Menu
Brocade's big, fat datacenter fabric

Brocade's big, fat datacenter fabric

DCX Backbone is the cornerstone of Brocade's policy-driven network

Zone flow control

The rate limit, which can be applied in 200-megabit increments, is an invaluable tool to prevent damaging data transfer bursts. A typical real-world use could be to rein in bandwidth-intensive applications such as backups. Rate limits can easily be flipped on when needed, and then easily reset with a similar command to bring those ports back to the previous, unrestricted flow.

To prepare for the next test, I needed to reduce the bandwidth between the two DCX chassis to make it easier to exceed its data rate. Therefore, I disabled one of the ISL ports and set the other one to 1Gbps.

Almost immediately, the Brocade Enterprise Fabric Connectivity Monitor displayed the link between the two DCX in bright red, indicating traffic congestion.

Sure enough, Top Talkers showed that the transfer rate had plunged to about 22MBps on each pair. Of course, no one in their right mind would choke an ISL like this in real life. But it does help show how you can use the DCX to assign a specific service level to each zone in the fabric.

Strangely enough, Brocade has devised a zone naming convention to assign those QoS levels: A zone named with the QOSH prefix will be assigned a high service level, while a zone named with the QOSL prefix will be assigned a low service level. Of course the initials QOSM identify a zone with medium service level, which is also the default for zones not following the name coding. High, medium, and low reserve 60, 30, and 10 per cent of available bandwidth, respectively, for their zones.

If you think this is an odd way of assigning a QoS level, you are not alone. I would have preferred setting the QoS as an attribute, in order not to require changing the zone names. However, Brocade maintains that the zone name approach will better meet customers' expectations because it's simple to understand and monitor. In fact, simple it is.

To see the effect of different QoS levels on my bandwidth-constrained fabric, I created new zones following the proper name coding and assigned hosts and storage devices to each zone.

Back to the DCX, where Top Talkers was already active, I saw the transfer rate of the two pairs with high QoS jump well above the others, while the pair in the medium range settled around 20MBps. The transfer rate of the third pair, in the low QoS zone, fell to 17MBps.

Whatever you think of the naming convention Brocade follows, its QoS mechanism is a very simple and efficient way to set your applications in the proper pecking order and make the best use of the bandwidth available, however limited or abundant it may be.

SAN security

Naturally, a larger SAN installation -- such as the result of consolidating multiple fabrics with DCX -- is more vulnerable than smaller environments to both trivial errors and security breaks. If you want to keep human errors to a minimum or are concerned about the possibility of someone spoofing a WWN (worldwide name) to connect a rogue device to the network, the DCX's Fabric OS offers a system of policies that can bring some additional protection.

For example, you can define policies to control the connection of storage targets, switches, and hosts, allowing access only when a device, identified by its WWN, is connected to a specific port.

This screen image shows the commands to define a DCC (Device Connection Control) policy for each of the two devices on ports 133 and 134 and to make those two policies active.

For a large installation, manually setting a policy for each port could be a long and tedious process, but for initial deployments, a similar command can automatically create a policy from an existing configuration that links each active port to the WWN of its connected device.

When a DCC policy is active, trying to connect a device with a different WWN will trigger an error message and access to the port will be denied.

The DCX security policies are not foolproof. Obviously anyone with access to an admin account with proper credentials can modify them, but the system offers an easy-to-audit log of possible violations, which can simplify monitoring and enforcement of those policies.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Show Comments