Table Of Contents
Product Overview
Hardware Overview
Cisco MDS 9100 Series Fixed Configuration Fabric Switches
Cisco MDS 9216 Fabric Switches
Cisco MDS 9500 Modular Directors
Software Features
Licensing
High Availability
Switch Reliability
Virtual SANs
Intelligent Zoning
Inter-VSAN Routing
Trunking
PortChannels
IP Services
IP Storage
Call Home
QoS and Congestion Control
SPAN and RSPAN
Switch Management Features
Redundant Supervisor Module Management
Fabric Management
Security Management
Tools for Software Configuration
CLI
Cisco MDS 9000 Fabric Manager
Product Overview
The Cisco MDS 9000 Family of multilayer directors and fabric switches offers intelligent fabric-switching services that realize maximum performance while ensuring high reliability levels. They combine robust and flexible hardware architecture with multiple layers of network and storage management intelligence. This powerful combination enables highly available, scalable storage networks that provide advanced security and unified management features.
The Cisco MDS 9000 Family provides intelligent networking features such as multiprotocol and multitransport integration, virtual SANs (VSANs), advanced security, sophisticated debug analysis tools, and unified SAN management.
This chapter lists the hardware features for the Cisco MDS 9000 Family and describes its software features. It includes the following sections:
•
Hardware Overview
•Software Features
•Tools for Software Configuration
Hardware Overview
This section provides an overview of the Cisco MDS 9000 Family of multilayer directors and fabric switches.
•Cisco MDS 9120 multilayer switches contain 20 ports (4 full rate ports, 16 host-optimized ports).
•Cisco MDS 9140 multilayer switches contain 40 ports (8 full rate ports, 32 host-optimized ports).
•Cisco MDS 9216 multilayer fabric switches contain one fixed integrated supervisor module with 16 Fibre Channel ports and an expansion slot that can support up to 32 additional ports (for a total of 48 ports).
•Cisco MDS 9506 multilayer directors contain two slots for supervisor modules and 4 slots for switching or services modules, providing up to 128 ports (32 ports x 4 slots).
•Cisco MDS 9509 multilayer directors contain two slots for supervisor modules and 7 slots for switching or services modules, providing up to 224 ports (32 ports x 7 slots).
Cisco MDS 9100 Series Fixed Configuration Fabric Switches
Cisco MDS 9100 Series includes two multilayer, fixed configuration (non-modular) switches:
•The Cisco MDS 9120 has 20 ports (4 full-rate ports, 16 host-optimized ports).
•The Cisco MDS 9140 provides 40 ports (8 full-rate ports, 32 host-optimized ports).
These fixed configuration switches are packaged in 1 RU enclosures and have the following features:
•Two redundant, hot-swappable power supplies have AC connections, each of which can supply power to the entire chassis.
•Two hot-swappable fan modules with two fans each manage the airflow and cooling for the entire switch.
•The 1-Gbps or 2-Gbps autosensing Fibre Channel ports support Inter-Switch Links (E ports), Extended Inter-Switch Links (TE ports), loops (FL and TL ports), and fabric (F ports) connectivity. Besides Telnet access, a 10/100BASE-T Ethernet port provides switch access.
•Hot-swappable, small form-factor pluggable (SFP) ports can be configured with either short or long wavelength SFPs for connectivity up to 500 m and 10 km, respectively.
Note Switches in the Cisco MDS 9100 Series do not have a COM1 port (a RS-232 serial port).
Refer to the Cisco MDS 9100 Series Hardware Installation Guide.
Cisco MDS 9216 Fabric Switches
Cisco MDS 9216 fabric switches share a consistent software architecture with the Cisco MDS 9500 Series in a semi-modular chassis. They consist of the following major hardware components:
•The chassis has two slots, one of which is reserved for the supervisor module. The supervisor module provides supervisor functions and has 16 standard, Fibre Channel ports.
