Académique Documents
Professionnel Documents
Culture Documents
Asia-Pacific Headquarters
9/F, One International Finance
Center, 1 Harbour View Street,
Central, Hong Kong
Tel: +852 2539 0600
Fax: +852 2539 0613
Email: apac-info@brocade.com
European Headquarters
29, route de l’Aeroport
Case Postale 105
CH-1211 Geneva 15,
Switzerland
T: +41 22 799 56 40
F: +41 22 799 56 41
Email: europe-info@brocade.com
Preface xvii
Appendix C Glossary
C.1 Terms and Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1
Index
The SilkWorm Design, Deployment, and Management (DDM) Guide is focused on covering detailed “how to” information for
Brocade products from a design, deployment, and management perspective. The DDM is intended to be used in conjunction
with existing Brocade manuals, release notes, and related Brocade publications. The DDM is effective at focusing experienced
Brocade SAN professionals on a specific area or subject of the SAN life cycle. The emphasis of the DDM is on breadth, with
depth where new features or complexity dictate. When multiple choices are available for adopting a particular approach or
strategy and there are clear benefits to implementing a particular approach, guidelines are provided.
The SilkWorm 2000 series, 3200, 3250, 3800, 3850, 3900, 12000, and 24000 platforms and features up to Fabric OS 4.2, 3.1.2,
and 2.6.2 are covered in this document. The following Brocade software features are addressed:
• Advanced Web Tools
• Advanced Zoning
• Fabric Watch
• Trunking
• Advanced Performance Monitoring
• Extended Fabrics
• Secure Fabric OS
• Fabric Manager
• API
The flow and organization of the document follows the process of first designing a Brocade SAN, followed by the deployment
and operation of that SAN. It is important to understand how new features such as Secure Fabric OS, non-disruptive code
activation, and scalability impact a SAN and how these topics relate across the SilkWorm and Fabric OS family. Many
Brocade features span the disciplines of SAN design, deployment, and management. For example, ISL Trunking influences a
SAN design, has specific deployment tips, and can be managed via various interfaces such as the CLI, Web Tools, and Fabric
Manager.
Discussed in Section I SAN Design, are topics such as device attachment strategies, switch placement in a fabric, design
related Security topics, and zoning guidelines. Once the SAN design and other planning has taken place, the switches and
devices require deployment. Section II SAN Deployment, covers subjects such as installation preparation and planning, usage
of new features, Security planning, migrating to a secure fabric, staging equipment, validating a fabric, and fabric
troubleshooting. A rich set of management interfaces exists for the SilkWorm family of switches. Effectively integrating a
particular management interface, such as Fabric Manager or Fabric Watch, into the enterprise management system, capacity
planning, and SAN management with SNMP are just a few examples of topics addressed in Section III SAN Management.
Note: FICON design requirements and practices differ significantly from those used for open systems Fibre Channel SANs.
FICON considerations are addressed in the IBM Redbook titled “Getting Started with the IBM 2109 M12 FICON
Director” (ISBN 0738499390).
Guideline Conventions
The formatting and conventions used in this document are designed to help the reader locate and comprehend information
quickly. In addition to the information provided in standard text, there are Guidelines, Notes, and Cautions to help focus the
reader on important information.
Formatting
The following table describes the formatting conventions that are used in this book:
Convention Purpose
Guideline: Guidelines are recommendations for consideration. The adoption of these guidelines is a function of the
user’s ability to interpret and correlate relevant SAN information and make decisions based upon their
organization and SAN requirements.
Warning: Warnings alert you to potential damage to hardware, firmware, software, or data.
Caution: Cautions indicate that a particular action or type of connection is not recommended as it may cause failure of
the switch or fabric.
Brocade Documentation
The following related publications are provided on the Brocade Documentation CD-ROM and on the BrocadeConnect web
site. To access the BrocadeConnect web site go to www.brocade.com and select the appropriate link.
• Brocade Fabric OS Documentation
- Brocade Fabric OS Procedures Guide
- Brocade Fabric OS Reference
- Brocade Diagnostic and System Error Message Reference Manual
- Brocade Fabric Manager User’s Guide
- Brocade MIB Reference Manual
• Brocade Fabric OS Optional Features Documentation
- Brocade Advanced Web Tools Administrator's Guide
- Brocade Fabric OS Features Guide
- Brocade Fabric Watch User’s Guide
- Brocade Secure Fabric OS® User's Guide
- Secure Fabric OS Quickstart Guide
• Brocade Hardware Documentation
- Brocade SilkWorm 24000 Hardware Reference
- Brocade SilkWorm 12000 Hardware Reference
- Brocade SilkWorm 3900 Hardware Reference
- Brocade SilkWorm 3250/3850 Hardware Reference
- Brocade SilkWorm 3800 Hardware Reference
- Brocade SilkWorm 2800 Hardware Reference
Note: The following product discussion does not include bundled options. Licensed features may be bundled, however when
the command licenseshow is issued each license will be listed individually.
JBOD
Loop 2
Server2
Blue zone
Fib
bre Channe
el Fabric
RAID
Hub
For more information about Brocade Advanced Zoning refer to the Brocade Fabric OS Features Guide. Guidelines on
management activities can be found in Section III SAN Management.
Brocade ISL Trunking simplifies network design and reduces the cost of storage management by optimizing bandwidth
utilization and enabling load balancing of traffic at the frame-level. ISL Trunking is compatible with both short wavelength
(SWL) and long wavelength (LWL) fiber optic cables and transceivers.
The ISL Trunking software identifies and constructs trunking groups as soon as the ISL Trunking license is activated. The
ISLs and ports that participate in trunking groups are referred to as trunks and trunking ports
Figure 1-2 illustrates how trunking can result in more throughput by avoiding congestion. In this example, the data available
for transmission is distributed over the four ISLs with no congestion, since it is below the total 8 Gbit/sec capacity of the
combined ISLs. In a fabric that does not have trunking capability, some paths could be congested and other paths could be
under utilized.
Guidelines on management activities can be found in Section III SAN Management. For more information about Brocade
Trunking, refer to the Brocade Fabric OS Features Guide.
Guidelines on management activities can be found in Section III SAN Management. For more information about Brocade
Fabric Watch, please refer to the Brocade Fabric Watch User's Guide.
maximum buffering between E_Ports connected over an extended distance. The buffer reconfiguration results in line speed
performance of 2 Gbit/sec for switches interconnected at up to 60 Km, and of 1 Gbit/sec for switches interconnected at up to
100km.
Brocade Extended Fabrics achieves long-distance connections by allocating more frame buffers for Fibre Channel traffic.
Long-distance connections require more frame buffers than regular ISL connections. The greater the distance, the more frame
buffers required. If the long-distance port is part of a quad, this limits the buffer space left over for the remaining ports in the
quad, which must, therefore, be configured appropriately.
When configuring long distance ISLs, make sure to balance the need between long distance ISL connections and Core-to-Edge
ISL connections within a switch. Configuring long distance ISLs between Core and Edge switches is possible, but is not a
recommended practice.
The long-distance Extended Fabrics configuration can be established among SilkWorm 3200, 3250, 3800, 3850, 3900, 12000,
and 24000 switches. Long-distance ports consume more buffers than regular ISL ports, which means that configuration of a
long-distance port could disable other ports in the same quad due to lack of buffers.
Valid Long-Distance
ISL Connections
SW3850 SW3250
SW3800 SW12000
Invalid Long-Distance
ISL Connection
SW2800 SW3000-series
Invalid Long-Distance
ISL Connection
SW2800 SW12000
Invalid Long-Distance
ISL Connection
SW2800 SW24000
With the use of a SAN, it is possible to achieve much higher utilization since every host can access to all storage in the SAN.
In this example, a modest 10-20% improvement in storage utilization could result in a savings of several hundred GB of
storage. In addition, a reduction in associated ownership costs of that surplus storage would occur. In the storage consolidation
model, if a host is not using all of its storage, it is possible to rapidly reallocate this extra storage to a different host. It is also
possible to add additional storage for all servers to access, rather than having to purchase storage for specific hosts. In a direct
attach environment, it is more difficult to do so, forcing the need to have very high white space overhead to allow growth. A
conservative 60% utilization scenario with DAS and storage consolidation environments are compared in Figure 2-1.
Storage Host
80% utilization
60% utilization
SAN
Since many hosts depend upon continuous access to their storage in a storage consolidation solution, designing a highly
available SAN to ensure this continuous access is critical. Resilient and redundant fabric designs are highly recommended,
especially in large storage consolidation solutions. In a storage consolidation solution, many devices contend for a shared
storage port. The performance-limiting factor is often the over-subscription or fan-out ratio of that port, and not the network.
Because of this, it is possible to design SANs with a certain amount of over-subscription without adversely affecting
application performance. Because the benefits of storage consolidation grow proportionally with the number of hosts and
storage, the capability for a SAN to scale is important. It is possible to choose a SAN architecture that can grow from tens of
ports to hundreds, and in some cases, thousands of ports, while minimizing or eliminating downtime. Topologies such as the
Core/Edge are optimal for enabling this type of scaling and availability.
2.1.2. Backup
A SAN-based backup is, in some respects, a form of storage consolidation in that an I/O device (the tape drive) is available to
be shared by many hosts. The difference is that the shared device is tape, rather than disk. This distinction can affect SAN
design in several ways:
• Currently, tape libraries tend to be single-attach, so the multi-pathing approaches used in storage consolidation will
usually not work.
• Backup devices tend to be more sensitive to I/O disruption than disk arrays. Arrays can recover from small glitches; tape
solutions sometimes do not recover as easily. This is a known issue in the industry and something being addressed with
the emergence and adoption of the FC-TAPE standard.
• The availability of tape drives is usually not as critical as that of disk arrays.
Tape Host
Ethernet
or SAN
Figure 2-2 Direct Attach and LAN Based Backup Compared to a SAN Based Backup
A disruption in a backup SAN is usually not as critical as a disruption in a storage SAN. Mission critical applications require
continuous access to storage, while a tape backup normally can be restarted without end users seeing the effect. If a SAN is
designed for tape device attachment only, a single resilient fabric may provide sufficient availability.
Asynchronous
Translated FC over SONET, ATM or IP
Applications
0 – 20,000km
A
A
B X B X
C C
Figure 2-5 Resilience in Core/Edge and Ring Topologies
Fabric A Fabric B
In addition to enhancing availability, using redundant fabrics also enhances scalability. Using dual-fabrics essentially doubles
the maximum size of a SAN. If a fabric is limited by vendor support levels to 34 switches/1200 user ports and a single fabric
solution with dual-attached devices is utilized, then the SAN is limited to 600 devices. However, if a dual-fabric with
dual-attach device solution is utilized, the SAN is capable of supporting 2400 user ports or 1200 devices.
Any devices that are dual-attached and are capable of supporting an active-active or active-passive dual-path essentially
double the potential bandwidth. An active-active dual-path means that I/O is capable of using both paths in normal operation.
Some SAN devices only support active-passive dual-pathing. With active-passive dual-pathing, the passive path is utilized
only when the primary path fails.
Some devices, such as tape drives, are typically not capable of supporting multiple paths. It is possible to address this issue by
equally distributing tape devices between the redundant fabrics and configuring the backup applications to use an alternate
tape drive should an outage on one of the fabrics occur. However, some elements of a tape backup solution, such as robot
control within a single library enclosure, do not currently map well into a redundant fabric environment.
Single attached devices, including tape drives, non-critical storage, or hosts can be included in a redundant SAN, by
alternately assigning them between the fabrics. When implementing a logical group of single-attached devices, such as a tape
library with multiple tape drives and a robot, ensure that these devices reside on the same fabric, and if possible, on the same
switch.
When deploying redundant fabrics, it is not always necessary to deploy symmetrical fabrics. For example, when using a
dual-fabric, the first fabric could consist of several interconnected SAN islands, while the second fabric consists of isolated
islands, as shown in Figure 2-7. Redundancy is still maintained for dual-attach devices.
Single
Attach
Storage
Fabric A
2.3. Trunking
Brocade ISL Trunking is a licensed feature that enables traffic to be optimally shared across available inter-switch links (ISLs)
while preserving in-order delivery. A trunk group logically joins two, three, or four ISLs into one logical ISL. Trunking
optimizes ISL utilization, minimizing or eliminating congestion in the SAN. Trunking manages ISLs as a group instead of
individually; therefore, the effort of managing a SAN is reduced.
Trunking can also increase availability. As long as at least one ISL link remains, I/O continues if an ISL failure occurs – albeit
at a lower bandwidth. It is also possible to dynamically increase bandwidth by adding ISLs to a trunk – without impacting I/O
-- to enable up to 8 Gbit/sec of bandwidth over a single logical link. Trunking is available on the SilkWorm 3200, 3250, 3800,
3850, 3900, 12000, and 24000 platforms. The ports that form a trunk must reside in the same contiguous four-port groups,
which are known as quads, and are as shown in Figure 2-8, Figure 2-9, and Figure 2-10. For additional discussion about
Trunking, reference Exploring Brocade ISL Trunking (publication number: 53-0000263-01). An octet is a group of two
adjacent quads. The SilkWorm 3900 and 24000 switches implement octets. Note that the SilkWorm 3900 and 24000 octets are
highlighted in red dotted boxes in Figure 2-8 and Figure 2-10. The way that devices are connected to quads and octets can
impact the performance of switches for extreme I/O use cases where the majority of ports are utilized at or near full bandwidth.
Octets consist of two quads, each quad capable of supporting up to an 8 Gbit/sec trunk, ISLs, or SAN devices. An octet has no
bearing on trunking.
Note: Fabric OS versions 3.1 and 4.1 do not support Trunking with LE, L1, and L2 portcfglongdistance modes.
Please refer to Appendix B, Long-distance Technologies for Storage Area Networks for further discussion on this
topic.
0 1 2 3 4 5 6 7
3200 Q uads
3250 Q uads
0 1 2 3
4 5 6 7
3850 Q uads
0 1 2 3 8 9 10 11
4 5 6 7 12 13 14 15
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 3800 Q uads
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Figure 2-8 SilkWorm 3200, 3250, 3800, 3850, and 3900 Quads; SilkWorm 3900 Octets
P
O
R
T
S
15
14
13
SilkWorm
12 12000 Quads
11
10
9
8
7
6
5
4
3
2
1
0
15
12 13 14 15
14
Quad
13
12 15 15 15 15 15 15 15 15
12 13 14 15
12 13 14 15
12 13 14 15
12 13 14 15
12 13 14 15
12 13 14 15
12 13 14 15
12 13 14 15
14 14 14 14 14 14 14 14
13 13 13 13
11 13 13 13 13
12 12 12 12 12 12 12 12
11 11 11
10 11 11 11 11 11
10 10 10 10 10 10 10 10
9 9 9
9 9 9 9 9 9
8 8 8 8 8 8 8 8
8 7 7 7 7 7 7 7 7
Octet 6 6 6 6 6 6 6
7
6
7
7
4 5 6
4 5 6
4 5 6
4 5 6
4 5 6
4 5 6
4 5 6
4 5 6
5 5 5 5 5 5 5 5
7 4 4 4 4 4 4 4 4
3 3 3 3 3 3 3 3
6
7
2 2 2 2 2 2 2 2
1 1 1 1 1 1 1 1
5
4 5 6
0 0 0 0 0 0 0 0
3 to 1 ISL Over-subscription
12
x 1G
b/s
P o rt
s
4 x 1 Gb/s ISLs
Since SAN-attached devices can operate at various speeds, it is necessary to put some additional thought into calculating ISL
over-subscription with variable speed hosts, storage, and ISLs. In Figure 2-12 on page 2-14, six 1 Gbit/sec hosts and six 2
Gbit/sec hosts are depicted. These share access to four 2 Gbit/sec ISLs. To calculate the ISL over-subscription ratio, average
the speed of the input ports and divide this result by the speed of the output ports. Multiply the node portion of the ratio by that
number, as shown in Figure 2-12.
12
mi
xe
d sp
6 x 2 Gb/s 6 x 1 Gb/s ee
d po
Hosts Hosts rts
4 x 2 Gb/s ISLs
Guideline: As a starting point or if specific performance requirements are not available, it is suggested to connect
at a 7:1 ISL oversubscription ratio.
Table 2-1 identifies the number of ports required per platform to achieve a targeted ISL oversubscription ratio and the
recommended number of ports to reserve to scale performance. Note that for 8-port switches, the lowest practical ISL
oversubscription that maintains resiliency (i.e. more than one connection into the fabric) is 3:1 and two ports are necessary. For
the larger switches like the SilkWorm 3900 or 24000, higher ISL oversubscription ratios are possible while maintaining
resiliency. With higher ISL oversubscription ratios, it is important to utilize low bandwidth devices or to employ locality.
When a particular ISL oversubscription ratio is not recommended for resiliency purposes, the table cell is labeled with N/A
(not applicable).
Guideline: When designing a Core/Edge fabric, attach edge switch ISLs for the target ISL oversubscription ratio,
but reserve ports to enable the scaling of performance. For example, connect ISLs at a 7:1 ISL
oversubscription ratio, but reserve ports in the same quad (see section 3.1.1. Trunk and ISL
Connections on page 3-1) for further detail regarding the definition of quad) for a 3:1 ISL
oversubscription ratio.
Table 2-1 Recommended Trunk Configurations to Attain Target ISL Oversubscription Ratios for Switches Used
on the Edge in a Core/Edge Fabric
The information in Table 2-1 and Table 2-2 presents a detailed view of the exact number of ports and trunks to configure and
reserve to attain a particular ISL oversubscription ratio for switches used on the edge in a Core/Edge topology. In Table 2-1,
using the SilkWorm 12000 and a 7:1 ISL target connection rate as an example, it is necessary to connect two 2-ISL trunks and
reserve four ports (two 2-ISL trunk’s worth) of ports to enable the scaling of performance.
Table 2-2 identifies recommended number of ports to reserve for ISLs/trunks on an edge switch when designing a Core/Edge
fabric. The resulting configuration yields a 7:1 ISL oversubscription ratio that provisions for scaling to a 3:1 ISL
oversubscription ratio should performance requirements dictate.
Table 2-2 Recommended ISL/Trunk Port Allocations for SilkWorm Switches Used as Edge Switches in a
Core/Edge Fabric
3200/3250 8 2
3800/3850 16 4
3900 32 8
12000 64 16
24000 128 32
2.5. Locality
If devices that communicate with each other are connected to the same switch or groups of switches then these devices have
high locality. If two devices must cross an ISL/trunk to communicate, then these devices have low locality. The higher the
locality, the less traffic crosses ISLs/trunks and therefore, fewer ISLs/trunks are needed. The lower the locality, the more traffic
crosses ISLs/trunks and therefore, more ISLs/trunks may be needed.
Figure 2-13 depicts the scenario of low locality. When host and storage devices need to communicate in low locality scenarios,
all traffic must traverse through ISLs/trunks. If four 2 Gbit/sec hosts in Figure 2-13 need to concurrently communicate with
four 2 Gbit/sec storage devices/connection at full bandwidth, congestion occurs in the ISLs. This is because eight devices
(four hosts, four storage devices) that could potentially generate 1600 MB/sec of I/O, must share only 800 MB/sec of
bandwidth. Of course, in reality, most devices cannot sustain full throughput and they would not all peak at the same time.
Note that this example involves simplex I/O, meaning only one path is utilized for I/O. One example of a simplex operation is
a scenario where all hosts are reading from the storage 100%. Under full duplex operations, the maximum potential bandwidth
is 3200 MB/sec. This is why many hosts can share a single storage port, and why many devices can share a single ISL. If all
eight devices were connected to the same switch, they could communicate with each other at a potential aggregate bandwidth
of 1600 MB/sec without congestion. When a single switch is not large enough to support the number of required devices, a
network of switches is needed.
Possible Congestion
Data Flow
Data Flow
Data Flow
With a little planning, it is usually possible to design a SAN with a significant degree of locality, as shown in Figure 2-14.
While higher levels of locality are desirable, it is still possible to build very effective SANs with minimal to no locality. In fact,
some SANs are deliberately designed with low locality to maximize the administrative simplicity that a low locality design
provides. It is a straightforward process to design a tiered SAN that delivers sufficient bandwidth in a low locality
environment. The value in doing so is that tiered SANs require minimal planning and management to add hosts or storage -
just attach hosts to host-designated switches and storage to storage-designated switches. See section 3.1.6. Tiering (Low
Locality Device Attachment) on page 3-14 for further discussion on this topic.
Data Flow
Figure 2-14 High Locality SAN
2.6. Scalability
The scalability of a SAN is the size to which that SAN could be expanded without fundamental restructuring. Scalability is so
important to SAN design that it is frequently the first criteria used in deciding how to approach the SAN architecture. The
designer starts by asking two questions: 1) “how many ports does the SAN need now?” and 2) “how many ports will the SAN
need in the near future?” The solution is then designed to meet the port count requirements.
SANs should be designed to scale to the largest size that is expected in a reasonable time frame, rather than merely using the
requirements at the time of implementation as a target. This prevents the SAN from being “painted into a corner” and needing
to be fundamentally restructured after entering production.
Investment protection is another area that relates to scalability. If an existing switch is replaced with a newer or higher port
count switch to increase scalability, it is valuable to reuse the existing switch elsewhere in the fabric. Proper initial planning
facilitates this as well.
The Core/Edge fabric topology is the most frequently deployed topology in cases where scalability needs are great. It is
derived from the star topology, which is common in traditional data networks. The Core/Edge fabric topology (see
Figure 2-15) is a similar design, except that the Core is normally redundant, and there is typically only one level of edge
switches (few hops). Some Core/Edge implementations opt for a single Core switch when deploying the fabric in a dual-fabric
SAN architecture. The logic behind this approach is that should a single Core fail, the remaining and redundant fabric can
maintain SAN operations.
Edge
Core
Core/Edge topology is scalable from many perspectives. It is possible to use variable size switches in the Cores and the Edges.
The larger the Core switch, the larger the fabric can grow. If large Cores and Edges are utilized, it is possible to build very
large fabrics. The concept of scaling a fabric by using variable port count switches is shown in Figure 2-16.
A reasonable network progression might start with 16-port or 32-port Core switches and migrate to 64-port or 128-port Cores
when the scalability limits of the smaller Cores are reached. See the SAN Migration Guide (part number 53-0000360) for
detailed information on how such a migration would be performed. When additional ports are required, the lower port count
switches in the Core can be replaced with the higher density 64-port or 128-port switches. The lower port count switches can
then be redeployed at the edge.
16-port Core
64-port Core
If greater bandwidth is required between the edge switches, it is possible to scale the number of ISLs from the edge switches to
the Core, as shown in Figure 2-17. It is also possible to scale the bandwidth between any two-edge switches by increasing the
number of Core switches and the associated ISL/trunk connections.
Scale # ISLs
Figure 2-17 Increased bandwidth between Edge switches through the addition of ISLs or the addition of Core
switches
2.7. Performance
An over-subscribed link is one on which multiple devices might contend for bandwidth. Traditional data networks have been
built with very high levels of over-subscription on links for years. The Internet is probably the best-known example of this. A
congested link is one on which multiple devices actually are contending for bandwidth.
While not capable of supporting Internet-like over-subscription ratios, real-world SANs can be expected to have several
characteristics that enable them to function well, even with over-subscribed links. These characteristics include bursty traffic,
shared resources, low peak usage by devices, good locality, and devices that can generate only a small fraction of the I/O as
compared to the available bandwidth. Most networks have all of these characteristics to some degree. Moreover, organizations
can often realize substantial cost savings by deliberately designing a SAN with a certain amount of over-subscription.
When performance service levels are critical and the bandwidth requirements are high, lower over-subscription levels or traffic
localization should be targeted.
Today, many devices attached to a SAN are not capable of generating traffic at the full Fibre Channel bandwidth of 100
MB/sec or 200 MB/sec. Figure 2-18 and Figure 2-19 detail a simplified scenario using a handful of devices to explain SAN
bandwidth consumption.
Note that in the ISL in Figure 2-18, the total amount of traffic that is intended to cross between switches never exceeds the 200
MByte/sec capacity of the link (assuming a 2 Gbit/sec ISL). Even if the servers in Figure 2-18 are running at their theoretical
maximum performance, there still might be performance bottlenecks with the storage devices. In Figure 2-19, the two servers
are accessing a single storage port, so the 2:1 fan-out of the storage port becomes the limiting factor.
The key to managing bandwidth is capturing or estimating performance requirements and matching these requirements to an
appropriately designed SAN. If the servers are capable of generating 400 MB/sec of traffic and there are two 2 Gbit/sec ISLs
(see Figure 2-19), the network routes the traffic over both of them, and congestion does not occur. The storage port can operate
at only 50 MB/sec; therefore, each server can average only 25 MB/sec. This scenario is common in storage consolidation
environments where many servers need to share a single storage port. However, the I/O requirements for most servers can be
surprisingly low (1 or 2 MB/sec) and a single storage port can sustain many hosts without overwhelming its I/O capability.
M ax 2
00 M B
Hosts /s ec
e c
0 M B /s
M ax 20 SW12000 SW12000
Storage
Ratings indicate how well the topology meets the ideal requirements
of that property (1 = Not well, 2 = Moderately well, 3 = Very well).
Properties Ratings
Ease of scalability 3
Performance 1
Ease of deployment 3
Reliability 1
Cost 3
2.8.1.2. Ring
A Ring (see Figure 2-21) is like a Cascaded fabric, but with the ends connected. The Ring has superior reliability to the
Cascade because traffic can route around an ISL failure or a switch failure. However, it does cost slightly more than a Cascade.
The Ring is usually preferable to the Cascade for that reason. Like the Cascade, the Ring is most suitable when locality is used
to optimize traffic patterns in the fabric. This design is effective for configurations that start small and stay small. It can also be
used when implementing SAN over MAN or WAN, where the topology of the MAN/WAN might dictate the topology of the
Fibre Channel network -- Rings are common MAN/WAN topologies. Finally, a Ring topology is a good choice when the ISLs
are mostly used for management or low bandwidth SAN applications. Table 2-6 charts the properties of a Ring topology.
Ratings indicate how well the topology meets the ideal requirements
of that property (1 = Not well, 2 = Moderately well, 3 = Very well).
Properties Ratings
Ease of scalability 1
Performance 1
Ease of deployment 3
Reliability 2
Cost 3
Ratings indicate how well the topology meets the ideal requirements
of that property (1 = Not well, 2 = Moderately well, 3 = Very well).
Properties Ratings
Ease of scalability 1
Performance 2
Ease of deployment 1
Reliability 3
Cost 1
While partial mesh networks can be scaled to produce a large number of ports, they still have less than ideal performance
characteristics. In addition, partial meshes can be difficult to scale without downtime. As a result, meshes – either full or
partial – are recommended only for networks that will change infrequently, have limited scaling requirements, and where the
traffic patterns of the connected devices are known. Note that the Core/Edge topology is considered a partial mesh and does
not suffer from the previously mentioned performance and scaling issues. With the advent of high port count switches, it is
possible to build reasonably large fabrics, that are considered partial meshes, that only consist of four switches. For example,
using four 64-port switches, it is possible to build a fabric that consists of 256 total ports. Table 2-8 charts the properties of a
partial-mesh topology.
Table 2-8 Properties of a Partial-Mesh Topology
Ratings indicate how well the topology meets the ideal requirements
of that property (1 = Not well, 2 = Moderately well, 3 = Very well).
Properties Ratings
Ease of scalability 1
Performance 1
Ease of deployment 2
Reliability 3
Cost 2
SW24000
Highest
Availability
SW24000 SW24000
Switches that reside in the middle of the fabric are referred to as Core switches. The switches that are interconnected by the
Core switches are referred to as edge switches. The simple form of the Core/Edge fabric has two or more Core elements, each
of which consists of a single switch. In a simple Core, the Core switches do not connect with each other. Edge switches in a
Core/Edge fabric also do not connect to each other. They only connect to the Core switch. Several variants of the Core/Edge
network do not meet this definition. These are discussed later in this section (see section 2.8.2. Hybrid Topologies on page
2-32). Devices such as hosts and storage are attached to free ports on the edge switches. These ports are referred to as edge
ports or user ports. Free ports on the Core switches should usually be reserved for additional edge switches when using
16-port switches and can connect SAN devices for higher port count switches. The scalability of a Core/Edge fabric is reduced
when a device is attached to a Core switch (see section 3.1.5. Connecting Devices To The Core on page 3-13).
Note: A Core/Edge fabric is typically built with two or more Core switches, but can be built with a single Core switch if that
fabric is used in a dual-fabric SAN - the redundant fabric maintains the SAN availability should the single Core switch
become unavailable.
A Core/Edge topology (shown in Figure 2-26) can be built with a variety of switch platforms, such as the SilkWorm 2000
series, 3200, 3250, 3800, 3850, 3900, 12000, and 24000. Selecting the right switch for a Core or Edge location can affect the
maximum size of the fabric. A SilkWorm 24000 is used as the Core in Figure 2-26, as the 128-ports per domain support
enables the size of the fabric to grow to hundreds of ports by connecting edge switches. The edge can be built with a variety of
switch platforms. Note that the SilkWorm 12000 can contain up to 128 ports in a 14U chassis, configured as two 64-port
switches (each switch is known as a logical switch and may also be referred to as a domain). The SilkWorm 24000 can contain
up to 128 ports in a 14U chassis, configured as one 128-port domain.
0 or more
0 or more 0 or more 0 or more
2000 Series
38x0 or 32x0
3900
12000
24000
A key benefit of the Core/Edge topology is the use of FSPF, which automatically distributes the load across all paths equally.
There are two or more paths between any two edge switches in a resilient Core/Edge topology. Because of this, Core/Edge
fabrics have very good performance under varying to zero locality conditions. This concept is depicted in Figure 2-27.
Ratings indicate how well the topology meets the ideal requirements of that property
(1 = Not well, 2 = Moderately well, 3 = Very well).
Properties Ratings
Ease of scalability 3
Performance 3
Ease of deployment 3
Reliability 3
Cost 2
Site A
0-100 KM
Site B
HostTier
Blue Red
Core Core
StorageTier
Note: The Core/Edge topology is identified as a reference topology for the guidelines presented in this chapter.
The Core/Edge topology is preferred for scalable, available, and high performance fabrics for a number of reasons (see section
2.8.1.5. Core/Edge on page 2-29). The guidelines established in this chapter can also apply to other topologies, such as a full
mesh or ring. It is up to the reader to interpret the guidelines in this section for topologies other than Core/Edge. Regardless of
topology chosen, a redundant fabric (i.e. dual fabric) SAN is recommended.
Note: The switch designator 38x0 indicates either a SilkWorm 3800 or 3850, and the switch designator 32x0 indicates either
a SilkWorm 3200 or 3250.
Note: The diagonal recommendations for the SilkWorm 3900 starts in the lower left hand corner of the switch (ports 0-4) and
progress to the upper right hand corner (ports 28-31). Connecting in the opposite order and starting in the upper left
hand corner of the switch (ports 16-19) and progressing to the lower right hand corner (ports 2-15) is also an acceptable
connection strategy.
Connecting ISLs/trunks to the left or right hand side of a SilkWorm series 2000, 32x0, or 38x0 switches does not yield any
availability or performance benefits; however, doing so does result in a switch that is easier to operate since the cable locations
are standardized. For all switches, the adoption of standardized ISL/trunk connections makes it easier to operate and maintain
those switches. If it is possible to connect more than one ISL from an edge switch to a core switch and both switches are trunk
capable, a choice exists to connect the ISLs to different quads for availability purposes or to use trunking. Under these
circumstances, the performance benefits of trunking combined with the resiliency of the Core/Edge topology are felt to result
in a simpler and superior solution. For example when connecting a SilkWorm 38x0 edge switch to a SilkWorm 12000 core
switch with a 3:1 ISL oversubscription ratio, connect using a 2-ISL trunk from the edge to each core instead of connecting two
ISLs spread across separate blades on each core.
SAN SAN
Devices Devices
ISLs/trunks ISLs/trunks
Guideline: Place trunking-capable switches adjacent to each other. This maximizes the number of trunking groups
that can be created. If using a Core/Edge topology, place trunking-capable switches at the core of the
fabric and switches that are not capable of trunking at the edge of the fabric. This allows for the
maximum amount of trunking between core switches and edge switches that are capable of trunking.
Guideline: When more than one ISL connects two trunk capable switches there are two option:
- spread the connections across different quads for availability purposes and not use trunking
- locate the ISLs on the same quad and use trunking (recommended)
Guideline: If trunking is not possible, or more than one trunk/ISL is required between switches, connect trunks and
ISLs from the same switch as follows:
- On the SilkWorm 12000 and 24000, connect multiple ISLs/trunks in redundant groups and connect
these ISLs/trunks horizontally (see Figure 3-3 and Figure 3-4).
- On the SilkWorm 3900, connect the ISLs/trunks on corners of the switch that are diagonally opposed
(see Figure 3-6).
- On 8-port and 16-port SilkWorm switches (SilkWorm 2000 series, 32x0, 38z0), connect the trunks/ISLs
to the either the left or right hand side of the switch (for consistency) see Figure 3-7 and Figure 3-8.
Guideline: For the SilkWorm 24000, 12000, and 3900, create redundant trunking groups when possible. This
protects against multiple ISL failures, optimizes performance, and for the SilkWorm directors it protects
against the rare occurrence of a blade failure. This means that instead of using a single 4-ISL trunk to
connect two SilkWorm 24000s, 12000s or 3900s, utilize two 2-ISL trunks, as shown in Figure 3-2.
1
1 1 ,
nk
rt u
L s
IS nk
4- tru
e L
on IS
of o 2-
ad w
ste e t
In us
1 2 1 2
1 2
Figure 3-2 Use redundant trunk groups when possible for the SilkWorm 3900, 12000, and 24000.
SilkWorm 24000
Slot 1 Slot 2 Slot 3 Slot 4 Slot 7 Slot 8 Slot 9 Slot 10
15 15 15 15 15 15 15 15
12 13 14 15
12 13 14 15
12 13 14 15
12 13 14 15
12 13 14 15
12 13 14 15
12 13 14 15
12 13 14 15
14 14 14 14 14 14 14 14
13 13 13 13 13 13 13 13
12 12 12 12 12 12 12 12
11 11 11 11 11 11 11 11
10 10 10 10 10 10 10 10
9 9 9 9 9 9 9 9
8 8 8 8 8 8 8 8
7 7 7 7 7 7 7 7
6 6 6 6 6 6 6 6
7
7
4 5 6
4 5 6
4 5 6
4 5 6
4 5 6
4 5 6
4 5 6
4 5 6
5 5 5 5 5 5 5 5
4 4 4 4 4 4 4 4
3 3 3 3 3 3 3 3
4-ports
2 2 2 2 2 2 2 2
1 1 1 1 1 1 1 1
0 0 0 0 0 0 0 0
1 1
A llocate 32-ports fo r
Instead of one 4-ISL trunk, use two 2-
IS Ls/tru nks in e igh t
ISL trunks g ro up s for E d g e
sw itch
1 2 1 2
Figure 3-3 Recommended ISL/Trunk Connection Scheme for SilkWorm 24000 Switches Used as Edge Switches
in a Core/Edge Fabric
15 15 15 15
12 13 14 15
12 13 14 15
12 13 14 15
12 13 14 15
14 14 14 14
SilkWorm 12000 13 13 13 13
12 12 12 12
11 11 11 11
10 10 10 10
ISLs/trunks in four 8 8 8 8
6 6 6 6
7
7
4 5 6
4 5 6
4 5 6
4 5 6
5 5 5 5
4 4 4 4
4 ports 3 3 3 3
2 2 2 2
1 1 1 1
0 0 0 0
2 2
1 Yes
1 2
2
1
Figure 3-4 Recommended ISL/Trunk Connection Scheme for SilkWorm 12000 Switches Used as Edge Switches
in a Core/Edge Fabric
Figure 3-5 Do not connect more than one ISL to the same switch port card unless it is part of a trunk.
SilkWorm 3900
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 1 2 3 4 5 6 7 8 9 10
19 11 12 13 14 15
4-ports
2
1 Yes 2
1
2
1 1 2
Figure 3-6 Recommended ISL/trunk connection scheme for SilkWorm 3900 switches used as Edge Switches in
a Core/Edge fabric
4-ports
0 1 2 3 8 9 10 11
4 45 56 67 7 12 13 14 15
SilkWorm 3850
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
SilkWorm 3800
4-ports
Figure 3-7 Recommended ISL/trunk connection scheme for SilkWorm 16-port switches used as Edge switches
in a Core/Edge fabric
2-ports
0 1 2 3
SilkWorm 3250
4 45 56 67 7
0 1 2 3 4 5 6 7 SilkWorm 3200
2-ports
Figure 3-8 Recommended ISL/trunk connection scheme for SilkWorm 8-port switches used as Edge switches in
a Core/Edge fabric
Guideline: Connect storage edge switches and SAN devices horizontally to the SilkWorm 12000 and 24000.
Guideline: Connect storage edge switches and storage to diagonally opposed corners for the SilkWorm 3900. Fill
the remaining quads with host edge switches or host devices.
Guideline: Connect 8 and 16-port storage switches, host edge switches, and SAN devices in groups to realize
operation and maintenance simplicity.
Core
SAN Devices
ISLs/
Or ISLs/
Trunks
Trunks
Figure 3-9 ISL/trunk connection method for SilkWorm 12000 and 24000 switch used as core switch in a
Core/Edge Fabric
S ilk W o r m 3900
S to ra g e E d g e
H o s t E d g e S w itc h C o n n e c tio n s S w itc h e s o r
S to ra g e
S to ra g e E d g e
S w itc h e s o r H o s t E d g e S w itc h C o n n e c tio n s
S to ra g e
S to ra g e E d g e
S w it c h e s o r
S to ra g e
H o st E dge
S w itc h e s
Figure 3-10 ISL/trunk connection method for SilkWorm 3900 switches used as core or standalone switches in a
Core/Edge fabric
Figure 3-11 ISL/trunk connection method for SilkWorm 8 and 16-port switches used as core or standalone
switches in a Core/Edge fabric
Guideline: Distribute devices on the SilkWorm 24000 and 12000 across switch port cards from left to right for
optimal availability.
Ta p e L ib ra ry D isk S to ra g e H o st
SAN
SAN SAN D e v ic e s
Devices Devices
IS Ls/T runks
ISLs/trunks ISLs/trunks
Figure 3-12 Attaching devices for availability on a SilkWorm 24000/12000 used as an edge switch
SilkWorm 3900
4 ports ISLs/
12 ports SAN Devices
trunks
4 ports ISLs/
12 ports SAN Devices
trunks
2 ports 6 ports
ISLs/ SAN 8-port switch
trunks Devices
Figure 3-13 SilkWorm 8-port, 16-port, and 3900 device connection plans for edge switches
Scenario “C” (Edge Attach) is the typical case. The number of available paths between the host and storage is two. In addition,
the core switch ports are available for increasing the size of the SAN by adding new edge switches. The hop count from the
server to the storage is 2-hops. Note that hop latency is two microseconds per hop – an inconsequential latency when
compared to disk I/O, which is measured in milliseconds.
Guideline: Connect devices to a core switch after validating your scaling requirements. Attaching devices to a core
switch limits the size of your SAN, but can result in higher performance.
Figure 3-14 How Device Placement Can Impact Performance and Scalability in a Core/Edge Fabric
A Core/Edge fabric built with two 16-port core switches, while maintaining a 7:1 ISL oversubscription ratio, can scale to 224
user ports. Using two 64-port core switches and maintaining a 7:1 ISL oversubscription ratio, a Core/Edge fabric can scale to
896 user ports and if four 64-port switches are used in the core, a fabric can grow to 1792 user ports. If a higher ISL
oversubscription ratio of 15:1 is used, a fabric built with two 64-port core switches can grow to 1920 user ports and 3840 ports
using four 64-port core switches. The connection of devices to the core lowers the potential size of these SANs. If the fabric
size is expected to exceed 896 user ports, to maintain the flexibility to scale performance and the size of a fabric or if it is
expected to connect devices into the core, it is recommended that four SilkWorm 12000 or 24000 switches be utilized in the
core.
Host Tier
Core Core
The performance characteristics of a Core/Edge fabric make this topology an excellent candidate for tiering (see the discussion
in section 2.8.1.5. Core/Edge on page 2-29 for the reasons why). Also, note the flexibility to increase bandwidth between
devices by adding ISLs to account for varying performance requirements. It is not required to deploy an entirely tiered
architecture. For performance reasons, it may be desirable to establish a hybrid of tiered switches and some switches that are
not tiered. For example, it may be appropriate to connect a high performance host and storage device on the same switch while
maintaining a tiered approach for the other devices in the SAN.
An interesting aspect of a tiered SAN is the visual layout of the switches in the SAN architecture. Note that the two SANs
depicted in Figure 3-16 are identical: each SAN is built with the same number of switches, number of ISLs, ISL connection
points, and device attachment points. The only difference is how the switches are laid out in the figure.
Host Tier
In Figure 3-17, the SANs have the same number of switches, number of ISLs, and ISL connection points; however, the device
connection points are different, as the core switches are utilized for device attachment. These two SANs are topologically
identical, but functionally different. Scalability applies as discussed earlier in section 3.1.5. Connecting Devices To The Core
on page 3-13, when attaching devices to the core scalability is diminished. However, for many to one SAN devices — a single
SAN device that is accessed by many other SAN devices, such as a storage device — connecting devices to the core offers
some performance advantages. The top SAN in Figure 3-17 is sometimes called a two-tier SAN and the bottom SAN is
sometimes called a three-tier SAN. The device attachment points, not the layout of the switches, differentiate a two-tier SAN
from a three-tier SAN.
Host Tier
Host Tier
Guideline: Significant scalability enhancements, such as improved performance of zone checking, RSCN
distribution, and name server, along with improved quality and new functionality are incorporated into
Fabric OS versions 2.6.1, 3.1, and 4.1 and later versions. It is recommended to utilize these versions of
Fabric OS at a minimum and it is preferred to run versions 2.6.2, 3.1.2, and 4.2 versions of Fabric OS.
Guideline: For large SANs that exceed several hundred devices, it is necessary to run at a minimum Fabric OS
versions 2.6.1, 3.1, and 4.1 or later versions.
Note: The term Control Processor is associated with a SilkWorm 24000 and 12000 component/FRU (field replacable unit).
The SilkWorm 2000 series, 32x0, 38x0, and 3900 series switches do not have a FRU specifically associated with it and
when CP is used in the context of other SilkWorm switches, the reference is to the switch CPU and not a FRU.
Guideline: Do not exceed 728 user ports in a fabric that uses SilkWorm 2000 series switches.
The SilkWorm 3250 and SilkWorm 3850 utilize a different and more powerful control processor than the legacy SilkWorm
3200 and 3800 switches. Additionally, the SilkWorm 3250 and 3850 are configured with more memory than the SilkWorm
2000 and 3800 switches. These additional resource position the SilkWorm 3250 and 3850 to function in larger fabrics;
however, the trade-offs of managing numerous lower port count switches versus fewer high port count switches need to be
considered as part of the SAN design and deployment planning process.
Note: The SilkWorm 12000 currently supports up to two domains per chassis, while the SilkWorm 24000 currently supports
one domain per chassis.
Note: With Secure Fabric OS, only one fabric per SilkWorm chassis is supported.
Guideline: For maximum fabric scalability and availability, it is highly recommended to use FOS 2.6.1, 3.1 or 4.1
or later on all Brocade SilkWorm switches.
A A B B
A A B B
Hot code activation (HCA) is one of the features in Fabric OS 4.1 and later versions. The defining characteristic of hot code
activation is that while a new firmware image is being activated on a switch there is no disruption of end-to-end data flow
between the hosts and storage devices. No disruption means no dropped frames, no retries, and no time-outs. The ASICs on
the switch continue to process frames while the new firmware is being activated. Hosts that are logged into their targets will
never be aware that anything has happened. This lack of end-to-end data disruption can be achieved with Fabric OS 4.1 on the
SilkWorm 24000, 12000, 3900, 3850, and 3250.
A redundantly configured SilkWorm 24000 and 12000 can pass control to its standby Control Processor as part of the
firmware activation. Critical fabric services are available in about 2 seconds, with all fabric and management services fully
available in less than ten seconds. The SilkWorm 3900, 3850, and 3250, with only one Control Processor, must shutdown and
reboot Fabric OS as part of the HCA process. This process completes in less than 60 seconds, with the critical fabric services
available in about 50 seconds. Again, although there is a window when fabric services are unavailable, there is no disruption to
end-to-end data flow between SAN devices.
Because it takes longer to do hot code activation on the SilkWorm 3900, 3850, and 3250, the switches directly linked to the
SilkWorm 3900, 3850, or 3250 need to be tolerant of the 60 seconds when fabric services from the SilkWorm 3900, 3850, or
3250 are not available. Brocade has made the necessary modifications to Fabric OS v3.1.0 and v2.6.1 and later versions to
extend the time-out values so that link and fabric re-configuration is avoided.
Guideline: It is strongly recommended that customers deploy neighboring switches (i.e. immediately connected via
an E-port) to the SilkWorm 3900, 3850, and 3250 with Fabric OS v2.6.1 (or later) on the SilkWorm 2000s
series, Fabric v3.1.0 (or later) on the SilkWorm 3200/3800, or Fabric v4.1.0 on the SilkWorm
3250/3850/3900/12000/24000.
Guideline: To prevent unnecessary disruptions in the fabric when firmware is activated on a SilkWorm 3900, 3850,
or 3250, it is recommended that any switches directly connected to the SilkWorm 3900, 3850, or 3250
use Fabric OS v2.6.1, v3.1.0, or v4.1.0 (or subsequent versions).
Guideline: The implementation of zoning is recommended for any SAN and especially critical for any large fabric.
Zoning is fundamental to the functioning of multi-hundred port fabrics.
With Fabric OS v3.1/v4. 1 and later, zoning changes cause different RSCN (Registered State Change Notification) behavior. In
Fabric OS v3.1/v4. 1 and later, when zone changes are enabled or disabled, fabric RSCNs are only sent to devices that
completed an SCR (State Change Registration) and that are in the affected zones. In all Fabric OS v2.x releases, the locally
connected devices that completed an SCR will receive these RSCNs, regardless if the device is affected by a zone change.
With a mixed fabric, the devices in the zones that are affected, as well as all devices local to the Fabric OS v2.x switches,
receive an RSCN. The RSCN filtering of a device is handled by the Name Server of the switch to which it is attached. The
Fabric OS of the switch that originates a zoning change is irrelevant.
Guideline: Make certain devices which require RCSN suppression are directly attached to a switch running Fabric
OS version 3.1 or 4.1 or higher.
Note: The maximum zoning database size for SilkWorm 2000 series, 3200, and 3800 switches is 96 KB and 128 KB for
SilkWorm 3250, 3850, 3900, 12000, and 24000 switches. A switch with a zoning database size limit of 96 KB limits
the size of the zoning database for the whole fabric to 96 KB.
Guideline: Limit the name of an alias, zone or configuration to as few characters as possible while maintaining
meaning of that name. Target 16-characters or less for an alias, zone, or configuration name.
Guideline: For SANs that exceed several hundred ports, monitor the size of the fabric-zoning database with the
command cfgSize.
Guideline: Routinely review a zoning configuration to identify unused aliases, zones, and configurations and then
remove these unused entries.
Note: The following minimum version requirements apply for fabrics that need secure mode enabled:
SilkWorm 2000 Series
- Fabric OS version 2.6.0 (or higher) with the Security license - for fabrics containing only SilkWorm 2000 series
switches
- Fabric OS version 2.6.2 (or higher) with the Security license - for secure fabrics containing a SilkWorm 2000
series switch and any of the following SilkWorm switches: 3200, 3250, 3800, 3850, 3900, 12000, 24000.
-SilkWorm 3200 and 3800 switches
- Secure Fabric OS version 3.1 (or higher) with the Security license
-SilkWorm 3900 and 12000 switches
- Secure Fabric OS version 4.1 (or higher) with the Security license
SilkWorm 3250, 3850, and 24000 switches
- Secure Fabric OS version 4.2 (or higher) with the Security license
Note: In a fabric that contains SilkWorm 2000 series switches, the maximum security DB size is limited to 32 KB, with
16 KB active. In a fabric containing SilkWorm 32x0, 38x0, 3900, or 12000 switches, the security DB size maximum
is 128 KB, with 64 KB active. For all fabrics, the maximum number of DCC policies is limited to 620. Use the
command secactivesize to monitor database usage.
Guideline: It is highly recommended to upgrade to the latest version of Fabric OS compatible with your switch, prior
to introducing a SilkWorm 24000 to your SAN. Contact your switch vendor for details.
To run with secure mode enabled, designate one or more switches as the Fabric Configuration Server (FCS). FCS switches are
“trusted” switches and are used for managing fabrics where secure mode is enabled. These switches should be both
electronically and physically secure. You can specify a Primary FCS switch and one or more Backup FCS switches, to provide
failover ability should the Primary FCS switch fails. All management access to the fabric must flow through the Primary FCS
switch. Should the Primary FCS switch be unavailable, it then becomes necessary to use the first available Backup FCS switch
for managing the fabric. Please reference Brocade Secure Fabric OS® User’s Guide Version 3.1 / 4.1 (part number:
53-0000526-02) and the Brocade Secure Fabric OS® Quickstart Guide Version 2.6.1/3.1 / 4. (part number: 53-0000352-02)
for further detail about Secure Fabric OS. The ability exists to use the Backup FCS via automatic failover or manually. In case
where a Backup FCS is utilized manually, the user can pick any switch designated as a Backup FCS. In cases of automatic
failover, the first Backup FCS switch designated will be used.
The Primary FCS switch is a central point for distributing fabric configuration information and management changes.
Establishing the core switch in a Core/Edge fabric as the Primary FCS is recommended since the core switch is optimally
located to communicate with all other switches in the fabric. There are several other reasons, which are discussed in section
3.5. Switch Location In The Fabric on page 3-24, for configuring one of the core switches as the Primary FCS. For the same
Guideline: Use one of the core switches in a Core/Edge topology as the Primary FCS switch for secure fabrics.
Guideline: In a Core/Edge topology, designate at least two additional switches as Backup FCS switches. It is
recommended to use the other core as the first Backup FCS and an edge switch as the second Backup
FCS.
Guideline: When deploying a secure fabric that spans multiple sites, ensure that there is at least one Backup FCS
at each site.
Figure 3-19 Recommended Location of Primary and Backup FCS Switches in a Core/Edge Topology
Guideline: Select a core switch in a Core/Edge topology as the primary management switch for zoning, time
services, Fabric Manager, Web Tools, and general administrative access.
The establishment of a principal switch in a fabric can vary based on upon the state of the fabric, switch WWN, and whether
other switches/fabrics are merging into that fabric. A switch that is the principal switch in a fabric today may not be a principal
switch after a new switch or switches are added to that fabric or if that fabric reconfigures. The implementation of the
fabricprincipal command is based solely on mechanisms specified in the Fibre Channel standards. These mechanisms
provide a preference for a switch requesting to be the principal switch in a fabric, but they do not provide an absolute
guarantee that a switch requesting to be the principal switch will actually achieve this status.
Note: Note that the fabricprincipal is only available in Fabric OS version 4.1.0 or later.
Guideline: Identify the primary management switch in the fabric as the preferred principal switch by using the
command fabricprincipal.
Primary Backup
Management Management
Switch Switch
Figure 3-20 Primary and Backup Management Switch Location and Functions in a Core/Edge Topology
Guideline: Place 2 Gbit/sec switches adjacent to each other and for Core/Edge topologies, place the first 2 Gbit/sec
switches in the core and subsequent 2 Gbit/sec switches at the edge.
Not
2Gbit/sec
2 Gbit/sec
end to end
2800 3800 end to end
Figure 3-21 End to End 2 Gbit/sec Paths and 2 Gbit/sec Device Locality
SilkWorm 3900 Very High Hot code activation, redundant and hot swappable power and cooling
SilkWorm 3850 Very High Hot code activation, redundant power and cooling
SilkWorm 3800, High Redundant and hot swappable power and cooling
2800, 2400
SilkWorm 3200, Medium No redundant or hot swappable power and cooling. SilkWorm 3250
3250, 2x00, 20x0 implements hot code activation
A dual Core/Edge fabric SAN is redundant and resilient. A Core/Edge SAN is resilient and can sustain operations in the event
that a single core fails. I/O operation can continue when an edge switch fails if a redundant fabric with multipathing software
is implemented. From an availability perspective, any SilkWorm can perform as a core switch in a Core/Edge fabric. To
eliminate disruptions in the fabric and to I/O due to firmware activation or during a failure, a SilkWorm 12000 or 24000 is
recommended. The SilkWorm 12000 and 24000 offer the highest availability and up to 128-ports per chassis. If scaling
requirements do not dictate a several hundred port SAN, consider still using the SilkWorm 12000 or 24000 in the core,
populating the core remaining ports with devices that require the highest availability of I/O or the performance of a core
connection, and connecting devices that require lower availability to lower availability edge switches. Select and connect edge
switches based upon the SAN device availability requirements, as shown in Figure 3-22.
Guideline: For the highest fabric and I/O availability, deploy SilkWorm 12000 or 24000 switches in the core and
either SilkWorm 3250, 3850, 3900, 12000 or 24000 switches on the edge of a Core/Edge fabric. SAN
devices requiring lower availability can connect to SilkWorm 2000 series, 3200, and 3800 edge
switches.
Guideline: Using two separate SilkWorm 12000 or 24000 chassis in the core increases availability even further.
12000 or 12000 or
24000 24000
3800 3800 2800 2800 3850 3900
y 2 x 17 + 2 x 14 — 35 switches total
y 760 usable ports
1 ISL
38x0
2 ISLs
3900
4 ISLs
12000 or 24000
8 ISLs
Guideline: When designing a fabric that exceeds 728 user ports or is expected to grow past 728 user ports, it is
suggested to exclusively utilize SilkWorm 3900, 12000 and 24000 switches in the core and the edge
since it is felt to be easier to manage fewer large switches versus many smaller switches.
Guideline: Use four SilkWorm 12000 domains or two SilkWorm 24000 domains in the core of a Core/Edge topology
if the size of the fabric is expected to exceed 896 user ports or a large number of devices are going to
be connected to the core.
Guideline: The practical limit for a simple Core/Edge fabric using 16-port core switches is 224 user ports. Use a
SilkWorm 24000, 12000 or 3900 in the core if the Core/Edge fabric is expected to exceed 224 user
ports.
The fabric topologies recommended are all Core/Edge topologies. The formats for these recommendations are templates. The
SAN designer can use these templates to adapt to meet their requirements. The key is to map these requirements to a supported
SAN design. The definition of whether or not a SAN design is supportable is up to the support partner and there are several
variables involved with determining this support (see section 3.6. Scalability Support and Testing on page 3-29). Six
recommended fabric topologies are provided:
Highest Availability Fabric Topology: A fabric built with the most highly available switches, implementing a 7:1 ISL
oversubscription ratio, and offering the highest fabric and I/O availability (see Figure 3-25).
Low Cost Per Port Fabric Topology: A fabric topology built with high ISL oversubscription ratios (low performance,
fewer ports used for ISLs), resulting in a higher number of user ports (see Figure 3-26).
High Performance Fabric Topology: A fabric built with low ISL oversubscription ratios (high performance, more ports
used for ISLs), resulting in a lower number of user ports (see Figure 3-27).
Very Large Fabric Topology: A fabric topology using two SilkWorm 24000 cores that is capable of scaling to 4352/3840
total/user ports (see Figure 3-28).
Small Fabric Topology: A fabric that uses smaller switches and is capable of scaling to 288/224 total/user ports (see
Figure 3-29).
Extended Distance Fabric Topology: A fabric topology recommended for connecting SANs that span multiple sites and
where the availability of connections between sites is limited (see Figure 3-30).
A topology can be selected based on cost, performance requirements, availability requirements, or scaling requirements. Once
a topology is selected, it is up to the SAN professional to determine the quantity and type of edge switches, locality model, and
to customize the ISL oversubscription ratios.
Note: All Core/Edge topologies can start small (see Figure 3-24) and grow as large as the maximum port counts specified.
In some topologies, the maximum port count is specified as a range, since this count is a function of the ISL
oversubscription ratio implemented and the type of switch utilized.
2000 Series
38x0 or 32x0
1 ISL
3900
2 ISLs
Figure 3-24 A Four Switch Partial Mesh is the Start of Every Core/Edge Fabric Topology
Guideline: Regardless of selected Core/Edge fabric topology, it is recommended to implement the selected
topology as a dual fabric SAN.
Note: Use these topology templates in conjunction with your support provider to develop a supported SAN design. The port
counts indicate what the topology is capable of scaling to, not what a support provider will support.
Note: The SilkWorm 12000 switches represented in Figure 3-25, Figure 3-26, Figure 3-27, and Figure 3-28 represent logical
switches. Each switch could reside in a chassis by itself or with another SilkWorm 12000 logical switch in the same
chassis.
0 or more 0 or more
0 or more 3900 0 or more 12000/24000
2000 series 38x0/32x0
2000 Series
38x0 or 32x0
3900 2 ISLs y Up to 1024 total ports
12000/24000 4 ISLs y Up to 768 user ports
8 ISLs y 3:1 ISL oversubscription ratio
0 or more 12000/24000
0 or more 3900
0 or more 0 or more
0 or more 3900
2000 series 32x0/38x0
2000 Series
y Up to 288 total ports
38x0 or 32x0
1 ISL y Up to 224 user ports
3900
2 ISLs y 7:1 ISL oversubscription ratio
Site A
0-100 KM
Site B
Note: Fabric Manager 4.1.1 is required for management of the SilkWorm 24000, 3850 and 3250 (switches running Fabric
OS 4.2). Older versions of Fabric Manager will not support these new platforms.
Guideline: For full management support of the SilkWorm 24000, 3850 and 3250 from switches that support Fabric
OS 2.x or 3.x only, use Fabric OS versions 2.6.2 and 3.1.2 or greater.
Older versions of firmware have been tested in various SAN fabric configurations. For supported backwards compatibility
information, please refer to the switch provider documentation and official support statements.
SilkWorm 24000 Fabric OS 4.2 or later Fabric OS 4.2 or later Linux kernel
SilkWorm 3850 Fabric OS 4.2 or later Fabric OS 4.2 or later
SilkWorm 3250 Fabric OS 4.2 or later Fabric OS 4.2 or later
SilkWorm 12000 Fabric OS 4.1.x or later Fabric OS 4.2 or later
SilkWorm 3900 Fabric OS 4.1.x or later Fabric OS 4.2 or later
SilkWorm 3800 Fabric OS 3.1 or later Fabric OS 3.2 or later VXWORKS
UNIX
SilkWorm 3200 Fabric OS 3.1 or later Fabric OS 3.2 or later
SilkWorm 2000 Family Fabric OS 2.6.1 or later Fabric OS 2.6.2 or later
For complete list of all commands, refer to the appropriate Brocade Fabric OS Reference Guide for each version of Fabric OS.
For typical Fabric OS configuration tasks, refer to the appropriate Brocade Fabric OS Procedures Guide for each version of
Fabric OS. The Brocade Fabric OS Procedures Guide provides instruction on how to do most of the configuration activities
discussed in this section. These manuals are available on the Documentation CD shipped with Brocade SilkWorm switches.
Note: Fabric OS 4.2 only supports a single domain within a SilkWorm 24000 chassis.
When the SilkWorm 24000 is fully populated, POST takes up to 15 minutes to complete from a cold start. POST occurs in two
phases. Each phase is a series of pre-defined diagnostic tests that checks everything from flash memory to internal link
integrity. Once the SilkWorm 24000 is installed, configured, and the diagnostic tests have completed successfully, there is no
requirement to have them turned on. Use diagdisablepost to prevent the switch diagnostic tests from running after a reboot or
cold start. The default setting has diagnostics turned on.
Guideline: Upgrade to the Full Fabric licensed option if using the SilkWorm 3850 or 3250 as part of a fabric of four
or more switches.
X X X Online help text for zoning and other commands more consistent across FABOS versions.
X X X Boot Over SAN enhancements to allow greater HBA and switch interoperability
X Flash the SilkWorm 12000 and 24000 blower LED when a blower has been disabled.
• Some equipment may have long order lead times, so it is important to identify
what is needed as soon as possible.
• For cables that will be run underneath a raised floor, not having enough cut tiles
is a potential stumbling block.
• Heavy equipment, such as the SilkWorm 12000/24000, should be near the
bottom of the rack for maximum stability.
Note: The power supplies are not interchangeable between the SilkWorm 2000 family of switches and the SilkWorm
3200/3800. Power supplies cannot be interchanged between the SilkWorm 3200/3800 and SilkWorm 3900.
Guideline: If only one power supply is used, the default settings of switch environmental policies will cause the
switch to be in a marginal status. Use switchstatuspolicyshow at the command line to see the
current environmental settings and switchstatuspolicyset to change them. Web Tools will show
the switch image highlighted in an amber color as a warning. This setting can be configured
administratively as discussed in Section III SAN Management.
Figure 5-1 Cable management provides weight relief for the cable sheath at the connector.
Proper cable management facilitates easy cable identification, which is important for accommodating the growth of the SAN.
Good cable management is an art. Everyone has a different style that can be applied to the unique structural characteristics of
the site. Thus, there is no single solution for proper cable management. There are endless variations on doing it right. The next
few sections will highlight some general guidelines on managing cable connections that can be applied to almost every
situation. For additional cable management guidelines please refer to Appendix A, Cabling Design and Management.
Use cable guides to solve these problems. There are horizontal and vertical cable guides for standard EIA racks. Horizontal
cable guides come in a variety of shapes and generally take up at least one rack unit. Vertical cable guides are generally much
wider and up to 42 U in height, which is the standard size of an EIA rack. These generally are mounted along the side, so extra
floor space is required for them. Telco racks have their own methods of management. Be sure to ask the Telco rack vendor for
cable management options. Both types have “fingers” that allow the cables to be held while being run across the rack or
plugged into a switch port. This may be expensive when considering the value of rack space so the customer may choose not
to do it. However, the organizational benefits are enough to justify the expense alone. Figure 5-3 shows how effective cable
guides are at achieving proper management.
Guideline: Use horizontal and vertical cable guides for cable management. Include them in your rack planning.
Guideline: Plan out the floor space and install the guides before staging the racks with the equipment. Often times,
the cable guides are secured to the racks themselves. Once the equipment is plugged in and the cables
have been run, installing cable guides in the racks become much more costly as power cables and racks
must be moved or removed.
Guideline: If using seismic platforms, allow enough cable slack for effective movement.
Guideline: For Trunk groups, use Velcro tape and spacers (sometimes called pillars) to bundle the cables into
groups. Not only does this alleviate the weight, it also allows for effective cable organization. As an
added plus, trunk group identification is easily attained when this is accomplished.
Guideline: Rack the cable side of the switches on the same side where the HBAs and storage ports are located.
Typically these ports are located on the “back” of those devices. This will prevent cables having to be
run along the inside and side of an EIA rack. Be aware of potential cooling issues when doing this.
Guideline: Label the fiber optic cables or use fiber optic cables that are already numbered, such as with serial
numbers. This information can be used to build a spreadsheet of devices, switch ports and the cables
that connect them together.
Guideline: Allow manageable cable slack for sliders on rack mount kits.
Guideline: Cable guides should always be used in patch panels. This is because patch panels are a natural cable
collection point and the scene of many potential problems.
Note: Some of the cable trays are open to show how the cables are run.
T o ta l U n its A va ila b le 42
T o ta l U n its U se d 3 9.5
T o ta l U n its R e m a in in g 2 .5
Note: In this example the extra space for airflow is made available through the use of cable guides.
Guideline: Avoid crossing over rack unit boundaries. Count them before installing the equipment. Some EIA racks
have rack units pre-numbered.
Guideline: For larger chassis, such as the SilkWorm 12000/24000, create a hole schedule template to assist with
planning the rail locations. This is useful when a variety of different sized equipment is installed.
Guideline: When racking, use cage nuts with built in threads for the screws. To facilitate installation, mark the unit
boundaries on the rack before installing the nuts.
Guideline: To simplify cable management, rack the cable side of the switches on the same side where the HBAs
and storage ports are located.
Guideline: When racking switches, totaling ten or more rack units, make sure sufficient air flow is available to cool
the switches. This can be done by spacing the switches appropriately or using a rack fan.
Guideline: Forced airflow is required when using solid doors in the rack, such as those made of Plexiglas.
Documentation Checklist
1. Get an Equipment Binder for each rack
2. Logical Design Diagram
3. Switch Spreadsheet
4. ISL Port Map
5. Device Spreadsheet
6. Label All Cables
7. SAN Verification Test Plan Requirements
8. SAN Verification Test Plan
1. Equipment Binder
It is good practice to a put together a binder for each rack. Keep all of the configuration information in the binder,
including the rack layout, make and model of each piece of racked equipment, serial numbers, physical cable connections,
the names on the labels, etc. As part of the binder, keep all of the service logs to track that history for each piece of
equipment. If at all possible, keep this attached to the rack physically.
2. Switch Spreadsheet
Keep track of all Brocade switches. Include switch name, IP address and domain name as well as the role. An example of
a spreadsheet is shown in Table 5-5. This may be reflected in the switch name, for example A-C1, designates this switch
as the first core switch in Fabric A.
Guideline: Set unique domain numbers for each switch in the SAN. This allows for simpler merging of fabrics.
Guideline: As a convention, consider setting the domain ID of each switch to the last octet of its IP address. Be
aware that the highest allowed domain number is 239.
Fabric A Fabric B
Fabric A Fabric B
4. Device Spreadsheet
The other piece of information that should be included is a device spreadsheet from the host perspective. Include
hostname, IP address, HBA make model and WWN, host and storage physical connections, storage LUN assignment map
etc. For an example of a device spreadsheet, refer to Appendix D, Site Survey Templates.
5. Logical Design Diagram
Create a picture of the logical design. Keep it simple and be careful of adding too much information. The idea is to
represent the SAN topology as well as host and storage connections. As an example, see Figure 6-1 on page 6-2, which
depicts the case study.
