Re: Setting firmware/offload engine parameter "Large_Frames" on QLogic HBAs

Frank Fegert Mon, 17 Aug 2015 07:46:21 -0700

Hello Adheer,

On Fri, Aug 14, 2015 at 11:06:18AM +0000, Adheer Chandravanshi wrote:
> You can verify the bidirectional chap entry using the `chap` submode of
> `iscsiadm -m host` command.
> For details, refer the " Host mode with chap submode " section in the
> open-iscsi README for this.
> 
> A bidi chap entry cannot be directly associated with any flashnode entry.
> You just need to create a bidi chap entry in the chap table and associate the
> flashnode with the local (unidirectional) chap entry, as you have already
> done.
> I see parameters `flashnode.session.chap_auth_en`  and
> `flashnode.session.bidi_chap_en`  enabled in your config. So you are good
> there.


thanks for taking the time and your explaination! Unfortunately this does
not seem to work in my environment :-( The CHAP table entries in my previous
examples were not manually created by me, but rather were leftovers created
by previous "iscsiadm -m node" commands.
I tried to verify your suggestion, cleared out the CHAP tables and created
entirely new entires. Please see the output shown below. This does not seem
to work with bi-directional authentication, though. But as soon as i switch
off the "flashnode.session.bidi_chap_en" option, the login works with the
newly created CHAP tables.
Starting from a clean open-iscsi configuration, i also tested logins with
the "iscsiadm -m node [...] -l" command over the qla4xxx interfaces. Those
also fail as soon as the "node.session.auth.(username|password)_in" para-
meters are set.
A login to the same targets, with the same username and password combination
over the interfaces of the ethernet network function of the same HBA works
fine, even with bi-directional authentication.
Is there some more detailed information available on how the CHAP table
entries are chosen for incoming authentication? Or do you have any other
suggestion on what i might be missing here?

Thanks & best regards,

    Frank


#### Clear all CHAP table enties
user@host:# for IDX in $(seq 1 7); do iscsiadm -m host -H 1 -C chap -o delete 
-x $IDX; done
Deleteing CHAP index: 1
Deleteing CHAP index: 2
Deleteing CHAP index: 3
Deleteing CHAP index: 4
Deleteing CHAP index: 5
Deleteing CHAP index: 6
Deleteing CHAP index: 7

user@host:# for IDX in $(seq 1 7); do iscsiadm -m host -H 2 -C chap -o delete 
-x $IDX; done
Deleteing CHAP index: 1
Deleteing CHAP index: 2
Deleteing CHAP index: 3
Deleteing CHAP index: 4
Deleteing CHAP index: 5
Deleteing CHAP index: 6
Deleteing CHAP index: 7

user@host:# iscsiadm -m host -H 1 -C chap -o show

user@host:# iscsiadm -m host -H 2 -C chap -o show

#### Create new outgoing CHAP entry for target1
user@host:# iscsiadm -m host -H 1 -C chap -x 1 -o new -n host.auth.username -v 
<username> -n host.auth.password -v <password-on-target1>

user@host:# iscsiadm -m host -H 2 -C chap -x 1 -o new -n host.auth.username -v 
<username> -n host.auth.password -v <password-on-target1>

user@host:# iscsiadm -m host -H 1 -C chap -o show
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 1
host.auth.username = <username>
host.auth.password = <password-on-target1>
# END RECORD

user@host:# iscsiadm -m host -H 2 -C chap -o show
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 1
host.auth.username = <username>
host.auth.password = <password-on-target1>
# END RECORD
# END RECORD

#### Associate new outgoing CHAP entry with flash node
user@host:# iscsiadm -m host -H 1 -C flashnode -x 2 -o update -n 
flashnode.session.chap_out_idx -v 1
Update flashnode 2.
Update for flashnode 2 of host 1 successful.

user@host:# iscsiadm -m host -H 2 -C flashnode -x 2 -o update -n 
flashnode.session.chap_out_idx -v 1
Update flashnode 2.
Update for flashnode 2 of host 2 successful.

