Logical Interface – LIFs

19 Feb 2014   | Clustered Ontap

A LIF (logical interface) is an IP address with associated characteristics, such as a role, a home port, a home node, a routing group, a list of ports to fail over to, and a firewall policy. You can configure LIFs on ports over which the cluster sends and receives communications over the network.

LIFs can be hosted on the following ports:

  • Physical ports that are not part of interface groups
  • Interface groups
  • VLANs
  • Physical ports or interface groups that host VLANs
  • While configuring SAN protocols such as FC on a LIF, it will be associated with a WWPN.

 Port Hierarchy

 LIF

 

 

Types of LIF’s

Data LIFs

  • The LIF that is associated with a Vserver and is used for communicating with clients. Data LIFs can be configured only on data ports.
  • You can have multiple data LIFs on a port. These interfaces can migrate or failover throughout the cluster. You can modify a data LIF to serve as a Vserver management LIF by modifying its firewall policy to mgmt.
  • Sessions established to NIS, LDAP, Active Directory, WINS, and DNS servers use data LIFs.

Cluster LIF’s

  • The LIF that is used for intracluster traffic. Cluster LIFs can be configured only on cluster ports.
  • Cluster LIFs must always be created on 10-GbE network ports. (Exception FAS 2xxx systems)
  • These interfaces can fail over between cluster ports on the same node, but they cannot be migrated or failed over to a remote node. When a new node joins a cluster, IP addresses are generated automatically. However, if you want to assign IP addresses manually to the cluster LIFs, you must ensure that the new IP addresses are in the same subnet range as the existing cluster LIFs.

Cluster-management LIF’s

  • The LIF that provides a single management interface for the entire cluster.
  • Cluster-management LIFs can be configured on node-management or data ports.
  • The LIF can fail over to any node-management or data port in the cluster. It cannot fail over to cluster or intercluster ports.

Node-management LIF’s

  • The LIF that provides a dedicated IP address for managing a particular node and gets created at the time of creating or joining the cluster. These LIFs are used for system maintenance, for example, when a node becomes inaccessible from the cluster. Node-management LIFs can be configured on either node-management or data ports.
  • The node-management LIF can fail over to other data or node-management ports on the same node.
  • Sessions established to SNMP and NTP servers use the node-management LIF.
  • AutoSupport requests are sent from the node-management LIF.

Intercluster LIF’s

  • The LIF that is used for cross-cluster communication, backup, and replication.
  • Intercluster LIFs can be configured on data ports or intercluster ports. You must create an intercluster LIF on each node in the cluster before a cluster peering relationship can be established.
  • These LIFs can fail over to data or intercluster ports on the same node, but they cannot be migrated or failed over to another node in the cluster.

LIF Characterstics

LIFs with different roles have different characteristics. A LIF role determines the kind of traffic that is supported over the interface, along with the failover rules that apply, the firewall restrictions that are in place, the security, the load balancing, and the routing behavior for each LIF.

Note: 
SAN LIFs cannot fail over. These LIFs also do not support load balancing.

LIF limits

There are limits on each type of LIF that you should consider when planning your network. You should also be aware of the effect of the number of LIFs in your cluster environment.

The maximum number of LIFs that are supported on a node is 262. You can create additional cluster,cluster-management, and intercluster LIFs, but creating these LIFs requires a reduction in the number of data LIFs.

LIF Type Minimum Maximum
Data 1 per Vserver 128 per node with failover enabled256 per node without failoverenabled
Cluster 2 per node NA
Node Management 1 per node 1 per port and per subnet
Cluster-Management 1 per cluster NA
InterCluster 0 without cluster peering1 per node if cluster peering is enabled NA

Guidelines for creating LIFs

  • In data LIFs used for file services, the default data protocol options are NFS and CIFS.
  • In node-management LIFs, the default data protocol option is set to none and the firewall policy option is automatically set to mgmt. You can use such a LIF as a Vserver management LIF.
  • In cluster LIFs the default data protocol option is set to none and the firewall policy option is automatically set to cluster
  • You use FlexCache to enable caching to a 7-Mode volume that exists outside the cluster. Caching within the cluster is enabled by default and does not require this parameter to be set.
  • FC LIFs can be configured only on FC ports. iSCSI LIFs cannot coexist with any other protocols.
  • NAS and SAN protocols cannot coexist on the same LIF.
  • The firewall policy option associated with a LIF is defaulted to the role of the LIF except for a Vserver management LIF. For example, the default firewall policy option of a data LIF is data.
  • Avoid configuring LIFs with addresses in the 192.168.1/24 and 192.168.2/24 subnets. Doing so might cause the LIFs to conflict with the private iWARP interfaces and prevent the LIFs from coming online after a node reboot or LIF migration
  

Creating a LIF

Pre-Requsites:

  • The underlying physical network port must have been configured to the administrative up status.
  • You should have considered the guidelines for creating LIFs as mentioned earlier

Notes:

  • You can create both IPv4 and IPv6 LIFs on the same network port.
  • You cannot assign NAS and SAN protocols to a LIF.
  • The supported protocols are CIFS, NFS, FlexCache, iSCSI, and FCP.
  • The data-protocol option must be specified when the LIF is created, and cannot be modified later.
  • If you specify none as the value for the data-protocol option, the LIF does not support any data protocol.
  • A cluster LIF should not be on the same subnet as a management LIF or a data LIF.

Procedure

  • Use the network interface create command to create a LIF.
  • Use the network interface show command to verify that LIF has been created successfully.
  • Use the network ping command to verify that the configured IPv4 addresses are reachable.
  • All the name mapping and host-name resolution services, such as DNS, NIS, LDAP, and Active Directory, must be reachable from the data, cluster-management, and node-management LIFs of the cluster.

Example:

cluster1::> network interface create -vserver vs1 -lif datalif1 -role data -home-node node-4 -home-port e1c -address 192.0.2.145 -netmask 255.255.255.0 -firewall-policy data -auto-revert true

 cluster1::> network interface show

Logical Status Network Current Current Is

Vserver Interface Admin/Oper Address/Mask Node Port Home

———– ———- ———- —————— ————- ——- —-

cluster1

cluster_mgmt up/up 192.0.2.3/24 node-1 e1a true

node-1

clus1 up/up 192.0.2.12/24 node-1 e0a true

clus2 up/up 192.0.2.13/24 node-1 e0b true

mgmt1 up/up 192.0.2.68/24 node-1 e1a true

node-2

clus1 up/up 192.0.2.14/24 node-2 e0a true

clus2 up/up 192.0.2.15/24 node-2 e0b true

mgmt1 up/up 192.0.2.69/24 node-2 e1a true

node-3

clus1 up/up 192.0.2.17/24 node-3 e0a true

clus2 up/up 192.0.2.18/24 node-3 e0b true

mgmt1 up/up 192.0.2.68/24 node-3 e1a true

node-4

clus1 up/up 192.0.2.20/24 node-4 e0a true

clus2 up/up 192.0.2.21/24 node-4 e0b true

mgmt1 up/up 192.0.2.70/24 node-4 e1a true

vs1

datalif1 up/down 192.0.2.145/30 node-4 e1c true

14 entries were displayed.

 

Modifying a LIF

You can modify a LIF by changing the attributes such as the home node or the current node, administrative status, IP address, netmask, failover policy, or the firewall policy. You can also modify the address family of a LIF from IPv4 to IPv6. However, you cannot modify the data protocol that is associated with a LIF when the LIF was created.

Notes:

  • To modify a data LIF with NAS protocols to also serve as a Vserver management LIF, you must modify the data LIF’s firewall policy to mgmt.
  • You cannot modify the data protocols used by a LIF. To modify the data protocols used by a LIF, you must delete and re-create the LIF.
  • You cannot modify either the home node or the current node of a node-management LIF.
  • To modify the address family of a LIF from IPv4 to IPv6, you must do the following:
    • Use the colon notation for the IPv6 address.
    • Add a new value for the -netmask-length parameter.
    • You cannot modify the auto-configured link-local IPv6 addresses.
    • You cannot change the routing group of a LIF belonging to the IPv4 address family to a routing group assigned to an IPv6 LIF.

Procedure:

  • Use the network interface modify command to modify a LIF’s attributes
  • Use the network ping command to verify that the IPv4 addresses are reachable.
  • Use the ping6 command to verify that the IPv6 addresses are reachable.

 Example

The following example shows how to modify a LIF datalif1 that is located on the Vserver vs0. The LIF’s IP address is changed to 172.19.8.1 and its network mask is changed to 255.255.0.0.

cluster1::> network interface modify -vserver vs0 -lif datalif1 -address 172.19.8.1 -netmask 255.255.0.0 -auto-revert true

 

Migrating a LIF

You might have to migrate a LIF to a different port on the same node or a different node within the cluster, if the port is either faulty or requires maintenance.

Pre Requisites

  • The destination node and ports must be operational and must be able to access the same network as the source port.
  • Failover groups must have been set up for the LIFs.

Notes:

  • You must migrate LIFs hosted on the ports belonging to a NIC to other ports in the cluster, before removing the NIC from the node.
  • You must execute the command for migrating a cluster LIF from the node where the cluster LIF is hosted.
  • You can migrate a node-management LIF to any data or node-management port on the home node, even when the node is out of quorum.
  • A node-management LIF cannot be migrated to a remote node.
  • You cannot migrate iSCSI LIFs from one node to another node. To overcome this problem, you must create an iSCSI LIF on the destination node.
  • VMware VAAI copy offload operations fail when you migrate the source or the destination LIF.

Procedure

Migrating a specific LIF

               network interface migrate

Migrating all the data and cluster-management LIFs on a node

                network interface migrat-all

Example:

The following example shows how to migrate a LIF named datalif1 on the Vserver vs0 to the port e0d on node0b:

cluster1::> network interface migrate -vserver vs0 -lif datalif1 -dest-node node0b -dest-port e0d

 The following example shows how to migrate all the data and cluster-management LIFs from the current (local) node:

cluster1::> network interface migrate-all -node local

 

Reverting a LIF to its home port

You can revert a LIF to its home port after it fails over or is migrated to a different port either manually or automatically. If the home port of a particular LIF is unavailable, the LIF remains at its current port and is not reverted.

Notes:

  • If you administratively bring the home port of a LIF to the up state before setting the automatic revert option, the LIF is not returned to the home port.
  • The node-management LIF does not automatically revert unless the value of the auto revert option is set to true.
  • Cluster LIFs always revert to their home ports irrespective of the value of the auto revert option.

Prodecure

Manually reverting a LIF to its home port

                network interface revert -vserver vserver_name -lif lif_name

Automatically reverting a LIF to its home port

                     network interface modify -vservervserver_name -lif lif_name -auto-revert true

 

Deleting a LIF

You can delete an LIF that is not required.

PreRequsites:

LIF or LIFs to be deleted must not be in use.

Procedure:

  • Use the network interface delete command to delete a LIF or all the LIFs
  • Use the network interface show command to confirm that the LIF is deleted and the routing group associated with the LIF is not deleted.

Deleting a LIF

network interface delete -lif lifname

Deleting all LIF

                network interface delete -lif *

 Example:

cluster1::> network interface delete -vserver vs1 -lif mgmtlif2

  

LIF Ownership

Vserver

  1. Data LIF’s

Node Vserver

  1. Node-management LIF
  2. Cluster LIF

Vserver admin

  1. Cluster-management LIFs 

Notes:

  • The ownership of the LIF depends on the Vserver where the LIF resides.
  • Data LIFs are owned by the Vserver

 

References:

  • support.netapp.com
  • Clustered OnTap 8.2 Network Management Guide.

Leave a Reply