39
Internet Small Computer System Interface iSCSI Sheel Sindhu Manohar IWC2013011 [email protected]

Detailed iSCSI presentation

Embed Size (px)

DESCRIPTION

This presentation include introduction to the SCSI cable followed by iSCSI protocol details.

Citation preview

Page 1: Detailed iSCSI presentation

Internet Small Computer System Interface

iSCSI

Sheel Sindhu [email protected]

Page 2: Detailed iSCSI presentation

What is this?

Page 3: Detailed iSCSI presentation

PATA Cable

Page 4: Detailed iSCSI presentation

What is this?

Page 5: Detailed iSCSI presentation

SATA Cable

Page 6: Detailed iSCSI presentation

What is this?

Page 7: Detailed iSCSI presentation

SCSI Cable

Page 8: Detailed iSCSI presentation

SCSI

● Small Computer System Interface (SCSI) technology for I/O buses in Unix and PC servers.

● SCSI protocol defines how the devices communicate with each other via the SCSI bus.

● It specifies how the devices reserve the SCSI bus and in which format data is transferred.

● The SCSI protocol introduces SCSI IDs (aka. called target ID or just ID) and Logical Unit Numbers (LUNs) for the addressing of devices.

● The server can be equipped with many SCSI controllers.

● The operating system must note three things for the differentiation of devices – controller ID, SCSI ID and LUN.

Page 9: Detailed iSCSI presentation

SCSI (2)

● Devices (servers and storage devices) must reserve the SCSI bus (arbitrate) before they may send data through it.

● During the arbitration of the bus, the device that has the highest priority SCSI ID always wins.

● Lower priorities never being allowed to send data if higher priority bus is heavily loaded

● SCSI devices connected in the form of daisy chain.

Page 10: Detailed iSCSI presentation

The SCSI I/O Channel

● SCSI is the dominant protocol used to communicate between servers and storage devices in open system

● SCSI I/O channel is a half-duplex pipe for SCSI CDBs and data

● Parallel bus evolutionBus width: 8, 16 bitsBus speed: 5–80 MhzThroughput: 5–320 MBpsDevices/bus: 2–16 devicesCable length: 1.5m–25m

● A network approach can scale the I/O channel in many areas (length, devices, speed)

SCSI CDB: SCSI Command Descriptor Block Used to Relay SCSI Commands, Parameters, and Status between SCSI Initiators and SCSI Targets; Typically 6, 10, or 12 Byte Block

SCSI Adapter

Applications

File System

Block Device

SCSI Generic

TCP/IPStack

NICDriver

Adapter Driver

Half-DuplexSCSII/O Channel

SCSIInitiator

SCSITarget

SCSI

Raw

EthernetNIC

Ethernet

Page 11: Detailed iSCSI presentation

SCSI and Storage Network

● SCSI suitable for the deployment of storage networks upto limited degree

● SCSI daisy chain can only connect a very few devices with each other.

● Although it is theoretically possible to connect several servers to a SCSI bus, this does not work very well in practice.

● The maximum lengths of SCSI buses greatly limit the construction of storage networks. Large disk subsystems have over 30 connection ports for SCSI cables

● Extend the length of the SCSI buses with so-called link extenders, the use of a large number of link extenders is unwieldy.

● SCSI having advantage that transition of SCSI cables to storage networks remains hidden from applications and higher layers

Page 12: Detailed iSCSI presentation

Different type of SCSI Interfaces

Page 13: Detailed iSCSI presentation

IP Based Storage

● IP storage is an approach to build storage networks upon TCP, IP and Ethernet.

● Three protocols are available for transmitting storage data traffic over TCP/IP:

- iSCSI,- Internet FCP (iFCP) - Fibre Channel over IP (FCIP)

● The basic idea behind iSCSI is to transmit the SCSI protocol over TCP/IP iSCSI thus takes a similar approach to Fibre Channel SAN, the difference being that in iSCSI a TCP/IP/Ethernet connection replaces the SCSI cable

Page 14: Detailed iSCSI presentation

What is iSCSI?

● A SCSI transport protocol that operates over TCP/IPEncapsulates SCSI CDBs (operational commands: e.g. read or write) and data into TCP/IP byte streams

Allows IP hosts to access IP-based SCSI targets (either natively or via iSCSI to FC Gateways)

● Standards statusRFC 3720 on iSCSI

Collection of RFCs describing iSCSI

RFC 3347—iSCSI Requirements

RFC 3721—iSCSI Naming and Discover

RFC 3723—iSCSI Security

Page 15: Detailed iSCSI presentation

iSCSI

ISCSI refers to Internet Small Computer System Interface

Enable location-independent data storage and retrieval.

The protocol allows clients (called initiators) to send SCSI commands (CDBs) to SCSI storage devices (targets) on remote servers.

It is a storage area network (SAN) protocol, allowing organizations to consolidate storage into data center storage arrays while providing hosts the illusion of locally attached disks.

