Link to home
Start Free TrialLog in
Avatar of IT_Group1
IT_Group1Flag for Israel

asked on

Best practices for creating a storage iSCSi network

Gurus
we're about to deliver a new storage + 2 switches + 2 rack servers to one of our customers.
I'm looking for a best practice to create the iSCSi network; should it share the same segment? any other considerations?

The new equipment  is as follows:
2x PowerEdge R610 Rack Chassis
1x PV MD3200i External iSCSI RAID 12 Bays Array with Dual Controllers (4 Ports per Controller)
2x PowerConnect 5424 24 Port Gigabit 4 SFP Slots Managed

I've saw this article: http://www.delltechcenter.com/page/Configuring+a+PowerConnect+5424+or+5448+Switch+for+use+with+an+iSCSI+storage+system - and i'm wondering if that's enough.

every input will be greatly welcomed.
BTW, the storage should serve total of 5 ESX hosts, on 3 different segments.

Many thx  
Avatar of slemmesmi
slemmesmi

Dear IT Group1,

it is best practice to have iSCSI traffic completely separated from other (normal/data) IP traffic.
If possible (a cost and maintenance issue) is dedicated IP switches for the iSCSI, but dedicated VLAN segregation is also fine.

For further best practices, please let me recommend NetApp's "Ethernet Storage Best Practices" (http://www.netapp.com/us/library/technical-reports/tr-3802.html) which can be used independent of vendor.

Kind regards,
Soren
Avatar of kevinhsieh
It sounds like 3 of the ESX hosts will not be connected directly to your 5424 switches. It would be better if they were directly connected so that they don't have any routers between them and the storage. If you need to have a router, one that forwards in hardware would be better than a router that forwards in software.
SOLUTION
Avatar of Luciano Patrão
Luciano Patrão
Flag of Portugal image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of IT_Group1

ASKER

Thank you all.
slemmesmi - the 2 mentioned switched are about to be dedicated for the iSCSi network, and meant to be fault tolerance.

kevinhsieh - I didn't understood your meaning; i'm not looking into connecting the ESX's directly to the storage, that's what the switched are for :) Why 3 ESX's won't be connected?

BestWay - It's a great straightforward article, but i think it's more for testing purposes. We're looking the a robust conf which will utilize the given equipment the best way possible. It's planned to be a crowded environment, and i believe that careful planning will do us only good.

Many thx


You said 5 hosts on three segments. That said to me that that at least two servers will be connected to the 5424 switch, but that 1 or more more hosts was going to be attached to a different network segment, which would have to be connected via a router. The MD3200i as I understand it will use 2 network segements. If you meant that there would be 3 VLANs on your switches and that everything would be attached to them, I don't see any issues with that.
kevinhsieh, thx for the swift reply.
You are correct, since all the servers in the different segments are connected to the same router\firewall (Fortigate), i think it's only logic to create VLAN's on the switches, and I would appreciate your advice on what will be the best practice to implement this. There are so many iSCSi conf's out there..

Thank you  
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Since you are using Dell equipment, here are some links that you may want to look at.

http://www.delltechcenter.com/page/07-02-09+iSCSI+Security+and+Best+Practices

http://content.dell.com/us/en/enterprise/storage-solutions-best-practices.aspx

This one for Equallogic but it provides some good information.

http://www.virtualizationbuster.com/?p=1173
kevinhsieh, when you wrote "need to have a router, one that forwards in hardware would be better than a router that forwards in software"; does FOrtigate is a hardware or software forwarder ?

jwguillory - thank you i'll go over it.

Thx
I don't know how Fortinet does routing in their firewalls. They do seem to use ASICs for some stuff, which is what you want for high performance, but I don't know anything about them, and I don't know what model you have, so I suggest you contact them for support to determine if it's appropriate as a router for iSCSI traffic. If you can connect everything to the iSCSI VLANs, it doesn't matter.

http://www.fortinet.com/doc/solutionbrief/fortiasic_sol_brief.pdf
Many thx, great inputs!