• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • Life always offers you a second chance ... Its called tomorrow !!!

    Tuesday, August 26, 2014

    How to configure iscsi target using Red Hat Linux

    Before starting with the configuration let us understand some basics on iSCSI.

    Starting with the abbreviation iSCSI stands for Internet Small Computer System Interface which is a block level protocol for sharing your storage devices over an IP network. iSCSI can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet, and can enable location-independent data storage and retrieval.

    How is the iSCSI data transfer secure over network?

    This question can be arised since the data is getting transferred over IP network there might be a probability the this data can be compromised so to overcome this data in iSCSI is encapsulated at several layers of OS layer.

    The encapsulation architecture looks something like below

    • SCSI payload consists of read write data that gets sent to and from disks.
    • Then first layer of encapsulation is provided. iSCSI works at the session layer of the OSI model and encapsulates SCSI payloads into iSCSI PDU i.e. Protocol Data Unit
    • As the iSCSI PDU passes down the layers of the network stack it gets further and further encapsulated at each layer
    • into TCP segments of the network layer
    • into IP packets at network layer
    • into Ethernet frames at data link layer

    When it arrives at the other side of the network at the destination each of its layer is then ripped of one by one untill we are left with our original scsi payload.

    iSCSI Initiator is considered as the client and iSCSI traget as the server. There can be multiple targets available and owns the storage. The storage is divided into multiple LUNs(Logical Unit Number) and is mapped into iSCSI target which then is used by the client using iscsi initiator.

    Configure iSCSI target (server)

    # yum install scsi-target-utils -y
    Start the iscsi related service
    # service tgtd start

    # chkconfig tgtd on

    Creating LUN

    Let us create a new logical volume

    I have added a new hard disk to my virtual machine on which I will create a new logical volume.
    # fdisk /dev/sdb
    WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
             switch off the mode (command 'c') and change display units to
             sectors (command 'u').
    Command (m for help): n
    Command action
       e   extended
       p   primary partition (1-4)
    Partition number (1-4): 1
    First cylinder (1-1305, default 1):1
    Using default value 1
    Last cylinder, +cylinders or +size{K,M,G} (1-1305, default 1305):[Press Enter]
    Using default value 1305
    Command (m for help): p
    Disk /dev/sdb: 10.7 GB, 10737418240 bytes
    255 heads, 63 sectors/track, 1305 cylinders
    Units = cylinders of 16065 * 512 = 8225280 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disk identifier: 0x398d6cc3
       Device Boot      Start         End      Blocks   Id  System
    /dev/sdb1               1        1305    10482381   83  Linux
    Command (m for help): t
    Selected partition 1
    Hex code (type L to list codes): 8e
    Changed system type of partition 1 to 8e (Linux LVM)
    Command (m for help): w
    The partition table has been altered!
    Calling ioctl() to re-read partition table.
    Syncing disks.

    # partprobe /dev/sdb

    # pvcreate /dev/sdb1
      Physical volume "/dev/sdb1" successfully created

    # vgcreate VolGroup1 /dev/sdb1
      Volume group "VolGroup1" successfully created

    # lvcreate -L 5G VolGroup1 -n work
      Logical volume "work" created

    So here I have create a new Logical Volume by the name of work. So next is to add this path as LUN to my iSCSI target
    # vi /etc/tgt/targets.conf
    (search for "default-driver iscsi" and add a next line as shown below)

    <target iqn.2014-09.com.example:target1>
        backing-store /dev/VolGroup1/work

    Here backing-store <path> defines a logical unit (LUN) exported by the target. This may specify either a regular file, or a block device.
    # /etc/init.d/tgtd restart
    Stopping SCSI target daemon:                              
    [  OK  ]
    Starting SCSI target daemon:                               [  OK  ]

    To view the configure iscsi targets and LUN
    # tgtadm --mode target --op show
    Target 1: iqn.2014-09.com.example:target1
        System information:
            Driver: iscsi
            State: ready
        I_T nexus information:
        LUN information:
    LUN: 0
                Type: controller
                SCSI ID: IET     00010000
                SCSI SN: beaf10
                Size: 0 MB, Block size: 1
                Online: Yes
                Removable media: No
                Prevent removal: No
                Readonly: No
                Backing store type: null
                Backing store path: None
                Backing store flags:
            LUN: 1
                Type: disk
                SCSI ID: IET     00010001
                SCSI SN: beaf11
                Size: 5369 MB, Block size: 512
                Online: Yes
                Removable media: No
                Prevent removal: No
                Readonly: No
                Backing store type: rdwr
                Backing store path: /dev/VolGroup1/work
                Backing store flags:
        Account information:
        ACL information:

    As you see two LUNs are visible when we had created only one. If you see nicely LUN 0 is a controller LUn that acts as an interface to the controller.

