Today, while setting up things for SRM home lab, i was using the same iSCSI Storage server for the Protected and Recovery Site, i know this is a bad design but for a home lab it should be fine and obviously the ESXi hosts at both protected and recovery sites see the LUNs presented at each site. To avoid this, LUN masking has to be done on all ESXi hosts, so i thought i would also blog about it with step by step procedure. Although this task is mostly done from the storage end, it is a good thing to know how to do it from ESXi.
Below is how the datasores are before LUN masking. As you can see, all the datastores are visible to all the hosts in Protected and Recovery Sites.
LUN masking can only be done on the LUNs that are managed by VMware NMP multipathing service, if you have any third party multipathing software plugin like EMC PowerPath, this procedure does not apply. Masking the paths reduces the chance of APD issue to occur.
Keep the host in maintenance mode.
Find the Multipath Plug-in that are currently installed using below command.
By default, ESXi5 shows only NMP although it has MASK_PATH
Now check all the device mappings using the command below.
Make a note of the datastores that needs to be masked on this host, in my case it is LUN1-R, LUN2-R, Recovery Datastore.
Also get the list of paths that a device have using below, in my case, there is only one path to device and below are the paths for the three LUNs.
esxcfg-mpath -b -d
Now look at the claimrules currently on the ESXi using below.
esxcli storage core claimrule list
To mask the path, add a claim rule with any number that is not listed in the above step. To add a claimrule use the command as below. There are many ways a claimrule can be added in my case, i am using the type and location.
esxcli storage core claimrule add --rule 120 -t location -A vmhba33 -C 0 -T 5 -L 0 -P MASK_PATH esxcli storage core claimrule add --rule 121 -t location -A vmhba33 -C 0 -T 4 -L 0 -P MASK_PATH esxcli storage core claimrule add --rule 122 -t location -A vmhba33 -C 0 -T 3 -L 0 -P MASK_PATH
Verify the claimrules after adding them.
Load the claimrules and verify a runtime is present.
esxcli storage core claimrule load
Now that the claimrule is loaded, we need to unclaim the path to the devices and run the rules. Unclaiming disassociates the paths from PSA plugin, disassociates them from NMP and associate them with the MASK_PATH.
esxcli storage core claiming reclaim -d eui.0db0a424bb3fda82 esxcli storage core claiming reclaim -d eui.7c183560cfc13e1d esxcli storage core claiming reclaim -d eui.bf146f1ac97a9f0f
Now run the rules and rescan the HBA
esxcli storage core claimrule run
Reboot the host. That’s it. We have now masked the LUNs. To verify the same, use the mappings command we used earlier.
Exit out of the maintenance mode. I performed the same on all other hosts and below is how the datastores look now in both protected and recovery sites.
Hope this was informative. Thanks!