IBM Network Advisor Deployment and Best Practices Guide
IBM Network Advisor Deployment and Best Practice Guide Version: 3.10
Owner: Jim Olson Author: Eric Block, David Lutz & Sudharsan S Vangal
http://ibm.biz/brocdesignbp
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 1 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Table of Contents Table of Contents...............................................................................................................2 Document history...............................................................................................................5 Document Location.................................................................................................................................. 5 Approvals................................................................................................................................................. 6 Distribution............................................................................................................................................... 6
Introduction........................................................................................................................8 When to use Network Advisor.................................................................................................................. 8
Best Practices Recommendations.....................................................................................9 Regular Tasks for SAN Health.........................................................................................10 Daily.................................................................................................................................................... 10 Weekly................................................................................................................................................ 10 Monthly............................................................................................................................................... 11 Quarterly............................................................................................................................................. 12
Network Advisor...............................................................................................................13 Server Sizing and Configuration............................................................................................................. 13 Server and Client Ports.......................................................................................................................... 14 Downloading IBM Network Advisor........................................................................................................ 16 Installing IBM Network Advisor............................................................................................................... 18 Launching the Remote Client................................................................................................................. 27 User Account Management.................................................................................................................... 28 Server Management Console................................................................................................................. 29 IBM Network Advisor Configuration Screen........................................................................................... 32
Backup and Restore Configuration Data.........................................................................34 Switch Backup and Restore................................................................................................................... 34 Restoring a switch configuration for a selected device...........................................................................35 Scheduling Switch Backups................................................................................................................... 35 Server Data Backup and Restore........................................................................................................... 37 Viewing the backup status...................................................................................................................... 39 Server Data Restore.............................................................................................................................. 39
Event Logs.......................................................................................................................40 Collect SupportSave........................................................................................................41 Network Advisor Supportsave................................................................................................................ 41 Supportsave Manual Collection.............................................................................................................. 42 Supportsave Scheduled Collection........................................................................................................ 43
Event notification..............................................................................................................44 Call Home.............................................................................................................................................. 44 SNMP..................................................................................................................................................... 44
Fabric Watch....................................................................................................................46 Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 2 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide Reasons to Implement Fabric Watch..................................................................................................... 46 Configuring Fabric Watch....................................................................................................................... 46
Bottleneck Credit Tools....................................................................................................52 Enabling bottleneck credit tools.............................................................................................................. 52
Bottleneck Detection........................................................................................................53 Recommendations................................................................................................................................. 53 Suggested Bottleneck Settings.............................................................................................................. 53 FOS 6.3.............................................................................................................................................. 53 FOS 6.4.............................................................................................................................................. 53 FOS 7.0.............................................................................................................................................. 54 Implementation....................................................................................................................................... 54 Enable Bottleneckmon via GUI........................................................................................................... 54 Enable Bottleneckmon via CLI............................................................................................................ 54 How Bottlenecks are reported in Network Advisor.................................................................................55
Port Fencing.....................................................................................................................56 Implementation....................................................................................................................................... 56 Adding thresholds (Violation types):....................................................................................................... 57 Assigning thresholds to ports:................................................................................................................ 57 Unblocking a Port................................................................................................................................... 58 Removing Thresholds............................................................................................................................ 58
Brocade Fabric Vision......................................................................................................60 Monitoring and Alerting Policy Suite (MAPS)..................................................................61 MAPS Licensing Requirements and Software Prerequisites..................................................................61 Differences between Fabric Watch and MAPS configurations...............................................................61 Converting from Fabric Watch to MAPS................................................................................................. 62 Initial MAPS setup.................................................................................................................................. 62 Importing MAPS configuration................................................................................................................ 63 Replicating a policy to other devices...................................................................................................... 66 MAPS and Bottleneck Monitor............................................................................................................... 68 Enable MAPS in Network Advisor.......................................................................................................... 68 Activate MAPS Policy from Network Advisor.......................................................................................... 69 View the Parameters in a Policy............................................................................................................. 70
Network Advisor Dashboards..........................................................................................72 Brocade SAN Health Report............................................................................................73 Instructions For Usage........................................................................................................................... 73
Zoning..............................................................................................................................76 Conclusion.......................................................................................................................93 References.......................................................................................................................94 Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 3 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Document history Document Location The source of the document can be found in the Team Room, located at: Database Name: Server Name: File Name:
TBD TBD IBM Network Advisor Deployment Guide V3.03.doc
Please address any questions to: Revision History Date of this revision: 01/16/2014 Date of next revision: TBD
Revisio n Numbe r 1.0
Revision Date
Summary of Changes
Changes marked
6/11/12
Initial document creation
No
1.2
7/10/12
Revised to meet requirements for standardized deployment
No
1.3
7/25/12
Added SNMP and Performance information
No
1.4
7/29/12
Added Zoning Information
No
1.5
8/1/12
No
1.6
9/14/12
1.7
9/24/12
Edited document for added emphasis to key points, as well as alteration to technical terms, per Art Scrimo Added SAN Health information to Health Check section. Added information to Fault Management and SNMP section. Added Event Logs section. Added Switch Backup and Restore. Removed Linux from Network Advisor server options
1.8
9/25/12
Incorporated Best Practices into guide
No
1.9
10/1/12
Expanded on SAN Health Tool section
No
2.0
10/4/12
Moved Security and Authentication to SAN Design Guide
No
2.1
10/24/12
Added User Account Management section
No
2.2
10/30/12
No
2.3
11/6/12
Removed duplicate switch recovery information. Edited overall content for flow/clarity Added links for navigating document more efficiently
2.4
11/15/12
No
2.5
12/19/12
2.6
1/14/13
Added Reference section. Edited Bottleneck and Port Fencing sections for Network Advisor (vs CLI) Added information for SNMPv3, Call Home, Automatic Trace Dumps Minor edits to wording
2.7
3/15/13
Updated Port Fencing information based on alert severity changing in FOS v7.0.2c (per John Juenemann 20130313 Update
No
1.1
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 4 of 94
No No
No
No No
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide Initiative) 2.8
7/17/13
Added additional detail/instruction for SAN Health usage
No
2.9
01/14/14
No
2.91
01/16/14
3.0
05/28/14
3.1
06/01/14
3.2
06/02/14
Per Jim Olson and Kirby Dahman, changed Fabric Watch F_port Class thresholds to 25 for two alerts “Link Reset” and “State Change” Modified appearance of Fabric Watch alerts table for better clarity/detail (no FW values changed) Added a new section for Flow Vision – MAPS. Pages 50 – 54 (Updated as per Jim Olson's directive to include Fabric Vision) Added section for Fabric Vision introduction. Added table for MAPS Threshold Values Corrected MAPS implementation section for more clarity.
3.3
06/03/14
No
3.4
06/03/14
3.5
06/05/14
3.6
06/17/14
3.7
07/14/20 14 08/15/20 14
Added Moderate Policy also for the MAPS Threshold values. Corrected FOS version requirement for MAPS. Added section for “Replicating Policies to Other devices” as per Tron's request. Corrected the Threshold policies. Added configuration screenshots for INA Provided more clarity on MAPS advantages, and features over Fabric Watch Included updates provided by David Lutz on the Fabric Watch.
3.8
3.10
11/10/20 14
Restructured document and created new section for recommendations. MAPS section revised to show recommended MAPS implementation, Fabric Vision section update to provide better clarity. Section added to for collection supportsave files from Network Advisor, and updated the SAN regular tasks. Added link to server configuration section for more detail
No No No No
No No Yes Yes Yes
Yes
Approvals This document requires following approvals: Name
Title
Jim Olson
Distinguished Engineer
Distribution This document has been distributed to: Name Jim Olson Ann Corrao
Title Distinguished Engineer Distinguished Engineer
John Juenemann
Senior Technical Staff Member (STSM)
Karen Haberli
Program Manager
Eric Block
Storage Architect
Sudharsan S Vangal
Storage Administrator
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 5 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 6 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Introduction The purpose of this document is to present a set of guidelines that incorporate IBM best practices for deploying IBM Network Advisor (a.k.a. Brocade Network Advisor). This guide should act as a reference point in establishing consistent, standard deployments across IBM environments. The best practices noted in this guide present some the more advanced features of Brocade Fabric OS (FOS) for example, Fabric Watch, Bottleneck Detection, and Port Fencing. Additional best practices are provided for hardware selection, zoning, and performing scheduled health-related checks and tasks in the SAN. The guidance found in this document should provide you with an efficient, economic, and effective process by which to deploy and begin managing IBM Network Advisor.
NOTE: All deployments should be done using the Enterprise version of IBM Network Advisor.
When to use Network Advisor All SAN Fabric installations using Brocade technology should deploy IBM Network Advisor If you are currently managing your Brocade SAN with DCFM, you should upgrade to Network Advisor per the following:
All 16Gb installations (or prior to upgrading to 16Gb)
Prior to upgrading any Brocade FOS product to level 7.x or above
NOTE: DCFM is not qualified or supported for management of switches operating with FOS v7.0 and later firmware versions. You must first upgrade DCFM to Network Advisor 11.1 or later if you are planning to upgrade devices to FOS v7.0 or you risk losing management connectivity.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 7 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Best Practices Recommendations The following recommendations are based on best practice recommendations from Brocade and IBM technical support groups.
Install and use Network Advisor to manage all switches. See Network Advisor Setup Switch configuration backup. See Backup and Restore Configuration Data Enable Bottleneck Credit Recovery Tools. See Bottleneck Credit Tools Configure Call Home and SNMP or email event notification. See Event notification Switches running FOS 7.2 or higher setup MAPS. See Monitoring and Alerting Policy Suite (MAPS) Switches running FOS 7.1 or lower setup Fabric Watch. See Fabric Watch Configure and enable Bottleneck Detection. See Bottleneck Detection Configure Network Advisor Dashboards. See Network Advisor Dashboards Implement and follow regular SAN health tasks. See Regular Tasks for SAN Health
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 8 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Regular Tasks for SAN Health NOTE: The below should be considered mandatory tasks to be performed in any Brocade SAN environment. Consistent execution of these tasks will help to ensure your fabrics are operating optimally, and that you have adequate backup data available for unexpected impacts to the SAN. Additionally, performing these tasks will provide you with information which can be extremely useful in recognizing trends and also targeting sources of problems in assisting with the troubleshooting process.
Daily Review of Event Logs The Master Log should be reviewed daily by the operations team as part of the health check process. Network Advisor’s Master Log lists all events and alerts that have occurred in the SAN and you should make it a habit of reviewing this log on a daily basis.
View specific logs by selecting an option from the Monitor menu’s Logs submenu. The following logs can be found here: Audit Log, Product Event Log, Fabric Log, FICON Log, Product Status Log, Security Log, Syslog Log. Fabric Watch, MAPS, Bottleneck Detection, and Port Fencing alerts will process like other alerts in the environment. They can be found in the IBM Network Advisor Master Log.
Weekly Backup Switches
Collect a set of configuration files in case they are required to restore the switch configuration. See Switch Backup and Restore section for how to do this
Collect Supportsaves
Collect a complete set of supportsave files from all switches before clearing the switch counters. This will provide a set of switch logs from before the counters were cleared in case they are required for PD. Provides a set of switch logs which can be used a baseline. See Supportsave Scheduled Collection.
Clear Switch Counters
Counters that are never cleared are hard to troubleshoot, and you have no frame of reference for when the error counters on ports actually increased. For this reason the Brocade best practice is to clear the counters on a known schedule, so that error counters seen are known to represent recent issues.
NOTE: Any time new devices are added to the SAN or cabling changes are made, it is common for ports to detect error. These errors should be cleared any time fabric changes are made. Action
Automate a counter clear on all switches that runs on Sunday evening (suggest 6PM local time). You want this to happen after all the normally scheduled weekend changes should be complete and prior to production Sunday night / Monday morning workloads beginning to hit the production system.
Commands to be run: Statsclear Slotstatsclear
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 9 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Monthly Review switch logs for marginal links or other potential switch issues. The following metrics are some of the key metrics when reviewing supportsave files. PORTERRSHOW c3timeout / disc c3
Frame discards are caused because frames are sitting in the frame buffers too long indicating that there are issues sending the frames.
Tx discards are frames that cannot be sent to the attached device, check for link issues then check the attached device
Note: On older switch code levels a portstatsshow for any port with C3 discards may be required to determine if the discards are tx vs rx
rx discards are frames that cannot be sent to the next hop in the switch. Check to see if other ports on the switch have tx discards. Check using framelog command to determine destination for rx frame discards.
crc_err
This counter is incremented when a frame with bad crc passes through the port.
Need to determine where the source of the crc error occurred by check other ports and another switches for crc g_eof errors.
crc g_eof
This counter is incremented when a frame is detected was a crc error. This is the first port to detect the crc error.
Typically caused by an optical issue often cables. Check cables, possible replace or swap the cables. Replace optics (HBA, SFP) on the attached device.
too shrt too long bad eof
Indication of frame errors.
Typically caused by an optical issue often cables. Check cables, possible replace or swap the cables.
loss sync loss sign
Loss of sync and loss of signal typically occur when the optical link cycles usually at the attached device.
Typically no actions are required unless counts are extremely high or occur during unexpected times.
SFPSHOW The primary metric is Rx power which shows the amount of light the SFP is receiving. Typically SFPs transmit around -2 to -3db (630 to 400uwatt) so for short distance cables receive power levels should be similar. Longer cables lengths will result in lower receive light levels and is not consider an issue. In general receive levels should not drop below -10db (100uwatt) unless it’s an extremely long cable run. In general you should compare light levels to other cable runs of similar length and if you have noticeably lower levels compare to the other cables would indicate a cabling issue. ERRDUMP The errdump log should be reviewed for messages that indicate issues which can vary from CDR-xxxx and C2-xxxx, C3-xxxx messages indicating credit loss, to issues show excessive network login attempts to switch hardware issues. FABRICLOG Check the fabric log for signs of ports doing repeated Link Resets, ports going offline/online or repeated fabric rebuilds. Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 10 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Quarterly Run Brocade SAN Health Report, see Brocade SAN Health Report
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 11 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Network Advisor Server Sizing and Configuration IBM Network Advisor Sizing Requirements Small
Medium
Large
Number of Fabrics
8
16
24
Number of Domains
20
60
120
Number of Switch Ports
2000
5000
9000
Number of Device Ports
5000
10000
20000
20
30
40
Dual Core 2GHz
Quad Core 2GHz
Quad Core 2GHz
Server Memory
6GB
8GB
12GB
Server Disk (OS)
60GB
80GB
100GB
Server Disk (App/DB)
100GB
100GB
100GB
Server Disk (Backup)
100GB
100GB
100GB
Windows 2008 R2 64-bit
Windows 2008 R2 64-bit
Windows 2008 R2 64-bit
Number of Access Gateways Server CPU
Server Operating System
If further information is needed associated to server sizing and configuration, please see here
http://www.brocade.com/downloads/documents/product_manuals/NetworkAdvisor/Net workAdvisor_InstallGd_v1230.pdf Additional Requirements We want to do everything we can to eliminate issues in the SAN from impacting our management interface. Should the SAN experience an unexpected degradation or failure, we need to ensure our ability to access Network Advisor is unaffected. This ability could be severely compromised or lost if our main tools (OS, application) reside on the SAN. Therefore, the following points must be followed in performing a best practice installation of IBM Network Advisor server:
Dedicated / Stand-alone server
NOTE: A Virtualized server may be used, however it must follow same requirements as a dedicated/stand-alone server
The server must be dedicated for Network Advisor No other applications installed/running
The server OS must not boot from SAN Install OS on local disk (internal to server)
Network Advisor must not be installed on SAN Install Network Advisor Server/DB on local disk (internal to server)
Server should be partitioned for three drives: one for the OS, one for the Application, and one for Backup Data Backup Data needs to be on physically separate drive
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 12 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide Browser Requirements
Firefox under Windows Oracle JRE 1.6.0 update 24 for Network Advisor and Web Tools
Server and Client Ports The Management application has two parts: the Server and the Client. The Server is installed on one machine and stores device-related information; it does not have a user interface. To view information through a user interface, you must log in to the Server through a Client. The Server and Clients may reside on the same machine, or on separate machines. In some cases, a network may utilize virtual private network (VPN) or firewall technology, which can prohibit communication between Switches and the Servers or Clients. In other words, a Server or Client can find a Switch which appears to log in, but is immediately logged out because the Switch cannot reach the Server or Client. To resolve this issue, check to determine if the ports in the table below need to be opened up in the firewall.
Port Number
Ports
Transport
Description
Communication Path
Open in Firewall
201
FTP Port (Control)
TCP
FTP Control port for internal FTP server
Client-Server Switch-Server
Yes
211, 2
FTP Port (Data)
TCP
FTP Data port for internal FTP server
Client-Server Switch-Server
Yes
221
SSH or Secure Telnet
TCP
Sectelnet port from server to switch/client to switch
Server-Switch Client-Switch
Yes
231
Telnet
TCP
Telnet port from server/client to switch
Server-Switch Client-Switch
Yes
25
SMTP Server Port
TCP
SMTP Server port for Email communication
Server-SMTP Server
Yes
49
TACACS+ Authentication port
TCP
TACACS+ server port for authentication if TACACS+ is chosen as an external authentication
ServerTACACS+ Server
Yes
80
Jboss.web.http.port
TCP
Non-SSL HTTP/1.1 connector port
Client-Server
Yes
3, 4
Switch http
TCP
Switch non-SSL http port for http and CAL communication
Server-Switch Client-Switch
Yes
1611
SNMP Port
UDP
Default SNMP Port
Server-Switch
Yes
Snmp.trap.port
UDP
Default SNMP Trap Port
Switch-Server
Yes
389
LDAP Authentication Server Port
TCP
LDAP server port for authentication if LDAP is chosen as an external authentication
Server-LDAP Server
Yes
4433, 4, 5
Switch https
TCP
Switch SSL http port for https and CAL communication
Server-Switch Client-Switch
Yes
5146
Syslog Port
UDP
Default Syslog Port
Switch-Server
Yes
636
LDAP Authentication SSL Port
UDP
LDAP server port for authentication if LDAP is chosen as an external authentication and SSL is enabled
Server-LDAP Server
Yes
10241, 7
MPI
TCP
MPI Trap recipient port
Switch-Server
Yes
1812
RADIUS Authentication Server Port
TCP
RADIUS server port for authentication if RADIUS is chosen as an external authentication
Server-RADIUS Server
Yes
20481, 9
MPI
TCP
MPI discovery NMRU port
Server-Switch
Yes
80
162
3
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 13 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide 2049
1, 5,
MPI
TCP
MPI discovery NMRU port for SSL
Server-Switch
Yes
26388
Database port (Enforced during install)
TCP
Port used by database
Server-Database Remote-ODBCDatabase
Yes
Port Number
Ports
Transport
Description
Communication Path
Open in Firewall
44301, 5, 7
MPI
TCP
XML-RCP port for SSL
Server-Switch
Yes
5988
SMI Agent port
TCP
SMI Agent port
SMI AgentServer-Client
Yes
5988
SMI Agent port with SSL enabled
TCP
SMI Agent port with SSL enabled
SMI Agent Server-Client
Yes
80801, 7
MPI
TCP
XML-RCP port/HTTP port
Server-Switch
Yes
Jboss.naming.jnp.port-port 0
TCP
Bootstrap JNP service port
Client-Server
Yes
Jboss.connector.ejb3.port-port 1
TCP
EJB3 connector port
Client-Server
Yes
Jboss.connector.bisocket.portport 2
TCP
Bisocket connector port
Client-Server
Yes
24603
Jboss.connector.bisocket.secon dary.port-port 3
TCP
Bisocket connector secondary port
Client-Server
Yes
246045
Jboss.connector.sslbisocket.por t-port 4
TCP
SSL Bisocket connector port
Client-Server
Yes
246055
Jboss.connector.sslbisocket.sec ondary.port-port 5
TCP
SSL Bisocket connector secondary port
Client-Server
Yes
24606
Smp.registry.port-port 6
TCP
RMI registry port
Client-Server
Yes
24607
Smp.server.export.port-port 7
TCP
RMI export port
Client-Server
Yes
24608
Smp.server.cliProxyListeningpor t-port 8
TCP
CLI proxy telnet port
Client-Server
Yes
Jboss.naming.rmi.port-port 9
TCP
RMI naming service port
Client-Server
Yes
24610
Jboss.jrmp.invoker.port-port 10
TCP
RMI/JRMP invoker port
Client-Server
Yes
24611
Jboss.pooled.invoker.port-port 11
TCP
Pooled invoker port
Client-Server
Yes
24612
Jboss.connector.socket.portport 12
TCP
Socket invoker port
Server
No
24613
Jboss.web.ajp.port-port 13
TCP
AJP 1.3 connector port
Server
No
24614
Jboss.web.service.port-port 14
TCP
Web service port
Server
No
24615
Connector.bind.port-port 15
TCP
Port to listen for requests
Server
No
3276865535
Ephemeral ports
UDP
Ephemeral transport protocol ports
Switch-Server
Yes
5555510
Client Export Port
TCP
Client port to which server pushes the M-EOS device Element Manager updates
Server-Client
Yes
55556
Launch in Context (LIC) client hand shaking port
TCP
Client port used to check if a Management application client opened using LIC is running on the same host. NOTE: If this port is in use, the application uses the next available port
Client
No
7, 9
10
24600
24601 24602
24609
Notes to port superscripts: Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 14 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide 1 Port is not configurable (either in the switch or the Management server). 2 Every FTP session requires an additional port which is randomly picked. If the firewall is enabled then FTP operation (used for firmware download, technical support, firmware import (from client-server) and so on.) will fail. 3 Ports configurable in the switch and the Management server. Port must be the same for all switches managed by the Management server. 4 Ports used to launch the Web Tools application for Fabric OS switches from the Management client. This is applicable only when the Fabric OS version is earlier than 6.1.1. 5 Port used for SSL communication. If SSL is enabled, you must open 443*, 24604, and 24605 in the firewall. If SSL is not enabled, port 80* must be open in the firewall and 443*, 24604, and 24605 can be closed. An asterisk (*) denotes the default web server port number. If you set the web server port number to a port other than the default, you must open that port in the firewall. 6 The Syslog listening port is configurable in the Management server. The switch always sends syslog messages to port 514. If you have any other syslog daemon on the Management server machine already listening to 514, then the Management Server can be configured to listen to a different port. You must manually configure relay in existing syslogd to forward the syslog messages to the Management Server listening on the configured port. 7 Ports used for communicating with M-EOSn (M-i10K) directors. M-i10K always uses NMRU over SSL (2049). M-i10K always uses 8080 for http requests (firmware download, configuration backup/ restore, data collection). If M-EOSn firmware version is less than 9.1 the Management application uses 8080 for XMLRPC requests (discovery and asset collection). If the M-EOSn firmware version is more than 9.1 then it always uses SSL port (4430) for XML-RPC. 8 Port must be opened in firewall for the server when the remote ODBC client needs to talk to the Management database server (Only for EE). The same port is used by the Management server to database server (local). This is not used by the Management client. 9 Ports used for communicating with M-EOS (excluding M-i10K) switches (only required when the Management server manages M-EOS switches). 10 Port should be opened in firewall in the Management client to allow communication between server and client (only applicable for M-EOS switches). If this port is not opened in the firewall, then the M-EOS element manager does not receive updates. Also if multiple clients are opened, it will try to use the next available port (55556). So if there are n clients opened in the same machine then you must open 55555 (configurable) to 55555 + n ports in the firewall. 11 The Management server tries to find a contiguous block of 16 ports from the starting port configured (for example, 24600); if any port in this range is not available for the Management application, then you must provide a new starting port. Note that Port 1 to Port 15 in “Ports” column of the table above are not separately configurable and those ports vary based on the starting port number configuration (specified as Port 0 in the above table). The port numbers mentioned in the table above are the default ports (for example, when 24600 is selected as the starting port number).
Downloading IBM Network Advisor The following link may be used to access IBM Network Advisor software: http://www-03.ibm.com/systems/networking/switches/san/b-type/na/index.html
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 15 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide 1. Under “Learn more” select “IBM Network Advisor Trial web page”
2. This will redirect you to the ibm.brocadeassist.com site
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 16 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide 3. In the Product Downloads window, expand Brocade Network Advisor 11.1.x and select the current recommended version to download
Installing IBM Network Advisor The following provides screenshot-by-screenshot guidance for an installation of the IBM Network Advisor (Enterprise edition).
Once you’ve downloaded the application, select the executable file and click install, this will bring up the Introduction screen...
Accept License...
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 17 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Select Install Folder (Do Not install to the root directory, usually C:\)...
Note Pre-Install Summary and select Install...
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 18 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Once installation is complete, click Done to complete the Network Advisor configuration...
IBM Network Advisor Configuration Welcome screen...
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 19 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
We are performing a new install, so will select No as we are not migrating any data or settings...
Select SAN with SMI Agent…
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 20 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
You will need to have a Serial Number and License Key available at this point if you plan to perform a “permanent” install (these should have been provided when you purchased IBM Network Advisor). Otherwise, you can opt for a 75-day trial...
Enter required Serial and License Key...
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 21 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
As part of the Standard Deployment, we will select Internal FTP Server...
Add required information...
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 22 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Most configurations will maintain the below defaults...
Most configurations will keep default. However, these settings can be changed later via the Server Management Console (in the Services tab) noted below.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 23 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Select the network size based on the scaling you used to size your server...
Verify your configuration...
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 24 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
At this point installation/configuration is complete and you are ready to start the client...
Server and Client startup...
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 25 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Following initial login below, you will need to change the Administrator Password from the default. Once you have logged in you can perform this from Server > Users
Launching the Remote Client To launch a remote client, complete the following steps: 1. Open a web browser and enter the IP address of the Management application server in the Address bar. The Management application web start screen displays. Document: Title:
The web server port number default is 80. However, if SSL is enabled, this will be 443. You must enter the web server port number in addition to the IP address (e.g. IP_Address:Port_Number) Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 26 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide 2. Click the Management application web start link. The Log In dialog box displays. 3. Enter your user name and password. The defaults are Administrator and password, respectively. If you migrated from a previous release, your username and password do not change. 4. Select or clear the Save password check box to choose whether you want the application to remember your password the next time you login. 5. Click Login. 6. Click OK on the Login Banner dialog box. The Management application displays.
User Account Management Centralized authentication is IBM best practice in managing user accounts. Regardless of which method of authentication you use (Radius, TACACS+, LDAP, local) you will need to work with your security team to ensure you are meeting the account and IBM requirements. ITCS104 The ITCS104 Technical Security Standards for SAN Switches may be found here. User Management IBM Network Advisor provides a thorough role-based access control (RBAC) feature to define detailed roles and privileges for SAN administrators per the below.
Provides current authentication and authorization configuration details Consolidated list of user profiles, roles, and areas of responsibility (AOR) Provisions to add, modify, duplicate a user profile, role, and AORs Account State column shows active or lock out reasons Access restricted to user assigned with “User Management” privilege with Read-Only/Read-Write permission. No limit for number users added to Brocade Network Advisor. Number of users is dependent on the data base storage limit. Local authentication (local password database), Windows domain login, LDAP, RADIUS, and TACACS+ are supported. Automatic failover to a secondary authentication method can be configured, in case a remote primary authentication method becomes unavailable. Privileges: Provide access to the features in Management application. Role: Group of selected privileges. A role can be assigned to one or more Management application users who need access to the same menu options. AOR (Areas of Responsibility): Used to define device access permission to a user. AORs have the ability to group fabrics, hosts, and other products. AORs can be modified, deleted, or duplicated.
Default and User-defined Accounts In addition to the default accounts—root, factory, admin, and user—Fabric OS supports up to 252 additional userdefined accounts in each logical switch (domain). These accounts expand your ability to track account access and Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 27 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide audit administrative activities. See the Fabric OS Administrator’s Guide below for in-depth detail on setting up these accounts. NOTE: The default user accounts (root, factory, admin, and user) need to be properly secured. Change the default passwords for root and factory and keep these separate and secure. The root and factory accounts provide a level of access beyond the admin account.
Work with your security team in securing and managing the Root and Factory accounts Work with your security team to define non-default Admin and User accounts with the same access for your users Disable the default Admin and User accounts
AAA (Authentication, Authorization, and Accounting) Settings The Authentication function enables you to configure an authentication server and establish authentication policies. Authentication is configured to the local database by default. If you configure primary authentication to a Radius server, a TACACS+ server, an LDAP server, or switch authentication, you can also configure secondary authentication to the local server. When you log in to the Management application, if the primary server is unavailable, the Management application attempts with the next configured primary server. If all primary servers are unavailable, the Management application falls back to the secondary authentication. Fall back can occur when the server is unavailable, authentication fails, or the user is not found. Configuring authentication may be performed through the Network Advisor Server Management Console. See the Server Management Console section of the Network Advisor User Manual for details on setting up Radius, TACACS+, LDAP, etc. authentication methods.
Server Management Console The Server Management Console (Start > Programs > IBM Network Advisor 11.1.x > Server Management Console) may be used to restart services, change port settings, restore data, and upload technical support information. We will go through a few of these in the screenshots that follow...
From the Services tab, you can start, stop, refresh, and restart services on the server.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 28 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
From the Ports tab, you can change the Management application server or web server port numbers.
From the AAA Settings tab, you can configure different authentication methods (LDAP or RADIUS, etc.), and establish authentication policies.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 29 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
From the Restore tab, you can restore server application data. Application: Server > Options > Server Backup. NOTE: The Restore Path is what you set above in the Server Data Backup section (E:\Backup).
From the Technical Support Information tab, you can collect information for technical support.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 30 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
IBM Network Advisor Configuration Screen Should you find that you need to change a configuration to one of the settings in the screen below, you may access via: Start > Programs > IBM Network Advisor 11.1.x > IBM Network Advisor Configuration
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 31 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 32 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Backup and Restore Configuration Data Switch Backup and Restore Saving switch configurations Save switch configuration is only supported on Fabric OS switches. To save switch configuration on more than one switch at a time, you must have the Enhanced Group Management license. Configuration files are uploaded from the selected switches and stored in individual files. Files are named with the convention cfg_fabricName_switchName_domainID.
Select Configure > Configuration > Save. The Save Switch Configurations dialog box displays.
Select the switches for which you want to save configuration files from Available Switches.
Click the right arrow to move the selected switches to Selected Switches.
Click OK. Configuration files from the selected switches are saved to the repository.
Restoring a switch configuration for a selected device Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 33 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide The Restore Switch Configuration dialog box enables you to download a previously saved switch configuration to a selected device. Stored configurations are linked to the switch WWN; therefore, if the IP address or switch name is changed and then rediscovered, the Switch Configuration Repository dialog box displays the new switch name and IP address for the old configuration. If you delete a fabric or switch from discovery, the configuration remains in the repository until you delete it manually. 1. Right-click a device in the Product List or the Connectivity Map, and select Configuration > Configuration Repository. The Switch Configuration Repository dialog box displays.
2. Select the configuration you want to restore, and click Restore. The configuration is downloaded to the device. If necessary, the restoration process prompts you to disable and reboot the device before the configuration begins. This lets you determine whether the configuration backup should be performed immediately or at a later time. If you confirm the restoration, the entire configuration is restored; you cannot perform selective download for specific configuration sections.
Scheduling Switch Backups The Enhanced Group Management (EGM) license must be activated on a switch to perform this procedure and to use the supportSave module. If a periodic backup is scheduled at the SAN level, that backup will apply to all switches from all discovered fabrics. Any new fabrics being discovered are automatically added to the list of fabrics to be backed up. If a backup is scheduled for more than one fabric and some of the fabrics contain common members, the backup will include the unique switch configuration values obtained from the fabrics. You can schedule a backup of one or more switch configurations. The configuration files are stored in the Management application database. Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 34 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide 1. Right-click a device in the Product List or the Connectivity Map, and select Configure > Configuration > Schedule Backup. The Schedule Backup of Switch Configurations dialog box displays.
2. Click the Enable scheduled backup check box. 3. Set the Schedule parameters: The desired Frequency for backup operations (select weekly) Choose a day of the week when utilization is low (e.g. Sunday) The Time (hour, minute) you want back up to run. The maximum age allowed before you Purge Backups. The number of purge days should be at least one day more than the selected backup frequency. The backup purge thread runs every day at 12:30 PM and deletes all back up configurations that exceed the maximum age allowed. 4. Choose one of the following options to determine the scope of the backup.
Select the Backup all fabrics check box, to back up all switch configurations of discovered switches in all fabrics Clear the Backup all fabrics check box and select the specific fabric check boxes in the Selected Fabrics table to back up individual fabrics.
If any switches do not have the EGM license, a messages displays. Click OK to enable backup on the switches with the EGM license. 5. Click OK.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 35 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Server Data Backup and Restore Network Advisor helps you protect your data by backing it up automatically. The data can then be restored as necessary. What is backed up? If we set our backup for the D:\ drive (or whatever the backup drive is) the following files/data will reside in D:\Backup, as follows:
Backup\databases — contains database and log files. Backup\data — contains M-EOS switches Element Manager data files (including Dump files, Data collection progress files, Director/Switch firmware files FAF files, Switch technical SupportSave, and Switch backup files) and Fabric OS miscellaneous files. Backup\conf – contains the Management application configuration files. Backup\cimom – contains the SMIA configuration files.
Configuring backup to a hard drive NOTE: This requires a hard drive. The drive should not be the same physical drive on which the Operating System or the Management application is installed. To configure the backup function to a hard drive, complete the following steps (screenshot below for reference).
Select Server > Options. The Options dialog box displays.
Select Server Backup in the Category list. The currently defined directory displays in the Backup Output Directory field.
Select the Enable Backup check box, if necessary.
Choose the following option:
Select the Include FTP Root directory check box. In selecting the FTP Root directory, the FTP Root sub-directories, Technical Support and Trace Dump, are selected automatically and you cannot clear the sub-directory selections.
Enter the time (using a 24-hour clock) you want the backup process to begin in the Next Backup Start Time Hours and Minutes fields.
Select an interval from the Backup Interval drop-down list to set how often backup occurs.
Browse to the hard drive and directory to which you want to back up your data (this should be a separate physical drive).
Click Apply or OK. The application verifies that the backup device exists and that the server can write to it. If the device does not exist or is not writable, an error message displays that states you have entered an invalid device. Click OK to go back to the Options dialog box and fix the error. Backup occurs, if needed, at the interval you specified.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 36 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Enabling backup Backup is enabled by default. However, if it has been disabled, complete the following steps to enable the function.
Select Server > Options. The Options dialog box displays.
Select Server Backup in the Category list.
Select the Enable Backup check box.
Click Apply or OK.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 37 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Viewing the backup status The Management application enables you to view the backup status at a glance by providing a backup status icon on the Status Bar. The following table illustrates and describes the icons that indicate the current status of the backup function.
Server Data Restore This can be performed via the Restore tab in the Server Management Console section (below).
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 38 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Event Logs You can view all events that take place through the Master Log at the bottom of the main window. You can also view a specific log by selecting an option from: Monitor > Logs (submenu). These logs are described in the following list:
Audit Log. Displays all ‘Application Events’ raised by the application modules and all Audit Syslog messages from the switches and Brocade HBAs. Product Event Log. Displays all ‘Product Event’ type events from all discovered switches and Brocade HBAs. Fabric Log. (SAN only) Displays ‘Product Events’, ‘Device Status’, and ‘Product Audit’ type events for all discovered fabrics. FICON Log. Displays all the ‘RLIR’ and ‘LRIR’ type events, for example, ‘link incident’ type events. Product Status Log. (SAN only) Displays events which indicate a change in Switch Status for all discovered switches and Brocade HBAs. Security Log. Displays all security events for the discovered switches. Syslog Log. Displays syslog messages from switches and HBAs.
Master Log The Master Log, which displays in the lower left area of the main window, lists the events and alerts that have occurred on the SAN. If you do not see the Master Log, select View > Show Panels > All Panels or press F5. The following fields and columns are included in the Master Log: Severity. The severity of the event. When the same event (Warning or Error) occurs repeatedly, the Management application automatically eliminates the additional occurrences. Acknowledged. Whether the event is acknowledged or not. Select the check box to acknowledge the event. Source Name. The product on which the event occurred. Source Address. The IP address (IPv4 or IPv6 format) of the product on which the event occurred. Origin. The event source type (for example trap, pseudo-event, application, or syslog). Category. The type of event that occurred (for example, client/server communication events). Description. A description of the event. Last Event Server Time. The time and date the event last occurred on the server. Count. The number of times the event occurred. Module Name. The name of the module on which the event occurred. Message ID. The message ID of the event. Product Address. The IP address of the product on which the event originated. Contributor. The name of the contributor on which the event occurred. Node WWN. The world-wide name of the node on which the event occurred. Fabric Name. The name of the fabric on which the event occurred. Operational Status. The operational status (such as, unknown, healthy, marginal, or down) of the product on which the event occurred. First Event Product Time. The time and date the event first occurred on the product. Last Event Product Time. The time and date the event last occurred on the product. First Event Server Time. The time and date the event first occurred on the server. Audit. The audit of the event. Virtual Fabric ID. The VFID of the product on which the event occurred. Zone Alias. Displays the zone alias of the product or port.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 39 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Collect SupportSave To collect switch and Network Advisor supportsave’s select the Monitor -> Technical Support
Network Advisor Supportsave To collect a Network Advisor supportsave select Monitor->Technical Support->Supportsave
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 40 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Supportsave Manual Collection To collect a switch supportsave select Monitor->Technical Support->Product / Host Supportsave, and select the Generate Now tab. From the panel on the left select the switches, or fabric which you want to collect supportsave files from and press the right arrow which will display the selected machine in the left hand panel. Once all the required switches are listed in the left panel press the OK push button to start the supportsave collection process.
A dialog box indicating the supportsave has started will be displayed.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 41 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide Messages in the Master log will also indicate the start and completion of the support save.
Supportsave Scheduled Collection To collect a switch supportsave select Monitor->Technical Support->Product / Host Supportsave, and select the Generate Now tab. . From the panel on the left set the frequency to collect the supportsave files (weekly recommended) and the day of the week and time to collect the files (Sun evening is recommended). Select the switches, or fabric which you want to collect supportsave files from and press the right arrow which will display the selected machine in the left hand panel. Once all the required switches are listed in the left panel press the OK push button to start the supportsave collection process.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 42 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Event notification Call Home Network Advisor supports call home to IBM Support. This will allow automatic creation of a problem record with IBM in response to significant error events on devices you are managing in your SAN. Additional information can be found at the following links:
Brocade Network Advisor User Manual
This is a direct link to the Brocade User Manual Call Home section and provides in-depth instruction on how to configure
IBM Network Advisor Call Home Setup
This link provides IBM-specific email addresses and phone numbers to use when configuring Call Home. You may need to consult with your security team to ensure your security model allows call home via email and/or phone
SNMP As accounts may not have identical infrastructures, SNMP traps should be configured to be sent to the event capture and reporting tool deployed for each account. You will need to work with your “SNMP Trap Collector” (i.e. Netview, NetCool, etc.) administrator to ensure all alerts noted in the below sections are defined properly and are being received. NOTE: Recommendation is to configure SNMP v3. If your capture tool does not support this, use SNMP v1 (If you need to use SNMP v1, do not use the default Trap enablement tasks Configuring individual SNMP traps this must be done on a per switch basis within the Web Tools interface. Enable SNMP per the following on each of your Brocade products (switches, directors, etc.). 1. From Web Tools, click on Switch Admin > Show Advanced Mode
2. This will bring you to the following screen, select SNMP here Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 43 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
3. At the SNMPv3 Inform/Trap Recipient: Select a User Name
Provide an IP address for the Recipient IP Set Trap Level to “3-Warning” level
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 44 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Fabric Watch Fabric Watch tracks a variety of SAN fabric elements and events. Monitoring fabric-wide events, ports, and, environmental parameters to enable early fault detection via SNMP.
Reasons to Implement Fabric Watch IBM in general has not been manually monitoring for error conditions within our SAN environments to date and this has led to multiple customer impacts that could have been easily avoided.
Fabric Watch can be enabled and thresholds set to alert on these events for code level 6.3 and above.
Fabric Watch specific alerts to be enabled are documented below.
Fabric Watch should have been purchased with the switch (it is a FOS feature, and is included automatically with all Brocade SAN switches purchased from IBM).
When configuring Fabric Watch, the Fabric/Port Class and Alert Type/Threshold settings below should be followed:
SFP State Change
High Boundary 0
Minutes
raslog
E_Ports Down Fabric Reconfigure Domain ID Changes Segmentation Zone Changes Fabric Logins State Change Protocol Error Link Reset Invalid Tx Words (enc_out) Invalid CRCs C3 Discards Rx Performance Tx Performance State Change Protocol Error Link Reset Invalid Tx Words (enc_out) Invalid CRCs C3 Discards Rx Performance Tx Performance
0 0 0 0 10 10 10 5 2 25 5 5 75% 75% 25 5 25 25 5 5 90% 90%
Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes Minutes
raslog,snmp raslog,snmp raslog raslog,snmp raslog raslog raslog,snmp raslog raslog,snmp raslog raslog,snmp raslog,snmp raslog raslog raslog raslog raslog,snmp raslog raslog,snmp raslog,snmp raslog raslog
Class
Area
Alert Type
SFP
ST ED FC DC SC ZC FL ST PE LR ITW CRC C3TX_TO RX TX ST PE LR ITW CRC C3TX_TO RX TX
Fabric
E_Port
FOP_Port (Fibre Optical Port)
Time
Alert
Configuring Fabric Watch 1. Login to Web Tools and open the Fabric Watch GUI:
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 45 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
2. Select the appropriate Class (F/FL Optical Port, E-Port, or Fabric) from the left screen pane:
3. From the Threshold Configuration tab at top, select Trait Configuration 4. Enter Time Base and High Boundary (from the settings noted above in this document) 5. Select Custom Defined and Apply
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 46 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide The example below will configure E_Ports to alert on CRC Errors which exceed 5 within 1 minute:
6. Select the Alarm Configuration tab 7. Select Above for ERROR_LOG, SNMP_TRAP (and EMAIL_ALERT if applicable). If email alerting is used you will need to provide an address via the Email Configuration tab (top right of screen in above example).
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 47 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide 8. Select Custom Defined and Apply (this needs to be done for each alert) 9. Once parameters for all alerts have been set, the same configuration may be replicated to other switches From the interface: Configure > Configuration -> Replicate -> Configuration
Configuration Type > Partial FC > Fabric Watch:
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 48 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide Select Configuration from the Switch:
Select the switch for which you just configured all Fabric Class, E_Port, and F_Port Class settings:
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 49 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide Select the other switches in your fabric for which you want to enable Fabric Watch (using same settings):
Following the above screen you will be presented with Validation and Summary screens to complete the distribution of Fabric Watch settings.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 50 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Bottleneck Credit Tools The bottleneck credit tool is used to automatically reset back end ports when loss of credits is detected on the back end ports. This function was introduced in Brocade FOS v7.0.0 and v6.4.2 and was further enhanced with improved credit loss detection in FOS v7.0.1b and v6.4.3
Enabling bottleneck credit tools Use the --cfgcredittools commands to enable or disable credit recovery of back-end ports, and use the --showcredittools parameter to display the configuration. When this feature is enabled, credit is recovered on back-end ports (ports connected to the core blade or core blade back-end ports) when credit loss is detected on these ports. If complete loss of credit on a Condor 2 back-end port causes frame timeouts, an LR is performed on that port regardless of the configured setting, even if that setting is -recover off. When used with the -recover onLrOnly option, the recovery mechanism takes the following escalating actions: When the mechanism detects credit loss, it performs an LR and logs a RASlog message (CX-1014). If the LR fails to recover the port, the port reinitializes. A RASlog message is generated (CX-1015). Note that the port reinitialization does not fault the blade. If the port fails to reinitialize, the port is faulted. A RASlog message (RAS CX-1016) is generated. If a port is faulted, and there are no more online back-end ports in the trunk, the port blade is faulted. A RASlog message (RAS CX-1017) is generated. Enable credit recovery tool with the LROnly option.
bottleneckmon --cfgcredittools -intport –recover onLrOnly
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 51 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Bottleneck Detection As transmission speeds within SAN fabrics continue to increase devices causing latency within the fabric have a larger impact on the overall health of the fabric. Devices causing latency have caused multiple customer impacts within IBM. Bottleneck Detection now provides a way to automatically watch for and alert upon high latency devices. This ability has already proven to shorten environment impact times within IBM operated environments from days to hours.
Recommendations
Field experience shows that the original strategy of enabling Bottleneck Detection with conservative values for latency thresholds almost always yields no results. There was a concern that aggressive values would result in Bottleneck Detection alert storms, but this has not been the case. Even the most aggressive values result in relatively few alerts being generated. As a result, it is now recommended that the most aggressive settings are tried first and then backed off gradually if too many alerts are seen.
Brocade 48000 should have no more than 100 ports monitored due to memory constraints
Congestion Threshold (-cthresh): Is new starting with code level 6.4. This monitors bandwidth utilization, the percentage of time that a link exceeds 95% utilization. The recommendation is to stay with the Brocade default value for this setting (80%). This means that if an individual link exceeds 95% utilization for 80+% of the measurement interval (the –time specification= 30 seconds) an alert will be sent.
Latency Threshold (-lthresh): This is the minimum percent of time when a latency is detected (default is 20% or .2) This is the parameter we will adjust as we fine-tune BD
Window: Specifies the measurement interval for measuring latency
Quiet Time: Specifies how often to send any tripped alerts
Suggested Bottleneck Settings FOS 6.3 Parameter
Conservative Settings
Normal Settings
Aggressive Settings
-time
300
60
5
-qtime
300
60
1
-thresh
0.3
0.2
0.1
Parameter
Conservative Setting
Normal Settings
Aggressive Settings
-time
300
60
5
-qtime
300
60
1
-lthresh
0.3
0.2
0.1
-cthresh
0.8
0.5
0.1
FOS 6.4
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 52 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
FOS 7.0 Parameter
Conservative Setting
Normal Setting
Aggressive Setting
-time
300
60
5
-qtime
300
60
1
-lthresh
0.3
0.2
0.1
-cthresh
0.8
0.5
0.1
-lsubsectimethresh
0.8
0.5
0.5 (no less)
-lsubsecsevthresh
75
50
1
Implementation NOTE: The bottleneck detection feature detects latency bottlenecks only at the point of egress, not ingress
Enable Bottleneckmon via GUI
Select Monitor > Performance > Bottlenecks. The Bottlenecks dialog box displays.
Select Enable if it is not already selected.
Select the Alerts check box to enable alerts.
Use the below for your initial settings (see section below for additional tuning settings): Congestion 50% Latency 20% Window 60 seconds Quiet Time 60 seconds
Select Ports from the Products/Ports list. Select only F_ports.
Click the right arrow to apply the settings in the Bottleneck Detection pane to the selected elements in the Products/Ports list.
Click OK or Apply to save your changes
See next section for tuning your initial settings
Enable Bottleneckmon via CLI FOS 6.4 Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 53 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
bottleneckmon --enable -lthresh 0.2 -cthresh 0.5 -time 60 -qtime 60 –alert
FOS 7.0
bottleneckmon --enable -lthresh 0.2 -cthresh 0.5 -time 60 -qtime 60 -lsubsectimethresh 0.5 -lsubsecsevthresh 50 -alert
How Bottlenecks are reported in Network Advisor Bottlenecks are reported through alerts in the Master Log. A bottleneck cleared alert is sent when the bottleneck is cleared. NOTE: A bottleneck cleared alert is sent if you disable bottleneck detection on a bottlenecked port, even though the port is still bottlenecked. Bottlenecks can be highlighted in the Connectivity Map and Product List. Select Monitor > Performance > View Bottlenecks. If a port is experiencing a bottleneck, a bottleneck icon is displayed in the Connectivity Map for the switch and fabric, and in the Product List for the port, switch, and fabrc. In the figure below, port15 and port22 are bottlenecked.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 54 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Port Fencing Reasons to Implement Port Fencing As transmission speeds within SAN fabrics continue to increase, devices causing latency within the fabric have a larger impact on the overall health of the fabric. The health of the fabric may degrade faster than an alert can be sent, received by the monitoring team, support tickets opened, and the required manual action to protect the fabric be taken. Port Fencing provides a way to have the fabric respond to error-level thresholds by disabling port with high error rates. It sends an alert that this action has been taken so the steady state team can repair the situation and then bring the port back online.
Implementation NOTE: Port Fencing should only be done after the environment has successfully implemented Fabric Watch using the settings recommended in this guide. Healthy SAN fabrics are a prerequisite to implementation of Port Fencing. DO NOT implement Port Fencing unless the following criteria are met:
The environment is running code level 7.0.2c or newer. . In code levels prior to 7.0.2c, the FW-1510 alert sent by the switch to inform administrators that Port Fencing has disabled ports is at an “Informational” severity level. This alert severity has been raised to “Error” in the 7.0.2c release. The monitoring or steady state team has the cycles to monitor “Informational” SNMP alerts from the SAN switches. A mature SNMP monitoring and response process must be in place prior to implementation of Port Fencing. Port Fencing is going to disable ports, a steady state team must receive these alerts and take action to fix the port and bring it back online. Failure to ever take action will result in future Client Impacting Events.
Example: 1 of 2 SAN ports for a server exceeds the Port Fencing threshold and the port is automatically disabled by the SAN switch. The steady state team does not repair the port and bring it back online. A month later the remaining HBA in the server fails, now the server has no connectivity to back-end SAN storage devices. When configuring Port Fencing within FOS v6.4.2a, the Violation Type and Threshold settings below should be followed:
E Port Class Area (note: the Time Base for all Alerts = 1 minute) Violation Type Protocol Error Link Reset Invalid Words (enc out) Invalid CRCs
Threshold 10 10 60 30
F Port Class Area (note: the Time Base for all Alerts = 1 minute) Violation Type Protocol Error Link Reset Invalid Words (enc out) Invalid CRCs Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 55 of 94
Threshold 5 200 40 20 Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide C3 Discards (C3TX_TO)
40
Adding thresholds (Violation types): 1. To access Port Fencing select: Monitor > Fabric Watch > Port Fencing The Port Fencing dialog box displays:
2. Select C3 Discard Frames from Violation Type and click Add 3. In the pop-up window, enter a Name, select Custom, enter Threshold, and Time (per parameters noted above)
Assigning thresholds to ports: To assign an existing threshold to a port type, complete the following steps. Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 56 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide 1. Select Monitor > Fabric Watch > Port Fencing The Port Fencing dialog box displays 2. Select a threshold type from the Violation Type list 3. Select the threshold you want to assign from the Thresholds table
4. Select the Port Type (E Port Class or F Port Class noted above), to which you want to assign the threshold from the Ports table. Do NOT assign a Port Type/Class to an incorrect Violation Type. 5. Click the right arrow A directly assigned icon displays next to the objects you selected in the Ports table to show that the threshold was applied at this level. An added icon
appears next to every object in the tree to which the new threshold is applied.
6. Click OK on the Port Fencing dialog box.
Unblocking a Port Network Advisor allows you to unblock a port (only if it was blocked by Port Fencing) once the problem that triggered the threshold is fixed. When a port is blocked, and Attention icon
displays next to the port node.
To unblock a port, complete the following steps. 1. Select Monitor > Fabric Watch > Port Fencing. The Port Fencing dialog box displays. 2. Right-click anywhere in the Ports table and select Expand. 3. Select a blocked port from the Ports table. 4. Click Unblock. 5. Click OK on the message. If you did not solve the root problem, the threshold will trigger again. 6. Click OK on the Port Fencing dialog box.
Removing Thresholds To remove thresholds from the All Fabrics object, an individual Fabric, Chassis group, Switch, or Switch Port, complete the following steps.
Select Monitor > Fabric Watch > Port Fencing. The Port Fencing dialog box displays.
Select a threshold type from the Violation Type list.
Select the object with the threshold you want to remove in the Ports table.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 57 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Click the left arrow.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 58 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Brocade Fabric Vision Brocade Fabric Vision is a collection of hardware and software functions in FOS 7.2 and Gen 5 Fiber Channel Switches. Fabric Vision consists of the following elements
MAPS – Monitoring and Alerting Policy Suite recommended see Monitoring and Alerting Policy Suite (MAPS) Bottleneck Detection recommended see Bottleneck Detection Credit Loss Detection recommended see Bottleneck Credit Tools Forward Error Correction enabled on Gen 5 hardware switches Brocade ClearLink Diagnostics for installation and diagnostic use Network Advisor Dashboards recommended see Network Advisor Dashboards Flow Vision (includes Flow Monitoring, Flow Mirroring and Flow Generation) for advanced PD only
Some Fabric Vision technology features are supported on Gen 4 b-type platforms; others are available only on Gen 5 Fibre Channel platforms with 16 Gbps performance capability. The chart below shows the various Fabric Vision technology features supported on each generation of products: Feature Latency Bottleneck Detection Forward Error Correction VC-level BB_Credit Recovery ClearLink Diagnostics (D_Port) MAPS Flow Monitoring Flow Mirroring Flow Generator
Document: Title:
Gen 4 Platforms 8 Gbps FC and associated capabilities Yes No No No Yes Yes, with some limitations No No
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 59 of 94
Gen 5 Platforms 16 Gbps FC and associated capabilities Yes Yes Yes Yes Yes Yes Yes Yes
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Monitoring and Alerting Policy Suite (MAPS) The Monitoring and Alerting Policy Suite (MAPS) is a storage area network (SAN) health monitor supported on all switches running Fabric OS 7.2.0 or later. This will replace Fabric Watch as the default health monitor once the FOS is at v7.2.0 or later. MAPS allows you to enable each switch to constantly monitor itself for potential faults and automatically alerts you to problems before they become failures. It is recommend setting up MAPs and not migrating the Fabric Watch settings, unless Fabric Watch was setup for a specific reason. See Initial MAPS setup
MAPS Licensing Requirements and Software Prerequisites Switches with Fabric Watch and Advanced Performance Monitor licenses automatically get the Fabric Vision license features by upgrading to FOS v7.2 Switches with only Fabric Watch or Advanced Performance Monitor can upgrade to Fabric Vision by purchasing other license (either Fabric Watch or Advanced Performance Monitor license). MAPS Software Prerequisites: FOS Version: v7.2.0d IBM Network Advisor: 12.13 or higher. NOTE: MAPS is the follow-on product to Fabric Watch, and while both require a license Fabric Watch customers can upgrade to MAPS without additional cost. If the switch currently has Fabric Watch setup and properly monitoring the fabric those Fabric Watch settings can be migrated to MAPS rules.
Differences between Fabric Watch and MAPS configurations Configuration End-to-End monitoring
Fabric Watch behavior
MAPS behavior
Supported
Supported through flows.
Supported
Supported through flows.
Occurs at the individual physical port
Occurs at the trunk or port level as applicable.
(Performance Monitor class) Frame monitoring (Performance Monitor class) RX, TX monitoring
level. Pause/Continue behavior
Occurs at the element or counter level. Occurs at the element level. Monitoring For example, monitoring can be paused can be paused on a specific port, but not for CRC on one port and for ITW on for a specific counter on that port. another port.
CPU/Memory polling interval
Can configure the polling interval as well This configuration can be migrated from Fabric Watch, but cannot be changed. as the repeat count.
E-mail notification
Different e-mail addresses can be configured for different classes.
Configuration
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 60 of 94
E-mail configuration supported globally.
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide Temperature sensor
Can monitor temperature values.
Monitoring
Can monitor only the states of the sensors (In_Range or Out_of_range).
Converting from Fabric Watch to MAPS 1. Backup the switch configuration using configupload 2. Use the maspconfig –fwconvert to convert Fabric Watch rules to MAPS.If Fabric Watch is currently in use this needs to be done before enabling MAPS, to preserve the Fabric Watch thresholds. Three new maps policies are create fw_active_policy based on the Fabric Watch settings currently active, fw_defaut_policy based on the Fabric Watch default settings and fw_custom_policy based on any Fabric Watch custom policies that were created. 3. The conversion is one way, you cannot convert MAPS rules back to Fabric Watch 4. The first time you enable MAPS, using the command mapsconfig --enablemaps -policy fw_active_policy you will receive a warning (screenshot of the same given below).
5. Set allowable actions for rules using mapsconfig --actions raslog, snmp, email, sw_critical, sw_marginal, sfp_marginal Make sure port fencing is not enabled / included in the mapsconfig command.
Initial MAPS setup For switches running FOS 7.2 or higher and that do not have Fabric Watch currently configured to monitor and alert for fabric events or if a clean MAPS setup is required use the following procedure The recommended port monitoring strategy is to log marginal port events to the RAS log which should be reviewed on a regular bases, and to generate SNMP or email alerts for serious port events that need immediate attention. Note: To implement this policy you can simply import the IBM_SO policy see Importing MAPS configuration Since the MAPS default policies generate SNMP / email alerts for all of their port events the strategy is to copy the default policy as a base, but to replace the port rules with rules that implement the above strategy based on the settings defined for Fabric Watch.
1. Create a copy of the MAPS default moderate policy as a base
mapspolicy --clone dflt_moderate_policy -name IBM_SO
2. Remove the port rules from the policy using the following commands. Note: Must be run from root
for i in $(mapspolicy --show IBM_SO | grep defNON | awk '{print $1}'); do mapspolicy --delrule IBM_RTS -rulename $i; done
for i in $(mapspolicy --show IBM_SO | grep E_PORTS | awk '{print $1}'); do mapspolicy --delrule IBM_RTS -rulename $i; done
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 61 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
for i in $(mapspolicy --show IBM_SO | grep F_PORTS | awk '{print $1}'); do mapspolicy --delrule IBM_RTS -rulename $i; done
for i in $(mapspolicy --show IBM_SO | grep T_PORTS | awk '{print $1}'); do mapspolicy --delrule IBM_RTS -rulename $i; done
mapspolicy --delrule IBM_SO -rulename defSWITCHSEC_TS_D10
3. Create new F-Port rules for the new IBM_SO policy
mapsRule --create F_PORTS_PE_5 -group ALL_F_PORTS -timebase min -op g -policy IBM_SO -monitor PE -value 5 -action RASLOG
mapsRule --create F_PORTS_ITW_25 -group ALL_F_PORTS -timebase min -op g -policy IBM_SO -monitor ITW -value 25 -action RASLOG
mapsRule --create F_PORTS_CRC_5 -group ALL_F_PORTS -timebase min -op g -policy IBM_SO -monitor CRC -value 5 -action RASLOG,SNMP,EMAIL
mapsRule --create F_PORTS_CRC_H25 -group ALL_F_PORTS -timebase hour -op g -policy IBM_SO -monitor CRC -value 25 -action RASLOG,SNMP,EMAIL
mapsRule --create F_PORTS_LR_3 -group ALL_F_PORTS -timebase min -op g -policy IBM_SO -monitor LR -value 3 -action RASLOG,SNMP,EMAIL
mapsRule --create F_PORTS_LR_H10 -group ALL_F_PORTS -timebase hour -op g -policy IBM_SO -monitor LR -value 10 -action RASLOG,SNMP,EMAIL
mapsRule --create F_PORTS_C3TXTO_5 -group ALL_F_PORTS -timebase min -op g -policy IBM_SO -monitor C3TXTO -value 5 -action RASLOG,SNMP,EMAIL
mapsRule --create F_PORTS_TX_90 -group ALL_F_PORTS -timebase min -op g -policy IBM_SO -monitor TX -value 90 -action RASLOG
mapsRule --create F_PORTS_RX_90 -group ALL_F_PORTS -timebase min -op g -policy IBM_SO -monitor RX -value 90 -action RASLOG
4. Create new E-Port rules for the new IBM_SO policy
mapsRule --create E_PORTS_PE_5 -group ALL_E_PORTS -timebase min -op g -policy IBM_SO -monitor PE -value 5 -action RASLOG
mapsRule --create E_PORTS_ITW_25 -group ALL_E_PORTS -timebase min -op g -policy IBM_SO -monitor ITW -value 25 -action RASLOG
mapsRule --create E_PORTS_CRC_5 -group ALL_E_PORTS -timebase min -op g -policy IBM_SO -monitor CRC -value 5 -action RASLOG,SNMP,EMAIL
mapsRule --create E_PORTS_CRC_H25 -group ALL_F_PORTS -timebase hour -op g -policy IBM_SO -monitor CRC -value 25 -action RASLOG,SNMP,EMAIL
mapsRule --create E_PORTS_LR_3 -group ALL_E_PORTS -timebase min -op g -policy IBM_SO -monitor LR -value 3 -action RASLOG,SNMP,EMAIL
mapsRule --create E_PORTS_LR_H10 -group ALL_F_PORTS -timebase hour -op g -policy IBM_SO -monitor LR -value 10 -action RASLOG,SNMP,EMAIL
mapsRule --create E_PORTS_ST_1 -group ALL_E_PORTS -timebase min -op g -policy IBM_SO -monitor STATE_CHG -value 1 -action RASLOG,SNMP,EMAIL
mapsRule --create E_PORTS_C3TXTO_5 -group ALL_E_PORTS -timebase min -op g -policy IBM_SO -monitor C3TXTO -value 5 -action RASLOG,SNMP,EMAIL
mapsRule --create E_PORTS_TX_75 -group ALL_E_PORTS -timebase min -op g -policy IBM_SO -monitor TX -value 75 -action RASLOG
mapsRule --create E_PORTS_RX_75 -group ALL_E_PORTS -timebase min -op g -policy IBM_SO -monitor RX -value 75 -action RASLOG
5. Enable the IBM_SO policy
mapsConfig --enablemaps -policy IBM_SO
6. Set allowable actions
mapsconfig --action RASLOG,SW_CRITICAL,SW_MARGINAL,SW_HEALTHY,SFP_MARGINAL
Importing MAPS configuration It is possible to import a MAPS policy and its rules instead of manually setting up MAPS as per the above section. There is an IBM_SO MAPS policy which is available and can be imported to enable setting up MAPS quickly. Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 62 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide Select the MAPS configure dialog by selecting Monitor->Fabric Vision->MAPS->Configure
Select the switch you want to import the MAPS policy into and select the IMPORT button.
Select the IBM_SO xml file
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 63 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide A progress message is displayed during the import.
A final status messages is displayed when the import is completed.
To activate the policy expand the list of policies for the switch, select the IBM_SO policy and press the Activate push button.
To enable the apropriate actions for the switch select the switch and press the Actions push button.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 64 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide Typically all actions except Fence are enabled.
Replicating a policy to other devices You can replicate a non-default policy on a device to all MAPS-capable devices in a Fabric or SAN. NOTE: Copying a policy from one device to another overwrites any policy with a matching name on the target devices
Right-click a device in the Product List or Connectivity Map and select Fabric Vision > MAPS > Configure
o The MAPS Configuration dialog box displays. Select a non-default policy on a device (source) you want to replicate in the list and click Distribute.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 65 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
The Distribution Options dialog box displays. Set the destination by choosing one of the following options: o All fabric distribution — Select to replicate the policy on all MAPS-capable devices in the SAN. o Within fabric distribution — Select to replicate the policy on all MAPS-capable devices in the selected Fabric.
Set the activation parameters by choosing one of the following options: o Activate policy on each switch — Select to immediately activate the policy on the target devices after distribution. If the selected policy is not an active policy, Activate after distribution activates the policy on the source device as well as the target devices. o Do not activate policy on each switch — Select to not activate the policy on the target devices after distribution.
Click OK on the Distribution Options dialog box. The selected policy is replicated on all MAPS-capable devices in the selected Fabric or SAN. If you chose to activate the policy after distribution, the selected policy is activated the target devices and the source device, if necessary. Click Close on the MAPS Configuration dialog box.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 66 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
MAPS and Bottleneck Monitor The MAPS dashboard mapsdb --show simplifies bottleneck event integration in FOX v7.2. Bottleneck events are reported in the summary section of the report output. The MAPS dashboard is used only for logging bottleneck latency events. Congestion bottleneck events are not logged on the MAPS dashboard. The MAPS dashboard will continue to log events whether RASLogs are set to on or off in the bottleneck configuration. The MAPS dashboard history section updates its display of CRED_ZERO (measured in millions) and BN_SECS values at one minute interval. 4.4 BN_SECS indicates the total seconds that were marked as being affected by bottlenecks since the previous midnight.
Enable MAPS in Network Advisor 1.
Document: Title:
Log In to NA. From the “Monitor” menu choose the “Fabric Vision” sub menu, select “MAPS” and “Enable”
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 67 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Activate MAPS Policy from Network Advisor
Log In to NA. From the “Monitor” menu choose the “Fabric Vision” sub menu, select “MAPS” and “Configure”
Highlight the switch to be configured, select the dflt_moderate_policy or IBM_SO policy and click the “Activate” button.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 68 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Confirm dflt_moderate_policy or IBM_SO is now the active policy.
View the Parameters in a Policy
Log In to NA. From the “Monitor” menu choose the “Fabric Vision” sub menu, select “MAPS” and “Configure”
Highlight the switch with the policy to be viewed, select the policy and click the “View” button.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 69 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Choose the tab related to the parameter to be viewed (Port, Switch Status, Fabric, FRU, Security, Resource, FCIP, Traffic/Flows)
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 70 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Network Advisor Dashboards The below IBM Network Advisor Dashboard Widgets, Event Logs, and SAN Health are great tools for doing everything from quick assessments to in-depth investigation of the overall health of your SAN. Dashboard Tab- at a glance The Dashboard tab provides a high-level overview of the network and the current states of managed devices. This allows you to easily check the status of the devices on the network. The dashboard also provides several features to help you quickly access reports, device configuration, and system logs. The dashboard updates every 5 seconds regardless of the currently selected tab (SAN or Dashboard) or the SAN size. However, data may become momentarily out of sync between the dashboard and other areas of the application. For example, if you remove a product from the network while another user navigates from the dashboard to a more detailed view of the product, the product may not appear in the detailed view.
The Dashboard includes the following widgets: 1. SAN Operational Status. Displays the device status as a pie chart. Displays the device status as a percentage of the total number of devices. Displays the percentage in various colors on each slice. Displays the color legend below the pie chart. Displays tooltips on mouse-over to show the number of devices in that state. When there is one status category with less than one percent of the total number of devices, the status widget displays the number of devices in each category on each slice. 2. SAN Inventory. Displays the SAN products inventory as stacked bar graphs. Displays each group as a separate bar on the graph. Displays the current state of all products discovered for a group in various colors on each bar. Displays the color legend below the y-axis. Displays tooltips on mouse-over to show the number of devices in that state. 3. Events. Displays the number of events by severity level for a specified time range as a stacked bar graph. You can customize this widget to display a specific time range. Options include: This Hour, Last Hour, Last 24 Hours, Last 7 days, or Last 30 Days
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 71 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Brocade SAN Health Report SAN Health is a powerful (and free) utility from Brocade for surveying your SAN. SAN Health should be run at least on a monthly basis, doing so will help you recognize trends in your environment, as well as unknown current or potential issues. Performing and maintaining regular sets of SAN Health reports can also aid in troubleshooting, as they provide you with a detailed history of events taking place in your SAN.
You can download this utility and instructions for using it from Brocade at: www.brocade.com/sanhealth
Brocade SAN Health reports contain information such as the following:
Fabric level information total port count, performance, oversubscription ratios, port utilization, and number of attached devices followed by specific information on each fabric, such as the connected switches, zoning configuration, and a port map.
Switch level information such as licenses, port level configurations and ISL usage.
Port level information such as bandwidth utilization, CRC counts and port status provides a snapshot on overall port health.
Visio diagram shows the logical connection of the switches in the fabrics as well as the connected devices. ISLs, trunks and devices are shown exactly how they are connected to the switch ports. From this diagram, the fabric topology and other information can be viewed quickly and easily.
Customized views of devices allow for online device identification, snapshot of performance stats and switch attachment details.
Other items in this report include historical performance graphs plus guidelines and recommendations.
NOTE: Past reports should be saved for trend and troubleshooting and planning purposes. These reports can be very helpful when trying to identify the source of an issue and should be readily available for “Crit-Sit” and Sev-1 types of situations.