•The backplane has direct plug-in connectivity to one switching module (any type).
•Two redundant, hot-swappable power supplies have AC connections, each of which can supply power to a fully loaded chassis.
•The hot-swappable fan module has four fans managing the airflow and cooling for the entire switch.
•The 1-Gbps or 2-Gbps autosensing Fibre Channel ports support Inter-Switch Links (E ports), extended Inter-Switch Links (TE ports), loops (FL and TL ports), and fabric (F ports) connectivity. Besides Telnet access, a 10/100BASE-T Ethernet port provides switch access and a RS-232 (EIA/TIA-232) serial port allows switch configuration.
•Hot-swappable, small form-factor pluggable (SFP) ports can be configured with either short or long wavelength SFPs for connectivity up to 500 m and 10 km, respectively.
•The Cisco MDS 9216 supports the IP Storage Services (IPS) module. All IPS modules are configurable for both FCIP and iSCSI operation on a port-by-port basis. Ports configured for FCIP operation can be further configured to support up to three virtual ISL connections.
Refer to the Cisco MDS 9200 Series Hardware Installation Guide.
Cisco MDS 9500 Modular Directors
The Cisco MDS 9500 Series includes two multilayer, modular directors:
•The Cisco MDS 9506 Director addresses the stringent requirements of data center storage environments and consists of the following major hardware components:
–The chassis has six slots, two of which are reserved for the supervisor modules.
–Up to four hot-pluggable switching or services modules that provide Fibre Channel or Gigabit Ethernet services.
–The backplane has direct plug-in connectivity to four switching modules, two integrated supervisor modules, two clock modules, and two power supplies.
–The hot-swappable fan module has six fans managing the airflow and cooling for the entire switch.
•The Cisco MDS 9509 Director addresses the stringent requirements of large data center storage environments and consists of the following major hardware components:
–The chassis has nine slots, two of which are reserved for the supervisor modules.
–Up to seven hot-pluggable switching or services modules that provide Fibre Channel or Gigabit Ethernet services.
–The backplane has direct plug-in connectivity to seven switching modules, two integrated supervisor modules, two clock modules, and two power supplies.
–The hot-swappable fan module has nine fans managing the airflow and cooling for the entire switch.
These modular directors have the following features:
•Two redundant, hot-swappable power supplies have AC or DC connection, each of which can supply power to the entire chassis.
•Two supervisor modules ensure high availability and traffic load balancing capabilities. Each supervisor module can control the entire switch. The standby supervisor module provides redundancy in case the active supervisor module fails.
•The 1-Gbps or 2-Gbps autosensing Fibre Channel ports support Inter-Switch Links (E ports), Extended Inter-Switch Links (TE ports), loops (FL and TL ports), and fabric (F ports) connectivity. Besides Telnet access, a 10/100BASE-T Ethernet port provides switch access and a RS-232 serial port allows switch configuration.
•Hot-swappable, small form-factor pluggable (SFP) ports can be configured with either short or long wavelength SFPs for connectivity up to 500 m and 10 km, respectively.
•The Cisco MDS 9500 Series supports the IP Storage Services (IPS) module. All IPS modules are configurable for both FCIP and iSCSI operation on a port-by-port basis. Ports configured for FCIP operation can be further configured to support up to three virtual ISL connections.
Refer to the Cisco MDS 9500 Series Hardware Installation Guide.
Software Features
This section provides an overview of the major software features of the Cisco MDS 9000 Family of multilayer directors and fabric switches.
Licensing
The licensing functionality is available in all switches in the Cisco MDS 9000 Family. This functionality allows you to access specified premium features on the switch after you install the appropriate license for that feature. Licenses are sold, supported, and enforced as of Cisco MDS SAN-OS Release 1.3(1).
See "Obtaining and Installing Licenses."
