53-1003126-02 15 August 2014 Access Gateway Administrator's Guide Supporting Fabric OS v7.3.
© 2014, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, Brocade Assurance, ADX, AnyIO, DCX, Fabric OS, FastIron, HyperEdge, ICX, MLX, MyBrocade, NetIron, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and The Effortless Network and the On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and in other countries. Other brands and product names mentioned may be trademarks of others.
Contents Preface..................................................................................................................................... 7 Document conventions......................................................................................7 Text formatting conventions.................................................................. 7 Command syntax conventions.............................................................. 7 Notes, cautions, and warnings....................................
Access Gateway policies overview............................................................... 51 Displaying current policies ............................................................... 51 Access Gateway policy enforcement matrix .................................... 51 Advanced Device Security policy ................................................................. 52 How the ADS policy works................................................................ 52 Enabling and disabling the ADS policy.......
Disabling F_Port trunking....................................................................78 Monitoring trunking .............................................................................78 AG trunking considerations for the Edge switch................................. 78 Trunking considerations for Access Gateway mode........................... 81 Upgrade and downgrade considerations for trunking in Access Gateway mode..............................................................................
Access Gateway Administrator's Guide 53-1003126-02
Preface ● Document conventions......................................................................................................7 ● Brocade resources............................................................................................................ 9 ● Contacting Brocade Technical Support.............................................................................9 ● Document feedback........................................................................................................
Notes, cautions, and warnings Convention Description value In Fibre Channel products, a fixed value provided as input to a command option is printed in plain text, for example, --show WWN. [] Syntax components displayed within square brackets are optional. Default responses to system prompts are enclosed in square brackets. {x|y|z} A choice of required parameters is enclosed in curly brackets separated by vertical bars. You must select one of the options.
Brocade resources Brocade resources Visit the Brocade website to locate related documentation for your product and additional Brocade resources. You can download additional publications supporting your product at www.brocade.com. Select the Brocade Products tab to locate your product, then click the Brocade product name or image to open the individual product page. The user manuals are available in the resources module at the bottom of the page under the Documentation category.
Document feedback • Brocade Supplemental Support augments your existing OEM support contract, providing direct access to Brocade expertise. For more information, contact Brocade or your OEM. • For questions regarding service levels and response times, contact your OEM/Solution Provider. Document feedback To send feedback and report errors in the documentation you can use the feedback form posted with the document or you can e-mail the documentation team.
About This Document ● Supported hardware and software.................................................................................. 11 ● What’s new in this document.......................................................................................... 11 ● Key terms for Access Gateway.......................................................................................
Key terms for Access Gateway Changes made for Fabric OS 7.3.0a The following content is new or significantly revised from 53-1003126-01 for this release of this document: • Updated Key terms for Access Gateway on page 12. Key terms for Access Gateway For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary at: http://www.snia.org/education/dictionary For definitions specific to Brocade and Fibre Channel, refer to the Brocade Glossary .
About This Document NPIV N_Port ID Virtualization. This is a Fibre Channel facility allowing multiple N_Port IDs to share a single physical N_Port. This allows multiple Fibre Channel initiators to occupy a single physical port, easing hardware requirements in storage area network design, especially for virtual SANs. Port Grouping (PG) policy Port Grouping (PG) policy is used to partition the fabric, host, or target ports within an AG-enabled module into independently operated groups.
Key terms for Access Gateway 14 Access Gateway Administrator's Guide 53-1003126-02
Access Gateway Basic Concepts ● Brocade Access Gateway overview ...............................................................................15 ● Fabric OS features in Access Gateway mode................................................................ 17 ● Access Gateway port types.............................................................................................24 ● Access Gateway hardware considerations.....................................................................
Access Gateway Basic Concepts FIGURE 1 Switch function in Native mode 16 Access Gateway Administrator's Guide 53-1003126-02
Fabric OS features in Access Gateway mode FIGURE 2 Switch function in Access Gateway mode Fabric OS features in Access Gateway mode In the table below, "Yes" indicates that the feature is supported in Access Gateway mode. "No" indicates that the feature is not provided in AG mode. "NA" indicates the feature is not applicable in Access Gateway mode. A single asterisk (*) indicates the feature is transparent to AG; that is, AG forwards the request to the Enterprise fabric.