Instructions For Usage 1. Identify the name of the customer in the SAN Health .BSH upload file name Good Example: James_Smith_120203_1201_ACMEcompany_LexingtonKY.BSH Bad Example: James_Smith_130610_1454_LEX_FAB.BSH (we do not know what acct in LEX) 2. After uploading .BSH file to
[email protected] send a follow-up email to Brocade alias
[email protected] letting the Brocade Team know SH is coming. This will avoid duplicate efforts and allow faster response then sending it to individual members. a. Include full file name(s) that were uploaded e.g. James_Smith_120203_1201_ACMEcompany_LexingtonKY.BSH When sending any eMails to Brocade please ensure to include
Your name Your eMail and phone number Customer name The geography the device/s will be (are) installed Device Type / Model, and quantity Account Focal e.g. SAN Architect, DPE, & etc. - name and contact information
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 72 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Description on problems or why the request for SAN Health review, b. any open PMR/SRs list the numbers
3. When configuring SH client http://www.brocade.com/services-support/drivers-downloads/san-healthdiagnostics/download_san_health.page be sure to Include
[email protected] see screen shot below:
4. Select option to create a separate Visio for each fabric:
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 73 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide 5. Clear the stats on all Switches by doing a slotstatsclear and statsclear at least 24 hours prior to running SH report. 6. Set performance to capture minimum of two hours for graphs
7. Make sure you are using the latest client v3.2.6c download from http://www.brocade.com/servicessupport/drivers-downloads/san-health-diagnostics/download_san_health.page 8. Follow-up SAN Health review request are to include status on all actions called out in previous review Brocade Recommendation Summary.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 74 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Zoning All zoning tasks must be performed from the Zoning dialog box in the Network Advisor application. You can access the Zoning dialog box from the main screen of the Management application using any of the following methods:
Select Configure > Zoning > Fabric. Click the Zoning icon on the toolbar. Right-click a port, a switch, a switch group, or fabric in the device list and select Zoning. Right-click a port, a switch, a switch group, or fabric in the Connectivity Map and select Zoning.
NOTE: The following points need to be observed when performing zoning operations
Zoning via the CLI or Web Tools interface should never be performed due to the increased potential for catastrophic customer-impacting mistakes associated with these methods.
“Single-Initiator Zoning” should be used for all zoning. A single-initiator zone contains one HBA in a zone with target device/s.
Your default zoning mode should be set for “No Access”. This means unzoned devices cannot see each other and therefore requires a zone be established before they can communicate
The following is a procedure for zoning in a Brocade Fabric using IBM Network Advisor and will assure the following:
The current zone configuration in the fabric will be saved to the Network Advisor offline repository and can be restored to the fabric if necessary.
Multiple copies of the fabric zoning configuration will be stored in the offline repository. The number of copies will be dependent on your policy for cleaning out old zone DB copies in the offline repository.
The offline repository will be backed up as part of the scheduled Network Advisor backup when that backup occurs. There will be exposure to lost updates to the zoning DB’s should the Network Advisor server become unavailable and have to be restored. The updates from the time of the last backup until the time the server is lost would be unrecoverable.
The current active Fabric Zone DB will always be the zoning DB used for updating when zoning changes are necessary in the fabric. The offline repository zone DB’s will only be used for recovery if necessary.
The following will demonstrate the steps necessary to make changes to the current zone configuration and assure a copy of the current zone DB is stored to the offline repository as a fallback if necessary. The current Fabric Zone DB consists of only 1 zone configuration.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 75 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
A request has come in to add an additional zone to the fabric, we will add this zone as zone4. Updates to fabric zoning will always be made to the current active zone configuration in the Fabric Zone DB. To assure that the Network Advisor zoning configuration window is current and assure you are viewing what is currently active in the fabric, perform a Zone DB Operation to refresh the DB. Verify the Zone DB listed is the Fabric Zone DB and perform a refresh. Zone DB Operation Refresh (See below)
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 76 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
You will receive a message indicating you are overwriting the selected zone DB with the one in the fabric, see below. Respond yes, this will guarantee your current view of the Fabric Zone DB is what exists in the fabric.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 77 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide You will now want to save a copy of the current Fabric Zone DB to the offline repository so that you have a copy to fall back to if necessary. Zone DB Operation Save As… (See below)
You will receive a window and need to input a Zone DB Name that will be used to identify the copy of the active Fabric Zone DB you are saving to the offline repository. You should establish a standard naming convention to be used and assure it is enforced. In this example we are using the initials of the person making the change followed by the date the change is being made followed by the name of the active zone configuration.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 78 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Once you respond OK to save you will be presented with the following screen. VERY important at this point to notice that the Zone DB listed below is the Zone DB you just saved to the offline repository: RJP_120610_SANWEST_X_CURRENT.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 79 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide Now that you have saved your changes you can make your updates to the active Fabric Zone DB. VERY important to now go back into the Fabric Zone DB. The Fabric Zone DB is the Zone DB you always want to make your changes to. Zone DB Select Fabric Zone DB from the list (See below)
You will now see that the Fabric Zone DB is listed in the top middle of the screen. See below.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 80 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Now that you have saved a copy of the current active Fabric Zone DB to the offline repository and have assured you are again editing the active Fabric Zone DB you are ready to implement your change. For this example you will create a new zone, Zone 4, add it to the current active zone configuration and activate the zone configuration so it gets activated in the fabric. Create the new zone and name it Zone 4. New Zone Type Zone 4 as the name (See below)
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 81 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Proceed to add the new members to the zone, see below.
Add the newly created Zone4 to the active configuration, see below. Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 82 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Activate the zone configuration so that your changes are pushed to the fabric. You will be presented with a window that will display the changes you are getting ready to activate in the fabric. You need to VERIFY that these changes are correct and respond OK once you have completed the verification. Highlight current zone configuration Activate Respond OK once you have verified the intended changes are accurate (See below)
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 83 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
You will now see that Zone4 is active in your fabric zone configuration, see below.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 84 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide Should you realize a mistake was made, you can fall back to the zone configuration that you saved to the offline repository. Zone DB Select the Zone DB you wish to activate from the list, in this example it is RJP_120610_SANWEST_X_CURRENT (See below)
You will now see the Zone DB that you want to fall back to listed. Review the Zone Configuration to assure it is the version you wish to fall back to. Notice the yellow triangle in the Active Zone Configuration tab below. This is a warning to tell you that there is a difference between what is currently active in the fabric and the Zone DB that you are editing in Network Advisor. Once you have verified that the fall back Zone Configuration is correct then proceed to activate. Highlight the Zone Configuration you wish to activate Click Activate (See below)
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 85 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
You will see a new window displaying the changes to the fabric that will be implemented. After you verify this is accurate, click OK and the changes will be activated in the fabric. You will need to reply YES to a verification window that comes up in order to activate the new configuration.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 86 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide You will now see the active configuration no longer displays Zone 4. This is the state you were in prior to making changes to add Zone4 to the configuration. The current Zone DB listed is the copy you saved in the offline repository.
You will want to refresh this screen by selecting the Fabric Zone DB to show what is currently active in the fabric. Zone DB Select the Fabric Zone DB (See below)
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 87 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
You will now see the Fabric Zone DB displayed, is showing you what is active in the fabric. You have successfully fallen back to the point you were at prior to beginning the changes.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 88 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide As part of the procedure, you will be saving many copies of the Zone DB to the offline repository. You will want to establish a policy for cleaning up the offline repository. You should determine the number of copies to save and clean out older copies as necessary. To delete unwanted copies of the Zone DB’s from the offline repository select the Zone DB you wish to delete. Zone DB Select the Fabric Zone DB to be deleted from the list, in this example RJP_120210_SANWEST_X_CURRENT (See below)
You will now see the Zone DB RJP_120210_SANWEST_X_CURRENT listed in the Zone DB field.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 89 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
You can now delete this Zone DB. Zone DB Operation Select Delete from the list (See below)
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 90 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide You will now receive a window indicating you are removing this Zone DB from the offline repository. Respond “Yes” to remove it from the offline repository.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 91 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
Conclusion This document was designed provide guidance deploying IBM Network Advisor per IBM Best Practices. Additionally, guidance for maintenance, monitoring, and performance has been included. This guide is not intended to replace any of the current documentation that IBM and Brocade have released in support of this product.
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 92 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide
References Below are links to references found in this document in addition to Network Advisor-specific links at Brocade and IBM.
Brocade Network Advisor SAN User Manual
IBM Network Advisor Software
General overview of DCX hardware
Brocade DCX Hardware 2
PDF describing DCX switch architecture, performance, features, configurations, etc.
Link to the IBM system storage SAN b-type family
IBM
Brocade Power Efficiency
Brocade link describing and displaying director power efficiency and providing comparisons to Cisco products
ITCS104 Technical Security Standards
Brocade link required for access to specialized content (e.g. Guides, software, firmware, etc.). You can sign-up for an account here as well.
Brocade DCX Hardware
This is the email that should be entered under “Send a duplicate report to the following people?” section when sending a SAN Health Report
MyBrocade
This link provides an overview of Brocade’s SAN Health tool, a link to download it, and instructions on how to use it.
[email protected]
This link provides IBM-specific email and phone numbers for Call Home
Brocade SAN Health Report
This link provides guidance for call home setup
Call Home Setup-2
General overview of Brocade Network Advisor product
Call Home Setup-1
Link to IBM Network Advisor overview, features &benefits, and specifications. This is also the link used to download Network Advisor
Brocade Network Advisor
All the features, and their usage, in Network Advisor are described here
IBM link to SAN storage switch security standards
FlowVision_AdminGd_v720 and FOS_MAPS_AdminGd_v720
Document: Title:
Brocade Flow Vision and MAPS Administrator Guide
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 93 of 94
Date: August, 2014 Version: 3.8
IBM Network Advisor Deployment and Best Practices Guide NOTE: Information on Brocade topology, switches, port blades, trunking, etc. can be found in the “Brocade SAN Design Guide” Back to Table of Contents
Document: Title:
Global Storage Service Line Process IBM Network Advisor Deployment Guide Page 94 of 94
Date: August, 2014 Version: 3.8