what is iscsi and how iscsi works
TRANSCRIPT
-
7/27/2019 What is ISCSI and How iSCSI Works
1/4
What is ISCSI and How iSCSI Works:
iSCSI stands for internet SCSI, or internet Small Computer Systems Interface. iSCSI is the
transmission of SCSI commands and data over IP (Internet Protocol) Networks.
How iSCSI Works:When an end user or application sends a request, the operating system generates the appropriateSCSI commands and data request, which then go through encapsulation and, if necessary,
encryption procedures. A packet header is added before the resulting IP packets are transmitted
over an Ethernet connection. When a packet is received, it is decrypted (if it was encryptedbefore transmission), and disassembled, separating the SCSI commands and request. The SCSI
commands are sent on to the SCSI controller, and from there to the SCSI storage device. Because
iSCSI is bi-directional, the protocol can also be used to return data in response to the original
request.
iSCSI is one of two main approaches to storage data transmission over IP networks; the other
method, Fibre Channel over IP (FCIP), translates Fibre Channel control codes and data into IPpackets for transmission between geographically distant Fibre Channel SANs. FCIP (also knownas Fibre Channel tunneling or storage tunneling) can only be used in conjunction with Fibre
Channel technology; in comparison, iSCSI can run over existing Ethernet networks. A number of
vendors, including Cisco, IBM, and Nishan have introduced iSCSI-based products (such asswitches and routers).
How iSCSI authentication works
During the initial stage of an iSCSI session, the initiator sends a login request to the storage
system to begin an iSCSI session. The storage system will then either permit or deny the loginrequest, or determine that a login is not required.
iSCSI authentication methods are:
Challenge Handshake Authentication Protocol (CHAP)The initiator logs in using a CHAP username and password.
You can specify a CHAP password or generate a random password. There are two types of CHAP
user names and passwords:
o InboundThe storage system authenticates the initiator.Inbound settings are required if you are using CHAP authentication.
o OutboundThis is an optional setting to enable the initiator to authenticate the storagesystem.
-
7/27/2019 What is ISCSI and How iSCSI Works
2/4
You can use outbound settings only if you defined an inbound user name and
password on the storage system.
denyThe initiator is denied access to the storage system. noneThe storage system does not require authentication for the initiator.
You can define a list of initiators and their authentication methods. You can also define a default
authentication method that applies to initiators that are not on this list.
The default iSCSI authentication method is none, which means any initiator not in theauthentication list can log in to the storage system without authentication. However, you can
change the default method to deny or CHAP.
If you use iSCSI with vFiler units, the CHAP authentication settings are configured separatelyfor each vFiler unit. Each vFiler unit has its own default authentication mode and list of initiators
and passwords.
You are here:Home/ Quick and Dirty Guide to iSCSI Implementation
Quick and Dirty Guide to iSCSI ImplementationA Quick and Dirty Guide to iSCSI Implementation
-Rajeev Karamchedu
IntroductionHow does it work?Implementation Environment
Target Setup on the FilerInitiator SetupAutomounting iSCSI
How Fast Is It ?
Implementing iSCSI SecurityiSNS, Internet Storage Name Service
References
Introduction
iSCSI (Internet Small Computer System Interface), an IP-based storage networking standard forconnecting data storage entities, developed by the Internet Engineering Task Force (IETF).Essentially a protocol carrying SCSI commands over IP networks, iSCSI can be a cheap and
effective alternative for storage administrators who are otherwise struggling to strike a balance
between the high-cost and complex implementations of FC-SAN (Fibre Channel Storage AreaNetworks) and the performance limitations and overhead of NAS (Network Attached Storage).