Access Gateway Basic Concepts TABLE 1 Fabric OS components supported on Access Gateway (Continued) Feature Support Admin Domains No Audit Yes Beaconing Yes Bottleneck Detection Yes Buffer Credit Recovery (CR) Yes Refer to Buffer credit recovery support on page 20 . Config Download/Upload Yes Device Authentication Yes Refer to Device authentication support on page 21. DHCP Yes Diagnostic Port (D_Port) Yes Refer to D_Port support on page 48.
Access Gateway Basic Concepts TABLE 1 Fabric OS components supported on Access Gateway (Continued) Feature Support FICON (includes CUP) No Forward Error Correction (FEC) Yes Refer to Forward error correction support on page 20.
Buffer credit recovery support TABLE 1 Fabric OS components supported on Access Gateway (Continued) Feature Support Syslog Daemon Yes Track Changes Yes Trunking Yes** User-Defined Roles Yes Value Line Options (Static POD, DPOD) Yes Virtual Fabrics No Refer to Virtual Fabrics support on page 21 .
Virtual Fabrics support • A Fabric OS downgrade requires FEC to be disabled. • Specific switch platforms support this feature either in R_RDY or VC_RDY mode. Virtual Fabrics support Although you cannot enable AG mode on a switch enabled for Virtual Fabrics or enable Virtual Fabrics on an AG switch, you can connect ports on an AG switch to Virtual Fabrics. Device authentication support Devices use authentication as a mechanism to log in into switches only after exchanging DH_CHAP authorization keys.
Supported Fabric OS commands To perform authentication with switch policy, the on and off policy modes are supported on the AG switch. To perform authentication with device policy, the on, off, and passive modes are supported on the AG switch.
Limitations and considerations For more information, refer to the Fabric OS Command Reference . Limitations and considerations • Authentication policy is not supported on cascaded AG switch configurations. • Authentication is not supported between an AG switch running Fabric OS v7.1.0 or later and a fabric running Fabric OS earlier than v7.1.0. If the AG switch is connected to fabric switch running Fabric OS earlier than v7.1.
FDMI support • VF mode distribution is not applicable to an AG. • The distribute command is not supported in AG mode. Hence, an AG cannot distribute its password database to any of the switches in native mode. FDMI support Starting with Fabric OS 7.3.0, AG can register its N_Port with FDMI devices, and the fdmishow command is supported to display the device details in AG as well. The fdmishow command in an AG will display only the local devices, and the remote device details are blocked.
Access Gateway Basic Concepts FIGURE 3 Port usage comparison You can convert a Fibre Channel port into a D_Port on AG switch and a connected fabric switch, another AG switch (cascaded configuration), or an HBA to test the link between the ports. When you configure the ports on each end of the link as D_Ports, diagnostic tests automatically initiate on the link when the D_Ports go online. Results can be viewed using Fabric OS commands, such as portDPortTest, during or after testing.
Access Gateway hardware considerations FIGURE 4 Diagnostic port configurations The table below shows a comparison of port configurations between AG and a standard fabric switch. TABLE 4 Port configurations Port type Available on Access Gateway? Available on Fabric switch? F_Port Yes Connects hosts and targets to Access Gateway. Yes Connects devices, such as hosts, HBAs, and storage to the fabric. N_Port Yes Connects Access Gateway to a fabric switch. N/A N_Ports are not supported.
Configuring Ports in Access Gateway Mode ● Enabling and disabling Access Gateway mode.............................................................. 27 ● Access Gateway mapping...............................................................................................29 ● N_Port configurations......................................................................................................46 ● D_Port support...............................................................................................
Port state description 9. Enter the switchShow command to display the status and port state of all ports. Refer to the Fabric OS Command Reference for examples of output. For a description of the port state, refer to Table 5 on page 28. When you disable AG mode, the switch automatically reboots and comes back online using the fabric switch configuration; the AG parameters, such as port mapping, and Failover and Failback, are automatically removed.
Access Gateway mapping Access Gateway mapping When operating in AG mode, you must specify pre-provisioned routes that AG will use to direct traffic from the devices (hosts or targets) on its F_Ports to the ports connected to the fabric using its N_Ports. This is unlike Native switch mode where the switch itself determines the best path between its F_Ports. This process of pre-provisioning routes in AG mode is called "mapping.
Default port mapping FIGURE 5 Port mapping example The following table describes the port mapping details for the above example. TABLE 6 Description of port mapping Access Gateway Fabric F_Port N_Port Edge switch F_Port F_1, F_2 N_1 Switch_A F_A1 F_3, F_4 N_2 Switch_A F_A2 F_5, F_6 N_3 Switch_B F_B1 F_7, F_8 N_4 Switch_B F_B2 Default port mapping When you first enable a switch for AG mode, the F_Ports are mapped to a set of predefined N_Ports by default.
