Network and Storage Protocols - Page 27

Brian_McCullough

I am re-installing (wipeconfig, new software first, yada, yada) an AFF-A300 nodes and hit something new. I exit out of the setup at the (join / create) and turn on cdp (system node run -node localhost -command options cdpd.enable on) to validate as-built cabling matches expected/design. The two AFF A300 nodes are showing lldp entries from three different cisco devices, but not any cdp entries for any device. AFF-A300 running 9.14.1P5 (chosen to match FAS8200 cluster it will be eventually joining.) The destination cluster pair of FAS8200s are connected to the c2921(light out management) and N5K data switches, and are receiving/sending CDP advertisements without issues. So, all roads point to AFFs/ONATP as culprit. Yes, each AFF can ping the cluster LIFs of the other node, both nodes rebooted. It may be that nodes must be fully baked into a cluster before cdp actually works? It may be something with this version and patch of ONTAP as fresh install, so OS change? No technical case opened, yet, sharing the love first. Will update when solved. [Names and MAC Addr changed to protect the innocent until proven guilty] ::> network device-discovery show -fields protocol node protocol port discovered-device interface --------- -------- ---- ---------------------------------------- --------- localhost lldp e0M "c2921 (94:d4:69:00:00:00)" Fa0/7 localhost lldp e0a "N9K-C9336C-FX2-01 (7c:ad:00:00:00:00)" Ethernet1/1/2 localhost lldp e0b "N9K-C9336C-FX2-02 (a0:b4:00:00:00:00)" Ethernet1/1/2 localhost lldp e0e "N5K-C5672UP-01 (00:2a:6a:00:00:00)" Eth1/13 localhost lldp e0f "N5K-C5672UP-02 (8c:60:4f:00:00:00)" Eth1/12 localhost lldp e0g "N5K-C5672UP-02 (8c:60:4f:00:00:00)" Eth1/14 localhost lldp e0h "N5K-C5672UP-01 (00:2a:6a:00:00:00)" Eth1/14 localhost lldp e1a "N9K-C9336C-FX2-02 (a0:b4:00:00:00:00)" Ethernet1/2/2 localhost lldp e1b "N9K-C9336C-FX2-01 (7c:ad:00:00:00:00)" Ethernet1/2/2 ::> ::> system node run -node localhost -command options cdpd cdpd.enable on (value might be overwritten in takeover) cdpd.holdtime 180 (value might be overwritten in takeover) cdpd.interval 60 (value might be overwritten in takeover) ::> system node run -node localhost -command options lldp lldp.enable on (value might be overwritten in takeover) lldp.xmit.hold 4 (value might be overwritten in takeover) lldp.xmit.interval 30 (value might be overwritten in takeover) ::> ::> system node run -node localhost -command cdpd show-stats RECEIVE Packets: 0 | Csum Errors: 0 | Unsupported Vers: 0 Invalid length: 0 | Malformed: 0 | Mem alloc fails: 0 Missing TLVs: 0 | Cache overflow: 0 | Received Own Adv: 0 Other errors: 0 | Unknown TLV: 0 | Ejected entries: 0 Eject failed: 0 | Bad Value: 0 | Hidden Port Drop: 0 TRANSMIT Packets: 0 | Xmit fails: 0 | No hostname: 0 Packet truncated: 0 | Truncate fails: 0 | Mem alloc fails: 0 Other errors: 0 OTHER Init failures: 0 ::> system node run -node localhost -command lldp stats RECEIVE Total frames: 6115 | Accepted frames: 6115 | Total drops: 0 TRANSMIT Total frames: 3331 | Total failures: 0 OTHER Stored entries: 9 ::> ----- N9K-C9336C-FX2-01# sh cdp interface Eth1/1/1 Ethernet1/1/1 is up CDP enabled globally CDP enabled on interface Refresh time is 5 seconds Hold time is 180 seconds N9K-C9336C-FX2-01# sh cdp neighbors interface Eth1/1/1 Note: CDP Neighbor entry not found N9K-C9336C-FX2-01# N9K-C9336C-FX2-01# sh lldp neigh interface Eth1/1/1 Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Device ID Local Intf Hold-time Capability Port ID 00a0.0000.0000 Eth1/1/1 121 S e0a Total entries displayed: 1 N9K-C9336C-FX2-01# ----

Hans_R

I am having problems restricting kerberized NFS to use only AES encryption. We had kerberized NFS running until the other encryptions were blocked at the KDC. Context: FAS2720 Filer Ontap 9.8P18 KDC is Microsoft AD (I only have permissions im my OU) I used Microsoft ktpass to create a keytab for my nfs SPN account and used that as -keytab-uri parameter for kerberos interface enable (using admin-username and admin-password failed). Now I cannot mount volumes that are restricted to kerberos and when I try the event log tells me [ 0] FAILURE: Failed to accept the context: Unspecified GSS failure. Minor code may provide more information (minor: Key table entry not found). Packet capture shows a NFS V3 NULL call using an apparently correct kerberos ticket, with a reply that has a GSS major/minor status 851968/2529639093, that is consistent with that error. (Client principal is the client host in that exchange). However I cannot understand why the key table entry cannot be found. I have checked that the nfs SPN matches in the keytab, the keyblock shown by the ontap CLI, the AD machine entry and the captured packets (also checked the letter case) the kvno also matches here the encryption type (18) and the key match in the keytab and the keyblock, and the key can decrypt the encrypted parts of the packets in wireshark I also checked that aes-256 and aes-128 are permitted-enc-types in vserver nfs show, and that these encryption types are enabled in the AD for both the NFS Server account and the client host account that users can obtain service tickets for the nfs server using kvno Any Ideas?

Brez

Hi All, I would like to import qtree and user quota rules and policies from an existing FAS cluster to volumes moved using SnapMirror to a different cluster. The current quota database number is 487. Is there a command or ONTAP Toolkit that can help me with this? Thanks in advance Zoltan

Ram1989 · ‎2025-07-10

I followed the .\backupSharesAcls.ps and .\restoreSharesAcls.ps1 script to backup the share and ACL permissions from source volume and restore it on destination volume. Does the restore snapmirror destination should also have same SVM name as in production ? I created same volume name and namespace in destination but SVM name is different . Getting error record doesnt match. .\restoreSharesAcls.ps1 -server <clus_mgmt> -user <uname> -password <> -vserver <destination-vname> -shareFile C:\share.xml -aclFile C:\acl.xml -spit less Please advise on this. @scottharney

Joedpalma9 · ‎2025-04-16

Hello all, Long story short. The issue is that Logstash is duplicating logs after application restarts due to PVCs being mounted with different minor device versions, causing Logstash to mistakenly treat the same log files as different. Having said that, I’d like to know if it's normal for the 'minor device number' of an NFS 4.0 volume to change when it’s mounted multiple times. This appears to be a known issue when working with Network File Systems, as outlined in the Elastic documentation I found online, this happens because NFS can present different minor device versions, which Logstash interprets as different file systems, leading to log duplication: https://www.elastic.co/docs/reference/logstash/plugins/plugins-inputs-file#_reading_from_remote_network_volumes If any of you folks have a second opinion on this, I'd love to hear it. Thank you very much, Joel.