iscsi
What is iscsi
iSCSI (Internet Small Computer Systems Interface) is a protocol that allows SCSI commands to be transmitted over a network, enabling data storage devices to be accessed remotely. It essentially allows a computer to communicate with storage devices, such as hard drives or storage arrays, as if they were directly attached to the local system, even though the devices may be located thousands of miles away. By using standard TCP/IP networking, iSCSI provides a cost-effective solution for building Storage Area Networks (SANs), enabling centralized storage management and high availability for enterprises.
Unlike traditional direct-attached storage (DAS), where storage devices are directly connected to the computer, iSCSI operates over Ethernet networks, leveraging existing infrastructure to connect storage devices with servers. It uses block-level access, meaning that instead of accessing files like in a Network File System (NFS) or Server Message Block (SMB) protocol, it allows systems to interact with data at the disk block level. This makes iSCSI a preferred choice for applications that require fast, reliable storage, such as databases and virtual machine storage.
iSCSI is particularly popular in virtualized environments, where it can be used to create shared storage for virtual machines (VMs). It is also widely adopted in data centers and enterprise environments due to its scalability, flexibility, and compatibility with widely used networking hardware. The protocol supports advanced features like multipathing (for redundancy and load balancing), iSCSI initiators (client-side software that connects to iSCSI targets), and iSCSI targets (storage devices or arrays that provide the storage resources). With its ability to extend storage over long distances and reduce the need for expensive dedicated hardware, iSCSI is an essential technology for modern enterprise storage solutions.
How to install a iscsi
For the client side
sudo apt install open-iscsi
And start and enable the service
sudo systemctl start iscsid
sudo systemctl enable iscsid
Server – Not covered in this tutorial
Termomonlogy and Concept
-
iSCSI Initiator- The iSCSI initiator is the client-side component that sends iSCSI commands to the iSCSI target. It is typically a software or hardware interface on the server or host system that connects to the iSCSI storage network. Initiators can be either software-based (using an iSCSI software initiator) or hardware-based (using a dedicated iSCSI HBA – Host Bus Adapter).
iSCSI Target- The iSCSI target is the storage device or server that provides storage resources to be accessed over the network. It can be a physical storage array, a virtual storage system, or a software-based target that emulates storage devices. Targets are responsible for handling the incoming iSCSI requests from initiators and serving the requested data blocks
iSCSI Session- An iSCSI session refers to the communication link between an iSCSI initiator and an iSCSI target. A session can involve multiple connections (or “TCP/IP connections”) to the target for performance and redundancy purposes.
iSCSI Portal- An iSCSI portal is the network address (IP address and port) of the iSCSI target that an initiator connects to. Typically, iSCSI operates over TCP port 3260, but this can be changed if needed. The portal allows initiators to locate and connect to the target.
LUN (Logical Unit Number)- A LUN is a unique identifier used to address individual storage devices or volumes within an iSCSI target. LUNs help initiators access specific volumes or disks on a target, enabling the separation of data in multi-tenant or multi-volume environments.
CHAP (Challenge Handshake Authentication Protocol)- CHAP is a security protocol used for authenticating iSCSI initiators and targets. It helps ensure that the devices connecting to each other are legitimate and prevents unauthorized access. CHAP operates by exchanging encrypted challenge and response messages.
iSCSI PDU (Protocol Data Unit)- A PDU is the unit of data transmitted between iSCSI initiators and targets. It encapsulates the SCSI commands, responses, and data necessary to interact with the remote storage. The PDU is the core unit for communication within the iSCSI protocol.
Multipathing- Multipathing involves configuring multiple physical paths (network connections) between the initiator and the target to provide redundancy, load balancing, and increased availability. If one path fails, traffic can automatically switch to another, preventing downtime.
iSCSI Overload- This refers to the management of multiple simultaneous iSCSI connections and sessions between initiators and targets. Overload can happen if there are too many open sessions or if resources are insufficient, affecting performance and stability.
iSCSI Discovery- iSCSI discovery is the process of an iSCSI initiator identifying available iSCSI targets on the network. This is often done through the use of iSCSI discovery protocols like SendTargets or using DNS (Domain Name System) or Static IP addresses to locate the target.
Target Group- An iSCSI target group is a collection of multiple targets that can be accessed by an initiator. This can be used for better management of multiple storage resources and ensuring that the correct target is presented to the correct host or client.
Storage Area Network (SAN)- SAN refers to a specialized network designed to provide high-speed, block-level access to storage devices. iSCSI is one of the key technologies used in modern SANs to enable storage to be accessed over standard Ethernet networks.
iSCSI ACL (Access Control List)- ACLs define the permissions and access control for different initiators and targets within an iSCSI setup. ACLs are used to restrict access to specific iSCSI targets and LUNs based on the identity of the initiator or the network it is coming from.
SCSI Commands- SCSI commands are the instructions used to interact with the storage device. iSCSI allows the transmission of traditional SCSI commands over the network, enabling block-level operations such as read, write, format, and other disk management tasks.
Block-Level Access- Block-level access is the method of interacting with storage at the level of blocks rather than files. iSCSI provides this type of access, enabling high-performance data transfer and use cases like databases and virtual machines.
iSCSI Header and Data Segments- The iSCSI header contains the metadata needed for managing the session and communication between initiators and targets, such as commands and status codes. The data segment holds the actual data being transferred, such as read/write requests or data blocks.
iSCSI Target Server- An iSCSI target server is the software or hardware system that hosts and serves the storage resources to be used by initiators. Examples include software-defined storage systems and dedicated storage arrays.
iSCSI TPG (Target Portal Group)- An iSCSI TPG is a logical grouping of iSCSI portals that share common characteristics, such as security or access policies. A TPG allows better control over which initiators can access a particular target or set of targets.
Redundant Array of Independent Disks (RAID)- iSCSI is often used in conjunction with RAID to provide redundancy and high availability in a SAN environment. RAID allows multiple disks to be combined into one logical storage unit, with different RAID levels offering various benefits in terms of performance, redundancy, and fault tolerance.
iSCSI Offload- iSCSI offload refers to the use of a dedicated hardware iSCSI HBA (Host Bus Adapter) to offload the iSCSI protocol processing from the CPU. This can improve performance by reducing the processing load on the host system and making the iSCSI operation more efficient.
Workflow - Connect to a iscsi target
Workflow for connecting to iscsi targer
Discover available iSCSI targets:Login to the iSCSI target:Verify the connection:Mount the iSCSI disk
Discover available iSCSI targets
Default port is 3260
1 a) Discover available iSCSI targets on the network with
sudo iscsiadm -m discovery
2 a) Query ALL iSCSI target(s) at IP adress 10.150.150.5 on port 3260
sudo iscsiadm -m discovery -t sendtargets -p 10.150.150.5:3260
alt
b)
sudo iscsiadm -m discovery -t st -p 10.150.150.5:3260
Note:The server ip and port adress
Note:sudo iscsiadm -m node -T iqn.2005-10.org.freenas.ctl:daniel-einstein -o show Show detailed information about the iSCSI target (this case)iqn.2005-10.org.freenas.ctl:daniel-einstein
3) Generate a config file for the interfacethat is going to handle the iscsi traffic. In our case its enp3s0f1
sudo iscsiadm -m iface -I enp3s0f1 --op=new
Note:Display all iscsi interfaces that has been configured sudo iscsiadm -m iface
It will create the file
/etc/iscsi/ifaces/enp3s0f1
Note:This is on client side
4) Connect to iscsi target. We will use the daniel-einstein iscsi target. We will also specify which interface to use enp3s0f1
sudo iscsiadm -m node -T iqn.2005-10.org.freenas.ctl:daniel-einstein -p 10.150.150.5 -I enp3s0f1 --login
Note:On some open-iscsi implementation the -I flag can be buggy…
5) Double check if active session exists
sudo iscsiadm -m session
6) Time to mount the device. Identify the iscsi block device with
sudo fdisk -l
If this is a new device storage you will need to partition it with e.i fdisk. In this example i have already done it!
Now mount it!
sudo mount /dev/sdh1 /mnt/iscsi
Now you can use the iscsi device storage like a regular storage device.
Its very important to actually unmount the storage when not needed
sudo umount /mnt/iscsi
And also logout from the target
sudo iscsiadm -m node -T iqn.2005-10.org.freenas.ctl:daniel-einstein -p 10.150.150.5 -I enp3s0f1 --logout
Commands
| DESCRIPTION | COMMAND |
|---|---|
| sudo systemctl restart iscsid | restarts the iSCSI daemon |
| sudo systemctl restart open-iscsi |
restarts the command line tool iscsiadm |
