Configure virtual IP (VIP) LIFs
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- SAN storage management
- Security and data encryption
-
Data protection and disaster recovery
- Data protection with the CLI
Collection of separate PDF docs
Creating your file...
Some next-generation data centers use Network-Layer-3 mechanisms that require LIFs to be failed over across subnets. Beginning with ONTAP 9.5, VIP data LIFs and the associated routing protocol, border gateway protocol (BGP), are supported, which enable ONTAP to participate in these next-generation networks.
A VIP data LIF is a LIF that is not part of any subnet and is reachable from all ports that host a BGP LIF in the same IPspace. A VIP data LIF eliminates the dependency of a host on individual network interfaces. Because multiple physical adapters carry the data traffic, the entire load is not concentrated on a single adapter and the associated subnet. The existence of a VIP data LIF is advertised to peer routers through the routing protocol, Border Gateway Protocol (BGP).
VIP data LIFs provide the following advantages:
-
LIF portability beyond a broadcast domain or subnet: VIP data LIFs can fail over to any subnet in the network by announcing the current location of each VIP data LIF to routers through BGP.
-
Aggregate throughput: VIP data LIFs can support aggregate throughput that exceeds the bandwidth of any individual port because the VIP LIFs can send or receive data from multiple subnets or ports simultaneously.
Set up border gateway protocol (BGP)
Before creating VIP LIFs, you must set up BGP, which is the routing protocol used for announcing the existence of a VIP LIF to peer routers.
Beginning with ONTAP 9.9.1, VIP BGP provides default route automation using BGP peer grouping to simplify configuration.
ONTAP has a simple way to learn default routes using the BGP peers as next-hop routers when the BGP peer is on the same subnet. To use the feature, set the -use-peer-as-next-hop
attribute to true
. By default, this attribute is false
.
If you have static routes configured, those are still preferred over these automated default routes.
The peer router must be configured to accept a BGP connection from the BGP LIF for the configured autonomous system number (ASN).
ONTAP does not process any incoming route announcements from the router; therefore, you should configure the peer router to not send any route updates to the cluster. |
Setting up BGP involves optionally creating a BGP configuration, creating a BGP LIF, and creating a BGP peer group. ONTAP automatically creates a default BGP configuration with default values when the first BGP peer group is created on a given node. A BGP LIF is used to establish BGP TCP sessions with peer routers. For a peer router, a BGP LIF is the next hop to reach a VIP LIF. Failover is disabled for the BGP LIF. A BGP peer group advertises the VIP routes for all the SVMs in the peer group's IPspace.
Beginning with ONTAP 9.8, these fields have been added to the network bgp peer-group
command:
-
-asn-prepend-type
-
-asn-prepend-count
-
-community
These BGP attributes allows you to configure the AS Path and community attributes for the BGP peer group.
Beginning with ONTAP 9.9.1, these fields have been added:
-
-asn or -peer-asn (4-byte value)
The attribute itself is not new, but it now uses a 4-byte integer. -
-med
-
-use-peer-as-next-hop
You can make advanced route selections with Multi-Exit Discriminator (MED) support for path prioritization. MED is an optional attribute in the BGP update message that tells routers to select the best route for the traffic. The MED is an unsigned 32-bit integer (0 - 4294967295); lower values are preferred.
While ONTAP supports the above BGP attributes, routers need not honor them. NetApp highly recommends you confirm which attributes are supported by your router and configure BGP peer-groups accordingly. For details, refer to the BGP documentation provided by your router. |
-
Log in to the advanced privilege level:
set -privilege advanced
-
Optional: Create a BGP configuration or modify the default BGP configuration of the cluster by performing one of the following actions:
-
Create a BGP configuration:
network bgp config create -node {node_name | local} -asn asn_integer -holdtime hold_time -routerid local_router_IP_address
Sample with a 2-byte ASN:
network bgp config create -node node1 -asn 65502 -holdtime 180 -routerid 1.1.1.1
Sample with a 4-byte ASN:
network bgp config create -node node1 -asn 85502 -holdtime 180 -routerid 1.1.1.1
-
Modify the default BGP configuration:
network bgp defaults modify -asn asn_integer -holdtime hold_time network bgp defaults modify -asn 65502
-
asn_integer
specifies the ASN. Beginning with ONTAP 9.8, ASN for BGP supports a 2-byte non-negative integer. This is a 16-bit number (1 - 65534 available values). Beginning with ONTAP 9.9.1, ASN for BGP supports a 4-byte non-negative integer (1 - 4294967295). The default ASN is 65501. ASN 23456 is reserved for ONTAP session establishment with peers that do not announce 4-byte ASN capability. -
hold_time
specifies the hold time in seconds. The default value is 180s.
