VMware Cloud Community
Kirk_S
Contributor
Contributor
‎05-19-2008 02:52 PM
Jump to solution

ESX Can't find SAN

I'm trying to get an ESX server to find my iSCSI SAN without much luck. Forgive me if this is a bit long, but I'm working on my first ESX installation and am stuck on a few items.

My gear:

HP DL360 server w/10 NICs

Cisco 3750 Gig switch (48 ports)

Equallogic PS300E SAN

Switch is configured for three separate VLANS. 500=iSCSI, 510=VMotion, 520=Management

Equallogic box is configured with 23 volumes, all thin provisioned on RAID 50, for the various VMs I will eventually implement.

Network plan is as follows:

Server NIC -> Destination

1 -> Switch VLAN 500 (iSCSI) *currently connected*

2 -> Switch VLAN 510 (VMotion) *currently disconnected*

3 -> Switch VLAN 500 (iSCSI) *currently disconnected*

4 -> Switch VLAN 510 (VMotion) *currently disconnected*

5 -> Switch VLAN 520 (Management) *currently connected*

6 -> Servers VLAN in existing LAN *currently disconnected*

7 -> Switch VLAN 520 (Management) *currently disconnected*

8 -> Servers VLAN in existing LAN *currently disconnected*

9 -> Unused *currently disconnected*

10 -> Unused *currently disconnected*

Ethernet 0 & 1 on the Equallogic box are both connected to the iSCSI VLAN (500). Eth0 is up, and is configured to be 192.168.200.10/24 with a gateway of 192.168.200.1/24.

Server is up, ESX installed, and Ethernet connected as listed above. vSwitch0 is set to 192.168.220.11/24 and points to vmnic0. I can successfully connect to the VMware Infrastructure Client.

This is where it gets hazy for me... I have vSwitch1 set to 192.168.200.101/24, which points to vmnic8. (note: the vmnic numbers don't match the NIC numbers in the chart above. I wish there was a good way to figure out which NIC is which, but I haven't found it yet). I have this set as a VMkernel port, but when I scan for iSCSI targets, I find nothing.

I know I'm missing something fundamental, but I've been racking my brain and just can't find it. Any help would be most appreciated.

-Kirk

Kirk Smith http://twitter.com/KirkInSLO
0 Kudos
1 Solution

Accepted Solutions
christianZ
Champion
Champion
‎05-21-2008 11:51 AM
Jump to solution

You must add your Group ip address in Esx's Dynamic Discovery of course? Have you done it?

View solution in original post

0 Kudos
31 Replies
wgardiner
Hot Shot
Hot Shot
‎05-19-2008 03:06 PM
Jump to solution

You can see which physical NIC maps to which vmnic pretty easily, i dont have a service console here I can try it on but either "ifconfig" or "esxcfg-nics" will show you the mappings of your physical to virtual.

Also to help us trouble shoot if you could post the output of a "esxcfg-vswitch" that would help too.

0 Kudos
weinstein5
Immortal
Immortal
‎05-19-2008 03:09 PM
Jump to solution

Since you did not indicate an iSCSI HBA as part of you config I am assuming you are using the software iSCSI initiator can both a vmkernel port and service console port route to the Equallogic? - both the service console and vmkernel must be bale to route to the iSCSI device - also have you enabled the iSCSI Software client on the service console firewall?

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
kjb007
Immortal
Immortal
‎05-19-2008 03:10 PM
Jump to solution

If you're using software iSCSI HBA, did you open the port in the firewall for the swISCSIClient?

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
Kirk_S
Contributor
Contributor
‎05-19-2008 03:21 PM
Jump to solution

Firewall is exactly the kind of rookie mistake I expected to make, but I don't think I did.. It was open by default, unless I'm reading this backwards. See attached.

Kirk Smith http://twitter.com/KirkInSLO
0 Kudos
kjb007
Immortal
Immortal
‎05-19-2008 03:24 PM
Jump to solution

That client is not enabled by default, and there is no attachment.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
Kirk_S
Contributor
Contributor
‎05-19-2008 03:24 PM
Jump to solution

The firewall doesn't appear to be the problem. See attached.

Kirk Smith http://twitter.com/KirkInSLO
Preview file
114 KB
0 Kudos
weinstein5
Immortal
Immortal
‎05-19-2008 03:27 PM
Jump to solution

That shows it is enabled - also the software initiator is disabled by default - so confirm that it is enabled -

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
0 Kudos
kjb007
Immortal
Immortal
‎05-19-2008 03:27 PM
Jump to solution

Ok, that's not it then. Did you add the iqn of your ESX sw iSCSI HBA into your SAN target's initiator list?

