Working with fabric zoning

With the IBM® Cloud Infrastructure Center, you can register either a physical or a logical Brocade fabric.

Note:

  • Only the administrator role of the ibm-default project can operate a fabric. Other roles can only view the fabric, if a fabric has been registered in the IBM Cloud Infrastructure Center.

Prerequisites for using Brocade virtual fabrics

A user account with the administrator role must be created on the Brocade switch. You must specify this user account when you register the fabric into the IBM Cloud Infrastructure Center. The IBM Cloud Infrastructure Center uses this account to perform the fabric management. When a user account is created on the switch, a home logical fabric ID (identified as Home LF in the following example) and a list of the authorized logical fabric IDs (identified as Role-LF List in the following example) are associated with the user account. The home logical fabric and the list of authorized logical fabrics can be queried by the following steps:

  1. Login the switch with the user account that you want to use for the fabric registration.

  2. From the command line console of the switch, run the following command to check the user settings:

fcsw60:FID128:admin_icic> userconfig --show

Account name: admin_icic
Description:
Enabled: Yes
Password Last Change Date: Mon Apr 27 2020 (UTC)
Password Expiration Date: Not Applicable (UTC)
Locked: No
Home LF Role: admin
Role-LF List: admin: 120-128
Chassis Role: admin
Home LF: 128
Day Time Access: N/A

In the previous sample, the home logical fabric ID is 128 and the user admin_icic is granted to access the logical fabrics whose IDs range from 120 to 128.

When registering the fabric into IBM Cloud Infrastructure Center, the virtual fabric ID is optional. You can specify a logical fabric from the Role-LF List as the virtual fabric ID. Alternatively, you can leave the virtual fabric ID empty where the home logical fabric ID is used as the virutal fabric ID.

Add fabric

To add a Fabric to the IBM Cloud Infrastructure Center, follow these steps:

  1. Choose Storage > Fabrics and then click Add Fabric.

  2. Select Brocade under the Fabric type section.

  3. If you are going to add a virtual fabric, check Specify Virtual Fabric ID and input a logical fabric ID from the Role-LF List as the virtual fabric ID. Alternatively, you can leave the virtual fabric ID empty where the home logical fabric ID is used as the virtual fabric ID.

  4. Specify other values as required. The item information is described as follows:

    Name Required Type Description
    Fabric type Yes Common The type of SAN fabric. The supported value is: brocade.
    Hostname or IP address Yes Common IP address or the host name to connect to the switch.
    Display name Yes Common A unique name that is displayed in the IBM Cloud Infrastructure Center.
    Specify Virtual Fabric ID No Brocade virtual fabric only Select this when registering a Brocade virtual fabric to input a Virtual Fabric ID.
    Virtual Fabric ID No Brocade virtual fabric only Virtual fabric ID. This property uniquely identifies the Brocade fabric. It is required when registering Brocade virtual fabrics. Ensure the "User ID" used to register the fabric has the permission granted to access the virtual fabric of the specified virtual fabric ID
    Zoning policy Yes Common Zoning policy types. The following are the supported values:
    • 'initiator-target': Creates a zone with one initiator and one target.
    • 'initiator': Creates a zone with one initiator and all of the target WWPNs for the storage provider.
    User ID Yes Common User ID to connect to the switch. The user id should be granted with the administrator role.
    Password Yes Common Password to connect to the switch.

Note:

  1. For the zoning policy, the initiator represents the Fibre Channel ports from IBM Z or LinuxONE, the target represents the Fibre Channel ports on the storage provider side.

    • For KVM, the Fibre Channel ports of the compute node where the virtual machine resides are the initiator.

    • For z/VM, the Fibre Channel ports of the virtual machine are the initiator.

  2. For the initiator policy, the target ports from different storage providers are put into the same zone if the volumes from these storage providers are attached to the same virtual machine.

  3. You can use the command icic-config storage fc-zone zone-masking to filter the storage ports to be added into the zone. Otherwise, by default, all storage provider ports connected to the fabric are added into the zone.

Zoning example:

  • A KVM compute node or a virtual machine on z/VM has two Fibre Channel ports whose WWPN are c0:50:76:de:33:00:05:87 and c0:50:76:de:33:00:05:93

  • The storage provider has 8 ports with the WWPNs connected to this registered fabric:

      50:05:07:68:0b:23:ba:c7
  50:05:07:68:0b:21:ba:c7
  50:05:07:68:0b:22:ba:c7
  50:05:07:68:0b:24:ba:c7
  50:05:07:68:0b:22:ba:c6
  50:05:07:68:0b:21:ba:c6
  50:05:07:68:0b:24:ba:c6
  50:05:07:68:0b:23:ba:c6

  • In this example, no zone-masking allowlist or blocklist is set, so all the 8 ports from storage provider are used for the zoning.

  • For information about when and how the zone is created, updated and deleted, refer to planning_for_fabric_zoning for details about the zones operation.

  • If the initiator policy is used:

    a separate zone is created for each initiator port. The zone name format is prefix+initiator_port. Here c05076de33000587 and c05076de33000593 are the two initiator ports, so two zones openstackc05076de33000587 and openstackc05076de33000593 are created with a default prefix.

    Use the command icic-config storage fc-zone zone-name-prefix to show the current zone name prefix. If there is no custom setting, by default, the zone name prefix uses openstack. You can configure a zone name prefix by using the command icic-config storage fc-zone zone-name-prefix --prefix.

    Within each zone, one initiator port and all the target ports connected to the fabrics are included in the zone.

    fcsw60:FID128:admin_icic> zoneshow openstackc05076de33000587
zone:	openstackc05076de33000587
        c0:50:76:de:33:00:05:87; 50:05:07:68:0b:23:ba:c7;
        50:05:07:68:0b:21:ba:c7; 50:05:07:68:0b:22:ba:c7;
        50:05:07:68:0b:24:ba:c7; 50:05:07:68:0b:22:ba:c6;
        50:05:07:68:0b:21:ba:c6; 50:05:07:68:0b:24:ba:c6;
        50:05:07:68:0b:23:ba:c6

fcsw60:FID128:admin_icic> zoneshow openstackc05076de33000593
zone:	openstackc05076de33000593
        c0:50:76:de:33:00:05:93; 50:05:07:68:0b:23:ba:c7;
        50:05:07:68:0b:21:ba:c7; 50:05:07:68:0b:22:ba:c7;
        50:05:07:68:0b:24:ba:c7; 50:05:07:68:0b:22:ba:c6;
        50:05:07:68:0b:21:ba:c6; 50:05:07:68:0b:24:ba:c6;
        50:05:07:68:0b:23:ba:c6

  • If the initiator-target policy is used:

    a zone is created for each (initiator, target) tuple and contains only one initiator port and one target port. A zone's name format is prefix+initiator_port+target_port. Here are 2 initiator ports and 8 target ports from the storage provider, so 16 zones are created in total.

    8 zones created for one initiator port c05076de33000587:

            openstackc05076de33000587500507680b23bac7;
        openstackc05076de33000587500507680b21bac7;
        openstackc05076de33000587500507680b22bac7;
        openstackc05076de33000587500507680b24bac7;
        openstackc05076de33000587500507680b22bac6;
        openstackc05076de33000587500507680b21bac6;
        openstackc05076de33000587500507680b24bac6;
        openstackc05076de33000587500507680b23bac6;

    8 zones created for the other initiator port c05076de33000593:

            openstackc05076de33000593500507680b23bac7;
        openstackc05076de33000593500507680b21bac7;
        openstackc05076de33000593500507680b22bac7;
        openstackc05076de33000593500507680b24bac7;
        openstackc05076de33000593500507680b22bac6;
        openstackc05076de33000593500507680b21bac6;
        openstackc05076de33000593500507680b24bac6;
        openstackc05076de33000593500507680b23bac6

    Use the command icic-config storage fc-zone zone-name-prefix to show the current zone name prefix. If there is no custom setting, by default, the zone name prefix uses openstack. You can configure a zone name prefix using the command icic-config storage fc-zone zone-name-prefix --prefix.

    Within each zone, 1 initiator port and 1 target port from the storage provider are included in the zone.

    fcsw60:FID128:admin_icic> zoneshow openstackc05076de33000593500507680b23bac7
zone:	openstackc05076de33000593500507680b23bac7
        c0:50:76:de:33:00:05:93; 50:05:07:68:0b:23:ba:c7

Edit fabric

To edit a Fabric managed by the IBM Cloud Infrastructure Center, follow these steps:

  1. Choose Storage > Fabrics and then select the fabric to be edited.

  2. Click Edit Fabric

  3. On the pop-up window, the following fields are supported to be updated:

    Name Required Type Description
    Hostname or IP address Yes Common IP address or the host name to connect to the switch.
    Display name Yes Common A unique name that is displayed in the IBM Cloud Infrastructure Center.
    User ID Yes Common User ID for connecting to the switch. The user id should be granted with administrator role.
    Password Yes Common Password to connect to the switch.

Note:

  1. Other items are not supported to be edited, if you want to change them, you must remove the fabric and then re-add it.

  2. Ensure that there are no on-going tasks running on the connected storage provider of this fabric because the storage provider agent services is restarted during the edit, automatically.

Connect storage provider

After storage provider is connected to the fabric, the IBM Cloud Infrastructure Center sets up zoning only when the initial volume of the connected storage provider is attached to the virtual machine.

To connect a fabric to a storage provider, choose Storage > Fabrics and then click Connect Storage Provider. Select the storage provider you want to connect and click Connect button.

Note:

  1. Storage provider(s) should be added to the IBM Cloud Infrastructure Center before connecting to a storage provider.

  2. If an IBM Storage DS8000 series storage provider is connected to a fabric, by default all connected target ports on the storage provider are automatically added into the zones created by the IBM Cloud Infrastructure Center. It is suggested to add the FICON type target ports into the blocklist. Refer to config_zone_masking for information how to configure the blocklist.

  3. Ensure that there are no on-going tasks running on the storage provider you want to connect to because the storage provider agent services are restarted, automatically, during the connect.

Disconnect storage provider

To disconnect the storage provider connected to a fabric, choose Storage > Fabrics and then click Disconnect Storage Provider. Select the storage provider you want to disconnect and click Disconnect button.

Note:

Ensure that there are no on-going tasks running on the connected storage provider of this fabric because the storage provider agent services are restarted, automatically, during the disconnect.

Remove fabric

To remove a fabric, click Storage > Fabrics and then select the fabric to be removed. Click Remove Fabric.

Note:

All storage providers should be disconnected from the fabric before the fabric can be removed.