Cisco ISCSI

iSCSI DESIGN AND IMPLEMENTATION
SESSION OPT-2053
OPT-2053
9761_05_2004_c2
2004 Cisco Systems, Inc. All rights reserved.
Agenda
Storage Networking Technology Review
iSCSI and IP Storage Networking
Designing the iSCSI Network
High Availability
Network Boot
iSCSI Network Security
Network Management and Administration
Configuring iSCSI
Summary
OPT-2053
9761_05_2004_c2
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.

Presentation_ID.scr
iSCSI Design and Implementation

Storage Networking Technology Review
High Availability
Network Boot
Configuring iSCSI
Summary
OPT-2053
9761_05_2004_c2
The Typical Storage Environment

Clients
Direct Attached Storage (DAS)

Storage is captive behind
the server
Server CPU must handle
user I/O requests, but also:
User-database inquiries
User file/print serving
Data-integrity checking
Communication with
other devices
Data access is file system

and platform dependant
Costly to scale; complex
to manage
IP Network
Servers
Win2k
Linux
Win2k
FC
Linux
Unix
FC
SCSI
Direct-Attached Storage (DAS)

OPT-2053
9761_05_2004_c2

Presentation_ID.scr
The SCSI I/O Channel

SCSI is the dominant protocol
used to communicate between
servers and storage devices
in open system
SCSI I/O channel is a
half-duplex pipe for
SCSI CDBs and data
Parallel bus evolution
Bus width: 8, 16 bits
Bus speed: 580 Mhz
Throughput: 5320 MBps
Devices/bus: 216 devices
Cable length: 1.5m25m
Applications
Raw
File System
Block Device
SCSI Generic
TCP/IP
Stack
NIC
Driver
Ethernet
NIC
A network approach can scale

the I/O channel in many areas
Ethernet
(length, devices, speed)
Adapter Driver
SCSI Adapter
SCSI
Initiator
SCSI CDB: SCSI Command Descriptor Block Used to Relay

SCSI Commands, Parameters, and Status between SCSI
Initiators and SCSI Targets; Typically 6, 10, or 12 Byte Block
OPT-2053
9761_05_2004_c2
Half-Duplex
SCSI
I/O Channel
SCSI
SCSI
Target
Networking the I/O Channel
Transport must not jeopardize

SCSI payload (security, integrity,
latency)
Two primary transports to choose
from today: Fibre Channel and IP
Host System
Initiator
SCSI
Networked
I/O Channel
Same SCSI protocol (SCSI-3)

carried over a network transport
layer via serial implementation
Channel
Controller
Network
A networked I/O channel allows

for multiple improvements:
Distance limitations greatly increased
High number of addressable devices
Target and LUNs
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
Fibre Channel Networking

Host System
Very common method for networking SCSI

Fibre Channel provides high-speed
transport for SCSI payload
Initiator
SCSI
Fibre Channel SAN overcomes many

shortcomings of DAS including:
Addressing for up to 16-million nodes
(24 bits)
Fibre
Channel HBA
Fibre Channel
Fabric
Loop (shared) and Fabric (switched) transport

Speeds of 100 or 200 MBps (1 or 2 Gbps)
Distance of up to 10km (without extenders)
Support for multiple protocols
Combines best attributes of a

channel and a network
Target
OPT-2053
9761_05_2004_c2
IP: An Alternate I/O Transport

Host System
Viable transport for I/O traffic

Not necessarily for long-haul I/O only
Similar characteristics to Fibre Channel:
Initiator
SCSI
Addressing for close to 4 billion nodes (IPv4)

Primarily a switched transport (with routing)
Ethernet speeds of 10/100 Mbps or 1/10 Gbps
or various WAN speeds
Support for multiple high-level protocols
IP Channel
Adapter
IP Network
Cost and manageability advantages with IP

IP knowledge base widespread in industry
Target
OPT-2053
9761_05_2004_c2

Presentation_ID.scr

;Storage Networking Technology Review
High Availability
Network Boot
Configuring iSCSI
Summary
OPT-2053
9761_05_2004_c2
IP Storage Networking
IP storage networking provides solution to carry
storage traffic within IP
Uses TCP: a reliable transport for delivery
Applicable to local data center and long-haul applications
Two primary protocols:
iSCSIInternet-SCSIused to transport SCSI CDBs and data
within TCP/IP connections
IP
TCP
iSCSI
SCSI
Data
FCIPFibre-Channel-over-IPused to transport Fibre Channel frames

within TCP/IP connectionsany FC framenot just SCSI
IP TCP
OPT-2053
9761_05_2004_c2
FCIP
FC

Presentation_ID.scr
SCSI
Data
10
What Is iSCSI?
A SCSI transport protocol that operates over TCP/IP
Encapsulates SCSI CDBs (operational commands: e.g. read
or write) and data into TCP/IP byte streams
Allows IP hosts to access IP-based SCSI targets (either natively
or via iSCSI to FC router)
Standards status
RFC 3720 on iSCSI
Collection of RFCs describing iSCSI
RFC 3347iSCSI Requirements
RFC 3721iSCSI Naming and Discover
RFC 3723iSCSI Security
Broad industry support

Server vendors now publishing own supported iSCSI drivers
Native iSCSI storage arrays now appearing
OPT-2053
9761_05_2004_c2
11
iSCSI Architectural Model

SCSI Applications (File Systems, Databases)
SCSI
Device-Type
Commands
SCSI
Generic
Commands
SCSI
Transport
Protocols
SCSI Block Commands
SCSI Stream
Commands
SCSI Commands, Data, and Status

Parallel
SCSI Transport
FCP
SCSI over FC
OPT-2053
9761_05_2004_c2
iSCSI
SCSI over TCP/IP
TCP
Layer 3
Network
Transport
Layer 2
Network
Other SCSI Commands
IP
Parallel SCSI
Interfaces

Presentation_ID.scr
Fibre Channel
Ethernet, PPP, HDLC
12
iSCSI Packet Format

461500 Bytes
Destination Source
Address
Address
Preamble
8
Type
Well-Known Ports:
21 FTP
25 SMTP
80 HTTP
3225 FCIP
3260 iSCSI
IP
TCP
Data
FCS
4 Octet
iSCSI Targets
Will Listen on
This Port (by
Default)
Opcode-Specific
Fields
Opcode
Length of Data (After 40-Byte Header)

Source
Source Port
Port
Destination Port
LUN or Opcode-Specific Fields
Sequence
Sequence Number
Number
Acknowledgement
Acknowledgment Number
Window
Initiator-Task Tag
Offset
P S
R FS F
Offset Reserved
Reserved UUA AP R
Opcode-Specific Fields
Checksum
Urgent Pointer
Checksum
Options and Padding
Data Field
TCP Header
OPT-2053
9761_05_2004_c2
iSCSI Encapsulated
13
iSCSI for Storage Consolidation

iSCSI-Enabled
Hosts (Initiators)
IP access to open
systems iSCSI and
Fibre Channel storage
iSCSI
iSCSI
iSCSI
iSCSI driver is loaded onto

hosts on Ethernet network
Able to consolidate servers
via iSCSI onto existing
storage arrays
iSCSI
Array
(Target)
Able to build Ethernet-based

SANs using iSCSI arrays
Storage assigned on a LUN-byLUN basis at iSCSI router
Logical Unit Number (LUN): A Field within SCSI
Containing up to 64 Bits that Identifies the Logically
Addressable Unit within a Target SCSI Device
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
iSCSI
IP
Network
iSCSI
Router
SN5428 or
MDS9000
with IPS
Module
FC
Fabric
FC HBAAttached
Host
(Initiator)
Storage
Pool (Target)
14
iSCSI for Remote Block Access

iSCSI-Enabled
Host iSCSI
Block access to remote

storage over IP
Application must tolerate
latency for long distances
Metro Ethernet services
offer lower-latency
transport alternative
Remote backup over
IP WAN
Centralized management
from centralized storage
Site A
IP
WAN
Site B
Remote
Mirrors
iSCSI
Device
FC
Fabric
Storage
Pool
OPT-2053
9761_05_2004_c2
15
iSCSI Naming
Initiator and target require iSCSI names
Name is location independent
iSCSI node name = SCSI device name of iSCSI device
Associated with iSCSI nodes, NOT adapters
Up to 255-byte displayable/human readable string
(UTF-8 encoding)
Use SLP (Service Location Protocol) V2, iSNS, or query
target for names (SendTargets)
Two iSCSI name types:

iqniSCSI qualified name
euiExtended Unique Identifier (IEEE EUI-64
also used for FC WWNs)
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
16
iSCSI Name Structure
Type
iqn
Type
Date
Unique String
Organization
Subgroup Naming Authority or
Naming Authority String Defined by Organization Naming Authority
iqn.1987-05.com.cisco.1234abcdef987601267da232.betty
iqn.2001-04.com.acme.storage.tape.sys1.xyz
Date = yyyy-mm When
Domain Acquired
eui
Type
Reversed Domain Name
EUI-64 Identifier (ASCII Encoded Hexadecimal)
eui.02004567a425678d
OPT-2053
9761_05_2004_c2
17
SCSI and iSCSI Relationship

SCSI device = iSCSI node
Network Entity (iSCSI Client)

iSCSI Initiator Node: iqn.1999-12.com.ajax:OS1
iSCSI Initiator Port
iqn.1999-12.com.ajax:OS1+[ISID=1+5+1]
SCSI port = iSCSI port

Network portal defined
by (IP addr + TCP port)
Portal group = single
SCSI connection
Network
Portal
10.1.30.4
TCP
iSCSI
Session Session
iSCSI session between

iSCSI initiator node and
iSCSI target node
Network
Portal
10.2.30.3
IP Network
TCP
Portal
Groups Session
Network Portal
Network Portal
Network Portal
10.4.40.21
Port 3260
10.5.40.22
Port 3260, 5000
10.6.40.25
Port 3260
iSCSI Target Port

iqn.1999-12.com.ajax:12579[Tag=1]
iSCSI Target Port

iqn[Tag=2]
iSCSI Target Node: iqn.1999-12.com.ajax:12579

LUs
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
18
iSCSI Sessions
iSCSI has the concept of a session

Two session types: (1) Discovery, and (2) Normal operation
Both session types have various phases/stages
1. Initial login phase
2. Security authentication
3. Operational parameter negotiation
4. Full-featured phase
Session can handle SCSI commands and data

after login is complete
OPT-2053
9761_05_2004_c2
19
iSCSI Login Sequence

(No Authentication)
Initiator (iqn.abcd.PC1)
with iSCSI Driver
Establish TCP Session (SYN, SYN/ACK, ACK Sequence)

iSCSI Login Command
Discovery:
Contact Target
and Negotiate
Security and
Session
Parameters
SessionType = discovery; InitiatorName=iqn.abcd.PC1
iSCSI Login Response (Success)

Auth=none; HeaderDigest=none; DataDigest=none;
iSCSI Login Command

SessionType = discovery; InitiatorName=iqn.abcd.PC1
DataPDULength=; MaxBurstSize=;
iSCSI Device with

Configured Targets
TCP Port 3260
(Listen)
Block Device
Has Already
Initialized onto
the Fibre
Channel Fabric
DataPDULength=; MaxBurstSize=;
Discovery:
Solicit Available
Targets
iSCSI Text Command

SendTargets=All
iSCSI Text Response

TargetName=iqn.email.tgt2; iqn.filestore01;
Establish TCP Session (SYN, SYN/ACK, ACK sequence)
Normal Login
Login to Each
Target and
Negotiate
Security and
Session
Parameters
OPT-2053
9761_05_2004_c2
iSCSI Login Command

SessionType=normal; InitiatorName=iqn.abcd.PC1; TargetName=iqn.email.tgt1

Auth=none; HeaderDigest=none; DataDigest=none;
iSCSI Login Command

SessionType=normal; InitiatorName=iqn.abcd.PC1; TargetName=iqn.email.tgt1
This
Sequence Is
Repeated for
Every Target
Available to
this Initiator

DataPDULength= ; MaxBurstSize=; etc

Presentation_ID.scr
20
iSCSI Connections and SCSI Phases

A SCSI command and its associated data- and status-phase
exchanges must traverse the same TCP connection
Linked SCSI commands can traverse separate
TCP connections for scalability
iSCSI Session
Linked SCSI Commands
iSCSI (TCP) Connection 1

SCSI Command (1) (Read)
SCSI Data (1)
SCSI Status (1)
iSCSI GW
Device
iSCSI
iSCSI
Host
OPT-2053
9761_05_2004_c2
SCSI Command (1) (Write)

SCSI Data (1)
SCSI Status (1)
iSCSI (TCP) Connection 2
21
iSCSI Discovery
Small networks
Static configuration, initiators, and targets
SendTargets command makes configuration easier
Medium-sized networks
Service Location Protocol (SLP multicast discovery)
Large-sized networks
iSNS (Internet storage-name service)
Includes soft-zone domains
Includes database for ongoing management
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
22
iSCSI Architecture: Software Driver

Host
Applications
File System
iSCSI GW Device
Block Device
iSCSI Host Driver
SCSI Generic
iSCSI GW Module
SCSI Driver
TCP/IP Driver
FC HBA
GigE NIC
iSCSI
TCP/IP
Stack
NIC
Driver
IP Network
SCSI Adapter
NIC
Fibre Channel
iSCSI Path
OPT-2053
9761_05_2004_c2
Adapter Driver
Conventional
SCSI Path
23
The Basic iSCSI Model with Software Only

iSCSI is network-service enabled through
the use of an iSCSI software driver
Many operating systems supported via
Cisco drivers and/or from OS vendor
Cisco provides full-driver suite
Solaris 2.6 (EOL),7,8,9
Linux-based on 2.6 kernel
iSCSI
Software
Win 2000 with SP2 or later
Driver
Windows XP Pro
WinNT 4.0 with SP6A
HP/UX 10.2, 11.0
AIX 4.3.3, 5.1, 5.2
OS vendors support native iSCSI drivers
Windows *native* Win 2000, XP,
2003 support
HP *native* HP/UX 11i support
IBM *native* AIX 5.x support
Novell Netware *native* support
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
Applications
File System
Block Device
SCSI Generic
iSCSI
TCP/IP Stack
NIC Driver
NIC Adapter
Adapter
Driver
SCSI
Adapter
24
iSCSI HBAs and TCP

