iSCSI - An Emerging Protocol

8/8/2019 iSCSI - An Emerging Protocol

http://slidepdf.com/reader/full/iscsi-an-emerging-protocol 1/15

iSCSI - An emerging Protocol

MADHUKAR GUNJANLSI Technologies (ESG)



Network Storage Models

Network Storage Models

2LSI Proprietary

• Expansion beyond server’s internaldrive capacity• Storage resources are assigned to servers• High performance SCSI or FibreChannel connections• Sharing storage resources is not provided• Operating distances are very short• Tape backup

• Storage Resources moved to the frontend of the network• Stored data is shared: single copysharing• Uses file system calls – NFS,CIFS• Storage traffic travels across themessaging network “LAN”• The LAN performance is impacted

• Pooling of external storage devices for better utilizationand availability• LAN-free backup• Non-disruptive expansion and maintenance• Leverage existing staff to manage three or four times more storage• SAN ROI estimates* range from 65-297 percent



SCSI Protocols and Standards

T10

T11SCSI Architecture (SAM)& Commands (SCSI-3)

FCP VI FICON I

P (RFC 4338)

Fibre Channel

3LSI Proprietary

IETF

FC Fibers,Hubs, Switches

FC-1

FC-2

FC-0

Any IPNetwork

iSCSI

TCPIP

IP

FCIP

iFCP

TCP

Any IPNetwork

ParallelSCSI

SCSI Cables



EthernetHeader

CRC

iSCSI - Data Encapsulation Into Packets

IPHeader

TCPHeader

iSCSIHeader

iSCSI DATA

• iSCSI is a transport protocol for SCSI that operates on top of TCPthrough encapsulation of SCSI commands in a TCP/IP stream. Enablesthe transport of I/O Block data over IP Networks.

4LSI Proprietary

Reliable data transport and delivery (TCP Windows, ACKs,ordering, etc.) Also Demux within node ( port numbers )

Provides IP “routing” capability so that packet canfind its way through the network

Provides physical network capability (Cat 5, MAC, etc.)

Delivery of iSCSI Protocol Data Unit (PDU) for SCSI

functionality (initiator, target, data read/write, etc.)



SOFTWARE HARDWAREINITIATOR INITIATOR

Application Application

OS OS

SCSI SCSI

iSCSI Source driver

1.Command processing

2.Login

3.Session management4.Authentication

iSCSI source driver

1.Command processing

2.Login

3.Session management4.Authentication

• Transport Layer : Multiplexing , Fragmentation ,

Port link Establishment( Default3260)

Flow control Using SlidingWindow Protocol

Synchronize Out of order packetand Discarded Packet

• Internet Protocol Layer :

H

O

S

T

SCSI to iSCSI Mapping - STACK

5LSI Proprietary

1.Connectionmanagement

2.Chip interface

3.Data transfer

iSCSI chipfirmware

iSCSI CRC

TCP / IP TCP/IP offload

Ethernet Ethernet

Physical

InterfacePhysical

interface

Network layer to IP-Based SAN Maintains IP address IP Routers & Switches used to

transfer iSCSI PDU.

• Data Link Layer : Gigabit Ethernet (GbE) Improves Performance upon FC 10 GbE yet to Implement

T

O

E

/

N

I

C



iSCSI Architecture

• 2x 1Gbps Ethernet Port/ Controller

• Block access to remote storageover IP

• Auto-negotiate to 1000/100/10Mb/s.

• Supports IPv4 Only

• Configuration Parameters IP Address Per Port

Supports Manual or DHCP

6LSI Proprietary

Configuration

Do Not Support remote

shell (RSH) or remote login.

Host can access Target via GUI or CLI remotely. Supports all the Ethernet services and the protocol

Gigabit Ethernet Switch , Gateway and Router act as Connecter for route , switch and protocol conversion.



iSCSI Naming Convention

• iSCSI Name: Identifies iSCSI node and its encapsulated SCSI device

Used in authentication of targets to initiators

Must be world wide unique

Utilized existing naming authorities

Human readable 233 character name

7LSI Proprietary

• eqn – IEEE EUI-64 NameName based on Fibre Channel EUI-64 identifier

• iqn – iSCSI Qualified Name



An iSCSI Session• iSCSI Connection:

Verify a TCP connection over which the initiator and target communicate via iSCSI PDUs.

Verify uniquely identified in a session by aninitiator defined connection ID (CID).

Verify the response and any data associatedwith an iSCSI command must be returned onthe same connection.

• iSCSI Session:

8LSI Proprietary

Verify a set of iSCSI connections that link aniSCSI initiator and target.

Verify uniquely identified by a 64 bit Session ID(SID) built from a 48 bit initiator defined Initiator Session ID (ISID) and a 16 bit target definedTarget Session Identifying Handle (TSIH).

