Cisco Smart Zoning greatly reduces the time needed to zone servers to storage on Cisco NX-OS SAN switches. Instead of creating numerous zones that contain one single initiator and one single target, you can now classify a WWN as initiator, target or both and throw them all into one single zone. The switch then figures out which devices should be allowed to talk with each other (based on the parameter you set for each WWN). Not only does this speed up the entire zoning process but it also helps keep the zoning interface uncluttered and minimize the risk for errors. Let’s see how you can configure this in the DCNM-SAN GUI…
Zoning 101
A SAN switch (by default) works a lot like a firewall; no communication is allowed between devices. You need to explicitly allow two devices on a SAN switch to communicate with each other. This is called zoning. For example: if you want to allow Host1 to communicate with Storage1, you’d have to zone Host1 to Storage1. Host1 is the Initiator, Storage1 is the Target.
A host is rarely ever connected with just one path to the storage. Usually you connect the host to the storage over 4 paths; one HBA is connected to one SAN fabric, the other HBA to another SAN fabric. Two storage ports are allocated to the host on each SAN fabric, for a total of 4 paths over the two SAN fabrics. You could choose to throw all initiators and all targets in one big zone, but that would give you a zoning topology as displayed in the picture on the right: every single device would try to log in to every other device in the zone. This is not really beneficial to SAN stability and performance…
This resulted in the Single Initiator, Single Target (SIST) zoning best practice. Each zone contains one initiator (=Host HBA) and one target (=Storage front-end port). This means that for one server, you’ll have two separate zones on each fabric, for a total of four zones across both SAN fabrics. Now imagine you have 200 hosts on your fabrics that all connect to two storages. That’s 200x4x2 zones = 1600 zones. A long, long time ago I’ve created a script to automate zoning large amounts of servers: it saved a lot of time, but it was still far from ideal.
Cisco Smart Zoning
Cisco added Smart Zoning to the feature set in NX-OS 5.2(6), which means you CAN now throw all the initiators and targets into one zone, provided you use Smart Zoning. In this case, instead of the switch allowing all devices to log in to every other device, it will only allow the Initiators to log in to all the Targets. So instead of the full mesh displayed in the traditional zoning approach, you will have a partial mesh which mimics the SIST zoning you would otherwise do manually. So lets see how you configure this in DCNM-SAN.
First of all, you have to enable the smart zoning feature globally.
Navigate to the Fabric -> All VSANs, in the window on the right select Global Zone Policies and change the Smart Zoning behavior to enable.
Next you need to make sure that Smart zoning is enabled for the VSAN itself.
Open up the VSAN in the GUI. If you do not have an active zoneset in your VSAN select “Default Zone” (upper red arrow), else select the active zoneset (lower red arrow). In the window on the right, select the Smart Zoning tab. Now change the command box to “Enable” (you only need to change this for one switch in the fabric) and acknowledge with the green button (green upward arrow in the image above). After a refresh you should see the status switch to Enabled and turn green.
Don’t worry: while you enable Smart Zoning VSAN wide, you can still disable it again on an individual zone basis if you need/want to!
Now for the actual smart zoning…
For each alias you create, you now have to tell the switch whether this is an Initiator (=host), Target (=Storage Port), or a dual personality both-initiator-and-target port (=for example a replication port on a storage array). You do this by selecting the alias, inserting a WWN and afterwards changing the Device Type to either host, storage or both. Don’t forget to apply the changes (blue arrow in the picture below)! In this example I’m setting the device type to Storage for a Symmetrix front-end port (director 4G, port 0).
The same can be done for a host:
With the aliases created, it’s time to add them to a smart zone. When you create a new zone you get the option to enable smart zoning (it should be auto-checked). Else, for existing zones you can enable it manually by checking the option. Both approaches are displayed in the image below.
As you can see I ended up with four zones per fabric: this corresponds with the Port Group configuration on the VMAX. Adding a new host to the VMAX is now as simple as registering the WWN into an alias, changing the device type to Host and moving it into one of the four existing zones. That’s it! No manual searching for which storage front-end ports I should zone to… this is now more or less “enforced” in the initial zoning set-up. This should translate into less errors or less configurations that deviate from the standard. It also allows the SAN admin to quickly report back to the VMAX admin that he “zoned Host1 to VMAX1-PG_ESX1”.
Add the aliasses to the correct zones, add the zones to the zoneset, activate the zoneset and you’re done.
If you want to try the CLI approach, read this post by Rob for the CLI commands. Or if you want to non-disruptively migrate from your traditional zoning to smart zoning, read this post from Mark May.
If you run into any troubles or if Smart Zoning solved one of your headaches, I’d love to hear about it. Happy zoning!
