Blog‎ > ‎

CCIE DC SAN iSCSI

posted May 19, 2014, 10:04 PM by Rick McGee   [ updated May 21, 2014, 5:27 PM ]
iSCSI
    Internet Small Computer System Interface 
        SCSI over TCP over IP
    
Completely separate protocol stack from Fibre Channel  (No Fibre Channel Protocol)        

    Typically used in small to mid-range SAN's 
        No dedicated SAN switches required 
        No SAN switching knowledge required 

    1/10GigE iSCSI hardware offload cards available 

    ISCSI is not SAN switching
        End hosts run just IP
        Storage Array runs just IP
        Transport is anything IP 
    
    MDS is an iSCSI to FC gateway

MDS and iSCSI
    MDS is effectively a translational bridge for Fibre Channel and iSCSI
    
How iSCSI gateway works 
    FC Targets FLOGI as usual to FC fabric 
    iSCSI Initiators send Discovery to MDS
        Implies MDS has an IP enabled Ethernet interfaces
    
    MDS applies Zoning/Access Lists 

    iSCSI Initiator thinks FC target is iSCSI target 
    FC Target thinks iSCSI Initiator is FC Initiator 

MDS iSCSI Gateway Configuration 
    Configure FC to targets 

    Configure IP to Initiators 

    Enable iSCSI 

    Configure Zoning/ Access Control 

    Point server at MDS's IP address 

iSCSI Access Control
    Like in FC, access control must be enforced 
        Mounting someone else's volume can be catastrophic
    
    Access control can be enforced as:
        Zoning Based 
            Normal pWWN, FCID, Alias, etc...
            Initiator's IP address
            Initiators's iSCSI qualified name (IQN)

        iSCSI Based Virtual Target 
            IQN
            IP Address and Subnet 

iSCSI Topology 


This is assuming that all the basic Fi


MDS1 
    conf t
    zone mode enhanced vsan 10
    zone mode enhanced vsan 20
    vsan database
    vsan 10
    vsan 20
    interface fc1/17 vsan 10 
    interface fc1/18 vsan 20
    interface fc1/13
    switchport mode e
    switchport trunk allowed vsan all
show flogi database vsan 10

    inter gig1/1
    ip address 10.0.0.53 255.255.255.0 
    no shut 
    feature iscsi 
    iscsi enable module 1
    zone default-zone permit vsan 10 ( this is permitting all JBOD1 and 2 disks to be seen)
    zone commit vsan 10
    vsan database
    vlan 10 interface iscsi 1/1 (this ties the FC to iSCSI network together and translates)
 show flogi database vsan 10
You know see the interface iscsi1/1 is now part of vsan 10 and should be able to see the JBOD's disks

show iscsi initiator 
This will show who is trying to login into the fabric via iSCSI and what the virtual pWWN that is assigned to SERVER1

conf t
iscsi import target fc 

You wold want to create a zone/zoneset to mount only particular drives to each server so you don't accidentally mount the incorrect drive that could cause another server to crash.

no zone default-zone permit vsan 10
zone commit vsan 10 
zoneset name VSAN10 vsan 10
zone name ISCSIZONE
member device-alias JBOD1_PORT0_DISK0
member ip-address 10.0.0.10 
exit
zoneset activate name VSAN10 vsan 10
zone commit vsan 10
show zone active vsan 10 
You see know that the ACTIVE zone only sees DISK0 and SERVER1 IP address 10.0.0.1
 

MDS2 
conf t
zone mode  enhanced  vsan 10
zone mode  enhanced  vsan 20
vsan database 
vsan 10
vsan 20
interface fc1/13 vsan 20
interface fc1/14 vsan 10
interface fc1/10
switchport trunk allowed vsan all 
interface gig1/1 
ip address 10.0.0.54 You should be able to ping Server 1 and Server 3 form MDS1 or MDS2
no shut 
feature iscsi 
iscsi enable module 1

You'll see once you enable iscsi on the module (see what module via )show module" it will create two more interfaces iscsi1/1 and iscsi1/2 which is a logical link and have to issue the no shut down command on both MDS1 and MDS1 for the iscsi interfaces 

show iscsi global 

for this purpose issue the "iscsi authentication none" on MDS1 and MDS2



The rest of the configuration would be on the servers with the iscsi Initiator Properties
Target would be 10.0.0.53





Comments