iscsi san topologies techbook - dell emc · pdf fileiscsi san topologies techbook 5 contents...

iSCSI SAN Topologies

Version 3.2

• iSCSI SAN Topology Overview

• TCP/IP and iSCSI Overview

• Use Case Scenarios

Jonghoon (Jason) Jeong

iSCSI SAN Topologies TechBook2

Copyright © 2011 - 2015 EMC Corporation. All rights reserved.

EMC believes the information in this publication is accurate as of its publication date. The information issubject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NOREPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THISPUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY ORFITNESS FOR A PARTICULAR PURPOSE.

Use, copying, and distribution of any EMC software described in this publication requires an applicablesoftware license.

EMC2, EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the UnitedState and other countries. All other trademarks used herein are the property of their respective owners.

For the most up-to-date regulator document for your product line, go to EMC Online Support(https://support.emc.com).

Part number H8080.6

Contents

Preface............................................................................................................................ 11

Chapter 1 TCP/IP TechnologyTCP/IP overview.............................................................................. 18

Transmission Control Protocol ................................................ 18Internet Protocol ........................................................................ 20

TCP terminology............................................................................... 21TCP error recovery............................................................................ 25TCP network congestion.................................................................. 28IPv6 ..................................................................................................... 29

Features of IPv6.......................................................................... 29Deployment status..................................................................... 31Addressing.................................................................................. 32IPv6 packet.................................................................................. 37Transition mechanisms ............................................................. 38

Internet Protocol security (IPsec).................................................... 40Tunneling and IPsec .................................................................. 40IPsec terminology ...................................................................... 41

Chapter 2 iSCSI TechnologyiSCSI technology overview.............................................................. 44iSCSI discovery.................................................................................. 46

Static............................................................................................. 46Send target .................................................................................. 46iSNS.............................................................................................. 46

iSCSI error recovery.......................................................................... 47

iSCSI SAN Topologies TechBook 3

Contents

iSCSI security..................................................................................... 48Security mechanisms................................................................. 48Authentication methods ........................................................... 49

Chapter 3 iSCSI SolutionsNetwork design best practices........................................................ 52EMC native iSCSI targets................................................................. 53

Symmetrix................................................................................... 53VNX for Block and CLARiiON................................................ 54Celerra Network Server............................................................ 55VNX series for File..................................................................... 56

Configuring iSCSI targets ................................................................ 58Bridged solutions.............................................................................. 60

Brocade........................................................................................ 60Cisco ............................................................................................ 63

Summary............................................................................................ 69

Chapter 4 Use Case ScenariosConnecting an iSCSI Windows host to a VMAX array ............... 72

Configuring storage port flags and an IP address on aVMAX array ............................................................................... 72Configuring LUN Masking on a VMAX array...................... 77Configuring an IP address on a Windows host .................... 79Configuring iSCSI on a Windows host................................... 81Configuring Jumbo frames ...................................................... 97Setting MTU on a Windows host ............................................ 97

Connecting an iSCSI Linux host to a VMAX array...................... 99Configuring storage port flags and an IP address on aVMAX array ............................................................................. 100Configuring LUN Masking on a VMAX array.................... 107Configuring an IP address on a Linux host ......................... 110Configuring CHAP on the Linux host.................................. 113Configuring iSCSI on a Linux host using Linux iSCSIInitiator CLI .............................................................................. 113Configuring Jumbo frames .................................................... 115Setting MTU on a Linux host................................................. 115

Configuring the VNX for block 1 Gb/10 Gb iSCSI port ........... 117Prerequisites ............................................................................. 117Configuring storage system iSCSI front-end ports ............ 118Assigning an IP address to each NIC or iSCSI HBA in aWindows Server 2008 ............................................................. 123


Contents

Configuring iSCSI initiators for a configurationwithout iSNS............................................................................. 126Registering the server with the storage system................... 142Setting storage system failover values for the serverinitiators with Unisphere ........................................................ 144Configuring the storage group .............................................. 159iSCSI CHAP authentication.................................................... 172

Connecting an iSCSI Windows host to an XtremIO array ........ 173Prerequisites ............................................................................. 173Configuring storage system iSCSI portal ............................. 174Assigning an IP address to each NIC or iSCSI HBA in aWindows Server 2008 .............................................................. 176Configuring iSCSI initiator on a Windows host.................. 178Configuring LUN masking on an XtremIO array ............... 184Detecting the iSCSI LUNs from Windows host................... 189

5iSCSI SAN Topologies TechBook

Contents


Title Page

Figures

1 TCP header example ...................................................................................... 192 TCP header fields, size, and functions ........................................................ 193 Slow start and congestion avoidance .......................................................... 264 Fast retransmit ................................................................................................ 275 IPv6 packet header structure ........................................................................ 376 iSCSI example ................................................................................................. 447 iSCSI header example .................................................................................... 458 iSCSI header fields, size, and functions ...................................................... 459 Celerra iSCSI configurations ......................................................................... 5510 VNX 5000 series iSCSI configuration .......................................................... 5611 VNX VG2 iSCSI configuration ..................................................................... 5712 iSCSI gateway service basic implementation ............................................. 6013 Supportable configuration example ............................................................ 6414 Windows host connected to a VMAX array with 1 G connectivity ........ 7215 EMC Symmetrix Manager Console, Directors ........................................... 7316 Set Port Attributes dialog box ...................................................................... 7417 Config Session tab .......................................................................................... 7518 My Active Tasks, Commit All ...................................................................... 7519 EMC Symmetrix Management Console, Storage Provisioning ............... 7720 Internet Protocol Version 6 (TCP/IPv6) Properties dialog box ............... 8021 Test connectivity ............................................................................................. 8022 iSCSI Initiator Properties window ............................................................... 8223 Discovery tab, Discover Portal ..................................................................... 8324 Discover Portal dialog box ............................................................................ 8425 Advanced Settings window .......................................................................... 8526 Target portals .................................................................................................. 8627 Targets tab ....................................................................................................... 8628 Connect to Target dialog box ........................................................................ 8729 Discovered targets .......................................................................................... 8730 Volume and Devices tab ................................................................................ 88


Figures

31 Devices ............................................................................................................. 8932 iSNS Server Properties window, storage ports .......................................... 9033 Discovery tab .................................................................................................. 9134 iSNS Server added ......................................................................................... 9235 iSNS Server ...................................................................................................... 9336 Linux hosts connected to a VMAX array with 10 G connectivity ........... 9937 Set port attributes ......................................................................................... 10138 Set Port Attributes dialog box .................................................................... 10239 Config Session tab ........................................................................................ 10340 My Active Tasks, Commit All .................................................................... 10441 CHAP authentication .................................................................................. 10542 Director Port CHAP Authentication Enable/Disable dialog box ......... 10543 Director Port CHAP Authentication Set dialog box ............................... 10644 EMC Symmetrix Management Console, Storage Provisioning ............ 10845 Verify IP addresses ...................................................................................... 11146 Test connectivity ........................................................................................... 11347 Windows host connected to a VNX array with 1 G/ 10 G

connectivity..................................................................................................... 11748 Unisphere, System tab ................................................................................. 11949 Message box .................................................................................................. 12050 iSCSI Port Properties window .................................................................... 12151 iSCSI Virtual Port Properties window ...................................................... 12252 Warning message ......................................................................................... 12353 Successful message ...................................................................................... 12354 Control Panel, Network Connections window ....................................... 12455 Local Area Connection Properties dialog box ......................................... 12556 Internet Protocol Version 4 (TCP/IPv4) Properties dialog box ............ 12657 EMC Unisphere Server Utility welcome window ................................... 12858 EMC Unisphere Server Utility window, Configure iSCSI

Connections.................................................................................................... 12959 iSCSI Targets and Connections window .................................................. 13060 Discover iSCSI targets on this subnet ....................................................... 13161 Discover iSCSI targets for this target portal ............................................. 13262 iSCSI Targets window ................................................................................. 13363 Successful logon message ........................................................................... 13464 Server registration window ........................................................................ 13565 Successfully updated message ................................................................... 13666 Microsoft iSCSI Initiator Properties dialog box ....................................... 13767 Discovery tab ................................................................................................ 13768 Add Target Portal dialog box ..................................................................... 13869 Advanced Settings dialog box, General tab ............................................. 13870 iSCSI Initiator Properties dialog box, Discovery tab .............................. 13971 iSCSI Initiator Properties dialog box, Targets tab ................................... 140


Figures

72 Log on to Target dialog box ........................................................................ 14073 Target, Connected ......................................................................................... 14174 EMC Unisphere Server Utility, welcome window .................................. 14275 Connected Storage Systems ........................................................................ 14376 Successfully updated message .................................................................... 14477 EMC Unisphere, Hosts tab .......................................................................... 14578 Start Wizard dialog box ............................................................................... 14679 Select Host dialog box .................................................................................. 14780 Select Storage System dialog box ............................................................... 14881 Specify Settings dialog box .......................................................................... 14982 Review and Commit Settings ..................................................................... 15183 Failover Setup Wizard Confirmation dialog box ..................................... 15284 Details from Operation dialog box ............................................................ 15385 EMC Unisphere, Hosts tab .......................................................................... 15486 Connectivity Status Window, Host Initiators tab .................................... 15487 Expanded hosts ............................................................................................. 15588 Edit Initiators window ................................................................................. 15589 Confirmation dialog box .............................................................................. 15790 Success confirmation message .................................................................... 15791 Connectivity Status window, Host Initiators tab ..................................... 15892 Initiator Information window ..................................................................... 15893 Select system .................................................................................................. 15994 Select Storage Groups .................................................................................. 16095 Storage Groups window .............................................................................. 16196 Create Storage dialog box ............................................................................ 16197 Confirmation dialog box .............................................................................. 16298 Storage Group, Properties ........................................................................... 16399 Hosts tab ........................................................................................................ 163100 Hosts to be Connected column .................................................................. 164101 Connect LUNs ............................................................................................... 165102 LUNs tab ........................................................................................................ 166103 Selected LUNs ............................................................................................... 167104 Confirmation dialog box .............................................................................. 167105 Success message box .................................................................................... 168106 Added LUNs ................................................................................................. 168107 Computer Management window ............................................................... 169108 Rescanned disks ............................................................................................ 170109 PowerPath icon ............................................................................................. 170110 EMC PowerPath Console screen ................................................................ 171111 Disks ............................................................................................................... 171112 Windows host connected to an XtremeIO array ...................................... 173113 XtremIO iSCSI port locations ...................................................................... 174114 iSCSI Network Configuration window ..................................................... 175

9iSCSI SAN Topologies TechBook

Figures

115 Edit X1-N1-iscsi1 iSCSI Portal dialog box ................................................ 175116 Control Panel, Network Connections window ....................................... 176117 Local Area Connection Properties dialog box ......................................... 177118 Internet Protocol Version 4 (TCP/IPv4) Properties dialog box ............ 178119 iSCSI Initiator Properties window ............................................................. 179120 Discovery tab ................................................................................................ 180121 Discover Target Portal dialog box ............................................................. 180122 Targets display ............................................................................................. 181123 Targets tab ..................................................................................................... 182124 Connect to Target dialog box ..................................................................... 182125 Host connected to targets ............................................................................ 183126 Second iSCSI target ...................................................................................... 184127 Main menu .................................................................................................... 184128 Add New Volumes screen .......................................................................... 185129 New folder dialog box ................................................................................. 186130 Add New Volumes screen .......................................................................... 186131 Configuration window ................................................................................ 187132 Add Initiator Group window ..................................................................... 187133 Add Initiator dialog box .............................................................................. 188134 Initiator Groups displayed ......................................................................... 188135 LUN Mapping Configuration window ..................................................... 189136 iSCSI Initiator Properties window ............................................................. 190137 EMC PowerPath Console ............................................................................ 191


Preface

This EMC Engineering TechBook provides a high-level overview of iSCSISAN topologies and includes basic information about TCP/IP technologiesand iSCSI solutions.

E-Lab would like to thank all the contributors to this document, includingEMC engineers, EMC field personnel, and partners. Your contributions areinvaluable.

As part of an effort to improve and enhance the performance and capabilitiesof its product lines, EMC periodically releases revisions of its hardware andsoftware. Therefore, some functions described in this document may not besupported by all versions of the software or hardware currently in use. Forthe most up-to-date information on product features, refer to your productrelease notes. If a product does not function properly or does not function asdescribed in this document, please contact your EMC representative.

Audience This TechBook is intended for EMC field personnel, includingtechnology consultants, and for the storage architect, administrator,and operator involved in acquiring, managing, operating, ordesigning a networked storage environment that contains EMC andhost devices.

EMC Support Matrixand E-Lab

InteroperabilityNavigator

For the most up-to-date information, always consult the EMC SupportMatrix (ESM), available through E-Lab Interoperability Navigator(ELN) at http://elabnavigator.EMC.com.


http://elabnavigator.EMC.com


https://elabnavigator.emc.com

12

Preface

Relateddocumentation

Related documents include:

◆ The following documents, including this one, are availablethrough the E-Lab Interoperability Navigator athttp://elabnavigator.EMC.com.

These documents are also available at the following location:

http://www.emc.com/products/interoperability/topology-resource-center.htm

• Backup and Recovery in a SAN TechBook• Building Secure SANs TechBook• Extended Distance Technologies TechBook• Fibre Channel over Ethernet (FCoE): Data Center Bridging (DCB)

Concepts and Protocols TechBook• Fibre Channel over Ethernet (FCoE): Data Center Bridging (DCB)

Case Studies TechBook• Fibre Channel SAN Topologies TechBook• Networked Storage Concepts and Protocols TechBook• Networking for Storage Virtualization and RecoverPoint TechBook• WAN Optimization Controller Technologies TechBook• EMC Connectrix SAN Products Data Reference Manual• Legacy SAN Technologies Reference Manual• Non-EMC SAN Products Data Reference Manual

◆ EMC Support Matrix, available through E-Lab InteroperabilityNavigator at http://elabnavigator.EMC.com

◆ RSA security solutions documentation, which can be found athttp://RSA.com > Content Library

All of the following documentation and release notes can be found atEMC Online Support at https://support.emc.com.

EMC hardware documents and release notes include those on:

◆ Connectrix B series◆ Connectrix MDS (release notes only)◆ VNX series◆ CLARiiON◆ Celerra◆ Symmetrix◆ VMAX

EMC software documents include those on:

◆ RecoverPoint◆ TimeFinder◆ PowerPath

iSCSI SAN Topologies TechBook




http://RSA.com

Preface

The following E-Lab documentation is also available:

◆ Host Connectivity Guides◆ HBA Guides

For Cisco and Brocade documentation, refer to the vendor’s website.

◆ http://cisco.com

◆ http://brocade.com

Authors of thisTechBook

This TechBook was authored by Ron Dharma, Vinay Jonnakuti, andJonghoon (Jason) Jeong , with contributions from EMC engineers,EMC field personnel, and partners.

Jonghoon (Jason) Jeong is a Systems Integration Engineer and hasbeen with EMC for over 6 years. Jonghoon works in E-Lab qualifyingnew CLARiiON/VNX, Invista, and PowerPath Migration Enablerreleases.

Conventions used inthis document

EMC uses the following conventions for special notices:

IMPORTANT

An important notice contains information essential to software orhardware operation.

Note: A note presents information that is important, but not hazard-related.

Typographical conventionsEMC uses the following type style conventions in this document.

Normal Used in running (nonprocedural) text for:• Names of interface elements (such as names of windows, dialog

boxes, buttons, fields, and menus)• Names of resources, attributes, pools, Boolean expressions, buttons,

DQL statements, keywords, clauses, environment variables,functions, utilities

• URLs, pathnames, filenames, directory names, computer names,filenames, links, groups, service keys, file systems, notifications

Italic Used in all text (including procedures) for:• Full titles of publications referenced in text• Emphasis (for example a new term)• Variables


14

Preface

Where to get help EMC support, product, and licensing information can be obtained onthe EMC Online Support site as described next.

Note: To open a service request through the EMC Online Support site, youmust have a valid support agreement. Contact your EMC sales representativefor details about obtaining a valid support agreement or to answer anyquestions about your account.

Product informationFor documentation, release notes, software updates, or forinformation about EMC products, licensing, and service, go to theEMC Online Support site (registration required) at:

https://support.EMC.com

Technical supportEMC offers a variety of support options.

Support by Product — EMC offers consolidated, product-specificinformation on the Web at:

Bold Used in running (nonprocedural) text for:• Names of commands, daemons, options, programs, processes,

services, applications, utilities, kernels, notifications, system calls,man pages

Used in procedures for:• Names of interface elements (such as names of windows, dialog

boxes, buttons, fields, and menus)• What user specifically selects, clicks, presses, or types

Courier Used for:• System output, such as an error message or script• URLs, complete paths, filenames, prompts, and syntax when shown

outside of running textCourier bold Used for:

• Specific user input (such as commands)Courier

italicUsed in procedures for:• Variables on command line• User input variables

< > Angle brackets enclose parameter or variable values supplied by theuser

[ ] Square brackets enclose optional values

| Vertical bar indicates alternate selections - the bar means “or”

{ } Braces indicate content that you must specify (that is, x or y or z)

... Ellipses indicate nonessential information omitted from the example


https://support.EMC.com

http://support.EMC.com

Preface

https://support.EMC.com/products

The Support by Product web pages offer quick links toDocumentation, White Papers, Advisories (such as frequently usedKnowledgebase articles), and Downloads, as well as more dynamiccontent, such as presentations, discussion, relevant CustomerSupport Forum entries, and a link to EMC Live Chat.

EMC Live Chat — Open a Chat or instant message session with anEMC Support Engineer.

eLicensing supportTo activate your entitlements and obtain your Symmetrix license files,visit the Service Center on https://support.EMC.com, as directed onyour License Authorization Code (LAC) letter e-mailed to you.

For help with missing or incorrect entitlements after activation (thatis, expected functionality remains unavailable because it is notlicensed), contact your EMC Account Representative or AuthorizedReseller.

For help with any errors applying license files through SolutionsEnabler, contact the EMC Customer Support Center.

If you are missing a LAC letter, or require further instructions onactivating your licenses through the Online Support site, contactEMC's worldwide Licensing team at [email protected] or call:

◆ North America, Latin America, APJK, Australia, New Zealand:SVC4EMC (800-782-4362) and follow the voice prompts.

◆ EMEA: +353 (0) 21 4879862 and follow the voice prompts.

We'd like to hear from you!Your suggestions will help us continue to improve the accuracy,organization, and overall quality of the user publications. Send youropinions of this document to:

[email protected]

Your feedback on our TechBooks is important to us! We want ourbooks to be as helpful and relevant as possible. Send us yourcomments, opinions, and thoughts on this or any other TechBook to:

[email protected]


https://support.EMC.com/products



16

Preface


1

This chapter provides a brief overview of TCP/IP technology.

◆ TCP/IP overview ............................................................................... 18◆ TCP terminology ................................................................................ 21◆ TCP error recovery............................................................................. 25◆ TCP network congestion................................................................... 28◆ IPv6....................................................................................................... 29◆ Internet Protocol security (IPsec) ..................................................... 40

TCP/IP Technology

TCP/IP Technology 17

18

TCP/IP Technology

TCP/IP overviewThe Internet Protocol Suite is named from the first two networkingprotocols defined in this standard, each briefly described in thissection:

◆ “Transmission Control Protocol” on page 18

◆ “Internet Protocol” on page 20

Transmission Control ProtocolThe Transmission Control Protocol (TCP) provides a communicationservice between an application program and the Internet Protocol(IP). The entire suite is commonly referred to as TCP/IP. When anapplication program wants to send a large chunk of data across theInternet using IP, the software can issue a single request to TCP andlet TCP handle the IP details.

TCP is a connection-oriented transport protocol that guaranteesreliable in-order delivery of a stream of bytes between the endpointsof a connection. TCP achieves this by assigning each byte of data aunique sequence number by maintaining timers, acknowledgingreceived data through the use of acknowledgements (ACKs), andretransmitting data if necessary.

Data can be transferred after a connection is established between theendpoints. The data stream that passes across the connection isconsidered a single sequence of eight-bit bytes, each of which is givena sequence number.

TCP accepts data from a data stream, segments it into chunks, andadds a TCP header. A TCP header follows the internet header,supplying information specific to the TCP protocol. This divisionallows for the existence of host-level protocols other than TCP.Figure 1 on page 19 shows an example of a TCP header.


TCP/IP Technology

Figure 1 TCP header example

Figure 2 on page 19 defines the fields, size, and functions of the TCPheader.

Figure 2 TCP header fields, size, and functions

TCP/IP overview 19

20

TCP/IP Technology

Internet ProtocolThe Internet Protocol (IP) is the main communications protocol usedfor relaying datagrams (packets) across an internetwork using theInternet Protocol Suite. It is responsible for routing packets acrossnetwork boundaries.


TCP/IP Technology

TCP terminologyThis section provides information for TCP terminology.

Acknowledgements(ACKs)

The TCP acknowledgement scheme is cumulative as it acknowledgesall the data received up until the time the ACK was generated. AsTCP segments are not of uniform size and a TCP sender mayretransmit more data than what was in a missing segment, ACKs donot acknowledge the received segment, rather they mark the positionof the acknowledged data in the stream. The policy of cumulativeacknowledgement makes the generation of ACKs easy and any lossof ACKs do not force the sender to retransmit data. The disadvantageis that the sender does not receive any detailed information about thedata received except the position in the stream of the last byte thathas been received.

Delayed ACKs Delayed ACKs allow a TCP receiver to refrain from sending an ACKfor each incoming segment. However, a receiver should send an ACKfor every second full-sized segment that arrives. Furthermore, thestandard mandates that a receiver must not withhold an ACK formore than 500 ms. The receivers should not delay ACKs thatacknowledge out-of-order segments.

Maximum segmentsize (MSS)

The maximum segment size (MSS) is the maximum amount of data,specified in bytes, that can be transmitted in a segment between thetwo TCP endpoints. The MSS is decided by the endpoints, as theyneed to agree on the maximum segment they can handle. Deciding ona good MSS is important in a general inter-networking environmentbecause this decision greatly affects performance. It is difficult tochoose a good MSS value since a very small MSS means anunderutilized network, whereas a very large MSS means large IPdatagrams that may lead to IP fragmentation, greatly hampering theperformance. An ideal MSS size would be when the IP datagrams areas large as possible without any fragmentation anywhere along thepath from the source to the destination. When TCP sends a segmentwith the SYN bit set during connection establishment, it can send anoptional MSS value up to the outgoing interface’s MTU minus thesize of the fixed TCP and IP headers. For example, if the MTU is 1500(Ethernet standard), the sender can advertise a MSS of 1460 (1500minus 40).

TCP terminology 21

22

TCP/IP Technology

Maximumtransmission unit

(MTU)

Each network interface has its own MTU that defines the largestpacket that it can transmit. The MTU of the media determines themaximum size of the packets that can be transmitted without IPfragmentation.

Retransmission A TCP sender starts a timer when it sends a segment and expects anacknowledgement for the data it sent. If the sender does not receivean acknowledgement for the data before the timer expires, it assumesthat the data was lost or corrupted and retransmits the segment. Sincethe time required for the data to reach the receiver and for theacknowledgement to reach the sender is not constant (because of thevarying Internet delays), an adaptive retransmission algorithm isused to monitor performance of each connection and conclude areasonable value for timeout based on the round trip time.

SelectiveAcknowledgement

(SACK)

TCP may experience poor performance when multiple packets arelost from one window of data. With the limited information availablefrom cumulative acknowledgements, a TCP sender can only learnabout a single lost packet per round trip time. An aggressive sendercould choose to retransmit packets early, but such retransmittedsegments may have already been successfully received. The SelectiveAcknowledgement (SACK) mechanism, combined with a selectiverepeat retransmission policy, helps to overcome these limitations. Thereceiving TCP sends back SACK packets to the sender confirmingreceipt of data and specifies the holes in the data that has beenreceived. The sender can then retransmit only the missing datasegments. The selective acknowledgment extension uses two TCPoptions. The first is an enabling option, SACKpermitted, which maybe sent in a SYN segment to indicate that the SACK option can beused once the connection is established. The other is the SACKoption itself, which may be sent over an established connection oncepermission has been given by SACKpermitted.

TCP segment The TCP segments are units of transfer for TCP and used to establisha connection, transfer data, send ACKs, advertise window size, andclose a connection. Each segment is divided into three parts:

◆ Fixed header of 20 bytes

◆ Optional variable length header, padded out to a multiple of 4bytes

◆ Data

The maximum possible header size is 60 bytes. The TCP headercarries the control information. SOURCE PORT and


TCP/IP Technology

DESTINATION PORT contain TCP port numbers that identify theapplication programs at the endpoints. The SEQUENCE NUMBERfield identifies the position in the sender’s byte stream of the firstbyte of attached data, if any, and the ACKNOWLEDGEMENTNUMBER field identifies the number of the byte the source expectsto receive next. The ACKNOWLEDGEMENT NUMBER field isvalid only if the ACK bit in the CODE BITS field is set. The 6-bitCODE BITS field is used to determine the purpose and contents ofthe segment. The HLEN field specifies the total length of the fixedplus variable headers of the segment as a number of 32-bit words.TCP software advertises how much data it is willing to receive byspecifying its buffer size in the WINDOW field. The CHECKSUMfield contains a 16-bit integer checksum used to verify the integrity ofthe data as well as the TCP header and the header options. The TCPheader padding is used to ensure that the TCP header ends and databegins on a 32-bit boundary. The padding is composed of zeros.

TCP window A TCP window is the amount of data a sender can send withoutwaiting for an ACK from the receiver. The TCP window is a flowcontrol mechanism and ensures that no congestion occurs in thenetwork. For example, if a pair of hosts are talking over a TCPconnection that has a TCP window size of 64 KB, the sender can onlysend 64 KB of data and it must stop and wait for anacknowledgement from the receiver that some or all of the data hasbeen received. If the receiver acknowledges that all the data has beenreceived, the sender is free to send another 64 KB. If the sender getsback an acknowledgement from the receiver that it received the first32 KB (which is likely if the second 32 KB was still in transit or it islost), then the sender could only send another 32 KB since it cannothave more than 64 KB of unacknowledged data outstanding (thesecond 32 KB of data plus the third).

The primary reason for the window is congestion control. The wholenetwork connection, which consists of the hosts at both ends, therouters in between, and the actual connections themselves, mighthave a bottleneck somewhere that can only handle so much data sofast. The TCP window throttles the transmission speed down to alevel where congestion and data loss do not occur.

The factors affecting the window size are as follows:

Receiver’s advertised windowThe time taken by the receiver to process the received data and sendACKs may be greater than the sender’s processing time, so it isnecessary to control the transmission rate of the sender to prevent it

TCP terminology 23

24

TCP/IP Technology

from sending more data than the receiver can handle, thus causingpacket loss. TCP introduces flow control by declaring a receivewindow in each segment header.

Sender’s congestion windowThe congestion window controls the number of packets a TCP flowhas in the network at any time. The congestion window is set usingan Additive-Increase, Multiplicative-Decrease (AIMD) mechanismthat probes for available bandwidth, dynamically adapting tochanging network conditions.

Usable windowThis is the minimum of the receiver’s advertised window and thesender’s congestion window. It is the actual amount of data that thesender is able to transmit. The TCP header uses a 16-bit field to reportthe receive window size to the sender. Therefore, the largest windowthat can be used is 2**16 = 65 KB.

Window scalingThe ordinary TCP header allocates only 16 bits for windowadvertisement. This limits the maximum window that can beadvertised to 64 KB, limiting the throughput. RFC 1323 provides thewindow scaling option, to be able to advertise windows greater than64 KB. Both the endpoints must agree to use window scaling duringconnection establishment.

The window scale extension expands the definition of the TCPwindow to 32 bits and then uses a scale factor to carry this 32-bitvalue in the 16-bit Window field of the TCP header (SEG.WND inRFC-793). The scale factor is carried in a new TCP option, WindowScale. This option is sent only in a SYN segment (a segment with theSYN bit on), hence the window scale is fixed in each direction when aconnection is opened.


TCP/IP Technology

TCP error recoveryIn TCP, each source determines how much capacity is available in thenetwork so it knows how many packets it can safely have in transit.Once a given source has this many packets in transit, it uses thearrival of an ACK as a signal that some of its packets have left thenetwork and it is therefore safe to insert new packets into the networkwithout adding to the level of congestion. TCP uses congestioncontrol algorithms to determine the network capacity. From thecongestion control point of view, a TCP connection is in one of thefollowing states.

◆ Slow start: After a connection is established and after a loss isdetected by a timeout or by duplicate ACKs.

◆ Fast recovery: After a loss is detected by fast retransmit.

◆ Congestion avoidance: In all other cases. Congestion avoidanceand slow start work hand-in-hand. The congestion avoidancealgorithm assumes that the chance of a packet being lost due todamage is very small. Therefore, the loss of a packet means thereis congestion somewhere in the network between the source anddestination. Occurrence of a timeout and the receipt of duplicateACKs indicates packet loss.

When congestion is detected in the network it is necessary to slowthings down, so the slow start algorithm is invoked. Two parameters,the congestion window (cwnd) and a slow start threshold (ssthresh),are maintained for each connection. When a connection isestablished, both of these parameters are initialized. The cwnd isinitialized to one MSS. The ssthresh is used to determine whether theslow start or congestion avoidance algorithm is to be used to controldata transmission. The initial value of ssthresh may be arbitrarilyhigh (usually ssthresh is initialized to 65535 bytes), but it may bereduced in response to congestion.

The slow start algorithm is used when cwnd is less than ssthresh,while the congestion avoidance algorithm is used when cwnd isgreater than ssthresh. When cwnd and ssthresh are equal, the sendermay use either slow start or congestion avoidance.

TCP never transmits more than the minimum of cwnd and thereceiver’s advertised window. When a connection is established, or ifcongestion is detected in the network, TCP is in slow start and thecongestion window is initialized to one MSS. Each time an ACK isreceived, the congestion window is increased by one MSS. The sender

TCP error recovery 25

26

TCP/IP Technology

starts by transmitting one segment and waiting for its ACK. Whenthat ACK is received, the congestion window is incremented fromone to two, and two segments can be sent. When each of those twosegments is acknowledged, the congestion window is increased tofour, and so on. The window size increases exponentially during slowstart as shown in Figure 3. When a time-out occurs or a duplicateACK is received, ssthresh is reset to one half of the current window(that is, the minimum of cwnd and the receiver's advertisedwindow). If the congestion was detected by an occurrence of atimeout, the cwnd is set to one MSS.

When an ACK is received for data transmitted, the cwnd is increased.However, the way it is increased depends on whether TCP isperforming slow start or congestion avoidance. If the cwnd is lessthan or equal to the ssthresh, TCP is in slow start and slow startcontinues until TCP is halfway to where it was when congestionoccurred, then congestion avoidance takes over. Congestionavoidance increments the cwnd by MSS squared divided by cwnd (inbytes) each time an ACK is received, increasing the cwnd linearly asshown in Figure 3. This provides a close approximation to increasingcwnd by, at most, one MSS per RTT.

Figure 3 Slow start and congestion avoidance

cwnd

RTT

Slow start: Exponentialgrowth of cwnd

SYM-001457

ssthresh

Congestion avoidance: Lineargrowth of cwnd


TCP/IP Technology

A TCP receiver generates ACKs on receipt of data segments. TheACK contains the highest contiguous sequence number the receiverexpects to receive next. This informs the sender of the in-order datathat was received by the receiver. When the receiver receives asegment with a sequence number greater than the sequence numberit expected to receive, it detects the out-of-order segment andgenerates an immediate ACK with the last sequence number it hasreceived in-order (that is, a duplicate ACK). This duplicate ACK isnot delayed. Since the sender does not know if this duplicate ACK isa result of a lost packet or an out-of-order delivery, it waits for a smallnumber of duplicate ACKs, assuming that if the packets are onlyreordered there will be only one or two duplicate ACKs before thereordered segment is received and processed and a new ACK isgenerated. If three or more duplicate ACKs are received in a row, itimplies there has been a packet loss. At that point, the TCP senderretransmits this segment without waiting for the retransmission timerto expire. This is known as fast retransmit (Figure 4).

After fast retransmit has sent the supposedly missing segment, thecongestion avoidance algorithm is invoked instead of the slow start;this is called fast recovery. Receipt of a duplicate ACK implies that notonly is a packet lost, but that there is data still flowing between thetwo ends of TCP, as the receiver will only generate a duplicate ACKon receipt of another segment. Hence, fast recovery allows highthroughput under moderate congestion.

Figure 4 Fast retransmit

Send segments 21 - 26

Receive ACK for 21and 22

Received 3 duplicateACKs expecting 23Retransmit 23

Received ACK for 26expecting 27

23 lost in the network

Received segment 21 and 22send ACK for 21 and 22expecting 23

Received 24 still expecting 23 senda duplicate ACK

Received 25 still expecting 23 senda duplecate ACK

Received 26 still expecting 23 senda duplicate ACK

GEN-000299

TCP error recovery 27

28

TCP/IP Technology

TCP network congestionA network link is said to be congested if contention for it causesqueues to build up and packets start getting dropped. The TCPprotocol detects these dropped packets and starts retransmittingthem, but using aggressive retransmissions to compensate for packetloss tends to keep systems in a state of network congestion even afterthe initial load has been reduced to a level which would not normallyhave induced network congestion. In this situation, demand for linkbandwidth (and eventually queue space), outstrips what is available.When congestion occurs, all the flows that detect it must reduce theirtransmission rate. If they do not do so, the network will remain in anunstable state with queues continuing to build up.


TCP/IP Technology

IPv6Internet Protocol version 6 (IPv6) is a network layer protocol forpacket-switched internets. It is designated as the successor of IPv4.

Note: For the most up-to-date support information, always refer to the EMCSupport Matrix > PDF and Guides > Miscellaneous> Internet Protocol.

Note: The information in this section was acquired from Wikipedia.org,August 2007, which provides further details on many of these topics.

The main improvement of IPv6 is the increase in the number ofaddresses available for networked devices. IPv4 supports 232 (about4.3 billion) addresses. In comparison, IPv6 supports 2128 (about34×1037) addresses, or approximately 5×1028 addresses for each ofroughly 6.5 billion people. However, that is not the intention of thedesigners.

The extended address length simplifies operational considerations,including dynamic address assignment and router decision-making.It also avoids many complex workarounds that were necessary inIPv4, such as Classless Inter-Domain Routing (CIDR). Its simplifiedpacket header format improves the efficiency of forwarding inrouters. More information on this topic is provided in “Largeraddress space” on page 30 and “Addressing” on page 32.

This section contains the following information:

◆ “Features of IPv6” on page 29◆ “Deployment status” on page 31◆ “Addressing” on page 32◆ “IPv6 packet” on page 37◆ “Transition mechanisms” on page 38

Features of IPv6To a great extent, IPv6 is a conservative extension of IPv4. Mosttransport- and application-layer protocols need little or no change towork over IPv6. The few exceptions are applications protocols thatembed network-layer addresses (such as FTP or NTPv3).Applications, however, usually need small changes and a recompilein order to run over IPv6.

IPv6 29



30

TCP/IP Technology

The following features of IPv6 will be further discussed in thissection:

◆ “Larger address space” on page 30◆ “Stateless autoconfiguration of hosts” on page 30◆ “Multicast” on page 31◆ “Jumbograms” on page 31◆ “Network-layer security” on page 31◆ “Mobility” on page 31

Larger address space The main feature of IPv6 is the larger address space: 128 bits long(versus 32 bits in IPv4). The larger address space avoids the potentialexhaustion of the IPv4 address space without the need for networkaddress translation (NAT) and other devices that break theend-to-end nature of Internet traffic.

Note: In rare cases, NAT may still be necessary, but it will be difficult in IPv6so should be avoided whenever possible.

It also makes administration of medium and large networks simpler,by avoiding the need for complex subnetting schemes. Ideally,subnetting will revert to its original purpose of logical segmentationof an IP network for optimal routing and access.

There are a few drawbacks to larger addresses. For instance, inregions where bandwidth is limited, IPv6 carries some bandwidthoverhead over IPv4. However, header compression can sometimes beused to alleviate this problem. IPv6 addresses are also harder tomemorize than IPv4 addresses, which are, in turn, harder tomemorize than Domain Name System (DNS) names. DNS protocolshave been modified to support IPv6 as well as IPv4.

For more information, refer to “Addressing” on page 32.

Statelessautoconfiguration of

hosts

IPv6 hosts can be automatically configured when connected to arouted IPv6 network. When first connected to a network, a host sendsa link-local (automatic configuration of IP addresses) multicast(broadcast) request for its configuration parameters. If configuredsuitably, routers respond to such a request with a routeradvertisement packet that contains network-layer configurationparameters.

If IPv6 autoconfiguration is not suitable, a host can use statefulautoconfiguration (DHCPv6) or be configured manually.


TCP/IP Technology

Note: Stateless autoconfiguration is suitable only for hosts. Routers must beconfigured manually or by other means.

Multicast Network infrastructures, in most environments, are not configured toroute multicast. The link-scoped aspect of multicast (that is, on asingle subnet) will work but the site-scope, organization-scope, andglobal-scope multicast will not be routed.

IPv6 does not have a link-local broadcast facility. The same effect canbe achieved by multicasting to the all-hosts group (FF02::1).

The m6bone is catering for deployment of a global IPv6 multicastnetwork.

Jumbograms IPv6 has optional support for packets over the IPv4 limit of 64 KBwhen used between capable communication partners and oncommunication links with a maximum transmission unit larger than65,576 octets. These are referred to as jumbograms and can be as largeas 4 GB. The use of jumbograms may improve performance overhigh-MTU (Maximum Transmission Unit) networks.

An optional feature of IPv6, the jumbo payload option, allows theexchange of packets larger than this size between cooperating hosts.

Network-layersecurity

IP security (IPsec), the protocol for IP network-layer encryption andauthentication, is an integral part of the base protocol suite in IPv6. InIPv4, this is optional (although usually implemented). IPsec is notwidely deployed except for securing traffic between IPv6 BorderGateway Protocol (BGP) routers (the core routing protocol of theInternet).

Mobility Mobile IPv6 (MIPv6) avoids triangular routing and is as efficient asnormal IPv6. This advantage is mostly hypothetical, since neitherMIP nor MIPv6 are widely deployed.

Deployment statusAs of December 2005, IPv6 accounts for only a small percentage ofthe live addresses in the Internet, which is still dominated by IPv4.Many of the features of IPv6 have been ported to IPv4, with theexception of stateless autoconfiguration, more flexible addressing,and Secure Neighbor Discovery (SEND).

IPv6 31

32

TCP/IP Technology

IPv6 deployment is primarily driven by IPv4 address spaceexhaustion, which has been slowed by the introduction of classlessinter-domain routing (CIDR) and the extensive use of networkaddress translation (NAT).

Estimates as to when the pool of available IPv4 addresses will beexhausted vary widely, ranging from around 2011 (2005 report byCisco Systems) to Paul Wilson’s (director of APNIC) prediction of2023.

To prepare for the inevitable, a number of governments are starting torequire support for IPv6 in new equipment. The U.S. Government, forexample, has specified that the network backbones of all federalagencies must deploy IPv6 by 2008 and bought 247 billion IPv6addresses to begin the deployment. The People’s Republic of Chinahas a 5-year plan for deployment of IPv6, called the “China NextGeneration Internet.”

AddressingThe following subjects are briefly discussed in this section:

◆ “128-bit length” on page 32◆ “Notation” on page 33◆ “Literal IPv6 addresses in URLs” on page 33◆ “Network notation” on page 34◆ “Types of IPv6 addresses” on page 34◆ “Special addresses” on page 35◆ “Zone indices” on page 36

128-bit length The primary change from IPv4 to IPv6, as discussed in “Largeraddress space” on page 30, is the length of network addresses. IPv6addresses are 128-bits long (as defined by RFC 4291), compared toIPv4 addresses, which are 32 bits. IPv6 has enough room for 3.4×1038

unique addresses, while the IPv4 address space contains about 4billion addresses.

IPv6 addresses are typically composed of two logical parts: a 64-bit(sub-)network prefix and a 64-bit host part, which is eitherautomatically generated from the interface's Media Access Control(MAC) address or assigned sequentially. Globally unique MACaddresses offer an opportunity to track user equipment (and thususers) across time and IPv6 address changes. In order to restore someof the anonymity existing in the IPv4, RFC 3041 was developed toreduce the prospect of user identity being permanently tied to an


TCP/IP Technology

IPv6 address. RFC 3041 specifies a mechanism by which time-varyingrandom bit strings can be used as interface circuit identifiers,replacing unchanging and traceable MAC addresses.

