Cisco MDS 9000 Family Configuration Guide, Release 1.0(2)
Product Overview
Download this chapter
Product OverviewProduct Overview
Download the complete book
Whole Book PDFWhole Book PDF (PDF - 4 MB)
 Feedback

Table Of Contents

Product Overview

Hardware Overview

Cisco MDS 9216 Fabric Switch

Cisco MDS 9509 Director

Software Features

High Availability

Switch Reliability

Virtual SANs

Intelligent Zoning

Trunking

PortChannels

IP Services

Call Home

QoS and Congestion Control

Switch Management Features

Redundant Supervisor Module Management

Fabric Management

Security Management

Tools for Software Configuration

CLI

Cisco MDS 9000 Fabric Manager


Product Overview

The Cisco MDS 9000 Family of multilayer directors and fabric switches offer intelligent fabric-switching services that realize maximum performance while ensuring high reliability levels. They combine robust and flexible hardware architecture with multiple layers of network and storage management intelligence. This powerful combination enables highly available, scalable storage networks that provide advanced security and unified management features.

The Cisco MDS 9000 Family provides intelligent networking features such as multiprotocol and multitransport integration, virtual SANs (VSANs), advanced security, sophisticated debug analysis tools, and unified SAN management.

This chapter lists the hardware features for the Cisco MDS 9000 Family and describes its software features. It includes the following sections:

Hardware Overview

Software Features

Tools for Software Configuration

Hardware Overview

This section provides an overview of the Cisco MDS 9000 Family of multilayer directors and fabric switches.

Cisco MDS 9216 multilayer fabric switches contain one fixed integrated supervisor module with 16 Fibre Channel ports and an expansion slot which can support up to 32 additional ports (for a total of 48 ports).

Cisco MDS 9509 multilayer directors contain two slots for supervisor modules and 7 slots for switching modules providing up to 224 ports (32 ports x 7 slots).

Cisco MDS 9216 Fabric Switch

Cisco MDS 9216 fabric switches share a consistent software architecture with the Cisco MDS 9500 Series in a semi-modular chassis. They consist of the following major hardware components:

The chassis has two slots, one of which is reserved for the supervisor module. The supervisor module provides supervisor functions and has 16 standard, Fibre Channel ports.

The backplane has direct plug-in connectivity to one switching module (any type).

Two redundant, hot-swappable power supplies have AC connections, each of which can supply power to a fully loaded chassis.

The hot-swappable fan tray has four fans managing the airflow and cooling for the entire switch.

The 1-Gbps or 2-Gbps autosensing Fibre Channel ports support Inter-Switch Links (E ports), extended Inter-Switch Links (TE ports), loop (FL and TL ports), and fabric (F ports) connectivity. Besides Telnet access, a 10/100BASE-T Ethernet port provides switch access and an RS-232 serial port allows switch configuration.

Refer to the Cisco MDS 9200 Series Hardware Installation Guide.

Cisco MDS 9509 Director

The Cisco MDS 9509 Director addresses the stringent requirements of large data center storage environments and consists of the following major hardware components:

The chassis has nine slots, two of which are reserved for the supervisor modules.

The backplane has direct plug-in connectivity to seven switching modules, two integrated supervisor modules, two clock modules, and two power supplies.

Two redundant, hot-swappable power supplies have AC or DC connection, each of which can supply power to the entire chassis.

The hot-swappable fan tray has nine fans managing the airflow and cooling for the entire switch.

Two supervisor modules ensure high availability and traffic load balancing capabilities. Each supervisor module can control the entire switch. The standby supervisor module provides redundancy in case the active supervisor module fails.

Up to seven hot-pluggable switching modules. These modules can provide Fibre Channel services at either 1 Gbps or 2 Gbps.

The 1-Gbps or 2-Gbps autosensing Fibre Channel ports support Inter-Switch Links (E ports), Extended Inter-Switch Links (TE ports), loop (FL and TL ports), and fabric (F ports) connectivity. Besides Telnet access, a 10/100BASE-T Ethernet port provides switch access and an RS-232 serial port allows switch configuration.

Refer to the Cisco MDS 9500 Series Hardware Installation Guide.

Software Features

This section provides an overview of the major software features of the Cisco MDS 9000 Family of multilayer directors and fabric switches.

High Availability

The Cisco MDS 9500 Series of multilayer directors support application restartability and nondisruptive supervisor switchability. The switches are protected from system failure by redundant hardware components and a high availability software framework. The high availability (HA) software framework includes the following:

Ensures nondisruptive software upgrade capability. See "Software Images."

Provides stateful redundancy for supervisor module failure by using dual supervisor modules.

Protects against link failure using the PortChannel (port aggregation) feature. See "Configuring PortChannels."

Provides management redundancy using Virtual Routing Redundancy Protocol (VRRP). See the "Configuring VRRP" section

Performs nondisruptive restarts of a failed process on the same supervisor module. A service running on the supervisor modules and on the switching module tracks the HA policy defined in the configuration and takes action based on this policy. This feature is also available in Cisco MDS 9216 switches.

See "Configuring High Availability."

Switch Reliability

Switches in the Cisco MDS 9000 Family maintain internally controlled reliability services that ensure continued service with no degradation. This reliability service includes the following:

Provides power-on self testing (POST)

Detects errors, isolates faults, performs parity checking, and checks illegal addresses

Enables remote diagnostics using Call Home troubleshooting features

Displays LEDs that summarize the status of each switching module, supervisor module, power supply, and fan assembly

Virtual SANs

VSANs (virtual SANs) enable higher security and greater scalability in Fibre Channel fabrics. VSANs provide isolation among devices that are physically connected to the same fabric. VSANs allow multiple logical SANs over a common physical infrastructure. VSANs offer the following:

Traffic isolation—Traffic is contained within VSAN boundaries and devices reside only in one VSAN thus ensuring absolute separation between user groups, if desired.

Scalability—VSANs are overlaid on top of a single physical SAN. The ability to create several logical VSAN layers increases the scalability of the SAN.

Per VSAN fabric services—Replication of fabric services on a per VSAN basis provides increased scalability and availability.

Redundancy—Several VSANs created on the same physical SAN ensure redundancy. If one VSAN fails, redundant protection is provided by a configured backup path between the host and the switch.

Ease of configuration—Users can be added, moved, or changed between VSANs without changing the physical structure of a SAN. Moving a device from one VSAN to another only requires configuration at the port level, not at a physical level.

See "Configuring and Managing VSANs."

Intelligent Zoning

Zoning controls access between devices in a VSAN. Zoning accomplishes the following:

Partitions devices that use different operating systems. In a heterogeneous environment, it is often necessary to separate servers and storage devices to avoid accidental transfer of information between devices with different operating systems. Such transfers could result in corruption or deletion of data.

Creates logical subsets of closed user groups. Closed user groups are needed to enforce security or to separate functional areas across the fabric.

Configures groups of devices that are separate from the rest of the fabric. Based on the assigned zone membership, devices outside the zone cannot access devices internal to the zone.

Provides temporary access between devices (zone sets). Zone restrictions can be imposed temporarily, and then restored to revert to normal operation, if desired.

See "Configuring and Managing Zones" and the "VSANs Versus Zones" section.

Trunking

Trunking is the term used to refer to an ISL link that carries one or more VSANs. Trunking ports receive and transmit Extended ISL (EISL) frames. EISL frames carry an EISL header containing VSAN information. Once EISL is enabled on an E port, that port becomes a TE port (see "Configuring Interfaces," and "Configuring Trunking"). The trunking configuration is saved along with the interface information.

See the "About PortChanneling and Trunking" section.

PortChannels

PortChannel refers to the aggregation of multiple physical Fibre Channel ports into one logical port to provide high aggregated bandwidth, load balancing, and link redundancy. Up to 16 physical ports can be aggregated into a PortChannel. PortChannels can connect to ports across switching modules. The failure of a port in one switching module does not bring down the logical PortChannel link. Specifically, a PortChannel does the following:

Increases the aggregate bandwidth on an ISL or EISL by distributing traffic among all functional links in the channel.

Load balances across multiple links and maintains optimum bandwidth utilization. Load balancing is based on a source ID (SID), destination ID (DID), and optionally the originator exchange ID (OX ID) that identify the flow of the frame.

Provides high availability on an ISL. If one link fails, traffic previously carried on this link is switched to the remaining links. If a link goes down in a PortChannel, the upper protocol is not aware of it. To the upper protocol, the link is still there, although the bandwidth is diminished. The routing tables are not affected by link failure. PortChannels can contain up to 16 physical links and can span multiple modules for added high availability.

See "Configuring PortChannels."

IP Services

Switches in the Cisco MDS 9000 Family support the following IP services:

IP over Ethernet —These services are limited to management traffic.

IP over Fibre Channel (IPFC)—IPFC (RFC 2625) specifies how IP packets are transported using encapsulation schemes. By encapsulating IP frames into Fibre Channel frames, management information is exchanged among switches without requiring a separate Ethernet connection to each switch. Each switch includes:

Encapsulation for IP and Address Resolution Protocol (ARP) over Fibre Channel.

Address resolution uses the ARP server.

IP routing services—These services include:

Ethernet or TCP/IP connection.

Static IP routing services to enable management traffic between VSANs.

DNS client support.

The Network Time Protocol (NTP) server synchronizes the system clocks of network devices.

See "Configuring IP Services."

Call Home

The Call Home feature detects switch failures and sends alerts along with relevant failure information. These alerts are sent through E-mail to a user-specified customer center.

See "Configuring Call Home."

QoS and Congestion Control

Switches in the Cisco MDS 9000 Family provide priority queuing and flow control services.

Priority queuing—The switches provide low and high priority quality of service (QoS) queues. While time-critical traffic is marked as high priority traffic, all other traffic is assigned to the default low priority queue.

Fibre Channel Congestion Control (FCC)—FCC is a flow control mechanism that alleviates congestion on Fibre Channel networks. Any switch in the network can detect congestion for an output port. The switches sample frames from the congested queue and generate messages about the congestion level upstream toward the source of the congestion. The switch closest to the source, with FCC enabled, can perform one of two actions:

Forwards the frames as other vendor switches do.

