This chapter provides an overview of SAN switching for Cisco Nexus 9000 devices. This chapter includes the following sections:
The Fibre Channel
domain (fcdomain) feature performs principal switch selection, domain ID
distribution, FC ID allocation, and fabric reconfiguration functions as
described in the FC-SW-2 standards. The domains are configured per VSAN . If
you do not configure a domain ID, the local switch uses a random ID.
N port virtualizer (NPV) is a complementary feature that reduces the number of Fibre Channel domain IDs in core-edge SANs.
Cisco Nexus 9000 series fabric switches operating in the NPV mode do not join a fabric; they only pass traffic between core
switch links and end devices, which eliminates the domain IDs for these switches. NPIV is used by edge switches in the NPV
mode to log in to multiple end devices that share a link to the core switch.
Trunking, also known
as VSAN trunking, enables interconnect ports to transmit and receive frames in
more than one VSAN over the same physical link. Trunking is supported on E
ports and F ports.
Virtual SANs (VSANs)
partition a single physical SAN into multiple VSANs. VSANs allow the Cisco
NX-OS software to logically divide a large physical fabric into separate,
isolated environments to improve Fibre Channel SAN scalability, availability,
manageability, and network security.
Each VSAN is a
logically and functionally separate SAN with its own set of Fibre Channel
fabric services. This partitioning of fabric services greatly reduces network
instability by containing fabric reconfiguration and error conditions within an
individual VSAN. The strict traffic segregation provided by VSANs can ensure
that the control and data traffic of a specified VSAN are confined within the
VSAN's own domain, which increases SAN security. VSANs can reduce costs by
facilitating consolidation of isolated SAN islands into a common infrastructure
without compromising availability.
You can create
administrator roles that are limited in scope to certain VSANs. For example,
you can set up a network administrator role to allow configuration of all
platform-specific capabilities and other roles to allow configuration and
management only within specific VSANs. This approach improves the manageability
of large SANs and reduces disruptions due to human error by isolating the
effect of a user action to a specific VSAN whose membership can be assigned
based on switch ports or the worldwide name (WWN) of attached devices.
Zoning provides access
control for devices within a SAN. The Cisco NX-OS software supports the
following types of zoning:
To provide strict network security, zoning is always enforced per frame using access control lists (ACLs) that are applied
at the ingress switch. All zoning polices are enforced in the hardware, and none of them cause performance degradation.
Device Alias Services
The software supports Device Alias Services (device alias) fabric wide. Device alias distribution allows you to move host
bus adapters (HBAs) between VSANs without manually reentering alias names.
Fibre Channel Routing
Fabric Shortest Path
First (FSPF) is the protocol used by Fibre Channel fabrics. FSPF is enabled by
default on all Fibre Channel switches. You do not need to configure any FSPF
services except in configurations that require special consideration. FSPF
automatically calculates the best path between any two switches in a fabric.
Specifically, FSPF is used to perform these functions:
- Dynamically compute routes
throughout a fabric by establishing the shortest and quickest path between any
- Select an alternative path if
a failure occurs on a given path. FSPF supports multiple paths and
automatically computes an alternative path around a failed link. FSPF provides
a preferred route when two equal paths are available.
Advanced Fibre Channel Features
You can configure
Fibre Channel protocol-related timer values for distributed services, error
detection, and resource allocation.
You must uniquely
associate the WWN to a single switch. The principal switch selection and the
allocation of domain IDs rely on the WWN.
standards require that you allocate a unique FC ID to an N port that is
attached to an F port in any switch.
Fabric Configuration Servers
Configuration Server (FCS) provides discovery of topology attributes and
maintains a repository of configuration information of fabric elements. A
management application is usually connected to the FCS on the switch through an
N port. Multiple VSANs constitute a fabric, where one instance of the FCS is
present per VSAN.