ONTAP Discussions

Management LIF in different IPspace?

sraudonis
5,636 Views

Hello,

 

i configured a 2554 cDOT 8.3.1 with 2 SVM's. One for CIFS (1G ports) and one for NFS (10G ports). The NFS SVM is only for VMware and used the 10G Ports with a own LAN infrastructure. So i made for the NFS network a own IPspace.

 

Now i want to connect the Virtual Storage Console on the VCenter Server to the NFS SVM, but how?

 

It seems that it is not possible to create a management LIF in a different IPspace.

 

Missed i something? Or why is this not possible?

 

Kind regsrds

 

Stefan

1 ACCEPTED SOLUTION

scottgelb
5,585 Views

An SVM can only be a member of one IPspace, and I don't see that changing for secure multitenancy.  With that said though, you can have more than one network in an IPspace... for example..

 

If your management network is VLAN22 in the default-ipspace, and your secure NFS separated network is in VLAN23 in the nfsIPspace... you should be able add an interface from VLAN22 into the nfsIPspace... it would take a dedicated interface though (but can be a VLAN) separate from the default-ipspace... you would need to add a route to the SVM for that management network...

 

Do you have any free interfaces on your management network you can take from the default-ipspace (or create new) and put in the non-default IPspace just for management?

View solution in original post

4 REPLIES 4

scottgelb
5,626 Views

Can the VSC route to a management LIF in the non-default IPSpace on the NFS SVM?  Did you create the IPspace for network separation?  Each SVM has its own routing table even if sharing the same IPspace... if you have overlapping networks, IPspaces are needed but in a lot of cases for network separation we can go with just a separate SVM (separate routing) with broadcast-domains to keep the network separated between CIFS and NFS in this case...all sharing the default-ipspace.

sraudonis
5,592 Views

No the NFS IPspace isn't routed, it is a physically isolated network.

 

I created the IPspace because i thought, make the best separation to the rest. Ths customer has a worldwide MPLS routed network and when someone at the other end of the world don't think at the NFS IP address network and he used it also we got problems when accessing the CIFS shares from this site.

 

For me is the NFS network separated like a FC SAN.

 

I think at the moment i can only attach a new portgroup the the VMware VSwitch which has the NFS VMkernel Ports and add a additional NIC to the VCenter server to access the NFS SVM.

 

Perhaps in the future it will be possible to create a management interface for a SVM in a different IPspace. I think there are some cases where this can be useful.

 

Kind regards

Stefan

scottgelb
5,586 Views

An SVM can only be a member of one IPspace, and I don't see that changing for secure multitenancy.  With that said though, you can have more than one network in an IPspace... for example..

 

If your management network is VLAN22 in the default-ipspace, and your secure NFS separated network is in VLAN23 in the nfsIPspace... you should be able add an interface from VLAN22 into the nfsIPspace... it would take a dedicated interface though (but can be a VLAN) separate from the default-ipspace... you would need to add a route to the SVM for that management network...

 

Do you have any free interfaces on your management network you can take from the default-ipspace (or create new) and put in the non-default IPspace just for management?

sraudonis
5,558 Views

It is only a 2554, i have no free interfaces... I will create a portgroup on the ESX Host and put the VCenter with a additional NIC in the NFS LAN...

 

And for the next implementation i don't use IPspaces...

 

Kind regards

Stefan

Public