This chapter provides advanced configuration information and instructions. Before setting up advanced IVR configurations, see “Basic Inter-VSAN Routing Configuration,”includes basic configuration instructions and descriptions of IVR features, limits, and terminology.
In a complex network topology, you might only have a few IVR-enabled VSANs. To reduce the amount of traffic to non-IVR-enabled VSANs, you can configure service groups that restrict the traffic to the IVR-enabled VSANs. A maximum of 16 IVR service groups are allowed in a network. When a new IVR-enabled switch is added to the network, you must update the service groups to include the new VSANs.
This section includes the following information on service groups:
When configuring IVR service groups, consider these guidelines:
If you use service groups with IVR auto topology mode, you should enable IVR and configure your service groups first, then distribute them with CFS before setting the IVR auto topology mode.
The CFS distribution is restricted within the service group only when the IVR VSAN topology is in IVR auto topology mode. See IVR VSAN Topology.
You can configure as many as 16 service groups in a network.
When a new IVR-enabled switch is added to the network, you must update the service group to include the new VSANs.
The same VSAN and AFID combination cannot be a member of more than one service group, otherwise, a CFS merge will fail.
The total number of AFID and VSAN combinations in all the service groups combined cannot exceed 128. The maximum number of AFID and VSAN combinations in a single service group is 128.
The IVR service group configuration is distributed in all IVR-enabled switches. IVR data traffic between two end devices belonging to a service group stays within that service group. For example, two members (for example, pWWN 1 and pWWN 2) cannot communicate if they belong to the same IVR zone and they belong to different service groups.
During a CFS merge, service groups with the same name would be merged, as long as there are no conflicts with other service groups.
If the total number of service groups exceeds 16 during a CFS merge, the CFS merge fails.
CFS distributes service group configuration information to all reachable SANs. If you do not enable CFS distribution, you must ensure that the service group configuration is the same on all IVR-enabled switches in all VSANs.
IVR end devices belonging to an IVR service group are not exported to any AFID or VSAN outside of its service group.
When at least one service group is defined and an IVR zone member does not belong to the service group, that IVR zone member is not able to communicate with any other device.
The default service group ID is zero (0).
Default Service Group
All AFID and VSAN combinations that are part of an IVR VSAN topology but are not part of any user-defined service group are members of the default service group. The identifier of the default service group is 0.
By default, IVR communication is permitted between members of the default service group. You can change the default policy to deny. To change the default policy, see Configuring IVR Service Groups. The default policy is not part of ASCII configuration.
Service Group Activation
A configured service group must be activated. Like zone set activation or VSAN topology activation, the activation of a configured service group replaces the currently active service group, if any, with the configured one. There is only one configured service group database and one active service group database. Each of these databases can have up to 16 service groups.
Configuring IVR Service Groups
To configure an IVR service group, follow these steps:
switch# config t
Enters configuration mode.
switch(config)# ivr service-group name IVR-SG1
Configures the IVR service group called IVR-SG1 and enters IVR server group configuration mode.
Activates the service group configuration and sets the communication policy between switches in the default service group to deny.
Note To change the communication policy back to allow, you must issue the ivr service-group activate command again.
switch(config)# no ivr service-group activate
Deactivates (default) the service group configuration.
switch(config)# ivr vsan-topology activate
Activates the VSAN topology.
switch(config)# ivr distribute
Enables CFS distribution for the IVR configuration.
switch(config)# ivr commit
Commits the IVR configuration to the fabric.
Copying the Active IVR Service Group Database
You can modify the configured IVR service group database; however, you cannot modify the active IVR service group database. To copy the active IVR service group database to the manually configured service group database, use the following command in EXEC mode:
You can clear all entries in the IVR service group database by using the clear ivr service-group databas e command in EXEC mode. This command only clears the configured database, not the active database.
switch# clear ivr service-group database
Verifying IVR Service Group Configuration
Use the show ivr service-group active command to view the active IVR service group database.
Total: 3 entries in configured service group table
Autonomous Fabric IDs
The autonomous fabric ID (AFID) distinguishes segmented VSANS (for example, two VSANs that are logically and physically separate but have the same VSAN number). Cisco MDS NX-OS Release 4.2(1) supports AFIDs 1 through 64. AFIDs are used in conjunction with IVR auto topology mode to allow segmented VSANs in the IVR VSAN topology database.
