Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

SAN Zoning Guidelines for Nexus

 

 

Introduction

A zone is a collection of ports that can communicate between them over the SAN. It is recommended to define a zone per initiator and target, and deploy multiple small zones, rather than having larger zones defined as they consume more resources. A Zoneset is a collection of zones that define the zoning configuration applied to a VSAN. There can be only one active zoneset per VSAN, but there can be multiple zonesets configured in a switch. It is a good idea to define naming conventions for zones and zonesets that can later be easily recognized. For Zone naming, define a server-centric format, and include the initiator and target device aliases if using single-initiator / single-target zones. For Zoneset naming, include information about the DC site & location and the VSAN number.

 

VSANs

Virtual SAN (VSAN) technology partitions a single physical SAN into multiple VSANs. VSAN capabilities allow Cisco NX-OS software to logically divide a large physical fabric into separate, isolated environments. Each VSAN is a logically and functionally separate SAN with its own set of Fibre Channel fabric services.  The strict traffic segregation provided by VSANs helps ensure that the control and data traffic of a specified VSAN are confined within the VSAN's own domain, increasing SAN security.

 

N Port Virtualization

Cisco NX-OS software supports industry-standard N port identifier virtualization (NPIV), which allows multiple N port fabric logins concurrently on a single physical Fibre Channel link. HBAs that support NPIV can help improve SAN security by enabling zoning and port security to be configured independently for each virtual machine (OS partition) on a host. N port virtualizer (NPV) is a complementary feature that reduces the number of Fibre Channel domain IDs in core-edge SANs.

 

SAN Zoning

Zoning will be used in the Access switches to control which end nodes (initiators and targets) can communicate.

 

Zoning configuration will be based on the following characteristics:

 

  • Enhanced Zoning will be enabled. This provides for automatic full zoneset distribution and synchronization, as well as preventing multiple administrators from modifying a VSAN’s zoneset at the same time. It is recommended to use enhanced zoning for all configured VSANs in the SAN
  • Device-aliases will be used to configure zoning, as they are independent of the zoning database and can provide name resolution to applications beyond the zone server.

 

It is recommended to configure each zone as a “single initiator / single target” zone.  This method specifies that a zone will include only one initiator and one target.

 

Note that Enhanced zoning can be used in a Cisco-only SAN network. When changes to the zoning configuration of a VSAN are committed in a switch, the changes are automatically distributed to the other SAN switches in the same VSAN, using the CFS protocol over FC/FCoE.

 

Zoning Configuration

Zoning configuration is done as a global configuration, and it is performed in one switch, which distributes the configuration via CFS.

Note that when a new Access switch is connected to a SAN, it is recommended to not configure any zoning in the Access switch. Before connecting to the SAN, the switch is configured with “enhanced zoning” and “enhanced device-alias” activated. Once connected to the SAN, the switch will retrieve the zoning configuration via CFS (a Fabric merge event will take place).

 

! Add a zone to the VSAN

zone name Z_<server-alias-name>_<target-alias-name> vsan <vsan-id>

!

! Add the members to the Zone

  member device-alias <server-alias-name>

  member device-alias <target-alias-name>

!

! Create the Zoneset for the VSAN

zoneset name ZS_<DC-id>_<vsan-id> vsan <vsan-id>

member Z_<server-alias-name>_<target-alias-name>

!

! Activate the Zoneset

zoneset activate name ZS_<DC-id>_<vsan-id> vsan <vsan-id>

!

! Commit the zoning changes

zone commit vsan <vsan-id>

 

Related Information

Cisco MDS SAN Zoning Best Practices

vPC Best Practices for Nexus 7000 and 5000

Configuring and Troubleshooting MDS Enhanced Zoning

Version history
Revision #:
2 of 2
Last update:
‎08-29-2017 05:09 AM
Updated by:
 
Labels (1)
Contributors