Notation IPv6 addresses are normally written as eight groups of fourhexadecimal digits. For example, the following is a valid IPv6address:

2001:0db8:85a3:08d3:1319:8a2e:0370:7334

If one or more four-digit group(s) is 0000, the zeros may be omittedand replaced with two colons(::). For example,2001:0db8:0000:0000:0000:0000:1428:57ab can be shortened to2001:0db8::1428:57ab. Following this rule, any number of consecutive0000 groups may be reduced to two colons, as long as there is onlyone double colon used in an address. Leading zeros in a group canalso be omitted (as in ::1 for localhost). For example, the followingaddresses are all valid and equivalent:

2001:0db8:0000:0000:0000:0000:1428:57ab2001:0db8:0000:0000:0000::1428:57ab2001:0db8:0:0:0:0:1428:57ab2001:0db8:0:0::1428:57ab2001:0db8::1428:57ab2001:db8::1428:57ab

Note: Having more than one double-colon abbreviation in an address isinvalid, as it would make the notation ambiguous.

A sequence of 4 bytes at the end of an IPv6 address can also bewritten in decimal, using dots as separators. This notation is oftenused with compatibility addresses. For example, the following twoaddresses are the same:

::ffff:1.2.3.4

::ffff:0102:0304 and 0:0:0:0:0:ffff:0102:0304.

Additional information can be found in RFC 4291 — IP Version 6Addressing Architecture.

Literal IPv6 addressesin URLs

In a URL the IPv6-Address is enclosed in brackets. For example:

http://[2001:0db8:85a3:08d3:1319:8a2e:0370:7344]/

IPv6 33

34

TCP/IP Technology

This notation allows parsing a URL without confusing the IPv6address and port number:

https://[2001:0db8:85a3:08d3:1319:8a2e:0370:7344]:443/

Additional information can be found in RFC 2732 — Format forLiteral IPv6 Addresses in URLs and RFC 3986 — Uniform ResourceIdentifier (URI): Generic Syntax.

Network notation IPv6 networks are written using Classless Inter-Domain Routing(CIDR) notation.

An IPv6 network (or subnet) is a contiguous group of IPv6 addresses,the size of which must be a power of two. The initial bits of addresses,identical for all hosts in the network, are called the network's prefix.

A network is denoted by the first address in the network and the sizein bits of the prefix (in decimal), separated with a slash. For example:

2001:0db8:1234::/48

stands for the network with addresses:

2001:0db8:1234:0000:0000:0000:0000:0000 through2001:0db8:1234:FFFF:FFFF:FFFF:FFFF:FFFF

Because a single host can be seen as a network with a 128-bit prefix,you will sometimes see host addresses written followed with:

/128.

Types of IPv6addresses

IPv6 addresses are divided into the following three categories:

◆ Unicast Addresses — Identifies a single network interface. Apacket sent to a unicast address is delivered to that specificcomputer.

◆ Multicast Addresses — Used to define a set of interfaces thattypically belong to different nodes instead of just one. When apacket is sent to a multicast address, the protocol delivers thepacket to all interfaces identified by that address. Multicastaddresses begin with the prefix FF00::/8. Their second octetidentifies the addresses scope, that is, the range over which themulticast address is propagated. Commonly used scopes includelink-local (2), site-local (5), and global (E).

◆ Anycast Addresses — Also assigned to more than one interface,belonging to different nodes. However, a packet sent to ananycast address is delivered to just one of the member interfaces,typically the “nearest” according to the routing protocol’s idea of


TCP/IP Technology

distance. Anycast addresses cannot be easily identified. Theyhave the structure of normal unicast addresses, and differ only bybeing injected into the routing protocol at multiple points in thenetwork.

Special addresses There are a number of addresses with special meaning in IPv6:

◆ ::/128 — The address with all zeros is an unspecified address, andis to be used only in software.

◆ ::1/128 — The loopback address is a localhost address. If anapplication in a host sends packets to this address, the IPv6 stackwill loop these packets back to the same host (corresponding to127.0.0.1 in IPv4).

◆ ::/96 — The zero prefix was used for IPv4-compatible addresses.It is now obsolete.

◆ ::ffff:0:0/96 — This prefix is used for IPv4 mapped addresses (see“Transition mechanisms” on page 38).

◆ 2001:db8::/32 — This prefix is used in documentation (RFC 3849).Addresses from this prefix should be used anywhere an exampleIPv6 address is given.

◆ 2002::/16 — This prefix is used for 6to4 addressing.

◆ fc00::/7 — Unique Local Addresses (ULA) are routable onlywithin a set of cooperating sites. They were defined in RFC 4193as a replacement for site-local addresses. The addresses include a40-bit pseudorandom number that minimizes the risk of conflictsif sites merge or packets somehow leak out. This address space issplit into two parts:

• fc00::/8 — ULA Central, currently not used as the draft isexpired.

• fd00::/8 — ULA, as per RFC 4193, Generator and unofficialregistry.

◆ fe80::/64 — The link-local prefix specifies that the address is validonly in the local physical link. This is analogous to theAutoconfiguration IP address 169.254.0.0/16 in IPv4.

◆ fec0::/10 — The site-local prefix specifies that the address is validonly inside the local organization.

Note: Its use has been deprecated in September 2004 by RFC 3879 andsystems must not support this special type of address.

IPv6 35

36

TCP/IP Technology

◆ ff00::/8 — The multicast prefix is used for multicast addresses[10]as defined by in "IP Version 6 Addressing Architecture" (RFC4291).

There are no address ranges reserved for broadcast in IPv6. Instead,applications use multicast to the all-hosts group. IANA maintains theofficial list of the IPv6 address space. Global unicast assignments canbe found at the various RIRs or at the Ghost Route Hunter (GRH)DFP pages.

Zone indices Link-local addresses present a particular problem for systems withmultiple interfaces. Because each interface may be connected todifferent networks and the addresses all appear to be on the samesubnet, an ambiguity arises that cannot be solved by routing tables.

For example, host A has two interfaces that automatically receivelink-local addresses when activated (per RFC 2462): fe80::1/64 andfe80::2/64), only one of which is connected to the same physicalnetwork as host B which has address fe80::3/64. If host A attempts tocontact fe80::3, how does it know which interface (fe80::1 or fe80::2) touse?

The solution, defined by RFC 4007, is the addition of a unique zoneindex for the local interface, represented textually in the form<address>%<zone_id>. For example:

http://[fe80::1122:33ff:fe11:2233%eth0]:80/

However, this may cause the following problems due to clashingwith the percent-encoding used with URIs.

◆ Microsoft Windows IPv6 stack uses numeric zone IDs: fe80::3%1

◆ BSD applications typically use the interface name as a zone ID:fe80::3%pcn0

◆ Linux applications also typically use the interface name as a zoneID: fe80::3%eth0, although Linux ifconfig as of version 1.42 (partof net-tools 1.60) does not display zone IDs.

Relatively few IPv6-capable applications understand zone ID syntax(with the notable exception of OpenSSH), rendering link-localaddresses unusable within them if multiple interfaces use link-localaddresses.


TCP/IP Technology

IPv6 packetA packet is a formatted block of data carried by a computer network.Figure 5 shows the structure of an IPv6 packet header.

Figure 5 IPv6 packet header structure

The IPv6 packet is composed of two main parts:

◆ Header

The header is in the first 40 octets (320 bits) of the packet andcontains:

• Both source and destination addresses (128 bits each)

• Version (4-bit IP version)

• Traffic class (8 bits, Packet Priority)

• Flow label (20 bits, QoS management)

• Payload length in bytes (16 bits)

• Next header (8 bits)

• Hop limit (8 bits, time to live)

◆ Payload

The payload can be up to 64 KB in size in standard mode, orlarger with a jumbo payload option (refer to “Jumbograms” onpage 31).

Fragmentation is handled only in the sending host in IPv6. Routersnever fragment a packet, and hosts are expected to use Path MTU(PMTU) discovery.

IPv6 37

38

TCP/IP Technology

The protocol field of IPv4 is replaced with a Next Header field. Thisfield usually specifies the transport layer protocol used by a packet'spayload. In the presence of options, however, the Next Header fieldspecifies the presence of an Extra Options header, which then followsthe IPv6 header. The payload's protocol itself is specified in a field ofthe Options header. This insertion of an extra header to carry optionsis analogous to the handling of AH and Encapsulating SecurityPayload (ESP) in IPsec for both IPv4 and IPv6.

Transition mechanismsUntil IPv6 completely supplants IPv4, which is not likely to happenin the near future, a number of so-called transition mechanisms areneeded to enable IPv6-only hosts to reach IPv4 services and to allowisolated IPv6 hosts and networks to reach the IPv6 Internet over theIPv4 infrastructure. The following transition mechanisms are brieflydiscussed in this section.

◆ “Dual stack” on page 38

◆ “Tunneling” on page 38

◆ “Automatic tunneling” on page 39

◆ “Configured tunneling” on page 39

◆ “Proxying and translation” on page 39

Dual stack Since IPv6 is a conservative extension of IPv4, it is relatively easy towrite a network stack that supports both IPv4 and IPv6 while sharingmost of the code. Such an implementation is called a dual stack. A hostimplementing a dual stack is called a dual-stack host. This approach isdescribed in RFC 4213.

Most current implementations of IPv6 use a dual stack. Some earlyexperimental implementations used independent IPv4 and IPv6stacks. There are no known implementations that implement IPv6only.

Tunneling In order to reach the IPv6 Internet, an isolated host or network mustbe able to use the existing IPv4 infrastructure to carry IPv6 packets.This is done using a technique somewhat misleadingly known astunnelling that consists of encapsulating IPv6 packets within IPv4, ineffect using IPv4 as a link layer for IPv6.

IPv6 packets can be directly encapsulated within IPv4 packets usingprotocol number 41. They can also be encapsulated within UDP


TCP/IP Technology

packets, for example, in order to cross a router or NAT device thatblocks protocol 41 traffic. They can also use generic encapsulationschemes, such as Anything In Anything (AYIYA) or Generic RoutingEncapsulation (GRE).

Automatic tunneling Automatic tunneling refers to a technique where the tunnelendpoints are automatically determined by the routinginfrastructure. The recommended technique for automatic tunnelingis 6to4 tunneling, which uses protocol 41 encapsulation. Tunnelendpoints are determined by using a well-known IPv4 anycastaddress on the remote side, and embedding IPv4 address informationwithin IPv6 addresses on the local side. 6to4 tunneling is widelydeployed today.

Another automatic tunneling mechanism is Intra-Site AutomaticTunnel Addressing Protocol (ISATAP). This protocol treats the IPv4network as a virtual IPv6 local link, with mappings from each IPv4address to a link-local IPv6 address.

Teredo is an automatic tunneling technique that uses UDPencapsulation and is claimed to be able to cross multiple NAT boxes.Teredo is not widely deployed today, but an experimental version ofTeredo is installed with the Windows XP SP2 IPv6 stack.

Note: IPv6, 6to4, and Teredo are enabled by default in Windows Vista.

Configured tunneling Configured tunneling is a technique where the tunnel endpoints areconfigured explicitly, either by a human operator or by an automaticservice known as a Tunnel Broker. Configured tunneling is usuallymore deterministic and easier to debug than automatic tunneling,and is therefore recommended for large, well-administered networks.

Configured tunneling typically uses either protocol 41(recommended) or raw UDP encapsulation.

Proxying andtranslation

When an IPv6-only host needs to access an IPv4-only service (forexample, a web server), some form of translation is necessary. Theone form of translation that actually works is the use of a dual-stackapplication-layer proxy (for example, a web proxy).

Techniques for application-agnostic translation at the lower layershave also been proposed, but they have been found to be toounreliable due to the wide range of functionality required bycommon application-layer protocols. As such, they are commonlyconsidered to be obsolete.

IPv6 39

40

TCP/IP Technology

Internet Protocol security (IPsec)Internet Protocol security (IPsec) is a set of protocols developed bythe IETF to support secure exchange of packets in the IP layer. IPSecurity has been deployed widely to implement Virtual PrivateNetworks (VPNs).

IP security supports two encryption modes:

◆ Transport

◆ Tunnel

Transport mode encrypts only the payload of each packet, but leavesthe header untouched. The more secure Tunnel mode encrypts boththe header and the payload.

On the receiving side, an IP Security compliant device decrypts eachpacket. For IP security to work, the sending and receiving devicesmust share a public key. This is accomplished through a protocolknown as Internet Security Association and Key ManagementProtocol/Oakley (ISAKMP/Oakley), which allows the receiver toobtain a public key and authenticate the sender using digitalcertificates.

Tunneling and IPsecInternet Protocol security (IPsec) uses cryptographic security toensure private, secure communications over Internet Protocolnetworks. IPsec supports network-level data integrity, dataconfidentiality, data origin authentication, and replay protection. Ithelps secure your SAN against network-based attacks from untrustedcomputers, attacks that can result in the denial-of-service ofapplications, services, or the network, data corruption, and data anduser credential theft.

By default, when creating an FCIP tunnel, IPsec is disabled.

FCIP tunneling with IPsec enabled will support maximumthroughput as follows:

◆ Unidirectional: approximately 104 MB/sec

◆ Bidirectional: approximately 90 MB/sec

Used to provide greater security in tunneling on an FR4-18i blade or aBrocade SilkWorm 7500 switch, the IPsec feature does not require you


TCP/IP Technology

to configure separate security for each application that uses TCP/IP.When configuring for IPsec, however, you must ensure that there isan FR4-18i blade or a Brocade SilkWorm 7500 switch in each end ofthe FCIP tunnel. IPsec works on FCIP tunnels with or without IPcompression (IPComp).

IPsec requires an IPsec license in addition to the FCIP license.

IPsec terminology

AES Advanced Encryption Standard. FIPS 197 endorses the Rijndaelencryption algorithm as the approved AES for use by US governmentorganizations and others to protect sensitive information. It replacesDES as the encryption standard.

AES-XCBC Cipher Block Chaining. A key-dependent one-way hash function(MAC) used with AES in conjunction with theCipher-Block-Chaining mode of operation, suitable for securingmessages of varying lengths, such as IP datagrams.

AH Authentication Header. Like ESP, AH provides data integrity, datasource authentication, and protection against replay attacks but doesnot provide confidentiality.

DES Data Encryption Standard is the older encryption algorithm that usesa 56-bit key to encrypt blocks of 64-bit plain text. Because of therelatively shorter key length, it is not a secured algorithm and nolonger approved for Federal use.

3DES Triple DES is a more secure variant of DES. It uses three different56-bit keys to encrypt blocks of 64-bit plain text. The algorithm isFIPS-approved for use by Federal agencies.

ESP Encapsulating Security Payload is the IPsec protocol that providesconfidentiality, data integrity, and data source authentication of IPpackets, as well as protection against replay attacks.

MD5 Message Digest 5, like SHA-1, is a popular one-way hash functionused for authentication and data integrity.

SHA Secure Hash Algorithm, like MD5, is a popular one-way hashfunction used for authentication and data integrity.

Internet Protocol security (IPsec) 41

42

TCP/IP Technology

MAC Message Authentication Code is a key-dependent, one-way hashfunction used for generating and verifying authentication data.

HMAC A stronger MAC because it is a keyed hash inside a keyed hash. SASecurity association is the collection of security parameters andauthenticated keys that are negotiated between IPsec peers.


2

This chapter provides a brief overview of iSCSI technology.

◆ iSCSI technology overview............................................................... 44◆ iSCSI discovery................................................................................... 46◆ iSCSI error recovery........................................................................... 47◆ iSCSI security...................................................................................... 48

iSCSI Technology

iSCSI Technology 43

44

iSCSI Technology

iSCSI technology overviewInternet Small Computer System Interface, (iSCSI) is an IP-basedstorage networking standard for linking data storage facilitiesdeveloped by the Internet Engineering Task Force. By transmittingSCSI commands over IP networks, iSCSI can facilitate block-leveltransfers over the intranet and internet.

The iSCSI architecture is similar to a client/server architecture. In thiscase, the client is an initiator that issues an I/O request and the serveris a target (such as a device in a storage system). This architecture canbe used over IP networks to provide distance extension. This can beimplemented between routers, host-to-switch, and storagearray-to-storage array to provide asynchronous/synchronous datatransfer.

Figure 6 shows an example of where iSCSI sits in the network.

Figure 6 iSCSI example


iSCSI Technology

Figure 7 shows an example of an iSCSI header.

Figure 7 iSCSI header example

Figure 8 defines the fields, size, and functions of the iSCSI header.

Figure 8 iSCSI header fields, size, and functions

iSCSI technology overview 45

46

iSCSI Technology

iSCSI discoveryIn order for an iSCSI initiator to establish an iSCSI session with aniSCSI target, the initiator needs the IP address, TCP port number, andiSCSI target name information. The goals of iSCSI discoverymechanisms are to provide low overhead support for small iSCSIsetups and scalable discovery solutions for large enterprise setups.

The following methods are briefly discussed in this section:

◆ “Static” on page 46

◆ “Send target” on page 46

◆ “iSNS” on page 46

StaticThis is the known target IP address, TCP port, and iSCSI name.

Send targetAn initiator may log in to an iSCSI target with session type ofdiscovery and request a list of target WWUIs through a separateSendTargets command. All iSCSI targets are required to support theSendTargets command.

iSNSThe iSNS protocol is designed to facilitate the automated discovery,management, and configuration of iSCSI and Fibre Channel deviceson a TCP/IP network. iSNS provides intelligent storage discoveryand management services comparable to those found in FibreChannel networks, allowing a commodity IP network to function in asimilar capacity as a storage area network. iSNS also facilitates aseamless integration of IP and Fibre Channel networks, due to itsability to emulate Fibre Channel fabric services, and manage bothiSCSI and Fibre Channel devices. iSNS thereby provides value in anystorage network comprised of iSCSI devices, Fibre Channel devices,or any other combination.


iSCSI Technology

iSCSI error recoveryiSCSI supports three levels of error recovery: 0, 1, and 2:

◆ Error recovery level 0 implies session level recovery.

◆ Error recovery level 1 implies level 0 capabilities as well as digestfailure recovery.

◆ Error recovery level 2 implies level 1 capabilities as well asconnection recovery.

The most basic kind of recovery is called session recovery. In sessionrecovery, whenever any kind of error is detected, the entire iSCSIsession is terminated. All TCP connections connecting the initiator tothe target are closed, and all pending SCSI commands are completedwith an appropriate error status. A new iSCSI session is thenestablished between the initiator and target, with new TCPconnections.

Digest failure recovery starts if the iSCSI driver detects that dataarrived with an invalid data digest and that data packet must berejected. The command corresponding to the corrupted data can thenbe completed with an appropriate error indication.

Connection recovery can be used when a TCP connection is broken.Upon detection of a broken TCP connection, the iSCSI driver caneither immediately complete the pending command with anappropriate error indication, or can attempt to transfer the SCSIcommand to another TCP connection. If necessary, the iSCSI initiatordriver can establish another TCP connection to the target, and theiSCSI initiator driver can inform the target the change in allegiance ofthe SCSI command to another TCP connection.

iSCSI error recovery 47

48

iSCSI Technology

iSCSI securityHistorically, native storage systems have not had to consider securitybecause their environments offered minimal security risks. Theseenvironments consisted of storage devices either directly attached tohosts or connected through a Storage Area Network (SAN) distinctlyseparate from the communications network.

The use of storage protocols, such as SCSI over IP-networks, requiresthat security concerns be addressed. iSCSI implementations mustprovide means of protection against active attacks (such as,pretending to be another identity, message insertion, deletion,modification, and replaying) and passive attacks (such as,eavesdropping, gaining advantage by analyzing the data sent overthe line).

Although technically possible, iSCSI should not be configuredwithout security. iSCSI configured without security should beconfined, in extreme cases, to closed environments without anysecurity risk.

This section provides basic information on:

◆ “Security mechanisms” on page 48

◆ “Authentication methods” on page 49

Security mechanismsThe entities involved in iSCSI security are the initiator, target, and IPcommunication end points. iSCSI scenarios in which multipleinitiators or targets share a single communication end points areexpected. To accommodate such scenarios, iSCSI uses two separatesecurity mechanisms:

◆ In-band authentication between the initiator and the target at theiSCSI connection level (carried out by exchange of iSCSI LoginPDUs).

◆ Packet protection (integrity, authentication, and confidentiality)by IPsec at the IP level.

