|
|
|
Forum Member
 
Group: Forum Members
Last Login: Wednesday, July 09, 2008 5:59 PM
Posts: 30,
Visits: 47
|
|
Adam,
I am unclear about the relationship to these three? Per the Best Pratices I have set up in my vSwitch for the VSA a ISCSI Service Console, ISCSI VMKernel. What are these for if I can only connect to the SAN on the VIP?
Regards, Rich
HP ML350 SATA with VSA
|
|
|
|
|
Junior Member
Group: Forum Members
Last Login: Wednesday, November 12, 2008 6:14 PM
Posts: 11,
Visits: 58
|
|
Rich-
The VIP is primary point of communication for hosts to talk to the SAN. All packets are routed there first which is why the iscsi initiator needs to have that address configured. The VMkernel port is required for the iscsi initiator to communicate to the SAN, iscsi is handled by the kernel in ESX. The service console is trequired for initial authentication of volumes. Once you have everything connected, you could probably get away with removing it, but we recommend leaving it in place to make it easier to connect new volumes etc.
Brad
|
|
|
|
|
Supreme Being
Group: Moderators
Last Login: Yesterday @ 3:37 PM
Posts: 108,
Visits: 375
|
|
Just to add my two cents.
The VMkernel and Service Console are required to connect to any iSCSI SAN. Brad was right that the VMkernel does actual IO and the service console does authentication.
So if you cannot both ping, and vmkping, to the SAN then you'll not be able to get iSCSI sessions connected.
The VIP on the iSCSI SAN is mostly used to give it a single identity to all hosts, regardless of its configuration. This allows reconfiguration of the underlying nodes without reconfiguration of the hosts. i.e. you could swap out a set of VSA for a set of real LeftHand boxes in once maneuver in the UI and not take storage off line. Everything about the SAN would be different, the hardware, the actual IPs, but the hosts would not need reconfiguration since they only know the VIP address, which stayed the same.
Additionally the VIP is only used for discovery and authentication. Once authenticated targets get load balanced across the real IP address of a cluster.
Adam C
Product Manager
LeftHand Networks
|
|
|
|
|
Forum Member
Group: Forum Members
Last Login: Wednesday, July 09, 2008 5:59 PM
Posts: 30,
Visits: 47
|
|
Now I can be more explicit. I disconnected the "VSA NET" nic mechanically. I can still console into each ESX server. But, my 2008 VM crashed when I unplugged the nic. Why?
I can't ping the VIP or either module. Wouldn't ESX bridge the vSwitches together somehow? It doesn't make sense for a VM to use the LAN, when the resouce is local to ESX?
So, can a VM directly access the VSA storage somehow. An then... can an external server still access the VSA over the network?
Regards, Rich
HP ML350 SATA with VSA
|
|
|
|
|
Supreme Being
Group: Moderators
Last Login: Yesterday @ 3:37 PM
Posts: 108,
Visits: 375
|
|
VMware virtual switches do not do any routing between themselves, even on the same ESX server. They are just like two physical switches in that regard. You have to actually cable them together through some physical network or build some virtual appliance router that has virtual ports on both networks.
So disconnecting the cable from the VSA Net will definitely take the iSCSI volumes that were on that link off line if you are not using redundant connections or multiple nodes to get redundancy.
You can let VMs route iSCSI traffic directly to the VSA Net by giving them a virtual port / nic that is attached to that switch.
This is similar to typical physical iSCSI implementations. Physical servers usually have a nic for the public network, and another dedicated to the SAN network.
Hope that helps.
Adam C
Product Manager
LeftHand Networks
|
|
|
|