Moderator
Moderator

Re: ASM - iSCSI and network traffic segregation

Yes, you would need to enable routing and open your firewall for replication regardless if using ASM or not.

The level of “lock down” depends on your specific situation; however, it’s typically beneficial to setup your rules for the entire iSCSI VLAN  subnet as opposed to setting for each individual IP (this would have to include not only the Group IP, but each Array ETH interfaces (all members) and all host IP’s on the iSCSI network VLAN).

MANDATORY PORTS AND PROTOCOLS

iSCSI protocol:

Type Port Protocol Access
TCP 3260 iSCSI To the group IP address and all individual member IP addresses

EqualLogic Internal Communication Protocols:
The members of a PS Series group communicate with one another using the following protocols.

EqualLogic Internal Protocols :
Type Port Protocol Used for
UDP 161 SNMP Management operations
TCP 9876 Internal iSCSI intra-system control (Mesh connection)
TCP 25555 Internal Group communication
TCP 20002 Internal Event logging
TCP 20003 Internal Internal event querying

There are additional ports you may want to open (management, CLI, syslog, etc.) see this solution for complete details: https://support.equallogic.com/support/solutions.aspx?id=1444 (support contract user account required).  Once on the page, search for “ports” in the KB, and look for the solution titled “ARRAY: Network ports used by a PS Series group”

-joe

-Joe

Social Media and Community Professional
#IWork4Dell
Get Support on Twitter - @dellcarespro

Follow me on Twitter: @joesatdell 

0 Kudos