2012-04-23 09:01 AM
You can specify whether a network interface is trustworthy or untrustworthy. When you specify an interface as untrusted (untrustworthy), any packets received on the interface are likely to be dropped. For example, if you run a ping command on an untrusted interface, the interface drops any ICMP response packet received.
I have read this in my course material and a few other man pages and I am asking myself - what the hell does that mean ?!
Why do I define a interface as trusted or untrusted and what is allowed or disallowed if I choose the one or the other. Something is happening likely sounds for me like a random decision engine is in place by setting up an untrusted interface.
Hopefully someone can explain or point me to a likely network specific information
2012-04-23 11:07 AM
thanks for the answer - but I need a more specific one
I am actually a network guy - and therefore I would be interested which services and options are available. I mean there has to be a documentation about it - except to say - it trusts or untrusts an interface
So perhaps somebody can point me to a direction (url, document).
2012-04-23 11:27 AM
I wish I was more knowledgable about this so hopefully a network TME or other expert replies on this. The 8.1 nag.pdf (network admin guide) https://library.netapp.com/ecm/ecm_get_file/ECMP1113296 has the same quote you listed but goes further to say only HTTP is allowed by default. From the command reference, https://library.netapp.com/ecm/ecm_get_file/ECMM1281126 it says untrusted can't be applied to an interface group...so only a single interface not in a vif/ifgrp. The file system admin guide gives some more information https://library.netapp.com/ecm/ecm_get_file/ECMP1114231 "You restrict HTTP access by marking the subnet interface as untrusted. An untrusted subnet interface provides only read-only HTTP access to the storage system. By default, a subnet interface is trusted."
Specifying whether a network interface is trusted
You can specify whether a network interface is trustworthy or untrustworthy. When you specify an
interface as untrusted (untrustworthy), any packets received on the interface are likely to be dropped.
For example, if you run a ping command on an untrusted interface, the interface drops any ICMP
response packet received.
About this task
Applications using protocols such as NFS, CIFS or HTTP can choose to accept packets only from
trusted interfaces. If the destination interface is set as untrusted, it can receive packets from untrusted
interfaces. Otherwise, the packets from untrusted interfaces are dropped. By default, only HTTP
allows receiving packets from untrusted interfaces.
2012-04-23 11:45 AM
Good kb. Clarifies http only for untrusted. Do any customers still use http for file access direct to NetApp instead of a front-end web server? I haven't seen it used in years.
Sent from my iPhone 4S
2012-04-23 11:59 AM
awesome we are getting closer - thanks - but still it feels not all information has been unraveled
so I take your information - thanks - still hopening that somewhere there is a collected knowledge about that