Create a LIF (network interface)
An SVM serves data to clients through one or more network logical interfaces (LIFs). You must create LIFs on the ports you want to use to access data. A LIF (network interface) is an IP address associated with a physical or logical port. If there is a component failure, a LIF can fail over to or be migrated to a different physical port, thereby continuing to communicate with the network.
Switch ports connected to ONTAP should be configured as spanning-tree edge ports to reduce delays during LIF migration.
-
You must be a cluster administrator to perform this task.
-
The underlying physical or logical network port must have been configured to the administrative up status.
-
If you are planning to use a subnet name to allocate the IP address and network mask value for a LIF, the subnet must already exist.
Subnets contain a pool of IP addresses that belong to the same layer 3 subnet. They are created using System Manager or the
network subnet create
command. -
The mechanism for specifying the type of traffic handled by a LIF has changed. For ONTAP 9.5 and earlier, LIFs used roles to specify the type of traffic it would handle. Beginning with ONTAP 9.6, LIFs use service policies to specify the type of traffic it would handle.
-
You cannot assign NAS and SAN protocols to the same LIF.
The supported protocols are SMB, NFS, FlexCache, iSCSI, and FC; iSCSI and FC cannot be combined with other protocols. However, NAS and Ethernet-based SAN protocols can be present on the same physical port.
-
You should not configure LIFs that carry SMB traffic to automatically revert to their home nodes. This recommendation is mandatory if the SMB server is to host a solution for nondisruptive operations with Hyper-V or SQL Server over SMB.
-
-
You can create both IPv4 and IPv6 LIFs on the same network port.
-
All the name mapping and host-name resolution services used by an SVM, such as DNS, NIS, LDAP, and Active Directory, must be reachable from at least one LIF handling data traffic of the SVM.
-
A LIF handling intracluster traffic between nodes should not be on the same subnet as a LIF handling management traffic or a LIF handling data traffic.
-
Creating a LIF that does not have a valid failover target results in a warning message.
-
If you have a large number of LIFs in your cluster, you can verify the LIF capacity supported on the cluster:
-
System Manager: Beginning with ONTAP 9.12.0, view the throughput on the Network Interface grid.
-
CLI: Use the
network interface capacity show
command and the LIF capacity supported on each node by using thenetwork interface capacity details show
command (at the advanced privilege level).
-
-
Beginning with ONTAP 9.7, if other LIFs already exist for the SVM in the same subnet, you do not need to specify the home port of the LIF. ONTAP automatically chooses a random port on the specified home node in the same broadcast domain as the other LIFs already configured in the same subnet.
Beginning with ONTAP 9.4, FC-NVMe is supported. If you are creating an FC-NVMe LIF you should be aware of the following:
-
The NVMe protocol must be supported by the FC adapter on which the LIF is created.
-
FC-NVMe can be the only data protocol on data LIFs.
-
-
One LIF handling management traffic must be configured for every storage virtual machine (SVM) supporting SAN.
-
NVMe LIFs and namespaces must be hosted on the same node.
-
Only one NVMe LIF handling data traffic can be configured per SVM.
-
When you create a network interface with a subnet, ONTAP automatically selects an available IP address from the selected subnet and assigns it to the network interface. You can change the subnet if there is more than one subnet, but you cannot change the IP address.
-
When you create (add) an SVM, for a network interface, you cannot specify an IP address that is in the range of an existing subnet. You will receive a subnet conflict error. This issue occurs in other workflows for a network interface, such as creating or modifying inter-cluster network interfaces in SVM settings or cluster settings.
-
Beginning with ONTAP 9.10.1, the
network interface
CLI commands include an-rdma-protocols
parameter for NFS over RDMA configurations. Creating network interfaces for NFS over RDMA configurations is supported in System Manager beginning in ONTAP 9.12.1. For more information, see Configure LIFS for NFS over RDMA. -
Beginning with ONTAP 9.11.1, automatic iSCSI LIF failover is available on All-Flash SAN Array (ASA) platforms.
iSCSI LIF failover is automatically enabled (the failover policy is set to
sfo-partner-only
and the auto-revert value is set totrue
) on newly created iSCSI LIFs if no iSCSI LIFs exist in the specified SVM or if all existing iSCSI LIFs in the specified SVM are already enabled with iSCSI LIF failover.If after you upgrade to ONTAP 9.11.1 or later, you have existing iSCSI LIFs in an SVM that have not been enabled with the iSCSI LIF failover feature and you create new iSCSI LIFs in the same SVM, the new iSCSI LIFs assume the same failover policy (
disabled
) of the existing iSCSI LIFs in the SVM.
Beginning with ONTAP 9.7, ONTAP automatically chooses the home port of a LIF, as long as at least one LIF already exists in the same subnet in that IPspace. ONTAP chooses a home-port in the same broadcast domain as other LIFs in that subnet. You can still specify a home port, but it is no longer required (unless no LIFs yet exist in that subnet in the specified IPspace).
Beginning with ONTAP 9.12.0, the procedure you follow depends on the interface that you use—System Manager or the CLI:
Use System Manager to add a network interface
-
Select Network > Overview > Network Interfaces.
-
Select .