Offload Engines (TOEs)
Applications
Offloads TCP and,

optionally, iSCSI
processing into
hardware
Relieves host
CPU from:
File System
Block Device
SCSI Generic
TCP/IP
Stack
iSCSI
Driver
NIC
Driver
TOE
Driver
TCP processing16-bit
checksum per packet
iSCSIoptional 32-bit
header and data digests
(CRC32C)
OPT-2053
9761_05_2004_c2
TCP/IP
Stack
HBA
Driver
Adapter
Driver
iSCSI
SCSI Adapter
TCP/IP
Stack
TCP
iSCSI
Offload and TCP
Offload
25

;iSCSI and IP Storage Networking
High Availability
Network Boot
Configuring iSCSI
Summary
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
26
OS and Applications Suite for iSCSI

Typical operating systems
Windows 2000 and 2003
Linux
Typical applicationsblock accessed

Microsoft Exchange
Microsoft SQL
Low-end Oracle Database
Other application with medium-low I/O
Shared-disk (clustered) file system

GPFS (General Parallel File System)
Network remote boot

Blade server integration
OPT-2053
9761_05_2004_c2
27
Design Considerations
Know your application I/O profile
Know your application throughput
Determine needed availability
Best performance achieved from local
(no latency) dedicated (no competing traffic)
IP storage network
Distance considerations
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
28
iSCSI Integration in Data Centers

and Campus Network
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
Campus
Access
Internet
Campus
Distribution
Campus
Core
Data Center
IPS
IPS
MDS
Web
Servers
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
MDS
FC
Fabric
iSCSI
MDS
MDS
iSCSI iSCSI iSCSI
Apps
Servers
OPT-2053
9761_05_2004_c2
FC
FC
FC
FC
FC
FC
FC
29
iSCSI in Data Centers

Internet
Internet
Router/FW
DMZ
LDAP
Slave
DNS
Server
Web
Servers
Mail
Server
Router/FW
App
Servers
MZ
Web
App
Servers
Mail
G/W
Mail
Stor
Router/FW
iSCSI
iSCSI
Area 51
LDAP
Primary
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
DNS
Primary
CE
ERP
30
Build an iSCSI Fabric

iSCSI
Clients
iSCSI fabric topology

iSCSI
Ethernet fabric topology
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI fabric scalability

E
N
D
Scalability
Availability T
Security O
Trunking
Port channeling
iSCSI fabric availability
IPS
IPS
Manageability
VRRP
E
N
D
iSCSI fabric security

Authentication and binding
iSCSI fabric manageability

iSCSI identity and management
OPT-2053
9761_05_2004_c2
Shared
Storage Pool
31
Dedicated IP Storage Network

Front-Side IP Network
Separate logical
IP network but not
necessarily separate
physical network
Can use a VLAN of
existing Ethernet
network
Recommend use of
dedicated NIC on
host for iSCSI
Minimized potential for
bandwidth contention
OPT-2053
9761_05_2004_c2
Clients
iSCSI
iSCSI
Catalyst
Switches

Presentation_ID.scr
iSCSI
iSCSI-Enabled
Hosts
Dedicated
IP Storage
Network
iSCSI
Routers
FC
Fabric
Storage
Pool
iSCSI
FC-Attached
Hosts with HBAs
32
Trunking
iSCSI
802.1q trunking
Standard technology, frames
tagged (12 bit for VLAN id) and
multiplexed
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
VLAN 1-4095
Load balancing available based
on IP address, MAC
VLAN termination
vlan 100: gig2/5.100
Gig2/8.100
vlan 200: gig2/5.200 IPS
Gig2/8.200
vlan 300: gig2/5.100
Gig2/8.300
Create subinterfacesVLANs
One IP address to each
subinterface
Design with trunking

Multiple iSCSI initiators in the
same VLAN target different
iSCSI interfacesload sharing
switch(config)# int gigabitethernet 2/5.100

switch(config-if)# ip add 10.10.10.5 255.255.255.0
Switch(config)# int gigabitethernet 2/8.100
Switch(config-if)# ip add 10.10.10.8 255.255.255.0
Add more subinterfaces in the

same VLANscale up bandwidth
OPT-2053
9761_05_2004_c2
33
GE PortChannel
iSCSI
PortChannel on MDS IPS

802.3ad standard technology
to group multiple GE links for
larger bandwidth
IPS
MDS
Design with GE PortChannel
OPT-2053
9761_05_2004_c2
20:1 One ISL

10:1 with GE
PortChannel
sw(config)# int port-channel 100
Layer 3 port channel

IP address on PortChannel
interface
sw(config)# int gigabitethernet 2/7

Presentation_ID.scr
iSCSI
Catalyst
Increase HA for
large deployment
Port parameters must match
iSCSI
iSCSI
oooooooo
Static PortChannel
Two adjacent GEs on the
same IPS module form one
PortChannel
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
sw(config-if)# ip add 10.10.10.1 255.255.255.0
sw(config-if)# channel-group 100

sw(config)# int gigabitethernet 2/8
sw(config-if)# channel-group 100
34
VLAN and VSAN Mapping

iSCSI
Best practice design

VSAN membership
Assign to
iSCSI hosts
Assign to
iSCSI interfaces
Assign to disk
iSCSI
iSCSI
iSCSI
switch(config)#iscsi initiator ipadd 51.51.51.51
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
Vlan 20
Vlan 10
switch(config-(iscsi-init))#vsan 10
switch(config)#vsan database
IP
Network
vrrp
switch(config-vsan-db)#vsan 10
interface iscsi 2/3
VLAN termination
Sub-interface
iSCSI
Clients
iSCSI
IPS
iSCSI based
IPS
sw(config-(iscsi-tgt)#pwwn .
Access control
VLAN and VSAN
mapping
Management
Troubleshooting
sw(config-(iscsi-tgt)#initiator ip
add 51.51.51.51 permit
SAN
Zone based
Sw(config)#zone name marketing
vsan 10
Sw(config-zone)#member ip-add ..
Shared
Storage Pool
Sw(config-zone)#member pwwn
OPT-2053
9761_05_2004_c2
VSAN 20
VSAN 10
35
Proxy Initiator
iSCSI
Transparent modedefault
10.10.10.1
pWWN-1
One pWWN to represent

multiple iscsi initiators for
scalability
Ease management of zoning
iSCSI
iSCSI
iSCSI
Proxy initiator
Less entries in the FC

Name Server
iSCSI
Clients
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
IP
Network
Proxy Initiator
pwwn-proxy
nn:nn:nn:nn:nn:nn:nn:nn
IPS
I0.10.10.10
pWWN-10
Proxy Initiator
IP Address:
10.10.10.100
Useful in clustering applications

Move the burden of lun masking
configuration and operation to
the IPS blades for simpler
manageability
SAN
Proxy-initiator mode
sw(config)#int iscsi 2/3
sw(config-if)#switchport proxy-initiator nwwn pwwn
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
Shared
Storage Pool
36
IVR in iSCSI
Inter-VSAN routing
VSAN 30
VSAN 40
Bridging between VSANs

Facilitates resource sharing
among different VSAN
H2 H3
iSCSI
H4 H5
iSCSI
iSCSI
iSCSI
Implement IVR in iSCSI

Unique domain IDs for switches
in the IVR topology
H1
iSCSI
H6
iSCSI
Future release allows duplicate

domain IDsNAT function
IPS
Ivr vsan-topology database

sw1 (vsan 30, vsan 50, vsan 60)
ivr zone ivrz1 (H2, H3, T1)
S1
S2
Ivr zones/zoneset
T1
Ivr zoneset ivrzs1
VSAN 50
ivr zone ivrz1 (H2, H3, T1)

OPT-2053
9761_05_2004_c2
37
Internet Storage Name Service (iSNS)

iSCSI
iSNS
iSCSI
A name service provides storage

resource discovery
register/deregister/query
Automatic login control service
access control
State change notification service
Open mapping of FC and iSCSI devices
Light weigh protocol on top of TCP (iSNSP)
Client-server model with directory service
Design with iSNS

Dynamic discovery for large-scale
deployment
Seamless integration with FC
name service
iSNS server support from
MS Windows and Linux available
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
iSCSI
Clients
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSNSP
IP
Network
IPS
iSNSP
NS in MDS
iSNS
Server
iSNS Client
SAN
Shared
Storage Pool
38
iSCSI with GPFS

File sharing provided by NFS or
NAS filerscould be performance
bottleneck
iSCSI provides high-performance
block level accesslack of
file sharing
Application
Application
GPFS
GPFS
Application
GPFS
iSCSI Driver
iSCSI Driver
iSCSI Driver
IP Network
Shared-disk (clustered) file system

GPFS (General Parallel File System)
a clustering technology for high
performance computing
IPS
Allows sharing of file system hence the

disks by all iSCSI clients in the cluster
via token management
Metadata
Server
SAN
Metadata servernot standalone
Advantages when combined

High performance and disk consolidation
File sharing
OPT-2053
9761_05_2004_c2
39
QoS for iSCSI: Why and Where to Apply?

Best Practice Design for Convergence Network
Core
iSCSI
iSCSI
WAN
iSCSI
iSCSI
iSCSI
iSCSI
Core
Core
iSCSI
Campus Network
iSCSI
Data Center
Wide-Area Network
Delay and jitter

Oversubscription design concept
Bandwidth estimationknow the bottleneck
Aggregation point, WAN link
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
40
QoS for iSCSI: What and How to Apply?

Best Practice Design for Convergence Network
Qos functions: classification, marking, and scheduling
Traffic shaping
Throttle traffic on outbound
Flows affected during congestion
GTS, FRTS, CAR
Rate limiting
Drop packets when limit is reached
Both inbound and outbound
CAR
Congestion management with FIFO, PQ, CQ, WFQ, DWFQ

Recommendation
Traffic shaping and congestion management
Not to use rate limiting
OPT-2053
9761_05_2004_c2
41
QoS on IPS
iSCSI traffic to be marked as high priority traffic in
the IP networktcp port 3260
DSCP value set for iSCSI traffic on each iSCSI port
Apply to both control and data frames
sw(config)# int iscsi 2/6

sw(config-if)# tcp qos (0-63)
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
42
iSCSI Read
Target
Initiator
IP Network
Fibre Channel
FC
SAN
iSCSI
iSCSI Read 4kB

FCP SCSI Read 4kB
iSCSI Data-in
iSCSI Data-in
iSCSI Status = Good
FCP Data
FCP Data
SCSI Status = Good
One-to-one relationship between iSCSI and FCP frames

Single round trip between initiator and target to retrieve data
OPT-2053
9761_05_2004_c2
43
iSCSI Write
Target
Initiator
IP Network
If R2T
Required,
Then iSCSI
Data Out
Must Wait
Fibre Channel
FC
SAN
iSCSI
iSCSI Write 4kB ITT

=12340000
r)
R2T (Ready to Transfe
iSCSI Data Out
iSCSI Data Out
iSCSI Status=good
SCSI Write 4kB
Transfer Ready
FCP Data
FCP Data
Two Round
Trips for
FCP Write
SCSI Status=Good
Typical SCSI write requires two round trips

Must wait for transfer ready before sending data
iSCSI initiator and target may negotiate Initial R2T = no during

login (unsolicited data)
iSCSI data out can follow SCSI write
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
44
Throughput in iSCSI
SCSI controls data movement
Latency impact on throughput
Throughput is calculated:
total data transmitted/
end-to-end latency
Factors contribute to latency:
equipment, protocol, distance
The larger the distance,
the longer the latency
1ms/300km
Maximize the throughput

Manage the distance: as short
as possible
TCP impact on iSCSI throughput
OPT-2053
9761_05_2004_c2
45
Understand TCP Behavior

Throughput
MWS
SSthresh
Time
OPT-2053
9761_05_2004_c2
Slow Start

Presentation_ID.scr
Congestion Avoidance
46
How Does TCP Impact IP Network

Throughput
Number of bytes in flight = Bandwidth*Delay (BW*Delay)
To maximize throughput
Goodput (output = input)
TCP congestion window (cwnd) > = Bandwidth*Delay product
If cwnd too small, throughput is smaller than the network capacity
If cwnd too big, congestion happens, which causes retransmission,
emptiness of the network
To recover from errors

Size of TCP sender-side socket buffers = 2*BW*Delay
High-performance network options
Large windows (RFC1323)
SACK
OPT-2053
9761_05_2004_c2
47
Performance Objectives and

Determining Factors
Understand performance objectives
Number of users
Number of I/O requests
Acceptable response time
Desired throughput
Factors impact performance

System resources (CPU, memory, bus architecture)
Storage resources (RPM, cache, RAID level)
Network equipment/gateway
Available IP network bandwidth (especially in WAN)
Distance between iSCSI initiators and targets
TCP implementation and configuration
I/O block size
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
48
Performance Tuning of iSCSI Network:

Best-Practice Design
Use TOE cards on systems with high CPU utilizations
RAID-level implementation on disk array
Things related to TCP/IP
Increase TCP window size to make the pipe full (min and max
TCP bandwidth, estimated delay)
Avoid lossy network or use Qos to prioritize iSCSI traffic
Enable jumbo-frame support end to end
Enable SACK (default)
Use TCP send buffer on IPS
Increase I/O block size from 8k to 64k or larger

Store-and-forward mode in MDS (no iSCSI CRC)
Fan-out ratio consideration
OPT-2053
9761_05_2004_c2
49
iSCSI Deployment Scenarios

Very little delay due to small distance
in campus network => throughput
close to bandwidth
iSCSI
iSCSI
Applications examples: disk

consolidation and file sharing
Disk saving resulting from storage
consolidation
Ease of management in comparing
to DASsystem and storage
IPS
IPS
Consider oversubscription design

of IPS links for cost saving
Large fan-out ratio: iSCSI hosts
and storage port
Security consideration
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
iSCSI
iSCSI
iSCSI
iSCSI
Campus Network
50
iSCSI Deployment Scenarios (Cont.)

