Configure LIFs
Suggest changes
PDFs
You must identify the LIFs that will be used for establishing a data connection between the data and tape resources, and for control connection between the admin SVM and the backup application. After identifying the LIFs, you must verify the service and failover policies are set.
|
Beginning with ONTAP 9.10.1, firewall policies are deprecated and wholly replaced with LIF service policies. For more information, see Manage supported traffic. |
-
Identify the intercluster LIF hosted on the nodes by using the
network interface showcommand with the-service-policyparameter.network interface show -service-policy default-intercluster -
Identify the management LIF hosted on the nodes by using the
network interface showcommand with the-service-policyparameter.network interface show -service-policy default-management -
Ensure that the intercluster LIF includes the
backup-ndmp-controlservice:network interface service-policy show -
Ensure that the failover policy is set appropriately for all the LIFs:
-
Verify that the failover policy for the cluster-management LIF is set to
broadcast-domain-wide, and the policy for the intercluster and node-management LIFs is set tolocal-onlyby using thenetwork interface show -failovercommand.The following command displays the failover policy for the cluster-management, intercluster, and node-management LIFs:
cluster1::> network interface show -failover Logical Home Failover Failover Vserver Interface Node:Port Policy Group ------- -------------- -------------- ---------- -------- cluster cluster1_clus1 cluster1-1:e0a local-only cluster Failover Targets: ....... cluster1 cluster_mgmt cluster1-1:e0m broadcast- Default domain-wide Failover Targets: ....... IC1 cluster1-1:e0a local-only Default Failover Targets: IC2 cluster1-1:e0b local-only Default Failover Targets: ....... cluster1-1 c1-1_mgmt1 cluster1-1:e0m local-only Default Failover Targets: ...... cluster1-2 c1-2_mgmt1 cluster1-2:e0m local-only Default Failover Targets: ...... -
If the failover policies are not set appropriately, modify the failover policy by using the
network interface modifycommand with the-failover-policyparameter.cluster1::> network interface modify -vserver cluster1 -lif IC1 -failover-policy local-only
-
-
Specify the LIFs that are required for data connection by using the
vserver services ndmp modifycommand with thepreferred-interface-roleparameter.cluster1::> vserver services ndmp modify -vserver cluster1 -preferred-interface-role intercluster,cluster-mgmt,node-mgmt
-
Verify that the preferred interface role is set for the cluster by using the
vserver services ndmp showcommand.cluster1::> vserver services ndmp show -vserver cluster1 Vserver: cluster1 NDMP Version: 4 ....... ....... Preferred Interface Role: intercluster, cluster-mgmt, node-mgmt
-
Identify the intercluster, cluster-management, and node-management LIFs by using the
network interface showcommand with the-roleparameter.The following command displays the intercluster LIFs:
cluster1::> network interface show -role intercluster Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home ----------- ---------- ---------- ------------------ ------------- ------- ---- cluster1 IC1 up/up 192.0.2.65/24 cluster1-1 e0a true cluster1 IC2 up/up 192.0.2.68/24 cluster1-2 e0b trueThe following command displays the cluster-management LIF:
cluster1::> network interface show -role cluster-mgmt Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home ----------- ---------- ---------- ------------------ ----------- ------- ---- cluster1 cluster_mgmt up/up 192.0.2.60/24 cluster1-2 e0M trueThe following command displays the node-management LIFs:
cluster1::> network interface show -role node-mgmt Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home ----------- ---------- ---------- --------------- ------------ ------ ------ cluster1 cluster1-1_mgmt1 up/up 192.0.2.69/24 cluster1-1 e0M true cluster1-2_mgmt1 up/up 192.0.2.70/24 cluster1-2 e0M true -
Ensure that the firewall policy is enabled for NDMP on the intercluster, cluster-management (
cluster-mgmt), and node-management (node-mgmt) LIFs:-
Verify that the firewall policy is enabled for NDMP by using the
system services firewall policy showcommand.The following command displays the firewall policy for the cluster-management LIF:
cluster1::> system services firewall policy show -policy cluster Vserver Policy Service Allowed ------- ------------ ---------- ----------------- cluster cluster dns 0.0.0.0/0 http 0.0.0.0/0 https 0.0.0.0/0 ndmp 0.0.0.0/0 ndmps 0.0.0.0/0 ntp 0.0.0.0/0 rsh 0.0.0.0/0 snmp 0.0.0.0/0 ssh 0.0.0.0/0 telnet 0.0.0.0/0 10 entries were displayed.The following command displays the firewall policy for the intercluster LIF:
cluster1::> system services firewall policy show -policy intercluster Vserver Policy Service Allowed ------- ------------ ---------- ------------------- cluster1 intercluster dns - http - https - ndmp 0.0.0.0/0, ::/0 ndmps - ntp - rsh - ssh - telnet - 9 entries were displayed.The following command displays the firewall policy for the node-management LIF:
cluster1::> system services firewall policy show -policy mgmt Vserver Policy Service Allowed ------- ------------ ---------- ------------------- cluster1-1 mgmt dns 0.0.0.0/0, ::/0 http 0.0.0.0/0, ::/0 https 0.0.0.0/0, ::/0 ndmp 0.0.0.0/0, ::/0 ndmps 0.0.0.0/0, ::/0 ntp 0.0.0.0/0, ::/0 rsh - snmp 0.0.0.0/0, ::/0 ssh 0.0.0.0/0, ::/0 telnet - 10 entries were displayed. -
If the firewall policy is not enabled, enable the firewall policy by using the
system services firewall policy modifycommand with the-serviceparameter.The following command enables firewall policy for the intercluster LIF:
cluster1::> system services firewall policy modify -vserver cluster1 -policy intercluster -service ndmp 0.0.0.0/0
-
-
Ensure that the failover policy is set appropriately for all the LIFs:
-
Verify that the failover policy for the cluster-management LIF is set to
broadcast-domain-wide, and the policy for the intercluster and node-management LIFs is set tolocal-onlyby using thenetwork interface show -failovercommand.The following command displays the failover policy for the cluster-management, intercluster, and node-management LIFs:
cluster1::> network interface show -failover Logical Home Failover Failover Vserver Interface Node:Port Policy Group ---------- ----------------- ----------------- -------------------- -------- cluster cluster1_clus1 cluster1-1:e0a local-only cluster Failover Targets: ....... cluster1 cluster_mgmt cluster1-1:e0m broadcast-domain-wide Default Failover Targets: ....... IC1 cluster1-1:e0a local-only Default Failover Targets: IC2 cluster1-1:e0b local-only Default Failover Targets: ....... cluster1-1 cluster1-1_mgmt1 cluster1-1:e0m local-only Default Failover Targets: ...... cluster1-2 cluster1-2_mgmt1 cluster1-2:e0m local-only Default Failover Targets: ...... -
If the failover policies are not set appropriately, modify the failover policy by using the
network interface modifycommand with the-failover-policyparameter.cluster1::> network interface modify -vserver cluster1 -lif IC1 -failover-policy local-only
-
-
Specify the LIFs that are required for data connection by using the
vserver services ndmp modifycommand with thepreferred-interface-roleparameter.cluster1::> vserver services ndmp modify -vserver cluster1 -preferred-interface-role intercluster,cluster-mgmt,node-mgmt
-
Verify that the preferred interface role is set for the cluster by using the
vserver services ndmp showcommand.cluster1::> vserver services ndmp show -vserver cluster1 Vserver: cluster1 NDMP Version: 4 ....... ....... Preferred Interface Role: intercluster, cluster-mgmt, node-mgmt