No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

LUNCOPY is failed when using firewall nat mode to map ISCSI port of S2600 to public IP on some site

Publication Date:  2012-10-08 Views:  61 Downloads:  0
Issue Description
The client uses two series of storage products to do full-capacity LUN copy, then brings one of them somewhere else to do incremental luncopy. But there is only one public IP in the client headquarters and the client demands security, so place the main storage in private area, map 3260 port to public IP via firewall mode. Using public IP to link, the main storage can add opposite site initiator and establish link normally. But it is failed to add the main site initiator on the opposite site. 
Alarm Information
none
Handling Process
1. Create ipsec VPN to make iscsi port communicate via private IP.
2. Suggest the client to add one more public IP.
Root Cause
1. Establish iSCSI link from dependent array S2600 to main array S2600, run Discovery according to the configured IP and port of target, it is successful.
Array log:
Nov  2 09:52:58 linux kernel: [1751244856]*****ISCSIINI_LOG:[Thread:OpenLinkThread, build_session_skeleton:4077]->using ini name: iqn.2006-08.com.huawei:oceanstor:21000022a10328b8:notconfigB to connet target
Nov  2 09:52:58 linux kernel: [1751244879]*****ISCSIINI_LOG:[Thread:OpenLinkThread, init_connection:3571]->Connect to target 0 cid 0 at 125.78.48.178:5555 conn 00000100150d8000 successful.
//transfer iSCSI port IP to 5555 port of public IP 125.78.48.178.
2. Log on to target, but it comes fault when visiting via the IP address and port from the opposite end.
Array log:
Nov  2 09:52:58 linux kernel: [1751245445]*****ISCSIINI_LOG:[Thread:rx-0-20866, parse_text_buffer:275]->DISCOVERY:Get target_name = iqn.2006-08.com.huawei:oceanstor:21000022a10328b7::192.168.0.201
Nov  2 09:52:58 linux kernel: [1751245445]rx-0-20866 Discovery TargetAddress=192.168.0.201:3260,11
//the returned name and IP from target
192.168.0.201:3260。
Nov  2 09:52:58 linux kernel: [1751245518]*****ISCSIINI_LOG:[Thread:rx-0-20866, iscsi_leave_rx_with_create_normal_session:3354]->DISCOVERY: creat normal session target_name = iqn.2006-08.com.huawei:oceanstor:21000022a10328b7::192.168.0.201, target_addr = 192.168.0.201:3260
Nov  2 09:52:58 linux kernel: [1751245518]*****ISCSIINI_ERR:[Thread:rx-0-20866, ISCSIINI_isTargetReachable:3308]->parameter: pszTargetIP = 192.168.0.201 , pszLocalIP = 220.189.243.218 , PortId = 0 , controller = 1 , local maske = 255.255.255.224
//the initiator try to use 192.168.0.201 to start session visit.
Nov  2 09:52:58 linux kernel: [1751245518]*****ISCSIINI_ERR:[Thread:rx-0-20866, init_connection:3492]->The Target 192.168.0.201 is unreachable from 220.189.243.218
Nov  2 09:52:58 linux kernel: [1751245518]*****ISCSIINI_ERR:[Thread:rx-0-20866, create_session:4319]->init_session failed
Nov  2 09:52:58 linux kernel: [1751245518]*****ISCSIINI_LOG:[Thread:rx-0-20866, remove_session_from_hostdata:5228]->Drop connection[0] from session[0].
//in client’s network, the dependent end 220.189.243.218 can only ping the transferred address 125.78.48.178:5555, but not the private IP.
3. S2600 iSCSI link follows the iSCSI standard process. NAT map cannot modify iscsi port ip to public ip. When the dependent receives the information, it finds the ip cannot be connected.
Suggestions
Before do project configuration, communicate with R$D to ensure the feasibility of project.

END