Abstract
This tip describes what a Cisco Virtual SAN is.
Contents
Cisco Virtual SANs
The MDS 9000 SAN Fabric family introduces Cisco's Virtual SAN (VSAN) technology, offering the capability to overlay multiple hardware enforced virtual fabric environments within a single physical fabric infrastructure. Each VSAN contains separate (dedicated) fabric services designed for enhanced scalability, resilience, and independence among storage resource domains. This is especially useful in segregating service operations and failover events between high availability resource domains allocated to different VSANs. Each VSAN contains its own complement of hardware-enforced zones, dedicated fabric services, and management capabilities, just as if the VSAN were configured as a separate physical fabric. Therefore, VSANs are designed to allow more efficient SAN utilization and flexibility, because SAN resources may be allocated and shared among more users, while supporting secure segregation of traffic and retaining independent control of resource domains on a VSAN-by-VSAN basis.
VSANs offer the following features:
- Traffic isolation: Traffic is contained within VSAN boundaries and devices reside only in one VSAN, thus ensuring absolute separation between user groups, if desired.
- Scalability: VSANs are overlaid on top of a single physical SAN. The ability to create several logical VSAN layers increases the scalability of the SAN.
- Per-VSAN fabric services: Replication of fabric services on a per-VSAN basis provides increased scalability and availability.
- Redundancy: Several VSANs created on the same physical SAN ensure redundancy. If one VSAN fails, redundant protection is provided by a configured backup path between the host and the switch.
- Ease of configuration: Users can be added, moved, or changed between VSANs without changing the physical structure of a SAN. Moving a device from one VSAN to another only requires configuration at the port level, not at a physical level.
- Shared topology: Multiple VSANs can share the same physical topology.
- Same FCIDs: The same Fibre Channel IDs (FCIDs) can be assigned to a host in another VSAN, thus increasing VSAN scalability.
- Required protocols: Every instance of a VSAN runs all required protocols such as FSPF, domain manager, and zoning.
- Independence: Fabric-related configurations in one VSAN do not affect the associated traffic in another VSAN.
- Containment: Events causing traffic disruptions in one VSAN are contained within that VSAN, and are not propagated to other VSANs.
- Isolation: No communication is possible between VSANs.
As an example, the servers are still connected to the SAN, but the SAN consists of a single MDS 9509 Director, which is attached to the same disk and tape subsystems. In a case such as this we have configured the first 31 ports in the director into a Virtual SAN (called, for example, Virtual SAN 1) and the second 31 ports into another virtual SAN (called, for example, Virtual SAN 2). The servers have a connection to each Virtual SAN thereby providing a solution that consists of multiple SAN fabrics. The Virtual SANs cannot communicate with each other, they appear to be totally separate SANs. They have their own FSPF tables, domain manager, and zoning requirements. A traffic disruption in one virtual SAN will have no impact on the other virtual SAN. A port cannot belong in multiple VSANs. They are indeed separate fabrics.