user@host:# iscsiadm -m host -H 1 -C flashnode -x 2
# BEGIN RECORD 2.0-873
flashnode.session.auto_snd_tgt_disable = 0
flashnode.session.discovery_session = 0
flashnode.session.portal_type = ipv4
flashnode.session.entry_enable = 0
flashnode.session.immediate_data = 1
flashnode.session.initial_r2t = 0
flashnode.session.data_seq_in_order = 1
flashnode.session.data_pdu_in_order = 1
flashnode.session.chap_auth_en = 1
flashnode.session.discovery_logout_en = 1
flashnode.session.bidi_chap_en = 1
flashnode.session.discovery_auth_optional = 0
flashnode.session.erl = 0
flashnode.session.first_burst_len = 131072
flashnode.session.def_time2wait = 0
flashnode.session.def_time2retain = 0
flashnode.session.max_outstanding_r2t = 1
flashnode.session.isid = 000e1e17da2c
flashnode.session.tsid = 65535
flashnode.session.max_burst_len = 262144
flashnode.session.def_taskmgmt_tmo = 10
flashnode.session.targetalias = <empty>
flashnode.session.targetname = 
iqn.2001-05.com.equallogic:0-fe83b6-a35c152cc-c72004e10ff558d4
flashnode.session.discovery_parent_idx = 65535
flashnode.session.discovery_parent_type = Unknown
flashnode.session.tpgt = 0
flashnode.session.chap_out_idx = 1
flashnode.session.chap_in_idx = 65535
flashnode.session.username = <username>
flashnode.session.username_in = <empty>
flashnode.session.password = <password-on-target1>
flashnode.session.password_in = <empty>
flashnode.session.is_boot_target = 0
flashnode.conn[0].is_fw_assigned_ipv6 = 0
flashnode.conn[0].header_digest_en = 0
flashnode.conn[0].data_digest_en = 0
flashnode.conn[0].snack_req_en = 0
flashnode.conn[0].tcp_timestamp_stat = 0
flashnode.conn[0].tcp_nagle_disable = 1
flashnode.conn[0].tcp_wsf_disable = 0
flashnode.conn[0].tcp_timer_scale = 3
flashnode.conn[0].tcp_timestamp_en = 1
flashnode.conn[0].fragment_disable = 0
flashnode.conn[0].max_xmit_dlength = 0
flashnode.conn[0].max_recv_dlength = 65536
flashnode.conn[0].keepalive_tmo = 0
flashnode.conn[0].port = 3260
flashnode.conn[0].ipaddress = 10.0.0.2
flashnode.conn[0].redirect_ipaddr = 0.0.0.0
flashnode.conn[0].max_segment_size = 0
flashnode.conn[0].local_port = 0
flashnode.conn[0].ipv4_tos = 0
flashnode.conn[0].ipv6_traffic_class = 0
flashnode.conn[0].ipv6_flow_label = 0
flashnode.conn[0].link_local_ipv6 = <empty>
flashnode.conn[0].tcp_xmit_wsf = 0
flashnode.conn[0].tcp_recv_wsf = 0
flashnode.conn[0].statsn = 0
flashnode.conn[0].exp_statsn = 0
# END RECORD

user@host:# iscsiadm -m host -H 2 -C flashnode -x 2
# BEGIN RECORD 2.0-873
flashnode.session.auto_snd_tgt_disable = 0
flashnode.session.discovery_session = 0
flashnode.session.portal_type = ipv4
flashnode.session.entry_enable = 0
flashnode.session.immediate_data = 1
flashnode.session.initial_r2t = 0
flashnode.session.data_seq_in_order = 1
flashnode.session.data_pdu_in_order = 1
flashnode.session.chap_auth_en = 1
flashnode.session.discovery_logout_en = 1
flashnode.session.bidi_chap_en = 1
flashnode.session.discovery_auth_optional = 0
flashnode.session.erl = 0
flashnode.session.first_burst_len = 131072
flashnode.session.def_time2wait = 0
flashnode.session.def_time2retain = 0
flashnode.session.max_outstanding_r2t = 1
flashnode.session.isid = 000e1e17da2d
flashnode.session.tsid = 65535
flashnode.session.max_burst_len = 262144
flashnode.session.def_taskmgmt_tmo = 10
flashnode.session.targetalias = <empty>
flashnode.session.targetname = 
iqn.2001-05.com.equallogic:0-fe83b6-a35c152cc-c72004e10ff558d4
flashnode.session.discovery_parent_idx = 65535
flashnode.session.discovery_parent_type = Unknown
flashnode.session.tpgt = 0
flashnode.session.chap_out_idx = 1
flashnode.session.chap_in_idx = 65535
flashnode.session.username = <username>
flashnode.session.username_in = <empty>
flashnode.session.password = <password-on-target1>
flashnode.session.password_in = <empty>
flashnode.session.is_boot_target = 0
flashnode.conn[0].is_fw_assigned_ipv6 = 0
flashnode.conn[0].header_digest_en = 0
flashnode.conn[0].data_digest_en = 0
flashnode.conn[0].snack_req_en = 0
flashnode.conn[0].tcp_timestamp_stat = 0
flashnode.conn[0].tcp_nagle_disable = 1
flashnode.conn[0].tcp_wsf_disable = 0
flashnode.conn[0].tcp_timer_scale = 3
flashnode.conn[0].tcp_timestamp_en = 1
flashnode.conn[0].fragment_disable = 0
flashnode.conn[0].max_xmit_dlength = 0
flashnode.conn[0].max_recv_dlength = 65536
flashnode.conn[0].keepalive_tmo = 0
flashnode.conn[0].port = 3260
flashnode.conn[0].ipaddress = 10.0.0.2
flashnode.conn[0].redirect_ipaddr = 0.0.0.0
flashnode.conn[0].max_segment_size = 0
flashnode.conn[0].local_port = 0
flashnode.conn[0].ipv4_tos = 0
flashnode.conn[0].ipv6_traffic_class = 0
flashnode.conn[0].ipv6_flow_label = 0
flashnode.conn[0].link_local_ipv6 = <empty>
flashnode.conn[0].tcp_xmit_wsf = 0
flashnode.conn[0].tcp_recv_wsf = 0
flashnode.conn[0].statsn = 0
flashnode.conn[0].exp_statsn = 0
# END RECORD

#### Create new incoming CHAP entry for target1
user@host:# iscsiadm -m host -H 1 -C chap -x 2 -o new -n host.auth.username_in 
-v <username-from-target1> -n host.auth.password_in -v <password-from-target1>

user@host:# iscsiadm -m host -H 2 -C chap -x 2 -o new -n host.auth.username_in 
-v <username-from-target1> -n host.auth.password_in -v <password-from-target1>

user@host:# iscsiadm -m host -H 1 -C chap -o show
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 1
host.auth.username = <username>
host.auth.password = <password-on-target1>
# END RECORD
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 2
host.auth.username_in = <username-from-target1>
host.auth.password_in = <password-from-target1>
# END RECORD

user@host:# iscsiadm -m host -H 2 -C chap -o show
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 1
host.auth.username = <username>
host.auth.password = <password-on-target1>
# END RECORD
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 2
host.auth.username_in = <username-from-target1>
host.auth.password_in = <password-from-target1>
# END RECORD

#### Create new incoming and outgoing CHAP entry for target2
user@host:# iscsiadm -m host -H 1 -C chap -x 3 -o new -n host.auth.username -v 
<username> -n host.auth.password -v <password-on-target2>

user@host:# iscsiadm -m host -H 2 -C chap -x 3 -o new -n host.auth.username -v 
<username> -n host.auth.password -v <password-on-target2>

user@host:# iscsiadm -m host -H 1 -C chap -x 4 -o new -n host.auth.username_in 
-v <username-from-target2> -n host.auth.password_in -v <password-from-target2>

user@host:# iscsiadm -m host -H 2 -C chap -x 4 -o new -n host.auth.username_in 
-v <username-from-target2> -n host.auth.password_in -v <password-from-target2>

user@host:# iscsiadm -m host -H 1 -C chap -o show
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 1
host.auth.username = <username>
host.auth.password = <password-on-target1>
# END RECORD
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 2
host.auth.username_in = <username-from-target1>
host.auth.password_in = <password-from-target1>
# END RECORD
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 3
host.auth.username = <username>
host.auth.password = <password-on-target2>
# END RECORD
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 4
host.auth.username_in = <username-from-target2>
host.auth.password_in = <password-from-target2>
# END RECORD

user@host:# iscsiadm -m host -H 2 -C chap -o show
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 1
host.auth.username = <username>
host.auth.password = <password-on-target1>
# END RECORD
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 2
host.auth.username_in = <username-from-target1>
host.auth.password_in = <password-from-target1>
# END RECORD
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 3
host.auth.username = <username>
host.auth.password = <password-on-target2>
# END RECORD
# BEGIN RECORD 2.0-873
host.auth.tbl_idx = 4
host.auth.username_in = <username-from-target2>
host.auth.password_in = <password-from-target2>
# END RECORD

#### Associate new outgoing CHAP entry with flash node
user@host:# iscsiadm -m host -H 1 -C flashnode -x 3 -o update -n 
flashnode.session.chap_out_idx -v 3
Update flashnode 3.
Update for flashnode 3 of host 1 successful.

user@host:# iscsiadm -m host -H 2 -C flashnode -x 3 -o update -n 
flashnode.session.chap_out_idx -v 3
Update flashnode 3.
Update for flashnode 3 of host 2 successful.

