Fiber channel vs ISCSI

FIBER CHANNEL VS ISCSI:

Fiber Channel is not always acceptable and affordable technology because of its high price and complexity. Moreover, highly-qualified professionals are required in order to deploy, set up, and maintain the Fiber Channel SAN. 

Differences between iSCSI and Fiber Channel

Usually Storage Area Networks are presented by Fiber Channel networks. To transfer SAN data at high-speeds up to 10 Gbps and higher, Fiber Channel uses optical fiber cabling. Fiber Channel can operate in different topologies: point-to-point, switched fabric and arbitrated loop.

However, Fiber Channel is not always acceptable and affordable technology because of its high price and complexity. For example, every server needs specialized HBA card. In a SAN each HBA must be connected to a corresponding port on a Fiber Channel switch.

Moreover, highly-qualified professionals are required in order to deploy, set up, and maintain the Fiber Channel SAN. For example, it is necessary to ensure that the LUNs created in storage are accessible to the definite servers or applications. To do so, you need to zone them and mask which requires specialized knowledge and experience.

High price and complexity of implementing Fiber Channel reduced possibilities of SAN deployment for SMB until Storage over IP (SoIP) SANs based on the iSCSI protocol appeared. It is not new approach to send storage data over an IP network. The FCIP and iFCP protocols are designed to combine advantages of FC protocol and routable IP networks. But their disadvantage is that you need gateway for FC to the FCIP or iFCP protocols. It makes infrastructure even more complex and increases the cost of the total solution. Advantage of iSCSI is that it`s designed to run over IP and therefore is routable without any additional costs.

Comparing to Fiber Channel, iSCSI is cheaper and easier-to use. Most often iSCSI SAN technology needs good quality equipment including network interface cards (NIC) and Ethernet switches. In order to enhance iSCSI performance, it is useful to implement Ethernet NICs with TCP/IP offload engine (TOE) that helps reduce the CPU demands for iSCSI command processing. But you can implement iSCSI SAN without big investments using existing Ethernet NICs and switch equipment. Nowadays, iSCSI SANs work at 1 Gbps Ethernet speed, but you can expand it up to 10 Gbps Ethernet (GigE) installing 10 GigE NICs and switches.

It is possible to build and maintain two networks: Ethernet LAN for user communication and Fiber Channel SAN for storage. However, it is easier and more cost effective to use the existing Ethernet infrastructure for both LAN and SAN.

It's also important to mention the difference between iSCSI SAN and NAS. Though they use the same IP/Ethernet network, ISCSI SAN puts at your disposal a local disk drive and provides block-level access to data, while NAS provides network attached drive and serves up a file giving file-level access to data. Decision to implement SAN or NAS depends on your needs and applications that use the storage.

Performance of iSCSI and FC

Practical experience shows that Fiber Channel and iSCSI work with the storage applications almost identically, but there are performance limitations of iSCSI concerning the most resource-demanding applications. It becomes apparent in bandwidth-intensive applications when bandwidth is not enough to handle the data flow, which results in the degraded performance. However, users with exceptional performance requirements implement iSCSI SAN in 10 GB Ethernet that allows to handle any storage application.

Obvious problem concerning the Ethernet performance is common oversubscription practice.

For most servers high performance is not necessary, that is why almost all Ethernet switches are oversubscribed. Usual admission for oversubscribe is 10 to 1. To handle the load on oversubscribed switches in high performance iSCSI SAN, use of hi-end Ethernet switches is recommended.

Using iSCSI and the existing Ethernet infrastructure makes building of your shared storage easy, fast and affordable task.

Security overview in iSCSI and FC

Most implementation differences between the protocols regard security issues. Despite the popular misconception, iSCSI is more secure than Fiber Channel SANs, because Fiber Channel native to authentication protocols are rarely used. Most storage systems rely on the basic differences in Fiber Channel structures and the complex features of LUN zoning and masking to keep SAN data secure. ISCSI obviously has more security features than Fiber Channel from authentication to encryption. Using more security features in iSCSI is easier.

In a Fiber Channel SAN it is necessary to use zones which are connecting servers and storages, then mask all authorized volumes on any disk. ISCSI does not use zoning. Both iSCSI and FC work with LUNS but FC exports to fabric all disks, while using iSCSI it is possible to define which disks will be connected. Both FC and iSCSI support multiple LUNS.

ISCSI uses advanced authentication technology called Challenge Handshake Authentication Protocol (CHAP). Fiber Channel can’t support native encryption over the wire. To protect data in flight, iSCSI can utilize IPSec encryption. At the same time FC has FC-SP with analogs to IPSec and CHAP.

To make SAN highly secure and reliable, you need to separate it from the outside world. This is natural feature of Fiber Channel, but for iSCSI it can be a problem. You don't want iSCSI SAN data "leaking" out over the user LAN. The best way to avoid this is to build dedicated SAN network which in addition gives you another benefit of the iSCSI optimized performance. However, it is easier to establish iSCSI SAN using the virtual LAN (VLAN). VLAN defines in the physical LAN a logical portion which can be used only by SAN, and administrator can set up accessibility rules to regulate and guard the traffic.

How to make mixed iSCSI and FC environment?

Many companies decide to use both Fiber Channel and iSCSI at the same time. A mixed SAN infrastructure has become popular because it gives the opportunity to keep existing Fiber Channel infrastructure while supporting the introduction and expansion of iSCSI. For example, the popular trend is "SAN inclusion", which means that not mission-critical applications and servers are connected to iSCSI SAN which is not as expensive as the Fiber Channel SAN.

It is possible to use at the same time an iSCSI gateway, Fiber Channel switch with iSCSI support, intelligent storage switches and gateways, and multiprotocol storage arrays. ISCSI gateways are simple and easy to use, but they can be expensive. Gateways do all of the translations between iSCSI and Fiber Channel.

Future perspectives for iSCSI and FC?

It is obvious that iSCSI is the appropriate choice for SMBs. However, large companies test iSCSI in workgroups or remote offices in order to take advantage of its costs in the future. Although nobody can say that the end of Fiber Channel is close, some companies are ready to discard their existing Fiber Channel infrastructure investments and experience base. Now we can see how this process is going on, faster and faster from year to year. In a very close future iSCSI will be the dominant SAN protocol.