iSCSI (Internet SCSI)
Definition
iSCSI (Internet Small Computer System Interface) is a network protocol that allows SCSI commands to be sent over TCP/IP networks. It enables a client (initiator) to access storage blocks (target) over a network as if it were locally attached.
iSCSI is commonly used for SAN (Storage Area Network) implementations, providing block-level storage over Ethernet.
Key Concepts
| Term |
Description |
| Initiator |
The client/server that accesses remote storage |
| Target |
The storage device/server that provides storage |
| LUN (Logical Unit Number) |
A storage volume presented by the target |
| IQN (iSCSI Qualified Name) |
Unique identifier for initiator/target |
| CHAP |
Challenge-Handshake Authentication Protocol for iSCSI |
| Session |
TCP connection between initiator and target |
iSCSI Architecture
Initiator (server) Target (storage array)
┌─────────────────┐ ┌─────────────────────┐
│ iSCSI Target │── TCP/IP ──────▶│ iSCSI Target │
│ Driver │ (port 3260) │ (LUNs, disks) │
│ SCSI commands │ │ Storage backend │
└─────────────────┘ └─────────────────────┘
iSCSI vs FC (Fibre Channel)
| Feature |
iSCSI |
Fibre Channel (FC) |
| Protocol |
TCP/IP |
Fibre Channel protocol |
| Network |
Ethernet |
Dedicated FC network |
| Cost |
Low (uses existing Ethernet) |
High (FC switches, HBAs) |
| Performance |
Good (1/10/25 GbE) |
Excellent (8/16/32/128 Gb) |
| Latency |
Higher (TCP overhead) |
Lower |
| Distance |
Unlimited (IP network) |
Limited (FC switch distance) |
| Complexity |
Simple |
Complex |
| Use case |
SMB to mid-market SAN |
Enterprise SAN, high-performance |
iSCSI vs NFS
| Feature |
iSCSI |
NFS |
| Access level |
Block-level |
File-level |
| Filesystem |
Client creates filesystem |
Server provides filesystem |
| Performance |
Better (no filesystem overhead) |
Good (filesystem managed by server) |
| Flexibility |
Higher (client controls FS) |
Lower (server controls FS) |
| Use case |
Databases, VMs |
File sharing, backups |
iSCSI Security
- CHAP authentication: Mutual authentication between initiator and target
- IPsec: Encrypt iSCSI traffic over IP networks
- ACL: Restrict initiator IP addresses on target
- Multipath: Multiple paths for redundancy and performance
- Jumbo frames: MTU 9000 for better performance
- San, iSCSI provides block-level
- Raid — multiple paths to iSCSI targets for redundancy
- Vmware
