Switch And Router Policy Monitors - Brocade Communications Systems StoreFabric SN6500B User Manual

Switch and router policy monitors

Switch and router policy monitors enable you to set the following policy monitors on switches and
routers.
•
•
Brocade Network Advisor SAN User Manual
53-1002696-01
Some devices can function as both initiator and target. If the application finds this type of
device as one of the active zone members, this device port is treated as both initiator and
target:
-
Target (storage port) — The application counts the number of initiator ports zoned to this
storage port.
-
Initiator — The application counts this device as an initiator port for other storage ports in
the same zone.
Rule Violation Fix — If the policy monitor report shows a violation, the Administrator must make
sure the initiator port limit is under the recommended number.
Check connections: redundant connections to neighboring switches (SAN only) — This switch
and router policy monitor enables you to determine if there are at least the minimum number
of configured inter-switch links (ISLs) between each switch pair.
The resiliency and redundancy of the fabric is an important aspect of the SAN topology. To
remove any single point of failure, SAN fabrics have resiliency built into the Fabric OS.
For example, when a link between two switches fails, routing is recalculated and traffic is
assigned to a new route. Therefore, to provide redundancy and enable resiliency, using ISLs,
the best practice is to make sure that there are at least two ISLs between each switch pair.
The redundant link refers to both the physical connection and the logical ISL. No matter how
many physical connections exist between the two base switches, there is only one logical ISL
between two logical switches. A logical ISL counts as one connection between the source and
destination switches; therefore, when a logical ISL is present, the connection count may be
inaccurate. To pass this monitor, the total number of logical ISL and physical connections must
be greater than the minimum connection.
For FCIP tunnels, one tunnel counts as one connection. This rule does not check circuits within
the FCIP tunnel. The total number of trunk ISLs, single ISLs, and the number of tunnels is
compared with the minimum number settings to decide if the redundant ISL check is a
success or a failure.
Rule Violation Fix — If the policy monitor report shows a violation, the SAN Administrator can
add redundant ISLs between the source and the target switch.
Check for HTTPS (secure HTTP) configuration — This switch and router policy monitor enables
you to check each target to see if HTTPS is active for device data transmission.
The preferred Management application product communication must be HTTPS for this check
to pass.
For Fabric OS products, verifies the IP ACL active policy rules. You should verify that the IP ACL
active rules deny HTTP access to all.
For Fabric OS products, if the IPv6 interface is enabled, verifies both IPv4 and IPv6 IP ACL
active policies.
Rule Violation Fix — If the policy monitor report shows a violation, enable HTTPS on the device.
Disable HTTP settings on the device, if enabled.
Policy monitor overview
31
953