iSCSI Implementations
Ethernet Link Aggregation
mechanisms (e.g.: “NIC Teaming”,
“Etherchannel”, “VIF” etc) allow
multiple links to act as a single
high-bandwidth link.
1Gb/s
iSCSI
1Gb/s
Storage
VLAN 10
VLAN 20
Ethernet VLANS allow traffic to be
segregated into separate virtual
LANS, despite sharing physical
switches. Traffic in VLAN 20 is not Options for Security & Performance
visible from VLAN 10
The Ethernet interfaces within an iSCSI device can be combined into a group
to create a single logical link, a virtual link, sometimes called a VIF (“Virtual
Interface”).
This makes it possible to increase the I/O channel bandwidth to a device by
combining multiple 1Gb/s links onto a multiple-link trunk.
This is very similar to the “trunking” mechanisms seen in Fibre Channel
networks, and the “Etherchannel” and “NIC Teaming” mechanisms often
encountered in large Ethernet networks.
For security, the iSCSI devices should be connected to a dedicated LAN or
VLAN, where only certain devices can “see” the iSCSI Storage.
This partitioning can be used to prevent unauthorised devices on other
networks being able to access the ports of the iSCSI Storage, since they have
no visibility into other VLANs.