Professional Documents
Culture Documents
I/O Channel
Networked
for multiple improvements HBA
?NL-Port ?
Tape
Host
Library
NL-Port
Hub
Host
?NL-Port
Host
N-Port
F-Port FL-Port
?
? ?E-Port ?
Switch Switch
F-Port E-Port F-Port
?N-Port
Storage Storage
Array N-Port Array
Core Edge
Single-Switch
Full Mesh
2007 EMC Corporation. All rights reserved.
Lesson 2: Fibre Channel Protocol Layers
Upon completion of this lesson, you will be able to:
Describe the Fibre Channel Protocol stack
Identify primary stack layers
List functions of each layer
Define the data organization primitives
Frames, Sequences and Exchanges
Routing (FC-2)
3 network IP, ICMP, IGMP
Flow Control (FC-2)
Encode/decode (FC-1)
2 data link Ethernet, Token Ring Link control services
(FC-2)
FC-4 mapping interface mapping Upper Layer Protocol (e.g. SCSI-3) to FC transport
FC-3 common services functions spanning multiple ports (multicast, striping etc)
FC-2 routing, flow control frame structure, ports, FC addressing, buffer credits
Fabric Services
Classes of service
Flow control
Routing
2007 EMC Corporation. All rights reserved.
Fibre Channel Addressing
Transport layer: provides the organizational structure to control and manage transport
FC2 defines the following four tiers for control and management:
Login
Two ports establish a session and exchange parameters
Must be established for I/O operations to take place
Exchange
Composed of one or more sequences
Can be uni-directional or bi-directional
Identified by OX_ID (mandatory) and RX_ID (optional), which are specific fields in the data frame
Allows two fibre channel ports to identify and manage a set of Information Units
An Information Unit signifies a specific operation within the ULP (Upper Layer Protocol, such as SCSI)
An Information Unit maps to a Sequence (defined below)
The Information Unit structure for specific protocols is defined in FC Layer 4
Sequence
A contiguous set of frames that are sent from one port to another
Correspond to an Information Unit as defined by the ULP (Upper Layer Protocol)
Characterized by a SEQ_ID
Each Frame within a Sequence has a unique SEQ_CNT
Frame
The fundamental unit of data transfer at Layer 2
up to 2112 bytes of payload
Fibre Channel links, and therefore fabrics, may span distances beyond a
single data center (100s of km)
Enabling technologies: Singlemode long wave, DWDM, CWDM, etc.
Long-distance links typically dedicated to multi-site Business Continuity applications
Signal propagation delay due to speed-of-light becomes a factor
Round-trip signal propagation time dictates minimum buffer credits needed
BB_Credits usually sized for 100% utilization on long-distance links
Links may be leased lines shared with other subscribers
Links may entail significant recurring costs
Switches at either end must support the minimum required level of BB_Credits
Class 6: Multicast
Efficient frame delivery for single_sourcemultiple_targets
Otherwise similar to Class 1
Host
Login Server Storage Port
HBA Name Server Storage Port
HBA Fabric Controller Storage Port
Storage Port
Fabric A Fabric B
Fabric
Zones
Fan-in = 2
Fabric A Fabric B
Fabric
Zones
Fabric A Fabric B
Fabric
Zones
Fan-out = 4
Storage Array 1 Storage Array 2
2 2
Host Host 1 3
1 3
4
4
SPF =2,3,4
SPF=1
Storage
Storage
2007 EMC Corporation. All rights reserved.
ISLs Without Trunking
Open Trunking
An intelligent variant of flow-based trunking, where the routing tables are
occasionally adjusted based on load monitoring
Algorithm can periodically change the ISL in use for any given node-pair
Exchange-based Trunking
Route is determined at the granularity of one Exchange
Frames with the same {Source_ID, Destination_ID, OX_ID} are routed
through one ISL
Guarantees in-order delivery of frames within a particular Exchange
Can provide load-balancing even when just one node-pair is active
Set the Domain IDs, rather than allowing the fabric to set
them
At switch configuration time, specify a preferred domain ID for the
switch that is unique to the entire environment
Consolidation Supportability
Ability to provision and manage all Ease of trouble-shooting
storage resources centrally Ease of repair
Storage device consolidation via fan-out
Consolidation of SAN islands Security
Impact of Security policies on
Availability
Accessibility, Flexibility, and
Planning should include considering a Supportability
variety of failure scenarios
Flexibility Business Continuity
Ability to deploy new storage/hosts, or Accommodate connectivity and
shift existing storage assets without performance requirements of BC
disrupting production applications functions
Fabric A Fabric B
Fabric Fabric
Zones Active / Active Array Zones
LUN 1
LUN 2
LUN 4
Fabric A Fabric B
LUN 2
LUN 3
Fabric A Fabric B
Fabric Fabric
Zones Active / Passive Array Zones
SP-A LUN 0
LUN 2
LUN 1
LUN 3
SP-B
2007 EMC Corporation. All rights reserved.
Host Considerations: Drivers and Multipathing
Supported HBA model with qualified HBA firmware,
device driver and HBA configuration utilities
Depending on host OS platform, this is supplied by the host vendor
or HBA vendor
Fail-over mode
Fail-over handling depends on multipathing software option
Fabric Binding
Prevents unauthorized switch from joining any existing switch in the
fabric
Authorized membership data exists on every switch
Attempt to ISL in a rogue switch causes fabric to segment
2007 EMC Corporation. All rights reserved.
Role Based Access Control
Implemented on the Fibre Channel Switch
Specifies which user can have access to which device in
a fabric
Specifies what this user can do on the device
Each user may be assigned a role
Role
Decision point
Which technology will meet my business needs?
Examples
Consolidation
Storage = Gateway
Management = Integrated
Scalability
Gateway
Initial cost
Integrated
Storage System
IP Network
NAS Head
Management Console
Server
IP Network
NAS Head
Management Console
Storage LUNS
Cluster
Data flow prior NAS Device
to node failure
Node failover
X
Active Node
Active Node
Data flow after
node failure Standby Node
TCP is reliable
Acknowledgements indicate delivery of data
Checksums are used to detect corrupted data
Sequence numbers detect missing, or mis-sequenced data
Corrupted data is retransmitted after a timeout
Mis-sequenced data is re-sequenced
Flow control prevents over-run of receiver
Buffer overruns are a source of exploits on Windows servers
Reply
Request Source 2.2.2.2 445
Source 1.1.1.1 3822 Destination 1.1.1.1 3822
Destination 2.2.2.2 445
Client
NAS
1.1.1.1
2.2.2.2
switch
switch
#1
0 hops
2007 EMC Corporation. All rights reserved.
NAS Networking Concepts: Routing (Cont.)
Routing: Directing data from one network to another in
order to reach its destination
Routing occurs at layer 3
4 4 4
5
7 3
3
qu est
in Re
Log 2 NAS Device
Directory Services
Server
Benefits of aggregation
Higher link availability
Higher link capacity
Offset immediate need for technology upgrade
Link Aggregation
LACP or Cisco Port Channel
LAN
NAS
NIC Ports
Device
Standby
Redundant Paths
VLAN 1
Switch 1 Switch 2
Router
VLAN 3 VLAN 3
VLAN 2
Network efficiencies
Less header overhead
1500 MTU
Node A 9000 MTU Node D
Node B Ethernet Node C
9000 MTU
Ethernet
Ethernet
NAS Device
Send packets 1, 2, 3
Packets 1, 2, 3 acknowledged
Send packets 4, 5
Packet 4 acknowledged
Retransmit packet 5
Linux example
switch
1000 Mbps 1000 Mbps 1000 Mbps 1000 Mbps Correct manual
Full duplex Full duplex Full duplex Full duplex config
* Assuming maximum capability of Catalyst switch, and NIC is 1000 Mbps, full duplex
** Cisco.com
1 0 1 0
NAS
Client 0 1
1 0
Device
Switch
Window Scaling
Used to increase the maximum window size from 65,535 bytes to 1
Gigabyte
SACK: Selective Acknowledgement
Data receiver can inform the sender about all segments that have arrived
successfully, so the sender need retransmit only the segments that have
actually been lost
2007 EMC Corporation. All rights reserved.
Check Your Knowledge - 1
What is the size of a typical jumbo packet?
What is a VLAN?
What is VLAN tagging?