This section includes the following information about AFIDs:
You can configure AFIDs individually for VSANs, or you can set the default AFIDs for all VSANs on a switch. If you configure an individual AFID for a subset of the VSANs on a switch that has a default AFID, that subset uses the configured AFID while all other VSANs on that switch use the default AFID.
You can only use an AFID configuration when the VSAN topology is in IVR auto topology mode. In IVR manual topology mode, the AFIDs are specified in the VSAN topology configuration itself and a separate AFID configuration is not needed.
Note Two VSANs with the same VSAN number but different AFIDs are counted as two VSANs out of the total 128 VSANs allowed in the fabric.
When devices attached to multiple switches belong to one VSAN, they cannot communicate with each other by configuring the regular zone set because the AFIDs are different. You can consider that the different AFIDs are different fabrics; therefore, the three switches represent three separate fabrics.
If we specify the IVR VSAN topology as shown in Example 2-1, IVR will set up the connection between the devices across the switches even though they have the same VSAN.
Before configuring domain IDs, consider the following guidelines:
Configure unique domain IDs across all VSANs and switches participating in IVR operations if you are not using IVR NAT. The following switches participate in IVR operations:
– All edge switches in the edge VSANs (source and destination)
– All switches in transit VSANs
Minimize the number of switches that require a domain ID assignment. This ensures minimum traffic disruption.
Minimize the coordination between interconnected VSANs when configuring the SAN for the first time as well as when you add each new switch.
You can configure domain IDs using one of two options:
Configure the allowed-domains list so that the domains in different VSANs are non-overlapping on all participating switches and VSANs.
Configure static, non-overlapping domains for each participating switch and VSAN.
Note In a configuration involving IVR without NAT, if one VSAN in the IVR topology is configured with static domain IDs, then the other VSANs (edge or transit) in the topology must be configured with static domain IDs.
Transit VSAN Guidelines
Before configuring transit VSANS, consider the following guidelines:
Besides defining the IVR zone membership, you can choose to specify a set of transit VSANs to provide connectivity between two edge VSANs:
– If two edge VSANs in an IVR zone overlap, then a transit VSAN is not required (though, not prohibited) to provide connectivity.
– If two edge VSANs in an IVR zone do not overlap, you may need one or more transit VSANs to provide connectivity. Two edge VSANs in an IVR zone will not overlap if IVR is not enabled on a switch that is a member of both the source and destination edge VSANs.
Traffic between the edge VSANs only traverses through the shortest IVR path.
Transit VSAN information is common to all IVR zone sets. Sometimes, a transit VSAN can also act as an edge VSAN in another IVR zone.
Border Switch Guidelines
Before configuring border switches, consider the following guidelines:
Configure IVR only in the relevant border switches.
Border switches require Cisco MDS SAN-OS Release 1.3(1) or later.
A border switch must be a member of two or more VSANs.
A border switch that facilitates IVR communications must be IVR enabled.
IVR can also be enabled on additional border switches to provide redundant paths between active IVR zone members.
The VSAN topology configuration must be updated before a border switch is added or removed.
Manually Configuring and Activating an IVR Topology
You must create the IVR topology on every IVR-enabled switch in the fabric if you have not enabled IVR auto topology mode. To use IVR manual topology mode, follow the instructions in this section.
To add VSANs to an existing IVR topology you need to specify all VSANs in the command syntax. Example 2-2 shows an IVR configuration with VSANs 1101-1102 and VSANs 2101-2102. Example 2-2 shows the addition of VSANs 1103 and 2103 to the IVR topology.
Example 2-2 First IVR Configuration with VSANs 1101-1102 and 2101-2102
You can edit a manually configured IVR topology; however, you cannot edit an active IVR topology. To copy the active IVR topology database to the manually configure topology, issue the ivr copy active-topology user-configured-topology command in EXEC mode:
FC ID persistence improves IVR management by providing the following features:
Allows you to control and assign a specific virtual domain to use in a native VSAN.
Allows you to control and assign a specific virtual FC ID for a device.
The benefits of persistent FC IDs for IVR are as follows:
Host devices always see the same FC ID for targets.
FC IDs help you plan your SAN layout better by assigning virtual domains for IVR to use.
FC IDs can make SAN monitoring and management easier. When you see the same domain or FC ID consistently assigned, you can readily determine the native VSAN or device to which it refers.