user@host:# iscsiadm -m host -H 1 -C flashnode -x 3
# BEGIN RECORD 2.0-873
flashnode.session.auto_snd_tgt_disable = 0
flashnode.session.discovery_session = 0
flashnode.session.portal_type = ipv4
flashnode.session.entry_enable = 0
flashnode.session.immediate_data = 1
flashnode.session.initial_r2t = 0
flashnode.session.data_seq_in_order = 1
flashnode.session.data_pdu_in_order = 1
flashnode.session.chap_auth_en = 1
flashnode.session.discovery_logout_en = 1
flashnode.session.bidi_chap_en = 1
flashnode.session.discovery_auth_optional = 0
flashnode.session.erl = 0
flashnode.session.first_burst_len = 131072
flashnode.session.def_time2wait = 0
flashnode.session.def_time2retain = 0
flashnode.session.max_outstanding_r2t = 1
flashnode.session.isid = 000e1e17da2c
flashnode.session.tsid = 65535
flashnode.session.max_burst_len = 262144
flashnode.session.def_taskmgmt_tmo = 10
flashnode.session.targetalias = <empty>
flashnode.session.targetname = 
iqn.2001-05.com.equallogic:0-fe83b6-00e24d5c0-b3a00473c74559fc
flashnode.session.discovery_parent_idx = 65535
flashnode.session.discovery_parent_type = Unknown
flashnode.session.tpgt = 0
flashnode.session.chap_out_idx = 3
flashnode.session.chap_in_idx = 65535
flashnode.session.username = <username>
flashnode.session.username_in = <empty>
flashnode.session.password = <password-on-target2>
flashnode.session.password_in = <empty>
flashnode.session.is_boot_target = 0
flashnode.conn[0].is_fw_assigned_ipv6 = 0
flashnode.conn[0].header_digest_en = 0
flashnode.conn[0].data_digest_en = 0
flashnode.conn[0].snack_req_en = 0
flashnode.conn[0].tcp_timestamp_stat = 0
flashnode.conn[0].tcp_nagle_disable = 1
flashnode.conn[0].tcp_wsf_disable = 0
flashnode.conn[0].tcp_timer_scale = 3
flashnode.conn[0].tcp_timestamp_en = 1
flashnode.conn[0].fragment_disable = 0
flashnode.conn[0].max_xmit_dlength = 0
flashnode.conn[0].max_recv_dlength = 65536
flashnode.conn[0].keepalive_tmo = 0
flashnode.conn[0].port = 3260
flashnode.conn[0].ipaddress = 10.0.0.4
flashnode.conn[0].redirect_ipaddr = 0.0.0.0
flashnode.conn[0].max_segment_size = 0
flashnode.conn[0].local_port = 0
flashnode.conn[0].ipv4_tos = 0
flashnode.conn[0].ipv6_traffic_class = 0
flashnode.conn[0].ipv6_flow_label = 0
flashnode.conn[0].link_local_ipv6 = <empty>
flashnode.conn[0].tcp_xmit_wsf = 0
flashnode.conn[0].tcp_recv_wsf = 0
flashnode.conn[0].statsn = 0
flashnode.conn[0].exp_statsn = 0
# END RECORD

