beautypg.com

High integrity fabric overview, High integrity fabric requirements – Brocade Network Advisor SAN + IP User Manual v12.3.0 User Manual

Page 1346

background image

1274

Brocade Network Advisor SAN + IP User Manual

53-1003155-01

High Integrity Fabric overview

28

NOTE

Fabric binding is only supported on Fabric OS 5.2 or later.

1. Select Configure > Fabric Binding.

The Fabric Binding dialog box displays (

Figure 561

).

2. Select the switches you want to remove from the selected fabrics’ Fabric Membership List

(FML) in the Membership List table.

NOTE

The selected switch cannot be part of the fabric.

3. Click the left arrow to move the switches to the Available Switches table.

4. Click OK on the Fabric Binding dialog box.

High Integrity Fabric overview

The High Integrity Fabric (HIF) mode option automatically enables features and operating
parameters that are necessary in multiswitch Enterprise Fabric environments. When HIF is
enabled, each switch in the fabric automatically enforces a number of security-related features
including Fabric Binding, Switch Binding, Insistent Domain IDs, and Domain Register for State
Change Notifications (RSCNs).

HIF activates the Switch Connection Control (SCC) policy, sets the Insistent Domain ID, and sets the
Fabric-Wide Consistency Policy (FWCP) for SCC in strict mode.

Activating HIF mode enables the following features:

Switch Connection Control — This feature, enabled through a device’s Element Manager,
prevents unauthorized switches from joining a fabric.

Fabric-Wide Consistency Policy — This feature makes sure that switches in the fabric enforce
the same policies.

Insistent Domain ID — This feature, enabled through a device’s Element Manager, sets the
domain ID as the active domain identification when the fabric initializes. When Insistent
Domain ID is enabled, the switch isolates itself from the fabric if the preferred domain ID is not
assigned as the switch’s domain ID.

High Integrity Fabric requirements

High Integrity Fabric (HIF) refers to a set of strict, consistent, fabric-wide policies. There are several
specific configuration requirements for high integrity fabrics:

Insistent Domain ID (IDID) must be enabled in the participating switches.

Port-based routing must be used on the participating switches.

A policy must be set that limits connectivity to only the switches within the same fabric. Fabric
binding is a security method for restricting switches that may join a fabric. For Fabric OS
switches, fabric binding is implemented by defining a Switch Connection Control (SCC) policy
that prevents unauthorized switches from joining a fabric.