Detailed Linux configuration iSCSI methods

iSCSI technology was developed by IBM and Cisco in early 2001, and in May 2003 Microsoft was in Windows 2003 Start your own formal support for iSCSI Microsoft has largely driven the development of iSCSI technology. The following is a detailed introduction to how iSCSI is configured on Linux

I. iSCSI Roadmap for Development

Early 2001: iSCSI technology was developed by IBM and Cisco in 2001, with two-ibmipstorage200i and ciscosn5420router supporting iSCSI products respectively.

December 2001: NetApp launches its own Ipsan, which uses a self-developed VLD protocol (VIRTUALLOCALDISK), which is stored in Blockoverip mode.

February 2003: SNIA (storagenetworkingindustryassociate, Storage Network Industry Association) finally formally developed the adoption of the iSCSI standard. The industry has seen this standardization as the most critical factor in iSCSI development, and since then, more and more manufacturers have started to further develop industry-standard related products, iSCSI is also beginning to be favored by the industry's eyes.

May 2003: Microsoft officially started to support iSCSI in WindowsServer2003 and provided downloads for iscsiinitiator drivers. Microsoft's deep-fueled approach has led to the development of the entire iSCSI industry. So next, regardless of the various operating platforms or hardware and software support will be more and more complete.

October 2004: HP released ipstorage500/1500.

2005: Since standardization and Microsoft support have solved iSCSI's biggest development bottleneck, the full spread of iSCSI is only a matter of time. But the industry has been consensus the point at which it began to spread. Most of the respondents thought that the time should be in 2006, but the manufacturers agreed that 2005 would have the opportunity to see the market take off sharply.

Second, iSCSI technology

Sans (storageareanetwork abbreviations) mean storage area networks and are truly enterprise-focused storage. The SAN uses a separate network (separated from the traditional LAN) to connect all the memory and servers, which can use high-performance technology, such as Fibre Channel (Fiberchannel), can accommodate SCSI and other protocols, so that the movement of data blocks more efficient, It also allows users to freely add devices such as disk arrays, tape libraries, or servers. Now the SAN is basically through FibreChannel to achieve, FibreChannel, referred to as FibreChannel, also known as Fibre Channel, is the use of special equipment for high-speed data transmission of a network standard, mainly used to connect the server trunk (backbones) , and connect the server to the storage device.

Sans with high-speed fibrechannel as a transport medium have the advantage of Fibre Channel in terms of distance, performance and connectivity, and can provide up to 2gb/s data rates if combined with Fibre Channel switches. Enables sans that are independent of the application server network system to have virtually unlimited storage capacity. But the SAN, which is implemented with FibreChannel, has superior performance and excellent scalability, but the price is staggering and it is difficult to manage, making it difficult for the average user to bear.

It is also why many enterprises have to bear the pain of abandoning sans. ISCSI (Internet small Computer system interface) is a standard for data block transmission on Internet Protocol networks, especially Ethernet, and is an integrated IP and SCSI technology. Its greatest feature is the ability to transfer standard SCSI commands between a host system (initiator) and a storage device (target) on a TCP/IP network. Compared to Fibre Channel, ISCSI has many advantages, and it is more appropriate to use the ' iscsi= low + high performance ' equation. iSCSI is a technical standard based on IP protocol, which realizes the connection between SCSI and TCP/IP protocol, and those users with LAN as network environment need only a small amount of input, it can easily and quickly communicate and manage the information and data interactively. Compared to previous network access storage, iSCSI generation solves many problems such as openness, capacity, transmission speed, and compatibility, allowing users to build storage area networks through existing TCP/IP networks, making it easier to manage SAN storage. The iSCSI structure is shown in Figure 1.

Figure 1iSCSI Architecture

Here is a comparison between San and iSCSI, the basic two are the San architecture running block protocol, but the former through the FibreChannel, the latter from the IP transfer data, and both in the management and application is similar. Here still try to do a summary, for reference, see table-1.

Data transfer mode: Both iSCSI and FibreChannel for the San are in Block protocol mode.

Transfer speed: FibreChannel (2Gb) is the fastest, and ISCSI (1GB) is the second most current transmission speed.

Management: iSCSI employs an existing mature architecture of IP networks. Therefore, the existing network management mechanism can be used, whether it is the establishment, management or maintenance, are very convenient and easy. FibreChannel is completely independent of the general network system architecture, so it is necessary to provide exclusive management tools software by FibreChannel suppliers respectively.

Management and maintenance costs: Generally speaking, Fibrechannelsan need specific tool software to operate management, so it is necessary to educate people for a certain period of time, and the cost is not low. However, since iSCSI is transmitting data and allocating storage resources through IP networks, it is possible to save a significant amount of management manpower and training costs when using the existing management functions of the network.

Transmission distance: In principle, both support long-distance data transfer. The theoretical value of FibreChannel is up to 100 km. There is no theoretical distance limitation on iSCSI through IP networks, and iSCSI can be used to transmit large amounts of data over long distances.

Noise collision Problem: Because iSCSI is the IP network, which of course is full of huge data and noise from around the world, so the collision situation is inevitable, so that in the process of data transmission, it is easy to lead to delays in the situation, greatly affecting the efficiency of transmission, and even the correctness of the data.

Third, the mainstream operating system for iSCSI support

One of the main reasons for the long-awaited availability of iSCSI is that the support of various platforms is not complete. The key to getting full support for various platforms is the standardization of the Protocol. With standardized protocols, all types of platform solutions can be followed by the introduction of a common standard of support and products, such a considerable market size can be built up. The SNIa Association formally passed the iSCSI standard in February 2003, and although iSCSI has been formally standardized, it does not necessarily mean that it can be quickly popularized, whether iSCSI can stand firm in the enterprise storage market, and still need to look at the vendor's own attitude and willingness to develop. Table 2 is an iSCSI support scenario for mainstream operating systems.

Table 2 is the main operating system for iSCSI support

Iscsiinitiator can be divided into three types, namely software initiator driver, hardware toe (tcpoffloadengine,tcp offload engine) HBA card and Iscsihba card. In terms of performance, the software initiator driver is the worst, the Toehba card is centered, and the Iscsihba card is the best. However, Iscsihba can only run iSCSI technology protocols and Cannot run NFS (Networkfilesystem,sun) or CIFS (Commoninternetfilesystem, Microsoft-developed) file system protocols to communicate with application servers. However, the initiator driver and the TOEHBA card support iSCSI, NFS, and CIFS three protocols.

Iv. implementing iSCSI under Linux

There are three main ways to implement iSCSI technology in Linux network environment:

1. Pure Software method

The server uses the ordinary Ethernet card for network connection, and implements the iSCSI and TCP/IP protocol stack functional layer by running the upper layer software. This is due to the use of a standard NIC, which eliminates the need for additional adapter configuration, thus minimizing hardware costs. However, in this way, the server in the completion of its own work, but also to take into account the network connection, resulting in longer host running time, system performance degradation. This approach is more appropriate for users with less budget, and the server is not a big burden. At present, whether it is MicrosoftWindows, Ibmaix, HP-UX, Linux, Novellnetware and other operating systems, have been providing this service, in the price, compared to the first two options, far cheaper, or even completely free. However, the performance of the initiator driver is the worst because it consumes a lot of CPU utilization and system resources. In this recommendation, it is best to use more than 1GHz CPU host, so as to achieve better performance, if the company host CPU under 1GHz, then it is best not to use. For support of various protocols, the initiator driver can support iSCSI, NFS, and CIFS protocols at the same time. Of course, most server CPUs are now able to meet this requirement. Here the free Iscsiinitiator driver, before the general Gigabit network card can be emulated into iscsiinitiator. The storage of the general SCSI interface is then emulated into Iscsitarget through the iSCSI Bridge, thus forming a iscsi-san.

2.iSCSITOE Network Card Implementation method

In this way, the server uses a specific Toe network card to connect to the network, the TCP/IP stack function is completed by the smart card, and the iSCSI technology layer is still the function of the host to complete. In this way, the performance of the server is improved in part by the previous method. In three kinds of iscsiinitiator, the price is cheaper than Iscsihba, but more expensive than the software initiator driver, the performance is also in between. Intel's Toe (Tcpoffloadengine,tcp offload engine) HBA is currently priced at around $150.

3.iSCSIHBA Card Implementation Method

Use the iSCSI storage adapter to complete the iSCSI layer and TCP/IP protocol stack functionality in the server. This way, the server CPU does not need to consider iSCSI technology and network configuration, for the server, the iSCSI memory adapter is an HBA (storage host Main Line adapter) device, and the server operating system independent. This is the best performance, but the price is also the most expensive. In three kinds of iscsiinitiator, the price is the most expensive, but the performance is the best. The price has dropped to around $500 from a start of about $1000. For enterprises with efficient application requirements, it is best to use Iscsihba cards, so that the best performance can be achieved.

Considering the author uses the Linux server to use the 2.4GIntel Xeon processor, and the network load is not big, this article uses the first way, the topology structure is shown in Figure 2.

Figure 2 topology of the network topology

Description: iSCSI Technology storage Device Architecture:

Model PROMISEVTRAK15200, using iSCSI models;

Use 5 disks, 1 are Sparedisk, the remaining 4 are made of RAID-5;

The IP address of the IP:ISCSI technology storage device is set to 192.168.11.201

The accounts and passwords connected to the storage device are: MYACCOUNT/ISCSIMY1SPW

Linux servers:

System: Redhat9linux core (2.4.20-8MP)

Ip:redhat9linux server IP address set to 192.168.10.3

Hardware: DELLPOWEREDGE16000SC (2.4GIntel to strong processor, 512MBDDRECC memory) basic server. For mail server (commercial version of Sendmail:3rsoft).

1. Preparatory work

Because installing the iSCSI driver requires the kernel to be compiled, it uses the core source code, and also requires the help of the compiler (compiler), so first determine that the following software exists in your Linux system: Kernel-source, kernel, GCC, Perl, Apache. To open a terminal, use the command check:

#rpm-qa|grepgcc;rpm-qa|grepmake

#rpm-qa|grepkernel;rpm-qa|grepmake

The iSCSI driver download URL is: http://sourceforge.net/project/showfiles.php?group_id=26396

This website provides two kinds of drivers according to the Linux kernel (2.4/2.6), please download the corresponding driver according to the kernel version, first use the following command to query the kernel version of Linux currently used:

#uname –a

Linuxcao2.4.20-8#1thumar1317:54:28est2003i686i686i386gnu/linux

2. After getting the version information, download the drive required by the system to its official website. Once the download is complete, you can install the component using the following command and then compile the kernel:

#cdcd/USR/LOCAL/SRC

#wegt http://nchc.dl.sourceforge.net/sourceforge/linux-iscsi/linux-iscsi-3.4.3.2.tgz

#tar-zxvflinux-iscsi-3.4.3.2.tgz

#cdlinux-iscsi-3.4.3.2

#makeclean

#make

#makeinstall

3. Modify the configuration file to begin the work of modification:

#vi/etc/iscsi.conf

username=myaccount# User Name #

password=iscsimy1spw# Password #

DISCOVERYADDRESS=192.168.11.201#ISCSI the IP address of the storage device #

Username=myaccount

Password=iscsimy1spw

4. Start ISCs

#/etc/init.d/iscsistart

Startingiscsi:iscsiiscsidfsck/mount

5. Use the Iscsi-ls command to see more detailed disk information:

#iscsi-ls

*****************************************************************

Sfnetiscsidriverversion ... 3.4.3.2 (27-jun-2005)

****************************************************************

targetname:iqn.1994-12.com.promise.target.3b.31.4.55.1.0.0.20

targetalias:vtrak15200

hostno:0

busno:0

targetid:0

targetaddress:192.168.11.201:3260

sessionstatus:establishedatthunov1020:13:432005

NO. Ofportals:1

portaladdress1:192.168.11.201:3260,2

Sessionid:isid00023d000001tsih04

****************************************************************

iSCSI node names are available in two formats, the Iqn-type format and the Eui-type format.

