End-of-Life Notice for Brocade DCX 8510 Port Blades and ICL POD Kits
The End-of-Life (EOL) notice for DCX 8510 Director port blades and ICL POD kits has been posted to the Brocade EOL webpage. This EOL notice also includes the power supply and FIPS kit. The Last Time Order date for listed part numbers is July 10th, 2023, with a Last Customer Ship (LCS) date of September 10, 2023.
End-of-Support (EOS) for Gen 5 blades and ICL kits is aligned with the DCX 8510 Director EOS date of April 30, 2025.
The End-of-Life (EOL) notice for DCX 8510 Director port blades and ICL POD kits has been posted to the Brocade EOL webpage. This EOL notice also includes the power supply and FIPS kit. The Last Time Order date for listed part numbers is July 10th, 2023, with a Last Customer Ship (LCS) date of September 10, 2023.
End-of-Support (EOS) for Gen 5 blades and ICL kits is aligned with the DCX 8510 Director EOS date of April 30, 2025.
CP Firmware Synchronization on Directors
• Director-class products have dual CPs – to determine if the two CPs are running identical versions of FOS, you can issue the firmwareshow –v command
• The output will display the FOS versions running on both the Primary and Secondary partitions of each CPU
• All four versions should be identical unless it’s your desire to have multiple versions running for testing purposes and the like
• If you’ve performed a CP blade replacement, it’s a good idea to ensure the replacement CP FOS code version matches that of the other CP blade
• In 2014, FOS v7.3.0x introduced the firmwaresync CLI command which can be used to synchronize the firmware from the Active CP to the standby CP
• Additionally, FOS v7.3.0x introduced a chassis-wide configuration setting which when configured will automatically synchronize FW versions between CPs. I strongly recommend you utilize the below procedure to enable CP firmware synchronization:
• This setting is NOT enabled by default
• This setting is non-disruptive
• Per the CLI guide: ‘Auto Firmwaresync’ -> Enables the firmware from the active CP to synchronize automatically to the standby CP.
• Director-class products have dual CPs – to determine if the two CPs are running identical versions of FOS, you can issue the firmwareshow –v command
• The output will display the FOS versions running on both the Primary and Secondary partitions of each CPU
• All four versions should be identical unless it’s your desire to have multiple versions running for testing purposes and the like
• If you’ve performed a CP blade replacement, it’s a good idea to ensure the replacement CP FOS code version matches that of the other CP blade
• In 2014, FOS v7.3.0x introduced the firmwaresync CLI command which can be used to synchronize the firmware from the Active CP to the standby CP
• Additionally, FOS v7.3.0x introduced a chassis-wide configuration setting which when configured will automatically synchronize FW versions between CPs. I strongly recommend you utilize the below procedure to enable CP firmware synchronization:
• This setting is NOT enabled by default
• This setting is non-disruptive
• Per the CLI guide: ‘Auto Firmwaresync’ -> Enables the firmware from the active CP to synchronize automatically to the standby CP.
Data Center AC Power Distribution Testing and Validation
Some customers perform Data Center wide AC power distribution testing by turning off and then back on Power Distribution legs. The A-side leg is done, followed by the B-side at some point later. When doing this, you must ensure all X6 (Gen 6) Director-class platforms have fully functional power supplies (using the psshow) before, in the middle of, and after this testing has been completed
• There is a corner condition with much earlier versions of the power supplies which can result in the power supply coming back as faulty if it’s running at high fan speeds at the time power is removed
• In the unlikely event you were to run into this, unplug and then plug back in the power cord feeding the power supply
Some customers perform Data Center wide AC power distribution testing by turning off and then back on Power Distribution legs. The A-side leg is done, followed by the B-side at some point later. When doing this, you must ensure all X6 (Gen 6) Director-class platforms have fully functional power supplies (using the psshow) before, in the middle of, and after this testing has been completed
• There is a corner condition with much earlier versions of the power supplies which can result in the power supply coming back as faulty if it’s running at high fan speeds at the time power is removed
• In the unlikely event you were to run into this, unplug and then plug back in the power cord feeding the power supply
How to block Telnet access
• For the most part, the bulk majority of customers do not want Telnet access available to their products
• By default, Telnet access to switches and Directors is enabled
• To disable/block Telnet access, follow this procedure taken directly from our FOS v8x Admin Guide:
• Login to the switch/Director with an account with admin permissions and perform the following commands:
• While we’re on the subject, the killtelnet command is a great CLI command for determining all current Telnet and serial port login sessions – the command also gives you the ability to kill any active Telnet session(s)
• For the most part, the bulk majority of customers do not want Telnet access available to their products
• By default, Telnet access to switches and Directors is enabled
• To disable/block Telnet access, follow this procedure taken directly from our FOS v8x Admin Guide:
• Login to the switch/Director with an account with admin permissions and perform the following commands:
• ipfilter --clone BlockTelnet -from default_ipv4
• ipfilter --save BlockTelnet
• ipfilter --addrule BlockTelnet -rule 1 -sip any -dp 23 -proto tcp -act deny
• ipfilter --save
• ipfilter --activate BlockTelnet
• ipfilter --show (to confirm the BlockTelnet filter has been set up properly)• While we’re on the subject, the killtelnet command is a great CLI command for determining all current Telnet and serial port login sessions – the command also gives you the ability to kill any active Telnet session(s)
Interesting KB Article on ESXi Path Selection
Back in 2019, we were involved in a performance troubleshoot in an ESXi environment in which the resolution was to modify the Round Robin IOPS limit on the host
• In this case, hosts were experiencing latency issues, yet there were no signs on latency on the SAN side of things
• A knowledge base article was written by VMware (last updated on 3/31/21) regarding this issue which impacts all traffic types including: iSCSI/FC and FCoE
• The KB article explains how ESXi servers uses a Round Robin Path Selection Plug-in (PSP) to balance the load across all active paths. A path is selected and then that path is solely used until a specific quantity of data has been transferred. After that quantity has been reached, the PSP selects the next path in the list. Path selection can be determined based on IOs (the default is set to 1000) or by Bytes transferred
• The suggestion given to the referenced customer was to lower the limit from 1000 down to 1. Therefore instead of writing 1000 IOs to a single path before using the next active path, you’d be sending a single IO down a path before using the next path
• The good news is you do not need to restart the host for the changes to take effect
• Here is a link to the VMware Knowledge Base #2069356 article in full: https://kb.vmware.com/s/article/2069356
Back in 2019, we were involved in a performance troubleshoot in an ESXi environment in which the resolution was to modify the Round Robin IOPS limit on the host
• In this case, hosts were experiencing latency issues, yet there were no signs on latency on the SAN side of things
• A knowledge base article was written by VMware (last updated on 3/31/21) regarding this issue which impacts all traffic types including: iSCSI/FC and FCoE
• The KB article explains how ESXi servers uses a Round Robin Path Selection Plug-in (PSP) to balance the load across all active paths. A path is selected and then that path is solely used until a specific quantity of data has been transferred. After that quantity has been reached, the PSP selects the next path in the list. Path selection can be determined based on IOs (the default is set to 1000) or by Bytes transferred
• The suggestion given to the referenced customer was to lower the limit from 1000 down to 1. Therefore instead of writing 1000 IOs to a single path before using the next active path, you’d be sending a single IO down a path before using the next path
• The good news is you do not need to restart the host for the changes to take effect
• Here is a link to the VMware Knowledge Base #2069356 article in full: https://kb.vmware.com/s/article/2069356
Root-Level Login Access to Switches
• The default switch root account was disabled for all new switches shipped from factory as of FOS v8.0.1.
• It remains a strong recommendation to not enable root-level access to Brocade switches as this enables root-level Linux filesystem access – thus the impetus for disabling the root account by default
• Prior to running FOS v9.1x, for administrators that want to enable the root account, it’s a two-step process:
• Use the rootAccess CLI command to control which management interfaces root access will be allowed on (none, consoleonly, all)
• Use the userConfig CLI command to enable the root account. Note that the command has been enhanced to display an asterisk (*) character next to the account name for any default switch account which continues to have a default factory password set
• FOS v9.0x introduced a new maintenance account predominantly meant to be used by Brocade TAC or OEM support personnel – this account is disabled be default
• This account is used for very low-level troubleshooting commands not available to the admin account
• This account is not meant for the day-to-day administration of Brocade products
• FOS v9.1x entirely removed the root account – it can no longer be enabled or activated
• If maintenance account activation is required, with admin privileges, you can issue the command userconfig –change maintenance –e yes to enable it
• The default switch root account was disabled for all new switches shipped from factory as of FOS v8.0.1.
• It remains a strong recommendation to not enable root-level access to Brocade switches as this enables root-level Linux filesystem access – thus the impetus for disabling the root account by default
• Prior to running FOS v9.1x, for administrators that want to enable the root account, it’s a two-step process:
• Use the rootAccess CLI command to control which management interfaces root access will be allowed on (none, consoleonly, all)
• Use the userConfig CLI command to enable the root account. Note that the command has been enhanced to display an asterisk (*) character next to the account name for any default switch account which continues to have a default factory password set
• FOS v9.0x introduced a new maintenance account predominantly meant to be used by Brocade TAC or OEM support personnel – this account is disabled be default
• This account is used for very low-level troubleshooting commands not available to the admin account
• This account is not meant for the day-to-day administration of Brocade products
• FOS v9.1x entirely removed the root account – it can no longer be enabled or activated
• If maintenance account activation is required, with admin privileges, you can issue the command userconfig –change maintenance –e yes to enable it
SAN Health Reports
• Released in 2004, the SAN Health Reporting (SHR) tool continues to be a free tool utilized to review and analyze your FC SAN environments
• The SAN Health tool will work on all Brocade and Cisco products
• Note: The Cisco outputs are comparatively limited
• As of December 2022, the most recent version of the SAN Health tool was v4.2.2d(4)
• The SHR tool can be downloaded from the SAN Health homepage:
• https://www.broadcom.com/support/fibre-channel-networking/tools/san-health
• Note: At the same URL, you’ll find a link to Brocade SAN Health Frequently Asked Questions
• Going back to 2013, the use of Fabric Vision MAPS has become standard in Brocade FC SAN environments
• As a result, the use of Brocade SAN Health reports for the purposes of detecting avoidable issues has become largely unnecessary as Fabric Vision MAPS automatically catches just about everything
• For Brocade direct-support customers, BSL can be used to generate BPA (Best Practice Assessments) reports, CPI (Configuration, Performance, Inventory) reports, and Fabric Analytics – additional tools to detect avoidable issues
• That said, eighteen years later, the SHR tool continues to improve and as such, we continue to recommend you run it once per year across all of your FC SAN environments. If possible, please share the results with your Brocade pre-sales engineer for review
• Please remember to save your SHR tool configuration prior to exiting the tool - the next time you want to run a report, you’ll simply have to pull up the saved configuration and run it
• Note: Sometimes engineers successfully run a SHR to generate a report, but, don’t take the final step of uploading the encrypted .BSH file to the report generation servers
• If you navigate to https://sanhealth.broadcom.com/upload/ you can browse to your locally stored and encrypted .BSH file, and send it to the report generation queue for processing
• Alternatively, you can simply email the .BSH file to sanhealth.upload@broadcom.com
• Released in 2004, the SAN Health Reporting (SHR) tool continues to be a free tool utilized to review and analyze your FC SAN environments
• The SAN Health tool will work on all Brocade and Cisco products
• Note: The Cisco outputs are comparatively limited
• As of December 2022, the most recent version of the SAN Health tool was v4.2.2d(4)
• The SHR tool can be downloaded from the SAN Health homepage:
• https://www.broadcom.com/support/fibre-channel-networking/tools/san-health
• Note: At the same URL, you’ll find a link to Brocade SAN Health Frequently Asked Questions
• Going back to 2013, the use of Fabric Vision MAPS has become standard in Brocade FC SAN environments
• As a result, the use of Brocade SAN Health reports for the purposes of detecting avoidable issues has become largely unnecessary as Fabric Vision MAPS automatically catches just about everything
• For Brocade direct-support customers, BSL can be used to generate BPA (Best Practice Assessments) reports, CPI (Configuration, Performance, Inventory) reports, and Fabric Analytics – additional tools to detect avoidable issues
• That said, eighteen years later, the SHR tool continues to improve and as such, we continue to recommend you run it once per year across all of your FC SAN environments. If possible, please share the results with your Brocade pre-sales engineer for review
• Please remember to save your SHR tool configuration prior to exiting the tool - the next time you want to run a report, you’ll simply have to pull up the saved configuration and run it
• Note: Sometimes engineers successfully run a SHR to generate a report, but, don’t take the final step of uploading the encrypted .BSH file to the report generation servers
• If you navigate to https://sanhealth.broadcom.com/upload/ you can browse to your locally stored and encrypted .BSH file, and send it to the report generation queue for processing
• Alternatively, you can simply email the .BSH file to sanhealth.upload@broadcom.com
Broadcom
SAN Health
Get an accurate view of your SAN environment with time-saving reports and detailed diagrams
Brocade Has Replaced Paper Packs with Electronic Licensing
Brocade, our customers and partners have encountered many issues with paper packs (printed license transaction key) that are included with optics in switch POD and ICL kits. These issues include end customers losing the physical paper pack, potential fraudulent activities and incremental complexities from the printing process.
