A Cunning Trick with LIF Failover Groups

In Clustered Data ONTAP 8.2.1, there isn’t currently a way to set port priority for the LIF’s failover group. These are your failover-policy options:

::> net int modify -failover-policy ?
nextavail - Next failover target selected based on next port in failover targets list, preferring local ports first
priority - Next failover target selected based on first available port in failover targets list
disabled - Failover disabled

And running the command “net int failover ?” you’ll notice that the commands that controlled priority are deprecated:

::> net int failover ?
  (network interface failover)
  append                      (DEPRECATED)-Append a logical interface failover rule
  change-priority             (DEPRECATED)-Change the priority of a logical interface's failover rule
  create                      (DEPRECATED)-Create a logical interface failover rule
  delete                      (DEPRECATED)-Delete a logical interface failover rule
  insert                      (DEPRECATED)-Insert a logical interface failover rule
  modify                      (DEPRECATED)-Modify a logical interface failover rule

My unofficial analysis seems to suggest that port priority is by default set something like this (for a FAS62XX with data ports e0a, e0b, e0d, e0f):

Priority 1: Node 1 - e0a
Priority 2: Node 1 - e0b
Priority 3: Node 1 - e0d
Priority 4: Node 1 - e0f
Priority 5: Node 2 - e0a
Priority 6: Node 2 - e0b
....

And I think that gives the picture: Node 1 ports in alphabetical order, then Node 2 ports in order, then Node 3... Even if you try creating your failover-group in a particular order, the behaviour is as above.

To show what I mean, run the command:

::> net int failover show

The home port will be the first failover target and then you’ll see the order mentioned above.

One thing that’s not immediately obvious though, is that the LIF’s home-port doesn’t have to be in its failover-group (this is the titular trick). So, say if you’re got two 10 GbE ports, and you’re planning on having say an intercluster LIF on each (to take advantage of increased TCP sessions), and you’ve got data LIFs on those two 10 GbE ports also, but you don’t want the intercluster LIF to failover to another 10 GbE port if it’s home goes down, then this is what you can do:

Note: In the following example, e0a and e0b are our 1 GbE ports, and e0d and e0f are our 10 GbE ports. Our first intercluster LIF is going on e0d (a second would go on e0f.)

::> net int failover-group create -failover-group NODE1-ICL -node NODE1 -port e0a
::> net int failover-group create -failover-group NODE1-ICL -node NODE1 -port e0b
:> net int create -vserver NODE1 -lif NODE1-ICL1 -home-port e0d -home-node NODE1 -role intercluster -failover-group NODE1-ICL -failover-policy nextavail -address 10.10.10.101 -netmask 255.255.255.0

::> net int show NODE1-ICL1 -fields home-port
vserver       lif        home-port
------------- ---------- ---------
NODE1 NODE1-ICL1 e0d

::> net int failover show NODE1-ICL1
         Logical         Home                  Failover        Failover
Vserver  Interface       Node:Port             Policy          Group
-------- --------------- --------------------- --------------- ---------------
NODE1
         NODE1-ICL1      NODE1:e0d     nextavail       NODE1-ICL
                         Failover Targets: NODE1:e0d,
                                           NODE1:e0a,
                                           NODE1:e0b

We demonstrate the failover working as anticipated below. First we down the LIF - NODE1-ICL1’s - home port e0d, and observe it goes to e0a; then down port e0a and observe it goes to port e0b; then we up e0a and e0d (note that the default auto-revert settings for intercluster LIFs is false) and then down e0b, and observe it goes back to its home-port e0d.

::> set adv

::*> net port modify -node NODE1 -port e0d -up-admin false

::*> net int show NODE1-ICL1 -fields home-port
vserver       lif        home-port
------------- ---------- ---------
NODE1 NODE1-ICL1 e0a

::*> net port modify -node NODE1 -port e0a -up-admin false

::*> net int show NODE1-ICL1 -fields home-port
vserver       lif        home-port
------------- ---------- ---------
NODE1 NODE1-ICL1 e0b

::*> net port modify -node NODE1 -port e0d -up-admin true
::*> net port modify -node NODE1 -port e0a -up-admin true

::*> net int show NODE1-ICL1 -fields home-port
vserver       lif        home-port
------------- ---------- ---------
NODE1 NODE1-ICL1 e0b

::*> net port modify -node NODE1 -port e0b -up-admin false

::*> net int show NODE1-ICL1 -fields home-port
vserver       lif        home-port
------------- ---------- ---------
NODE1 NODE1-ICL1 e0d

Comments