This is new territory for us.... so any help is greatly appreciated.
DOT v 7.3.4
We have the situation where we have the physical filers sitting in one Windows security domain and the need to have vfilers sitting in another domain. There is no trust relationship between domains.
My colleague has been able to setup IPSpaces and we have created the vfilers using the IPspaces (
vfiler create vfiler_name -n -s ipspace -i ip_address [ -i ip_address ] ... path [ path ] ...) and we can use the ldap queries (CIFS domaininfo, CIFS testdc, DNS info) interrogate DCs and DNS naming servers.
Our main question is:
Do we need to add anything to the /etc/rc file so as the physical filer knows of any persistent settings that are required for these vfilers and IPSpaces?
*for example do we need to add "vfiler run vfiler_name route add default gateway metric" to the RC file?
*do we need to add "ipspace create ipspacename interfacename"command to the RC file?
*do we need to add anything to the /etc/HOSTS file
Could someone post an example of an RC file (that contain these settings)? ..Or email it to me?
Any help would be much appreciated - thanks in advanced.
ipspace create and ipspace assign are persistent. So the only thing you typically need to add to /etc/rc of vfiler0 is the route add statement for the vfler as you mentioned below. And also any other routes if needed. vFilers don't have an rc file, so the routes must be added in vfiler0. For hosts, exports, nsswitch.conf, resolv.conf, hosts.equiv, etc. those are in vfiler/etc so you don't need to do anything in vfiler0 for those... the vfiler already contains those.
Some other things to check..make sure you create the ipspace on the cluster partner so it works on failover...and assign the partner interface defined in the ifconfig to that ipspace on the partner as well.
I add the line "vfiler run vfilername route add default" below the route add default line in /etc/rc of vfiler0 then all the route statements are together.
When you can schedule downtime, I would test a reboot to confirm the route stays and also a cluster takeover and giveback to confirm the vfiler comes up on the partner and gives back with no issues.
For my vfiler, I have no choice but to create a new ipspace because I need to segregate the vfiler and have its own default gateway. After I created the new ipspace, routed got turned off. What type of impact should I expect because of this?
as long as you have a default route defined and don't need additional routes (route add net|host if needed) it will be fine. All connections source from the host for data access so as long as the route back is there (and fastpath enabled by default always make that happen regardless of routing).
The cohost/client initiates the connection for nfs, cifs, iscsi to the vFiler and with ip.fastpath enabled on vfiler0 the response will go back on he same port it came in. If turned off then the route is used. But as long as you have the default route it won't matter. I usually turn fastpath off but it is on by default.