Saturday, 22 June 2013

Configuring DMZ Vfilers for VMware Site Recovery Manager


We have two DMZ Vfilers - one in Site A and one in site B. These DMZ Vfilers already belong to an ipspace, and have two IP Addresses each - one for management and one for the DMZ. Now, VMware Site Recovery Manager cannot use Vfiler DR, so we need to configure SnapMirror in the Vfiler context. Slight problem: the DMZ network is not routable between sites, and we are not permitted to use the management network. What we need is a special VLAN created for our site to site SnapMirror replication within the DMZ Vfilers.

fas1 = Primary site NetApp FAS series controller.
dr01 = DR site NetApp FAS series controller.

Note: This 4 year old post shows SRM using the the script But ... NetApp TR-4064 (updated June 2012) says "The source and destination vFiler units must both be online. This means that SRM cannot be used to manage failover where the MultiStore vFiler DR capability is configured. When a vFiler unit is configured for vFiler DR capability, the destination vFiler unit is in an offline state; this is not supported for an SRM array."


Creating the VLAN:
fas1&dr01> vlan create bond VLANID
Note: Here, ‘bond’ is an interface group (IFGRP) made up of physical NICs. VLANID is a number from 1 to 4095.

Add the VLAN to the ipspace:
fas1&dr01> ipspace assign dmz_ipspace bond-VLANID

Add an IP address to the DMZ Vfilers:
fas1> vfiler add fas1_dmzvfiler -i REP_IP_ADDR
dr01> vfiler add dr01_dmzvfiler -i REP_IP_ADDR
Note: REP_IP_ADDR is an IP address on the replication network.

Run vfiler setup, and bind the IP address to the new VLAN:
fas1> vfiler run fas1_dmzvfiler setup
dr01> vfiler run dr01_dmzvfiler setup

Example of running vfiler setup:
===== fas1_dmzvfiler
The setup command will rewrite the /etc/exports, /etc/hosts, /etc/hosts.equiv, /etc/nsswitch.conf, and /etc/resolv.conf files …
Are you sure you want to continue? [yes]
Change binding for vfiler IP address [n]: n
Change binding for vfiler IP address [n]: n
Configure vfiler IP address [y]: y
Interface to assign this address to {bond-1010, bond-1099, bond-1025}: bond-1025
Netmask to use: []:

Enter the dmzvfiler context:
fas1> vfiler context fas1_dmzvfiler
dr01> vfiler context dr01_dmzvfiler
Note: vfiler context vfiler0 to return

Create routes to remote vfiler using the local replication networks default gateway:
fas1_dmzvfiler@fas1> route add host REP_IP_of_DR01_DMZVFILER LOCAL_REPL_NETWORK_DG 1
dr01_dmzvfiler@dr01> route add host REP_IP_of_FAS1_DMZVFILER LOCAL_REPL_NETWORK_DG 1

Ping to test connectivity:
fas1_dmzvfiler@fas1> ping REP_IP_of_DR01_DMZVFILER
dr01_dmzvfiler@dr01> ping REP_IP_of_FAS1_DMZVFILER

Write the routes to the RC file (so they won’t be lost on reboot):
fas1> wrfile -a /etc/rc route add host REP_IP_of_DR01_DMZVFILER LOCAL_REPL_NETWORK_DG 1
dr01> wrfile -a /etc/rc route add host REP_IP_of_FAS1_DMZVFILER LOCAL_REPL_NETWORK_DG 1

At this stage our DMZ Vfilers should be able to ping each other across the replication network!
Next step is to setup SnapMirror in the dmzvfiler context!

To be continued …

No comments:

Post a Comment