cisco iscsi
TRANSCRIPT
-
8/10/2019 Cisco ISCSI
1/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
1 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI DESIGN AND IMPLEMENTATION
SESSION OPT-2053
222 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Agenda
Storage Networking Technology Review
iSCSI and IP Storage Network ing
Designing the iSCSI Network
High Availability
Network Boot
iSCSI Network Security
Network Management and Administration
Configuring iSCSI
Summary
-
8/10/2019 Cisco ISCSI
2/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
333 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Design and Implementation
Storage Networking Technology Review
iSCSI and IP Storage Network ing
Designing the iSCSI Network
High Availability
Network Boot
iSCSI Network Security
Network Management and Administration
Configuring iSCSI
Summary
444 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
The Typical Storage Environment
Direct Attached Storage (DAS)
Storage is captive behindthe server
Server CPU must handleuser I/O requests, but also:
User-database inqui ries
User file/print serving
Data-integrity checking
Communication wit hother devices
Data access is file systemand platform dependant
Costly to scale; complexto manage
FC
Clients
SCSIFC
Direct-Attached Storage (DAS)
Servers
Win2k Linux Win2k Linux Unix
IP Network
-
8/10/2019 Cisco ISCSI
3/52
-
8/10/2019 Cisco ISCSI
4/52
-
8/10/2019 Cisco ISCSI
5/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
999 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Design and Implementation
Storage Networking Technology Review
iSCSI and IP Storage Network ing
Designing the iSCSI Network
High Availability
Network Boot
iSCSI Network Security
Network Management and Administration
Configuring iSCSI
Summary
101010 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
IP Storage Networking
IP storage networking provides solu tion to carrystorage traffic within IP
Uses TCP: a reliable transport for delivery
Appl icable to local data center and long-haul appl ications
Two primary protocols:iSCSIInternet-SCSIused to transport SCSI CDBs and datawithin TCP/IP connections
FCIPFibre-Channel-over-IPused to transport Fibre Channel frameswithi n TCP/IP connections any FC framenot j ust SCSI
IP TCPTCP FCIPFCIP FCFC SCSI Data
IP TCPTCP iSCSIiSCSI SCSI Data
-
8/10/2019 Cisco ISCSI
6/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
111111 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
What Is iSCSI?
A SCSI transpor t protocol that operates over TCP/IPEncapsulates SCSI CDBs (operational commands: e.g. reador writ e) and data into TCP/IP byte streams
Al lows IP hosts to access IP-based SCSI targets (either natively
or via iSCSI to FC router)
Standards statusRFC 3720 on iSCSI
Collection of RFCs describing iSCSI
RFC 3347iSCSI Requirements
RFC 3721iSCSI Naming and Discover
RFC 3723iSCSI Security
Broad industry supportServer vendors now publishing own suppo rted iSCSI drivers
Native iSCSI storage arrays now appearing
121212 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
SCSI Block CommandsSCSI Block CommandsSCSI StreamSCSI Stream
CommandsCommands
ParallelParallelSCSI TransportSCSI Transport
SCSI Applications (File Systems, Databases)
Parallel SCSIParallel SCSI
InterfacesInterfaces
SCSIDevice-TypeCommands
SCSIGeneric
Commands
SCSITransportProtocols
Layer 3Network
Transport
Layer 2Network Fibre ChannelFibre Channel Ethernet, PPP, HDLCEthernet, PPP, HDLC
Other SCSI CommandsOther SCSI Commands
IPIP
TCPTCP
SCSI Commands , Data, and Status
iSCSI Architectural Model
FCPFCPSCSI over FCSCSI over FC
iSCSIiSCSISCSI over TCP/IPSCSI over TCP/IP
-
8/10/2019 Cisco ISCSI
7/52
-
8/10/2019 Cisco ISCSI
8/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
151515 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI for Remote Block Access
Block access to remotestorage over IP
Appl ication must to leratelatency for long d istances
Metro Ethernet servicesoffer lower-latencytransport alternative
Remote backup overIP WAN
Centralized managementfrom centralized storage
iSCSI-EnabledHost
RemoteMirrors
IPWAN
StoragePool
FCFabric
FCFabric
iSCSI
Device
Site A
Site B
iSCSI
161616 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Naming
Initiator and target require iSCSI names
Name is location independent
iSCSI node name = SCSI device name of iSCSI device
Associated with iSCSI nodes, NOT adapters
Up to 255-byte displayable/human readable string(UTF-8 encoding)
Use SLP (Service Location Protocol) V2, iSNS, or querytarget for names (SendTargets)
Two iSCSI name types:
iqniSCSI qualified name
euiExtended Unique Identifier (IEEE EUI-64also used for FC WWNs)
-
8/10/2019 Cisco ISCSI
9/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
171717 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Name Structure
Unique String
iqn.1987-05.com.cisco.1234abcdef987601267da232.bettyiqn.2001-04.com.acme.storage.tape.sys1.xyz
Type DateOrganization
Naming Authori tySubgroup Naming Authority or
String Defined by Organization Naming Authorityiqn
eui
Date = yyyy-mm WhenDomain Acquired
Reversed Domain Name
Type EUI-64 Identifier (ASCII Encoded Hexadecimal)eui.02004567a425678d
Type
181818 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
SCSI and iSCSI Relationship
SCSI device = iSCSI node
SCSI port = iSCSI por t
Network portal definedby (IP addr + TCP por t)
Portal group = singleSCSI connection
iSCSI session betweeniSCSI initiator node and
iSCSI target node
Network Portal
10.5.40.22Port 3260, 5000
Network Portal
10.5.40.22Port 3260, 5000
Network Portal
10.6.40.25Port 3260
Network Portal
10.6.40.25Port 3260
iSCSI Target Portiqn[Tag=2]
iSCSI Target Node: iqn.1999-12.com.ajax:12579iSCSI Target Node: iqn.1999-12.com.ajax:12579
Network Entity (iSCSI Client)
iSCSI Initiator Portiqn.1999-12.com.ajax:OS1+[ISID=1+5+1]
PortalGroups
iSCSI Initiator Node: iqn.1999-12.com.ajax:OS1iSCSI Initiator Node: iqn .1999-12.com.ajax:OS1
NetworkPortal
10.1.30.4
NetworkPortal
10.1.30.4
NetworkPortal
10.2.30.3
NetworkPortal
10.2.30.3
IP NetworkiSCSI
Session
Network Portal
10.4.40.21Port 3260
Network Portal
