To improve network reliability and security requirements, we may want to separate the control and storage networks of openstack, that is, to configure the iscsi private network. Taking the kvm + lvm + iscsi ubuntu environment as an example, consider a simple deployment model, a computing node (nova-compute), a storage node (cinder-volume ), one Control Node (all other processes ). We need to follow the steps below to configure: 1. Both the computing node and the storage node need two NICs eth0 and eth1, and the control node needs one Nic eth0. The network plan is as follows, of which 192. * For the control plane network, 10. * For the storage area network computing node eth0 192.168.1.3 computing node eth110.144.144.11 storage node eth0 192.168.1.4 storage node eth110.144.144.12 control node eth0 192.168.1.5 2. Modify the cinder configuration file cinder. conf: Change iscsi_ip_address to 10.144.144.12. The default value is $ my_ip, that is, the same ip address as the control plane, restart cinder-volume 3. Modify the Startup Mode of the iscsi target tgtd process on the storage node so that it only listens to the storage network and modifies/etc/init/tgt. conf, change exec tgtd to exec tgtd -- iscsi portal = 10.144 . 144.12: 3260 and then restart the tgtd process. In this way, we can use netstat-naop | grep 3260 to check that tgtd only listens to port 3260 and above of 10.144.12, the source code of openstack cinder and nova can be automatically adapted according to the configuration. When nova mounts a volume to a VM, it calls the initialize_connection method of cinder to retrieve the required iscsi information, this includes the contents in cinder. iscsi_ip_address = 10.144.144.12 and iscsi ports configured in the conf file. Then, nova executes the iscsiadm login and other commands based on this ip address to construct parameters, in the future, network communication between virtual machines and storage volumes will be conducted through the storage area network.