iSCSI - discovery dynamic vs. static?

When you use iSCSI, there's an advantage to the use of static discovery from the dynamics for this?

I understand when you use dynamic you point to one IP address and the TCP port and the initator iSCSI will communicate with the target and ask Lun, which will then be accessible. When you use static this information must be manually specified. Is that correct, and is there a reason to use static?

You're right, dynamic discovery with initiator "SendTargets" send to a single IP address and port and if the target is listening on several names and addresses, all of them are sent to a form of TargetName and TargetAddress (incase #). I think that determine what are behind the target LUN is not part of dynamic discovery

As for your second question, hardware server is probably more flexible in terms of network adapters that can be used, so software ISCSI is more flexible, allowing to configure several IP addresses.  Many have IP/port combinations the target gives many more options: one being the ability to connect to the storage of different networks (but which can also be performed on routed networks), the second being more paths in paths multiple configuration when same LUNS accessed using two different IP addresses. And finally, if this hash IP policy could be used for a better distribution of load between natachasery in NIC teaming configuration on the ESX host.

Tags: VMware

Similar Questions

  • ESXi 5.1 Lab question (resolution/iSCSI discovery)

    I have setup a physical environment 2 node ESXi works as expected.

    iSCSI, WDS/PXE, DHCP, DNS, LDAP are all setup and running on a Windows Server, vCenter (VM) is configured and works perfectly.

    Looking to set up RS using VR through 2 virtual data centers I raised 4 VM I deployed ESXi 5.1 using the WDS/PXE of R2 2013 server and everything worked perfectly (wise deployment).

    The use of Kickstart scripts ESXi hosts are fully deployed to VM with 1 GB of storage (sufficient), IP stack, host name, etc. everything is correct.

    First number using the "Test management network' fails resolve host names of all 4 systems (Pings from the work of gateway and dns addresses.). But if I ssh in the hosts and the use of nslookup I can solve all well? Whats up with that?


    Second question which I think is related, is that I am setting up an iSCSI S/W to each adapter and you have configured ldevs/LUN with chap authentication identically as I did for the physical data center and I can't auto-discovery or entries static to discover the storage provisioned. the IQN name have the hostname in them which I believe is originally a resolution problem. For the Autodiscover I use the IP address of the iSCSI server so there is on the resolution of current names.

    All them is on a subnet (255.255.255.0) single 10.10.10.x/24.

    Anyone who can get an idea of why this is happening I would appreciate the help!

    Found the problem...

    Have a Gateway Appliance ClearOS which has several interfaces causing a loop.

    It cleared up and removed the questions.

  • Dynamic to static IPSec with certificate-based authentication

    I'm trying to implement a dynamic to static LAN2LAN vpn from an ASA 5505 (with a dynamic IP address) to an ASA5520 (with a static IP address)
    I wish I had a small (/ 30) network on the side dynamics which I can connect to a larger (/ 24) network on the static side.
    I also try to use the identity for authentication certificates.

    I produced a root and intermediate CA signed of the intermediate CA with the certificate authority root and then created identity cases for
    the ASAs, signed with the intermediate CA using OpenSSL and imported to a trustpoint

    I tried to use the instructions on:
    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a0080930f21.shtml
    to configure certificates (replacing MS with OpenSSL) and following the instructions to:

    I tried the ASDM to set up the cert to identity appropriate on the external interface
    [Configuration-> Device Management-> advanced-> SSL settings]

    and establish a connection profile [Configuration-> Device Management-> connection profiles] on both devices,
    setting the part that gets its IP via DHCP static and the side that has the IP permanently to accept dynamic.

    I apply the settings, and nothing happens.

    See the crypto isakmp just returns "there is none its isakmp.

    I don't know where to start debugging it. How can I force the side DHCP to initiate a connection?

    We are sure that both peers are using the same isakmp settings? It seems the policy that uses rsa - sig on one end uses a different Diffie-Hellman group.

  • KeepAlive to restore a dynamic to static tunnel?

    Hi all

    I have a dynamic to static 501 501 configuration of operating system 6.3 pix pix. I would use KeepAlive to re - establish the tunnel where the tunnel down. Is this possible?

