|
|
|
|
|
|
Hardware
Active and passive devicesThis section contains the following information: ◆ “ Buffer-to-buffer local termination” ◆ “SRDF with SiRT” ◆ “Fast write/ write acceleration” ◆ “SiRT with distance vendor write acceleration” ◆ “Link initialization” ◆ “
Network stability and error recovery” Buffer-to-buffer local terminationIn Fibre Channel, BB_Credits are a method of maintaining the flow control of transmitting Fibre Channel frames. BB_Credits help maintain a balanced flow of I/O transmissions while avoiding underutilization or oversubscription of a Fibre Channel link. Figure 3 shows what the buffering flow control would normally follow without the local termination. This places the burden on the end nodes to maintain and track the BB_Credit flow control on the Fibre Channel link. The flow control distance will be determined by the amount of credits and the link speed that is supported by the end nodes. The end nodes can be an E_Port or F_Port. BB_Credits are provided by the Fibre Channel switches. The distance extension device is transparent and does not participate in BB_Credit flow control. Link speed, latency, and the amount of available credits will determine the performance characteristics of these configurations.  Figure 3 Flow control managed by Fibre Channel switch (without buffering from distance extension devices) Determining sufficient amount of BB_Credits is crucial when provisioning Fibre Channel environments prior to utilization. Miscalculating the amount of credits may lead to performance degradation due to credit starvation. Note: EMC recommends adding 20% margin to calculated BB_Credit values to account for spikes in traffic. Credit starvation occurs when the number of available credits reaches zero preventing all forms of Fibre Channel transmissions from occurring. Once this condition is reached a timeout value will be triggered causing the link to re-initialize. To avoid this condition, sufficient BB_credits must be available to meet the latency and performance requirements for the particular SRDF deployment. The standard Fibre Channel flow control and BB_Credit mechanism is adequate for most short-haul deployments. With longer distance deployments however, the Fibre Channel flow control model is not as effective. Additional buffering and WAN-optimized flow control are often needed. Figure 4 shows a configuration where the distance extension devices are providing additional buffering and flow control mechanisms for the purpose of increasing distances between locations. To accomplish this, the Fibre Channel end nodes are provided with immediate R_RDY responses with every "sent" FC-frame. This occurs within the local flow control segments. The distance extension nodes, in turn, implement their own buffering and WAN-optimized flow control.  Figure 4 Flow control (with buffering from distance extension devices) Refer to the distance extension vendor documentation for detailed information on each vendor’s buffering and flow control implementations.
|
|
SAN equipment credit chart
Brocade M-Series credit chart
Brocade M-Series supports only R_RDY flow control. Each Brocade M-Series Family type switch will have unique credit amounts. Refer to Table 6 for details of the Brocade M-Series credit chart.
Table 6 Brocade M-Series credit chart | Switch type (EMC/Brocade M-Series) | Module / Optic | Link speed | Number of credits | Notes | | ED-1032 / ED-5000 | Multi-mode, single-mode | 1 Gb / 2 Gb | 60 | | | DS-16M / ES -3016 | Multi-mode, single-mode | 1 Gb / 2 Gb | 60 | | | DS-16M2 / ES-3216 | Multi-mode, single-mode | 1 Gb / 2 Gb | 60 | | | DS-32M / ES3032 | Multi-mode, single-mode | 1 Gb / 2 Gb | 60 | | | DS-32M2 / ES-3232 | Multi-mode, single-mode | 1 Gb / 2 Gb | 60 | | | ED-64M / ED-6064 | Multi-mode, single-mode | 1 Gb / 2 Gb | 60 | | | ED-140M / ED-6140 | Multi-mode, single-mode | 1 Gb / 2 Gb | 60 | | | N/A / ES-4300 | Multi-mode, single-mode | 1 Gb / 2 Gb | 12 / 7 | 12 on the first 4 and 7 on the rest… Credit increases applies to specified quad areas. | | DS-24M2 / ES-4500 | Multi-mode, single-mode | 1 Gb / 2 Gb | 12 / 7 | 12 on the first 4 and 7 on the rest… Credit increases applies to specified quad areas. | | ED-10000M / Intepid 10000 | Multi-mode, single-mode | 1 Gb/2 Gb/10Gb | 1373 | | | DS-4400M/ ES-4400 | Multi-mode, single-mode | 1 Gb / 2 Gb/ 4 Gb | ? | | | DS-4700M / ES-4700 | Multi-mode, single-mode | 1 Gb / 2 Gb/ 4 Gb | ? | | Количество буферов в коммутаторах Cisco MDS
Коммутаторы Cisco MDS используют только режим R_RDY.В таблице 7, показано количество доступных буферов BB-credits, на E_Port. | Switch Type | Blade/Optic Support | Link Speed | Number of Credits | Notes | | 9509 | Multi-mode, single-mode, CWDM | 1 Gb / 2 Gb | 255 | | | 9506 | Multi-mode, single-mode, CWDM | 1 Gb / 2 Gb | 255 | | | 9216 | Multi-mode, single-mode, CWDM | 1 Gb / 2 Gb | 255 | | | 9216A | Multi-mode, single-mode, CWDM | 1 Gb / 2 Gb | 255 | | | 9216i | Multi-mode, single-mode, CWDM | 1 Gb / 2 Gb | 255 | | | 9120 | Multi-mode, single-mode, CWDM | 1 Gb / 2 Gb | 255 | Based on the first quad | | 9140 | Multi-mode, single-mode, CWDM | 1 Gb / 2 Gb | 255 | | Symmetrix Fibre
Adapter credit chart
Symmetrix boards uses R_RDY flow control. Table 8 displays the number of BB-credits available per Fibre Channel Adapter F_Port.
