2009-05-27 05:38 AM
I was wondering if anyone can help me with a routing and network challenge with NetApp filers.
This is going to be based on 7.2.4 - 7.3.X+ OS.
I need to dedicate one NIC card to vfiler traffic (Multistore) on the filer. The traffic will have to go in and out that particular nic card, and cannot be allowed to use any of the other nic cards (multiple) in the filer itself.
Now the trick is the IP spaces for all the vfilers will exist on the same Vlan, they cannot be configured to separate Vlans.
Any help with this would be appreciated.
2009-05-27 07:56 AM
No reason to get ipspaces involved here, especially since they are on the same physical network.
However, you should be able to accomplish the same thing without using them. IPs are assigned to interfaces, and IPs are assigned to vfilers. Therefore, if vfiler1 is assigned ip 10.1.1.2 and 10.1.1.2 is assigned to e0a, and no other IPs are assigned to e0a, then only vfiler1 should use e0a. Other vfilers on the controller will only use IPs assigned to them which maps to the interfaces they will use.
Hope this helps.
2009-05-27 08:03 AM
I have been told (by senior network people) that I cannot restrict the outbound traffic, it will route through the first available interface, if it is on the same Vlan as the other vfilers. They have specifically said that unless the Vfilers are are separate Vlans that is not possible, unless other configurations are changed in routing tables. This is referenced in a document based on Solaris interface groups (see below), that is my understanding.
I am trying to get clarity on this for a definative YES or NO answer.
An "interface group" is a collection of source addresses that share a
common subnet (also know as prefix). With the addition of this new
feature to Solaris 2.6, systems can have multiple physical interfaces
on the same subnet.
With the addition of interface groups, the problem of inbound packets
arriving through multiple interfaces and outbound packets leaving
through one single interface has been addressed.
IP uses an interface group to rotate source address selection when the
source address is unspecified. In the case of multiple physical
interfaces in the same group, IP scatters traffic across different IP
addresses on a per-IP-destination basis.
Interface group provides load balancing but does not provide
Other aspects of interface groups are:
Interface group works at the IP layer.
Interface group works across different type of NIC's and network
Interface group support is part of the OS with Solaris 2.6 and above.
The same can be enabled by setting the ndd parameter
ip_enable_groups_ifs to 1.
The use of an interface group requires that the network interface cards
have their own MAC addresses.
Interface group allows for multiple interfaces on a system to have IP
addresses belonging to the same subnet (but not the same IP address).
An interface group can be formed with different network interface types.
Interface types can be a mix of hme, le, qfe, etc.
2009-05-28 10:44 AM
Normally Data ONTAP has one IP routing table so in your situation incoming data would always come in the interface supporting the vfiler1 but outgoing data would (notwithstanding potential impact of fastpath) use the routing table to determine the outbound interface, which could be some other interface than the request arrived on.
Since you're using vfilers the easiest solution is to use ipspaces, and put the vfiler1 in a seperate ipspace. Because a distinct routing table is maintained for each ipspace you can be assured vfiler1 communication will only occur over the specific interface(s).
I don't see any problem to have multiple interfaces on the same VLAN (i.e. your vfiler1 and default vfiler0) because the ipspace will provide the distinct routing table you are looking for.
Hope that helps