#╰・software

quick question about NetApp Data Broker. To close the log4j vulnerability I just found documentation about SnapCenter Plug-in for VMware vSphere. Was the product renamed?
I just want to make sure I dont mix up anything before I go ahead 🙂
I assume I can simply upgrade Data Broker to SnapCenter Plug-in for VMware vSphere 4.5?

Yes it was. Data Broker didn’t last very long 😉
Regarding upgrade please have a look in the 4.5 release notes. I don’t think it will go directly as the change is already 2-3 years old. Maybe try to update more often in the future 😉

Please can anyone assist me with this? Trying to enable SMB for file share and keep getting this error

Set up DNS first.

Is this a new system or an existing one? You should be able to get Professional Services to help you.

New system

Also, about the conversation above, I wasn't awake lol. For SQL, FlexGroups do work but if the database is one file then it will still be a single volume bottleneck.

If the database is split among multiple files it will get split up.

Any idea where I can get professional services from?

Account team can help with that.

would NetApp support team be able to help with this?

As a TSE, no.

*I can answer that for you, no.

How can I get in touch with the account team?

Hmm, good question lol. 1 minute. I think I wrote a KB on this.

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_do_I_find_account_team_contact_information

Thank you Paul

You'll have to sign in to see the rest.

https://www.netapp.com/forms/sales-contact/

https://www.netapp.com/company/contact-us/

Where did you buy the filer from?

what you mean?

Like...from NetApp directly, a reseller, eBay?

it was from a reseller

Ok, the reseller should be able to hook you up then.

Usually PS is included with a sales PO.

on the order it does state 1 year support

Not same thing.

Got serial # or PO #?

952122001682 and 952122001715 2 nodes

Weird no PS listed. I'd contact the reseller.

ok will try that

DNS is already setup

On the data SVM?

Also you might remove your screenshots.

PII and all.

sorry I don't understand

should I not be sending screenshots?

PII=personally identifiable information

No, just might use Paint to crop out the sensitive info.

ok will do in the future

But thats showing on the Cluster overview in the GUI

Hmm.

Do a dns show from the CLI. See if your data SVM (not cluster one) is showing a DNS server.

its showing the cluster

Ok you need to add for your data SVM.

Like on my vsim...

pstejska_vsim::> dns show
Name
Vserver Domains Servers

pstejska_vsim 10.x.y.z,
8.8.8.8
svm0 10.a.b.c

should it be created on both aggregates

?

Huh? Aggregates?

Aggregate is just the group of disks for volumes to go into.

A SVM is just the logical storage server (Storage Virtual Machine or vServer, same thing) that all data is served out of. It spans the cluster.

vserver create -vserver svm0

I've done that

Ok do dns create for svm0

Original naming btw. :p

Im going to re do it lol

just getting to know the system, I am new new to this

dns show still only show the cluster btw

pstejska_vsim::> dns create -vserver svm0 -domains <redacted> -name-servers <redacted>

Ok will try it again

Its getting to the end of the day, will give this a go tomorrow and see how I get on

Ok.

No need to add PS if the partner is certified for the installation as well. We as a partner never include PS as we do all setups by ourselfs

So you 0$ the PS?

or you mean netapp ps

No, they are "PS".

Not NetApp PS, but reseller PS.

Y, we don't buy NetApp PS and offer our own PS of course 😉

Yeah, that makes a lot of sense. In this case it looks like the customer has been left to do it their selves

This doesn't make a lot of sence 😄 ONTAP isn't that easy to understand 😄

Yeah, sadly it happens. I’m sure we will get them some help or at least talking to the right people

i havent gone through the entire thread but is your lif for the SVM on the same network as e0M?

I tried this and get the following error:
command failed: Failed to verify the specified DNS configuration.
<MyDNSServer>: Network is unreachable.
Verify that the network configuration is correct and that DNS servers are available. Specify
"-skip-config-validation" to skip the configuration validation.

I've done dns check -vserver Ramsdens and get the following:
Vserver Name Server Status Status Details

Ramsdens <MyDNSServer> up Response time (msec): 2
Ramsdens <MySecDNSServer> up Response time (msec): 17

Do you have a route for the SVM?

Ramsdens::> vserver show
Admin Operational Root
Vserver Type Subtype State State Volume Aggregate

Ramsdens admin - - - - -
Ramsdens-01 node - - - - -
Ramsdens-02 node - - - - -
VS01 data default running running VS_Root Ramsdens_
02_SSD_1
svm0 data default running running svm0_root Ramsdens_
01_SSD_1

Use route show for the routes 😉

A SVM can have multiple lifs. In our deployments they are not on the same as e0m.
I think it would be good to get in touch with your NetApp partner so he can explain to you how it works and you can set it up together. You should learn most doing it this way

Ramsdens::> route show
Vserver Destination Gateway Metric

Ramsdens
0.0.0.0/0 172.16.10.1 20
svm0
0.0.0.0/0 172.16.10.1 20

get the following ^

should I behaving something on the destination? if so what IP, any specific?

As you have an IP address configured it is most likely a VLAN config issue.
It’s a bit too much to troubleshoot via Discord… what ports are in your Broadcast Domain „Default-1“ shown in the screenshot you posted yesterday. How does the network switch config look like on that ports. Are vlans tagged or native etc.

No routing looks good if 172.16.10.1 is your default gateway. You have the .183 for the SVM in your screenshot

Would it be better if I message directly?

No vlan;s been configured

Ramsdens::> network port show

Node: Ramsdens-01
Speed(Mbps) Health
Port IPspace Broadcast Domain Link MTU Admin/Oper Status

e0M Default Default up 1500 auto/1000 healthy
e0a Cluster Cluster up 9000 auto/10000 healthy
e0b Cluster Cluster up 9000 auto/10000 healthy
e0c Default Default-1 up 1500 auto/10000 healthy
e0d Default Default-2 up 1500 auto/10000 healthy
e0e Default - down 1500 auto/- -
e0f Default - down 1500 auto/- -

Node: Ramsdens-02
Speed(Mbps) Health
Port IPspace Broadcast Domain Link MTU Admin/Oper Status

e0M Default Default up 1500 auto/1000 healthy
e0a Cluster Cluster up 9000 auto/10000 healthy
e0b Cluster Cluster up 9000 auto/10000 healthy
e0c Default Default-1 up 1500 auto/10000 healthy
e0d Default Default-1 up 1500 auto/10000 healthy
e0e Default - down 1500 auto/- -
e0f Default - down 1500 auto/-

The L2 network configuration on Ramsdens-01 is different to Ramsdens-02 by the looks of it. Not sure that will be impacting anything here but its worth pointing out.

It was a comment to help in trouble shooting it’s not my system I know how svms work

is it because on Ramsdens-01 broadbas domain on e0d is default-2?

broadcast*

Yeah, it creates a new broadcast domain when it can’t detect other interfaces at L2 on the existing broadcast domain

I think my issue atm is trying to configure dns on the SVM

This is what I am getting

Yeah this is going to get difficult to diagnose over discord. Did the partner you purchased from not offer any installation and handover services at all? I would get them to send someone in to go through all the install with you and guide you through the basics.

Unfortunately they didn't and its left up to me to figure out 😦

Now you can open a support case as it's no longer initial setup but break fix.

Actually not 😀
This is something that has to be troubleshooted and I won’t do freetime support of things I do for business. I am not allowed to do it anyway…

A question about ONTAP Select, as far as I understand I can select three networks when deploying a 2-node Cluster in the deployment utility. The Cluster/Internal Network is assigned to e0c/e0d, the management Network to e0a and the Data-Network on e0b. When I use VGT in ESX, is it possible to use Multiple VLANs on ONTAP Select level vor this? For Example e0b-10, e0b-20, e0b-30...

sure. connect your data lifs to a portgroup on vlan4095 (vlan trunk), then peel off the vlans inside ONTAP just like you would a hardware appliance. The one thing that doesn't work it link aggregation. If you need that it has to be done at the ESX host.

thanks

I'm running a HA pair in that config. e0a/e0b are data, e0g is management, the rest are either cluster network, or syncmirror, or vnvram mirroring.

I have a couple of vlans configured, one of which, -254 is in a separate ipspace I use for snapmirror traffic

how can e0g be management my thought was it is autoassigned by the deploy utillity to e0a, data e0b, cluster e0c/e0d, ha e0e, nv e0f

or is it possible to customize this

deploy may behave differently if you choose to put management and data on the same port group

like I did here

ah ok

if you split them up e0a will land on the management port group

this is the one that has to be able to reach the deploy server

Can I have some assistance on making this correct as Jason suggested?

Start by correcting the upstream switching. Then move the ports into the intended broadcast domain. Then move the lifs to the intended ports. Then validate connectivity/routing between vserver management lifs and their respective DNS servers, etc. While you're at it make sure the cluster and node management IPs can also reach DNS, NTP, etc.

I had 2 delete the lif's to rectify the broadcast domain issue as Default-2 no longer exist and the port that was on there has been moved to Default-1 broadcast domain. I can ping from each 2 nodes to my DNS, router, cluster and node management IP, I just cant ping the lif that I created.

Let's see an updated net port show, net int show, and route show

Just open a case. Then Support can get on a Zoom and fix it.

Guarantee L2 NAS would have you up and running in maybe 30m max.

Broadcast domain changes are a good indication the upstream network has converged, so yeah. Support should be able to sort it out quickly.

