For as long as most of us in the Fiber Channel space can recall SAN Zoning has been the base method of controlling access amongst SAN attached devices. A lot of us do this the classic Single Initiator / Single Target zoning – where one Host talks to one Array port. In a Cisco SAN Fabric we have an easier way. But first we need to understand why we do single initiator zoning.
When a zone is created and an initiator/target pair added permissions are converted to an Access Control Lists (ACL) of Access Control Entities (ACE). The switch doesn’t care if the WWNs added are initiators or targets, its simply going to allow every WWN to talk to every other WWN in the zone. In our example 2 ACLs are created – one to allow the initiator to receive data from the target and another to allow the target to receive data from the initiator. This is calculated as n members times (n – 1). If we were to add a 3rd WWN to our zone we’d jump from 2 ACLs to 6 entries. All these ACLs are stored in the switch’s ternary content addressable memory (TCAM) of the switch. Since we’re dealing with hardware, we have a limited amount of this memory. To present excessive TCAM sprawl, we limit our zoning to a single initiator/target pair. All of this leads to a whole lot of zones in the real world.
Lets take an ESX host of mine. It has a single HBA in each fabric with storage on three different arrays. The storage is presents across two ports per array. In a single initiator/target zoning you would have 6 zones per fabric for this single host something like:
As you can imagine if you have a large ESX environment this can grow to be very cumbersome very quickly. Enter Cisco Smart Zoning. Cisco Smart Zoning adds a new element to a zone that defines a member by its role of Initiator, Target, or Both. Targets can’t talk to targets and initiators can’t talk to initiators. If we look at our ESX host example above but with smart zoning we will now only have one zone:
Inside that zone are all the appropriate WWNs to allow the necessary communications between initiator and targets. This results in the exact same number of ACL entries as the 6 zones above. In this example we have a one-to-many zone. Cisco Smart Zoning supports one-to-many, many-to-one, and even many-to-many. That means every ESX host in the cluster above would be part of the same single zone if you wanted it to.
The big win here is simple time. When adding a new ESX host to our cluster in our single initiator/single target zoning we have to create 6 new zones. If you’re doing this via CLI you’ll issue 3 separate commands per zone for a total 10 commands. That takes time. If you were using one-to-many you’d have a single command to issue for a new host.
Next time I’ll talk about how to enable Smart Zoning in your environment.