The two security mechanisms complement each other. The in-bandauthentication provides end-to-end trust (at login time) between theiSCSI initiator and the target while IPsec provides a secure channelbetween the IP communication end points.


iSCSI Technology

Authentication methodsThe authentication methods that can be used are:

CHAP (Challenge Handshake Authentication Protocol)The Challenge-Handshake Authentication Protocol (CHAP) is usedto periodically verify the identity of the peer using a three-wayhandshake. This is done upon establishing initial link and may berepeated anytime after the link has been established. CHAP providesprotection against playback attack by the peer through the use of anincrementally changing identifier and a variable challenge value. Theuse of repeated challenges is intended to limit the time of exposure toany single attack. The authenticator is in control of the frequency andtiming of the challenges. This authentication method depends upon a"secret" known only to the authenticator and that peer. The secret isnot sent over the link.

SRP (Secure Remote Password)This mechanism is suitable for negotiating secure connections using auser-supplied password, while eliminating the security problemstraditionally associated with reusable passwords. This system alsoperforms a secure key exchange in the process of authentication,allowing security layers (privacy and/or integrity protection) to beenabled during the session. Trusted key servers and certificateinfrastructures are not required, and clients are not required to storeor manage any long-term keys.

KRB5 (Kerberos V5)Kerberos provides a means of verifying the identities of principals,(such as a workstation user or a network server) on an open(unprotected) network. This is accomplished without relying onauthentication by the host operating system, or basing trust on hostaddresses, or requiring physical security of all the hosts on thenetwork, and under the assumption that packets traveling along thenetwork can be read, modified, and inserted at will. Kerberosperforms authentication under these conditions as a trustedthird-party authentication service by using conventionalcryptography such as a shared secret key.

iSCSI security 49

50

iSCSI Technology

SPKM1 & 2 (Simple Public Key GSS-API Mechanism)This mechanism provides authentication, key establishment, dataintegrity, and data confidentiality in an on-line distributedapplication environment using a public-key infrastructure. SPKM canbe used as a drop-in replacement by any application which makesuse of security services through GSS-API calls (for example, anyapplication which already uses the Kerberos GSS-API for security).

DigestsDigests enable the checking of end-to-end, non-cryptographic dataintegrity beyond the integrity checks provided by the link layers andthe cover the entire communication path including all elements thatmay change the network level PDUs such as routers, switches, andproxies.

Optional header and data digests protect the integrity of the headerand data, respectively. The digests, if present, are located after theheader and PDU-specific data and cover the header and the PDUdata, each including the padding bytes, if any. The existence and typeof digests are negotiated during the Login phase. The separation ofthe header and data digests is useful in iSCSI routing applications,where only the header changes when a message is forwarded. In thiscase, only the header digest should be recalculated.

IPSecIPSec is used for encryption and IP-level protection. It uses

◆ Authentication Header (AH)

◆ Encapsulating Security Payload (ESP)

◆ Internet Key Exchange (IKE)

IPSec is supported on the 1 G for iSCSI.

For more information on IPSec, refer to “Internet Protocol security(IPsec)” on page 40.


3

This chapter provides the following information on iSCSI solutions.

◆ Network design best practices ......................................................... 52◆ EMC native iSCSI targets .................................................................. 53◆ Configuring iSCSI targets ................................................................. 58◆ Bridged solutions ............................................................................... 60◆ Summary ............................................................................................. 69

iSCSI Solutions

iSCSI Solutions 51

52

iSCSI Solutions

Network design best practicesConsider the following best practices when designing the network:

◆ The network should be dedicated solely to the IP technologybeing used and other traffic should be carried over it.

◆ The network must be a well-engineered network with no packetloss or packet duplication. This would lead to retransmission,which is undesirable.

◆ While planning the network, care must be taken to ascertain thatthe utilized throughput will never exceed the availablebandwidth. Oversubscribing available bandwidth will lead tonetwork congestion, which causes dropped packets and leads toTCP slow start. Network congestion must be considered betweenswitches as well as between the switch and the end device.

◆ The MTU must be configured based on the maximum availableMTU supported by each component on the network.

◆ Make sure that all hosts can access the network via multiple pathsusing different subnets. This will ensure maximum availability.


iSCSI Solutions

EMC native iSCSI targetsThis section discusses the following EMC® native iSCSI targets:

◆ “Symmetrix” on page 53

◆ “VNX for Block and CLARiiON” on page 54

◆ “Celerra Network Server” on page 55

◆ “VNX series for File” on page 56

SymmetrixThis section describes the EMC Symmetrix® VMAX™, DMX-4, andDMX-3.

VMAX, DMX-4, DMX-3 The iSCSI channel director supports iSCSI channel connectivity to IPnetworks and to iSCSI-capable open systems server systems for blockstorage transfer between hosts and storage. The primary applicationsare storage consolidation and host extension for stranded servers anddepartmental workgroups.

◆ The Symmetrix DMX iSCSI provides 1 Gb/s Ethernet ports andconnects through LC connectors.

◆ The Symmetrix VAMX iSCSI provides 1 Gb/s Ethernet ports andalso connects through LC connectors. With EMC Enginuity™ 5875code, both 1 Gb/s and 10 Gb/s is supported.

The iSCSI directors support the iSNS protocol. CHAP (ChallengeHandshake Authentication Protocol) is the supported authenticationmechanism. LUNs are configured in the same manner as for FibreChannel directors and are assigned to the iSCSI ports. LUN maskingis available. Both the 10 Gb/s (VMAX) and 1 Gb/s (DMX/VMAX)ports support IPv4 and IPv6.

References For configuration of Symmetrix iSCSI target please check theSymmetrix configuration guide.

For up-to-date iSCSI host support please refer to EMC Support Matrix,available through E-Lab Interoperability Navigator at:http://elabnavigator.EMC.com.

For configuration of iSCSI server, please check the respective hostconnectivity guide.

EMC native iSCSI targets 53

http://elabnavigator.emc.com



54

iSCSI Solutions

VNX for Block and CLARiiONEMC VNX™ for Block and CLARiiON® native iSCSI targets include:

VNX5300/5500/5700/7500

This can be configured as a combination of a 10/1 Gb iSCSI and 8 GbFibre Channel array. iSNS protocol is supported. Authenticationmechanism is Challenge Handshake Authentication Protocol(CHAP). LUNs are configured in the same manner as for FibreChannel arrays and are assigned to a storage group.

CX4 120/240/480/960 This can be configured as a combination of a 10/1 Gb iSCSI and 8 GbFibre Channel array. iSNS protocol is supported. Authenticationmechanism is CHAP. LUNs are configured in the same manner as forFibre Channel arrays and are assigned to a storage group.

CX3-20/CX3-40 This can be configured as an iSCSI array or Fibre Channel array. AlliSCSI ports on the array are 1 Gb/s Ethernet ports. iSNS protocol issupported. Authentication mechanism is CHAP.

LUNs are configured in the same manner as for Fibre Channel arrayand are assigned to a storage group.

CX300i/500i These are dedicated iSCSI arrays. All iSCSI ports on the array are 1Gb/s Ethernet ports. iSNS protocol is supported. Authenticationmechanism is CHAP.


AX150/100i These are dedicated iSCSI arrays. All iSCSI ports on the array are 1Gb/s Ethernet ports. iSNS protocol is supported. Authenticationmechanism is CHAP.


References For configuration of CLARiiON iSCSI target please check theCLARiiON configuration guide.

For up-to-date iSCSI host support please refer to EMC Support Matrix,available through E-Lab Interoperability Navigator at:http://elabnavigator.EMC.com.

For configuration of iSCSI server, please check the respective hostconnectivity guide.





iSCSI Solutions

Celerra Network Server

Note: This configuration is available on pre-VNX series systems.

EMC Celerra® native iSCSI targets include:

EMC Celerra Network Server provides iSCSI target capabilitiescombined with NAS capabilities, as shown in Figure 9 on page 55.The Celerra iSCSI system is defined by creating a file system. The filesystem is build on Fibre Channel LUNs accessible on EMCSymmetrix or CLARiiON arrays. The file system is then mounted onthe Celerra server data movers. Out of the file system iSCSI LUNs aredefined and allocated to iSCSI targets. The targets are then associatedwith one of the Celerra TCP/IP interfaces.

Figure 9 Celerra iSCSI configurations

All Celerra Network Servers can be configured to provide iSCSIservices. The following are some of the characteristics of the CelerraNetwork Server:

◆ iSCSI error recovery level 0 (session-level recovery).

◆ Supports CHAP with unlimited entries for one-wayauthentication and one entry for reverse authentication.

◆ Uses iSNS protocol for discovery.

◆ Provides 10 Gb/s and 1 Gb/s interfaces

◆ Supports EMC storage Symmetrix and CLARiiON on the backend.

ICO-IMG-000952

TCP / IP networkor direct connect

Fibre ChannelFabric

Celerra NetworkAttach Storage (NAS)

CLARiiONFC targets

SymmetrixFC targets

iSCSIinitiator


Fibre ChannelFabric

Celerra NetworkAttach Storage (NAS)

iSCSIinitiator


56

iSCSI Solutions

Implementation best practicesThe following information is provided to help you estimate sizerequirements for iSCSI LUNs and provides guidelines for configuringiSCSI on the Celerra Network Server.

◆ Estimate size requirements for the file system.

When using regular iSCSI LUNs, the file system should be largeenough to hold the LUNs and the planned snapshots of thoseLUNs. Each iSCSI snapshot may require the same amount ofspace on the file system as the LUN.

◆ Create and mount file systems for iSCSI LUNs.

The next step in configuring iSCSI targets on a Celerra NetworkServer is to create and mount one or more file systems to providea dedicated storage resource for the iSCSI LUNs. Create andmount a file system through Celerra Manager or the CLI. TheCelerra Manager Online Help and the technical module ManagingCelerra Volumes and File Systems Manually provide instructions.

VNX series for File

IMPORTANT

iSCSI functionality is available for the VNX unified storageplatforms and Gateway file systems, but must first be enabled byEMC Customer Service.

VNX 5000 seriesUnified storage system

The VNX 5000 series unified storage system implements a modulararchitecture that integrates hardware components for block, file, andobject with concurrent support for native NAS, iSCSI, Fibre Channel,and FCoE protocols. Figure 10 shows an example of a VNX 5000series unified storage systems configuration.

Figure 10 VNX 5000 series iSCSI configuration

ICO-IMG-000951

VNX 5xxx CLARiiONFC targets

iSCSIinitiator



iSCSI Solutions

VNX series GatewayVG2

The EMC VNX series Gateway VG2 platform delivers acomprehensive, consolidated solution that adds NAS storage in acentrally managed information storage system. Figure 11 shows anexample of a VNX series Gateway VG2 configuration.

Figure 11 VNX VG2 iSCSI configuration

ICO-IMG-000950


Fibre ChannelFabric

VNX-VG2

VNX-VG2Symmetrix VMAX

FC targets

CLARiiONFC targets

iSCSIinitiator


Fibre ChannelFabric

iSCSIinitiator


58

iSCSI Solutions

Configuring iSCSI targetsThis section lists the tasks you must perform to configure iSCSItargets and LUNs on the Celerra Network Server.

The online Celerra man pages and the Celerra Network ServerCommand Reference Manual provide detailed descriptions of thecommands used in these procedures.

1. Create iSCSI targets:

You need to create one or more iSCSI targets on the Data Moverso an iSCSI initiator can establish a session and exchange datawith the Celerra Network Server.

2. Create iSCSI LUNs:

After creating an iSCSI target, you must create iSCSI LUNs on thetarget. The LUNs provide access to the storage space on theCelerra Network Server. From the point of view of a clientsystem, a Celerra iSCSI LUN appears as any other disk device.

3. Create iSCSI LUN masks:

On the Celerra Network Server, a LUN mask on a target controlsincoming iSCSI access by granting or denying an iSCSI initiatoraccess to specific iSCSI LUNs on that target. When created, aniSCSI target has no LUN masks, which means no initiator canaccess LUNs on that target. To enable an initiator to access LUNson a target, you need to create a LUN mask to specify the initiatorand the LUNs it can access.

4. Configure iSNS on the Data Mover (optional):

If you want iSCSI initiators to automatically discover the iSCSItargets on a Data Mover, you can configure an iSNS client on theData Mover. Configuring an iSNS client on the Data Movercauses the Data Mover to register all of its iSCSI targets with anexternal iSNS server. iSCSI initiators can then query the iSNSserver to discover the available targets on the Data Movers.

5. Create CHAP entries (optional):

If you want a Data Mover to authenticate the identity of eachiSCSI initiator, configure CHAP authentication on the DataMover. To configure CHAP, you must:

a. Set the appropriate parameters so targets on the Data Moverrequire CHAP authentication.


iSCSI Solutions

b. Create a CHAP entry for each initiator that contacts the DataMover. CHAP entries are configured on each Data Mover.Each initiator has a unique CHAP secret for the Data Mover.

c. In some cases, initiators authenticate the identity of the targetsas well. In this case, you must configure a CHAP entry forreverse authentication. Reverse authentication entries differfrom regular CHAP entries because each Data Mover can haveonly one CHAP secret. The Data Mover uses the same CHAPsecret when any iSCSI initiator authenticates a target on theData Mover.

6. Start the iSCSI service:

Before using iSCSI targets on the Celerra Network Server, youmust start the iSCSI service on the Data Mover.

References For more information please refer to Configuring iSCSI Targets onCelerra, available on EMC Online Support athttps://support.emc.com.

Configuring iSCSI targets 59

60

iSCSI Solutions

Bridged solutionsThe following switches are discussed in this section:

◆ “Brocade”, next

◆ “Cisco” on page 63

BrocadeThe FC4-16IP iSCSI gateway service is an intermediate device in thenetwork, allowing iSCSI initiators in an IP SAN to access and utilizestorage in a Fibre Channel (FC) SAN.

Supportedconfigurations

The iSCSI gateway enables applications on an IP network to use aniSCSI initiator to connect to FC targets. The iSCSI gateway translatesiSCSI protocol to Fibre Channel Protocol (FCP), bridging the IPnetwork and FC SAN.

Note: The FC4-16IP iSCSI gateway service is not compatible with other iSCSIgateway platforms, including Brocade iSCSI Gateway or the SilkWormMultiprotocol Router.

Figure 12 shows a basic iSCSI gateway service implementation.

Figure 12 iSCSI gateway service basic implementation

The Brocade FC4-16IP blade acts as an iSCSI gateway betweenFC-attached targets and iSCSI initiators. On the iSCSI initiator, iSCSIis mapped between the SCSI driver and the TCP/IP stack. At theiSCSI gateway port, the incoming iSCSI data is converted to FCP

IPnetwork SAN

iSCSIinitiator

FC4-16IPiSCSI gateway

FC target 1

LUNs

FC target 2LUNs

ICO-IMG-000942


iSCSI Solutions

(SCSI on FC) by the iSCSI virtual initiator and then forwarded to theFC target. This allows low-cost servers to leverage an existing FCinfrastructure.

To represent all iSCSI initiators and sessions, each iSCSI portal hasone iSCSI virtual initiator (VI) to the FC fabric that appears as anN_Port device with a special WWN format. Regardless of the numberof iSCSI initiators or iSCSI sessions sharing the portal, Fabric OS usesone iSCSI VI per iSCSI portal.

Fabric OS provides a mechanism that maps LUNs to iSCSI VTs, aone-to-one mapping with unique iSCSI Qualified Names (IQNs) foreach target. It presents an iSCSI VT for each native FC target to the IPnetwork and an iSCSI VI for each iSCSI port to the FC fabric.

Fabric OS also supports more complicated configurations, allowingeach iSCSI VT to be mapped to one or more physical FC targets. EachFC target can have one or more LUNs. Physical LUNs can be mappedto different virtual LUNs.

Implementation bestpractices

Table 1 lists scalability guidelines, restrictions, and limitations:

Table 1 Scalability guidelines (page1 of 2)

# of iSCSI sessions per port 64

# of iSCSI ports per FC4-16IP blade 8

# of iSCSI blades in a switch 4

# of iSCSI sessions per FC4-16IP blade 512

# of iSCSI sessions per switch 1024

# of TCP sessions per switch 1024

# of TCP connections per iSCSI session 2

# of iSCSI sessions per fabric 4096

# of TCP connections per fabric 4096

# of iSCSI targets per fabric 4096

# CHAP entries per fabric 4096

# LUNS per iSCSI target 256

Bridged solutions 61

62

iSCSI Solutions

The following are installation tips and recommendations:

◆ All iSCSI Virtual Initiators should be included in the zone withspecified target.

◆ All iSCSI VIs must be registered on the CLARiiON array andadded to the appropriate storage groups.

◆ All iSCSI VIs must be added to the Symmetrix VCM database, ifutilizing the device masking functionality.

◆ If the FC targets use access control lists/database, you must addthe FC NWWN/WWPN of the Ironman blade to theACL/database (fclunquery -s to determine Ironman FCNWWN/WWPN).

◆ Recommend masking all LUNS for all VIs and performing theLUN masking functionality from the Ironman blade by creatingindividual iSCSI Virtual Targets and assigning the LUNS to theappropriate iSCSI Virtual Target.

◆ Firmware upgrades are not online events for the Ironman GigEports, so plan accordingly.

◆ The fcLunQuery command only gets addresses from targets thatsupport the ReportLuns command.

References All Brocade documentation can be located athttp://www.brocade.com. Click Brocade Connect to register, at nocost, for a user ID and password.

The following documentation is available for Fabric OS:

◆ Fabric OS Administrator’s Guide

◆ Fabric OS Command Reference

◆ Fabric OS MIB Reference

◆ Fabric OS Message Reference

◆ Brocade Glossary

# Members per discovery domain 64

# Discovery domains per discovery domain set 4096

# of Discovery domain sets 4

Table 1 Scalability guidelines (page2 of 2)


iSCSI Solutions

The following documentation is available for SilkWorm 48000director and iSCSI blade:

◆ SilkWorm 48000 Hardware Reference Manual

◆ iSCSI Gateway Service Administrator’s Guide

◆ FC4-16IP Hardware Reference Manual

CiscoCisco MDS 9000 storage switches are multiprotocol switches thatsupport the Fibre Channel and Gigabit Ethernet (FCIP and iSCSI)protocols. Each switch model can be used as a Fibre Channel-iSCSIgateway to support iSCSI solutions with Fibre Channel targets(Symmetrix, VNX series, and CLARiiON).

Cisco MDS 9000 family IP storage (IPS) services extend the reach ofFibre Channel SANs by using open-standard, IP-based technology.The switch allows IP hosts to access Fibre Channel storage using theiSCSI protocol. The iSCSI feature is specific to the IPS module and isavailable in Cisco MDS 9200 Switches or Cisco MDS 9500 Directors.The Cisco MDS 9216i switch and the 14/2 Multiprotocol Services(MPS-14/2) module also allow you to use Fibre Channel, FCIP, andiSCSI features. The MPS-14/2 module is available for use in anyswitch in the Cisco MDS 9200 Series or Cisco MDS 9500 Series.

Supportedconfigurations

Initiator presentation modes (transparent and proxy)The two modes available to present iSCSI hosts in the Fibre Channelfabric are transparent initiator mode and proxy initiator mode.

◆ In transparent initiator mode, each iSCSI host is presented as onevirtual Fibre Channel host. The benefit of transparent mode is itallows a finer level of Fibre Channel access control configuration(similar to managing a "real" Fibre Channel host). Because of theone-to-one mapping from iSCSI to Fibre Channel, each host canhave different zoning or LUN access control on the Fibre Channelstorage device.

◆ In proxy-initiator mode, there is only one virtual Fibre Channelhost per one IPS port that all iSCSI hosts use to access FibreChannel targets. In a scenario where the Fibre Channel storagedevice requires explicit LUN access control for every host, thestatic configuration for each iSCSI initiator can be overwhelming.In such case, using the proxy-initiator mode simplifies theconfiguration.


64

iSCSI Solutions

Figure 13 shows an example of a supportable configuration.

Figure 13 Supportable configuration example

The following iSCSI configurations are supported:

◆ The Cisco MDS switches can be used as Fibre Channel-iSCSIgateway to run applications using an iSCSI initiator toSymmetrix, VNX series, and CLARiiON storage devices.

◆ Host-based redundancy is supported through the use of EMCPowerPath®.

iSCSI configuration has the following limits:

◆ The maximum number of iSCSI initiators supported in a fabric is1800.

◆ The maximum number of iSCSI sessions supported by an IPS portin either transparent or proxy initiator mode is 300.

◆ The maximum number of iSCSI session support by switch is 5000.

VSAN AFC fabric

Symmetrix CLARiiON VNX

DedicatedWell-engineeredLayer 2 network

IPS portconfigured for

iSCSI on VSAN ACiscoMDS 9000

iSCSIhost

iSCSIhost

iSCSIhost

iSCSIhost

ICO-IMG-000947


iSCSI Solutions

◆ The maximum number of iSCSI targets supported in a fabric is6000.

Configuration overviewTo use the iSCSI feature, you must explicitly enable iSCSI on therequired switches in the fabric. By default, this feature is disabled inall switches in the Cisco MDS 9000 family. Each physical GigabitEthernet interface on an IPS module or MPS-14/2 module can beused to translate and route iSCSI requests to Fibre Channel targetsand responses in the opposite direction. To enable this capability, thecorresponding iSCSI interface must be in an enabled state.

Presenting Fibre Channel Targets as iSCSI TargetsThe IPS module or MPS-14/2 module presents physical FibreChannel targets as iSCSI virtual targets, allowing them to be accessedby iSCSI hosts. It does this in one of two ways:

◆ Dynamic mapping — Automatically maps all the Fibre Channeltarget devices/ports as iSCSI devices. Use this mapping to createautomatic iSCSI target names.

◆ Static mapping — Manually creates iSCSI target devices andmaps them to the whole Fibre Channel target port or a subset ofFibre Channel LUNs. With this mapping, you must specifyunique iSCSI target names.

Presenting iSCSI hosts as virtual Fibre Channel hostsThe IPS module or MPS-14/2 module connects to the Fibre Channelstorage devices on behalf of the iSCSI host to send commands andtransfer data to and from the storage devices. These modules use avirtual Fibre Channel N_Port to access the Fibre Channel storagedevices on behalf of the iSCSI host. iSCSI hosts are identified byeither iSCSI qualified name (IQN) or IP address.

Initiator identificationiSCSI hosts can be identified by the IPS module or MPS-14/2 moduleusing the following:

◆ iSCSI qualified name (IQN)

An iSCSI initiator is identified based on the iSCSI node name itprovides in the iSCSI login. This mode can be useful if an iSCSIhost has multiple IP addresses and you want to provide the sameservice independent of the IP address used by the host. Aninitiator with multiple IP addresses (multiple network interfacecards, NICs) has one virtual N_Port on each IPS port to which itlogs into.


66

iSCSI Solutions

◆ IP address

An iSCSI initiator is identified based on the IP address of theiSCSI host. This mode is useful if an iSCSI host has multiple IPaddresses and you want to provide different service-based on theIP address used by the host. It is also easier to get the IP addressof a host compared to getting the iSCSI node name. A virtualN_Port is created for each IP address it uses to log in to iSCSItargets. If the host using one IP address logs in to multiple IPSports, each IPS port will create one virtual N_Port for that IPaddress.

You can configure the iSCSI initiator identification mode on each IPSport and all the iSCSI hosts terminating on the IPS port will beidentified according to that configuration. The default mode is toidentify the initiator by name.

iSCSI access controlTwo mechanisms of access control are available for iSCSI devices.

◆ Fibre Channel zoning-based access control

◆ iSCSI ACL-based access control

Depending on the initiator mode used to present the iSCSI hosts inthe Fibre Channel fabric, either or both access control mechanismscan be used.

Fibre Channel zoning-based access controlCisco SAN-OS VSAN and zoning concepts have been extended tocover both Fibre Channel devices and iSCSI devices. Zoning is thestandard access control mechanism for Fibre Channel devices, whichis applied within the context of a VSAN. Fibre Channel zoning hasbeen extended to support iSCSI devices, and this extension has theadvantage of having a uniform, flexible access control mechanismacross the whole SAN.

◆ Fibre Channel device WWPN.

◆ Interface and switch WWN. Device connecting through thatinterface is within the zone.

In the case of iSCSI, multiple iSCSI devices may be connected behindan iSCSI interface. Interface-based zoning may not be useful becauseall the iSCSI devices behind the interface will automatically be withinthe same zone.

In transparent initiator mode (where one Fibre Channel virtualN_Port is created for each iSCSI host), the standard Fibre Channel


iSCSI Solutions

device WWPN-based zoning membership mechanism can be used ifan iSCSI host has static WWN mapping.

Zoning membership mechanism has been enhanced to add iSCSIdevices to zones based on the following:

◆ IPv4 address/subnet mask

◆ IPv6 address/prefix length (currently EMC does not support ipversion 6)

◆ iSCSI qualified name (IQN)

◆ Symbolic-node-name (IQN)

For iSCSI hosts that do not have a static WWN mapping, the featureallows the IP address or iSCSI node name to be specified as zonemembers. Note that iSCSI hosts that have static WWN mapping canalso use these features. IP address-based zone membership allowsmultiple devices to be specified in one command by providing thesubnet mask.

iSCSI-based access controliSCSI-based access control is applicable only if static iSCSI virtualtargets are created. For a static iSCSI target, you can configure a list ofiSCSI initiators that are allowed to access the targets.

By default, static iSCSI virtual targets are not accessible to any iSCSIhost. You must explicitly configure accessibility to allow an iSCSIvirtual target to be accessed by all hosts. The initiator access list cancontain one or more initiators. The iSCSI initiator can be identified byone of the following mechanisms:

◆ iSCSI node name

◆ IPv4 address and subnet

◆ IPv6 address (currently EMC does not support IP version 6)

Note: For a transparent mode iSCSI initiator, if both Fibre Channel zoningand iSCSI ACLs are used, for every static iSCSI target that is accessible to theiSCSI host, the initiator's virtual N_Port should be in the same Fibre Channelzone as the Fibre Channel target.

iSCSI session authenticationThe IPS module or MPS-14/2 module supports the iSCSIauthentication mechanism to authenticate the iSCSI hosts that requestaccess to the storage devices. By default, the IPS modules orMPS-14/2 modules allow CHAP or None authentication of iSCSI


68

iSCSI Solutions

initiators. If authentication is always used, you must configure theswitch to allow only CHAP authentication.

For CHAP user name or secret validation, you can use any methodsupported and allowed by the Cisco MDS AAA infrastructure. AAAauthentication supports a RADIUS, TACACS+, or localauthentication device.

iSCSI immediate data and unsolicited data featuresCisco MDS switches support the iSCSI immediate data andunsolicited data features if requested by the initiator during the loginnegotiation phase. Immediate data is iSCSI write data contained in thedata segment of an iSCSI command protocol data unit (PDU), such ascombining the write command and write data together in one PDU.Unsolicited data is iSCSI write data that an initiator sends to the iSCSItarget, such as an MDS switch, in an iSCSI data-out PDU withouthaving to receive an explicit ready to transfer (R2T) PDU from thetarget.

These two features help reduce I/O time for small write commandsbecause it removes one round-trip between the initiator and thetarget for the R2T PDU. As an iSCSI target, the MDS switch allows upto 64 KB of unsolicited data per command. This is controlled by theFirstBurstLength parameter during iSCSI login negotiation phase.

If an iSCSI initiator supports immediate data and unsolicited datafeatures, these features are automatically enabled on the MDS switchwith no configuration required.

Implementation bestpractices

Symmetrix setupSymmetrix SRDF ports should be configured as standard FibreChannel SRDF ports. In a Fibre Channel environment, the Cisco MDSswitch provides all the services of a Fibre Channel switch, similar tothose provided by any other Fibre Channel switch.

VNX series setupVNX ports should be configured as standard Fibre Channel targetports for iSCSI configurations.

CLARiiON setupCLARiiON ports should be configured as standard Fibre Channeltarget ports for iSCSI configurations.

References All documentation can be found at www.cisco.com. Please search onCisco MDS Configuration Guide and choose the guide relevant to thecode running in your environment.


http://www.cisco.com

iSCSI Solutions

eort

tor4ter:

eort

eortll

nts

SummaryTable 2 compares the iSCSI solution features available.

Table 2 iSCSI solution features comparison table

Celerra Brocade MDS Symmetrix (N) VNX series CLARiiON (N) XtremIO

Jumbo frames yes yes yes yes yes yes no

O/S support Everythingbut AIX

Refer to theEMC SupportMatrix





Refer to thEMC SuppMatrix

Number ofinitiators perport/box

256, butcheck theEMC SupportMatrix

64/512(This is perport/blade)

300/2000Refer to theEMC SupportMatrix

• SymmetrixDMX: 512

• SymmetrixVMAX: 1024

Refer to Table 3on page 70.Refer to theEMC SupportMatrix

Refer toTable 3 onpage 70.Refer to theEMC SupportMatrix

• Per initiagroup: 6

• Per clus128

Refer to thEMC SuppMatrix

Proxy initiator yes yes 500/2000Refer to theEMC SupportMatrix

n/a n/a n/a n/a

header/datadigest

yes yes yes yes yes yes no

Immediate data yes yes yes • SymmetrixDMX: no

• SymmetrixVMAX: yes

no no yes

Initial R2T yes yes yes • SymmetrixDMX: yes

• SymmetrixVMAX: yes

no no no

Authentication yes, CHAP yes, CHAP yes • SymmetrixDMX: yes,CHAP

• SymmetrixVMAX: yes,CHAP

yes, CHAP yes, CHAP no

Encryption no no no no no no no

PP support yes,for allsupportedenvironments

yesRefer to theEMC SupportMatrix for allsupportedenvironments





yesRefer to thEMC SuppMatrix for asupportedenvironme

Summary 69





























70

iSCSI Solutions

The EMC Support Matrix is available through E-Lab InteroperabilityNavigator at http://elabnavigator.EMC.com.

Table 3 lists information on VNX and CX4 front-end port support.

Table 3 VNX series and CLARiiON CX4 front-end port support

Front End Ports CX4-120 CX4-240 CX4-480 CX4-960 VNX 5300 VNX 5500 VNX5700

VNX7500

Max 1 Gb/s iSCSI ports per SP/per Storage System

4/8 8/16 8/16 8/16 4/8 8/16 12/24 12/24

Max 10 Gb/s iSCSI ports perSP/ per Storage System

2/4 2/4 4/8 4/8 4/8 4/8 6/8 6/8

Max initiators/1 Gb/s iSCSI port 256 256 256 256 256 512 1,024 1,024

Max initiators/10 Gb/s iSCSIport

256 512 1,024 1,024 256 512 1,024 1,024

Max VLANs/10 Gb/s iSCSI port 8 8 8 8 8 8 8 8

Max VLANs/1 Gb/s iSCSI port 2 2 2 2 8 8 8 8




4

This chapter provides the following use case scenarios.

◆ Connecting an iSCSI Windows host to a VMAX array................. 72◆ Connecting an iSCSI Linux host to a VMAX array ....................... 99◆ Configuring the VNX for block 1 Gb/10 Gb iSCSI port............. 117◆ Connecting an iSCSI Windows host to an XtremIO array ......... 173

Use Case Scenarios

Use Case Scenarios 71

72

Use Case Scenarios

Connecting an iSCSI Windows host to a VMAX arrayFigure 14 shows a Windows host connected to a VMAX array. Thisscenario will be used in this use case study.

This section includes the following information:

◆ “Configuring storage port flags and an IP address on a VMAXarray” on page 72

◆ “Configuring LUN Masking on a VMAX array” on page 77◆ “Configuring an IP address on a Windows host” on page 79◆ “Configuring iSCSI on a Windows host” on page 81◆ “Configuring Jumbo frames” on page 97◆ “Setting MTU on a Windows host” on page 97

Figure 14 Windows host connected to a VMAX array with 1 G connectivity

This setup consists of a Windows host connected to a VMAX array asfollows:

1. The Windows host is connected via two paths with 1 G iSCSI andIPv6.

2. The VMAX array is connected via two paths for 1 G and 10 GiSCSI each.

3. PowerPath is installed on the host.

Configuring storage port flags and an IP address on a VMAX arrayThe following two methods discussed in this section can be used toconfigure storage and port flags and an IP address on a VMAX array:

◆ “Symmetrix Management Console” on page 73

◆ “Solutions Enabler” on page 76

Windows ServerRouter

PowerPath

Subnet IPv6

VMAX

Subnet IPv6IPV6

IPV6

ICO-IMG-000986

2001:db8:0:f108::2

2001:db8:0:f109::2

SE 9G:02001:db8:0:f108::1

SE 10G:02001:db8:0:f109::1


Use Case Scenarios

SymmetrixManagement

Console

Note: For more details, refer to the EMC Symmetrix Management Consoleonline help, available on EMC Online Support at https://support.emc.com.Follow instructions to download the help.

To configure storage and port flags and an IP address on a VMAXarray using the Symmetrix Management Console, complete thefollowing steps:

1. Open the Symmetrix Management Console by using the IPaddress of the array.

2. In the Properties tab, left-hand pane, select Symmetrix Arrays >Directors > Gig-E, to navigate to the VMAX Gig-E storage port,as shown in Figure 15.

3. Right-click the storage port you want to configure, check Online,and select Port and Director Configuration > Set Port Attributesfrom the drop-down menus, as shown in Figure 15.

Figure 15 EMC Symmetrix Manager Console, Directors

Connecting an iSCSI Windows host to a VMAX array 73

74

Use Case Scenarios

The Set Port Attributes dialog box displays, as shown inFigure 16.

Figure 16 Set Port Attributes dialog box

4. In the Set Port Attributes dialog box, select the following, asshown in Figure 16:

• Common_Serial_Number• SCSI_3• SPC2_Protocol_Version• SCSI_Support1

Note: Refer to the appropriate host connectivity guide, available on EMCOnline Support at https://support.emc.com, for your operating systemfor the correct port attributes to set.

5. In the Set Port Attributes dialog box, enter the following, asshown in Figure 16:

• For IPv4, enter the IPv4 Address, IPv4 Default Gateway, andIPv4 Netmask.

• For IPv6, enter the IPv6 Addresses and IPv6 Net Prefix.


Use Case Scenarios

6. Click Add to Config Session List.

7. In the Symmetrix Manager Console window, select the ConfigSession tab, as shown in Figure 17.

Figure 17 Config Session tab

8. In the My Active Tasks tab, click Commit All, as shown inFigure 18.

Figure 18 My Active Tasks, Commit All


76

Use Case Scenarios

Solutions Enabler To configure storage and port flags and an IP address on a VMAXarray using Solutions Enabler, complete the following steps:

◆ “Setting storage port flags and IP address” on page 76

◆ “Setting flags per initiator group” on page 76

◆ “Viewing flags setting for initiator group” on page 77

Setting storage port flags and IP addressIssue the following command:

symconfigure -sid <SymmID> –file <command file> preview|commit

where command file contains:

set port DirectorNum:PortNum[FlagName=enable|disable][, ...] ] gigeprimary_ip_address=IPAddressprimary_netmask=IPAddressdefault_gateway=IPAddressisns_ip_address=IPAddressprimary_ipv6_address=IPAddressprimary_ipv6_prefix=<0 -128>[fa_loop_id=integer] [hostname=HostName];

For example:

Command file for enabling Common_Serial_Number, SCSI_3,SPC2_Protocol_Version, and SCSI_Support1 flags and setting IPv6address and prefix on port 9g:0:

set port 9g:0Common_Serial_Number=enable, SCSI_3=enable, SPC2_Protocol_Version=enable,

SCSI_Support1=enable gigeprimary_ipv6_address=2001:db8:0:f108::1primary_ipv6_prefix=64;

Setting flags per initiator groupIssue the following command:

symaccess -sid <SymmID> -name <GroupName> -type initiator set ig_flags <on <flag><-enable |-disable> | off [flag]>

For example:

Enabling Common_Serial_Number, SCSI_3, SPC2_Protocol_Versionand SCSI_Support1 flags for initiator group SGELI2-83:

symaccess -sid 316 -name SGELI2-83_IG -type initiator set ig_flags onCommon_Serial_Number, SCSI_3, SPC2_Protocol_Version, SCSI_Support1 –enable


Use Case Scenarios

Viewing flags setting for initiator groupIssue the following command:

symaccess -sid <SymmID> -type initiator show <GroupName> -detail

For example:

symaccess -sid 316 -type initiator show SGELI2-83_IG -detail

Configuring LUN Masking on a VMAX arrayThe following two methods discussed in this section can be used toconfigure LUN Masking on a VMAX array:

◆ “Using Symmetrix Management Console” on page 77◆ “Using Solutions Enabler” on page 78

Using SymmetrixManagement

Console

To create an initiator group, port group, storage group, and maskingview using the Symmetrix Management Console, refer to the EMCSymmetrix Management Console online help, available on EMCOnline Support at https://support.emc.com. Follow instructions todownload the help, then refer to the Storage Provisioning section, asshown in Figure 19.

Figure 19 EMC Symmetrix Management Console, Storage Provisioning


78

Use Case Scenarios

Using SolutionsEnabler

To create an initiator group, port group, storage group, and maskingview using the Solutions Enabler, refer to the following sections:

◆ “Creating an initiator group” on page 78◆ “Creating a port group” on page 78◆ “Creating a storage group” on page 78◆ “Creating masking view” on page 78

Creating an initiator groupIssue the following command:

symaccess -sid <SymmID> -type initiator -name <GroupName> createsymaccess -sid <SymmID> -type initiator -name -iscsi <iqn> add

For example:

symaccess -sid 316 -type initiator -name SGELI2-83_IG createsymaccess -sid 316 -type initiator -name SGELI2-83_IG -iscsi

iqn.1991-05.com.microsoft:sgeli2-83 add

Creating a port groupIssue the following command:

symaccess -sid <SymmID> -type port -name <GroupName> createsymaccess -sid <SymmID> -type port -name <GroupName> -dirport

<DirectorNum>:<PortNum> add

For example:

symaccess -sid 316 -type port -name SGELI2-83_PG createsymaccess -sid 316 -type port -name SGELI2-83_PG -dirport 9g:0 add

Creating a storage groupIssue the following command:

symaccess -sid <SymmID> -type storage -name <GroupName> createsymaccess -sid <SymmID> -type storage -name -iscsi <iqn> add devs

<SymDevStart>:<SymDevEnd>

For example:

symaccess -sid 316 -type storage -name SGELI2-83_SG createsymaccess -sid 316 -type storage -name SGELI2-83_SG add devs 0047:110

Creating masking viewIssue the following command:

symaccess -sid <SymmID> create view -name <MaskingView> -ig <InitiatorGroup> -pg<PortGroup> -sg <StorageGroup>


Use Case Scenarios

For example:

symaccess -sid 316 create view -name SGELI2-83_MV -ig SGELI2-83_IG -pgSGELI2-83_PG -sg SGELI2-83_SG

Listing masking viewIssue the following command:

symaccess -sid <SymmID> list view -name <MaskingView>

For example:

symaccess -sid 316 list view -name SGELI2-83_MV

For more details, refer to the EMC Solutions Enabler Symmetrix ArrayControls CLI Product Guide, available on EMC Online Support athttps://support.emc.com.

Configuring an IP address on a Windows hostTo configure an IP address on a Windows host, complete thefollowing steps:

Note: Step 1 through Step 5 are applicable to Windows 2008 Server. Otherversions of Windows may be different.

1. Click Start > Control Panel.

2. Click View network status and tasks.

3. Click Change adapter settings.

4. Right-click on the adapter and select Properties.

5. Double-click the Internet Protocol version:

• For IPv4, double-click Internet Protocol Version 4 (TCP/IPv4).

• For IPv6, double-click Internet Protocol Version 6 (TCP/IPv6).


80

Use Case Scenarios

6. Go to Network Connections and open the IPv6 Propertieswindow. The Internet Protocol Version 6 (TCP/IPv6) Propertiesdialog box opens, as shown in Figure 20.

Figure 20 Internet Protocol Version 6 (TCP/IPv6) Properties dialog box

7. Enter the IPv6 address and the Subnet prefix length.

8. Click OK.

9. Ping the storage port to test connectivity, as shown in Figure 21.

Figure 21 Test connectivity


Use Case Scenarios

Configuring iSCSI on a Windows hostYou can configure iSCSI on a Windows host using the steps providedin the following sections:

◆ “Using Microsoft iSCSI Initiator GUI” on page 81

◆ “Using Microsoft iSCSI Initiator CLI” on page 93

Using Microsoft iSCSIInitiator GUI

Note: The screenshots used in this section are taken from the built-in MSiSCSI Initiator application in Windows 2008 Server. Other versions ofWindows might have different GUI.