Post a "net int show". I don't think you would add the prefix length (23) into the subnet mask field but I'm not so used to creating LIFs in the GUI. Try 255.255.254.0 instead.
But I really think/hope the System Manager will disallow a wrong formatting in that field.

Node: Ramsdens-01
Speed(Mbps) Health
Port IPspace Broadcast Domain Link MTU Admin/Oper Status

e0M Default Default up 1500 auto/1000 healthy
e0a Cluster Cluster up 9000 auto/10000 healthy
e0b Cluster Cluster up 9000 auto/10000 healthy
e0c Default Default-1 up 1500 auto/10000 healthy
e0d Default Default-1 up 1500 auto/10000 healthy
e0e Default - down 1500 auto/- -
e0f Default - down 1500 auto/- -

Node: Ramsdens-02
Speed(Mbps) Health
Port IPspace Broadcast Domain Link MTU Admin/Oper Status

e0M Default Default up 1500 auto/1000 healthy
e0a Cluster Cluster up 9000 auto/10000 healthy
e0b Cluster Cluster up 9000 auto/10000 healthy
e0c Default Default-1 up 1500 auto/10000 healthy
e0d Default Default-1 up 1500 auto/10000 healthy

Node: Ramsdens-02
Speed(Mbps) Health
Port IPspace Broadcast Domain Link MTU Admin/Oper Status

e0e Default - down 1500 auto/- -
e0f Default - down 1500 auto/- -
14 entries were displayed.

e0e and e0f is not used

I tried both ways, even if I try putting in 255.255.254.0 it reverts into /23.

I created a datalif on Node1 e0c, with an IP of 172.16.10.184/23, Gateway: 172.16.10.1 in Default-1 broadcast domain, even though this datalif shows status up/up, it cannot ping anything apart from the same IP on Node2. I also tried doing this:
network route create -vserver svmfiler -destination 172.16.10.184/255.255.254.0 -gateway 172.16.10.1. But still not pining, No issues with the switches they are connected to as the failover works if I remove the cable. Any ideas?

If 172.16.10.1 is the gateway, the destination should be 0.0.0.0/0

You add the IP address with "network interface create -address 172.16.10.184 -netmask 255.255.254.0 ...."

should the gateway be specified for the svm? as if I do net route show, it only shows the cluster with destination 0.0.0.0/0 gateway: 172.16.10.1

In routing prefix, 0.0.0.0/0 is anything.

Yes you'll need a gateway but you were doing it wrong.

I was only trying to set a static route to see if it makes a difference. Should the SVM also show up on "net route show" as it does not

Yes.

pstejska_vsim::*> net route show
  (network route show)
Vserver             Destination     Gateway         Metric
------------------- --------------- --------------- ------
pstejska_vsim
                    0.0.0.0/0       10.216.33.1     20
svm0
                    0.0.0.0/0       10.216.33.1     20
2 entries were displayed.

pstejska_vsim::*>

route added manually:
Ramsdens::> net route create -vserver svmfiler -gateway 172.16.10.1
(network route create)

Ramsdens::> net route show
(network route show)
Vserver Destination Gateway Metric

Ramsdens
0.0.0.0/0 172.16.10.1 20
svmfiler
0.0.0.0/0 172.16.10.1 20

Ok looks good.

still no pings, wondering why some ports are showing as:
Ramsdens::> broadcast-domain show -instance
(network port broadcast-domain show)

           IPspace Name: Cluster

Layer 2 Broadcast Domain: Cluster
Configured MTU: 9000
Ports: Ramsdens-02:e0a
Ramsdens-02:e0b
Ramsdens-01:e0a
Ramsdens-01:e0b
Port Update Status: error
error
complete
complete
Status Detail Description: error: details not available
error: details not available
complete
complete

I may try a reboot of all devices

So the LIF on e0c can only ping the HA partner?

thats correct

Why a subnet mask of /23?

same IP on the HA partner

thats just the local subnet range

it will be /24 once live

What is your router set to?

172.16.10.1

That seems like that could cause problems.

If your network is /24, set it to /24.

my current network that I am configuring it for testing purposes is /23

I will have to reconfigure it when its in the live environment to /24

Hmm.

I wonder if it being in a different broadcast domain is why?

https://smartsolve.netapp.com/cdv#&asupids=2022011306120110&section=NETWORK-PORTS.XML&view=horizontal&refasup=2022011306120110&formatType=rowwise (for those internal and following along at home)

Reconfigure it to be in the default broadcast domain.

thats what I was thinking, should I just delete Default-1 and move the ports to Default broadcast dom?

Broadcast domains are a terrible name because it collides with the industry standard term, but it's a NetApp specific term that allows for multiple tenants.

yes.

So you could have company1 with IP 10.1.2.3 on e0c, but company2 with IP 10.1.2.3 on e0d for example.

ok understood, I shall give it ago

Cool.

I think you'll have to delete the LIF.

You may not, IDK.

What modell is your system? You're having issues in the Cluster vserver

How are ports e0a and e0b cabled?

No, it's because e0c/e0d are in default-1 broadcast domain

Not default

(Partner only so can't confirm this system in Smartsolve)

But in his Cmd above ports e0a and e0b of the node2 showed error

They're fine now.

can someone explain the logic behind the graphs in a way that justifies it? (not a production system but same concept applies to every single FAS or AFF we have in production)

the 72TB part?

yah i get what its trying to say but its just dumb to me

Yeah it's just trying to show the storage eff.

this is 9.8 on a FAS -

i miss this

the 8020 still runs 9.7 cause I 💟 classic mode and it makes it easier in the lab

9.9 shows used and reserved which pleases me

some of are systems are on 9.9 already

I've heard the calulation on the aggr comment a few times, i know several SEs have submitted a request to include a toggle etc on it.

i dont like "logical" used because that doesnt make sense either to me

yah its just a nitpicky feedback thing

while i care about space savings the metric that matters is actual consumption

i could have be deduping 8billion to 1

well after the 9.8 transition there was a lot of.. "feedback" from the whole of the community. So they are trying to make enhancements based on said feedback.

yah i gave my rep feedback lol

i can say that im super excited for ontap 9.12!

Heh that's being nice.

im a big fan of this tho

"professional"

i wasnt professional at all, we almost returned our last purchase lol 9.8+ is objectively trash but thats part of why im here, to talk about some of these issues i have with it and instead of complaining getting feedback to maybe make sense of it, i can accept change if it makes sense, i cant accept it just for the sake of being different

that was a smartass comment back to @dim roost 🙂

oh yah i got it, im just refering to my coversation with our rep

lol

I like the look of the UI better, but they shouldn't have taken away everything.

i used classic mode in 9.7 until the last second

I do like that newer versions you can upload (most) firmware via the gui

renaming (only in the interface for some reason) aggregates to tiers is just kinda just a malicious change done for the sole purpose to piss people off is the only way i see it tbh

yah 100% it does bring some really good stuff

yeah I still look for aggrs when I log in.

NetApp is constantly being slagged by the competition for being "too complex" so the GUI was "simplified" in an attempt to disprove the fud, there may have been a bit of an overcorrection there.

yeah, there's a lot of marketing out there "well it only takes us "Storage vendor X" 2 clicks to deploy a lun.

takes 1 click for some entry level tech managing your easy storage to take down the entire environment too lol

i dont really know the sales demographics of netapp storage, but everyone i know that manages netapp's on a day to day are engineer/architect level people

depends.

I've got a case where a DBA is working on a CVO and is the main contact.

but yeah, usually storage admins, but i've had customers that are 2-3 people in the whole of IT. and they just want to present out shares and luns.

Same ^^^

oof

i dunno maybe have a switch in the UI for "expert mode" vs "easy mode"

easy mode is a green button that says make stuff happen

that request is high up there 🙂

have entry level units ship with easy mode as default

have bigger units ship with expert mode as default

or the CLI 🙂

cli is fine up until you're literally forced for various reasons to use the gui and then ironically some features force you to use the cli lol

i used it for snapmirrors and peering. cause it's just 10x easier in the gui.

Agreed.

new ontap makes it effectively impossilble to configure snapvault relationships

i have to use cli for it

yeah. snaplock too. I think a lot of that though is to prevent folks from accidentally doing something.

just kinda drives me crazy making snapmirror the default, let me choose whats best for my company plz k thnx lol

(we dont want to use mirrorandvault)

also while im talking about it, I would like to see snapmirror relationship info on both sides plz

makes no logical sense to me that you can see every relationship on the destination but cant see crap on the source

thats just been a thing forever tho not really a specifc version issue.. just something i want

same for local tiering, much easier instead of manually creating the bucket via CLI

Not a big fan of the new ui, but the changes from 9.7-9.9.1 were in the right direction I feel, haven't looked at the 9.10 yet tough.
As long as they don't mess up the cli it has little impact on me since I do almost everything there
Still wish I could add comments to vlans though

omg this would be incredibly helpful

Snapmirror in the new gui is endlessly frustrating. I can sympathize.

the name of a broadcast-domain is usually my description for the vlan ports in it

I can't remember the last time I used the UI

I can it was about 30 minutes ago when yet another issue forced me out of the cli and had to provision aggregate from the UI

It is an aff c190
e0a and e0b on Node1 is connected to e0a and e0b on Node2

Hi ! Anyone know an estimated release time of snapcenter-Vcenter plugin 4.6 that suports Vcenter 7 Update 3 ?

