iSCSI or iSER configuration details for host connections

You must follow these configuration details for iSCSI or iSER host connections.

You can attach the system to Small Computer System Interface Over Internet Protocol (iSCSI) or iSER (iSCSI Extensions for RDMA) hosts by using the Ethernet ports of the systems.

Note: The system supports SAN devices that bridge iSCSI or iSER connections into a Fibre Channel network.
iSCSI or iSER connections route from hosts to the systems over the LAN. You must follow these configuration rules:
  • The system supports up to 1024 iSCSI or 256 iSER sessions per node.
  • The system currently supports one iSCSI or iSER connection per session.

Nodes have two or four Ethernet ports. These ports are either for 1 Gbps support, 10 Gbps support, or 25 Gbps support, depending on the model. On Storwize® V7000 2076-524 systems, the fourth port (1 Gbps) can be used only as the technician port.

For each Ethernet port on a node, a maximum of one IPv4 address and one IPv6 address can be designated for iSCSI or iSER I/O.

iSCSI or iSER hosts connect to the system through the node-port IP addresses, which can be assigned to any 25 Gbps Ethernet ports of the node. If the node fails, the address becomes unavailable and the host loses communication with the system via that node. To allow hosts to maintain access to data, the node-port IP addresses for the failed node are transferred to the partner node in the I/O group. The partner node handles requests for both its own node-port IP addresses and also for node-port IP addresses on the failed node. This process is known as node-port IP failover. In addition to node-port IP addresses, the iSCSI name and iSCSI alias for the failed node are also transferred to the partner node. After the failed node recovers, the node-port IP address and the iSCSI name and alias are returned to the original node.

Multiple configurations are supported if the following requirements are met:

  • System IP requirements: The system IP address provides access to the system management interfaces, including the management GUI, CLI, and CIMOM. The system IP address is also used to access remote services like authentication servers, NTP, SNMP, SMTP, and syslog systems, if configured.
    • Ethernet port 1 must be configured with an IPv4 or IPv6 system address.
    • Ethernet port 2 can optionally be configured with a system address.
    • A maximum of one IPv4 address and one IPv6 address can be configured on each of Ethernet ports 1 and 2 for system management.
    • To ensure system IP failover operations, Ethernet port 1 on all nodes must be connected to the same subnet. The system IP address can fail over to any node in the system.
    • If Ethernet port 2 is configured with a system IP address, Ethernet port 2 on all nodes must also be connected to the same subnet. However, the subnet for Ethernet port 2 does not have to be the same as Ethernet port 1.
    • System addresses can be configured only on ports 1 or 2.
  • iSCSI or iSER IP requirements: Node iSCSI or iSER IP addresses are used for host iSCSI I/O access to volumes. Node iSCSI or iSER IP addresses are also used to access a remote Internet Storage Name Service (iSNS) server, if configured.
    • Each node Ethernet port can be configured on the same subnet with the same gateway, or you can have each Ethernet port on separate subnets and use different gateways.
    • If you are configuring a system to use node Ethernet ports 1 and 2 for iSCSI or iSER I/O, ensure that the overall configuration also meets the system IP requirements that are listed previously.
    • To ensure iSCSI or iSER IP failover operations, nodes in the same I/O group must be connected to the same set of subnets on the same node ports. However, you can configure node Ethernet ports in different I/O groups to use different subnets and different gateways.
    • IP addresses configured for system management and service access must not be used for iSCSI or iSER I/O.
  • Common IP requirements:
    • Every IP address must be unique within the system and within the networks the system is attached to.
    • If node Ethernet ports are connected to different isolated networks, then a different subnet must be used for each network.

A volume can be mapped the same way either to a Fibre Channel host, an iSCSI host, or both.

For the latest maximum configuration support information, search for Configuration Limits and Restrictions and your product name at the following website:

www.ibm.com/support

The system supports the following I/O descriptions:
  • I/O from different initiators in the same host to the same I/O group
  • I/O from different initiators in different hosts to the same volumes
  • I/O from Fibre Channel and iSCSI initiators in different hosts to the same volumes
I/O from Fibre Channel and iSCSI initiators in the same hosts to the same volumes is not supported.

A clustered Ethernet port consists of one Ethernet port from each node in the clustered system that is connected to the same Ethernet switch. Ethernet configuration commands can be used for clustered Ethernet ports or node Ethernet ports. Systems can be configured with redundant Ethernet networks.

To assign an IP address to each node Ethernet port for iSCSI I/O, use the management GUI or the cfgportip command. The MTU parameter of the CLI command specifies the maximum transmission unit (MTU) to improve iSCSI performance.

You can configure iSNS to facilitate scalable configuration and management of iSCSI storage devices. Currently, you can have only one type of protocol that is used by the iSNS server at a time: either IPv4 or IPv6. For example, if you try to configure an IPv6 iSNS IP address when you already configured an IPv4 iSNS IP address, the new IPv6 IP address becomes the iSNS IP address. The old IP address can no longer be used for iSNS function.

iSER supports one-way authentication through the Challenge Handshake Authentication Protocol (CHAP): iSER target authenticating iSCSI initiators.

iSCSI supports two types of authentication through the Challenge Handshake Authentication Protocol:
  1. One-way authentication: iSCSI target authenticating iSCSI initiators
  2. Two-way (mutual) authentication: iSCSI target authenticating iSCSI initiators, and vice versa.
Attention: With the iSCSI initiator, you can set two passwords: one for discovery and another for iSCSI session I/O. However, the system requires that both passwords for each type of authentication are the same. That is, two identical passwords for one-way CHAP, and two identical passwords for two-way CHAP that are different from those passwords for one-way CHAP.

You can map an iSCSI or iSER host to volumes that are accessible through multiple I/O groups. iSCSI or iSER hosts can access volumes that are accessible through multiple I/O groups (and single I/O groups). An iSCSI or iSER host that is mapped to a volume that is accessible through multiple I/O groups is online if it has at least one active iSCSI or iSER session with each I/O group of the access set. If volumes are not mapped to an iSCSI or iSER host, it is degraded. If a volume is mapped to an iSCSI or iSER host but there no active iSCSI or iSER sessions to any I/O group part of the volume access set, the host status is offline.

If an iSCSI or iSER host does not have a multipath driver that is installed and the host is mapped to a volume that is accessible through multiple I/O groups, the host status is always degraded. Only a single path between the host and system I/O groups is supported in such a scenario. This single path is true also for AIX, which does not have a multipath driver that supports iSCSI.

iSCSI hosts that have a multipath driver that is installed can be moved nondisruptively. However, this capability does not include IBM AIX host attachment as it does not support multipath functions.

iSCSI or iSER attached hosts are supported by HyperSwap® volumes. However, the HyperSwap function requires that the host multipath driver be configured to use an ALUA-based path policy. The HyperSwap function is not supported for AIX iSCSI hosts that do not have a multipath driver installed.

iSCSI or iSER protocol limitations

When you use an iSCSI or iSER connection, you must consider the iSCSI or iSER protocol limitations:
  • There is no SLP support for discovery.
  • Header and data digest support is provided only if the initiator is configured to negotiate.
  • Only one connection per session is supported.
  • A maximum of 1024 iSCSI or 256 iSER sessions per iSCSI or iSER target is supported.
  • Only ErrorRecoveryLevel 0 (session restart) is supported.
  • The behavior of a host that supports both Fibre Channel and iSCSI or iSER connections and accesses a single volume can be unpredictable and depends on the multi-pathing software.
  • A maximum of four sessions can come from one iSCSI initiator to an iSCSI or iSER target.
The following iSCSI or iSER session parameters are supported:
initial_r2t = 1
immediate_data = 0
max_connections = 1
Max_recv_segment_data_length = 32k
max_xmit_data_length = 32k
max_burst_length = 32k
first_burst_length = 32k
default_wait_time = 2
default_retain_time = 20
max_outstanding_r2t = 1
data_pdu_inorder = 1
data_sequence_inorder = 1
error_recovery_level = 0
header_digest = CRC32C,None
data_digest = CRC32C,None
ofmarker = 0
ifmarker = 0
ofmarkint = 2048
ifmarkint = 2048