Guideline: If possible, use persistent binding on the host. This will provide consistent controller, target and LUN
numbers for each storage LUN. Backup applications are especially sensitive, as these numbers map
directly to the backup application device identities.
Guideline: If using WWNs, zone by World Wide Port Name (WWPN) rather than World Wide Node Name (WWNN).
This is because a WWPN uniquely identifies a port to which a target is attached. Some Multipathing
software may get confused and not be able to discover targets properly. This is especially true when
using multi-port HBAs.
Guideline: Be aware of mixing different HBA vendors in a single zone. Each vendor HBA responds differently to
RSCNs, a method to notify an HBA for device discovery, and may cause one of the HBAs to lose the
zoned device.
Guideline: In addition it is recommended to have single initiator zones, that is one HBA per zone.
Guideline: Separate HBAs from each other for clustered hosts. Allow each HBA to see the same storage but not
each other. Once again, RSCNs, may cause the clustered host HBA to lose the storage array.
Caution: All updates from a Fabric OS prior to 2.6.1, 3.1 and 4.1 will be disruptive.
For Fabric OS 4.x, only the FTP protocol is supported for firmware upgrades. Upgrades from Fabric OS 4.0.x to 4.1 or 4.2 —
depending on SAN architecture — are disruptive, so be sure to schedule downtime. Upgrades from Fabric OS 4.1 are
non-disruptive.
The SilkWorm 3900 and 24000 allow two admin telnet sessions. The SilkWorm 12000 allows two telnet sessions per logical
switch. Use one for firmwaredownload and the other for firmwaredownloadstatus.
Firmwaredownloadstatus is a handy command that shows a log of each upgrade phase. When complete, use
firmwareshow to display the firmware version on each compact flash partition.
Table 5-9 Upgrade Planning Checklist
Warning: Hard setting a preferred principal switch is not completely deterministic, especially in large fabrics. Secure Fabric
OS also affects its reliability. Use of sequenced reboot feature of Fabric Manager mitigates these two limitations.
After an un-managed reboot (such as a power failure recovery) do a sequenced reboot under Fabric Manager
control to ensure an orderly switch-by-switch reboot.
Guideline: For Core/Edge topologies, such as the case study, it is recommended to select a core switch as the
Primary FCS. Use a SilkWorm 12000 or 24000 core fabric switch as the Primary FCS or trusted switch
if available.
Warning: All the items in Table 5-11 will be wiped out on switches that are allowed to be added to a Secure Fabric OS
enabled fabric, and replaced by the Primary FCS switch. It is highly recommended to NOT add switches that
contain zoning information, before making a backup with configupload, since all zoning configurations will
be written over.
Guideline: During the configuration of the SNMP community strings, change the default passwords of “public” and
“private”.
MAC Policies: SNMP, Telnet, These policies are in the “No Policy” state by default; as such, they do not limit
HTTP, SES, Management Server or block access.
(MS) Serial,
Front Panel (SilkWorm 2800 only)
Switch Connection Control (SCC) The SCC is set to “No Policy” by default: a switch with any WWN can connect
to the fabric.
Device Connection Control (DCC) The DCC is set to “No Policy” by default: any device can connect to any port.
Options By default, options are not enabled and therefore allow WWW zoning, for exam-
ple.
Note: If more information is desired, each checklist item is expanded upon in the subsequent sections.
Guideline: Setting the Core PID at the initial staging phase, on Fabric OS 2.x or 3.x based switches, will allow for
a seamless introduction of a switch running Fabric OS 4.x into the SAN fabric.
Now that these steps are complete, the SAN is ready for Secure Fabric OS deployment. In order for deployment to be
effective, there needs to be an understanding of what is going to be done. 5.13. Planning the Secure Fabric OS Implementation
on page 4-26 provides some guidelines to consider when putting together this plan.
Warning: Each switch in the fabric needs to be rebooted to activate Secure Fabric OS. Be aware that enabling Secure Fabric
OS will reboot BOTH CPs simultaneously on the SilkWorm 12000 and 24000. It is recommended to schedule
downtime on single fabric SANs before enabling Secure Fabric OS.
Guideline: It is highly recommended to select a Core switch (preferably a SilkWorm 24000 or 12000) as the
Primary FCS switch. If the fabric has contains more than four switches, select a minimum of three
Backup FCS switches.
Guideline: Consider a locked closet to physically secure the Primary and Backup FCS switches and/or the
management station.
Warning: The Primary FCS databases are not automatically backed up when secure mode is enabled. Data will be lost if the
FCS switch is not backed up before the command secmodedisable is done on the Primary FCS switch. To
backup the Secure Fabric OS data, use the command configupload on the Primary FCS.
Note: Sectelnet or SSH must be used to administer the Primary FCS switch when running Secure Fabric OS. Brocade
Sectelnet requires digital certificates are installed on each switch to be administered. This utility only encrypts the
passwords sent over the LAN, all other commands are sent as clear text. Refer to section 6.5.3.2. Verify Digital
Certificates Exist on page 6-31 for more the commands used to verify digital certificates.
Note: In a fabric that contains switches running Fabric OS 2.x, the maximum security DB size is limited to 32 KB, 16 KB of
which can be active. In a fabric containing switches running Fabric OS 3.x or 4.x, the security DB size maximum is
128 KB, 64 KB of which can be active. For all fabrics, the maximum number of DCC policies is limited to 620.
Caution: When using a switch with Fabric OS 2.6.1, and Secure mode enabled as an FCS switch, the maximum
database size is 16 KB.
5.16.1. Overview
All Brocade SilkWorm switches, except for the SilkWorm 1000 Series, support a separate buffer-to-buffer flow control circuit
for each of the eight virtual channels (VCs) used on ISLs. Of the eight VCs used, four are used for management of Fibre
Channel unicast frames and each are loaded with five credits on a Normal (L0) ISL. This allows switches to be interconnected
at distances of up to 5km for 2 Gbit/sec links and 10km for 1 Gbit/sec links.
The Brocade Extended Fabrics license allows ISLs to be connected at up to 60km for 2 Gbit/sec links and up to 100km for
1 Gbit/sec links, while maintaining maximum bandwidth. This is accomplished by compacting credits on all four virtual
channels normally used for unicast frames onto a single virtual channel (VC 2). Fabric OS v2.6 has three EF modes that can be
used to configure the amount of credits available to ISLs on long distance links. An additional LE mode that supports
2 Gbit/sec Fibre Channel (FC) performance at 10 km without requiring an EF license was introduced in Fabric OS v3.0/v4.0.
Two new modes were introduced in Fabric OS v3.1 and v4.1 that allow for further enhancements to extended distance links.
In a mixed fabric configuration, where long distance ports are installed on switches running Fabric OS 3.x and/or 4.x, only
port level configuration is required. If a long distance ISL is created between two SilkWorm 2000 Series switches in a mixed
fabric, then the fabric wide long distance parameter must be set on all switches within the fabric, as well as port level
configuration on the long distance ports.
Brocade Security features are supported on Extended Fabric links. This includes connections over dark fiber and DWDM
networks.
Note: When upgrading from Fabric OS v4.0.x to Fabric OS v4.1.x (or later) all Extended Fabric ports will be set to L0 mode.
Be sure to reconfigure the Extended Fabric ports appropriately if using Extended Fabrics.
Note: Long distance links are not supported from a SilkWorm 2000 series switch to a SilkWorm 3200/3800 or 12000. The
links following links are not supported: SilkWorm 2x00-to-3x00 or 2x00-to-12000/24000.
Note: The Brocade Trunking feature, which allows multiple ISLs within a quad to load balance traffic, is not currently
supported on ports configured for Extended Fabrics.
LE 13 19 ~ 10 km 3.x, 4.x NO
L1 27 54 50 km 50 km All YES
Guideline: For switches running Fabric OS 3.1/4.1 or greater, use LD mode for long distance connectivity.
Note: Upgrades are straight forward on a single domain SilkWorm 12000 and can easily be done without down time
assuming either a dual fabric or that the SilkWorm 12000 is part of a dual core in a Core/Edge fabric. If the SilkWorm
12000 is part of a dual domain or both domains are utilized, please refer to your switch vendor for detailed guidelines.
Guideline: For minimal disruption when scaling a SAN Fabric, it is strongly recommended to build out the SilkWorm
12000 chassis with SilkWorm 12000 port blades. Non-disruptively add a SilkWorm 24000 chassis as
required to increase the desired port count.
Guideline: For an online list of commands, use the help command. To view the online command reference, use the
command help <command>. For example, help tsclockserver will provide the online reference
for the tsclockserver command. For more information please refer to the Brocade Fabric OS
Reference Guide.
Sun W2000
2800 2800 3800 3800 3900 2800 2800 3800 3800 3900
2ISLtrunk
1ISL
Caution: If the sequence is not followed, some hosts may not be able to access the storage devices.
1. IP Infrastructure
2. Brocade Switches
3. Storage Devices
4. All Hosts
As of Fabric OS 2.6.1, 3.1 and 4.1, Sensorshow can be used to display the status and values of each FRU.
int219:admin> sensorshow
sensor 1: (Temperature) is Ok, value is 46 C
sensor 2: (Temperature) is Ok, value is 43 C
sensor 3: (Temperature) is Ok, value is 32 C
sensor 4: (Temperature) is Ok, value is 45 C
sensor 5: (Temperature) is Ok, value is 43 C
sensor 6: (Fan ) is Ok, speed is 3308 RPM
sensor 7: (Fan ) is Ok, speed is 3341 RPM
sensor 8: (Fan ) is Ok, speed is 3308 RPM
sensor 9: (Fan ) is Ok, speed is 3409 RPM
sensor 10: (Fan ) is Ok, speed is 3308 RPM
sensor 11: (Fan ) is Ok, speed is 3341 RPM
sensor 12: (Power Supply ) is Ok
sensor 13: (Power Supply ) is Ok
Figure 6-5 Sensorshow Command Output
int195:admin> portcfgshow
Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
-------------------+--+--+--+--+----+--+--+--+----+--+--+--+----+--+--+--
Locked L_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked G_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Disabled E_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Persistent Disable .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
where ..:OFF, ??:INVALID.
Portcfgshow Command Output for Fabric OS 2.6.1
sialab89:admin> portcfgshow
Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
-------------------+--+--+--+--+----+--+--+--+----+--+--+--+----+--+--+--
Speed AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN
Trunk Port ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON
Long Distance .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
VC link init .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked L_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked G_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Disabled E_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Persistent Disable .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
ISL R_RDY Mode .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
where AN:AutoNegotiate, ..:OFF, ??:INVALID. LM:L0.5
Figure 6-6 Portcfgshow Command Output for Fabric OS 3.1
Once attached, and with the terminal program running, hit Enter a few times to initiate the connection. The switch will
respond with a login prompt.
1. At the prompt, log on as admin and type the command ipAddrSet to set the IP address.
sw0:admin> ipAddrSet
2. Enter the IP Address at the prompt. The example below uses 10.1.23.92.
Ethernet IP Address [192.168.155.89]: 10.1.23.92
3. At the Ethernet subnet mask prompt enter the subnet mask. The example uses 255.255.255.0.
Ethernet Subnet Mask [255.255.255.0]: 255.255.255.0
4. For the Fibre Channel IP address and subnet mask, make sure these are at the default value which is [none]. All factory
installed units are pre-set with this. To reset to the default values enter 0.0.0.0 as shown.
Fibre Channel IP Address [none]: 0.0.0.0
Fibre Channel Subnet Mask [none]: 0.0.0.0
5. Enter the Gateway Address. Since this is on a private VLAN with the Management Station, keep the default of [none] by
hitting Enter. If not at the default value, use 0.0.0.0 to reset it to [none], this is shown below. Enter Y to the configure the
IP addresses immediately.
Gateway Address [none]: 10.1.23.1
Set IP addresses now?
[y = set now, n = next reboot]: y
Committing configuration...done.
The IP configuration is complete. Repeat 1-5 for the remaining switches in each fabric.
When the switch has been configured with an IP address, a telnet, Web Tools or Fabric Manager session can be initiated from
a management host for administrative purposes.
Guideline: Like Fabric OS 2.x and 3.x, Fabric OS 4.x contains ifmodeset which allows the Ethernet port speed
to be set at 10 or 100 Mb/sec. This may be required when attaching to some brands of Ethernet
switches.
Guideline: If using a terminal server to manage serial port connections to all Brocade switches in the SAN be sure
to DISABLE flow control on every virtual serial port on the terminal server side.
Date Command
Note the prompt changes to reflect the new switch name which is now FabA-C1.
Guideline: Set the Core PID format to 1 on all 2.x and 3.x based switches during the initial configuration procedure.
This will allow seamless introduction of higher port count switches that run Fabric OS 4.x.
This section will just provide a high level recommended procedure done on the case study SAN. Changing the Core PID is
disruptive, so SANs with single fabrics will require scheduled downtime. For all the recommendations and details for setting
the Core PID format, reference the Brocade Fabric OS Procedures Guide (part number: 53-0000518-03).
Note: The procedure to set the PID format to Extended Edge PID (PID format 2) is identical to the procedure described
below. Extended Edge PID (PID format 2) is available on Fabric OS versions 2.6.2, 3.1.2, 4.2 and higher, as discussed
in section 6.3.7.1. Understanding the Extended Edge PID Format on page 6-12. Contact your switch provider for
details.
To set the switch Domain ID numbers, follow the procedure below. Since the Core PID format can be set in the same session
as the Domain ID, it is highly recommended to take advantage of the initial setup and set it to a value of 1. For SANs with
more than one fabric, do one fabric at a time. While the Domain ID needs to be set on all switches, the Core PID needs only to
be applied to each switch that is running Fabric OS 2.x and 3.x.
1. Login as the admin user. Open a telnet session and issue the switchdisable command. This will cause the switch to
go offline.
2. Now that the switch is offline, type configure and press Enter. The configure menu appears.
int170:admin> configure
Configure...
3. Select the Fabric Parameters submenu by typing Y and pressing Enter. The Domain ID setting appears. Set the domain ID
by entering a number between 1 and 239. The example uses 170 and the line is bold for emphasis.
Fabric parameters (yes, y, no, n): [no] y
Domain: (1..239) [1] 170
4. Press Enter until the Core PID prompt appears and set the Core PID to 1. This will change the default value which is 0.
The change is shown in bold text below.
____ BB credit: (1..27) [16]
R_A_TOV: (4000..120000) [10000]
E_D_TOV: (1000..5000) [2000]
WAN_TOV: (1000..120000) [0]
Data field size: (256..2112) [2112]
Sequence Level Switching: (0..1) [0]
Disable Device Probing: (0..1) [0]
Suppress Class F Traffic: (0..1) [0]
SYNC IO mode: (0..1) [0]
VC Encoded Address Mode: (0..1) [0]
Core Switch PID Format: (0..2) [0] 1
Per-frame Route Priority: (0..1) [0]
Long Distance Fabric: (0..1) [0]
5. Both the Domain ID and Core PID settings have been configured. Press Enter to the rest of the configure sub-menu
choices to skip through the settings as shown.
Virtual Channel parameters (yes, y, no, n): [no]
Zoning Operation parameters (yes, y, no, n): [no]
RSCN Transmission Mode (yes, y, no, n): [no]
Arbitrated Loop parameters (yes, y, no, n): [no]
System services (yes, y, no, n): [no]
_Portlog events enable (yes, y, no, n): [no]
6. The Domain ID and Core PID format have now been set. DO NOT bring the switch online. This will be done in an orderly
fashion in step 8.
7. Repeat steps 1-5 of the procedure for each switch in Fabric A only.
8. Once all of the switches have been set, enable each core switch using switchenable. Ignore any error messages that may
appear.
9. Now enable each edge switch with switchenable.
10. Verify the trunk groups form by issuing trunkshow on each core switch.
11. Verify the fabric is stable using fabricshow from any switch. Check the output and make sure all the switches are
present in Fabric A.
12. Repeat steps 1-11 for Fabric B.
The Switch Domain number and Core PID format is now set for each switch in the SAN fabrics.
Guideline: Use the last octet of the switch IP address for the number.
Note: If the PID Formats on the existing switches must use the Extended Edge PID format, the existing SilkWorm switches
must be updated to 2.6.2, or 3.1.2 or greater to use this new setting. However, it is still highly recommended to set all
switches to PID Format 1.
Note: Displaying and Configuring Extended Edge PID format is available in Fabric OS 2.6.2, 3.1.2 and 4.2 and higher.
This section provides some detail on how to validating the PID Format setting. The best way to display the configuration of the
PID format is to use configshow. The current setting is shown by the fabric.ops.mode.pidFormat variable. Depending on
the switch type, several screens of output may need to be scrolled through. Partial output, showing the setting is shown below.
fabric.ops.mode.pidFormat:1
In this case the PID Format is set to 1. This means the switch is set to the Core PID setting. Other commands to display the PID
setting are portshow and portswapshow.
Warning: Configure may be tempting to use for displaying the PID format. However, in order to see the PID Format setting,
the switch must be disabled.
Please note that the switch port number and area ID are not the same. The switch port number is the physical port on the
switch. The area number is a logical number that represents the logical port and is the second byte of the PID. The switch port
number may consist of physical slot and port numbers or just the switch port number on non-bladed Brocade switch platforms.
To display the PID, use switchshow. It will display both the Area ID and the Port Number on bladed switches. Portshow
displays the PID address for individual ports on all switch types. Other commands that display PID address include
nsallshow, nsshow, portswapshow
To set the PID format, use the configure command. The method of doing this is equivalent to what was shown in section
6.3.6. Set Domain ID and Core PID Format in the Same Session (On Non-Fabric OS 4.x Switches) on page 6-7. Please refer to
this section for details.
Note: As of Fabric OS 2.6.2, 3.1.2 and 4.2, support for a PID format 2 available. This setting is an alternative to the Core
PID format (PID format 1).
PID format 2 was created for hosts which use persistent binding from having to reboot or involve the execution of commands
on the host to recognize devices utilizing new PIDs. This new PID format setting is referred to as Extended Edge PID.
Note: No format setting is required when introducing a SilkWorm 24000, 3250, and/or 3850 to a fabric with a SilkWorm
12000 and/or 3900.
Warning: Be aware that a PID format setting is a fabric wide parameter. All switches in a fabric MUST have the same value
or the fabric will segment.
The PID is the 24-bit address assigned to fabric attached hosts and storage. It contains three bytes: the first byte is the Domain
Number; the second byte is the Area and the third byte the ALPA. Different PID Format values toggle Brocades addressing
scheme in the second byte. Table 6-4 provides a summary of the current available PID formats.
Table 6-4 Available PID Formats
Native PID 0 0x10 + port number SilkWorm 2000 Sets the first nibble db1a00 (SW 2250)
Format Range: 10-1f and 3000 series of PID Area byte to Device on port 10 of a 16
be 1. Applies to port switch.
switches of up to 16
Only applies on Fabric OS
ports
2.x and 3.x.
Core Switch 1 port number All Sets the first nibble 141a00 (SW 3900)
PID Format Range: 00-ff of PID to start at 0. Device on port 26 of a 32
Applies to switches port switch
of up to 256 ports
Extended 2 0x10 + port number All Sets the first nibble 3f5a00 (SW 24000)
Edge PID Range: 10-00 (with of PID Area byte to Device on port 10 on slot 6.
Format wrap) start at 1 and wraps
On SilkWorm 24000,
(Newly added to 0, with 7 as the
area_ID runs from 16 - 127,
to Fabric OS next to last number.
0 - 15. For port counts of
2.6.2, 3.1.2 Applies to switches
16 or less, Native PID For-
and 4.2) of up to 256 ports
mat is equivalent to
Extended Edge
Note: If you must upgrade to Core PID format 2 on all switches in fabric configuration 1 to avoid host reboot, they must first
be upgraded to the latest available Fabric OS (Fabric OS 2.6.2/3.1.2). Prior versions of Fabric OS do not offer setting
of Core PID Format 2. The switch that you would like to add to this existing fabric must also be set to Core PID format
2. All switches in the fabric must have a uniform format type.
Warning: In all cases where the PID format is changed, all switches in the fabric must be rebooted or disabled and then
re-enabled.
Port ID (10- 1F ) PID Format 0 (Native - Fabric OS2.x and 3.x Only)
16-portswitch
Port ID (00- 0F ) PID Format 1 (Core)
Area Byte Range
Port ID (10- 1F ) PID Format 2 (Displaced)
Key:
When the Extended Edge PID is set (PID format 2), and the switches are rebooted these settings are automatically updated. Be
aware that this new setting will impact Zoning, Secure Fabric OS DCC policy and other switch or fabric configurations. To
find out all the details of the Extended Edge PID format, and impact to Brocade Advanced Fabric Services and other switch
configuration parameters, please refer to the Brocade Fabric OS 4.2 Procedures Guide (part number: 53-0000518-03).
Guideline: Since the Extended Edge PID is a fabric wide setting, take great care to understand the impact to a
production fabric. As with any fabric wide change, before the Extended Edge PID format is set be sure
to go through the proper risk assessment and planning procedure to understand and minimize any the
negative impact to the fabric operation.
Guideline: Always backup the switch configurations before making the change. For dual fabrics, configure the
Extended Edge PID one fabric at a time and allow the fabric to reform and become stable before
continuing operations.
Table 6-5 shows the Default and supported PID settings for each version of Fabric OS.
Table 6-5
2. Add a license with licenseadd. Use the key as generated by the instructions in the paper pack.
sialab89:admin> licenseadd "SeQedReQRSbfRfeB"
3. Check the licenses with licenseshow. Note that the Trunking License now exists.
sialab89:admin> licenseshow
SeQedReQRSbfRfeB:
Trunking license
SebSeyQy9cafcTft:
Web license
Zoning license
QuickLoop license
Fabric license
Remote Switch license
Remote Fabric license
Extended Fabric license
Fabric Watch license
Performance Monitor license
Note: After adding a Trunking License, use switchcfgtrunk to enable all ports for trunking. The switch does not need
to be disabled with switchdisable to do this. Most other licensed features are not activated automatically and
require an extra step or two. Please refer to the Brocade Fabric OS Procedures Guide for specific information about
licensed options.
Use portname again to display the port name. Note that the name no longer exists.
sialab90:admin> portname
sialab90:admin>
Port name can also be viewed using from the Name Server window within Web Tools, as shown in Figure 6-8.
Note: Port names do not change with the configdefault command. However, they can be cleared on port by port basis
with portcfgdefault. The portshow command displays port name in the first line of the output. Switchshow
does NOT display the portName. The port name label is persistent across switch reboots and power cycles.
Nsaliasshow displays the zoning alias, not the portname value.
10 9 8 7 6 5 4 3 2 1
To enable preferred principal switch selection without doing a rebuild do the following:
poc165:admin> fabricprincipal 1
Principal Selection Mode enabled (Activate in next fabric rebuild)
To turn off the persistent selection mode on the switch, use 0 as the argument as shown:
poc165:admin> fabricprincipal 0
Principal Selection Mode disabled
Use fabric principal with no argument to check the current mode. This example shows the current state as enabled.
poc165:admin> fabricprincipal
Principal Selection Mode: Enable
poc165:admin>
Note: When another switch that is configured to be the preferred principal switch the lower WWN switch will win and the
Higher WWN switch will log an error saying “PSS principal failed (Lost to WWN: <wwn>)”. The preferred principal
switch remains selected across reboots, power cycles, and upon a fabric rebuilds.
This example shows how to set the timeout value on Fabric OS 2.6.1 and 3.1.
sialab89:admin> timeout
TimeOut is Disabled
sialab89:admin> timeout 10
Committing configuration...done.
TimeOut is now 10 minutes
sialab89:admin> timeout
TimeOut is 10 minutes
sialab89:admin> timeout 0
Committing configuration...done.
TimeOut is now Disabled
Figure 6-9 Timeout Command Output in Fabric OS 2.6.1 and 3.1
Note, when issuing the command in Fabric OS 4.x you will get the following messages:
IDLE Timeout Changed to 10 minutes
The modified IDLE Timeout will be in effect after NEXT login
Note: Switches running Fabric OS 2.x or 3.x do not have the capability to disable the telnet daemon. However, policies can
be configured with SFOS to block telnet.
Note: In most cases the switch must be disabled with switchdisable prior to using the configure command, however
when disabling the telnet daemon the switch remains online while the configure command is invoked.
Configure...
Security policy change: TTY pts on switch instance 0 will be logged out.
Connection closed...
Guideline: Extended Fabrics can also be configured via Brocade Fabric Manager and Web Tools, however the
procedures are not given in this document. Please refer to the appropriate User's Guide.
Revisions of Fabric OS v3.0.2 and greater contain an additional optional parameter, VC Translation Link Initialization, to the
portCfgLongDistance CLI command. When set to 1, this parameter indicates that enhanced link reset protocol should be used
on the port. The default value for this parameter is 0 and is compatible with earlier Fabric OS v3.x implementations. For
optimal performance, specify 1 when E_Port links are between switches with Fabric OS v3.0.2 and greater, or Fabric OS
v4.0.2 and greater. Specify 0, or nothing, when connecting a switch with Fabric OS v3.0.2 or above switch to previous releases
of Fabric OS.
To configure Extended Fabrics on SilkWorm 2000 series switches, the following procedures must be performed.
1. Set the fabric-wide configuration parameter fabric.ops.mode.longDistance to 1 using the configure command. This
parameter must be set on all switches within the fabric.
2. Set the appropriate Extended Fabrics mode for each long-distance port using the portCfgLongDistance command.
3. When configuring Extended Fabrics on SilkWorm 3000 series switches and above, only port level configuration is
necessary.
4. Set the appropriate Extended Fabrics mode for each long-distance port using the CLI command portCfgLongDistance. At
the same time, set the VC translation link initialization bit to 1 on long-distance switches running Fabric OS v3.0.2 or
above.
Brocade supports Extended Fabrics ports between same series switches (i.e. SilkWorm 2000 series to SilkWorm 2000 series
switches) as well as SilkWorm 3000 series switches to SilkWorm 12000 switches. Directly connecting a SilkWorm 2000 series
switch to a SilkWorm 3000/12000 series switch is unsupported when using Extended Fabrics. For a mixed SilkWorm 2000 and
SilkWorm 3000/12000 fabric, where the long-distance ports are between SilkWorm 2000 series switches, the fabric-wide
parameter fabric.ops.mode.longDistance must be set to a value of 1 on all switches within the fabric. For mixed fabric
configurations where long-distance ports are located between SilkWorm 3000 and/or SilkWorm 12000 series switches, the
fabric-wide long distance parameter is not required.
The output in Figure 6-10 shows portCfgLongDistance usage and an example of how to configure port 0 on a SilkWorm 3800
switch running Fabric OS v3.1 for L2 Extended Fabrics mode with VC translation link initialization set to 1.
mw123:root> portcfglongdistanceUsage: portCfgLongDistance port ,"distance_level",<vc translation link
init>distance_level: L0 - normal LE <= 10km L0.5
<= 25km L1 <= 50km L2 <= 100km LD
- autovc trans link init: 0 normal1 vc translation
mw123:root> portcfglongdistance 0,"L2",1 Committing configuration...done.
Figure 6-10
The portCfgShow command can be used to determine which ports are configured as long-distance ports. The switch output in
Figure 6-11 shows that port 0 has been configured for L2 Extended Fabrics and VC Translation Link Initialization has been
turned on.
mw123:root> portcfgshowPorts
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
15-------------------+--+--+--+--+----+--+--+--+----+--+--+--+----+--+--+--
Speed AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN
Trunk Port ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON
Long Distance L2 .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
VC link init ON .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked L_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked G_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Disabled E_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Persistent Disable .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
where AN:AutoNegotiate, ..:OFF, ??:INVALID. LM:L0.5
Figure 6-11
For additional information refer to Appendix B, Long-distance Technologies for Storage Area Networks.
Guideline: Define a “golden” switch. For larger SAN fabrics, or for the staging of many smaller fabrics, use
configupload to baseline the “golden” switch. The “golden” switch configuration can be downloaded
with Fabric Manager to all other switches in the fabric. Do baselines by Fabric OS version. In other
words, if the fabric contains switches running Fabric OS 3.1.2 and 4.2, create two “golden” switch
configurations. This will help with change management.
sialab89:admin> switchshow
switchName: sialab89
switchType: 9.2
switchState: Online
switchMode: Native
switchRole: Subordinate
switchDomain: 89
switchId: fffc59
switchWwn: 10:00:00:60:69:51:10:42
switchBeacon: OFF
Zoning: ON (bkup_cfg_B)
port 0: id N2 Online E-Port 10:00:00:60:69:80:0f:ad "poc166" (upstream)
(Trunk master)
port 1: id N2 Online E-Port (Trunk port, master is port #0)
port 2: -- N2 No_Module
port 3: -- N2 No_Module
port 4: id N2 No_Light
port 5: id N2 No_Light
port 6: -- N2 No_Module
port 7: -- N2 No_Module
port 8: id N2 No_Light
port 9: id N2 No_Light
port 10: id N2 No_Light
port 11: id N2 No_Light
port 12: id N2 No_Light
port 13: -- N2 No_Module
port 14: -- N2 No_Module
port 15: id N2 Online L-Port 15 public
sialab89:admin>
N db0f00; 3;50:00:60:e8:02:ee:78:19;50:00:60:e8:02:ee:78:19; na
FC4s: FCP [HITACHI OPEN-E 0118]
Fabric Port Name: 20:0f:00:60:69:90:04:1a
N db1a00; 2,3;10:00:00:00:c9:30:d0:62;20:00:00:00:c9:30:d0:62; na
FC4s: FCP
Fabric Port Name: 20:1a:00:60:69:90:04:1a
N db1b00; 2,3;10:00:00:00:c9:30:d0:9d;20:00:00:00:c9:30:d0:9d; na
FC4s: FCP
NodeSymb: [35] "Emulex LP9002 FV3.90A7 DV5-4.82A4 "
Fabric Port Name: 20:1b:00:60:69:90:04:1a
NsShow Output with -r Option Displaying Devices Registered for State Change Notification
To show all the devices in the fabric, use nsallshow. An example output is shown below.
sialab89:admin> nsallshow
{
590fd1 590fd2 590fd3 590fd4 590fd5 590fd6 590fd9 590fda
590fdc 590fe0 590fe1 590fe2 590fe4 590fe8 590fef 5a0800
c30600 c30800 c40d00 db0e00 db0f00 db1a00 db1b00
23 Nx_Ports in the Fabric }
Figure 6-14 NsallShow Output Showing All Devices Participating in the Fabric
Guideline: If desired, use the primary management switch in the fabric, generally this would be the principal or
Primary FCS Switch for NTP service setup.
int219:admin> tsclockserver
LOCL
Figure 6-16 Default Setting
sialab89:admin> tsclockserver "192.168.126.60"
Updating Clock Server configuration...
Figure 6-17 Example of Setting Tsclockserver
Note: The parameters of the command porttest are slightly different in Fabric OS 3.x and 4.x.
Note: Some HBAs require a specific payload size since the Echo response is limited is payload size. Please refer to the HBA
manufacturer’s documentation for details.
For Fabric OS 3.1 the following porttest runs for 1000 iterations on all ports with -1 option. The test lasts about seven
minutes. Porttestshow displays the current status. Check for PASS on the first line after the port number. This indicates a
successful test run. To avoid unnecessary output, run the test only on ports with connected devices.
The example in Figure 6-18 illustrates the use of this command in Fabric OS 3.1. The example in Figure 6-19 illustrates the
use of this command in Fabric OS 4.1.
sialab90:admin> portTest -1,1000
sialab90:admin> porttestshow
Port 0 : PASS
PortType: E PORT(SLAVE) PortState: TESTING
PortInternalState: TX PortTypeToTest: ALL_PORTS
Pattern: 0xb Seed: 0xaa UserDelay: 10
TotalIteration: 1000 CurrentIteration: 575
TotalFail: 0 ConsecutiveFail: 0
StartTime: Mar 22 03:58:06
StopTime: NONE
Timeout: 0 ErrorCode: 0
Port 8 : PASS
PortType: F PORT PortState: TEST DONE
PortInternalState: INIT PortTypeToTest: NO_TEST
Pattern: 0xb Seed: 0xaa UserDelay: 10
TotalIteration: 1000 CurrentIteration: 1000
TotalFail: 0 ConsecutiveFail: 0
StartTime: Mar 22 03:58:06
StopTime: Mar 22 04:03:58
Timeout: 0 ErrorCode: 0
Figure 6-18 PortTestShow on Fabric OS 3.1
When running the command porttest in Fabric OS 4.1, the arguments are more intuitive. The example of porttest
below runs for 1000 iterations on all ports with -1 option. As in the previous example, porttest lasts about 7 minutes with
these arguments. To avoid unnecessary output run the test only on ports with the connected devices. If there are a large number
of devices, use the terminal emulator software to save the output to a log file.
int218:admin> portTest -iteration 1000
Figure 6-19 PortTest on Fabric OS 4.1
Note: If porttest is configured to run indefinitely, use the stopporttest command to stop it.
