Neurophasia

The iSCSI Abstract

What is iSCSI?

This section provides a foundational understanding of the iSCSI protocol. It explains its core purpose as a mechanism for transporting block-level storage data over standard IP networks, effectively making remote storage appear local to application servers. We'll touch on its role in building cost-effective Storage Area Networks (SANs) and introduce its governing standard, RFC 7143.

Block Storage over IP

iSCSI (Internet Small Computer System Interface) encapsulates standard SCSI commands into TCP/IP packets. This allows servers to access consolidated storage arrays over a standard Ethernet network as if they were directly attached disk drives.

Cost-Effective SANs

A primary driver for iSCSI is its ability to leverage existing, commodity Ethernet hardware and networking expertise. This provides a lower-cost alternative to dedicated Fibre Channel (FC) SANs, which require specialized adapters, switches, and skills.

The Standard: RFC 7143

The definitive iSCSI protocol is specified in IETF's RFC 7143. This document consolidates and supersedes earlier standards, providing a single, authoritative reference for ensuring interoperability between different vendor implementations.

Core Architecture

This section breaks down the fundamental building blocks of the iSCSI protocol. We will explore the client-server relationship between Initiators and Targets, visualize the multi-layered encapsulation process that makes iSCSI possible, and explain the critical system for naming and addressing nodes to ensure stable connections in dynamic network environments.

Components: Initiator & Target

➜ iSCSI Initiator (The Client)

Resides on the host server that needs storage. It initiates requests by sending SCSI commands to a target. It can be a software driver using a standard NIC or a dedicated hardware adapter (iSCSI HBA) that offloads processing from the host CPU.

➜ iSCSI Target (The Server)

Resides on the storage array or server that provides storage. It listens for commands from initiators, executes them, and returns data and status. It presents storage as numbered block devices called Logical Units (LUNs).

Interactive: The Encapsulation Process

Click on each layer to see its role. iSCSI works by wrapping SCSI commands in multiple network layers for transport across an IP network.

SCSI Command (CDB)
↓ is wrapped in ↓
iSCSI PDU
↓ is wrapped in ↓
TCP Segment
↓ is wrapped in ↓
IP Datagram
↓ is wrapped in ↓
Ethernet Frame

Performance Deep Dive

iSCSI performance is not just about network speed; it's a balance of multiple factors. This section provides an interactive visualization of the trade-offs between different iSCSI initiator types. Explore how factors like CPU overhead and network stability impact performance, and learn about key tuning techniques like Jumbo Frames and hardware offload that are critical for demanding workloads.

Initiator Performance Profiles

Select an initiator type to see its typical performance characteristics. A higher value is better.

Jumbo Frames (MTU 9000)

A key tuning technique. By increasing the packet size from 1500 to 9000 bytes, you reduce the per-packet processing overhead. This lowers CPU utilization and can increase throughput, but must be configured end-to-end on all devices in the path (NICs, switches, targets).

Hardware Offload

Essential for high performance. TCP Offload Engines (TOE) move TCP/IP processing to the NIC. Full iSCSI HBAs offload both TCP/IP and iSCSI processing, resulting in the lowest latency and minimal host CPU impact, making iSCSI competitive with Fibre Channel.

Protocol Showdown

How does iSCSI stack up against its main alternatives? This section provides a direct, side-by-side comparison with traditional Fibre Channel (FC) and its converged cousin, Fibre Channel over Ethernet (FCoE). Use the tabs to switch between comparisons and understand the key differences in transport, performance, cost, and infrastructure requirements to make an informed decision.

Feature iSCSI Fibre Channel (FC)
TransportTCP/IP over standard EthernetDedicated FCP protocol over a lossless fabric
PerformanceHigher latency, sensitive to network congestionLower latency, predictable high performance
CostLower initial cost using commodity hardwareHigher cost due to specialized HBAs & switches
ComplexityLeverages existing IP skills; MPIO can be complexRequires specialized skills (WWNs, Zoning)
InfrastructureRuns on converged Ethernet networksRequires a separate, dedicated SAN fabric

Deployment Guide

Proper deployment is key to a stable and performant iSCSI SAN. This section provides a high-level guide to three critical areas: securing your storage traffic, discovering targets on the network, and implementing high availability through multipathing (MPIO). These best practices are essential for any production environment.

1. Security: A Layered Approach

Authentication (CHAP): Use Challenge-Handshake Authentication Protocol to verify initiator identity. The secret key is never sent over the wire.
Isolation (VLANs): The most effective step. Isolate iSCSI traffic on a dedicated network or VLAN to prevent unauthorized access and interference from other traffic.
Encryption (IPsec): For maximum security over untrusted networks, use IPsec to encrypt the entire data stream. Be aware of the potential performance overhead.

2. Discovery: Finding Your Storage

Static: Manually configure target IP addresses on each initiator. Simple, but doesn't scale.
SendTargets: The initiator queries a single target portal, which returns a list of all available targets. A common, dynamic method.
iSNS: A centralized server (Internet Storage Name Service) that acts like DNS for iSCSI, managing discovery for large environments.

3. High Availability: Multipathing (MPIO)

MPIO is non-negotiable for production. It provides fault tolerance and load balancing by creating multiple, redundant network paths from the initiator to the target. It is vastly superior to simple link aggregation (LAG/LACP) for storage traffic.

Simplified MPIO Topology
Server NIC 1
Server NIC 2
Switch A
Switch B
Storage Port A
Storage Port B

This redundant setup ensures that failure of a NIC, switch, or storage port does not cause an outage.

Common Use Cases

Thanks to its foundation on ubiquitous IP networking, iSCSI is a versatile protocol applied in many scenarios. From cost-sensitive small businesses to large enterprises and cloud providers, iSCSI provides the essential block storage needed for critical applications. Explore some of the most common use cases below.

🗄️

Virtualization Platforms

The most popular use case. iSCSI provides the shared storage necessary for hypervisor features like VMware vMotion, HA, and DRS, enabling flexible and resilient virtual machine management.

💽

Database Storage

Databases like SQL Server and Oracle often require direct block-level access for their data and log files. iSCSI provides this access over the network, though careful performance tuning is critical.

🔄

Backup & Disaster Recovery

iSCSI LUNs are ideal disk-based targets for backup software. Its ability to work over WANs also makes it perfect for replicating data to a remote DR site for business continuity.

🏢

SMB & Mid-Market SANs

iSCSI allows smaller organizations to build their first SAN, centralizing storage and improving efficiency without the high cost and complexity of traditional Fibre Channel.

☁️

Cloud Storage Integration

Major cloud providers offer block storage services accessible via iSCSI. This enables persistent storage for cloud-native applications and simplifies hybrid cloud data mobility.

🧪

Test & Development

Quickly and easily provision storage for dev/test environments without needing to physically cable new drives or consume expensive Tier-1 FC storage resources.