VMware Cloud Community
BMWagner
Contributor
Contributor

Help with San connection from ESX

I am very GREEN when it comes to vmware and could really use some help. I have 2 esx servers setup, in a cluster and they have the datastores on the physical box. I need to setup an iSCSI connection to the san. However, in all of the readings I have gone through it says that the iSCSI needs to be in the same broadcast domain or be able to be contacted by the gateway of vCenter. We have a gateway lets say 192.168.1.1 with a subnet of C, but our sans is in a different subnet like 172.16.8.1 and does not allow any traffic from the 192 side or anything for that matter. Even though I have multiple nics in the server and pointing to that vlan I am not getting a connection. Is there someone will to explain this to me? I would greatly appreciate it. Thanks a bunch.

Tags (3)
Reply
0 Kudos
12 Replies
kjb007
Immortal
Immortal

You need to create a vmkernel portgroup. Assign it an IP address on either subnet, and make sure it can route to your iSCSI target. Once you have the vmkernel interface configured, make sure the iSCSI initiator is enabled in your firewall/security profile.

-KjB

VMware vExpert

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
BMWagner
Contributor
Contributor

Thanks for the info. I did create a port group with the ip on the sans subnet. Using 2 nics that are allowed only to the subnet for sans and I do know that the iSCSI initiator is allowed through vCenter firewall. What I get confused about is it says that the default gateway must be able to route to the sans. Ours is denied for security sake and is completely segmented off.

Reply
0 Kudos
rpartmann
Hot Shot
Hot Shot

Hi,

do you have a the following portgroups in the 172.x subnet?

-> service console (neccessary for send targets)

-> vmkernel ( I/O Traffic )

Reinhard.

ps: Award points if you find answers helpful. Thanks.

ps: Award points if you find answers helpful. Thanks.
BMWagner
Contributor
Contributor

on vSwitch0 I have a service console port and have the 192 subnet with a gateway of 192.168.1.1

then on vSwitch1 I have a service console port of 172.16.8.5 and the vmkernel is 172.16.8.4 and the gateway for the vmkernel is 172.16.8.1. But in the service console on vswitch1 it shows the default gateway as what it is for switch0. To me that doesn't seem right.

does that make sense?

Reply
0 Kudos
kjb007
Immortal
Immortal

That is correct. You can only have 1 default gateway, that's why it's default. This will mean that the 2nd service console will be used for communication, when the destination is on the same segment, which in this case it is. Are you able to 'vmkping <targetIP>' from the console now? If so, then networking is configured correctly, and you'll have to move on to the firewall as well as the initiator configuration.

-KjB

VMware vExpert

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Reply
0 Kudos
BMWagner
Contributor
Contributor

I can ping the default gateway of the gateway on the service console on vSwitch0. But I cannot ping anything on the other network and I have made sure that the firewall is not blocking it. But we have rules in place that say nothing can talk to the san network except the san vlan. So the other network is not able to contact it via the default gateway. So I am guessing that is my problem. They don't want any hosts to be contacting the san network through the gateway.

Reply
0 Kudos
kjb007
Immortal
Immortal

There are two things here. 1, vmkping will exercise your vmkernel interface connectivity, so a vmkping against your san IP will go out your vmkernel interface. If it is successful,then you know your vmkernel IP can talk to your SAN. The 2nd console interface should not really be required anymore, but, if the 2nd console and the IP San are on the same network, a simple ping against the sanIP, should go out that 2nd console interface. Are you using trunk ports, and can you validate the correct VLANs are available on the correct interfaces?

-KjB

VMware vExpert

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Reply
0 Kudos
BMWagner
Contributor
Contributor

Well here is what I have found so far. On one server I could ping the vMotion subnet. I have found that the swiscsi is not enabled by default. I have that enabled now and I am able to see the san on that one. However, on the other server I can't even vmkping the vMotion subnet or the default gateway. I can ping the default gateway but not vmkping. So I have looked at the config on both servers and they look identical. But for some strange reason I am not connecting.

Reply
0 Kudos
kjb007
Immortal
Immortal

If you can not vmkping, double-check your IP and netmask. That will be the first step. If that does not work, then your SAN connection will not succeed.

-KjB

VMware vExpert

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Reply
0 Kudos
BMWagner
Contributor
Contributor

I have it working. Finally!!! One problem was a switch in one of the blade centers. I had to redo my networking stuff and then it started working. Plus I also found out that esxcfg-swisci has to be enabled. That was my big problem. I was able to ping but getting nothing with iscsi. Thanks for all your help!!

Brenda

Reply
0 Kudos
kjb007
Immortal
Immortal

Networking is one of the biggest issues I deal with on a regular basis.

You can also enable iSCSI from the storage adapters tab in the ESX server configuration. Click on the adapter, and click properties, and enter your information.

-KjB

VMware vExpert

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Reply
0 Kudos
BMWagner
Contributor
Contributor

I did that initially but I still had to go in and do the esxcfg-swscsi -e Then I was able to get connected.

Reply
0 Kudos