    Theres a workaround for any solution, you have the pix to the extreme end use a local ntp or server syslog, this traffic would bring the tunnel upward, as it has been defined as interesting.

  • VPN site-to-site dynamic-to-static

    Dear

    I have a few sites already connected with ASA 5505 VPN site to site with both ending static IP address.  Normally, all traffic can be found without any problems.  Even, I used 'inside access management' for the two ASA.

    Now I have a new office with only the ADSL pppoe.  I used to install between Site B:remote the site dynamic IP and IP SiteA:static with a similar example of this easy VPN: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

    All my ASA 5505 run 1 8.4 (4)

    Site A - Static IP

    Site B - Dynamic IP with pppoe connection.

    After EasyVPN connected, I don't know how I remote manangment of the site a lan at the ASA 5505 B site?

    Best regards

    Alan.

    If you're ok with or the other solution, it is probably easier to use dynamic to static lan-to-lan, so, at least, that your solution is consistent and fair use lan-to-lan tunnel instead of customer vpn solution mixture and lan-to-lan.

  • Dynamic to static L2L IPSec VPN

    Hello

    I've implemented a dynamic to static IPSec Site to Site VPN between a branch (ship) ASA5505 and headquarters. Now, this solution does not allow HQ initiate the IPsec connection.

    There is a router behind the ASA5505. I heard that if I want to keep the tunnel upward, so that the HQ customers can switch the traffic to remote clients through the tunnel, I would need to run ALS IP icmp probes on the router behind the ASA.

    Could someone explain how to implement it?

    Thanks for your help.

    Frank

    The ICMP probe can be done through any device that is able to do ping, not only of the router.

    The reason is that it is interesting traffic triggers the traffic is encrypted by the vpn tunnel, tunnel will stay up, so you will be able to open the connection to the AC to your remote site.

    Hope that helps.

  • Difference between dynamic and static converters

    Hi, I am looking to understand the difference between a static and a dynamic DAC. I will work on a project that has a very high number of analog outputs 30 IO. I need a Board of 16-bit resolution. I intend to update outputs at a low frequency in the order of 1 Hz (on user deand). I have suggested to use the NI PXI-6704 card with 32 outputs. In order to future-proof our equipment, we plan to buy a few boards that are capable of fast output update rate (a few hundred Hz). I want to know what I'm lost and win with static and dynamic converters. What advice (which are quite fast) would work better for this high number of IO? I'm looking at the 6733, but I am not quite convinced that it is the best alternative.

    Hello

    If you get all PXI/SMU modules, you'll either buy a controller MXI to connect to the desktop computer or to spend more money and get a controller embedded to the SMU chassis. If you want to run applications in real time in the future, you can spend more money upfront and get the controller shipped instead of the connection of MXI. MXI connection allows flexibility of system more than the on-board controller because it allows you to run additional devices that may not be available in PXI format. The two methods are the same in terms of future evidence, they just offer different possibilities (flexibility or real-time).

    Eric

  • Dynamic and static map crypto on a single interface

    I must apply encryption static and dynamic map to a single interface. is this possible?

    crypto ISAKMP policy 10
    md5 hash
    preshared authentication
    !
    crypto ISAKMP policy 11
    BA 3des
    md5 hash
    preshared authentication
    Group 5
    ISAKMP crypto key hronov address 50.76.65.124
    address of pardubice key crypto isakmp 0.0.0.0 0.0.0.0
    !
    !
    Crypto ipsec transform-set esp-3des esp-md5-hmac DYN - TS
    Crypto ipsec transform-set esp-3des esp-md5-hmac ESP_3DES_MD5
    transport mode
    !
    crypto dynamic-map 10 DYN
    game of transformation-DYN-TS
    !
    !
    !
    card crypto IPSEC 10-isakmp dynamic ipsec DYN
    !
    GRE_AND_IPSEC 11 ipsec-isakmp crypto map
    defined by peer 50.76.65.124
    game of transformation-ESP_3DES_MD5
    match address WILL

    Yes.  Slightly modified.

    Make the key of a site to so it can't be used for xauth (aka the authentication of the client).

    crypto isakmp key hronov address 50.76.65.124 no-xauth
    Make the specific card crypto site site come first (priority 10 in this case).
    crypto map IPSEC 10 ipsec-isakmp set peer 50.76.65.124 set transform-set ESP_3DES_MD5 match address GRE
    Do in this case priority low dynamic (60000) map.
    crypto map IPSEC 60000 ipsec-isakmp dynamic DYN

  • A dynamic Site static IOS ASA

    I had a hard time getting a VPN configuration from site to site with a dynamic address on IOS on a static address on ASA. I followed the example found here. http://www.Cisco.com/en/us/Products/HW/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml , but it won't work if I name the Group of Tunnel on the IP address of the WAN IOS port ASA if I use a generic name such as "cisco" as in the example, it will fail. Here's my current ASA configs and IOS. 192.168.7.5.0/24 is side LAN IOS and 192.168.254.0/24 side LAN ASA any help would be appreciated.

    You must use the tunnel group DefaultL2LGroup...

    tunnel-group DefaultL2LGroup type ipsec-l2l

  • Problem of site 2 site config dynamic to static

    I must be missing something in the config, but I'm not sure.

    Try to get a 506th PIX (6.3) at an ASA 5505 (7.2). The PIX is dynamic IP and the SAA is the static IP address. This is a second Site 2 site VPN between the PIX and PIX, another who has an IP staitic.

    I tried everything I can think of. I think it's on the side of the ASA, but not sure. I have reset the pre shared key several times. I tried the sysopt connection permit-vpn on the SAA. He took command, but it does not appear in the config of runn. Put in ipsec-ra tunnels both ipsec-l2l as well as other things. In any case, I have attached my config.

    Almost forgot, I used this link as a guide. http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00805733df.shtml

    Thanks for your help - Keith

    Keith,

    I think you should compare your ASA to static IP and the PIX for dynamic-IP configs - see what is different (apart from the names of things)

    The pre-shared key, I used was test1234 at both ends.

  • SonicWALL dynamic to static ASA

    Forgive the almost matching repost of a question, which I had last week, but I wanted to be sure of something.

    I now have a foreign Sonicwall which has a dynamic outside the address.  I'll set up a tunnel to my ASA, which has a static address.

    Of course the Sonicwall launches the connection.

    I'm so clear:

    On the SAA, I can set up a group of tunnel to accept the * dynamics * connection from the Sonicwall remote?  Or is my only option to use the DefaultL2LGroup (main mode) or DefaultRAGroup (aggressive mode)?

    Thank you!

    Hello

    You can do the following:

    Crypto dynamic-map cisco 1 value transform-set ESP-3DES-MD5-ESP-3DES-SHA

    Kind regards

    -Gustavo

  • VPN L2L dynamic to static w/o DefaultL2LGroup

    I was looking for a method to have a VPN L2L static dyn without using DefaultL2LGroup but to set in place several groups of tunnel for each router with a dynamic IP address. Many people say it is not possible, but I found this guide: http://inetpro.org/wiki/LAN-to-LAN_IPSec_VPN_between_PIX/ASA_7.2_hub_and_IOS_spokes_with_dynamic_IP_addresses

    Now the problem: the vpn rises, but I can't reach any device with a ping.

    Side static: ASA 5505 - 8.22

    Side Dynamics: Zyxel P-661HW-D3

    Here is the config for the SAA:

    access-list outside extended permit icmp any any
    
    access-list outside extended deny ip any any
    
    access-list inside extended permit ip 10.1.0.0 255.255.248.0 10.51.10.0 255.255.255.0
    
    access-list inside extended deny ip any any
    
    access-list VPN extended permit ip 10.1.0.0 255.255.248.0 10.51.10.0 255.255.255.0
    
    access-list ST_3710 extended permit ip 10.1.0.0 255.255.248.0 10.51.10.0 255.255.255.0
    