Is where someone wo can help me. I nead for a emergency recovery the SANtricity Software. We have lost the system for Manage our Storage

There’s a command “snapmirror list-destinations “ that helps on the source

Except for the perty graphs, I CLI everything anymore. It’s usually faster and I have significantly more control

Did you get it working?

If no one here knows E-Series, maybe open a case?

So I removed the Default-1 broadcast domain and added the ports into Default Broadcast domain with the ports e0m from node1 and node2 and recreated the lif but still no Ping capabilities. I logged a case for my previous dns issue and they suggested that I create VLAN's but I wasnt sure how VLAN's going to help me in this case

Dang. I wonder why pings aren't working. That's bizarre.

just wondering, it doesnt matter which ports are in cluster does it? ie node1 e0a and e0b and node2 e0a and e0b?

Yeah depends on what HWU says.

according to the setup guide, it state use e0a and e0b from both nodes for the cluster

Yep, taht

That's right

When did you configure the default broadcast domain today?

Latest ASUP still shows default-1 but that was 10:30 UTC.

That new default-1 was created when I tried the vlans

I since deleted them

im talking about the GUI specifically. wanting something in the GUI doesn't exclude me also wanting or already having it the CLI.

Like I said in another post: I always use the CLI. It’s faster for me, I get more details and I control what I see.

What is the switch? Is it set to access ports? Is it the correct vlan? Is it set to trunk? If so are you using the correct native vlan or the correct tagged VLANs?

@tame marten You May want to delete the ports from the broadcast domain again. Then either wait or let ontap try to place them. After a few minutes, look at the log files (vifmgr) and see what ontap is or isn’t detecting

There is a new network command to force the scan again. I think it may try automatically after a few minutes

I don't enjoy typing constantly to see things that you could normally just have up as a reference graphically on a second screen, as I said in an earlier post there are too many issues forcing the use of the GUI and I'm going to have to swap back and forth frequently anyway, which is how i know that youre not being entirely forthcoming in your comments about only using the CLI or you're not using enough of it to encounter these issues, maybe just maybe you people realize that people do things differently and functionality that exists somewhere else entirely is not a solution.... its like having a car with no seats and you're overhere telling me its fine because i have seats in my truck

I have 2 HPE SN2010M switches, No VLAN's are setup on the switches. I just tried pinging the switches from one of the Default SVMS that got created and that can ping all, the issue is the SVM that I created does not ping anything. Even though the route is 0.0.0.0 /23 and gateway is set to the same as others 172.16.10.1

I have also tried removing the ports from the broadcast domain and putting it into the default one

What's the subnet mask of the gateway on the router/switch?

255.255.254.0 for both

I agree. If I got better details from the gui I might use it. For instance the screen on the space utilization is not good faking the saved space by rehydrating all snapshots giving a false sense of savings. That didn’t happen until recently and it was done due to competition. I get everything on the cli. You can ask ANY of the customers I work with. They start with the gui and I immediately have them go cli. I get everything I need there. I hate hunting through the ever changing gui to find anything. You are right there is one thing I use the gui for: firmware/ontap updates(since I no longer need a web server to do it)

Have you got any tcpdumps yet?

@tame marten so no VLANs on the switch, have you verified the port setup? I can’t tell you how many times someone thought it was correct to find or something was actually off.

Ah the LIF on e0d is on a different SVM.

Does e0c ping ok?

I think it may be time to gather tcpdumps if you haven't already.

[?] Mon Jan 17 16:01:32 +0000 [Ramsdens-01: vifmgr: vifmgr.bcastDomainPartition:error]: Broadcast domain Default is partitioned into 3 groups on node Ramsdens-01. The different groups are: {e0M}, {e0c}, {e0d}. LIFs hosted on the ports in this broadcast domain may be at the risk of seeing connectivity issues.

hmm..

This message occurs when the l2_reachability health monitor detects that the specified broadcast domain is partitioned; not all local ports in the broadcast domain have mesh Layer 2 connectivity to all other local ports in the broadcast domain. LIFs hosted on the ports in this broadcast domain might be at risk for connectivity issues.

Yeah I'm thinking switch config may be the issue here. I don't know HPE or I'd help you out.

Any VLANs?

I mean port chnanels.

That could do it. I had a customer last week accidentally turn up a port channel on their switch and it caused all sorts of issues (2 ports on each controller in the same Port channel!). As soon as the port channel was removed from the ports on the switch everything worked again

Thats the iSCSI svm

Either e0c or e0d is not pingable on both nodes

This is sort of the cabling, but in my case I have the e0m and Power connected on both nodes

Maybe can we see your switch config? IDK.

I can ping switch IP from the default Ramsdens SVM and 2 servers connected to the switches

ONTAP looks right from what I can tell.

This is just for port 16

but its the same for all ports

And the servers are also /23?

correct

I mean is there something like "show run" for the HPE switch?

I have been configuring the switches in the GUI, just accessed it from cli for the first time

I will need to learn some of these commands to figure it out

but no show run

:\

there seems to be a default vlan with all the ports though

Ok good.

I’d say you’re complicating connectivity a bit. I’d do e0c to the same switch and e0d to the same switch. Less confusion. Is there a link between the two switches? Is that set up properly? I don’t recall from above, can e0c on left node ping e0d on right node?

Also, maybe simplify a whole lot more. Create temporary fake lifs on the ports: 192.168.99.11-14 netmask 255.255.255.0? Then try pinging between those and see what’s going on. If they are access ports, any ip should work

No gateway, just simple ping.

Ok cool, I shall give this a go in the morning as its the end of the day here

I’ve done testing like this. For simplicity I use service-policy default-management and put them in the admin svm. Once I figure things out for my customer, we just delete them

Good idea!

Yeah. Eliminate whatever I can and KISS.

That or get tcpdumps of the pings so we can see if ONTAP is even getting the pings.

I’m with you though @dim roost I’d love to see the running config from the switch cli. GUI may be misleading

anyone tried configuring LDAP on ONTAP 9.9 yet? configured on CLI correctly to the designated SVM -- doesn't work (GUI vserver LDAP settings shows not configured)

only works after configuring from GUI

Haven’t seen that, have built 5-6 clusters on 9.9.1 the last few months. Specific patch version?

lol recently encountered that on a 2750 9.9.1 gui likes to gatekeep functionality which is kinda the common thread ive been talking about recently

9.9.1P2

Can anyone from NetApp let me know if customers are meant to have access to Fusion?

The answer is "No", found in Fusion FAQ.

I created 4 lifs on one of the default vservers which are connected to the switches, ports e0c and e0d on both nodes to 2 switches. If I do: Ramsdens::> network ping -lif PingTestLif01 -vserver Ramsdens -destination 192.168.99.14
it shows as alive and it is the case for all 4 IP addresses from each lif

so In which case, switches are fine, maybe the issue is with the svm that I created manually?

Did you raise a case at all? I've just checked the most recent 9.9.1P3 system I've built and didn't hit that issue. I have another one I'm doing on Wednesday and will try replicate the issue.

@tame marten what does “broadcast-domain show” look like? Try running this:
Network port reachability repair -node node-01 -port e0c
Repeat for e0c/e0d on both nodes. Wait about five minutes and do the broadcast-domain show again

Name Domain Name MTU Port List Status Details

Cluster Cluster 9000
Ramsdens-02:e0a error: details not available
Ramsdens-02:e0b error: details not available
Ramsdens-01:e0a complete
Ramsdens-01:e0b complete
Default Default 1500
Ramsdens-02:e0M complete
Ramsdens-02:e0c complete
Ramsdens-02:e0d complete
Ramsdens-01:e0M complete
Ramsdens-01:e0c complete
Ramsdens-01:e0d complete
2 entries were displayed.

Im not sure why the top 2 ports show as error details not avail, If I check the ports, they are showing as up/up

Also Ive done the repair thing above, so will wait and see what happens

So just thinking here. Create two data lifs. Please share thethe commands you are using. One LIF on node-01/e0c. The other on node-02/e0d. Leave the node-01/e0c one alone and use that at the source for a ping. Ping the other you created. If it works migrate the node-02/e0d to node-02/e0c. Try the ping again. If it works then move to node-01/e0d. If they all work then the Netapp is able to talk to each of the interfaces properly and the external communication is the issue

I created 2 vservers: svmfiler and iSCSIsvm. So its worth mentioning that I've tried creating 4 additional lifs for each port (n1/e0c&e0d and n2/e0c&e0d) in the svmfiler with /23 (same as cluster) and these lifs can ping each other and the lif on iSCSIsvm. However it cant ping the cluster managment IP or the node managment IP

In the grand scheme of things, thinking out loud, it wont be able to ping either the cluster or the node IP since the lifs have no gateway defined

Same subnet does not require a gateway

You do have a gateway defined for the admin svm and by proxy then the node mgmt ips since they are part of the admin svm

svmfiler
0.0.0.0/0 172.16.10.1 20

Right?

thats correct

I think it was asked: maybe a “network interface show” at this point May help

Ramsdens::> net int show
(network interface show)
Logical Status Network Current Current Is
Vserver Interface Admin/Oper Address/Mask Node Port Home

Cluster
Ramsdens-01_clus1
up/up 169.254.239.229/16 Ramsdens-01 e0a true
Ramsdens-01_clus2
up/up 169.254.85.36/16 Ramsdens-01 e0b true
Ramsdens-02_clus1
up/up 169.254.176.208/16 Ramsdens-02 e0a true
Ramsdens-02_clus2
up/up 169.254.30.206/16 Ramsdens-02 e0b true
Ramsdens
Ramsdens-01_mgmt1
up/up 172.16.10.181/23 Ramsdens-01 e0M true
Ramsdens-02_mgmt
up/up 172.16.10.182/23 Ramsdens-02 e0M true
cluster_mgmt up/up 172.16.10.180/23 Ramsdens-01 e0M true
iSCSIsvm
lif_iSCSIsvm_429
up/up 172.16.10.187/23 Ramsdens-02 e0d true
lif_iSCSIsvm_472
up/up 172.16.10.186/23 Ramsdens-01 e0d true
svmfiler
FilerLif up/up 172.16.10.183/23 Ramsdens-01 e0c true

if this is easier to read

Ok. So using Ramsdens-01_mgmt1 a the source, try to ping 172.16.10.180 then 172.16.10.181 then 172.16.10.182. That should confirm the e0M connectivity. This is the >same< network as everything else you have defined. If your networking outside the Netapp is correct then you works be able to ping any of the data lifs.

