Professional Documents
Culture Documents
iSCSI Gateway Service: Administrator's Guide
iSCSI Gateway Service: Administrator's Guide
30 March 2010
Asia-Pacific Headquarters
Brocade Communications Systems China HK, Ltd.
No. 1 Guanghua Road
Chao Yang District
Units 2718 and 2818
Beijing 100020, China
Tel: +8610 6588 8888
Fax: +8610 6588 9999
E-mail: china-info@brocade.com
European Headquarters
Brocade Communications Switzerland Srl
Centre Swissair
Tour B - 4me tage
29, Route de l'Aroport
Case Postale 105
CH-1215 Genve 15
Switzerland
Tel: +41 22 799 5640
Fax: +41 22 799 5641
E-mail: emea-info@brocade.com
Asia-Pacific Headquarters
Brocade Communications Systems Co., Ltd. (Shenzhen WFOE)
Citic Plaza
No. 233 Tian He Road North
Unit 1308 13th Floor
Guangzhou, China
Tel: +8620 3891 2000
Fax: +8620 3891 2111
E-mail: china-info@brocade.com
Document History
Title
Publication number
Summary of changes
Date
53-1001816-01
New document
March 2010
Contents
Chapter 1
iii
Chapter 2
Chapter 3
Chapter 4
Chapter 5
iv
Chapter 6
Troubleshooting iSCSI
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Index
vi
Figures
Figure 1
Figure 2
Figure 3
iSCSI-to-FC translation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Figure 4
Figure 5
Figure 6
IQN example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Figure 7
Figure 8
FC4-16IP ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Figure 9
Figure 10
vii
viii
In this chapter
How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Whats new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Additional information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Chapter 1, Introduction to the iSCSI Gateway Service, describes the iSCSI gateway service
supported on the Brocade 48000 director running Fabric OS v6.1.0 or higher with one or more
iSCSI-enabled FC4-16IP blades.
Chapter 2, Configuring the FC4-16IP Blade, provides the initial setup steps to deploy an iSCSI
gateway solution.
Chapter 3, Configuring iSCSI Virtual Targets, describes how to create iSCSI virtual targets,
discovery domains, and discovery domain sets. It also describes how to configure
iSCSI VT-to-iSCSI initiator authentication.
Chapter 4, Creating the iSCSI FC Zone, describes how to create an iSCSI zone for discovery
domains.
Chapter 5, Administering the iSNS Client, describes how to enable the iSNS client on an iSCSI
gateway and configure it with an iSNS server.
ix
Document conventions
This section describes text formatting conventions and important notice formats used in this
document.
Text formatting
The narrative-text formatting conventions that are used are as follows:
bold text
italic text
Provides emphasis
Identifies variables
Identifies paths and Internet addresses
Identifies document titles
code text
For readability, command names in the narrative portions of this guide are presented in mixed
lettercase: for example, switchShow. In actual examples, command lettercase is all lowercase.
command
--option, option
-argument, arg
Arguments.
[]
Optional element.
variable
Variables are printed in italics. In the help pages, values are underlined or
enclosed in angled brackets < >.
...
value
Fixed values following arguments are printed in plain font. For example,
--show WWN
Command examples
This book describes how to perform configuration tasks using the Fabric OS command line
interface, but does not describe the commands in detail. For complete descriptions of all Fabric OS
commands, including syntax, operand description, and sample output, see the Fabric OS
Command Reference.
NOTE
A note provides a tip, guidance or advice, emphasizes important information, or provides a reference
to related information.
ATTENTION
An Attention statement indicates potential damage to hardware or data.
CAUTION
A Caution statement alerts you to situations that can be potentially hazardous to you or cause
damage to hardware, firmware, software, or data.
DANGER
A Danger statement indicates conditions or situations that can be potentially lethal or extremely
hazardous to you. Safety labels are also attached directly to products to warn of these conditions
or situations.
Key terms
For definitions specific to Brocade and Fibre Channel, see the technical glossaries on MyBrocade.
See Brocade resources on page xii for instructions on accessing MyBrocade.
For definitions of SAN-specific terms, visit the Storage Networking Industry Association online
dictionary at:
http://www.snia.org/education/dictionary
xi
Microsoft Corporation
Sun, Solaris
Netscape
Additional information
This section lists additional Brocade and industry-specific documentation that you might find
helpful.
Brocade resources
To get up-to-the-minute information, go to http://my.brocade.com to register at no cost for a user ID
and password.
For practical discussions about SAN design, implementation, and maintenance, you can obtain
Building SANs with Brocade Fabric Switches through:
http://www.amazon.com
White papers, online demos, and data sheets are available through the Brocade Web site at:
http://www.brocade.com/products-solutions/products/index.page
For additional Brocade documentation, visit the Brocade Web site:
http://www.brocade.com
Release notes are available on the MyBrocade web site and are also bundled with the Fabric OS
firmware.
xii
Switch model
Switch operating system version
Software name and software version, if applicable
Error numbers and messages received
supportSave command output
Detailed description of the problem, including the switch or fabric behavior immediately
following the problem, and specific questions
Brocade 300, 4100, 4900, 5100, 5300, 7500, 7800, 8000, and Brocade Encryption
SwitchOn the switch ID pull-out tab located inside the chassis on the port side on the left
Brocade 5000On the switch ID pull-out tab located on the bottom of the port side of the
switch
xiii
Document feedback
Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and
completeness of this document. However, if you find an error or an omission, or you think that a
topic needs further development, we want to hear from you. Forward your feedback to:
documentation@brocade.com
Provide the title and version number of the document and as much detail as possible about your
comment, including the topic heading and page number and your suggestions for improvement.
xiv
Chapter
In this chapter
iSCSI gateway service overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iSCSI session translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Basic and advanced LUN mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iSCSI component identification of the IQN prefix . . . . . . . . . . . . . . . . . . . . . .
Access control with discovery domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Switch-to-iSCSI initiator authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Load balancing through connection redirection . . . . . . . . . . . . . . . . . . . . . . .
Supported iSCSI initiators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Checklist for configuring iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
2
3
4
5
6
6
8
8
F C target 1
iS C S I
initiator
IP
network
L UNs
S AN
L UNs
F C target 2
FIGURE 1
The iSCSI gateway provides the following services to the iSCSI initiators:
NOTE
The FC4-16IP iSCSI gateway service is not compatible with other iSCSI gateway platforms, including
Brocade iSCSI Gateway or the Brocade Multiprotocol Router.
F C 4-16IP iS C S I gateway
L UNs
FC
portal
IP
portal
IP
network
iS C S I virtual
target (V T )
iS C S I virtual
initiator (V I)
L UNs
FC
target 2
FC
IP
FIGURE 2
S AN
The Brocade FC4-16IP blade acts as an iSCSI gateway between FC-attached targets and iSCSI
initiators. On the iSCSI initiator, iSCSI is mapped between the SCSI driver and the TCP/IP stack. At
the iSCSI gateway port, the incoming iSCSI data is converted to FCP (SCSI on FC) by the iSCSI
virtual initiator, and then forwarded to the FC target. This allows low-cost servers to leverage an
existing FC infrastructure.
To represent all iSCSI initiators and sessions, each iSCSI portal has one iSCSI virtual initiator (VI) to
the FC fabric that appears as an N_Port device with a special WWN format. Regardless of the
number of iSCSI initiators or iSCSI sessions sharing the portal, Fabric OS uses one iSCSI VI per
iSCSI portal.
Figure 3 shows the interaction of different layers from the iSCSI initiator stack to the FC target
stack, including the iSCSI gateway service used during protocol translation.
Application
S torage
(device s erver)
SCSI
SCSI
iS C S I
iS C S I
F C P (F C -4)
FCP
T C P /IP
T C P /IP
F C (F C -2/F C -3)
FC
iS C S I initiator
iS C S I virtual
target (V T )
iS C S I virtual
initiator (V I)
F C target
iS C S I gateway s ervic e
40. 3
FIGURE 3
iSCSI-to-FC translation
iS C S I virtual target (V T )
F C target
LUN
LUN
3
40. 9
FIGURE 4
F C target 1
LUN
0
iS C S I virtual target 1
LUN
F C target 2
iS C S I virtual target 2
LUN
0
LUN
20
21
22
iS C S I virtual target 3
23
LUN
24
25
FIGURE 5
Figure 6 shows an iSCSI gateway that has three iSCSI VTs and two iSCSI initiators.
iS C S I initiator A
iqn.2003-11.c om.mic ros oft: win2k-s n-192168101
iS C S I virtual targets (V T s )
VT 1
iqn.2002-12.c om.broc ade: 10: 00: 00: 05: 1e: aa: bb: c c
IP Network
VT 2
iqn.2002-12.c om.broc ade: 10: 00: 00: 05: 1e: c c : bb: aa
VT 3
iqn.2002-12.c om.broc ade: 10: 00: 00: 05: 1e: bb: c c : aa
iS C S I initiator B
iiqn.2003-11.c om.mic ros oft: win2k-s n-192168102
FIGURE 6
iS C S I gateway s ervic e
IQN example
You may create a different IQN prefix using the iscsiSwCfg --modifygw -t tgtname command. The
prefix portion may be used to identify companies or organizations (for example, Brocade or
Microsoft). Your organization may suggest or require a specific format for the prefix portion of the
IQN.
Figure 7 shows a discovery domain set (DDSet 1) that contains two discovery domains (DD1 and
DD2). When DDSet 1 is active, iSCSI initiator A can access only iSCSI VT 1 and iSCSI initiator B can
access only VT 2 and VT 3.
DDS et 1
iS C S I virtual targets (V T s )
DD1
iS C S I initiator A
VT 1
IP network
VT 2
VT 3
iS C S I initiator B
DD2
FIGURE 7
iS C S I gateway s ervic e
NOTE
iSCSI gateway service does not support IPSec.
To disable connection redirection, use the iscsiSwCfg --disableconn command. For the
Brocade 48000 director, the -s slot_number option can be used to disable connection
redirection for specific slots, and the all option may be used to disable connection
redirection for all slots.
The following example disables connection redirection for ports on a blade located in slot
9.
switch:admin> iscsiswcfg --disableconn -s 9
The operation completed successfully
TABLE 1
Linux
RH EL 4 default initiator.
2.6.10 - 4.0.2 iSCSI initiator (SourceForge,Net initiator).
2.4.20 - 3.6.2 iSCSI initiator (SourceForge,Net initiator).
SUSE 9.
SUSE 10.
Solaris
iSCSI is built-in with the 5.11 with the latest Solaris Express release.
AIX
HP-UX
11i v1 - B.11.23.03e
11 iv2 - B.11.23.03e
NIC/TOE cards
iSCSI HBAs
Alacritech SES2002XT
Qlogic 4050c
NOTE
You can also configure the iSCSI gateway service through the Web Tools graphical user interface as
an alternative to the command line interface. Refer to the Web Tools Administrators Guide for
descriptions of GUI-based configuration procedures.
TABLE 2
Step
Command
Procedure
13 Commit configuration
(items configured in steps
4-9).
zoneCreate zonename,
member,member,..."
16 Enable zone
configuration.
cfgEnable cfgname
page 30
Creating and enabling a zoning
configuration on page 33
TABLE 2
Step
17
(Optional) Enable
connection redirection for
load balancing.
10
Command
Procedure
iscsiSwCfg --enableconn -s
slot number | all
Chapter
In this chapter
FC4-16IP port numbering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling the iSCSI gateway service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling GbE ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring the GbE interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11
12
13
14
NOTE
11
s c al e:
5/ 16" = 1"
56-0000590-01 Rev A
!
ge7
ge7
ge6
ge5
ge4
G bE ports
GE
ge3
ge2
ge1
ge0
ge0
7
F C ports
FC
3
FC4
16IP
40. 1
FIGURE 8
FC4-16IP ports
12
disabled
disabled
disabled
3. Enter the fosConfig --enable command to enable the iSCSI gateway service.
switch:admin> fosconfig --enable iscsi
iSCSI service is enabled
disabled
enabled
disabled
NOTE
The GbE port number port_number below is entered geX; where X is from 0 through 7.
For example ge1 (see Figure 8 on page 12).
1. Connect and log in to the switch.
2. Enter the portCfgShow command with the blade slot number and GbE port number parameters
to display the Persistent Disable setting of the port.
switch:admin> portcfgshow 10/ge0
Mode:
ISCSI
Persistent Disable:
ON
Ipif configuration:
Interface
IP Address
NetMask
MTU
---------------------------------------------------------0
30.0.130.100
255.255.0.0
1500
Arp configuration:
IP Address
Mac Address
-----------------------------Iproute Configuration:
IP Address
Mask
Gateway
Metric
------------------------------------------------------
13
4. Enter the portCfgShow command with the slot number and GbE port number to verify that the
port is persistently enabled.
In the following sample output, the Persistent Disable setting is set to OFF.
switch:admin> portcfgshow 10/ge0
Mode:
ISCSI
Persistent Disable:
OFF
Ipif configuration:
Interface
IP Address
NetMask
MTU
---------------------------------------------------------0
30.0.130.100
255.255.0.0
1500
Arp configuration:
IP Address
Mac Address
-----------------------------Iproute Configuration:
IP Address
Mask
Gateway
Metric
------------------------------------------------------
You can set the TCP/IP parameters of a GbE port even when iSCSI gateway service is disabled.
Address resolution protocol (ARP) entries for the IP interfaces are created automatically when you
verify the network connectivity using the ping command. You can add additional ARP entries if you
wish.
Optionally, you can define static routes to reach the destination IP through a preferred gateway. The
gateway must be on the same subnet as the GbE port. You can specify a maximum of 32 routes per
GbE port.
1. Connect and log in to the switch.
2. Enter the portCfg command as follows to assign an IP address, subnet mask, and maximum
packet size of the interface:
switch:admin> portcfg ipif 3/ge0 create 30.0.127.30 255.255.0.0 8256
NOTE
1500 bytes is the standard maximum packet size in an IP network. If your network supports
jumbo packets, a value of 8256 can improve performance. The range allowed is 1500 to 8256
KB.
3. Enter the portShow command to verify the settings:
switch:admin> portshow ipif 3/ge0
Slot: 3 Port: ge0
Interface IP Address
NetMask
Effective MTU Flags
------------------------------------------------------------0
30.0.127.30
255.255.0.0
8256
14
4. (Optional) Enter the portCfg command to define static routes to reach the destination IP
through a preferred gateway.
switch:admin> portcfg iproute 3/ge0 create 0.0.0.0 0.0.0.0 30.0.0.1 1
Operation Succeeded
The gateway must be on the same subnet as the GbE port. You can specify a maximum of 32
routes per GbE port.
5. (Optional) Verify the route as follows:
switch:admin> portshow iproute 3/ge0
Slot: 3 Port: ge0
IP Address
Mask
Gateway
Metric
Flags
------------------------------------------------------------0.0.0.0
0.0.0.0
30.0.0.1
1
30.0.0.0
255.255.0.0
30.0.127.30
0
Interface
7.
(Optional) Enter the portCfg arp command to configure additional ARP entries.
switch:admin> portcfg arp 3/ge0 add 30.0.30.11 00:0F:1F:69:99:88
Operation Succeeded
15
16
Chapter
In this chapter
iSCSI virtual target configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Discovery domain and domain set configuration . . . . . . . . . . . . . . . . . . . . .
iSCSI initiator-to-VT authentication configuration . . . . . . . . . . . . . . . . . . . . .
Committing the iSCSI-related configuration . . . . . . . . . . . . . . . . . . . . . . . . .
Resolving conflicts between iSCSI configurations. . . . . . . . . . . . . . . . . . . . .
LUN masking considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17
22
24
25
26
27
An iSCSI VT may be created for every FC target. IQNs are created automatically, using the port
WWNs as the user defined portion of the IQN.
A port WWN may be specified to create one ISCSI VT with all LUNs for that FC target. The WWN
of the FC target is used as the user defined portion of the IQN.
17
IQNs are created. The default value of iqn.2002-12.com.brocade, is used for the prefix
unless it has been changed by using the iscsiSwCfg --modifygw -t tgtname command. The port
WWN is used as the user-defined portion of the IQN.
The following is an example.
switch:admin> iscsicfg --easycreate tgt
This will create iSCSI targets for ALL FC targets.
