network interface create
Create a logical interface
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The network interface create
command creates a logical interface (LIF).
A logical interface is an IP address associated with a physical network port. For logical interfaces using NAS data protocols, the interface can fail over or be migrated to a different physical port in the event of component failures, thereby continuing to provide network access despite the component failure. Logical interfaces using SAN data protocols do not support migration or failover. |
On some cloud platforms, this operation might perform changes to the external route tables. |
Parameters
-vserver <vserver>
- Vserver Name-
Use this parameter to specify the Vserver on which the LIF is created.
-lif <lif-name>
- Logical Interface Name-
Use this parameter to specify the name of the LIF that is created. For iSCSI and FC LIFs, the name cannot be more than 254 characters.
[-service-policy <text>]
- Service Policy-
Use this parameter to specify a service policy for the LIF. If no policy is specified, a default policy will be assigned automatically. Use the network interface service-policy show command to review available service policies.
[-role {undef|cluster|data|node-mgmt|intercluster|cluster-mgmt}]
- (DEPRECATED)-Role-
This parameter has been deprecated and may be removed in a future version of ONTAP. Use the -service-policy
parameter instead.Use this parameter to specify the role of the LIF. LIFs can have one of five roles:
-
Cluster LIFs, which provide communication among the nodes in a cluster
-
Intercluster LIFs, which provide communication among peered clusters
-
Data LIFs, which provide data access to NAS and SAN clients
-
Node-management LIFs, which provide access to cluster management functionality
-
Cluster-management LIFs, which provide access to cluster management functionality
LIFs with the cluster-management role behave as LIFs with the node-management role except that cluster-management LIFs can failover between nodes.
-
[-data-protocol {nfs|cifs|iscsi|fcp|fcache|none|fc-nvme|s3|nvme-roce|nvme-tcp}]
- Data Protocol-
Use this parameter to specify the list of data protocols that can be served by the LIF. The supported protocols are NFS, CIFS, iSCSI, FCP, and FC-NVMe. NFS and CIFS are available by default when you create a LIF. If you specify "none", the LIF does not support any data protocols. Also, none, iscsi, fcp or fc-nvme cannot be combined with any other protocols.
The data-protocol field must be specified when the LIF is created and cannot be modified later. The NFS protocol relies on firewall services included in the built-in "data" and "mgmt-nfs" firewall policies. Assigning a different firewall policy might disrupt some NFS client implementations. -address <IP Address>
- Network Address-
Use this parameter to specify the LIF's IP address.
A cluster LIF cannot be on the same subnet as a management or data LIF. - {
-netmask <IP Address>
- Netmask -
Use this parameter to specify the LIF's netmask.
- |
-netmask-length <integer>
- Bits in the Netmask -
Use this parameter to specify the length (in bits) of the LIF's netmask.
- |
-is-vip <true>
- Is VIP LIF -
Use this parameter to display only logical interfaces matching a specify "is-vip" flag. Specifying "true" matches only LIFs to implement a Virtual IP; "false" matches only LIFs that do not.
- {
[-auto <true>]
- Allocate Link Local IPv4 Address -
Use this parameter to specify whether IPv4 link local addressing is enabled for this LIF.
- |
[-subnet-name <subnet name>]
- Subnet Name } -
Use this parameter to allocate the interface address from a subnet. If needed, a default route will be created for this subnet.
[-home-node <nodename>]
- Home Node-
Use this parameter to specify the LIF's home node. The home node is the node to which the LIF returns when the network interface revert command is run on the LIF.
[-home-port {<netport>|<ifgrp>}]
- Home Port-
Use this parameter to specify the LIF's home port or interface group. The home port is the port or interface group to which the LIF returns when the network interface revert command is run on the LIF.
[-status-admin {up|down}]
- Administrative Status-
Use this parameter to specify whether the initial administrative status of the LIF is up or down. The default setting is
up
. The administrative status can differ from the operational status For example, if you specify the status as up but a network problem prevents the interface from functioning, the operational status remains as down. [-failover-policy {system-defined|local-only|sfo-partner-only|disabled|broadcast-domain-wide}]
- Failover Policy-
Use this parameter to specify the failover policy for the LIF.
-
system-defined - The system determines appropriate failover targets for the LIF. The default behavior is that failover targets are chosen from the LIF's current hosting node and also from one other non-parter node when possible.
-
local-only - The LIF fails over to a port on the local or home node of the LIF.
-
sfo-partner-only - The LIF fails over to a port on the home node or SFO partner only.
-
broadcast-domain-wide - The LIF fails over to a port in the same broadcast domain as the home port.
-
disabled - Failover is disabled for the LIF.
The failover policy for cluster logical interfaces is local-only and cannot be changed. The default failover policy for data logical interfaces is system-defined. This value can be changed.
Logical interfaces for SAN protocols do not support failover. Thus, such interfaces will always show this parameter as disabled
. -
[-firewall-policy <policy>]
- (DEPRECATED)-Firewall Policy-
This parameter has been deprecated and may be removed in a future version of ONTAP. Use the -service-policy
parameter instead.Use this parameter to specify the firewall policy for the LIF. A LIF can use a default firewall policy that corresponds to its role (management, cluster, intercluster, or data) or a custom firewall policy created by an administrator. View and modify existing firewall policies using the system services firewall policy show and system services firewall policy modify commands, respectively.
The NFS data protocol relies on firewall services included in the built-in "data" and "mgmt-nfs" firewall policies. Assigning a different firewall policy might disrupt some NFS client implementations. [-auto-revert {true|false}]
- Auto Revert-
Use this parameter to specify whether a data LIF is automatically reverted to its home node under certain circumstances. These circumstances include startup, when the status of the management database changes to either master or secondary, or when the network connection is made. The default setting is
false
. If you set the value of this parameter totrue
, load balancing migration capability of the data LIF is disabled (the-allow-lb-migrate
parameter is set tofalse
).Logical interfaces for SAN traffic do not support auto-revet. Thus, this parameter is always false
on such interfaces. [-dns-zone {<zone-name>|none}]
- Fully Qualified DNS Zone Name-
Use this parameter to specify a unique, fully qualified domain name of a DNS zone to which this data LIF is added. You can associate a data LIF with a single DNS zone. All data LIFs included in a zone must be on the same Vserver. If a LIF is not added to a DNS zone the data LIF is created with the value
none
. [-listen-for-dns-query {true|false}]
- DNS Query Listen Enable-
Use this parameter to specify if the LIF has to listen for DNS queries. The default value for this parameter is true.
[-allow-lb-migrate {true|false}]
- (DEPRECATED)-Load Balancing Migrate Allowed (privilege: advanced)-
This parameter has been deprecated and may be removed in a future version of Data ONTAP. Use this parameter to specify whether load balancing migration is activated for this data LIF. The default value of this parameter is
false
. If you set the value of this parameter totrue
, automatic revert capability for this data LIF is disabled (the-auto-revert
parameter is set tofalse
). Also, data LIFs that migrate as a result of load balancing adhere to network interface failover rules.During times when a LIF is hosting active NFSv4, CIFS, or NRV connections, load balancing based LIF migrations between nodes will be temporarily disabled. [-lb-weight {load|0..100}]
- Load Balanced Weight (privilege: advanced)-
Use this parameter to specify a load balancing weight for a data LIF. A valid numeric load balancing weight is any integer between 0 and 100. When you specify the same load balancing weight for all data LIFs in a DNS zone, client requests are uniformly distributed, similar to round-robin DNS. A data LIF with a low load balancing weight is made available for client requests less frequently than one that has a high load balancing weight. "load" is the default value of this parameter. If set to "load", node utilization statistics are used to dynamically assign the load balancing weight.
[-failover-group <failover-group>]
- Failover Group Name-
Use this parameter to specify the name of the failover group to associate with the LIF. Manage failover groups by using the
network interface failover-groups
command. Each broadcast domain has a default failover group which is created by the system automatically and has the same name as the broadcast domain. The failover group associated with the broadcast domain includes all ports in the broadcast domain. A logical interface's failover group is set to the failover group of the home port's broadcast domain by default, but this value can be modified.Logical interfaces for SAN protocols do not support failover. Thus, this parameter cannot be specified for such interfaces. [-comment <text>]
- Comment-
Use this parameter to specify the comment to associate with the LIF.
[-force-subnet-association <true>]
- Force the LIF's Subnet Association-
This command will fail if the IP address falls within the address range of a named subnet. Set this to true to acquire the address from the named subnet and assign the subnet to the LIF.
[-is-dns-update-enabled {true|false}]
- Is Dynamic DNS Update Enabled?-
If this parameter is set to
true
, then dynamic DNS update is sent to the DNS server for the particular LIF entry if dynamic DNS updates are enabled for the corresponding Vserver. This field is set totrue
by default for both IPv4 and IPv6 LIFs. DNS Update is not supported on LIFs not configured with either the NFS or CIFS protocol. [-probe-port <integer>]
- Probe-port for Cloud Load Balancer-
Use this parameter to specify a probe-port for the LIF in the Azure environment. It is a required field in the Azure environment. If no probe-port is specified, an error would be returned.
[-broadcast-domain <text>]
- Broadcast Domain-
Use this parameter to display the broadcast domain that contains the home port of the logical interface.
[-rdma-protocols <roce>,…]
- Required RDMA offload protocols-
Defines RDMA offload protocols required by the LIF. A non-empty list will ensure that this LIF can only be moved to network ports that support the specified RDMA offload protocols.
Examples
The following example creates an IPv4 LIF named datalif1 and an IPv6 LIF named datalif2 on a Vserver named vs0. Their home node is node0 and home port is e0c. The failover policy broadcast-domain-wide
is assigned to both LIFs. The service policy is default-data-files
and the LIFs are automatically reverted to their home node at startup and under other circumstances. The datalif1 has the IP address 192.0.2.130 and netmask 255.255.255.128, and datalif2 has the IP address 3ffe:1::aaaa and netmask length of 64.
cluster1::> network interface create -vserver vs0 -lif datalif1 -home-node node0 -home-port e0c -address 192.0.2.130 -netmask 255.255.255.128 -failover-policy broadcast-domain-wide -service-policy default-data--files -auto-revert true cluster1::> network interface create -vserver vs0 -lif datalif2 -home-node node0 -home-port e0c -address 3ffe:1::aaaa -netmask-length 64 -failover-policy broadcast-domain-wide -service-policy default-data-files -auto-revert true