http://rajeev.name/http://rajeev.name/http://rajeev.name/http://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#introhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#introhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#workshttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#workshttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#envhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#envhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#targethttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#targethttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#initiatorhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#initiatorhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#automounthttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#automounthttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#perfhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#perfhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#securityhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#securityhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#isnshttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#isnshttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#readshttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#readshttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#readshttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#isnshttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#securityhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#perfhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#automounthttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#initiatorhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#targethttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#envhttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#workshttp://rajeev.name/quick-and-dirty-guide-to-iscsi-implementation/#introhttp://rajeev.name/ -
7/27/2019 What is ISCSI and How iSCSI Works
3/4
For the sake of completeness, it should be noted that there are TWO other protocols similar to iSCSI
where IP networks are used to move data packets. iFCP and FCIP. Both of those protocols are NOT
implemented on a server but are rather used to connect remote SANs together. iFCP translates a Fibre
Channel frame to IP and then translates it back after it reaches the destination. FCIP is a tunneling
protocol to send FC frames in tact over IP.
How does it work?iSCSI is a Client-Server based protocol, except that the client process requesting data is called an
initiator and the server process serving the data is called a target. In an iSCSI
implementation, the storage that is offered by the target appears as local disk to the initiator. Theclient can make block-based operations on that storage. Since this involves formatting the disk,
partitioning, creating a file system on the disk, no more than one in iti ator can have read/wri te
access to the specif ic iSCSI device at a time. However, it is possible that you can mount a iSCSI
device as read-only on multiple initiators.
When the initiator (client) receives request for a piece of data on the server, it translates that request
into pure SCSI commands and assembles that into an IP packet (additionally performing encapsulation
and/or encryption). Using the IP networks, then that packet can be sent to the target (server), without
any distance limitations that traditional SCSI suffers. On the target, the iSCSI protocol extracts the SCSI
commands (performing de-capsulation and/or de-cryption in the process) and sends the SCSI commands
to the SCSI controller. The protocol is also bi-directional so the data can be sent back as a reply to the
request.
The downside of iSCSI is that all this processing can be a burden on the clients cpu. That can be solved
by using iSCSI-HBAs which are much like Fibre Channel HBAs but for iSCSI. iSCSI-HBAs are used to offload
the processing overhead from the primary CPU(s) to the dedicated HBA. iSCSI HBAs are relatively much
cheaper than the FC-HBAs, at the time of this writing. iSCSI-HBAs are referred to as hardwareinitiators. Software Initiators are simply drivers loaded into the OS that will enable iSCSI
communications. Currently, we can use the following software initiators for free: the iSCSI Microsoft
Windows Initiator software, the iSCSI Linux Initiator software and the iSCSI NetWare Initiator software.
Those who have accounts with Cisco can also download the Cisco iSCSI driver for Linux, HPUX, Windows
and Solaris.
Implementation Environment
This document reflects the following environment-specific implementation details and command sets.
Consult the Resources section for links to other implementations.
Target: Network Appliance Filer running Data ONTAP 6.5.x
Initiator: Intel P4 Desktop running Suse 9.2 (2.6.8-24.14-smp)
Fibre Channel implementation uses WWPN (World Wide Port Names) and WWNN (World
Wide Node Names) to identify devices. iSCSI uses iSCSI addresses. Once all the targets andinitiators are assigned and configured with iSCSI addresses, these nodes need to know about
each other, akin to the DNS resolution. Once they are aware of each other, they can
-
7/27/2019 What is ISCSI and How iSCSI Works
4/4
communicate and the initiator can access the storage from the target. Details of how this is
accomplished is discussed later in this document.
iSCSI addresses come in two formats: iSCSI Qualified Name (iqn) or IEEE EUI-64 (eui) format. A (very)
brief discussion of the two formats is below.
iqn Format: iqn.yyyy-mm.backward_naming_authority:unique_device_nameFor e.g. on a linux box, the iSCSI initiator address may look like his:
iqn.1987-05.com.cisco:01.12a14c2dcab9
euiFormat: eui.nnnnnnnnnnnnnnnneuiFormat is used when a manufacturer is already registered with the IEEE Registration
Authority and uses EUI-64 formatted worldwide unique names for its products
The iscsi driver/initiator software found in todays Linux distributions is a open-source version of the one
Cisco provides and uses the iqn format. The Network Appliance file servers also use an iqn format for
target addressing.