10.4.40.21Port 3260
iSCSI Target Portiqn.1999-12.com.ajax:12579[Tag=1]
TCPSession
LUs
TCPSession
-
8/10/2019 Cisco ISCSI
10/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
191919 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Sessions
iSCSI has the concept of a session
Two session types: (1) Discovery, and (2) Normal operation
Both session types have various phases/stages
1. Initial login phase
2. Security authentication
3. Operational parameter negotiation
4. Full-featured phase
Session can handle SCSI commands and data
after login is complete
202020 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Login Sequence
(No Authentication)iSCSI Device wit h
Configured TargetsInitiator (iqn.abcd.PC1)
with iSCSI Driver
SessionType = discovery; Initi atorName=iqn.abcd.PC1
Auth =none; HeaderDiges t=non e; DataDig est=no ne;
SessionType = discovery; Initi atorName=iqn.abcd.PC1DataPDULength=; MaxBurst Size=;
SendTargets=All
iSCSI Login Command
Establis h TCP Session (SYN, SYN/ACK, ACK Sequence)
iSCSI Login Response (Success)
iSCSI Login Command
iSCSI Login Response (Success)
DataPDULength=; MaxBurst Size=;
iSCSI Text Command
iSCSI Text Response
TargetName=iqn.email.tgt2; iqn.fi lestore01;
Discovery:Contact Targetand NegotiateSecurity andSessionParameters
Discovery:Contact Targetand NegotiateSecurity andSessionParameters
Discovery:Solicit AvailableTargets
Discovery:Solicit AvailableTargets
Normal LoginLogin to EachTarget andNegotiateSecurity andSessionParameters
Normal LoginLogin to EachTarget andNegotiateSecurity andSessionParameters
TCP Port 3260(Listen)TCP Port 3260(Listen)
Block DeviceHas AlreadyInitialized ontothe FibreChannel Fabric
Block DeviceHas AlreadyInitialized o ntothe FibreChannel Fabric
ThisSequence IsRepeated forEvery TargetAvai lable tothis Initiator
ThisSequence IsRepeated forEvery TargetAvai lable tothis Initiator
iSCSI Login Command
SessionType=normal; Init iatorName=iqn.abcd.PC1; TargetName=iqn.email.tgt1iSCSI Login Response (Success)
Auth =none; HeaderDiges t=non e; DataDig est=no ne;
iSCSI Login Command
SessionType=normal; Init iatorName=iqn.abcd.PC1; TargetName=iqn.email.tgt1
iSCSI Login Response (Success)
DataPDULength= ; MaxBurstSize=; etc
Establish TCP Session (SYN, SYN/ACK, ACK sequence)
-
8/10/2019 Cisco ISCSI
11/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
212121 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Connections and SCSI Phases
A SCSI command and its associated data- and status-phaseexchanges must traverse the same TCP connection
Linked SCSI commands can traverse separateTCP connections for scalability
iSCSI (TCP) Connection 1
iSCSI Session
SCSI Command (1) (Read)SCSI Data (1)
SCSI Status (1)
iSCSI (TCP) Connection 2
Linked SCSI Commands
SCSI Command (1) (Write)SCSI Data (1)
SCSI Status (1)iSCSIHost
iSCSI iSCSI GW
Device
222222 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Discovery
Small networks
Static configuration, in itiators, and targets
SendTargets command makes configuration easier
Medium-sized networks
Service Location Protocol (SLP multicast discovery)
Large-sized networks
iSNS (Internet storage-name service)
Includes soft-zone domains
Includes database for ongoing management
-
8/10/2019 Cisco ISCSI
12/52
-
8/10/2019 Cisco ISCSI
13/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
252525 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI HBAs and TCPOffload Engines (TOEs)
Offloads TCP and,optionally, iSCSIprocessing intohardware
Relieves hostCPU from:
TCP processing16-bitchecksum per packet
iSCSIoptional 32-bit
header and data digests(CRC32C)
TCPOffload
iSCSIand TCPOffload
File SystemFile System
Block DeviceBlock Device
SCSI GenericSCSI Generic
HBADriver
HBADriver
TCP/IPStack
TCP/IPStack
NICDriver
NICDriver
iSCSIDriver
TOEDriver
TOEDriver
SCSI AdapterSCSI Adapter
AdapterAdapterDriverDriver
TCP/IPStack
TCP/IPStack
iSCSITCP/IPStack
TCP/IPStack
App lic ations
262626 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Design and Implementation
Storage Networking Technology Review
iSCSI and IP Storage Networking
Designing the iSCSI Network
High Availability
Network Boot
iSCSI Network Security
Network Management and Administration
Configuring iSCSI
Summary
-
8/10/2019 Cisco ISCSI
14/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
272727 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
OS and Appl ications Suite for iSCSI
Typical operating systems
Windows 2000 and 2003
Linux
Typical applicationsblock accessed
Microsoft Exchange
Microsoft SQL
Low-end Oracle Database
Other application with medium-low I/O
Shared-disk (clus tered) file system
GPFS (General Parallel File System) Network remote boot
Blade server integration
282828 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Design Considerations
Know your application I/O profile
Know your application throughput
Determine needed availabili ty
Best performance achieved from local(no latency) dedicated (no competing traffic)IP storage network
Distance considerations
-
8/10/2019 Cisco ISCSI
15/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
292929 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Integration in Data Centersand Campus Network
CoreCore
CampusCampusAccessAccess
Internet
MDS MDS
MDS MDS
WebServers
AppsServers
FCFabric
Campus
Data Center
iSCSI iSCSI iSCSI iSCSI iSCSI iSCSI iSCSI iSCSI
i SCS I i SC SI i SC SI i SC SI
CampusCampusDistributionDistribution
i SC SI i SC SI
iSCSIiSCSIiSCSIiSCSIiSCSIiSCSI
FC FC FC FC FC FC FC
IPSIPSIPSIPS
303030 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
LDAP
Primary
LDAP
Primary
iSCSI in Data CentersInternetInternet
LDAPSlave
AppServers
DNSServer
WebServers
MailServer
DMZ
MZ
Area 51Area 51
DNS
Primary
DNS
Primary ERPERP
WebApp
Servers
MailG/WMailStor
iSCSI
CECE
Router/FW
Router/FW
Router/FW
Internet
iSCSI
-
8/10/2019 Cisco ISCSI
16/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
313131 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Bui ld an iSCSI Fabric
iSCSI fabric topology
Ethernet fabric topo logy
iSCSI fabric scalability
Trunking
Port channeling
iSCSI fabric availability
VRRP
iSCSI fabric secur ity
Authent ication and binding
iSCSI fabric manageabili ty
iSCSI identity and management
Scalability
Avai labi lit y
Security
Manageability
iSCSIClients
END
TO
END
END
TO
END
SharedStorage Pool
i SC SI i SC SI
iSCSI iSCSI iSCSI
i SCSI i SCS I
iSCSI iSCSI iSCSI
IPSIPSIPSIPS
323232 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Dedicated IP Storage Network
Separate logicalIP network but notnecessarily separatephysical network
Can use a VLAN ofexisting Ethernetnetwork
Recommend use of
dedicated NIC onhost for iSCSI
Minimized potential forbandwidth contention
iSCSI-EnabledHosts
StoragePool
iSCSIRouters
CatalystSwitches
DedicatedIP StorageNetwork
FCFabric
FCFabric
Clients
Front-Side IP Network
FC-AttachedHosts with HBAs
iSCSI iSCSI iSCSI iSCSI
-
8/10/2019 Cisco ISCSI
17/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
333333 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Trunking
802.1q trunkingStandard technology, framestagged (12 bit f or VLAN id) andmultiplexed
VLAN 1-4095
Load balancing available basedon IP address, MAC
VLAN terminationCreate subin terfacesVLANs
One IP address to eachsubinterface
Design with trunking
Multiple iSCSI initiators in thesame VLAN target dif ferentiSCSI interfacesload sharing
Add more subin ter faces in thesame VLANscale up bandwidth
switch(config)# int gigabitethernet 2/5.100
swit ch(con fig-if)# ip add 10.10.10.5 255.255.255.0Switch(config)# int gigabitethernet 2/8.100
Switch(config -if)# i p add 10.10.10.8 255.255.255.0
vlan 100: gig2/5.100
vlan 200: gig2/5.200
vlan 300: gig2/5.100
Gig2/8.100
Gig2/8.200
Gig2/8.300
IPSIPS
i SCSI i SCS I
iSCSI iSCSI iSCSI
i SCS I i SCS I
iSCSI iSCSI iSCSI
i SCS I i SCSI
iSCSI iSCSI iSCSI
343434 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
GE PortChannel
PortChannel on MDS IPS
802.3ad standard technol ogyto group multip le GE links forlarger bandwidth
Static PortChannel
Two adjacent GEs on thesame IPS module form onePortChannel
Design with GE PortChannel
Increase HA forlarge deployment
Layer 3 port channelIP address on PortChannelinterface
Port parameters must match
sw(config)# int port-channel 100
sw(config-if)# ip add 10.10.10.1 255.255.255.0
sw(config)# int gigabitethernet 2/7
sw(config-if)# channel-group 100
sw(config)# int gigabitethernet 2/8
sw(config-if)# channel-group 100
Catalyst
20:1 One ISL10:1 with GEPortChannel
MDS
oooooooo
IPSIPS
i SCS I i SCS I
iSCSI iSCSI iSCSI
i SC SI i SC SI
iSCSI iSCSI iSCSI
-
8/10/2019 Cisco ISCSI
18/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
353535 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Best practice design
VSAN membership
Ass ign toiSCSI hosts
Ass ign toiSCSI interfaces
Ass ign to d isk
VLAN termination
Sub-interface
Access control
VLAN and VSAN
mappingManagement
Troubleshooting
VLAN and VSAN Mapping
SharedStorage Pool
vrrp
Vlan 10 Vlan 20
VSAN 10
SAN
switch(config)#iscsi initiator ip-add 51.51.51.51
switch(config-(iscsi-init))#vsan 10
switch(config)#vsan database
switch(config-vsan-db)#vsan 10interface iscsi 2/3
iSCSI based
sw(config-(iscsi-tgt)#pwwn .
sw(config-(iscsi-tgt)#initiator ipadd 51.51.51.51 permit
Zone based
Sw(config)#zone name marketingvsan 10
Sw(config-zone)#member ip-add ..
Sw(config-zone)#member pwwn
IPSIPS
IPNetwork
IPSIPS
VSAN 20
iSCSIClients i SC SI i SC SI
iSCSI iSCSI iSCSI
i SCSI i SCS I
iSCSI iSCSI iSCSI
363636 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Proxy Initiator
Transparent modedefault
Proxy initiator
One pWWN to representmultiple iscsi initiators forscalability
Less entries in t he FCName Server
Ease management of zoning
Useful in cl ustering applications
Move the burden of lun maskingconfiguration and operation tothe IPS blades for sim plermanageability
10.10.10.1pWWN-1
I0.10.10.10pWWN-10
Proxy Initiator
pwwn-proxy
nn:nn:nn:nn:nn:nn:nn:nn
SAN
Proxy-initiator mode
sw(config)#int iscsi 2/3
sw(config-if)#switchport proxy-initiator nwwn pwwn
Proxy InitiatorIP Address:10.10.10.100
IPSIPS
SharedStorage Pool
iSCSIClients
IPNetwork
i SC SI i SC SI
iSCSI iSCSI iSCSI
i SCSI i SCS I
iSCSI iSCSI iSCSI
-
8/10/2019 Cisco ISCSI
19/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
373737 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
IVR in iSCSI
Inter-VSAN routing
Bridging between VSANs
Facilitates resource sharingamong different VSAN
Implement IVR in iSCSI
Unique domain IDs for switchesin the IVR topology
Future release allows dup licatedomain IDsNAT functi on
Ivr zones/zoneset
Ivr zoneset ivrzs1
ivr zon e ivrz1 (H2, H3, T1)
H1
H2 H3 H4 H5
H6
S1 S2
T1T1
VSAN 30 VSAN 40
VSAN 50
Ivr vsan-topology database
sw1 (vsan 30, vsan 50, vsan 60)
ivr zon e ivrz1 (H2, H3, T1)
iSCSI iSCSI
i SCSI i SCSI
IPSIPS
i SC SI i SCS I
383838 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Internet Storage Name Service (iSNS)
iSNSA nam e servic e provi des storageresource discoveryregister/deregister/query
Automatic login contro l servi ceaccess control
State change notification service
Open mapping o f FC and iSCSI devices
Light w eigh protocol on top of TCP (iSNSP)
Client-server model with directory service
Design with iSNSDynamic discovery for large-scaledeployment
Seamless integration wit h FCname service
iSNS server support fromMS Windows and Linux available Shared
Storage Pool
NS in MDSNS in MDS
iSNS Client
SAN
iSNSP
iSCSIClients
IPNetwork
iSNSServer
iSNSP
IPSIPS
i SC SI i SC SI
iSCSI iSCSI iSCSI
i SCSI i SCS I
iSCSI iSCSI iSCSI
-
8/10/2019 Cisco ISCSI
20/52
-
8/10/2019 Cisco ISCSI
21/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
414141 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
QoS for iSCSI: What and How to Apply?Best Practice Design for Convergence Network
Qos functions: classification, marking, and scheduling
Traffic shaping
Throttle traffic on out bound
Flows affected durin g congestion
GTS, FRTS, CAR
Rate limiting
Drop packets when limi t is reached
Both inbound and outbound
CAR
Congestion management with FIFO, PQ, CQ, WFQ, DWFQ
Recommendation
Traffic shaping and congestion management
Not to use rate limiting
424242 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
QoS on IPS