This could be a long-running operation. Continue [N]: y
Index
FC WWN
iSCSI Name
Status
9
2e:1f:00:06:2b:0d:10:ba
iqn.2002-12.com.brocade:2e:1f:00:06:2b:0d:10:ba
Operation Succeeded
10
2e:3f:00:06:2b:0d:10:ba
iqn.2002-12.com.brocade:2e:3f:00:06:2b:0d:10:ba
Operation Succeeded
11
2e:5f:00:06:2b:0d:10:ba
iqn.2002-12.com.brocade:2e:5f:00:06:2b:0d:10:ba
Operation Succeeded
12
2e:7f:00:06:2b:0d:10:ba
iqn.2002-12.com.brocade:2e:7f:00:06:2b:0d:10:ba
Operation Succeeded
13
2e:9f:00:06:2b:0d:10:ba
iqn.2002-12.com.brocade:2e:9f:00:06:2b:0d:10:ba
Operation Succeeded
14
2e:bf:00:06:2b:0d:10:ba
iqn.2002-12.com.brocade:2e:bf:00:06:2b:0d:10:ba
Operation Succeeded
4. Enter the iscsiCfg --show tgt command to display the iSCSI target database entries.
The following is an example.
switch:admin> iscsicfg --show tgt
Number of records found: 6
18
Name:
State/Status:
iqn.2002-12.com.brocade:2e:1f:00:06:2b:0d:10:ba
Online/Defined
Name:
State/Status:
iqn.2002-12.com.brocade:2e:3f:00:06:2b:0d:10:ba
Online/Defined
Name:
State/Status:
iqn.2002-12.com.brocade:2e:5f:00:06:2b:0d:10:ba
Online/Defined
Name:
State/Status:
iqn.2002-12.com.brocade:2e:7f:00:06:2b:0d:10:ba
Online/Defined
Name:
State/Status:
iqn.2002-12.com.brocade:2e:9f:00:06:2b:0d:10:ba
Online/Defined
Name:
State/Status:
iqn.2002-12.com.brocade:2e:bf:00:06:2b:0d:10:ba
Online/Defined
3. Enter the iscsiCfg --show tgt command to display the status of the created iSCSI VTs:
The following is an example.
switch:admin> iscsicfg --show tgt
Number of records found: 1
Name:
State/Status:
Auth. Method:
iqn.2002-10.com.brocade:21:00:00:04:cf:e7:74:cf
Online/Defined
None
Every iSCSI initiator and iSCSI VT on the same IP network and SAN must have a unique IQN.
The default for the type.date.naming authority: prefix portion may be changed using the
iscsiSwCfg --modifygw -t tgtname command. Your organization may suggest or require a
specific format for the prefix portion of the IQN. The user defined portion may take any form.
The following is an example.
switch:admin> iscsicfg --create tgt -t iqn.2002-12.com.brocade:example-disk001
The operation completed successfully.
3. Enter the iscsiCfg --show tgt command with the -t IQN and -v options to verify the iSCSI VTs.
The following is an example.
19
iqn.2002-10.com.brocade.example:disk001
Offline/Defined
None
4. Enter the fcLunQuery command to display a list of connected FC targets and show the LUN
configurations.
The following is an example.
switch:admin> fclunquery
Target Index: 1
Target Node WWN: 20:00:00:04:cf:e7:74:cf
Target Port WWN: 21:00:00:04:cf:e7:74:cf
Target Pid: 120d6
Number of LUNs returned by query: 1
LUN ID: 0x00
Target Index: 2
Target Node WWN: 20:00:00:04:cf:e7:73:7e
Target Port WWN: 21:00:00:04:cf:e7:73:7e
Target Pid: 120d9
Number of LUNs returned by query: 1
LUN ID: 0x00
Target Index: 3
Target Node WWN: 2f:ff:00:06:2b:0d:12:99
Target Port WWN: 2f:ff:00:06:2b:0d:12:99
Target Pid: 12300
Number of LUNs returned by query: 5
LUN ID: 0x00
LUN ID: 0x01
LUN ID: 0x02
LUN ID: 0x03
LUN ID: 0x04
5. Enter the iscsiCfg --add lun command with t IQN, w port_WWN, and l n:n options to add
an FC device to an existing iSCSI VT.
The following is an example.
switch:admin> iscsicfg --add lun -t iqn.2002-12.com.brocade:example-disk001 \
-w 21:00:00:04:cf:e7:73:7e -l 0:0
The operation completed successfully.
6. Enter the iscsiCfg --show lun command with t IQN options to verify that the LUN has been
added to the iSCSI VT, where -t is the IQN that identifies the iSCSI VT.
The following is an example.
switch:admin> iscsicfg --show lun -t iqn.2002-12.com.brocade:example-disk001
Number of targets found: 1
Target: iqn.2006-10.com.example:disk001
Number of LUN Maps: 1
FC WWN
Virtual LUN(s)
21:00:00:04:cf:e7:73:7e
0
20
Physical LUN(s)
0
Physical LUN(s)
0
0-1
3. Enter the iscsiCfg --commit all command to commit the changes to the database. If the LUN
deletion is one of several configuration changes, you may want to refer to Committing the
iSCSI-related configuration for extra detail on the commit process.
Physical LUN(s)
0
0-1
Target: iqn.2002-10.com.brocade:21:00:00:04:cf:e7:74:cf
Number of LUN Maps: 1
FC WWN
Virtual LUN(s)
Physical LUN(s)
21:00:00:04:cf:e7:74:cf
0
0x0000000000000000
21
Authentication method Indicates CHAP if authentication is enabled for the iSCSI VT.
1. Connect and log in to the switch.
2. Enter the iscsiCfg --show tgt command with the -v option to display the iSCSI VTs:
switch:admin> iscsicfg --show tgt -v
Number of records found: 2
Name:
State/Status:
Auth. Method:
iqn.2006-10.com.example-disk001
Online/Defined
None
Name:
State/Status:
Auth. Method:
iqn.2002-10.com.brocade:21:00:00:04:cf:e7:74:cf
Online/Defined
None
NOTE
If an iSCSI initiator has more than one IP address, only one of the IP addresses is displayed.
22
IP Address
30.0.30.11
3. Enter the iscsiCfg --show ddset command with the -v option to verify the DDSet.
switch:admin> iscsicfg --show ddset -v
Number of records found: 1
Name:
State/Status:
Num. members:
ddset-engineering
disabled/Defined
1
dd-host001
iqn.1991-05.com.microsoft:host001.brocade.com
iqn.2006-10.com.example:disk001
4. Enter the iscsiCfg --enable ddset command with the -n option to enable the DDSet:
switch:admin> iscsicfg --enable ddset -n ddset-engineering
This will enable the DDSet specified.
Continue (yes, y, no, n) [n]: y
The operation completed successfully.
23
3. Enter the iscsiCfg --modify tgt command with the -t and -a options to set CHAP as the
authentication method:
switch:admin> iscsicfg --modify tgt -t iqn.2006-10.com.brocade:example-disk001
-a CHAP
The operation completed successfully.
4. To verify that CHAP is enabled for the iSCSI VT, enter the iscsiCfg --show tgt command with the
-t and -v options:
switch:admin> iscsicfg --show tgt -t iqn.2006-10.com.brocade:example-disk001
-v
Number of records found: 1
Name:
State/Status:
Auth. Method:
iqn.2006-10.com.brocade:example-disk001
Online/Defined
CHAP
3. Enter the iscsiCfg --commit all command to commit the iSCSI configuration database to
nonvolatile memory.
4. Enter the iscsiCfg --show tgt command with the -t and -v options to verify that a user name has
been bound to the iSCSI VT:
24
iqn.2002-10.com.brocade:tgt1
CHAP Status
Online/Committed
Invalid
Status
Defined
ATTENTION
Make all necessary changes to the databaseVT creation, LUN additions, DD creation, DDSet
creation, and so onbefore issuing the iscsiCfg --commit all command.
1. Connect and log in to the switch.
2. Enter the iscsiCfg --show transaction command to display the pending transactions:
25
4. Enter the iscsiCfg --show transaction command to verify that the changes were committed:
switch:admin> iscsicfg --show transaction
There is no active transaction
Switch State
Out of Sync
--
iSNSC
Disabled
Disabled
Out of Sync
3. On each switch enter the iscsiCfg --show ddset command to find the switch that has the
database you want to use:
switch:admin> iscsicfg --show ddset
Number of records found: 1
Name:
State/Status:
Num. members:
ddset-engineering
Enabled/Committed
1
4. Enter the iscsiCfg --commit all command with the -f option on the switch with the database
you want to use fabric-wide:
switch:admin> iscsicfg --commit all -f
This will commit ALL database changes made to all iSCSI switches in fabric.
This could be a long-running operation.
Continue (yes, y, no, n) [n]: y
The operation completed successfully.
5. Enter the iscsiCfg --show fabric command to verify that the conflict has been resolved:
switch:admin> iscsicfg --show fabric
26
Switch ID
220
* 1
Switch WWN
10:00:00:05:1e:36:0d:f8
10:00:00:60:69:e0:01:56
Switch State
In Sync
--
iSNSC
Disabled
Disabled
In Sync
Enter the iscsiCfg --easycreate tgt command with the -s option to return the node and port
WWNs of the switch.
The following is an example.
switch:admin> iscsicfg --easycreate tgt -s
The following WWNs will be used for any easycreate operation from this switch:
Node WWN: 10:00:00:60:69:80:04:4a
Port WWN: 21:fd:00:60:69:80:04:4a
Enter the fcLunQuery command with the -s option to return the node and port WWNs of the
switch.
The following is an example.
switch:admin> fclunquery -s
The following WWNs will be used for any lun query from this switch:
Node WWN: 10:00:00:60:69:80:04:4a
Port WWN: 21:fd:00:60:69:80:04:4a
27
28
Chapter
In this chapter
iSCSI FC zoning overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Zoning configuration creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
iS C S I virtual targets (V T s )
iS C S I G bE portal group
FC
T arget 1
iS C S I initiator A
L UNs
VT 1
IP network
IP
P ortal
iS C S I virtual initiator
IP
P ortal
iS C S I virtual initiator
IP
P ortal
iS C S I virtual initiator
IP
P ortal
iS C S I virtual initiator
IP
P ortal
iS C S I virtual initiator
L UNs
VT 2
iS C S I initiator B
DD2
VT 3
IP
S AN
FC
T arget 3
L UNs
FC
iS C S I gateway s ervic e
L UNs
iS C S I zone
FIGURE 9
FC
T arget 2
FC
T arget 4
If default zoning is set to No Access, you must create an iSCSI FC zone so that the devices can talk
to each other.
If default zoning is set to All Access with no effective zone configuration, then you can create an
iSCSI FC zone and add it to a defined configuration, but you do not need to enable the defined
configuration. In this case, all devices can talk to each other already. However, to avoid future
congestion in the SAN, you should implement a zoning plan for the devices.
29
When you execute the cfgClear or cfgDisable commands, discovery domains and discovery domain
sets are not deleted.
You can create zones, add and remove members from a zone, and delete zones. These zone
operations function the same way with iSCSI as without. To learn more about these operations, see
the Fabric OS Administrators Guide and the zoneCreate command in the Fabric OS Command
Reference.
ATTENTION
If you decide to start zoning the devices, you must create zones for all the devices in the SAN or you
will not be able to access the devices that are not in a zone.
If there is more than one FC4-16IP blade in the fabric, you must add all virtual initiators
from all switches to the same zone.
If connection redirection is not used, only the VI correlating to the iSCSI target portal used
by the host(s) needs to be used.
If connection redirection is used all 8 VIs for the FC4-16IP blade must be used.
