Skip to main content

vserver export-policy access-cache flush

Contributors
Suggest changes

Flush an entry from the access cache

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver export-policy access-cache flush command can be used to remove all entries in the access cache that belong to the specified export policy. The command can also be used to remove the access cache entry for a specific IP address belonging to an export policy. You must provide the name of the node that hosts the access cache and the name of the Vserver that owns the export policy. This command differs from the vserver export-policy cache flush command. The vserver export-policy cache flush command allows you to flush all access cache entries across all export policies in a Vserver. In contrast the vserver export-policy access-cache flush command gives you the granularity to flush a specific access cache entry or the granularity to flush all access cache entries for a specific export policy.

This command is useful to clear out a negative access cache entry. A negative cache entry is one where a client IP address experiences an access denied error due to stale export policy rule information present in the cache entry. Data ONTAP maintains several caches in the kernel and userspace to speed access to exports. A negative cache entry can get created in the access cache if a client tries to access an export path before the export rules or the name server settings or the caches in management gateway have been updated to grant access to that client. The negative cache entry will remain in the access cache until the TTL for the entry expires and the entry is refreshed. You can use the `export-policy access-cache config show ` command to find out the refresh intervals and timeouts for the access cache. If you know that the caches in userspace have the latest information for the client and don't want to wait until the TTL for the access cache entry expires then you can use this command to remove the access cache entry in the kernel and force the cache entry to get re-populated with the latest information that will allow the client to access the export path.

You can use the vserver export-policy access-cache entry show and vserver export-policy access-cache entry show-rules commands to examine the contents of an entry in the access cache before removing it using the flush command.

Parameters

-vserver <vserver name> - Vserver

This parameter specifies the name of the Vserver on which you want to flush the access cache entry.

-node <nodename> - Node

This parameter specifies the node on which you want to flush the access cache entry.

-policy <text> - Export Policy Name

This parameter specifies the name of the export policy that is effective for the exported path that the client is trying to access.

[-address <IP Address>] - IP Address

This parameter is optional. It specifies the IP address of the client whose access cache entry you want to remove. If this parameter is not specified all access cache entries belonging to the specified export policy will be removed.

Examples

The following example flushes the access cache entry for client IP address '1.2.3.4' in volume 'flex1' having export policy 'testpol' in a Vserver named 'vs1' on node 'vsim1':

cluster1::*> vserver export-policy access-cache flush -vserver vs1 -node vsim1 -policy testpol -address 1.2.3.4
Successfully removed access cache entry for IP address "1.2.3.4" belonging to export policy "testpol" in Vserver "vs1" on node "vsim1".

cluster1::*> vserver export-policy access-cache flush -vserver vs1 -node vsim1 -policy testpol

Warning: This command removes all access cache entries for export policy "testpol" in Vserver "vs1" on node "vsim1". Do you want to continue? {y|n}: y

Successfully removed 1 access cache entry for export policy "testpol" in Vserver "vs1" on node "vsim1".