Guideline: For a Core/Edge topology, such as the case study, use a core switch to execute nscamshow, as there
are no edge devices registered with the local name servers. If devices are attached locally, use nsshow
in addition, to capture devices registered in the local name server database.
int63:admin> nscamshow
nscam show for remote switches:
Switch entry for 75
state rev owner
known v260 0xfffc3f
Device list: count 1
Type Pid COS PortName NodeName
N 4b0f00; 3;20:05:00:a0:b8:07:5d:c7;20:04:00:a0:b8:07:5d:c6;
FC4s: FCP
Fabric Port Name: 20:0f:00:60:69:10:10:9d
Guideline: It is recommended to backup the zoning configuration once Zoning has been configured and enabled.
Note: The steps shown in the procedure below will not re-create the configuration.
1. To configure a hardware zone on a SilkWorm 2000 series switch, first use alicreate with domain ID, port ID as the
second argument. In the example below it is “218,8”. As discussed in the Zoning section earlier, the WWN can be used for
hardware zoning on all switches that run Fabric OS 3.x or 4.x. The example will use the WWN for the following steps.
int195:admin> alicreate "E250_OrA","218,8"
int219:admin> alicreate "int122_HBA_B","10:00:00:00:c9:24:f5:f9"
int219:admin> alicreate "stor_port_B","20:04:00:a0:b8:07:5d:c7"
2. Use the command zonecreate to define a zone using the aliases. The zoneshow command is used to check the newly
created aliases are correct.
int219:admin> zonecreate "int122_B_zone","int122_HBA_B; stor_port_B"
int219:admin> zoneshow
Defined configuration:
alias: int122_HBA_B 10:00:00:00:c9:24:f5:f9
alias: stor_port_B 20:04:00:a0:b8:07:5d:c7
3. Use the command cfgcreate to define a configuration with one or more zones. This example has only one, defined as
“E250_A_ZONE”. Enable the new zone configuration with the command cfgenable.
int219:admin> cfgcreate "bkup_cfg_B","int122_B_zone"
int219:admin> cfgenable "bkup_cfg_B"
zone config "bkup_cfg_B" is in effect
6. Use the command cfgActvshow to show the current active configuration. Note: This command is not available in
Fabric OS 2.6.1.
sialab89:admin> cfgActvshow
Effective configuration:
cfg: bkup_cfg_B
zone: int121_B
10:00:00:00:c9:24:f5:f9
20:04:00:a0:b8:07:5d:c7
Warning: For mixed fabrics that contain switches with Fabric OS 2.x and 3.x, the maximum zoning database size will be
about 96 KB. Be aware that, the vast majority of fabrics will not even be close to this limit. The largest ones
deployed today on the order of a thousand ports, use about 40 KB for the zoning database.
Below are some additional guidelines when implementing zoning for larger sized fabrics and dual fabric SANs.
Guideline: To simplify the zoning configuration alias creation on dual fabric SANs, do the following on a
non-production fabric. It’s best to use clean switches, with no zones enabled or defined.
1. Configupload to a host.
2. Edit the zoning configuration appropriately.
3. ConfigDownload the zoning configuration from the host to a target switch in each fabric.
Guideline: For a large number of zone configurations, generally over 15, use Fabric Manager or Web Tools. These
tools vastly simplify the zoning implementation. WWNs of devices and the ports on the switch they are
attached to are also seen automatically in the GUI, so validation of connectivity can be done
simultaneously.
Table 6-9
Table 6-10
Guideline: Update the Fabric Manager password authentication after Secure Fabric OS is enabled.
Warning: A telnet session cannot be used simultaneously with Fabric Manager when managing Secure Fabric OS. This is
indicated by a “not transaction owner” message when attempting to make changes at the command line. The
Fabric Manager Security Admin window must be closed to manage Secure Fabric OS at the command line.
Guideline: When a fabric spans multiple sites be sure to assign at least one FCS switch per site.
Note: Please work with the IT staff responsible for corporate wide IT security policies definition and enforcement for specific
requirements as part of the planning effort before staging Secure Fabric OS.
Warning: Every switch in the entire fabric needs to be rebooted in order to activate Secure Fabric OS. Be aware that enabling
Secure Fabric OS on a SilkWorm 12000 will reboot BOTH CPs simultaneously. It is recommended to schedule
downtime on single fabric SANs before enabling Secure Fabric OS. Downtime to the SAN can be avoided if using
a redundant fabric SAN.
Guideline: Any time a change is required, the Secure Fabric OS policy set MUST be updated BEFORE the new
device is allowed to inhabit the fabric. This prevents accidental or malicious attempts at accessing fabric
wide information and more importantly, provides complete control over the SAN environment. It is for
this reason that defining and implementing policies for each attached switch or node is highly
recommended.
Upon the Secure Fabric OS being enabled, there are benefits available without any policies in place. These benefits are:
• With Secure Fabric OS enabled in the SAN, each fabric can only be administered through a secure session with a
single management point; the Primary FCS switch. A management control mechanism is now in place.
• New passwords will be defined for the user, root and admin administrative accounts. These will be centrally managed
by the Primary FCS switch.
• A secure management station with Brocade SecTelnet software utility or an SSH client must be defined to access the
Primary FCS switch. This means that passwords will no longer be sent out-of-band in clear text.
Secure FOS policy definition is both flexible and comprehensive. Adding switches, devices and/or out of band management
stations to the existing SAN architecture is no longer an ad-hoc task. With Secure FOS policies in place, the following benefits
are realized:
• Extreme control over access to SAN components and a framework for change management enforcement. With
Secure Fabric OS policies in place, a SAN fabric becomes a fully controlled environment.
• Any physical or logical changes that occur within a fabric must be first authorized before the actual implementation
takes place. Secure Fabric OS thus provides complete control over a continually changing fabric environment.
• Integration into the existing IT security framework. Already in place on the IP network infrastructure and hosts,
policy based security is now available in the SAN.
The following page provides a checklist of items to install, configure and add policies using Secure FOS so that the above
benefits are put into practice. The items in the checklist are then expounded upon to show detailed examples and provide
further guidelines on usage during the configuration phase. This list should be used as a starting point for a custom installation.
Warning: Be aware that enabling Secure Fabric OS on a SilkWorm 12000 will reboot BOTH CPs simultaneously. Although
not recommended, some fabrics may use each logical switch in a single chassis in separate fabrics in a dual SAN
fabric configuration. In this case, BOTH fabrics will be OFFLINE while the fabric reboots and the Primary FCS
switch establishes itself. For SANs that will have Secure Fabric OS enabled, DO NOT use both logical switches
in separate fabrics as this is an unsupported configuration.
Brocade Fabric Manager can simplify the verification of digital certificates as you will not be required to log into each
switch. To verify the installation of the digital certificates, launch the Fabric Manager client and use the following
procedure:
1. Discover the SAN fabrics by entering the IP address of one switch in each fabric in the Address Bar, one at a time.
2. Once each fabric is discovered in the SAN, click on the SAN Elements tab. To select all fabrics in the SAN, click on
Fabrics under the My SAN tree location. To select a single fabric, as shown in the example, click on the Fabric
Name, in this case it is DDM-A. Once selected, DDM-A is highlighted.
3. To check if the digital certificates exist click on the Switches button on the detail pane as shown. Use the scroll bar at
the bottom to locate the Has Certificate column. Note that in Figure 6-21 all switches in DDM-A have this value set
to true. If digital certificates did not exist, the value would be set to false.
As the output illustrates, all switches have the required digital certificates. Thus the fabric is ready for Secure Fabric OS to
be enabled. If digital certificates or other PKI objects do not exist, the Brocade PKIcert utility is required to prepare them.
This procedure is generally required for legacy Brocade SilkWorm switches. All new switches have certificates installed
at the factory. For details on installing and using PKIcert, please contact the switch provider or visit the Brocade web site
and select Partner Network.
Warning: Digital Certificates must exist on all switches in the fabric before enabling Secure Fabric OS.
Device Name Role Switch and Port Location Device Port WWN
To verify the status of the time server, use the command tsclockserver with no operand. If the out put is LOCL, then
the external time server is not set.
int63:admin> tsclockserver
192.168.126.60
Please note Switch 0 configuration takes priority over Switch 1.
Guideline: For dual fabric SANs, enable security on Fabric A and verify basic device connectivity with nscamshow
before enabling Secure Fabric OS on Fabric B. It is recommended to schedule downtime on single
fabric SANs before enabling Secure Fabric OS. Once online, verify the all devices are logged in with
nscamshow. Downtime to the SAN can be avoided if using a redundant fabric SAN.
4. During the initial configuration with secmodeenable, the FCS and non-FCS switch roles need to be defined and
new passwords set. Gather this information from a list of switch roles created as part of the second checklist item.
Guideline: While Secure Fabric OS is being configured with secmodeenable, it is recommended to save all
events to a log file. To create a log file with SecTelnet, from the SecTelnet client window, click on the
Terminal -> Session Log -> Start. A dialog box appears. Select a location and enter a filename. Click
on Open to begin recording the telnet session. If logging is stopped and restarted using the same
filename, SecTelnet does not append the captured output. The file will be over-written and any previous
logging information will be lost. Be sure to save the captured session or use a different filename.
Enter WWN, Domain, or switch name (Leave blank when done): int217
Switch WWN is 10:00:00:60:69:90:03:fa.
The new FCS list:
10:00:00:60:69:80:4d:fc
10:00:00:60:69:90:03:fa
Enter WWN, Domain, or switch name (Leave blank when done): int170
Switch WWN is 10:00:00:60:69:50:10:90.
The new FCS list:
10:00:00:60:69:80:4d:fc
10:00:00:60:69:90:03:fa
10:00:00:60:69:50:10:90
6. All switches will be rebooted automatically and the SecTelnet session will end. When the switches come online, the fabric
will re-build. Fabric Manager can be used to check the switches as they come online. Once the fabric is online, a secure
telnet session must be opened using the new password settings to the Primary FCS. All switches in the fabric are now
managed by it. To view the defined and active FCS_POLICY list use the command secpolicyshow.
Warning: All switches in the fabric will require a reboot for Secure Fabric OS to be brought online.
int63:admin> secpolicyshow
____________________________________________________
DEFINED POLICY SET
FCS_POLICY
Pos Primary WWN DId swName
__________________________________________________
1 Yes 10:00:00:60:69:80:4d:fc 63 int63
2 No 10:00:00:60:69:90:03:fa 217 int217
3 No 10:00:00:60:69:50:10:90 170 int170
____________________________________________________
____________________________________________________
ACTIVE POLICY SET
FCS_POLICY
Pos Primary WWN DId swName
__________________________________________________
1 Yes 10:00:00:60:69:80:4d:fc 63 int63
2 No 10:00:00:60:69:90:03:fa 217 int217
3 No 10:00:00:60:69:50:10:90 170 int170
____________________________________________________
Note: Be aware of the switch order as defined by the Pos (Position) column. In this configuration there are three FCS
switches. The first one listed is the Primary FCS and thus is in Position 1. If it were to fail, the Position 2 switch would
take over. If 1 and 2 were to fail than the Pos 3 switch would take over. If desired, the Primary FCS switch can be
changed with the secPolicyFCSMove command.
7. For a summary of the Secure Fabric OS configuration use the command secfabricshow.
int63:admin> secfabricshow
Role WWN DId Status Enet IP Addr Name
================================================================
Primary 10:00:00:60:69:80:4d:fc 63 Ready 192.168.162.63 "int63"
non-FCS 10:00:00:60:69:10:10:9d 75 Ready 192.168.162.75 "int75"
non-FCS 10:00:00:60:69:51:0e:0a 88 Ready 192.168.155.88 "sialab88"
non-FCS 10:00:00:60:69:10:68:fa 154 Ready 192.168.162.154 "int154"
Backup 10:00:00:60:69:50:10:90 170 Ready 192.168.162.170 "int170"
Backup 10:00:00:60:69:90:03:fa 217 Ready 192.168.162.217 "int217"
___________________________________________
Secured switches in the fabric: 6
Once Secure FOS is enabled administrative tasks can be accomplished at the command line. If using Fabric Manager for
Secure FOS administrative tasks (and it is highly recommended to do so), follow the steps in the next subsection.
4. Select the non-FCS switches by removing the FCS switches (not shown) from the Selected Switches pane on the right
and repeat the process. Click Apply to set and validate the new password settings. The Fabric Login appears as
shown in Figure 6-24.
Note: In a fabric that contains SilkWorm 2000 series switches, the maximum security DB size is limited to 32 KB, with
16 KB active. In a fabric containing SilkWorm 32x0, 38x0, 3900, or 12000 switches, the security DB size maximum
is 128 KB, with 64 KB active. For all fabrics, the maximum number of DCC policies is limited to 620. Use the
command secactivesize to monitor database usage.
The following overview describes the steps used to configure policies. For purposes of illustration, the following four SAN
Secure FOS design choices will be used as examples:
A. Define three FCS switches using the most highly available switch (preferably the SilkWorm 24000) as the Primary
FCS.
B. Configure the Management Station Access with SecTelnet and Fabric Manager installed.
C. Lock down the fabric to prevent any access by any unauthorized switch.
D. Lock down all host and storage devices to prevent any access by any unauthorized device.
Note: The entire set of created policies will not be shown in the following examples, however, the examples provide the
essential steps to configure additional policies.
To make policy configuration changes, log onto the Primary FCS as the admin user with the Brocade SecTelnet utility. The
following five high level steps are used to configure Secure Fabric OS Policies. The steps are essentially the same for each
design choice.
1. Create the policy and populate it with the required device information.
Note: The policy must be selected from a pre-defined list. This list can be seen on the help pages at the command line or with
the Fabric Manager online help. If a policy is attempted to be defined that is not on this list, an error message will be
generated. Policy creation may require IP address, WWN, Domain ID or Port Number depending on the device to be
added. Multiple devices can be added at once.
Guideline: All Secure FOS policy changes can be made real time without rebooting the Primary FCS switch. During
the use of the case study SAN, changes were made with I/O activity and there was no negative affect.
Secure FOS Design choices A through D will be walked through step-by-step using the five steps above.
A. Define three FCS switches with the most highly available switch (preferably the SilkWorm 24000) as the Primary
FCS.
The three FCS switches were defined during the initialization of Secure Fabric OS with secmodeenable. The
FCS_POLICY list is created and populated by default and must exist at all times. FCS switches can be added/removed
from the FCS_POLICY with the commands secmodeadd/secmoderemove as needed.
Guideline: It is highly recommended to have three FCS switches in the list. For fabrics with three or fewer switches,
it is recommended to add all switches to the FCS_POLICY list.
Guideline: To ensure that the secure SAN Fabrics can be managed, define a second management station as a
backup. Using secpolicyadd and adding the secondary management host’s IP address to the
TELNET_POLICY, API_POLICY and HTTP_POLICY is all that is required. Should the primary station
become unavailable, the SAN administrator will not be locked out of the fabrics. Refer to section 6.5.5.
Managing Fabric Changes: Secure Fabric OS for Change Management Control on page 6-51 for
information about adding a management station.
2. Validate the policies are correct with secpolicyshow. Note that the policies are defined but are not yet activated.
This allows a degree of flexibility by the SAN Administrator. Multiple changes can be made at once before having
the Primary FCS enforce them. Also, in the event of an entry error, changes can be made without affecting the current
active configuration.
int63:admin> secpolicyshow
____________________________________________________
DEFINED POLICY SET
FCS_POLICY
Pos Primary WWN DId swName
__________________________________________________
1 Yes 10:00:00:60:69:80:4d:fc 63 int63
2 No 10:00:00:60:69:90:03:fa 217 int217
3 No 10:00:00:60:69:50:10:90 170 int170
TELNET_POLICY
IpAddr
__________________________________________________
192.168.173.50
HTTP_POLICY
IpAddr
__________________________________________________
192.168.173.50
API_POLICY
IpAddr
__________________________________________________
192.168.173.50
___________________________________________________
ACTIVE POLICY SET
FCS_POLICY
Pos Primary WWN DId swName
__________________________________________________
1 Yes 10:00:00:60:69:80:4d:fc 63 int63
2 No 10:00:00:60:69:90:03:fa 217 int217
3 No 10:00:00:60:69:50:10:90 170 int170
____________________________________________________
Note: If desired, the policy change can be nullified using secpolicyabort. This command will write the current saved
policy set in NVRAM to the defined policy set. An example is shown below.
int63:admin> secpolicyabort
Unsaved data has been aborted.
Note: Save the new policy definition with secpolicysave. This will preserve the policies as they will be copied to
NVRAM flash on the Primary FCS switch. Once saved, the changes cannot be backed out with secpolicyabort.
Each change must be removed or deleted either at the command line or preferably, Fabric Manager.
int63:admin> secpolicysave
secpolicysave command was completed successfully.
3. Activate the enforcement of the policies with secpolicyactivate. Once executed, the Primary FCS switch will
write over all active policies on all other switches in the fabric.
int63:admin> secpolicyactivate
About to overwrite the current Active Policy Set.
ARE YOU SURE (yes, y, no, n): [no] yes
secpolicyactivate command was completed successfully..
4. Once activated, validate the policies exist once again with secpolicyshow. Note that the new policies are now
part of the ACTIVE POLICY SET.
int63:admin> secpolicyshow
____________________________________________________
DEFINED POLICY SET
FCS_POLICY
Pos Primary WWN DId swName
__________________________________________________
1 Yes 10:00:00:60:69:80:4d:fc 63 int63
2 No 10:00:00:60:69:90:03:fa 217 int217
3 No 10:00:00:60:69:50:10:90 170 int170
TELNET_POLICY
IpAddr
__________________________________________________
192.168.173.50
HTTP_POLICY
IpAddr
__________________________________________________
Note: This procedure can also be accomplished using Fabric Manager 4.0 as shown in section 6.5.4.1. Add All Switches to
The SCC_POLICY on page 6-48.
Warning: Once the SCC_POLICY is implemented, any switch listed in SCC_POLICY that is not in the FCS_POLICY list
will be forced to be a non-FCS switch. Non-FCS switches cannot become a Primary FCS Switch.
1. Create the SCC_POLICY. All switches can be added at once using the switch WWNs as shown in the following
example:
int63:admin> secpolicycreate
"SCC_POLICY","10:00:00:60:69:51:0e:0a;10:00:00:60:69:10:10:9d;10:00:00:60:69:10:68:fa;10:00:00:60
:69:50:10:90; 10:00:00:60:69:90:03:fa;10:00:00:60:69:80:4d:fc"
SCC_POLICY has been created.
If the policy is created without adding the non-FCS switches the following warning appears as shown:
int63:admin> secpolicycreate "SCC_POLICY"
One or more non-FCS switches are not in the SCC_POLICY. They will be excluded from the fabric when
activating the policy, unless you add them by using secPolicyAdd command later.
ARE YOU SURE (yes, y, no, n): [no] no
2. Once complete the SCC_POLICY will be created with only the FCS Members and stored in the defined policy set.
Do not activate the policy until all current non-FCS switches are added as members to the SCC_POLICY. Using the
case study SAN as an example, all non-FCS switches are must be added with the following command:
int63:admin> secpolicycadd
"SCC_POLICY","10:00:00:60:69:51:0e:0a;10:00:00:60:69:10:10:9d;10:00:00:60:69:10:68:fa"
Member(s) have been added to SCC_POLICY.
3. Use secpolicyshow to confirm the SCC_POLICY configuration. The case study SAN output is shown as
truncated output below:
int63:admin> secpolicyshow
____________________________________________________
DEFINED POLICY SET
FCS_POLICY
Pos Primary WWN DId swName
1 Yes 10:00:00:60:69:80:4d:fc 63 int63
2 No 10:00:00:60:69:90:03:fa 217 int217
3 No 10:00:00:60:69:50:10:90 170 int170
SCC_POLICY
WWN DId swName
10:00:00:60:69:51:0e:0a 88 sialab88
10:00:00:60:69:10:10:9d 75 int75
10:00:00:60:69:10:68:fa 154 int154
10:00:00:60:69:50:10:90 170 int170
10:00:00:60:69:90:03:fa 217 int217
10:00:00:60:69:80:4d:fc 63 int63
4. Use secpolicysave and secpolicyactivate to save and activate the defined configuration.
int63:admin> secpolicysave
secpolicysave command was completed successfully.
int63:admin> secpolicyactivate
About to overwrite the current Active Policy Set.
ARE YOU SURE (yes, y, no, n): [no] yes
secpolicyactivate command was completed successfully.
5. Validate the policy. If another clean switch is available, attempt to add it to the fabric. When a switch is added that is
not authorized, the secure switch will the following message sent to the screen:
0x1030cd50 (tTransmit): Jul 20 03:13:03
INFO SEC-SECVIOL_SCC, 4, Security violation: Unauthorized switch 10:00:00:60:69:90:04:3d tries to
join secure fabric.
0x1030cd50 (tTransmit): Jul 20 03:13:03
WARNING FABRIC-SEGMENTED, 3, port 5, SCC violation
Furthermore, the port that had the violation is disabled, as shown by this partial output of switchshow:
int170:admin> switchshow
switchName: int170
switchType: 9.1
switchState: Online
switchMode: Native
switchRole: Subordinate
switchDomain: 170
switchId: fffcaa
switchWwn: 10:00:00:60:69:50:10:90
switchBeacon: OFF
Zoning: ON (ddm_cfg_a)
port 0: id N2 Online E-Port (Trunk port, master is port #1)
port 1: id N2 Online E-Port 10:00:00:60:69:80:4d:fc "int63" (upstream) (Trunk master)
port 2: -- N2 No_Module
port 3: -- N2 No_Module
port 4: id N2 No_Light
port 5: id N2 In_Sync Disabled (Security violation)
To undo the violation, the port must be configured online with portenable. Once it is verified, the fabric is locked down by
the SCC_POLICY, the task is complete. The next step is to control device access to the SAN.
Guideline: Avoid nested DCC_POLICY_ definitions. Not only are they hard to document, they are difficult to
understand. There are rules that determine how the nested policies are enforced but applying the rules
and determining the outcome can be a complex task.
Guideline: For easy policy identification, append the domain number or switch name to the DCC_POLICY_ name.
For example for a switch with domain 170, create a policy called DCC_POLICY_170.
Guideline: The command line for this definition becomes complex, but it is simplified using Fabric Manager 4.0, as
shown in section 6.5.4.2. Create a DCC_POLICY_ALL on page 6-50.
2. Prevent nodes from connecting to the core switch(es). Since no device was specified as part of the second operand, all
nodes will be denied access to every port on the switch. The [] could be used as well, since no devices are attached.
int63:admin> secpolicycreate "DCC_POLICY_63","63(*)"
DCC_POLICY_63 has been created.
Guideline: For core switches, it is a good idea to lock down all unused ports to disallow any device from logging
into the fabric. To do this, use (*) or [*] as the port designation in the second operand with out any
devices attached. With [*], all switch ports to be scanned and no device will be added to the
DCC_POLICY_ list. With (*), and no device listed, the policy will be created with ports and no device
definitions. This too will prevent any device accessing all the ports on the core switches.
Guideline: Use secpolicyshow to verify the configuration. If correct it will only show the switch ports and domain
number. If only a DCC_POLICY_ exists, new switches can still be fabric members. Use the
SCC_POLICY to control fabric access by new switches.
Guideline: It is good practice to lock down all devices that connect to single switch, by creating a DCC_POLICY_
that binds all device Port WWN to all ports on a particular switch. Use [ ] as a shortcut to automatically
scan and populate the Port WWNs of the attached devices to the DCC_POLICY_ list. Once configured,
only those Port WWNs included in the policy list will be granted access to all local switch ports.
3. Validate the configuration with secpolicyshow before activating the configuration. Note that the
DCC_POLICY_63 have no devices listed. This means all devices are denied access to the switch. Unlike the example
which has the Area field truncated, the real output will show all ports.
int63:admin> secpolicyshow
DCC_POLICY_63
Type WWN DId swName
__________________________________________________
Switch 10:00:00:60:69:80:4d:fc 63 int63.
=Area=> 0,1,2,3,4,5,6,7,8,9,10,...,62,63.
DCC_POLICY_170
Type WWN DId swName
__________________________________________________
Switch 10:00:00:60:69:50:10:90 170 int170.
=Area=> 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15.
Device 22:00:00:20:37:15:1f:d0
Device 22:00:00:20:37:15:1a:f9
Device 22:00:00:20:37:15:0a:a5
Device 22:00:00:20:37:15:0c:0b
Device 22:00:00:20:37:e6:9a:8c
Device 22:00:00:20:37:e6:9a:6c
Device 22:00:00:20:37:15:0b:a5
4. Once the configuration has been verified, save and activate the configuration as before. List the new policy
configuration with secpolicyshow and verify the active policy has been updated to reflect the changes. This
output is not shown.
int63:admin> secpolicysave
secpolicysave command was completed successfully.
int63:admin> secpolicyactivate
About to overwrite the current Active Policy Set.
ARE YOU SURE (yes, y, no, n): [no] yes
secpolicyactivate command was completed successfully.
Although not shown, Fabric Manager can be used to make a backup copy of the configuration.
Warning: If Secure Fabric OS is disabled, all policy changes will be lost. This includes the FCS_POLICY list that defines
the FCS switch members. All configuration steps will have to be redone once the Secure Fabric OS is re-enabled.
Guideline: Fabric Manager can be used to make backups as well. Once a policy is defined it is highly
recommended to save a baseline of the Primary FCS switch and store in a secure location. Be sure to
update the baseline on a regular basis as policy changes are implemented.
Guideline: Add meaningful names to the policy documentation. When changes occur, keep the information
updated. This is critical for quick support turnaround and site preparedness in the even of a disaster.
Note: In a fabric that contains SilkWorm 2000 series switches, the maximum security DB size is limited to 32 KB, with
16 KB active. In a fabric containing SilkWorm 32x0, 38x0, 3900, or 12000 switches, the security DB size maximum
is 128 KB, with 64 KB active. For all fabrics, the maximum number of DCC policies is limited to 620. Use the
command secactivesize to monitor database useage.
Warning: Do not use secpolicydelete or secpolicycreate when making the changes. secpolicydelete
will permanently delete a policy and all members. secpolicycreate defines and creates a brand new policy
type. Use secpolicyremove to remove a device from a current defined policy and secpolicyadd to add
a device.
Guideline: Although the command line is shown for change management activities, Fabric Manager can be used
as an alternative. The GUI interface allows for complex changes to be made in an intuitive manner.
Please refer to section 6.5.5. Managing Fabric Changes: Secure Fabric OS for Change Management
Control on page 6-51.
Guideline: Be thorough in the planning process to prevent mistakes such as preventing initiators from seeing their
targets.
Switch int218 Non-FCS Edge Switch Prepare using the checklist and Switch WWN
(used SilkWorm 3900) add to SCC_POLICY
Guideline: If Fabric Manager is installed, using it to make changes is the preferred method. The GUI interface is
intuitive. Before changes are made, a validation window appears that allows the change to be verified
before being saved to the defined policy.
Guideline: If access to a serial connection is to be required, use the SERIAL_POLICY list to define the hosts to be
added. As before, use secpolicycreate to create a new policy list and secpolicyadd to add a
management host to the existing SERIAL_POLICY.
c. Validate the changes have been made to the defined policy set with secpolicyshow (output not shown).
The host int212 should be added to the TELNET_POLICY, HTTP_POLICY and API_POLICY and the HBA removed
from the DCC_POLICY_154.
Guideline: It is good practice to validate all the changes that occur in the Secure Fabric OS policy configuration
before going into production. Test each change; make sure that all have been activated.
Note: There is no Secure Fabric OS command that allows the permanent password change to all FCS switch members. Use
sectemppasswdset to set a temporary password for the FCS switches. To remove the temporary password, use
the command sectemppasswdreset. To permanently change the FCS passwords for each user account, root
access is required. Use the passwd command as is normally done on UNIX hosts. If the password has been lost, please
contact the switch vendor for the recovery process.
It is recommended to save the prior two changes so that if a roll-back to earlier configuration versions are desired, the
option will be available. This is critical for troubleshooting or if a new Primary FCS is to be brought online.
Guideline: Save the prior two changes to the Secure FOS configuration. This allows for two roll back choices in the
event problems occur.
Note: Although other switches may be added to a secure fabric, a SilkWorm 3900 is used in this example.
Warning: DO NOT use secversionreset on the existing fabric. This will wipe out the Primary FCS databases and
update each switch in the fabric accordingly.
Warning: If the procedure in Table 6-16 is not followed, the new switch will have a security violation on its E_Port
connection as shown by switchshow below:
19 id N2 Online E-Port segmented,(Security Violation)(Trunk master)
Caution: The WWNs of the current FCS members must be entered in the same order as the secmodeshow displays
when enabling Secure FOS with secmodeenable.
5. Prepare the new switch to accept the current Primary FCS databases
Log in as admin with the Brocade SecTelnet utility and issue the command secversionreset. In the example, the
same management station that manages the Secure Mode on Fabric A was used.
int218:admin> secversionreset
About to reset version stamp to 0.
ARE YOU SURE (yes, y, no, n): [no] yes
Security Policy Version Stamp has been set to zero.
If the version stamp is set to zero, as shown by secmodeshow, the output will be:
int218:admin> secversionreset
Stamp is 0.
Warning: Be sure that the switch to be added is what is logged on to before executing this command. If not, the version
information will be wiped away and the Primary FCS database cleaned out.
6. Add and Save the new SilkWorm 3900 entry to the existing SCC_POLICY
Log into the Primary FCS of the existing Secure Fabric OS fabric and use secpolicyadd to add the new switch to the
existing SCC_POLICY. Validate the configuration with secpolicyshow. Note that the new switch is registered in the
SCC_POLICY with an unknown status. This is expected at this stage.
int63:admin> secpolicyadd “SCC_POLICY”,”10:00:00:60:69:90:04:3d”
Member(s) have been added to SCC_POLICY
int63:admin> secpolicyshow
SCC_POLICY
WWN DId swName
__________________________________________________
10:00:00:60:69:51:0e:0a 88 sialab88
10:00:00:60:69:50:10:90 170 int170
10:00:00:60:69:90:03:fa 217 int217
10:00:00:60:69:80:4d:fc 63 int63
10:00:00:60:69:10:10:9d 75 int75
10:00:00:60:69:10:68:fa 154 int154
10:00:00:60:69:90:04:3d - Unknown
8 7 6 5 4 3 2 1
The new switch has been added successfully. To promote the switch to an FCS backup role, add it to the FCC_POLICY
list using secpolicyadd.
Validation Checklist
Guideline: Check the switch event logs for any issues with the fabric while validating it’s stability. Setup the syslogd
system log on a host and configure to capture fabric event messages.
Note: When attaching ISLs to the SilkWorm 2800 there will be no trunking as it is not supported in Fabric OS 2.x. The
connections will be auto-negotiated at 1 Gbit/sec as non-trunked E_Ports.
Guideline: The -s option provides additional control over the download process.
In Fabric OS 4.0.0d or higher, the -s option can be used on a SilkWorm 12000. This allows a single
CP to be upgraded at a time. Use this command first on the Standby CP and then the Active CP.
As of Fabric OS 4.1.2, the -s option is supported on the SilkWorm 3900.
It is recommended to use the command line when using the -s option.
When complete, about 20 minutes, use firmwareshow to display current firmware versions.
poc165:admin>
Local CP (Slot 5, CP0): Active
Primary partition: v4.1.0
Secondary Partition: v4.1.0
Remote CP (Slot 6, CP1): Standby
Primary partition: v4.1.0
Secondary Partition: v4.1.0
When upgrading from Fabric OS 4.1/4.2 and later, the process is non-disruptive. This is much faster on the SilkWorm 12000
as there are two CPUs and two fabric state images, one per CP. The standby simply becomes the active during the failover.
Thus, the impact on a production fabric is much less, when using these bladed platforms. When upgrading from Fabric OS 4.1
and beyond, use hashow first before launching firmwaredownload. The hashow output should display as follows on
Fabric OS 4.1.
poc165:admin> hashow
Local CP (Slot 6, CP1): Standby
Remote CP (Slot 5, CP0): Active
HA enabled, Heartbeat Up, HA State synchronize
This means that a firmwaredownload will be allowed to start non-disruptively. If hashow displays anything else, the
firmwaredownload will not start.
Caution: Do not attempt to load Fabric OS 4.x on a switch currently running Fabric OS 2.x or 3.x. Reference the Brocade
Fabric OS Procedure Guide for Fabric OS upgrade process for your switch type. Fabric OS versions 3.1/4.1 and
greater have a feature called firmware watermarking. This prevents other Fabric OS firmware versions
from writing over it.
Firmware Activation (SilkWorm 3900, 3250, 3850) 0 (seconds) Between 30-50 seconds
Note: The SilkWorm 3900, 3850 and 3250 each have one processor, therefore failover does not apply.
In order to facilitate this, the environment must be stable for synchronization to occur. After initial power up, the SilkWorm
12000/24000 waits for a stable environment before attempting to synchronize the state between the two CPs. If the switch is
standalone, then the system requires 3 X FS_TOV or 15 seconds. After this time, whenever a change is detected the Active CP
updates the standby with the required information.
