LIFs and service policies in ONTAP 9.6 and later

Download PDF of this page

You can assign service policies (instead of LIF roles) to LIFs that determine the kind of traffic that is supported for the LIFs. Serv
ice policies define a collection of network services supported by a LIF. ONTAP provides a set of built-in service policies that can be associated with a LIF.

Service policies for system SVMs

The admin SVM and any system SVM contain service policies that can be used for LIFs in that SVM, including management and intercluster LIFs. These policies are automatically created by the system when an IPspace is created. The following table lists the built-in policies for LIFs in system SVMs:

Policy Included services Equivalent role Description

default-intercluster

intercluster-core

intercluster

Used by LIFs carrying intercluster traffic.
Note: Available from ONTAP 9.5 with the name net-intercluster service policy.

default-route-announce

management-bgp

-

Used by LIFs carrying BGP peer connections
Note: Available from ONTAP 9.5 with the name net-route-announce service policy.

default-management

management-core, management-ems, management-ssh, management-https, management-autosupport

node-mgmt, or cluster-mgmt

Used by LIFs handling management requests. Management-ems controls which LIFs can publish EMS content.

The following table lists the services that can be used on a system SVM along with any restrictions each service imposes on a LIF’s failover policy:

Service Failover limitations Description

intercluster-core

home-node-only

Core intercluster services

management-core

-

Core management services

management-ssh

-

Services for SSH management access

management-https

-

Services for HTTPS management access

management-autosupport

-

Services related to posting AutoSupport payloads

management-bgp

home-port-only

Services related to BGP peer interactions

Service policies for data SVMs

All data SVMs contain service policies that can be used by LIFs in that SVM. The following table lists the built-in policies for LIFs in data SVMs:

Policy Included services Equivalent data protocol Description

default-management

management-ssh, management-https

none

Used by LIFs handling management requests

default-data-blocks

data-iscsi

iscsi

Used by LIFs carrying block-oriented SAN data traffic

default-data-files

data-nfs, data-cifs, data-flexcache, data-fpolicy-client

nfs, cifs, fcache

Used by LIFs carrying file-oriented NAS data traffic.

The following table lists the services that can be used on a data SVM along with any restrictions each service imposes on a LIF’s failover policy:

Policy Included services Equivalent data protocol Description

management-ssh

-

-

Services for SSH management access

management-https

-

-

Services for HTTPS management access

data-core

-

data-only

Core data services (see for more details.

data-nfs

-

data-only

Protocols related to NFS data service

data-cifs

-

data-only

Protocols related to CIFS data service

data-flexcache

-

data-only

Protocols related to FlexCache data service

data-iscsi

home-port-only

data-only

Protocols related to iSCSI data service

You should be aware of how the service policies are assigned to the LIFs in data SVMs:

  • If a data SVM is created with a list of data services, the built-in "default-data-files" and "default-data-blocks" service policies in that SVM are created using the specified services.

  • If a data SVM is created without specifying a list of data services, the built-in "default-data-files" and "default-data-blocks" service policies in that SVM are created using a default list of data services.

    The default data services list includes the iSCSI, NFS, SMB, and FlexCache services.

  • When a LIF is created with a list of data protocols, a service policy equivalent to the specified data protocols is assigned to the LIF.

    If an equivalent service policy does not exist, a custom service policy is created.

  • When a LIF is created without a service policy or list of data protocols, the default-data-files service policy is assigned to the LIF by default.

Data-core service

The data-core service allows components that previously used LIFs with the data role to work as expected on clusters that have been upgraded to manage LIFs using service policies instead of LIF roles (which are deprecated in ONTAP 9.6).

Specifying data-core as a service does not open any ports in the firewall, but the service should be included in any service policy in a data SVM. For example, the default-data-files service policy contains the following services by default:

  • data-core

  • data-nfs

  • data-cifs

  • data-flexcache

The data-core service should be included in the policy to ensure all applications using the LIF work as expected, but the other three services can be removed, if desired.