Configuring Ports in Access Gateway Mode NOTE Prior to Fabric OS 7.3.0, all POD licenses must be present to use the Brocade 300, 5100, 6505, and 6510 as an Access Gateway. However, Fabric OS 7.3.0 does not require all POD licenses to run in AG mode.
Configuring Ports in Access Gateway Mode TABLE 7 Access Gateway default port mapping (Continued) Brocade Model Total Ports F_Ports N_Ports Default port mapping M5424 24 1–16 0, 17–23 1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 7, 8 mapped to 20 9, 10 mapped to 21 11, 12 mapped to 22 13, 14 mapped to 23 15, 16 mapped to 0 5430 16 1–10 0, 11–15 10 mapped to 0 1, 5 mapped to 11 2, 6 mapped to 12 3, 7 mapped to 13 4, 8 mapped to 14 9 mapped to 15 5431 16 4–15 0–3 4, 5, 12 mapped to
Configuring Ports in Access Gateway Mode TABLE 7 Access Gateway default port mapping (Continued) Brocade Model Total Ports F_Ports N_Ports Default port mapping 5460 26 6–25 0–5 6, 16 mapped to 0 7, 17 mapped to 1 8, 12, 18, and 22 mapped to 2 9, 13, 19, and 23 mapped to 3 10, 14, 20, and 24 mapped to 4 11, 15, 21, and 25 mapped to 5 5470 20 1–14 0, 15–19 1, 2 mapped to 0 3, 4 mapped to 15 5, 6, 7 mapped to 16 8, 9 mapped to 17 10, 11 mapped to 18 12, 13, 14 mapped to 19 5480 24 1–16 0, 17
Configuring Ports in Access Gateway Mode TABLE 7 Access Gateway default port mapping (Continued) Brocade Model Total Ports F_Ports N_Ports Default port mapping M6505 24 1–16 0, 17–23 1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 7, 8 mapped to 20 9, 10 mapped to 21 11, 12 mapped to 22 13, 14 mapped to 23 15, 16 mapped to 0 6510 48 0–39 40–47 0-4 mapped to 40 5–9 mapped to 41 10–14 mapped to 42 15–19 mapped to 43 20–24 mapped to 44 25–29 mapped to 45 30–34 mapped to 46 35–39 mapped to
Considerations for initiator and target ports TABLE 7 Access Gateway default port mapping (Continued) Brocade Model Total Ports F_Ports N_Ports Default port mapping 6548 28 1–16 0, 17–27 1, 13 mapped to 0 2, 14 mapped to 17 3, 15 mapped to 18 4, 16 mapped to 19 5 mapped to 20 6 mapped to 21 7 mapped to 22 8 mapped to 23 9 mapped to 24 10 mapped to 25 11 mapped to 26 12 mapped to 27 Considerations for initiator and target ports The following connections are possible for the Fibre Channel Protocol
Removing F_Ports from an N_Port The F_Port list can contain multiple F_Port numbers separated by semicolons. In the following example, F_Ports 6 and 7 are mapped to N_Port 13. switch:admin> ag --mapadd 13 "6;7" F-Port to N-Port mapping has been updated successfully 3. Enter the ag --mapshow command and specify the port number to display the list of mapped F_Ports. Verify that the added F_Ports appear in the list. Removing F_Ports from an N_Port 1.
Considerations for using F_Port Static Mapping with other AG features and policies Considerations for using F_Port Static Mapping with other AG features and policies Consider the following when using F_Port Static Mapping with Access Gateway features and policies: • F_Port Static Mapping functions with cascaded Access Gateway configurations. • Failover, failback, and preferred secondary N_Port settings are disabled for F_Ports that are statically mapped.
Configuring Ports in Access Gateway Mode • Logins from a device mapped to a specific N_Port or N_Port group (device mapping) always have priority over unmapped devices that log in to an F_Port that has been mapped to the same N_Port or N_Port group (port mapping).
Configuring Ports in Access Gateway Mode FIGURE 6 Example of device mapping to N_Port groups The figure below shows an example of device mapping to specific N_Ports. Note that you can map one or multiple WWNs to one N_Port to allow multiple devices to log in through one N_Port.