user@host:# iscsiadm -m host -H 2 -C flashnode -x 3
# BEGIN RECORD 2.0-873
flashnode.session.auto_snd_tgt_disable = 0
flashnode.session.discovery_session = 0
flashnode.session.portal_type = ipv4
flashnode.session.entry_enable = 0
flashnode.session.immediate_data = 1
flashnode.session.initial_r2t = 0
flashnode.session.data_seq_in_order = 1
flashnode.session.data_pdu_in_order = 1
flashnode.session.chap_auth_en = 1
flashnode.session.discovery_logout_en = 1
flashnode.session.bidi_chap_en = 1
flashnode.session.discovery_auth_optional = 0
flashnode.session.erl = 0
flashnode.session.first_burst_len = 131072
flashnode.session.def_time2wait = 0
flashnode.session.def_time2retain = 0
flashnode.session.max_outstanding_r2t = 1
flashnode.session.isid = 000e1e17da2d
flashnode.session.tsid = 65535
flashnode.session.max_burst_len = 262144
flashnode.session.def_taskmgmt_tmo = 10
flashnode.session.targetalias = <empty>
flashnode.session.targetname = 
iqn.2001-05.com.equallogic:0-fe83b6-00e24d5c0-b3a00473c74559fc
flashnode.session.discovery_parent_idx = 65535
flashnode.session.discovery_parent_type = Unknown
flashnode.session.tpgt = 0
flashnode.session.chap_out_idx = 3
flashnode.session.chap_in_idx = 65535
flashnode.session.username = <username>
flashnode.session.username_in = <empty>
flashnode.session.password = <password-on-target2>
flashnode.session.password_in = <empty>
flashnode.session.is_boot_target = 0
flashnode.conn[0].is_fw_assigned_ipv6 = 0
flashnode.conn[0].header_digest_en = 0
flashnode.conn[0].data_digest_en = 0
flashnode.conn[0].snack_req_en = 0
flashnode.conn[0].tcp_timestamp_stat = 0
flashnode.conn[0].tcp_nagle_disable = 1
flashnode.conn[0].tcp_wsf_disable = 0
flashnode.conn[0].tcp_timer_scale = 3
flashnode.conn[0].tcp_timestamp_en = 1
flashnode.conn[0].fragment_disable = 0
flashnode.conn[0].max_xmit_dlength = 0
flashnode.conn[0].max_recv_dlength = 65536
flashnode.conn[0].keepalive_tmo = 0
flashnode.conn[0].port = 3260
flashnode.conn[0].ipaddress = 10.0.0.4
flashnode.conn[0].redirect_ipaddr = 0.0.0.0
flashnode.conn[0].max_segment_size = 0
flashnode.conn[0].local_port = 0
flashnode.conn[0].ipv4_tos = 0
flashnode.conn[0].ipv6_traffic_class = 0
flashnode.conn[0].ipv6_flow_label = 0
flashnode.conn[0].link_local_ipv6 = <empty>
flashnode.conn[0].tcp_xmit_wsf = 0
flashnode.conn[0].tcp_recv_wsf = 0
flashnode.conn[0].statsn = 0
flashnode.conn[0].exp_statsn = 0
# END RECORD

#### Try a login on target1
ser@host:# iscsiadm -m host -H 1 -C flashnode -x 2 -o login
Login to flashnode 2.
Login to flashnode 2 of host 1 successful.

target1>
134496:1161:target1:MgmtExec:17-Aug-2015 
11:20:47.531161:targetAttr.cc:585:ERROR:7.4.3:iSCSI login to target 
'10.0.0.1:3260, 
iqn.2001-05.com.equallogic:0-fe83b6-a35c152cc-c72004e10ff558d4-v-han-000002' 
from initiator '10.0.0.5:29546, iqn.2000-04.com.qlogic:isp8214.000e1e37da2c.4' 
failed for the following reason: Initiator disconnected from target during 
login.

134499:1162:target1:MgmtExec:17-Aug-2015 
11:20:53.531162:targetAttr.cc:585:ERROR:7.4.3:iSCSI login to target 
'10.0.0.1:3260, iqn.2001-05.com.equallogic:0-fe83b6-a35c152cc-c72004e10ff558d4' 
from initiator '10.0.0.5:29548, iqn.2000-04.com.qlogic:isp8214.000e1e37da2c.4' 
failed for the following reason: Initiator disconnected from target during 
login.

user@host:# iscsiadm -m host -H 1 -C flashnode -x 2 -o logout
Logout flashnode 2.
Logout of flashnode 2 of host 1 successful.

#### Try a login on target2
user@host:# iscsiadm -m host -H 1 -C flashnode -x 3 -o login
Login to flashnode 3.
Login to flashnode 3 of host 1 successful.

target2>
108149:721:target2:MgmtExec:17-Aug-2015 
11:21:17.580721:targetAttr.cc:585:ERROR:7.4.3:iSCSI login to target 
'10.0.0.3:3260, iqn.2001-05.com.equallogic:0-fe83b6-00e24d5c0-b3a00473c74559fc' 
from initiator '10.0.0.5:29550, iqn.2000-04.com.qlogic:isp8214.000e1e37da2c.4' 
failed for the following reason: Initiator disconnected from target during 
login.
108152:722:target2:MgmtExec:17-Aug-2015 
11:21:23.550722:targetAttr.cc:585:ERROR:7.4.3:iSCSI login to target 
'10.0.0.3:3260, iqn.2001-05.com.equallogic:0-fe83b6-00e24d5c0-b3a00473c74559fc' 
from initiator '10.0.0.5:29552, iqn.2000-04.com.qlogic:isp8214.000e1e37da2c.4' 
failed for the following reason: Initiator disconnected from target during 
login.

user@host:# iscsiadm -m host -H 1 -C flashnode -x 3 -o logout
Logout flashnode 3.
Logout of flashnode 3 of host 1 successful.

#### 

-- 
You received this message because you are subscribed to the Google Groups 
"open-iscsi" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/open-iscsi.
For more options, visit https://groups.google.com/d/optout.

Re: Setting firmware/offload engine parameter "Large_Frames" on QLogic HBAs

Reply via email to