Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8975
Views
14
Helpful
4
Replies

iSCSI - Best practices....

Go to solution
opers13
Level 1
Level 1

‎09-04-2009 04:55 AM

routable or non-routable iSCSI VLAN??

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Daniel Barr
Level 1
Level 1
In response to alexng

‎09-09-2009 11:17 AM

We route our iSCSI for two reasons:

1. SAN-SAN replication to remote site

2. Management - no dedicated management interface in our arrays without sacrificing one of the iSCSI data transfer port

We do put an ACL on the iSCSI VLAN to restrict traffic to just the needed management ports, and the iSCSI port between the local & remote arrays. That also prevents initiators in servers or wherever from accidentally making a connection over a routed path vs. a dedicated NIC directly on the iSCSI VLAN.

I'd say if you have no replication need, and if your system has dedicated management interfaces, then don't route iSCSI.

View solution in original post

4 Replies 4

Go to solution
Michael Brown
Cisco Employee
Cisco Employee

‎09-04-2009 05:49 AM

An isolated VLAN for iSCSI is not a bad idea, but not a requirement. If the situation permits it, I would use an isolated VLAN for the iSCSI hosts and if needed a separate one for the iSCSI targets. The iSCSI traffic is 100% routable. Best practice would be also to use jumbo frames if the network devices support it.

Hope this helps,

Mike

Go to solution
alexng
Level 1
Level 1
In response to Michael Brown

‎09-04-2009 07:24 AM

we do have jumbo frames enabled.

We are just trying to figure out the advantages and disadvantages of routing iscsi. Any security concerns?

0 Helpful

Go to solution
Daniel Barr
Level 1
Level 1
In response to alexng

‎09-09-2009 11:17 AM

We route our iSCSI for two reasons:

1. SAN-SAN replication to remote site

2. Management - no dedicated management interface in our arrays without sacrificing one of the iSCSI data transfer port

We do put an ACL on the iSCSI VLAN to restrict traffic to just the needed management ports, and the iSCSI port between the local & remote arrays. That also prevents initiators in servers or wherever from accidentally making a connection over a routed path vs. a dedicated NIC directly on the iSCSI VLAN.

I'd say if you have no replication need, and if your system has dedicated management interfaces, then don't route iSCSI.

Go to solution
opers13
Level 1
Level 1
In response to Daniel Barr

‎09-10-2009 03:10 AM

just what I was looking for... Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents