2016-12-19 09:43 AM
I have several clusters configured with multiplie interfaces and vlans. The management ports sits on a private IP space that cannot be routed to send out AutoSupports to "support.netapp.com" that lives a vlan. I have a CIFS SVM that has an interface on the vlan hosting CIFS traffic. I also have two intercluster LIFs on another seperate vlan (we will call this replication vlan). The network infrastrucure allows for traffic on the replication vlan to be routed outside the enterprise. My question is, how do I setup cDOT to use this replication vlan to send out autosupport information to NetApp? I have tried adding a static route to 188.8.131.52 (support.netapp.com) but that interface cannot ping that address. I may have an issue with internal routing I need to resolve with our network team, but is that the proper way to do that? Can that traffic be sent out an intercluster LIF?
Any help on this would be great. This will be used on 8.3.X and 9.X versions of cDOT.
2016-12-19 07:47 PM
By default, the Node management LIF, which lives on e0M, which can't do VLANs, is the LIF used for sending ASUP.
Just adding the route will only work if it's done properly, and if your network enables outbound NAT/PAT for the IPs of the storage. It sounds like they don't, so no, this wouldn't work.
Easiest option is to setup the NetApp system to send ASUP by a proxy server on your network, or change transport method to SMTP.
However, if you are in a situation where you can test, last time I tried, you could create LIFs of type node-mgmt on a different VLAN (and therefore not on e0M, and therefore routable) for each node. However, this is a non-standard configuration, and may break during upgrades.
2016-12-20 06:04 AM
If I am following what you are saying, if I changed the transport type to SMTP, it will use the same interface that is configured for sending internal email alerts? It will fforward the information to the mail relay, which in turn will send it out to support.netapp.com? What ports and protoocols are used to go from the mail relay to support.netapp.com at that point?
I am just trying to understand the flow because I need to be able to request very specific ports and protocols from source to destination and I am not quite sure which source and destinations I should be using.
2016-12-20 09:48 PM
Yes, if you move to SMTP, it will send emails to NetApp via the same mail relay used to alert you.
Messages will be sent to email@example.com - the IP addresses it may try to deliver mail to are not ones we publish or specify - not that they're secret, but you should not be doing mail ACL based on IP addresses of destination mail servers - they change!
2016-12-21 05:48 AM
Thank you again. I have one last question. I thought the information that went to NetApp wasn't an email though. If you look at the documentation it is a PUT statement that I thought posted AutoSupport information to support.netapp.com. I guess I could have misread the information though. Becauae it was a PUT statement, that is why it is best practice to use HTTPS or HTTP since it allows for a larger message side 10MB opposed to 5MB. I have two 7-mode systems that have started working since changing to SMTP though. Of course it is going out an interface on the 7-mode systems that is only associated with a data SVM on the cDOT system. I have tried to add a routing rule on that interface with a metric of 1, but no luck yet. I could still have some firewall issues.
Thank you again for your support on this.
2017-01-11 08:59 PM
Hi, sorry for the delay on response - my area was in a Christmas shutdown.
The PUT statement is used for sending data via HTTP/HTTPS, for SMTP is just a simple message (ELHO..)
Glad it works!
2017-01-19 08:59 AM
I have tried several things, but I still cannot get autosupport to work from the cDOT systems. I have the protocal set to SMTP. Does the traffic go out the management interfaces? For instance the node or cluster management addresses? Those addresses are private and do not get sent outside, however we have two other interfaces on VLANs that do go outside. Would ONTAP by default try to go out one of those interfaces? Can I force it to use one of those interfaces? How would I do that with a routing statement?