Solved: PING fails from SVM LIFs

Japanese_human8888 · ‎2021-04-23

In FAS2552 ONTAP 9.8, I created an SVM for NFS and created a LIF, but there is a problem that PING does not pass.

PING is returned from lif1 to lif1, but PING is not returned from lif2.

In this network, I can ping other segments, so I suspect a misconfiguration on the FAS side.
Please help me...

==========================
■■Constitution
FAS2552　　　　Cisco 　　　　　Cisco
node1 e0c　 ⇔　SW01 eth2/7 ⇔　SW11
node1 e0d　 ⇔　SW02 eth2/7　⇔　SW12

node2 a0c　 ⇔　SW01 eth2/8　 ⇔　SW11
node2 a0d　 ⇔　SW02 eth2/8 　⇔　SW12

※link aggregation(e0c+e0d⇒a0a)

■■Setting
■FAS2552
FAS2552::> network interface show
～～～
Logical Status Network Current Current Is
Vserver Interface Admin/Oper Address/Mask Node Port Home
----------- ---------- ---------- ------------------ ------------- ------- ----
test
test_nfs_lif1
up/up 10.10.10.9/24 FAS2552-01
a0a true
test_nfs_lif2
up/up 10.10.10.10/24 FAS2552-02
a0a true

FAS2552::> network interface show -vserver test -lif test_nfs_lif1

Vserver Name: test
Logical Interface Name: test_nfs_lif1
Service Policy: default-data-files
Service List: data-core, data-nfs, data-fpolicy-client
(DEPRECATED)-Role: data
Data Protocol: nfs
Network Address: 10.10.10.9
Netmask: 255.255.255.0
Bits in the Netmask: 24
Is VIP LIF: false
Subnet Name: -
Home Node: FAS2552-01
Home Port: a0a
Current Node: FAS2552-01
Current Port: a0a
Operational Status: up
Extended Status: -
Is Home: true
Administrative Status: up
Failover Policy: system-defined
Firewall Policy: data
Auto Revert: true
Fully Qualified DNS Zone Name: none
DNS Query Listen Enable: false
Failover Group Name: Default
FCP WWPN: -
Address family: ipv4
Comment: -
IPspace of LIF: Default
Is Dynamic DNS Update Enabled?: true
Probe-port for Cloud Load Balancer: -
Broadcast Domain: Default
Vserver Type: data

FAS2552::> network port show -node FAS2552-01

Node: FAS2552-01
Speed(Mbps) Health
Port IPspace Broadcast Domain Link MTU Admin/Oper Status
--------- ------------ ---------------- ---- ---- ----------- --------
a0a Default Default up 1500 -/- healthy
a0a-10 Default Default up 1500 -/- healthy
e0M Default Default up 1500 auto/1000 healthy
e0a Default Default down 1500 auto/- -
e0b Default Default down 1500 auto/- -
e0c Default - up 1500 auto/10000 healthy
e0d Default - up 1500 auto/10000 healthy
e0e Cluster Cluster up 9000 auto/10000 healthy
e0f Cluster Cluster up 9000 auto/10000 healthy

FAS2552::> network route show
Vserver Destination Gateway Metric
------------------- --------------- --------------- ------
～～～
test
0.0.0.0/0 10.10.10.254 20

■SW
・SW1,SW2
interface Ethernet2/7
lacp rate fast
switchport mode trunk
switchport trunk allowed vlan 10

interface Ethernet2/8
lacp rate fast
switchport mode trunk
switchport trunk allowed vlan 10

interface Vlan10
no shutdown
mtu 9216

・SW11
interface Vlan10
no shutdown
no ip redirects
ip address 10.10.253/24
hsrp 10
preempt
priority 90
ip 10.10.10.254

・SW12
interface Vlan10
no shutdown
no ip redirects
ip address 10.10.252/24
hsrp 10
preempt
priority 90
ip 10.10.10.254

■PING result
FAS2552::> network ping -vserver test -node FAS2552-01 -destination 10.10.10.9
10.10.10.9 is alive

FAS2552::> network ping -vserver test -node FAS2552-01 -destination 10.10.10.10
no answer from 10.10.10.10

※Ping from SW01, SW02, SW11, SW12 to FAS2552 also fails

＝＝＝＝＝＝＝＝＝＝

Thank you in advance.

TMACMD · ‎2021-04-27

ONTAP is setup where it should work...if the switches were correctly setup.

Your switches are most certainly not setup correctly.

You should search online about vPC (Virtual Port Channels) and how to setup Nexus Switches.

You should probably update the code on the Nexus 5548s also.

I just took a look and the Cisco site does not even show major version 6 as a supported download for the Nexus 5548 models. Release 7.3(8)N1(1) is the most current for that platform.

As an EXAMPLE only (with an example of setting up a nexus pair of switches):

https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/UCS_CVDs/flexpod_datacenter_vmware_netappaffa_u2.html#_Toc32946723

Correct the switch config and the NetApp will work as expected.

View solution in original post

TMACMD · ‎2021-04-25

Looks like you are not using your VLANs there buddy!