-
-
-
Create a BGP LIF for the system SVM:
network interface create -vserver system_svm -lif lif_name -service-policy default-route-announce -home-node home_node -home-port home_port -address ip_address -netmask netmask
You can use the
default-route-announce
service policy for the BGP LIF or any custom service policy which contains the "management-bgp" service.network interface create -vserver cluster1 -lif bgp1 -service-policy default-route-announce -home-node cluster1-01 -home-port e0c -address 10.10.10.100 -netmask 255.255.255.0
-
Create a BGP peer group that is used to establish BGP sessions with the remote peer routers and configure the VIP route information that is advertised to the peer routers:
Sample 1: Create a peer group without an auto default route
In this case, the admin has to create a static route to the BGP peer.
network bgp peer-group create -peer-group group_name -ipspace ipspace_name -bgp-lif bgp_lif -peer-address peer-router_ip_address -peer-asn 65502 -route-preference integer -asn-prepend-type <ASN_prepend_type> -asn-prepend-count integer -med integer -community BGP community list <0-65535>:<0-65535>
network bgp peer-group create -peer-group group1 -ipspace Default -bgp-lif bgp1 -peer-address 10.10.10.1 -peer-asn 65502 -route-preference 100 -asn-prepend-type local-asn -asn-prepend-count 2 -med 100 -community 9000:900,8000:800
Sample 2: Create a peer group with an auto default route
network bgp peer-group create -peer-group group_name -ipspace ipspace_name -bgp-lif bgp_lif -peer-address peer-router_ip_address -peer-asn 65502 -use-peer-as-next-hop true -route-preference integer -asn-prepend-type <ASN_prepend_type> -asn-prepend-count integer -med integer -community BGP community list <0-65535>:<0-65535>
network bgp peer-group create -peer-group group1 -ipspace Default -bgp-lif bgp1 -peer-address 10.10.10.1 -peer-asn 65502 -use-peer-as-next-hop true -route-preference 100 -asn-prepend-type local-asn -asn-prepend-count 2 -med 100 -community 9000:900,8000:800
Create a virtual IP (VIP) data LIF
The existence of a VIP data LIF is advertised to peer routers through the routing protocol, Border Gateway Protocol (BGP).
-
The BGP peer group must be set up and the BGP session for the SVM on which the LIF is to be created must be active.
-
A static route to the BGP router or any other router in the BGP LIF’s subnet must be created for any outgoing VIP traffic for the SVM.
-
You should turn on multipath routing so that the outgoing VIP traffic can utilize all the available routes.
If multipath routing is not enabled, all the outgoing VIP traffic goes from a single interface.
-
Create a VIP data LIF:
network interface create -vserver svm_name -lif lif_name -role data -data-protocol {nfs|cifs|iscsi|fcache|none|fc-nvme} -home-node home_node -address ip_address -is-vip true
A VIP port is automatically selected if you do not specify the home port with the
network interface create
command.By default, the VIP data LIF belongs to the system-created broadcast domain named 'Vip', for each IPspace. You cannot modify the VIP broadcast domain.
A VIP data LIF is reachable simultaneously on all ports hosting a BGP LIF of an IPspace. If there is no active BGP session for the VIP's SVM on the local node, the VIP data LIF fails over to the next VIP port on the node that has a BGP session established for that SVM.
-
Verify that the BGP session is in the up status for the SVM of the VIP data LIF:
network bgp vserver-status show Node Vserver bgp status ---------- -------- --------- node1 vs1 up
If the BGP status is
down
for the SVM on a node, the VIP data LIF fails over to a different node where the BGP status is up for the SVM. If BGP status isdown
on all the nodes, the VIP data LIF cannot be hosted anywhere, and has LIF status as down.
Commands for managing the BGP
Beginning with ONTAP 9.5, you use the network bgp
commands to manage the BGP sessions in ONTAP.
Manage BGP configuration
If you want to… |
Use this command… |
---|---|
Create a BGP configuration |
network bgp config create |
Modify BGP configuration |
network bgp config modify |
Delete BGP configuration |
network bgp config delete |
Display BGP configuration |
network bgp config show |
Displays the BGP status for the SVM of the VIP LIF |
network bgp vserver-status show |
Manage BGP default values
If you want to… |
Use this command… |
---|---|
Modify BGP default values |
network bgp defaults modify |
Display BGP default values |
network bgp defaults show |
Manage BGP peer groups
If you want to… |
Use this command… |
---|---|
Create a BGP peer group |
network bgp peer-group create |
Modify a BGP peer group |
network bgp peer-group modify |
Delete a BGP peer group |
network bgp peer-group delete |
Display BGP peer groups information |
network bgp peer-group show |
Rename a BGP peer group |
network bgp peer-group rename |