Switch and router policy monitors – Brocade Network Advisor SAN + IP User Manual v12.1.0 User Manual

1666

Brocade Network Advisor SAN + IP User Manual

53-1002949-01

Policy monitor overview

47

Switch and router policy monitors

Switch and router policy monitors enable you to set the following policy monitors on switches and
routers.

•

Check connections: redundant connections to neighboring switches (SAN only) — This switch
and router policy monitor enables you to determine if there are at least the minimum number
of configured inter-switch links (ISLs) between each switch pair.

The resiliency and redundancy of the fabric is an important aspect of the SAN topology. To
remove any single point of failure, SAN fabrics have resiliency built into the Fabric OS.

For example, when a link between two switches fails, routing is recalculated and traffic is
assigned to a new route. Therefore, to provide redundancy and enable resiliency, using ISLs,
the best practice is to make sure that there are at least two ISLs between each switch pair.

The redundant link refers to both the physical connection and the logical ISL. No matter how
many physical connections exist between the two base switches, there is only one logical ISL
between two logical switches. A logical ISL counts as one connection between the source and
destination switches; therefore, when a logical ISL is present, the connection count may be
inaccurate. To pass this monitor, the total number of logical ISL and physical connections must
be greater than the minimum connection.

For FCIP tunnels, one tunnel counts as one connection. This rule does not check circuits within
the FCIP tunnel. The total number of trunk ISLs, single ISLs, and the number of tunnels is
compared with the minimum number settings to decide if the redundant ISL check is a
success or a failure.

Rule Violation Fix — If the policy monitor report shows a violation, the SAN Administrator can
add redundant ISLs between the source and the target switch.

•

Check for HTTPS (secure HTTP) configuration — This switch and router policy monitor enables
you to check each target to see if HTTPS is active for device data transmission.

NOTE

Not supported on Network OS products and the following IronWare products: Ethernet Core
routers, Ethernet Carrier Routers, Ethernet Edge router, and Data Center switch, as well as the
6650 Ethernet switch, router, and L3 router.

The preferred Management application product communication must be HTTPS for this check
to pass.

For Fabric OS products, verifies the IP ACL active policy rules. You should verify that the IP ACL
active rules deny HTTP access to all.

For Fabric OS products, if the IPv6 interface is enabled, verifies both IPv4 and IPv6 IP ACL
active policies.

Rule Violation Fix — If the policy monitor report shows a violation, enable HTTPS on the device.
Disable HTTP settings on the device, if enabled.