Skip to main content

Manage client access to storage VMs on ASA r2 storage systems

Contributors netapp-aherbin
PDFs

Storage units on an ASA r2 system are contained inside storage virtual machines (VMs). Storage VMs are used to serve data to your SAN clients. Use ONTAP System Manager to create a LIF (network interface) for your SAN clients to connect to a storage VM and access data in the storage units. You can optionally use subnets to simplify LIF creation and IPspaces to provide your storage VMs with their own secure storage, administration, and routing.

Create a storage VM

During cluster setup, your default data storage virtual machine (VM) is created. All new storage units are created inside your default data storage VM unless you create and select a different storage VM. You might want to can create an additional storage VM to segregate your storage units for different applications, departments or clients. For example, you might want to create a storage VM for your development environment and another storage VM for your production environment, or you might want to create a storage VM for your finance department and another storage VM for your marketing department.

Steps

  1. Select Cluster > Storage VMs.

  2. Select blue rectangle containing a plus sign followed by the word add in white letters.

  3. Enter a name for the storage VM or accept the default name.

  4. Under Configure protocols, select the protocols for the storage VM.

    Select IP for iSCSI and NVMe/TCP. Select FC for Fibre Channel or NVMe/FC.

  5. Under Storage VM administration, select Manage administrator account; then enter the username and password for the administrator account.

  6. Add a network interface for the storage VM.

  7. Select Save.

What's next?

You have created a storage VM. You can now use the storage VM to provision storage.

Create IPspaces

An IPspace is a distinct IP address space in which storage VMs reside. When you create IPspaces, you enable your storage VMs to have their own secure storage, administration, and routing. You also enable clients in administratively separate network domains to use overlapping IP addresses from the same IP address subnet range.

You must create an IPspace before you can create a subnet.

Steps

  1. Select Network > Overview.

  2. Under IPspaces, select blue rectangle containing a plus sign followed by the word add in white letters.

  3. Enter a name for the IPspace or accept the default name.

    An IPspace name cannot be “all” because “all” is a system-reserved name.

  4. Select Save.

What's next?

Now that you have created an IPspace, you can use it to create a subnet.

Create subnets

A subnet allows you to allocate specific blocks of IPv4 or IPv6 addresses to use when you create a LIF (network interface) . A subnet simplifies LIF creation by allowing you to specify the subnet name instead of a specific IP address and network mask for each LIF.

Before you begin

  • You must be a cluster administrator to perform this task.

  • The broadcast domain and IPspace where you plan to add the subnet must already exist.

Steps

  1. Select Network > Overview.

  2. Select Subnets; then select blue rectangle containing a plus sign followed by the word add in white letters.

  3. Enter the subnet name.

    All subnet names must be unique within an IPspace.

  4. Enter the subnet IP address and subnet mask.

  5. Specify the IP address range for the subnet.

    When you specify the IP address range for the subnet, do not overlap IP addresses with other subnets. Network issues can occur when subnet IP addresses overlap and different subnets or hosts attempt to use the same IP address.

  6. Select the broadcast domain for the subnet.

  7. Select Add.

What's next?

You have created a subnet which you can now use to simplify the creation of your LIFs.

Create a LIF (network interface)

A LIF (network interface) is an IP address associated with a physical or logical port. Create LIFs on the ports you want to use to access data. Storage VMs serve data to clients through one or more LIFs. If there is a component failure, a LIF can fail over or be migrated to a different physical port, so that network communication is not interrupted.

On an ASA r2 system, you can create IP, FC, and NVMe/FC LIFs. An IP data LIF can service both iSCSI and NVMe/TCP traffic by default. Separate data LIFs must be created for FC and NVMe/FC traffic.

If you want to enable automatic iSCSI LIF failover, you must create an IP LIF for iSCSI only traffic. When automatic iSCSI LIF failover is enabled, if a storage failover occurs, the IP iSCSI LIF is automatically migrated from its home node or port to its HA partner node or port and then back once the failover is complete. Or, if the port for an IP iSCSI LIF becomes unhealthy, the LIF is automatically migrated to a healthy port in its current home node and then back to its original port once the port is healthy again.

Before you begin

  • You must be a cluster administrator to perform this task.

  • The underlying physical or logical network port must have been configured to the administrative up status.

  • If you are planning to use a subnet name to allocate the IP address and network mask value for a LIF, the subnet must already exist.

  • A LIF handling intracluster traffic between nodes should not be on the same subnet as a LIF handling management traffic or a LIF handling data traffic.