First make sure all a0a and a0a-10 ports are in the same broadcast domain.

Then modify the data LIFs to be home on the a0a-10 ports

Then from either remove (via GUI) or from the CLI use the "broadcast-domain split" command to remove (or split out) the a0a interfaces so your broadcast domain ends up with *just* a0a-10 ports.

Try your ping again and I suspect you will have luck!

Japanese_human8888 · ‎2021-04-25

Thank you for your answer.

I changed the home of data LIFs.
I changed the broadcast domain as follows.

But PING doesn't pass...

Why did you separate the broadcast domains for a0a and a0a-10?
Would you please tell me.

thank you.

＝＝＝＝＝
FAS2552::> network interface show
Logical Status Network Current Current Is
Vserver Interface Admin/Oper Address/Mask Node Port Home

----------- ---------- ---------- ------------------ ------------- ------- ----
～～
test
test_nfs_lif1
up/up 10.10.10.9/24 　　FAS2552-01
a0a-10 true
test_nfs_lif2
up/up 10.10.10.10/24 　FAS2552-02
a0a-10 true

FAS2552::> network port show -node FAS2552-cluster-01
Node: FAS2552-cluster-01
Speed(Mbps) Health
Port IPspace Broadcast Domain Link MTU Admin/Oper Status
--------- ------------ ---------------- ---- ---- ----------- --------
a0a Default - up 1500 -/- healthy
a0a-10 Default Default up 1500 -/- healthy
e0M Default Default up 1500 auto/1000 healthy
e0a Default Default down 1500 auto/- -
e0b Default Default down 1500 auto/- -
e0c Default - up 1500 auto/10000 healthy
e0d Default - up 1500 auto/10000 healthy
e0e Cluster Cluster up 9000 auto/10000 healthy
e0f Cluster Cluster up 9000 auto/10000 healthy

■PING result
FAS2552::> network ping -vserver test -node FAS2552-01 -destination 10.10.10.9
10.10.10.9 is alive

FAS2552::> network ping -vserver test -node FAS2552-01 -destination 10.10.10.10
no answer from 10.10.10.10

TMACMD · ‎2021-04-26

You ask why on the Broadcast-domain...

A Broadcast-domain is a grouping of ports where LIFs are allowed to failover to.

All ports in the same broadcast domain should have the same networking capabilities.

a0a is a BASE interface and only obeys the native vlan (based on your config, no idea what that is)

a0a-10 is a TAGged VLAN and based on your config is the only allowed VLAN to pass

I think the configuration issue may be on your switch.

What type of switch and what operating system is on the switches? Normally when two switches are allowed, there are vPCs (on Nexus anyway) that allow for the multi-switch thing to work.

How about this output from ontap:

set diag

ifgrp show -fields ifgrp, distr-func, activeports, ports -sort-by node

net int show -vserver test -fields lif, address, netmask, curr-port ,home-port ,failover-policy ,failover-group -sort-by vserver, lif

route show -vserver test

net port show -port a0a-10 -fields broadcast-domain, mtu, link -sort-by node, port

From the switch, may a "show version", "show port-channel summary"...Again, I really believe the issue is a misconfig on the swirtches.

Japanese_human8888 · ‎2021-04-27

Thank you!

I'm sorry to ask you a rudimentary question...

=======
FAS2552::> set diagnostic

FAAS2552::*> ifgrp show -fields ifgrp, distr-func, activeports, ports -sort-by node
node ifgrp distr-func activeports ports
--------------------- ----- ---------- ----------- -------
FAS2552 a0a ip partial e0c,e0d
FAS2552 a0a ip partial e0c,e0d

FAS2552::*> net int show -vserver test -fields lif, address, netmask, curr-port ,home-port ,failover-policy ,failover-group -sort-by vserver, lif
(network interface show)
vserver lif address netmask home-port curr-port failover-policy failover-group
----------- -------------------- ------------- ------------- --------- --------- --------------- --------------
test vSphere_SVM_nfs_lif1 10.10.10.9 255.255.255.0 a0a-10 a0a-10 system-defined Default
test vSphere_SVM_nfs_lif2 10.10.10.10 255.255.255.0 a0a-10 a0a-10 system-defined Default
2 entries were displayed.

FAS2552::*> route show -vserver test
Vserver Destination Gateway Metric
------------------- --------------- --------------- ------
test
0.0.0.0/0 10.10.10.254 20

FAS2552::*> net port show -port a0a-10 -fields broadcast-domain, mtu, link -sort-by node, port
(network port show)
node port link mtu broadcast-domain
--------------------- ------- ---- ---- ----------------
FAS2552 a0a-10 up 1500 Default
FAS2552 a0a-10 up 1500 Default

==========
SW1# show version
Cisco Nexus Operating System (NX-OS) Software
～～
Software
BIOS: version 3.6.0
loader: version N/A
kickstart: version 6.0(2)N2(4)
system: version 6.0(2)N2(4)
～～
Hardware
cisco Nexus5548 Chassis ("O2 32X10GE/Modular Universal Platform Supervisor")
～～

TMACMD · ‎2021-04-27