaafl_slot_3_port_1_and_zarathud_slot_3_port_1;tanstaafl_slot_3_port_1_and_zarathud_slot_3_port_2;tanstaafl_slot_3_port_2_and_zarathud_slot_3_port_1;tanstaafl_slot_3_port_2_and_zarathud_slot_3_port_2;zarathud_slot_2_port_0_and_zarathud_slot_3_port_1;zarathud_slot_2_port_0_and_zarathud_slot_3_port_2;zarathud_slot_2_port_1_and_zarathud_slot_3_port_1;zarathud_slot_2_port_1_and_zarathud_slot_3_port_2"
Last step. Apply the just created configuration
This step will cause a glitch in the matrix all ports attached to the fabric to get a topology change notification. It **is** somewhat disruptive. But we are probably not handling tens of thousands of credit card transactions per second here. So a little turmoil is OK for now.
Switch:admin> cfgEnable cfg_20250416_rev_0 You are about to enable a new zoning configuration. This action will replace the old zoning configuration with the current configuration selected. If the update includes changes to one or more traffic isolation zones, the update may result in localized disruption to traffic on ports associated with the traffic isolation zone changes. Do you want to enable 'cfg_20250416_rev_0' configuration (yes, y, no, n): [no] yes zone config "cfg_20250416_rev_0" is in effect Updating flash ... Switch:admin>
And that's it for switch zoning
Parting thoughts:
- I have two identical Brocade 5100 switches in my environment and all of the Fibre Channel HBAs I have (aside from drives in the tape library) are dual port cards. The zoning config defined here is meant to be applied to both switches. It is not important that not all ports are plugged in to either switch. When one switch dies, the cabling can be moved to the other switch without any switch configuration changes.