09-04-2009 04:55 AM
routable or non-routable iSCSI VLAN??
Solved! Go to Solution.
09-09-2009 11:17 AM
We route our iSCSI for two reasons:
1. SAN-SAN replication to remote site
2. Management - no dedicated management interface in our arrays without sacrificing one of the iSCSI data transfer port
We do put an ACL on the iSCSI VLAN to restrict traffic to just the needed management ports, and the iSCSI port between the local & remote arrays. That also prevents initiators in servers or wherever from accidentally making a connection over a routed path vs. a dedicated NIC directly on the iSCSI VLAN.
I'd say if you have no replication need, and if your system has dedicated management interfaces, then don't route iSCSI.
09-04-2009 05:49 AM
An isolated VLAN for iSCSI is not a bad idea, but not a requirement. If the situation permits it, I would use an isolated VLAN for the iSCSI hosts and if needed a separate one for the iSCSI targets. The iSCSI traffic is 100% routable. Best practice would be also to use jumbo frames if the network devices support it.
Hope this helps,
Mike
09-04-2009 07:24 AM
we do have jumbo frames enabled.
We are just trying to figure out the advantages and disadvantages of routing iscsi. Any security concerns?
09-09-2009 11:17 AM
We route our iSCSI for two reasons:
1. SAN-SAN replication to remote site
2. Management - no dedicated management interface in our arrays without sacrificing one of the iSCSI data transfer port
We do put an ACL on the iSCSI VLAN to restrict traffic to just the needed management ports, and the iSCSI port between the local & remote arrays. That also prevents initiators in servers or wherever from accidentally making a connection over a routed path vs. a dedicated NIC directly on the iSCSI VLAN.
I'd say if you have no replication need, and if your system has dedicated management interfaces, then don't route iSCSI.
09-10-2009 03:10 AM
just what I was looking for... Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide