Intel SBCEFCSW manual Zoning concepts, Zones, Soft zoning, Access control list zones

Zoning concepts

The following zoning concepts provide some context for the zoning tasks described in this section:

•Zones

•Aliases

•Zone sets

•Zoning database

•Zoning configuration

Zones

A zone is a named group of ports or devices that can communicate with each other. Membership in a zone is defined by port number, device Fibre Channel address, or device World Wide Name (WWN). Zone members can communicate only with members of the same zone. Zones can overlap -- a port or device can be a member of more than one zone.

Three zone types are supported, but have restrictive levels of communication. These zone types are:

•Soft zone

•Access control list (ACL) - hard zone

•Virtual private fabric (VPF) - hard zone

Soft zoning

Soft zoning divides the fabric to control discovery. Members of the same soft zone automatically discover and communicate freely with all other members of the same zone. The soft zone boundary is not secure; traffic across soft zones can occur if addressed correctly. Soft zones that include members from multiple switch modules need not include the ports of the interswitch links. Soft zone boundaries yield to ACL and VPF zone boundaries. Soft zones can overlap -- a port can be a member of more than one soft zone. Membership is defined by Fibre Channel address, port ID and domain ID, or worldwide name. Soft zoning supports all port modes.

Access control list zones

Access control list (ACL) zoning divides the fabric to control discovery and inbound traffic. ACL zoning is a type of hard zoning that is hardware enforced. This type of zoning is useful for controlling access to certain devices without totally isolating them from the fabric. Members can communicate with each other and transmit outside the ACL zone but cannot receive inbound traffic from outside the zone. The ACL zone boundary is secure against inbound traffic. ACL zones can overlap -- a port can be a member of more than one ACL zone. ACL zones that include members from multiple switch modules need not include the ports of the interswitch links. ACL zone boundaries supersede soft zone boundaries but yield to VPF zone boundaries. Membership can be defined only by port ID and domain ID. ACL zoning supports all port modes except TL_Ports.

Virtual private fabric zones

Virtual private fabric (VPF) zoning divides the fabric for purposes of controlling discovery and both inbound and outbound traffic. This type of zoning is useful for providing security and reserving paths between devices to guarantee bandwidth. VPF zoning is a type of hard zoning that is hardware enforced. Members can transmit to and receive only from members of the same VPF zone. The VPF zone boundary is secure against both inbound and outbound traffic. VPF zones that include members from multiple switch modules must include the ports of the interswitch links. VPF zones cannot overlap -- a port can be a member of only one VPF zone. VPF zone boundaries supersede both soft and ACL zone boundaries. Membership can be defined only by port ID and domain ID. VPF zoning supports all port modes.

✏NOTE

Domain ID conflicts can result in automatic reassignment of switch module domain IDs. These reassignments are not reflected in zones that use domain ID and port number pairs or Fibre Channel addresses to define their membership. Be sure to reconfigure zones that are affected by a domain ID change. To prevent zoning definitions from becoming invalid when the membership is defined by domain ID/port number or Fibre Channel address, you must lock domain IDs.

89