What is iSCSI?
iSCSI encapsulates standard SCSI commands into TCP/IP packets, allowing servers to access consolidated storage arrays over standard Ethernet networks as if they were directly attached disk drives.
Block Storage over IP
iSCSI (Internet Small Computer System Interface) encapsulates standard SCSI commands into TCP/IP packets. This allows servers to access consolidated storage arrays over a standard Ethernet network as if they were directly attached disk drives.
Cost-Effective SANs
A primary driver for iSCSI is its ability to leverage existing, commodity Ethernet hardware and networking expertise. This provides a lower-cost alternative to dedicated Fibre Channel (FC) SANs, which require specialized adapters, switches, and skills.
The Standard: RFC 7143
The definitive iSCSI protocol is specified in IETF's RFC 7143. This document consolidates and supersedes earlier standards, providing a single, authoritative reference for ensuring interoperability between different vendor implementations.
Core Architecture
Understanding the fundamental building blocks of the iSCSI protocol, including the client-server relationship between Initiators and Targets, and the multi-layered encapsulation process.
Components: Initiator & Target
iSCSI Initiator (The Client)
Resides on the host server that needs storage. It initiates requests by sending SCSI commands to a target. It can be a software driver using a standard NIC or a dedicated hardware adapter (iSCSI HBA) that offloads processing from the host CPU.
iSCSI Target (The Server)
Resides on the storage array or server that provides storage. It listens for commands from initiators, executes them, and returns data and status. It presents storage as numbered block devices called Logical Units (LUNs).
The Encapsulation Process
Click on each layer to see its role. iSCSI works by wrapping SCSI commands in multiple network layers for transport across an IP network.
Description: The original storage command (e.g., Read, Write) generated by the server's operating system.
Description: The iSCSI Protocol Data Unit (PDU) adds an iSCSI header for session management, command sequencing, and control.
Description: The TCP header provides reliable, in-order, connection-oriented delivery. It handles packet loss and reassembly, which is critical for storage.
Description: The IP header adds source and destination IP addresses, making the packet routable across local and wide area networks.
Description: The Ethernet frame adds source and destination MAC addresses for delivery on the local network segment.
Performance Deep Dive
iSCSI performance is not just about network speed; it's a balance of multiple factors. This section provides an interactive visualization of the trade-offs between different iSCSI initiator types.
Initiator Performance Profiles
Select an initiator type to see its typical performance characteristics. A higher value is better.
Jumbo Frames (MTU 9000)
A key tuning technique. By increasing the packet size from 1500 to 9000 bytes, you reduce the per-packet processing overhead. This lowers CPU utilization and can increase throughput, but must be configured end-to-end on all devices in the path (NICs, switches, targets).
Hardware Offload
Essential for high performance. TCP Offload Engines (TOE) move TCP/IP processing to the NIC. Full iSCSI HBAs offload both TCP/IP and iSCSI processing, resulting in the lowest latency and minimal host CPU impact, making iSCSI competitive with Fibre Channel.
Protocol Showdown
How does iSCSI stack up against its main alternatives? Use the tabs to compare iSCSI with traditional Fibre Channel (FC) and Fibre Channel over Ethernet (FCoE).
| Feature | iSCSI | Fibre Channel (FC) |
|---|---|---|
| Transport | TCP/IP over standard Ethernet | Dedicated FCP protocol over a lossless fabric |
| Performance | Higher latency, sensitive to network congestion | Lower latency, predictable high performance |
| Cost | Lower initial cost using commodity hardware | Higher cost due to specialized HBAs & switches |
| Complexity | Leverages existing IP skills; MPIO can be complex | Requires specialized skills (WWNs, Zoning) |
| Infrastructure | Runs on converged Ethernet networks | Requires a separate, dedicated SAN fabric |
| Feature | iSCSI | Fibre Channel over Ethernet (FCoE) |
|---|---|---|
| Encapsulation | SCSI within TCP/IP | FC frames directly within Ethernet frames |
| Infrastructure | Standard Ethernet (DCB optional) | Requires lossless Ethernet (DCB mandatory) |
| Hardware | Standard NICs, TOE NICs, or iSCSI HBAs | Converged Network Adapters (CNAs) |
| Performance Goal | Good performance over flexible IP | Aims for native FC performance over Ethernet |
Deployment Guide
Proper deployment is key to a stable and performant iSCSI SAN. This section covers security, discovery, and high availability through multipathing.
1. Security: A Layered Approach
Authentication (CHAP)
Use Challenge-Handshake Authentication Protocol to verify initiator identity. The secret key is never sent over the wire.
Isolation (VLANs)
The most effective step. Isolate iSCSI traffic on a dedicated network or VLAN to prevent unauthorized access and interference from other traffic.
Encryption (IPsec)
For maximum security over untrusted networks, use IPsec to encrypt the entire data stream. Be aware of the potential performance overhead.
2. Discovery: Finding Your Storage
Static
Manually configure target IP addresses on each initiator. Simple, but doesn't scale.
SendTargets
The initiator queries a single target portal, which returns a list of all available targets. A common, dynamic method.
iSNS
A centralized server (Internet Storage Name Service) that acts like DNS for iSCSI, managing discovery for large environments.
3. High Availability: Multipathing (MPIO)
MPIO is non-negotiable for production. It provides fault tolerance and load balancing by creating multiple, redundant network paths from the initiator to the target.
This redundant setup ensures that failure of a NIC, switch, or storage port does not cause an outage.
Common Use Cases
Thanks to its foundation on ubiquitous IP networking, iSCSI is a versatile protocol applied in many scenarios from small businesses to large enterprises.
Virtualization Platforms
The most popular use case. iSCSI provides the shared storage necessary for hypervisor features like VMware vMotion, HA, and DRS, enabling flexible and resilient virtual machine management.
Database Storage
Databases like SQL Server and Oracle often require direct block-level access for their data and log files. iSCSI provides this access over the network, though careful performance tuning is critical.
Backup & Disaster Recovery
iSCSI LUNs are ideal disk-based targets for backup software. Its ability to work over WANs also makes it perfect for replicating data to a remote DR site for business continuity.
SMB & Mid-Market SANs
iSCSI allows smaller organizations to build their first SAN, centralizing storage and improving efficiency without the high cost and complexity of traditional Fibre Channel.
Cloud Storage Integration
Major cloud providers offer block storage services accessible via iSCSI. This enables persistent storage for cloud-native applications and simplifies hybrid cloud data mobility.
Test & Development
Quickly and easily provision storage for dev/test environments without needing to physically cable new drives or consume expensive Tier-1 FC storage resources.