Re: ASM - iSCSI and network traffic segregation
Yes, you would need to enable routing and open your firewall for replication regardless if using ASM or not.
The level of “lock down” depends on your specific situation; however, it’s typically beneficial to setup your rules for the entire iSCSI VLAN subnet as opposed to setting for each individual IP (this would have to include not only the Group IP, but each Array ETH interfaces (all members) and all host IP’s on the iSCSI network VLAN).
MANDATORY PORTS AND PROTOCOLS
Type Port Protocol Access
TCP 3260 iSCSI To the group IP address and all individual member IP addresses
EqualLogic Internal Communication Protocols:
The members of a PS Series group communicate with one another using the following protocols.
EqualLogic Internal Protocols :
Type Port Protocol Used for
UDP 161 SNMP Management operations
TCP 9876 Internal iSCSI intra-system control (Mesh connection)
TCP 25555 Internal Group communication
TCP 20002 Internal Event logging
TCP 20003 Internal Internal event querying
There are additional ports you may want to open (management, CLI, syslog, etc.) see this solution for complete details: https://support.equallogic.com/support/solutions.aspx?id=1444 (support contract user account required). Once on the page, search for “ports” in the KB, and look for the solution titled “ARRAY: Network ports used by a PS Series group”
Social Media and Community Professional
Get Support on Twitter - @dellcarespro
Follow me on Twitter: @joesatdell