Core
Very little or no delay within

data center
Applications examples:
IPS
IPS
Web services
iSCSI iSCSI iSCSI iSCSI
iSCSI hosts to provide backup for

primary FC servers
iSCSI
ISL oversubscription and fan out

Blade-server integration
iSCSI remote boot
Number of NIC cards to use
File-sharing consideration
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
Core
IPS
IPS
iSCSI hosts a NFS server

NAS filer
NAS
Filer
GPFS
OPT-2053
9761_05_2004_c2
NAS
iSCSI
iSCSI
iSCSI
iSCSI
NFS Server
51
Blade Server Integration with iSCSI
Blade Servers
Blade Servers
Ethernet
Switch
Ethernet
Switch
Ethernet
Switch
Ethernet
Switch
iSCSI
IP
DHCP Server
TFTP Server
IPS
End Users
SAN
RADIUS Server
Boot Image
for Diskless
Servers
OPT-2053
9761_05_2004_c2
MDS
LUN 0
LUN 1
LUN 2
LUN 3
LUN 0
LUN 1
LUN 2
LUN 3
LUN 0
LUN 1
LUN 2
LUN 3
LUN 0
LUN 1
LUN 2
LUN 3
Shared Storage
Pool

Presentation_ID.scr
52

Transport for metro network can
be: metro Ethernet, DWDM, CWDM,
Sonet, dark fiber
iSCSI
Within metro distance => small

latency incurred by the network;
Ex. 1 ms one-way delay
for 300 km (180 miles)
Metro
Network
All design considerations in campus

and data center network apply
Application examples: streaming
media service in distributed data
centers; storage consolidation
and file-sharing service
Apply QoS
OPT-2053
9761_05_2004_c2
iSCSI
IPS
IPS

iSCSI
iSCSI
iSCSI
iSCSI
53

Transparently extend SAN over the
distance for DR through distributed
data center
iSCSI
Application example: fast

file-sharing service for remote
office users
iSCSI
WAN
Heterogeneous OS and
storage array
Distance impact
Transport be Sonet, lease line, FR, etc.
Large distance
Latency impact on operators/end users
from user-experience stand point
Latency impact on applicationsfrom
performance and throughput stand point
Apply QoS on WAN-edge devices

Secure the data
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
IPS
IPS

iSCSI
iSCSI
iSCSI
iSCSI
54

;Designing the iSCSI Network
High Availability
Network Boot
Configuring iSCSI
Summary
OPT-2053
9761_05_2004_c2
55
What Can Fail in a Storage Network?

Failure causes:
Storage
Controller
Hardware, software, or cable failures

Misconfiguration or upgrades
Intentional attack
Application
Host NIC or HBA

Failure
Failure
OPT-2053
9761_05_2004_c2
Link
Failure
Network Failure (Software,

Hardware, Links, etc)

Presentation_ID.scr
Controller or
Interface Failure
Disk
Failure
56
iSCSI High-Availability Approaches

Two approaches:
Client-based
Multipathing
NIC teaming
Network-based
VRRP
PWWN aliasing
Static target importing and trespass
Can use combinations of the above according

to requirements
OPT-2053
9761_05_2004_c2
57
iSCSI HA Multipathing Variations

Active/Active:
balanced i/o
over both paths
(implementation
specific)
Active/Passive:
i/o over primary
pathswitches
to standby path
upon failure
A/A or A/P will
vary by vendor
implementation
and storage type
Application
Multipathing
Active
iSCSI Driver
pWWN a
Active
pWWN b
Multipathing
Software Balances
i/o over Available
iSCSI Interfaces
Primary Path
Application
Multipathing
iSCSI Driver
Active
pWWN a
Passive
pWWN b
Multipathing
Software Monitors
Active iSCSI Path
OPT-2053
9761_05_2004_c2
LUN Mapped over

Multiple Paths
Using Different
Controller pWWNs

Presentation_ID.scr
Standby (Failover) Path

58
iSCSI HA: VRRP (MDS9000 Family)

RFC 2338
Protects Ethernet port, card, or switch failure
Alternate port, card or switch assumes configuration of failed
port/card/switch
Maintains same virtual IP and MAC addresses
Same storage mappings (target WWPN and LUNs)
iSCSI sessions terminated and reestablished (state not retained)

VRRP Multicast Hello
Packets Exchanged in Band
Between Switch A and Switch B
Real GigE
Address
IP: 10.0.0.2
MAC: 00000f123456
Switch A
Storage Array
IP
Network
10.0.0.200
Virtual Address
IP: 10.0.0.1
MAC: 00000fabcdef
iSCSI
Initiator Configured
to See Targets at
Virtual Address
OPT-2053
9761_05_2004_c2
Real GigE Address

IP: 10.0.0.3
MAC: 00000f654321
pWWN a
Switch B
59
iSCSI HA: PWWN Aliasing and Trespass

Protects against FC port/fabric failure, or storage array
controller/port failure
Available for statically imported iSCSI targets
Controller ports can be active/active or active/passive
Secondary path will only take over if primary path fails
LUNs must be visible over both ports (e.g. pWWN a and pWWN b)
Some targets require receipt of a Trespass command to invoke the export of LUs
to the passive port
iSCSI Virtual Target = abc
Primary Access = pWWN a
Secondary Access = pWWN b
Storage Array
pWWN a
iSCSI
10.0.0.200
10.0.0.1
pWWN b
OPT-2053
9761_05_2004_c2
LUN Must
Be Visible
Through Both
Controller Ports
This Path Takes Over if

Path to pWWN a Fails

Presentation_ID.scr
60
iSCSI HA: Comparison of Approaches

Multipathing
10.1.1.1
iqn.email.tgt1
iSCSI
10.2.2.2
Virtual IP
10.1.1.1
Fibre
Channel
Fabric
iqn.email.tgt2
Host initiator presented with

TWO iSCSI targets (with
different iSCSI names)
Multipathing software resolves
access to common LUN through
the two targets
Both paths active to the network
(Multipathing software may use
with A/A or A/P)
VRRP
iqn.email.tgt1
iSCSI
Host initiator presented with

SINGLE iSCSI target at same
(virtual) IP address
Only one path active at a time (a/p)
iqn.email.tgt1
OPT-2053
9761_05_2004_c2
61

;High Availability
Network Boot
Configuring iSCSI
Summary
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
62
Network Boot
Typical iSCSI client (e.g. host server)
loads in the following order:
1. Operating system (e.g. Windows 2000, Linux)
2. Network
3. iSCSI client driver
How can you load the OS over iSCSI?

Network boot uses PXE (Preboot Execution
Environment) capability present in many
server BIOS and NICs (part of Intels Wired
for Management (WFM) spec)
OPT-2053
9761_05_2004_c2
63
Network Boot: Boot Sequence

1.
2.
3.
4.
5.
6.
7.
8.
9.
BIOS sends DHCP request

DHCP server returns:
Servers IP address and g/way
TFTP server address and ROM
extension filename
iSCSI server, target, and LUN
BIOS uses TFTP to fetch and
execute inbp.com file
ROM extension sends DHCP
request for iSCSI Boot String
DHCP server returns iSCSI
server, iSCSI target, and LUN
ROM extension intercepts
INT13 disk r/w and redirects
to iSCSI server
BIOS reads C: drive (through
inbp.com to load OS (Windows)
BIOS executes Windows OS and
loads networks and iSCSI drivers
Windows uses iSCSI driver to
access drives (normal operation)
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
DHCP
Server
Diskless Win2k Server

PXE 2.1
Windows
OS 8
iSCSI
Driver
ROM
Extension
Network
Driver
2
4
UNDI
Driver
NIC
9
System
BIOS
iSCSI Server
e.g. SN5428 or
MDS9000 IPS-8
TFTP
Server
Fibre Channel
C:
D:
E:
Fibre Channel
Attached
Storage Array
64
iSCSI Remote Boot Implementation

iSCSI Clients
(Diskless
Server)
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
iSCSI
IP Address
DHCP Server
TFTP Server
Information
TFTP Server
Inbp.com
IPS
Master Server
iSCSI Disks
as Boot
Disks
Boot Image
for Diskless
Servers
OPT-2053
9761_05_2004_c2
Shared
Storage
Pool
65

;High Availability
;Network Boot
Configuring iSCSI
Summary
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
66
Secure iSCSI Network and Storage

Average $2.7 million loss when proprietary
information stolen according to CSI and FBI
Intrusion and denial of service attack
Where to secure
In storagewhile at rest
In iSCSI networkon the wire
iSCSI security components

Traditional segmentation and access control
Authentication
Emerging SAN architecture
IP network security techniques
OPT-2053
9761_05_2004_c2
67
Secure iSCSI Network: Highlights

iSCSI Security Services
VSAN
ZoningiSCSI Host Can Be Zoned
with IP Address or IQN Name
LUN Masking/Mapping
Target Access Security
iSCSI Host
IP Access
Target
Cisco
MDS 9000
Family
ACLS
VLANs/PVLANs Host
IPSec VPN
Firewalls
iSCSI Authentication
LUN Masking/Mapping
Zoning
Advanced Zoning
LUN Zoning
Read-Only Zoning
RADIUS
SAN Management
AAA Authentication
SSH, Radius,
SNMPv3, SFTP
SSH, Radius, SNMPv3,

SFTP, RBAC
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
68
Traditional Storage Means

Zoning
Segmentation within a fabric and initial access control
Soft zoning and hard zoning
Zone members can be either iSCSI hosts IP addresses
and/or symbolic names
LUN masking
Defining relationship between iSCSI hosts and
storage devices
Detailed into LUN level
Performed at array controller
iSCSI hosts can be represented by proxy initiator in MDS
OPT-2053
9761_05_2004_c2
69
AAA iSCSI Authentication

Allow ONLY authenticated iSCSI initiators to access
configured LUNs
Two-way authentication
iSCSI initiators authenticated by iSCSI routers
iSCSI routers/targets authenticated by iSCSI initiators
Choice of authentication methods

RADIUS external server
TACACS+ external server
Local username database (CHAP)
CHAP (Challenge Handshake Authentication Protocol)

used as authentication protocol
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
70
iSCSI Authentication (Cont.)

RADIUS or
TACACS+
Server
Optional mutual authentication of

initiators and targets
CHAP used as authentication method
User1/pwd1
User2/pwd2
/
Specified globally on/off or by GE interface
Initiators authenticated to targets

Per target username/password configured in
initiator and checked against local database
or AAA server
Targets authenticated to initiators

Initiator username/password in switch,
checked against secret configured in initiator
Initiator Configuration
Initiator name:
CHAP
iqn.really.bigserver1
Password: abc123
iqn.target1
Username: User1
Password: pwd1
iqn.target2
Username: User2
Password: pwd2
OPT-2053
9761_05_2004_c2
Initiator Name:
iqn.really.bigserver1
Username: iscsiuser1
iqn.target1
username: User1
iqn.target2
username: User2
FC
FC
71
Emerging Secure SAN Architecture

Secure transport for fabric accessSNMP v3, SSH, SFTP, SSL, AAA
VSAN
Partitioning SAN fabric into virtual entities
Tagging each frame by MDS to insure total isolation of each entity, hence security
iSCSI port VSAN membership assign
iSCSI initiator VSAN membership assign
iSCSI based access control

Access to iSCSI virtual target/LUN granted to individual iSCSI host
iSCSI LUN mapping provides more access control more granularlyat LUN level
Advertisement of iSCSI virtual target

Making an iSCSI zone read-only zoneprotecting the data integrity
on iSCSI virtual target
Role-based management access control
Apply to iSCSI related network management roles
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
72
IP Network Security Techniques

Firewall
Standalone or intelligent firewall service module
Allow well-known TCP port 3260 for iSCSI
IPSec VPN
VPN tunnel for iSCSI remote access
Access Control List (ACL)

VLAN and PVLAN
Subinterface implementation on iSCSI
Separated VLAN for iSCSI
Port security
Allow, block, or restrain access to Ethernet based on
MAC address
IDShow do you know when the attack happens

OPT-2053
9761_05_2004_c2
73

;High Availability
;Network Boot
;iSCSI Network Security
Configuring iSCSI
Summary
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
74
Management and Administration

Network management protocolsSNMP v3
Network management tools
CLIlook and feel the same as IOS
Cisco Fabric Manager (CFM)for fabric wide tasks
Cisco Devices Manager (CDM)for device specific tasks
Integration with other leading management tools underway
Network operation and monitoring

SPANsource can be iSCSI interface, designed to work
with Port Analyzer Adapter
Cisco Protocol Analyzer
Cisco Traffic Analyzer
OPT-2053
9761_05_2004_c2
75
iSCSI Network Management

The Cisco Fabric Manager
(CFM) with full multiprotocol
management
Multiprotocol topology discovery
Multiprotocol zoning and VSAN
assignment
CFM maps iSCSI as dotted link

and Fibre Channel as solid link
iSCSI assigned addresses
(WWNs) are kept in nonvolatile
configuration
Can be easily extracted via TFTP,
FTP, SFTP to be archived
Each iSCSI session can be

closely monitored through
CFM stats
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
Cisco Fabric Manager

Screenshot Showing Multiprotocol
SAN Topology
76
Cisco Fabric Manager: Screenshot
iSCSI Hosts
in Default
Zone
Dual-Homed
iSCSI Hosts
FCIP Links
Fibre
Channel
Hosts
Cisco Fabric Manager

Screenshot Showing
Multiprotocol SAN Topology
Port Channels
OPT-2053
9761_05_2004_c2
77

;High Availability
;Network Boot
;Network Management and Administration
Configuring iSCSI
Summary
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
78
MDS iSCSI Overview

IPS module creates virtual iSCSI targets and maps
them to physical FC targets
Presents FC targets to IP hosts as iSCSI targets
Presents each iSCSI host as a FC host
Storage device responds to IP host as it were
connected to Fabric
OPT-2053
9761_05_2004_c2
79
Logical Representation
and Mapping on MDS
IP Addr 10.1.1.1
iqn.initiator.abc
IP Addr 10.1.1.2
iqn.target.abc
IP Network
pWWN 12:3478
fcid 0x550002
iSCSI
Fibre Channel
Fabric
pWWN 12:3456
fcid 0x550001
FC Targets Presented
as iSCSI Targets
iqn.def.123
iqn.ghi.456
iSCSI Initiators Presented

as FC Initiators
pWWN d
pWWN a
iSCSI
FC
IP
iSCSI
iqn.abc.123
iqn.jkl.555
iSCSI Storage View

