Roman,
The COMSTAR iSCSI target starts up an IP listener socket any time an
iSCSI target comes online that needs to listen on a new TCP port
number. As currently implemented, these TCP listeners listen on ALL
interfaces rather than being restricted to just the interfaces that are
mentioned in the TPGs that are online. Access control is applied later,
when a connection attempt is made. If a connection arrives for target T
via an interface and port number that is not used by target T, then the
connection is rejected.
For example, suppose there are three targets, as follows:
Suppose the box has two IP addresses 10.0.0.1 and 10.0.0.2
itadm create-target ===> target A (will listen on all interfaces for
port 3260)
itadm create-tpg TPG3260 10.0.0.1:3260
itadm create-target -t TPG3260 ===> target B (will listen on one
interface for port 3260)
itadm create-tpg TPG50001 10.0.0.2:50001
itadm create-target -t TPG50001 ===> target C (will listen on the
other interface for port 50001)
If target A is online, there will be a listener created on all
interfaces for port 3260. Connections arriving from any interface on
port 3260 for target A will be accepted.
If target B is online, it will use the same listener on all interfaces
for port 3260. Connections arriving from interface 10.0.0.1 on port
3260 for target B will be accepted. Connections arriving from any other
interface for target B will be rejected.
If target C is online, there will be a listener created on all
interfaces for port 50001. Connections arriving from interface 10.0.0.2
on port 50001 for target C will be accepted. Connections arriving from
other interfaces will be rejected. Similarly, connections arriving for
other targets on port 50001 will be rejected.
The "Send Targets" discovery service depends on the existence of ANY
target that uses the default port of 3260. If either target A or target
B is online, then the SendTargets discovery service will be available.
For example, the SendTargets service will be available on all
interfaces even if only target B is online.
Does the behavior that you are observing match the above description? I
have not seen the above behavior documented anywhere. If this behavior
causes significant issues, let us know.
Peter C
On 08/31/09 17:08, Roman Naumenko wrote:
Sorry for repeated question, I remember somebody asked already, can't find when.
First question:
1. Does a configured target with all hg,tg,tpg, initiators - everything, none
the less makes comstar listen on all interfaces for incoming connections?
netstat -an | grep 3260
*.3260 *.* 0 0 262300 0 LISTEN
Basically, I would like to restrict connections to LUN to a particular one. The
same for an initiator - it should not see other targets.
2. Target configured along with tpg on interface e1000g0, but I can get list of targets by adding Target portal discovery as e1000g0 ip on initiator. Although it can't login, still confusing.
Again, I'm getting the list of targets since it listens on all interfaces.
Any references to the documentation explaining this are appreciated.
--
Roman Naumenko
ro...@bestroman.com
_______________________________________________
storage-discuss mailing list
storage-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/storage-discuss
