network interface create

Create a logical interface

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The network interface create command creates a logical interface (LIF).
Note: A logical interface is an IP address associated with a physical network port. For logical interfaces using NAS data protocols, the interface can fail over or be migrated to a different physical port in the event of component failures, thereby continuing to provide network access despite the component failure. Logical interfaces using SAN data protocols do not support migration or failover.
Note: On some cloud platforms, this operation might perform changes to the external route tables.

Parameters

-vserver <vserver> - Vserver Name
Use this parameter to specify the Vserver on which the LIF is created.
-lif <lif-name> - Logical Interface Name
Use this parameter to specify the name of the LIF that is created. For iSCSI and FC LIFs, the name cannot be more than 254 characters.
-role {cluster|data|node-mgmt|intercluster|cluster-mgmt} - Role
Use this parameter to specify the role of the LIF. LIFs can have one of five roles:
  • Cluster LIFs, which provide communication among the nodes in a cluster
  • Intercluster LIFs, which provide communication among peered clusters
  • Data LIFs, which provide data access to NAS and SAN clients
  • Node-management LIFs, which provide access to cluster management functionality
  • Cluster-management LIFs, which provide access to cluster management functionality

LIFs with the cluster-management role behave as LIFs with the node-management role except that cluster-management LIFs can failover between nodes.

[-data-protocol {nfs|cifs|iscsi|fcp|fcache|none}, ...] - Data Protocol
Use this parameter to specify the list of data protocols that can be configured on the LIF. The supported protocols are NFS, CIFS, FlexCache, iSCSI, and FCP. NFS, CIFS, and FlexCache are available by default when you create a LIF. If you specify "none", the LIF does not support any data protocols. Also, none, iscsi, or fcp cannot be combined with any other protocols.
Note: The data-protocol field must be specified when the LIF is created and cannot be modified later.
-home-node <nodename> - Home Node
Use this parameter to specify the LIF's home node. The home node is the node to which the LIF returns when the network interface revert command is run on the LIF.
-home-port {<netport>|<ifgrp>} - Home Port
Use this parameter to specify the LIF's home port or interface group. The home port is the port or interface group to which the LIF returns when the network interface revert command is run on the LIF.
-address <IP Address> - Network Address
Use this parameter to specify the LIF's IP address.
Note: A cluster LIF cannot be on the same subnet as a management or data LIF.
{ -netmask <IP Address> - Netmask
Use this parameter to specify the LIF's netmask.
| -netmask-length <integer> - Bits in the Netmask
Use this parameter to specify the length (in bits) of the LIF's netmask.
{ -auto {true|false} - IPv4 Link Local
Use this parameter to specify whether IPv4 link local addressing is enabled for this LIF.
| [-subnet-name <subnet name>]} - Subnet Name
Use this parameter to allocate the interface address from a subnet. If needed, a default route will be created for this subnet.
[-status-admin {up|down}] - Administrative Status
Use this parameter to specify whether the initial administrative status of the LIF is up or down. The default setting is up. The administrative status can differ from the operational status For example, if you specify the status as up but a network problem prevents the interface from functioning, the operational status remains as down.
[-failover-policy {system-defined|local-only|sfo-partner-only|disabled|broadcast-domain-wide}] - Failover Policy
Use this parameter to specify the failover policy for the LIF.
  • system-defined - The system determines appropriate failover targets for the LIF. The default behavior is that failover targets are chosen from the LIF's current hosting node and also from one other non-parter node when possible.
  • local-only - The LIF fails over to a port on the local or home node of the LIF.
  • sfo-partner-only - The LIF fails over to port on the home node or SFO partner only.
  • broadcast-domain-wide - The LIF fails over to a port in the same broadcast domain as the home port.
  • disabled - Failover is disabled for the LIF.

The failover policy for cluster logical interfaces is local-only and cannot be changed. The default failover policy for data logical interfaces is system-defined. This value can be changed.