Static versus dynamic mapping FIGURE 7 Example device mapping to an N_Port Static versus dynamic mapping Device mapping can be classified as either "static" or "dynamic" as follows: 40 Access Gateway Administrator's Guide 53-1003126-02
Device mapping to port groups (recommended) • Device mapping to an N_Port and to an N_Port group are considered static. Static mappings persists across reboots and can be saved and restored with Fabric OS configUpload and configDownload commands. • Automatic Device Load Balancing, if enabled, is considered dynamic. These mappings exist only while a device is logged in. Dynamic mappings cannot be saved or edited by the administrator and do not persist across reboots.
Device mapping to N_Ports The following example removes all devices mapped to port group 3. ag --delwwnpgmapping 3 --all 6. Enter the ag --wwnmapshow command to display the list of WWNs mapped to port groups and verify that the correct devices have been mapped to the desired port group. Device mapping to N_Ports Use the following steps to add one or more devices to an N_Port to route all device traffic to and from the device through the specified N_Port.
Enabling device mapping The following example disables device mapping for two WWNs. switch:admin> ag --wwnmappingdisable "10:00:00:06:2b:0f:71:0c; 10:00:00:05:1e:5e: 2c:11" 3. Enter the ag--wwnmappingdisable command with the --all option to disable mapping for all available WWNs. The --all option will not affect mappings made in the future. Disabled mappings can be modified without automatically enabling them. The following example removes device mapping for all available WWNs.
VMware configuration considerations error. This also applies to using Fabric OS commands for device mapping. You could also map several devices to a new port group and then create the group without error. You can also remove one device, and then remove another device without error.
Mapping priority Mapping priority To avoid potential problems when both port and device mapping are implemented, AG uses the following priority system when verifying policies to select the N_Port where a fabric login (FLOGI) is routed. Access Gateway considers all available mappings in the following order until one can be used. NOTE Only NPIV devices can use device mapping and the automatic Device Load Balancing policy. Device Load Balancing policy is enabled per module rather than per port group.
N_Port configurations N_Port configurations By default, on embedded switches, only the internal ports of Access Gateway are configured as F_Ports. All external ports are configured (locked) as N_Ports. On standalone switches with AG support, a preset number of ports are locked as N_Ports, and the rest of the ports operate as standard F_Ports. Although some ports are locked as N_Ports, these ports can be converted to F_Ports.
Displaying N_Port configurations Displaying N_Port configurations Use the following steps to determine which ports on a switch are locked as N_Ports. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portcfgnport command. Command output will display "ON" for locked N_Ports. Unlocking N_Ports By default, on embedded switches, all external ports are configured in N_Port lock mode when you enable Access Gateway.
D_Port support D_Port support The Diagnostic (D_Port) feature is supported on 16-Gbps ports in the following configurations: • An AG switch connected to an AG switch in cascaded configuration (supports only static D_Port). • An AG switch connected to a Brocade fabric switch (supports only static D_Port). • An AG switch connected to a Brocade HBA (supports static D_Port starting with Fabric OS 7.2.0; dynamic D_Port starting with Fabric OS 7.3.0 and HBA v3.2.0).
Saving port mappings • D__Port must be configured on the AG, fabric switch, cascaded AG switch, or HBA before enabling D_Ports on both sides of the link. Otherwise, the port will be persistently disabled. • After configuring D_Port for an AG switch port, mapping will be not be retained. Static D_Port configuration cannot be made unless mappings are removed from the port. This includes F_Port-toN_Port, static, preferred, and device (WWN) mapping.
Saving port mappings 50 Access Gateway Administrator's Guide 53-1003126-02
Managing Policies and Features in Access Gateway Mode ● Access Gateway policies overview................................................................................. 51 ● Advanced Device Security policy ................................................................................... 52 ● Automatic Port Configuration policy ............................................................................... 55 ● Port Grouping policy...........................................................................
Advanced Device Security policy TABLE 8 Policy enforcement matrix (Continued) Policies Auto Port Configuration N_Port Grouping N_Port Trunking Advanced Device Security N_Port Grouping Mutually exclusive N/A Yes Yes N_Port Trunking Yes Yes N/A Yes Advanced Device Security Yes Yes Yes N/A Device Load Balancing Yes Yes Yes No Advanced Device Security policy Advanced Device Security (ADS) is a security policy that restricts access to the fabric at the AG level to a set of authorized devic
Allow lists 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --policyenable ads command to enable the ADS policy. switch:admin> ag --policyenable ads The policy ADS is enabled 3. Enter the ag - - policydisable ads command to disable the ADS policy. switch:admin> ag --policydisable ads The policy ADS is disabled NOTE Use the ag --policyshow command to determine the current status of the ADS policy.
