More information regarding setting up an iSCSI service can be found in InfiniBox Best Practices Guide for Setting Up an iSCSI Service
What is iSCSI
iSCSI (Internet Small Computer Systems Interface) is an IP-based transport protocol for SCSI. It allows computers to connect to their SAN storage array without additional, dedicated Fibre Channel SAN adapters, thus reducing the overall cost of the infrastructure.
When iSCSI configuration is in use, the host opens a TCP session that serves as a path for SCSI commands from the host initiator to the storage target. Each of these TCP sessions is equivalent to a single initiator-target path that would be created using zoning in a Fibre Channel environment.
An iSCSI session can contain multiple TCP connections within a single session (called MC/S), which can help in high latency network.
Since InfiniBox is optimized for use within LAN speeds, and MC/S has an administrative overhead, InfiniBox implements a one-to-one relationship between connections and sessions to keep the configuration simple. The words ‘session’ and ‘connection’ are used in this document interchangeably.
Before the host can open a connection to a storage array, it needs to first "learn" about the storage.
There are 2 methods of discovery:
- Static discovery - The user manually provides one of the target hostnames or IP addresses. The host then connects to this IP address to query the storage for its details.
- Dynamic discovery - The host receives a hostname or IP address for an iSNS server that acts as a mediator: The iSNS periodically receives the configuration from the storage, and provides it to the host whenever asked.
Dynamic discovery allows the host to discover multiple storage arrays at once, as well as receive updates on new storage arrays as they are added to the environment.
Regardless of the discovery method, the host receives a lot of information about the target, such as the list of IP addresses it can use for accessing the data, the preferred I/O sizes, and the authentication requirements. In addition, the host is required to authenticate and provide digests (checksums) for the data.
- A complete manual configuration is also supported, but is not a common practice.
- CHAP cannot be used during the discovery of the iSCSI target.
Connecting to the storage
At the end of the discovery, the session is closed and the host is not yet connected to the storage. Connecting to the storage creates multiple TCP sessions from the host to the target IP addresses (the default is one session per initiator-target pair), which will allow I/O to be sent and received. This is known as the "Full Feature Phase" of the connection.
At this stage, the host treats all iSCSI connections as it would Fibre Channel paths. The host starts sending SCSI commands over these paths, and it receives the list of LUNs available to the initiator(s). The host sends query commands on each path to get the details of each LUN. These details are used by the multipath driver to identify the group of devices as multiple paths to the same device.
|RFC3720 / RFC7143||The iSCSI standards (original and updated)|
|iSCSI||Internet SCSI (Small Computer System Interface) over TCP/IP|
iSCSI initiator identifier (iSCSI Qualified)
A connection between the iSCSI initiator and an iSCSI target (IP address)
a single I_T Nexus domain that connects one initiator to one target device
|Multiple sessions||iSCSI host connections to all the target IP addresses in the network space using a separate session per IP address (see What is a network space).|
Challenge Handshake Authentication Protocol, used for iSCSI authentication
Types of CHAP authentication:
CHAP cannot be used during the discovery of the iSCSI target.
Additional CRC added to the iSCSI message in order to guarantee it arrived without corruption
Defines how the initiator and target recover from errors
InfiniBox supports ERL0
|iSNS||Internet Storage Name Service|
Allows clients to list targets in the network, similar to a DNS service for iSCSI discovery
Connecting a host to an iSCSI storage
The steps for connecting a host to an iSCSI storage (target) are:
- Install an iSCSI initiator on the host. This can be a software initiator that comes with the OS or an iSCSI HBA.
- The host discovers one of the iSCSI storage targets (IP addresses).
This is an automated process where the host collects information from the storage. After the host gets all the information, it closes the discovery session.
- The host connects to all target IP addresses (a.k.a. full feature phase).
The host opens multiple TCP connections to the iSCSI targets. Usually, each of these connections has a separate session, and each session is treated as a path to the storage.
At the end of this process, the connectivity between the host and storage might look like this:
Once the host completes the connection, it can scan for SCSI devices and discover the LUNs it has access to.
Alternative methods of discovering iSCSI targets
If iSNS is used, the host can discover multiple storage systems at once using a third-party iSNS server.
- iSNS serves as a directory where all iSCSI targets are registered, and where the clients can discover their IP addresses in a single query.
- Once the host discovers the target, it follows a similar path to connect to the iSCSI target (as explained above).
Multiple protocol access to SCSI devices
InfiniBox allows hosts to access block devices over both iSCSI and FC protocols. InfiniBox support hosts that have both Fibre Channel and iSCSI paths to LUNs.
This is a fast way to migrate between the two protocols, by allowing the same host to first connect using another protocol and only then removing the paths of the old protocol.
Limits and Limitations
- Maximum supported host ports (iQNs): 2000
Authentication - only CHAP and Mutual CHAP are supported
IP addresses - only IPv4 is supported
- IPSEC - is not supported
- MCS (Multiple Connections per Session) - is not supported
Network space exclusivity - iSCSI requires a separate network space
- CHAP cannot be used during the discovery of the iSCSI target