FOS version 9 – Gen 7 Fibre-Channel is here

Brocade Brocade Technical No Comments

Yahooo… (No not the company) FOS version 9 is here. The one that starts to support Gen 7 (64/256 Gbit) Fibre Channel. Now, just in case you’re getting excited and want to go clickety..clickety..click..upgrade <<<< hold on!!.

This version comes with an extensive bookwork called release-notes as well as a separate upgrade guide! This fact alone already should raise some red-flags to not just whack this into your environment. There is a whole set of pre-reqs on Gen 6 kit as well.

I’m not going to publish the release noteas and upgrade guide here. I assume you have access to them and I urge you to read them carefully.

Interoperability

Lets start with the interop list first. ALL GEN4 kit is obsolete !!!! You are not allowed to have any E-port connectivity between switches that have FOS 9 installed with any Gen4 switch. PERIOD !!!. The only way that is still supported is by using FCR and expose an EX-port out of a FOS 9 based switch to one that runs version 7. (And even these are already end-of-support mostly.) The Gen 6 switches are restricted to a later FOS 8 version. Rule-of-tumb is to simply use the latest GA version that your vendor has published. (At the time of this writing version 8.2.2b is a safe bet on all kit from an interop perspective.)

Hardware

Supported switches

The new switches are the X7 in both a 4 and 8 slot version, a new G720 56-port pizza-box as well as two new Gen 6 G620 and G630 switches with enhanced capabilities.

Be aware that there are now 2 versions of both the G620 and G630 switches. The “new” models are 183 and 184 respectively. The models are 162 and 173. As a side note there is also a 162.5 model and that one requires at least FOS 8.2.1a. This is because the model of flash memory cards is new.

Type “switchshow” and you’ll see which model you have. The “switchType:” entry shows the number.

Supported blades

The current blades in the X6 and new blades X7 deserve some attention. The new gen 7 blades are supported in the X7 director as well as in the X6 under the provision that the CP in the X6 chassis are upgraded first to an CPX6+version. The only Gen6 port blade is the 48-port version which can both run in an X7 and an X6+ (hereafter the X6+ is an X6 director with CPX6+ control processor blades)

Optics

Gen7 is going to support signed optics. “Huhh?? what does that mean.” As you may have seen in one of my earlier posts over here the sheer amount of so called “compatible” optics and the lack of sustained quality assurance has basically led to this. Signed optics will have a burned in certificate from Broadcom during manufacturing which is validated by FOS upon insertion in the switch. If that certificate does not render a valid signature FOS will simply not turn on that optic. It may be that current versions of FOS do not yet force this but rest assure that in future versions a lockdown will be happening and your non-signed optics will simply stop working. This also means that you cannot move your older gen6 optics to a new gen7 switch. Believe me that a lot of cases we see in support are because of optics that simply turn up via E-bay of some 3rd party vendor and causing havoc in fabrics. As with all equipment you get what you pay for.
The list of supported optics is very volatile so I won’t go into a list here. When launched the 64G optics were still in development/testing/manufacturing phase so they will not be available yet from the get-go.

Old kit

Old in the sense of non-supported equipment. You may have just bought a bucketload of 8510 switches but you will not have the benefits of Gen7 capabilities. Basically all Gen 5 kit is out the window. This goes for the 8510 director class down to the 65xx I/O modules in blade-server chassis. The 7840 FCIP switch as well as the FX8-24 will not work with FOS 9. The only extension switch supported with FOS 9 will be the 7810 as well as the SX6 blade in both the X6 as X7.

Software

As mentioned do not start upgrading out of the blue without some proper validation and cross-checking in your environment. That being said FOS 9 provides a knapsack full of new goodies and improvements so you’re going to enjoy this. I’ll just highlight the things that I find most worth mentioning. As usual check the release notes for more info.

Webtools

GONE !!!! yeahhhhhh ♥
Well, the Java version that is.. There a new html5 based interface replacing the Java engine that has served webtools for decades. I’m fairly sure had Oracle not started charging for Java we’d still be mucking around with it. Thank you Oracle for providing this beneficial side-effect of your decisions 🙂 

BNA

Also GONE !!!!. BNA will not support FOS 9 or vice versa. SANnav is the tool to manage your fabrics from now on. Be aware that SANnav is also restricted on older FOS code levels and hardware. Check the SANnav release notes for that.

REST API

With each version of FOS the REST API is extended with more features and functions to allow 3rd party tools as well as your scripts to monitor/manage your fabric(s). I’ll leave it up to you and your imagination how far you want to go with this. If you’re starting out and want a Python interface have a look on Brocades’ github page over here. This currently supports up to FOS 8.2 but will likely be enhanced with FOS 9 support shortly.

