cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1782
Views
5
Helpful
7
Replies

Hard Zoning to WWN Zoning

KarFrmEmc
Level 1
Level 1

Hello all,

I have an environment where Enhanced Zoning is enabled and a VSAN was changing from Port Name Zoning to WWN Zoning? Has anyone ever performed the following? Were there any challenges or recommendations that can be made?

Appreciate your responses!!

7 Replies 7

stephen2615
Level 3
Level 3

At my previous job, I setup WWN zoning thinking I was doing the right thing. Then we bought lots of HP blade systems that used SAN and also some HP managed storage. We had some issues with WWN zoning as HP never turned up on time or came when no one was around to change the HBA on the blades that were failing for some reason.

It quickly gets bigger than Ben Hur when an outsourcer gets involved. I liked the idea of WWN zoning but in reality, port zoning is much more simpler to manage. Our environment was extremely secure so there were no issues with your typical SAN that might encourage people to do WWN zoning or port security.

So, literally I did the reverse to what you want to do which was much the same as what you have to do now.

Create fcaliases for the WWN which comes in handy. Try to use FM for that as doing it in via the CLI will drive you crazy and you could make mistakes. The WWN's appear in a grid that makes it easy to assign fc aliases to them.

Create some new zones and put the fcalias into the zones.

Create a new zoneset and populate your new zones into the zoneset and then activiate the new zoneset. Then discard all your old zones and zonesets so as not to get mixed up in the future.

It took me a few hours to migrate from WWN zoning to port zoning. Its pretty easy but tedious in large environments.

I am assuming that you have dual paths to everything. As always, ensure you backup all your config before such a major change. If it all goes pair shaped, it is easy to revert back to normal.

HTH!!

Stephen

Thanks for the your reply Stephen. Yes we used to be under HPs storage system but now moving out of it, so we are reverting to WWN Zoning. My conversion were successful but this environment has Enhanced Zoning Mode turned on. In one of the fabrics there was a fabric lock that had to be cleared in order to make any changes. It is not a CFS lock.

So my step by step process involves:

Create fcalias, Make Zones, Add Zones to the Zoneset, Activate the Zoneset and issue "Zone commit vsan X" at the end for the fabric to see it's new zones. But on one of the fabrics after the commit was issued and "show zone status vsan x" was typed the commit failed due to "Operation Not authorized". It specified a Domain name after the error message which belong to the remote switch which is ISLed to the current switch where the commands are issued.

So I have a bigger issue now where I need to do a Preemptive check to see if any of the fabric has a lock on it, does anyone know of a command that does that?? Or has worked with Enhanced Zoning??

I am not an expert on Enhanced zoning so I wonder how it works when it attempts to lock the fabric to do its work. It is done in band by some special FC command set or would it use something stupid like SNMP?

I have seen a number of Operation Not Authorised failures due to not knowing the community strings especially for read/write access. So, it is possible that the remote switch has a different community string and thats the reason it fails?

I know there are some very good MIB's that have just been released that cater for management of Zone servers. None of the failures look like the reason the operation was rejected. If anything, SW_RJT is what you need to be searching for.

Have a look at:

http://tools.ietf.org/html/draft-ietf-imss-fc-zs-mib-03#section-6

Cheers

Stephen

Enhanced Zoning is from the FC-GS4 & FC-SW3 standards.

http://www.t11.org/index.html

The locking is done inband using FC SW_ISLs commands, as per the standards. It does not use CFS.

To check for an outstanding lock use the "show zone status vsan x" command and look at the 'allow session' field.

For example below, remote domain ID 24 acquired the lock in VSAN 50.

bogart# show zone status vs 50

VSAN: 50 default-zone: deny distribute: active only Interop: default

mode: enhanced merge-control: allow session: remote [dom: 24]

hard-zoning: enabled broadcast: enabled

Default zone:

qos: none broadcast: disabled ronly: disabled

Full Zoning Database :

Zonesets:0 Zones:0 Aliases: 0 Attribute-groups: 1

Active Zoning Database :

Database Not Available

Status: Set zoning mode success at 04:30:55 PDT May 31 2007

bogart#

I know remote domain 24 is switch called Stormy so I log into that switch and do same command. It tells me CLI user Admin has the lock.

stormy# show zone status vsan 50

VSAN: 50 default-zone: deny distribute: active only Interop: default

mode: enhanced merge-control: allow

session: cli [admin]

hard-zoning: enabled broadcast: enabled

Default zone:

qos: none broadcast: disabled ronly: disabled

Full Zoning Database :

Zonesets:0 Zones:0 Aliases: 0 Attribute-groups: 1

Active Zoning Database :

Database Not Available

Status: Set zoning mode success at 14:27:14 AEDT May 31 2007

stormy#

So I issue "show zone pending" and "show zoneset pending" to see what is pending. Looks like Admin created a zoneset called 'Blah' and has not committed it yet.

stormy# show zone pending vsan 50

Zone not present

stormy# show zoneset pending vsan 50

zoneset name blah vsan 50

stormy#

The Enhanced tab in FM will indicate if and who has any lock. There is a 'Config DB Locked By" column.

Cheers

Dallas

Sydney TAC

Slight correction, the field to look at is "session". I mistakenly typed "allow session" . The word 'allow' relates to merge control setting.

Cheers

Dallas

Dallas

Really appreciate your input so far, really has been helpful. I observe everything from above in my environment. My question is what is the fix to this:

I do see the cli admin lock, to clear it this is what the Cisco manual suggested:

Step 1 Use the show zone status vsan command to determine the lock holder. If the lock holder is on this

switch, the command output shows the user. If the lock holder is on a remote switch, the command output

shows the domain ID of the remote switch.

switch#show zone status vsan 16

VSAN: 16 default-zone: deny distribute: active only Interop: default

mode: enhanced merge-control: allow session: cli [admin] <---- user admin has lock

hard-zoning: enabled

Step 2 Use the no zone commit vsan command on the switch that holds the lock to release the lock if you are

the holder of the lock.

Step 3 Use the no zone commit vsan force command on the switch that holds the lock to release the

lock if another user holds the lock.

Note Verify that no valid configuration change is in progress before you clear a lock.

Step 4 If problems persist, use the clear zone lock command to remove the lock from the switch. This should

only be done on the switch that holds the lock.

But since I also obeserve that I do have a pending Zoneset, do I commit the changes first and then clear the lock or vice versa.

Thanks again

if you commit your changes with config command "zone commit vsan X" then you dont need to do anything else. Committing the pending change will automatically release the enhanced zoning fabric lock. Steps 2-4 are only required if you want to abort the pending zone changes, ie you dont want to commit them.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: