The expense and complexity of
Fibre Channel components has kept the
technology out of small offices and most SMEs, who have instead
relied on file-based storage products such as
direct attached storage (DAS) and
network attached storage (NAS). However, designers have
recognized the Gigabit speeds, low costs and pervasive nature of
Ethernet LANs, along with the global reach of WANs (particularly
the Internet). This has led to the
use of Ethernet networks as block-based storage
networks (dubbed "storage-over-IP") -- popularized in the
iSCSI (Internet SCSI) protocol ratified by the Internet
Engineering Task Force (IETF) in 2003. SCSI commands have long
been sent over IP using existing protocols such as iFCP and
FCIP, mainly allowing FC
storage area networks (SAN) to exchange data over IP. With
iSCSI, the SCSI command set can be sent end-to-end across Ethernet
virtually anywhere in the world.
The key advantages to
iSCSI SANs are simplicity, low cost and a
broad base of user-knowledge . While Fibre Channel technology is
expensive and requires a specialized skill base to install and
configure properly, an iSCSI SAN can be implemented with
ordinary Ethernet network interface cards (NICs) and switches --
devices that are literally on the shelf in any retail
electronics store. Consequently, the cost to acquire, expand and
upgrade the Ethernet LAN is also relatively small. This allows
businesses to add many more storage servers to an iSCSI SAN
which would otherwise be too costly and difficult to integrate
into a FC SAN. Since Ethernet is also set up and used
successfully in homes and small offices, there is a
substantially broader base of users that are knowledgeable in
setup and configuration.
It's important to note that iSCSI offers excellent performance
levels in all but the most demanding transactional applications.
Many network professionals may find that strange, considering the
congestion and latency inherent in Ethernet and the fact that 1
Gbps Ethernet has substantially less bandwidth than 2, 4, or even
10 Gbps Fibre Channel SANs. Still, experts agree that the early
reputation for poor or unreliable performance is largely undeserved
today, and iSCSI can potentially perform as well as Fibre
Channel.
But, iSCSI also has lingering issues that any adopter should
consider. First, an iSCSI SAN should include measures to optimize
performance and minimize latency. This includes using
high-performance NICs with TCP/IP Offload Engine (TOE) capability
and switches that support low-latency ports, However, these steps
can raise the cost of iSCSI deployment, and it is possible to spend
more money on an iSCSI SAN than a FC SAN. ISCSI target Initiator
software can vary radically in effectiveness and stability, so
another popular tactic is to optimize the iSCSI initiator software
on each host computer. As iSCSI broadly moves to 10 Gbps, iSCSI
target initiation may depend more on the choice of hardware-based
NIC.
ISCSI optimization should also avoid the "oversubscription" of
Ethernet switch ports. Since Ethernet traditionally doesn't fill
the entire channel bandwidth, it was common practice to allow
port-sharing between Ethernet devices at the risk of some
congestion if multiple devices all vie for switch bandwidth
simultaneously. This kind of congestion can easily impair traffic
and introduce unwanted latency. Experts also recommend a careful
evaluation of iSCSI behavior and performance when deploying iSCSI
in a virtual server environment.
The popular belief is that iSCSI is less secure than Fibre
Channel, but that is not the case -- in fact, iSCSI employs
advanced authentication methods to establish security such as CHAP
(Challenge-Handshake Authentication Protocol) which has been used
in IP networks for years. Fibre Channel users often rely on the
fundamental differences in the FC architecture and complicated
zoning/masking rules to maintain security. Another important part
of iSCSI security is in isolating the iSCSI SAN data from the main
user LAN. This can be handled by creating and running a physically
separate LAN, but is more often accomplished by running the iSCSI
SAN through a virtual LAN (VLAN).
Check out the entire
iSCSI vs. FC handbook.