All about ISCSI
Dec 1, 2005 12:00 PM, By Eric Newbauer
There has been much discussion and a good dose of confusion about the term ISCSI. This relatively new protocol for storage technology offers many compelling benefits, including solid performance and the ability to inexpensively create a storage area network (SAN) using standard Ethernet components. But what exactly is ISCSI? It may be helpful to first define what ISCSI is not. It is not network-attached storage (NAS). It does not require SCSI disks. It is not a file-sharing protocol like those used by Mac and Windows servers. It is not IFCP, which is a protocol used to connect Fibre Channel SAN islands across long distances, nor is it Fibre Channel over IP (FCIP).
If you are already familiar with Fibre Channel, ISCSI can be loosely generalized as Fibre Channel over Ethernet.
By definition, ISCSI (Internet SCSI or SCSI over IP) is a storage networking standard that enables the transport of block I/O data over an IP network. ISCSI replaces SCSI’s direct-attached cabling architecture with a network fabric. Essentially, the protocol works by encapsulating SCSI commands into packets and transporting them via TCP/IP. In other words, the Ethernet network has the potential to become a SAN. And as a direct result of this ubiquitous, standardized Ethernet infrastructure come many interesting features and benefits that would otherwise be impossible.
Figure 1. A typical ISCSI SAN.
Many would argue that simplicity is a key advantage of using ISCSI vs. Fibre Channel to deploy a SAN. The reason is that an ISCSI SAN doesn’t require the specialized hardware knowledge that is perceived to be a prerequisite with Fibre Channel. There is already an inherent level of familiarity with the various Ethernet networking components. Therefore, a company lacking a dedicated staff of storage network technicians should feel more adept at maintaining and troubleshooting an ISCSI SAN.
Although ISCSI can be complementary to many other storage technologies, it is especially well suited for a large portion of the middle market. These users typically need considerably more throughput than NAS or client/server can provide, desire the benefits of a SAN, and have determined that Fibre Channel is somewhat excessive for their needs. An ISCSI SAN provides comparatively excellent throughput, delivers the benefits of consolidated storage and requires fewer resources overall vs. Fibre Channel in terms of people or cost.
The throughput levels achieved over a well-tuned Gigabit Ethernet ISCSI SAN are as much as two to three times greater than those of common file sharing protocols over a similar network. The client/server and NAS protocols used for basic file sharing rarely match the efficiency of a block-level protocol such as ISCSI or Fibre Channel. It is important to understand that those file level protocols are better for users or applications that need to access a particular file, whereas block level protocols are optimal for users or applications that constantly need the fastest access to data. In general, the protocol is a key reason pure wire speed is almost never achieved � the constraint is not the available bandwidth (1Gb/s in this case) � it is the overhead of the protocol being used. By using a more efficient protocol, one can more fully use the bandwidth of the pipe. Conversely, if the pipe is the bottleneck then a more efficient protocol won’t help much.
Another benefit is that an ISCSI SAN is capable of natively spanning great distances. It is common for networked storage to be located a fair distance from its consumers. It could be located down the hall or locked away in a data center. ISCSI is certainly comfortable within the local network, but the task of securely extending storage � particularly SAN storage � can become complicated outside the immediate confines of a campus. ISCSI makes this much easier. A Virtual Private Network (VPN) can be used to securely extend an ISCSI SAN over a WAN, and ISCSI supports the Challenge/Handshake Authentication Protocol (CHAP). CHAP is an advanced authentication mechanism that can help ensure that a user or server has the valid credentials to connect to a particular resource on a SAN. VPN and CHAP can be used together or independently, depending on the desired level of security. A few applications for an ISCSI SWAN (Storage WAN) are:
- Remote mirroring
- Offsite archive/backup
- Disaster recovery
- Content delivery
Figure 2. Typical ISCSI Architecture.
ISCSI is compatible with existing software applications when it is presented to the operating system as though it is attached locally, rather than presenting it as a network share. When placing it at the block level, it is possible to use an operating system’s native file system on those devices. Some applications simply will not run on storage that is presented as a network share.
At the basic hardware level there are no special networking components required. See Figure 1. However, it is doubtful that much will be gained by using anything less than high-quality gigabit Ethernet (GbE) components.
Beginning from within the computer itself and working toward the physical storage, the first component to consider is the network interface. The integrated GbE NIC found in most computers is usually sufficient for SAN connectivity. If performance becomes problematic, the NIC is a prime component to consider upgrading. There is a heated debate as to whether a TOE-enabled NIC/HBA is a necessity. A TOE (TCP/IP offload engine) reduces the possibility of the host’s CPU becoming an I/O bottleneck as it deals with the additional TCP flow. One side favors the concept of the TOE; the other believes the cost of a TOE should simply be applied toward a faster CPU.
Special cabling is not required other than that which is necessary for Gigabit Ethernet. High-quality CAT-5e is recommended. Although it is usually more expensive, plenum-rated cable should be used when safety regulations or compliance codes dictate.
A managed Layer 3 Ethernet switch is sufficient for the majority of ISCSI SANs. The configuration of the switch itself is of paramount importance. There can be thousands of settings in a good gigabit switch. As with most things, reading the manual and learning the ins and outs of the device can be the difference between unparalleled success and miserable failure.
Figure 3. An ISCSI initiator setting up the first connection to an ISCSI target.
The ISCSI target follows the Ethernet switch. However, before examining this device it is better to take several steps back and explain the relationship between the ISCSI target and the ISCSI initiator.
ISCSI works by encapsulating SCSI commands and transporting them via TCP/IP. On opposing ends of the network are the pillars of ISCSI: the initiator and the target. The initiator (which can be in the form of hardware or software) is installed on the host. The most basic responsibilities of the initiator are to establish a connection to an ISCSI target and start the transfer of information to and from it. See Figure 2.
Configuring the initiator so that it is capable of connecting to a given target is quite simple. (An example is shown in Figure 3.) Connection information can be made persistent so that the setup need only be done once per target. The ISCSI target’s primary function is to respond to the requests started by the initiator. This task is accomplished by brokering the requests of the initiator to the physical storage. The ISCSI target most often takes the physical form of a storage appliance, although there are software-only products available as well. Regardless of the format, the ISCSI target acts as the bridge between the network and the disks � usually a RAID of Serial ATA drives.
A common question is whether a separate network should be implemented for the ISCSI traffic. The answer to this question requires close examination of the intended purpose and expected throughput of the ISCSI SAN. In small installations constrained by budget there often is no choice but to use the existing infrastructure. If this is the case, any IP-based system could possibly suffer due to the existing traffic on the network. Therefore, an ISCSI SAN will still perform better than the available alternatives because of the efficiency of the ISCSI protocol. To guarantee the highest performance and stability, implement a dedicated IP infrastructure for the ISCSI SAN. A compromise between these two approaches is to implement a VLAN (virtual LAN) to isolate the ISCSI traffic on an existing infrastructure.
Most stations probably already have an assortment of storage and networking technologies in place. When deployed correctly, ISCSI can complement these various storage/networking systems. ISCSI need not be viewed as an either/or solution. Nowhere is this truer than with Fibre Channel. Consider, for example, a Fibre Channel/ISCSI hybrid SAN. This opens the door to tiered storage networking, where it is possible to extend FC only to those that need the highest performance, while routing the Fibre Channel SAN over ISCSI to the remainder of users or servers. There are a number of bridging and routing devices available that are capable of extending ISCSI connectivity to various protocols.
The demand for ISCSI has been widely predicted to accelerate steadily over the next several years. It is hard to ignore the benefits of SAN, let alone one that is implemented on common network components. The resounding truth is that ISCSI is firmly situated on top of the two most ubiquitous network standards: TCP/IP and Ethernet. Its value proposition becomes even more apparent with the realization that Ethernet economics can now be applied to an organization’s SAN strategy.
Some have even predicted that ISCSI signals the demise of Fibre Channel. The more likely outcome (near-term at least) is that ISCSI will find its way alongside many Fibre Channel implementations. But perhaps nothing stands to solidify the position of ISCSI more than the mass adoption of 10Gb Ethernet. With five times the bandwidth of most Fibre Channel products sold today, 10Gb currently sits quietly in the background � an inevitable giant in waiting.
Newbauer is the director of operations of Studio Network Solutions.