We are in a process of implementing FAS 2750 HA pair (only two nodes) Filer for block usage and have query about using portset. In our case we have Windows hosts with 2 HBAs and zoning will be done as mentioned below
Fabric A Fabric B • Zone 1: HBA 0, Node01_LIF_1 ,Node02_LIF_3 • Zone 1: HBA 1, Node01_LIF_2, Node02_LIF_4
Port set - We will create two portsets
Portset 1: Node 1 LIF1 and Node 2 LIF3 Portset 2: Node 1 LIF2 and Node 2 LIF4
IG1 - have HBA1 WWPN
IG2- have HBA2 WWPN
Portset1 with IG1 & Portset 2 with IG2
Please help me to answer below questions about using portsets while provisioning block storage.
- In my case do we really need portset to restrict luns ? As you see we already have zones setup which will restrict luns on HA pairs.
- What difference it will make with or without portsets with above config ?
- What are the best practices recommended by NetApp about using portsets on HA pairs?
- How to restrict lun access if I have multiple hosts on Microsoft Clusters. For example If I have to share few luns only visible to host1 and other luns can be shared with host1 and host2 which are in clusters?
Since ONTAP 8.3, 'Portset' are used for the sole purpose of limiting the number of paths presented to SVMs that have more than one target LIF available per FC fabric or Ethernet network.
So basically, if the Mapped LUN in a SVM has more than one target LIF, then portset can limit the visibility of the target LIFs to that mapped LUN. In more simpler words - "When a portset is bound to an igroup, I/O from the initiators is restricted to only the LIFs in the portset."
NetApp's best practice : "Intended initiators should be zoned with only the LIFs included in the portset."
Following TR covers this information in detail (This should answer most of your queries such as advantages over non-portset etc)
I still have query about portset. In my case what difference it makes with or without portset when I am already restricting lun access by doing zones with 2 LIFs in each Fabric. It make sense when I have multiple nodes but in my case I just have HA pair.
As mentioned below in both case with or without portset, host can see Four paths only. Please correct me if I am wrong.
How it makes difference in my case by using portset ?