Table 8 Symmetrix Fibre Adapter credit chart | Symmetrix Family | Board Type / Optic | Link Speed | Number of Credits | | Symmetrix 5.0 | Fibre Adapter / multi-mode | 1 Gb / 2 Gb | 7 | | Symmetrix 6.0 | Fibre Adapter / multi-mode | 1 Gb / 2 Gb | 7 | | Symmetrix 7.0 | Fibre Adapter / multi-mode | 1 Gb / 2 Gb | 7 | TCP/IP window
As discussed in ”TCP/IP” a TCP window is the amount of data a sender can send without waiting for an ACK from the receiver. The TCP window is a flow control mechanism and ensures that no congestion occurs in the
network. For example, if a pair of hosts are talking over a TCP connection that has a TCP window size of 64 KB (kilobytes), the sender can only send 64 KB of data and then it must stop and wait for an acknowledgment from the receiver that some or all of the data has been received. If the receiver acknowledges that all the data has been received then the sender is free to send another 64 KB. If the sender gets back an acknowledgment from the receiver that it received the first 32 KB (which could happen if the second 32 KB was still in transit or it could happen if the second 32 KB got lost), then the sender could only send another 32 KB since it cannot have more than 64 KB of unacknowledged data outstanding (the second 32 KB of data plus the third).
The primary reason for the window is congestion control. The whole network connection, which consists of the hosts at both ends, the routers in between, and the actual connections themselves, will have a bottleneck somewhere that can only handle so much data so fast. The TCP window throttles the transmission speed down to a level where congestion and data loss do not occur. The factors affecting the window size are as follows:
◆ Receiver’s advertised window
For more information, refer to “Receiver’s advertised window”
◆ Sender’s congestion window
For more information, refer to “Sender’s congestion window”
◆ Usable window
For more information, refer to “Usable window”
◆ Window scaling
For more information, refer to “Window scaling”
|
Building secure SANs
Many factors need to be considered when building secure SANs.
Network and security requirements are often unique to each business environment. The advice of professional security consultants is often sought to balance business security, information accessibility, and performance needs.
Design considerations
Before designing a secure fabric, you need to consider current and pending regulations, management costs, data
availability, and network maintenance.
The availability of data is arguably the most important aspect of good SAN design. Prior to the application of security mechanisms, whether they are initiated from customer security policy or IT initiatives, the existing SAN needs to be in a state of stability. The complexity of adding layers of security policy in different zones, from the core to the perimeter of the data center, requires a stable SAN in order to troubleshoot any issues when the security variables are introduced.
Assuring availability can come in many forms. For example, knowing who has physical and administrative access to all components of a SAN, in a well-documented format, is a simple best practice. One main reason for costly downtime is due to physical, unintentional breaches in the environment and not knowing who owns administrative access to the affected components.
When designing the security aspects of the SAN, administrators need to be aware of business availability requirements to avoid "over-securing," which can be costly. SAN scaling and general maintenance impact on security features need to be considered to prevent loss of availability or security features. Through proper redundancy and failover practices, secure availability can almost be guaranteed.
Change control and maintenance of records and procedures have become popular security practices within IT organizations. Change control practices must assure that proposed changes to an environment are documented from start to finish with appropriate approval processes in place throughout the IT organization.
Contingency plans need to be documented as well. All personnel who have access to the environment must be made aware of changes. Natural disasters are also to be considered when planning secure storage environments. Typically, offsite redundancy and replication is preferred to localization of resources for disaster recovery.
Suggestions to maintain secure availability in disaster scenarios range from locating resources to create a sense of obscurity to frequently fire-drilling such disasters that include the loss of strategic key management resources.
|
|
|
|
|
|
|
Page 1 of 12 |
|
|
|
Hardware
