Configure virtual IP (VIP) LIFs

Contributors netapp-barbe Download PDF of this page

Some next-generation data centers use Network-Layer-3 mechanisms that require LIFs to be failed over across subnets. Starting with ONTAP 9.5, VIP data LIFs and the associated routing protocol, border gateway protocol (BGP), are supported, which enable ONTAP to participate in these next-generation networks.

About this task

A VIP data LIF is a LIF that is not part of any subnet and is reachable from all ports that host a BGP LIF in the same IPspace. A VIP data LIF eliminates the dependency of a host on individual network interfaces. Because multiple physical adapters carry the data traffic, the entire load is not concentrated on a single adapter and the associated subnet. The existence of a VIP data LIF is advertised to peer routers through the routing protocol, Border Gateway Protocol (BGP).

VIP data LIFs provide the following advantages:

  • LIF portability beyond a broadcast domain or subnet: VIP data LIFs can fail over to any subnet in the network by announcing the current location of each VIP data LIF to routers through BGP.

  • Aggregate throughput: VIP data LIFs can support aggregate throughput that exceeds the bandwidth of any individual port because the VIP LIFs can send or receive data from multiple subnets or ports simultaneously.

Set up border gateway protocol (BGP)

Before creating VIP LIFs, you must set up BGP, which is the routing protocol used for announcing the existence of a VIP LIF to peer routers.

Starting with ONTAP 9.9.1, VIP BGP provides default route automation using BGP peer grouping to simplify configuration.

ONTAP has a simple way to learn default routes using the BGP peers as next-hop routers when the BGP peer is on the same subnet. To use the feature, set the -use-peer-as-next-hop attribute to true. By default, this attribute is false.

If you have static routes configured, those are still preferred over these automated default routes.

Before you begin

The peer router must be configured to accept a BGP connection from the BGP LIF for the configured autonomous system number (ASN).

Note ONTAP does not process any incoming route announcements from the router; therefore, you should configure the peer router to not send any route updates to the cluster.
About this task

Setting up BGP involves optionally creating a BGP configuration, creating a BGP LIF, and creating a BGP peer group. ONTAP automatically creates a default BGP configuration with default values when the first BGP peer group is created on a given node. A BGP LIF is used to establish BGP TCP sessions with peer routers. For a peer router, a BGP LIF is the next hop to reach a VIP LIF. Failover is disabled for the BGP LIF. A BGP peer group advertises the VIP routes for all the SVMs in the peer group’s IPspace.

Starting with ONTAP 9.8, these fields have been added to the network bgp peer-group command:

  • -asn-prepend-type

  • -asn-prepend-count

  • -community

These BGP attributes allows you to configure the AS Path and community attributes for the BGP peer group.

Starting with ONTAP 9.9.1, these fields have been added:

  • -asn or -peer-asn (4-byte value)
    The attribute itself is not new, but it now uses a 4-byte integer.

  • -med

  • -use-peer-as-next-hop

You can make advanced route selections with Multi-Exit Discriminator (MED) support for path prioritization. MED is an optional attribute in the BGP update message that tells routers to select the best route for the traffic. The MED is an unsigned 32-bit integer (0 - 4294967295); lower values are preferred.

Note While ONTAP supports the above BGP attributes, routers need not honor them. NetApp highly recommends you confirm which attributes are supported by your router and configure BGP peer-groups accordingly. For details, refer to the BGP documentation provided by your router.
Steps
  1. Log in to the advanced privilege level:

    set -privilege advanced

  2. Optional: Create a BGP configuration or modify the default BGP configuration of the cluster by performing one of the following actions:

    1. Create a BGP configuration:

      network bgp config create -node {node_name | local} -asn asn_integer -holdtime
      hold_time -routerid local_router_IP_address

      Sample with a 2-byte ASN:

      network bgp config create -node node1 -asn 65502 -holdtime 180 -routerid 1.1.1.1

      Sample with a 4-byte ASN:

      network bgp config create -node node1 -asn 85502 -holdtime 180 -routerid 1.1.1.1
    2. Modify the default BGP configuration:

      network bgp defaults modify -asn asn_integer -holdtime hold_time
      network bgp defaults modify -asn 65502
      • asn_integer specifies the ASN. Starting in ONTAP 9.8, ASN for BGP supports a 2-byte non-negative integer. This is a 16-bit number (1 - 65534 available values). Starting in ONTAP 9.9.1, ASN for BGP supports a 4-byte non-negative integer (1 - 4294967295). The default ASN is 65501. ASN 23456 is reserved for ONTAP session establishment with peers that do not announce 4-byte ASN capability.

      • hold_time specifies the hold time in seconds. The default value is 180s.

