Skip to main content

Create a LIF (network interface)

Contributors netapp-barbe netapp-aoife netapp-thomi netapp-aherbin netapp-lisa

An SVM serves data to clients through one or more network logical interfaces (LIFs). You must create LIFs on the ports you want to use to access data. A LIF (network interface) is an IP address associated with a physical or logical port. If there is a component failure, a LIF can fail over to or be migrated to a different physical port, thereby continuing to communicate with the network.

Best practice

Switch ports connected to ONTAP should be configured as spanning-tree edge ports to reduce delays during LIF migration.

Before you begin
  • You must be a cluster administrator to perform this task.

  • The underlying physical or logical network port must have been configured to the administrative up status.

  • If you are planning to use a subnet name to allocate the IP address and network mask value for a LIF, the subnet must already exist.

    Subnets contain a pool of IP addresses that belong to the same layer 3 subnet. They are created using System Manager or the network subnet create command.

  • The mechanism for specifying the type of traffic handled by a LIF has changed. For ONTAP 9.5 and earlier, LIFs used roles to specify the type of traffic it would handle. Beginning with ONTAP 9.6, LIFs use service policies to specify the type of traffic it would handle.

About this task
  • You cannot assign NAS and SAN protocols to the same LIF.

    The supported protocols are SMB, NFS, FlexCache, iSCSI, and FC; iSCSI and FC cannot be combined with other protocols. However, NAS and Ethernet-based SAN protocols can be present on the same physical port.

    • You should not configure LIFs that carry SMB traffic to automatically revert to their home nodes. This recommendation is mandatory if the SMB server is to host a solution for nondisruptive operations with Hyper-V or SQL Server over SMB.

  • You can create both IPv4 and IPv6 LIFs on the same network port.

  • All the name mapping and host-name resolution services used by an SVM, such as DNS, NIS, LDAP, and Active Directory, must be reachable from at least one LIF handling data traffic of the SVM.

  • A LIF handling intracluster traffic between nodes should not be on the same subnet as a LIF handling management traffic or a LIF handling data traffic.

  • Creating a LIF that does not have a valid failover target results in a warning message.

  • If you have a large number of LIFs in your cluster, you can verify the LIF capacity supported on the cluster:

    • System Manager: Beginning with ONTAP 9.12.0, view the throughput on the Network Interface grid.

    • CLI: Use the network interface capacity show command and the LIF capacity supported on each node by using the network interface capacity details show command (at the advanced privilege level).

  • Beginning with ONTAP 9.7, if other LIFs already exist for the SVM in the same subnet, you do not need to specify the home port of the LIF. ONTAP automatically chooses a random port on the specified home node in the same broadcast domain as the other LIFs already configured in the same subnet.

    Beginning with ONTAP 9.4, FC-NVMe is supported. If you are creating an FC-NVMe LIF you should be aware of the following:

    • The NVMe protocol must be supported by the FC adapter on which the LIF is created.

    • FC-NVMe can be the only data protocol on data LIFs.

  • One LIF handling management traffic must be configured for every storage virtual machine (SVM) supporting SAN.

  • NVMe LIFs and namespaces must be hosted on the same node.

  • Only one NVMe LIF handling data traffic can be configured per SVM.

  • When you create a network interface with a subnet, ONTAP automatically selects an available IP address from the selected subnet and assigns it to the network interface. You can change the subnet if there is more than one subnet, but you cannot change the IP address.

  • When you create (add) an SVM, for a network interface, you cannot specify an IP address that is in the range of an existing subnet. You will receive a subnet conflict error. This issue occurs in other workflows for a network interface, such as creating or modifying inter-cluster network interfaces in SVM settings or cluster settings.

  • Beginning with ONTAP 9.10.1, the network interface CLI commands include an -rdma-protocols parameter for NFS over RDMA configurations. Creating network interfaces for NFS over RDMA configurations is supported in System Manager beginning in ONTAP 9.12.1. For more information, see Configure LIFS for NFS over RDMA.

  • Beginning with ONTAP 9.11.1, automatic iSCSI LIF failover is available on All-Flash SAN Array (ASA) platforms.

    iSCSI LIF failover is automatically enabled (the failover policy is set to sfo-partner-only and the auto-revert value is set to true) on newly created iSCSI LIFs if no iSCSI LIFs exist in the specified SVM or if all existing iSCSI LIFs in the specified SVM are already enabled with iSCSI LIF failover.

    If after you upgrade to ONTAP 9.11.1 or later, you have existing iSCSI LIFs in an SVM that have not been enabled with the iSCSI LIF failover feature and you create new iSCSI LIFs in the same SVM, the new iSCSI LIFs assume the same failover policy (disabled) of the existing iSCSI LIFs in the SVM.

Beginning with ONTAP 9.7, ONTAP automatically chooses the home port of a LIF, as long as at least one LIF already exists in the same subnet in that IPspace. ONTAP chooses a home-port in the same broadcast domain as other LIFs in that subnet. You can still specify a home port, but it is no longer required (unless no LIFs yet exist in that subnet in the specified IPspace).

Beginning with ONTAP 9.12.0, the procedure you follow depends on the interface that you use—​System Manager or the CLI:

System Manager

Use System Manager to add a network interface

Steps
  1. Select Network > Overview > Network Interfaces.