For kicks, take the svmfiler LIF. Are you able to ping it from node-01_mgmt1? What if you migrate it to each of the other ports node-01/02 ports e0c/d? Are you able to ping when it is at any location?

Reviewing above, where are your e0M connections? The picture you used above does not show the e0M connections to switches. It sounds like there is a connection issue between whatever switch is used for e0M and the data ports

so from Ramsdens-01_mgmt1 I can ping both 172.16.10.180 and 172.16.10.182 and also reach the gateway and dns server and same with Ramsdens-02_mgmt

I cant ping svmfiler Lif from the any of the managment IP's or the cluster IP

e0M on both nodes are connected to a data switch on the network

e0a and e0b on both nodes are connected with each other

e0M is not in the same switch as e0c and e0d. However the switches that e0c and e0d are on are also connected to the same network that the other switch is on

Yeah. So that data switch with the e0M connections is not communicating with the data switches with the e0c/e0d ports

Switch to switch problem.

not directly, but they are both on the same network

We can make your data ports work locally but there is an issue going through the other switch

Until the other switches can communicate with the switches pictured above and pass things correctly we will be running in circles

Are all these Netapp data lifs supposed to be on 172.16.10.0/23? Maybe the switches are blocking communication on that ip range?

Just checked pinging from the switches that e0c and e0d on both nodes connected and it doesnt seem like its pinging anything at all, even though it has IP's configured manually

so this maybe a starting point in which case, I need to re look at the switch config

Yes. If your network is that flat, it should just pass unless your switches (e0c/e0d) or the other switches (e0M) are misconfigured to talk and pass data

Once you get that fixed, redo the broadcast domain repair above and all the ports should end up in the same broadcast domain

switch that e0m is just a normal unmanaged switch connected to the network, switch that e0c and e0d are connected to is managed so possibly this is where I'm going wrong

hmm no case was raised since i was able to troubleshoot and workaround, trying not to open cases as it'll eat up my company's monthly quota

https://community.netapp.com/t5/ONTAP-Discussions/Broadcast-domain-bug-how-to-fix/td-p/168706
this seems similar to your scenario @tame marten

Any ideas if I can create a lif on the e0M port? I want the e0M port to be a management port aswell as a port to serve Data

Can’t run data protocols over e0M. Pretty sure ontap prevents that

is it an HP switch? its been a minute with hp switches but i think just show vlan output will show you the vlan(s) and what ports they're assigned to

Yes

i mean thats just my guess,ports are probably just configured already on a different vlan it does seem foreign to me to have data network on same vlan/network whatever as cluster managemetn but everyone is different i suppose

For simplicity and troubleshooting, I think flat is good.

Once we get this fixed, then we can look at getting more complicated.

sure , has he show his switch config yet?

i scrolled up a bit

didnt see it

No

I don't think he knows how.

And he's from UK, so makes it more complicated for me to troubleshoot.

If you know HP switches, feel free.

ah okay yah its probably evening or something over there then right now

does anyone know why we have to be a confirmed customer account to download the ontap select free evaluation now?

No.

@brazen jetty @uneven pulsar maybe you know someone who knows someone?

🤷‍♂️ I'll ask around. If I had to guess, it's probably a "competitive" thing.

The only minimum requirement was that you had a valid NetApp guest login, and not necessarily a validated customer. If that's changed, I'll see if I can find out why.

I think this question was asked on reddit a while back. and i'm 99.99999999% sure i recall the answer i went looking for was it's a competitive "thing"
That and we also have the test labs that are open to non-customers

Hi - I currently have an A200 snapmirroring to a FAS2554 for DR. Both run 9.7P5. ActiveIQ is suggesting upgrading the A200 to 9.9.1P6 and the FAS2554 to 9.8P8. I had always thought it was best to keep both side on the same build. Is this not accurate? Also, I'm about to add an A400 to the mix which will also snapmirror to the FAS2554 if that makes a difference. I'm going to be replacing the FAS2554 with something newer later this calendar year. Thank you!

snapmirror target doesnt "really" matter on revision

id personally keep the version sthe same on any in the same cluster

okay cool. thank you.

may or may not be best practice im just saying what i do

lol

I also don't upgrade unless theres a compelling reason to do so fwiw

yeah I'm the same way. The A400 just came with a newer build preinstalled so I was going to bring everything up to at least that level

Off the top of my head I think it might be that the 25XX platform doesn’t support 9.9.1 so you are being recommended the latest release that the hardware can take.

You can confirm in hardware universe, it will show you the supported versions for that platform. I just don’t have it open on my phone.

yep you are correct. the 25XX doesn't support 9.9.1

yah if thats the case i'd just not upgrade anything and keep everything at 9.7

i mean tbh i wouldnt upgrade past 9.7 unless you absolutely have to

I certainly don't have to. The reason I was looking at it was that the A400 shipped with 9.9.1 something. So I suppose I could leave the A200 and FAS alone and leave the A400 9.9.1, move the A220 and A400 to the same build and leave the FAS alone/move it to 9.8, or move everything to the latest 9.8

Mixed version SnapMirror is fine, unless you want to do SVM-DR. In that case you need to be within 2 versions.

There’s a great interoperability table on the docs site. Will see if I can find it. GUI quirks and that kind of stuff aside. There are a lot more reasons to upgrade to later releases than to stay on the older ones

In a lot of cases you’ll just get free performance upgrade as the software is improved etc

perofmrnace upgrade is super dependent on workload and model

In the context of what he’s said he’s running, it’s a fair comment

he didnt say what what kinda workload he was running

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Protection_and_Security/SnapMirror/SnapMirror_interoperability_between_ONTAP_versions

i think that's the chart you were referring to?

Yes that’s the one

Best advice, review the new features and improvements from 9.7-9.10 and decide what if any are applicable to your environment. Usually there will be something significant that will help pick a version.

We think this should be working for guest accounts and above. If you're not able to download it, please DM me your username or email and some screenshots so the team can take a look. You can also submit details of your inquiry as a non-tech case: https://mysupport.netapp.com/site/help

To add to this. If you even have 1 flexgroup, it's worth upgrading to 9.9.1. or even 9.10.1. There's some good enhancments from 9.7 to 9.10.1 with Flexgroup (and Flexcache).

And you would know!

will try again today and if it still doesn't work I'll do that

On going from my setup issue, It is infact the switches that's causing the dns issue. Switches was not actually connected to my network, it just had access for the configuration via the management port. Any way, I'm now trying to use another switch with couple of SFP ports which will be connected to my main network, anyone know if there are any specific requirements for C190 systems as so far I've tried 2 switches (circa 6-8 years old) and none seem to be bringing the port up on the Netapp

Your best bet in this case are to use optical transceivers. They eliminate compatibility issues. I suspect whatever twinax cable you may be using is not compatible on one or both ends. You can use Cisco coded twinax on the Netapp and it generally (not always though) works with most switches. You may need to get approved Netapp optics and then supported optics for your switch and a few fibers to connect. I’ve also heard of companies creating special one way twinax cables where they code each end. I had a customer code one end Intel and the other Cisco and it worked like a champ

Ok understood, I have ordered a small new TP link switch and TP link optical transceivers will test them out when they come

What is your network mainly using for switches?

Usually HP switches

Could you just put a domain controller on your test network for DNS?

And did you ever figure out if it is the switch causing the e0c/e0d port to not work?

I think switch was the issue because, I could ping e0c and e0d on each node which was only connected to the switch. Switch had no route to my core network therefore it would not ping anything else

Why not just hook to core network? You could put in a dedicated subnet/VLAN.

and the switch that the C190 is connected to only has SFP ports and the test bench its not close to a switch thats on the core network to hook the HPE switches.

Ok.

which is why I ordered another small switch that has both ethernet and SFP ports

the 2 switches that has not network access is only for cluster for ISCSI

What is actually the purpose for the C190? Will it host some of your critical workloads?

If yes I wouldn't cheap out on the front-end switches connecting the AFF to your hosts

Thank you for releasing ONTAP9.10.1 GA

Its for 2 purposes, 1: for fileshare for my company, which will have nothing to do with the switches and 2: ISCSI for SQL database which will be connected to HPE switches and then to 2 servers hosting the SQL database

The cheap switch is just for testing purposes for now, once I know it works, I will purchase a better switch for the live environment

This might be bit of a vague question but how does ontap licensing work with the hardware purchase nowadays? Is there a way you can choose not to pay for some of the features (certain data protocol,snapmirror,snapshots...) or is it just all included. Thanks!

Some licenses are always included (like most data protocols). Earlier they were included in what was called the Base Bundle, now it's the Core Bundle. Its value has even increased since some licenses (like Flexclone and Snaprestore) have been moved to the Core Bundle from higher Bundles.

There is no more Premium/Flash Bundle but the higher bundles have been split into smaller ones with more descriptive names like Data Protection Bundle, Hybrid Cloud Bundle, Anti-Ransomware Bundle, etc

it's possible but not easy to get get your account rep to offer individual feature licensing over the core bundle

most of hte time not worth the effort

the only thing i've quoted serpratly for licensing has been Snaplock, but OG1 is correct, we just went through an "overhaul" of how things are bundled etc. best to chat with your account team on the details.

All the protocols have always been bundled together as far back as i can remember and are still currently.

ive purchased flexclone as a stand alone license before but that was kinda a unique use case

yeah I can see that.

we actually had one customer switch to the - back then relatively new - A400 with the Core bundle because they needed FlexClone and with the A300 you would need to get the Premium/Flash bundle and there was no need for all the SM/SC stuff inside

Thank you all!

I know it's not a official netapp product but was anyone able to update Nabox 2.6.4 to 3.0 ? Web upgrade keeps failing for me with array[0] file not found error.

I don’t see it there now. There used to be a note that due to significant structure changes it is not possible to upgrade to 3. You need to start over again. It was not even possible to import data from 2.x.

I do not know if that has changed since 3 became stable but I would doubt it. You may want to start over. The upgrade file is there to likely upgrade the beta to to stable

I can confirm that. They changed their database in the background if I remember correctly. Mo migration and no export/import.
As you loose all historical data we will have both appliances running as long as we need the historical data or export some of them in a manual way.

i need help with my storage management like i can someone help me remove apps i dont need

i have 6 GB of storage left

Storage management on what, exactly?

my pc in files

https://support.microsoft.com/en-us/windows/tips-to-free-up-drive-space-on-your-pc-4d97fc4a-0175-8d49-ac2f-bcf27de46d34

Take a look at this article and see if that helps

From my previous conversation, I am trying to enable SMB for fileshare but getting the following error: "The Active Directory machine account was not created for the following reason: SecD error: no server is available."
I have configured DNS already and the node lif can ping the dns IP's. I have also tried creating an A Record on my DNS server but to no avail. Has anyone seen this before?

Open a case. Support will help

ok no worries

@tame marten Did you get a case opened ok?

My previous case I opened is relating to the same issue, I emailed the agent dealing with it so just waiting for a reply

Ok.

God.

i need 8.3.1 software for fas2040 how can i find it

its available on the supporr site

https://mysupport.netapp.com/site/products/all/details/dataontap8/downloads-tab/download/30092/8.3.1P1/downloads

8.3.1?

On 2040?

Nope, not gonna happen.

You mean 7.3.1?

oh didnt read 2040

lol

Unauthorized Access to Me! says

you need a valid support contract to download software.

but a 2040 won't run 8.3

A question about switch from NVE to NAE. When we have all volumes in an aggregate still with volume encryption and want so switch to aggregate encryption we can issue the vol move command with "-encrypt with aggr-key true" within the aggregate. How long does this take depending on the Volume size. Is this a complete vol move like transfering it from one aggregate to another or is this only "internal" and takes only a few seconds/minutes

It would probably do all the blocks, so I'd imagine normal vol move time

thanks Paul

I've never done it, so there is the possibility I could be wrong.

But I'd imagine it would have to crawl file system.

no you are not, we've tried it in the meantime and it's like a vol move from A to B

Ok good.

Trying to create a Volume for Fileshare but I cant have it to the correct size I require. whole system contains 12.1TB and then that's split into 2 aggregates, leaving 6.06TB on each aggregate. I want the Volume to be 8TB. Is there anything I can do to get it they way I want?

NAS or SAN?

NAS

Assuming NAS, just create a FlexGroup across both nodes.

Oh...it's you again lol sorry didn't realize.

Did you get networking figured out?

And CIFS set up?

Just to confirm Flexgroups can only be done for NAS and not SAN?

yes.

Right.

Its all relating 😂

If you want to do something similar with SAN, create multiple LUNS then in the guest OS set up a volume group (Linux) or spanned volume (Disk Manager in Windows).

I think I have got the SAN bit sorted for ISCSI, I need to figure out how to get the fail over cluster working on the HPE servers

So I got the DNS configured, SMB enabled, Created a Volume and Share and tried to access via explore but no luck, permissions are set to everyone

joined to a domain?

yes

Eww CIFS permissions.

are you comfy with the CLI?

getting there

Maybe trigger a fresh ASUP?

::> autosupport invoke -node * -type all

This whole thing has been a headache but Im learning 😂

vserver cifs check -vserver <vserver>

hmmmm

SecD Error: no Conenction avail

Is your AD domain controller on the same /23 subnet as before?

it is

If it's on the corporate network, then it won't work.

Hmm.

Can you ping from the data lifs?

Only thing I havent done is the PTR record

I can ping both datalifs locally from my laptop

see if the data lifs can ping the DC.

do you see the vserver object in AD?

ping -lif <lifname> -vserver <svmname> a.b.c.d

I can ping DC with both lifs yes

You mean within computers?

yeah.

also make sure it's in an OU without any policies applied.

I was there but not anymore for some reason

cifs-server... should this be the \filepath I will be using or the netbios name?

TBH I really don't know.

\server\path

\\

\\1.1.1.1\path

CIFS permissions are a bit outside of my skillset. I just don't have enough experience to effectively answer every question.

i'll fill in Mr NFS perf

when needed

😄

Doesn't mean I'm completely ignorant either. lol

So...vserver cifs create -vserver Filernew -cifs-server Filernew -domain mydomain.co.uk
should mean \ipaddress\Filernew?

the gui is oddly easier to join the domain

\ipaddress\filernew

why does it remove one of the backslashes lol

it's a discord thing to invoke other stuffs.

do 3

\\ip\path\to

ok so from above command my filepath will be \ip address\Filernew?

\\ip address\Filernew*

the IP address or host name is the name or the data lif of the vserver.

so it's really \\vserverwhateverDNSname\share\path to files

just to clarify that

remind me.. what ONTAP version? 9.9.1?

9.8P3

lets look at the gui.

if you go here. What's SMB/CIFS show

wider crop:

I'm not sure - is a valid character in that name

I just created it by accident

gona delete it

yeah the - is odd there.

right the - is gone

Ive done vserver cifs check -vserver Filernew
and now its showing as up

also odd that the AD object is missing, i would try and rejoin it.

ah cook

cool

its now in AD

can you browse?

the share

should I not create share first?

?

oh, thought it was.

sure.

well the Volume is created, Ive mapped the share to that vol

One thing I do know: I think it has to be mounted in ONTAP as well.

the gui should auto create the junciton path when the volume is created

cli no

Thats correct, I will delete it and try again

if you drop the volume, it'll show you some info.

Mine looks all similar

gona test access now

surely shouldnt take this long? Im trying both Lifs too

should be pretty quick

you trying via IP?

Although mine does show NFS as enabled

shouldn't matter I just have mine separated

Even though its disabled

I am trying with IP

and you can ping.. \

locally yes

what if you just browse to the server \\server ip \

you mean to my DC?

from your desktop to the data lif on the netapp

thats what I am trying, I have 2 datalifs, trying to access \172.16.10.183\Filernew

\*

-\

you know what I mean lol

is filernew your share name?

yes also the cifserver name

Can you even get to \\172.16.10.183 without a share?

no just keep loading now

and let it error out.

chance are it's a time out, not an auth error

ok lets see how it goes

I think I got an auth error before

auth is usually pretty quick. which makes sense when cifs check was getting the sec errors

but you can ping it from the same box.

I can

and I can ping from the lifs to anywhere on the netwokr

in the CLI does vserver cifs show look like this:

yes but the server name is just Filernew

need to pick this back up in the morning as its end of the day here now 😦

np. kick off an asup. i'll look through it

I think paul knows your serial #. i can get it from him.

Search SmSo for cluster name

Randems right?

Ramsdens*

10-4. got it

Did you get a support case?
autosupport invoke -node * -type all

looks like above didnt work

i saw it. didn't create a case, I wanted to review the ems log.
but i noticed that there was a log of this message "secd.cifsAuth.problem:debug".

the last one was maybe 20-25 minutes before your manual asup triggered.

new different issue now... I can access "\172.16.10.183\Filernew

but only on servers that I login with my ad credentials

sounds like there are some AD gremlins.

"event log show" will show you the errors

should it be NTLMv2?

if memory serves me, isn't that for local auth?

let me check docs after this zoom i'm on

and im not sure why its using \Ashen Perera, its suppose to be \ashen.perera

something sounds goofy with the AD auth/hand off for sure.