Setting the list of devices not allowed to log in Setting the list of devices not allowed to log in 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsset command with the appropriate options to set the list of devices not allowed to log in to specific ports. In the following example, ports 11 and 12 are set to "no access.
Displaying the list of allowed devices on the switch Displaying the list of allowed devices on the switch 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsshow command. For each F_Port, command output will show access for all devices, a list of device WWNs, or no access. For more details on this command and its output, refer to the Fabric OS Command Reference Manual .
Disabling the APC policy 3. Enter the configUpload command to save the switch’s current configuration. 4. Enter the ag --policydisable pg command to disable the Port Grouping (PG) policy. 5. Enter the ag --policyenable auto command to enable the APC policy. 6. At the command prompt, type Y to enable the policy. The switch is ready; a reboot is not required. Disabling the APC policy 1. Connect to the switch and log in using an account assigned to the admin role. 2.
How port groups work How port groups work Create port groups using the ag --pgcreate command. This command groups N_Ports together as "port groups." By default, any F_Ports mapped to the N_Ports belonging to a port group will become members of that port group. Port grouping fundamentally restricts failover of F_Ports to the N_Ports that belong to that group. For this reason, an N_Port cannot be member of two port groups.
Adding an N_Port to a port group FIGURE 10 Port group 1 (PG1) setup Adding an N_Port to a port group 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgadd command with the appropriate options to add an N_Port to a specific port group. In the following example, N_Port 14 is added to port group 3. Note that if you add more than one N_Port, you must separate them with a semicolon.
Renaming a port group Renaming a port group 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgrename command with the appropriate options to rename a port group. In the following example, port group 2 is renamed to MyEvenFabric. switch:admin> ag --pgrename 2 MyEvenFabric Port Group 2 has been renamed as MyEvenFabric successfully Disabling the Port Grouping policy The Port Grouping (PG) policy is enabled by default for Access Gateway.
Creating a port group and enabling Automatic Login Balancing mode other than 120 seconds using the steps under Setting the current MFNM mode timeout value on page 61. Creating a port group and enabling Automatic Login Balancing mode 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgcreate command with the appropriate options to create a port group.
Enabling MFNM mode • Be aware that modifying Automatic Login Balancing mode default settings using the agautomapbalance command may yield uneven distribution of F_Ports to N_Ports. In such cases, you might consider a manual login distribution that forces a rebalancing of F_Ports to N_Ports. • To control automatic rebalancing to avoid disruptions when the Port Grouping policy is enabled, refer to Rebalancing F_Ports on page 60. Enabling MFNM mode 1.
Upgrade and downgrade considerations for the Port Grouping policy • APC policy and PG policy are mutually exclusive. You cannot enable these policies at the same time. • If an N_Port is added to a port group or deleted from a port group and Automatic Login Balancing mode is enabled or disabled for the port group, the N_Port maintains its original failover or failback setting. If an N_Port is deleted from a port group, it automatically gets added to port group 0.
Disabling the Device Load Balancing policy 3. The Port Grouping policy must be enabled to enable Device Load Balancing. Enter the ag -policyshow command to determine if the Port Grouping policy is enabled. If it is not enabled, enter ag --policyenable pg to enable this policy. 4. Enter the ag --policyenable wwnloadbalance command to enable the Device Load Balancing policy. Because Fibre Channel devices are identified by their WWNs, CLI commands use device WWNs.
Enabling the Persistent ALPA policy • In "Flexible" mode, the AG logs an event that it did not receive the same (requested) ALPA from the core fabric and brings up the device with the ALPA assigned by the fabric. • In the "Stringent" mode, if the requested ALPA is not available, the server login will be rejected and the server port cannot log in to the fabric. Enabling the Persistent ALPA policy By default, Persistent ALPA is disabled.
Displaying device data In the example, PWWN is the port that you want to remove from the database. Displaying device data You can view the ALPA of the host related to any ports you delete from the database. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --printalpamap command with the appropriate option to display a database entry for a specific F_Port. The following example will display an entry for F_Port 2.
Failover with port mapping N_Port goes offline. This occurs regardless of whether the Failover policy is enabled or disabled for the primary N_Port. Failover with port mapping The Failover policy allows F_Ports to automatically remap to an online N_Port if the primary N_Port goes offline. If multiple N_Ports are available for failover, the Failover policy evenly distributes the F_Ports to available N_Ports belonging to the same N_Port group.
Managing Policies and Features in Access Gateway Mode FIGURE 11 Failover behavior Access Gateway Administrator's Guide 53-1003126-02 67
Managing Policies and Features in Access Gateway Mode 68 Access Gateway Administrator's Guide 53-1003126-02
Adding a preferred secondary N_Port (optional) Adding a preferred secondary N_Port (optional) F_Ports automatically fail over to any available N_Port. Alternatively, you can specify a preferred secondary N_Port in case the primary N_Port fails. If the primary N_Port goes offline, the F_Ports fail over to the preferred secondary N_Port (if it is online), then re-enable. If the secondary N_Port is offline, the F_Ports will disable. Define the preferred secondary N_Ports per F_Port.
Adding a preferred secondary N_Port for device mapping (optional) Adding a preferred secondary N_Port for device mapping (optional) Use the following steps to configure a secondary N_Port where devices will connect if their first or primary N_Port, if defined, is unavailable. 1. Connect to the switch and log in using an account assigned to the admin role. 2.
Enabling and disabling the Failover policy for a port group 3. Enter the ag --failoverenable N_Port command to enable failover. switch:admin> ag --failoverenable 13 Failover policy is enabled for port 13 4. Enter the ag --failoverdisable N_Port command to disable failover. switch:admin> ag --failoverdisable 13 Failover policy is disabled for port 13 Enabling and disabling the Failover policy for a port group The Failover policy can be enabled on a port group.
Failback policy configurations in Access Gateway Failback policy configurations in Access Gateway The following sequence describes how a failback event occurs: • When an N_Port comes back online, with the Failback policy enabled, the F_Ports that were originally mapped to it are temporarily disabled. • The F_Port is rerouted to the primary mapped N_Port, and then re-enabled. • The host establishes a new connection with the fabric.
Enabling and disabling the Failback policy on an N_Port FIGURE 12 Failback behavior Enabling and disabling the Failback policy on an N_Port Use the following steps to enable or disable the Failback policy on N_Ports. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --failbackshow n_portnumber command to display the failback setting. switch:admin> ag --failbackshow 13 Failback on N_Port 13 is not supported 3.
Enabling and disabling the Failback policy for a port group • Enter the ag --failbackenable n_portnumber command to enable failback. switch:admin> ag --failbackenable 13 Failback policy is enabled for port 13 • Enter the ag --failbackdisable n_portnumber command to disable failback.
Trunking in Access Gateway mode Trunking in Access Gateway mode The hardware-based Port Trunking feature enhances management, performance, and reliability of Access Gateway N_Ports when they are connected to Brocade fabrics. Port trunking combines multiple links between the switch and AG module to form a single, logical port. This enables fewer individual links, thereby simplifying management.
Trunk group creation Trunk group creation Port trunking is enabled between two separate Fabric OS switches that support trunking and where all the ports on each switch reside in the same quad and are running the same speed. Trunk groups form when you connect two or more cables on one Fabric OS switch to another Fabric OS switch with ports in the same port group or quad. A port group or a quad is a set of sequential ports; for example, ports 0-3.
Enabling the DCC policy on a trunk You can remove specified ports from a TA using the porttrunkarea --disable command, however, this command does not unassign a TA if its previously assigned Area_ID is the same address identifier (Area_ID) of the TA unless all the ports in the trunk group are specified to be unassigned. For more information on the porttrunkarea command, enter help porttrunkarea or see the Fabric OS Command Reference Manual.
Disabling F_Port trunking command forms a trunk group for ports 36-39 with index 37. These will be connected to N_Ports on an AG module. switch:admin> porttrunkarea --enable 36-39 -index 37 Trunk area 37 enabled for ports 36, 37, 38 and 39. 4. Enter the portenable port command for each port in the TA to re-enable the desired ports, such as ports 36-39. 5. Enter the switchshow command to display the switch or port information, including created trunks.
Managing Policies and Features in Access Gateway Mode TABLE 10 Access Gateway trunking considerations for the Edge switch (Continued) Category Description Management Server Registered Node ID (RNID), Link Incident Record Registration (LIRR), and Query Security Attributes (QSA) Extended Link Service Requests (ELSs) are not supported on F_Port trunks. Trunk area The port must be disabled before assigning a Trunk Area on the Edge switch to the port or removing a Trunk Area from a trunk group.
Managing Policies and Features in Access Gateway Mode TABLE 10 Access Gateway trunking considerations for the Edge switch (Continued) Category Description FC8-48 blades F_Port trunking does not support shared area ports on the Brocade FC8-48 blades in a 48000. F_Port trunking is supported on all ports on the Brocade FC8-48 in the DCX and DCX-4S.
Trunking considerations for Access Gateway mode TABLE 10 Access Gateway trunking considerations for the Edge switch (Continued) Category Description D,I Zoning (D,I) AD Creating a Trunk Area may remove the Index ("I") from the switch to be grouped to the Trunk Area. All ports in a Trunk Area share the same "I". This means that (D, I) DCC and (PWWN, Domain,Index (D,I), which refers to an "I", that might have been removed, will no longer I) DCC be part of the switch.
Adaptive Networking on Access Gateway Adaptive Networking on Access Gateway Adaptive Networking (AN) services ensure bandwidth for critical servers, virtual servers, or applications in addition to reducing latency and minimizing congestion. Adaptive Networking in Access Gateway works in conjunction with the Quality of Service (QoS) feature on Brocade fabrics. Fabric OS provides a mechanism to assign traffic priority, (high, medium, or low) for a given source and destination traffic flow.
Upgrade and downgrade considerations for Adaptive Networking in AG mode FIGURE 13 Starting point for QoS Upgrade and downgrade considerations for Adaptive Networking in AG mode Upgrading to Fabric OS v7.1.0 from Fabric OS v6.4.0 is supported. Note the following considerations when upgrading to Fabric OS v7.1.0 from Fabric OS v6.2.X and earlier and downgrading from Fabric OS v7.1.0 to Fabric OS v6.2.
Per-Port NPIV login limit • QoS takes precedence over ingress rate limiting • Ingress rate limiting is not enforced on trunked ports. Per-Port NPIV login limit The Per-Port NPIV login limit feature allows you to set a specific maximum NPIV login limit on individual ports. This feature works in both Native and Access Gateway modes. Using this feature, you can use additional tools to design and implement a virtual infrastructure.
Performance Monitoring device logged in. The first login takes precedence over the second login request in case of a duplicate entry exit on the F_Port without any NPIV device logged in. You can configure different handling of duplicate PWWNs other than the default operation using the configure command through the F_Port login parameters.
Legacy performance monitoring features Legacy performance monitoring features Instead of Flow Monitor, you can use the legacy end-to-end and frame monitoring features available through Advanced Performance Monitoring (APM). These legacy features are available on platforms using Fabric OS 7.2 and earlier.
Limitations for using legacy APM features frame type, for a particular purpose. The frame type can be a standard type (for example, an SCSI read command filter that counts the number of SCSI read commands that have been transmitted by the port) or a frame type that you can customize for a particular use. For a complete list of the standard, predefined frame types, see the fmMonitor command description in the Fabric OS Command Reference Manual.
Considerations for the Brocade 6505 and 6510 Considerations for the Brocade 6505 and 6510 The Brocade 6505 and 6510 can function in either Fabric OS Native mode or Brocade Access Gateway mode. These switches are shipped in Fabric OS Native mode. They are also supported in Access Gateway cascaded configurations. All POD licenses must be present to support Access Gateway for all releases prior to Fabric OS 7.3.0. However, starting with Fabric OS 7.3.0, all POD licenses are not required.
SAN Configuration with Access Gateway ● Connectivity of multiple devices overview.......................................................................89 ● Direct target attachment..................................................................................................89 ● Target aggregation..........................................................................................................91 ● Access Gateway cascading...........................................................................
Considerations for direct target attachment FIGURE 14 Direct target attachment to switch operating in AG mode Although target devices can be connected directly to AG ports, it is recommended that the switch operating in AG mode be connected to the core fabric. Considerations for direct target attachment Consider the following points for direct target attachment: • Direct target attachment to AG is only supported if the AG module is also connected to a core fabric.
Target aggregation Target aggregation Access Gateway mode is normally used as host aggregation. In other words, a switch in AG mode aggregates traffic from a number of host systems onto a single uplink N_Port. Similarly, many targets can be aggregated onto to a single uplink N_Port, as shown in the figure below. Target aggregation has many applications.
Access Gateway cascading Access Gateway cascading Access Gateway cascading is an advanced configuration supported in Access Gateway mode. Access Gateway cascading allows you to further increase the ratio of hosts to fabric ports to beyond what a single switch in AG mode can support. Access Gateway cascading allows you to link two Access Gateway (AG) switches back to back. The AG switch that is directly connected to the fabric is referred to as the Core AG.
Fabric and Edge switch configuration • Due to high subscription ratios that could occur when cascading AGs, ensure there is enough bandwidth for all servers when creating such configurations. The subscription ratio becomes more acute in a virtual environment. • Starting with Fabric OS 7.3.0 and later, the registration and de-registration of FDMI devices connected to an AG or cascaded AG is supported, and the fdmishow command on AG will display the local FDMI devices connected to the AG.
Enabling NPIV on M-EOS switches If the switch is in Native mode, you can enable AG mode; otherwise, set the switch to Native mode, and then reboot the switch. Enabling NPIV on M-EOS switches 1. Connect to the switch and log in as admin on the M-EOS switch. 2. Enable Open Systems Management Server (OSMS) services by entering the following commands. For the Mi10K switch, enter the following command. fc osmsState vfid state In the command, vfid is the virtual fabric identification number.
Rejoining Fabric OS switches to a fabric Rejoining Fabric OS switches to a fabric When a switch reboots after AG mode is disabled, the Default zone is set to no access. Therefore, the switch does not immediately join the fabric to which it is connected. Use one of the following methods to rejoin a switch to the fabric: • If you saved a Fabric OS configuration before enabling AG mode, download the configuration using the configDownload command.
Reverting to a previous configuration 96 Access Gateway Administrator's Guide 53-1003126-02
Troubleshooting The following table provides troubleshooting information for Fabric OS switches in AG mode. TABLE 12 Troubleshooting Problem Cause Solution Switch is not in Access Gateway mode Switch is in Native switch mode Disable switch using the switchDisable command. Enable Access Gateway mode using the ag --modeenable command. Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command.
Troubleshooting TABLE 12 Troubleshooting (Continued) Problem Cause Solution Failover is not working Failover disabled on N_Port. Verify that the failover and failback policies are enabled, as follows: Enter the ag --failoverShow command with the port_number option. Enter the ag --failbackShow command with the port_number option. Command returns "Failback (or Failover) on N_Port port_number is supported." If it returns, "Failback (or Failover) on N_Port port_number is not supported.
Index B A Access Gateway cascading 92 comparison to standard switches 24 compatible fabrics 15 connecting devices 89 connecting two AGs 92 description 15 displaying information 94 features 17 limitations 26 mapping description 29 port types 24 Access Gateway mode comparison 15 disabling 27 port types 24 supported firmware versions 89 terms 12 verifying 27 adaptive networking AG considerations 83 upgrade and downgrade considerations 83 adding devices to fabric 54 address Identifier 76 admin domain 78 ADS
enabling switch 95 limitations with configdownload command 78 merging switch with fabric 95 re-joining switch to fabric 95 saving 95 using configdownload command 95 D E Edge switch FLOGI 93 long distance mode setting 93 NPIV 93 settings 93 end to end monitors 86 ensure port online state 47 D_Port description 24 descriptionD_Port configurations supported 48 saving port mappings 49 tests 48 daisy chaining 89 F F_Port adding external port on embedded switch 46 description 24 mapping, example 29 maximum
I configurations 46 description 24 displaying configurations 47 failover in a PG 61 mapping example 29 masterless trunking 75 maximum number supported 46 multiple trunk groups 81 trunk groups 81 unlock 47 unlocking 47 ICL ports, limitations 78 inband queries 93 initiator and target port considerations 35 J join fabric 95 N_Port configurations L displaying 47 limitations device load balancing 63 direct connections to target devices 26 loop devices not supported 26 login balancing considerations 60 lo
comparison 24 mapping 29 requirements 89 types 24 portcfgpersistentenable command 47 port group add N_Port 58 createport group add N_Port 60 delete N_Port 58 disabling 59 enabling logging balancing mode 60 login balancing mode 59 managed fabric name monitoring mode 59 remove port group 58 rename 59 port grouping policy considerations 61 downgrading considerations 62 Port Grouping policy using portcfgnport command 47 port mapping adding F_Ports to N_Ports 35 adding ports 35 adding secondary N_Port 69 co
schemes 93 setting 95 Access Gateway Administrator's Guide 53-1003126-02 103
Access Gateway Administrator's Guide 53-1003126-02
