Ask the Expert

Isolating non-storage IP traffic

Why should VARs work to isolate non-storage IP traffic from IP-based iSCSI SAN traffic? How will this affect the customer's storage network and what benefits will it bring?

    Requires Free Membership to View

The use of iSCSI technology to provide SAN storage offers the opportunity to benefit from networked storage at a significantly lower cost than standard Fibre Channel (FC). However, the simplicity of iSCSI means it can be implemented onto any standard network with the consequent risk to performance and security. That is why it is essential to consider isolating non-iSCSI traffic from iSCSI traffic for these reasons.

In a standard IP network the delay of packets to and from an application or browser is unlikely to cause an issue.The same cannot be said for storage where a consistent response time and guaranteed delivery is essential for providing transparent disk I/O. Isolating IP and iSCSI traffic will help to reduce the potential impact to storage performance of unpredictable traffic.

Considering security, iSCSI can be run in a completely open fashion. Data packets can be visible on the network for anyone with a standard piece of software such as Ethereal. To counter this, iSCSI offers server/target validation and the suggested use of IPsec to encrypt traffic, which inevitably adds to the CPU load on both server and storage. Isolating iSCSI hosts from a physical perspective improves security and provides the choice as to whether IPsec needs to be used.

Taking the above points into consideration, a customer may choose to completely isolate iSCSI traffic into separate switches or to provide dedicated VLANs for iSCSI connections. Both approaches help to mitigate against performance and security issues and give the added benefit of making problem resolution easier to achieve.

This was first published in April 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: