iSCSI On FreeBSD

freebsd iscsi storage

It’s really up to you. Many people not really sure about choosing between DAS(Block-Level directly), NAS(File-Level over the network) and SAN(Block-Level over the network). it’s not the space you need. The important questions are:

1. What is your storage expansion policy ?  

If you have the possibility to expand your storage locally and have a linear expansion ratio, it means you have suitable time and resources to prepare your storage, so you can use DAS, NAS, SAN or mix them as you want. But if you can’t estimate growth ratio and it’s not linear, it’s better to choose something over the network, like NAS or SAN.

2. What is your backup policy ?  

There are 3 types of backup. Full, Incremental and Differential.
Incremental back up only the changed data, since the last full or incremental backup and differential back up only the changed data, since the last full backup. Incremental backup is most suitable for network-enabled like NAS or SAN because of needed network bandwidth.

3. What is your access policy ?  

If you have to write at the same time in the same area, NAS is required because block-level access can corrupt your data.

FreeBSD iSCSI Target

FreeBSD, manage the iSCSI with a configuration file located in /etc/ctl.conf. add a line to /etc/rc.conf to make sure the ctld daemon is automatically started at boot, and then start the daemon.
# sysrc ctld_enable=YES

This is a sample of ctl.conf:

portal-group pg0 {  
		discovery-auth-group no-authentication  
		listen 192.168.1.10  
}  

portal-group pg1 {  
		discovery-auth-group no-authentication  
		listen 192.168.2.10  
}  


auth-group ag0 {  
		chap iscsi1 iscsi0pass123456  
}  

auth-group ag1 {  
		chap iscsi2 iscsi1pass123456  
}  


target iqn.2018-05.com.meetbsd.storage:target0 {  
		auth-group ag0  
		portal-group pg0  
		lun 0 {  
				path /dev/zvol/storage/iscsi_0  
				size 10G  
		}  
}  

target iqn.2018-05.com.meetbsd.storage:target1 {  
		auth-group ag1  
		portal-group pg1  
		lun 1 {  
				path /dev/zvol/storage/iscsi_1  
				size 10G  
		}  
}  

This config file mainly includes three sections:

1. Portal-groups  

which contains network settings like discovery, listening IP and port.

2. Auth-group  

which contains the authentication method, user, and password.

3. Target  

which contains portal-group, auth-group and LUN(logical unit number).
LUN defines the path and size of allocation plus other options.

Since we have two interfaces with 192.168.1.10 and 192.168.2.10 IP addresses and want to both of them simultaneously so we created two portal-group that need no password to discover on the client-side.

Then we created two auth-group with usernames and passwords. This authentication method is CHAP (Challenge-Handshake Authentication Protocol). CHAP means password never use directly and instead client and server use challenge message and one-way hash to verify authentication.
This modular config file lets you separate network aspects from others and you can manage easily.
Then the point is password must be 8 digits at least.

Then start ctld by:
# service ctld start
iSCSI target will listen on port 2360 and everything is on order but if you change this config file later then just issue this command:
# service ctld reload

You can get full edition at:
https://contents.meetbsd.ir/ebook/zfs_bsdmag.pdf
Or:
https://bsdmag.org/download/bhyvearm64-virtualization-on-armv8-a/


enter image description here