Target-driven automated Zoning in fibre-channel SAN
The rise of storage installations:
With almost a decade of experience with cloud native deployments, lot of clients are settling down with hybrid cloud model which offers complete control of on-premise configuration with flexibility of growing/shrinking workloads, sharing of resources in cloud.
With the advent of the hybrid-cloud model, customers are yet again looking to have their own local storage infrastructure, and thus some kind of Storage Area Network (SAN) to run it on. Fibre-channel networking has long been the leading choice in all enterprise SAN deployments thanks to its performance, predictable and fault resilient nature, and inherent security.
Owing to this, the deployment process itself becomes a crucial component of the hybridisation process. For fibre-channel SANs, zoning is a key SAN management aspect that also ensures security by traffic segregation. However, it also remains to be one of the more tedious and time-consuming steps of the overall initial setup. It not only increases “time to setup host storage connectivity”, but it’s also error prone and needs fabric expertise. This calls for there to be an implementation that takes the manual element out of this and automate it to some degree.
What are these zones that we have been talking about so far? It is simply a software configuration on the FC switches, which isolates specific ports into groups which can then communicate with one another.
Traditional topology approaches to zoning are:
1. Single initiator zoning: Here each initiator gets a dedicated zone with a target. This makes for simple structuring, however, can potentially use up all the switch’s zoning capacity.
2. One-to-many zoning: In this topology multiple initiators are zoned in the same zone with a target. This reduces the number of zones overall, however, will generate tremendous RSCN traffic on any ports updates. This also poses a security risk by exposing initiators to each other.
3. Flat zoning: This topology has all initiators and all targets in the same flat zone. This simplifies zoning even further, but at the cost of even larger RSCN costs. This also poses a security risk by exposing initiators to each other.
Peer zoning was a new approach to the fundamental nature of FC zones, as ratified in the updated T11 standard FC-GS. The core of peer zoning is to have a primary member in the zones, and other non-primary peers. All the non-primary peers can talk to the primary member; however, the non-primary peers cannot communicate with each other.
This combines the simplicity of one-to-many zoning with the security and RSCN isolation of single-initiator zoning. It greatly lowers the configuration size on the switch side, since it now must deal with fewer zones, while improving fabric usage by lowering the number of RSCNs generated for changes to any port within the zone impacting everyone else. This also ensures security since the non-primary initiator ports within the same zone can no longer communicate with each other.
Target-driven peer zoning:
The ultimate solution to simplify the initial setup challenges with all the benefits of peer zoning was added to the fibre-channel standard FC-GS-8 in the form of Target-driven Peer Zoning command set.
This set of brand-new commands now enabled the individual targets to directly instruct the switch to show, create, or delete peer zones through CT commands.
The commands added were:
1. GAPZ – Get Active Peer Zone: This command lets the target fetch the details of a specified peer zone.
2. AAPZ – Add/replace Active Peer Zone: This command lets the target create a new peer zone or update an existing peer zone.
3. RAPZ – Remove Active Peer Zone: This command can be used by the target to remove a peer zone from the switch config.
These commands can be invoked by the storage controller to create, delete, and manage peer zones. Additionally, these zones cannot be modified on the switch itself, and the switch can only delete these.
This allows the storage controller itself to automatically create zones on the switch, thus eliminating the need for any pre-configuration of the hosts before they can be provisioned on the array. The end process is thus faster, and there’s lesser margin for errors.
An added advantage of TDPZ is that with some additional functionality on the storage controller software, it can directly read and display zones without having to go to the switch or any other management tools.