Tutorial - Configure VLAN for iSCSI DroboPro, MacMini, Linksys SLM2008

I have been meaning to move off Firewire to iSCSI for a while. Finally got around to it - and wow iSCSI performance is much better than Firewire!

The MacMini has only a single ethernet port which makes it a little difficult to setup a separate VLAN for iSCSI to the DroboPro. I have documented the configuration I used below.

Hardware:
MacMini OS X Snow Leopard
DroboPro
Linksys SLM2008 Switch

VLAN Basics

A VLAN is basically splitting a physical network switch into two or more virtual network switches. A PC can only see the traffic for the VLAN its port on the switch is assigned to.

This tutorial details how to configure a DroboPro, MacMini and Linksys switch such that the DroboPro is in its own storage VLAN, and the MacMini can see both the storage VLAN and the regular network.

I used 192.168.1.x for my computer network as VLAN 1
I used 192.168.2.x for my storage network as VLAN 2

DroboPro Config

First step is to configure the DroboPro. As per the manual hook it up via USB or Firewire and use the DroboDashboard to set an IP Address. In my case I used 192.168.2.200 with subnet mask 255.255.255.0. Shut down the DroboPro, change from USB/Firewire to Ethernet, and hook it to the SLM2008 switch.

Switch Config

Next step is to configure the switch. From the VLAN menu all the ports on the switch are in VLAN 1 by default. From the SLM2008 Web interface I created VLAN 2 to use as my storage network.
I assigned two ports into VLAN 2 - the port connected to my DroboPro and the Port Connected to my Mac Mini
I unassigned one port from VLAN 1 - the port connected to my DroboPro. This way the DroboPro will only see traffic for VLAN2.

When using VLANs in the network each packet is tagged with a VLAN ID number. Computers and storage devices like DroboPro do not put a VLAN ID tag on their outgoing traffic.
In the VLAN Port Settings in the SLM2008 Web Interface you can configure what VLAN ID is automatically added to these untagged packets. By default traffic on all ports is tagged with the Default VLAN ID of 1.
The port connected to DroboPro is only in VLAN 2 so we want traffic coming into this port from DroboPro to have VLAN ID 2 tag added. For the port connected to DroboPro select “2” in the PVID menu.
The default settings for everything else on this page is fine.

At this point the DroboPro is connected to the switch, it will only see traffic for VLAN 2, and its outgoing packets are marked for VLAN 2.
At this point the MacMini is connected to the switch, it will see traffic from both VLAN 1 and VLAN 2, however its outgoing packets are marked for VLAN 1 only - so it cannot send data to the DroboPro (yet).

MacMini Config

The last step is to configure the MacMini so it talks to both the computer network and to the storage network.
This is done by creating a certain type of Virtual Network Interface on the MacMini. The regular network interface will talk to the computer network and the virtual network interface will be used to talk to the DroboPro.

On the Mac go to System Preferences --> Network
Click on the Picture of the Cog in the Lower Left to open a drop down menu. Select “Manage Virtual Interfaces”. From the popup window click the + to add a new VLAN. Give it a descriptive name - e.g. “Drobo VLAN” and for the “Tag” enter the same VLAN number used on the SLM 2008 switch - in my case “2”. Select Ethernet as the Interface.

This now creates a new network interface in the Network Box. Select the “Drobo VLAN” interface and Configure IPv4 Manually to enter an IP Address. This IP Address should be in the same subnet as the DroboPro.
I used 192.168.2.1 with netmask 255.255.255.0
You want to leave the default gateway blank. This Virtual interface will talk on the DroboPro storage network only. It will not talk to your router or go out to the Internet.

So now any traffic to 192.168.2.x will go via the Virtual Network Interface which will tag it for VLAN 2.
All other traffic will go via 192.168.1.x as this has the default gateway defined. This traffic is untagged and the SLM2008 switch automatically tags it for VLAN 1.
Now the MacMini and DroboPro can talk on a private VLAN.