OPT-2053
9761_05_2004_c2

Presentation_ID.scr
pWWN c
pWWN b
Fibre Channel SAN View

80
iSCSI Initiator and Target Views

iSCSI host is assigned
IP address and IQN name
ip Addr 10.1.1.1
iqn.initiator.abc
ip Addr 10.1.1.2
iqn.target.xyz
FC
iSCSI driver maps SCSI

requests and responses
to IP packets
FC zoning and LUN masking

controls access from initiator
to target
pWWN A
fcid 0x550001
pWWN B
fcid 0x550002
FC
Fibre Channel
Fabric
FC target owns pWWN and

is assigned FCID
OPT-2053
9761_05_2004_c2
IP Network
iSCSI
81
Present FC Target as iSCSI Target (Dynamic)

DynamicIPS module maps each FC target as
one iSCSI target with unique IQN name
All LUNs in SAN are available as an iSCSI LUN
iSCSI target IQN created
MDS1(config)# iscsi import target fc
Command Imports All FC Targets
and Assigns an IQN for Each
pWWN; Each GE Configured
IP Addr 10.1.1.2
iqn.target.abc
FC
pWWN 12:3478
fcid 0x550002
FC
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
82
Present FC Target as iSCSI Target (Static)

Staticmanually select which FC target will be
advertised as iSCSI target
Access can be controlled by controller
IP Addr 10.1.1.2
iqn.target.abc
MDS1(config)# iscsi virtual-target

name anyname
FC
MDS1(config-iscsi-tgt)# pWWN
12:34..78 (Real pWWN of Target)
pWWN 12:3478
fcid 0x550002
MDS1(config-iscsi-tgt)# initiator
iqn.initiator.abc (Initiator iqn.xxx or ip
Address that Can Access this Target)
FC
MDS1(config-iscsi-tgt)# advertise
interface gig 2/1 (Interface to Be
Advertised, Default Is All GE Ports)
OPT-2053
9761_05_2004_c2
83
Present iSCSI Host as FC Host (Dynamic)

Mapping each iSCSI host to a virtual FC host
with pWWN and FCID
DynamicnWWN and pWWN are allocated
by MDS FC WWN pool
IP Addr 10.1.1.1
iqn.initiator.abc
Issues Are that pWWN Can

Change with Each Session
Drops and Reconnects
This Can Be Resolved with
Persistent pWWN/nWWN
After Initial Login
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
iSCSI
pWWN 12:3456
fcid 0x550001
84
Present iSCSI Host as FC Host (Static)

Staticused if iSCSI host must have the
same pWWN as in connecting to intelligent
FC storage with LUN mapping
IP Addr 10.1.1.1
iqn.initiator.abc
MDS1(config)# iscsi initiator name

iqn.intitiator.abc (Real IQN Name)
MDS1(config-iscsi-init)#
pWWN 12:34..56
(Any pWWN to Used)
iSCSI
pWWN 12:3456
fcid 0x550001
MDS1(config-iscsi-init)#
nWWN 22:22..56
OPT-2053
9761_05_2004_c2
85
Basic Configuration Procedures

Configure interface on IPS module for iSCSI access
iSCSI initiator configuration
iqn name or ip address
iSCSI target creation and mapping

Access control
iSCSI-based
Zone-based
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
86
Interface Configurations
First enable iSCSI
sw(config)# iSCSI enable
Assignment IP address to the GE interface

sw(config)# interface gigabitethernet 2/5
sw(config-if)# ip address 10.10.10.1 255.255.255.0
Parameters such as MTU size
Enable the GE interface for iSCSI transport

sw(config)# int iscsi 2/5
OPT-2053
9761_05_2004_c2
87
iSCSI Initiator Configuration

Create an iSCSI initiator using IP address
sw(config)# iscsi initiator ip-address 10.10.10.1 255.255.255.255
sw(config-(iscsi-init))# static pwwn hh:hh:hh:hh:hh:hh:hh:hh
Or sw(config-(iscsi-init))# static pwwn system-assign
Or do nothing for dynamic assign
sw(config-(iscsi-init))# vsan 100
Use Switch
WWN Pool
to Keep
pWWN
Persistent
System
Dynamic
Assign Without
Persistency
sw(config-(iscsi-init))# vsan 101

Other parameters such as MTU size can be configured
Create an iSCSI initiator using IQN name
Can Be Multiple
VSANs for
Trunking
sw(config)# iscsi initiator name iqn.com.cisco.initiator.abc

The rest is the same as using IP address
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
88
iSCSI Virtual Target Configuration

Dynamic import of FC target
sw(config)# iscsi import target FC
Useful If All
LUNs in FC Are
to Be Available
to iSCSI
LUN Mapping
Provides
Flexibility When
not All FC Luns
Are Exposed
Static creation of iSCSI virtual target

sw(config)# iscsi virtual-target name
iqn.com.cisco.target.abc
sw(config-(iscsi-tgt))# pwwn hh:hh:hh:hh:hh:hh:hh:hh fclun 2 iscsi-lun 0

sw(config-(iscsi-tgt))# trespass
OPT-2053
9761_05_2004_c2
Enable Trespass
to Allow Standby
Link to Become
Active in the Even
of Primary Failure
89
Target-Only iSCSI Mapping

Map an iSCSI target to a physical storage target and
all its LUNs are used
MDS9000 Configuration:
iscsi virtual-target name iqn.email
pWWN 20:00:07:63:00:c5:87:52
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
MDS Switch
Target
iqn.email
Physical Storage Array

WWPN: 20:00:07:63:00:
c5:87:52
Serial# 00018874
LUN 0
LUN 0
LUN 1
LUN 1
LUN 2
LUN 2 Serial# 00218874
LUN 3
Serial# 00118874
90
Mapping to Host Server

Each mapped LUN appears as a local disk volume
to the host server
Server e.g Win2K Server
Target-Only
Target
Email
Local Disk (D:)
Local Disk (E:)
Local Disk (F:)
Local Disk (G:)
OPT-2053
9761_05_2004_c2
MDS Switch
Mapping
WWPN: 20:00:07:63:00:
c5:87:52 Loopid: 129
Serial# 00018874
LUN 0
LUN 0
LUN 1
LUN 1
LUN 2
LUN 3
Serial# 00118874
91
Target-and-LUN iSCSI Mapping

Map to a uniquely identifiable LUN using one of:
WWPN + LUN
LUN WWN (not always assigned)
MDS9000 configuration:
MDS Switch
iscsi virtual-target name iqn.email

pWWN 20:00:07:63:00:c5:87:52 fc-lun 2 iscsi-lun 0
WWPN: 20:00:07:
63:00:c5:87:52
LUN 0
Target
iqn.email
LUN 0
LUN 1
Serial# 00018874
Serial# 00118874

OPT-2053
9761_05_2004_c2

Presentation_ID.scr
92
Mapping Virtual Targets to Host Servers

Physical Storage Arrays
WWPN: 20:00:07:63:00:44:55:66
Server e.g Win2K Server
Target Web
Target and LUN

Mapping
LUN 0
Local Disk (D:)

Local Disk (E:)
Target DB
Local Disk (F:)
LUN 0

WWPN: 20:00:07:63:00:11:22:33
Target and LUN

Mapping

Local Disk (G:)

Target Email
Target-only
Mapping
WWPN: 20:00:07:63:00:bb:cc:dd
LUN 0
LUN 1
OPT-2053
9761_05_2004_c2
93
Access Control
iSCSI-based
sw(config)# iscsi virtual-target iqn.com.cisco.target.abc
sw(config-(iscsi-tgt))# initiator <name> permit
Or sw(config-(iscsi-tgt))# initiator <ip address> permit
Or sw(config-(iscsi-tgt))# all-initiator-permit
sw(config-(iscsi-tgt))# advertise interface <interface>
Zone-based
sw(config)# zone name iscsi-zone vsan 100
sw(config-zone)# member pwwn 21:00:00:20:37:4b:9a:bc
sw(config-zone)# member ip-address 10.10.10.1
sw(config-zone)# member symbolic-nodename
iqn.com.cisco.initiator.abc
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
94
IP Storage Network Design

;High Availability
;Network Boot
;Network Management and Administration
;Configuring iSCSI
Summary
OPT-2053
9761_05_2004_c2
95
Summary
Leverages the existing IP infrastructure
Hence the intelligence, capacity, and best practice design
can be leveraged in the iscsi infrastructure
Complementary to FC yet represents a low-cost

transport choice
Midrange applications connectivity
Midrange server connectivity with blade server
integration as new system candidate
Potential long-distance SAN transport
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
96
Reference Materials
http://www.t10.org/
http://www.t11.org/index.htm
http://www.ietf.org/rfc.html on RFC 3720
http://www.cisco.com/en/US/partner/products/hw/p
s4159/index.html
OPT-2053
9761_05_2004_c2
97
Associated Sessions
OPT-1051Introduction to Storage Technologies
and Applications
OPT-2051Fibre Channel Storage Area Network
Design
OPT-2052FCIP Design and Implementation
OPT-2054Storage Networking Security
OPT-3052Troubleshooting MDS 9000 IP Storage
Area Networks
Refer to the session listing on the Networkers
Speaker website at:
http://wwwin.cisco.com/Mkt/events/nw/2004/speaker.html
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
98
Appendix
SCSISmall Computer
System Interface
TOETCP Offload Engine
iSCSIinternet SCSI
GPFSGeneral Parallel File System
DASDirect Attached Storage
DMZDemilitarized Zone
FCFibre Channel
MZMilitarized Zone
CDBCommand Descriptor
Block
IVRInter-VSAN Routing
R2TReady To Transfer
LUNLogical Unit Number
SLPService Location Protocol
IQN iSCSI Qualified Name
NFSNetwork File System
GTSGeneric Traffic Shaping

FRTSFrame-Relay Traffic Shaping
CARCommitted Access Rate
PQPriority Queuing
EUIExtended Unique Identifier

iSNSInternet Storage Name
Service
OPT-2053
9761_05_2004_c2
99
Appendix: (Cont.)
CQCustom Queuing
FIFOFirst In First Out
WFQWeighted Fair Queuing
DSCPDifferentiated Services
Code Point
SSSlow Start
CACongestion Avoidance
MWSMaximum Window Size
SACKSelective
Acknowledgment
RPMRotations Per Minute
RAIDRedundant Arrays of
Inexpensive Disks
DWDMDense Wavelength
Division Multiplexing
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
CWDMCoarse Wavelength
Division Multiplexing
DRDisaster Recovery
VRRPVirtual Router
Redundancy Protocol
BIOSBasic Input/Output System
ROMRead-only Memory
SNMP v3Simple Network
Management Protocol, version 3
SSHSecure Shell
SSLSecure Socket Layer
AAAAuthentication
Authorization Accounting
RADIUSRemote Authentication
Dial-in User Service
100
Appendix: (Cont.)
TACACS+Terminal Access Controller Access
Control System
RBACRole-Based Access Control
CHAPChallenge Handshake Authentication Protocol
CFMCisco Fabric Manager
CDMCisco Device Manager
SPANSwitched Port Analyzer
MDSMultilayer Director Switch
IPSIP Service (module)
PAAPort Analyzer Adapter
CS+Terminal Access Controller Access Control System
OPT-2053
9761_05_2004_c2
101
Q AND A
OPT-2053
9761_05_2004_c2

Presentation_ID.scr
102
Complete Your Online Session Evaluation!

WHAT:
Complete an online session evaluation

and your name will be entered into a
daily drawing
WHY:
Win fabulous prizes! Give us your feedback!
WHERE: Go to the Internet stations located

throughout the Convention Center
HOW:
Winners will be posted on the onsite

Networkers Website; four winners per day
OPT-2053
9761_05_2004_c2
103
OPT-2053
9761_05_2004_c2
104

Presentation_ID.scr

Cisco ISCSI

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Cisco ISCSI

Încărcat de

Drepturi de autor:

Formate disponibile

iSCSI DESIGN AND IMPLEMENTATION

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved. Printed in USA.

iSCSI Design and Implementation

2004 Cisco Systems, Inc. All rights reserved.

The Typical Storage Environment

Direct Attached Storage (DAS)

Data access is file system

Direct-Attached Storage (DAS)

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved. Printed in USA.

The SCSI I/O Channel

A network approach can scale

SCSI CDB: SCSI Command Descriptor Block Used to Relay

2004 Cisco Systems, Inc. All rights reserved.

Networking the I/O Channel

Transport must not jeopardize

Same SCSI protocol (SCSI-3)

A networked I/O channel allows

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved. Printed in USA.

Fibre Channel Networking

Very common method for networking SCSI

Fibre Channel SAN overcomes many

Loop (shared) and Fabric (switched) transport

Combines best attributes of a

2004 Cisco Systems, Inc. All rights reserved.

IP: An Alternate I/O Transport

Viable transport for I/O traffic

Addressing for close to 4 billion nodes (IPv4)

Cost and manageability advantages with IP

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved. Printed in USA.

iSCSI Design and Implementation

2004 Cisco Systems, Inc. All rights reserved.

FCIPFibre-Channel-over-IPused to transport Fibre Channel frames

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved. Printed in USA.

Broad industry support

2004 Cisco Systems, Inc. All rights reserved.

iSCSI Architectural Model

SCSI Block Commands

SCSI Commands, Data, and Status

Other SCSI Commands

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved. Printed in USA.

Ethernet, PPP, HDLC

iSCSI Packet Format

Length of Data (After 40-Byte Header)

LUN or Opcode-Specific Fields

2004 Cisco Systems, Inc. All rights reserved.

iSCSI for Storage Consolidation

iSCSI driver is loaded onto

Able to build Ethernet-based

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved. Printed in USA.

iSCSI for Remote Block Access

Block access to remote

2004 Cisco Systems, Inc. All rights reserved.

Two iSCSI name types:

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved. Printed in USA.

iSCSI Name Structure