Secure IP connections on your AFX storage systems
Suggest changes
PDFs
IP Security (IPsec) is an Internet protocol standard that provides data encryption, integrity, and authentication for traffic flowing among network endpoints at the IP level. You can use IPsec to enhance the security of the front-end network between an AFX cluster and the clients.
Configuring IPsec on an AFX system
The IPsec configuration procedures for AFX storage systems are the same as AFF and FAS systems, with the exception of the supported network interface controller (NIC) cards used with the hardware offload feature. Refer to Prepare to configure IP security for the ONTAP network for more information.
Hardware offload feature
Several of the IPsec cryptographic operations, such as encryption and integrity checks, can be offloaded to a supported NIC card on your AFX system. This can significantly improve the performance and throughput of the network traffic protected by IPsec.
|
Beginning with ONTAP 9.18.1, the IPsec hardware offload feature is extended to support IPv6 traffic. |
The following NIC cards are supported for the IPsec hardware offload feature on AFX storage systems beginning with ONTAP 9.17.1:
-
X50130B (2p, 40G/100G Ethernet controller)
-
X50131B (2p, 40G/100G/200G/400G Ethernet controller)
Refer to the NetApp Hardware Universe for more information about the supported cards for the ONTAP release running on your AFX system.