Reboot the MacMini and the DroboDashboard should probe and find the Drobo via iSCSI. If you have any issues make sure the DroboDashboard application and service are not blocked in the OS X Firewall.

Thanks so much, this is my exact configuration and this will really help me setup VLAN which I tried once and was unsuccessful!! What are you thoughts about the benefits of adding a VLAN into the mix? Right now, I just have my DroboPro behind my switch and my Mac Mini hooked into the same switch with no VLAN setup. Do you think I’ll gain any performance and/or reliability with VLAN?

David

Performance should be about the same. Its more around reliability and security.

With VLANs the DroboPro won’t see any traffic on your computer VLANs. It won’t receive broadcast messages, and it guarantees that other PCs won’t be able to contact the Drobo.

If everything is on the one VLAN there is nothing to stop another computer connecting to the Drobo via iSCSI. This would certainly be an issue if another computer had DroboDashboard installed, or if someone was playing with an iSCSI initiator built into the OS (e.g. linux).

I have been doing some performance testing of my new setup and found something odd.

Getting data off the Drobo is very fast over iSCSI. Copying data on is very slow - around 10 to 12MB/second.

After doing some testing by copying files between computers as well as to the Drobo I have found that on my MacMini, any traffic sent out via the VLAN Tagging Virtual Interface is going far slower than it should be.
Speeds are consistent with a 100Mbit network rather than a Gigabit network. This happens when sending data out through this virtual interface to either the Drobo via iSCSI or a file copy to a test computer - so NOT an issue with the DroboPro.

Very weird behaviour. An ifconfig shows that the interface speeds are set correctly:
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:25:00:d7:1b:46
media: autoselect (1000baseT <full-duplex,flow-control>) status: active
supported media: none autoselect 10baseT/UTP 10baseT/UTP 10baseT/UTP <full-duplex,flow-control> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX 100baseTX 100baseTX <full-duplex,flow-control> 100baseTX <full-duplex,hw-loopback> 1000baseT

vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
ether 00:25:00:d7:1b:46
media: autoselect (1000baseT <full-duplex,flow-control>) status: active
supported media: autoselect
vlan: 1 parent interface: en0

I have verified that a regular Virtual Network Interface works at the expected speeds, but a VLAN Tagging Virtual Interface works slow sending data. I’m beginning to wonder if this is a bug in Snow Leopard?

If anyone else does setup something similar I would be interested to know if you get the same performance issue.

ajspencer, I’ve followed your directions on setting up the VLAN, however drobo dashboard was unable to find the Drobo Pro after I’ve completed the VLAN setups. I’ve restarted the Drobo Pro and iMac several times and still nothing. So I took off the VLAN settings and put everything back without VLAN. Just wondering if it it really worth the trouble setting up the VLAN to begin with after seeing your test results…

After extensive testing I was not able to get any better speeds. My guess is that there is some limitation in how Mac OS X is handling its VLAN configuration.

In my setup I have now turned off VLAN tagging. Instead I have given my DroboPro an IP Address in a different subnet to my main network. I then created a standard Virtual Network Interface on the Mac in the second subnet.

Mac: 192.168.1.1 (regular network) ; 192.168.100.1 (Drobo network)
Drobo: 192.168.100.100

This way none of the other computers on the network can talk to the DroboPro as it is in the different subnet. Its not quite a secure as VLANs but its better than running everything in the same subnet.
With this configuration speeds are great - extactly what you would expect for Gigabit Ethernet.

Back in the tread ‘DroboPro Behind Switch’, post 24, I noticed the same issue. Write performance was very poor and stuttering. I switched away from the VLAN config at that point.