  3. Create a BGP LIF for the system SVM:

    network interface create -vserver system_svm -lif lif_name -service-policy default-route-announce -home-node home_node -home-port home_port -address ip_address -netmask netmask

    You can use the default-route-announce service policy for the BGP LIF or any custom service policy which contains the "management-bgp" service.

    network interface create -vserver cluster1 -lif bgp1 -service-policy default-route-announce -home-node cluster1-01 -home-port e0c -address 10.10.10.100 -netmask 255.255.255.0
  4. Create a BGP peer group that is used to establish BGP sessions with the remote peer routers and configure the VIP route information that is advertised to the peer routers:

    Sample 1: Create a peer group without an auto default route

    In this case, the admin has to create a static route to the BGP peer.

    network bgp peer-group create -peer-group group_name -ipspace ipspace_name -bgp-lif bgp_lif -peer-address peer-router_ip_address -peer-asn 65502 -route-preference integer
    -asn-prepend-type <ASN_prepend_type> -asn-prepend-count integer -med integer -community BGP community list <0-65535>:<0-65535>
    network bgp peer-group create -peer-group group1 -ipspace Default -bgp-lif bgp1 -peer-address 10.10.10.1 -peer-asn 65502 -route-preference 100 -asn-prepend-type local-asn -asn-prepend-count 2 -med 100 -community 9000:900,8000:800

    Sample 2: Create a peer group with an auto default route

    network bgp peer-group create -peer-group group_name -ipspace ipspace_name -bgp-lif bgp_lif -peer-address peer-router_ip_address -peer-asn 65502 -use-peer-as-next-hop true -route-preference integer -asn-prepend-type <ASN_prepend_type> -asn-prepend-count integer -med integer -community BGP community list <0-65535>:<0-65535>
    network bgp peer-group create -peer-group group1 -ipspace Default -bgp-lif bgp1 -peer-address 10.10.10.1 -peer-asn 65502 -use-peer-as-next-hop true -route-preference 100 -asn-prepend-type local-asn -asn-prepend-count 2 -med 100 -community 9000:900,8000:800

Create a virtual IP (VIP) data LIF

The existence of a VIP data LIF is advertised to peer routers through the routing protocol, Border Gateway Protocol (BGP).

Before you begin
  • The BGP peer group must be set up and the BGP session for the SVM on which the LIF is to be created must be active.

  • A static route to the BGP router or any other router in the BGP LIF’s subnet must be created for any outgoing VIP traffic for the SVM.

  • You should turn on multipath routing so that the outgoing VIP traffic can utilize all the available routes.

    If multipath routing is not enabled, all the outgoing VIP traffic goes from a single interface.

Steps
  1. Create a VIP data LIF:

    network interface create -vserver svm_name -lif lif_name -role data -data-protocol
    {nfs|cifs|iscsi|fcache|none|fc-nvme} -home-node home_node -address ip_address -is-vip true

    A VIP port is automatically selected if you do not specify the home port with the network interface create command.

    By default, the VIP data LIF belongs to the system-created broadcast domain named 'Vip', for each IPspace. You cannot modify the VIP broadcast domain.

    A VIP data LIF is reachable simultaneously on all ports hosting a BGP LIF of an IPspace. If there is no active BGP session for the VIP’s SVM on the local node, the VIP data LIF fails over to the next VIP port on the node that has a BGP session established for that SVM.

  2. Verify that the BGP session is in the up status for the SVM of the VIP data LIF:

    network bgp vserver-status show
    
    Node        Vserver  bgp status
    	    ----------  -------- ---------
    	    node1       vs1      up

    If the BGP status is down for the SVM on a node, the VIP data LIF fails over to a different node where the BGP status is up for the SVM. If BGP status is down on all the nodes, the VIP data LIF cannot be hosted anywhere, and has LIF status as down.

Commands for managing the BGP

Starting with ONTAP 9.5, you use the network bgp commands to manage the BGP sessions in ONTAP.

Manage BGP configuration

If you want to…​ Use this command…​

Create a BGP configuration

network bgp config create

Modify BGP configuration

network bgp config modify

Delete BGP configuration

network bgp config delete

Display BGP configuration

network bgp config show

Displays the BGP status for the SVM of the VIP LIF

network bgp vserver-status show

Manage BGP default values

If you want to…​ Use this command…​

Modify BGP default values

network bgp defaults modify

Display BGP default values

network bgp defaults show

Manage BGP peer groups

If you want to…​ Use this command…​

Create a BGP peer group

network bgp peer-group create

Modify a BGP peer group

network bgp peer-group modify

Delete a BGP peer group

network bgp peer-group delete

Display BGP peer groups information

network bgp peer-group show

Rename a BGP peer group

network bgp peer-group rename

Related information: ONTAP 9 commands