Skip to main content

Configure LIFs

Contributors netapp-barbe netapp-aherbin

You must identify the LIFs that will be used for establishing a data connection between the data and tape resources, and for control connection between the admin SVM and the backup application. After identifying the LIFs, you must verify the service and failover policies are set.

Note Beginning with ONTAP 9.10.1, firewall policies are deprecated and wholly replaced with LIF service policies. For more information, see Manage supported traffic.
ONTAP 9.10.1 or later
Steps
  1. Identify the intercluster LIF hosted on the nodes by using the network interface show command with the -service-policy parameter.

    network interface show -service-policy default-intercluster

  2. Identify the management LIF hosted on the nodes by using the network interface show command with the -service-policy parameter.

    network interface show -service-policy default-management

  3. Ensure that the intercluster LIF includes the backup-ndmp-control service:

    network interface service-policy show

  4. Ensure that the failover policy is set appropriately for all the LIFs:

    1. Verify that the failover policy for the cluster-management LIF is set to broadcast-domain-wide, and the policy for the intercluster and node-management LIFs is set to local-only by using the network interface show -failover command.

      The following command displays the failover policy for the cluster-management, intercluster, and node-management LIFs:

      cluster1::> network interface show -failover
      
                 Logical          Home            Failover    Failover
      Vserver    Interface        Node:Port       Policy      Group
      -------    --------------   --------------  ----------  --------
      cluster    cluster1_clus1   cluster1-1:e0a  local-only  cluster
                                                           Failover Targets:
                         	                                 .......
      cluster1   cluster_mgmt     cluster1-1:e0m  broadcast-  Default
                                                domain-wide
                                                           Failover Targets:
                                                           .......
                 IC1              cluster1-1:e0a  local-only  Default
                                                           Failover Targets:
                 IC2              cluster1-1:e0b  local-only  Default
                                                           Failover Targets:
                                                           .......
      cluster1-1 c1-1_mgmt1       cluster1-1:e0m  local-only  Default
                                                           Failover Targets:
                                                           ......
      cluster1-2 c1-2_mgmt1       cluster1-2:e0m  local-only  Default
                                                           Failover Targets:
                                                           ......
    2. If the failover policies are not set appropriately, modify the failover policy by using the network interface modify command with the -failover-policy parameter.

      cluster1::> network interface modify -vserver cluster1 -lif IC1 -failover-policy local-only
  5. Specify the LIFs that are required for data connection by using the vserver services ndmp modify command with the preferred-interface-role parameter.

    cluster1::> vserver services ndmp modify -vserver cluster1 -preferred-interface-role intercluster,cluster-mgmt,node-mgmt
  6. Verify that the preferred interface role is set for the cluster by using the vserver services ndmp show command.

    cluster1::> vserver services ndmp show -vserver cluster1
    
                    Vserver: cluster1
                    NDMP Version: 4
                    .......
                    .......
    Preferred Interface Role: intercluster, cluster-mgmt, node-mgmt
ONTAP 9.9 or earlier
Steps
  1. Identify the intercluster, cluster-management, and node-management LIFs by using the network interface show command with the -role parameter.

    The following command displays the intercluster LIFs:

    cluster1::> network interface show -role intercluster
    
                Logical      Status     Network            Current       Current Is
    Vserver     Interface    Admin/Oper Address/Mask       Node          Port    Home
    ----------- ----------   ---------- ------------------ ------------- ------- ----
    cluster1    IC1          up/up      192.0.2.65/24      cluster1-1    e0a     true
    cluster1    IC2          up/up      192.0.2.68/24      cluster1-2    e0b     true

    The following command displays the cluster-management LIF:

    cluster1::> network interface show -role cluster-mgmt
    
                Logical       Status     Network            Current     Current Is
    Vserver     Interface     Admin/Oper Address/Mask       Node        Port    Home
    ----------- ----------    ---------- ------------------ ----------- ------- ----
    cluster1    cluster_mgmt  up/up      192.0.2.60/24      cluster1-2  e0M     true

    The following command displays the node-management LIFs:

    cluster1::> network interface show -role node-mgmt
    
                Logical           Status     Network         Current       Current Is
    Vserver     Interface         Admin/Oper Address/Mask    Node          Port    Home
    ----------- ----------        ---------- --------------- ------------  ------  ------
    cluster1    cluster1-1_mgmt1  up/up      192.0.2.69/24   cluster1-1    e0M     true
                cluster1-2_mgmt1  up/up      192.0.2.70/24   cluster1-2    e0M     true
  2. Ensure that the firewall policy is enabled for NDMP on the intercluster, cluster-management (cluster-mgmt), and node-management (node-mgmt) LIFs:

    1. Verify that the firewall policy is enabled for NDMP by using the system services firewall policy show command.

      The following command displays the firewall policy for the cluster-management LIF:

      cluster1::> system services firewall policy show -policy cluster
      
      Vserver     Policy       Service    Allowed
      -------     ------------ ---------- -----------------
      cluster     cluster      dns        0.0.0.0/0
                               http       0.0.0.0/0
                               https      0.0.0.0/0
                               ndmp       0.0.0.0/0
                               ndmps      0.0.0.0/0
                               ntp        0.0.0.0/0
                               rsh        0.0.0.0/0
                               snmp       0.0.0.0/0
                               ssh        0.0.0.0/0
                               telnet     0.0.0.0/0
      10 entries were displayed.

      The following command displays the firewall policy for the intercluster LIF:

      cluster1::> system services firewall policy show -policy intercluster
      
      Vserver     Policy       Service    Allowed
      -------     ------------ ---------- -------------------
      cluster1    intercluster dns        -
                               http       -
                               https      -
                               ndmp       0.0.0.0/0, ::/0
                               ndmps      -
                               ntp        -
                               rsh        -
                               ssh        -
                               telnet     -
      9 entries were displayed.

      The following command displays the firewall policy for the node-management LIF:

      cluster1::> system services firewall policy show -policy mgmt
      
      Vserver     Policy       Service    Allowed
      -------     ------------ ---------- -------------------
      cluster1-1  mgmt         dns        0.0.0.0/0, ::/0
                               http       0.0.0.0/0, ::/0
                               https      0.0.0.0/0, ::/0
                               ndmp       0.0.0.0/0, ::/0
                               ndmps      0.0.0.0/0, ::/0
                               ntp        0.0.0.0/0, ::/0
                               rsh        -
                               snmp       0.0.0.0/0, ::/0
                               ssh        0.0.0.0/0, ::/0
                               telnet     -
      10 entries were displayed.
    2. If the firewall policy is not enabled, enable the firewall policy by using the system services firewall policy modify command with the -service parameter.

      The following command enables firewall policy for the intercluster LIF:

      cluster1::> system services firewall policy modify -vserver cluster1 -policy intercluster -service ndmp 0.0.0.0/0
  3. Ensure that the failover policy is set appropriately for all the LIFs:

    1. Verify that the failover policy for the cluster-management LIF is set to broadcast-domain-wide, and the policy for the intercluster and node-management LIFs is set to local-only by using the network interface show -failover command.

      The following command displays the failover policy for the cluster-management, intercluster, and node-management LIFs:

      cluster1::> network interface show -failover
      
                 Logical            Home              Failover              Failover
      Vserver    Interface          Node:Port         Policy                Group
      ---------- -----------------  ----------------- --------------------  --------
      cluster    cluster1_clus1     cluster1-1:e0a    local-only            cluster
                                                           Failover Targets:
                         	                                 .......
      
      cluster1   cluster_mgmt       cluster1-1:e0m    broadcast-domain-wide Default
                                                           Failover Targets:
                                                           .......
                 IC1                 cluster1-1:e0a    local-only           Default
                                                           Failover Targets:
                 IC2                 cluster1-1:e0b    local-only           Default
                                                           Failover Targets:
                                                           .......
      cluster1-1 cluster1-1_mgmt1   cluster1-1:e0m    local-only            Default
                                                           Failover Targets:
                                                           ......
      cluster1-2 cluster1-2_mgmt1   cluster1-2:e0m    local-only            Default
                                                           Failover Targets:
                                                           ......
    2. If the failover policies are not set appropriately, modify the failover policy by using the network interface modify command with the -failover-policy parameter.

      cluster1::> network interface modify -vserver cluster1 -lif IC1 -failover-policy local-only
  4. Specify the LIFs that are required for data connection by using the vserver services ndmp modify command with the preferred-interface-role parameter.

    cluster1::> vserver services ndmp modify -vserver cluster1 -preferred-interface-role intercluster,cluster-mgmt,node-mgmt
  5. Verify that the preferred interface role is set for the cluster by using the vserver services ndmp show command.

    cluster1::> vserver services ndmp show -vserver cluster1
    
                                 Vserver: cluster1
                            NDMP Version: 4
                            .......
                            .......
                Preferred Interface Role: intercluster, cluster-mgmt, node-mgmt