This section provides the steps needed for:

◆ “Configuring via Target Portal Discovery” on page 81

◆ “Configuring via iSNS Server” on page 89

Configuring via Target Portal DiscoveryTo configure iSCSI on Windows via Target Port Discovery, completethe following steps:

1. Launch the Microsoft iSCSI Initiator GUI.

The iSCSI Initiator Properties window displays, as shown inFigure 22 on page 82.


82

Use Case Scenarios

Figure 22 iSCSI Initiator Properties window


Use Case Scenarios

2. Select the Discovery tab, click Discover Portal, and click OK, asshown in Figure 23.

Figure 23 Discovery tab, Discover Portal


84

Use Case Scenarios

The Discover Target Portal dialog box displays, as showninFigure 24.

Figure 24 Discover Portal dialog box

3. Enter the IPv6 address of the target and click Advanced.

4. The Advanced Settings window displays, as shown in Figure 25on page 85.


Use Case Scenarios

Figure 25 Advanced Settings window

5. In the General tab, choose the Local adapter and Initiator IPfrom the pull-down menu. Select Data digest and Header digest,if required.

6. Click OK to close the Advanced Settings window.

7. Click OK to close the Discover Target Portal window.


86

Use Case Scenarios

The targets behind the discovered portal now display, as shownin Figure 26.

Figure 26 Target portals

8. Select Targets tab, as shown in Figure 27.

Figure 27 Targets tab


Use Case Scenarios

9. Select one Target and click Connect. Repeat for each Target.

The Connect to Target dialog box displays, as shown in Figure 28.

Figure 28 Connect to Target dialog box

10. Select the Add this connection to the list of Favorite Targetscheckbox.

11. Click OK.

The host is connected to the targets, as shown in Figure 29.

Figure 29 Discovered targets

12. Select the Volumes and Devices tab.


88

Use Case Scenarios

13. Click Auto Configure to bind the volumes, as shown in Figure 30.

Figure 30 Volume and Devices tab


Use Case Scenarios

14. Open PowerPath. The devices appear, as shown in Figure 31.

Figure 31 Devices

Configuring via iSNS ServerTo configure via iSNS Server, complete the following steps:

1. Set the iSNS Server IP address for both storage ports usingSolutions Enabler.

symconfigure -sid 2316 -file isns.txt commit

Execute a symconfigure operation for symmetrix '000192602316' (y/[n]) ? y

A Configuration Change operation is in progress. Please wait...

Establishing a configuration change session...............Established.Processing symmetrix 000192602316Performing Access checks..................................Allowed.Checking Device Reservations..............................Allowed.Initiating COMMIT of configuration changes................Queued.COMMIT requesting required resources......................Obtained.Step 004 of 050 steps.....................................Executing.Step 017 of 050 steps.....................................Executing.Step 026 of 050 steps.....................................Executing.Step 042 of 085 steps.....................................Executing.Step 060 of 085 steps.....................................Executing.Step 064 of 085 steps.....................................Executing.


90

Use Case Scenarios

Step 082 of 085 steps.....................................Executing.Local: COMMIT............................................Done.Terminating the configuration change session..............Done.

The configuration change session has successfully completed.

Where isns.txt contains:

set port 10G:0isns_ip_address=12.10.10.206

Note: iSNS Server IP Address supports only IPv4.

2. Launch the iSNS Server.

The storage ports appear as shown in Figure 32.

Figure 32 iSNS Server Properties window, storage ports



Use Case Scenarios

4. Select the Discovery tab, as shown in Figure 33.

Figure 33 Discovery tab

5. Click Add Server. The Add iSNS Server window displays.

6. Enter the IP address for each iSNS Server interface and click OK.


92

Use Case Scenarios

The iSNS Server is successfully added, as shown in Figure 34.

Figure 34 iSNS Server added


Use Case Scenarios

7. Return to the iSNS Server. The Initiator has been successfullyadded, as shown in Figure 35.

Figure 35 iSNS Server

8. Follow Step 8 on page 96 through Step 10 on page 96 in“Configuring via Target Portal Discovery,” discussed next.

Using Microsoft iSCSIInitiator CLI

Steps for configuring iSCSI on a Windows host using Microsoft iSCSIInitiator CLI are provided in the following sections:

◆ “Configuring via Target Portal Discovery” on page 93◆ “Configuring via iSNS Server” on page 97

Configuring via Target Portal DiscoveryTo configure iSCSI on Windows using Microsoft iSCSI Initiator CLI,complete the following steps:

1. Add the Target Portal for each storage port.

C:\>iscsicli QAddTargetPortal 2001:db8:0:f108::1Microsoft iSCSI Initiator Version 6.1 Build 7601

The operation completed successfully.


94

Use Case Scenarios

2. List the Target Portals.

C:\>iscsicli ListTargetPortalsMicrosoft iSCSI Initiator Version 6.1 Build 7601

Total of 2 portals are persisted:

Address and Socket : 2001:db8:0:f108::1 3260Symbolic Name :Initiator Name :Port Number : <Any Port>Security Flags : 0x0Version : 0Information Specified: 0x0Login Flags : 0x0

Address and Socket : 2001:db8:0:f109::1 3260Symbolic Name :Initiator Name :Port Number : <Any Port>Security Flags : 0x0Version : 0Information Specified: 0x0Login Flags : 0x0


3. List the Targets behind the discovered Portals. The Target iqn isdisplayed.

C:\>iscsicli ListTargetsMicrosoft iSCSI Initiator Version 6.1 Build 7601

Targets List:iqn.1992-04.com.emc:50000972082431a4iqn.1992-04.com.emc:50000972082431a0


4. Get the Target information.

C:\>iscsicli TargetInfo iqn.1992-04.com.emc:50000972082431a0Microsoft iSCSI Initiator Version 6.1 Build 7601

Discovery Mechanisms :"SendTargets:*2001:db8:0:f108::1 0003260 Root\ISCSIPRT\0000_0 "


5. Log in to each Target. The Session Id is created.

C:\>iscsicli QLoginTarget iqn.1992-04.com.emc:50000972082431a0Microsoft iSCSI Initiator Version 6.1 Build 7601


Use Case Scenarios

Session Id is 0xfffffa8007af4018-0x400001370000000cConnection Id is 0xfffffa8007af4018-0xbThe operation completed successfully.

6. Display the Target Mappings assigned to all LUNs that theinitiators have logged in to.

C:\>iscsicli ReportTargetMappingsMicrosoft iSCSI Initiator Version 6.1 Build 7601

Total of 2 mappings returnedSession Id : fffffa8007af4018-400001370000000cTarget Name : iqn.1992-04.com.emc:50000972082431a0Initiator : Root\ISCSIPRT\0000_0Initiator Scsi Device : \\.\Scsi9:Initiator Bus : 0Initiator Target Id : 0

Target Lun: 0x100 <--> OS Lun: 0x1Target Lun: 0x200 <--> OS Lun: 0x2……

Session Id : fffffa8007af4018-400001370000000dTarget Name : iqn.1992-04.com.emc:50000972082431a4Initiator : Root\ISCSIPRT\0000_0Initiator Scsi Device : \\.\Scsi9:Initiator Bus : 0Initiator Target Id : 1

Target Lun: 0x0 <--> OS Lun: 0x0Target Lun: 0x100 <--> OS Lun: 0x1……

7. The mappings obtained through the QLoginTarget command arenot persistent and will be lost at reboot. To have a persistentconnection, use the PersistentLoginTarget command for eachTarget.

Note: The value T means the LUN is exposed as a device. Otherwise, theLUN is not exposed and the only operations that can be performed areSCSI Inquiry, SCSI Report LUNS, and SCSI Read Capacity, and onlythrough the iSCSI discovery service since the operating system is notaware of the existence of the device.

C:\>iscsicli PersistentLoginTarget iqn.1992-04.com.emc:50000972082431a0T * * * * * * * * * * * * * * * 0Microsoft iSCSI Initiator Version 6.1 Build 7601



96

Use Case Scenarios

8. List the Persistent Targets.

C:\>iscsicli ListPersistentTargetsMicrosoft iSCSI Initiator Version 6.1 Build 7601

Total of 2 persistent targetsTarget Name : iqn.1992-04.com.emc:50000972082431a0Address and Socket : 2001:0db8:0000:f108:0000:0000:0000:0001%0 3260Session Type : DataInitiator Name : Root\ISCSIPRT\0000_0Port Number : <Any Port>Security Flags : 0x0Version : 0Information Specified : 0x20Login Flags : 0x8Username :

Target Name : iqn.1992-04.com.emc:50000972082431a4Address and Socket : 2001:0db8:0000:f109:0000:0000:0000:0001%0 3260Session Type : DataInitiator Name : Root\ISCSIPRT\0000_0Port Number : <Any Port>Security Flags : 0x0Version : 0Information Specified : 0x20Login Flags : 0x8Username :


9. Bind the Persistent Devices to cause the iSCSI Initiator service todetermine which disk volumes are currently exposed by theactive iSCSI sessions for all initiators and make that list persistent.The next time the iSCSI Initiator service starts, it will wait for allthose volumes to be mounted before completing its servicestartup.

C:\>iscsicli BindPersistentDevicesMicrosoft iSCSI Initiator Version 6.1 Build 7601


10. Display the list of volumes and devices that are currentlypersistently bound by the iSCSI initiator.

C:\>iscsicli ReportPersistentDevicesMicrosoft iSCSI Initiator Version 6.1 Build 7601

Persistent Volumes"\\?\scsi#disk&ven_emc&prod_power&#{4a54205a-c920-4e28-88c5-9a6296a74b0b}&emcp&p

ower123#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"


Use Case Scenarios

"\\?\scsi#disk&ven_emc&prod_power&#{4a54205a-c920-4e28-88c5-9a6296a74b0b}&emcp&power63#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

……

Configuring via iSNS ServerTo configure iSCSI via iSNS Server, complete the following steps:

1. Set the iSNS Server IP address for both storage ports as describedin “Configuring via iSNS Server” on page 97.

2. Add both iSNS Server interfaces.

C:\copa>iscsicli AddiSNSServer 2001:db8:0:f108::3Microsoft iSCSI Initiator Version 6.1 Build 7601


3. List the iSNS Servers.

C:\copa>iscsicli ListiSNSServersMicrosoft iSCSI Initiator Version 6.1 Build 7601

2001:db8:0:f108::32001:db8:0:f109::3


4. Follow Step 3 on page 94 through Step 10 on page 96 in“Configuring via Target Portal Discovery.”

Configuring Jumbo framesTo configure Jumbo frames, set the MTU on the host, switch (host andstorage side) and storage port to 9000.

The switch port MTU can be set using the switch admin tool.

Contact your EMC Customer Service Engineer to set the storage portMTU.

Setting MTU on a Windows hostThe MTU can be changed by editing the HBA driver properties.Consult your driver documentation for more information.

The netsh command line scripting utility can also be used to set theMTU. The usage of the netsh utility described next applies to


98

Use Case Scenarios

Windows 2008 Server and may not be applicable for other versions ofWindows.

To set MTU on Windows, complete the following steps:

1. Show the MTU.

C:\>netsh interface ipv6 show subinterface

MTU MediaSenseState Bytes In Bytes Out Interface------ --------------- --------- --------- -------------1500 1 110592960 22062103 CORP1500 1 2073668 894650 1G iSCSI 11500 1 796432 3343627 1G iSCSI 2

2. Change the MTU of "1G iSCSI 1" interface to 9000.

C:\>netsh interface ipv6 set subinterface "1G iSCSI 1" mtu=9000 store=persistentOk.

3. Show the updated MTU.

C:\>netsh interface ipv6 show subinterface

MTU MediaSenseState Bytes In Bytes Out Interface------ --------------- --------- --------- -------------1500 1 110592960 22062103 CORP9000 1 2073668 894650 1G iSCSI 11500 1 796432 3343627 1G iSCSI 2


Use Case Scenarios

Connecting an iSCSI Linux host to a VMAX arrayFigure 36 shows a Linux host connected to a VMAX array. Thisscenario will be used in this use case study. This section includes thefollowing information:

◆ “Configuring storage port flags and an IP address on a VMAXarray” on page 100

◆ “Configuring LUN Masking on a VMAX array” on page 107

◆ “Configuring an IP address on a Linux host” on page 110

◆ “Configuring CHAP on the Linux host” on page 113

◆ “Configuring iSCSI on a Linux host using Linux iSCSI InitiatorCLI” on page 113

◆ “Configuring Jumbo frames” on page 115

◆ “Setting MTU on a Linux host” on page 115

Figure 36 Linux hosts connected to a VMAX array with 10 G connectivity

This setup consists of a Linux host connected to a VMAX array asfollows:

1. The Linux host is connected via two paths with 10 G iSCSI andIPv4. CHAP Authentication is used.

2. The VMAX array is connected via two paths for 1 G and 10 GiSCSI each.


Linux Server

Switch

Subnet IPv4

VMAX

Subnet IPv4IPV4

IPV4

ICO-IMG-000987

PowerPath

eth0: 10.20.5.210

eth1: 10.20.20.210

SE 7G:010.20.5.201

SE 7H:010.20.20.100

Connecting an iSCSI Linux host to a VMAX array 99

100

Use Case Scenarios

Configuring storage port flags and an IP address on a VMAX arrayThe following two methods discussed in this section can be used toconfigure storage and port flags and an IP address on a VMAX array:

◆ “Symmetrix Management Console” on page 100

◆ “CHAP” on page 104

◆ “Solutions Enabler” on page 106

SymmetrixManagement

Console

Note: For more details, refer to the EMC Symmetrix Management Consoleonline help, available on EMC Online Support at https://support.emc.com.Follow instructions to download the help.

To configure storage and port flags and an IP address on a VMAXarray using the Symmetrix Management Console, complete thefollowing steps:

1. Open the Symmetrix Management Console by using the IPaddress of the array.

2. In the Properties tab, left-hand pane, select Symmetrix Arrays >Directors > Gig-E, to navigate to the VMAX Gig-E storage port,as shown in Figure 37.

3. Right-click the storage port you want to configure, check Online,and select Port and Director Configuration > Set Port Attributesfrom the drop-down menu, as shown in Figure 37.


Use Case Scenarios

Figure 37 Set port attributes

IMPORTANT

Take the port offline if the IP address is being changed. SelectPort and Director Configuration and uncheck Online.


102

Use Case Scenarios

The Set Port Attributes dialog box displays, as shown inFigure 38.

Figure 38 Set Port Attributes dialog box

4. In the Set Port Attributes dialog box, select the following, asshown in Figure 38:

• Common_Serial_Number• SCSI_3• SPC2_Protocol_Version• SCSI_Support1

Note: Refer to the appropriate host connectivity guide, available on EMCOnline Support at https://support.emc.com, for your operating systemfor the correct port attributes to set.


Use Case Scenarios

5. In the Set Port Attributes dialog box, enter the following, asshown in Figure 38:

• For IPv4, enter the IPv4 Address, IPv4 Default Gateway, andIPv4 Netmask.

• For IPv6, enter the IPv6 Addresses and IPv6 Net Prefix.

6. Click Add to Config Session List.

7. In the Symmetrix Manager Console window, select the ConfigSession tab, as shown in Figure 39.

Figure 39 Config Session tab


104

Use Case Scenarios

8. In the My Active Tasks tab, click Commit All, as shown inFigure 40.

Figure 40 My Active Tasks, Commit All

CHAP To configure CHAP, complete the following steps.

1. From the Symmetrix Management Console, right-click on thestorage port you want to configure and select Port and DirectorConfiguration > CHAP Authentication for CHAP-relatedinformation, as shown in


Use Case Scenarios

Figure 41 CHAP authentication

The following dialog box displays.

Figure 42 Director Port CHAP Authentication Enable/Disable dialog box

2. Click OK.


106

Use Case Scenarios

The following dialog box displays.

Figure 43 Director Port CHAP Authentication Set dialog box

3. A Credential and Secret must be configured for the CHAP to beoperational.

Solutions Enabler To configure storage and port flags and an IP address on a VMAXarray using Solutions Enabler, complete the following steps:

◆ “Setting storage port flags and IP address” on page 106

◆ “Setting flags per initiator group” on page 107

◆ “Viewing flags setting for initiator group” on page 107

Setting storage port flags and IP addressIssue the following command:

symconfigure -sid <SymmID> –file <command file> preview|commit

where command file contains:

set port DirectorNum:PortNum[FlagName=enable|disable][, ...] ] gigeprimary_ip_address=IPAddressprimary_netmask=IPAddressdefault_gateway=IPAddressisns_ip_address=IPAddressprimary_ipv6_address=IPAddressprimary_ipv6_prefix=<0 -128>[fa_loop_id=integer] [hostname=HostName];


Use Case Scenarios

For example:

Command file for enabling Common_Serial_Number, SCSI_3,SPC2_Protocol_Version and SCSI_Support1 flags and setting IPv4address and prefix on port 9g:0:

set port 7G:0Common_Serial_Number=enable, SCSI_3=enable, SPC2_Protocol_Version=enable,

SCSI_Support1=enable gigeprimary_ip_address= 10.20.5.201primary_netmask = 255.255.255.0default_gateway=10.20.5.1set port 7H:0Common_Serial_Number=enable, SCSI_3=enable, SPC2_Protocol_Version=enable,

SCSI_Support1=enable gigeprimary_ip_address= 10.20.20.100primary_netmask = 255.255.255.0default_gateway=10.20.20.1

Setting flags per initiator groupIssue the following command:

symaccess -sid <SymmID> -name <GroupName> -type initiator set ig_flags <on <flag><-enable |-disable> | off [flag]>

For example:

Enabling Common_Serial_Number, SCSI_3, SPC2_Protocol_Versionand SCSI_Support1 flags for initiator group SGELI2-83:

symaccess -sid 316 -name Linux10G_IG -type initiator set ig_flags onCommon_Serial_Number,SCSI_3,SPC2_Protocol_Version,SCSI_Support1 –enable

Viewing flags setting for initiator groupIssue the following command:

symaccess -sid <SymmID> -type initiator show <GroupName> -detail

For example:

symaccess -sid 316 -type initiator show Linux10G_IG -detail

Configuring LUN Masking on a VMAX arrayThe following methods discussed in this section can be used toconfigure LUN Masking on a VMAX array:

◆ “Using Symmetrix Management Console” on page 108

◆ “Using Solutions Enabler” on page 108

◆ “Using SYMCLI for VMAX” on page 110


108

Use Case Scenarios

Using SymmetrixManagement

Console

To create an initiator group, port group, storage group, and maskingview using the Symmetrix Management Console, refer to the EMCSymmetrix Management Console online help, available on EMCOnline Support at https://support.emc.com. Follow instructions todownload the help, then refer to the Storage Provisioning section, asshown in Figure 44.

Figure 44 EMC Symmetrix Management Console, Storage Provisioning

Using SolutionsEnabler

To create an initiator group, port group, storage group, and maskingview using the Solutions Enabler, refer to the following sections:

◆ “Creating an initiator group” on page 108◆ “Creating a port group” on page 109◆ “Creating a storage group” on page 109◆ “Creating masking view” on page 109

Creating an initiator groupIssue the following command:

symaccess -sid <SymmID> -type initiator -name <GroupName> createsymaccess -sid <SymmID> -type initiator -name -iscsi <iqn> add


Use Case Scenarios

For example:

symaccess -sid 3003 -type initiator -name Linux10G_IG createsymaccess -sid 3003 -type initiator -name Linux10G_IG -iscsi

iqn.1994-05.com.redhat:1339be8c4613 add

Creating a port groupIssue the following command:

symaccess -sid <SymmID> -type port -name <GroupName> createsymaccess -sid <SymmID> -type port -name <GroupName> -dirport

<DirectorNum>:<PortNum> add

For example:

symaccess -sid 3003 -type port -name Linux10G_PG createsymaccess -sid 3003 -type port -name Linux10G_PG -dirport 7G:0 add

Creating a storage groupIssue the following command:

symaccess -sid <SymmID> -type storage -name <GroupName> createsymaccess -sid <SymmID> -type storage -name -iscsi <iqn> add devs

<SymDevStart>:<SymDevEnd>

For example:

symaccess -sid 3003 -type storage -name Linux10G_SG createsymaccess -sid 3003 -type storage -name Linux10G_SG add devs 816:842

Creating masking viewIssue the following command:

symaccess -sid <SymmID> create view -name <MaskingView> -ig <InitiatorGroup> -pg<PortGroup> -sg <StorageGroup>

For example:

symaccess -sid 316 create view -name SGELI2-83_MV -ig SGELI2-83_IG -pgSGELI2-83_PG -sg SGELI2-83_SG

Listing masking viewIssue the following command:

symaccess -sid <SymmID> list view -name <MaskingView>

For example:

Symaccess -sid 3003 list view -name Linux10G


110

Use Case Scenarios

For more details, refer to the EMC Solutions Enabler Symmetrix ArrayControls CLI Product Guide, available on EMC Online Support athttps://support.emc.com.