Linux is commonly used in the Iqn-type format:

6. Disk partitioning using the FDISK command

FDISK command format

Fdisk[-l][-bssz][-u]device

Main options:

-L: View the partition table status for the specified device.

-BSSZ: Outputs the specified partition size to the standard output, in chunks.

-U: With the "-L" parameter list, the number of partitions is replaced by the number of columns to represent the starting address of each partition.

Devices: The name of the device to which to operate.

Fdisk is the most commonly used partitioning tool in various Linux distributions and is a partitioning tool defined as an expert level. We can use FDISK to partition iSCSI devices. It also includes a two-level menu, which starts with a command and then a question-and-answer interface, where users manipulate fdisk by entering command parameters in this interface. See Figure 3.

Figure 3 Fdisk Partitioning tool

Option Description:

A: Set the boot area of the hard drive.

B: Edit a BSD type partition.

C: Edit a DOS-compatible partition.

D: Delete a partition.

L: View the partition table status of the specified device.

M: Displays a description of each parameter of the FDISK command.

O: Create a DOS partition.

N: Sets a new hard disk partition.

P: Print partition information.

S: Create an empty sun partition table.

T: Change the hard disk partition type.

Q: Ends the partition without saving the contents of the operation.

V: Verify the hard disk partition table.

W: End partition, save operation contents.

X: Enter advanced operation mode.

#fdisk/dev/hdd

A command prompt appears Fdiak after running:

Command (MFORHELP):

Using the n command to create a partition, you will be prompted to select a primary partition (Pprimarypartition) or an extended partition (llogical), usually with the primary partition selected. Then follow the prompts to enter the partition number (Partionnumber (1-4):), the number of disk blocks (Firstcylinder) starting with the new partition, and the size of the partition, which can be a number in megabytes (lastcylindetor+sizaor+sizemor+ Sizek:). For example:

Fdisk/dev/sda

Command (mforhelp): n

Commandaction

eextended

Pprimarypartition (1-4)

P

PartitionNumber (1-4): 1

Firstcylinder (1-189971,DEFAULT1):

Usingdefaultvalue1

Lastcylinderor+sizeor+sizemor+sizek (1-189971,default189971):

Usingdefaultvalue1899719

Command (mforhelp): W

7. Format the partition:

#mke2fs-text3-c/dev/sda1

8. Set the load point:

#mkdir/cluster/raid

#mount-T Ext3/dev/sda1/cluster/raid

After doing this, my Linux server is connected to an iSCSI storage device and is like a SCSI hard disk on a Linux native. is almost identical in the way it is used.

9. Automatically mount an iSCSI volume

You can tell Linux how to mount a volume automatically by adding a command line to/ETC/FSTAB.ISCSI (filesystemtable). Use the VI Editor to modify the/etc/fstab, use the shift+g command (position the cursor to the last line), and then use the O command (insert a new line and go to edit state) and enter the following:

/dev/sda1/cluster/raidext3defaults00

Automatically mount the iSCSI volume when you save it from the new startup computer.

V. Protection of iSCSI Security

Fibre Channel environments give people a sense of high security because they are controlled private networks. iSCSI gives the impression that it is less secure because it is an Ethernet-based network. In essence, however, Fibre Channel has no security features, and iSCSI provides a very rich security feature. The iSCSI specification provides both initiator and target-side authentication (using CHAP, SRP, Kerberos, and SPKM), which prevents unauthorized access and allows only those nodes that can be trusted to access it. In addition, the Ipsecdigests (IPSec Digest) and anti-reply (anti-reply) features prevent insertions, modifications, and deletions, while the ipsecencryption (IPSec encryption) feature prevents eavesdropping and ensures privacy.

