How to create and configure Cluster Peering with designated InterCluster LIFs using IPSpaces
Applies to
- NetApp ONTAP 9
- Cluster peering
- IPspaces
- Intercluster LIFs
- SnapMirror
Description
- Use IPspaces to control which intercluster LIFs participate in a cluster peer relationship when clusters use different networks
- In clustered Data ONTAP 8.3.1 and later, the full-mesh connectivity requirement is scoped to the intercluster LIFs in the IPspace used by that peer relationship
- If intercluster LIFs for separate peer networks remain in the same IPspace, new peer creation can fail and existing or new SnapMirror transfers can report Cluster Session Manager (CSM) or remote system errors
- Within one IPspace, ONTAP still expects all intercluster LIFs that belong to that IPspace to have connectivity to the peer cluster
Procedure
- Confirm that the cluster uses more than one intercluster network and that the peer relationships should remain isolated by IPspace
- Review the example below to understand why additional intercluster LIFs in the Default IPspace can violate the full-mesh requirement
Example scenario without custom IPSpaces
- An existing cluster peer relationship exists between Cluster A and Cluster B
- All intercluster LIFs are in the Default IPspace and use the same network path
- Cluster C is introduced on a different, non-routable network and requires a cluster peer relationship with Cluster A
- Cluster A needs additional intercluster LIFs for that new network
- If the new intercluster LIFs remain in the Default IPspace and cannot reach Cluster B, the configuration violates the full-mesh requirement for that IPspace
- Typical symptoms include failed
cluster peer createoperations, unhealthy peer status, or SnapMirror failures that report CSM orRPC: Remote system error - Within one IPspace, ONTAP does not let you pin specific intercluster LIFs to specific peer clusters
Using IPSpaces to segment cluster peer relationships
- Create a new IPspace for the peer relationship that uses the separate network
::> network ipspace create -ipspace <new_ipspace> - Create a broadcast domain in the new IPspace
::> network port broadcast-domain create -broadcast-domain <new_bcast_domain> -mtu <mtu> -ipspace <new_ipspace> - Move dedicated physical or VLAN ports into the new broadcast domain. Remove hosted LIFs first if required
::> network port broadcast-domain remove-ports -broadcast-domain <old_bcast_domain> -ports <node:port>::> network port broadcast-domain add-ports -broadcast-domain <new_bcast_domain> -ports <node:port> -ipspace <new_ipspace> - Create at least one intercluster LIF per node in the new IPspace and use ports that belong to that IPspace
::> network interface create -vserver <new_IPSpace> -service-policy default-intercluster -address <IP> -netmask <mask> -home-port <port> -home-node <node> - Create routes for the new IPspace if the peer network requires them
::> network route create -vserver <new_IPSpace> -destination <IP/Mask> -gateway <gateway> -metric <metric> - Create a new cluster peer or modify the existing cluster peer to use the new IPspace
::> cluster peer create -peer-addrs <peer_IC_LIFs> -ipspace <new_IPSpace>::> cluster peer modify -cluster <peer_cluster_name> -ipspace <new_IPSpace> - Verify that the peer relationship is healthy and that transfers complete successfully
- Use dedicated ports for each additional IPspace
- Use more than one eligible port per node so failover targets remain available
- Remember that the full-mesh requirement still applies within each IPspace
Additional Information
- Cluster peer creation fails with "RPC: Remote system error"
- TR-4015: SnapMirror Configuration and Best Practices Guide
- TR-4182: Ethernet Storage Design Considerations and Best Practices
- Standard properties of IPspaces
- FabricPool shows high latency with multiple ONTAP intercluster LIFs on different subnets
- How to enable encryption for cluster peering
- cluster peer modify
- ONTAP peering prerequisites
Internal Notes
internalNotes_text