Fabric Services
Zoning
“Hard” and “Soft” Zoning
•Formerly…
– Switches used the ASIC (hardware) to enforce port
zoning —“hard zoning”
– Switches used the switch name server (software) to
enforce WWN zoning—“soft zoning”
• Today…
– Newer switches also use the ASIC to enforce WWN
zoning
– “Hard” and “soft” zoning should refer to enforcement
only
– Hardware enforcement is more secure because
unauthorized devices cannot access Name Server
As things move on we start talking about hard and soft as the place of
enforcement because now, by using port authentication we download a list of
valid worldwide names to the ASIC. At this point we know who you are
allowed to talk to at the ASIC level. So if you try to send a frame to someone
who is not on your list at the ASIC, it gets blocked. This is now a very secure
form of zoning. Also, because the names have been downloaded to the ASIC,
if a card is plugged in with a duplicate WWN but into the wrong switch port, it
doesn’t allow it to complete fabric login. So by using port authentication we
can protect ourselves against WWN spoofing.
The type of zoning should be referred to as Port or World Wide Name
and
the locality of enforcement as Hard or Soft
– hard means it is at the ASIC (port level) and
– soft means it is at the processor level.