ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Shared Vlan tagging on DP

not_a_Lone_wolf
‎2020-07-01 06:08 AM
2,221 Views

Hi. Is it advisable to tag Management Vlan on the port hosting the Intercluster LIF's ? I remember I came across this somewhere (probably in one of technical reports) that doing this exposes the replication traffic. Can somebody please help me guided in the correct direction?

0 Kudos
Tags (2)
1 ACCEPTED SOLUTION

TMACMD
NetApp A-Team
‎2020-07-01 08:59 AM
In response to not_a_Lone_wolf
2,181 Views

 

For the first question, sounds reasonable. You should check the "firewall policy show" output. Different LIFs have different policies assigned.

 

For SnapMirror to work, you must have at least 1 (prefer 2) LIFs on each node of the source and destination controllers. Since you are going A-> B -> C and they way you phrase it I suspect A cannot talk to C then what you ultimately need to do is this:

1. Setup SnapMirror on LIFs from A->B

2. Create a NEW IPSPACE on B for Intercluster LIFs from B to C.

3. Create the LIFs on B in the new IPSPACE

4. Create the LIFs on C  (standard IPSPACE should be OK)

 

For the replication to work, it require basically a full-mesh PING. So A would need to PING B.

B however, since it talks to A and C would need to be able to PING A and C. By putting in different IPSPACES, B would need to ping all A nodes or Ping all C nodes and it can because they are in different IPspaces. Then A does not need to worry about C.

 

Hopefully that makes a little sense!

View solution in original post

4 REPLIES 4

TMACMD
NetApp A-Team
‎2020-07-01 07:59 AM
2,197 Views

In general, not a good idea to mix Tagged VLANs and access ports in the same Broadcast-Domain

i.e. Broadcast-Domain Default with ports of e0M and a0a-77

When using VLANs, I tend to not use the native VLAN on the IFGRP and try to get the network team to make the native VLAN something they do not use. Then use Tagged VLANs all the way.

 

For the Intercluster LIFs, I see people have those run on the same address space as MGMT. I tend to use Intercluster LIFs for just that. Make MGMT a separate VLAN or a different physical port

not_a_Lone_wolf
‎2020-07-01 08:45 AM
In response to TMACMD
2,186 Views

Thanks a lot   .The insights share are really informative. I also read in a NetApp's document that using Mgmt Vlan on Snap ports exposes the data replication traffic. Is this true?

 

I would like to ask one more thing, if the Snap ports (physical, no ifgrps) on B (destination)are configured to host Intercluster Lifs for Clusters A  and if it's required  to set up a cascade from B-C, then would the following work: hosting an intercluster lif on a tagged VLAN on B(physical, no ifgrps) for customer's VLAN ? Assuming it's in the same ipspace to that of the customer's?

 

0 Kudos
Tags (2)

TMACMD
NetApp A-Team
‎2020-07-01 08:59 AM
In response to not_a_Lone_wolf
2,182 Views

 

For the first question, sounds reasonable. You should check the "firewall policy show" output. Different LIFs have different policies assigned.

 

For SnapMirror to work, you must have at least 1 (prefer 2) LIFs on each node of the source and destination controllers. Since you are going A-> B -> C and they way you phrase it I suspect A cannot talk to C then what you ultimately need to do is this:

1. Setup SnapMirror on LIFs from A->B

2. Create a NEW IPSPACE on B for Intercluster LIFs from B to C.

3. Create the LIFs on B in the new IPSPACE

4. Create the LIFs on C  (standard IPSPACE should be OK)

 

For the replication to work, it require basically a full-mesh PING. So A would need to PING B.

B however, since it talks to A and C would need to be able to PING A and C. By putting in different IPSPACES, B would need to ping all A nodes or Ping all C nodes and it can because they are in different IPspaces. Then A does not need to worry about C.

 

Hopefully that makes a little sense!

not_a_Lone_wolf
‎2020-07-01 09:09 AM
In response to TMACMD
2,178 Views

Thanks a ton 

0 Kudos
All Community Forums
Public