Specifications
DATA CENTER BEST PRACTICES
SAN Design and Best Practices 41 of 84
IBM does not consider a connection to a channel extender to be a hop of concern. Only one hop is supported
by IBM, and a connection to a channel extender is not considered a hop. Brocade UltraScale ICLs are also not
considered hops. The key here is—what is considered a channel extender? A channel extender is a Brocade
7800 with no end devices connected to any of the FC ports. Only ISLs are allowed to be connected to the FC
ports. If a FICON director were to connect to a Brocade DCX with a Brocade FX8-24 blade in it, and that blade
was in its own LS with no other end devices connected to the LS, that would be considered a valid architecture
and no hop would be counted, even if end devices were connected to other LSs within the same Brocade DCX.
Figure 30 shows a typical mainframe extension architecture.
fig31_SAN_Design
N_Port
N_Port
F_Port
F_Port
VE_Port
VE_Port
Brocade DCX
with FX8-24
Brocade DCX
with FX8-24
Brocade MLXBrocade MLX
IP
Cloud
FCIP Tunnel
One merged fabric
No routing, no edge fabrics
Figure 30. Typical mainframe extension architecture.
Advanced FCIP Conguration
Beyond the physical topology layout, there are many additional features and functions associated with FCIP
connections. These include: IP Security (IPsec), compression, Adaptive Rate Limiting (ARL), and more. There are
denite advantages to using these features. See the SAN extension product documentation for details.
IPsec
With the Brocade 7800/FX8-24, it is always prudent to enable IPsec. All data leaving a data center and going
into an infrastructure that guarantees no security (no service provider will guarantee your data) should be
encrypted to prevent man-in-the-middle attacks. The Brocade design goals of IPsec were to make it as practical
to deploy as it is in WiFi. Would your company operate WiFi with no encryption? No, of course not. IPsec
operates at line rate and is HW-based. There are no additional licenses or costs to use IPsec on Brocade. It
adds an insignicant amount of latency at 5 µs. The setup is easy. Conguration is easy by establishing a Pre-
Shared Key (PSK) on both sides. Brocade IPsec uses all the latest encryption technologies such as: AES 256,
SHA-512 HMAC, IKEv2, and Dife-Hellman. The key is regenerated approximately every 2 GB of data that passes
across the link, and that process is not disruptive.
Compression
Compression is recommended in every type of architecture, including those built for RDR/S. There are three
modes of compression besides off:
Mode 1, Brocade optimized Lempel–Ziv (LZ), is a hardware-implemented compression algorithm that is suitable
for synchronous applications because it adds a mere 10 µs of added latency. In addition, Brocade LZ can
accommodate the maximum ingress rate for which the Brocade 7800/FX8-24 has been built, so it is line rate
and poses no bottleneck for ingress trafc. LZ typically gets about a 2:1 compression ratio.
Mode 2, Brocade optimized Dynamic Huffman Coding, is a software with hardware assist compression
algorithm. Software-based algorithms are not suitable for synchronous applications, because they add too much
processing latency. Brocade Dynamic Huffman Coding can accommodate up to 8 Gbps ingress from the FC side.
For the Brocade 7800, that means 8 Gbps for the entire box. For the Brocade FX8-24 blade, that means 8 Gbps
for each FCIP complex, of which there are two, one for each 10 GbE interface. The 10 GbE interfaces belong to
the complex for 10 GbE interface 1 (XGE1). Mode 2 has been designed to work efciently with an OC-48 WAN
connection. Mode 2 typically gets about a 2.5:1 compression ratio.