ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

VSCAN routing question

jbielasz
‎2017-08-23 01:25 AM
6,811 Views

 

Hi,

 

Can somebody explain how the vscan routing works ? How the Lif Used for connection is chosen ?

For some reason the 10.160.128.142 AV server is using wrong public lif to connect to the second SVM.

 

 

vscan connection-status show-connected -instance

 

Node: XXX-np01-02
Vserver: XXX-sp170001
Server: 10.160.128.142
Vscan Server Vendor: mcafee virusscan enterprise for storage
Vscan Server Version: 0.0
Privileged User Used for Connection: EUNET\XXX
Time When Vscan Server Was Connected: 8/23/2017 09:31:28
Server Type: primary
Vserver LIF Used for Connection: 10.160.128.144 (vscan lif)

 

Node: XXX-np01-02
Vserver: XXX-sp170002
Server: 10.160.128.142
Vscan Server Vendor: mcafee virusscan enterprise for storage
Vscan Server Version: 0.0
Privileged User Used for Connection: EUNET\XXX
Time When Vscan Server Was Connected: 8/23/2017 09:31:53
Server Type: primary
Vserver LIF Used for Connection: 10.160.128.11 (public lif)

 

 

 

route show
Vserver Destination Gateway Metric
------------------- --------------- --------------- ------
XXX-np01
0.0.0.0/0 10.160.129.1 26
0.0.0.0/0 10.160.129.129 20
XXX-sp170001
0.0.0.0/0 10.160.128.1 20
0.0.0.0/0 10.160.128.129 25
XXX-sp170002
0.0.0.0/0 10.160.128.1 20
0.0.0.0/0 10.160.128.129 25

 

Thanks & Regards,

Jakub

0 Kudos
View By:
Tags (1)
9 REPLIES 9

J_curl
‎2017-08-24 01:03 PM
6,757 Views

It will grab a data LIF that is CIFS enabled, that can reach the vscan server.  best practice is to create a seperate network from the data access network, just to be used for vscan.

0 Kudos

jbielasz
‎2017-08-25 12:16 AM
In response to J_curl
6,732 Views

Thanks for the reply.

 

CIFS is enabled on all vscan interfaces.

 

The problem is that it switching on random basis to public lif (e.g. when I do vscan disable/enable).

 

Hence, I would like to understand the mechanism. It seems that it is not using Metric, because with current setting it would always pick public lifs.

0 Kudos

J_curl
‎2017-09-06 12:36 PM
In response to jbielasz
6,616 Views

it wont hit the route table at all, as LIF is in same network.  no need for gateway

 

do you have netmask incorrect?  looks like should be /25

 

post this if you can, curious now.

 

net int show -address 10.160.128.11|10.160.128.144 -instance
0 Kudos

jbielasz
‎2017-09-07 12:11 AM
In response to J_curl
6,590 Views

Hi J_curl,

 

The masks are Ok. Also, both IP ranges are in different VLANs.

 

XXXXXX-np01::> net int show -address 10.160.128.11|10.160.128.144 -instance
  (network interface show)

                    Vserver Name: XXXXXX-sp170001
          Logical Interface Name: vscan_sp170001
                            Role: data
                   Data Protocol: cifs
                       Home Node: XXXXXX-np01-02
                       Home Port: a0a-403
                    Current Node: XXXXXX-np01-02
                    Current Port: a0a-403
              Operational Status: up
                 Extended Status: -
                         Is Home: true
                 Network Address: 10.160.128.144
                         Netmask: 255.255.255.128
             Bits in the Netmask: 25
                     Subnet Name: vscan_403
           Administrative Status: up
                 Failover Policy: broadcast-domain-wide
                 Firewall Policy: mgmt
                     Auto Revert: false
   Fully Qualified DNS Zone Name: none
         DNS Query Listen Enable: false
             Failover Group Name: vscan_403
                        FCP WWPN: -
                  Address family: ipv4
                         Comment: -
                  IPspace of LIF: Default
  Is Dynamic DNS Update Enabled?: true

                    Vserver Name: XXXXXX-sp170002
          Logical Interface Name: public_sp170002
                            Role: data
                   Data Protocol: nfs, cifs
                       Home Node: XXXXXX-np01-02
                       Home Port: a0a-402
                    Current Node: XXXXXX-np01-02
                    Current Port: a0a-402
              Operational Status: up
                 Extended Status: -
                         Is Home: true
                 Network Address: 10.160.128.11
                         Netmask: 255.255.255.128
             Bits in the Netmask: 25
                     Subnet Name: public_402
           Administrative Status: up
                 Failover Policy: system-defined
                 Firewall Policy: data1
                     Auto Revert: false
   Fully Qualified DNS Zone Name: none
         DNS Query Listen Enable: false
             Failover Group Name: public_402
                        FCP WWPN: -
                  Address family: ipv4
                         Comment: -
                  IPspace of LIF: Default
  Is Dynamic DNS Update Enabled?: false
2 entries were displayed.
0 Kudos

J_curl
‎2017-09-07 02:46 PM
In response to jbielasz
6,572 Views

very interesting.  Is the subnet mask correct on the vscan server?

0 Kudos

J_curl
‎2017-09-07 02:57 PM
In response to jbielasz
6,569 Views

does the vscan server have a default route specified for the it's 10.160.128.142 interface?  Is that interface in the same vlan?

 

remove the default routes for vscan network on the NetApp, and also remove the gateway for the .142 interface on the server

0 Kudos

jbielasz
‎2017-09-08 06:21 AM
In response to J_curl
6,549 Views

The server is in the same vlan as NAS. They can see each other as sometimes it switches to the proper lif and everything works fine.

It has only 1 interface wih the following routing configured. I'm affraid I won't be able to log in to the server anymore, if I remove the default gateway.

 

Regards,

Jakub

 

C:\Users\adm_b>route print
===========================================================================
Interface List
 13...00 50 56 a5 6f ba ......vmxnet3 Ethernet Adapter
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   10.160.128.129   10.160.128.141    261
   10.160.128.128  255.255.255.128         On-link    10.160.128.141    261
   10.160.128.141  255.255.255.255         On-link    10.160.128.141    261
   10.160.128.255  255.255.255.255         On-link    10.160.128.141    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    10.160.128.141    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    10.160.128.141    261
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0   10.160.128.129  Default
0 Kudos

jbielasz
‎2017-09-08 06:24 AM
In response to jbielasz
6,547 Views

Routing of the second server:

 

C:\Users\adm_b>route print
===========================================================================
Interface List
 14...00 50 56 a5 a8 f9 ......vmxnet3 Ethernet Adapter
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   10.160.128.129   10.160.128.142    261
   10.160.128.128  255.255.255.128         On-link    10.160.128.142    261
   10.160.128.142  255.255.255.255         On-link    10.160.128.142    261
   10.160.128.255  255.255.255.255         On-link    10.160.128.142    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    10.160.128.142    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    10.160.128.142    261
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0   10.160.128.129  Default
0 Kudos

J_curl
‎2017-09-12 02:26 PM
In response to jbielasz
6,358 Views

vscan servers only have the single IP, so no need to change anything there.  Those should be fine as they are

 

I would be curious to see if it works if you delete the route to .129 for the vserver, as well as remove the gateway from the vscan_403 subnet.  i think one of those is causing this.  Just a theory though.

 

you may have to toggle vscan off/on after the change

 

0 Kudos
Announcements
All Community Forums
Public