配置 LIF
建议更改
PDF
您必须确定用于在数据和磁带资源之间建立数据连接以及在管理 SVM 和备份应用程序之间建立控制连接的 LIF 。确定了这些生命周期后、您必须验证是否已设置服务和故障转移策略。
|
从ONTAP 9.10.1开始、防火墙策略已弃用、并完全替换为LIF服务策略。有关详细信息,请参见 "管理支持的流量"。 |
-
使用命令和
-service-policy`参数确定节点上托管的集群间LIF `network interface show。network interface show -service-policy default-intercluster -
使用命令和
-service-policy`参数确定节点上托管的管理LIF `network interface show。network interface show -service-policy default-management -
确保集群间LIF包含此 `backup-ndmp-control`服务:
network interface service-policy show -
确保已为所有 LIF 正确设置故障转移策略:
-
验证集群管理LIF的故障转移策略是否设置为
broadcast-domain-wide、并且集群间和节点管理的生命周期管理的策略设置为local-only使用network interface show -failover命令:以下命令显示集群管理 LIF ,集群间 LIF 和节点管理 LIF 的故障转移策略:
cluster1::> network interface show -failover Logical Home Failover Failover Vserver Interface Node:Port Policy Group ------- -------------- -------------- ---------- -------- cluster cluster1_clus1 cluster1-1:e0a local-only cluster Failover Targets: ....... cluster1 cluster_mgmt cluster1-1:e0m broadcast- Default domain-wide Failover Targets: ....... IC1 cluster1-1:e0a local-only Default Failover Targets: IC2 cluster1-1:e0b local-only Default Failover Targets: ....... cluster1-1 c1-1_mgmt1 cluster1-1:e0m local-only Default Failover Targets: ...... cluster1-2 c1-2_mgmt1 cluster1-2:e0m local-only Default Failover Targets: ......-
如果未正确设置故障转移策略、请使用修改此故障转移策略
network interface modify命令-failover-policy参数。cluster1::> network interface modify -vserver cluster1 -lif IC1 -failover-policy local-only
-
-
使用指定数据连接所需的生命周期
vserver services ndmp modify命令preferred-interface-role参数。cluster1::> vserver services ndmp modify -vserver cluster1 -preferred-interface-role intercluster,cluster-mgmt,node-mgmt
-
使用验证是否已为集群设置首选接口角色
vserver services ndmp show命令:cluster1::> vserver services ndmp show -vserver cluster1 Vserver: cluster1 NDMP Version: 4 ....... ....... Preferred Interface Role: intercluster, cluster-mgmt, node-mgmt
-
使用确定集群间、集群管理和节点管理的生命周期
network interface show命令-role参数。以下命令显示集群间 LIF :
cluster1::> network interface show -role intercluster Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home ----------- ---------- ---------- ------------------ ------------- ------- ---- cluster1 IC1 up/up 192.0.2.65/24 cluster1-1 e0a true cluster1 IC2 up/up 192.0.2.68/24 cluster1-2 e0b true以下命令显示集群管理 LIF :
cluster1::> network interface show -role cluster-mgmt Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home ----------- ---------- ---------- ------------------ ----------- ------- ---- cluster1 cluster_mgmt up/up 192.0.2.60/24 cluster1-2 e0M true以下命令显示节点管理 LIF :
cluster1::> network interface show -role node-mgmt Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home ----------- ---------- ---------- --------------- ------------ ------ ------ cluster1 cluster1-1_mgmt1 up/up 192.0.2.69/24 cluster1-1 e0M true cluster1-2_mgmt1 up/up 192.0.2.70/24 cluster1-2 e0M true -
确保已为集群间、集群管理(
cluster-mgmt`和节点管理)的NDMP启用防火墙策略(`node-mgmt:-
使用验证是否已为NDMP启用防火墙策略
system services firewall policy show命令:以下命令显示集群管理 LIF 的防火墙策略:
cluster1::> system services firewall policy show -policy cluster Vserver Policy Service Allowed ------- ------------ ---------- ----------------- cluster cluster dns 0.0.0.0/0 http 0.0.0.0/0 https 0.0.0.0/0 ndmp 0.0.0.0/0 ndmps 0.0.0.0/0 ntp 0.0.0.0/0 rsh 0.0.0.0/0 snmp 0.0.0.0/0 ssh 0.0.0.0/0 telnet 0.0.0.0/0 10 entries were displayed.以下命令显示集群间 LIF 的防火墙策略:
cluster1::> system services firewall policy show -policy intercluster Vserver Policy Service Allowed ------- ------------ ---------- ------------------- cluster1 intercluster dns - http - https - ndmp 0.0.0.0/0, ::/0 ndmps - ntp - rsh - ssh - telnet - 9 entries were displayed.以下命令显示节点管理 LIF 的防火墙策略:
cluster1::> system services firewall policy show -policy mgmt Vserver Policy Service Allowed ------- ------------ ---------- ------------------- cluster1-1 mgmt dns 0.0.0.0/0, ::/0 http 0.0.0.0/0, ::/0 https 0.0.0.0/0, ::/0 ndmp 0.0.0.0/0, ::/0 ndmps 0.0.0.0/0, ::/0 ntp 0.0.0.0/0, ::/0 rsh - snmp 0.0.0.0/0, ::/0 ssh 0.0.0.0/0, ::/0 telnet - 10 entries were displayed. -
如果未启用防火墙策略、请使用启用防火墙策略
system services firewall policy modify命令-service参数。以下命令将为集群间 LIF 启用防火墙策略:
cluster1::> system services firewall policy modify -vserver cluster1 -policy intercluster -service ndmp 0.0.0.0/0
-
-
确保已为所有 LIF 正确设置故障转移策略:
-
验证集群管理LIF的故障转移策略是否设置为
broadcast-domain-wide、并且集群间和节点管理的生命周期管理的策略设置为local-only使用network interface show -failover命令:以下命令显示集群管理 LIF ,集群间 LIF 和节点管理 LIF 的故障转移策略:
cluster1::> network interface show -failover Logical Home Failover Failover Vserver Interface Node:Port Policy Group ---------- ----------------- ----------------- -------------------- -------- cluster cluster1_clus1 cluster1-1:e0a local-only cluster Failover Targets: ....... cluster1 cluster_mgmt cluster1-1:e0m broadcast-domain-wide Default Failover Targets: ....... IC1 cluster1-1:e0a local-only Default Failover Targets: IC2 cluster1-1:e0b local-only Default Failover Targets: ....... cluster1-1 cluster1-1_mgmt1 cluster1-1:e0m local-only Default Failover Targets: ...... cluster1-2 cluster1-2_mgmt1 cluster1-2:e0m local-only Default Failover Targets: ......-
如果未正确设置故障转移策略、请使用修改此故障转移策略
network interface modify命令-failover-policy参数。cluster1::> network interface modify -vserver cluster1 -lif IC1 -failover-policy local-only
-
-
使用指定数据连接所需的生命周期
vserver services ndmp modify命令preferred-interface-role参数。cluster1::> vserver services ndmp modify -vserver cluster1 -preferred-interface-role intercluster,cluster-mgmt,node-mgmt
-
使用验证是否已为集群设置首选接口角色
vserver services ndmp show命令:cluster1::> vserver services ndmp show -vserver cluster1 Vserver: cluster1 NDMP Version: 4 ....... ....... Preferred Interface Role: intercluster, cluster-mgmt, node-mgmt