7.2.2. HA Caveats
HA is available only in Fabric OS 4.1 or later. Telnet commands run during non-disruptive failover should be reissued, as the
sessions will be dropped. Within a maximum 30 seconds, IP will restart. I/O continues through the fabric while this process
takes place. Port LED Lights may stop blinking but the I/O will still continues. Also note that the firmwaredownload
process will still take the same amount of time as before. On the SilkWorm 3900/3850/3250 Non-Disruptive Code load, takes
longer since there is only one processor.
7.2.3. HA Commands
As a result of HA capability several commands have been developed. The most important command is hashow. This displays
the state of the HA present on the local switch. The older HA mode is still supported, but not recommended. The four
commands are, haShow, haSyncStart, haSyncStop, and hadump. The rest of this section will discuss these
commands and provide examples of usage.
When the SilkWorm 12000/24000 does not have synchronized CPs, haShow will display the following output:
poc165:admin> hashow
Local CP (Slot 5, CP0): Active
Remote CP (Slot 6, CP1): Standby, Healthy
HA Enabled, Heartbeat Up, HA Not Synchronized
HaSyncStart is used to re-activate synchronous HA between the CPs. It only needs to be executed after an haSyncStop.
Here is an example of usage and output.
poc165:admin> hasyncstart
Start synchronize ...
done
poc165:admin> 0x223 (fabos): Switch: 0, Info FSS_ME-FORCELOG, 4, Software is in sync!
Hadump is a supportability command that displays HA related logging information. Hadump should not have to be used by
the general SAN administrator. It is really meant to be a troubleshooting tool for technical support.
The following HBA Vendors and Operating Systems were tested. For the latest support, please consult your switch vendor.
Table 7-2 Tested Boot Over SAN Configurations.
CF usage on the primary partition is now monitored on a regular basis by a cron job that is run at consistent time intervals. If
the CF utilization is >= 80%, then a warning message is entered into the persistent error log, and the offending files are
truncated to 0 bytes. If the CF utilization is still >= 80% after the truncation, a warning message is sent to all active Telnet
sessions, the console, and the persistent error log. The persistent error log will contain the CF utilization percentage as well as
a warning message. Other potential offending files are checked and truncated as needed. In addition to these steps, a new file
system will be used on each Fabric OS 4.2 based switch. This will allow for improved space management and file handling.
7.5.1. Pathinfo
The pathinfo command provides traceroute functionality for the SAN. It allows the paths to be discovered and viewed in a
usable manner. The previous method of tracing paths used urouteshow.
The fabric topology information is actually known at every switch, however FSPF routing is known only locally; there is no
global, end-to-end routing table. In this context, end-to-end refers to a source switch with connected E_Ports and a destination
switch also with connected E_Ports and connected devices. In general, each switch in the fabric contains a table of routes that
enable frames to be forwarded to adjoining switches. If desired, an end-to-end routing table can be constructed by logging into
every switch and reading the local routing tables. Pathinfo simplifies this task by providing a flexible command line and an
interactive menu. This interactive menu is displayed by default if no arguments are supplied.
PathInfo provides additional routing information including.
• Destination port state
• Link statistics for every hop from source to destination
• Link utilization for each hop from source to destination
value = 3 = 0x3
An example of this is shown next. Note that if no devices are attached to the destination port being used as the argument, the
error message displayed is target port not active. Normally this does not mean that no frames are being passed to the device or
that it is not online, it simply means no device is attached. If a device is attached, this may mean the device is not online.
ess031:admin> pathinfo 32, -1, 14
Guideline: For determining complex path information quickly and easily, create or use a diagram of the SAN fabric
with labeled ISL connections and device locations. This simplifies the process of gathering the
appropriate pathinfo arguments. Use -1 as the argument for an embedded switch port.
This next example shows how to display the return path. Use the –r option as shown. Depending on the fabric topology, it may
not be the same as the outbound path. The following example shows that the reverse path in this case is equivalent.
ess031:admin> pathinfo "-r", 32, -1, 13
Reverse path
3 13 32 (ESS032) 6 2G 500
4 5 93 (ess093) 23 1G 1000
5 9 31 (ess031) E - -
value = 5 = 0x5
If no parameters are given, the PathInfo command works in interactive mode. The menu is displayed much like the configure
command. Interactive mode allows more parameters to be specified. The choices are shown below with default values.
• max hops (default = 25)
• domain (required)
• source port (default = embedded)
• destination port (default = embedded)
• enable basic statistics (default = no)
• enable extended statistics (default = no)
• trace reverse path (default = no)
• source route (default = no)
• strict source routing (may be specified if source route enabled)
• timeout (default = 5 seconds)
The interactive mode menu is shown with various choices being made are shown in the following output:
ess031:admin> pathinfo
Pathinfo can also be used in advanced mode to display basic statistics. The following example shows partial output with
extended statistics for one hop.
Hop In Port Domain ID (Name) Out Port BW Cost
---------------------------------------------------------
1 23 93 (ess093) 5 2G 500
Port 23 5
Tx Rx Tx Rx
-----------------------------------------------
F/s (1s) 0 0 0 0
F/s (64s) 0 0 0 0
Words 9270 8003 9296 9741
Frames 435 450 544 535
Errors - 0 - 0
7.5.2. Wwncardshow
This root level command provides information about information stored in the World Wide Name Card found on the
SilkWorm 12000 and 24000, thus it only works on Fabric OS 4.2 or greater. wwncardshow only accepts IPdata as a parameter.
When executed with this parameter it will only show the IP configuration stored in the WWN Card.
Note: Currently this command can be executed only when logged on as root.
7.5.3. Cfgtransabort
Note: cfgtransabort is available in Fabric OS 2.6.2, 3.1.2 and 4.2 and higher.
With larger fabrics, zoning configuration changes may take a period of time to complete. At certain times, it may be desired to
abort the changes from occurring. This is achieved with cfgtransabort. This is new to Fabric OS 4.2. To use this
command, the transaction id must be known. This is gathered from the cfgtransshow command. A typical sequence is
shown below:
switch:admin> cfgtranshow
++Outstanding Transactions++
23426
Fabric OS 4.2 have included enhancements to the sfpshow command. Fabric OS 2.x executes on switches use the older GBICs
and not SFPs, so this command does not apply. Fabric OS 3.1.2 does not have this option. sfpshow -all displays
extensive information including connector type, supported baud rate, encoding scheme, transceiver information, and vendor
information. The output from this command provides helpful online documentation.
Guideline: It is not recommended to issue this command for troubleshooting. It does however provide great online
documentation for support purposes. Because the output is so voluminous, it is helpful to capture
sfpshow -all to a text file and perform searches on the appropriate information.
7.5.5. Quietmode
Note: Quietmode is available in Fabric OS 2.6.2, 3.1.2 and 4.2 and higher.
Quietmode has been used on Fabric OS 2.x and 3.x for quite some time. This command suppresses output from various
Fabric OS processes and daemons. To turn off quietmode, use an argument of 0. To turn it on, use an argument of 1. No
argument displays the current setting. This command is useful if large amounts of output is being displayed to the screen while
commands are being issued. The Fabric OS 4.2 implementation is similar to, but not identical to, the Fabric OS 2.x and 3.x
quietmode commands. Unlike Fabric OS 2.x or 3.x, some error and debug messages may not be suppressed. The console log
output will not be suppressed. One minor change has occurred in v2.6.2 and v3.1.2. For these Fabric OS versions, syslog is no
longer suppressed in quietmode.
Guideline: Use quietmode when output of Fabric OS processes are needed. If being used to suppress Fabric
Watch messages, be aware that Fabric Watch can be tuned to provide the right level of output. This is
discussed in Chapter 13, Brocade Fabric Watch Overview. Also, refer to the Fabric Watch Guidelines
technical guide for details.
7.5.6. Nscamshow
Nscamshow shows the non-local device name server registration on all of the other switches in the fabric. This is useful to
identify other devices on other switches. The count variable shows the number of devices that are registered. Note that the core
switch, int63 in the example below, does not have any name server entries, as it only has other switches attached to it.
Guideline: To view all devices registered with each local name server use nscamshow on a core switch (with no
attached devices) in a Core/Edge fabric. For other topologies, use nsshow to view all device
registrations with the local name server in addition to nscamshow. Normally all attached hosts, storage
and other devices such as in-band storage management stations, SCSI/FC bridges, tape drives will be
shown.
int170:admin> nscamshow
Switch entry for 63
state rev owner
known v410 0xfffcaa
Device list: count 0
No entry is found!
7.5.7. Portloginshow
The command portloginshow displays the Fibre Channel services for which a device has registered. In the command
output, there will be one login record per service. As shown in the example, which in this case is an HBA, there are two
entries. One is for the FLOGI to the well-known address FFFFFE, which is the Fabric Port Login service for fabric
registration, (that provides the 24-bit PID address). The other is for the PLOGI to the well-known address FFFFFC, which is
the name server.
int195:admin> portloginshow 6
Type PID World Wide Name credit df_sz cos
-----------------------------------------------------
fe c30600 10:00:00:00:c9:24:f5:f9 64 2048 c scr=3
fc c30600 10:00:00:00:c9:24:f5:f9 12 2048 c c2sema=0x100ba770
The credit on the first entry is in reference to BB_Credit (buffer-to-buffer credit), on the second it references the EE_Credit
(end-to-end credit). COS represents the class of service a bit map column that is displayed in hex. The SCR is in reference to a
state change registration with a class of 3.
This next example shows a different HBA. The df_size refers to the FC maximum payload size, for this HBA it is 2048 bytes.
For all HBAs, this is a typical value.
sialab90:admin> portloginshow 8
Type PID World Wide Name credit df_sz cos
-----------------------------------------------------
fe 5a0800 10:00:00:00:c9:2b:4f:75 16 2048 c scr=3
This command is also useful to display all of the devices that are logged into a port. For JBODs, which are Fibre Channel loop
devices, this is invaluable as each PID (with the AL_PA) is shown. In the example, a JBOD is attached to port 15 on a
SilkWorm 3800 with Fabric OS 3.1. Note that the AL_PA and port WWNs are in a tabular list and thus are easily identified.
Df_size refers to the maximum Fibre Channel payload size, for the JBOD it is 2112 bytes, the largest possible.
int170:admin> portloginshow 15
Type PID World Wide Name credit df_sz cos
-----------------------------------------------------
ff aa0fef 22:00:00:20:37:15:1f:f7 0 2112 8
ff aa0fe8 22:00:00:20:37:e6:9a:a3 0 2112 8
ff aa0fe4 22:00:00:20:37:e6:9a:84 0 2112 8
ff aa0fe2 22:00:00:20:37:e6:9a:7d 0 2112 8
ff aa0fe1 22:00:00:20:37:e6:99:be 0 2112 8
7.5.8. PortCamShow
Note: PortCamShow is only available in Fabric OS 3.1/4.1 and later.
In some environments, exceeding the total cached limit of 64 SIDs and 512 DIDs per quad may be an issue. If the limit is
exceeded, there is no impact to I/O and the zoning enforcement reverts to session level enforcement. In order to address this
need, Brocade created a command to monitor these values. This command is called PortCamShow. It displays the number of
Fibre Channel SIDs and DIDs used out of the maximum possible. One useful tip is to use nsaliasshow along with
PortCamShow to identify what devices are allowed to see each other. In this example, there is an HBA zoned to a single
storage port by port WWN.
First use nsshow to find out the PID of the HBA and in which quad it is located. For this case, it is 5a0800.
sialab90:admin> nsaliasshow
{
Type Pid COS PortName NodeName TTL(sec)
N 5a0800; 2,3;10:00:00:00:c9:2b:4f:75;20:00:00:00:c9:2b:4f:75; na
FC4s: FCP
Fabric Port Name: 20:08:00:60:69:51:0f:2b
Aliases: int124_w2k_B
The Local Name Server has 1 entry }
PortCamShow with no argument displays the used SID/DID on every port as shown.
sialab90:admin> portcamshow
Port 0 to Port 15:
-----------------------------
Port SID used DID used
0 0 0
1 0 0
2 0 0
3 0 0
4 0 0
5 0 0
6 0 0
7 0 0
8 2 2
9 0 0
10 0 0
11 0 0
12 0 0
13 0 0
14 0 0
15 0 0
-----------------------------
Quad ports (SID Free, DID Free)
0-3 (64, 512) 4-7 (64, 512) 8-11 (64, 512) 12-15 (64, 512)
Using the port number as the argument for PortCamShow (in this case 8) shows the number of SID/DID used, 24-bit address
of each device that is in the SID and DID tables and the total SID/DID entries that are free.
7.5.9. Portzoneshow
Note: Portzoneshow is only available in Fabric OS 3.1/4.1 and later.
The command Portzoneshow shows how the zoning on the ports is enforced. An example is shown below. From the output
shown in the example, note that port 8 is HARD enforced by WWN. This is shown in bold. Also note that although not able to
be zoned E_Ports are displayed as well.
sialab88:admin> portzoneshow
Local Zoning Port-level information:
PORT: 0 enforcement: E-Port defaultSoftZone: 0 defaultHardZone:0
PORT: 1 enforcement: E-Port defaultSoftZone: 0 defaultHardZone:0
PORT: 2 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
PORT: 3 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
PORT: 4 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
PORT: 5 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
PORT: 6 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
PORT: 7 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
PORT: 8 enforcement: HARD WWN defaultSoftZone: 0 defaultHardZone:0
PORT: 9 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
PORT: 10 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
PORT: 11 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
PORT: 12 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
PORT: 13 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
PORT: 14 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
PORT: 15 enforcement: Not Zoned defaultSoftZone: 0 defaultHardZone: 0
This is the output on a SilkWorm 3900. Note there is some additional information, as the port type is shown. Only partial
output is shown.
int219:root> portzoneshow
PORT: 26 Enforcement: HARD PORT defaultHard: 1 F-port: 1
PORT: 27 Enforcement: HARD PORT defaultHard: 1 F-port: 1
PORT: 28 Not Zoned
PORT: 29 Not Zoned
PORT: 30 Not Zoned
PORT: 31 Not Zoned
7.5.10. Nodefind
Note: Nodefind is only available in Fabric OS 3.1/4.1 and later.
The command Nodefind provides device searching capability within a single fabric. An example is shown below. In order to
find the location of a node, the WWN of interest must be known. The command returns the 24-bit port ID of the device. The
first 8-bits is the switch domain. The second 8-bits is the port number.
sialab89:admin> nodefind "10:00:00:00:c9:30:d0:62"
db1a00
1 device with wwn 10:00:00:00:c9:30:d0:62 }
sialab89:admin>
In this example the Domain ID is db and the port number is 1a. To get effective use of the command, issue fabricshow.
Fabricshow assists with finding the switch the device is on. The switch in the ID column with db as the last byte identifies
the switch. Looking at the Name column (bold) reveals that the switch name where the device is located is int219. The port
number is already known as 1a in hex which is 26 in decimal. Thus the device is on switch int219, port 26.
sialab89:admin> fabricshow
Switch ID Worldwide Name Enet IP Addr FC IP Addr Name
-------------------------------------------------------------------------
64: fffc40 10:00:00:60:69:80:4d:fd 192.168.162.64 0.0.0.0 "int64"
89: fffc59 10:00:00:60:69:51:10:42 192.168.155.89 0.0.0.0 "sialab89"
90: fffc5a 10:00:00:60:69:51:0f:2b 192.168.155.90 0.0.0.0 "sialab90"
195: fffcc3 10:00:00:60:69:10:93:14 192.168.162.195 0.0.0.0 "int195"
196: fffcc4 10:00:00:60:69:10:62:2c 192.168.162.196 0.0.0.0 "int196"
219: fffcdb 10:00:00:60:69:90:04:1a 192.168.162.219 0.0.0.0 >"int219"
The Fabric has 6 switches
7.5.11. Nsaliasshow
Note: Nsaliasshow is only available in Fabric OS 3.1/4.1 and later.
Nsaliasshow is very much like nsshow. The only difference is that the zone alias is now displayed in the output. Be aware
that this is not the port name assigned by portname. The example shows the Alias name assigned through zoning in bold.
sialab90:admin> nsaliasshow
{
Type Pid COS PortName NodeName TTL(sec)
N 5a0800; 2,3;10:00:00:00:c9:2b:4f:75;20:00:00:00:c9:2b:4f:75; na
FC4s: FCP
Fabric Port Name: 20:08:00:60:69:51:0f:2b
Aliases: int124_w2k_B
The Local Name Server has 1 entry }
7.5.12. Cfgactvshow
Note: Cfgshow (or zoneshow) is only available in Fabric OS 3.1/4.1 and later.
Cfgshow (or zoneshow) can be lengthy. It shows all the alias names and member, zone names and members and every
zoning configuration defined. To enhance the usability of viewing zoning information at the command line, cfgactvshow
was created. Cfgactvshow displays only the active configuration and the zones that are defined that are part of it. As shown
in the example, this provides a summary of which devices are defined in the active zoning configuration.
sialab90:admin> cfgactvshow
Effective configuration:
cfg: bkup_cfg_B
zone: int121_B
10:00:00:00:c9:24:f5:f9
20:04:00:a0:b8:07:5d:c7
zone: int124_B
10:00:00:00:c9:2b:4f:75
20:04:00:a0:b8:07:5d:c7
zone: int202_B
50:06:0b:00:00:0a:48:84
20:04:00:a0:b8:07:5d:c7
7.5.13. NsZoneMember
Note: Nszonemember is only available in Fabric OS 3.1/4.1 and later.
Nszonemember displays the zoned members, both local and remote, for a particular device. For the purposes of this
command, the port ID identifies the device for which the zoned members are to be identified.
First determine the port ID (PID). To find this information for a particular device on the fabric that is of interest use
nsaliasshow. This will not only show the PID but the device zoning alias name as well. In the example, an HBA was
picked on Fabric A that is in the host int124. The desire was to find out what storage was supposed to be seen.
sialab88:admin> nsaliasshow
{
Type Pid COS PortName NodeName TTL(sec)
N 580800; 2,3;10:00:00:00:c9:29:04:8f;20:00:00:00:c9:29:04:8f; na
FC4s: FCP
Fabric Port Name: 20:08:00:60:69:51:0e:0a
Aliases: int124_w2k_A
The Local Name Server has 1 entry }
Once the PID of the device is known, use it as the argument of Nszonemember. Note that in this case there are no local or
remote storage devices zoned with the HBA.
sialab88:admin> nszonemember "580800"
No local zoned members
No remote zoned members
A function of Fabric OS 4.1 (and later) is the ability to do port swapping on a local switch in a fabric. For users of Operating
Systems that use the PID for persistent binding, this function adds a lot of value. Now, if for troubleshooting purposes, the port
of the host HBA needs to be moved on the same switch, the cable can be moved without the PID changing. Some hosts require
a reboot for certain operating system commands to be executed if the PID changes. An example will be shown to illustrate the
steps required to perform a swap. This section will provide and overview of port swapping and provide guidelines on its usage.
2. Disable the ports that are to be swapped. In this case, the ports are 14 and 15. For the SilkWorm 12000 use physical slot
number/port number. As an example, portdisable 1/14 will disable port 14 on physical slot 1.
int219:admin> portdisable 14
int219:admin> portdisable 15
3. Swap the ports with portswap. A few moments pass before the configuration completes.
int219:admin> portswap 14 15
portswap done
4. Check to see if the port area numbers are swapped with portswapshow. Note that the swapping is persistent across
power cycles and switch reboots.
int219:admin> portswapshow
PortSwap is enabled
Port Area
====================
14 15
15 14
This completes the swapping of the ports. The cables can now be moved.
5. The final step is to enable both of the ports. Note that the devices will redo the FLOGI and PLOGI as well as go through
the normal registration process.
int219:admin> portenable 14
int219:admin> portenable 15
int219:admin> portswapshow
PortSwap is disabled.
Existing Portswap condition is still effective.
Only future Portswap operations are not allowed.
Port Area
====================
14 15
15 14
2. Disable both ports that are to be re-configured to their original Domain IDs.
int219:admin> portdisable 14
int219:admin> portdisable 15
4. Check the swap configuration to verify that the ports now have their original area numbers.
int219:admin> portswapshow
PortSwap is enabled
Port Area
====================
No ports have been swapped
5. Optional, disable port swapping using portswapdisable. This is the default setting for Fabric OS 4.1.
int219:admin> portswapdisable
int219:admin> portswapshow
PortSwap is disabled.
Existing Portswap condition is still effective.
Only future Portswap operations are not allowed.
Port Area
====================
No ports have been swapped
Note: The portswap information is kept in separate database and thus cannot be manipulated by editing the regular switch
configuration database gathered with configupload.
The command fastboot works on all switch platforms. This is the same as doing a reboot with diagnostics turned off
with diagdisablepost. Diagnostics can be re-enabled with diagenablepost. This reduces the time for it to come
back online.
int219:admin> fastboot
Guideline: Issue the command diagdisablepost if frequent reboots are expected and the switch is not participating
in a production environment. Once the switch is placed in a production environment, it is recommended
to enable POST (Power On Self Test) by issuing the command diagpostenable.
Note: Only non-bladed switches that run Fabric OS 4.x support the reboot and fastboot commands.
int64:admin> switchreboot
int64:admin> Selecting i2c bus...Done.
Stopping all switch daemons...Done.
Releasing i2c bus...Done.
Powering off slot 7...Done.
Powering off slot 8...Done.
Powering off slot 9...Done.
Powering off slot 10...Done.
Checking all slots are powered off....Done.
Cleaning up kernel modules...Done.
Done.
Powering on slot 7...Done.
Powering on slot 8...Done.
Powering on slot 9...Done.
Powering on slot 10...Done.
Checking diagnostics..............................
.......Done.
10 9 8
fabric: Subordinate switch
fabric: Reconfiguration due to Fabric Merge(port 47)
fabric: Reconfiguring at Tue Mar 25 06:48:15 2003
5 4 3 2 1
fabric: Subordinate switch
fabric: Domain 64
NOTE: The commands reboot and fastboot are chassis wide, meaning
both switches get rebooted, for the SilkWorm 12000 and 24000.
Guideline: On the SilkWorm 12000 and SilkWorm 24000, it is recommended that if an Active CP requires a reboot,
that the command hafailover is executed. This makes the process non-disruptive. That way, the
other CP becomes the Active and the new standby can be rebooted non-disruptively.
Note: Supportshow command groups are only available in Fabric OS 3.1/4.1 and later.
Supportshow can be run with any combination of 11 command groups. This makes Supportshow more flexible and
easier to capture the desired information.
If required for support reasons, supportshow can always be reconfigured to display additional information. Commands for
the FC Fabric command group 4 are listed in Table 7-4.
Table 7-4 Command Group 4
fabricShow qlShow
islShow cfgShow
trunkShow fabStatsShow
topologyShow fabLogDump
faShow
This section will provide some guidelines on setting up supportshow command groups and make a recommendation on
which ones to use. By default, eight command groups are enabled for supportshow. These are shown by
supportshowcfgshow output below. This command can be run as admin or root. Changes to the supportshow
configuration can only be made as the root user.
int219:root> supportshowcfgshow
os enabled
exception enabled
port enabled
fabric enabled
services enabled
security enabled
network enabled
portlog enabled
system enabled
extend disabled
filter disabled
perfmon disabled
Note: If using Secure Fabric OS, do not disable the security command group as shown. Even the remaining groups will
generate a lot of output.
Finally, verify the setting with supportshowcfgshow. The output that should be seen is shown in the following example.
int219:root> supportshowcfgshow
os disabled
exception enabled
port disabled
fabric enabled
services enabled
security disabled
network disabled
portlog disabled
system enabled
extend disabled
filter disabled
perfmon disabled
int219:root>
To clarify the groups being used, please refer to Table 7-5. The security group is for Secure Fabric OS support information and
it is group 6.
Table 7-5 Group Name and Number
fabric 4
services 5
security 6
system 10
Table 7-6 is a summary of the supportshow configuration commands and the function they perform. Once again, only the
root user is allowed to make changes.
Table 7-6 Supportshow Configuration Commands
supportShowCfgShow Displays list of command groups and whether they are enabled.
For all supportShow output, no matter how its configured, there are certain commands that will always be executed. These
are, in the order of execution date, version and supportshowcfgshow.
Enabling and disabling is persistent except for filter and extended groups. This is not a concern since those two command
groups are rarely used. Two command groups have only one member. The exception group has errdump. The portlog group
only has portlogdump.
Note: Supportshow for Fabric OS 4.2 and later, includes output for FICON enabled switches, enhanced portlogdump
output, and portswapshow and dbgshow have been added to the System Group. For usage guidelines and a
comprehensive discussion of supportshow for recent versions of Fabric OS, refer to the Supportshow Reference
Guide. No substantial changes have taken place for Fabric OS 2.6.2 or 3.1.2.
The change management tool trackChangesSet allows SAN administrator to track successful and unsuccessful logins,
logouts and configfile changes via a log file or SNMP on a local switch. It is disabled by default and must be admistratively
turned on by trackChangesSet. Refer to 7.6.2. Track Changes on page 7-22.
This example shows trackchangesshow. It displays the default setting.
int170:admin> trackChangesShow
Track changes status: OFF
Track changes generate SNMP-TRAP: NO
The example shows how to turn on track changes but not use SNMP to send traps.
int170:admin> trackChangesSet 1, 0
0x102d7450 (tShell): Mar 28 04:12:08
INFO TRACK-TRACK_ON, 4, Track-changes on
Committing configuration...done.
0x102d7450 (tShell): Mar 28 04:12:11
INFO TRACK-CONFIG_CHANGE, 4, Config file change from task:tShell
Now trackchangesshow now shows the logging capability enabled. Note that SNMP is still turned off.
int170:admin> trackchangesshow
Track changes status: ON
Track changes generate SNMP-TRAP: NO
With failed logins, the information is logged to the screen after the unsuccessful login as shown.
Login incorrect
Use errshow to display the changes. As stated in the Fabric OS Procedures Guide (part number: 53-0000518-02), by default
there are only 1024 entries. By default, the errlog is cleared after a reboot. With Fabric OS 3.1 and 4.1, this log can be
expand to 2048 entries maximum and set to be persistent.
int170:admin> errshow
Error 27
--------
0x102d7450 (tShell): Mar 28 04:25:31
INFO TRACK-LOGIN, 4, Successful login
Type <CR> to continue, Q<CR> to stop:
Error 26
--------
0x102d7450 (tShell): Mar 28 04:23:50
INFO TRACK-FAILED_LOGIN, 4, Unsuccessful login
Error 25
--------
0x102d7450 (tShell): Mar 28 04:23:50
INFO SEC-SECVIOL_LOGIN, 4, Security violation: Login failure attempt via TEL
NET. Peer IP: 192.168.162.211
Error 15
--------
0x102d7450 (tShell): Mar 28 04:20:02
INFO TRACK-LOGIN, 4, Successful login
Error 14
--------
0x102d7450 (tShell): Mar 28 04:19:53
INFO TRACK-LOGOUT, 4, Logout
Note: Fabric OS 3.1/4.1 and later allow three unsuccessful logins before disconnecting the current telnet session.
int170:admin> switchshow
switchName: int170
switchType: 9.1
switchState: Offline
switchMode: Native
switchRole: Disabled (Persistent)
switchDomain: 170 (unconfirmed)
switchId: fffcaa
switchWwn: 10:00:00:60:69:50:10:90
switchBeacon: OFF
Zoning: ON (bkup_cfg_A)
port 0: id N2 In_Sync Disabled
port 1: id N2 In_Sync Disabled
port 2: -- N2 No_Module Disabled
port 3: -- N2 No_Module Disabled
port 4: id N2 No_Light Disabled
port 5: id N2 No_Light Disabled
port 6: -- N2 No_Module Disabled
port 7: -- N2 No_Module Disabled
port 8: -- N2 No_Module Disabled
port 9: id N2 No_Light Disabled
port 10: id N2 No_Light Disabled
port 11: id N2 No_Light Disabled
port 12: id N2 No_Light Disabled
port 13: id N2 No_Light Disabled
port 14: -- N2 No_Module Disabled
port 15: id N2 In_Sync Disabled
Note that portcfgshow still shows all ports as not disabled. This is fine, since the switch as a whole is disabled.
nt170:admin> portcfgshow
Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
-------------------+--+--+--+--+----+--+--+--+----+--+--+--+----+--+--+--
Speed AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN
Trunk Port ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON
Long Distance .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
VC link init .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked L_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked G_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Disabled E_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Persistent Disable .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
ISL R_RDY Mode .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
where AN:AutoNegotiate, ..:OFF, ??:INVALID.
LM:L0.5
To re-enable the switch persistently, use switchCfgPersistentEnable. Note that the fabric must re-configure after it is
brought back online.
int170:admin> switchCfgPersistentEnable
Committing configuration...done.
Command in progress
fabric: Subordinate switch
fabric: Domain 170
. . . . . . . . . . . . . . done
Note: If the switch is re-enabled with switchenable it will be enabled temporarily. The next power cycle, reboot or
fastboot will cause the switch to be disabled, persistently. This is because the state of the switch is now stored in
the flash non-volatile memory.
Use portCfgPersistentDisable to persistently disable a port. Use portcfgshow to check the status. An example of
this that shows port 7 being disabled persistently is shown next.
int170:admin> portCfgPersistentDisable 7
Committing configuration...done.
int170:admin> portcfgshow
To re-enable a port persistently, use portcfgpersistentenable. To temporarily enabled a port, use portenable.
int170:admin> portcfgpersistentenable 7
Committing configuration...done.
int170:admin> portcfgshow
Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
-------------------+--+--+--+--+----+--+--+--+----+--+--+--+----+--+--+--
Speed AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN
Trunk Port ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON
Long Distance .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
VC link init .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked L_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked G_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Disabled E_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Persistent Disable .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
ISL R_RDY Mode .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
where AN:AutoNegotiate, ..:OFF, ??:INVALID.
LM:L0.5
Note that portcfgdefault will turn off persistent disabling of a port. The command portenable is required to enable
the port. Portcfgdefault will set all other port settings to default values. This sequence is shown in Figure 7-7.
int170:admin> portCfgPersistentDisable 7
Committing configuration...done.
int170:admin>
int170:admin> portcfgdefault 1
Committing configuration...done.
int170:admin> portcfgshow
Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
-------------------+--+--+--+--+----+--+--+--+----+--+--+--+----+--+--+--
Speed AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN
Trunk Port ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON
Long Distance .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
VC link init .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked L_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked G_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Disabled E_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Persistent Disable .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
ISL R_RDY Mode .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
where AN:AutoNegotiate, ..:OFF, ??:INVALID. LM:L0.5
int170:admin> portenable 1
Warning: When a portcfgpersistentdisable is done on an enabled E_port, a fabric reconfiguration may occur.
This is the same behavior as the portcfgdisable command. Persistently disabling groups of ports is not
supported. Each port must be persistently disabled individually.
7.6.4. FDMIshow
FDMI stands for Fabric Device Management Interface. This function provides the ability to manage the HBA’s in-band using
Fibre Channel. This capability is a result of a Brocade partnership with Emulex. FDMI is supported on all versions of Fabric
OS and is fully backward compatible with all other versions of Fabric OS. There are two commands (fdmishow and
fdmicacheshow) that support this function. FdmiShow displays local FDMI information that include, local HBAs, HBA
port list, HBA attributes and Port attributes. FdmiCacheShow displays remote FDMI information such as Remote HBAs and
Remote HBA port lists.
To use the FDMI feature both the firmware on the HBA and switch must support it. For the Brocade SilkWorm Switches, the
Fabric OS version must be at 3.1 or higher or 4.1 or higher. If the Emulex HBA does not support FDMI, the following entries
will exist from fdmishow and fdmicacheshow.
int170:admin> fdmishow
Local HBA database contains no entry.
Local Port database contains no entry.
Remote HBA database contains no entry.
Remote Port database contains no entry.
int170:admin> fdmicacheshow
Switch entry for domain 63
state: known
version: v410
wwn: 10:00:00:60:69:80:4d:fc
No devices.
Total count of devices on the switch is 0
Switch entry for domain 75
state: unsupported
version: v260
wwn: 10:00:00:60:69:10:10:9d
No devices.
Zone Administration
Sw itch information
Netw orkconfiguration
Firmw are/Configuration upload/ dow nload
SNMP setup
License Administration
Fabric parameter configuration
Routing, DLS and IOD setup
Port Adm inistration
API T ools
Fabric Manager
Web T ools
Brocade SilkWorm series switches offer industry standard interfaces. Management tools have been developed using these
interfaces. These interfaces are briefly discussed here.
8.3.4. SNMP
SNMP is a standard protocol that SNMP manager uses to monitor their Fibre Channel SAN. SNMP manager is responsible for
managing SNMP agents remotely. A manager is capable of querying agents, setting variables, getting responses and
acknowledging asynchronous events (traps) from agents in the network. All brocade fabric switches support SNMPv1C and
capable of responding to SNMPv2C commands using SNMPv1 community names.
Fabric Checking
• Retrieve and save the current state of the fabric.
• Retrieve and save the ISL information including trunking.
• Detect and display the differences between the current and the saved states.
• The Fabric Manager database preserves application specific data such as fabric/switch/port/group names, group
memberships, re-boot sequences and existing license keys across sessions. The data is made available for subsequent
Fabric Manager sessions.
