You always have to have IVR zones and IVR Zonesets in IVR.  I am not sure why you would not have them, or how it would be working without showing them.  Obviously there is some explaination.  If you view either of those zonesets 12 and 14 "show zoneset active vsan 12", "show zoneset active vsan 14", it would have to show the membership of those two devices, does it not? And they should have * next to them to show they are seen.

Aha, i see what i am doing wrong. I ran "show zonetset vsan 12" - this does not show IVRZ zones, but then i tried you example "show zoneset active vsan 12" and i do see IVRZ zones.  Ok so Brian help me understand why i am seeing IVRZ when i look at active zoneset for VSAN 12 versus  regular zoneset command.

Thank you for your help.

This is normal behavior.  The "full zoneset" is the zones/zonesets you configure.  There can be many zones, many zonesets.  But only one zoneset per VSAN can be active at a time.  The MDS takes the IVR Zoneset you created "sh ivr zoneset" and it merges it with the zoneset you activate, to create the active zoneset.  It also adds in things like any iSLB auto-zones you may have as well.

So if you want to make any changes to your IVR you only edit the IVR zones/zoneset.  The MDS takes care of the merge, its smart enough to add these to the appropriate zones as needed with the IVZ prefix.

In your situation, you are in fact spanning the one VSAN and then doing IVR on a single border router.  It would be good to introduce a true transit VSAN.  Although you have to deal with the fact you are partitioning one of your VSAN's you can either renumber it at one end or deal with it via IVR NAT.

so just to be clear, if you edit a regular zone/zoneset, say  you make a change, you then activate that zoneset.

If you edit any of the IVR zones/zoneset, you then activate the ivr zoneset.

you only have to activate the one you just made changes to, the system will ensure the complete active zoneset has both regular zoneset and ivr zoneset information.

So if you want to make any changes to your IVR you only edit the IVR zones/zoneset.  The MDS takes care of the merge, its smart enough to add these to the appropriate zones as needed with the IVZ prefix.

yeah, this is what's odd to me. I thought that everything IVR related resides in that IVR zoneset with its  zones. Still don't quite understand why IVRZ zones need to be added to the other VSANs

In your situation, you are in fact spanning the one VSAN and then doing IVR on a single border router.  It would be good to introduce a true transit VSAN.  Although you have to deal with the fact you are partitioning one of your VSAN's you can either renumber it at one end or deal with it via IVR NAT.

i am trying to understand what you are saying here. So i have this one switch that has two VSANs: 12 and 14.  Since these two VSANs reside on the same physical switch why would i need a transit VSANs.  From Cisco documentation i understand that "adjacent" VSANs don't require transit VSANs.

If VSAN 12 and VSAN 14 have unique domain id why would i need to re-number them or use IVR NAT.

Thank you for these discussions, hopefully they will assist other IVR noobies like me

I don't have a diagram of your current network, but I guess I was assuming that one of those VSAN's, 12, 14, or whatever, was extended over an FCIP/DWDM link.  If you do that, without using a transit VSAN, then any disruption in the WAN, can cause disruption to the SAN which would not be good.  By making the WAN link its own VSAN, it isolates the non-transit VSAN's from these disruptions.

IVR is a cisco thing, and all switches do not understand it.  What switches do understand is regular zones and zone changes.  So IVR is sort of a middleware mechanism that is really just manipulating regular type zones.  There is more to it than that of course, but my point is, there is a reason why you maintain IVR in a set of IVR zones/zonesets, but it adds this information to "regular" zones.

Also any changes you make to zoning you will want to do on one of your IVR enabled switches, your border switches, you will want to avoid making zoning changes directly on the switches that are not running IVR, as this can cause some unpredictable results and disruption.

You don't need a transit VSAN for VSAN's that reside on a single switch or even a single localized fabric.  Its encouraged if you are using a WAN link.  Spanning VSAN's over the WAN is not a good idea (unless its a Transit VSAN your spanning).

Brian

my fault Brian, i started talking about my "proposed" design with DWDM link in the middle but then got into other areas.

So if you look at my original diagram (attached to my first post). Somebody on other forum told me that i don't need to put my long-way ports into transit VSAN 30, they can be in VSAN 1 or any other VSAN. What do you think about that ?

By long-way ports do you mean your DWDM ports?  You should put those in a transit VSAN, it can be whatever number you want, 1, 30 etc.  But it should be a VSAN that you are only using for this purpose.  If you have other stuff in it, then it defeats the purpose of having a transit VSAN. 

You don't have to use a transit VSAN, but its best practice to do so.

yes, by long-way ports i mean my DWDM ports. Is there a specific reason they need to be part of my transit vsan ? Could they be in VSAN 1 as long as i "trunk allow" VSAN 30 only (my transit VSAN) ?

i was looking at this document and trying to understand why they say that "The default zone in the transit VSAN should be set to deny"

http://www.ciscosystems.com/en/US/docs/storage/san_switches/mds9000/sw/svc/configuration/guide/Dual.html

Thank  you

Notice how in your output for show ivr vsan-topology even though its Active "yes", under Cfg. it says "No".

Thank you Brian so MUCH !!!