-
Select one of the following interface roles:
-
Data
-
Intercluster
-
SVM Management
-
-
Select the protocol:
-
SMB/CIFS and NFS
-
iSCSI
-
FC
-
NVMe/FC
-
NVMe/TCP
-
-
Name the LIF or accept the name generated from your previous selections.
-
Accept the home node or use the drop-down to select one.
-
If at least one subnet is configured in the IPspace of the selected SVM, the subnet drop-down is displayed.
-
If you select a subnet, choose it from the drop-down.
-
If you proceed without a subnet, the broadcast domain drop-down is displayed:
-
Specify the IP address. If the IP address is in use, a warning message will display.
-
Specify a subnet mask.
-
-
-
Select the home port from the broadcast domain, either automatically (recommended) or by selecting one from the drop-down menu. The Home port control is displayed based on the broadcast domain or subnet selection.
-
Save the network interface.
Use the CLI to create a LIF
-
Determine which broadcast domain ports you want to use for the LIF.
network port broadcast-domain show -ipspace ipspace1
IPspace Broadcast Update Name Domain name MTU Port List Status Details ipspace1 default 1500 node1:e0d complete node1:e0e complete node2:e0d complete node2:e0e complete
-
Verify that the subnet you want to use for the LIFs contains sufficient unused IP addresses.
network subnet show -ipspace ipspace1
-
Create one or more LIFs on the ports you want to use to access data.
network interface create -vserver _SVM_name_ -lif _lif_name_ -service-policy _service_policy_name_ -home-node _node_name_ -home-port port_name {-address _IP_address_ - netmask _Netmask_value_ | -subnet-name _subnet_name_} -firewall- policy _policy_ -auto-revert {true|false}
-
-home-node
is the node to which the LIF returns when thenetwork interface revert
command is run on the LIF.You can also specify whether the LIF should automatically revert to the home-node and home-port with the -auto-revert option.
-
-home-port
is the physical or logical port to which the LIF returns when thenetwork interface revert
command is run on the LIF. -
You can specify an IP address with the
-address
and-netmask
options, or you enable allocation from a subnet with the-subnet_name
option. -
When using a subnet to supply the IP address and network mask, if the subnet was defined with a gateway, a default route to that gateway is added automatically to the SVM when a LIF is created using that subnet.
-
If you assign IP addresses manually (without using a subnet), you might need to configure a default route to a gateway if there are clients or domain controllers on a different IP subnet. The
network route create
man page contains information about creating a static route within an SVM. -
-auto-revert
enables you to specify whether a data LIF is automatically reverted to its home node under circumstances such as startup, changes to the status of the management database, or when the network connection is made. The default setting isfalse
, but you can set it totrue
depending on network management policies in your environment. -
-service-policy
Beginning with ONTAP 9.5, you can assign a service policy for the LIF with the-service-policy
option.
When a service policy is specified for a LIF, the policy is used to construct a default role, failover policy, and data protocol list for the LIF. In ONTAP 9.5, service policies are supported only for intercluster and BGP peer services. In ONTAP 9.6, you can create service policies for several data and management services. -
-data-protocol
enables you to create a LIF that supports the FCP or NVMe/FC protocols. This option is not required when creating an IP LIF.
-
-
Optional: Assign an IPv6 address in the -address option:
-
Use the network ndp prefix show command to view the list of RA prefixes learned on various interfaces.
The
network ndp prefix show
command is available at the advanced privilege level. -
Use the format
prefix::id
to construct the IPv6 address manually.prefix
is the prefix learned on various interfaces.For deriving the
id
, choose a random 64-bit hexadecimal number.
-
-
Verify that the LIF interface configuration is correct.
network interface show -vserver vs1
Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home --------- ---------- ---------- --------------- --------- ------- ---- vs1 lif1 up/up 10.0.0.128/24 node1 e0d true
-
Verify that the failover group configuration is as desired.
network interface show -failover -vserver vs1
Logical Home Failover Failover Vserver interface Node:Port Policy Group -------- ---------- --------- --------- -------- vs1 lif1 node1:e0d system-defined ipspace1 Failover Targets: node1:e0d, node1:e0e, node2:e0d, node2:e0e
-
Verify that the configured IP address is reachable:
To verify an… |
Use… |
---|---|
IPv4 address |
network ping |
IPv6 address |
network ping6 |
The following command creates a LIF and specifies the IP address and network mask values using the -address
and -netmask
parameters:
network interface create -vserver vs1.example.com -lif datalif1 -service-policy default-data-files -home-node node-4 -home-port e1c -address 192.0.2.145 -netmask 255.255.255.0 -auto-revert true
The following command creates a LIF and assigns IP address and network mask values from the specified subnet (named client1_sub):
network interface create -vserver vs3.example.com -lif datalif3 -service-policy default-data-files -home-node node-3 -home-port e1c -subnet-name client1_sub - auto-revert true
The following command creates an NVMe/FC LIF and specifies the nvme-fc
data protocol:
network interface create -vserver vs1.example.com -lif datalif1 -data-protocol nvme-fc -home-node node-4 -home-port 1c -address 192.0.2.145 -netmask 255.255.255.0 -auto-revert true