Re: software iscsi port binding question

matthewrtqs · ‎04-10-2012

I'm sure this has been asked and answered elsewhere, but Google isn't finding the answer. I setup software iSCSI with port binding to bind vmk4 and vmk5 to the vmhba. My question is this, if there are three interfaces on the NetApp that can have iSCSI services two reachable by vmk4 and vmk5 and the 3rd reachable by vmk0, will vSphere allow iSCSI traffic to cross vmk0?

I'm more or less stuck with this configuration to be able to support SnapProtect backups with Commvault, but am hoping that port binding will prevent unwanted paths from being established.

chriswahl · ‎04-11-2012

It depends on the targets you have configured. If you are presenting targets from a subnet that vmk0 cannot reach, then it will not be used.

If you are using a single subnet, then I would suggest masking the vmk0 IP from being able to reach the NetApp. Do this on the target. No traffic can cross a vmkernel unless it has first logged in to the iSCSI target, which would not be possible if you mask it.

VCDX #104 (DCV, NV) ஃ WahlNetwork.com ஃ @ChrisWahl ஃ Author, Networking for VMware Administrators

matthewrtqs · ‎04-11-2012

All three vmkernel ports are on different subnets. However for the sake of argument, assume that the NetApp will accept iSCSI connections from all three subnets. So in this case vmk0 could initiate a session.

I could be wrong, but to my knowledge the NetApp can only filter on the initiator, not by IP.

So it sounds like, even though it isn't bound to the vmhba the vmk0 port will participate in iSCSI connections.

chriswahl · ‎04-11-2012

If you are using different subnets you are fine.

When you add the target (or use send targets) part of the process is specifying an IP address of the array. If you didn't use an IP from the vmk0 subnet for any targets, the host won't be able to use vmk0 for traffic.

VCDX #104 (DCV, NV) ஃ WahlNetwork.com ஃ @ChrisWahl ஃ Author, Networking for VMware Administrators