Ramsdens::> event log show
Time Node Severity Event

1/28/2022 14:09:39 Ramsdens-01 ERROR secd.cifsAuth.problem: vserver (Filernew) General CIFS authentication problem. E rror: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 172.16.11.15
[ 0 ms] Login attempt by domain user '.\Ashen Perera' using NTLMv2 style security
[ 0] Using a cached connection to "mydomain.co.uk"
[ 3] Authentication failed with DC ADDR. Not retriable. (Status: 0xc0000064)
[ 4] Login attempt by local user '.\Ashen Perera' using NTLMv2 style security
[ 4] User is not known
[ 6] Using a cached connection to "mydomain.co.uk"
[ 12] Unable to find the NetBIOS domain name for Active Directory '.'
**[ 12] FAILURE: CIFS authentication failed
[ 16] Using a cached connection to "mydomain.co.uk"
[ 23] Unable to find the NetBIOS domain name for Active Directory '.'

thats the full error

seems like it's trying to us AD and then trying local, and failing because that users doesn't exist locally.
I"d say there still some issue(s) talking back to the Auth server.

i also found this - https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Access_to_CIFS_share_fails_with"Authentication_failed_with_DC_DC-Server._Not_retriable._(Status%3A_0xc0000064)"

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Troubleshooting_Workflow%3A_CIFS_Authentication_failures

just a thought... do I need ldap configured?

is it configured in your environment overall?

all our AD servers are ldap servers

i would configure it and see

right will give it ago now

keep getting this error when trying to complete the DN

Base DN specified in the LDAP client configuration is not available for the following reason: LDAP Error: The distinguished name has an invalid syntax.

DN should be
dc=mydomain,dc=co,dc=uk
if my domain was mydomain.co.uk

?

that looks right.

also should both svm ldap and global ldap configuration should have the same -client-config name?

i'd just keep it to the SVM.

ok will delete and start again

this might be helpfull for you. https://docs.netapp.com/us-en/ontap/authentication/configure-ldap-server-access-task.html

that is what I followed but it seemed to have created 2

one for the Filernew SVM and one for the Global

hurm.. been a while since I ran though that setup. maybe i'm forgetting something?
any errors though ?

just a warning

Warning: "LDAP" is not present as a name service source in any of the name service databases, however, a valid LDAP configuration was found for Vserver "Filernew". Either configure "LDAP" as a name service source using the "vserver
services name-service ns-switch" command or remove the "LDAP" configuration from the Vserver "Filernew" using the "vserver services name-service ldap delete" command.

should the passwd database be ldap instead of files?

i have never changed those... um... do you happen to have a support case open on this yet?

Yes I do, the person dealing with it is off untill Monday however

you can request a new case owner.

unless you want to wait for that person.

its almost the end of the day now and nothing will be done over the weekend, so I might aswell wait untill Monday

I will just keep playing with it

damit you cant have the same ldap on your svm as your admin svm

Came here to ask that very thing.

Good morning, I tried to download the ONTAP simulator from the NetApp support site, but the page disappeared. Does anyone know where I can find it?

https://mysupport.netapp.com/site/tools/tool-eula/simulate-ontap/download

Thank you for the information. I tried to access the site, but there is no page and it takes me to the top page of Tool.

I just checked and the ONTAP simulator page now appears, probably because it has been updated with the addition of ONTAP 9.10.1.

Hello everyone,
Is there any way to learn or reset manufacture mode password for sldiag mfg command?
I have an error like below;
"SLDIAG: Only authorized personnel can use this command in normal boot mode."

Following on from my issues with setting SMB for fileshare, can anyone explain or assist on why I can browse a SVM Share from windows explore but cannot map as a network drive as getting an error stating "the network name cannot be found"

NAS L2 Support.

:\

Get a packet trace and see what it is attempting to map.

I think its a windows credential issue

it seems to work ok on a device that has no credentials added

What are you trying to achieve?

if you want to run sldiag, you have to be in boot maint/diags mode - control c at startup and choose from the boot menu

manufacturing mode is only for manufacturing 🙂

we have a fas3xxx series mainboard and i want to change the model of v3xxx via sldiag.

Unfortunately we can’t assist with that. There is not a way to set or reset the SLDIAG password

thanks for your replying

(I of course mean manufacturing mode password, not SLDIAG one, but the result is the same. It's not a password which can be set or reset)

Hello all

Anyone here using Unraid in there Netapp Case?

like a home lab hack-job?

I guess you can say that

Are there any specific cases that would work well with the unraid setup?

Basically just wanting a case that can hold several 3.5 SATA HD's and also be able to have a Decent MOBO and Processor for Docker containers and VM's....It would also be ideal for this case to be rack mountable

NetApp shelves are JBODs. there are people that buy old ones off ebay and hack into their home lab.
Nothing i'd recommend for anything production.

something like this - https://forums.unraid.net/topic/89444-how-to-configure-a-netapp-ds4243-shelf-in-unraid/. via google-foo

Thanks for the info, I know Unraid takes care of the Raiding process based on the amount of chosen Parity/Cache Drives ETC, however as mentioned this will be primarily be a home lab server for tinkering with Different Apps, VM's and Docker Containers....As of now I have a measly Medium Sized ATX cases with a 10TB and 3TB Hard Drive running unraid which I recently setup however the reason for my question is based on how I would go about expanding into a more suitable case and more Drives and also a much better Processor (12 Cores) and a lot of RAM 🙂 ... I recently came across some Chassis which caught my eye which is more so what I am looking for instead of the NetApp Config...https://thesysadminchannel.com/best-homelab-server-2020/

One of those babies should do just Fine...

@worldly meadow Personally, I would find a cheap controller pair to hook the shelves to rather than trying to hack together the right HBAs and disk fw to make it usable in JBOD mode. You'll have a much, much better experience.

One thing to note, I believe the fans in the shelves just spin at 100% when ONTAP (our OS) isn't there in an attached controller to ramp up/down.

I'm definiteily a yuge fan of ZFS for my lab and while im not sure if its still applciable to the later versions of the simular older ontap sims you could remove the size limitaions and that made labs a lot more "authentic" to what we run in production

*lets ignore how much i butchered spelling

In f8040-26-33 is showing connected to port number 46 con12d20 in snolw ls but con12d20 not showing in port number 46 in anyone is not connected

Hey Hari, did you need help with something?

Hi @here
Hope you are doing well!
Actually I am facing an issue with Netapp SDK while collecting the Lun's performance data. I am getting the below error
ta_ontap.OntapClient.ClientSideError: [OntapClient] Client Side Code Error 13001: Aggregated instances requested for the lun object exceeds the data capacity of the performance subsystem, because it includes 7928 constituent instances. With the current counter set, use the -node, -vserver, or -filter flags to include at most 2612 constituent instances in order to stay within the data capacity. Alternatively, requesting fewer counters will also reduce the required data and may allow more instances to be requested.

Can you please guide me to solve this issue. Is there any way to decrease the constituents instances or any other approach .
PS : I am using the splunk plugin (Splunk addon for Netapp ONTAP).
Thanks!

@here Can someone help me on this?

Thanks for your response, Much appreciated. Can you explain a bit more about picking the right HBA's etc..? What would you recommend for a case to store several HD's to run Unraid at a high level with a good mobo and maxed out RAM and can be Rackable or not?...Either is fine.

I ended up building a whitebox HA pair with OTS on a couple super micro boxes. not the cheapest option by far, but fully functional, and quiet enough to keep running under my desk. I still use the sims a lot, but mostly in nested lab environments. The PPD is getting ready to block us from running them on our laptops so I'll probably end up carrying a miniature version on NUCs if travel ever becomes a thing again.

Hello community hope you are doing well, I would like to upgrade the Santricity OS from 8.20 to 8.40 but my Santricity Manager is on 11.42, is this a problem? Do I need to upgrade the manager to 11.53 first? Thanks in advance and best regards

Hello, working on sending our config backups to a remote site. I wanted to check if it supports sftp as a destination. I know the KB doesn't say so but wanted to just cover all resources.

This should be in the IMT I would think.

I tried to upload it via sftp in diag mode and got an error when I tried sftp. command failed: Invalid URL scheme. Only one of (FTP , HTTP , HTTPS , TFTP , FTPS) are valid.

@quaint ether thanks for trying. I figured that was the case since it wasn't in the documentation but figured I would ask.

Question around NFS sharing on a volume with NTFS permissions. Currently, if I have 1 Linux user on a linux server mount a volume with NTFS permissions as NFS, I create a unix to windows user mapping in ONTAP for that Linux server to the Windows user that has permissions to the share. If I have 2 or more Linux users that need to access the same NFS mounted share, is it as simple as adding those additional unix to windows user mappings as the concept of a unix group permission doesn't seem to apply when using NTFS permissions for the volume? I tested it that way and was able to access on the Linux server with all the users I created the user mapping for but wanted to confirm that was the correct route.

Hey everyone I am looking to upgrade my VMware environment to 7.0U3. I'm currently running Ontap 9.7P11 on a FAS2650. I'm having a hell of a time getting the IMT to play nice to tell me if it's supported or not. What am I doing wrong in the IMT? I click next and it never does anything. Any tips? Thanks!

Correct, user must map to the Windows user.

Yes, IMT can be a pain to get to some solution.

Is there a button on the bottom?

But the main question here is: What kind of datastores are you trying to use / are you using?

NFS datastore or VMFS datastores?

There is no general interoperability between ONTAP and vSphere, it's more about solutions and if you want to add NetApp plug-ins to the vCenter Server.

As a first general step go to this tiny miny link on the lower left of your screen

and use "Solution Search"

everything else sucks, trust me

Then: If you want to use NFS datastores, you are mostly good to go, with NFSv3 there is not too much to consider. If you want to use NFSv4.1 check the "NFS v4.1 Interoperability" solution because you will need to make sure your ESXi version is not too old, because there have been bugs, major ones, with older versions.

Also use the "NetApp NFS Plug-in for VMware VAAI" solution if you want to know which version of NFS VAAI plug-in you can use with which ONTAP version and ESXi version... there is no 100% need to use NFS VAAI (to offload some stuff to ONTAP) but if you decide to use it, make sure you have the correct version. Otherwise... things can happen.

