LUN masking vs. Zoning differences and the usage scenario

Hi Poeple,

I'm currently learning about the storage technology layer for VMware VCP exam, what's the difference between the two terms

LUN masking and Zoning ? is this something got to do with the NPIV ?

how are they used, I'm still unclear.
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Zoning usually applies to switched Fabric, e.g. Fibre Channel Technology (FC). Zoning is used to partition or isolate ports, zoning is also a term used with vSANs today.

LUN Masking - allows you to enable or disable a LUN at the storage controller level, for a host.

Microsoft has an article here

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Gerald ConnollyCommented:
First things first!  NPIV has nothing to do with LUN masking or Zoning.

Zoning: Is usually implemented in the connecting fabric and only allows devices that are in the same zone to see each other. So if there were 100 devices connected to your fabric, but there are only 10 in your zone you will only know about those 10, its as if you only have 10 devices in the fabric. Similar to a IP sub-net.

LUN Masking: Is usually implemented in the connected devices, rather than in the fabric as Zoning is. e.g a external RAID controller. Your RAID controller may have 10 LUNs configured, but with LUN masking configured either in the RAID array (more common) or the HBA, your server may only be able to see 2 of the LUNs, and another server (in the same zone) can only see 5 of the remaining LUNs
Joseph NyaemaIT ConsultantCommented:

World Wide Number (WWN)

WWNs are unique identifies used in storage techonologies (Fibre Channel etc) as World Wide Node Name (WWNN)to identify a host or as a  World Wide Port Name (WWPN ) to identify a Port on host

Logical Unit Number (LUN)

A LUN is a number used to identify a device accessed by using the SCSI protocol.


Zoning is done at the switch level.  It specifies which host can communicate to which device by grouping together WWNS. There are two kinds of zoning Soft zoning and Hard zoning:
Hard Zoning (also known as Port Zoning) creates communication paths by grouping  the physical ports on a fibre switch, hence specifying which ports can communicate with each other, and preventing those ports that are not in a given zone from communicating with each other.   Several WWNs from different or the same node can be seen on on a given port.
Soft Zoning or (WWN Zoning) uses WWNs to group Nodes so that they can communicate with each other.
A host that communicate to a given device on a specific port can be moved to a port that belongs to a hard zone the device belongs to hence enabling communication.
Connecting a new device to a port previously occupied by host that belonged to a Soft Zone will not yield any communication.

LUN Masking

LUN Masking is done at the Storage level. It consists of a group of WWNs which are allowed to access a given LUN.
Hosts not included in the LUN's mask cannot access it.

Hosts can be in the same zone but only one can access a given LUN because of LUN Masking.

N_Port ID Virtualization (NPIV)

NPIV is a Fibre Channel feature that allows multiple Fibre Channel node port (N_Port) IDs to share a single physical Port.
One implementation is in Server Virtualization where multiple VMs with a virtual Fibre Channel adapter share a single physical Fibre Channel adapter each appearing to have its own WWN.

LUN Masking vs Zoning
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

WWN zoning/soft zoning is done through the fabric switch software.  The switch software is filtering WWN address in order to allow/prevent access to hosts based on their WWN adresses.

Port zoning/hard zoning is done at  hardware level of the fabric switch. In this case a group physical switch ports put together in order to communicate. i.e. Access to the SAN is determined on the fabric switch based on the physical port to which the host is attached.

Again Lun masking is usually done through the SAN itself while WWN/Port zoning is done through the fabric switch
Gerald ConnollyCommented:
@madunix - Lun masking is usually done through the SAN itself, aren't the switch(es) part of the SAN?

As i said previously LUN masking is usually done on the edge devices, like the RAID controller or the HBA
Senior IT System EngineerIT ProfessionalAuthor Commented:
So does this case, both terms only available in the Fibre Channel protocol not on the iSCSI or FCoE ?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
LUN Masking is available to both FC, iSCSI and FCoE.

Zoning is normally FC.
Joseph NyaemaIT ConsultantCommented:
As Andrew as mentioned LUN Masking can be applied to FC, FCoE, and iSCSI.

Zoning can only be done on Fibre Channel Fabrics (FC Switches).
FCoE and iSCSI on the other hand ride on Ethernet Fabrics (Ethernet Switches).  The concept of zoning does not exist.  The closest you can come to implementing something close to zoning on Ethernet Switches is by creating VLANs.  This  though does not operate the same way Zoning does. In Zoning, ports can members of more than one zone, while in VLANs ports are members of one VLAN.  And for iSCSI, additionally to creating VLANs you must configure subnets.

iSCSI vs FC (Fibre Channel) SANs (After Mid Page)
Senior IT System EngineerIT ProfessionalAuthor Commented:
Cool, thanks people.

In this case it seems that the two Zoning and masking is a dangerous thing if not done correctly.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
If you don't take care, and have adequate documentation, you can have complete SAN outage, and it happens!
Gerald ConnollyCommented:
Zoning and LUN masking are essential, and can cause problems if not done correctly.

IN a simple SAN they are not too difficult to administer, but in a complex SAN, they can be a nightmare.
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.