VLAN 5
Gigabit Ethernet
Full Duplex
MTU = 9000
Gigabit Ethernet
Full Duplex
MTU = 1500
Gigabit Ethernet
NAS Clients
6
7 1
3
3
4 4 4
5
7 3 3 st
ue
Req
in
Log 2 NAS Device
Directory Services
Server
Administrators
Servers
Users, Groups,
Access Control,
Services,
Certificates,
Preferences
Devices
Clients
UNIX Authentication
Windows object
User root ACL
Network
SID abc deny write
Windows Client
Windows SID xyz allow write
Authentication
Validate DC/NIS connectivity and bandwidth
KDC
Windows Client ID Proof (1)
TGT (2)
TGT + server-name (3)
KerbC (KerbS TKT) (5)
Ke
rb
Se S T
ss KT
io (6 (4)
n
ID )
(8
)
NAS Device
keytab (7)
CIFS Active
Service CIFS Server Directory
KDC
Windows Client ID Proof (1)
TGT (2)
TGT + server-name (3)
KerbC (KerbS TKT) (5)
Ke
rb
Se S T
ss KT
io (6 (4)
n
ID )
(8
)
NAS Device
keytab (7)
CIFS Active
Service CIFS Server Directory
Private
Internet
Network
DMZ
2007 EMC Corporation. All rights reserved.
Check Your Knowledge
What type of privileges are used on a Windows file
system?
Which Kerberos component is responsible for providing
tickets?
Which directory service is primarily used by Microsoft
Windows PCs?
FCIP
Fibre Channel-to-IP bridge / tunnel
FC IP IP IP FC
(point
to point)
Fibre Channel end points
FC/ IP/
iFCP IP FC
IP as the inter-switch fabric IP
FC/ IP/
Fibre Channel end points IP FC
LAN LAN
Business Critical
Applications
FCIP/iFCP
iSCSI Remote Office
Mission Critical
Applications
Fibre iSCSI
FibreChannel
Channel Fibre
Fibre
Channel
Channel
DR Site
iSCSI targets
Storage array with embedded iSCSI capable network port
FC-iSCSI bridge
Target
Initiator
IP
iSCSI Network
10.127.50.162
No FC components
Each iSCSI port on the array is configured with an IP
address and port number
iSCSI Initiators Connect directly to the Array
10.168.0.111:3260 172.24.81.13:3262
192.168.0.15:3269
172.24.81.12:3261 192.168.0.14:3262
Network Interfaces
iSCSI FCP
iSCSI
IP Fibre Channel
Network Fabric
iSCSI
Initiator -
10.127.10.1
Bridge
Target -
FC Initiator FC Target
10.127.10.2
iSCSI FCP
SendTargetsDiscovery
Target
Initiator
IP
iSCSI Network
iSNS Initiator
iSCSI Target
Initiators IP
Targets Network
portals
Initiator
Implemented:
One way
Authentication password configured on only one side of the connection
OR
Two way
Authentication password configured on both sides of the connection,
requiring both nodes to validate the connection e.g. mutual
authentication
Layer 3 Packets
IP IP
Network
Layer 2 Frames
Ethernet Ethernet
Data Link
IP
IP TCP
TCP iSCSI
iSCSI SCSI
SCSI Data
Data
iSCSI PDU
TCP Segment
IP Packet
iSCSI PDU
CmdSN CmdSN
PDU #2 PDU #2
PDU #3 PDU #3
PDU #4
CRC
SOF
EOF
Header SCSI Data
FCIP Encapsulation
IP TCP FCIP
IP Payload
Header Header Header
IP Packet
GigE Links
FC Port
FC Port FCIP
L2 L2 L2 L2 L2 L2
L2 L2 IP Network L2 L2
(LAN/WAN)
IP Address A IP Address B
Edge Fabric A Edge Fabric B
FC IP IP FC
L2 L2 L2 L2 L2 L2
IP
Networ
L2 L2 L2 L2
k
FC FC
IP IP
AP-7420B
Device B
2
EMC
S Y MME T R
I X
iSNS
iSNS
EMC
2
SY M ME T R
I X
Device A
Two
Discovery
Host A Domains
Host B Host C
Management Code
SLP
Directory
Agent
Outlook users
file clients
LAN
Other Considerations
System administration team very knowledgeable on IP networks
Minimum disruption and investment on server infrastructure
The organization is currently on Exchange 2000 and they have
decided to move to Exchange server 2003 in the next 12 months.
Block level access to exchange servers data is stated as a best
practice by the corporate IT team