Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

General Discussion

Portset for Netapp SAN provisioning.

MVIKASM

Hi,

 

We are  in a process of  implementing  FAS 2750 HA pair (only two nodes) Filer for block usage  and  have query about using portset. In our case we have  Windows hosts  with 2 HBAs and zoning will be done as mentioned below

 

Zones

Fabric A                                                                                        Fabric B
• Zone 1: HBA 0, Node01_LIF_1 ,Node02_LIF_3          • Zone 1: HBA 1, Node01_LIF_2, Node02_LIF_4

Port set  - We will create two portsets

Portset 1: Node 1 LIF1 and Node 2 LIF3
Portset 2: Node 1 LIF2 and Node 2 LIF4

 

Igroups

IG1 - have  HBA1 WWPN   

IG2-  have HBA2 WWPN

 

Binding

Portset1 with IG1 & Portset 2 with IG2

 

Please help me to answer below questions  about  using portsets while provisioning block storage.

- In my case do we really need portset to restrict luns ? As you see we already have zones setup which will restrict luns on HA pairs.

- What difference it will make with or without portsets with above config ?

- What are the best practices recommended by NetApp about using portsets  on HA pairs?

- How to restrict lun access if I have multiple hosts on Microsoft Clusters. For example If  I have to share few luns only visible to host1 and other luns can be shared with host1 and host2 which are in clusters?

 

Thank you !

2 REPLIES 2

Ontapforrum

Hi,

 

Since ONTAP 8.3, 'Portset' are used for the sole purpose of limiting the number of paths presented to SVMs that have more than one target LIF available per FC fabric or Ethernet network.

 

So basically, if the Mapped LUN in a SVM has more than one target LIF, then portset can limit the visibility of the target LIFs to that mapped LUN. In more simpler words - "When a portset is bound to an igroup, I/O from the initiators is restricted to only the LIFs in the portset."

 

NetApp's best practice : "Intended initiators should be zoned with only the LIFs included in the portset."


Following TR covers this information in detail (This should answer most of your queries such as advantages over non-portset etc)

Best Practices for Modern SAN:
https://www.netapp.com/us/media/tr-4080.pdf

 

This is another very useful article on Portset for cDOT wrt it's implementation:
https://kb.netapp.com/app/answers/answer_view/a_id/1031941/

 

Thanks!

MVIKASM

Thank you very much for the reply.

 

I still have query about portset. In my case what difference it makes with or without portset when I am already restricting lun access by doing zones with 2 LIFs in each Fabric. It make sense when I have multiple nodes but in my case I just have HA pair.

 

As mentioned below in both case with or without portset, host can see Four paths only.  Please correct me if I am wrong.

 

How it makes difference in my case by using portset ?

 

 

Without Portset ( only Zoning Done )

--------------------------------------------------------

Fabric A Zone : Host HBA1_Node1-LIF1_Node2-LIF3
Fabric B Zone: Host HBA2_Node1_LIF2_Node2-LIF4

 

Igroup1 - (Luns map to IG1)
Igroup2 - (Luns map to IG2)

 

Without portset, Host can now see four paths after the rescan is complete:
node1_lif1 via HBA port 1
node2_lif3 via HBA port 1
node1_lif2 via HBA port 2
node2_lif4 via HBA port 2


With portset ( Zoning Done )

------------------------------------------

Fabric A Zone : Host HBA1_Node1-LIF1_Node2-LIF3
Fabric B Zone: Host HBA2_Node1_LIF2_Node2-LIF4

 

Portset1 : node1_lif1 & node2_iif3
Portset2 : node1_lif2 & node2_iif4


Igroup1 (portset1 bound) - Luns map to IG
Igroup2 (portset2 bound) - Luns map to IG

•Host can now see four paths after the rescan is complete:
node1_lif1 via HBA port 1
node2_lif3 via HBA port 1
node1_lif2 via HBA port 2
node2_lif4 via HBA port 2

 

Thank you !

 

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public