Brocade Fabric OS Administrator's Guide Supporting Fabric OS v6.3.0 (53-1001336-02, November 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c SAN Switch for BladeSystem c-Class

291

292

293

294

295

296

297

298

299

300

Fabric OS Administrator’s Guide 253

53-1001336-02

Security and zoning

• Merge conflicts

When a merge conflict is present, a merge will not take place and the ISL will segment. Use the

switchShow or errDump commands to obtain additional information about possible merge

conflicts, because many non-zone related configuration parameters can cause conflicts. See

the Fabric OS Command Reference for detailed information about these commands.

If the fabrics have different zone configuration data, the system attempts to merge the two

sets of zone configuration data. If the zones cannot merge, the ISL will be segmented.

A merge is not possible if any of the following conditions exist:

- Configuration mismatch: Zoning is enabled in both fabrics and the zone configurations

that are enabled are different in each fabric.

- Type mismatch: The name of a zone object in one fabric is used for a different type of zone

object in the other fabric.

- Content mismatch: The definition of a zone object in one fabric is different from the

definition of zone object with the same name in the other fabric.

- Zone Database Size: If the zone database size exceeds the maximum limit of another

switch.

NOTE

If the zoneset members on two switches are not listed in the same order, the configuration is

considered a mismatch, resulting in the switches being segmented from the fabric. For

example:

cfg1 = z1; z2 is different from cfg1 = z2; z1, even though members of the

configuration are the same. If zoneset members on two switches have the same names

defined in the configuration, make sure zoneset members are listed in the same order.

Fabric segmentation and zoning

If the connections between two fabrics are no longer available, the fabric segments into two

separate fabrics. Each new fabric retains the same zone configuration.

If the connections between two fabrics are replaced and no changes have been made to the zone

configuration in either of the two fabrics, then the two fabrics merge back into one single fabric. If

any changes that cause a conflict have been made to either zone configuration, then the fabrics

might segment.

Security and zoning

Zones provide controlled access to fabric segments and establish barriers between operating

environments. They isolate systems with different uses, protecting individual systems in a

heterogeneous environment; for example, when zoning is in secure mode, no merge operations

occur.

Brocade Advanced Zoning is configured on the primary Fabric Configuration Server (FCS). The

primary FCS switch makes zoning changes and other security-related changes. The primary FCS

switch also distributes zoning to all other switches in the secure fabric. All existing interfaces can

be used to administer zoning (depending on the policies; see the Secure Fabric OS Administrator’s

Guide for information about security policies).