Complete Fabric Backup and Compare
• The Fabric Manager backup process creates a complete backup file of the existing fabric configuration that includes
switch configuration, license keys, fabric configuration etc.
• Compare with a baseline saved file to identify any change.
Event Monitoring
• Monitor ISL connectivity, Fabric and Switch health status.
• Displays Error log events and propagates status upwards within user-defined groups.
• Displays Fabric Watch events.
Call Home support
• Client side-GUI allows user to configure the Call Home trigger conditions.
• Server monitors a user-configurable set of switches for changes/events in order to send a request for action based on
configured parameters.
Secure Fabric OS Policy Management
• This feature is enabled only if Fabric is operating in Secure Mode using Brocade Secure Fabric OS 4.1.0 or higher.
• The fabric security is managed by defining Secure policies. Policies can be created or modified when operating in
secure mode.
Switch/Port Administration
• Invokes Advanced Web Tools from a specific switch to perform switch/port level management.
• Telnet window provides a command line interface.
• Fabric switches and ports can be renamed.
• Fabric switches and ports can be enabled/disabled.
• Switch login credentials are saved for a specific session. Maintain session once authentication with a switch has
succeeded. The same credentials can be used across multiple switches.
• Time synchronization across all fabric switches.
Client workstations
Fabric ManagerServer
Note: Each Fabric Manager Server can support up to five Fabric Manager Clients.
Note: When monitoring more than 30 switches while using the Call Home feature it is recommended to install Fabric
Manager Server on a dedicated machine.
Note: 1 Fabric Manager server becomes a member of the domain specified during the Fabric Manager server installation. A
DNS server IP address can also be entered here. To find the Domain name to use as the windows authentication domain
that must be specified during installation, open DOS window and enter “set”. The alias USERDOMAIN indicates the
active domain.
Note: 2 The Default starting port number is 24600. It requires six consecutive free ports to work correctly. In this case the
default free port address range is 24600-24606. To change port assignment, make sure six consecutive ports are free.
Document the new starting port number, as it is required during the client installation.
Warning: If the client and server are residing in different domains, both domains must have trust established between them,
or Fabric Manager will not be able to authenticate the client. Please take a precautionary note that the domain is
referenced to the domain name Microsoft uses for authentication, it is not an internet domain such as
corp.mycompany.com.
Warning: In a Windows environment, if the server is not a member of the specified domain, Fabric Manager authentication
will succeed for any user credentials, compromising the security of the Fabric Manager Server. Windows guest
user permissions must be disabled and a domain must be specified. For instructions on disabling guest user
permissions, refer to Microsoft Windows documentation.
Warning: Solaris: Enter your NIS hostname or IP address and domain name for the Fabric Manager server user
authentication. If the NIS server host name or IP address is not assigned, and no NIS server exists on the same
subnet as the Fabric Manager server, all authentication requests will fail. Valid domain names can include no more
than 67 characters (including: .com, .net, .org at the end). Only alphanumeric values and dashes (-) are allowed.
Spaces and other characters are not permitted.
Warning: The client polls the fabric information directly, therefore the client must be able to access each switch via Ethernet
IP connection. Make sure the network environment does not have a proxy server or firewall between the client
and server and the switches. If one exists, ensure that the access is properly setup.
Warning: In order to monitor switches for Call Home events, only the server needs IP connectivity to the switches.
Warning: Failure to enter a starting port-number and/or finding the consecutive six ports free will cause server not to start
up correctly.
Guideline: HTTP (tcp port 80) protocol must be enabled on every switch that needs to be discovered, monitored,
and configured via Fabric Manager. Fabric OS supports a maximum of five simultaneous HTTP
sessions on a switch. The HTTP sessions are leveraged by each copy of Fabric Manager and Web
Tools on a switch.
Guideline: For firmware download specific features to function, TCP/UDP ports 20 and 21 must be free.
Guideline: For Fabric Manager features set time, Security and FDMI to function, TCP/UDP port number 111 (rpc
mapping) and ports 600-1023 must not be blocked by a network firewall or proxy server.
Guideline: Fabric Manager features available on Fabric OS versions 4.2 /3.1.2 may not be available on previous
versions. It is always a good practice to upgrade Brocade SilkWorm switches to the latest Fabric OS
release.
Guideline: To monitor fabric health, a Fabric Watch license must be installed and Fabric Watch parameters must
be setup and enabled correctly on all fabric switches. Please refer to the Brocade Fabric Watch
Guidelines for threshold setup planning.
Guideline: Basic Performance Monitoring does not require any license, however Advanced Performance
Monitoring requires the activation of the Advanced Performance Monitoring license.
Guideline: Secure Fabric Policy management features are only applicable to fabrics configured to operate in
Brocade Secure Fabric mode.
FabricElement Discovery
Connectivity display selection
Fabric Manager Function management menu
Information ViewWindow View tabs
SAN Element Window Icon color represents current status T opology view
Note: For a complete set of Fabric Manager features please refer to Brocade Fabric Manager User's Guide v4.1.
Note: Make sure the current firmware version on all switches is qualified for the firmware upgrade. Contact your switch
provider for details.
Guideline: A firmware upgrade from Fabric OS 2.6.x and 3.1.x require the switch to reboot. This will result in a
fabric re-configuration. To prevent more than one fabric from rebooting simultaneously, limit the group
membership to a single fabric.
Guideline: When upgrading a SilkWorm 12000 which is utilizing both domains, only include one domain in a group.
Both CP0 and CP1 gets updated automatically.
Guideline: Fabric OS version 4.1, 4.2 and later support hot code load. Brocade SilkWorm switches using these
Fabric OS versions do not require the switch to reboot after a firmware upgrade.
Figure 9-6 Creating a switch group for 4.x firmware download and adding members
Note: *On a SilkWorm 12000 with two logical switches only one logical switch needs to be included in the group.
The newly created group name “firmware 4.x group of fabric-A” shows up in the SAN element window under the “switch
group” element. When this group is selected, the menu tabs in the Information View window limit the switch monitoring
display to the group members only, as shown in Figure 9-7. This group includes switches that use the same firmware file, and
therefore can be used to download Fabric OS 4.x as described in section 9.6.5. Firmware Download on page 9-18.
Figure 9-7 Firmware 4.x Group of fabric-A member switches only display
Figure 9-8 Creating a port group name “Trunk port Group Fabric-A”
The newly created port group shows up in the SAN element tree under the Port Group element. The Information view window
ports tab shows the current status of the trunk ports of Fabric-A.
Guideline: Organize switches by functions, switch type, firmware (Fabric OS) version or any selected criteria.
Create groups of similar switches and ports so that they can be can be monitored and configured as a
unit. For example, creating a group of same model type fabric switches running the same Fabric OS,
the updating process can be initiated uniformly on a group basis, thus eliminating the need for accessing
each switch individually.
Note: A switch can appear in multiple groups at the same time. Switches remain in a group even when removed from their
source fabrics from Fabric Manager.
Guideline: This time saving and convenient feature must be considered when performing the following Fabric
Manager tasks that impact multiple switches. All Fabric switches that need to be accessed, as a group
must have same user ID and password pre-assigned.
Note: In-order to perform any of the tasks listed above on a switch group, the login must be performed first.
Select Fabric Login from the File menu and select the entire fabric or switch group.Supply user ID and password and depress
Apply button. A successful login status means the switches are reachable by the supplied user ID and password parameters.
Figure 9-11 Firmware download on a switch group name “Firmware 4.x group of fabric-A”
3. Provide the Host IP address, user ID and password.
Host IP address of the server to download firmware file from (ex: 192.168.162.107)
Remote User ID = (ex: root)
Password required for FTP: *******
Firmware file = Provide the complete directory path of the firmware file (ex: \import\fw\v4.x)
Select protocol FTP or rhsd
Guideline: All switches selected for firmware download must be upgraded to the same version of Fabric OS.
Warning: Verify the current OS version(s) of all switches in the group for backward OS compatibility. There may be a switch
in the group whose current code may not be directly upgradable to the latest version. Contact your switch vendor
for details.
Guideline: All Brocade SilkWorm switches selected to simultaneously reboot must reside on the same fabric.
Guideline: Only a single logical switch (either logical switch 0 or logical switch 1) is permitted when upgrading
firmware on a SilkWorm 12000 chassis with two logical switches. Including one logical switch will
upgrade firmware on both CP0 and CP1.
Guideline: Customize the Switch Reboot Sequence to make the new firmware effective with less interruption. For
example, if you have a Core/Edge fabric configuration, you must reboot the Core switch before the Edge
switches. Thus, when the devices connected to Edge switch start the log in process, the fabric is already
stable.
Guideline: TCP/UDP ports 20 and 21 must be available for the firmware download to function correctly.
Warning: When upgrading from Fabric OS v3.0.0/4.0.0 to Fabric OS v3.1.0/4.1.0, any port name changes that have been
made in Fabric Manager are lost. Also, make sure during the firmware upgrade if multiple Fabric Manager clients
are simultaneously active, they do not overwrite each other's port names.
Note: The firmware download process will time out in the event network connectivity to the switch is lost. Switches running
Fabric OS v2.x/3.x have a 25 minute time out period and switches running Fabric OS v4.x have a 30 minute time out
period. No error message is returned when the firmware download process gets interrupted.
Guideline: Reboot the Core (backbone) of a large SAN first, and then reboot Edge switches (remaining sections).
Reboot distant physical locations sequentially.
Guideline: Define a sequence to re-boot the Core switches before the Edge switches, to provide a stable fabric
before connected devices perform fabric login.
Guideline: The fabric consists of SilkWorm 2000 series, 3800 and 3200 switches also require switch reboot to
activate new firmware after firmware download process completion. Rebooting of a switch cause fabric
reconfiguration which is somewhat disruptive in a non_redundant fabric environment. The core switches
of the fabric must be online first for a successful fabric re-configuration. The edge switches that provides
device connection can be re-booted after the core switches are up. The SilkWorm switches using 4.x
code supports hot code load do not require rebooting after firmware download. Therefore exclude these
switches from the reboot sequence.
Note: Fabric Manager considers a fabric stable when all WWNs appear in the fabricshow command output.
2. The sequence is defined to bringup the Fabric-A fabric from a down state. Select all unassigned switches (cntrl+left
mouse button) and move to the group using left arrow button.
Figure 9-17 Fabric-A cold boot sequence group and member switches
4. The switches can be re-ordered using up and down arrow buttons. When done click Apply.
5. The Reboot button will start the reboot sequence in the order defined after a successful login to the switches. The
sequence can also be started from the Tools menu. The following screen shows the reboot process started from the Tools
menu. The switch status is monitored during the reboot process. A successful completion of the reboot process is
represented by a green status. The switches with red status are still in the process of rebooting.
Figure 9-18 Rebooting Fabric-A cold boot sequence Group switch status
Note: Fabric Manager supports up to a maximum of 50 firmware downloads to multiple HBAs simultaneously.
Figure 9-19
Fabric Merge test results are displayed upon completion in status window. It is safe to merge when no inconsistency exists
between fabrics. The following list shows that switch domain-4 exists on both fabrics that must be resolved prior to
actually merging fabrics.
Merge Check Results ---
hds112kA00sw0 merge checked against SW24000_32
DomainIDTest
both fabrics contain domain: 4
Failed Merge Check
TOVTest
Merge Check Successful
BufferBufferCreditTest
Merge Check Successful
DisableDeviceProbe Test
Merge Check Successful
RoutePriorityPerFrame Test
Merge Check Successful
SeqLevelSwitching Test
Merge Check Successful
SuppressClassF Test
Merge Check Successful
LongDistanceTest
Merge Check Successful
InteropMode Test
Merge Check Successful
MgmtServerPlatformTest
Test not applicable.
SecurityTest
Neither fabric has security enabled
Merge Check Successful
FCSPoliciesTest
Not Applicable to subject fabrics.
SCCPolicyTest
Not Applicable to subject fabrics.
DataFieldSizeTest
Merge Check Successful
VCEncodingTest
Merge Check Successful
VC Priority Test
Merge Check Successful
PIDTest
Merge Check Successful
ZoningTest
Zoning Configuration from SW24000_32 will be applied to hds112kA00sw0
Merge Check Successful
Guideline: It is important to establish the current operating mode of both fabrics. If both fabrics are operating in
non-secure mode then perform merge check and resolve any conflict that is reported in results display
window.
Guideline: Merging a Secure fabric with a non-secure Fabric or Merging Secure fabrics requires additional steps
of verifying current security policies. The security policies are fabric wide, therefore all the conflicts that
may arise for the resulting fabric after merging must be resolved.
Note: When a Merge Check is performed between a secure fabric and a non-secure fabric, the message “Not applicable to
subject fabrics” will given as a result for the following tests: Security, FCS Policies, Version Stamp, and Management
Server Platform. Merging a secure and non-secure fabric requires a careful planning based on the current fabric
configurations. These steps are provided in detail in the Brocade Secure Fabric OS Users Guide 4.1.0.
Another obstacle which can prevent fabrics from merging is the zoning configuration. When merging fabrics that use zoning,
the check will identify any zoning mismatches. Launching the Zone Merge Manager tool will highlight all zoning conflicts
between the two fabrics giving the administrator an opportunity to resolve the existing zoning conflicts. The Merge Check
message confirms the resolution by displaying the “Merge check process successful” status.
Guideline: All zoning related conflicts must be resolved between fabrics before extending an Inter Switch Link
(ISL). After Fabric Merge is successfully accomplished verify that each host can access its respective
storage device.
Note: This feature is available at the fabric level only. If a backup for each switch is desired, all switches in the fabric must
be configured individually to transfer files using the upload/download function in Web Tools.
Note: Verify that Fabric Manager has discovered all fabric information before performing a backup. Wait at least 60 seconds
after discovering a fabric before running a backup. This will allow Fabric Manager to discover all ports, devices, and
ISL information. Not waiting the 60 seconds after discovering a fabric before running a backup may result in
incomplete results when running a backup compare.
1. From Fabric Manager Action menu select backup. Specify the backup file path.
2. Backup now button initiates the backup process.
Figure 9-21 Figure - Specifying file path and starting backup process on selected fabric
Upon completion the back up process summary is displayed. The following screen shows that all required files for Fabric- A
switches are successfully backed up.
Note: Not all switch vendors support the delivery of Electronic Transaction Keys, and therefore, this feature may not be
available to some users.
Example: Loading switch license from Fabric-A switches into a.XML file
1. From Fabric Manager tool bar select Tools > Licensing> select the option Load from switch.
2. Select fabric-A switches by moving it to the right pane of the window using right arrow button and click OK when done.
3. License information loading from the selected switches is completed and displayed as shown in the following screen.
Figure 9-28 Exporting license information to a file name Fabric-A switch License.
Note: If you are exporting to an external server make sure the server configuration is setup. From the File menu select
Options and then File Transfer. Configure the server for file transfer by entering the correct parameters and verify
accessibility by clicking Test.
5. License information can also be imported from a saved file. From the Fabric Manager tool bar select Tools > Licensing>
and select import from file. Provide the complete path of file (Fabric-A switch License.XML) and click Open.
Note: To synchronize time and date, select fabrics, not switch groups.
Note: Event monitoring used in conjunction with Brocade Fabric Watch is an efficient way to monitor the state of the SAN
(refer to Chapter 13, Brocade Fabric Watch Overview). The Error Log message and status reason direct the
administrator to the source of the fault, saving the time and cost associated with debugging.
Note: ISL Checking is supported on SilkWorm 2000 series switches running Fabric OS 2.6.0 or later.
Note: Manually refreshing the fabric disables ISL Checking and Fabric Checking. The features must be re-enabled after the
completion of fabric refreshing.
Note: Fabric Manager enables Call Home by default on the Fabric Manager server. However, you must configure the client
to select fabrics to monitor before the Call Home server can monitor switches.
Note: The Fabric Manager Call Home feature can accept an external executable that runs when a Call Home event occurs.
For example, entering C:\executable.exe in the External Executable on the Server field launches C:\executable.exe
filename.xml. Fabric Manager passes an XML file to the executable. The executable must be capable of being executed
by the OS on which the Fabric Manager server is installed and it must be a valid binary for that OS (Windows or
Solaris). It must be able to handle Fabric Manager passing it a command-line argument. The argument is the name of
an XML file that Call Home generates when an event occurs.
2. Click Commit button to commit a configuration. A configuration is committed only if at least one switch and one email
address or the path of an external executable is specified.
Figure 9-33 A configuration name Call Home created for two switches of Fabric-A
Finally, the configuration can be Enabled/Disabled from the Control tab. When enabled, a notification message is sent out to
the specified email address.
Guideline: The Call Home feature must be used with some discretion. Consider limiting the email setup for critical
events that require your immediate attention. For example a failure of an ISL may result in fabric
segmentation thus disrupting the normal fabric operations. A switch FRU failure may cause the
additional damage if timely corrective actions are not taken.
Guideline: The minimum value accepted for Switch Unreachable Duration is 40 seconds. Consider setting this
period based on your fabric size, switch type and fabric environment.
Guideline: Checking the box labeled “Send server is running message every”, sends out a message at the
specified period. To avoid frequent messages set the interval period to a greater time interval.
Guideline: When setting an “External Executable on Server” feature consider small scripts. The external
executable runs as a background process, and the Task Manager monitors the process. A large script
may impair the performance of the server.
Note: For detailed information on Security, please refer to the Secure Fabric OS User's Guide.
Fabric Manager administers security policies via the Security Admin window selected from the Action menu of Fabric
Manager. The following examples shows how Security policies are created, updated and deleted from Fabric Manager.
Security on Fabric-D consists of four fabric switches is enabled from CLI.
Note: When making changes in the Security Admin window, changes can be activated immediately by clicking Activate, or
changes can be saved without activation from Save button. When creating /updating multiple policies first save each
individual policy update and when done Activate. For information about activation of security policies refer to section
9.6.16. Secure Fabric OS Policy Management on page 9-38.
Note: New fabric switches will not be able to join the secure fabric until the switch is added to the SCC policy.
For Example: This example shows the SCC policy that includes all Fabric-D switches. Since the SCC policy is created, no
new switch will be able to join the fabric until the WWN of the new switch is added to the SCC policy list. Save changes if
another policy needs to be created or updated. When done making changes to one or more policies, the new policies can be
activated by clicking Activate.
Guideline: The FCS policy must have at least one back up switch configured. If there is no back up switch
configured in FCS policy you will lose management access to the fabric in case the primary FCS fails.
The management interface access to a secure fabric is extended only via the primary FCS switch,
therefore it is recommended to specify as many backup switches as possible considering the order in
which they are promoted.
Example: From the Actions menu, select Security. The Security Admin window appears. Select the appropriate policy tab.
This example shows how to add a switch to a FCS policy already in place. A new switch name het94 is added to the current
FCS list. The list can also be re-ordered by using the up and down arrow keys. Save or Activate changes when complete.
Note: Telnet, RSNMP, WSNMP, HTTP and API access policies can be defined same way as shown by entering the IP address
of the trusted hosts to the Permitted Access Point list. Please refer to section 9.6.16. Secure Fabric OS Policy
Management on page 9-38 for activating updated Security Policies.
Note: Creating a RSNMP policy requires the presence of a WSNMP policy. If not already present, create a WSNMP policy
first.
Note: The policy must have the IP address of Fabric Manager client included to access the fabric via Fabric Manager.
Warning: If Fabric Manager is used to update the API policy to disable API access from the current host either by creating
an empty policy, or by specifically excluding this host from the API policy list, the security transaction will be
locked and can take up to two hours before Fabric OS releases the security transaction. The policies cannot be
modified until the security transaction is released.
Note: SES client must be directly attached to the primary FCS switch. Then the SES client can be used to manage all the
switches in the fabric through the SES product for SilkWorm. The current SES implementation does not support the
SES commands Read Buffer or Write Buffer for remote switches.
Note: Fabric configuration and control functions can be performed only by the requesters that are directly connected to the
primary FCS switch.
Note: This policy only applies to SilkWorm 2800 switches, as no other switches contain front panels.
Note: The use of node WWNs can introduce ambiguity because the node WWN may also be used for one of the device ports,
as may be true with a host bus adapter (HBA). If the policy does not exist or is empty, node WWNs may be used for
WWN-based zoning. Only one Option policy can be created. This policy cannot be used to control use of port WWNs
for Zoning. By default, use of Node WWNs is allowed; the Options policy does not exist until it is created by the
administrator.
Note: The updated policies can be saved without activating using save button. The defined and active policies can be viewed
from Summary button for the purpose of comparison.
Note: For all switches in a fabric to be managed with Web Tools, all switches must have a Web Tools license installed and
enabled.
Guideline: When using Web Tools in a fabric utilizing multiple versions of Fabric OS, it is recommended to launch
Web Tools from a switch running the latest version of Fabric OS.
Note: Although Web Tools is backwards compatible management function availability may vary. When using Web Tools in
a fabric utilizing multiple versions of Fabric OS, some features and enhancements available in later versions of Web
Tools may not be available of older versions.
Guideline: Launch Web Tools by using an IP address of a switch that has the latest Fabric OS.
Actions Menu
Switch View
Switch Events
Admin view
Fabric Watch
T elnet Summary View of Fabric switches
Fabric Element Display Window
Fabric Watch
Slot Number
16-port Blade
CP Status LED
Switch View
Menu Tabs
The Switch View displays a graphical representation for the selected switch, including a real-time view of switch and port
status. The Switch View also includes the following listed launch point and health monitoring buttons.
Table 10-3 Switch View Menu Items
Menu Item Function Menu Item Function
Status Displays the current operational status of the Info Opens a window that displays
switch. information on the switch.
Event Displays the switch events log. Watch Access to Brocade Fabric Watch
Admin Provides access to the switch management Fan Displays the switch fan status.
functions panel.
Telnet Opens a telnet session to the switch providing a Temp Displays the temperature readings
Command line (CLI) interface.
Perf Access to Performance Monitoring management Power Displays the power supply status.
Beacon Enables beaconing on the switch Hi Avail Displays the High Availability (HA)
Admin panels
Note: A Secure mode Enable/Disable or any change to the Primary FCS requires the current Web Tools session be closed
and re-established after the change occurs.
Guideline: When Secure Mode is enabled, the Web Tools interface is controlled by the HTTP_POLICY. Unless the
workstation IP address is included in the policy, Web Tools access will be denied.
Guideline: The following functions are available only via Primary FCS switch of the Secure Fabric.
- Zoning Administration is available only on the Primary FCS switch. The Zoning button is disabled on
remaining secure fabric switches.
- SNMP Access Control Lists and the SNMP Community Strings can only be modified from the Primary
FCS switch. For Non-FCS switches, the SNMP Community Strings are configured read only, and the
SNMP Access Control Lists are not displayed.
Warning: Telnet access to a switch and the Telnet button in Web Tools are both disabled when secure mode is enabled for a
fabric. You must use sectelnet or SSH to access the Fabric OS CLI in a secure fabric. Web Tools does not provide
sectelnet or ssh capability.
Warning: When working with more than one Web Tools module in a secure fabric, login to one module at a time, and
complete the login process before proceeding to another task. For example, if you want to access “Zone
Administration” and “Switch Admin” modules, open one of the modules, login, and wait for it to fully load before
opening the second module. Abnormal behavior may be seen if attempting to open two modules simultaneously
in a secure fabric.
Note: A Zoning license and admin privileges are required to access this module. In Secure Fabric Mode the Zoning access
is available only via the Primary FCS switch.
Guideline: The Zoning configuration, when activated, is enforced either via SilkWorm hardware or software.
Whether you are using soft zoning or hard zoning is determined by the way the zone members are
defined. To define hard zoning, all members of the zone must be defined either by WWN or domain &
port number convention.
Guideline: A device Alias or Zone name can be defined with a maximum of 64 characters. To make an efficient use
of allocated zoning database memory, define meaningful alias and zone names by limiting the number
of characters to minimum. Also, routinely review a zoning configuration and remove alias and zone
names that are no longer in use. The size of the zone database can be monitored by running cfgsize
command.
Note: The maximum zoning database size for a switch running Fabric OS 2.x or 3.x is 96 KB. A switch running Fabric OS
4.x has a maximum zoning database size of 128 KB. If a switch running Fabric OS 2.x/3.x is part of a fabric utilizing
Fabric OS 4.x, the fabric wide zoning database size is limited to 96 KB.
Note: QuickLoop (QL) and QuickLoop Fabric Access (QLFA) are supported only on SilkWorm 2000, 3200 and 3800
switches.
Guideline: Always launch Web Tools from the switch running the latest version of Fabric OS.
Guideline: On Solaris and Linux use JRE 1.4.2 or greater. If using Solaris or Linux, Mozilla 1.4 or higher in general
is OK. Avoid Netscape unless using Web Tools from Fabric OS 2.6.2, 3.1.2 and 4.2. Be aware that Linux
requires the use of the CLI to bypass the Switch Admin window.
Guideline: Avoid popup blockers. They disrupt and prevent JRE windows from appearing. It is highly
recommended to uninstall them from the host accessing Web Tools.
Note: The Switch Admin Window can be entered with User level access, but certain areas require Admin level access.
Note: After modifying parameters click Apply and refresh the view.
Table 10-4 summarizes the switch and port level management tasks that can be performed via the management window tabs.
Table 10-4
Tabs Switch Administration Tasks
Switch information Set basic Switch configuration variable (switch name, domain ID etc.)
Network Config Set basic network address variables such as FC Net IP, Ethernet IP, Syslog IP
Upload/Download Updates firmware, backup/download a new switch parameter configuration
SNMP Configure SNMP parameters such as community string, access control, Traplevel
License Admin Install license keys for advance features
Configure Set switch parameters such as BB credit, TOV, virtual channels, AL etc.
Note: For more information about tab views, configuring, updating and applying parameters, please refer to Brocade
Advanced Web Tools User’s Guide v4.2.
Note: When both FC IP and Ethernet IP addresses are configured for a switch, the switch is identified by the FC IP address.
Warning: When modifying either the Ethernet IP or FC IP configuration from the Network Config tab, you will loose the
network connection to the switch while these parameters are updated. If the IP address of the switch is changed,
you must close all windows and restart Web Tools using the updated IP address.
Note: The Syslog IP represents the IP address of the server that is running the syslog process. The Syslog daemon reads and
forwards system messages to the appropriate log files and/or users, depending on the system configuration. When one
or more IP addresses are configured, the switch forwards all error log entries to the syslog on the specified server(s).
Up to six servers are supported. Refer to Fabric OS Procedures Guide for more information on configuring the Syslog
daemon.
Note: The host information must be provided by the user for all upload /download tasks.
Note: The SNMP tab is affected by the use of Secure Fabric OS; the ACL list will not be visible if security is enabled. For
specific information regarding security, refer to the Brocade Secure Fabric OS User's Guide.
Note: In order for the switches to send SNMP traps, first enable the MIBs on all fabric switches from the command line
interface executing snmpmibcapset command.
Note: To enable a new licensed feature, first obtain a license key from Brocade. Removal of a license key disables the feature
permanently. Save your license key for future use before removing it.
Note: Most of the updates to the switch parameters require the switch to be disabled first. A grayed out parameter field is
read only and cannot be modified.
Note: If a switch has one or more ISLs and no attached devices, the Routing tab will not display any information.
Note: The additional features of port management are available in Command line interface. Please refer to Chapter 11,
Command Line Interface (Telnet) Overview for a complete set of port configuration commands.
Guideline: Brocade 2 Gbit /sec switches support both 1 Gbit/sec and 2 Gbit/sec transmission. Negotiation mode
negotiates port speed. The port can also be locked in to supporting a single speed. You should consider
locking a port speed when connected to a legacy device not capable of negotiating speed.
Guideline: Port swapping feature available in Fabric OS version 4.1.0 and greater can be set only from the
command line interface. Web Tools only allows viewing of the current port swap status that has been
changed from the CLI. The Port number (Area ID) column shows the swapped port number followed by
the Area ID in parenthesis.
Port Setting Tab View Enabled when checked Port Speed Port Name
Example: SilkWorm 24000 (bladed switch) which requires IP address configuration for CP0, CP1 and logical switch 0
SW24000_32:admin> ipAddrSet -cp 0
Host Name [cp0]:
Ethernet IP Address [10.64.148.34]:
Ethernet Subnetmask [255.255.240.0]:
Gateway IP Address [10.64.144.1]:
IP address of remote CP is being changed...Done.
Committing configuration...Done.
SW24000_32:admin> ipAddrShow
SWITCH
Ethernet IP Address: 10.64.148.32
Ethernet Subnetmask: 255.255.240.0
Fibre Channel IP Address: 0.0.0.0
Fibre Channel Subnetmask: 0.0.0.0
CP0
Ethernet IP Address: 10.64.148.34
Ethernet Subnetmask: 255.255.240.0
HostName : cp0
Gateway Address: 10.64.144.1
CP1
Ethernet IP Address: 10.64.148.35
Ethernet Subnetmask: 255.255.240.0
HostName : cp1
Gateway Address: 10.64.144.1
11.2. SwitchStatusPolicySet
The switchstatuspolicyset command is used to change the overall switch status policy parameters. The current policy setup can
be viewed by executing SwitchStatusPolicyShow. These thresholds are used to determine the health status of the switch and
can be viewed in the Event window or by selecting the Status tab from the Action menu. The switch icon will also change
color from green (healthy) to orange (marginal) or red (down).
The default switch status policy is based on the switch model and configuration. For example, the SilkWorm 12000 and 24000
use the same chassis but the power supply requirements vary. A SilkWorm 12000 chassis may have 2 to 4 power supplies
depending on the switch configuration. This command allows the thresholds to be adjusted accordingly.
Example:
poc165:admin> switchStatusPolicySet
Note that the value, 0, for a parameter, means that it is NOT used in the calculation.
** In addition, if the range of settable values in the prompt is (0..0),
** the policy parameter is NOT applicable to the switch.
** Simply hit the Return key.
Note: Trunking is supported up to 10 Km, provided the deskew is tightly controlled by keeping the cable lengths equal with
in the trunk group. Trunking is not supported in Extended Fabric mode at this time.
Note: This command must be executed immediately after installing the Fabric Watch license to start Fabric Watch classes.
fwAlarmsFilterShow Verify current on /off status of alarms filtering and use the fwAlarmfilterset to setup the alarm
reporting.
fwAlarmsFilterSet [ mode] 1= alarm on ; 0=off
poc165:admin> fwAlarmsFilterShow
FW: Alarms are disabled
poc165:admin> fwAlarmsFilterSet 1
FW: Alarms are enabled
Note: The Alarms are suppressed for all non-environment Fabric Watch classes when turned off.
Guideline: This option is useful when the failing port is a storage port and the hosts accessing the devices on the
port are using the Port ID (PID) bindings method. In this case, moving storage to a different healthy
switch port will result in miss-matching the actual storage link path with the host configuration file
bindings entry. One alternate to this is to update the configuration file storage device binding entries to
reflect the new Port ID, which is not always an easy task and some OS also requires System reboot to
make the configuration file changes effective.
Use the pkiCreate command in non-Secure mode to create pki objects (i.e. switch private key, private key pass phrase, CSR an
install root certificate). This command does not install switch certificates. Switch certificates should be obtained offline from
Certificate Authority. In Secure mode this command will exit with a warning and will not create pki objects. Pkishow
command verifies the desistance of pki objects.
switch:admin> pkishow
Passphrase : Exist
Private Key : Exist
CSR : Exist
Certificate : Exist /Note: If Certificate is empty - obtain certificate first/
Root Certificate: Exist
Note: The switches must have all the required PKI objects correctly installed.
secModeEnable Commands
• secModeEnable Activates security mode on all switches in the fabric.
• Creates the security database populated with a list of FCS switches in the FCS_POLICY.
• Distributes the security database to all switches in the fabric.
• Resets the root, factory, admin, and user account passwords on all FCS switches.
• Resets the admin account password on all non-FCS switches.
Note: This command fails if any switch in the fabric is not capable of enforcing the security policies defined in the security
database. The fcslist option let you specify one or more FCS switches by either WWN, switch name or domain ID. If
no operand is specified the command becomes interactive.
PLEASE NOTE: On successful completion of this command, all login sessions will be closed and all
switches will go through a reboot to form a secure fabric.
This is an interactive session to create a FCS list.
When complete the switches will be rebooted and the current telnet session is closed. After the reboot, fabric wide security is
enabled. Open a sectelnet session and login to fabric switches using the new password. Once Security mode is enabled, the
Security icon from the Action menu of Fabric Manager becomes active. The remaining policies can be created and managed
using Fabric Manager.
Warning: If the fabric is not in Secure mode and this command is issued, all switches in the fabric will be rebooted
automatically after the command is successfully executed.
Warning: Once security is enabled, a secure telnet session (sectelnet or SSH) must be used for issuing the command.
Warning: If security is enabled first time on the fabric and no FCS switches are present in the fabric, the command can be
issued on any switch.
Warning: If the fabric is in secure mode and no FCS switches are present in the fabric, the command can be issued on any
switch. This is used to recover a secure fabric that has no FCS switch.
switch:admin> secModeShow
Secure Mode: ENABLED.
Version Stamp: 1522496366, Wed Mar 31 20:53:14 2004.