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
Kirk_S
Contributor
Contributor
‎05-19-2008 03:32 PM
Jump to solution

Initiator is enabled, and the iSCSI name is in there. I'm not sure I've put the correct alias in, though. See attached.

Kirk Smith http://twitter.com/KirkInSLO
Preview file
112 KB
0 Kudos
kjb007
Immortal
Immortal
‎05-19-2008 03:35 PM
Jump to solution

This is for the client side. On the SAN side, you will have similar config to add the name of the ESX's initiator IQN into the SAN target to allow access for ESX to connect.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
Kirk_S
Contributor
Contributor
‎05-19-2008 04:36 PM
Jump to solution

I'm looking into the SAN side, and can't find exactly what I'm looking for. I'll check the documentation and post again later/tomorrow.

What I'm curious about though is do the different VLANs need to be routable to each other? I was under the impression that the idea is to keep things separate for security and performance reasons, but if the Equallogic box needs to talk to the HP server on VLAN 520, it's not going to happen the way things are configured now. Is that a problem?

-Kirk S

Kirk Smith http://twitter.com/KirkInSLO
0 Kudos
kjb007
Immortal
Immortal
‎05-19-2008 05:25 PM
Jump to solution

Weinstein5 mentioned this above, and it is in the documentation, but a little unclear. For ESX server 3, you will need to be able to get to the iSCSI network from a service console port, as well as the vmkernel port. If your network is not routable, then you will need to create an additional service console port that is on the iSCSI network. The regular service console does not need to be able to get to the iSCSI network, if an additional service console port exists that can get to the iSCSI network.

This should not be required for ESX 3.5

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
weinstein5
Immortal
Immortal
‎05-19-2008 05:47 PM
Jump to solution

KjB - exactly what I meant to say - thanks for cleareing up my communication - :smileycool:

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
0 Kudos
Kirk_S
Contributor
Contributor
‎05-20-2008 01:49 PM
Jump to solution

Ok, I've tried to simplify things today, but I'm still not having much luck. This has to be a networking issue...

I'm now using only the two onboard NICs on the DL360. NIC1 = vmnic0. It's connected to the Management VLAN.

NIC2=vmnic1, which is connected to the iSCSI VLAN.

Picture of my virtual network is attached.

iqn.1998-01.com.vmware:server20-1dabfe96 is configured in the Access list on the Equallogic box as an acceptable iSCSI initiator.

iSCSI initiator is enabled in ESX, firewall port is open. Not using CHAP or other authenication at this time. I am running ESX 3.5, but created the second Service Console port anyway.

Any ideas?

Kirk Smith http://twitter.com/KirkInSLO
Preview file
107 KB
0 Kudos
TomHowarth
Leadership
Leadership
‎05-20-2008 02:58 PM
Jump to solution

I am not sure about the Equalogic devices but on a NetApp FAS you need to create the Volume and then the LUNS (this you have done)

next you create an iGroup

add your Host iqns to the iGroup and then add your LUN's to the iGroup.

once this has been done you rescan the ESX hosts HBA or SWiSCSI initiator and the Storage appears on the host.

Tom Howarth

VMware Communities User Moderator

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
0 Kudos
Kirk_S
Contributor
Contributor
‎05-20-2008 03:14 PM
Jump to solution

Yeah, I thought I had done that as well. The Equallogic guys did this in their demo (many months ago) so fast it made my head spin. It can't be this hard. Shot of the Equallogic config is attached.

Kirk Smith http://twitter.com/KirkInSLO
Preview file
162 KB
0 Kudos
kjb007
Immortal
Immortal
‎05-20-2008 09:02 PM
Jump to solution

What do you get when you run 'vmkping 192.168.200.150' ?

On your esx host, also run this: 'vmkiscsi-ls -l' and see if you can see anything listed.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Kirk_S
Contributor
Contributor
‎05-21-2008 10:23 AM
Jump to solution

vmkping 192.168.200.150 times out... but I don't think I have any devices on 192.168.200.150. I did try vmkping 192.168.200.50 and it works fine, 0 packet loss.

vmkiscsi-ls -l shows "SFNet iSCSI Driver Version 3.6.3 - 27-Jun-2005"

Kirk Smith http://twitter.com/KirkInSLO
0 Kudos
christianZ
Champion
Champion
‎05-21-2008 10:39 AM
Jump to solution

First thing I see by your config is you are using iscsi initiator name access but your initiator names in access list and in your esx host are not the same (...vmware in access list and ...equallogic in Esx) - maybe already done.

In addition your iscsi vlan should be routed - you will send warning's email etc.

Normally the the Console ip address should be on access controll list also (the iscsi login starts over it) - but I'm not sure by your config (with initiator name).

When you use the ip addresses in your access controll list then you must put the two ip addresses (console and kernel) on your list.

0 Kudos