    nat (inside) 0 access-list VPN
    
    nat (inside) 1 10.1.0.0 255.255.248.0
    

    access-group inside in interface inside
    
    access-group outside in interface outside
    

    crypto ipsec transform-set myset esp-3des esp-md5-hmac
    
    crypto ipsec security-association lifetime seconds 28800
    
    crypto ipsec security-association lifetime kilobytes 4608000
    

    crypto dynamic-map DN3710 1 match address ST_3710
    
    crypto dynamic-map DN3710 1 set transform-set myset
    

    crypto map dyn-map 2 ipsec-isakmp dynamic DN3710
    
    crypto map dyn-map interface outside
    

    crypto isakmp enable outside
    

    crypto isakmp policy 10
    
    authentication pre-share
    
    encryption 3des
    
    hash md5
    
    group 2
    
    lifetime 86400
    

    crypto isakmp policy 20
    
    authentication pre-share
    
    encryption des
    
    hash md5
    
    group 2
    
    lifetime 86400
    
    no crypto isakmp nat-traversal
    

    group-policy GP3710 internal
    
    group-policy GP3710 attributes
    
    vpn-filter value ST_3710
    
    vpn-tunnel-protocol IPSec
    

    tunnel-group TG3710 type ipsec-l2l
    
    tunnel-group TG3710 general-attributes
    
    default-group-policy GP3710
    
    tunnel-group TG3710 ipsec-attributes
    
    pre-shared-key *********

    As you can see it the vpn is in place:

    2   IKE Peer: ***.***.***.***
    
        Type    : L2L             Role    : responder
    
        Rekey   : no              State   : AM_ACTIVE

    Thanks in advance if anyone can help me with this problem.

    Kind regards

    Luca

    Hello Luca,

    You have reason for it, you can have the spokes of landing on a separate tunnel-groups, not only for the DefaultL2LGroup, the ASA follows this sequence when making a tunnel-group looup for L2L tunnels with pre-shared keys:

    - ike-id verified first and could be (full fqdn) host name or IP address

    -If ike-id search fails ASA tent peer IP address

    -DefaultRAGroup/DefaultL2LGroup is used as a last resort

    The output of your "sh cry isa his" I can see that at least Phase 1 is in place for your tunnel, please make sure that it landed on the correct tunnel-group.

    The problem I see clearly here is the VPN filter that you have applied Group Policy, keep in mind that we must apply filters on incoming management vpn.

    When a vpn-filter is applied to a political group that governs a LAN to LAN VPN connection, the ACL must be configured with the
    remote network in the position of the ACL src_ip and LAN in the position of dest_ip of the ACL.  Be careful during the construction of the
    ACL for use with the vpn-filter feature.  The ACL are built with traffic after decrypted in mind, however, they are also applied to the traffic
    in the direction opposite.

    In your case, the remote network is 10.51.10.0 255.255.255.0 and the local network 10.1.0.0 255.255.248.0. so let's say you want to allow just telnet:

    The following ACE will allow remote Telnet network for LAN:

    permit access-list vpnfilt-l2l 10.51.10.0 255.255.255.0 10.1.0.0 255.255.248.0 eq 23

    The following ACE will allow LAN to Telnet to the remote network:
    permit access-list vpnfilt-l2l 10.0.0.0 255.255.255.0 eq 23 10.1.0.0 255.255.248.0

    Note: The ACE access-list vpnfilt-l2l allowed 10.51.10.0 255.255.255.0 10.1.0.0 255.255.248.0 eq 23 will allow the local network establish a connection to the remote on any TCP port network if he uses a port source from 23.

    The access-list vpnfilt-l2l allowed 10.0.0.0 ACE 255.255.255.0 eq 23 10.1.0.0 255.255.248.0 will allow the network to remote connect to the LAN on any TCP port if he uses a port source from 23.

    Kind regards

  • Adobe XML Dynamic vs static pdf

    I created a form with the lifecycle of the ES2 Designer, with actions.

    Once saved as Adobe Dynamic XML (pdf), it works perfectly, however the file size is about 1 MB.

    When I save it in static PDF, the file size is reduced to 195 k, but the actions don't work anymore.

    I need the size of small file because these documents opens on mobile devices. Is it possible to have the best of both worlds here?

    Either PDF static with job actions, or dynamic XML with a small file size.

    Any help would be appreciated.

    Thank you

    The problem is with the fonts used in the PDF file. You have used, Impact, Calibri, Courier New, as well as Myriad Pro native police.

    Because you used other than native fonts, the form is default incorporating these additional fonts in the PDF.

    Probably one of the police taking the size of the PDF file.

    You must change the font Myriad Pro or Arial which is light. (OR) you can make an image of the wording of policy Impact ("Notice of Violation" and "officer's report must be sent within 24 hours Security Office") and use it as a picture inside the PDF file.

    To remove an option Embedded fonts, goto file-> properties-> tab menu in Options.

    Here is the form with the Embed fonts option UNCHECKED. (54 KB). But the special fonts may not display correctly.

    https://Acrobat.com/#d=nWNcZv9QfO0s7Lkr5HbdEg

    I hope this helps.

    Thank you

    Srini

  • How to make dynamic pdf static PDF in java?

    Hello

    I enclose a static SchollForm PDF sample with this post, where it consist of details student such as name, lastName, section etc.

    I would like to convert this static PDF to PDF dynamic average above field must be to complete how to proceed using the java program or what adobe api I need to use which should compatiable with java.

    Please reply soon its urgent.

    Thanks in advance.

    Prashant P M

    Not sure I follow what you mean by a java api... But if you want to convert it to an XFA form (complete and generates XML data) then you can import in LiveCycke Designer. The original format has no concept of a field for once you have the form in the designer, you can ask fields on the top of the form where they need to go. There is a tool in Acrobat that will try and detect where fields should go and it works very well on your form. To do this open the form in Acrobat, and under the forms menu add / change fields. A willingness to dialog pop up to say that there are no fields on the form you want to detect. Click Yes and let the full wizard. Save the form, and then import it into the designer and the fields will be converted to the XFA format for you.

    Paul

  • ASA-dynamic to static VPN fails

    I have an ASA 5510 with an address of STIC and a 5505 with a dynamics.

    I created a dynamic the 5510 virtual private network. When the 5505 with it's dynamic address, tried to connect with me, I get the following errors:

    ' Mar 25 05:45:14 [IKEv1]: IP = 213.137.6.203, message received ISAKMP Aggressive Mode 1 with the name of the unknown group tunnel ' 213.137.6.203 '.
    Mar 25 05:45:14 [IKEv1]: Group = DefaultRAGroup, IP = 213.137.6.203, Removing peer to peer table does not, no match!
    Mar 25 05:45:14 [IKEv1]: Group = DefaultRAGroup, IP = 213.137.6.203, error: cannot delete PeerTblEntry

    I also get a similar error 5505 a aggressive Mode disabled

    Looks like the 5510 believes it is an application for connection (site-to-site) L2L as opposed to a connection established dynamically.  It doesn't have a group of tunnel for 213.137.6.203.  You can create a group of tunnel with that name to resolve this problem.

    The other option is to implement the ASA for a remote access connection (for example, Easy VPN).

    Here's a URL that describes how to configure Easy VPN with NEM and L2L.  HTH

    http://www.Cisco.com/application/PDF/paws/100313/pixasa_easy_l2l_vpn.PDF

Maybe you are looking for

  • I was updating my Iphone 5 iTunes and now it says I have to reconfigure the factory settings it does not recognize my phone

    I was updating the ios on my Iphone 5 and there is a message that says it does not recognize, and I have to reset to the factory settings. The only thing at this point, I can do is to turn the phone on and it displays the logo itune with an arrow poi

  • Why is my SSD filling up so fast?

    I use a Macbook Pro 13 " with El Capitan 10.11.4 2015"128 GB SSD Yesterday I cleaned my SSD at some files & apps that I don't need,and got approximately 49GB of free space.I unplugged my internet connection and put my macbook in standby mode.Today, I

  • CPU 1326DX Pavilion G7 error code

    I'm working on this machine for my friend.  They initially stripped on it because it gave them an error that says the fan from the cpu had to be replaced.  After I did it, I got the constant flashing error codes.  So I did some research and discovere

  • WndOws Vista updates

    I can't update windows automatically or manually. I get a message indicates "Windows Update cannot currently check for updates, because the service is not running." You may have to restart your computer. "Anyone with a useful suggestion l ask you to

  • DV7t with Radeon HD 6770 M - can't rotate screen

    I have a HP DV7t - 6100 CTO Quad Edition My graphics card is the Radeon HD 6770 M (1 GB) I am running Windows 7 Professional (64 bit) I want to turn my monitor 90 degrees (portrait style) but I found no option to do this: I looked into display > scre