Skip to main content
Version: 26.1

Configure Subnet-Aware iSCSI Login

Use subnet-aware iSCSI login when your cluster spans multiple network subnets and network policies restrict cross-subnet communication. This feature ensures that iSCSI initiator interfaces on Kubernetes nodes connect only to FlashArray target interfaces within the same subnet.

Use subnet-aware iSCSI login if:

  • Your environment includes multiple subnets with both iSCSI initiator and target interfaces.
  • Network policies restrict communication across subnets.
  • You want to ensure that iSCSI traffic remains within subnet boundaries.

When this feature is configured, PX-CSI matches initiator and target interfaces based on subnet membership and performs iSCSI discovery and login only between interfaces in the same subnet.

Prerequisites

Before you configure subnet-aware iSCSI login, make sure:

  • You are using PX-CSI version 26.1.0 or later.
  • The FlashArray has iSCSI target interfaces in multiple subnets.
  • Kubernetes nodes have network interfaces in the corresponding subnets.
  • There is network connectivity between initiator and target interfaces within the same subnet.

Enable subnet-aware iSCSI login

To configure subnet-aware iSCSI login, add the ENABLE_SUBNET_AWARE_ISCSI_LOGIN environment variable to your StorageCluster specification:

  1. Edit the StorageCluster resource:

    kubectl edit storagecluster -n portworx

  2. Add the environment variable under spec.env:

    apiVersion: core.libopenstorage.org/v1
    kind: StorageCluster
    metadata:
      name: px-cluster
      namespace: portworx
    spec:
      env:
      - name: ENABLE_SUBNET_AWARE_ISCSI_LOGIN
        value: "true"

  3. Save the changes. PX-CSI node plugin pods restarts automatically.

Disable subnet-aware iSCSI login

To return to the default behavior, where PX-CSI attempts to connect to all available iSCSI targets:

  1. Edit the StorageCluster resource:

    kubectl edit storagecluster -n portworx

  2. Set the environment variable to false, or remove it:

    spec:
      env:
      - name: ENABLE_SUBNET_AWARE_ISCSI_LOGIN
        value: "false"

  3. Save the changes. PX-CSI node plugin pods will restart automatically.

note

When you disable this feature, existing iSCSI sessions remain active. New volume attachments will use the default behavior and attempt to connect to all available iSCSI targets across all subnets.

Troubleshooting

If no iSCSI sessions are established after configuring subnet-aware login:

  1. Confirm that node interfaces and FlashArray target interfaces share at least one common subnet.

  2. Verify that subnet masks are correctly configured on both nodes and the FlashArray.

  3. Check PX-CSI logs for errors:

    kubectl logs -n portworx <px-node-plugin-pod> -c px-node-plugin