Traffic optimizer

Traffic Optimizer is new in FOS 9. It groups traffic flows based on flow characteristics such as speed, CS_CTL, QOS etc. It is basically some sort of management overlay on MAPS, SDDQ, virtual circuit selection and frame-scheduler. This will then allow the switch to make decisions on which links and virtual circuits traffic is mapped.

Fabric Notification

FPIN is a new FC-GS function and only applicable on Gen 7 hardware. If you’ve seen my T11 proposal for the Error Reporting with Integrated Notification functionality back in 2011 you can see some similarities with FPIN. The main difference is that FPIN is a fabric service whereas my proposal was more driven from a N-port standpoint. What FPIN basically does is providing a fabric-wide service where various performance characteristics are sent to registered entities to ensure that if paths/links are subject to any sort of condition that impacts frame-flow the remote N-port can make decisions to route traffic over another path. (That’s a mouth full..) Be aware that this does not resolve issues on your end device. If a device (HBA/Server/Array/Tape) is suffering from a problem, whatever that is, the fabric is merely capable of bypassing that device by signaling the remote mapped entities. If these remote entities have no clue of what an FPIN ELS frame is than don’t expect miracles. Other functions such as SDDQ and port-fencing/decommissioning can still provide an alternative solution to stop misbehaving devices having an impact on the rest of the fabric.
In essence when a N-port comes online it registers it FPIN capability and  with the fabric as well as which notifications it wants to receive. When a different port in a fabric is suffering from conditions such as congestion, latency, link issues etc the fabric event service will notify ports that have registered to receive this info. I will come back to this function with more information in a dedicated post.

Notes

FCIP

If you want FCIP support between equipment running FOS 9 and older ensure that it at least runs 8.2.1.  As usual check your vendors’ support matrix.

FEC

Forward Error Correction has been mandatory since Gen6 on all 32G based speeds. That means it could be disabled when connecting to devices running 16G or 10G. DWDM still remains a problem child for end-to-end FEC support so check you DWDM vendor if Brocade FEC algorithms

VM Insight

The VM Insight is not supported in FOS 9.0. I don’t know if this will return in future version. The application server is still part of the fabric services so frames tagged with a VM-id will still be passed on. FOS 9 has significantly enhanced MAPS with function that allow for better monitoring of flows and their respective performance characteristics. The FPI feature is now overloaded with a profile manager which allows you to create your own profiles. To be honest I don’t expect to be used very much. the reason why I thing that is because I rarely see environments where even a customized MAPS profile is active.
That being said in high performance storage environments this feature is very welcome as the default values may not always be sufficient enough to cater to the requirements of some applications.

Security

Finally the password change function is now enforced if the default password is still active on the switch. If you don’t change it it will not let you log in. It have been a security nightmare ever since the root,factory and admin accounts existed. The factory account has already been removed from FOS. Furthermore the usual updated ciphers will ensure the every stronger crypto capabilities on https, ssh, ldaps and sftp communication protocols. TLS 1.3 is now supported with the https protocol.

Support

There is a new guide called the Fabric OS Maintenance Account Command Reference Manual. (pfff… type that a few times….). The new feature introduces “new” commands and have moved commands from the admin account to the “maintenance” account or provide such useful info that they’ve been adopted from the root level. The maintenance account is disabled by default and thus needs to be enabled before they are available. The maintenance role can also be associated to user-roles and authenticated via AAA accounts. The main reason for this maintenance separation is that the functionality of executing some low level commands like miitool, arp, chassisreboot etc are now better controlled as previoulsy they would be available under the admin account (like chassisreboot) or under the root credentials (which is something that should incur the death penalty:-) ). 

Best practice: Set it up once by enabling the account, link it to LDAP (or another AAA method) and disable the account in LDAP. This will prevent “bad guys” from using that account and, if security is properly setup in your environment, will also flag all sorts of intrusion detection mechanism so you’re on top of that as well.
Only when instructed by support people of your OEM or Broadcom you need to enable that account and use it. You don’t need it in your day-to-day admin work so leave it alone.

Licensing

The fact that a fair amount of bad-guys have been selling counterfeited switches on ebay resulted in FOS enhance the licensing algorithms as well as put limits onto how many “licenseadd” commands you can execute within a certain time-period. Given the fact that the license database on switch will be migrated to a new structure

Print Friendly, PDF & Email

Subscribe to our newsletter to receive updates on products, services and general information around Linux, Storage and Cybersecurity.

The Cybersecurity option is an OPT-OUT selection due to the importance of the category. Modify your choice if needed.

Select list(s):