Pos Primary WWN DId swName.
=================================================
1 Yes 10:00:00:60:69:80:0f:8a 5 luf128.
2No 10:00:00:60:69:51:0e:8b 2 fabb3800.
Additional Secure Fabric commands are listed in section 11.8.1. Security Commands on page 11-7.
Command Function
pkiRemove Remove pki objects
pkiShow Display existence of pki objects
secActiveSize Display the size of the active database
secDefineSize Display the size of the defined database
secFabricShow Display security related fabric information
secFCSFailover Force primary role to this FCS switch
secGlobalShow Display the current internal state information
secModeEnable Enable security mode
secModeDisable Disable security mode
secModeShow Show current mode of security
secNonFCSPasswd Set non-FCS password
secPolicyAbort Abort changes to defined policy
secPolicyActivate Activate all policy sets
secPolicyAdd Add members to a policy
secPolicyCreate Create a policy
secPolicyDelete Delete a policy
secPolicyFCSMove Move a FCS member in the FCS list
secPolicyRemove Remove members from a policy
secPolicySave Save all policy sets and send to switches
secPolicyShow Show members of one or more policies
secPolicyDump Dump all policies
secStatsReset Reset security statistics
secStatsShow Display security statistics
secTempPasswdSet Set temporary password
secTempPasswdReset Reset temporary password
secTransAbort Abort current transaction
secVersionReset Reset version stamp
Command Function
Command Function
ptrouteshow Display port routing tables
ptstatsshow Display port statistics
ramdump Display the contents of port internal registers
spinfab Functional test of switch to switch ISL cabling and trunk group operation
spinjitter Line-speed jitter measurement
spinsilk Functional test of internal and external transmit and receive paths at full speed
supportshow Prints switch information for debugging purposes.
switchdiag Run a suit of diagnostic tests on a switch blade
systemtest Run a series of diagnostic tests on a switch blade without removing cables
systemverification Run a suit of diagnostic tests on all switches in a system
turboramtest Turbo SRAM test for bloom ASICs
txdpath Functional test of ASIC pair TXA, TXD connections
voltagemargin Set the slot voltage margin
Command Function
Command Function
errNvLogSizeSet Resize non-volatile (persistent) error log
errNvLogSizeShow Show persistent error log configuration
errSaveLvlSet Set error save level
errShow Print error log
i Display process summary
ifModeSet Set the link operating mode for a network interface
interopMode Displays Brocade switch interoperability mode with switches
Get,Get Next,Set
Reply
SNMP Query
T rap
SNMP T rap
One other SNMP feature to understand is the concept of a community. A community is a pairing of an agent and a
management station, as shown in Figure 12-2. Each community has a name and access rights. The default READ-ONLY
community is PUBLIC and the default READ-WRITE community is PRIVATE. For a management station to query a switch,
the query command must contain the name of an existing community on the switch. The most common community is public.
SNMP Server
SNMP Server
Agent
Agent
SilkWorm Agent
The fabric switches must be properly configured either from the command line interface or using Brocade Web Tools. Web
Tools can also be accessed from the Fabric Manager Admin menu. A switch configuration setup is consists of:
• Configuring and reviewing Brocade SNMP settings
• SAN monitoring with SNMP (Please refer to Chapter 13, Brocade Fabric Watch Overview)
• Performance Monitoring with SNMP (Please refer to Chapter 14, Advanced Performance Monitor (APM) Overview)
• SNMP in Secure Fabric Mode
12.1.1. agtcfgset
This command allows the administrator to change the configuration of the SNMP agent in the switch. The major settings in
this command are the trap destinations, Access Control List (ACL), and the value of swEventTrapLevel. Traps can be sent to
six different destinations or IP addresses. The community string should be between 2 and 16 characters. Make sure the trap
receiver has the same community string.
The ACL has six IP entries, if all entries are empty any IP address may access the switch via SNMP. Access to a specific IP
addresses can be given, as well as access to an entire subnet, by using a zero as a wildcard in the appropriate IP address octet.
Note: You must conform to the standard IP subnetting rules for this wildcard functionality to work. For example, the entire
subnet 192.168.162.0 has access to the SNMP agent on this switch, as shown in the following example.
The agtcfgset command configures the following MIB-II values on a Brocade switch.
• SysDescr - The system description (in MIB-II definition). The default value is set as “Fibre Channel Switch”.
• SysLocation - The location of the system (switch) (in MIB-II). The default value is set as “End User Premise”.
• Syscontact - The contact information for this system (switch). the default value is set as “Field Support”.
• swEventTrapLevel * - This value is set at 0 by default, implying that no swEventTrap is sent. Possible values are 0-5 (see
below)
• authTraps* - The default value for this parameter is 0 (disabled).
• SNMP Access Control (ACL) - There are six ACL (Access Control List) to restrict SNMP get/set/trap operations to hosts
under a host-subnet-area.
Example: Using the agtcfgset command to configure an ACL to limit access to one subnet.
switch:admin> agtcfgset
sysDescr = Fibre Channel Switch.
sysLocation = End User Premise
Current SNMP Agent Configuration
Customizable MIB-II system variables:
sysDescr = Fibre Channel Switch.
sysLocation = End User Premise
sysContact = Field Support.
swEventTrapLevel = 4 ( *see details below)
authTraps = 1 (On) ( *see details below)
SNMPv1 community and trap recipient configuration:
Note: The community name must be the same between the manager and the Brocade switch agent.
Note: An ACL Check is disabled when all six entries contain 0.0.0.0. As described in section 12.1.1. agtcfgset on page 12-3,
the individual ACL host IP address can be specified instead specifying an ACL-subnet.
Notice several new MIBs in the list and their corresponding traps. MIB and trap support for specific features such as High
Availability (HA) can easily be turned on or off depending upon the switch.
SW-EXTTRAP allows Brocade SilkWorm 6400 group as well as soft serial number (SSN) information to be sent in traps.
Guideline: If using third-party SAN management software, it is advisable to turn on support for the FA-MIB as
several companies use values within that MIB to discover the presence of switches. Some later versions
of Fabric OS have the FA-MIB selected by default.
Note: The trackchanges message placed in the errlog will be sent as specific trap 4 if swEventTrapLevel is set to severity
level 4. The trap which is specific trap 6 will be sent regardless of the swEventTrapLevel setting.
Note: There is one agent per logical switch in the SilkWorm 12000. This command is specific to the logical switch to which
you are logged in.
Note: For detailed information about specific MIBs, please refer to the Brocade MIB Reference Manual.
Note: For Fabric OS v2.6.2/3.1.2/4.2, only one SW-MIB is required and it is backward compatible with prior Fabric OS
versions.
12.5.4.2. FE-MIB
Brocade defines and supports FE MIB (RFC2837). It is open to any switch vendor to use. All the FE MIB features listed below
are also incorporated in SW MIB.
• Fibre Channel Frame values
• Port Operational Status
• Port Link failures
• Port loss of signal
• Invalid Transmitted words
Note: FIBRE-CHANNEL-FE-MIB (RFC2837) in the MIB-2 branch is supported in Fabric OS 4.0.x (and higher) and 3.0.x
(and higher). FCFABRIC-ELEMENT-MIB in the experimental branch is supported in Fabric FOS 3.0.x (and higher)
and 2.6.x (and higher).
12.5.4.3. FA-MIB
Fibre Alliance MIB was developed to implement a common method for managing heterogeneous Fibre Channel based Storage
Area Network (SAN) devices. This MIB provides many of the capabilities of the SW MIB.
• Environmental (Switch Temperature, Fans, Power supplies)
• Port values (Speed, Performance, Error)
Note: The latest FA-MIB from the Alliance is v4.0. Brocade supports version 3.0.
12.5.4.4. FICON-MIB
The FICON MIB module (LINK-INCIDENT-MIB) defines support for FICON in Fabric OS. This MIB addresses link
incident and link failure data for FICON hosts and devices connected to Brocade switch. This MIB is supported only in Fabric
OS v4.1.2 and later.
The descriptions of each of the MIB variables in this chapter come directly from the FICON MIB itself. The object types in the
FICON MIB are organized into the following groupings:
• Request Node Identification Data (RNID)
• Link Incident Record Registration (LIRR)
• Registered Link Incident Report (RLIR)
• Traps
Note: SNMP traps for FICON are generated when, a FICON device is added to the switch, a FICON device is removed from
the switch, a new “listener” is added (once the LIRR handshake is complete), a “listener” entry is deleted or a link
incident occurs.
12.5.4.5. HA-MIB
The HA-MIB provides information about the High Availability features of Fabric OS v4.x. This MIB is supported only in
Fabric OS v4.1 and later. The HA-MIB has a dependency on the SW-MIB. This dependency requires a management
application to load the SNMP-FRAMEWORK MIB, then the SW-MIB, followed by the Entity MIB before it can load the
HA-MIB. The object types in HA-MIB are organized into the following groupings:
• High Availability Group (CP card status, HA status)
• HA MIB Traps (CP card failover HA events)
Note: Brocade SilkWorm 12000 and 24000 switches offer high availability.
12.5.4.6. TRAP-MIB
The Trap-MIB file provides additional trap definitions that the SNMP manager station would use to decode Brocade SNMP
traps it receives. The Trap file should be compiled after the SW-MIB file is compiled in to monitoring station.
This file Provides trap decoding definitions for:
• Track changes
• Fabric Watch Threshold Traps
• Sensor events
• Switch Faults
• State changes
Note: SW-EXTTRAP - This trap is disabled by default. The Switch Serial Number (SSN) is sent in the trap when enabled.
1. Non-existent Non-existent All hosts allowed to All hosts allowed to read-write [RW]
read-only [RO]
3. Non-existent Having host B All hosts allowed to Only host B allowed to read-write
in policy read-only [RO] [RW]
7. Having host A Non-existent This is ambiguous, therefore it is illegal. Warning is displayed and
in policy cannot be saved with secPolicysave.
9. Having host A Having host B Host A allowed to Host B allowed to read-write [RW]
in policy in policy read-only [RO]
Note: If a switch running Fabric OS 2.6.0 with illegal policy combinations and tries to join into a fabric consisting of switches
running Fabric OS 2.6.1/ 3.1/4.1, the Fabric OS 2.6.0 switch will not be allowed to join the fabric. The reason for this
is the security behavior will not be consistent across the fabric. For consistent behavior, it is recommended to upgrade
to Fabric OS v2.6.1 or turn off security on that particular switch. When a switch goes from secure mode to non-secure
mode, the community names stay the same, but can be configured on a per switch basis. The ACLs that had
configuration parameters are now reinstated and the security policies RSNMP and WSNMP no longer apply.
Note: After the license key is entered, it must be initialized by executing the command Fwclassinit. This step can be skipped
if the license key was installed at the factory. After initialization, Fabric Watch will start monitoring the class elements
using the default configuration.
Example: Fwclassinit
domain_01:admin> fwclassinit
fwClassInit: Fabric Watch is updating...
fwClassInit: Fabric Watch has been updated.
Fabric Watch alarms occur only after they are activated
Command Function
fwAlarmsFilterSet Configure alarms filtering for Fabric Watch
fwAlarmsFilterShow Show alarms filtering for Fabric Watch
fwClassInit Initialize all Fabric Watch classes
fwConfigure Configure Fabric Watch
fwConfigReload Reload Fabric Watch configuration
fwSetToCustom Set boundary & alarm level to custom
fwSetToDefault Set boundary & alarm level to default
fwShow Show thresholds monitored by Fabric Watch
fwMailCfg Configure Fabric Watch Email Alert
fwFruCfg Configure FRU state and notification
fwSamShow Show availability monitor information
switchStatusPolicyShow Show switch status policy parameters
switchStatusPolicySet Set switch status policy parameters
switchStatusShow Show overall switch status
tempShow Show switch temp readings
sensorShow Show sensor readings
Note: Fabric Watch can be administered either from CLI or Brocade Web Tools. Brocade Fabric Manager is also capable of
accessing Fabric Watch. For detailed information about Brocade Web Tools and Fabric Manager, please refer to the
Brocade Fabric Manager User's Guide and the Brocade Web Tools User's Guide. For Fabric Watch detailed setup
information refer to the Brocade Fabric Watch User's Guide.
13.3.1. Thresholds
Thresholds identify a value or range of values to which Fabric Watch compares counter values to determine if a given element
warrants an alarm notification. Fabric Watch uses components (including traits, behavior, and alarms) to determine how and
when to check the status of a variable. Fabric Watch groups these components, identifies them as threshold, and stores them in
non-volatile memory.
13.3.2. Traits
Traits are characteristics that define a threshold. They are defined individually for each area and uniformly applied to all
elements of the area.
Traits Description
13.3.3. Behaviors
Threshold behavior defines the monitoring status (enable/disable) and event triggering behavior.
Behavior Description
13.3.4. Alarms
An alarm is a response to a triggering event. The captured counter value of a fabric element, absolute or cumulative, when
compared against pre-defined threshold limits can trigger one of the listed event alarms.
Table 13-5
Alarm Description
Above A counter value rises above a high boundary
Below A counter value falls below a low boundary
Changed A counter value is changed
Exceed A counter value falls outside the acceptable range.
In -between The counter value returns to acceptable level after exceeding the defined range
Guideline: Even though Email notification can be specified for any class element, it is recommended that it should
be set to receive notification only for critical alerts that require immediate attention. For example, a SAN
administrator would like to informed instances like fabric re-configuration, fabric segmentation, switch
failure or Security violation. The remaining informational and warning messages can be left directed to
system Error log.
Event trigger
3
2
Measurement units
Measurement
sample
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
Rateof change/minute=(3-0)
Example: 2
Consider the following example that illustrates a calculated rate of change in counter value always less than or equal to a high
threshold limit of 2. At 10th sample the rate of change is one per minute, at 14th, 21st and 26th sample the rate of change
remains equal to high limit of 2. The event will never trigger in this case even though the absolute value of the counter reaches
4 that is well above the triggering limit.
4
3
2
Measurement units
1 High limit=2
0
Measurement
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 sample
The examples above show a Time Base event triggering must be applied selectively as each class element has unique
requirements.
Guideline: Do not use Time Base where absolute Counter value measurement is required such as monitoring
environmental class elements.
Guideline: When an absolute counter value is monitored, an event triggering can be defined either by setting up
high or low thresholds or any change in the counter value. The latter method must be used when the
element traits are such that a change in counter value is least expected and not very frequent. For
example, a power supply failure can be triggered on Changed value
Guideline: Consider using appropriate Time Base where frequency of an event occurrence is high with in the
defined Time Base interval. For example, it is inappropriate configuring Fabric Watch Security log in
violation on each occurrence. It is quite possible an authorized user may have entered password or user
id incorrectly one or more time while trying to login. To avoid unnecessary messages, a Time Base
trigger can be defined after a number of unsuccessful retries.
High limit
Measurement Sample
As Figure 13-4 illustrates, a high threshold limit is set to define an above event trigger. A measured counter value exceeding
this limit will generate an event notification. However if you are interested in finding out how often the event takes place, the
counter value must be reset to re-arm it for next event detection. The low limit event (2) will reset the counter value for the
next event.
Above T rigger
Measurement units
High limit
3 Changed trigger
Counter=2
Counter=1
Counter=0
Measurement units
No limits defined
Normal Operatingrange
4 Above T rigger
Measurement units
High limit
Lowlimit
Below T rigger 4
Sample period (~6 sec)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Measurment Sample
5 In-BetweenT rigger
Buffer
Measurement units
High limit
Lowlimit
Measurment Sample
Alarm level
Threshold alarmlevelis setat : Custom default or Custom
Example: Alarm level= 19 (16+2+1) Enables Email + SNMP Trap + Error log
Commands 1 through 10 are used to modify the behavior and Threshold boundary level
(1) The user must change threshold boundary level to custom (command 3).
(2) After modifying the Custom Threshold parameters (command 1,2 and 4-7), the user must execute “apply threshold
boundary changes” to make the changes effective (command 9).
Commands 11 through 19 are used to modify the Thresholds Alarm level
(1) When customizing the Alarm levels, the user must select custom from Change threshold alarm level (command 11).
(2) After modifying the alarm thresholds (commands 12-16), a user must execute “apply threshold alarm changes” to
make changes effective (command 18).
Guideline: Set custom values for a class element only if they differ from the default. This will preserve system
memory. For example, you can customize threshold boundary limits of an element but if you are
satisfied with the alarm threshold settings leave them as default.
Guideline: While making changes disable the threshold of the element from the Advance Configuration menu to
prevent unnecessary false reporting.
Guideline: It is recommended that the threshold parameters for any element class be defined uniformly for all fabric
switches when customizing it. This can be accomplished by creating a template of the customized
Fabric Watch settings from the file created with the configupload command. This template can then be
loaded, via configdownload to other switches in the fabric. Fabric Manager simplifies this process and
has tools to perform these activities. Alternatively the command line interface can also be used.
Note: In a mixed Brocade fabric (i.e., Brocade SilkWorm 12000, 24000, 3800, 3900) a separate Fabric Watch configuration
must be defined for each switch environment class. This is because the operating temperature range, fan speed and
number of required power supplies for each product is slightly different.
Guideline: An administrator must consider including Email notification on selected events that are critical in nature
and require immediate attention. As described in section 13.8.1.4. Fabric Class on page 13-19, email
notification is recommended only for fabric reconfiguration and/or segmentation. The remaining fabric
class elements should be configured to only forward messages to the error log.
The current notification thresholds are set to forward message crossing both above and lower threshold limits. An above
threshold crossing indicates an error status and dropping below limit indicates it has returned to its normal state. The current
configuration is setup such that a recovery message is followed by a failure message. When a port is disabled it generates a
stream of messages, sync loss, link loss etc. In most cases the message are overwhelming. The same way recovery produces
the same number of informative messages. The recovery messages that provide very little or no useful information to
administrator can be selectively disabled, thus reducing the overall number of messages.
Solution: For example, except link loss and signal loss elements, the recovery message notification can be disabled for
remaining E-port elements. Please refer to Table 13-9 and Table 13-10.
Note: Response to a security class message depends on user policy. The user policies must be defined and activated for the
security elements enabled on Fabric Watch.
Note: An Email address is applicable to all areas with in a class. A different forwarding email address can be specified for
each class basis. For example, the email address is applied to all E-port class areas. However, the email notification is
enabled on area basis. Figure 13-9 shows Email Notification is only turned on area name Rx performance of the E-Port
class.
2. Configure the Email Domain Server and Domain name on the switch (Figure 13-11).
a. Using Web Tools access the fabric switch by entering IP address of the switch. (for example: http: //192.162.173.xx)
b. After a switch discovery is completed, select the Admin button. Provide the necessary user ID and password to
obtain switch access.
c. Setup the Email address, Domain name server (s), Email forwarding domain name etc. as shown in the following
screen. Click Apply to enable the changes.
Changed (Inform.)
In-betw.(Marginal)
Exceeded (Faulty)
(Faulty)
(Faulty)
High Threshold
Trigger Enable
Low Threshold
Measure Units
Email Alert
Time Base
SnmpTrap
Error Log
RapiTrap
Above
Buffer
Below
Threshold Settings Event Triggers Alarm Notification
1. Environmental
1. Temperature * C 0 65 10 * * * * opt *
2. SFP
1. Temperature * C -10 45 3 * * opt opt opt
3. Port class
1. Link loss * err day 1 60 * * opt opt opt
7. RX Perform. di
8. TX Perform. di
4. Fabric
1. E_Port down * * * * opt opt
Changed (Inform.)
Exceeded (Faulty)
In-betw.(Marginal)
(Faulty)
(Faulty)
High Threshold
Trigger Enable
Low Threshold
Measure Units
Email Alert
Time Base
SnmpTrap
Error Log
RapiTrap
Above
Buffer
Below
4. Segmentation * * * * opt *
6. Fabric QL di
7. Fabric Logins di
8. SFPstate change di
5. E-port
1. Link loss * err min 1 5 * * * * opt opt
6. Fabric Ports
1. Link loss * err min 1 5 * * * * opt opt
Changed (Inform.)
Exceeded (Faulty)
In-betw.(Marginal)
(Faulty)
(Faulty)
High Threshold
Trigger Enable
Low Threshold
Measure Units
Email Alert
Time Base
SnmpTrap
Error Log
RapiTrap
Above
Buffer
Below
9 Filter Perform
1. Custom define
10. Security
1. Telnet * err min 1 2 * * * opt opt
11 SAM
1. Down Time * % 0 5 * * opt opt opt
Note: SNMP Trap, Rapi Trap, Email alert notifications settings are user specified. The SNMP Trap notification when enabled
must be limited to a number of selected messages as recommended.
Note: For information concerning the environmental class specification, please refer to the appropriate Brocade SilkWorm
Hardware Reference Guide.
Note: Finisar GBIC/SFP specifications are available on the Finisar web site: www.finisar.com
Class Elements
Changed (Inform.)
Exceeded (Faulty)
In-betw.(Marginal)
(Faulty)
(Faulty)
High Threshold
Trigger Enable
Low Threshold
Measure Units
Email Alert
Time Base
SnmpTrap
Error Log
RapiTrap
Above
Below
Buffer
Threshold Settings Event Triggers Alarm Notification
1. Environmental
1. Temperature * C 0 75 10 * * * *
3. Power Supply * - 1 0 * * *
2. SFP
1. Temperature * C -10 45 3 * * *
2. RX Power * uW 0 5k 25 *
3. TX Power * uW 0 5k 25 * * *
4. Current * uI 0 50 1 * * *
3. Port class
1. Link loss * err min 1 60 * *
4. Fabric
1. E_Port down *
2. Fabric re-config. *
3. Domain change *
4. Segmentation *
5. Zone changes *
6. Fabric QL *
7. Fabric Logins *
8. SFPstate change *
5. E-port
1. Link loss * err min 1 5 * *
Class Elements
Changed (Inform.)
Exceeded (Faulty)
In-betw.(Marginal)
(Faulty)
(Faulty)
High Threshold
Trigger Enable
Low Threshold
Measure Units
Email Alert
Time Base
SnmpTrap
Error Log
RapiTrap
Above
Buffer
Below
2. Sync loss * err min 1 5 * *
7. Rx Performance * kb sec
8. Tx Performance * kb sec
2. Rx Performance
3. Tx Performance
9 Filter Perform
1. Custom define
10. Security
1. Telnet * err min 1 2 * *
Class Elements
Changed (Inform.)
Exceeded (Faulty)
In-betw.(Marginal)
(Faulty)
(Faulty)
High Threshold
Trigger Enable
Low Threshold
Measure Units
Email Alert
Time Base
SnmpTrap
Error Log
RapiTrap
Above
Buffer
Below
6. SES violation * err min 1 2 * *
11. SAM
1. Down Time * % 0 5 * *
3 Avg. Duration * 0 5 * * *
4. Frequency * 0 1 * * *
Fabric T uning
Input =Output
Hosts
End-to-End Monitoring
Host SID Storage DID
Performance Monitoring is administered through either telnet commands or Web Tools. A Web Tools license must be activated
on the switch in order to use Web Tools.
Note: The Basic Performance monitoring is enabled by default, however to activate advance features an Advanced
Performance Monitor license key is required.
Port PerformanceMB/sec
PerformanceMonitorwindow
Switch Ports (Slot/port) T hroughput scale MB/Sec
Menu Functions
Actions Menu Save Current Canvas Configuration
Display canvas configurations
Display resource Usage
Print all graphs
Basic Monitoring menu Graphs
Port throughput Display port performance MB/sec
Switch Aggregate Throughput Display aggregate throughput for all switch ports
Switch Throughput Utilization Displays the throughput at the time sample is taken
Port Error Displays a CRC error for a given port
Menu Functions
Switch Percent Utilization Displays Percentage uses of a switch at the sample time
Port Snapshot Error Displays CRC error for all switch port between sampling period
Advance Monitoring menu Graphs
SID/DID Performance Displays the performance between specified SID/DID pair
SCSI vs. IP traffic Displays traffic in percentage on each port
AL_PA Error Displays a CRC error on a given port AL_PA
SCSI Commands Graphs
SCSI Read/Write on a LUN/ port Displays SCSI read/write on a given port and specific LUN
SCSI read on a LUN per port Displays SCSI read on a given port and specific LUN
SCSI Write on a LUN per port Displays SCSI write on a given port and specific LUN
SCSI Read/Write per port Displays SCSI read/write on a given port
SCSI Read per port Displays SCSI read on a given port
SCSI Write per Port Displays SCSI write on a given port
Note: The distributed framework for Advanced Performance Monitoring is not supported in Fabric OS v3.0.x/4.0.x. The
Fabric Access API will also not be able to setup any performance monitors on a switch running Fabric OS
v3.0.x/v4.0.x.
Switch x Switch y
Tx Rx Rx Rx
Rx Rx Rx Tx
Host A SID =x020b00 StorageBDID=x0108ef
Monitor0 Monitor1
Switch domain=02 Switch domain=01
Port=12 Port=08
ALPA=00 ALPA=ef
Settingend-to-endmonitor
Figure 14-3 Monitor 0 counts the frames that have an SID of 0x020b00 and a DID of 0x0108ef.
For monitor 0,
RX_COUNT is the number of words from Host A to Dev B
TX_COUNT is the number of words from Dev B to Host A
CRC_COUNT is the number of frames in both directions with CRC errors.
Monitor 1 counts the frames that have an SID of 0x0108ef and a DID of 0x020b00.
For monitor 1,
RX_COUNT is the number of words from Dev B to Host A
TX_COUNT is the number of words from Host A to Dev B
CRC_COUNT is the number of frames in both directions with CRC errors.
Note: End-to-end performance monitoring monitors traffic on the receiving port respective to the SID only. As illustrated in
Figure 14-3, if you add Monitor-1 specifying Dev B as the SID and Host A as the DID, no counters, except CRC, will
be incremented on Monitor-1.
Note: In Fabric OS 4.x the implementation of End-to-End (or Filter-based) monitors dictates that hardware counters to be
probed at an interval that is a multiple of 5 seconds. The recommended the probing interval is 10 seconds. This
restriction does not exist in Fabric OS 3.x.
Note: The Command Line Interface also provides access to the Advanced Performance Monitoring. Please refer to the
Brocade Fabric OS Features Guide for details.
Note: Only one mask per port can be set. When setting a mask, all existing end-to-end monitors will be deleted.
Figure 14-7
Note: The Email notification can be set from the Email Configuration tab which is explained in section 13.8.1.9. Email
Notification Setup on page 13-21.
Example 2: The performance monitoring after the Rx performance threshold trigger event notification is received.
1. From the Fabric Manager Actions menu select Switch view.
2. Select Perf from Switch view.
3. Select Basic monitoring from Performance Graph menu.
4. Select Port throughput and specify the port number.
Figure 14-8
Note: The port performance over one hour period showing the Rx/Tx throughput trend.
Advance Interface
XML
Passes XML strings
Fabric OS API to C library
HostLibrary
Figure 15-1
• Basic Interface
Closely simulates the key telnet functions. Several basic interface functions allow you to perform discovery on a fabric,
switch, port, device, zone, and license.
• Advanced Interface
Provides a Perl-native equivalent of the API Scripting Toolkit object model. The advanced interface is a set of Brocade API
functions that have been mapped into the Perl interface. This is a strict one-to-one mapping with no external logic provided.
This interface is for more advanced users who are familiar with the Brocade API and the concepts it uses. The advanced
interface is suited for applications because objects and their attributes are returned as Perl variables instead of text strings.
• Direct Interface
Provides a direct interface to the API Scripting Toolkit XML interface. The direct interface is used to send and receive XML
through the Brocade API library. No error checking is performed on the validity of the XML functions that is passed in. This
level of interface is for the most advanced users who use their own error checking routines and are trying to integrate with an
XML/Perl interface.
Host system
PerlInterpreter/Compiler
T CP/IP
API Functionsplatform Libraries Fabric Access Layer
Fabric OS
Figure 15-2
Note: If more than 10 sessions are required on a fabric, try using a different proxy switch of the fabric.
Note: The API Scripting toolkit uses a different TCP/IP interface that does not conflict with the telnet interface. Therefore
an API session and the telnet session can be used at the same time.
Note: For step-by-step installation, configuration setup and usage instructions please refer to Brocade API Toolkit User's
Guide v 3.x. The release notes also include valuable information about features and important notices.
Note: The latest version of Brocade API Toolkit can be downloaded from the Brocade Connect web site
(www.brocadeconnect.com). Brocade also make API shared scripts and utilities available along with complete
documentation. Please visit Brocade Connect for more information and API updates.
This is one possible classification list, but many others will serve as well. When documenting requirements, several categories
need to be analyzed. Table A-1 and Table A-2 provide an outline of the types of requirements that should be collected and
documented. The key objective is to document all assumptions and user requirements that could affect the design choices.
Note: All the cases between these two extremes are a judgment call.
Once the current layout is complete, evaluate the impact of both the minimum and maximum growth projections. Make sure
that the process to scale is clearly planned. Even the best site design plan will decay into chaos over time. This is so predictable
that you can frequently define a half-life (like a radio active half-life) that is based on frequency of changes and the number of
additions to the site. Another major factor is the growth plan for the lab. With a solid growth plan the decay problem can be
significantly mitigated or controlled. Without a proactive growth plan, no amount of reactive support can save a site
infrastructure, and it will revert to a chaotic system. If a site is planned to be live for more than three years, a growth plan is
mandatory.
Figure A-2 illustrates another patch panel design. This provides a 1U patch panel with no enclosure. Notice how each of the
ports is spaced apart to allow for easy access.
The type patch panel in Figure A-2 can be used as a distribution panel or rack mounted, as shown in Figure A-3.
One of the disadvantages to this type of panel is that there is no dust cover. In Figure A-2 several ports without fillers are
shown. These ports should be considered contaminated and will need to be cleaned.
Another point is that both allow for easy maintenance. In Figure A-1 the patch panel has inserts, which can move, allowing
easy access to the cable. The panel in Figure A-2 and Figure A-3 has a tray that pulls out to allow access to the ports. Although
these access methods are convenient, it is critical that the cables are properly manages with sufficient slack to allow for the
maintenance. If one port requires work, a poorly designed cables management system might require that all the ports are
unplugged before removing the panel.
After selecting the patch panels, complete the final layout. In the final layout, consider the following design requirements:
• Will each patch panel be connected to a central distribution area or to a fixed location only?
Scenario 1: A set of storage ports on the west end of the lab need to be connected to the fabric. This is the only location to
which these storage ports need to be connected.
Scenario 2: A set of Unix hosts in a lab need to be able to get connectivity to any rack in the lab through the patch panel
system. This will require a distribution panel, since direct connectivity is not possible. Try to design around this requirement,
since the additional flexibility requires increased cost and a larger support burden.
• Will the patch panels be mounted in the ceiling, floor, or racks?
For the edge devices mounting the patch panel in the ceiling (see Figure A-2) can allow for added flexibility. This allows for
the replacement of the rack allocated to that panel without disrupting the infrastructure. Mounting the panel in a rack with
other devices will require disconnecting the entire panel, not just the patch cords, when moving the rack.
One option is to have a special rack dedicated to patch panels. By alternating patch panel racks and switch racks, it is possible
to bring a large number of edge devices to a central patching infrastructure.
Note: Floor mounted patch panels are not recommended, as they can be hard to access and easily contaminated by dirt.
Guideline: Every fiber optic connection point generates a few dBs of signal loss. Keep the number of connections
to a minimum, generally eight or less. If a connection seems intermittent, too many patched connections
may be the cause.
Guideline: Be aware of distance limitations. The total distance can add up quickly as cables are run through
conduits and patched. For 2 Gbit/sec connections, using shortwave SFPs and 50 micron cables, the
maximum distance is 300 meters. Like too many patch panel connections, exceeding this distance limit
may also cause an intermittent loss of signal.
Guideline: Avoid using older fiber optic cables with a 62.5 micron core. For 2 Gbit/sec connections, a 62.5 micron
core only yields 90 meters as the maximum total distance. The newer standard fiber optic cable, 50
micron core, yields a maximum of 300 meters.
Guideline: At times, when plugging in a fiber optic cable from a patch panel, there may be a no light indication on
the switch. This may indicate that a Tx and Rx swap has occurred. For Tx and Rx connections to be
lined up properly between the switch and devices, a net ½ twist is required along the connection path.
Often times, the fiber optic cable connecting between patch panels adds an extra whole number plus ½
number of twists, yielding a net of 0. One way to fix this is to swap the Tx and Rx on the LC or SC
connector at the switch port. If using patch panels, be aware of this and use straight through fiber optic
cables if at all possible.
Warning: Do not mix single (long-wave) and multi-mode (short-wave) cables in Patch Panels. The light wavelengths are
different in each type. This make the fiber cables incompatible for connecting together.
Warning: Do not patch together fiber optic cables with a 62.5 micron core to fiber cables with a 50 micron core.
Keeping these tips in mind should allow for more effective and reliable use of a patch panel infrastructure for connecting the
SAN components.
The guide in the front (A) is designed as a 0U cable management guide. This can be mounted in front of a device and will
allow not take up any addition space. An illustration of how this can be racked in shown in Figure A-2. This single cable guide
is sufficient for a pair of patch panels. If a 0U patch panel is selected make sure that the main support bar is removable. Access
to the device behind the cable guide will be required at some point (pull out a drawer for maintenance, etc.), and if the cable
guide does not have a removable bar then the entire guide will have to be removed. In Figure A-5 notice the pin in the bottom
right corner.
