Enhanced zoning enables to perform all configurations using a single configuration session. It enforces and exchanges the default zone setting throughout the fabric. Enhanced zoning uses the same techniques and tools as basic zoning, with a few added commands. The flow of enhanced zoning, however, differs from that of basic zoning.
Enhanced zoning has the following features:
VSAN wide scope, so that while VSAN X is using enhanced zoning, other VSANs can continue to use basic zoning.
Is IVR compatible.
Provides session locking, so that two SAN administrators cannot simultaneously modify a zoning database within a VSAN.
Provides implicit full zone set distribution, so that the zone set database local to each switch remains in sync when a zone set is modified.
Allows full zone set changes to be distributed without having to activate a zone set. This can be used to ready features in the daytime and activate the zone set at night.
Stages modifications until they are explicitly committed or aborted, allowing the SAN administrator to review changes before activation.
Can control how a zone merge is done. Merging can be accomplished either by performing a union of two zone sets according to the same rules as basic zoning, or by merging only identical active zone sets. The latter method prevents accidental merging.
Fabric Login (FLogi)
In a Fibre Channel network, the actual number of physical ports in the fabric is not the most critical concern when designing for large SAN fabrics. Since Fibre Channel ports consist of E/TE ports and F/FL ports, the main consideration is the number of fabric logins in the network. The number of actual physical ports in the fabric is larger than the number of end devices (server, storage, and tape ports) in the physical fabric. The Cisco MDS Family supports up to 10,000 fabric logins in a physical fabric, regardless of the number of VSANs in the network.
Virtual SANs (VSANs)
Cisco MDS switches offer VSAN technology, which is a simple and secure way to consolidate many SAN islands into a single physical fabric. Separate fabric services and separate role base management are provided for each VSAN, while providing separation of both the control plane and the data plane.
Within each VSAN, there is only one active zoneset that contains one or more zones. Each zone consists of one or more members to allow for communication between the members.Cisco MDS switches support up to 8000 zones and 20,000 zone members in a physical fabric.
Enabling Enhanced Zoning
Enhanced zoning can be turned on per VSAN as long as each switch within that VSAN is enhanced zoning capable. Enhanced zoning only needs to be enabled on one switch within the VSAN (existing SAN). At the time enhanced zoning is enabled the command will be propagated to the other switches within the VSAN automatically.
The rules for enabling enhanced zoning are:
Enhanced zoning only needs to be enabled on one switch in the VSAN of an existing converged SAN fabric. Enabling it on multiple switches within the same VSAN can result in failure to activate properly.
Enabling enhanced zoning does not perform a zone set activation.
The switch that is chosen to initiate the migration to enhanced zoning will distribute its full zone database to the other switches in the VSAN. Thereby overwriting the destination switches’ full zone set database.
Note that it is critical that zone distribution is turned on and each switch has its zoning information up to date. Failure to do so will result in deleting the full zone set database. This can be done by verifying zone distribution is turned on and a zone activation is preformed before enabling enhanced zoning.
To enable enhanced zoning via CLI follow the following procedure.
Switch# conf t
Switch(config)# zone mode enhanced vsan <vsan number>
Switch# copy run start
To display the zoning mode status
Switch# show zone status vsan <vsan number>
Modifying Zone Database
Modifications to the zone database is done within a session. A session is created at the time of the first successful configuration command. On creation of a session, a copy of the zone database is created. Any changes done within the session are performed on this copy of the zoning database. These changes in the copy zoning database are not applied to the effective zoning database, until you commit. the changes. Once you apply the changes, the session is closed.
If the fabric is locked by another user and for some reason the lock is not cleared, you can force the operation and close the session. You must have permission (role) to clear the lock in this switch and perform the operation on the switch from where the session was originally created.
switch# config t
switch(config)# zone commit vsan <vsan number> //Applies the changes to the enhanced zone configuration and closes the session
switch(config)# zone commit vsan <vsan number> force //Forcefully applies the changes to the enhanced zone and closes the session created by another user.
When troubleshooting enhanced zoning, it is important to understand the process flow when performing a zone configuration. The following operations detail the process flow:
•The first configuration command on the zoning database acquires a fabric wide lock preventing other changes on the VSAN.
•The first configuration command on the zoning creates a local copy of that VSAN’s zoning database.
•Changes done to the zoning database are done on the copy.
•Commit has to be issued to apply the changes.
•Commit destroys the copy of the zoning database after activation.
•Commit also releases the fabric wide lock
•If the changes are to be discarded prior to the commit, issue “no zone commit” command, which releases the lock and throws away the changes.
Zoning Lock and Lock Owners
The zoning lock is issued to a single user on a single switch. Only one user is allowed to hold the lock. If for some reason the lock is held by another user, and the lock has to be cleared forcefully, issue “no commit” with the force flag.
switch (config)# no zone commit vsan 1 force
switch# clear zone lock vsan <vsan_id>
Identifying the Lock Owner
If you’re locked out, follow these steps.
Determine which switch (domain) has the lock
Determine which user has the lock on that switch
Clear the lock for that user on that switch.
Determining Switch holding lock
If there is a lock, Zone configuration attempt displays error or Zone database locked due to update in progress
switch-1(config)# zoneset name azone vsan 10
Zoning database update in progress, command rejected
Show zone status command displays what switch has the lock
switch-1# show zone status vsan 10
VSAN: 10 default-zone: deny distribute: active only Interop: default
mode: enhanced merge-control: allow
session: remote [dom: 100][ip: 10.87.100.22] // this switch is having the lock
hard-zoning: enabled broadcast: enabled
qos: none broadcast: disabled ronly: disabled
Confirm remote (Adj) switch and domain ID for vsan 10