Using SYMCLI forVMAX

1. To enable CHAP on an iSCSI initiator, use the following form:

symaccess -sid SymmID -iscsi iscsi enable chap

For example:

# symaccess -sid 3003 -iscsi iqn.1994-05.com.redhat:1339be8c4613 enable CHAP

2. To enable CHAP on a specific director and port, use the followingform:

symaccess -sid SymmID [-dirport Dir:Port] enable chap

For example:

# symaccess -sid 3003-dirport 7G:0 enable chap

3. To set the CHAP credential and secret on a director and port, usethe following form:

symaccess -sid SymmID -dirport Dir:Port set chap -cred Credential -secret Secret

For example:

# symaccess -sid SymmID -dirport 7G:0 set chap -cred chap -secret abcdefgh

4. To disable CHAP on a specific director and port, use thefollowing form:

symaccess -sid SymmID [-dirport Dir:Port] disable chap

5. To delete CHAP from a specific director and port, use thefollowing form:

symaccess -sid SymmID [-dirport Dir:Port] delete chap

Configuring an IP address on a Linux hostTo configure an IP address on a Linux host, complete the followingsteps:


Use Case Scenarios

1. Issue the ifconfig command to verify the present IP addresses, asshow in Figure 45:

Figure 45 Verify IP addresses

2. Use the following command to shut down the interface:

# ifconfig eth0 down# ifconfig eth1 down

3. Use the following command to set the IP address and bring theport back up.

# ifconfig eth0 10.20.5.210 netmask 255.255.255.0 up# ifconfig eth1 10.20.20.210 netmask 255.255.255.0 up

4. Check the parameters on the interface located.

/etc/sysconfig/network-scripts

Note: This folder contains all ifcfg-eth files. Make changes to the fileappropriate to the interface being used.

For example, the following lists the properties on the interfaceeth0. To enable the IP address to be present with each reboot, set"ONBOOT=yes" .

[root@i2051210 network-scripts]# more ifcfg-eth0DEVICE="eth0"NM_CONTROLLED="yes"ONBOOT=yesTYPE=EthernetBOOTPROTO=none


112

Use Case Scenarios

IPADDR=10.20.5.210PREFIX=24GATEWAY:10.20.20.1DEFROUTE=noIPV4_FAILURE_FATAL=yesIPV6INIT=noNAME="System eth0"UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03GATEWAY=10.246.51.1HWADDR=00:00:C9:C0:5E:90

5. Verify the IP address by issuing the following command:

[root@i2051210 ~]# ifconfigeth0 Link encap:Ethernet HWaddr 00:00:C9:C0:5E:90

inet addr:10.20.5.210 Bcast:10.20.5.255 Mask:255.255.255.0inet6 addr: fe80::200:c9ff:fec0:5e90/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:17 errors:0 dropped:0 overruns:0 frame:0TX packets:29 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000RX bytes:4149 (4.0 KiB) TX bytes:4604 (4.4 KiB)

eth1 Link encap:Ethernet HWaddr 00:00:C9:C0:5E:92inet addr:10.20.20.210 Bcast:10.20.20.255 Mask:255.255.255.0inet6 addr: fe80::200:c9ff:fec0:5e92/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:1 errors:0 dropped:0 overruns:0 frame:0TX packets:29 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000RX bytes:243 (243.0 b) TX bytes:4596 (4.4 KiB)

6. Add the IPv6 address, if needed, by using the followingcommands:

ifconfig eth0 inet6 add 2001:0db8:0:f101::1/6ifconfig eth1 inet6 add 2001:0db8:0:f101::2/6


Use Case Scenarios

7. Ping the storage port to test connectivity, as shown in Figure 46.

Figure 46 Test connectivity

Configuring CHAP on the Linux hostTo configure CHAP on the Linux host, complete the following steps:

1. Configure Credential and Secret on the host(/etc/iscsi/iscsi.conf).

node.session.auth.authmethod = CHAPnode.session.auth.username = chapnode.session.auth.password = abcdefgh

2. Restart the iSCSI service.

service open-iscsi restart

Configuring iSCSI on a Linux host using Linux iSCSI Initiator CLIComplete the following steps to configure iSCSI on a Linux hostusing Linux iSCSI Initiator CLI:

1. Issue the following commands to discover the target devices:

# iscsiadm -m discovery -t sendtargets -p 10.20.5.20110.20.5.201:3260,1 iqn.1992-04.com.emc:50000972082eed98# iscsiadm -m discovery -t sendtargets -p 10.20.20.10010.20.20.100:3260,1 iqn.1992-04.com.emc:50000972082eedd8


114

Use Case Scenarios

2. Issue the following command to print out the nodes that havebeen discovered:

./iscsiadm -m node

# iscsiadm -m node10.20.20.100:3260,1 iqn.1992-04.com.emc:50000972082eedd810.20.5.201:3260,1 iqn.1992-04.com.emc:50000972082eed98

3. Log in by take the ip, port, and target name from the aboveexample and run:

./iscsiadm -m node -T targetname -p ip:port -l

# iscsiadm --mode node --targetname iqn.1992-04.com.emc:50000972082eedd8 --portal10.20.20.100 --login

Logging in to [iface: default, target: iqn.1992-04.com.emc:50000972082eedd8,portal: 10.20.20.100,3260]

Login to [iface: default, target: iqn.1992-04.com.emc:50000972082eedd8, portal:10.20.20.100,3260] successful.

# iscsiadm --mode node --targetname iqn.1992-04.com.emc:50000972082eed98 --portal10.20.5.201 --login

Logging in to [iface: default, target: iqn.1992-04.com.emc:50000972082eed98,portal: 10.20.5.201,3260]

Login to [iface: default, target: iqn.1992-04.com.emc:50000972082eed98, portal:10.20.5.201,3260] successful.

4. Issue the following command to show all records in discoverydatabase and show the targets discovered from each record:

./iscsiadm -m discovery -P 1

# iscsiadm -m discovery -P 1SENDTARGETS:DiscoveryAddress: 10.20.20.100,3260Target: iqn.1992-04.com.emc:50000972082eedd8

Portal: 10.20.20.100:3260,1Iface Name: default

DiscoveryAddress: 10.20.5.200,3260DiscoveryAddress: 10.20.5.201,3260Target: iqn.1992-04.com.emc:50000972082eed98

Portal: 10.20.5.201:3260,1Iface Name: default

iSNS:No targets found.STATIC:No targets found.FIRMWARE:No targets found.


Use Case Scenarios

Configuring Jumbo framesTo configure Jumbo frames, set the MTU on the host, switch (host andstorage side) and storage port to 9000.

The switch port MTU can be set using the switch admin tool.

Contact your EMC Customer Service Engineer to set the storage portMTU.

Setting MTU on a Linux hostThe MTU can be changed by editing the HBA driver properties.Consult your driver documentation for more information.

The netsh command line scripting utility can also be used to set theMTU. The usage of the netsh utility described next applies to a LinuxServer and may not be applicable for other versions of Linux.

To set MTU on Linux, complete the following steps:

1. To show the MTU issue the following command.

Note: By default the MTU size is set to 1500 MTU.

Ip link list

2. To change the MTU issue the following command for the 10GiSCSI initiator Ethernet interface on the Linux host.

ifconfig eth0 mtu 9000


116

Use Case Scenarios

3. To make the changes to the MTU persistent upon reboot, changethe "ifcfg_eth*" file associated with the interface.

4. To show the updated MTU, issue the following command

Ip link list


Use Case Scenarios

Configuring the VNX for block 1 Gb/10 Gb iSCSI portThis section contains the following information:

◆ “Prerequisites” on page 117

◆ “Configuring storage system iSCSI front-end ports” on page 118

◆ “Assigning an IP address to each NIC or iSCSI HBA in aWindows Server 2008” on page 123

◆ “Configuring iSCSI initiators for a configuration without iSNS”on page 126

◆ “Registering the server with the storage system” on page 142

◆ “Setting storage system failover values for the server initiatorswith Unisphere” on page 144

◆ “Configuring the storage group” on page 159

◆ “iSCSI CHAP authentication” on page 172

Figure 47 will be used in the examples presented in this section.

Figure 47 Windows host connected to a VNX array with 1 G/ 10 G connectivity

PrerequisitesBefore you begin, you must complete the cabling of the iSCSIfront-end data ports to the server ports.

Note: The 10 GbE iSCSI modules requires EMC FLARE® OperatingEnvironment (OE) version 04.29.000.5.0xx or later.

Windows ServerSwitch

PowerPath

IPV4

IPV4

ICO-IMG-001030

10.1.1.198

192.168.1.198

10.1.1.98

192.168.1.98

VNX

Configuring the VNX for block 1 Gb/10 Gb iSCSI port 117

118

Use Case Scenarios

IMPORTANT

1 GbE iSCSI ports require Ethernet LAN cables and 10 GbE iSCSIports require fibre optical cables for Ethernet transmission.

For 1 Gb transmission, you need CAT 5 Ethernet LAN cables for10/100 transmission or CAT 6 cables. These cables can be up to 100meters long.

For 10 Gb Ethernet transmission, you need fibre optical cables for afibre optic infrastructure or active twinaxial cables for an activetwinaxial infrastructure. EMC strongly recommends you use OM350 µm cables for all optical connections.

An active twinaxial infrastructure is supported for switchconfigurations only.

For cable specifications, refer to the Technical Specifications for yourstorage system. You can generate an up-to-date version of the thesespecification using the Learn about storage system link on thestorage system support website.

For high availability:

◆ Connect one or more iSCSI front-end data ports on SP A to portson the switch or router and connect the same number of iSCSlfront-end data ports on SP B to ports on the same switch or routeror on another switch or router, if two switches or routers areavailable.

◆ For a multiple NIC or iSCSI HBA server, connect one or more NICor iSCSI ports to ports on the switch or router and connect thesame number NIC or iSCSI HBA ports to ports on the sameswitch or router or on another switch or router, if two switches orrouters are available.

Configuring storage system iSCSI front-end portsTo configure storage system iSCSI front-end ports, complete thefollowing steps:

1. Start Unisphere by entering the IP address of one of the storagesystem SP in an Internet browser that you are trying to manage.

2. Enter your user name and password.


Use Case Scenarios

3. Click Login.

4. From Unisphere, select System > Hardware > Storage Hardware.

Figure 48 Unisphere, System tab

5. Identify the storage system iSCSI front-end ports by clicking SPs>SP A/B > IO Modules > Slot > Port <#> in the Hardwarewindow.

The example used here is SPs> SP A > IO Modules > Slot A4 >Port 0.

The Properties message box will display.


120

Use Case Scenarios

Figure 49 Message box

6. Click OK.

7. Highlight the iSCSI front-end port that you want to configure andclick Properties.


Use Case Scenarios

The iSCSI Port Properties window displays.

Figure 50 iSCSI Port Properties window

8. Click Add in Virtual Port Properties to assign IP address to theport. The iSCSI Virtual Port Properties window displays.


122

Use Case Scenarios

Figure 51 iSCSI Virtual Port Properties window

9. Click OK and the close all open dialog boxes.


Use Case Scenarios

A Warning message displays asking if you wish to continue.

Figure 52 Warning message

10. Click OK.

A message showing successful completion displays.

Figure 53 Successful message

11. Click OK.

The iSCSI Port Properties window displays the added virtualports in the Virtual Port Properties area.

Assigning an IP address to each NIC or iSCSI HBA in a Windows Server 2008To assign an IP address to each NIC or iSCSI HBA in a WindowsServer 2008 that will be connected to the storage system, complete thefollowing steps.


124

Use Case Scenarios

1. Click Start > Control Panel > Network and Sharing Center >Manage Network Connections.

The Network Connections window displays.

Figure 54 Control Panel, Network Connections window

2. Locate 10 GbE interfaces in the Network Connections dialog box.

3. Identify the NIC or iSCSI HBA which you want to set the IPaddress in the dialog (QLogic 10 Gb PCI Ethernet Adapter) andright-click the NIC or iSCSI HBA.

The Local Area Connection Properties dialog box displays.


Use Case Scenarios

Figure 55 Local Area Connection Properties dialog box

4. Select the Internet Protocol Version 4 (TCP/IPv4) entry in the listand then click Properties.

The Internet Protocol Version 4 (TCP/IPv4) Properties dialogbox displays.


126

Use Case Scenarios


5. In the General tab, select Use the following IP address and enterthe appropriate IP address and subnet mask of the adapter in theIP address and Subnet mask fields.


7. Repeat these steps for any other iSCSI adapters in the host.

Configuring iSCSI initiators for a configuration without iSNSBefore an iSCSI initiator can send data to or receive data from thestorage system, you must configure the network parameters for theNIC or HBA iSCSI initiators to connect with the storage-system SPiSCSI targets.

You may need to install the Microsoft iSCSI Initiator software. Thiscan be downloaded from http://www.microsoft.com.


Use Case Scenarios

Note: Some operating systems, such as Microsoft Windows 2008 (used in thisexample) have bundled the iSCSI initiator with the OS. As a result, it will notneed to be installed and can be accessed directly from Start > AdministrativeTools > iSCSI Initiator.

There are two ways to configure iSCSI initiators on a Windows serverto connect to the storage-system iSCSI targets:

◆ Using Unisphere Server Utility

You can register the r server's NICs or iSCSI HBAs with thestorage system. Refer to “Using Unisphere Server Utility” onpage 127.

◆ Using Microsoft iSCSI initiator

If you are an advanced user, you can configure iSCSI initiators toconnect to the targets. Refer to “Successful logon message” onpage 134.

Using Unisphere Server UtilityTo configure iSCSI initiators on a Windows server to connect to thestorage-system iSCSI targets using Unisphere Service Utility,complete the following steps:

1. On the server, open the Unisphere Server Utility. The EMCUnisphere Server Utility window displays.


128

Use Case Scenarios

Figure 57 EMC Unisphere Server Utility welcome window

2. Select Configure iSCSI Connections on this server and clickNext.


Use Case Scenarios

The next window displays.

Figure 58 EMC Unisphere Server Utility window, Configure iSCSI Connections

3. Select Configure iSCSI Connections and click Next.


130

Use Case Scenarios

The iSCSI Targets and Connections window displays.

Figure 59 iSCSI Targets and Connections window

4. Select one of the following options to discover the iSCSI targetports on the connected storage systems:

• Discover iSCSI targets on this subnet


Use Case Scenarios

Scans the current subnet for all connected iSCSIstorage-system targets. The utility scans the subnet in therange from 1 to 255. For example, if the current subnet is10.1.1, the utility will scan the IP addresses from 10.1.1.1 to10.1.1.255.

Figure 60 Discover iSCSI targets on this subnet

• Discover iSCSI targets for this target portal

Discovers targets known to the specified iSCSI SP data port.


132

Use Case Scenarios

Figure 61 Discover iSCSI targets for this target portal

5. Click Next.


Use Case Scenarios

The iSCSI Targets window displays.

Figure 62 iSCSI Targets window

6. For each target you want to log in to, complete the following:

a. In the iSCSI Targets window, select the IP address of theinactive target.

b. Under Login Options, select Also login to peer iSCSI targetfor High Availability (recommended) if the peer iSCSI targetis listed.

c. Select a Server Network Adapter IP address from thedrop-down list if you have the appropriate failover software,such as EMC PowerPath.

Note: The IP Address used should be the IP Address of the Adapterthat is on the same Network as the target. In this case, you wouldselect the IP Address of 10.1.1.98 to access the Target at the IPAddress of 10.1.1.198.


134

Use Case Scenarios

d. If you selected Also login to peer iSCSI target for HighAvailability (recommended), leave the Server NetworkAdapter IP set to Default to allow the iSCSI initiator toautomatically fail over to an available NIC in the event of afailure.

This option allows the utility to create a login connection tothe peer target so if the target you selected becomesunavailable, data will continue to the peer target.

e. Click Logon to connect to the selected target.

A message displays showing the logon as successful.

Figure 63 Successful logon message

f. Click OK. The iSCSI Targets window (Figure 62 on page 133)displays again.

g. Click Next.

The Server Utility window displays.


Use Case Scenarios

Figure 64 Server registration window

7. In the server registration window, click Next to send the updatedinformation to the storage system.

A message showing a successful update displays.

Note: If you have the host agent installed on the server, you will get anerror message indicating that the host agent is running and you cannotuse the server utility to update information to the storage system; thehost agent will do this automatically.


136

Use Case Scenarios

Figure 65 Successfully updated message

8. Click Finish.

9. Repeat steps 2-8 for any additional iSCSI Targets.

Using Microsoft iSCSI initiatorTo configure iSCSI initiators on a Windows server to connect to thestorage-system iSCSI targets using Microsoft isCSI initiator software,complete the following steps:

1. Open the Microsoft iSCSI Initiator properties dialog by clickingStart > Administrative Tools >iSCSI Initiator.

The Microsoft iSCSI Initiator Properties dialog box displays.


Use Case Scenarios

Figure 66 Microsoft iSCSI Initiator Properties dialog box

2. Add an iSCSI Target by clicking the Discovery Tab and then AddPortal.


The Add Target Portal dialog box displays.


138

Use Case Scenarios

Figure 68 Add Target Portal dialog box

3. Click Advance.

The Advanced Settings dialog box displays.

Figure 69 Advanced Settings dialog box, General tab


Use Case Scenarios

a. In the Local Adapter field, choose Microsoft iSCSI Initiatorfrom the pull-down list.

b. In the Source IP field, choose the IP Address of the adapterthat will be used to access this target.

c. In the Target portal field, choose the IP address of the targetthat will be used to access by this source.

Note: The IP Address used should be the IP Address of the Adapterthat is on the same Network as the target. In this case, you wouldselect the IP Address of 10.1.1.98 to access the Target at the IPAddress of 10.1.1.198.

d. Click OK. You are returned to the iSCSI Initiator Properties,Discovery tab.

Figure 70 iSCSI Initiator Properties dialog box, Discovery tab

4. Repeat steps 2-3 for any additional iSCSI Targets.


140

Use Case Scenarios

5. In the iSCSI Initiator Properties dialog box, click the Targets taband the iSCSI Targets should be displayed as Inactive, as shownin Figure 71.

Figure 71 iSCSI Initiator Properties dialog box, Targets tab

6. Select the target in the list and click Logon….

The Log On to Target dialog box displays.

Figure 72 Log on to Target dialog box


Use Case Scenarios

7. Ensure that the Automatically restore this connection when thecomputer starts checkbox is selected. Also check the Enablemulti-path box if PowerPath multi-path software is alreadyinstalled on the host.

8. Click OK.

The iSCSI Initiator Properties dialog box, Targets tab displaysagain. The target should be shown as Connected.

Other iSCSI targets display as Inactive.

Figure 73 Target, Connected

9. Click OK.

10. Repeat steps 5-9 to configure additional iSCSI Targets.


142

Use Case Scenarios

Registering the server with the storage systemTo register the server using the Unisphere Server Utility on aWindows server, complete the following steps:

1. On the server, run the Unisphere Server Utility by selectingStart > Programs > EMC > Unisphere > Unisphere ServerUtility or Start > All Programs > EMC > Unisphere > UnisphereServer Utility or click the Unisphere Server Utility shortcut icon.

The EMC Unisphere Server Utility, welcome window displays.

Figure 74 EMC Unisphere Server Utility, welcome window

2. In the Unisphere Server Utility dialog box, select ConfigureiSCSI Connections on this server and click Next.

The utility automatically scans for all connected storage systemsand lists them under Connected Storage Systems, as shown inFigure 75.


Use Case Scenarios

Figure 75 Connected Storage Systems

3. Locate the WWN of the NIC or iSCSI HBA you just installed. TheNIC or iSCSI HBA should appear once for every SP port to whichit is connected.

