VSANs
You can configure and manage Virtual SANs (VSANs) from Cisco Nexus Dashboard Fabric Controller. From the menu, choose Virtual Management > VSANS to view VSAN information. You can view or configure VSAN for the discovered fabrics, with either Manageable or Manage Continuously status. For a selected fabric, a VSAN Scope tree is displayed in the left panel.
You can achieve higher security and greater stability in Fibre Channel fabrics by using virtual SANs (VSANs) on Cisco Data Center Switches and Cisco MDS 9000 Series switches. VSANs provide isolation among devices that are physically connected to the same fabric. With VSANs, you can create multiple logical SANs over a common physical infrastructure. Each VSAN can contain up to 239 switches and has an independent address space that allows identical Fibre Channel IDs (FC IDs) to be used simultaneously in different VSANs.
Note |
Cisco Nexus Dashboard Fabric Controller does not discover, nor display any suspended VSAN. |
Note |
When changing VSAN of the Switch port in Nexus Dashboard Fabric Controller, If the port was associated with Isolated VSAN, then the previous VSAN column will be blank. |
For description on all fields that appear on the tabs, refer Field and Descriptions for VSANs.
This section includes the following topics:
Information About VSANs
With the introduction of VSANs, the network administrator can build a single topology containing switches, links, and one or more VSANs. Each VSAN in this topology has the same behavior and property of a SAN. A VSAN has the following additional features:
-
Multiple VSANs can share the same physical topology.
-
The same Fibre Channel IDs (FC IDs) can be assigned to a host in another VSAN, thus increasing VSAN scalability.
-
Every instance of a VSAN runs all required protocols such as FSPF, domain manager, and zoning.
-
Fabric-related configurations in one VSAN don’t affect the associated traffic in another VSAN.
-
Events causing traffic disruptions in one VSAN are contained within that VSAN and aren’t propagated to other VSANs.
A VSAN is in the operational state if the VSAN is active and at least one port is up. This state indicates that traffic can pass through this VSAN. This state can’t be configured.
Interoperability enables the products of multiple vendors to come into contact with each other. Fibre Channel standards guide vendors towards common external Fibre Channel interfaces. You can enable FICON in up to eight VSANs.
This section describes VSANs and includes the following topics:
VSAN Topologies
The following figure shows a fabric with three switches, one on each floor. The geographic location of the switches and the attached devices is independent of their segmentation into logical VSANs. No communication between VSANs is possible. Within each VSAN, all members can talk to one another.
The following shows a physical Fibre Channel switching infrastructure with two defined VSANs: VSAN 2 (dashed) and VSAN 7 (solid). VSAN 2 includes hosts H1 and H2, application servers AS2 and AS3, and storage arrays SA1 and SA4. VSAN 7 connects H3, AS1, SA2, and SA3.
The four switches in this network are interconnected by trunk links that carry both VSAN 2 and VSAN 7 traffic. The inter-switch topology of both VSAN 2 and VSAN 7 are identical. This isn’t a requirement and a network administrator can enable certain VSANs on certain links to create different VSAN topologies.
Without VSANs, a network administrator would need separate switches and links for separate SANs. By enabling VSANs, the same switches and links may be shared by multiple VSANs. VSANs allow SANs to be built on port granularity instead of switch granularity. The above figure illustrates that a VSAN is a group of hosts or storage devices that communicate with each other using a virtual topology defined on the physical SAN.
The criteria for creating such groups differ based on the VSAN topology:
-
VSANs can separate traffic based on the following requirements:
-
Different customers in storage provider data centers
-
Production or test in an enterprise network
-
Low and high security requirements
-
Back up traffic on separate VSANs
-
Replicating data from user traffic
-
-
VSANs can meet the needs of a particular department or application.
VSAN Advantages
VSANs offer the following advantages:
-
Traffic isolation—Traffic is contained within VSAN boundaries and devices reside only in one VSAN ensuring absolute separation between user groups, if desired.
-
Scalability—VSANs are overlaid on top of a single physical fabric. The ability to create several logical VSAN layers increases the scalability of the SAN.
-
Per VSAN fabric services—Replication of fabric services on a per VSAN basis provides increased scalability and availability.
-
Redundancy—Several VSANs created on the same physical SAN ensure redundancy. If one VSAN fails, redundant protection (to another VSAN in the same physical SAN) is configured using a backup path between the host and the device.
-
Ease of configuration—Users can be added, moved, or changed between VSANs without changing the physical structure of a SAN. Moving a device from one VSAN to another only requires configuration at the port level, not at a physical level.
Up to 256 VSANs can be configured in a switch. Of these, one is a default VSAN (VSAN 1), and another is an isolated VSAN (VSAN 4094). User-specified VSAN IDs range 2–4093.
VSAN Configuration
VSANs have the following attributes:
-
VSAN ID—The VSAN ID identifies the VSAN as the default VSAN (VSAN 1), user-defined VSANs (VSAN 2–4093), and the isolated VSAN (VSAN 4094).
-
State—The administrative state of a VSAN can be configured to an active (default) or suspended state. Once VSANs are created, they may exist in various conditions or states.
-
The active state of a VSAN indicates that the VSAN is configured and enabled. By enabling a VSAN, you activate the services for that VSAN.
-
The suspended state of a VSAN indicates that the VSAN is configured but not enabled. If a port is configured in this VSAN, it’s disabled. Use this state to deactivate a VSAN without losing the VSAN’s configuration. All ports in a suspended VSAN are disabled. By suspending a VSAN, you can preconfigure all the VSAN parameters for the whole fabric and activate the VSAN immediately.
-
-
VSAN name—This text string identifies the VSAN for management purposes. The name can be 1–32 characters long and it must be unique across all VSANs. By default, the VSAN name is a concatenation of VSAN and a four-digit string representing the VSAN ID. For example, the default name for VSAN 3 is VSAN0003.
Note
A VSAN name must be unique.
-
Load balancing attributes—These attributes indicate the use of the source-destination ID (src-dst-id) or the originator exchange OX ID (src-dst-ox-id, the default) for load-balancing path selection.
Note
OX ID-based load balancing of IVR traffic from IVR-enabled switches isn’t supported on Generation 1 switching modules. OX ID-based load balancing of IVR traffic from a non-IVR MDS 9000 Series switch should work. Generation 2 switching modules support OX ID-based load balancing of IVR traffic from IVR-enabled switches.
-
Load-balancing attributes indicate the use of the source-destination ID (src-dst-id) or the originator exchange OX ID (src-dst-ox-id, the default) for load-balancing path selection.
Port VSAN Membership
Port VSAN membership on the switch is assigned on a port-by-port basis. By default, each port belongs to the default VSAN. You can assign VSAN membership to ports using one of two methods:
-
Statically—By assigning VSANs to ports
-
Dynamically—By assigning VSANs based on the device WWN
This method is referred to as dynamic port VSAN membership (DPVM).
Types of VSAN
The following are the different types of VSAN:
Default VSAN
The factory settings for switches in the Cisco MDS 9000 Series have only the default VSAN 1 enabled. We recommend that you don’t use VSAN 1 as your production environment VSAN. If no VSANs are configured, all devices in the fabric are considered part of the default VSAN. By default, all ports are assigned to the default VSAN.
Note |
VSAN 1 can’t be deleted, but it can be suspended. |
Up to 256 VSANs can be configured in a switch. Of these, one is a default VSAN (VSAN 1), and another is an isolated VSAN (VSAN 4094). User-specified VSAN IDs range 2–4093.
Isolated VSAN
VSAN 4094 is an isolated VSAN. All nontrunking ports are transferred to this VSAN when the VSAN to which they belong is deleted. This avoids an implicit transfer of ports to the default VSAN or to another configured VSAN. All ports in the deleted VSAN are isolated (disabled).
Note |
When you configure a port in VSAN 4094 or move a port to VSAN 4094, that port is immediately isolated. |
Caution |
Don’t use an isolated VSAN to configure ports. |
Up to 256 VSANs can be configured in a switch. Of these, one is a default VSAN (VSAN 1), and another is an isolated VSAN (VSAN 4094). User-specified VSAN IDs range 2–4093.
Static VSAN Deletion
When an active VSAN is deleted, all of its attributes are removed from the running configuration. VSAN-related information is maintained by the system software as follows:
-
VSAN attributes and port membership details are maintained by the VSAN manager. This feature is affected when you delete a VSAN from the configuration. When a VSAN is deleted, all the ports in that VSAN are made inactive and the ports are moved to the isolated VSAN. If the same VSAN is recreated, the ports don’t automatically get assigned to that VSAN. Reconfigure the port VSAN membership explicitly (see the following figure).
-
VSAN-based runtime (name server), zoning, and configuration (static routes) information is removed when the VSAN is deleted.
-
Configured VSAN interface information is removed when the VSAN is deleted.
Note |
The allowed VSAN list isn’t affected when a VSAN is deleted. |
Any commands for a non-configured VSAN are rejected. For example, if VSAN 10 isn’t configured in the system, then a command request to move a port to VSAN 10 is rejected.