Unlike traditional Fibre Channel, which requires special-purpose cabling, iSCSI can be run over long distances using existing network infrastructure.

Page 16: Detailed iSCSI presentation

Concept

● iSCSI is often seen as a low-cost alternative to Fibre Channel, which requires dedicated infrastructure except in its FCoE (Fibre Channel over Ethernet) form.

● iSCSI is a mapping of SCSI-3 to TCP, as a “SCSI transport”.

● It behaves as a Serial SCSI transporter transferring SCSI packets (commands, data, status and control messages ) over a TCP stream.

● The idea is extremely simple, use existing building blocks ( SCSI, TCP ) to implement another service.

Page 17: Detailed iSCSI presentation

iSCSI Layers

SCSI

iSCSI

Upper Functional Layers (e.g. SSL)

TCP

Lower Functional Layers (e.g. IPSec)

IP

LINK

Page 18: Detailed iSCSI presentation

IP Storage Networking

● IP storage networking provides solution to carry storage traffic within IP

● Uses TCP: a reliable transport for delivery● Applicable to local data center and long-haul applications● Two primary protocols:

iSCSI—Internet-SCSI—used to transport SCSI CDBs and data within TCP/IP connections

FCIP—Fibre-Channel-over-IP—used to transport Fibre Channel frames within TCP/IP connections—any FC frame—not just SCSI

IP TCP FCIP FC SCSI Data

IP TCP iSCSI SCSI Data

Page 19: Detailed iSCSI presentation

Objective of iSCSI SAN

iSCSI SANs often have one of two objectives:

Storage consolidation

Organizations move disparate storage resources from servers around their network to central locations, often in data centers; this allows for more efficiency in the allocation of storage.

Disaster recovery

Organizations mirror storage resources from one data center to a remote data center, which can serve as a hot standby in the event of a prolonged outage.

In particular, iSCSI SANs allow entire disk arrays to be migrated across a WAN with minimal configuration changes.

Page 20: Detailed iSCSI presentation

For Storage Consolidation

● IP access to open systems iSCSI and Fibre Channel storage

● iSCSI driver is loaded onto hosts on Ethernet network

● Able to consolidate servers via iSCSI onto existing storage arrays

● Able to build Ethernet-based SANs using iSCSI arrays

● Storage assigned on a LUN-by-LUN basis at iSCSI router

iSCSI-EnabledHosts (Initiators)

iSCSI Array

(Target)

StoragePool (Target)

iSCSIGateway

IPNetwork

FCFabric FC HBA-

Attached Host (Initiator)

iSCSI

iSCSI

Logical Unit Number (LUN): A Field within SCSI Containing up to 64 Bits that Identifies the Logically Addressable Unit within a Target SCSI Device

● iSCSI iS

CSI

Page 21: Detailed iSCSI presentation

iSCSI Topologies● Point-to-point direct connections ● Dedicated storage LAN, consisting of one or more LAN

segments ● Shared LAN, carrying a mix of traditional LAN traffic plus

storage traffic ● LAN-to-WAN extension using IP routers or carrier-provided "IP

Datatone" ● Private networks and the public Internet

Page 22: Detailed iSCSI presentation

The following applications for iSCSI are contemplated:

● Local storage access, consolidation, clustering and pooling (as in the data center)

● Client access to remote storage e.g. a "storage service provider“ (SSP)

● Local and remote synchronous and asynchronous mirroring between storage controllers

● Local and remote backup and recovery

Page 23: Detailed iSCSI presentation

iSCSI and SCSI

● The iSCSI protocol MUST NOT require changes to the SCSI-3 command sets and SCSI client code except to reflect lengthier iSCSI target names and potentially lengthier timeouts.

● All SCSI devices types SHOULD be supported, but iSCSI main interest are disk and tape controllers

● The iSCSI protocol MUST reliably transport SCSI commands from the initiator to the target.

Page 24: Detailed iSCSI presentation

SCSI command protocol

● SCSI standards also include an extensive set of command definitions

● There are 4 categories of SCSI commands: N (non-data)W (writing data from initiator to target)R (reading data)B (bidirectional)

● There are about 60 different SCSI commands in total

● As commands sent in a CDB can be of 6,10,12,16 bytes but later versions also allows for the variable length CDBs

● Contain one byte Operation Code followed by some command specific parameters.

● Parameters length varies from one command to another command.

Page 25: Detailed iSCSI presentation

SCSI Commands

● Test unit ready: Queries device to see if it is ready for data transfers

● Inquiry: Returns basic device information.

● Request sense: Returns any error codes from the previous command that returned an error status.

● Send diagnostic and Receive diagnostic results: runs a simple self-test

● Start/Stop unit: Spins disks up and down, or loads/unloads media (CD, tape, etc.).

● Read capacity: Returns storage capacity.

● Format unit: Prepares a storage medium for use. In a disk, a low level format will occur. Some tape drives will erase the tape in response to this command.

● Read (four variants): Reads data from a device.

● Write (four variants): Writes data to a device.

● Log sense: Returns current information from log pages.

● Mode sense: Returns current device parameters from mode pages.

● Mode select: Sets device parameters in a mode page.

Page 26: Detailed iSCSI presentation

ISCSI Application

● ISCSI target which is aka iSCSI server is responsible for exporting a block device

● ISCSI initiator that is iSCSI client is responsible for importing that block device, formats that and make use of it.

● LUN is the only part which is exported we actually doing changes to that LUN and that automatically do the changes to the target machine

● We can have multiple targets and security can be implemented on these target levels

Page 27: Detailed iSCSI presentation

ISCSI Target (server)

● Dedicated network-connected hard disk storage device

● Exports a storage device as a LUN. The backed device could be a disk, disk partition, LVM, RAID or file.

● Uses ISCSI protocol that works over ethernet

Page 28: Detailed iSCSI presentation

How does it provides security?

● IP/Network based Access● CHAP based initiator authentication● CHAP target authentication (Bidirectional,

initiator authenticates target)

Page 29: Detailed iSCSI presentation

iSCSI initiator

● The client application used to connect to the iSCSI server

● Send SCSI commands over the IP

● Generic tasks involved:-

● Discover targets at a given IP

● Login, must use a node record id found by the discovery

● Logout

● Delete

Page 30: Detailed iSCSI presentation

Naming and Addressing

● All iSCSI initiators and targets are named.● Each target or initiator is known by an iSCSI Name. ● The iSCSI Name is independent of the location of

the initiator and target● A target also provides a default name called "iSCSI".

This is not a globally unique name. An initiator can log into this default target name, and use a command called "SendTargets" to retrieve a list of iSCSI targets that exist at that address.

Page 31: Detailed iSCSI presentation

Naming and Addressing(cont.)

● ISCSI uses TCP (typically TCP ports 860 & 3260) for the protocol itself with higher level names used to address the objects within the protocol.

● Special name refers to both iSCSI

● iSCSI provides 3 name formats- iSCSI Qualified Name (IQN)- Extended Unique Identifier (EUI)- T11 Network Address Authority (NAA)

Page 32: Detailed iSCSI presentation

Naming and Addressing(cont.)

● Standard internet lookup services SHOULD be used to resolve names. For example, Domain Name Services (DNS) MAY be used to resolve the <hostname> portion of the URL to one or multiple IP addresses.

● When a hostname resolves to multiple addresses, these addresses should be equivalent for functional (possibly not performance) purposes. This means that the addresses can be used interchangeably as long as performance isn’t a concern.

● For example, the same set of SCSI targets MUST be accessible from each of these addresses.

Page 33: Detailed iSCSI presentation

Naming and Addressing(cont.)

● An iSCSI address is specified as a URL, such as:

<domain-name>[:<port>]/<iSCSI-name> ● The <port> in the address is optional; it specified the TCP port

on which the target is listening for connections. ● If <port> is not specified, a default port, to be assigned by

IANA, will be assumed. ● Examples :

– iSCSI://diskfarm1.acme.com/iscsi – iSCSI://com

putingcenter.acme.com:4002/fqn.com.gateways.yourtargets.24

Page 34: Detailed iSCSI presentation

iSNS

● iSCSI initiators can locate appropriate storage resources using the Internet Storage Name Service (iSNS) protocol.

● In theory, iSNS provides iSCSI SANs with the same management model as dedicated Fibre Channel SANs.

● In practice, administrators can satisfy many deployment goals for iSCSI without using iSNS.

Page 35: Detailed iSCSI presentation

Security

● Authentication: iSCSI initiators and targets prove their identity to each other using the CHAP protocol, which includes a mechanism to prevent cleartext passwords from appearing on the wire.

● Logical Network Isolation: To ensure that only valid initiators connect to storage arrays, administrators most commonly run iSCSI only over logically isolated backchannel networks.

● Physical Network Isolation:In order to further differentiate iSCSI from the regular network and prevent cabling mistakes when changing connections, administrators may implement self-defined color-coding and labeling standards

● Authorization: iSCSI storage arrays explicitly map initiators to specific target LUNs; an initiator authenticates not to the storage array, but to the specific storage asset it intends to use

● Confidentiality and Integrity: iSCSI operates as a cleartext protocol that provides no cryptographic protection for data in motion during SCSI transactions. IP-based security protocols, such as IPsec, provide standards-based cryptographic protection to this traffic.

Page 36: Detailed iSCSI presentation

iSCSI Challenges

● While using TCP as a SCSI transport-layer might look straight forward, there are challenges resulting from the different environments of traditional SCSI and TCP.

● SCSI was developed for reliable low-delays environments.● Taking SCSI to the WAN introduces unreliable environment of

high-delays.● Those different environments results with changes applied to

the SCSI protocol

Page 37: Detailed iSCSI presentation

References

● http://titanpad.com/iSCSI

Page 39: Detailed iSCSI presentation

THANK YOU