  2. Select add icon.

  3. Select one of the following interface roles:

    1. Data

    2. Intercluster

    3. SVM Management

  4. Select the protocol:

    1. SMB/CIFS and NFS

    2. iSCSI

    3. FC

    4. NVMe/FC

    5. NVMe/TCP

  5. Name the LIF or accept the name generated from your previous selections.

  6. Accept the home node or use the drop-down to select one.

  7. If at least one subnet is configured in the IPspace of the selected SVM, the subnet drop-down is displayed.

    1. If you select a subnet, choose it from the drop-down.

    2. If you proceed without a subnet, the broadcast domain drop-down is displayed:

      1. Specify the IP address. If the IP address is in use, a warning message will display.

      2. Specify a subnet mask.

  8. Select the home port from the broadcast domain, either automatically (recommended) or by selecting one from the drop-down menu. The Home port control is displayed based on the broadcast domain or subnet selection.

  9. Save the network interface.

CLI

Use the CLI to create a LIF

Steps
  1. Determine which broadcast domain ports you want to use for the LIF.

    network port broadcast-domain show -ipspace ipspace1

    IPspace     Broadcast                       Update
    Name        Domain name   MTU   Port List   Status Details
    ipspace1
                default       1500
                                    node1:e0d   complete
                                    node1:e0e   complete
                                    node2:e0d   complete
                                    node2:e0e   complete
  2. Verify that the subnet you want to use for the LIFs contains sufficient unused IP addresses.

    network subnet show -ipspace ipspace1

  3. Create one or more LIFs on the ports you want to use to access data.

    network interface create -vserver _SVM_name_ -lif _lif_name_ -service-policy _service_policy_name_ -home-node _node_name_ -home-port port_name {-address _IP_address_ - netmask _Netmask_value_ | -subnet-name _subnet_name_} -firewall- policy _policy_ -auto-revert {true|false}
    • -home-node is the node to which the LIF returns when the network interface revert command is run on the LIF.

      You can also specify whether the LIF should automatically revert to the home-node and home-port with the -auto-revert option.

    • -home-port is the physical or logical port to which the LIF returns when the network interface revert command is run on the LIF.

    • You can specify an IP address with the -address and -netmask options, or you enable allocation from a subnet with the -subnet_name option.

    • When using a subnet to supply the IP address and network mask, if the subnet was defined with a gateway, a default route to that gateway is added automatically to the SVM when a LIF is created using that subnet.

    • If you assign IP addresses manually (without using a subnet), you might need to configure a default route to a gateway if there are clients or domain controllers on a different IP subnet. The network route create man page contains information about creating a static route within an SVM.

    • -auto-revert enables you to specify whether a data LIF is automatically reverted to its home node under circumstances such as startup, changes to the status of the management database, or when the network connection is made. The default setting is false, but you can set it to true depending on network management policies in your environment.

    • -service-policy Beginning with ONTAP 9.5, you can assign a service policy for the LIF with the -service-policy option.
      When a service policy is specified for a LIF, the policy is used to construct a default role, failover policy, and data protocol list for the LIF. In ONTAP 9.5, service policies are supported only for intercluster and BGP peer services. In ONTAP 9.6, you can create service policies for several data and management services.

    • -data-protocol enables you to create a LIF that supports the FCP or NVMe/FC protocols. This option is not required when creating an IP LIF.

  4. Optional: Assign an IPv6 address in the -address option:

    1. Use the network ndp prefix show command to view the list of RA prefixes learned on various interfaces.

      The network ndp prefix show command is available at the advanced privilege level.

    2. Use the format prefix::id to construct the IPv6 address manually.

      prefix is the prefix learned on various interfaces.

      For deriving the id, choose a random 64-bit hexadecimal number.

  5. Verify that the LIF interface configuration is correct.

    network interface show -vserver vs1

              Logical    Status     Network         Current   Current Is
    Vserver   Interface  Admin/Oper Address/Mask    Node      Port    Home
    --------- ---------- ---------- --------------- --------- ------- ----
    vs1
               lif1       up/up      10.0.0.128/24   node1     e0d     true
  6. Verify that the failover group configuration is as desired.

    network interface show -failover -vserver vs1

             Logical    Home       Failover        Failover
    Vserver  interface  Node:Port  Policy          Group
    -------- ---------- ---------  ---------       --------
    vs1
             lif1       node1:e0d  system-defined  ipspace1
    Failover Targets: node1:e0d, node1:e0e, node2:e0d, node2:e0e
  7. Verify that the configured IP address is reachable:

To verify an…​

Use…​

IPv4 address

network ping

IPv6 address

network ping6

Examples

The following command creates a LIF and specifies the IP address and network mask values using the -address and -netmask parameters:

network interface create -vserver vs1.example.com -lif datalif1 -service-policy default-data-files -home-node node-4 -home-port e1c -address 192.0.2.145 -netmask 255.255.255.0 -auto-revert true

The following command creates a LIF and assigns IP address and network mask values from the specified subnet (named client1_sub):

network interface create -vserver vs3.example.com -lif datalif3 -service-policy default-data-files -home-node node-3 -home-port e1c -subnet-name client1_sub - auto-revert true

The following command creates an NVMe/FC LIF and specifies the nvme-fc data protocol:

network interface create -vserver vs1.example.com -lif datalif1 -data-protocol nvme-fc -home-node node-4 -home-port 1c -address 192.0.2.145 -netmask 255.255.255.0 -auto-revert true