    LUN 1 is the disk type with the LVM which we just created.

    iptables rule on server

    # iptables -I INPUT -m state --state NEW -p tcp --dport 3260 -j ACCEPT
    # service iptables save

    On Client

    # yum -y install iscsi-initiator-utils
    Discover the iscsi target from your server
    # iscsiadm --mode discovery --type sendtargets --portal --discover
    Starting iscsid:                                           [  OK  ],1 iqn.2014-09.com.example:target1

    Now lets confirm the status of our newly discovered target
    # iscsiadm --mode node --op show | less
    # BEGIN RECORD 6.2.0-873.10.el6
    node.name = iqn.2014-09.com.example:target1
    node.tpgt = 1
    node.startup = automatic
    node.leading_login = No
    iface.hwaddress = <empty>
    iface.ipaddress = <empty>
    iface.iscsi_ifacename = default
    iface.net_ifacename = <empty>
    iface.transport_name = tcp
    iface.initiatorname = <empty>
    iface.bootproto = <empty>
    iface.subnet_mask = <empty>
    iface.gateway = <empty>
    iface.ipv6_autocfg = <empty>
    iface.linklocal_autocfg = <empty>
    iface.router_autocfg = <empty>
    iface.ipv6_linklocal = <empty>
    iface.ipv6_router = <empty>
    iface.state = <empty>
    iface.vlan_id = 0
    iface.vlan_priority = 0
    iface.vlan_state = <empty>
    iface.iface_num = 0
    iface.mtu = 0
    iface.port = 0
    node.discovery_address =
    node.discovery_port = 3260
    node.discovery_type = send_targets
    node.session.initial_cmdsn = 0
    node.session.initial_login_retry_max = 8
    node.session.xmit_thread_priority = -20
    node.session.cmds_max = 128
    node.session.queue_depth = 32
    node.session.nr_sessions = 1
    node.session.auth.authmethod = None
    node.session.auth.username = <empty>
    node.session.auth.password = <empty>
    node.session.auth.username_in = <empty>
    node.session.auth.password_in = <empty>
    node.session.timeo.replacement_timeout = 120
    node.session.err_timeo.abort_timeout = 15
    node.session.err_timeo.lu_reset_timeout = 30
    node.session.err_timeo.tgt_reset_timeout = 30
    node.session.err_timeo.host_reset_timeout = 60
    node.session.iscsi.FastAbort = Yes
    node.session.iscsi.InitialR2T = No
    node.session.iscsi.ImmediateData = Yes
    node.session.iscsi.FirstBurstLength = 262144
    node.session.iscsi.MaxBurstLength = 16776192
    node.session.iscsi.DefaultTime2Retain = 0
    node.session.iscsi.DefaultTime2Wait = 2
    node.session.iscsi.MaxConnections = 1
    node.session.iscsi.MaxOutstandingR2T = 1
    node.session.iscsi.ERL = 0
    node.conn[0].address =
    node.conn[0].port = 3260
    node.conn[0].startup = manual
    node.conn[0].tcp.window_size = 524288
    node.conn[0].tcp.type_of_service = 0
    node.conn[0].timeo.logout_timeout = 15
    node.conn[0].timeo.login_timeout = 15
    node.conn[0].timeo.auth_timeout = 45
    node.conn[0].timeo.noop_out_interval = 5
    node.conn[0].timeo.noop_out_timeout = 5
    node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
    node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
    node.conn[0].iscsi.HeaderDigest = None
    node.conn[0].iscsi.IFMarker = No
    node.conn[0].iscsi.OFMarker = No
    In our last steps we just discovered new targets but they are still not added to our server so lets go ahead and add them locally. But before that let us verify the block devices available on our system so that we can be check the differences
    # ls -l /dev/ | grep sd
    brw-rw----  1 root disk      8,   0 Aug 25 16:21 sda
    brw-rw----  1 root disk      8,   1 Aug 25 16:21 sda1
    brw-rw----  1 root disk      8,   2 Aug 25 16:21 sda2

    # iscsiadm --mode node --targetname iqn.2014-09.com.example:target1 --portal --login
    Logging in to [iface: default, target: iqn.2014-09.com.example:target1, portal:,3260] (multiple)
    Login to [iface: default, target: iqn.2014-09.com.example:target1, portal:,3260] successful.
    As you see we have sucessfully logged in as we hadn't configured any sort of CHAP authentication so it didn't prompted for any user authentication details.

    Next lets recheck the list of block devices connected to the system
    # ls -l /dev/ | grep sd
    brw-rw----  1 root disk      8,   0 Aug 25 16:21 sda
    brw-rw----  1 root disk      8,   1 Aug 25 16:21 sda1
    brw-rw----  1 root disk      8,   2 Aug 25 16:21 sda2
    brw-rw----  1 root disk      8,  16 Aug 25 18:34 sdb

    So as you see a new block device sdb has been added to the system.

    Make sure iscsi services are set to start on reboot
    # chkconfig --list iscsi
    iscsi           0:off   1:off   2:off  
    3:on    4:on    5:on    6:off

    Related Articles:
    Disk Attachment Technology FC vs SAS vs iSCSI
    Configuring iSCSI storage using openfiler

    Follow the below links for more tutorials

    What is the difference/comparison between Unix and Linux ?
    What are the maximum and minimum limits for RHEL 4 vs 5 vs 6 ?
    Step by Step Linux Boot Process Explained In Detail
    What is the difference between ext3 and ext4 filesystem in Linux ?
    How to configure Private Network in VMware Workstation
    10 examples to help you understand top command usage in Unix/Linux
    Configure Red Hat Cluster using VMware, Quorum Disk, GFS2, Openfiler
    Tutorial for Monitoring Tools SAR and KSAR with examples in Linux
    15 tips to enhance security of your Linux machine
    Why is Linux more secure than windows and any other OS
    Understanding Load Average in Linux and when to be worried about it?
    RAID levels 0, 1, 2, 3, 4, 5, 6, 0+1, 1+0 features explained in detail
    Understanding UMASK value in Linux
    How to keep a track of all the commands run by any user in Linux
    How do you check Linux machine is Physical or Virtual remotely?
    How to configure PXE boot server in Linux using Red Hat 6


    1. Very nicely written !!! plz do add for FCOE SAN as well !!! thanks in advanced