- Fibre Channel zoning
storage networking, Fibre Channel zoning is the partitioning of a Fibre Channel fabricinto smaller subsets to restrict interference, add security, and to simplify management. If a SAN contains several storage devices, each system connected to the SAN should not be allowed to interact with all of them. Zoning applies only to the switched fabrictopology (FC-SW), it does not exist in simpler Fibre Channel topologies.
Zoning is sometimes confused with LUN masking, because it serves the same goals. LUN masking, however, works on Fibre Channel level 4 (i.e. on
SCSIlevel), while zoning works on level 2. This allows zoning to be implemented on switches, whereas LUN masking is performed on endpoint devices - host adapters or disk array controllers.
Zoning is also different from
VSANs, in that each port can be a member of multiple zones, but only one VSAN. VSAN (similarly to VLAN) is in fact a separate network (separate sub-fabric), with its own fabric services (including its own separate zoning).
There are two main methods of zoning, hard and soft, that combine with two sets of attributes, name and port.
Soft zoning restricts only the fabric name services, to show the device only an allowed subset of devices. Therefore, when a server looks at the content of the fabric, it will only see the devices it is allowed to see. However, any server can still attempt to contact any device on the network by address. In this way, soft zoning is similar to the computing concept of
security through obscurity.
In contrast, hard zoning restricts actual communication across a fabric. This requires efficient hardware implementation (frame filtering) in the fabric switches, but is much more secure.
Zoning can also be applied to either switch ports or end-station name. Port zoning restricts ports from talking to unauthorized ports. Because this is non-standard, it usually requires a homogeneous SAN (all switches from one vendor). Any device plugged in a specific physical switch port is given access to the zone. Name zoning restricts access by device's
World Wide Name. This is more flexible, but WWNs can be spoofed, reducing security.
Currently, the combination of hard and name zoning is the most popular.
Wikimedia Foundation. 2010.