If you plan to use VMFS datastore there is much more to consider: Use the "ONTAP SAN Host" solution and FILL OUT ALL THE STUFF.... yes, there is much.... what hba, hba driver, hba firmware, etc.

The last thing which is relevant in regard to compatibility between ONTAP and vSphere is if you are using some kind of plug-in, like "ONTAP Tools for VMware vSphere" (the old VSC), "SnapCenter Plug-in for VMware vSphere", etc.

that's basically it

also "Active IQ Unified Manager" can interact with vCenter so if you're using that (and I can highly recommend) it's also a good idea to check that solution

Concluding: If you still have issues with the site, I would suggest to use private mode on your browser. Yes, you will need to type in that OTP again, but there have been sooooo many issues with some old cookies on NetApp sites I can't even keep count

I really really hope IMT is also one of the tools which gets rewritten from scratch 😕

@plush storm @clever river Drew Claybrook is off today, but he has some contacts who can maybe forward on the feedback.

If you want to send it to me, my e-mail is first dot last at the company we work for dot com

(obfuscating because of spammers on a public forum)

If this feedback is not already known, everything is lost

It probably is, but the more voices who give feedback give more attention to the issue.

basically the top one... for years

Ah.

@plush storm We are using NFS v3 on one stack but NFS v.4 on another stack. No VMFS. Just need to verify these two

Am I seeing this correctly... the "old" version 9.8 of ONTAP Tools now has ESXi 7.0U3 support, but the new version 9.10 does not? 🤨

I'd e-mail IMT team and ask @plush storm

done

Has been fixed now

As of a few hours ago, ONTAP 9.10.1P1 has been posted to the NetApp Support Site

did they rename tiers back to aggregates? did they enable thin provisionining at the time of volume creation in system manager? Did they change "overview" to useful information or is it still links to other part of system manager" did they add BACK the ability to create a snapvault relationship from system manager? for 9.10

i need to go look at the GUI in 9.10.1. I actually haven't yet 🙂

i gave up when 9.9 was just 9.8 with some slight modifications i am not hopeful. 😦

9.8+ is just OnTap as envisioned by marketing and morons

They do keep adding things back in based on feed back from the field.

heres to hoping.

completely off topic. im trying to convert an existing volume to encrypted using vol encryption conversion start etc etc when i go to specificy the volume "-volume" every volume I have shows up except the one I want to convert.. its subsequently the newest volume. any ideas?

nope i should work in marketing. i already encrypted it so it doesnt show up

lol

lol

'i was checking to see if i could find a list of reasons of why something isn't able to encrypt

if you forced the name, it might error saying that.

haven't tried

I was going to ask if it was already encrypted...

lol very much an ID10T error

As of ontap 9.9.1 ( and maybe even some patch releases of 9.8), create a volume in the GUI. Modify options, select the pull down for performance. Select the custom. Boom. The aggregate list fills in

Hey friends! I'm running ONTAP 9.5 in an on-prem deployment. I'm trying to delete a vserver that has an orphaned CIFS server attached to it. I need to delete it (and the vserver), but the domain in question Is No More.

There are several articles out there about how to force a CIFS server deletion, but I'm not really getting anywhere with them. Details follow.

thats sounding like an smdb table problem. if you're headed toward a decom then I'd suggest just deleting all the vols and stopping the svm. later when decom time arrives 4a the whole system. scorched earth, no more svm.

I'm inclined to agree - it shouldn't be necessary to demonstrate "no records found" when I do a vserver show.

Also, I've been working with NetApp filers for a long time and I don't think I've ever heard the expression "4a" - is that something from the boot loader?

i've heard of 4 and 9a/b. but each is a wipe

at the boot menu

gotcha. I think between destroying the aggregates, doing the disk sanitization procedure, resetting the encryption on the SEDs, AND doing a boot loader wipe I should be able to generate enough artifacts to say "yep, all data gone"

Isnt there a "secure erase" procedure in the boot menu as well? We used to have something like that. I know because I had to use it once about 10 years ago. Might have been a 7-mode thing

there is

Yes disk sanitisation in maint mode

There's also secure purge

but. on a volume

This is probably want you want - what Jason said.
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Using_disk_sanitization_to_remove_data_from_spare_disks

the only thing it can't do is give an official certificate. even we use a 3rd party for that

it's different for 9.6 and later. https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Systems/FAS_Systems/How_to_sanitize_all_disks_in_ONTAP_9.6

oh wow, that article looks like exactly what I need. I might have to upgrade to 9.6 or something just to do this (assuming it won't work in 9.5)

One of the two filers I need to decommission just alerted for a failed hard drive, one I won't be able to get replaced (but I also don't care). Is a single failed disk going to stop me from doing any of these procedures, do you think?

shouldn't, but you could just yank it out too

true. I'll have to get onsite hands to do just that. (of course the filer that dropped a hard drive is the one that's remote)

Thanks Mike, appreciate you finding that article. Any reason to believe the procedure wouldn't work on 9.5?

nope.

you don't have SEDs correct?

Some SEDs. I know there's a different procedure for that.

Looks simple enough. Destructive things usually are

this system has to be returned? or would just a hammer work?

(Last time I decommed a filer with all flash SEDs I forgot to do that part and disconnected the KeySecure too early. I had to do a LOT of shenanigans from the boot loader to get those drives wiped correctly while also generating artifacts showing same.)

I'm honestly not sure what's going to happen to these filers, but I know I need to generate artifacts demonstrating Really Truly No Data, Honest. While I'd love to take it out to the range with the boys I don't think that's gonna satisfy my stakeholders

got ya. go with the wipe.

You’re right. 4a is the old old version from like ontap 6 or 7. I still use it as slang for system wipe but modern options are 4 and 9.

a long time ago in a galaxy far far away.

In the Before time…

Good morning, does anyone of you know how to open the NetApp Fas2040 interface

and how can i read out my key

hmmm error

hi there @coral cargo - two questions there. second one is easiest - you don't need that command on a FAS2040. It relates to hardware encrypted drives and there are no hardware encrypted drives for a FAS2040, so unless you have no internal drives, and only encrypted ones in an external shelf, I don't believe you need that

first question - each controller has a serial interface you can login to, which gives you access to the CLI. You can also access the CLI by SSH or telnet (unless turned off, which it should be) to either the BMC management IP or any of the IP addresses that serve data

there is also a GUI for management called OnCommand System Manager, which is a java and flash applet, and difficult to run on modern hardware

Hi, Hope all is fine! Just want to ask a question. We currently have AFF A250 with 14 disk inside and running only 1 AGGR in production. If we add another 10 disk to utilize all the bays, will it be partitioned by the system or we need to do it manually. TIA for all the answers.

I'm not entirely sure when and how ONTAP decides to auto-partition or not. But anyways. You would want to also partition the new 10 disks so you can add them to the existing aggr. That way you only lose two disks for parity information. If you create another aggr or even another raid-group inside the existing aggr you will have four parity disks in total (assuming you are using raid-dp).

What's the size of the SSDs?

It could maybe make sense to create another aggr for the second node so you can utilize both nodes. But that mosty depends on the layout of your current aggr. Did you use both partitions?

SSD Size: 1.92TB,SED,NVMe,25GbE,Core,NVE

When when we created the aggregates, we just click the recommendation and it created automatically and says its the best practice.

When I checked, It has given us aggr at node 2 with 8.42TB only.

also, when I command sysconfig -r in the system on both nodes, it says that it has aggr in both node but when I type aggr show, it only show the aggr in node 2..

Can you post the output of "run -node * sysconfig -r" and "aggr show"? Write these cmds in the clustershell not in the nodeshell. I guess you are mixing up root aggrs and data aggrs.

Hi, kindly see attached txt file.

just to inform you, there are two NetApp devices clustered in there. the other one is FAS8200.

The aggr-design of your AFF A250 is correct and as I imagined what ONTAP would do for it's recommendation.
You definitely have two aggrs on your A250: AFFA250_01_NVME_SSD_1 and AFFA250_02_NVME_SSD_1.
Each one is only using P1 or P2 partitions so everything good so far.

If you would add 10x more SSDs you could easily increase the size of your existing aggrs. ONTAP should automatically partition the disks and then add the partitions to the existing raid-group. It might also try to create a new raid-group inside your existing aggrs, so you possibly have to increase the maxraidsize value. If you have a valid support contract I would not suggest to create new raid-groups but to fill up the existing ones (so set the maxraidsize to 23).
Otherwise you will lose too much space. (The recommended raid-group size for SSDs with RAID_DP is between 20 and 28.)

What is weird though is that aggr AFFA250_01_NVME_SSD_1 from node AFFA250-01 is not shown in your "aggr show" command.

Please provide the output of the following commands:

set diag
version -node *
system image show
cluster show
node show
cluster ring show
debug vreport show -instance
system node run -node AFFA250-0* sysconfig -a
aggr show -aggregate AFFA250_01_NVME_SSD_1 -instance
aggr show -aggregate AFFA250_02_NVME_SSD_1 -instance
set admin

oh while we're at it, also this (I can't see the ASUPs of this cluster but the NetApp guys can):

autosupport invoke -node * -type all

I can check later, just need a cluster name. feel free to DM if needed.

@loud musk I understand you're interested in a storagegrid lab? Do you work for one of our partners, or are you a customer, or just interested?

done triggering autosupport also. Thanks for the help NetApp Community Team.