FC ID Guidelines
Before configuring persistent FC IDs, consider the following:
You can configure two types of database entries for persistent IVR FC IDs:
– Virtual domain entries—Contain the virtual domain that should be used to represent a native VSAN in a specific VSAN (current VSAN). Virtual domain entries contain the following information:
Virtual domain to be used for the native AFID and VSAN in current AFID and VSAN
– Virtual FC ID entries—Contain the virtual FC ID that should be used to represent a device in a specific VSAN (current VSAN). Virtual FC ID entries contain the following information:
Virtual FC ID to be used to represent a device for the given pWWN in the current AFID and VSAN
If you use persistent FC IDs for IVR, we recommend that you use them for all the devices in the IVR zone set. We do not recommend using persistent FC IDs for some of the IVR devices while using automatic allocation for other devices.
IVR NAT must be enabled to use IVR persistent FC IDs.
In an IVR NAT configuration, if one VSAN in the IVR topology is configured with static domain IDs, then the IVR domains that can be exported to that VSAN must also be assigned static domains.
Configuring Persistent FC IDs for IVR
To configure persistent FC IDs for IVR, follow these steps:
Adds or replaces a database entry for native AFID 20, native VSAN 11, and domain 12, and enters IVR fcdomain FC ID configuration submode. Domains of all the corresponding persistent FC ID entries, if any, are also changed to 12.
switch(config-fcdomain)# no native-autonomous-fabric-num 20 native-vsan 11
Deletes the virtual domain entry native AFID 20 and native VSAN 11, and all corresponding FC ID entries.
This section describes advanced configuration information for IVR zones and IVR zone sets. For basic information on configuring IVR zones and zone sets, see IVR Zones and IVR Zone Sets.
As part of the IVR configuration, you need to configure one or more IVR zone to enable cross-VSAN communication. To achieve this, you must specify each IVR zone as a set of (pWWN, VSAN) entries. Different IVR zone sets can contain the same IVR zone, because IVR zones can be members of one or more IVR zone sets.
Note The same IVR zone set must be activated on all of the IVR-enabled switches.
Prior to Cisco SAN-OS Release 3.0(3) you can only configure a total of 10,000 zone members on all switches in a network. As of Cisco SAN-OS Release 3.0(3) you can only configure a total of 20,000 zone members on all switches in a network. A zone member is counted twice if it exists in two zones. See
Database Merge Guidelines.
When interop mode is enabled, consider the following IVR configuration guidelines:
When a member's native VSAN is in interop mode (for example, when the interop mode is 2, 3, or 4), then ReadOnly, the QoS attribute, and LUN zoning are not permitted.
When a member’s VSAN is already in interop mode and an attempt is made to configure ReadOnly, the QoS attribute, or LUN zoning, a warning message is displayed to indicate that the configuration is not permitted.
When you configure ReadOnly, the QoS attribute, or LUN zoning first, and then change the member’s VSAN interop mode, a warning message is displayed to indicate the configuration is not permitted. You are then prompted to change the configuration.
Example 2-9 shows samples of the warning messages that are displayed when configuration changes are made that affect ReadOnly, the QoS attribute, and LUN zoning.
Example 2-9 IVR Zone Configuration Warning Messages
switch(config)# vsan database
switch(config-vsan-db)# vsan 2
switch(config-vsan-db)# vsan 2 interop 2
switch(config)# ivr zoneset name ivr_zs1 switch(config-ivr-zoneset)# zone name ivr_z1 switch(config-ivr-zoneset-zone)# member pwwn 21:00:00:14:c3:3d:45:22 lun 0x32 vsan 2 VSAN is in interop mode, and LUN zoning cannot be set.
switch(config)# ivr zoneset name ivr_zs1 switch(config-ivr-zoneset)# zone name ivr_z1 switch(config-ivr-zoneset-zone)# member pwwn 21:00:00:14:c3:3d:45:22 vsan 2 switch(config-ivr-zoneset-zone)# attribute read-only VSAN is in interop mode and zone member has been configured, zone cannot be set to READ-ONLY.
switch(config-ivr-zoneset-zone)# attribute qos priority medium VSAN is in interop mode and zone member has been configured, QoS cannot be assigned to zone.
Configuring LUNs in IVR Zoning
LUN zoning can be used between members of active IVR zones.You can configure the service by creating and activating LUN zones between the desired IVR zone members in all relevant edge VSANs using the zoning interface or you can use LUN zoning directly supported by IVR. For more details on the advantages of LUN zoning, refer to the Cisco MDS 9000 Family NX-OS Fabric Configuration Guide or the Cisco Fabric Manager Fabric Configuration Guide.
