VMware Cloud Community
edv2009
Contributor
Contributor
Jump to solution

Setting up Networking for ESX 3.5 with iSCSI?

Okay, I am having a little bit of an issue here...

I have 3 VLANs:

ID

1 - Management Network

2 - iSCSI Network

3 - Production or Guest OS Communication LAN

I cannot figure out how to get ESX configured properly or something because my iSCSI storage is not being discovered. Can someone help guide me on how my NICs should be configured? I have 6 NICs and will eventually bond them but for now I wanted 1 for ESX Management, 1 for iSCSI, and 1 for VM Network if that makes sense. If there is a better please let me know, but I defnitely want to setup my iSCSI on it's own VLAN (2). I have been through a few docs and cannot get it to work.... Thanks...

Ed

Reply
0 Kudos
1 Solution

Accepted Solutions
20 Replies
weinstein5
Immortal
Immortal
Jump to solution

Welcome to the forums - First question are you usig a hardware iSCSI intiator or the software initiator - if you are using the software intiator there are a few things you need to make sure are in place:

  1. The service console needs to be able to get to the iSCSI target - the easiest way to do this is to create a Service Console port on the vswitch used by yu vmkernel ports

  2. The iSCSI port is opened on the service console firewall -

  3. Configur CHAP Authentication if you are using it -

Check out page50 of the iSCSI SAN Configuration Guide for more information - http://www.vmware.com/pdf/vi3_35/esx_3/r35u2/vi3_35_25_u2_iscsi_san_cfg.pdf

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
Reply
0 Kudos
edv2009
Contributor
Contributor
Jump to solution

Thanks for the information!

I tried everything and created a Service console on my iSCSI vSwitch with the VMKernel but still no go... Hmmm Strange. I checked to just be sure the port (3260) was open on my iSCSI SAN and it is so I am at a loss... When you said to be sure to check the firewall on the Service Console port, did you mean in the Security Profiles, or is there something I am missing there? I could not find any firewall setting for the Service Console specifically.

I also made sure each device could reach one another and they (ESX and iSCSI Box) can both ping one another on each VLAN.

Any other ideas? Thank you very much for responding... I appreciate it!

Ed

Reply
0 Kudos
mike_laspina
Champion
Champion
Jump to solution

Hi,

For ESX to run an iSCSI software initiator you will need to provide connectivity from both the Service Console (SC) IP and the iSCSI vmkernel IP to the target IP. This is because the SC performs discovery and auth and then the vmkernel performs scsi commands (CDB's)

Since they are on separate VLANs you will need to add another SC IP to the VLAN that the iSCSI VLAN lives on.

vExpert 2009

http://blog.laspina.ca/ vExpert 2009
Reply
0 Kudos
edv2009
Contributor
Contributor
Jump to solution

Okay, thanks for the info... I did find then when logged into the shell of my ESX server, i cannot ping the IP of my iSCSI box. I am using the software initiator. Here is the setup below:

vswitch0 - SC - VLAN1 - 192.168.50.10 - Gateway 192.168.50.1

vswitch1 - VMKernel tagged w/ VLAN 2 ID - IP 192.168.60.9 - no Gateway

SC2 tagged with VLAN2 ID - IP 192.168.60.10 - Gateway 192.168.60.1

The switch I am using is a Cisco 3750 and it is routing. I can ping to each subnet (VLAN) to another from a regular client laptop so i think my ESX network config is wrong. When I ping from the Shell, I sometimes get a brief reply from my iSCSI box when i hit ok and then it stops again. My iSCSI box IP is 192.168.60.100

Thanks,

Ed

Reply
0 Kudos
edv2009
Contributor
Contributor
Jump to solution

Okay,

So I have made some new discoveries... When logged on to the console through putty, I cannot ping the iSCSI Host when the Service Console 2 in added to the vswitch with VMKernel. As soon as I take it out, I can ping the iSCSI Host. Any ideas?

Thanks,

Ed

Reply
0 Kudos
patrickds
Expert
Expert
Jump to solution

make sure you are using a subnet mask of 255.255.255.0 and no routing between VLAN subnets

Reply
0 Kudos
edv2009
Contributor
Contributor
Jump to solution

I have checked my mask and I am using 255.255.255.0 - each VLAN is a Class C.

When you say no routing between VLAN subnets, could you explain a little further? I have routing enabled on my switch for the VLANS so each VLAN can talk to the other. Is that a problem?

Just to make sure my iSCSI was working I added another interface to my iSCSI box on VLAN 1 (native 192.168.50.x) and then setup the iSCSI portion of ESX on that as well and everything worked on vswitch0, but everything is now on vswitch0. As soon as tried the iSCSI setup using VLAN 2 with another vswitch it just won't talk to the iSCSI box.... Ugh! I do appreciate all the tips! I think it is close.... Smiley Happy

A little more info is that with the console open pinging my iSCSI host I tried adding vmswitch1 from scratch to see where this stops. I have found that when I add the VMKernel portion to my new vswitch1 I can still ping the iSCSI host, but as soon as I add my SC2 to vswitch1 it stops replying.... Does this help?

Just to clarify my network here is the setup:

Switch: Cisco 3750

routing enabled

VLAN 1 - 192.168.50.x Gateway: 192.168.50.1 (Cisco 3750)

VLAN 2 - 192.168.60.x Gateway: 192.168.60.1 (Cisco 3750)

VLAN 3 - 192.168.70.x Gateway: 192.168.70.1 (Cisco 3750)

As you can see it is pretty basic... which is why this is frustrating me.... Smiley Happy Thank you for all of your great suggestions. I hope I can get this working.....

Ed

Reply
0 Kudos
christianZ
Champion
Champion
Jump to solution

Have you used vmkping for pinging?

The other thing is the access to your iscsi storage for your SC2 - that must be configured - is needed for iscsi login.

And you can ping the vmkernel port and sc2 from your storage site also.

Reply
0 Kudos
edv2009
Contributor
Contributor
Jump to solution

I have but and no reply as well. Should I try something with using the arguments while pinging the iSCSI Host?

Ed

Reply
0 Kudos
christianZ
Champion
Champion
Jump to solution

Check the other points - I've just edited my posting.

Reply
0 Kudos
edv2009
Contributor
Contributor
Jump to solution

Ah Ha! Okay, I think we may be getting somewhere.... I am on the console of my iSCSI Storage and cannot ping my SC2 IP and they are on the same VLAN. So now I am trying to figure out where the problem lies.... On my iSCSI box I am getting a "destination host unreachable" As far as login goes, are meaning CHAP? I have not setup anything for that yet just to make sure I can get it talking first and eliminate one problem at a time.

Thanks,

Ed

Reply
0 Kudos
christianZ
Champion
Champion
Jump to solution

What storage have you there?

Reply
0 Kudos
edv2009
Contributor
Contributor
Jump to solution

I am using OpenFiler.....

Reply
0 Kudos
christianZ
Champion
Champion
Jump to solution

Post following here:

esxcfg-vmknic -l

esxcfg-vswif -l

esxcfg-route

What ip has your iscsi target?

For now don't use any chap.

What is the ip of gateway for your both consoles?

As I wrote on some iscsi storage one must configure the lun access for vmkernel port ip and the console ip (by you the SC2) too.

Reply
0 Kudos
christianZ
Champion
Champion
Jump to solution

Reply
0 Kudos
edv2009
Contributor
Contributor
Jump to solution

Okay, I will post the info soon... I believe my problem may lie on the OpenFiler side... In the console of my Openfiler box I cannot ping my gateway address which would be 192.168.60.1 (Cisco Switch) I have added a default gateway for the NIC assigned with the iSCSI IP. My hosts on the network can ping the iSCSI Host (Openfiler) with no problem but OpenFiler cannot ping anything on the 192.168.60.x net.... Eeeesh!

Thank you so much for the info... I will post the info as soon as I can but I am going to try to get the Openfiler issue solved because it should have no problem pinging the gateway, wouldn't you think?

Ed

Reply
0 Kudos
christianZ
Champion
Champion
Jump to solution

Seem to be a few network mismatches - check especially the Xtravirt docu - as I can see they configured the Chap - but not sure if it is needed.

Can you ping anything from your Openfiler?

When you use ping on Esx host then all the communication runs over console no1. Don't forget.

Reply
0 Kudos
edv2009
Contributor
Contributor
Jump to solution

christianZ, what can I say, you are awesome! That link you sent regarding the Opefiler setup was exactly what I needed to get Openfiler working! I just added my iSCSI storage using VLAN2 and all is found for disk! Thank you soo much! You saved my weekend... At least what is left of it.... Really do appreciate it!

Reply
0 Kudos
christianZ
Champion
Champion
Jump to solution

Glad to help you.

Reg

Christian

Reply
0 Kudos