iSCSI - An emerging Protocol

MADHUKAR GUNJAN
LSI Technologies (ESG)
Network Storage Models

Network Storage Models

• Expansion beyond server’s internal

drive capacity
• Storage resources are assigned to servers
• High performance SCSI or Fibre
Channel connections
• Sharing storage resources is not provided
• Operating distances are very short
• Tape backup
• Storage Resources moved to the front
end of the network
• Stored data is shared: single copy
sharing
• Uses file system calls – NFS,CIFS
• Storage traffic travels across the
messaging network “LAN”
• The LAN performance is impacted
• Pooling of external storage devices for better
utilization
and availability
• LAN-free backup
• Non-disruptive expansion and maintenance
• Leverage existing staff to manage three or four
times more storage
• SAN ROI estimates* range from 65-297 percent

LSI Proprietary 2
SCSI Protocols and Standards

SCSI Architecture (SAM)

& Commands (SCSI-3) T11
Fibre Channel
T10 FCP VI FICON IP (RFC 4338)

Parallel
SCSI FC-2
iSCSI FC-1 TCP
FCIP
TCP FC-0 IP
iFCP
IP

SCSI Cables IETF

Any IP FC Fibers, Any IP
Network Hubs, Switches Network

LSI Proprietary 3
iSCSI - Data Encapsulation Into Packets

• iSCSI is a transport protocol for SCSI that operates on top of TCP

through encapsulation of SCSI commands in a TCP/IP stream. Enables
the transport of I/O Block data over IP Networks.

Ethernet IP TCP iSCSI iSCSI DATA CRC

Header Header Header
Header

Delivery of iSCSI Protocol Data Unit (PDU) for SCSI

functionality (initiator, target, data read/write, etc.)

Reliable data transport and delivery (TCP Windows, ACKs,

ordering, etc.) Also Demux within node ( port numbers )

Provides IP “routing” capability so that packet can

find its way through the network
Provides physical network capability (Cat 5, MAC, etc.)
LSI Proprietary 4
SCSI to iSCSI Mapping - STACK
SOFTWARE
INITIATOR
HARDWARE
INITIATOR
• Transport Layer :
Application Application § Multiplexing , Fragmentation ,
Port link Establishment( Default
H
3260)
OS OS
§ Flow control Using Sliding
O
SCSI SCSI
Window Protocol
S
iSCSI Source driver iSCSI source driver § Synchronize Out of order packet
T
1.Command processing 1.Command processing
2.Login
and Discarded Packet
2.Login
3.Session management
3.Session management
4.Authentication
4.Authentication
• Internet Protocol Layer :
T
1.Connection iSCSI chip
§ Network layer to IP-Based SAN
management
O
2.Chip interface
firmware
§ Maintains IP address
iSCSI CRC
E 3.Data transfer
§ IP Routers & Switches used to
/
N
TCP / IP TCP/IP offload transfer iSCSI PDU.
I Ethernet Ethernet

C
Physical
Physical
• Data Link Layer :
Interface
interface § Gigabit Ethernet (GbE)
§ Improves Performance upon FC
§ 10 GbE yet to Implement

LSI Proprietary 5
iSCSI Architecture
• 2x 1Gbps Ethernet Port/ Controller
• Block access to remote storage
over IP
• Auto-negotiate to 1000/100/10Mb/s.
• Supports IPv4 Only
• Configuration Parameters
§ IP Address Per Port
§ Supports Manual or DHCP
§ Configuration
§ Do Not Support remote
§ shell (RSH) or remote login.

§ Host can access Target via GUI or CLI remotely.

§ Supports all the Ethernet services and the protocol
§ Gigabit Ethernet Switch , Gateway and Router act as Connecter for
route , switch and protocol conversion.

LSI Proprietary 6
iSCSI Naming Convention

• iSCSI Name:
§ Identifies iSCSI node and its encapsulated SCSI device
§ Used in authentication of targets to initiators
§ Must be world wide unique
§ Utilized existing naming authorities
§ Human readable 233 character name

• eqn – IEEE EUI-64 Name

Name based on Fibre Channel EUI-64 identifier

• iqn – iSCSI Qualified Name

LSI Proprietary 7
An iSCSI Session
• iSCSI Connection:
§ Verify a TCP connection over which the initiator
and target communicate via iSCSI PDUs.
§ Verify uniquely identified in a session by an
initiator defined connection ID (CID).
§ Verify the response and any data associated
with an iSCSI command must be returned on
the same connection.

• iSCSI Session:
§ Verify a set of iSCSI connections that link an
iSCSI initiator and target.
§ Verify uniquely identified by a 64 bit Session ID
(SID) built from a 48 bit initiator defined Initiator
Session ID (ISID) and a 16 bit target defined
Target Session Identifying Handle (TSIH).
§ Verify resources of a target (i.e., LUNs) must be
identical across all connections that make up a
session.
§ Verify commands can be alternated across all
connections in a session for bandwidth
aggregation.
§ Verify error recovery connections can be
created on the same network portal as a failed
connection.

LSI Proprietary 8
An iSCSI Login
• Login Process:
§ A sequence of Login Request PDUs from initiator and Login Response
PDU’s from target.
§ Authentication and operational parameter data is passed between initiator
and target in named key/value pairs in the PDU data segments:

Example Data Segment from a leading iSCSI Login Request

InitiatorName=eui.madhukar7
InitiatorAlias=maddy
AuthMethod=None,CHAP
TargetName=eui.FEDCBA0987654321
TargetAddress=storagearray:3270:3
SessionType=Normal
Example Reply from the storage array
TargetAlias=gunjanArray
AuthMethod=None
TargetPortalGroupTag=3

§ During login, only the Login Request, Logout Request, and Reject PDUs are
allowed

LSI Proprietary 9
iSCSI – Multiple Management Configuration
• Management Topology • Single Path Topology

• Dual Path Topology • Redundant Dual Path Topology

LSI Proprietary 10
iSCSI Security: Protect valuable data
• Secure IP connection
§ Integrity, authentication, and confidentiality
§ Based on IKE and ESP (IPsec components)

• Extensive applied security requirements

§ Selection of Integrity (MAC) and encryption algorithms
§ Profile for usage of IKE authentication and key mgt.

• Inband Authentication (part of Login)

§ SRP, CHAP, Kerberos, and other mechanisms
§ CHAP with strong secrets is required
- Can’t use passwords
§ iSCSI CHAP: Stronger than basic CHAP
- When specification is followed

LSI Proprietary 11
CHAP Authentication Protocol
• Based on shared secret, random challenge
§ Uses a secure (one-way) hash, usually MD5
§ One-way hash: Computationally infeasible to invert

Secret
Challenge Secret

Hash
Hash
Response
=?

Host Storage
LSI Proprietary 12
 FCIP iFCP iSCSI

•TCP/IP based protocol for interconnecting Fibre

•Provides a mechanism to tunnel Fibre
Channel storage devices or FC SANs using an IP iSCSI is a transport protocol for SCSI that operates
Channel over IP based networks
infrastructure to complement or replace Fibre Channel on top of TCP through encapsulation of SCSI
•Leverage IP infrastructure to interconnect
switching and routing elements commands in a TCP/IP stream
and extend FC SAN
•Lower layer FC transport is replaced with TCP/IP and Builds on SCSI and Ethernet technologies
•FCIP Gateways enable to connect to a
Gigabit Ethernet. Enables the transport of I/O block data over IP
standard Gigabit Ethernet/IP network.
•Enables the rapid deployment of IP based SANs networks
•Cost effective
linking to FC SANs Manage IP based storage networks with existing tools
•Can be deployed over LANs, MANs and
•Enables highly scalable implementations using and IT expertise
WANs
existing FC SANs

LSI Proprietary 13
Product Performance – MB/sec
Drive Dual Quad
Type FC-FC FC-FC FC-SAS SAS- SAS iSCSI-SAS

Sustained throughput
1600 MB/s 1800 MB/s 1600 MB/s 1600 MB/s 400 MB/s
cache read (512k)

Sustained throughput
FC 850 MB/s 850 MB/s
disk read (512k)

SAS 800 MB/s 800 MB/s 400 MB/s

SATA 800 MB/s 800 MB/s 400 MB/s

Sustained throughput
FC 800 MB/s 800 MB/s
disk write (512k)

Cache mirroring disabled SAS 750 MB/s 750 MB/s 400 MB/s

Cache mirroring disabled SATA 750 MB/s 750 MB/s 400 MB/s

Sustained throughput
FC 350 MB/s 350 MB/s
disk write (512k)

Cache mirroring enabled SAS 350 MB/s 350 MB/s 350 MB/s

Cache mirroring enabled SATA 350 MB/s 350 MB/s 350 MB/s

Number of drives required for

FC 64D / 8T 64D / 8T
benchmark test and code thread

SAS 48D / 8T 48D / 8T 48D / 8T

SATA 48D / 8T 48D / 8T 48D / 8T

LSI Proprietary 14
Trend - Current $ Future
2003 Open Systems
• Predictions of the size of the External Storage

iSCSI market have historically iSCSI

DAS
41%
missed the mark by a long shot, NAS
0%

• IDC predicts that the iSCSI 12%

market will leap from about $300

million in 2005 to more than $3 SAN (FC)
billion in 2008. 47%

• Number of start-ups (e.g., LSI

Technologies, Intransa, and
LeftHand Networks) and one
large vendor (Network Appliance)
bang the IP SAN drum loudly, 2008 Open Systems
External Storage
many market heavy weights pay iSCSI DAS
little more than lip service to 15% 17%
iSCSI,
NAS
• More than 6,000 enterprises have 17%
deployed iSCSI,
SAN (FC)
51%

LSI Proprietary 15