In CDOT, is it disruptive to CIFS if I migrate/failover the LIF?

mdvillanueva · ‎2015-10-26

Hi all:

I just want to confirm. Will it be disruptive to active CIFS sessions if I failover/migrate the LIF?

Thanks,

MV

aborzenkov · ‎2015-10-26

Yes in most cases. The only exception is continuous share, but I expect you'd knew if you had them 🙂

scottgelb · ‎2015-10-26

TR 4100 covers this really well.. a really nice reference. See page 6. a LIF migrate and vol move are non-disruptive to SMB 2 and SMB 3. lif migrate is disruptive only if SMB 1.0. An aggregate relocate (from takeover/giveback or by command) is disruptive to SMB 2.0 though but not 3.0 with CA.

mdvillanueva · ‎2015-10-26

Thanks for that information. I understand that XP and 2003 uses smb1. If I enable smb signing, that should prevent smb1 connection to the SVM, correct?

scottgelb · ‎2015-10-26

or cifs modify / cifs options modify and disable smb1

mdvillanueva · ‎2015-10-26

Hi,

in CDOT, I run

cifs modify -vserver <svm name>

it does not show an option to disable smb1

scottgelb · ‎2015-10-26

Good catch... You can disable 2 and 3 but only from advanced or higher privilege.. no smb 1 in there though. The link to TR-4100 from the above reference is http://www.netapp.com/us/media/tr-4100.pdf

scottgelb · ‎2015-10-26

SMB signing can prevent smb1, but looks like a patch fixes that. http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=803058

aborzenkov · ‎2015-10-27

@scottgelb wrote:
TR 4100 covers this really well.. a really nice reference. See page 6.

Page 7 is more interesting as it details conditions when LIF migration is really non-disruptive. It seems that SMB 2 or 3 alone does not gurantee it; there are situations when session may be lost.

I wonder if Windows is using durable handles by default (and in which versions). I could not find any explanation, but then I am not really Windows guy.

mdvillanueva · ‎2015-10-27

Judging by the fact that NetApp created a solution to make sure SMB1 will still work, I guess NetApp left it to the Windows environment to decide if they will eliminate SMB1 or not. Security engineers may not like this. lol

mdvillanueva · ‎2015-10-27

This is what it says in page 7

In order for the LIF migrate to be nondisruptive, the SMB 2.x and 3.0 connections must establish and maintain a durable handle to the open file handle. When a LIF is migrated between nodes, those SMB 2.x and 3.0 clients with durable handle connections have their handles put into a temporary “disconnected” state. In order for the file handles to remain open, the client applications need to reconnect to the “disconnected” file handles

All this tells me is that I cannot guarantee to my managers that there will be no outage in CIFS. You are right, I am not sure how to identify that "durable handle".

In CDOT, is it disruptive to CIFS if I migrate/failover the LIF?

Re: In CDOT, is it disruptive to CIFS if I migrate/failover the LIF?

Re: In CDOT, is it disruptive to CIFS if I migrate/failover the LIF?

Re: In CDOT, is it disruptive to CIFS if I migrate/failover the LIF?

Re: In CDOT, is it disruptive to CIFS if I migrate/failover the LIF?

Re: In CDOT, is it disruptive to CIFS if I migrate/failover the LIF?

Re: In CDOT, is it disruptive to CIFS if I migrate/failover the LIF?

Re: In CDOT, is it disruptive to CIFS if I migrate/failover the LIF?

Re: In CDOT, is it disruptive to CIFS if I migrate/failover the LIF?

Re: In CDOT, is it disruptive to CIFS if I migrate/failover the LIF?

Re: In CDOT, is it disruptive to CIFS if I migrate/failover the LIF?