High Availability
The Cisco MDS 9500 Series of multilayer directors support application restartability and nondisruptive supervisor switchability. The switches are protected from system failure by redundant hardware components and a high availability software framework. The high availability (HA) software framework includes the following:
•Provides stateful redundancy for supervisor module failure by using dual supervisor modules.
•Ensures nondisruptive software upgrade capability.
•Protects against link failure using the PortChannel (port aggregation) feature. This feature is also available in Cisco MDS 9216 switches and in the Cisco MDS 9100 Series.
•Provides management redundancy using the Virtual Router Redundancy Protocol (VRRP). This feature is also available in Cisco MDS 9216 switches and in the Cisco MDS 9100 Series.
•Performs nondisruptive restarts of a failed process on the same supervisor module. A service running on the supervisor modules and on the switching module tracks the HA policy defined in the configuration and takes action based on this policy. This feature is also available in Cisco MDS 9216 switches and in the Cisco MDS 9100 Series.
See "Configuring High Availability," "Software Images," "Configuring PortChannels," and the "Configuring VRRP" section.
Switch Reliability
Switches in the Cisco MDS 9000 Family maintain internally controlled reliability services that ensure continued service with no degradation. This reliability service includes the following:
•Provides power-on self testing (POST)
•Detects errors, isolates faults, performs parity checking, and checks illegal addresses
•Enables remote diagnostics using Call Home troubleshooting features
•Displays LEDs that summarize the status of each switching module, supervisor module, power supply, and fan assembly
Virtual SANs
VSANs (virtual SANs) enable higher security and greater scalability in Fibre Channel fabrics. VSANs provide isolation among devices that are physically connected to the same fabric. VSANs allow multiple logical SANs over a common physical infrastructure. VSANs offer the following:
•Traffic isolation—Traffic is contained within VSAN boundaries and devices reside only in one VSAN thus ensuring absolute separation between user groups, if desired.
•Scalability—VSANs are overlaid on top of a single physical SAN. The ability to create several logical VSAN layers increases the scalability of the SAN.
•Per VSAN fabric services—Replication of fabric services on a per VSAN basis provides increased scalability and availability.
•Redundancy—Several VSANs created on the same physical SAN ensure redundancy. If one VSAN fails, there is a configured backup path between the host and the switch.
•Ease of configuration—Devices can be added, moved, or changed between VSANs without changing the physical structure of a SAN. Moving a device from one VSAN to another only requires configuration at the port level, not at a physical level.
See "Configuring and Managing VSANs."
Intelligent Zoning
Zoning controls access between devices in a VSAN. Zoning accomplishes the following:
•Partitions devices that use different operating systems. In a heterogeneous environment, it is often necessary to separate servers and storage devices to avoid accidental transfer of information between devices with different operating systems. Such transfers could result in corruption or deletion of data.
•Creates logical subsets of closed user groups. Closed user groups are needed to enforce security or to separate functional areas across the fabric.
•Configures groups of devices that are separate from the rest of the fabric. Based on the assigned zone membership, devices outside the zone cannot access devices internal to the zone.
•Provides temporary access between devices (zone sets). Zone restrictions can be imposed temporarily, and then restored to revert to normal operation, if desired.
•Restricts access to specific logical unit numbers (LUNs) associated with a device.
•Allows members to have only read-only access to the media within a read-only Fibre Channel zone.
See "Configuring and Managing Zones" and the "VSANs Versus Zones" section.
Inter-VSAN Routing
Using Inter-VSAN Routing (IVR), resources across VSANs can be accessed without compromising other VSAN benefits. Valuable resources such as tape libraries are easily shared across VSANs without compromise.Routes that traverse one or more VSANs across multiple switches can be established, if necessary, to establish proper interconnections. IVR used in conjunction with FCIP provides more efficient business continuity or disaster recovery solutions.
See "Configuring Inter-VSAN Routing."
Trunking
Trunking is the term used to refer to an ISL link that carries one or more VSANs. Trunking ports receive and transmit Extended ISL (EISL) frames. EISL frames carry an EISL header containing VSAN information. Once EISL is enabled on an E port, that port becomes a TE port. The trunking configuration is saved along with the interface information.
See "Configuring Interfaces," "Configuring Trunking," and the "About PortChanneling and Trunking" section.
PortChannels
PortChannel refers to the aggregation of multiple physical Fibre Channel ports into one logical port to provide high aggregated bandwidth, load balancing, and link redundancy. Up to 16 physical ports can be aggregated into a PortChannel. PortChannels can connect to ports across switching modules. The failure of a port in one switching module does not bring down the logical PortChannel link. Specifically, a PortChannel does the following:
•Increases the aggregated bandwidth on an ISL or EISL by distributing traffic among all functional links in the channel.
•Load balances across multiple links and maintains optimum bandwidth utilization. Load balancing is based on a source ID (SID), a destination ID (DID), and optionally an originator exchange ID (OX ID) which identify the flow of the frame.
•Provides high availability on an ISL. If one link fails, traffic previously carried on this link is switched to the remaining links. If a link goes down in a PortChannel, the upper protocol is not aware of it. To the upper protocol, the link is still there, although the bandwidth is diminished. The routing tables are not affected by link failure. PortChannels can contain up to 16 physical links and can span multiple modules for added high availability.
See "Configuring PortChannels."
IP Services
Switches in the Cisco MDS 9000 Family support the following IP services:
•IP over Ethernet —These services are limited to management traffic.
•IP over Fibre Channel (IPFC)—IPFC (RFC 2625) specifies how IP packets are transported using encapsulation schemes. By encapsulating IP frames into Fibre Channel frames, management information is exchanged among switches without requiring a separate Ethernet connection to each switch. Each switch includes:
–Encapsulation for IP and the Address Resolution Protocol (ARP) over Fibre Channel.
–Address resolution uses the ARP server.
•IP routing services—These services include:
–Ethernet or TCP/IP connection.
–Static IP routing services to enable management traffic between VSANs.
–DNS client support.
–The Network Time Protocol (NTP) server to synchronize the system clocks of network devices.
See "Configuring IP Services."
IP Storage
The Cisco MDS 9000 Family IP services module integrates seamlessly into the Cisco MDS 9000 Family of multilayer directors and fabric switches. Traffic can be routed between any IP storage port and any other port on a Cisco MDS 9000 Family switch. The Cisco MDS 9000 Family IP Storage Services Module supports the full range of services available on other Cisco MDS 9000 Family switching modules including VSANs, security, and traffic management. It uses widely known IP to cost-effectively connect to more servers and more locations over greater distances than previously possible. It delivers both Fibre Channel over IP (FCIP) and iSCSI IP storage services and is configurable on a port-by-port basis.
•FCIP highlights
–Simplifies data protection and business continuance strategies by enabling backup, remote replication, and disaster recovery over WAN distances using open-standard FCIP tunneling.
–Improves utilization of WAN resources for backup and replication by tunneling up to three virtual Inter-Switch Links (ISLs) on a single Gigabit Ethernet port.
–Reduces SAN complexity by eliminating the need to deploy and manage a separate remote connectivity platform.
–Preserves Cisco MDS 9000 Family enhanced capabilities including VSANs, advanced traffic management, and security across remote connections.
•iSCSI highlights
–Extends the benefits of Fibre Channel SAN-based storage to IP-enabled servers at a lower cost point than possible using Fibre Channel interconnect alone.
–Increases storage utilization and availability through consolidation of IP and Fibre Channel block storage.
–Preserves through a transparent operation the functionality of legacy storage applications such as zoning tools.
See "Configuring IP Storage."
Call Home
The Call Home feature detects switch failures and sends alerts along with relevant failure information. These alerts are sent through e-mail to a user-specified customer center.
See "Configuring Call Home."
QoS and Congestion Control
Switches in the Cisco MDS 9000 Family provide priority queuing and flow control services.
•The Quality of Service (QoS) feature has the following advantages:
–Guarantees relative bandwidth to application traffic.
–Controls latency experienced by application traffic.
–Prioritizes one application over another (for example, prioritizing transactional traffic over bulk traffic) through bandwidth and latency differentiation.
•Fibre Channel Congestion Control (FCC)—FCC is a flow control mechanism that alleviates congestion on Fibre Channel networks. Any switch in the network can detect congestion for an output port. The switches sample frames from the congested queue and generate messages about the congestion level upstream toward the source of the congestion. The switch closest to the source, with FCC enabled, can perform one of two actions:
–Forwards the frames as other vendor switches do.
–Limits the flow of frames from the port causing the congestion.
See "Configuring Traffic Management."
SPAN and RSPAN
The Switched Port Analyzer (SPAN) feature is specific to switches in the Cisco MDS 9000 Family. It monitors network traffic though a Fibre Channel interface. Traffic through any Fibre Channel interface can be replicated to a special port called the SPAN destination port (SD port). Any Fibre Channel port in a switch can be configured as an SD port. Once an interface is in SD-port mode, it cannot be used for normal data traffic. You can attach a Fibre Channel Analyzer to the SD port to monitor SPAN traffic.
See "Monitoring Network Traffic Using SPAN" and the "Advanced Features and Concepts" section).
The Remote SPAN (RSPAN) feature enables you to remotely monitor traffic for one or more SPAN sources distributed in one or more source switches in a Fibre Channel fabric. The SPAN destination (SD) port is used for remote monitoring in a destination switch. A destination switch may be different from the source switch(es) provided that it is attached to the same Fibre Channel fabric. You can replicate and monitor traffic in any remote Cisco MDS 9000 Family switch or director, just as you would monitor traffic in an MDS source switch. This feature is nonintrusive and does not affect network traffic switching for any SPAN source ports.
See the "Remote SPAN" section.
Switch Management Features
Besides the software features already listed, there are additional management features that fall into the following categories: redundant supervisor module management, fabric management, and security management.
Redundant Supervisor Module Management
The Cisco MDS 9500 Series of multilayer directors support two redundant supervisor modules. They require two supervisor modules to enforce redundant supervisor module management and high availability and restartability (see Table 1-1).
Table 1-1 Supervisor Module Options in Cisco MDS 9000 Switches
Product
|
No. of Supervisor Modules
|
Supervisor Module Slot No.
|
Switching Module Features
|
Cisco MDS 9120
|
Not applicable
|
Cisco MDS 9140
|
Not applicable
|
Cisco MDS 9216
|
One module (includes 16 Fibre Channel ports)
|
1
|
2-slot chassis allows one optional switching module in the other slot.
|
Cisco MDS 9506
|
Two modules
|
5 and 6
|
6-slot chassis allows any switching module in the other four slots.
|
Cisco MDS 9509
|
Two modules
|
5 and 6
|
9-slot chassis allows any switching module in the other seven slots.
|
When a switch powers up and two supervisor modules are present, the module in slot 5 enters the active mode, while the second module in slot 6 enters the standby mode. All storage management functions occur on the active supervisor module. The standby module constantly monitors the active module. If the active module fails, the standby module takes over without any impact to user traffic.
Refer to the Cisco MDS 9500 Series Hardware Installation Guide.
Fabric Management
Switches in the Cisco MDS 9000 Family offer fabric management and control through the command-line interface (CLI) by using Telnet, SSH, or a serial console and through the Cisco MDS 9000 Fabric Manager tool by using the Simple Network Management Protocol (SNMP) services:
•SNMP versions 1, 2, and 3 are supported.
•Remote Monitoring (RMON) allows you to specify thresholds and monitor alarms on SNMP variables. Extended RMON alarms are available for supported Management Information Base (MIB) objects (refer to the Cisco MDS 9000 Family MIB Quick Reference).