iSCSI traffic to be marked as high priori ty traffic inthe IP networktcp port 3260
DSCP value set for iSCSI traffic on each iSCSI port
Apply to both control and data frames
sw(config)# int iscsi 2/6
sw(config -if)# tcp qos (0-63)
-
8/10/2019 Cisco ISCSI
22/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
434343 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Read
One-to-one relationship between iSCSI and FCP frames
Single round trip between ini tiator and target to retrieve data
Target
iSCSI Read4kB
FCPSCSIRead4kB
FCPData
FCPData
SCSIStatus=Good
iSCSI Status=Good
iSCSIData-in
iSCSIData-in
IP Network
Initiator
iSCSI
Fibre Channel
SAN
Fibre Channel
SAN
FC
444444 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Write
Typical SCSI write requires two round tr ipsMust wait for tr ansfer ready before sending data
iSCSI initiator and target may negotiate Initial R2T = no duringlogin (unsolicited data)
iSCSI data out can follow SCSI write
iSCSI Write4kBITT=12340000
TransferReadyiSCSIDataOut
iSCSIDataOutFCPData
FCPData
SCSI Status=Good
iSCSI Status=good
Two RoundTrips forFCP Write
R2T(ReadytoTransfer)
If R2TRequired,
Then iSCSIData Out
Must Wait SCSIWrite4kB
Fibre Channel
SAN
Fibre Channel
SAN
IP Network
Initiator
iSCSI
Target
FC
-
8/10/2019 Cisco ISCSI
23/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
454545 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Throughput in iSCSI
SCSI controls data movement
Latency impact on throughput
Throughput is calculated:total data transmitted/end-to-end latency
Factors contri bute to latency:equipment, pr otocol, distance
The larger the distance,the longer the latency1ms/300km
Maximize the throughput
Manage the distance: as sho rtas possible
TCP impact on iSCSI throughput
464646 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Understand TCP Behavior
Throughput
Time
MWS
SSthresh
Slow Start Congestion Avoidance
-
8/10/2019 Cisco ISCSI
24/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
474747 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
How Does TCP Impact IP NetworkThroughput
Number of bytes in flight = Bandwidth*Delay (BW*Delay)
To maximize throughput
Goodput (output = input)
TCP congestion window (cwnd) > = Bandwidth *Delay product
If cwnd too small, throughput is smaller than the network capacity
If cwnd too bi g, congestion happens, which causes retransmission,emptiness of the network
To recover from errors
Size of TCP sender-side socket buf fers = 2*BW*Delay
High-performance network optionsLarge windows (RFC1323)
SACK
484848 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Performance Objectives and
Determining Factors
Understand performance objectives
Number of users
Number of I/O requests
Acceptable response t ime
Desired throughput
Factors impact performance
System resources (CPU, memory, bus architecture)
Storage resources (RPM, cache, RAID level)
Network equipment/gateway
Avai lable IP network bandw idth (espec ial ly in WAN)
Distance between iSCSI initiators and targets
TCP implementation and configuration
I/O block size
-
8/10/2019 Cisco ISCSI
25/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
494949 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Performance Tuning of iSCSI Network:Best-Practice Design
Use TOE cards on sys tems with high CPU utilizations
RAID-level implementation on disk array
Things related to TCP/IP
Increase TCP window size to make the pipe full (min and maxTCP bandwidth, estimated delay)
Avo id lossy network or use Qos to prior it ize iSCSI traff ic
Enable jumbo-frame support end to end
Enable SACK (default)
Use TCP send buf fer on IPS
Increase I/O block size from 8k to 64k or larger Store-and-forward mode in MDS (no iSCSI CRC)
Fan-out ratio consideration
505050 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Deployment Scenarios
Very little delay due to small dis tancein campus network => throughputclose to bandwidth
Appl ications examples: diskconsolidation and file sharing
Disk saving resulting from storageconsolidation
Ease of management in comparingto DASsystem and storage
Consider oversubscription designof IPS links for cos t saving
Large fan-out ratio: iSCSI hostsand storage port
Security consideration Campus Network
iSCSI iSCSI
iSCSIiSCSI iSCSIiSCSI iSCSIiSCSI iSCSIiSCSI
IPSIPSIPSIPS
-
8/10/2019 Cisco ISCSI
26/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
515151 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSIiSCSI iSCSIiSCSI iSCSIiSCSI iSCSIiSCSI
iSCSI Deployment Scenarios (Cont.)
Very little or no delay withindata center
Appl ications examples:Web services
iSCSI hosts to provide backup forprimary FC servers
ISL oversubscription and fan out
Blade-server integration
iSCSI remote boot
Number of NIC cards to use
File-sharing considerationiSCSI hosts a NFS serverNAS filer
GPFS
Core
Core
NFS Server
NASFiler
iSCSIiSCSI iSCSIiSCSI iSCSIiSCSI iSCSIiSCSI
iSCSI iSCSI
iSCSI iSCSI i SC SI i SC SI
iSCSI iSCSI iSCSI iSCSINAS
IPSIPS IPSIPS
IPSIPS IPSIPS
525252 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Blade Server Integration with iSCSI
Shared StoragePool
LUN 3
LUN 2
LUN 1
LUN 0
LUN 3
LUN 2
LUN 1
LUN 0
LUN 3
LUN 2
LUN 1
LUN 0
LUN 3
LUN 2
LUN 1
LUN 0
DHCP Server
Blade Servers
TFTP Server
Boot Imagefor Diskless
Servers
Blade Servers
SAN
MDS
RADIUS ServerEnd Users
iSCSIIP
EthernetSwitch
EthernetSwitch
EthernetSwitch
EthernetSwitch
IPSIPS
-
8/10/2019 Cisco ISCSI
27/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
535353 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Deployment Scenarios (Cont.)
Transport fo r metro network canbe: metro Ethernet, DWDM, CWDM,Sonet, dark fiber
Within metro d istance => smalllatency incurred by the network;Ex. 1 ms one-way delayfor 300 km (180 miles)
Al l design considerat ions in campusand data center network apply
Appl ication examples: streamingmedia service in distributed data
centers; storage consol idationand file-sharing service
Apply QoS
MetroNetwork
i SCSI i SCSI
iSCSIiSCSI iSCSIiSCSI iSCSIiSCSI iSCSIiSCSI
iSCSI iSCSI iSCSI iSCSI
IPSIPS IPSIPS
545454 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Deployment Scenarios (Cont.)
