 |
This article does not cite any references or sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (September 2009) |
| Fibre Channel | |
|---|---|
| Layer 4. Protocol mapping | |
| LUN masking | |
| Layer 3. Common services | |
| Layer 2. Network | |
| Fibre Channel fabric Fibre Channel zoning Registered State Change Notification |
|
| Layer 1. Data link | |
| Fibre Channel 8B/10B encoding | |
| Layer 0. Physical |
In storage networking, Fibre Channel zoning is the partitioning of a Fibre Channel fabric into smaller subsets to restrict interference, add security, and to simplify management. While a SAN makes available several virtual disks (LUNs), each system connected to the SAN should only be allowed to a controlled subset of the LUNs. Zoning applies only to the switched fabric topology (FC-SW), it does not exist in simpler Fibre Channel topologies.
Zoning is sometimes confused with LUN masking, because it serves the same goals. LUN masking, however, works on Fibre Channel level 4 (i.e. on SCSI level), while zoning works on level 2. This allows zoning to be implemented on switches, whereas LUN masking is performed on endpoint devices - host adapters or disk array controllers.
Zoning is also different from VSANs, in that each port can be a member of multiple zones, but only one VSAN. VSAN (similarly to VLAN) is in fact a separate network (separate sub-fabric), with its own fabric services[clarification needed] (including its own separate zoning).
Contents |
Zoning types
There are two main methods of zoning, hard and soft, that combine with two sets of attributes, name and port.
Soft and Hard zoning
The fabric name service allows each device to query the addresses of all other devices. Soft zoning restricts only the fabric name service, to show only an allowed subset of devices. Therefore, when a server looks at the content of the fabric, it will only see the devices it is allowed to see. However, any server can still attempt to contact any device on the network by address. In this way, soft zoning is similar to the computing concept of security through obscurity.
In contrast, hard zoning restricts actual communication across a fabric. This requires efficient hardware implementation (frame filtering) in the fabric switches, but is much more secure.
Port and WWN zoning
Zoning can also be applied to either switch ports or end-station names. Port zoning restricts specific switch ports from seeing unauthorized ports. WWN zoning (also called name zoning) restricts access by device's World Wide Name (WWN). With port zoning, even when device is unplugged from a switch port and a different one is plugged in, the new one still has access to the zone - i.e. the fact that device's WWN changed is ignored. With WWN zoning, when device is unplugged from a switch port and plugged to a different port (perhaps on a different switch) it still has access to the zone, because the switches check only device's WWN - i.e. the specific port that device connects to is ignored. This is more flexible, but WWNs can be easily spoofed, reducing security.
Use
Currently, the combination of hard and WWN zoning is the most popular. Because port zoning is non-standard, it usually requires a homogeneous SAN (all switches from one vendor).
In order to bring the created zones together for ease of deployment and management a zoneset is employed (also called zoning config). A zoneset is merely a logical container for the individual zones, that are designed to work at the same time. A zoneset can contain WWN zones, port zones, or a combination of both (hybrid zones). The zoneset must be activated within the fabric (i.e. distributed through all the switches and then simultaneously enforced). Switches may contain more than one zoneset, but only one zoneset can be active in the entire fabric.
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
