IBM Support

SAN Zoning Best Practices

Question & Answer


Question

SAN Zoning Best Practices

Answer

Zoning is the way Storage Area Networks (SANs) keep devices isolated from each other; this has implications for security, fabric stability, and resource management. Without zoning, it would be very common for a problem on one host to be able to affect every host in the fabric; without zoning the problems this can cause are difficult or impossible to troubleshoot.

A number of zoning implementation methods are listed below, starting with the worse case and progressively improving the granularity of zones.

- One-big-zone, also known as no zoning (worse case)
- Zone by operating system
- Zone by HBA vendor
- Zone by application
- Zone by cluster groups
- Zone by initiator port (best scenario)

The worst case scenario of one big zone (effectively, no zoning) means that all devices can communicate with all other devices. This approach may be workable and stable for very small (1-5 hosts and a single storage system) SAN environments, but it is strongly advised to never use this method.

The suggested implementation method is to create zones for individual initiator ports (typically a single host port) with one or more target ports. Although fibre channel standards and switch vendors allow zones to be created using device WWNN (world-wide node names), this practice should be avoided. When a WWNN is used in place of a WWPN for a device, switches interpret the WWNN to designate all associated ports for the device. Using the WWNN in a zone can cause multipathing issues where there are too number of paths between a server and storage.

A possible refinement is to keep destinations isolated from each other in “single-initiator, single-target” zoning. This is sometimes used in environments where it is common for a single host to access multiple destination devices. While this provides some additional measure of preventive isolation, it must be balanced with the additional administrative overhead involved with the increased number of zones.

No matter which of the above zoning implementation methods is utilized in a SAN environment, there can be exceptions to the rule. One such example involves clustered servers which handle some portion of intra-node handshaking across the SAN fabric.

The IBM Subsystem Device Driver (SDD) can support up to 16 paths per virtual disk with DS8000 devices. With SAN Volume Controller (SVC) disks, SDD supports up to eight paths per virtual disk. However, optimal SDD performance is obtained with just four paths per virtual disk. Similarly, other third party and native operating system multipathing utilities can support various numbers of paths per volume, but most of these utilities also recommend only four paths per volume.

Aliases can greatly ease routine zone management tasks. Aliases associate a human readable name with the long hexadecimal world-wide port name (WWPN) and are most useful for sets of ports which are used in more than one zone definition. Aliases are typically most used with storage system ports utilized as target(s). For servers, the name of the zone itself is usually sufficient, so server aliases do not provide similar benefits as do storage system aliases for an equal amount of effort.

Aliases will allow the incorporation of path sets, or a limited number of paths being assigned to a single alias. For example, multiple paths to a given SVC IOGroup and/or DS8000 storage system can be readily defined with a single alias in a zone definition. With the creation of just a few such path set aliases, it will be easier to manually rotate host connections between the different ports on a storage system and thus achieve good workload balance among the storage resources while minimizing the work effort by the SAN and storage administrators.

A key point is that zoning is an important method to balance the workload across multiple ports for a given edge device, whether it is a disk storage system with dozens of ports or a server with four ports. Balancing the workload across a storage system with multiple ports will help prevent a single storage port from being the source or cause a performance bottleneck due to high latency or outfight congestion.

Never mix tape and disk traffic on the same server Host Bus Adapter (HBA) port with one or more zone definitions. This issue is a source of confusion for many administrators due to a number of reasons. Some HBA vendors state that they support mixing tape and disk traffic on the same port. Based on the collective experience of the IBM SAN Central team, customer environments with tape and disk traffic on the same HBA port will eventually experience problems.

Switch vendors offer management tools and/or commands which can assist a SAN administrator with planning and changing a zone configuration. When such tools are available, the SAN administrator should make use of them as a validity check if for no other reason. Switches will attempt to keep the impact of zone changes as local as possible to just the edge devices that may be impacted by the changes.