Transparently extend SAN over thedistance for DR through di stributeddata center
Appl ication example: fastfile-sharing service for remoteoffice users
Heterogeneous OS andstorage array
Distance impactTranspor t be Sonet, lease line, FR, etc.
Large distanceLatency impact on operators/end usersfrom user-experience stand point
Latency impact on applicationsfromperformance and throughput s tand point
Apply QoS on WAN-edge devices
Secure the data
iSCSIiSCSI iSCSIiSCSI iSCSIiSCSI iSCSIiSCSI
iSCSI iSCSI
WAN
IPSIPS IPSIPS
iSCSI iSCSI iSCSI iSCSI
-
8/10/2019 Cisco ISCSI
28/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
555555 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Design and Implementation
Storage Networking Technology Review
iSCSI and IP Storage Networking
Designing the iSCSI Network
High Availability
Network Boot
iSCSI Network Security
Network Management and Administration
Configuring iSCSI
Summary
565656 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
What Can Fail in a Storage Network?
Failure causes:Hardware, software, or cable failures
Misconfiguration or upg rades
Intentional attack
Storage
Co
ntroller
DiskFailure
Controller orInterface Failure
Network Failure (Software,Hardware, Links, etc)
LinkFailure
NIC or HBAFailure
HostFailure
App licat ion
-
8/10/2019 Cisco ISCSI
29/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
575757 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI High-Availability Approaches
Two approaches:
Client-based
Multipathing
NIC teaming
Network-based
VRRP
PWWN aliasing
Static target importing and trespass
Can use combinations of the above accordingto requirements
585858 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI HA Multipathing Variations
Acti ve/Act ive:balanced i/oover both paths(implementationspecific)
Acti ve/Passi ve:i/o over primarypathswitchesto standby pathupon failure
A/A or A/P w il lvary by vendorimplementationand storage type
Standby (Failover) Path
Primary Path
Act ive
Act ive
Act ive
Passive
pWWN apWWN a
pWWN bpWWN b
pWWN apWWN a
pWWN bpWWN b
LUN Mapped overMultiple PathsUsing DifferentController pWWNs
MultipathingSoftware Balancesi/o over AvailableiSCSI Interfaces
MultipathingSoftware MonitorsAct ive i SCSI Path
iSCSI Driver
Multipathing
App lic atio nApp lic atio n
iSCSI Driver
MultipathingApp lic atio nApp lic atio n
-
8/10/2019 Cisco ISCSI
30/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
595959 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Real GigEAdd ress
IP: 10.0.0.2MAC: 00000f123456
Real GigE AddressIP: 10.0.0.3
MAC: 00000f654321
iSCSI HA: VRRP (MDS9000 Family)
RFC 2338
Protects Ethernet port, card, or switch failure
Al ternate port , card o r swi tch assumes conf iguration of fai ledport/card/switch
Maintains same virtual IP and MAC addresses
Same storage mappings (target WWPN and LUNs)
iSCSI sessions terminated and reestablished (state not retained)
pWWN apWWN a
VRRP Multicast HelloPackets Exchanged i n Band
Between Switch A and Switch B
Virtual Address
IP: 10.0.0.1MAC: 00000fabcdef
Switch A
Switch B
10.0.0.200
Storage Array
IPNetwork
Initiator Configuredto See Targets at
Virtual Address
iSCSI
606060 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI HA: PWWN Aliasing and Trespass
Protects against FC port/fabric failure, or storage arraycontroller/port failure
Available fo r statically imported iSCSI targets
Controller ports can be active/active or active/passiveSecondary path will only take over if primary path fails
LUNs mus t be visible over both ports (e.g. pWWN a and pWWN b)Some targets require receipt of a Trespass command to invoke the export of LUsto the passive port
LUN MustBe VisibleThrough BothController Ports
pWWN apWWN a
pWWN bpWWN b
10.0.0.1
Storage Array
This Path Takes Over ifPath to pWWN a Fails
iSCSI Virtual Target = abcPrimary Access = pWWN aSecondary Access = pWWN b
10.0.0.200iSCSI
-
8/10/2019 Cisco ISCSI
31/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
616161 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
FibreChannelFabric
iSCSI HA: Comparison of Approaches
Multipathing Host initiator presented with
TWO iSCSI targets (withdifferent iSCSI names)
Multipathing software resolvesaccess to common LUN throughthe two targets
Both paths active to the network(Multipathing software may usewith A/A or A/P)
VRRP
Host initiator presented with
SINGLE iSCSI target at same(virtual) IP address
Only one path acti ve at a time (a/p)
iqn.email.tgt1
iqn.email.tgt2
10.1.1.1
10.2.2.2
iqn.email.tgt1
Virtual IP10.1.1.1
iSCSI
iSCSI
iqn.email.tgt1
626262 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Design and Implementation
Storage Networking Technology Review
iSCSI and IP Storage Networking
Designing the iSCSI Network
High Availability
Network Boot
iSCSI Network Security
Network Management and Administration
Configuring iSCSI
Summary
-
8/10/2019 Cisco ISCSI
32/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
636363 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Network Boot
Typical iSCSI client (e.g. host server)loads in the following order:
1. Operating system (e.g. Windows 2000, Linux)
2. Network
3. iSCSI client driver
How can you load the OS over iSCSI?
Network boot uses PXE (Preboot ExecutionEnvironment) capability present in many
server BIOS and NICs (part of Intels Wiredfor Management (WFM) spec)
646464 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Network Boot: Boot Sequence
1. BIOS sends DHCP request
2. DHCP server returns:
Servers IP address and g/way
TFTP server add ress and ROMextension filename
iSCSI server, target, and LUN
3. BIOS uses TFTP to fetch andexecute inbp.com file
4. ROM extensi on sends DHCPrequest for iSCSI Boot String
5. DHCP server r eturns iSCSIserver, iSCSI target, and LUN
6. ROM extension interceptsINT13 disk r/w and redirectsto iSCSI server
7. BIOS reads C: drive (through inbp.com t o load OS (Windows)
8. BIOS executes Windows OS andloads networks and iSCSI drivers
9. Windows uses i SCSI driver toaccess drives (normal operation)
DHCPServer
TFTP
Server0 1 2
iSCSI Servere.g. SN5428 orMDS9000 IPS-8
Fibre ChannelAttac hedStorage Array
33
Fibre ChannelFibre Channel
11
22
4455
C: D: E:
NIC
Diskless Win2k ServerPXE 2.1
NetworkDriver
iSCSIDriver
WindowsOS
SystemBIOS
ROMExtension
UNDIDriver
88
66
99 77
-
8/10/2019 Cisco ISCSI
33/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
656565 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Remote Boot Implementation
iSCSI Clients(Diskless
Server)
SharedStoragePool
iSCSI Disksas BootDisks
Boot Imagefor Diskless
Servers
iSCSIiSCSI
iSCSI iSCSIiSCSI
iSCSIiSCSI
iSCSI iSCSIiSCSI
DHCP Server
Master Server
TFTP Server
IP Address
TFTP ServerInformation
Inbp.comIPSIPS
666666 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Design and Implementation
Storage Networking Technology Review
iSCSI and IP Storage Networking
Designing the iSCSI Network
High Availability
Network Boot
iSCSI Network Security
Network Management and Administration
Configuring iSCSI
Summary
-
8/10/2019 Cisco ISCSI
34/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
676767 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Secure iSCSI Network and Storage
Average $2.7 mill ion loss when proprietaryinformation s tolen according to CSI and FBI
Intrusion and denial of service attack
Where to secure
In storagewhile at rest
In iSCSI networkon the wire
iSCSI security components
Traditional segmentation and access cont rol
Authent icationEmerging SAN architecture
IP network security techniques
686868 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Secure iSCSI Network: Highlights
SAN Management
SSH, Radius,SNMPv3, SFTP
iSCSI Security Services
VSAN
ZoningiSCSI Host Can Be Zonedwith IP Address or IQN Name
LUN Masking/Mapping
iSCSI HostIP Access
ACLS
VLANs/PVLANs
IPSec VPN
Firewalls
iSCSI Authentication
LUN Masking/Mapping
Target Access Securit y
Zoning
Advanced Zoni ng
LUN Zoning
Read-Only Zoning
CiscoMDS 9000
Family
AAA Aut henticat ion
SSH, Radius, SNMPv3,SFTP, RBAC
Target
Host
RADIUS
-
8/10/2019 Cisco ISCSI
35/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
696969 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Traditional Storage Means
Zoning
Segmentation within a fabric and initial access control
Soft zoning and hard zoning
Zone members can be either iSCSI hosts IP addressesand/or symbolic names
LUN masking
Defining relationship between iSCSI hosts andstorage devices
Detailed into LUN levelPerformed at array controller
iSCSI hosts can be represented by proxy in itiator in MDS
707070 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
AAA iSCSI Authent ication
Al low ONLY authenticated iSCSI init iators to accessconfigured LUNs
Two-way authentication
iSCSI initiators authenticated by iSCSI routers
iSCSI routers/targets authenticated by iSCSI initiators
Choice of authentication methods
RADIUS external server
TACACS+ external server
Local username database (CHAP)
CHAP (Challenge Handshake Authentication Protocol)used as authentication pro tocol
-
8/10/2019 Cisco ISCSI
36/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
717171 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Authentication (Cont.)
Optional mutual authentication ofinitiators and targets
CHAP used as authentication methodSpecified globally on/off or by GE interface
Initiators authenticated to targetsPer target username/password con figured ininitiator and ch ecked against local databaseor AAA server
Targets authenticated to initiatorsInitiator username/password in switch,checked against secret configured in ini tiator
RADIUS orTACACS+Server
CHAP
User1/pwd1User2/pwd2/
iqn.target1
username: User1
iqn.target1
username: User1
iqn.target2username: User2
iqn.target2username: User2
Initiator Configuration
Initiator n ame:iqn.really.bigserver1Password: abc123
iqn.target1Username: User1Password: pwd1
iqn.target2Username: User2Password: pwd2
Initiator Name:iqn.really.bigserver1
Username: is csiuser1
FC
FC
727272 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Emerging Secure SAN Archi tecture
Secure transport for fabric accessSNMP v3, SSH, SFTP, SSL, AAA
VSAN
Partitioning SAN fabric into vir tual entities
Tagging each frame by MDS to insure total iso lation of each entity, hence security
iSCSI port VSAN membership assign
iSCSI initiator VSAN membership assign
iSCSI based access control
Access to iSCSI vir tual target/LUN granted to in div idual iSCSI hos t
iSCSI LUN mapping provides more access control more granularlyat LUN level
Adverti sement of iSCSI v ir tual target Making an iSCSI zone read-only zoneprotecting the data integrity
on iSCSI virtual target
Role-based management access control
Apply t o iSCSI related network m anagemen t ro les
-
8/10/2019 Cisco ISCSI
37/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
737373 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
IP Network Security Techniques
FirewallStandalone or int elligent firewall service module
Al low well-known TCP port 3260 for iSCSI
IPSec VPNVPN tunnel for iSCSI remote access
Access Contro l L is t (ACL)
VLAN and PVLANSubinterface implementation on iSCSI
Separated VLAN for iSCSI
Port securityAl low, block, o r rest rain access to Ethernet based onMAC address
IDShow do you know when the attack happens
747474 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Design and Implementation
Storage Networking Technology Review
iSCSI and IP Storage Networking
Designing the iSCSI Network
High Availability
Network Boot
iSCSI Network Security
Network Management and Administration
Configuring iSCSI
Summary
-
8/10/2019 Cisco ISCSI
38/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
757575 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Management and Administration
Network management protocolsSNMP v3
Network management tools
CLIlook and feel the same as IOS
Cisco Fabric Manager (CFM)for fabr ic wide tasks
Cisco Devices Manager (CDM)for device specific tasks
Integration w ith other leading management tools underway
Network operation and monitoring
SPANsource can be iSCSI interface, designed to work
with Port Analyzer AdapterCisco Protocol Analyzer
Cisco Traffic Analyzer
767676 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Network Management
The Cisco Fabric Manager(CFM) with full multiprotocolmanagement
Multiprotocol topology discovery
Multiprotocol zoning and VSANassignment
CFM maps iSCSI as dotted linkand Fibre Channel as solid link
iSCSI assigned addresses(WWNs) are kept in nonvolatil e
configurationCan be easily extract ed via TFTP,FTP, SFTP to be arch ived
Each iSCSI session can beclosely monitored throughCFM stats
Cisco Fabric ManagerScreenshot Showing Multiprotocol
SAN Topology
-
8/10/2019 Cisco ISCSI
39/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
777777 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Cisco Fabric Manager: Screenshot
Cisco Fabric Manager
Screenshot ShowingMultiprotocol SAN Topology
Dual-HomediSCSI Hosts
FCIP Links
iSCSI Hostsin Default
Zone
Port Channels
FibreChannel
Hosts
787878 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Design and Implementation
Storage Networking Technology Review
iSCSI and IP Storage Networking
Designing the iSCSI Network
High Availability
Network Boot
iSCSI Network Security
Network Management and Administration
Configuring iSCSI
Summary
-
8/10/2019 Cisco ISCSI
40/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
797979 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
MDS iSCSI Overview
IPS module creates virtual iSCSI targets and mapsthem to physical FC targets
Presents FC targets to IP hosts as iSCSI targets
Presents each iSCSI host as a FC host
Storage device responds to IP host as it wereconnected to Fabric
808080 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Logical Representation
and Mapping on MDS
iSCSI Initi ators Presentedas FC Initiator s
FC Targets Presentedas iSCSI Targets
iqn.abc.123
iqn.def.123iqn.ghi.456
iqn.jkl.555
iSCSI Storage View
IP
pWWN a
Fibre Channel SAN View
pWWN bpWWN c
pWWN d
FCFC
iSCSI
iSCSI
iSCSI
IP Network
pWWN 12:3456fcid 0x550001
IP Addr 10.1.1.2iqn.target.abc
IP Addr 10.1.1.1iqn.initiator.abc
Fibre ChannelFabric
pWWN 12:3478fcid 0x550002
-
8/10/2019 Cisco ISCSI
41/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
818181 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Initiator and Target Views
iSCSI host is assignedIP address and IQN name
iSCSI driver maps SCSIrequests and responsesto IP packets
FC zoning and LUN maskingcontrols access from initiatorto target
FC target owns pWWN andis assigned FCID
pWWN Bfcid 0x550002
pWWN Afcid 0x550001
Fibre Channel
Fabric
ip Addr 10.1.1.1iqn.initiator.abc
ip Addr 10.1.1.2iqn.target.xyz
iSCSI
FC
IP Network
FC
828282 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Present FC Target as iSCSI Target (Dynamic)
DynamicIPS module maps each FC target asone iSCSI target with un ique IQN name
Al l LUNs in SAN are avai lable as an iSCSI LUN
iSCSI target IQN created
MDS1(config)# iscsi import target fc
Command Imports All FC Targetsand Assigns an IQN for Each
pWWN; Each GE Configured
IP Addr 10.1.1.2iqn.target.abc
pWWN 12:3478fcid 0x550002
FC
FC
-
8/10/2019 Cisco ISCSI
42/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
838383 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
MDS1(config)# iscsi virtual-targetname anyname
MDS1(config-iscsi-tgt)# pWWN12:34..78 (Real pWWN of Target)
MDS1(config-iscsi-tgt)# initiatoriqn.initiator.abc (Initiator iqn.xxx or ip
Add ress that Can Access th is Target )
MDS1(config-iscsi-tgt)# advertiseinterface gig 2/1 (Interface to BeAdvert ised, Defaul t Is All GE Port s)
Present FC Target as iSCSI Target (Static)
Staticmanually select which FC target wil l beadvertised as iSCSI target
Access can be cont ro lled by control ler
IP Addr 10.1.1.2iqn.target.abc
pWWN 12:3478fcid 0x550002
FC
FC
848484 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Present iSCSI Host as FC Host (Dynamic)
Mapping each iSCSI host to a vir tual FC hostwith pWWN and FCID
DynamicnWWN and pWWN are allocatedby MDS FC WWN pool
Issues Are that pWWN CanChange with Each SessionDrops and Reconnects
This Can Be Resolved withPersistent pWWN/nWWN
After Ini ti al Login
iSCSI
IP Addr 10.1.1.1iqn.initiator.abc
pWWN 12:3456fcid 0x550001
-
8/10/2019 Cisco ISCSI
43/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
858585 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Present iSCSI Host as FC Host (Static)
Staticused if iSCSI host must have thesame pWWN as in connecting to intelligentFC storage with LUN mapping
MDS1(config)# iscsi init iator nameiqn.intitiator.abc (Real IQN Name)
MDS1(config-iscsi-init)#pWWN 12:34..56(Any pWWN to Used)
MDS1(config-iscsi-init)#nWWN 22:22..56
IP Addr 10.1.1.1iqn.initiator.abc
pWWN 12:3456fcid 0x550001
iSCSI
868686 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Basic Configuration Procedures
Configure interface on IPS module for iSCSI access
iSCSI initiator configuration
iqn name or ip address
iSCSI target creation and mapping
Access contro l
iSCSI-based
Zone-based
-
8/10/2019 Cisco ISCSI
44/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
878787 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Interface Configurations
First enable iSCSI
sw(config)# iSCSI enable
Assignment IP address to the GE inter face
sw(config)# interface gigabitethernet 2/5
sw(config-if)# ip address 10.10.10.1 255.255.255.0
Parameters such as MTU size
Enable the GE interface for iSCSI transport
sw(config)# int iscs i 2/5
888888 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Initiator Configuration
Create an iSCSI initiator using IP address
sw(config)# iscsi initiator ip-address 10.10.10.1 255.255.255.255
sw(config-(iscsi-init))# static pwwn hh:hh:hh:hh:hh:hh:hh:hh
Or sw(config-(iscsi-init))# static pwwn system-assign
Or do nothing for d ynamic assign
sw(config-(iscsi-init))# vsan 100
sw(config-(iscsi-init))# vsan 101
Other parameters such as MTU size can be configured
Create an iSCSI init iator using IQN namesw(config)# iscsi initiator name iqn.com.cisco.initiator.abc
The rest is the same as using IP address
Use SwitchWWN Pool
to KeeppWWN
Persistent
Can Be MultipleVSANs for
Trunking
SystemDynamic
Ass ign WithoutPersistency
-
8/10/2019 Cisco ISCSI
45/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
898989 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
iSCSI Virtual Target Configuration
Dynamic import of FC target
sw(config)# iscsi import target FC
Static creation of iSCSI virtual target
sw(config)# iscsi virtual-target nameiqn.com.cisco.target.abc
sw(config-(iscsi-tgt))# pwwn hh:hh:hh:hh:hh:hh:hh:hh fc-lun 2 iscsi-lun 0
sw(config-(iscsi-tgt))# trespass
Useful If AllLUNs in FC Areto Be Available
to iSCSI
LUN MappingProvides
