Hi,

     I think you have some misconceptions about the configuration style you are going to use.  You don't create vifs(or ifgrps as they are called in ONTAP 😎 between heads.  A vif is used to "bundle" ports on the same controller.  So e0a and e0b on the controller would be used to create a vif, and you would build the partner's /etc/rc file to take over the vif if the head goes down.

If your network switches support it, e0a should go to one switch bank and e0b should go to another, but your switches MUST support this type of spanning.  Now you can snapmirror over a production vif, but you need to be able to determine your bandwith usage to see if that is acceptable in your case. 

As to VLANs, you need to talk to your network admins to find out if they use VLAN tagging.  That will determine whether or not you need to use VLANs.  On our network, there is no native traffic(outside the managment network), therefore all of my filers have to have VLAN tagging configured.

On the 2020, I am assuming you only have e0a and e0b, so you don't have much choice, if you use a vif, you have to use the production interfaces.  Otherwise you don't have load balancing or failover protection, without failing the whole filer over.

     I am not familiar with iSCSI so I don't want to get into that and lead you down false roads.

- Scott

Thanks Columbus, so the 2020 I have has two controllers, port a and b on each controller. So I need to configure controller one with one vif and controller 2 with the other vif, and this will be the partner? So will they work together concurrently and should one fail then the other takes over right?

When you say "if your network switches support this type of spanning", support what spanning exactly? I'll have NFS or ISSCI on a seperate vlan from the CIFS. So lets say the CIFS won't be on a vlan, but the NFS or ISCSI traffic will, can I configure the vifs to use my regular network subnet and also a vlan of my choice?

What do you mean by production interfaces?

Thanks for your time thus far, I know these are basic setup question, but the answers are much appreciated.

Hi UNDECIDED,

I try to bring my approch.

So excuse me for my english, but french guy

Ok.

In fact, Columbus would say, by spanning term, yours switchs have to support in stack mode.

Two switch in stack are managed by on Ip address. So for enhance network redundancy, your netapp interface on each controler (e0a,e0b) have to point on different switch.

So for example : CTRL1 - e0a to SW1 and e0b to SW2

                         CTRL2 - e0a to SW2 and e0b to SW1

So in this case, if you loose one switch, you have loose any controler but your network speed is to 1Gb instead of 2Gb. but it still working !

So if yours switchs don't support stack mode, you have to put CTRL1 e0a and e0b on the same switch and same for CTRL2.

So if you want to create a VLAN, your /etc/rc file look like this :

hostname CTRL1

vif create lacp vif-nas -b ip e0a e0b // Here you create vif with e0a and e0b physical interface

vlan create vif-CTRL1 50 60 // Here you create your VLAN

ifconfig vif-CTRL1-50 10.x.x.1 netmask 255.255.0.0 partner 10.x.x.2 nfo //Here you define ip address on your VIF on the VLAN 50 (example) and partner ip address on the same VLAN

ifconfig vif-CTRL1-60 192.x.x.1 netmask 255.255.0.0 partner 192.x.x.2 nfo //Here you define ip address on your VIF on the VLAN 60 (example) and partner ip address on the same VLAN

route add default 10.x.x.254 1 //Here you define your gateway

routed on //You enable routing

options cf.takeover.on_network_ interface_failure on //This line is for enable failover on link failure - If you loose network link on one VIF, takeover is activate

options dns.domainname domain.local //Domain name

options dns.enable on //DNS enable

options nis.enable off

savecore

So in fact, after this config, you 3 interfaces : VIF-CTRL1, VIF-CTRL1-50 and VIF-CTRL1-60..

So another point to bring up your interface, on the switch side, you have to TAGGED port on the VLAN...

Hope it help

Hi Undecided,

     Ademuynck's post above is spot on.  Following those directions should get you 95% or so of where you need to be.  Your network admin(s) should be able to tell you if they use IP/MAC/Round Robin LACP, you will need to match their type, or they will need to configure the LACP bundle to match what you can use.

You should be able to have your VLAN traffic pass on the same vif as your non-VLAN traffic, though I haven't done this on a filer.  It appears Ademuynck has as it appears to be a "cleaned" version of an actual /etc/rc file.

thanks to the both of you, this is starting to make some sense now, just some further explanation please, is the "partner" considered the corrosponding port on the second controller, or is it the VIF on the other controller?

And, lets say controller 1 > port e0a is connected to switch 1 > port 12, and controller 2 > port e0a is connected to switch 2 > port 11, do I trunk these two ports on the switch stack?

instead of :

CTRL1 - e0a to SW1 and e0b to SW2 and CTRL2 - e0a to SW2 and e0b to SW1

could I use

CTRL1 - e0a to SW1 and e0b to SW1 and CTRL2 - e0a to SW2 and e0b to SW2

So that both controller ports are on the same switch, is there a performance or fault tolerance issue with this?

thanks again.

bump

is the "partner" considered the corrosponding port on the second controller, or is it the VIF on the other controller?

