ESXi

 View Only
  • 1.  How to restrict iscsi traffic to specfic vmk port

    Posted Sep 23, 2011 05:00 AM

    Hi,

    My server have two eth port, I put them in a dvswitch, then I creat 3 vmkernel port :

    vmk0 : management port, two uplinks

    vmk1 , vmk2 are each in a port group that only have one uplink

    Then I configured iscsi port binding on softwar iscsi port to vmk1 and vmk2,

    BUT, the vmk0 still shows up as a valid path! how do I diable vmk0 in the iscsi ?

    Cheers.



  • 2.  RE: How to restrict iscsi traffic to specfic vmk port

    Posted Sep 23, 2011 05:53 AM

    I feel you failed to use port binding properly.  Please refer to vmware SAN configuration.

    correct port bindind shoud be vmk1<===> uplink1, vmk2<==>uplink2. There are two paths.

                    ______

    vmk1 ---- |            |

                    |            |

                    |            |---- pnic1

                    |            |---- pnic2

    vmk2 ----|             |

                   |             |

                   -----------

    In you setting, just one uplink for iscsi.  As a result, there is only one path.

    Zhifeng



  • 3.  RE: How to restrict iscsi traffic to specfic vmk port

    Posted Sep 23, 2011 06:03 AM

    No, I said:

    vmk1 and vmk2 are in two different port group that each port group has 1 uplink

    vmk1 -> pnic1

    vmk2-> pnic3

    and my problem is:  I'm having 3 paths, where vmk0 is showing as a path to my iscsi store as well.



  • 4.  RE: How to restrict iscsi traffic to specfic vmk port

    Posted Sep 23, 2011 06:05 AM

    Yes,  I think it is reasonable if your mgmt port(vmk0) is pingable to iscsi target's IP address.



  • 5.  RE: How to restrict iscsi traffic to specfic vmk port

    Posted Sep 23, 2011 06:12 AM

    Then what is the point of having iscsi port binding at all???



  • 6.  RE: How to restrict iscsi traffic to specfic vmk port

    Posted Sep 23, 2011 06:16 AM

    You is binding vmk1 and vmk2 and didn't bind the mgmt port.  So there are 3 paths.

    one is vmk1---pnic1, the next is vmk2--pnic3 and the last is vmk0 ---- any one of the two uplinks on mgmt vswtich.

    It is correct.



  • 7.  RE: How to restrict iscsi traffic to specfic vmk port

    Posted Sep 23, 2011 06:22 AM

    I know why I will have 3 path, I am saying that this design is broken, because I have no way to "not bind" the port I don't want send iscsi.

    at least there should be a check box saying "don't use non-binded port"



  • 8.  RE: How to restrict iscsi traffic to specfic vmk port

    Posted Sep 23, 2011 07:07 AM

    Where are you seeing the 3 paths?  Not an exact copy of your environment, but with a single vswitch, 3 vmk ports (all with IP connectivity to the iSCSI target), and only 2 bound to iSCSI I get two paths as expected and not 3.



  • 9.  RE: How to restrict iscsi traffic to specfic vmk port

    Posted Sep 23, 2011 07:30 AM

    do you have 3 eth port on the server? does each vmk bound to different port?

    my configuration is:

    vmk0 -> g-vmk (uplinks: vmnic0+vmnic1)

    vmk1 -> g-iscsi1 (uplinks: vmnic0)

    vmk2-> g-iscs2 (upliks: vmnic1)

    vmk1 and vmk2 path only show up if I add iscsi port bind to it, but vmk0 path is always there.



  • 10.  RE: How to restrict iscsi traffic to specfic vmk port

    Posted Sep 23, 2011 08:03 AM

    I understand what you mean.  In fact, you don't use the iscsi path via mgmt port.   I think this is a good feature request.

    You can set path policy to fix/mru and select the binded port as the active path as a workaround.