Feature Information for Configuring and Managing VSANs
The following table shows the licensing requirements for this feature:
License Description
ENTERPRISE_PKG The enterprise license is required to enable VSAN. For a complete explanation of the licensing scheme, see the Cisco Nexus Dashboard Fabric Controller Licensing Guide.
License |
License Description |
---|---|
ENTERPRISE_PKG |
The enterprise license is required to enable VSAN. For a complete explanation of the licensing scheme, see the Cisco Nexus Dashboard Fabric Controller Licensing Guide. |
Default VSAN Settings
The following table lists the default settings for all configured VSANs.
Parameters |
Default |
---|---|
Default VSAN |
VSAN 1. |
State |
Active State |
Name |
Concatenation of VSAN and a four-digit string representing the VSAN ID. For example, VSAN 3 is VSAN0003. |
Load-balancing attribute |
OX ID (src-dst-ox-id). |
Create VSAN Wizard
VSAN Creation Wizard workflow includes:
-
Specify VSAN ID and name.
-
Select Switches.
-
Specify VSAN attributes.
-
Specify VSAN Domain.
-
Specify VSAN Members.
Choose Virtual Management > VSANS. After you select a Fabric from the drop-down list, click Create New VSAN icon. The Welcome screen of the wizard is displayed.
Note |
Ensure that the VSAN is not already created. |
To create and configure VSANs from the Cisco Nexus Dashboard Fabric Controller Web UI, perform the following steps:
Before you begin
You cannot configure any application-specific parameters for a VSAN before creating the VSAN.
Ensure that the VSAN is not already created. Do not create the VSAN in suspended state.
Note |
The suspended VSANs are not managed. |
Procedure
Step 1 |
In the VSAN ID and Name window, perform the following steps: |
||||
Step 2 |
In the Select Switches screen, click the check box next to the Switch Name, to create the VSAN. If the switch name is grayed out, it implies that the switch is already part of a VSAN. It may also imply that the switch doesn’t have FICON feature enabled, if FICON is checked in the previous step. Click Next. |
||||
Step 3 |
In the Configure VSAN Attributes screen, configure the VSAN attributes.
|
||||
Step 4 |
In the Configure VSAN Domain screen, configure the static domain IDs for FICON VSAN. |
||||
Step 5 |
In the Configure Port Membership screen, for every switch in the VSAN, configure the interfaces as the member of the new VSAN.
Click Next. |
||||
Step 6 |
In the Review screen, verify if you have configured the VSAN correctly. Click Previous to navigate to the earlier screen and modify the configuration. Click Finish to confirm and configure the VSAN. The VSAN creation result is displayed at the bottom of the window.
|
Delete VSAN
To delete a VSAN and its attributes from the Cisco Nexus Dashboard Fabric Controller Web UI, perform the following steps:
Procedure
Step 1 |
Choose Virtual Management > VSANS. The VSANS window is displayed. |
||
Step 2 |
From the Select a fabric drop-down list, select the Fabric to which the VSAN is associated. The VSAN scope tree for the selected Fabric is displayed in the VSANS area. |
||
Step 3 |
Expand the Fabric and click the delete icon next to the VSAN. The Delete VSAN screen appears, showing the switches associated with the VSAN.
|
||
Step 4 |
Select the check box of the Switch for which you want to remove the VSAN. Click Delete VSAN. A confirmation window appears. |
||
Step 5 |
Click Confirm to confirm the deletion or click Cancel to close the dialog box without deleting the VSAN.
|
Field and Descriptions for VSANs
The Field and Descriptions for all the tabs that are displayed on Virtual Management > VSANS are explained in the following tables.
Switches Tab
This tab displays Switches in the VSAN scope. Click the Switch name to view the summary information of the switch. The following table describes the fields that appear on the Switches tab.
Field | Description | ||
---|---|---|---|
Name | Specifies the name of the switch in the VSAN.
Click the name to view the switch summary. Click Show more Details to view complete information. |
||
Domain ID | Specifies an insistent domain ID. | ||
VSAN WWN | Specifies the world wide name (WWN) of the VSAN. | ||
Principal WWN | Specifies the world wide name (WWN) of the switch.
|
||
Model | Specifies the model name of the switch. | ||
Release | Specifies the NX-OS version on the switch. | ||
Up Time | Specifies the time from which the switch is up. |
ISLs Tab
This tab displays information about the ISLs about the switches in the VSAN scope. The following table describes the fields that appear on the ISLs tab. If the VSAN is configured on both the switches across the ISL and if VSAN is not enabled on the ISL, Nexus Dashboard Fabric Controller considers VSAN as segmented. Therefore, add the VSAN to the trunked VSANs across the ISL to clear the warning message. Alternatively, you can ignore this warning message.
Field | Description |
---|---|
VSANs | All VSANs which this ISL runs traffic on. |
From Switch | The source switch of the link. |
From Interface | The port index of source E_port of the link. |
To Switch | The switch on the other end of the link. |
To Interface | The port index of destination E_port of the link. |
Speed | The speed of this ISL. |
Status | The operational status of the link. |
Port Channel Members | The member of Port Channel if the ISL is a Port Channel. |
Additional Info | Additional information for this ISL, such as, TE/TF/TNP ISL. |
Host Ports Tab
This tab displays information about the host ports on the switches in the VSAN scope. The following table describes the fields that appear on the Host Ports tab.
Field | Description |
---|---|
Enclosure | The name of the enclosure. |
Device Alias | The device alias of this entry. |
Port WWN | The assigned PWWN for this host. |
Fcid | The FC ID assigned for this host. |
Switch Interface | Interface on the switch that is connected with the end device. |
Link Status | The operational status of the link. |
Vendor | Specifies the name of the vendor. |
Serial Number |
Specifies the serial number of the enclosure. |
Model | Specifies the name of the model. |
Firmware | The version of the firmware that is executed by this HBA. |
Driver | The version of the driver that is executed by this HBA. |
Additional Info | The information list corresponding to this HBA. |
Storage Ports Tab
This tab displays information about the storage ports on the switches in the VSAN scope. The following table describes the fields that appear on the Storage Ports tab.
Field | Description |
---|---|
Enclosure | The name of the enclosure. |
Device Alias | The device alias of this entry. |
Port WWN | The assigned PWWN for this host. |
Fcid | The FC ID assigned for this host. |
Switch Interface | Interface on the switch that is connected with the end device. |
Link Status | The operational status of the link. |
Attributes Tab
This tab displays the attributes of all the switches in the VSAN scope. The following table describes the fields that appear on the Attributes tab.
Field | Description | ||
---|---|---|---|
Edit |
Click Edit to modify the attributes of the VSAN and to push the same VSAN attributes to the selected switches. If the VSAN is FICON VSAN in any selected switch, the following fields won’t appear on the UI, as they can’t be modified for the FICON VSAN.
After modify the attributes, you can click Save to save changes or Cancel to discard. |
||
Switch Name | Displays the name of the switch that is associated with the VSAN. | ||
VSAN Name | Displays the name of the VSAN. | ||
Admin | Specifies if the status of the Admin is either Active or Suspend.
|
||
Oper | The operational state of the VSAN. | ||
MTU | Displays the MTU for the switch. | ||
Load Balancing | Specifies the load-balancing type that is used in the VSAN.
The type of load balancing used on this VSAN.
|
||
InterOp | The interoperability mode of the local switch on this VSAN.
|
||
Inorder Delivery | The Inorder Delivery guarantee flag of device. If true, then the inorder delivery is guaranteed. If false, it’s not guaranteed. | ||
FICON | True if the VSAN is FICON-enabled. |
Domain ID Tab
This tab displays information about the VSAN domain and its parameters. The following table describes the fields that appear on the Domain ID tab.
Field | Description | ||
---|---|---|---|
Edit | Select a switch and click the Edit icon to modify the Domain ID information for the selected switch. | ||
Switch Name | Specifies the switch name in the VSAN.
|
||
State | Specifies the state of the Switch. | ||
Enable | Specifies if the Domain ID is enabled or disabled. | ||
Running | Specifies the running domain. | ||
Config | Specifies the configuration. | ||
Config Type | Specifies the usage of the domain ID type—preferred or static. | ||
Icons | |||
Total | The number next to Table specifies the entries under this tab. | ||
Refresh Icon | Click the Refresh icon to refresh the entries. |
VSAN Membership Tab
This tab displays information about the interfaces on the switches that form the VSAN. The following table describes the fields that appear on the VSAN Membership tab.
Field | Description | ||
---|---|---|---|
Edit |
Select a switch and click the Edit icon to modify Port VSAN Membership for selected VSAN and selected switch. Port VSAN Membership is presented by different types including FC (physical), Port Channel, FCIP, iSCSI, VFC (slot/port), VFC (ID), VFC Channel, VFC FEX, and VFC Breakout, PortChooser is provided for each type to show all existing interfaces on a selected switch for the user to choose from.
|
||
Switch Name | Name of the switch | ||
Interfaces | FC Ports in VSAN |