Verify resources of a target (i.e., LUNs) must be

identical across all connections that make up asession. Verify commands can be alternated across all

connections in a session for bandwidthaggregation.

Verify error recovery connections can becreated on the same network portal as a failedconnection.



An iSCSI Login

• Login Process:

A sequence of Login Request PDUs from initiator and Login ResponsePDU’s from target.

Authentication and operational parameter data is passed between initiator and target in named key/value pairs in the PDU data segments:

Example Data Segment from a leading iSCSI Login RequestInitiatorName=eui.madhukar7

InitiatorAlias=maddyAuthMethod=None,CHAP

9LSI Proprietary

TargetName=eui.FEDCBA0987654321TargetAddress=storagearray:3270:3SessionType=Normal

Example Reply from the storage arrayTargetAlias=gunjanArrayAuthMethod=None

TargetPortalGroupTag=3

During login, only the Login Request, Logout Request, and Reject PDUs areallowed



iSCSI – Multiple Management Configuration

• Management Topology • Single Path Topology

10LSI Proprietary

• Dual Path Topology • Redundant Dual Path Topology



iSCSI Security: Protect valuable data

• Secure IP connection

Integrity, authentication, and confidentiality Based on IKE and ESP (IPsec components)

• Extensive applied security requirements Selection of Integrity (MAC) and encryption algorithms Profile for usage of IKE authentication and key mgt.

11LSI Proprietary

• Inband Authentication (part of Login) SRP, CHAP, Kerberos, and other mechanisms CHAP with strong secrets is required

- Can’t use passwords

iSCSI CHAP: Stronger than basic CHAP- When specification is followed



CHAP Authentication Protocol

• Based on shared secret, random challenge Uses a secure (one-way) hash, usually MD5

One-way hash: Computationally infeasible to invert

12LSI Proprietary

SecretSecret

Challenge

Hash

= ?

Response

Hash

Host Storage



FCIP

•Provides a mechanism to tunnel FibreChannel over IP based networks•Levera e IP infrastructure to interconnect

•TCP/IP based protocol for interconnecting FibreChannel storage devices or FC SANs using an IPinfrastructure to complement or replace Fibre Channel

iSCSIiFCP

iSCSI is a transport protocol for SCSI that operateson top of TCP through encapsulation of SCSI

13LSI Proprietary

and extend FC SAN•FCIP Gateways enable to connect to astandard Gigabit Ethernet/IP network.•Cost effective•Can be deployed over LANs, MANs andWANs

switching and routing elements•Lower layer FC transport is replaced with TCP/IP andGigabit Ethernet.•Enables the rapid deployment of IP based SANslinking to FC SANs•Enables highly scalable implementations usingexisting FC SANs

commands in a TCP/IP streamBuilds on SCSI and Ethernet technologiesEnables the transport of I/O block data over IPnetworksManage IP based storage networks with existing toolsand IT expertise



Product Performance – MB/sec

Drive

Type

Dual

FC-FC

Quad

FC-FC FC-SAS SAS- SAS iSCSI-SAS

Sustained throughputcache read (512k)

1600 MB/s 1800 MB/s 1600 MB/s 1600 MB/s 400 MB/s

Sustained throughputdisk read (512k)

FC 850 MB/s 850 MB/s

SAS 800 MB/s 800 MB/s 400 MB/s

SATA 800 MB/s 800 MB/s 400 MB/s

Sustained throughputdisk write (512k) FC 800 MB/s 800 MB/s

14LSI Proprietary

Cache mirroring disabled SATA 750 MB/s 750 MB/s 400 MB/s

Sustained throughputdisk write (512k)

FC 350 MB/s 350 MB/s

Cache mirroring enabled SAS 350 MB/s 350 MB/s 350 MB/s

Cache mirroring enabled SATA 350 MB/s 350 MB/s 350 MB/s

Number of drives required for benchmark test and code thread

FC 64D / 8T 64D / 8T

SAS 48D / 8T 48D / 8T 48D / 8T

SATA 48D / 8T 48D / 8T 48D / 8T



Trend - Current $ Future2003 Open Systems

External Storage

DAS

41%

NAS

12%

iSCSI

0%

SAN (FC)

47%

• Predictions of the size of theiSCSI market have historicallymissed the mark by a long shot,

• IDC predicts that the iSCSImarket will leap from about $300million in 2005 to more than $3billion in 2008.

• Number of start-ups (e.g., LSITechnologies, Intransa, and

15LSI Proprietary

2008 Open Systems

External Storage

DAS

17%

NAS

17%

iSCSI

15%

SAN (FC)

51%

e an e wor s an onelarge vendor (Network Appliance)bang the IP SAN drum loudly,many market heavy weights paylittle more than lip service toiSCSI,

• More than 6,000 enterprises havedeployed iSCSI,

Documents

iSCSI - An Emerging Protocol