Skip to main content

Create data LIFs for ONTAP S3

Contributors johnlantz netapp-dbagwell netapp-lenida netapp-manini netapp-pcarriga netapp-ahibbard netapp-aherbin

If you created a new SVM, the dedicated LIFs you create for S3 access should be data LIFs.

Before you begin
  • The underlying physical or logical network port must have been configured to the administrative up status.

  • If you are planning to use a subnet name to allocate the IP address and network mask value for a LIF, the subnet must already exist.

    Subnets contain a pool of IP addresses that belong to the same layer 3 subnet. They are created using the network subnet create command.

  • The LIF service policy must already exist.

  • As a best practice, LIFs used for data access (data-s3-server) and LIFs used for management operations (management-https) should be separate. Both services should not be enabled on the same LIF.

  • DNS records should only have IP addresses of the LIFs which have data-s3-server associated with them. If IP addresses of other LIFs are specified in the DNS record, ONTAP S3 requests may be served by other servers resulting in unexpected responses or data loss.

About this task
  • You can create both IPv4 and IPv6 LIFs on the same network port.

  • If you have a large number of LIFs in your cluster, you can verify the LIF capacity supported on the cluster by using the network interface capacity show command and the LIF capacity supported on each node by using the network interface capacity details show command (at the advanced privilege level).

  • If you are enabling remote FabricPool capacity (cloud) tiering, you must also configure intercluster LIFs.

Steps
  1. Create a LIF:

    network interface create -vserver svm_name -lif lif_name -service-policy service_policy_names -home-node node_name -home-port port_name {-address IP_address -netmask IP_address | -subnet-name subnet_name} -firewall-policy data -auto-revert {true|false}

    • -home-node is the node to which the LIF returns when the network interface revert command is run on the LIF.

      You can also specify whether the LIF should automatically revert to the home-node and home-port with the -auto-revert option.

    • -home-port is the physical or logical port to which the LIF returns when the network interface revert command is run on the LIF.

    • You can specify an IP address with the -address and -netmask options, or you enable allocation from a subnet with the -subnet_name option.

    • When using a subnet to supply the IP address and network mask, if the subnet was defined with a gateway, a default route to that gateway is added automatically to the SVM when a LIF is created using that subnet.

    • If you assign IP addresses manually (without using a subnet), you might need to configure a default route to a gateway if there are clients or domain controllers on a different IP subnet. The network route create man page contains information about creating a static route within an SVM.

    • For the -firewall-policy option, use the same default data as the LIF role.

      You can create and add a custom firewall policy later if desired.

      Note Beginning with ONTAP 9.10.1, firewall policies are deprecated and wholly replaced with LIF service policies. For more information, see Configure firewall policies for LIFs.
    • -auto-revert allows you to specify whether a data LIF is automatically reverted to its home node under circumstances such as startup, changes to the status of the management database, or when the network connection is made. The default setting is false, but you can set it to false depending on network management policies in your environment.

    • The -service-policy option specifies the data and management services policy you created and any other policies you need.

  2. If you want to assign an IPv6 address in the -address option:

    1. Use the network ndp prefix show command to view the list of RA prefixes learned on various interfaces.

      The network ndp prefix show command is available at the advanced privilege level.

    2. Use the format prefix:id to construct the IPv6 address manually.

      prefix is the prefix learned on various interfaces.

      For deriving the id, choose a random 64-bit hexadecimal number.

  3. Verify that the LIF was created successfully by using the network interface show command.

  4. Verify that the configured IP address is reachable:

    To verify an…​ Use…​

    IPv4 address

    network ping

    IPv6 address

    network ping6

Examples

The following command shows how to create an S3 data LIF that is assigned with the my-S3-policy service policy:

network interface create -vserver svm1.example.com -lif lif2 -home-node node2 -homeport e0d -service-policy my-S3-policy -subnet-name ipspace1

The following command shows all the LIFs in cluster-1. Data LIFs datalif1 and datalif3 are configured with IPv4 addresses, and datalif4 is configured with an IPv6 address:

cluster-1::> network interface show

            Logical    Status     Network          Current      Current Is
Vserver     Interface  Admin/Oper Address/Mask     Node         Port    Home
----------- ---------- ---------- ---------------- ------------ ------- ----
cluster-1
            cluster_mgmt up/up    192.0.2.3/24     node-1       e1a     true
node-1
            clus1        up/up    192.0.2.12/24    node-1       e0a     true
            clus2        up/up    192.0.2.13/24    node-1       e0b     true
            mgmt1        up/up    192.0.2.68/24    node-1       e1a     true
node-2
            clus1        up/up    192.0.2.14/24    node-2       e0a     true
            clus2        up/up    192.0.2.15/24    node-2       e0b     true
            mgmt1        up/up    192.0.2.69/24    node-2       e1a     true
vs1.example.com
            datalif1     up/down  192.0.2.145/30   node-1       e1c     true
vs3.example.com
            datalif3     up/up    192.0.2.146/30   node-2       e0c     true
            datalif4     up/up    2001::2/64       node-2       e0c     true
5 entries were displayed.