This is Part 3 of a 6 part article where I am showing what it takes as best practice while designing a Highly Available Storage from different perspective.
Read my last two articles. Today I am going to talk about iSCSI SAN.
iSCSI SANs on Ethernet do not have the same reliability and built in protocol availability as Fibre Channel SANs; advantages are that they handle longer transmission distances and are less expensive to setup and maintain.
If you require the highest availability, for a SAN under 500m (1640 ft.) a Fibre Channel SAN is recommended.
Note that the number of VLANs that may be active per iSCSI port is dependent on the LAN’s bandwidth. A 10 GigE network can support a greater number.
Ideally, separate Ethernet networks should be created to ensure redundant communications between hosts and storage systems. The cabling for the networks should be physically as widely separated as is practical.
In addition, paths should be handled by separate switching, if direct connections are not used.
If you do not use a dedicated storage network, iSCSI traffic should be either separated onto separate LAN segments, or a virtual LAN (VLAN). VLANs allow the creation of multiple virtual LANs, as opposed to multiple physical LANs in your Ethernet infrastructure. This allows more than one logical network to share the same physical network while maintaining separation of the data.
Ethernet connections to the storage system should use separate subnets depending on if they are workload or storage system management related.
Separate the storage processor management 10/100 Mb/s ports into separate subnets from the iSCSI front end network ports. It is also prudent to separate the front end iSCSI ports of each storage processor onto a separate subnet.
Do this by placing each port from SP-A on a different subnet. Place the corresponding ports from SP-B on the same set of subnets. The 10.x.x.x or 172.16.0.0 through 172.31.255.255 private network addresses are completely available.
For example, a typical configuration for the iSCSI ports on a storage system, with two iSCSI ports per SP would be:
A0: 172.18.48.10 (Subnet mask 255.255.255.0; Gateway 172.18.48.1) A1: 172.18.49.10 (Subnet mask 255.255.255.0; Gateway 172.18.49.1) B0: 172.18.48.11 (Subnet mask 255.255.255.0; Gateway 172.18.48.1) B1: 172.18.49.11 (Subnet mask 255.255.255.0; Gateway 172.18.49.1)
A host with two NICs should have its connections configured similar to the following in the iSCSI initiator to allow for load balancing and failover:
NIC1 (for example, 172.18.48.50) ‐ SP A0 and SP B0 iSCSI connections NIC2 (for example, 172.18.49.50) ‐ SP A1 and SP B1 iSCSI connections
There is also a restriction on 192.168.0.0/16 subnets. This has to do with the configuration of the PPP ports. The only restricted addresses are 192.168.1.1 and 192.168.1.2 and the rest of the 192.168.x.x address space are usable with no problems.