Note: Logical interfaces for SAN protocols do not support failover. Thus, such interfaces will always show this parameter as disabled.
[-firewall-policy <policy>] - Firewall Policy
Use this parameter to specify the firewall policy for the LIF. A LIF can use a default firewall policy that corresponds to its role (management, cluster, intercluster, or data) or a custom firewall policy created by an administrator. View and modify existing firewall policies using the system services firewall policy show and system services firewall policy modify commands, respectively.
[-auto-revert {true|false}] - Auto Revert
Use this parameter to specify whether a data LIF is automatically reverted to its home node under certain circumstances. These circumstances include startup, when the status of the management database changes to either master or secondary, or when the network connection is made. The default setting is false. If you set the value of this parameter to true, load balancing migration capability of the data LIF is disabled (the -allow-lb-migrate parameter is set to false).
Note: Logical interfaces for SAN traffic do not support auto-revet. Thus, this parameter is always false on such interfaces.
[-dns-zone {<zone-name>|none}] - Fully Qualified DNS Zone Name
Use this parameter to specify a unique, fully qualified domain name of a DNS zone to which this data LIF is added. You can associate a data LIF with a single DNS zone. All data LIFs included in a zone must be on the same Vserver. If a LIF is not added to a DNS zone the data LIF is created with the value none.
[-listen-for-dns-query {true|false}] - DNS Query Listen Enable
Use this parameter to specify if the LIF has to listen for DNS queries. The default value for this parameter is true.
[-allow-lb-migrate {true|false}] - (DEPRECATED)-Load Balancing Migrate Allowed (privilege: advanced)
Note: This parameter has been deprecated and may be removed in a future version of Data ONTAP.
Use this parameter to specify whether load balancing migration is activated for this data LIF. The default value of this parameter is false. If you set the value of this parameter to true, automatic revert capability for this data LIF is disabled (the -auto-revert parameter is set to false). Also, data LIFs that migrate as a result of load balancing adhere to network interface failover rules.
Note: During times when a LIF is hosting active NFSv4, CIFS, or NRV connections, load balancing based LIF migrations between nodes will be temporarily disabled.
[-lb-weight {load|0..100}] - Load Balanced Weight (privilege: advanced)
Use this parameter to specify a load balancing weight for a data LIF. A valid numeric load balancing weight is any integer between 0 and 100. When you specify the same load balancing weight for all data LIFs in a DNS zone, client requests are uniformly distributed, similar to round-robin DNS. A data LIF with a low load balancing weight is made available for client requests less frequently than one that has a high load balancing weight. "load" is the default value of this parameter. If set to "load", node utilization statistics are used to dynamically assign the load balancing weight.
[-failover-group <failover-group>] - Failover Group Name
Use this parameter to specify the name of the failover group to associate with the LIF. Manage failover groups by using the network interface failover-groups command. Each broadcast domain has a default failover group which is created by the system automatically and has the same name as the broadcast domain. The failover group associated with the broadcast domain includes all ports in the broadcast domain. A logical interface's failover group is set to the failover group of the home port's broadcast domain by default, but this value can be modified.
Note: Logical interfaces for SAN protocols do not support failover. Thus, this parameter cannot be specified for such interfaces.
[-comment <text>] - Comment
Use this parameter to specify the comment to associate with the LIF.
[-force-subnet-association [true]] - Force the LIF's Subnet Association
This command will fail if the IP address falls within the address range of a named subnet. Set this to true to acquire the address from the named subnet and assign the subnet to the LIF.
[-is-dns-update-enabled {true|false}] - Is Dynamic DNS Update Enabled?
If this parameter is set to true, then dynamic DNS update is sent to the DNS server for the particular LIF entry if dynamic DNS updates are enabled for the corresponding Vserver. This field is set to true by default for both IPv4 and IPv6 LIFs. DNS Update is not supported on LIFs not configured with either the NFS or CIFS protocol.

Examples

The following example creates an IPv4 LIF named datalif1 and an IPv6 LIF named datalif2 on a Vserver named vs0. Their home node is node0 and home port is e0c. The failover policy broadcast-domain-wide is assigned to both LIFs. The firewall policy is data and the LIFs are automatically reverted to their home node at startup and under other circumstances. The datalif1 has the IP address 192.0.2.130 and netmask 255.255.255.128, and datalif2 has the IP address 3ffe:1::aaaa and netmask length of 64.
cluster1::> network interface create -vserver vs0 -lif datalif1 -role data -home-node node0 -home-port e0c -address 192.0.2.130 -netmask 255.255.255.128 -failover-policy broadcast-domain-wide -firewall-policy data -auto-revert true
cluster1::> network interface create -vserver vs0 -lif datalif2 -role data -home-node node0 -home-port e0c -address 3ffe:1::aaaa -netmask-length 64 -failover-policy broadcast-domain-wide -firewall-policy data -auto-revert true