Consistent with best practices Brocade has been delivering license transaction keys for switch POD and ICL kits electronically, instead of paper packs. The shipped kits include only optics with instructions to the end user on how to retrieve the transaction key and license electronically, using kit and optics serial numbers. Both the kit and optics serial numbers are printed on the clamshell label. In the new process, a customer has to access the Customer Service Portal and enter the required information, which will email them the license required to enable ports.
Reminder:
· Do not discard the clamshells as they contain all the necessary serial number information
· Follow the instructions included in every POD and ICL Kit to retrieve/redeem transactions keys.
Brocade, our customers and partners have encountered many issues with paper packs (printed license transaction key) that are included with optics in switch POD and ICL kits. These issues include end customers losing the physical paper pack, potential fraudulent activities and incremental complexities from the printing process.
Consistent with best practices Brocade has been delivering license transaction keys for switch POD and ICL kits electronically, instead of paper packs. The shipped kits include only optics with instructions to the end user on how to retrieve the transaction key and license electronically, using kit and optics serial numbers. Both the kit and optics serial numbers are printed on the clamshell label. In the new process, a customer has to access the Customer Service Portal and enter the required information, which will email them the license required to enable ports.
Reminder:
· Do not discard the clamshells as they contain all the necessary serial number information
· Follow the instructions included in every POD and ICL Kit to retrieve/redeem transactions keys.
Fabric OS and IP Extension Compatibility Matrixes Are Being Deprecated
We are doing away with the following compatibility matrixes: the Fabric OS Compatibility Matrix and the IP Extension Compatibility Matrix. These matrixes have become less and less useful over time. Despite lots of efforts, the matrixes were never up to date, and the information was often out of sync with what was listed by our OEMs. Most customers have primarily referenced the compatibility matrixes from the storage OEMs, which is the correct place to look, and it’s what we recommend for our customers moving forward.
For compatibility with xWDM devices, customers should reference the compatibility matrixes of the xWDM vendors, including information on which advanced features are supported (e.g. Brocade Trunking).
The Brocade Transceiver Support Matrix will continue as is, documenting the optics that we sell. For information on compatibility of Smartoptics xWDM transceivers, customers should reference Smartoptics’ compatibility matrix.
We are doing away with the following compatibility matrixes: the Fabric OS Compatibility Matrix and the IP Extension Compatibility Matrix. These matrixes have become less and less useful over time. Despite lots of efforts, the matrixes were never up to date, and the information was often out of sync with what was listed by our OEMs. Most customers have primarily referenced the compatibility matrixes from the storage OEMs, which is the correct place to look, and it’s what we recommend for our customers moving forward.
For compatibility with xWDM devices, customers should reference the compatibility matrixes of the xWDM vendors, including information on which advanced features are supported (e.g. Brocade Trunking).
The Brocade Transceiver Support Matrix will continue as is, documenting the optics that we sell. For information on compatibility of Smartoptics xWDM transceivers, customers should reference Smartoptics’ compatibility matrix.
Setting up NTP (Network Time Protocol)
• NTP should be utilized to maintain time synchronization across all of the equipment in your data center(s)
• Over the years, we have had a few instances whereby hosts, storage arrays, and their connecting switches/Directors were not in time sync, making the troubleshooting of issues far more complex than it needed to be
• If multiple devices have different time settings, correlating individual error log entries between the devices becomes very challenging - unnecessarily complicating ultimately delaying the analysis
• The tsclockserver command will work on all the Brocade switches/Directors in your environment to get them synchronized to a central clock
• Note that the tstimezone CLI command is what is utilized to change your timezone setting
• To our knowledge, in order for tstimezone setting changes to take effect, the switch processes need to be restarted unlike with the tsclockserver command
• While a disruptive reboot is one option for immediately restarting all processes, this should also be achievable online by upgrading your FOS version
• Important: Please consider getting your entire environment (hosts, storage, infrastructure etcetera) synced-up to the same centralized clock
• Note: Fabric Vision MAPS will automatically monitor for instances of the Time Server not being accessible to the switch/Director (due to network issues or the NTP server(s) being down for example)
• By default, the FV MAPS SEC_TS (TS out of sync) rule is monitored as follows – you will be notified if any of the following values are reached:
• Aggressive Policy – 1 per hour, 2 per day
• Moderate Policy – 2 per hour, 4 per day
• Conservative Policy – 4 per hour, 10 per day
• Note: SANnav v2.2x can be utilized to great effect to determine if two or more switches have been configured with identical NTP settings
• NTP should be utilized to maintain time synchronization across all of the equipment in your data center(s)
• Over the years, we have had a few instances whereby hosts, storage arrays, and their connecting switches/Directors were not in time sync, making the troubleshooting of issues far more complex than it needed to be
• If multiple devices have different time settings, correlating individual error log entries between the devices becomes very challenging - unnecessarily complicating ultimately delaying the analysis
• The tsclockserver command will work on all the Brocade switches/Directors in your environment to get them synchronized to a central clock
• Note that the tstimezone CLI command is what is utilized to change your timezone setting
• To our knowledge, in order for tstimezone setting changes to take effect, the switch processes need to be restarted unlike with the tsclockserver command
• While a disruptive reboot is one option for immediately restarting all processes, this should also be achievable online by upgrading your FOS version
• Important: Please consider getting your entire environment (hosts, storage, infrastructure etcetera) synced-up to the same centralized clock
• Note: Fabric Vision MAPS will automatically monitor for instances of the Time Server not being accessible to the switch/Director (due to network issues or the NTP server(s) being down for example)
• By default, the FV MAPS SEC_TS (TS out of sync) rule is monitored as follows – you will be notified if any of the following values are reached:
• Aggressive Policy – 1 per hour, 2 per day
• Moderate Policy – 2 per hour, 4 per day
• Conservative Policy – 4 per hour, 10 per day
• Note: SANnav v2.2x can be utilized to great effect to determine if two or more switches have been configured with identical NTP settings
Slow Drain Device Quarantine (SDDQ) – Game Changing Brocade-Exclusive Tech
SDDQ has been around so long, it’s easy to forget just how effective this automated technology has been. It’s impossible to know how many real-world environments have avoided major issues by using SDDQ, but the number must be quite large.
SDDQ has been around so long, it’s easy to forget just how effective this automated technology has been. It’s impossible to know how many real-world environments have avoided major issues by using SDDQ, but the number must be quite large.
Telegraph
Slow Drain Device Quarantine (SDDQ) – Game Changing Brocade-Exclusive Tech
Text: Brocade CIS SAN Telegram channel Slow Drain Device Quarantine (SDDQ) – Game Changing Brocade-Exclusive Tech SDDQ has been around so long, it’s easy to forget just how effective this automated technology has been. It’s impossible to know how many real…
Target Driven Zoning (TDZ)
Important and cutting to the chase – it’s not a bad idea to check your TDZ per-port setting (portcfgshow) to ensure TDZ is disabled if you do not desire to use TDZ with a storage array that supports it.
Important and cutting to the chase – it’s not a bad idea to check your TDZ per-port setting (portcfgshow) to ensure TDZ is disabled if you do not desire to use TDZ with a storage array that supports it.
Telegraph
Target Driven Zoning (TDZ)
Text: Brocade CIS SAN Telegram channel Target Driven Zoning (TDZ) Important and cutting to the chase – it’s not a bad idea to check your TDZ per-port setting (portcfgshow) to ensure TDZ is disabled if you do not desire to use TDZ with a storage array that…