Follow

More information regarding setting up an iSCSI service can be found in InfiniBox Best Practices Guide for Setting Up an iSCSI Service

What is iSCSI

iSCSI (Internet Small Computer Systems Interface) is an IP-based transport protocol for SCSI. It allows computers to connect to their SAN storage array without additional, dedicated Fibre Channel SAN adapters, thus reducing the overall cost of the infrastructure.
When iSCSI configuration is in use, the host opens a TCP session that serves as a path for SCSI commands from the host initiator to the storage target. Each of these TCP sessions is equivalent to a single initiator-target path that would be created using zoning in a Fibre Channel environment.
An iSCSI session can contain multiple TCP connections within a single session (called MC/S), which can help in high latency network.
Since InfiniBox is optimized for use within LAN speeds, and MC/S has an administrative overhead, InfiniBox implements a one-to-one relationship between connections and sessions to keep the configuration simple. The words ‘session’ and ‘connection’ are used in this document interchangeably.

Discovery

Before the host can open a connection to a storage array, it needs to first "learn" about the storage.
There are 2 methods of discovery:

  • Static discovery - The user manually provides one of the target hostnames or IP addresses. The host then connects to this IP address to query the storage for its details.
  • Dynamic discovery - The host receives a hostname or IP address for an iSNS server that acts as a mediator: The iSNS periodically receives the configuration from the storage, and provides it to the host whenever asked.

Dynamic discovery allows the host to discover multiple storage arrays at once, as well as receive updates on new storage arrays as they are added to the environment.
Regardless of the discovery method, the host receives a lot of information about the target, such as the list of IP addresses it can use for accessing the data, the preferred I/O sizes, and the authentication requirements. In addition, the host is required to authenticate and provide digests (checksums) for the data.

Notes:

  • A complete manual configuration is also supported, but is not a common practice.
  • CHAP cannot be used during the discovery of the iSCSI target.

Connecting to the storage

At the end of the discovery, the session is closed and the host is not yet connected to the storage. Connecting to the storage creates multiple TCP sessions from the host to the target IP addresses (the default is one session per initiator-target pair), which will allow I/O to be sent and received. This is known as the "Full Feature Phase" of the connection.

At this stage, the host treats all iSCSI connections as it would Fibre Channel paths. The host starts sending SCSI commands over these paths, and it receives the list of LUNs available to the initiator(s). The host sends query commands on each path to get the details of each LUN. These details are used by the multipath driver to identify the group of devices as multiple paths to the same device.

iSCSI terminology

Term
Description
RFC3720 / RFC7143The iSCSI standards (original and updated)
iSCSIInternet SCSI (Small Computer System Interface) over TCP/IP
iQN

iSCSI initiator identifier (iSCSI Qualified)

  • Software initiator - an iQN per host
  • Hardware initiator - an iQN per HBA 
Session

A connection between the iSCSI initiator and an iSCSI target (IP address)

a single I_T Nexus domain that connects one initiator to one target device

Multiple sessionsiSCSI host connections to all the target IP addresses in the network space using a separate session per IP address (see What is a network space).
CHAP

Challenge Handshake Authentication Protocol, used for iSCSI authentication

Types of CHAP authentication:

  • Inbound - Initiator authenticated by the target in order to gain access to the target
  • Mutual - The target is also authenticated by the initiator (after Inbound authentication)

CHAP cannot be used during the discovery of the iSCSI target.

Digest 

Additional CRC added to the iSCSI message in order to guarantee it arrived without corruption
There are separate digests for the header and data payload

ErrrorRecoveryLevel (ERL) 

Defines how the initiator and target recover from errors

InfiniBox supports ERL0

iSNSInternet Storage Name Service
Allows clients to list targets in the network, similar to a DNS service for iSCSI discovery

Connecting a host to an iSCSI storage

The steps for connecting a host to an iSCSI storage (target) are:

  1. Install an iSCSI initiator on the host. This can be a software initiator that comes with the OS or an iSCSI HBA.
  2. The host discovers one of the iSCSI storage targets (IP addresses). 
    This is an automated process where the host collects information from the storage. After the host gets all the information, it closes the discovery session.
  3. The host connects to all target IP addresses (a.k.a. full feature phase).
    The host opens multiple TCP connections to the iSCSI targets. Usually, each of these connections has a separate session, and each session is treated as a path to the storage.

At the end of this process, the connectivity between the host and storage might look like this:

 

Once the host completes the connection, it can scan for SCSI devices and discover the LUNs it has access to.

Alternative methods of discovering iSCSI targets

If iSNS is used, the host can discover multiple storage systems at once using a third-party iSNS server.

  • iSNS serves as a directory where all iSCSI targets are registered, and where the clients can discover their IP addresses in a single query.
  • Once the host discovers the target, it follows a similar path to connect to the iSCSI target (as explained above).

Multiple protocol access to SCSI devices

InfiniBox allows hosts to access block devices over both iSCSI and FC protocols. InfiniBox support hosts that have both Fibre Channel and iSCSI paths to LUNs.

This is a fast way to migrate between the two protocols, by allowing the same host to first connect using another protocol and only then removing the paths of the old protocol.

Limits and Limitations

  • Maximum supported host ports (iQNs): 2000
  • Authentication - only CHAP and Mutual CHAP are supported

  • IP addresses - only IPv4 is supported

  • IPSEC - is not supported
  • MCS (Multiple Connections per Session) - is not supported
  • Network space exclusivity - iSCSI requires a separate network space 

  • CHAP cannot be used during the discovery of the iSCSI target


Was this article helpful?
0 out of 0 found this helpful

0 out of 0 found this helpful

Last edited: 2022-05-08 11:09:33 UTC

Comments