•System error message logs (syslogs) are viewed through a console or Telnet session for asynchronous events such as an interface transition. Syslogs are directed to an internal log and optionally to an external server (refer to the Cisco MDS 9000 Family System Messages Guide).
See the "CLI" section, the "Cisco MDS 9000 Fabric Manager" section, and the "SNMP Security" section.
Security Management
The Cisco MDS 9000 Family of switches offer strict and secure switch management options through switch access security, port security, user authentication, and role-based access control.
See "Configuring Switch Security."
Switch Access Security
Each switch can be accessed through the CLI or SNMP.
•Secure switch access—Available when you explicitly enable Secure Shell Protocol (SSH) access to the switch. SSH access provides additional controlled security by encrypting data, user IDs, and passwords. By default, Telnet access is enabled on each switch.
•SNMP access—SNMPv3 provides built-in security for secure user authentication and data encryption.
•IP access control lists (IP-ACLs)—IP-ACLs provide basic network security to all switches in the Cisco MDS 9000 Family. IP-ACLs restrict IP-related inband and out-of-band management traffic based on IP addresses (Layer 3 and Layer 4 information). You can use IP-ACLs to control transmissions on an interface.
Port Security
Port security features prevent unauthorized access to a switch port in the Cisco MDS 9000 Family.
•Login requests from unauthorized Fibre Channel devices (Nx ports) and switches (xE ports) are rejected.
•All intrusion attempts are reported to the SAN administrator through syslog messages.
User Authentication
A strategy known as authentication, authorization, and accounting (AAA) is used to verify identity of, grant access, and track the actions of remote users. The Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) provide AAA solutions.
Based on the user ID and password combination provided, switches perform local authentication using a local database or remote authentication using AAA server(s). A global, preshared, secret key authenticates communication between the AAA servers. This secret key can be configured for all AAA server groups or for only a specific AAA server. This kind of authentication provides a central configuration management capability.
Role-Based Access
Role-based access control assigns roles or groups (locally through the switch or remotely using AAA servers) to users and limits access to the switch. Access is assigned based on the permission level associated with each user ID. Your administrator can provide complete access to each user or restrict access to specific read and write levels for each command.
As of Cisco MDS SAN-OS Release 1.2(x), CLI and SNMP in all switches in the Cisco MDS 9000 Family synchronize CLI and SNMP roles. You can use SNMP to modify a role that was created using CLI and vice versa. Each role in SNMP is the same as a role created or modified through the CLI.
Each role is restricted to one or more VSAN as required.
Tools for Software Configuration
You can use one of two configuration management tools to configure your SANs: the CLI and the Cisco MDS 9000 Fabric Manager graphical user interface (see Figure 1-1).
Figure 1-1 Tools for Configuring Software
CLI
With the CLI, you can type commands at the switch prompt, and the commands are executed when you press the Enter key. The CLI parser provides command help, command completion, and keyboard sequences that allow you to access previously executed commands from the buffer history.
Cisco MDS 9000 Fabric Manager
The Cisco Fabric Manager is a Java and SNMP-based network fabric and device management tool with a GUI that displays real-time views of your network fabric and installed devices. The Cisco Fabric Manager provides three views for managing your network fabric:
•The Device View displays a continuously updated physical picture of device configuration and health conditions for a single switch.
•The Fabric View displays a view of your network fabric, including multiple switches.
•The Summary presents real-time performance statistics of all active ports and channels.
The Cisco Fabric Manager provides an alternative to the CLI for most switch configuration commands and is embedded in each switch in the Cisco MDS 9000 Family.
Refer to the Cisco MDS 9000 Fabric Manager Configuration Guide.
Note Resource Manager Essentials (RME) versions 3.4 and 3.5 provide support for switches in the Cisco MDS 9000 Family. Device Updates (DU) are available on Cisco.com (http://www.cisco.com/).
Feedback
