Skip to main content

LIF roles (ONTAP 9.5 and earlier)

Contributors netapp-barbe netapp-thomi

LIFs with different roles have different characteristics. A LIF role determines the kind of traffic that is supported over the interface, along with the failover rules that apply, the firewall restrictions that are in place, the security, the load balancing, and the routing behavior for each LIF. A LIF can have any one of the following roles: cluster, cluster management, data, intercluster, node management, and undef (undefined). The undef role is used for BGP LIFs.

Beginning with ONTAP 9.6, LIF roles are deprecated. You should specify service policies for LIFs instead of a role. It is not necessary to specify a LIF role when creating a LIF with a service policy.

LIF security

Data LIF

Cluster LIF

Node management LIF

Cluster management LIF

Intercluster LIF

Require private IP subnet?

No

Yes

No

No

No

Require secure network?

No

Yes

No

No

Yes

Default firewall policy

Very restrictive

Completely open

Medium

Medium

Very restrictive

Is firewall customizable?

Yes

No

Yes

Yes

Yes

LIF failover

Data LIF

Cluster LIF

Node management LIF

Cluster management LIF

Intercluster LIF

Default behavior

Only those ports in the same failover group that are on the LIF's home node and on a non-SFO partner node

Only those ports in the same failover group that are on the LIF's home node

Only those ports in the same failover group that are on the LIF's home node

Any port in the same failover group

Only those ports in the same failover group that are on the LIF's home node

Is customizable?

Yes

No

Yes

Yes

Yes

LIF routing

Data LIF

Cluster LIF

Node management LIF

Cluster management LIF

Intercluster LIF

When is a default route needed?

When clients or domain controller are on different IP subnet

Never

When any of the primary traffic types require access to a different IP subnet

When administrator is connecting from another IP subnet

When other intercluster LIFs are on a different IP subnet

When is a static route to a specific IP subnet needed?

Rare

Never

Rare

Rare

When nodes of another cluster have their intercluster LIFs in different IP subnets

When is a static host route to a specific server needed?

To have one of the traffic types listed under node management LIF, go through a data LIF rather than a node management LIF. This requires a corresponding firewall change.

Never

Rare

Rare

Rare

LIF rebalancing

Data LIF

Cluster LIF

Node management LIF

Cluster management LIF

Intercluster LIF

DNS: use as DNS server?

Yes

No

No

No

No

DNS: export as zone?

Yes

No

No

No

No

LIF primary traffic types

Data LIF

Cluster LIF

Node management LIF

Cluster management LIF

Intercluster LIF

Primary traffic types

NFS server, CIFS server, NIS client, Active Directory, LDAP, WINS, DNS client and server, iSCSI and FC server

Intracluster

SSH server, HTTPS server, NTP client, SNMP, AutoSupport client, DNS client, loading software updates

SSH server, HTTPS server

Cross-cluster replication