Limits the flow of frames from the port causing the congestion.

See "Configuring Traffic Management."

Switch Management Features

Besides the software features already listed, there are additional management features that fall into the following categories: redundant supervisor module management, fabric management, and security management

Redundant Supervisor Module Management

Series of multilayer directors support two redundant supervisor modules. They require two supervisor modules to enforce redundant supervisor module management and high availability and restartability (see Table 1-1).

Table 1-1 Supervisor Module Options in Cisco MDS 9000 Switches 

Product
No. of Supervisor Modules
Slot
Features

Cisco MDS 9216

One module (includes 16 Fibre Channel ports)

Slot 1

2-slot chassis allows one optional switching module in the other slot.

Cisco MDS 9509

Two modules

Slots 5 and 6

9-slot chassis allows any switching module in the other seven slots.


When the switch powers up and both supervisor modules are present, the module in slot 5 enters the active mode, while the second module in slot 6 enters the standby mode. All storage management functions occur on the active supervisor module. The standby module constantly monitors the active module. If the active module fails, the standby module takes over without any impact to user traffic.

Refer to the Cisco MDS 9500 Series Hardware Installation Guide.

Fabric Management

Switches in the Cisco MDS 9000 Family offer fabric management and control through the command-line interface (CLI) by using Telnet, SSH, or a serial console and through the Cisco MDS 9000 Fabric Manager tool by using the Simple Network Management Protocol (SNMP) services:

SNMP versions 1, 2, and 3 are supported.

Remote Monitoring (RMON) allows you to specify thresholds and monitor alarms on SNMP variables. Extended RMON alarms are available for supported Management Information Base (MIB) objects (see the Cisco MDS 9000 Family MIB Reference Guide).

System error message logs (syslogs) are viewed through a console or Telnet session for asynchronous events such as an interface transition. Syslogs are directed to a local buffer or to an external server and are provisioned using the CLI or the Cisco Fabric Manager GUI (see the Cisco MDS 9000 Family System Messages Guide).

See the "CLI" section, the "Cisco MDS 9000 Fabric Manager" section, and the "SNMP Security" section.

Security Management

The Cisco MDS 9000 Family of switches offer strict and secure switch management options through switch access security, user authentication, and role-based access.

See "Configuring System Security and AAA Services."

Switch Access Security

Each switch can be accessed through the CLI or SNMP.

Secure switch access—Available when you explicitly enable Secure Shell (SSH) access to the switch. SSH access provides additional controlled security by encrypting data, user IDs, and passwords. By default, Telnet access is enabled on each switch.

SNMP access—SNMPv3 provides built-in security for secure user authentication and data encryption.

User Authentication

A strategy known as authentication, authorization, and accounting (AAA) is used to verify the identity of, grant access to, and track the actions of remote users. The Remote Access Dial-In User Service (RADIUS) protocol provides AAA solutions.

Based on the user ID and password combination provided, switches perform local authentication using a local database or remote authentication using the RADIUS server(s). A global, preshared, secret key authenticates communication between the RADIUS client and server. This secret key can be configured for all RADIUS servers or for only a specific RADIUS server. This kind of authentication provides a central configuration management capability.

Role-Based Access

Role-based access assigns roles or groups to users and limits access to the switch. Access is assigned based on the permission level associated with each user ID. Your administrator can provide complete access to each user or restrict access to specific read and write levels for each command.

SNMP and CLI access rights are organized by roles. Each role is similar to a group. Each group of users has a specific role, and the access for that group can be enabled or disabled.

Tools for Software Configuration

You can use one of two configuration management tools to configure your SANs: the CLI and the Cisco MDS 9000 Fabric Manager graphical user interface (GUI) from your browser (see Figure 1-1).

Figure 1-1 Tools for Configuring Software

CLI

With the CLI, you can type commands at the switch prompt, and the commands are executed when you press the Enter key. The CLI parser provides command help, command completion, and keyboard sequences that allow you to access previously executed commands from the buffer history.

Cisco MDS 9000 Fabric Manager

The Cisco Fabric Manager is a Java and SNMP-based network fabric and device management tool with a GUI that displays real-time views of your network fabric and installed devices. The Cisco Fabric Manager provides three views for managing your network fabric:

The Device View displays a continuously updated physical picture of device configuration and performance conditions for a single switch.

The Fabric View displays a view of your network fabric, including multiple switches.

The Summary View presents a summary view of switches, hosts, storage subsystems, and VSANs.

The Cisco Fabric Manager provides an alternative to the CLI for most switch configuration commands. The Cisco Fabric Manager is bundled with each switch in the Cisco MDS 9000 Family.

Refer to the Cisco MDS 9000 Fabric Manager User Guide.

Note Resource Manager Essentials (RME) versions 3.4 and 3.5 provide support for switches in the Cisco MDS 9000 Family. Patches are available on Cisco Connection Online (http://www.cisco.com/).