Could you provide a little more detail on how you setup the VNI on the Mac and DroboPro. Sounds like a good solution but not sure how to implement this on my Mac Mini. I’ve had some issues with my DroboPro going offline briefly during heavy activity and hope this might provide better reliability. Thanks, David

To Setup without VLANs

DroboPro Config

First step is to configure the DroboPro. As per the manual hook it up via USB or Firewire and use the DroboDashboard to set an IP Address. In my case I used 192.168.100.100 with subnet mask 255.255.255.0. Shut down the DroboPro, change from USB/Firewire to Ethernet, and hook it to your switch. No VLAN configuration on the switch.

MacMini Config

On the Mac go to System Preferences --> Network
Click on the + Icon in the Lower Left
From the Drop-Down menu select Ethernet and give the service a name (e.g. “DroboPro”). Click Create.
A new network interface will appear in the left panel. Select this network interface.
From the Drop-down in the main window select to configure IPv4 manually. Add in your IP Address details in the same subnet as your DroboPro
In my example
IP Address 192.168.100.1
Subnet Mask 255.255.255.0
Leave the Router, DNS Server, Search domains fields blank.
Click on the Advanced button in the main window.
From the Configure IPv6 Drop-down select Off

You now have a Virtual Network Interface configured. The MacMini will use this interface to talk to the DroboPro only and your standard network interface to talk to the rest of the network.
Your DroboPro is now configured in a separate subnet to the rest of your network - so is only accessible from your MacMini.

In a VLAN setup the switch guarantees that traffic in one VLAN will not be seen by devices in another VLAN. In this setup the different subnet ensures that the DroboPro should ignore any traffic it sees that is not for its subnet. Not quite as secure as a VLAN but better than nothing.

With this setup I get full gigabit speeds.

Thanks! I just ran through your instructions and everything worked great.

ajspencer, thank you for sharing your solution to the VLAN problems. The idea of separating the Drobo Pro apart from the rest of the network while excluding the VLAN part is very helpful.

I don’t really need the VLAN added security at my own house, but any improvements in network stability is appreciated, so thanks for the tip.

I found one BIG problem for me just now with this setup. I have my iTunes library on the DroboPro and after changing the DroboPro to another subnet my 2 AppleTVs cannot access the content through iTunes. If I set the IP manually on the AppleTVs to be on this other subnet then I can access the content but I can’t access the Internet, only local content. Not sure what to do other than revert back to putting the DroboPro back on the same subnet. Other thoughts?

It sounds like iTunes is listening on the wrong network interface. By default I would expect it to listen on both.

I have an AppleTV also and it syncs fine with my Mac which has Virtual Network Interfaces configured.

Try:
System Preferences --> Network
Click on the Cog icon to get a drop-down menu an select “Set Service Order”
Make Ethernet the first in the list. Then give your Mac a reboot.

Hmm, interesting. It looks like I already have Ethernet as first in the list. I suppose it’s possible it’s unrelated but I had so much trouble getting it to sync (ended up restoring the AppleTVs, 2 of them) that I reverted the VNI setup. It seemed clear that the other subnet was causing the problem because when I put the AppleTV on the DroboPro subnet I could sync but when it was on the non-DroboPro subnet I couldn’t. I know that the AppleTV/iTunes syncing has been finicky in the past (have numerous times gotten the dreaded firewall/port 3689 problem) so it’s hard to say for sure what the problem was.

Did you installed some 3rd party firmware on your Apple TV? I was thinking how there would be a problem because AppleTV is suppose to only talk to iTunes.
DroboPro only act as an external drive after the setup, so nothing will be able to see the DroboPro’s traffic except the Mac that have the virtual ethernet setup, which is now on the same subnet as the DroboPro. So I would think there’s nothing to do with setup.
I have an AppleTV with stuff from my iTunes as well and it syncs ok with itunes.
Everything on my Network is 192.168.1., mask 255.255.255.0
DroboPro is alone on 192.168.3., mask 255.255.255.0
Router giving out dhcp on 192.168.1.1

Thanks for the info. I’m using ATVFlash so I can use an external USB drive with my AppleTVs. Maybe I’ll try the setup again but it was such a PITA not to be able to sync with iTunes that I’m thinking of not messing with it.