LIFs and service policies in ONTAP 9.6 and later

Starting with ONTAP 9.6, you can assign service policies (instead of LIF roles) to LIFs that determine the kind of traffic that is supported for the LIFs. Service policies define a collection of network services supported by a LIF. ONTAP provides a set of built-in service policies that can be associated with a LIF.

ONTAP supports service policies starting with ONTAP 9.5; however, service policies can only be used to configure a limited number of services. Starting with ONTAP 9.6, LIF roles are deprecated and service policies are supported for all types of services.

Service policies for system SVMs in ONTAP 9.6

The admin SVM and any system SVM contain service policies that can be used for LIFs in that SVM, including management and intercluster LIFs. These policies are automatically created by the system when an IPspace is created. The following table lists the built-in policies for LIFs in system SVMs:
Policy Included services Equivalent role Description
default-intercluster intercluster-core intercluster Used by LIFs carrying intercluster traffic.
Note: Available from ONTAP 9.5 with the name net-intercluster service policy.
default-route-announce management-bgp - Used by LIFs carrying BGP peer connections
Note: Available from ONTAP 9.5 with the name net-route-announce service policy.
default-management management-core, management-ssh, management-https, management-autosupport node-mgmt, or cluster-mgmt Used by LIFs handling management requests

The following table lists the services that can be used on a system SVM along with any restrictions each service imposes on a LIF's failoverpolicy:

Service Failover limitations Description
intercluster-core home-node-only Core intercluster services
management-core - Core management services
management-ssh - Services for SSH management access
management-https - Services for HTTPS management access
management-autosupport - Services related to posting AutoSupport payloads
management-bgp home-port-only Services related to BGP peer interactions

Service policies for data SVMs in ONTAP 9.6

All data SVMs contain service policies that can be used by LIFs in that SVM. The following table lists the built-in policies for LIFs in data SVMs:
Policy Included services Equivalent data protocol Description
default-management management-ssh, management-https none Used by LIFs handling management requests
default-data-blocks data-iscsi iscsi Used by LIFs carrying block-oriented SAN data traffic
default-data-files data-nfs, data-cifs, data-flexcache nfs, cifs, fcache Used by LIFs carrying file-oriented NAS data traffic

The following table lists the services that can be used on a data SVM along with any restrictions each service imposes on a LIF's failoverpolicy:

Service Failover limitations SVM limitations Description
management-ssh - - Services for SSH management access
management-https - - Services for HTTPS management access
data-core - data-only Core data services (see Data-core service for more details.
data-nfs - data-only Protocols related to NFS data service
data-cifs - data-only Protocols related to CIFS data service
data-flexcache - data-only Protocols related to FlexCache data service
data-iscsi home-port-only data-only Protocols related to iSCSI data service

You should be aware of how the service policies are assigned to the LIFs in data SVMs:

Data-core service

The data-core service allows components that previously used LIFs with the data role to work as expected on clusters that have been upgraded to manage LIFs using service policies instead of LIF roles (which are deprecated in ONTAP 9.6).

Specifying data-core as a service does not open any ports in the firewall, but the service should be included in any service policy in a data SVM. For example, the default-data-files service policy contains the following services by default:

The data-core service should be included in the policy to ensure all applications using the LIF work as expected, but the other three services can be removed, if desired.