SMB3 and NFS+krb5p are supported. I would recommend going to over 9.2 to get support otherwise AES-NI Intel CPU instruction sets won't be active in ONTAP and you won't see good performance at all.
↧
Re: NFS/CIFS Encryption
↧
Re: Simple 'ls' dir listing in C-MODE
ls -l /vol/vol1(2)
Can you please help what all the output columns mean when we add "-l" to this command?
↧
↧
Re: NFS/CIFS Encryption
My question is what if we didn't implement KRB at all? Any encryption can be used, and how?
in SMB3 case, what requirements on NetApp storage and Window clients?
↧
how to switch ifgrp ports from 1Gb to 10Gb in 9.1 ?
Hi
Is there a recommended procedure to switch the ifgrp ports from 1Gb to 10Gb in ONTAP 9.1 ?
In the olden days of 7-mode it was a relatively simple procedure edit rc files and failover the nodes etc.
Not sure how to approach this in ONTAP 9.1.
The cluster nodes currently have multimode lacp ifgrp's with 2x1Gb ports each. We are introducing 10Gb infrastructure at that site and want to switch the ifgrp's over to the 10Gb ports.
Thanks
↧
Re: NFS/CIFS Encryption
I don't believe it's possible to encrypt NFS streams outside of KRB5P.
For SMB3, there is SMB encryption built into the protocol and we support it. I'd check with Microsoft for details or search around enabling, but it is well documented.
https://whyistheinternetbroken.wordpress.com/2017/07/24/ontap92-krb5p/
https://www.netapp.com/us/media/tr-4616.pdf<--talks about KRB5P NFS with Active Directory
Securing your NetApp infrastructure: https://www.netapp.com/us/media/tr-4569.pdf
↧
↧
Re: how to switch ifgrp ports from 1Gb to 10Gb in 9.1 ?
Are you reusing the same ports or using different ports?
But moving it over is even easier than 7mode.
↧
Re: how to switch ifgrp ports from 1Gb to 10Gb in 9.1 ?
the 10Gb ports are different ports
↧
Re: how to switch ifgrp ports from 1Gb to 10Gb in 9.1 ?
the migration would go something like this:
- Connect ports and create the new ifgrps and tag vlans if needed. (each of these objects become ports for you to put lifs on)
- Move those new "ports" to the correct broadcast domain(s).
- Move the lifs to the new ports
- Remove 1 G ports from broadcast domain(s)
↧
using conditional execution in CLI
Is there a way to use conditional logic on the OnTap CLI between different fields? Like if I wanted to get all users that are over 1TB OR using more than 1million files? E.g. something like
quota report (-disk-used >1TB | -files-used >1000000)
↧
↧
Re: how to switch ifgrp ports from 1Gb to 10Gb in 9.1 ?
aargh! was hoping I could do something clever like migrate the N1 lifs to N2, add the 10Gb ports to the existing N1 ifgrp and remove the 1Gb ports, then migrate the lifs back to N1. repeat for N2.
↧
Re: how to switch ifgrp ports from 1Gb to 10Gb in 9.1 ?
I believe that should also work, I've found just adding, moving and removing easy. Just be sure to not have lifs on whatever port you're working on.
↧
Re: how to switch ifgrp ports from 1Gb to 10Gb in 9.1 ?
<relief> glad to hear you say it should work. how confident are you? I have not been able to find a related NetApp article or discussion to confirm if it will. I would prefer to avoid creating new ifgrps and vlans and all that reconfig. we have many vlans and lifs.
↧
Re: how to switch ifgrp ports from 1Gb to 10Gb in 9.1 ?
It's really simple and straight forward, I actually find 7mode networking to be cumbersome when trying to add and remove things.
Here's a doc that states "do not mix ports in ifgrps" https://www.netapp.com/us/media/tr-4182.pdf
But I did test this out in my lab and was able to add both a 1G and 10G port in to the same ifgrp. However, I don't have switches that do both 1 and 10 G ports so I can't actually built a live ifgrp.
CLUSTER::> net port ifgrp show -instance
(network port ifgrp show)
Node: CLUSTER-01
Interface Group Name: a0a
Distribution Function: ip
Create Policy: multimode_lacp
MAC Address: 02:xx:xx:7f:xx:xx
Port Participation: none
Network Ports: e0b, e0d
Up Ports: -
Down Ports: e0b, e0d
a0a Default - down 1500 auto/- -
e0b Default - down 1500 auto/10 -
e0d Default - up 1500 auto/10000 healthy
like I said, I think it might work, I just wouldn't do it in production.
↧
↧
Re: how to switch ifgrp ports from 1Gb to 10Gb in 9.1 ?
thanks again, and yes I have reviewed that document along with the NetApp documentation for the network port ifgrp commands. Fortunately this particular change will occur during a scheduled maintenance period because the rest of the infrastructure (networking and hosts) will be down for their corresponding 10Gb upgrades too.
My dilemma is to determine if it is acceptable to move the lifs off a node, swap the ports in the ifgrp via the add/remove commands, confirm the ifgrp is up (with 10Gb ports only), move a lif or two back to check if it is working before moving the rest of the lifs. Afterwards I will probably do a failover/giveback of each node to see how they boot
↧
Re: how to switch ifgrp ports from 1Gb to 10Gb in 9.1 ?
One of the advantages of Clustered ONTAP is the ability to evacuate lifs off a port for migration or maintenance. Thats why there is a 20G or more of cluster networking connecting each node.
You can have an ifgrp without active ports, so yes you could remove the 1G ports and add the 10G ports, but ONTAP will see the port as down and migrate the lifs to other port(s) in the failover group. I don't like to keep lifs on ports i'm messing with that's all, but if the switches are all going down, it don't matter.
net int migrate-all -node <node> -port <port> will migrate all interfaces off the port to the failover port(s) manually.
and "net int revert *" to send everything home when you're done.
↧
Volume move failing with 'undergoing transition' error
Mixed 4-node FAS8060/8200 cluster running CDOT 9.4P5. I'm in the process of moving all volumes from the 8060 pair's disk shelves to those on the 8200 pair, so that I can decommission the 8060. One volume remains, which is running out of a Fibre Channel SVM. But when I do "vol move start..." I get this response:
"Error: command failed: Cannot move volume [volume] in Vserver [SVM]. Reason: Moving a volume undergoing transition is not supported. Use "snapmirror show -type TDP" to get the status of the volume transition operation."
Running that snapmirror command results in:
"There are no entries matching your query."
Googling for that TDP type suggests that this something to do with transitioning from 7-Mode to CDOT, which is a process we went through several years ago on this system.
Does anyone know how to resolve this? That is, how to tell the system that this volume actually isn't "in transition" and can be moved?
↧
Restoring a LUN from with a Volume for 8.2.5 7-Mode
Greetings,
Have only been here a couple of months and have run into an area that I am not sure about proceeding with. Any assistance is greatly appreciated.
I have four ESXI luns, that are within a single volume, that is being snapmirrored. One of the ESXI's has gone bad and the VMware admin needs for me to re-establish one of the ESXI luns.
How can I go about restoring only the one lun from the volume that is being snapmirrored without writing over the other ther luns?
This is one of the areas that I pointed out that needed to be adjusted, but have not received approval yet. Can someone please assist with the steps for this either via CLI or OnCommand.
Thanks in advance.
James
↧
↧
Volume move failing with 'undergoing transition' error (EDIT: never mind, all good)
UPDATE: After some more investigation, I discovered that the volume was no longer needed, so I could just delete it. No need to resolve this problem anymore.
---
Mixed 4-node FAS8060/8200 cluster running CDOT 9.4P5. I'm in the process of moving all volumes from the 8060 pair's disk shelves to those on the 8200 pair, so that I can decommission the 8060. One volume remains, which is running out of a Fibre Channel SVM. But when I do "vol move start..." I get this response:
"Error: command failed: Cannot move volume [volume] in Vserver [SVM]. Reason: Moving a volume undergoing transition is not supported. Use "snapmirror show -type TDP" to get the status of the volume transition operation."
Running that snapmirror command results in:
"There are no entries matching your query."
Googling for that TDP type suggests that this something to do with transitioning from 7-Mode to CDOT, which is a process we went through several years ago on this system.
Does anyone know how to resolve this? That is, how to tell the system that this volume actually isn't "in transition" and can be moved?
↧
Re: Volume move failing with 'undergoing transition' error
What's the type showing for the volume?
vol show -volume <vol_name> -fields type
↧
Re: Restoring a LUN from with a Volume for 8.2.5 7-Mode
Is it VSM or QSM? If QSM, are all LUNs in the same qtree or each in own one?
↧