To configure LUNs in IVR zoning, follow these steps:
switch# config t
Enters configuration mode.
switch(config)# ivr zone name IvrLunZone
Configures an IVR zone called IvrLunZone.
switch(config-ivr-zone)# member pwwn 10:00:00:23:45:67:89:ab lun 0x64 vsan 10
Configures an IVR zone member based on the specified pWWN and LUN value.
Note The CLI interprets the LUN identifier value as a hexadecimal value whether or not the 0x prefix is included.
switch(config-ivr-zone)# member pwwn 10:00:00:23:45:67:89:ab lun 0x64 vsan 10 autonomous-fabric-id 20
Configures an IVR zone member based on the specified pWWN, LUN value, and AFID.
switch(config-ivr-zone)# no member pwwn 20:81:00:0c:85:90:3e:80 lun 0x32 vsan 13 autonomous-fabric-id 10
Removes an IVR zone member.
Note You can configure LUN zoning in an IVR zone set setup.
Configuring the QoS Attribute
To configure the QoS attribute for an IVR zone, follow these steps:
switch# config t
Enters configuration mode.
switch(config)# ivr zone name IvrZone
Configures an IVR zone called IvrZone.
switch(config-ivr-zone)# attribute qos priority medium
Configures the QoS for IVR zone traffic to medium.
switch(config-ivr-zone)# no attribute qos priority medium
Reverts to the default QoS setting. The default is low.
Note If other QoS attributes are configured, the highest setting takes priority.
Verifying the QoS Attribute For an IVR Zone
Use the show ivr zone command to verify the QoS attribute for an IVR zone.
switch(config)# show ivr zone
zone name IvrZone
attribute qos priority medium
Renaming IVR Zones and IVR Zone Sets
To rename an IVR zone, use the ivr zone rename command in EXEC mode.
switch# ivr zone rename ivrzone1 ivrzone2
To rename an IVR zone set, use the ivr zoneset rename command in EXEC mode.
switch# ivr zoneset rename ivrzone1 ivrzone2
Clearing the Configured IVR Zone Database
Clearing a zone set erases the configured zone database, not the active zone database.
To clear the configured IVR zone database, use the clear ivr zone database command.
switch# clear ivr zone database
Clears all configured IVR zone information.
switch# copy running-config startup-config
Ensures that the running configuration is used when you restart the switch.
Configuring IVR Using Read-Only Zoning
Read-only zoning (with or without LUNs) can be used between members of active IVR zones. To configure this service, you must create and activate read-only zones between the desired IVR zone members in all relevant edge VSANs using the zoning interface.
Note Read-only zoning cannot be configured in an IVR zone set setup.
Enabling Advanced Fabric Services on IVR Flows
Advanced fabric services (such as SME and IOA) use fabric-wide FC-Redirect infrastructure to redirect the traffic flows. These services can now be enabled on IVR flows using an internal feature, Abstract ACL Manager (AAM).
The steps to enable this functionality is listed in the following sub-sections:
The following prerequisites must be considered before enabling AAM for IVR:
CFS distribution must be enabled for IVR.
AAM is supported only in IVR-NAT mode.
The switches where the fabric services (such as SME and IOA) are enabled must be running the AAM supported NX-OS release 5.0(1) or later.
FC-Redirect can be running in version 1 or version 2 mode.
AAM support for IVR must be enabled before enabling IVR support for FCR.
Generation 1 modules are not supported when IVR support is enabled for FCR. Specifically, ISLs should not be configured on Generation 1 modules, and the devices that support IVR for FCR should not be connected to Generation 1 modules.
LUN zoning is not supported when AAM is enabled for IVR.
IVR merge is supported only when both the fabrics have AAM enabled or both the fabrics have AAM disabled. The IVR merge will fail if one of the fabric has AAM enabled and the other fabric has AAM disabled.
You must delete all the advanced fabric service (SME and IOA) configurations for IVR devices and then disable IVR support for FCR before disabling AAM support for IVR.
Before downgrading to an earlier release to MDS NX-OS Release 5.0(1), you must delete all the advanced fabric service (SME and IOA) configurations for IVR devices, disable IVR support for FCR, and then disable AAM support for IVR.