The simplest way to implement iSCSI is to connect without any encryption and authentication mechanisms. This method only provides the most basic function of "SCSI instruction transmits on TCP/IP protocol", and any host connected to the network can be connected to the iSCSI storage device without hindrance. It is clear that this approach is not capable of preventing any danger. However, this approach also has a clear advantage, that is performance. Without authentication and encryption, it's natural to save a lot of extra overhead. This is undoubtedly the best option if you are in great need of your iSCSI disk array to work at full speed. Of course, the network switch used to connect to an iSCSI disk array is best isolated from the outside world when you choose this approach.

Choose your password properly

Passwords should be avoided in relation to personal data, such as identification number, date of birth, telephone number, etc. It is recommended to use the combination of letters and numbers to improve the difficulty of password cracking. Try to avoid the use of the same password in different operating systems, or if the password is lost, the consequences will be disastrous. Hackers often use some common words to crack passwords. One American hacker once said that by using the word "password", you could open most computers in the United States. Other commonly used words are: account, ALD, alpha, beta, computer, dead, demo, dollar, games, bod, hello, help, Intro, Kill, Love, no, OK, Superuser, System, test, work, yes, and so on. Also believe that setting a blank password will cause a lot of network administrators headaches. Many users are too hard to remember the password, simply empty, or conveniently set to 111111 or something. This password is really worrying, a bit of patience of hackers, manual can be tried out, not to mention the current variety of dictionary attack programs flying. The same is true for iSCSI disk arrays. If only by the user authentication can not solve the problem, you need to learn from the traditional IP network approach, in the intranet and outside the network to set up a firewall, sniper outside those who have sufficient energy and patience of the "try." If the iSCSI disk Array (Target) and host (initiator) need to be connected across a WAN, it is best to make both VPN interconnects. All in all, one purpose is to not let iSCSI disk arrays use the IP address of the public network.

Summary: Here is a low-cost iSCSI solution for small and medium-sized enterprises under the Linux network.

iSCSI Tips:

1. Should I use hardware initiator or software initiator?

Iscsiinitiator Whether you use hardware or software depends on a variety of factors, including budget, performance requirements, and server workloads. Software Iscsiinitiator enables the lowest cost iSCSI solution. Pure software Iscsiinitiator uses standard Ethernet cards and relies on the host CPU to handle iSCSI commands and TCP/IP stacks. For the latest generation of servers with 2GCPU, most customer workloads do not cause significant performance overhead in terms of iSCSI protocol processing. If your server has a Gigabit Ethernet card, there is little problem with the software initiator evaluation process, because initiator is available for free in most popular operating systems. If the CPU is older and the load on the server is heavier, it may be more appropriate to use hardware iscsiinitiator. Hardware Iscsiinitiator will transfer iSCSI and TCP/IP processing work to ISCSIHBA. The result is a significant reduction in CPU performance overhead compared to Fibre Channel HBAs. Hardware initiator also provides features that are not available in software solutions, such as hardware multichannel capabilities that support high-availability environments, and support remote boot capabilities in dense server environments.

2. How do hardware and software initiator affect the performance of your application?

If the application is on a lightly-burdened server, the performance overhead of iSCSI with software initiator will not significantly affect the performance of the application in most cases. If the load on the server is heavier, hardware iscsiinitiator must be used. However, in most environments, the transport bandwidth and the performance overhead of the host CPU are not a problem at all-the application performance issues are due in large part to the limited number of spindles stored (too few disks that bear the workload). This is not a protocol or transmission issue. This is a common problem with direct-attached storage systems, but using an iSCSI-based SAN solution can be a very convenient solution to this problem.

Which servers are suitable for iSCSI architectures under 3.Linux?

At present, Linux is good at application: a single application of the basic server applications, such as DNS and DHCP server, Web server, directory server, firewall, file server, print server, Internet connection Proxy Server, database. The database server and mail server are best suited for iSCSI architectures, and NetApp says that because the ERP database system uses block protocols, it is well suited to build on iSCSI architectures.

Detailed Linux configuration iSCSI methods