Flexibility Whennot All FC LunsAre Exposed
Enable Trespassto Allow StandbyLink to Become
Act ive in the Evenof Primary Failure
909090 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Target-Only iSCSI Mapping
Map an iSCSI target to a physical storage target andall its LUNs are used
MDS9000 Configuration:
iscsi virtual-target name iqn.emailpWWN 20:00:07:63:00:c5:87:52
MDS Switch
LUN 0
LUN 1
LUN 2
LUN 3
Serial# 00018874
Serial# 00118874
Serial# 00218874
Serial# 00318874
Physical Storage Array
WWPN: 20:00:07:63:00:c5:87:52
LUN 3
LUN 2
LUN 1
LUN 0
Targetiqn.email
-
8/10/2019 Cisco ISCSI
46/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
919191 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Mapping to Host Server
Each mapped LUN appears as a local disk vo lumeto the host server
TargetEmail
MDS SwitchServer e.g Win2K Server
Local Disk (D:)
Local Disk (E:)
Local Disk (F:)
Local Disk (G:)
Target-Only
Mapping
LUN 0
LUN 1
LUN 2
LUN 3
Serial# 00018874
Serial# 00118874
Serial# 00218874
Serial# 00318874
Physical Storage Array
WWPN: 20:00:07:63:00:c5:87:52 Loopid: 129
LUN 3
LUN 2
LUN 1
LUN 0
929292 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Target-and-LUN iSCSI Mapping
Map to a uniquely identifiable LUN using one of:
WWPN + LUN
LUN WWN (not always assigned)
Physical Storage Array
WWPN: 20:00:07:63:00:c5:87:52
Targetiqn.email
MDS SwitchMDS9000 configuration:
iscsi virtual-target name iqn.emailpWWN 20:00:07:63:00:c5:87:52 fc-lun 2 iscs i-lun 0
LUN 0
LUN 0
LUN 1
LUN 2
LUN 3
Serial# 00018874
Serial# 00118874
Serial# 00218874
Serial# 00318874
-
8/10/2019 Cisco ISCSI
47/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
939393 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Mapping Virtual Targets to Host Servers
LUN 0
LUN 1
LUN 1
LUN 0
LUN 1
LUN 0
Serial# 00014522
Serial# 00114522
Serial# 00019876
Serial# 00119876
WWPN: 20:00:07:63:00:11:22:33
Target Email
Server e.g Win2K Server
Local Disk (D:)
Local Disk (E:)
Local Disk (F:)
Local Disk (G:)
Serial# 00018874
Serial# 00118874
Physical Storage Arrays
WWPN: 20:00:07:63:00:44:55:66
WWPN: 20:00:07:63:00:bb:cc:dd
Target DB
Target Web
Target and LUNMapping
Target and LUNMapping
Target-onlyMapping
LUN 0
LUN 1
LUN 0
LUN 0
949494 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Access Control
iSCSI-based
sw(config)# iscsi virtual-target i qn.com.cisco.target.abc
sw(config-(iscsi-tgt))# initi ator permit
Or sw(config-(iscsi-tgt))# initiator permit
Or sw(config-(iscsi-tgt))# all-initiator-permit
sw(config-(iscsi-tgt))# advertise interface
Zone-based
sw(config)# zone name iscsi-zone vsan 100
sw(con fig-zone)# member pwwn 21:00:00:20:37:4b:9a:bc
sw(con fig-zone)# member i p-address 10.10.10.1
sw(config-zone)# member symbolic -nodenameiqn.com.cisco.initiator.abc
-
8/10/2019 Cisco ISCSI
48/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
959595 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
IP Storage Network Design
Storage Networking Technology Review
iSCSI and IP Storage Networking
Designing the iSCSI Network
High Availability
Network Boot
iSCSI Network Security
Network Management and Administration
Configuring iSCSI
Summary
969696 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Summary
Leverages the existing IP infrastructure
Hence the in telligence, capacity, and best practice designcan be leveraged in the iscsi infrastructure
Complementary to FC yet represents a low-costtransport choice
Midrange applications connectivity
Midrange server connectivity with blade serverintegration as new system candidate
Potential long-distance SAN transport
-
8/10/2019 Cisco ISCSI
49/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
979797 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Reference Materials
http://www.t10.org/
http://www.t11.org/index.htm
http://www.ietf.org/rfc.html on RFC 3720
http://www.cisco.com/en/US/partner/products/hw/ps4159/index.html
989898 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Associated Sessions
OPT-1051Introduct ion to Storage Technologiesand Applications
OPT-2051Fibre Channel Storage Area NetworkDesign
OPT-2052FCIP Design and Implementation
OPT-2054Storage Networking Security
OPT-3052Troubleshooting MDS 9000 IP Storage
Area Networks Refer to the session listing on the Networkers
Speaker website at:http://wwwin.cisco.com/Mkt/events/nw/2004/speaker.html
-
8/10/2019 Cisco ISCSI
50/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
999999 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Appendix
SCSISmall ComputerSystem Interface
iSCSIinternet SCSI
DASDirect Attached Storage
FCFibre Channel
CDBCommand DescriptorBlock
R2TReady To Transfer
LUNLogical Unit Number
SLPService Location Protocol
IQN iSCSI Qualified Name
EUIExtended Unique Identi fier
iSNSInternet Storage NameService
TOETCP Offload Engine
NFSNetwork File System
GPFSGeneral Parallel File System
DMZDemili tarized Zone
MZMilitari zed Zone
IVRInter-VSAN Routing
GTSGeneric Traffic Shaping
FRTSFrame-Relay Traffic Shaping
CARCommitted Access Rate
PQPriority Queuing
100100100 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Appendix: (Cont.)
CWDMCoarse WavelengthDivision Multiplexing
DRDisaster Recovery
VRRPVirtual RouterRedundancy Protocol
BIOSBasic Input/Output System
ROMRead-only Memory
SNMP v3Simple NetworkManagement Protocol, version 3
SSHSecure Shell
SSLSecure Socket Layer
AAAAuthenticat ionAuthor izat ion Account ing
RADIUSRemote AuthenticationDial-in User Service
CQCustom Queuing
FIFOFirs t In First Out
WFQWeighted Fair Queuing
DSCPDifferent iated ServicesCode Point
SSSlow Start
CACongestion Avoidance
MWSMaximum Window Size
SACKSelective
Acknowledgment RPMRotations Per Minute
RAIDRedundant Arrays ofInexpensive Disks
DWDMDense WavelengthDivision Multiplexing
-
8/10/2019 Cisco ISCSI
51/52
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
101101101 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Appendix: (Cont.)
TACACS+Terminal Access Controller AccessControl System
RBACRole-Based Access Control
CHAPChallenge Handshake Authentication Protocol
CFMCisco Fabric Manager
CDMCisco Device Manager
SPANSwitched Port Analyzer
MDSMultilayer Director Switch
IPSIP Service (module)
PAAPort Analyzer Adapter
CS+Terminal Access Controller Access Control System
102102102 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Q AND A
-
8/10/2019 Cisco ISCSI
52/52
103103103 2004 Cisco Systems, Inc. All rights reserved.
OPT-20539761_05_2004_c2
Complete Your Online Session Evaluation!
WHAT: Complete an online session evaluationand your name will be entered into adaily drawing
WHY: Win fabulous prizes! Give us your feedback!
WHERE: Go to the Internet stations locatedthroughout the Convention Center
HOW: Winners wil l be posted on the onsiteNetworkers Website; four winners per day