If the iSCSI host(s) are accessing the VT from more than one FC4-16IP blade in the fabric
(MPIO), you must add all virtual initiators from all switches to the same zone.
If the iSCSI host(s) are accessing the VT from more than one FC4-16IP blade in the chassis
(MPIO), you must add all virtual initiators to the same zone.
Although you can add the iSCSI FC target and virtual initiator to an existing zone, it is advisable to
create a separate zone so that iSCSI gateway service components can be easily differentiated from
other devices in SAN fabric zones.
To more easily handle groups of targets and initiators, you can create aliases for each group. You
can create aliases, add and remove members from an alias, and delete aliases. These operations
function the same way with iSCSI as they do without. To learn more about these operations, see the
Fabric OS Administrators Guide and the aliCreate command in the Fabric OS Command
Reference.
The following procedures describe the commands to run to get the iSCSI information you must
provide during the zone creation process.
NOTE
You must install Brocade Advanced Zoning licenses on all the switches in the fabric before
attempting to configure zones. The Brocade 48000 must have the zoning license installed.
30
Physical LUN(s)
0
0-1
Target: iqn.2002-10.com.brocade:21:00:00:04:cf:e7:74:cf
Number of LUN Maps: 1
FC WWN
Virtual LUN(s)
Physical LUN(s)
21:00:00:04:cf:e7:74:cf
0
0x0000000000000000
3. Write down or copy and paste the FC WWN information for each LUN, which you will need
during the zone creation process.
4. Enter the nsShow command to display the WWN information for the iSCSI virtual initiators:
switch:admin> nsshow
{
Type Pid
COS
PortName
NodeName
TTL(sec)
NL
0120d6;
3;21:00:00:04:cf:e7:74:cf;20:00:00:04:cf:e7:74:cf; na
FC4s: FCP [SEAGATE ST336607FC
0004]
Fabric Port Name: 20:20:00:60:69:e0:01:56
Permanent Port Name: 21:00:00:04:cf:e7:74:cf
Port Index: 32
Share Area: No
Device Shared in Other AD: No
NL
0120d9;
3;21:00:00:04:cf:e7:73:7e;20:00:00:04:cf:e7:73:7e; na
FC4s: FCP [SEAGATE ST336607FC
0004]
Fabric Port Name: 20:20:00:60:69:e0:01:56
Permanent Port Name: 21:00:00:04:cf:e7:73:7e
Port Index: 32
Share Area: No
Device Shared in Other AD: No
N
012300;
3;2f:ff:00:06:2b:0d:12:99;2f:ff:00:06:2b:0d:12:99; na
FC4s: FCP
PortSymb: [52] "LSI7402XP-LC A.0 03-00059-01D FW:01.02.12 Port 1
"
Fabric Port Name: 20:23:00:60:69:e0:01:56
Permanent Port Name: 2f:ff:00:06:2b:0d:12:99
Port Index: 35
Share Area: No
Device Shared in Other AD: No
N
012800;
3;50:06:06:9e:00:15:63:00;50:06:06:9e:00:15:63:01; na
FC4s: FCP
PortSymb: [23] "iSCSI Virtual Initiator"
NodeSymb: [51] "IPAddr: 30.0.127.30 Slot/Port: 3/ge0 Logical pn: 40"
Fabric Port Name: 00:00:00:00:00:00:00:00
Permanent Port Name: 50:06:06:9e:00:15:63:00
Port Index: 40
Share Area: No
Device Shared in Other AD: No
N
012900;
3;50:06:06:9e:00:15:63:08;50:06:06:9e:00:15:63:09; na
FC4s: FCP
PortSymb: [23] "iSCSI Virtual Initiator"
NodeSymb: [51] "IPAddr: 30.0.127.31 Slot/Port: 3/ge1 Logical pn: 41"
Fabric Port Name: 00:00:00:00:00:00:00:00
Permanent Port Name: 50:06:06:9e:00:15:63:08
Port Index: 41
31
Share Area: No
Device Shared in Other AD: No
012a00;
3;50:06:06:9e:00:15:63:10;50:06:06:9e:00:15:63:11; na
FC4s: FCP
PortSymb: [23] "iSCSI Virtual Initiator"
NodeSymb: [51] "IPAddr: 30.0.127.32 Slot/Port: 3/ge2 Logical pn: 42"
Fabric Port Name: 00:00:00:00:00:00:00:00
Permanent Port Name: 50:06:06:9e:00:15:63:10
Port Index: 42
Share Area: No
Device Shared in Other AD: No
5. Write down or copy and paste the WWN information, which you will use for the aliCreate
command.
To display the FC target WWNs for switches other than the Brocade 48000, telnet into that
switch and run the nsShow command. Record the WWN information displayed.
6. Enter the aliCreate command to create zone aliases. Zone aliases are much easier to use than
long strings of WWN information. The two examples below create aliases for the FC virtual
targets and for the iSCSI virtual initiators:
switch:admin> alicreate ISCSI_TARGETS, "21:00:00:04:cf:e7:74:cf;
21:00:00:04:cf:e7:73:7e; 2f:ff:00:06:2b:0d:12:99"
switch:admin> alicreate ISCSI_VI_SWITCH1_SLOT3, "50:06:06:9e:00:15:63:00;
50:06:06:9e:00:15:63:08; 50:06:06:9e:00:15:63:10"
7.
Enter the cfgSave command to save the change to the defined configuration.
switch:admin> cfgsave
You are about to save the Defined zoning configuration. This
action will only save the changes on the Defined configuration.
Any changes made on the Effective configuration will not
take effect until it is re-enabled.
Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y
9. Enter the cfgSave command to save the change to the defined configuration.
switch:admin> cfgsave
You are about to save the Defined zoning configuration. This
action will only save the changes on the Defined configuration.