And, lets say controller 1 > port e0a is connected to switch 1 > port 12, and controller 2 > port e0a is connected to switch 2 > port 11, do I trunk these two ports on the switch stack?

instead of :

CTRL1 - e0a to SW1 and e0b to SW2 and CTRL2 - e0a to SW2 and e0b to SW1

could I use

CTRL1 - e0a to SW1 and e0b to SW1 and CTRL2 - e0a to SW2 and e0b to SW2

So that both controller ports are on the same switch, is there a performance or fault tolerance issue with this?

Hi,

partner is considered like a VIF. So if you create VLAN in your VIF, you have two partner (one for vlan x and the other for the second vlan)

""And, lets say controller 1 > port e0a is connected to switch 1 > port 12, and controller 2 > port e0a is connected to switch 2 > port 11, do I trunk these two ports on the switch stack?""

No this two ports are member of two differents VIF based on two different controler. You have to trunk two port when two port are member of the same VIF.

instead of :

CTRL1 - e0a to SW1 and e0b to SW2 and CTRL2 - e0a to SW2 and e0b to SW1

could I use

CTRL1 - e0a to SW1 and e0b to SW1 and CTRL2 - e0a to SW2 and e0b to SW2

So that both controller ports are on the same switch, is there a performance or fault tolerance issue with this?

Yes you could use second proposal. Each controler will be on one switch. If you loose one switch, failover will work. BUT to make failover working on link failure, you have to configure it !

In your /etc/rc file post above in my previous post, you find this line :

ifconfig vif-CTRL1-50 10.x.x.1 netmask 255.255.0.0 partner 10.x.x.2 nfo //Here you define ip address on your VIF on the VLAN 50 (example) and partner ip address on the same VLAN

ifconfig vif-CTRL1-60 192.x.x.1 netmask 255.255.0.0 partner 192.x.x.2 nfo //Here you define ip address on your VIF on the VLAN 60 (example) and partner ip address on the same VLAN

options cf.takeover.on_network_ interface_failure on //This line is for enable failover on link failure - If you loose network link on one VIF, takeover is activate

In fact, on first two line, after ifconfig command, you have NFO

This argument let you enable link failover on this interface

On the last line, you have :

options cf.takeover.on_network_interface_failure on

This line enable failover on link failure.

If you have this on you /etc/rc file, and you kill one switch, failover will working about 30-60seconds later. (this time is normal, and no possibility to modify it)

Hope it help

Sorry Undecided, I seem to have broken my notifications, but again Ademuynck has provided the best advice.  You really want one port to a different switchbank to have the best setup.

switchA -------e0a <-controller1-> e0b----- switchB

switchA -------e0a <-controller2-> e0b----- switchB

This configuration prevents a single switchbank or single controller from causing a failover and/or disruption to service.  controller1 would have e0a and e0b in a vif, so that even though they go to different switches, they are still seen as one port to clients.  Also controller2 would have e0a and e0b in a vif, and again would appear as a single port to clients.  Now you have fault tolerant networking capability, as well as storage system fault tolerance.

Personally unless you have a belief that your network is not stable or does not have a high enough uptime, or you cannot span your ports to work in the manner discussed, I would not use NFO. 

In my past histroy, a giveback after a failover required multiple approvals and had to have an emergency change opened and approved.  That lead to a lot of issues with systems running off of a single head until we could get the OK to get back into a normal status.  I would rather run at 1/2 my network speed, than double the load on a single head due to a switch outage, but that is simply a preference that I have come to adopt.

Thanks, I've now configured them as needed, however I've only configured them with my current subnet IP's, my next step is to add a vlan into the VIF's for ISCSI access, I know you can have 2 vlans on one VIF, but can you have your regular lan + 1 vlan on the same vif? Or do they have to both be vlan'd?

I ask this because I now that once you use vlan's, you then need to add the tagging onto your switch ports, does this then throw off the regular subnet vlan? I hope I'm making sense here.

Hi,

     I don't think that you can run tagged and non-tagged traffic on the same port, but my networking days are far behind me and were never outside basic config.  I would talk to your network person/team and see if that is possible.

- Scott

You can’t indeed (run tagged and non-tagged traffic on the same port) in Data ONTAP 7.x. There is no problem to do it from the switch side (at least, those switches I am aware of ☺ )

Thanks Columbus_admin.

Aborzenkov, am I understanding you correctly? I cannot set tagged and untagged on the VIFS, but can on certain switches?

Would I then just set my ISCSI subnet to be different to my regular subnet and make sure there is no routing between the subnets, therefore not needing to use tagging?

Your switch configuration must of course match your device configuration. So if NetApp is configured to use tagged VLANs you have to configure the same VLANs as tagged on a switch port.