The second guide (B) in Figure A-4 is a 1U guide designed for fiber cables. The curves help prevent bend radius violations.
The last guide shown (C) is a 2U cable guide. This type of guide is more common in Ethernet cable management but can also
work well for fiber. Extra care is required so that a bend radius violation does not occur.
In addition to horizontal cable guides, it is critical to select an appropriate vertical cable guide, as shown in Figure A-6.
Vertical guides provide capacity for a large quantity of cables. Curved fingers to help prevent bend radius violations. The oval
support in the center is useful when managing slack and controlling the cables.
Figure A-8 illustrates a cable form a different manufacturer. This cable is serialized and is more rigid, but easily routed.
Evaluate each cable for the intended environment.
Figure A-9 illustrates a thinner cable. A large quantity will take up less space. This particular cable also exhibits memory.
Notice the severe kinks. This cable could become a problem if routed in this condition. It also makes compact storage difficult.
Figure A-11 illustrates a bundled cable. Like Figure A-10, this type of cable bundles multiple fibers. The key difference is that
each fiber has thin protection. This is ideal for a static configuration, and in a rack with high-density constraints.
Figure A-12 illustrates a ribbon cable with MTP connectors. The MTP connector can be seen on the right. In this cable, all the
fibers run as a group and are not individually protected. The light dots in the center of the adaptor are the actual fiber strands.
An adaptor can be used to connect this to a patch panel or allow it to fan out.
An MTP patch panel is shown in Figure A-13. The MTP plugs in to the rear and the panel fans out to the ports. MTP cables are
not standard at this time, but will be more common upon the standardization of 10Gb. Integration of this with an existing
infrastructure can be difficult and costly.
Note: Use the appropriate SFPs, depending upon the connector type.
A.5. Documentation
Documenting the cable plan is critical for future management. A reliable standard for labeling all cables and should be clearly
established, including:
• All site-to-site patch panels
• All building-building patch panels
• All site patch panels
• The source, destination, and serial number of all cables at the site
• Cable Properties
• Cable manufacturer
• Cable length
• Cable type
• Other Cable properties
This is a significant documentation burden, however skipping this step will result in more work in the future. Documentation
is must be well maintained in a static environment. In a dynamic environment, balance the level of documentation with the
frequency of changes. Use the level of documentation that works for your site, but make sure it is consistent across the site.
Overlapping cables can cross the exhaust of a device. This needs to be carefully monitored so that exhaust heat does not reduce
cable integrity.
When designing a cable management strategy the following cable limitations must be considered:
Bend radius: Do not violate the minimum bend radius anywhere in the entire path of the cable.
Shear Force: Any object that has the potential of applying a contact shear force to a cable must be carefully analyzed. Doors
and other moving components should be carefully analyzed to make sure that in all positions they do not apply a shear force.
Cable Strain: A good cable design will provide sufficient slack to prevent a significant strain. While this is often sufficient,
the weight of a group of cables hanging without support must be considered. This is especially a concern if any device exhaust
heats the cable. Another case frequently missed is the effect of doors, sliding patch panels, and moving components.
Violating these rules can result in internal faults in the cable. In some cases this can cause a complete failure of a cable. Often,
faults result in intermittent problems that require a specific cable orientation. This type of fault can be difficult to isolate and
the best resolution for this is preventive maintenance. Use the following guidelines when planning a cable layout.
Adhere to manufacture recommended bend radius limitation. As a general rule a bend should not have a radius of less that one
inch but each manufacture can provide more precise guidelines for their cable. A common mistake is to route cables over a 90
degree angle. When loose this does not cause a problem, but if the cables are pulled taught then a 90 degree bend can occur.
Over time this can destroy a cable even if there is only limited strain.
Verify that there is no shear force applied to the cable. Any potential must be carefully analyzed and eliminated. Look for
doors, weights, and tight corners or narrow ridges. Some cable management guides designed for CAT5 have thin plastic
fingers. If the cable is pulled in the wrong direction these can result in a significant shear force.
Verify that no strain is applied to the cables. Analyze the full path of the cables and make sure that there is sufficient slack for
patch panels and devices to move. Moving a patch panel may be required for maintenance and testing purposes.
The following figures illustrate some common cable management mistakes:
Through bad cable management, it is possible to force a bend radius violation. In Figure A-17, notice the cable on the left. If
left slack, these cables would be fine. Under tension the cable guide forces a bend radius violation and magnifies the strain on
the cable. This is a good example of how tension on the cable can result in a shear force. This also illustrates why care must be
taken with cable guides.
Illustrated on the left side of Figure A-19 is a well-managed environment. A closer investigation reveals that the number of
cables routed to each guide exceeds capacity. On the right, the cables are visible after removing the faceplate on the horizontal
cable guide. Notice the crease down the center of the cables caused by the faceplate. Do not underestimate the weight or
pressure that a mass of cables creates. A mass of cables in a small area is likely to create an extreme stress on a few cables.
Forcing too many cables into a small space is a common cause for cable failure.
Contamination from dirt and debris is another concern that must be accounted for in a SAN environment. Dirt and debris are
the potential cause of intermittent failures. All cables that are not connected should be properly capped and protected.
Carefully monitor patch panel ports that are near a system exhaust, and if possible try to move the patch panel away from any
exhaust.
Most cables can be cleaned on site. Basic kits are available that will allow engineers to test their infrastructure. These tools are
a requirement. Without these tools fault isolation is completely impossible.
B.1. Introduction
As Storage Area Network infrastructures continue to expand, so does the need to connect storage devices over longer distances
in heterogeneous environments. In fact, many organizations are beginning to connect local SAN islands over existing
high-speed public and private networks-an approach that enables new types of applications that leverage a geographically
dispersed, yet interconnected SAN infrastructure. Typical applications include wide area data replication, high-speed remote
centralized backup, cost-effective remote storage centralization, business continuity, and storage outsourcing. This document
describes some technologies available for connecting Fibre Channel SANs over metropolitan and wide area networks as well
as implementation details and features unique to Brocade SilkWorm switches that enable enterprise SAN solutions.
L0 10 KM 5 KM All NO
LE N/A 10 KM 3.x, 4.x NO
L0.5 25 KM 25 KM 3.1, 4.1 YES
L1 50 KM 50 KM All YES
L2 100 KM 60 KM All YES
LD Auto Auto 3.1, 4.1 YES
A new feature in Fabric OS v3.1 and v4.1 allows the number of credits assigned to a port to be automatically determined and
configured based on link latency. Setting a port to LD mode will enable the use of the link round trip timer on the switch to
calculate latency and allocate the required and optimal number of credits a port needs to maintain maximum performance.
Guideline: Extended Fabrics can also be configured via Brocade Fabric Manager and Web Tools, however the
procedures are not given in this document. Please refer to the appropriate User's Guide.
Revisions of Fabric OS v3.0.2 and greater contain an additional optional parameter, VC Translation Link Initialization, to the
portCfgLongDistance CLI command. When set to 1, this parameter indicates that enhanced link reset protocol should be used
on the port. The default value for this parameter is 0 and is compatible with earlier Fabric OS v3.x implementations. For
optimal performance, specify 1 when E_Port links are between switches with Fabric OS v3.0.2 and greater, or Fabric OS
v4.0.2 and greater. Specify 0, or nothing, when connecting a switch with Fabric OS v3.0.2 or above switch to previous releases
of Fabric OS.
To configure Extended Fabrics on SilkWorm 2000 series switches, the following procedures must be performed.
1. Set the fabric-wide configuration parameter fabric.ops.mode.longDistance to 1 using the configure command. This
parameter must be set on all switches within the fabric.
2. Set the appropriate Extended Fabrics mode for each long-distance port using the portCfgLongDistance command.
3. When configuring Extended Fabrics on SilkWorm 3000 series switches and above, only port level configuration is
necessary.
4. Set the appropriate Extended Fabrics mode for each long-distance port using the CLI command portCfgLongDistance. At
the same time, set the VC translation link initialization bit to 1 on long-distance switches running Fabric OS v3.0.2 or
above.
Brocade supports Extended Fabrics ports between same series switches (i.e. SilkWorm 2000 series to SilkWorm 2000 series
switches) as well as SilkWorm 3000 series switches to SilkWorm 12000 switches. Directly connecting a SilkWorm 2000 series
switch to a SilkWorm 3000/12000 series switch is unsupported when using Extended Fabrics. For a mixed SilkWorm 2000 and
SilkWorm 3000/12000 fabric, where the long-distance ports are between SilkWorm 2000 series switches, the fabric-wide
parameter fabric.ops.mode.longDistance must be set to a value of 1 on all switches within the fabric. For mixed fabric
configurations where long-distance ports are located between SilkWorm 3000 and/or SilkWorm 12000 series switches, the
fabric-wide long distance parameter is not required.
The output in Figure B-1 shows portCfgLongDistance usage and an example of how to configure port 0 on a SilkWorm 3800
switch running Fabric OS v3.1 for L2 Extended Fabrics mode with VC translation link initialization set to 1.
mw123:root> portcfglongdistanceUsage: portCfgLongDistance port ,"distance_level",<vc translation link
init>distance_level: L0 - normal LE <= 10km L0.5
<= 25km L1 <= 50km L2 <= 100km LD
- autovc trans link init: 0 normal1 vc translation
mw123:root> portcfglongdistance 0,"L2",1 Committing configuration...done.
Figure B-1
The portCfgShow command can be used to determine which ports are configured as long-distance ports. The switch output in
Figure B-1 shows that port 0 has been configured for L2 Extended Fabrics and VC Translation Link Initialization has been
turned on.
mw123:root> portcfgshowPorts
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
15-------------------+--+--+--+--+----+--+--+--+----+--+--+--+----+--+--+--
Speed AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN
Trunk Port ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON
Long Distance L2 .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
VC link init ON .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked L_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Locked G_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Disabled E_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
Persistent Disable .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
where AN:AutoNegotiate, ..:OFF, ??:INVALID. LM:L0.5
Figure B-2
The number of credits required to maintain full performance on an ISL can be approximated using the following formula. This
equation can only be used as estimation for the number of credits required at a particular distance. The actual amount allocated
by a switch port will most likely be slightly higher and will also include extra credits for class F traffic.
Buffer Credits = ((Distance in KM) * (Data Rate) * 1000) / 2112
Data Rate = 1.0625 Mbaud for 1 Gbit/sec Fibre Channel
Data Rate = 2.1250 Mbaud for 2 Gbit/sec Fibre Channel
Another performance factor of long-distance links is response times for SCSI transactions. For example, in class 3 traffic,
every write transaction requires two round trips; one for the SCSI write request command and another for the transmission of
data. Transmission of data cannot occur until the initiator receives a transfer ready response. Response time can be calculated
by multiplying the link propagation time by 4. The effect of response times can be minimized if an application allows the
number of outstanding I/Os to be increased. Application tolerance to latency must be examined when extending storage
networks over long distances. For example, remote replication solutions may either be synchronous or asynchronous.
Synchronous replication requires disk arrays to maintain consistency at all times; if latency over a link is too large
performance degradation may result.
Figure B-3
Remote Switch is an optionally licensed software feature that can be used to enable R_Rdy mode flow control automatically
when connecting to supported Fibre Channel gateway devices. Fibre Channel gateways generally provide a method of
extending SAN fabrics over metropolitan or wide area networks by encapsulating frames into another protocol. Refer to
section B.5. Multiprotocol Devices on page B-10 for more information.
Note: Core PID mode and fabric long distance settings are not verified for consistency when interconnecting switches using
R_Rdy mode or Remote Switch; the administrator should verify that these fabric-wide settings are consistent.
Attenuation is caused by absorption (light losing energy to atoms in the fiber) and scattering (because the core is not always a
perfect cylinder). The three main transmission windows where loss is minimal are in the 850, 1310, and 1550 nanometer
range. Table B-3 lists various types of fiber and optical loss incurred by distance.
Fibre Channel links longer than 500 meters require the use of single-mode fiber for transmission. Single-mode cabling has an
approximate core/cladding diameter of 9 micron and 125 micron respectively. The latency of light through fiber is about 100
microseconds round trip for every 10 KM.
Figure B-4
The portErrShow command displays error statistics for all ports within a switch. It is often useful to run these commands
multiple times in a row, or over various time periods, to see if error counters are incrementing at unexpected rates.
mw75:root> porterrshow frames enc crc too too bad enc disc link loss loss frjt fbsy
tx rx in err shrt long eof out c3 fail sync sig
---------------------------------------------------------------------
0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0
2: 0 0 0 0 0 0 0 0 0 0 3 0 0 0
3: 1.7m 78k 0 0 0 0 0 19 0 1 12 14 0 0
4: 0 0 0 0 0 0 0 0 0 0 0 2 0 0
5: 0 0 0 0 0 0 0 0 0 0 0 0 0 0
6: 2.1m 214k 2 2 1 0 2 21 0 10 15 7 0 0
Figure B-5
Note: Brocade has performed extensive interoperability and SAN solution testing with many optical transport vendors. To
find out which CWDM and DWDM devices are Brocade Fabric Aware certified, refer to the Brocade Interoperability
Matrix, available at www.Brocadeconnect.com.
DWDM: Dense Wavelength Division Multiplexing (DWDM) is optimized for high speed, high capacity networks and long
distances. DWDM is suitable for large enterprise companies and service providers who lease wavelengths to customers. Most
equipment vendors can support 32, 64, or more channels over a fiber pair at speeds up to 10 Gbit/sec. Fiber distances between
nodes can generally extend up to 100 KM or farther. DWDM equipment usually provides a path protection scheme in case of
link failure and allows for switching in less than 50 ms. In short, DWDM offers the following advantages for SAN
connectivity:
Extended Distance - Enables SAN connectivity over metropolitan area networks
Scalability - Increases capacity by multiplexing channels over a single fiber
Self healing - Fast protection switching for high availability
CWDM: Course Wavelength Division Multiplexing (CWDM) provides the same optical transport and features of DWDM,
but at a lower capacity, which allows for lower cost. CWDM is generally designed for shorter distances (typically 50 to 80
KM) and thus does not require specialized amplifiers and high-precision lasers (lower cost). Most CWDM devices will
support up to 8 or 16 channels. CWDM generally operates at a lower bit rate than higher end DWDM systems, typically up to
2.5 Gbit/sec.
Two types of CWDM Solutions:
Transponder Based Solutions - Allows connectivity to switches with standard 850 or 1310 nm optical SFP or GBIC
transceivers. A transponder is used to convert these signals using O-E-O conversion to CWDM frequencies for transport
across a single fiber.
GBIC Based Solutions - These eliminate the need for transponders by requiring switch equipment to utilize special
CWDM transceivers reducing overall cost. CWDM GBICs and SFPs are just like any standard transceiver used in Fibre
Channel switches, except they transmit on a particular CWDM frequency. GBIC based CWDM are generally passive
devices.
B.4.2. Topologies
DWDM providers generally offer several types of infrastructure topologies including point-to-point, hub-and-spoke, and ring.
Each Fibre Channel switch port connected to the ingress port of a DWDM creates a single point-to-point ISL with another
Fibre Channel switch at a remote site. Figure B-6 describes a point-to-point topology where two ISLs from separate fabrics
share a common fiber across the DWDM network. In the event of a connectivity failure between DWDM nodes, a protection
switch will occur to re-establish connection to the remote switches.
λ1 λ1
FC Switch 100 Km FC Switch
DWDM DWDM
λ2 λ2
FC Switch λ1 FC Switch
λ2
Figure B-6 Point-to-Point Topology With DWDM Path Protection
In the Ring topology shown in Figure B-7, SANs from three separate sites are interconnected. Site A has two ISLs to site C
connected over 45 KM. Site B has two ISLs to site C connected over 50 KM. In the event of a fiber failure between DWDM
nodes, all sites will maintain connectivity through the redundant 10 KM path between sites A and B.
DWDM
DWDM
DWDM
Ring
45km 50km
DWDM
FC Fabric
C
E_Port E_Port
MAN/WAN
Network
ISL
Normal flow control based on available buffer credits on a switch port can limit overall performance when interconnecting
SANs over higher latency, long-distance WAN links. A gateway can compensate for delays by providing additional memory
for buffering and intelligent flow control that enables Fibre Channel transport at full speed over distances up to thousands of
kilometers.
A gateway device can maintain buffer-to-buffer flow control between its Fibre Channel port and the locally connected switch
port. This means that R_RDY primitives can be generated locally upon receiving a frame from the switch, keeping the pipe
full and reducing latency costs incurred over the long haul link to improve performance.
Note: To find out which Fibre Channel Gateway devices are Brocade Fabric Aware certified, see the Brocade Interoperability
Matrix, available on www.Brocadeconnect.com.
FC Switch FC Switch
FC-IP IP FC-IP
Gateway Network Gateway
FC Switch FC Switch
Replication
Using a split mirror or snapshot copy of a volume for tape backup allows applications to remain available at all times and
eliminates backup windows. The SAN described in Figure B-10 mirrors volumes locally at the production site and creates a
point in time copy of data at a backup site 100 KM away. The volume copy can then be used to create tape backups whenever
needed.
FC Switch
100 Km
FC Switch
DWDM DWDM
FC Switch FC Switch
Snapshot Copy
FC Switch FC Switch
10km
FC Switch FC Switch
DWDM
DWDM
DWDM
Ring
45km 50km
DWDM
FC Switch FC Switch
Site C: Remote
Backup Site
Backup Tape
Management Library
Server
Site A Site B
Datacenter Datacenter
FC Switch FC Switch
10km
FC Switch FC Switch
DWDM
DWDM
DWDM
Ring
45km 50km
DWDM
FC Switch FC Switch
Site C
Data center with
shared storage
Blocking The inability of one device to connect to another device. The Brocade Virtual Channel
implementation of Fibre Channel does not block. The term blocking is often confused
with the term congestion.
Congestion If two or more sources contend for the same destination, performance for each source
may decrease; however, available bandwidth is shared fairly by all sources contending
for the same destination. Congestion is the realization of the potential of
over-subscription. Congestion may be due to contention for a shared storage port or host
port, or an ISL.
Control Processor The term control processor is associated with a SilkWorm 12000 component/FRU (field
replacable unit). The SilkWorm 2000, 3200, 3800, and 3900 switches do not have a
FRU specifically associated with it and when CP is used in the context of other
SilkWorm switches, the reference is to the switch CPU and not a FRU.
Core PID Format The 24-bit Switch Fabric Port Identification (PID) also known as SID consists of
Domain_ID, Area and AL_PA fields.
Core Switch Also known as a “core fabric switch.” This is one of the switches at the logical center of
a Core/Edge fabric. There are generally at least two core switches per Core/Edge fabric
to enable resiliency within the fabric. Ports on a core switch are normally used for ISLs.
Hosts and storage also connect to the core switch.
Edge Switch This is one of the switches on the logical outside edge of a Core/Edge fabric. There are
generally many more edge switches than core switches. Ports on edge switches are used
for SAN device connections.
Fabric One or more interconnected Fibre Channel switches. The term “Fabric” usually refers to
the interconnected switche(s), but can also account for the interconnected switches and
the devices connected to the fabric.
Fabric build The build fabric Switch Fabric Internal Link Service requests a non-disruptive
(BF) configuration to the entire fabric. A BF process shall not cause the Domain_ID list to be
cleared. This preserves existing node port addresses and allows open exchanges to be
completed.
Impact: Fabric build is a non-disruptive process to I/O.
Fabric Port Count The number of ports available to connect SAN devices in a fabric. ISLs ports (E-ports)
are not included in this count. (Also known as user port count.)
Fabric Re-Configura- Fabric reconfiguration is a disruptive fabric operation during which domain IDs may
tion (RCF) change. If the Domain_ID changes, all attached node ports must re-login with the fabric
and be assigned new N-Ports identifiers reflecting the change in Domain-IDs.
Impact: Reconfigure causes Class-n frames (1,2,3,4 or 6) to be discarded and class 1
connection to be abnormally removed.
Fabric Segmentation A fabric is unable to resolve the switch configuration parameters during the rebuild
process with one or more switches, and may isolate them from the fabric, causing fabric
segmentation.
Impact: I/O operations are ceased only on those devices losing their access due to
segmentation.
Fabric Topology A topology is “the logical layout of the components of a computer system or network
and their interconnections.” A fabric topology is the layout of the switches that form a
fabric.
FSPF Fabric Shortest Path First protocol. The FSPF protocol was developed by Brocade and
subsequently adopted by the Fibre Channel standards community for allowing switches
to discover the fabric topology and route frames correctly. It is now the industry
standard routing protocol for Fibre Channel networks.
HA High Availability
High Locality If devices that communicate with each other are connected to the same switch or groups
of switches then these devices have high locality. The higher the locality, the less traffic
crosses ISLs/trunks and therefore, fewer ISLs/trunks are needed.
Hop Count For evaluating SAN designs, the hop count is identical to the number of ISLs that a
frame must traverse to reach its destination.
Host Edge Switch Edge switch with host device connections only.
ISL Over-Subscription In networks where all ports operate at the same speed, the over-subscription ratio for an
Ratio ISL is the number of different ports that could contend for the use of its bandwidth. If
there are 14 node ports on a switch and two ISLs, the ratio is 14:2, or 7:1. When there is
a mixture of port speeds, the exact calculation is not as simple. The rule of thumb is that
the lower the ratio is, the better performance is likely to be.
Latency The time it takes for a frame to traverse from its source to its destination is referred to as
the latency of the link. Sometimes a frame is switched from source to destination on a
single switch and other times a frames must traverse several hops between switches
before it reaches its destination.
Locality The degree that I/O is confined to a particular switch or segment of a fabric. If two
devices that need to communicate with each other are located on the same switch or
fabric segment, then these two devices are said to have high locality. If these same
devices are located on different switches or segments of a fabric and these two devices
need to communicate with each other, then these devices are said to have low locality.
Logical Switch The SilkWorm 12000 can contain up to 128 ports in a 14U chassis, configured as two
64-port switches. Each switch is known as a logical switch and may also be referred to
as a domain.
Low Locality If two devices must cross an ISL/Trunk to communicate, then these devices have low
locality. The lower the locality, the more traffic crosses ISLs/trunks and therefore, more
ISLs/trunks are needed.
Node Any SAN device – usually either a host or storage device – that attaches to a fabric.
Octet An octet is a group of two horizontally adjacent quads. The SilkWorm 3900 is the only
SilkWorm switch that implements octets. Octets are used primarily to define boundaries
for performance tuning purposes.
Online Fabric A functional stable state of a fabric performing reliable I/O fabric operations.
Over-Subscription A condition where more nodes could potentially contend for the use of a resource – such
as an ISL – than that resource could simultaneously support, that resource is said to be
over-subscribed.
PID bindings Static mapping between physical and logical devices on a host accomplished via
Port_ID (PID).
Redundant Fabric A SAN composed of two or more independent fabrics The multiple fabric architecture
makes dual fabric SANs redundant.
SAN A Storage Area Network (SAN) can consist of one or more related fabrics and the
connected SAN devices.
SAN Architecture The overall design or structure of a storage area network solution. This includes one or
more related fabrics, each of which has a topology. Other components may also be
included, such as host, storage, and other SAN devices.
SAN Port Count The number of ports available for connection by nodes in the entire SAN. The SAN Port
Count equals the fabric port count in a single fabric SAN and is equal to the sum of each
fabric’s port count in a multi-fabric SAN.
Scalability The ease with which a particular design can grow and adapt without requiring a
significant change in SAN architecture or requiring a substantial re-layout of existing
SAN devices.
Secure Mode Disabled An operating mode where all switches that participate in the fabric are unable to
successfully execute the command secModeEnable or if the command
secModeDisable is successfully executed in the fabric.
Secure Mode Enabled An operating mode where all switches that participate in the fabric are running a version
of Fabric OS that supports the security feature, have licenses to run security, and the
command secModeEnable has been successfully executed.
Single Fabric A SAN composed of a single fabric may be configured to provide one or more paths via
different switches of the fabric.
Impact: Offers no Protection at fabric level. All paths are closed when fabric is offline,
completely stopping I/Os.
SPOF A single point of failure. A SPOF in a SAN is any component – either hardware or
software – that could cause a fabric or a SAN to fail.
Storage Edge Switch Edge switch with storage device connections only.
Tiering The process of grouping particular SAN devices by function and then attaching these
devices to particular switches or groups of switches based on that function
User Ports Total number of switch ports less ports used for ISLs/trunks
Address: Country/City/State/Zip
Address: Country/City/State/Zip
Site Contact #1
First Name: Last Nam e: Phone: Mobile
Address: Country/City/State/Zip
Site Contact #2
First Name: Last Name: Phone: Mobile
Address: Country/City/State/Zip
Site Contact #3
First Name: Last Name: Phone: Mobile
Address: Country/City/State/Zip
Attach a project plan with a Visio diagram, proposed rack layouts and an installation schedule. When complete, the SAN project
manager/SAN Architect will be able to assess the staging requirements and be able to assign/schedule resources as needed.
Survey Authorization
Site Representative: Date:
2 of 3
Item 1 Please attach a high level list of all hardware devices to be attached. Completed
Notes: Each device should have the make/model identified. If 2 topologies are identical in every way then a single list will be sufficient. This list must
include all switches, HUBS, DWDM, Gateways, and other devices for connecting SANs over distance.
Please attach a high level topology diagram that illustrates the location of each existing
Item 2 or new fabric member switches in the SAN at this site. If possible, include the edge Completed
devices as well.
Notes: Each SAN should have every device represented by an ICON. Each fabric should be represented as a cloud that can be referenced to the correct
topology. A single SAN frequently incorporates more than one fabric (redundant fabric architectures for example). When illustrating such a SAN it is
important to show how all devices connect to each fabric. Since clouds will be used it is not necessary to identify which switch/port each device has been
connected to.
Switch Output
If migrating into an existing SAN please attach the supportShow output from each of
Item 3
the existing switches
Notes: The output of supportShow should be saved to a file and then attached to this document. If there are any non-brocade switches in the fabric then
similar information should be captured.
Device Configuration
For each device in the SAN please provide a detailed profile. See below for a list of
Item 4 Completed
information that should be included
Notes: Each device should be reference as follows xxxxxxxxxx-yy-zz , where the first segment is a 10 character ID for a device, the second
segment is a 2 digit number identifying the slot, and the last segment is a 2 digit number identifying the port.
Software Application Information
Identify each software application required for that device.
Backup Applications
Multi-path Applications
Management Application
Other applications
LUN Security Configuration
Survey Authorization
Site Representative: Date:
3 of 3
For more detailed information on how to use these worksheets, please visit the following steps in the Planning
and Design section of the Brocade SAN Info Center (www.brocade.com/san):
Step 2: Inventory and Analyze Your Environment
Step 3: Determine Your SAN Components
We appreciate your feedback regarding the usefulness of these worksheets, and how we might improve them
for use by others. Please send your comments to:
saninfocenter@brocade.com
All contents herein and in the attached worksheets are Copyright 2002 Brocade Communications Systems, Inc. All rights reserved. ALL INFORMATION AND
OTHER MATERIALS AND IN THE ATTACHED WORKSHEETS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. Version 2.1, June 2002
SAN Components Inventory: HOSTS
Host Identifier
New (N) or existing (E)
Manufacturer
Make
Model
Operating System
Total Slots
Type A
Type (PCI, SBUS, etc)
Number
Size
Speed (Mhz)
Type B
Type (PCI, SBUS, etc)
Number
Size
Speed (Mhz)
Single (S) or Dual (D) Attached
Ports
# Ports required for single attached
# Ports required for dual attached
HBA
General information
- make
- model
- version
- number of ports
- number of HBAs
- slot numbers
- DMP/Failover Application
Driver type: (check applicable type)
-fabric
-PTP
-private loop
-public loop
Connections supported per HBA
Fibre Channel Ready? (Y or N)
Server
- Dimensions
- Power Requirements
- Console location
- Ethernet interface list
- Phone line required for mgmt? (Y/N)
- Physical location
Application list (with version)
Application Name 1
Application Name 2
Application Name 3
Application Name 4
SAN Components Inventory: HOSTS
Host Identifier
Storage requirements
Requirement 1
Application Name
Initial Requirements
Projected Requirements
Requirement 2
Application Name
Initial Requirements
Projected Requirements
Requirement 3
Application Name
Initial Requirements
Projected Requirements
Requirement 4
Application Name
Initial Requirements
Projected Requirements
SAN Components Inventory: DISK STORAGE DEVICES
Storage Identifier
New (N) or existing (E)
Manufacturer
Make/model
Firmware version
Single (S) or Dual (D) Attached
Ports
# Ports required for single attached
# Ports required for dual attached
Max # servable hosts per frame
Max # hosts per port
Interfaces
SCSI (SC) or Fibre Channel (FC)
Type of SCSI
- wide/narrow
- differential/single ended
Fibre Channel Ready? (Y/N)
# Fibre Channel interfaces needed
# Existing Fibre Channel interfaces
- make/model
# Fibre Channel interfaces to purchase
- make/model
Ethernet interface list
Connection supported
(check applicable connection type)
-fabric
-PTP
-private loop
-public loop
- SCSI
- SSA
- ESCON/FICON
SAN Components Inventory: TAPE LIBRARIES
Tape Identifier
New or existing (N/E)
Manufacturer
Make/model
Firmware version
Single (S) or Dual (D) Attached
Ports
# Ports required for single attached
# Ports required for dual attached
Interfaces
SCSI (SC) or Fibre Channel (FC)
Type of SCSI
-- wide/narrow
-- differential/single ended
Fibre Channel Ready? (Y/N)
# Fibre Channel interfaces needed
# Existing Fibre Channel interfaces
-- make/model
# Fibre Channel interfaces to purchase
-- make/model
Ethernet interface list
10BaseT, 100BaseT, etc.
Connection supported
(check applicable connection type)
-fabric
-PTP
-private loop
-public loop
-private loop
-public loop
- SCSI
- SSA
- ESCON/FICON
SAN Components Inventory: SWITCHES
Switch Identifier
Zoning info
Firmware Version
IP Address(es)
Gateway
Port configurations
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
SAN Components Inventory: SWITCHES
Switch Identifier
55
56
57
58
59
60
61
62
63
Devices attached to each port
(type, WWN, etc.)
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
SAN Components Inventory: SWITCHES
Switch Identifier
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
Licensing
Security information
Passwords
Control Port info
Ethernet, telnet
Special settings
Operating temperature
Power requirements
Phone line required for mgmt?
Yes or No (Y/N)
Physical location
Firmware level
Device Name Number of Devices Rack Unit per Device Total Used Rack Units
Fiber Patch Panel 0
KVM Unit 0
Host 1 0
Host 2 0
Cable Guide 0
Silkworm 2800 2 0
Cable Guide 0
Silkworm 3800 1 0
Cable Guide 0
Silkworm 3900 1.5 0
Cable Guide 0
Silkworm 12000 14 0
SW 12000 Cable Guide 0
11 11 11 11 11 11 11 11
10 10 10 10 10 10 10 10
9 9 9 9 9 9 9 9
H
O 8 8 8 8 8 8 8 8
S
T
CP1 CP2
7 7 7 7 7 7 7 7
S
6 6 6 6 6 6 6 6
5 5 5 5 5 5 5 5
4 4 4 4 4 4 4 4
S
T 3 3 3 3 3 3 3 3
O
2 2 2 2 2 2 2 2
R
A 4 1 1 1 1 1 1 1
G
E
0 0 0 0 0 0 0 0
A breakout cable 14
ACL 5 Brocade Extended Fabrics 1
Advanced Configuration Extended Fabrics Modes 2
Command Set 16 buffer-to-buffer credits 2
Advanced Performance Monitoring bundled cable 14
AL_PA Monitoring 7 C
End-to End Monitor 5 cable hazards 23
Fabric Watch 7 Cable Layouts
Features 3 planning 16
Filter-Based Monitoring 7 Cable Management
Filter-based Monitoring 6 bend radius 21
Performance Class 7 best practices 23
Performance Graph Canvas 3 cable guides 11
Performance Monitor Menus 2 cable types 12
Threshold Setup 7 Design Process 5
Web Tools 2 documentation 19
Advanced Thresholds Configuration implementation 19
Behavior Type 15 Infrastructure 2
Threshold Alarm Level 15 Inter-Site Connectivity 6
Threshold Boundary Level 15 maintenance 24
AL_PA Monitoring 7 needs analysis 1
Alarm Notication Patch Panel Design 6
Types 6 requirements 10
API Scripting Site Design 5
Advanced Interface 2 Site Requirements 3
Basic interface 2 Cable Types 12
Communication Process 3 cables
Direct Interface 2 breakout 14
interface levels 2 bundled 14
Platform Support 4 multi-mode 12
Session Management 4 ribbon 15
Application Programming Interface (API) Policy Cables Management
43 hazards 23
ATM gateway 8 Cabling Standards
Availability 12 between racks 18
B patch panels 18
Backup FCS Switch 22 single rack 17
bend radius limitation 21 Call Home Support 36