Tuesday, March 26, 2019

Cisco Automatic Zoning

Cisco released a feature in NX-OS v8.3.1 called Automatic Zoning.  The feature does exactly what the name suggests:  it automatically configures zoning for the devices on your SAN.  You can see a video on the feature here:



What Is Zoning?

SAN (Storage Area Network) zoning is specifying which devices on the SAN  can communicate with which other devices.  Devices are added to a zone.  A zone is a group of devices that can communicate.  Zones are then added to a zoneset.  The zoneset is then activated - this is the configuration that is in effect. There can be multiple zonesets but only one active one at any given time.   By default, any device not zoned (not a member of a zone) cannot communicate with any other device.  A device that is in at least one zone is considered zoned.   Effective zoning prevents unauthorized devices from talking to each other, and minimizes disruptions on the SAN if a device misbehaves.  

How Cisco Automatic Zoning Works

When a SAN is first configured, adding devices to zones and creating zonesets can be a long process.  Cisco Automatic zoning configures this for you so that you do not have to manually configure zoning.    It works by examining which devices are logged into the fabric as initiators and which are logged in as targets, then it adds zones to the configuration where the zones included the initiators and targets.  An 'initiator' is a device such as a host.  A 'target' is a device such as storage.  Some systems (such as SVC) log in as both.  Other storage systems will log in as both types, especially if they have added services such as replication.  A storage system that is reading from or writing to another storage system is an initiator from the perspective of the remote storage system.

Automatic zoning is currently implemented so that it only runs on single-switch fabrics if it is enabled.  If it detects any inter-switch links (ISLs) it will not perform automatic zoning.  Future versions of Automatic Zoning will run on multi-switch fabrics.  If you make changes to zoning after automatic zoning is run, it will not undo those changes.  

Potential Problems and Best Practice Recommendations

You can see how automatic zoning might cause problems for systems that log in as both initiators and targets.  You would have devices communicating with each other that are not supposed to.  This risks disruption on the SAN.   If you have IBM SVC or other Storwize systems on your SAN, do not enable Automatic Zoning.    

Remember that automatic zoning will zone all initiators to all targets.  So in the scenario where you have 50 initiators and two targets but you want to split the initiators evenly between the targets, Automatic Zoning would zone all 50 initiators to both targets.  You would have to go in and manually rezone initiators away from each target.

In summary, Automatic Zoning can relieve some of the burdens on SAN Administrators during initial setup, but it should only be used (with great care) on smaller, single-switch environments with a single target (or multiple targets if all initiators will communicate with all targets).   Be wary if your storage has any replication features enabled as this means it will likely log in as both initiator and target.  

1 comment: