Configure LIFs

Contributors

You must identify the LIFs that will be used for establishing a data connection between the data and tape resources, and for control connection between the admin SVM and the backup application. After identifying the LIFs, you must verify that firewall and failover policies are set for the LIFs, and specify the preferred interface role.

Steps
  1. Identify the intercluster, cluster-management, and node-management LIFs by using the network interface show command with the -role parameter.

    The following command displays the intercluster LIFs:

    cluster1::> network interface show -role intercluster
    
                Logical           Status     Network            Current       Current Is
    Vserver     Interface         Admin/Oper Address/Mask       Node          Port    Home
    ----------- ----------        ---------- ------------------ ------------- ------- ----
    cluster1    IC1               up/up      192.0.2.65/24      cluster1-1    e0a     true
    cluster1    IC2               up/up      192.0.2.68/24      cluster1-2    e0b     true

    The following command displays the cluster-management LIF:

    cluster1::> network interface show -role cluster-mgmt
    
                Logical           Status     Network            Current       Current Is
    Vserver     Interface         Admin/Oper Address/Mask       Node          Port    Home
    ----------- ----------        ---------- ------------------ ------------- ------- ----
    cluster1    cluster_mgmt      up/up      192.0.2.60/24      cluster1-2    e0M     true

    The following command displays the node-management LIFs:

    cluster1::> network interface show -role node-mgmt
    
                Logical           Status     Network            Current       Current Is
    Vserver     Interface         Admin/Oper Address/Mask       Node          Port    Home
    ----------- ----------        ---------- ------------------ ------------  ------  ------
    cluster1    cluster1-1_mgmt1  up/up      192.0.2.69/24      cluster1-1    e0M     true
                cluster1-2_mgmt1  up/up      192.0.2.70/24      cluster1-2    e0M     true
  2. Ensure that the firewall policy is enabled for NDMP on the intercluster, cluster-management (cluster-mgmt), and node-management (node-mgmt) LIFs:

    1. Verify that the firewall policy is enabled for NDMP by using the system services firewall policy show command.

      The following command displays the firewall policy for the cluster-management LIF:

      cluster1::> system services firewall policy show -policy cluster
      
      Vserver     Policy       Service    Allowed
      -------     ------------ ---------- -----------------
      cluster     cluster      dns        0.0.0.0/0
                               http       0.0.0.0/0
                               https      0.0.0.0/0
                              ** ndmp       0.0.0.0/0**
                               ndmps      0.0.0.0/0
                               ntp        0.0.0.0/0
                               rsh        0.0.0.0/0
                               snmp       0.0.0.0/0
                               ssh        0.0.0.0/0
                               telnet     0.0.0.0/0
      10 entries were displayed.

      The following command displays the firewall policy for the intercluster LIF:

      cluster1::> system services firewall policy show -policy intercluster
      
      Vserver     Policy       Service    Allowed
      -------     ------------ ---------- -------------------
      cluster1    intercluster dns        -
                               http       -
                               https      -
                               **ndmp       0.0.0.0/0, ::/0**
                               ndmps      -
                               ntp        -
                               rsh        -
                               ssh        -
                               telnet     -
      9 entries were displayed.

      The following command displays the firewall policy for the node-management LIF:

      cluster1::> system services firewall policy show -policy mgmt
      
      Vserver     Policy       Service    Allowed
      -------     ------------ ---------- -------------------
      cluster1-1  mgmt         dns        0.0.0.0/0, ::/0
                               http       0.0.0.0/0, ::/0
                               https      0.0.0.0/0, ::/0
                               **ndmp       0.0.0.0/0, ::/0**
                               ndmps      0.0.0.0/0, ::/0
                               ntp        0.0.0.0/0, ::/0
                               rsh        -
                               snmp       0.0.0.0/0, ::/0
                               ssh        0.0.0.0/0, ::/0
                               telnet     -
      10 entries were displayed.
    2. If the firewall policy is not enabled, enable the firewall policy by using the system services firewall policy modify command with the -service parameter.

      The following command enables firewall policy for the intercluster LIF:

      cluster1::> system services firewall policy modify -vserver cluster1 -policy intercluster -service ndmp 0.0.0.0/0
  3. Ensure that the failover policy is set appropriately for all the LIFs:

    1. Verify that the failover policy for the cluster-management LIF is set to broadcast-domain-wide, and the policy for the intercluster and node-management LIFs is set to local-only by using the network interface show -failover command.

      The following command displays the failover policy for the cluster-management, intercluster, and node-management LIFs:

      cluster1::> network interface show -failover
      
                 Logical            Home              Failover              Failover
      Vserver    Interface          Node:Port         Policy                Group
      ---------- -----------------  ----------------- --------------------  --------
      cluster    cluster1_clus1     cluster1-1:e0a    local-only            cluster
                                                           Failover Targets:
                         	                                 .......
      
      **cluster1   cluster_mgmt       cluster1-1:e0m    broadcast-domain-wide Default**
                                                           Failover Targets:
                                                           .......
                 **IC1                 cluster1-1:e0a    local-only           Default**
                                                           Failover Targets:
                 **IC2                 cluster1-1:e0b    local-only           Default**
                                                           Failover Targets:
                                                           .......
      **cluster1-1 cluster1-1_mgmt1   cluster1-1:e0m    local-only            Default**
                                                           Failover Targets:
                                                           ......
      **cluster1-2 cluster1-2_mgmt1   cluster1-2:e0m    local-only            Default**
                                                           Failover Targets:
                                                           ......
    2. If the failover policies are not set appropriately, modify the failover policy by using the network interface modify command with the -failover-policy parameter.

      cluster1::> network interface modify -vserver cluster1 -lif IC1 -failover-policy local-only
  4. Specify the LIFs that are required for data connection by using the vserver services ndmp modify command with the preferred-interface-role parameter.

    cluster1::> vserver services ndmp modify -vserver cluster1 -preferred-interface-role intercluster,cluster-mgmt,node-mgmt
  5. Verify that the preferred interface role is set for the cluster by using the vserver services ndmp show command.

    cluster1::> vserver services ndmp show -vserver cluster1
    
                                 Vserver: cluster1
                            NDMP Version: 4
                            .......
                            .......
                Preferred Interface Role: intercluster, cluster-mgmt, node-mgmt