More information regarding setting up an iSCSI service can be found in InfiniBox Best Practices Guide for Setting Up an iSCSI Service
What is iSCSI
iSCSI (Internet Small Computer Systems Interface) is an IP based transport protocol for SCSI. It allows computers to connect to their SAN storage array without additional, dedicated Fibre Channel SAN adapters, thus reducing the overall cost of the infrastructure.
When iSCSI configuration is in use, the host opens a TCP session that serves as a path for SCSI commands from the host initiator to the storage target. Each of these TCP sessions is therefore equivalent to a single Initiator-target path that would be created using zoning in a Fibre Channel environment.
An iSCSI session can contain multiple TCP connections within a single session (called MC/S), which can help in high latency network.
Since InfiniBox in optimized for use within LAN speeds and MC/S has an administrative overhead, InfiniBox implements a one-ot-one relationship between connections and sessions to keep the configuration simple, and so the words ‘session’ and ‘connection’ are used in this document interchangeably.
Before the host can open a connection to a storage array, it needs to first "learn" about the storage.
There are 2 methods of discovery:
- Static discovery - the user manually provides one of the target hostname / IP addresses. The host will then connect to this IP to query the storage for its details (more below)
- Dynamic discovery - the host receives a hostname / IP address for an iSNS server which acts as a mediator: The iSNS receives the configuration from the storage periodically, and provides it to the host whenever asked.
Dynamic discovery allows the host to discover multiple storage arrays at once, as well as receive updates on new storage array as they are added to the environment.
Regardless of the discovery method, the host will get a lot of information about the target, such as the list of IP addresses it can use for accessing the data, the preferred IO sizes, and the authentication requirements. In addition, the host is required to authenticate and provide digests (checksums) for the data.
- A complete manual configuration is also supported, but is not a common practice.
- CHAP cannot be used during the discovery of the iSCSI target.
Connecting to the storage
At the end of the discovery, the session is closed and the host is not yet connected to the storage. Connecting to the storage will create multiple TCP sessions from the host to the target IPs (1 session per intiator-target pair is the default), which will allow IO to be sent / received. This is known as the "Full Feature Phase" of the connection.
At this stage the host treats all iSCSI connections as it would Fibre Channel paths. The host starts sending SCSI commands over these paths, and gets the list of LUNs available to the initiator(s). Further, the host sends query commands on each path to get the details of each LUN. These details will be used by the multipath driver to identify the group of devices as multiple paths to the same device.
|RFC3720 / RFC7143||The iSCSI standards (original and updated)|
|iSCSI||SCSI (Internet Small Computer System Interface) over TCP/IP|
iSCSI initiator identifier (iSCSI Qualified)
A connection between the iSCSI intiator and an iSCSI target (IP address)
a single I_T Nexus domain, connecting 1 Initiator to 1 target device
|Multiple sessions||An iSCSI host connects to all the target IPs in the Network space using a separate session per IP (see What is a network space).|
Challenge Handshake Authentication Protocol, used for iSCSI authentication.
Types of CHAP authentication:
CHAP cannot be used during the discovery of the iSCSI target.
Additional CRC added to the iSCSI message in order to guarantee it arrived without corruption.
Defines how the Initiator and target recover from errors.
InfiniBox supports ERL0
|iSNS||Internet Storage Name Service.|
Allows clients to list targets in the network (Similar to a DNS service only for iSCSI discovery).
Connecting a host to an iSCSI storage
The steps for connecting a host to an iSCSI storage (target) are:
- installing an iSCSI initiator on the host (this can be a software initiator that comes with the OS or an iSCSI HBA)
- Discovering one of the iSCSI storage targets (IP addresses).
This is an automated process where the host collects information from the storage. After the host gets all the information, it closes the discovery session.
- Connecting to all target IP addresses (a.k.a. full feature phase)
The host opens multiple TCP connections to the iSCSI targets, commonly each of these connections has a separate session, and each session is treated as a path to the storage.
At the end of this process, the connectivity between the host and storage may look like this:
Once the host completes the connection it can scan for SCSI devices and discover the LUNs it has access to.
Alternative methods of discovering iSCSI targets
If iSNS is used, the host may discover multiple storage systems at once using a 3rd party iSNS server.
- iSNS serves as a directory where all iSCSI targets are registered and the clients can discover their IP addresses in a single query.
- Once the host discovers the target, it follows a similar path to connect to the iSCSI target as explained above.
Multiple protocol access to SCSI devices
InfiniBox allows hosts to access block devices over both iSCSI and FC protocols. InfiniBox support hosts that have both Fibre Channel and iSCSI paths to LUNs.
This is a fast way to migrate between the 2 protocols, by allowing the same host to first connect using another protocol and only then removing the paths of the old protocol.
Limits and Limitations
- Maximum supported host ports (iQNs): 2000
Authentication - only CHAP and Mutual CHAP are supported
IP addresses - only IPv4 is supported
- IPSEC is not supported
- MCS (Multiple Connections per Session) - is not supported
NetWork Space exclusivity - iSCSI requires a separate Network Space
- CHAP cannot be used during the discovery of the iSCSI target