ONTAP Discussions

Shared Vlan tagging on DP

not_a_Lone_wolf
2,954 Views

Hi. Is it advisable to tag Management Vlan on the port hosting the Intercluster LIF's ? I remember I came across this somewhere (probably in one of technical reports) that doing this exposes the replication traffic. Can somebody please help me guided in the correct direction?

1 ACCEPTED SOLUTION

TMACMD
2,914 Views

 

For the first question, sounds reasonable. You should check the "firewall policy show" output. Different LIFs have different policies assigned.

 

For SnapMirror to work, you must have at least 1 (prefer 2) LIFs on each node of the source and destination controllers. Since you are going A-> B -> C and they way you phrase it I suspect A cannot talk to C then what you ultimately need to do is this:

1. Setup SnapMirror on LIFs from A->B

2. Create a NEW IPSPACE on B for Intercluster LIFs from B to C.

3. Create the LIFs on B in the new IPSPACE

4. Create the LIFs on C  (standard IPSPACE should be OK)

 

For the replication to work, it require basically a full-mesh PING. So A would need to PING B.

B however, since it talks to A and C would need to be able to PING A and C. By putting in different IPSPACES, B would need to ping all A nodes or Ping all C nodes and it can because they are in different IPspaces. Then A does not need to worry about C.

 

Hopefully that makes a little sense!

View solution in original post

4 REPLIES 4

TMACMD
2,930 Views

In general, not a good idea to mix Tagged VLANs and access ports in the same Broadcast-Domain

i.e. Broadcast-Domain Default with ports of e0M and a0a-77

When using VLANs, I tend to not use the native VLAN on the IFGRP and try to get the network team to make the native VLAN something they do not use. Then use Tagged VLANs all the way.

 

For the Intercluster LIFs, I see people have those run on the same address space as MGMT. I tend to use Intercluster LIFs for just that. Make MGMT a separate VLAN or a different physical port

not_a_Lone_wolf
2,919 Views

Thanks a lot   .The insights share are really informative. I also read in a NetApp's document that using Mgmt Vlan on Snap ports exposes the data replication traffic. Is this true?

 

I would like to ask one more thing, if the Snap ports (physical, no ifgrps) on B (destination)are configured to host Intercluster Lifs for Clusters A  and if it's required  to set up a cascade from B-C, then would the following work: hosting an intercluster lif on a tagged VLAN on B(physical, no ifgrps) for customer's VLAN ? Assuming it's in the same ipspace to that of the customer's?

 

TMACMD
2,915 Views

 

For the first question, sounds reasonable. You should check the "firewall policy show" output. Different LIFs have different policies assigned.

 

For SnapMirror to work, you must have at least 1 (prefer 2) LIFs on each node of the source and destination controllers. Since you are going A-> B -> C and they way you phrase it I suspect A cannot talk to C then what you ultimately need to do is this:

1. Setup SnapMirror on LIFs from A->B

2. Create a NEW IPSPACE on B for Intercluster LIFs from B to C.

3. Create the LIFs on B in the new IPSPACE

4. Create the LIFs on C  (standard IPSPACE should be OK)

 

For the replication to work, it require basically a full-mesh PING. So A would need to PING B.

B however, since it talks to A and C would need to be able to PING A and C. By putting in different IPSPACES, B would need to ping all A nodes or Ping all C nodes and it can because they are in different IPspaces. Then A does not need to worry about C.

 

Hopefully that makes a little sense!

not_a_Lone_wolf
2,911 Views

Thanks a ton 

Public