About VSANs
A VSAN is a virtual storage area network (SAN). A SAN is a dedicated network that interconnects hosts and storage devices primarily to exchange SCSI traffic. In SANs, you use the physical links to make these interconnections. A set of protocols run over the SAN to handle routing, naming, and zoning. You can design multiple SANs with different topologies.
With the introduction of VSANs, the network administrator can build a single topology containing switches, links, and one or more VSANs. Each VSAN in this topology has the same behavior and property of a SAN. A VSAN has the following additional features:
- Multiple VSANs can share the same physical topology.
- The same Fibre Channel IDs (FC IDs) can be assigned to a host in another VSAN, thus increasing VSAN scalability.
- Every instance of a VSAN runs all required protocols such as FSPF, domain manager, and zoning.
- Fabric-related configurations in one VSAN do not affect the associated traffic in another VSAN.
- Events causing traffic disruptions in one VSAN are contained within that VSAN and are not propagated to other VSANs.
This section describes VSANs and includes the following topics:
VSANs Topologies
The switch icons shown in both Logical VSAN Segmentation and Example of Two VSANs indicate that these features apply to any switch in the Cisco MDS 9000 Family.
Logical VSAN Segmentation shows a fabric with three switches, one on each floor. The geographic location of the switches and the attached devices is independent of their segmentation into logical VSANs. No communication between VSANs is possible. Within each VSAN, all members can talk to one another.
Example of Two VSANs shows a physical Fibre Channel switching infrastructure with two defined VSANs: VSAN 2 (dashed) and VSAN 7 (solid). VSAN 2 includes hosts H1 and H2, application servers AS2 and AS3, and storage arrays SA1 and SA4. VSAN 7 connects H3, AS1, SA2, and SA3.
The four switches in this network are interconnected by trunk links that carry both VSAN 2 and VSAN 7 traffic. The inter-switch topology of both VSAN 2 and VSAN 7 are identical. This is not a requirement and a network administrator can enable certain VSANs on certain links to create different VSAN topologies.
Without VSANs, a network administrator would need separate switches and links for separate SANs. By enabling VSANs, the same switches and links may be shared by multiple VSANs. VSANs allow SANs to be built on port granularity instead of switch granularity. Example of Two VSANs illustrates that a VSAN is a group of hosts or storage devices that communicate with each other using a virtual topology defined on the physical SAN.
The criteria for creating such groups differ based on the VSAN topology:
-
VSANs can separate traffic based on the following requirements:
-
Different customers in storage provider data centers
-
Production or test in an enterprise network
-
Low and high security requirements
-
Backup traffic on separate VSANs
-
Replicating data from user traffic
-
-
VSANs can meet the needs of a particular department or application.
VSAN Advantages
VSANs offer the following advantages:
- Traffic isolation—Traffic is contained within VSAN boundaries and devices reside only in one VSAN ensuring absolute separation between user groups, if desired.
- Scalability—VSANs are overlaid on top of a single physical fabric. The ability to create several logical VSAN layers increases the scalability of the SAN.
- Per VSAN fabric services—Replication of fabric services on a per VSAN basis provides increased scalability and availability.
- Redundancy—Several VSANs created on the same physical SAN ensure redundancy. If one VSAN fails, redundant protection (to another VSAN in the same physical SAN) is configured using a backup path between the host and the device.
- Ease of configuration—Users can be added, moved, or changed between VSANs without changing the physical structure of a SAN. Moving a device from one VSAN to another only requires configuration at the port level, not at a physical level.
Up to 256 VSANs can be configured in a switch. Of these, one is a default VSAN (VSAN 1), and another is an isolated VSAN (VSAN 4094). User-specified VSAN IDs range from 2 to 4093.
VSANs Versus Zones
You can define multiple zones in a VSAN. Because two VSANs are equivalent to two unconnected SANs, zone A on VSAN 1 is different and separate from zone A in VSAN 2. Table 1 lists the differences between VSANs and zones.
VSAN Characteristic |
Zone Characteristic |
---|---|
VSANs equal SANs with routing, naming, and zoning protocols. |
Routing, naming, and zoning protocols are not available on a per-zone basis. |
— |
Zones are always contained within a VSAN. Zones never span two VSANs. |
VSANs limit unicast, multicast, and broadcast traffic. |
Zones limit unicast traffic. |
Membership is typically defined using the VSAN ID to Fx ports. |
Membership is typically defined by the pWWN. |
An HBA or a storage device can belong only to a single VSAN—the VSAN associated with the Fx port. |
An HBA or storage device can belong to multiple zones. |
VSANs enforce membership at each E port, source port, and destination port. |
Zones enforce membership only at the source and destination ports. |
VSANs are defined for larger environments (storage service providers). |
Zones are defined for a set of initiators and targets not visible outside the zone. |
VSANs encompass the entire fabric. |
Zones are configured at the fabric edge. |
VSANS with Zoning shows the possible relationships between VSANs and zones. In VSAN 2, three zones are defined: zone A, zone B, and zone C. Zone C overlaps both zone A and zone B as permitted by Fibre Channel standards. In VSAN 7, two zones are defined: zone A and zone D. No zone crosses the VSAN boundary—they are completely contained within the VSAN. Zone A defined in VSAN 2 is different and separate from zone A defined in VSAN 7.