Skip to content

Connecting Disks

Glossary

iSCSI portal - a server that provides access to the storage system via the iSCSI protocol and is identified by name or IP address. Each storage type uses own group of iSCSI portals.

IQN - is an identifier format used to identify both iSCSI Target (aka storage server) and iSCSI Initiator (aka client)
iqn.<year-4-digits>-<month-2-digits>.<domain-name-in-reverse-order>:<optional-identifier>

IQN examples

An example of valid identifiers:

  • iqn.2003-01.com.ibm:00.fcd0ab21.shark128
  • iqn.2020-01.io.icdc.LOC:iscsi-ssd

iSCSI target - logical point of connection of the portal.

Target IQN

Target IQN depends on location name (LOC) and storage type provided in location, e.g. for nvme storage type it looks like:
iqn.2020-01.io.icdc.LOC:iscsi-ssd

iSCSI client or iSCSI initiator - is a client machine, each identified by the unique client ID in the same format as the iSCSI target.

Many operating systems generate iSCSI IDs themselves during installation.
For example, CentOS and RedHat generate an identifier in the format iqn.1994-05.com.redhat:fbb1b3344d99, where the last 12 digits are the MAC address of the network interface. When configuring the client, you can use the generated identifier, you can create your own. For an iSCSI client to connect to an iSCSI target, it must be registered with the iSCSI target with a list of disks that it can use.

The same client can be simultaneously connected to one or several targets of the same or different portals. The same iSCSI disk can be connected to multiple clients. The client software is responsible for the integrity of the data.

Connecting iSCSI drives on Windows 10

  1. Launch the iSCSI initiator program: Start-> Search -> iSCSI Initiator

  2. When connecting a disk for the first time, the following dialog will appear:

    Click Yes.

  3. When the program window opens, select the Configuration tab, and select Change to configure the client ID. In the dialog box that opens, enter the name of the client added to the iSCSI Storage UI.

    Or you can go the opposite way: first, open the iSCSI Initiator, find out the default machine ID, and then add a client with that name to the UI.

  4. Select the Discovery tab:

  5. Select Discover portal.

  6. In the dialog that opens, enter the hostname or IP address of the portal corresponding to selected storage type. and click OK:

    Target IQN

    For Storage V1: portal IPs in the iSCSI Storage UI above the Disks and Clients tabs next to the quotas.
    For Storage V2: portal IPs are displayed in Quotas section.
    If there no portal IP in Storage UI, use predefined target IQN (replace LOC with current location name):
    iqn.2020-01.io.icdc.LOC:iscsi-ssd

  7. Make sure the portal was added successfully:

  8. Go to the Targets tab, select a single target from the list, and select Connect:

  9. In the appeared dialog, select Advanced:

  10. In the Advanced window enable Enable CHAP on log on, enter the username and password, click OK and then OK in the Connect to Target window:

  11. Make sure, that the target is in the Connected state:

  12. You can view the connected drives by selecting Devices:

  13. Further, you can work with the disk as with another regular hard disk. Go to Control Panel -> Administrative tools -> Computer Management -> Storage -> Disk Management, and initialize the disk, partition, format, etc.

Connecting via command line on Windows

There is quick commands which allows to connect disk on Windows system via command line util iscsicli.
Add target, e.g. for ssd storage type:

Terminal: as Administrator
iscsicli QAddTarget iqn.2020-01.io.icdc.LOC:iscsi-ssd iscsi.local.LOC.icdc.io

Login using iSCSI client's username and password (CHAP authorization):

Terminal: as Administrator
iscsicli QLoginTarget iqn.2020-01.io.icdc.LOC:iscsi-ssd Username Password

Check list of active iSCSI sessions:

Terminal: as Administrator
iscsicli SessionList

Multi-Path support

Multi-Path technology is the creation of more than one connection between the client and the server for the smooth operation of the service when a problem occurs with one of the connections. If more than one iSCSI portal is configured in the iSCSI Storage service, then the service can operate using multi-path technology, establishing connections to all ports.

Multipath technology can operate in several modes. The only supported mode in iSCSI Storage is the Fail Over mode, in which only one connection works constantly, and the second is enabled only when the first is disabled.

Windows

Multi-path connection is possible on the Windows platform starting from Windows-2016 and on the Linux platform.

Connecting iSCSI disks with Multi-Path support on Windows-2016

  1. Using the ServerManager application, install the Multipath I/O component.

  2. Enable multi-path support for iSCSI devices:
    Open Control Panel -> MPIO, then proceed to Discover Multi-Paths, select Add support for iSCSI devices, press Add, and restart the system.

  3. After restarting, set the Fail Over mode for all connected devices.
    Then open Command Prompt and run command mpclaim -l -m 1.
    Make sure that the Fail Over mode is activated using the command mpclaim-s -m:

  4. Follow the instructions for connecting ISCSI disks on Windows 10, except in the Connect to Target dialog, before clicking OK, check to Enable multi-path:

Connecting iSCSI disks on Linux (CentOS 7)

iSCSI client is configured with multipath support, for failover in case one of the iSCSI servers crashes.

  • Install packages:

    Terminal
    yum install iscsi-initiator-utils device-mapper-multipath

  • Next:

    Terminal
    mpathconf --enable --with_multipathd y

  • Add file /etc/multipath.conf.d/storage.conf which configures multipath for iSCSI devices provided by Storage service:

    /etc/multipath.conf.d/storage.conf
    devices {
        device {
                vendor                 "LIO-ORG"
                hardware_handler       "1 alua"
                path_grouping_policy   "failover"
                path_selector          "queue-length 0"
                failback               60
                path_checker           tur
                prio                   alua
                prio_args              exclusive_pref_bit
                fast_io_fail_tmo       25
                no_path_retry          queue
        }
}

  • Next:

    Terminal
    systemctl enable --now multipathd

  • Get client's IQN from:

    /etc/iscsi/initiatorname.iscsi
    InitiatorName=iqn.2020-01.io.icdc.LOC.clients:client1

  • Set in /etc/iscsi/iscsi.conf parameters node.session.auth.authmethod, node.session.auth.username, node.session.auth.password for CHAP authorization:

    /etc/iscsci/iscsci.conf
    # To enable CHAP authentication set node.session.auth.authmethod
# to CHAP. The default is None.
node.session.auth.authmethod = CHAP

# To set a CHAP username and password for initiator
# authentication by the target(s), uncomment the following lines:
node.session.auth.username = username
node.session.auth.password = password123

  • Start a search for targets, specifying the address of any of the configured iSCSI servers:

    $ iscsiadm  -m discovery -t st -p iscsi.local.LOC.icdc.io

198.18.0.2:3260,1 iqn.2020-01.io.icdc.LOC:iscsi-ssd
198.18.0.3:3260,2 iqn.2020-01.io.icdc.LOC:iscsi-ssd

  • Connect:

    Terminal
    $ iscsiadm -m node -T iqn.2020-01.io.icdc.LOC:iscsi-ssd -l

Logging in to [iface: default, target: iqn.2020-01.io.icdc.LOC:iscsi-ssd, portal: 198.18.0.2,3260] (multiple)
Logging in to [iface: default, target: iqn.2020-01.io.icdc.LOC:iscsi-ssd, portal: 198.18.0.3,3260] (multiple)
Login to [iface: default, target: iqn.2020-01.io.icdc.LOC:iscsi-ssd, portal: 198.18.0.2,3260] successful.
Login to [iface: default, target: iqn.2020-01.io.icdc.LOC:iscsi-ssd, portal: 198.18.0.3,3260] successful.

  • Check multipath:

    Terminal
    $ multipath -ll

36001405c05ae6fc87834550abf4fb426 dm-6 LIO-ORG ,TCMU device
size=1.0G features='1 queue_if_no_path' hwhandler='1 alua' wp=rw
|-+- policy='queue-length 0' prio=50 status=active
| `- 5:0:0:0 sda 8:0  active ready running
`-+- policy='queue-length 0' prio=10 status=enabled
`- 4:0:0:0 sdb 8:16 active ready running

  • Work with /dev/mapper/36001405c05ae6fc87834550abf4fb426 as with a regular disk:

    Terminal
    $ fdisk -l /dev/mapper/36001405c05ae6fc87834550abf4fb426

Disk /dev/mapper/36001405c05ae6fc87834550abf4fb426: 1073 MiB, 1073741824 bytes, 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 4194304 bytes

$ mkfs -t ext4 /dev/mapper/36001405c05ae6fc87834550abf4fb426
...

If the file system located on the iSCSI disk will be added to /etc/fstab, then do not forget to specify _netdev in the mount options.

Other operating systems

For connecting iSCSI drives to other operating systems, see the official documentation for the respective operating system.

Connect disk outside of VPC networks

In some cases (such as data migration) it may be required to connect an iSCSI block device to the host placed outside account's VPC. Connection options are VPN Gateway or DirectConnect.

Temporary setup

This should be considered only as a temporary setup as such connections can have poor performance because of network delays. Also this configuration can be disabled in a specific VPC. If the following configuration did not.

If host is connected via VPN Gateway then make sure that one of the routing options to iSCSI Gateway is configured:

  • Direct routing
  • NAT mapping

VPN direct routing to iSCSI Gateway

  • Add VPC's special VirtualService subnet (198.18.0.0/26 by default) into Wireguard client config to list of allowed IP subnets:

    AllowedIPs = ..., 198.18.0.0/26

  • Reconnect VPN and try accessing iSCSI Gateway by direct IP from the host:

    $ nc -v 198.18.0.2 3260

Connection to 198.18.0.2 3260 port [tcp/*] succeeded!

VPN NAT mapping to iSCSI Gateway

  1. Configure a NAT subnet that does not exist on the connecting host or in the account's VPC.
  2. Add NAT IP record for iSCSI Gateway (198.18.0.2 by default) to the VPN Gateway.

  3. Use NAT IP (e.g. 10.0.0.2) to validate the connection to iSVSI Gateway:

    $ nc -v 10.0.0.2 3260

Connection to 10.0.0.2 3260 port [tcp/*] succeeded!

Connecting via DirectConnect

Connection via DirectConnect requires deploying of NAT Gateway instance, currently deploye upon request to Operator Team.

Use NAT Gateway IP address as iSCSI Portal.

Unfortunately, iSCSI discovering returns original portal IP address from 198.18.0.0/16 subnet, which may not be accessible via DirectConnect connection.

Warning

The recommended method on Windows is to add iSCSI target directly via iscsicli QAddTarget. Do not use adding via iSCSI Initiator UI, as it discovers wrong IP addresses.