However, if there are enough changes and/or the change scope is sufficiently large, the fabric may respond by notifying all connected devices of a new zoning configuration. In these cases, there is likely to be some minor fluctuations in traffic levels while the individual edge devices respond to the state change notifications. As a result of this potential impact, it is strongly suggested that changes to the zone configuration be introduced during periods of low overall SAN traffic. In general, plan on approximately 2 to 3 seconds per active device port in the fabric before full stability after a significant zoning change has been made.

Another general SAN best practice guideline is routine housekeeping. If a zoning element (zoneset, zone, zone member, or alias) is removed from the active configuration, delete the unused element when the zone configuration is changed. This simple action will reduce potential confusion on the part of other SAN administrators as well as any technical support personnel assisting with troubleshooting.

Finally, all active ports in a fabric will be a member of at least one zone. Most active ports will be configured by the SAN/switch administrator in a defined zone. However, there may be some ports which are not in a zone created by an administrator and these ports will be included in the "default" zone. The default zone functions as a collection point and has two permissions states, deny or permit. When set to permit, all ports in the default zone will be able to communicate with other ports in the default zone. When set to deny, all ports will not become aware of any other members of the default zone. According to zoning best practices, the default zoning mode should be set to deny.

[{"Product":{"code":"STQPPK","label":"SAN512B-6 Director (8961-F08)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Not Applicable","Edition":"N\/A","Line of Business":{"code":"","label":""}},{"Product":{"code":"ST6VQW","label":"Storage area network (SAN)->Cisco MDS 9124 Fabric Switch"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STTQV4","label":"Cisco MDS 9148S 16G Multilayer Fabric Switch"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STJLBM","label":"Storage area network (SAN)->Cisco MDS 9250i Multiservice Fabric Switch"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"ST5PVM","label":"Cisco MDS 9396S 16G Multilayer Fabric Switch"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"ST7SKX","label":"Storage area network (SAN)->Cisco MDS 9506 Multilayer Director"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"ST7SML","label":"Storage area network (SAN)->Cisco MDS 9509 Multilayer Director"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STTQ3Y","label":"Cisco MDS 9513 Multiplayer Director"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STTQW4","label":"Cisco MDS 9706 Multilayer Director"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STGPM2","label":"Storage area network (SAN)->Cisco MDS 9710 Multilayer Director"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"ST2GRX","label":"Cisco MDS 9718 Multilayer Director"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STNNL8","label":"Storage area network (SAN)->SAN24B-5 Switch (2498-F24)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STQPLH","label":"IBM Storage Networking SAN256B-6"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"STUQVR","label":"Storage area network (SAN)->SAN32B-E4 (2498-E32)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMSBR","label":"Storage area network (SAN)->SAN384B-2 Fabric Backbone (2499-416)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMN38","label":"Storage area network (SAN)->SAN42B-R (2498-R42)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMSCJ","label":"Storage area network (SAN)->SAN48B-5 Switch (2498-F48)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STQPJB","label":"SAN64B-6 Switch (8960-F64-N64)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMSAD","label":"Storage area network (SAN)->SAN768B-2 Fabric Backbone (2499-816)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STNNAB","label":"Storage area network (SAN)->SAN96B-5 Switch (2498-F96, N96)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STAPUZ","label":"Cisco MDS 9132T 32G Fabric Switch"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMKQW","label":"Cisco MDS 9148 Multilayer Fabric Switch"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMKRM","label":"Cisco MDS 9222i Multi-Service Switch"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMKTF","label":"SAN06B-R (2498-R06)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMKS2","label":"SAN24B-4 Switch (2498-B24)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"ST8M4B","label":"SAN24B-6 (8960-F24)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMKPN","label":"SAN384B Fabric Backbone (2499-192)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMKSH","label":"SAN40B-4 Switch (2498-B40)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMKQC","label":"SAN768B Fabric Backbone (2499-384)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMKSX","label":"SAN80B-4 Switch (2498-B80)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
17 June 2018

UID

ssg1S1010006