Virtualizing FC SAN (VSAN)
Virtual SAN (also called virtual fabric) is a logical fabric on an FC SAN, which enables communication among a group of nodes regardless of their physical location in the fabric.
Each SAN can be partitioned into smaller virtual fabrics, generally called as VSANs. VSANs are similar to VLANs in the networking and allows to partition physical kit into multiple smaller logical SANs/fabrics. It is possible to route traffic between virtual fabrics by using vendor-specific technologies.
In a VSAN, a group of node ports communicate with each other using a virtual topology defined on the physical SAN. Multiple VSANs may be created on a single physical SAN. Each VSAN behaves and is managed as an independent fabric. Each VSAN has its own fabric services, configuration, and set of FC addresses. Fabric-related configurations in one VSAN do not affect the traffic in another VSAN. A VSAN may be extended across sites, enabling communication among a group of nodes, in either site with a common set of requirements.
VSANs improve SAN security, scalability, availability, and manageability. VSANs provide enhanced security by isolating the sensitive data in a VSAN and by restricting the access to the resources located within that VSAN.
For example, a cloud provider typically isolates the storage pools for multiple cloud services by creating multiple VSANs on an FC SAN. Further, the same FC address can be assigned to nodes in different VSANs, thus increasing the fabric scalability.
The events causing traffic disruptions in one VSAN are contained within that VSAN and are not propagated to other VSANs. VSANs facilitate an easy, flexible, and less expensive way to manage networks. Configuring VSANs is easier and quicker compared to building separate physical FC SANs for various node groups. To regroup nodes, an administrator simply changes the VSAN configurations without moving nodes and recabling.
To configure VSANs on a fabric, an administrator first needs to define VSANs on fabric switches. Each VSAN is identified with a specific number called VSAN ID. The next step is to assign a VSAN ID to the F_Ports on the switch. By assigning a VSAN ID to an F_Port, the port is included in the VSAN. In this manner, multiple F_Ports can be grouped into a VSAN.
For example, an administrator may group switch ports (F_Ports) 1 and 2 into VSAN 10 (ID) and ports 6 to 12 into VSAN 20 (ID). If an N_Port connects to an F_Port that belongs to a VSAN, it becomes a member of that VSAN. The switch transfers FC frames between switch ports that belong to the same VSAN.
VSAN versus Zone
Both VSANs and zones enable node ports within a fabric to be logically segmented into groups. But they are not same and their purposes are different. There is a hierarchical relationship between them. An administrator first assigns physical ports to VSANs and then configures independent zones for each VSAN. A VSAN has its own independent fabric services, but the fabric services are not available on a per-zone basis.
VSAN trunking allows network traffic from multiple VSANs to traverse a single ISL. It supports a single ISL to permit traffic from multiple VSANs along the same path. The ISL through which multiple VSAN traffic travels is called a trunk link.
VSAN trunking enables a single E_Port to be used for sending or receiving traffic from multiple VSANs over a trunk link. The E_Port capable of transferring multiple VSAN traffic is called a trunk port. The sending and receiving switches must have at least one trunk E_Port configured for all of or a subset of the VSANs defined on the switches.
VSAN trunking eliminates the need to create dedicated ISL(s) for each VSAN. It reduces the number of ISLs when the switches are configured with multiple VSANs. As the number of ISLs between the switches decreases, the number of E_Ports used for the ISLs also reduces. By eliminating needless ISLs, the utilization of the remaining ISLs increases. The complexity of managing the FC SAN is also minimized with a reduced number of ISLs.
VSAN tagging is the process of adding or removing a marker or tag to the FC frames that contains VSAN-specific information. Associated with VSAN trunking, it helps isolate FC frames from multiple VSANs that travel through and share a trunk link. Whenever an FC frame enters an FC switch, it is tagged with a VSAN header indicating the VSAN ID of the switch port (F_Port) before sending the frame down to a trunk link.
The receiving FC switch reads the tag and forwards the frame to the destination port that corresponds to that VSAN ID. The tag is removed once the frame leaves a trunk link to reach an N_Port.
Go To >> Index Page
Go To >> Index Page