Steps

  1. Select Network > Overview.

  2. Select Network interfaces; then select blue rectangle with a plus sign followed by the word add in white letters.

  3. Select the interface type and protocol; then select the storage VM.

  4. Enter a name for the LIF or accept the default name.

  5. Select the home node for the network interface; then enter the IP address and subnet mask.

  6. Select Save.

Result

You have created a LIF for data access.

What's next?

You can use the ONTAP command line interface (CLI) to create an iSCSI-only LIF with automatic failover.

Create a custom iSCSI-only LIF service policy

If you would like to create iSCSI-only LIFs with automatic LIF failover, you must first create a custom iSCSI-only LIF service policy.

You must use the ONTAP command line interface (CLI) to create the custom service policy.

Step

  1. Set the privilege level to advanced:

    set -privilege advanced

  2. Create a custom iSCSI-only LIF service policy:

    network interface service-policy create -vserver <SVM_name> -policy <service_policy_name> -services data-core,data-iscsi

  3. Verify that the service policy was created:

    network interface service-policy show -policy <service_policy_name>

  4. Return the privilege level to admin:

    set -privilege admin

Create iSCSI-only LIFs with automatic LIF failover

If there are iSCSI LIFs on the SVM that are not enabled for automatic LIF failover, your newly created LIFs will not be enabled for automatic LIF failover either. If automatic LIF failover is not enabled and there is a failover event your iSCSI LIFs will not migrate.

Before you begin

You must have created a custom iSCSI-only LIF service policy.

Steps

  1. Create iSCSI-only LIFs with automatic LIF failover:

    network interface create -vserver <SVM_name> -lif <iscsi_lif_name> -service-policy <service_policy_name> -home-node <home_node> -home-port <port_name> -address <ip_address> -netmask <netmask> -failover-policy sfo-partner-only -status-admin up

    • It is recommended that you create two iSCSI LIFs on each node, one for fabric A and the other for fabric B. This provides redundancy and load balancing for your iSCSI traffic. In the following example, a total four iSCSI LIFs are created, two on each node, one for each fabric.

      network interface create -vserver svm1 -lif iscsi-lif-01a -service-policy custom-data-iscsi -home-node node1 -home-port e2b -address <node01-iscsi-a–ip> -netmask 255.255.255.0 -failover-policy sfo-partner-only -status-admin up

network interface create -vserver svm1 -lif iscsi-lif-01b -service-policy custom-data-iscsi -home-node node1 -home-port e4b -address <node01-iscsi-b–ip> -netmask 255.255.255.0 -failover-policy sfo-partner-only -status-admin up

network interface create -vserver svm1 -lif iscsi-lif-02a -service-policy custom-data-iscsi -home-node node2 -home-port e2b -address <node02-iscsi-a–ip> -netmask 255.255.255.0 -failover-policy sfo-partner-only -status-admin up

network interface create -vserver svm1 -lif iscsi-lif-02b -service-policy custom-data-iscsi -home-node node2 -home-port e4b -address <node02-iscsi-b–ip> -netmask 255.255.255.0 -failover-policy sfo-partner-only -status-admin up

    • If you are using VLANs, adjust the home-port parameter to include the VLAN port information for the respective iSCSI fabric, for example, -home-port e2b-<iSCSI-A-VLAN> for iSCSI fabric A and -home-port e4b-<iSCSI-B-VLAN>.

    • If you are using interface groups (ifgroups) with VLANs, adjust the home-port parameter to include the appropriate VLAN port, for example, -home-port a0a-<iSCSI-A-VLAN> for iSCSI fabric A and -home-port a0a-<iSCSI-B-VLAN> for iSCSI fabric B where a0a is the ifgroup and a0a-<iSCSI-A-VLAN> and a0a-<iSCSI-B-VLAN> are the respective VLAN ports for the iSCSI A fabric and the iSCSI B fabric.

  2. Verify that the iSCSI LIFs were created:

    network interface show -lif iscsi*

Modify a LIF (network interfaces)

LIFs can be disabled or renamed as needed. You can also change the LIF IP address and subnet mask.

Steps

  1. Select Network > Overview; then select Network interfaces.

  2. Hover over the network interface you want to edit; then select three vertical blue dots.

  3. Select Edit.

  4. You can disable the network interface, rename the network interface, change the IP address, or change the subnet mask.

  5. Select Save.

Result

Your LIF has been modified.