If the Unisphere Server Utility does not list your storageprocessors, verify that your server is properly connected andzoned to the storage system ports.

4. Click Next to register the server with the storage system.

The utility sends the server's name and IP address of the eachNIC or iSCSI HBA to each storage system. Once the server hasstorage on the storage system, the utility also sends the devicename and volume or file system information for each LUN(virtual disk) in the storage system that the server sees.


144

Use Case Scenarios

A message displays if the update is successful.

Figure 76 Successfully updated message

5. Click Finish to exit the utility.

Setting storage system failover values for the server initiators with UnisphereThere are tow ways to set failover values for the server initiators withUnisphere:

◆ Using Failover Setup Wizard

You can configure failover mode for the host initiators. Refer to“Using Failover Setup Wizard” on page 144.

◆ Using Connectivity Status in Host Management

If you are an advanced user, you can configure failover mode forthe host initiators via connectivity status window. Refer to “UsingConnectivity Status in Host Management” on page 153.

Using Failover Setup WizardTo use the Unisphere Failover Setup wizard to set the storage systemfailover values for all NIC or iSCSI HBA initiators belonging to theserver, complete the following steps:

1. From Unisphere, select All Systems > System List.


Use Case Scenarios

2. From the Systems page, select the storage system for whosefailover values you want to set.

3. Select the Hosts tab. The following window displays.

Figure 77 EMC Unisphere, Hosts tab

4. Under Wizards, select the Failover Wizard.


146

Use Case Scenarios

The Start Wizard dialog box displays.

Figure 78 Start Wizard dialog box

5. In the Start Wizard dialog box, read the introduction, and thenclick Next.

The Select Host dialog box displays.


Use Case Scenarios

Figure 79 Select Host dialog box

6. In the Select Host dialog box, select the server you just connectedto the storage system and click Next.

The Select Storage System dialog box displays.


148

Use Case Scenarios

Figure 80 Select Storage System dialog box

7. Select the storage system and click Next.

The Specify Settings dialog box displays.


Use Case Scenarios

Figure 81 Specify Settings dialog box

8. Set the following values for the type of software running on theserver.

For a Windows server or Windows virtual machine withPowerPath, set:

a. Initiator Type to CLARiiON Open

b. Array CommPath to Enabled

c. Failover Mode to:

– 4 if your PowerPath version supports ALUA.– 1 if your PowerPath version does not support ALUA.


150

Use Case Scenarios

For information on which versions of PowerPath supportALUA, refer to the PowerPath release notes on the EMCOnline Support at https://support.emc.com website or toEMC Knowledgebase solution emc99467.

IMPORTANT

If you enter incorrect values the storage system could becomeunmanageable and unreachable by the server and the server'sfailover software could stop operating correctly.

If you configured your storage system iSCSI connections toyour Windows virtual machine with NICs, set the storagesystem failover values for the virtual machine. If youconfigured your storage system iSCSI connections to yourHyper-V or ESX server, set the storage system failover valuesfor the Hyper-V or ESX server.

If you have a non-Windows virtual machine or a Windowsvirtual machine with iSCSI HBAs, set the storage-systemfailover values for the Hyper-V or ESX server.

d. Click Next.


Use Case Scenarios

A Review and Commit Settings window displays.

Figure 82 Review and Commit Settings

9. Review the configuration and all settings.

• If the settings are incorrect, click Back until you return to thedialog box in which you need to re-enter the correct values.

• If the settings are correct, click Next.


152

Use Case Scenarios

If you clicked Next, the wizard displays a confirmation dialogbox.

Figure 83 Failover Setup Wizard Confirmation dialog box

10. Click Yes to continue.

The wizard displays a summary of the values you set for thestorage system.


Use Case Scenarios

Figure 84 Details from Operation dialog box

11. If the operation failed, return to the wizard. If the operation issuccessful, click Finish and close the wizard.

12. Reboot the server for the initiator records to take affect.

Using Connectivity Status in Host ManagementTo use the Connectivity Status to set the storage system failovervalues for all NIC or iSCSI HBA initiators belonging to the server,complete the following steps:

1. From Unisphere, select All Systems > System List.

2. From the Systems page, select the storage system for whosefailover values you want to set.


154

Use Case Scenarios

3. Select the Hosts tab. The following window displays.

Figure 85 EMC Unisphere, Hosts tab

4. Under Host Management, select Connectivity Status.

The Connectivity Status window displays.

Figure 86 Connectivity Status Window, Host Initiators tab


Use Case Scenarios

5. In the Host Initiators tab, select the host name and expand it. Theexpanded hosts display.

Figure 87 Expanded hosts

6. Click Edit. The Edit Initiator window displays.

Figure 88 Edit Initiators window

7. Check the boxes of the initiators that you want to edit and set thefollowing values for the type of software running on the server.


156

Use Case Scenarios

8. Set the following values for the type of software running on theserver.

For a Windows server or Windows virtual machine withPowerPath, set:

a. Initiator Type to CLARiiON Open

b. Array CommPath to Enabled

c. Failover Mode to:

– 4 if your PowerPath version supports ALUA.– 1 if your PowerPath version does not support ALUA.For information on which versions of PowerPath supportALUA, refer to the PowerPath release notes on the EMCOnline Support at https://support.emc.com or to EMCKnowledgebase solution emc99467.

IMPORTANT

If you enter incorrect values the storage system could becomeunmanageable and unreachable by the server and the server'sfailover software could stop operating correctly.

If you configured your storage system iSCSI connections toyour Windows virtual machine with NICs, set the storagesystem failover values for the virtual machine. If youconfigured your storage system iSCSI connections to yourHyper-V or ESX server, set the storage system failover valuesfor the Hyper-V or ESX server.

If you have a non-Windows virtual machine or a Windowsvirtual machine with iSCSI HBAs, set the storage-systemfailover values for the Hyper-V or ESX server.

d. Click OK. A confirmation dialog box displays.


Use Case Scenarios

Figure 89 Confirmation dialog box

9. If the operation is successful, click Yes and close all windows. ASuccess message displays.

Figure 90 Success confirmation message

10. Click OK.


158

Use Case Scenarios

11. You can confirm the change by selecting the initiator and thenclicking Detail in the Host Initiator tab of the ConnectivityStatus window.

Figure 91 Connectivity Status window, Host Initiators tab

Initiator details display in the Initiator Information window.

Figure 92 Initiator Information window


Use Case Scenarios

Configuring the storage groupBefore you begin, you need the completed LUN creation according toyour storage provisioning plan. For the detailed information of LUNprovisioning, refer to the VNX/CLARiiON documentation availableon EMC Online Support at https://support.emc.com.

1. Start Unisphere by entering the IP address of one of the storagesystem SP in an Internet browser that you are trying to manage.

2. Enter your user name and password.

3. Click Login.

4. From Unisphere, select your system, as shown in Figure 93.

Figure 93 Select system


160

Use Case Scenarios

5. The following window displays, as shown in Figure 94.

Figure 94 Select Storage Groups


Use Case Scenarios

6. Select Hosts > Storage Groups in the top menu. The StorageGroups window displays, as shown in Figure 95.

Figure 95 Storage Groups window

7. If you have created storage groups, skip to Step 8. If not, completethe following steps:

a. From the task list, select Storage Groups > Create.

The Create Storage dialog box displays, as shown inFigure 96.

Figure 96 Create Storage dialog box


162

Use Case Scenarios

b. Enter a name for the Storage Group. In this example the name10Gb_iSCSI_i2051098_Win is used.

c. Choose one of the following options:

– Click OK to create the new storage group and click closethe dialog box; or

– Click Apply to create the new storage group withoutclosing the dialog box. This allows you to create additionalstorage groups.

A message displays showing the storage group creation assuccess, as shown in Figure 97.


d. Choose one of the following options:

– If you want to add LUNs or connect hosts now, click Yes.– If you want to do add LUNs on your own timeframe, click

No and follow the next steps.8. From the system page, select your system, then Hosts > Storage

Groups.

9. To connect the servers/hosts, select the storage group you justcreated and choose one of the following options:

– Click the connect hosts; or– Open Properties by clicking Properties or right-clicking

and selecting Properties of the selected storage group, asshown in Figure 98.


Use Case Scenarios

Figure 98 Storage Group, Properties

10. Click the Hosts tab from the properties of the storage group towhich you want connect the servers, as shown in Figure 99.

Figure 99 Hosts tab

11. In the Host tab, select the available hosts you want to connect.


164

Use Case Scenarios

12. Click the arrow to move the host from the Available Hostscolumn to the Host to be Connected column and click Apply.

The host displays in the Host to be Connected column, as shownin Figure 100.

Figure 100 Hosts to be Connected column

13. Click OK. The main Unisphere window displays.


Use Case Scenarios

14. From the main Unisphere window, connect the LUNs to thestorage group, as shown in Figure 101.

Figure 101 Connect LUNs

From the task list under Storage Groups, select a storage group towhich you want to add LUNs and choose one of the followingoptions:

– Select Connect LUNs; or– Click the LUNs tab from the Properties of the storage

group to which you want to add LUNs.


166

Use Case Scenarios

The LUNs tab displays, as shown in Figure 102.

Figure 102 LUNs tab

15. In the Available LUNs box, select the LUNs that you want to addand click Add, as shown in Figure 102.


Use Case Scenarios

The LUNs will appear in the Selected LUNs box, as shown inFigure 103.

Figure 103 Selected LUNs

16. Click Apply as shown in Figure 103. A confirmation box displaysas shown in Figure 104.



168

Use Case Scenarios

17. Click Yes.

A message displays showing the operation was success, as shownin Figure 105.

Figure 105 Success message box

18. Click OK. The LUNs are now displayed, as shown in Figure 106.

Figure 106 Added LUNs


Use Case Scenarios

Making LUNs visible to a Windows server or Window virtual machine with NICsTo allow the Windows server access to the LUNs that you created, useWindows Computer Management to perform a rescan by completingthe following steps.

1. Choose one of the following options to open the computerManagement window:

– Start > Computer Management

– Right-click My Computer > Manage

The Computer Management window displays, as shown inFigure 107.

Figure 107 Computer Management window

2. Under the Storage tree, select Disk Management.

3. From the tool bar, select Action > Rescan Disks.


170

Use Case Scenarios

The rescanned disks display, as shown in Figure 108.

Figure 108 Rescanned disks

Verifying that PowerPath for Windows servers sees all paths to the LUNsIf you do not already have PowerPath installed, then installPowerPath by referring to the appropriate PowerPath Installationand Administration Guide for your operating system. This guide isavailable on EMC Online Support at https://support.emc.com.

1. On the Windows server, open the PowerPath ManagementConsole by choosing one of the following options:

– Click the PowerPath monitor task bar icon; or– Right-click the icon and select PowerPath Administrator

Figure 109 PowerPath icon


Use Case Scenarios

The EMC PowerPath Console screen displays, as shown inFigure 110.

Figure 110 EMC PowerPath Console screen

2. Select Disks and the left pane and the following screen displays,as shown in Figure 111.

Figure 111 Disks


172

Use Case Scenarios

3. Verify that the path metric for each LUN is n/n where n is thetotal number of paths to the LUN. Our example shows 2/2.

iSCSI CHAP authenticationThe Windows server and the VNX for block support the ChallengeHandshake Authentication Protocol (CHAP) for iSCSI networksecurity.

CHAP provides a method for the Windows server and VNX for blockto authenticate each other through an exchange of a shared secret (asecurity key that is similar to a password), which is typically a stringof 12-16 bytes.

IMPORTANT

If CHAP security is not configured for the VNX for block, anycomputer connected to the same IP networks as the VNX for blockiSCSI ports can read form or write to the VNX for block.

Chap has two variants, one-way and reverse CHAP authentication:

◆ In one-way CHAP authentication, CHAP sets up the accountsthat the Windows server uses to connect to the VNX for block.The VNX for block authenticates the Windows server.

◆ In reverse CHAP authentication, the VNX for block authenticatesthe Windows server and the Windows server also authenticatesthe VNX for block.

The CX-Series iSCSI Security Setup Guide provides detailedinformation regarding CHAP. This can be found on the EMC OnlineSupport website.


Use Case Scenarios

Connecting an iSCSI Windows host to an XtremIO arrayThis section describes how to connect an iSCSI Windows host to anXtremIO array.

This section includes the following information:

◆ “Prerequisites” on page 173

◆ “Configuring storage system iSCSI portal” on page 174

◆ “Assigning an IP address to each NIC or iSCSI HBA in aWindows Server 2008” on page 176

◆ “Configuring iSCSI initiator on a Windows host” on page 178

◆ “Configuring LUN masking on an XtremIO array” on page 184

◆ “Detecting the iSCSI LUNs from Windows host” on page 189

Figure 112 shows a Windows host connected to an XtremIO array.This scenario will be used in this use case study.

Figure 112 Windows host connected to an XtremeIO array

PrerequisitesBefore you begin, you must complete the cabling of the XtremIOiSCSI ports to the server ports. There are two iSCSI targets per node.The system is supplied with 10 Gbs fiber optic iSCSI ports to matchthe customer infrastructure. XtremIO iSCSI port locations are shownin Figure 113 on page 174.

Connecting an iSCSI Windows host to an XtremIO array 173

174

Use Case Scenarios

Figure 113 XtremIO iSCSI port locations

This setup consists of a Windows host connected to an XtremIO arrayas follows:

1. The Windows host is connected via two paths with 10G iSCSI andIPv4.

2. The XtremIO array is connected via two paths for 10G iSCSI each.


Note: To make PowerPath support XtremIO, install PowerPath using the'EMCPower.X64.signed. 5.7.b223.exe /v"ADDLOCAL=XIO" command.

Configuring storage system iSCSI portalTo configure XtremIO storage iSCSI portal using GUI, complete thefollowing steps:

1. On the Main Menu, click Administration.

2. On the task bar, select iSCSI Network Configuration.


Use Case Scenarios

Figure 114 iSCSI Network Configuration window

3. Next to the iSCSI Portals Table, click Add to add an iSCSI portal.

The Edit X1-N1-iscsi1 iSCSI Portal dialog box displays.

Figure 115 Edit X1-N1-iscsi1 iSCSI Portal dialog box

Complete the following fields:

a. Target Port: Select a port from the drop-down menu.

b. IP Address/Subnet bits: Enter the portals IP address andSubnet bits.


176

Use Case Scenarios

c. Click OK.

4. (Optional) If there is any router between the hosts and storage,you can add an iSCSI routes table. To add this table, click Addnext to the iSCSI Routes Table.

The Add iSCSI Route dialog box displays. Fill out the followingfields:

a. Route Name: Define a name for the route.

b. Destination Subnet/Subnet bits: Enter the destination subnet.

c. Gateway IP: Enter the gateway IP address

d. Click OK.

5. Repeat Step 1 through Step 4 to add another iSCSI portal,192.168.2.1.

Assigning an IP address to each NIC or iSCSI HBA in a Windows Server 2008To assign an IP address to each NIC or iSCSI HBA in a WindowsServer 2008 that will be connected to the storage system, complete thefollowing steps.

1. Click Start > Control Panel > Network and Sharing Center >Manage Network Connections.

The Network Connections window displays.

Figure 116 Control Panel, Network Connections window

2. Locate 10 GbE interfaces in the Network Connections dialog box.


Use Case Scenarios

3. Identify the NIC or iSCSI HBA which you want to set the IPaddress in the dialog (QLogic 10 Gb PCI Ethernet Adapter) andright-click the NIC or iSCSI HBA.

The Local Area Connection Properties dialog box displays.

Figure 117 Local Area Connection Properties dialog box

4. Select the Internet Protocol Version 4 (TCP/IPv4) entry in the listand then click Properties.

The Internet Protocol Version 4 (TCP/IPv4) Properties dialogbox displays.


178

Use Case Scenarios


5. In the General tab, select Use the following IP address and enterthe appropriate IP address and subnet mask of the adapter in theIP address and Subnet mask fields.


7. Repeat these steps for any other iSCSI adapters in the host.

Configuring iSCSI initiator on a Windows hostBefore an iSCSI initiator can send data to or receive data from thestorage system, you must configure the network parameters for theNIC or HBA iSCSI initiators to connect with the storage-system iSCSItargets.

You may need to install the Microsoft iSCSI Initiator software. Thiscan be downloaded from http://www.microsoft.com.


Use Case Scenarios

Note: Some operating systems, such as Microsoft Windows 2008 (used in thisexample) have bundled the iSCSI initiator with the OS. As a result, it will notneed to be installed and can be accessed directly from Start > AdministrativeTools > iSCSI Initiator.

To configure iSCSI on Windows via Target Port Discovery, completethe following steps:

1. Launch the Microsoft iSCSI Initiator GUI. The iSCSI InitiatorProperties window displays.



180

Use Case Scenarios

2. Select the Discovery tab and click Discover Portal.


The Discover Target Portal dialog box displays.

Figure 121 Discover Target Portal dialog box


Use Case Scenarios

The targets under the discovered portal now display.

Figure 122 Targets display


182

Use Case Scenarios

3. Select the Targets tab.

Figure 123 Targets tab

4. Select one Target and click Connect. Repeat for each Target.

The Connect to Target dialog box displays.

Figure 124 Connect to Target dialog box


Use Case Scenarios

5. Select the Add this connection to the list of Favorite Targets andEnable multi-path checkboxes.

6. Click OK. The host is connected to the targets, as shown in thefollowing figure:

Figure 125 Host connected to targets


184

Use Case Scenarios

7. Repeat Step 2 through Step 6 to add the second iSCSI target.

Figure 126 Second iSCSI target

Configuring LUN masking on an XtremIO array1. On the Main Menu, click Configuration.

Figure 127 Main menu


Use Case Scenarios

2. Next to the Volumes, click Add.

The Add New Volumes screen displays.

Figure 128 Add New Volumes screen

3. In the Add New Volumes screen, define the following:

a. Name: The name of the volume.

b. Size: The amount of disk space available for this volume

c. Volume Type: Select one of the following types that define theLB size and alignment-offset:

– Normal (512 LBs) (alignment-offset: 0)– 4kB LBs (alignment-offset: 0)– Legacy Windows (alignment-offset: 7)

4. (Optional) To put these LUNs into a folder, click Next.


186

Use Case Scenarios

A New Folder dialog box displays.

Figure 129 New folder dialog box

d. Fill out the Folder Name: Windows in this example.

e. Click OK.

The folder shows in the Add New Volumes screen.

Figure 130 Add New Volumes screen

5. In the Add New Volumes screen, click Finish.


Use Case Scenarios

The volumes are created and appear in the volumes list in theConfiguration window.

Figure 131 Configuration window

6. Next to the Initiator Groups tab, click Add.

An Add Initiator Group window displays.

Figure 132 Add Initiator Group window

7. In the Add New Initiator Group dialog, define the following:

a. Initiator Group Name: Enter a name for the group.

b. Initiator Name (optional): Add initiators to the group. A nameidentifies the initiator in the GUI or CLI lists. A name is notmandatory.

c. Port Address: Add an initiator's port address. For iSCSIinitiator, put IQN format. For example,iqn.1991-05.com.microsoft:i2051085


188

Use Case Scenarios

Note: If you have log in to iSCSI from the host iSCSI initiator, thenXtremIO can detect the IQN. Click Add, select the designated IQN fromInitiator Port Address, then click OK.

The Add Initiator dialog box displays.

Figure 133 Add Initiator dialog box

8. Complete the information and click OK.

9. (Optional) To put the initiator group into a folder, click Next.

A new folder is added.

10. In the Add Initiator Group window, click Finish.

The created initiator group displays.

Figure 134 Initiator Groups displayed

11. Select the LUNs and initiator group that you want to maptogether, then click Map All.


Use Case Scenarios

The LUN Mapping configuration displays.

Figure 135 LUN Mapping Configuration window

12. Click Apply.

This completes the LUN masking on XtremIO. For more details, referto the XtremIO User Guide, available on EMC Online Support athttps://support.emc.com.

Detecting the iSCSI LUNs from Windows hostComplete the following steps to make the LUNs available:



190

Use Case Scenarios

The iSCSI Initiator Properties window displays.


2. Select the Volumes and Devices tab.

3. Click Auto Configure to bind the volumes.


Use Case Scenarios

4. Open PowerPath. The devices appear.

Figure 137 EMC PowerPath Console

5. Go to Windows Disk Management. The devices display.


192

Use Case Scenarios


iscsi san topologies techbook - dell emc · pdf fileiscsi san topologies techbook 5 contents...

Documents