ONTAP Discussions

Shared Vlan tagging on DP

not_a_Lone_wolf

Hi. Is it advisable to tag Management Vlan on the port hosting the Intercluster LIF's ? I remember I came across this somewhere (probably in one of technical reports) that doing this exposes the replication traffic. Can somebody please help me guided in the correct direction?

1 ACCEPTED SOLUTION

TMAC_CTG

 

For the first question, sounds reasonable. You should check the "firewall policy show" output. Different LIFs have different policies assigned.

 

For SnapMirror to work, you must have at least 1 (prefer 2) LIFs on each node of the source and destination controllers. Since you are going A-> B -> C and they way you phrase it I suspect A cannot talk to C then what you ultimately need to do is this:

1. Setup SnapMirror on LIFs from A->B

2. Create a NEW IPSPACE on B for Intercluster LIFs from B to C.

3. Create the LIFs on B in the new IPSPACE

4. Create the LIFs on C  (standard IPSPACE should be OK)

 

For the replication to work, it require basically a full-mesh PING. So A would need to PING B.

B however, since it talks to A and C would need to be able to PING A and C. By putting in different IPSPACES, B would need to ping all A nodes or Ping all C nodes and it can because they are in different IPspaces. Then A does not need to worry about C.

 

Hopefully that makes a little sense!

View solution in original post

4 REPLIES 4

TMAC_CTG

In general, not a good idea to mix Tagged VLANs and access ports in the same Broadcast-Domain

i.e. Broadcast-Domain Default with ports of e0M and a0a-77

When using VLANs, I tend to not use the native VLAN on the IFGRP and try to get the network team to make the native VLAN something they do not use. Then use Tagged VLANs all the way.

 

For the Intercluster LIFs, I see people have those run on the same address space as MGMT. I tend to use Intercluster LIFs for just that. Make MGMT a separate VLAN or a different physical port

not_a_Lone_wolf

Thanks a lot   .The insights share are really informative. I also read in a NetApp's document that using Mgmt Vlan on Snap ports exposes the data replication traffic. Is this true?

 

I would like to ask one more thing, if the Snap ports (physical, no ifgrps) on B (destination)are configured to host Intercluster Lifs for Clusters A  and if it's required  to set up a cascade from B-C, then would the following work: hosting an intercluster lif on a tagged VLAN on B(physical, no ifgrps) for customer's VLAN ? Assuming it's in the same ipspace to that of the customer's?

 

TMAC_CTG

 

For the first question, sounds reasonable. You should check the "firewall policy show" output. Different LIFs have different policies assigned.

 

For SnapMirror to work, you must have at least 1 (prefer 2) LIFs on each node of the source and destination controllers. Since you are going A-> B -> C and they way you phrase it I suspect A cannot talk to C then what you ultimately need to do is this:

1. Setup SnapMirror on LIFs from A->B

2. Create a NEW IPSPACE on B for Intercluster LIFs from B to C.

3. Create the LIFs on B in the new IPSPACE

4. Create the LIFs on C  (standard IPSPACE should be OK)

 

For the replication to work, it require basically a full-mesh PING. So A would need to PING B.

B however, since it talks to A and C would need to be able to PING A and C. By putting in different IPSPACES, B would need to ping all A nodes or Ping all C nodes and it can because they are in different IPspaces. Then A does not need to worry about C.

 

Hopefully that makes a little sense!

View solution in original post

not_a_Lone_wolf

Thanks a ton 

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public