A guide to iSCSI technology

This chapter highlights iSCSI details and devices including Ethernet adapters and Ethernet switches. Readers will learn about the pros and cons of iSCSI and its preferred applications.

The expense and complexity of Fibre Channel components has kept the technology out of small offices and most SMEs, who have instead relied on file-based storage products such as direct attached storage (DAS) and network attached storage (NAS). However, designers have recognized the Gigabit speeds, low costs and pervasive nature of Ethernet LANs, along with the global reach of WANs (particularly the Internet). This has led to the use of Ethernet networks as block-based storage networks (dubbed "storage-over-IP") -- popularized in the iSCSI (Internet SCSI) protocol ratified by the Internet Engineering Task Force (IETF) in 2003. SCSI commands have long been sent over IP using existing protocols such as iFCP and FCIP, mainly allowing FC storage area networks (SAN) to exchange data over IP. With iSCSI, the SCSI command set can be sent end-to-end across Ethernet virtually anywhere in the world.

The key advantages to iSCSI SANs are simplicity, low cost and a broad base of user-knowledge . While Fibre Channel technology is expensive and requires a specialized skill base to install and configure properly, an iSCSI SAN can be implemented with ordinary Ethernet network interface cards (NICs) and switches -- devices that...

are literally on the shelf in any retail electronics store. Consequently, the cost to acquire, expand and upgrade the Ethernet LAN is also relatively small. This allows businesses to add many more storage servers to an iSCSI SAN which would otherwise be too costly and difficult to integrate into a FC SAN. Since Ethernet is also set up and used successfully in homes and small offices, there is a substantially broader base of users that are knowledgeable in setup and configuration.

It's important to note that iSCSI offers excellent performance levels in all but the most demanding transactional applications. Many network professionals may find that strange, considering the congestion and latency inherent in Ethernet and the fact that 1 Gbps Ethernet has substantially less bandwidth than 2, 4, or even 10 Gbps Fibre Channel SANs. Still, experts agree that the early reputation for poor or unreliable performance is largely undeserved today, and iSCSI can potentially perform as well as Fibre Channel.

But, iSCSI also has lingering issues that any adopter should consider. First, an iSCSI SAN should include measures to optimize performance and minimize latency. This includes using high-performance NICs with TCP/IP Offload Engine (TOE) capability and switches that support low-latency ports, However, these steps can raise the cost of iSCSI deployment, and it is possible to spend more money on an iSCSI SAN than a FC SAN. ISCSI target Initiator software can vary radically in effectiveness and stability, so another popular tactic is to optimize the iSCSI initiator software on each host computer. As iSCSI broadly moves to 10 Gbps, iSCSI target initiation may depend more on the choice of hardware-based NIC.

ISCSI optimization should also avoid the "oversubscription" of Ethernet switch ports. Since Ethernet traditionally doesn't fill the entire channel bandwidth, it was common practice to allow port-sharing between Ethernet devices at the risk of some congestion if multiple devices all vie for switch bandwidth simultaneously. This kind of congestion can easily impair traffic and introduce unwanted latency. Experts also recommend a careful evaluation of iSCSI behavior and performance when deploying iSCSI in a virtual server environment.

The popular belief is that iSCSI is less secure than Fibre Channel, but that is not the case -- in fact, iSCSI employs advanced authentication methods to establish security such as CHAP (Challenge-Handshake Authentication Protocol) which has been used in IP networks for years. Fibre Channel users often rely on the fundamental differences in the FC architecture and complicated zoning/masking rules to maintain security. Another important part of iSCSI security is in isolating the iSCSI SAN data from the main user LAN. This can be handled by creating and running a physically separate LAN, but is more often accomplished by running the iSCSI SAN through a virtual LAN (VLAN).

Check out the entire iSCSI vs. FC handbook.

Read more on Networking hardware