Manualshelf

Specifications

ManualsBrandsMcDATA ManualsComputer equipmentIntrepid 6064 Director
31323334353637383940
Chapter 3. Pre-installation planning 29
Attaching an unauthorized N_Port to the FICON Director puts the F_Port into an Invalid
Attachment state, and renders the port unusable until the assigned N_Port is attached.
Since an N_Port is mapped directly to an F_Port within the FICON Director, there are some
flexibility limitations with port binding. For example, port swapping within a FICON Director
requires modifying the Bound WWN. See 5.5.3, Configuring a port on page 61 for an
example.
Switch binding
This limits the nodes that can be attached to a FICON Director by WWN.
Switch binding requires a switch membership list that contains all nodes WWNs (WWNNs),
of switches or devices that can attach to the FICON Director.
Attaching unauthorized nodes puts the FICON Directors port (F_Port) into an Invalid
Attachment port state, because their WWNNs are not in the switch membership list.
This type of binding allows for more flexibility since an N_Port is not bound to an F_Port, and
so port swapping can be done without changes to the switch membership list. However,
moving a device from one FICON Director to another requires changes to the switch
membership lists.
Fabric binding
FICON Directors that are allowed to connect to the fabric must be added to the fabric
membership list of each FICON Director within the fabric. The fabric membership list is
composed of the WWNN and Domain ID of each FICON Director permitted to communicate
within the fabric.
Exchanging fabric membership data is a Switch Fabric Internal Link Service (SW_ILS). The
fabric membership list is exchanged between connected switches in the fabric before path
selection is started.
If an unauthorized FICON Director port (E_Port) is attached to another Director, then the port
between the two switches will be placed in an Invalid Attachment state.
Fabric binding is a software-enforced security feature that permits an administrator to control
the switch composition of a fabric by explicitly defining which switches are capable of forming
a fabric. Thus, an operator is able to prevent non-authorized switches access to a fabric. A
non-authorized switch attempting to gain entry to a fabric becomes isolated by embedded
software.
Fabric binding also validates that the formation about any inter-switch link (ISL) between
previously unconnected switches is not restricted. If the establishment of the ISL is not
authorized the link is isolated and the state of the associated E_Port is updated to reflect the
Invalid Attachment.
In addition to ISL verification, fabric binding provides in-band propagation of fabric
membership data updates to all switches within a fabric, thus ensuring a consistent and
unified behavior across all potential fabric access points.
When an ISL becomes available the switch on either end of the fiber may verify that fabric
binding and insistent Domain ID are supported and enabled on the adjacent switch. If both
sides of the ISL support fabric binding, each switch verifies that the newly-connected
neighbor switch and all switches in the adjacent fabric (of which the neighbor switch is a
member) are authorized to form a fabric, or expand the current fabric. If authorization is not
granted, the switch on which the authorization check failed isolates the link and sets the
corresponding port state to Invalid Attachment.