Network Management Practice: upgrading a small NAS system to an IP SAN

In TV news production, the NLE production network is in the production and broadcasting of news programs, A digital production network based on news hard disk collection, data transmission, non-linear editing and production, and multi-channel hard disk broadcast. It can easily transmit videos, documents, and other types of data, without the need to upload or download materials, you can use desktop editing to broadcast programs without tape, enhancing the timeliness of news and facilitating the rolling broadcast of news.

The entire NLE production network consists of multiple editing workstations and central storage. Each editing workstation integrates 50 Mbps bit rate and MPEGII format materials. Each workstation occupies 6.25 Mbps bandwidth during program uploading. When editing or downloading the completed storyboard file, the edited two-track 50 Mbps bit rate MPEGII format material is calculated, each of which occupies about 12.5 Mbps of bandwidth. If there are 10 editing workstations, the bandwidth is about 62.5 Mbps when uploading materials. During editing, the bandwidth required is about 125 Mbps.

As can be seen from the above, the TV's NLE production network requires a high read/write speed for each editing workstation. In the past, the FC network was used between the editing workstation and the central storage. Because the FC architecture is expensive and the FC network needs to be re-built, it has become a huge obstacle for many TV stations to create NLE networks. The NAS structure is simple and easy to use, and the cost is low, but the read/write speed is slow and unstable. It has been used in 6-8 editing workstations and often pauses, making it difficult to edit. To change this situation, you need to upgrade the system. Through comprehensive comparison, we decided to use iSCSI technology to rebuild the existing system.

ISCSI technology has advantages such as ease of installation, low cost, no geographical restrictions, good interoperability, and convenient management. The iSCSI protocol defines the rules and methods for storing data at the TCP/IP network sending and receiving block data blocks. The sending end encapsulates SCSI commands and data into TCP/IP packets and forwards the packets over the network. After receiving the TCP/IP packet, the receiving end restores the packets to SCSI commands and data and executes the packets, after completion, the returned SCSI commands and data are encapsulated in the TCP/IP package and then transmitted back to the sender. The whole process is as simple as accessing local SCSI devices.

The current transmission speed is FC2Gb) the fastest and iSCSI1Gb), followed by NAS. Basically, FC and iSCSI Block protocols are faster than NAS File protocols because the former is a "Local disk" in operating system management ", the latter is displayed in the name of "Network Disk. Therefore, iSCSI is definitely much faster than NAS in the transmission of a large amount of data. The measured ip san data transmission rate is about 80-90 MB/s. If it is a full-duplex gigabit switch, it can reach about 160 MB/s.
Small NAS system upgrade and Transformation

Using the existing NAS storage network to build an ip san is extremely simple. Like NAS storage, they all adopt the existing mature architecture of the IP network. Therefore, existing mature network management mechanisms can be extended, making it very convenient and easy to build, manage, or maintain. We will build a simple iSCSI-Based ip san, 1.

Figure 1 shows a simple ip san structure. In this example, a Gigabit Ethernet switch is used to build a network environment consisting of a non-linear workstation, a file server, a disk array, and a tape library. Figure 1 connect servers and switches using the iSCSI multicast host Bus Adapter and host Bus Adapter. In order to emphasize the memory card, we will also draw additional marks. ISCSI HBA includes Nic functions and also supports OSI network protocol stack for protocol conversion.

Note: If you do not need a swap card, you can also use software to convert the SCSI protocol to the TCP/IP protocol. However, this consumes CPU resources. If software is used, Dual CPU is recommended for server configuration. In ip san, you can also directly connect the iSCSI-based tape library to a vswitch, and implement simple and fast data backup through storage management software.

Integrate FC and IP applications

In practical applications, high availability and high performance needs must be met while cost is ensured. You need to expand the existing FC storage network. If it is extended based on FC, the cost is high and the optical fiber needs to be pulled again. You can use existing IP networks to expand applications. On the server and storage end, high availability can be achieved through high-availability clusters, while reflecting the high performance of Fiber Channel when processing key data.

In terms of data security, storage routers such as Cisco's SN 542X series provide the logical unit number LUN (LUN) ing function commonly used in fiber channel switches to control access to special LUN targets, therefore, you can locate important data in the target to ensure that users with special permissions can access the data. If you need scalability and high availability, Cisco Storage routers can also be stacked to connect several routers to meet user requirements.

Figure 2 shows the structure of an iSCSI router integrating an optical fiber channel network and an IP network. The optical fiber channel storage network and iSCSI network are integrated through a router to provide an existing LAN) interoperability with fc san devices. You can access the common storage devices in the IP network through iSCSI or optical fiber. You can access the storage devices in the fc san through an IP network. This improves the manageability and availability of storage resources.

Remote backup Application

In practical applications, the materials stored in the central storage are the lives of TV stations. To ensure data security and reliability, remote backup and Data Disaster Tolerance are very important. We can create material sharing and mutual backup libraries between TV stations. The operation distance of traditional Fiber Channel SAN is between 10-20km. Therefore, it still has certain geographical limitations to realize real remote backup and Remote Disaster Tolerance. The development of the Internet provides new ideas for remote backup. You can use remote file sharing, but the speed and security are not ideal. The iSCSI technology also proposes a new solution.

As shown in figure 3, ip san is implemented based on iSCSI technology, and remote backup is implemented through IP wide area network. In this example, a common IP network is used to merge and expand the SAN, which has extremely high cost-effectiveness configuration and can implement functions such as remote backup, Data Disaster Tolerance, and image, at the same time, remote storage can be edited in real time. Of course, the prerequisite for real-time editing is that the bandwidth is sufficient.

This configuration has the following features:

◆ Ip san connects to remote storage devices through an IP Wan.

◆ ISCSI servers and storage are connected to an IP network through a high-performance iSCSI HbA card.

◆ The IP switch is connected to the iSCSI system.

Security Issues of the above applications are of great concern to everyone. For remote file sharing in NAS systems, we mostly use the security policies provided by TCP/IP networks to ensure security. For example, we can use the advanced services and security features provided by TCP/IP network connections. IP networks provide a wide range of security solutions, such as transaction processing priority, MPLS, And RSVP. For security, the IP protocol provides ACLs, VLANs, IPSec, and advanced data encoding rules. The safest of course is to use a proprietary network to ensure that it is separated from other transaction processing. data transmission is physically isolated from the public network, it can also ensure that the performance bottleneck is not caused by network congestion. In addition to the preceding policies, the iSCSI protocol also provides QoS and security features. The first step is to set the logon operation sequence. You can restrict the sending of login requests only to the targets in the list, and then confirm and return a response from the target, communication is allowed. Second, data packets are encrypted and transmitted through IPSec, including data integrity, certainty, and confidentiality detection.