Community

Networking at NetApp: Flexible Networking for Clustered Data ONTAP

By Frank Pleshe, Technical Marketing Engineer, Mike Worthen, Technical Marketing Engineer, and Philip Trautman, FAS Product Marketing, NetApp

Part 3 of a multi-part series on storage networking at NetApp

Clustered Data ONTAP and the scale-out architecture of the FAS8000 can support hundreds of network connections and tremendous network bandwidth. A flexible approach to networking that virtualizes the network implementation allows clustered Data ONTAP to make full use of all these resources and is key to delivering core capabilities including:

  • Unified architecture
  • Nondisruptive operations
  • Performance
  • Scale
  • Security

The logical interface (LIF) is one of the main network abstractions. Similar to the way hypervisors abstract networking fpr virtual switches, LIFs abstract physical networking within a cluster by virtualizing SAN and NAS network connections. As a result, you can add, remove, and even replace nodes without any network outages.

Unified Architecture

Clustered Data ONTAP supports both SAN and NAS protocols over the same networks by allowing multiple SAN and NAS LIFs to be associated with a single port. A single port can have multiple SAN and NAS identities and handle traffic from many workloads as needed.

Nondisruptive Operations

From a networking standpoint, nondisruptive operations requires an ability to transparently migrate network connections—proactively for planned activities or reactively for unplanned ones—so that the flow of data to and from clients and hosts is not disrupted.

For maintenance activities, NAS LIFs can be migrated transparently from one node to another to move network traffic off a node.

To accommodate failures, failover groups define the group of acceptable ports to which NAS LIFs can failover. Should a failure of a network device or a node occur, affected LIFs are automatically migrated to the most appropriate port within the failover group. SAN LIFs including iSCSI do not migrate. Instead, ALUA and MPIO processes on the initiators redirect traffic to handle both planned and unplanned events without disruption.

Performance and Scale

Network performance is obviously critical to the overall performance and scale of clustered Data ONTAP. Several capabilities automatically optimize bandwidth and network performance.

  • DNS load-balancing. When a client sends a resolution request to access data, zoning-based (on-box) DNS load balancing can be used to direct each client to the most optimal LIF to service its requests. More traditional round-robin load balancing is also available.
  • Interface groups. A LIF can be associated with an interface group (IFGRP) instead of a single port. IFGRPs aggregate multiple links of the same type for greater resiliency and bandwidth with multiple options for load balancing across links to meet your needs.

Clustered Data ONTAP network capabilities let you address network bottlenecks and scale your overall infrastructure. The same LIF migrate capabilities that support maintenance activities allow you to re-balance network load within a node or across nodes in a cluster. As we saw in the previous post, requests received by a node for data that resides elsewhere are passed over the cluster interconnect (transparent to the user or application).

For example, a LIF on an overloaded 1GbE port could be transparently migrated to a 10GbE port (on the same node or a different node) for greater bandwidth. As you add nodes to a cluster, you move some of your existing LIFs to new nodes (and move data volumes over the cluster interconnect to storage on the new nodes as well) to spread out the workload.

Security

Clustered Data ONTAP provides security for multiple clients or groups in a multi-tenant environment by allowing you to isolate each client in its own storage virtual machine or SVM. From the client’s perspective an SVM behaves very much like a dedicated storage system; network connections are logically isolated and routing tables are independent.

Network isolation is provided through the use of VLANs. VLANs subdivide a physical port into separate virtual ports to deliver one of the key components of our secure multi-tenant messaging. Future releases will provide even greater segregation and isolation, including better support for different clients with overlapping IP address spaces.

Blog Posts in This Series

Next time we’ll look at load balancing within clustered Data ONTAP in more detail. If you missed them, be sure and check out the other posts in this series: