Ask the Expert

The inherent dangers in relying solely on LUN masking

On November 7, you wrote, when comparing LUN masking, that "smaller zones will isolate error traffic within that zone so it does not affect the servers and storage ports in other zones." Does this mean there is a danger with a SAN design relying heavily on LUN masking? We are some way into implementing a SAN with two fabrics across two locations with two Inrange directors in each location. There will be an increase in the number of hosts (say 50 for now) connected to five IBM ESSs. Most of the hosts are currently direct connected and we have just begun to connect them via the directors.

    Requires Free Membership to View

Yes, do not depend on LUN masking alone as any errors in the LUN masking may affect other nodes. Or, in a worst case, cause data corruption.

If you use LUN masking at the storage level along with zoning at the switch level, you afford yourself two levels of security. The LUN masking is done at the port level when multiple hosts are sharing a storage port over a fabric connection. Zoning is used to prevent access to certain storage ports at the fabric level. The smaller you make your zones the less error traffic gets passed from port to port in the fabric. The use of many smaller zones is preferable to the use of fewer larger zones in my humble opinion. Even though this may make management a bit harder, it makes larger fabrics operate better.

By the way, if you will be using storage from multiple vendors in your SAN, then it's a best practice "today", to zone out the different storage arrays. For instance, do not allocate storage to the same server from two different storage subsystems in the same fabric over two HBA adapters, as each storage array manufacturer will most likely ask you to use a different version of path management software.

Chris

Editor's note: Do you agree with this expert's response? If you have more to share, post it in one of our .bphAaR2qhqA^0@/searchstorage>discussion forums.


This was first published in December 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: