Skip to main content

LIF security

Contributors netapp-aherbin netapp-dbagwell
PDFs

A LIF is an IP address or worldwide port name (WWPN) with associated characteristics, such as a role, a home port, a home node, a list of ports to fail over to, and a firewall policy. You can configure LIFs on ports over which the cluster sends and receives communications over the network. It is critical to understand the security characteristics of each LIF role.

LIF roles

LIF roles can be the following:

  • Data LIF: A LIF associated with an SVM and used for communicating with clients.

  • Cluster LIF: A LIF used to carry intracluster traffic between nodes in a cluster.

  • Node management LIF: A LIF that provides a dedicated IP address for managing a particular node in a cluster.

  • Cluster management LIF: A LIF that provides a single management interface for the entire cluster.

  • Intercluster LIF: A LIF used for cross-cluster communication, backup, and replication.

Security characteristics of each LIF role

Data LIF Cluster LIF Node management LIF Cluster Management LIF Intercluster LIF

Requires private IP subnet?

No

Yes

No

No

No

Requires secure network?

No

Yes

No

No

Yes

Default firewall policy

Very restrictive

Completely open

Medium

Medium

Very restrictive

Is the firewall customizable?

Yes

No

Yes

Yes

Yes
Important

  • Because the cluster LIF is completely open with no configurable firewall policy, it must be on a private IP subnet on a secure isolated network.

  • Under no circumstance should any LIF roles be exposed to the internet.

Learn more about securing LIFs, see the Configure firewall policies for LIFs.