Access Gateway features and requirements
Although Access Gateway provides standard features for connection to Fibre Channel SANs, you can configure a number of optional features as well. There are also requirements and limitations that you should be aware of when using this feature in a VCS cluster and FC fabric environment.
The Port Grouping (PG) policy is enabled by default when AG is enabled. This allows you to group N_Ports into a port group. By default, any VF_Ports mapped to these N_Ports are also members of that port group. Port Grouping allows you to isolate specific hosts to specific FC fabric ports for performance, security, or other reasons.
Automatic Login Balancing (LB) and Modified Managed Fabric Name Monitoring (M-MFNM) modes are enabled by default when the PG policy is enabled.
- When LB mode is enabled and an N_Port goes offline, existing logins from VF_Ports that are mapped to the offline N_Port are distributed to available N_Ports in the port group. If a new N_Port comes online, existing logins are not disturbed. LB mode can be disabled using Network OS commands.
- When LB mode is disabled, VF_Ports are not shared among N_Ports in the port group, as VF_Ports can only connect to N_Ports to which they are mapped. As a best practice to ensure device login, bind the ENode to a VF_Port and ensure that its mapped N_Port is online.
- M-MFNM mode ensures that all N_Ports connect to the same FC fabric, preventing connections to multiple SANs. M-MFNM cannot be disabled as long as LB mode is enabled.
For more information on Port Grouping policy modes, refer to Port Grouping policy modes.
N_Port monitoring for unreliable links
The N_Port monitoring for unreliable links feature monitors links from all N_Ports on the VDX switch to F_Ports on the FC fabric. If online and offline static change notifications (SCNs) exceed a set threshold during a specific time period, the link is considered unreliable, and the N_Port is taken offline. The VF_Ports mapped to the N_Port also go offline. If the N_Port is in a port group and Automatic Login Balancing is enabled, the VF_Ports mapped to the N_Port are distributed among available N_Ports in the same port group.
Additional features and functions
Following are additional features and functions of Access Gateway:
- Access Gateway enables VDX FC ports as N_Ports. Hosts attached to VDX VF_Ports can connect directly with F_Ports on a Fibre Channel fabric edge switch through these N_Ports.
- Instead of using ISL connections and possibly limited domain resources, the use of N_Ports increases the number of available device ports on the switch. As the number of Fibre Channel and VCS Fabrics grow, scalability is less of an issue.
- Through the use of N_Port ID Virtualization (NPIV), multiple FCoE initiators can access the SAN through the same physical port.
- When enabling AG mode, VF_Ports are mapped to available N_Ports in a round-robin fashion as ENodes log in. However, you can re-map any VF_Port to switch N_Ports.
- Access Gateway can operate in both fabric cluster and logical chassis cluster modes.
- You can configure additional FC port attributes for the AG switch N_Ports as you would on non-AG switches. Refer to Configuring Fibre Channel Ports.
Following are limitations you should be aware of when using Access Gateway mode:
- Hosts connected to an Access Gateway switch cannot communicate with targets on the VCS Fabric.
- A VDX switch configured for Access Gateway can connect with only one FC Fabric. Ports connected to a second FC fabric are disabled.
- Access Gateway can operate in both fabric cluster mode and logical chassis cluster modes. The AG configuration is not distributed in fabric cluster mode and is distributed in logical chassis cluster mode.
- You can only configure VF_Port to N_Port mapping for devices directly attached to VF_Ports and F_Ports on the connected FC switch. These mappings control device logins through appropriate N_Ports.
- Since all switch FC ports are configured as N_Ports when AG mode is enabled:
- FC hosts or targets cannot be directly attached to the AG switch.
- The AG switch cannot be connected to a Fabric OS Access Gateway in a Cascaded configuration.
- Access Gateway does not "bridge" the VCS and FC fabrics:
- Hosts connected to VF_Ports mapped to Access Gateway N_Ports appear on the FC fabric only.
- Device FC IDs are assigned by the FC fabric F_Ports connected to the Access Gateway N_Ports.
- VF_Ports and N_Ports are under the Access Gateway dæmeon's configuration.
- Fibre Channel OS components, such as management server, name server, and zoning are restricted on Network OS Access Gateways just as they are on Fabric OS Access Gateways. Refer to the Fabric OS Access Gateway Administrator's Guide for a complete list.
- Although the show fcoe login command displays FCoE devices connected to the Access Gateway switch VF_Ports, these devices are in the FC fabric and cannot be detected by the VCS Fabric name server. Therefore, these devices cannot be zoned in a VCS Fabric.
FCoE and Layer 2 support and limitations
The following functions are supported:
- The following functionality is supported for a configuration consisting of a vLAG from a host CNA to two Access Gateway switches or to an AG switch and a VCS Switch (L2 vLAG for top of rack split):
- The vLAG links can carry Layer 2 and Layer 3 traffic.
- VLAG support is identical to support in native VCS mode.
- A separate FCoE device login is supported through each AG switch.
- The following functionality is supported for a configuration with a LAG from an FSB to an AG switch:
- LAG specifics, such as number of links and contiguous vs. discontinuous, is identical to native VCS support.
- Multiple LAGs can connect to the AG switch (one per FSB).
- LAG carries Layer 2 and Layer 3 traffic.
- Devices connected via an FSB LAG cannot talk to a Cisco SAN.
- LAGs and direct attached devices are supported on the same AG switch.
- The following functionality is supported for VF_Ports and CEE interfaces:
- VF_Ports are dynamically bound to Ethernet interfaces as in native VCS mode.
- As in native VCS mode, all CEE interfaces with connected devices must be configured for FCoE.
- The CEE interface will come up as an ISL ET port if it is connected to a peer ET port on another switch in the VCS Fabric.
- As in native VCS mode, 64 VF_Ports are allocated by default.
- A VF_Port can accept up to 64 NPIV logins.
- As in native VCS mode, VF_Ports are dynamically allocated as devices come up.
- As in native VCS mode, VF_Ports can be statically bound to ENodes.
- VCS Fabric services run on VCS ports and not under Access Gateway.
- As in native VCS mode, the number of VF_Ports allocated can be changed dynamically:
- You can configure the maximum number of FCoE devices that can be logged into a switch by using the fcoe_enodes command.
- Newly allocated VF_Ports are mapped to existing N_Ports sequentially in a round-robin fashion, which assigns all VF_Ports sequentially and evenly to the N_Ports.
- Newly deallocated VF_Ports are removed from existing VF_Port to N_Port mappings.
- If an interface is only handling L2 traffic, the corresponding VF_Port appears as disabled to AG.
- For vLAGs:
- As in native VCS mode, a vLAG with FSB cannot support FCoE traffic. It can support L2 traffic only.
- A vLAG from a host Converged Network Adapter (CNA) supports L2 and FCoE traffic.
- A single LAG/link is supported between one FSB and one AG switch. Subsequent LAG/links are treated as a TRILL loop and disabled.
- LAG member VF_Ports cannot be mapped to individual N_Ports or N_Port groups.
- The enable command is not allowed if the RBridge is part of an FCoE forwarder (FCF)-group as an FCF-RBridge ID (rbid) in an FCoE fabric-map configuration.
- The no enable command is not allowed if the RBridge contains a port provisioned for FCoE.