General Discussion

Portset for Netapp SAN provisioning.

Hi,

 

We are  in a process of  implementing  FAS 2750 HA pair (only two nodes) Filer for block usage  and  have query about using portset. In our case we have  Windows hosts  with 2 HBAs and zoning will be done as mentioned below

 

Zones

Fabric A                                                                                        Fabric B
• Zone 1: HBA 0, Node01_LIF_1 ,Node02_LIF_3          • Zone 1: HBA 1, Node01_LIF_2, Node02_LIF_4

Port set  - We will create two portsets

Portset 1: Node 1 LIF1 and Node 2 LIF3
Portset 2: Node 1 LIF2 and Node 2 LIF4

 

Igroups

IG1 - have  HBA1 WWPN   

IG2-  have HBA2 WWPN

 

Binding

Portset1 with IG1 & Portset 2 with IG2

 

Please help me to answer below questions  about  using portsets while provisioning block storage.

- In my case do we really need portset to restrict luns ? As you see we already have zones setup which will restrict luns on HA pairs.

- What difference it will make with or without portsets with above config ?

- What are the best practices recommended by NetApp about using portsets  on HA pairs?

- How to restrict lun access if I have multiple hosts on Microsoft Clusters. For example If  I have to share few luns only visible to host1 and other luns can be shared with host1 and host2 which are in clusters?

 

Thank you !

2 REPLIES 2

Re: Portset for Netapp SAN provisioning.

Hi,

 

Since ONTAP 8.3, 'Portset' are used for the sole purpose of limiting the number of paths presented to SVMs that have more than one target LIF available per FC fabric or Ethernet network.

 

So basically, if the Mapped LUN in a SVM has more than one target LIF, then portset can limit the visibility of the target LIFs to that mapped LUN. In more simpler words - "When a portset is bound to an igroup, I/O from the initiators is restricted to only the LIFs in the portset."

 

NetApp's best practice : "Intended initiators should be zoned with only the LIFs included in the portset."


Following TR covers this information in detail (This should answer most of your queries such as advantages over non-portset etc)

Best Practices for Modern SAN:
https://www.netapp.com/us/media/tr-4080.pdf

 

This is another very useful article on Portset for cDOT wrt it's implementation:
https://kb.netapp.com/app/answers/answer_view/a_id/1031941/

 

Thanks!

Re: Portset for Netapp SAN provisioning.

Thank you very much for the reply.

 

I still have query about portset. In my case what difference it makes with or without portset when I am already restricting lun access by doing zones with 2 LIFs in each Fabric. It make sense when I have multiple nodes but in my case I just have HA pair.

 

As mentioned below in both case with or without portset, host can see Four paths only.  Please correct me if I am wrong.

 

How it makes difference in my case by using portset ?

 

 

Without Portset ( only Zoning Done )

--------------------------------------------------------

Fabric A Zone : Host HBA1_Node1-LIF1_Node2-LIF3
Fabric B Zone: Host HBA2_Node1_LIF2_Node2-LIF4

 

Igroup1 - (Luns map to IG1)
Igroup2 - (Luns map to IG2)

 

Without portset, Host can now see four paths after the rescan is complete:
node1_lif1 via HBA port 1
node2_lif3 via HBA port 1
node1_lif2 via HBA port 2
node2_lif4 via HBA port 2


With portset ( Zoning Done )

------------------------------------------

Fabric A Zone : Host HBA1_Node1-LIF1_Node2-LIF3
Fabric B Zone: Host HBA2_Node1_LIF2_Node2-LIF4

 

Portset1 : node1_lif1 & node2_iif3
Portset2 : node1_lif2 & node2_iif4


Igroup1 (portset1 bound) - Luns map to IG
Igroup2 (portset2 bound) - Luns map to IG

•Host can now see four paths after the rescan is complete:
node1_lif1 via HBA port 1
node2_lif3 via HBA port 1
node1_lif2 via HBA port 2
node2_lif4 via HBA port 2

 

Thank you !

 

Review Banner
All Community Forums
Public