Any changes made on the Effective configuration will not
take effect until it is re-enabled.
Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y
32
3. Enter the cfgSave command to save the change to the defined configuration.
switch:admin> cfgsave
You are about to save the Defined zoning configuration. This
action will only save the changes on Defined configuration.
Any changes made on the Effective configuration will not
take effect until it is re-enabled.
Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y
Updating flash ...
33
34
Chapter
In this chapter
iSNS client service configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying iSNS client service status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling the iSNS client service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Disabling the iSNS client service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Clearing the iSNS client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
35
36
36
37
37
IP Network
iS NS c lient
iS C S I
VT 1
iS C S I initiator
FC
target 1
iS NS c lient
F C S AN
iS C S I gateway s ervic e
FIGURE 10
NOTE
Fabric OS supports only Microsoft iSNS Server v3.0 and later.
35
NOTE
If DD and DDSets are configured on the fabric, clear the DD and DDSet configurations before
enabling iSNS client services.
1. Connect to the switch and log in.
2. Enter the fosConfig --enable isnsc command to enable the iSNS client service:
switch:admin> fosconfig --enable isnsc
3. Enter the fosConfig --show command to verify that the service is enabled:
switch:admin> fosconfig --show
FC Routing service:
disabled
iSCSI service:
enabled
iSNS Client service:
enabled
4. Set the IP address of the iSNS server. You can use either the IP address of the GbE port that
attaches the FC4-16IP blade, or the server management port IP address.
a.
Enter the isnscCfg --set command with the -m and -s options to set GbE port IP address.
The following is an example.
switch:admin> isnsccfg --set 10/ge0 -s 10.32.0.145
iSNS client configuration updated:
peering with iSNS server 10.32.0.145 on slot 10, port ge0.
b.
Enter the isnscCfg --show command to verify that the iSNS server has been configured
correctly:
switch:admin> isnsccfg --show
iSNS client is peering with iSNS server 10.32.0.145 on slot 10, port ge0.
Operational Status: Connected to iSNS server.
c.
Enter the isnsccfg --set command with the -m and -s options to set the IP address of the
iSNS server management port rather than the GbE port:
The following is an example.
switch:admin> isnsccfg set m s 10.33.56.105
iSNS client configuration updated: peering with iSNS server 10.33.56.105 on
the management port.
36
5. Enter the isnscCfg --show command to verify that the iSNS server has been configured
correctly:
switch:admin> isnsccfg --show
iSNS client is peering with iSNS server 10.33.56.105 on the management port.
Operational Status: Connected to iSNS server.
3. Enter the fosConfig --show command to verify that the service is disabled:
switch:admin> fosconfig --show
FC Routing service:
disabled
iSCSI service:
enabled
iSNS Client service:
disabled
37
38
Chapter
Troubleshooting iSCSI
In this chapter
Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Connectivity
The following issues deal with the iSCSI FC4-16IP blade connectivity between devices.
NOTE
The iSCSI blade FC4-16IP is not supported in the Brocade DCX or DCX-4S enterprise-class platforms.
Symptom
39
Connectivity
Symptom
-c 1
Also, if connection redirection is configured, it must be disabled by using the following command:
switch:admin> iscsiswcfg --disableconn -s <all>
Symptom
iSCSI host can log in to targets, but cannot mount any disks.
Probable cause and recommended action
The target is a RAID device, but iSCSI virtual initiators have not been added to the LUN mapping.
Add all iSCSI virtual initiators to the target and allow all iSCSI virtual initiators to access all of the
target LUNs. To display the WWNs of the iSCSI virtual initiators, use nsShow. Use the following
commands to fix this issue:
switch:admin> iscsiportcfg --modify <slot>/ge<port>
switch:admin> iscsiswcfg --disableconn -s <all>
Symptom
-c 1
Symptom
40
Zoning
Zoning
The following issues address zoning problems that can occur in iSCSI.
Symptom
No DDSet or zoning configuration enabled and iSCSI host cannot discover any targets.
Probable cause and recommended action
Default zoning is set to no access.
Check default zoning using the defZone --show command.
Either create a zoning configuration or set default zoning to All Access using the defZone
command.
Symptom
No DDSet or zoning configuration enabled and iSCSI host cannot discover any targets.
Probable cause and recommended action
Virtual targets have not been created, virtual targets are not online, or changes have not been
committed.
Check virtual targets using the iscsiCfg - -show tgt command.
Make sure all virtual targets are reported as online and committed.
If the virtual target is offline, either no LUNs have been mapped to that virtual target or the physical
LUN is offline. If the virtual target is not committed, then use the iscsiCfg - -commit all -f command.
The -f operand is use to force the commit operation, in which case uncommitted changes on other
switches are erased.
Symptom
No DDSet or zoning configuration enabled and iSCSI host cannot discover any targets.
Probable cause and recommended action
No LUNs have been assigned to the virtual targets.
Check LUN mapping using the iscsiCfg - -show lun command.
Make sure LUNs have been assigned to the virtual targets. Assign LUNs using the iscsiCfg --add lun
command.
Symptom
No DDSet or zoning configuration enabled and iSCSI host cannot discover any targets.
Probable cause and recommended action
There is an inconsistency in the iSCSI database.
Check using the iscsiCfg - -show fabric command.
Make sure the aggregated state is in sync. If it is not in sync, fix the inconsistency and perform a
commit using the iscsiCfg - -commit all command.
Symptom
41
Authentication
Authentication
Symptom
Symptom
After an iSCSI host logs out of a target, it cannot log in to that target again.
Probable cause and recommended action
There is an inconsistency in the iSCSI database.
Check using the iscsiCfg --show fabric command.
Make sure the aggregated state is in sync.
If it is not in sync, fix the inconsistency and perform a commit using the iscsiCfg --commit all
command.
Symptom
42
Index
A
AD0, 17
address resolution protocol
adding additional entries, 15
automatic creation, 14
creating entries, 14
Admin Domains
AD0, 17
authentication
configuring, 24
defining iSCSI VT to iSCSI initiator, 17
B
binding user names, 24
blades
FC4-16IP, 1, 30
port numbering, 11
C
cfgShow, 42
CHAP
iSCSI authentication, 22
required, 24
command
cfgShow, 42
defZone, 41
fcLunQuery, 40
iscsiCfg, 41
nsShow, 40, 42
portCfg, 39
portCmd, 39
portShow, 39
configuring
discovery domains, 22
GbE, 14
iSCSI discovery domains, 22
iSCSI initiator to VT authentication, 24
LUNs, 20
zone, 33
connection
network, 15
connection redirection
disabling, 7
displaying status, 7
enabling, 7
load balancing, 6
creating
address resolution protocol entries, 14
discovery domain sets, 23
discovery domains, 23
iSCSI FC zones, 30
iSCSI virtual targets, 19
user-defined virtual targets, 21
zone configurations, 33
D
DD. See discovery domains
DDSet. See discovery domain sets
defZone, 41
devices
no access, 30
RAID, 40
zoning, 30
disabling
connection redirection, 7
discovery domain sets, 17
creating, 23
enabling, 23
enforced, 22
maximum created, 22
not deleted, 30
43
E
enabling
connection redirection, 7
discovery domain sets, 23
iSCSI gateway service, 12
iSCSI GbE ports, 13
zone configuration, 33
enabling iSCSI physical interface, 13
events
notification of, 35
F
FC device, adding to iSCSI virtual target, 20
FC targets, 17, 19
for iSCSI zone creation, 30
listing, 20
LUNs, 17
FC4-16IP, 1, 30
fcLunQuery, 40
Fibre Channel Association, xii
H
host
connection failure, 39
iSCSI log out, 42
I
IP address
assigning, 14
port, 15
IP routes
adding static, 15
44
IQNs, 17
displaying initiator, 22
displaying prefix, 5
virtual target creation, 17
iSCSI
authentication
binding user names, 6
CHAP, 6, 9
mutual, 6
one-way, 6
switch-to-iSCSI initiator, 6
authentication method, 22
blades, 1
CHAP mutual, 42
command list for configuration, 8
component identification, 4
configuration checklist, 8
database, 41
DD, 37
DDSet, 37
discovery domain sets, 5
discovery domain sets, active, 5
discovery domain sets, configuration, 6
discovery domains, 1
discovery domains, using to limit access, 5
Easy create cannot find any LUNs on the target, 40
enabling gateway service, 12
FC targets, 3
FC zoning, 29
gateway, 35
gateway service in iSCSI FC zone, 29
GE_Ports cannot go to Online state, 40
host cannot discover any targets, 41
host cannot mount any disks, 40
host connection failure, 39
initiators, 17, 35
IQNs, 3
changing prefix, 5
default prefix, 4
prefix, 4
iscsiCfg, 41
iscsiCfg commit, 41
iscsiCfg show dd, 41
LUN mapping to iSCSI VTs, 3
LUN mapping, advanced, 4
LUN mapping, basic, 3
multiple sessions are established with the same target,
40
network, 35
packet size, 14
physical interface, enabling, 13
RAID device, 40
shared secret, setting, 9
supported initiators, 8
translation, 2
virtual initiators
connecting to FC targets, 2
virtual FC devices, 1
virtual targets, 3
virtual targets, limiting access to, 5
virtual targets, state and status, 22
zone set to all access, 29
zone set to no access, 29
zoning, 42
iSCSI FC zoning
iSCSI gateway service, 29
iSCSI initiators, 1
iSCSI session distribution, See connection redirection
iSCSI virtual initiators
adding to same zone, 30
connection redirection, 30
for iSCSI FC zone creation, 30
iSCSI virtual targets, 17
add FC device, 20
binding user names, 24
creation, 17, 19
for every FC target, 17
for specific FC target, 19
delete LUNs from, 21
displaying LUN map, 21
manual creation, 19
user-defined, 21
iscsiCfg
commit, 41
show, 41
iSNS
client, 35
client service, 35
client service, disabling, 37
client service, enabling, 36
client service, status, 36
configuration, 35
protocol, 35
server, 35
server and clients, 35
server IP address, configuring, 36
iSNS (Internet Storage Name Service), 22
iSNS server, 22
L
license
advanced zoning, 30
listing
FC targets, 20
load balancing, See connection redirection
LUN, 31
mapping, 19
LUN mapping, 3
LUNs
adding, 20
configuration, 20
deleting, 21
display map, 21
mapped using IQNs, 17
mapping, 21
virtual target creation, 17
M
MAC address, port, 15
N
network
connection, verifying, 15
nsShow, 40, 42
P
physical FC targets, 3
port
GbE, 9
GbE, enabling, 13
LUN mapping, 21
numbering, 11
portCfg, 39
portCmd ping, 39
portShow
ipif, 39
iproute, 39
protocol
address resolution, 15
45
S
static routes, maximum, 14
status of iSNS client service, 36
V
virtual initiators. See iSCSI
virtual targets. See iSCSI virtual targets
W
WWN, 31
displaying FC target information, 30
displaying iSCSI virtual initiator information, 31
virtual target creation, 19
Z
zone
all access in iSCSI, 29
configuration, creating, 33
configuration, enabling, 33
creating, iSCSI FC, 30
no access in iSCSI, 29
planning, 29
zoning
devices, 30
license, 30
46