There is an inconsistency between VLDB and WAFL:

FAS8200Cluster01::*> a debug vreport show -instance

                     Object type: aggregate
                          Object: AFFA250_01_NVME_SSD_1(b78ec714-6ad6-476b-acd6-93672720b9f8)
              List of attributes: Node Name: AFFA250-01
                                  Aggregate UUID: b78ec714-6ad6-476b-acd6-93672720b9f8
                                  Aggregate State: online
                                  Aggregate Raid Status: raid_dp
                                  Aggregate HA Policy: sfo
                                  Is Aggregate Root: false
                                  Is Composite Aggregate: false
           Reason for difference: Present in WAFL Only
         Duplicate Object Values: -
Attributes With Differing Values: -
                  Values In WAFL: -
                  Values In VLDB: -
                 Recommended Fix: -

Please create a NetApp case to fix this. I can't really recommend anything else. There are ways but you really shouldn't try to fix this on your own, especially if it's a production system.

I'm not sure how you managed to get in this situation, this does not happen often.
I can see you updated your cluster to ONTAP 9.9.1P6 on 2/12/2022. But the older image is not on the same ONTAP-version for all the nodes. So I guess you added some nodes to the cluster after that date?

okay. thanks guys for the help. Actually I already reported this to our local vendor but they are not yet replying to my email yet.

regarding the updating of the systems, we had a series of Ontap upgrade last February with our systems since we are planning to cluster all NetApp devices. right now FAS 8200 and AFF 250 is joined already and the other devices are still for upgrade and later will also join the cluster.

My guess would be you added the new AFF A250 nodes to the existing FAS8200 cluster but did not completely destroy the old aggrs from the SSDs of the A250.

Anyways, ask your vendor for a NetApp-case you shouldn't fix this on your own.

hmmm.. I remember my colleague configuring the AFF A250 system an HA and created an aggregate because he did not know that we will join it to cluster.

but I also ask him to re initialized the disk after that.

anyway, we'll have a remote session with NetApp support team possibly this coming week and let's see what they can find. I will try to keep you posted. thanks again @plush storm! NetApp#1!!!

This is also weird:

slot 0: 25G Ethernet Controller CX5
e0c MAC Address:    d0:39:ea:4a:ae:7e (auto-10g_cr-fd-up)
    SFP Vendor:         Amphenol
    SFP Part Number:    NDCCGF-N102
    SFP Serial Number:  APF21289413922
e0d MAC Address:    d0:39:ea:4a:ae:7f (auto-25g_cr-fd-up)
    SFP Vendor:         Amphenol
    SFP Part Number:    NDCCGF-N102
    SFP Serial Number:  APF21289413994
Device Type:        CX5 PSID(NAP0000000015)
Firmware Version:   16.26.4012

All the links for your cluster interconnect should be 25Gb since 10Gb is not supported on AFF A250. You should have both links up with 25Gb especially because the HA traffic is also going over these ports.

Also make sure you're using the correct RCFs files on your cluster interconnect switches

They have provided us the download link and it is in NetApp HWU.

About this, We had a discussion with the vendor already, they will change the HBA since they gave us wrong config. We only use FC protocol in our DC but they gave us something for ISCSI.

Hi, I have a question related to GCP

On GCP I subscribed to Netapp Cloud Volume with a billing account 1 and created some volumes. Now I changed that billing account to a reseller, which cannot subscribe to Netapp Cloud Volume anymore

How can I view my created volumes?

Hi everyone ! Anybody know how i can license key from netapp support site at these hardest nowadays due russia-ukrain crisis? May be someone can help me to got license key ?

Hi @covert wyvern, Is there a specific error message you're seeing? Do you mind letting me know what region/area/country you're in so we can try to ensure responses are accurate?

thank you for your answer. I am from Russia, and when i try to login to support site i got message, that my accout was deactivated. I have a new storage systems, which are metrocluster solution, but i cant setup it without license..

hi @covert wyvern you would need to talk to the reseller about that. I assume you have bought this system brand new and not on the secondhand market?

hi. yes, this system is new and our resseller also from russia, and they also have deactivated account..

Unfortunately I am unable to assist further at this time. I suggest you remain in contact with your reseller and follow their advice

ok, thank you in any case, colleagues ! have a nice day all !

Hi...I am having trouble finding dowlnoad for system manager

netapp support site would not let me download

I received one FAS2240-2 box and I would try to test it in homelab

Hi all! Technical question: I have 2x10GE ports per node available for data traffic. I'd like to combine SMB and iSCSI lifs over preferably an LACP channel using these two ports. Is this supported with iscsi mpio?

Yeah, you can see it's done here from the storage side in this flexpod CVD. https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/UCS_CVDs/flexpod_esxi65u1_n9kiscsi.html#_Toc24993351

I think you still need a valid support contract to download that. Do you have one?

No Mike, I got the box for free...As I remember before there was free downloads for management tools, but it is somewhat strange that netapp is requesting support contract for basic stuff on 10 year old hardware?

what error do you get when you try and download it

unauthorized download...and I get link to contact sales to buy support :)

doh

Products

All Products

OnCommand System Manager (Downloads)

3.1.3

Unauthorized Access!

If you would like to purchase, please contact NetApp

few years ago I was managing some similar FAS and downloads were free even on my personal account not tied to client acc

Hi @heavy mirage, we can't comment what practices were in the past, but at this time all downloads require an account with a valid support contract (even though you can't get one for a FAS2240 now..).

Yes. It is supported to have the interface group at the Netapp side then use VLAN tagging to separate the cifs and iscsi traffic. Most clients do not support any bonding like Microsoft and even ESXi

Thanks guys, will use jumbo frames on ifgrp and then SMB mtu 1500 vlan next to iscsi mtu 9000 vlan on the ifgrp - that should work

General question. Is there a handle to ask questions about netapp ontap select software. We have been having significant issues with that solution.

Hi there, if the issues are significant I would strongly suggest you open a support case. We are best equipped to deal with architectural questions here on discord vs operational ones. You are welcome to ask in here, but a support case may be the best option

@here I am facing the below error
ta_ontap.OntapClient.ClientSideError: [OntapClient] Client Side Code Error 13001: Aggregated instances requested for the lun object exceeds the data capacity of the performance subsystem, because it includes 7928 constituent instances. With the current counter set, use the -node, -vserver, or -filter flags to include at most 2612 constituent instances in order to stay within the data capacity. Alternatively, requesting fewer counters will also reduce the required data and may allow more instances to be requested.
Any help will really be appreciated .
Thanks!

is there an option to delay a Metrocluster Update on a Site? So at the moment both sides are updating their nodes simultaneously. Can we force ONTAP to upgrade one site first an then the other?

long story short. no.

thanks 😄

Hi all, is 15 Seconds IO timeout for NFS okay? When you failover?

Depends on your network but it seems quite long to me. Did you do an unplanned failover or anything planned? Metrocluster switchover or HA takeover?

Happens on every lif migration.

Seems long, have any arp timeout issue somewhere or an issue with arp updates/gARP acceptance?

Usually lif migration I expect 0-2 pings dropped

So funny story (and why I'm not doing an upgrade today). The network team went through and ratcheted down some STIGs on our enclaves a few years ago, and everything was 'fine'. Our head guy has always said 'don't watch the toast toast' during a NetApp upgrade, and after having watched one of our old units too closely one time, I decided to just take his advice and not pay too much attention to the cluster while it did its thing.

Anyhow, some weeks or months go by after the network shop had done their thing, and I fire off an upgrade. Walked out of the office to hit the restroom, chatted with some folks down the hall, totally took my time knowing that these units were going to take about 25 minutes/node to complete. I badged back into the lab, and everyone was freaking out. Widespread burps and outages.

"Where were you?" Uhhh.... totally not watching the toast. Turns out the network team had disabled gratuitous ARP, and our LIF failovers, which usually drop 1-2 pings and move on like you said, were going down hard and wouldn't respond until the ARP cache expired. All of the VMware datastores are on the appliance, so when those NFS LIFs went, boooooooy did we notice. I don't know if disabling gratuitous ARP had become a new thing in the STIG at that point or if we had carried it as open without properly documenting our needs, but holy cow it made for a fun Friday. It's properly documented now. 🙂

oof...

https://tenor.com/view/the-simpsons-homer-simpson-doh-annoyed-grunt-gif-4040641

https://tenor.com/view/homer-simpson-the-simpsons-bush-hide-gif-6118837

Ping runs without an issue. NFS gets a 15 -20 second timeout. NO IOs in this period

Performance Monitor on the impacted VM during IOMeter run with fixed IOPS.

the dip is the lif migration

ping -t during the time from the esx host which runs the VM to the NFS lif didn´t drop any packets

Hello! I want to get statistic information (Latency, IOPS and Throughput) in System Manager, by CLI.
I learned 'sysstat -x' in node shell would solve. But I am not sure how I can translate sysstat result into Latency/IOPS/Throughput. Any advise please?

What version of ONTAP are you running?

It's 9.7

So you can gather certain performance information at different levels,

At the disk level you can use commands like https://docs.netapp.com/us-en/ontap/performance-admin/check-disk-response-times-task.html#
At the volume level you can use commands like https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_display_top_volume_IOPs_in_ONTAP_9

However, having said that, you may want to check out ActiveIQ Unified Manager, it's a separate tool for managing your ONTAP based systems and includes gathering and presenting performance information in nice graphs for you to view.

https://mysupport.netapp.com/documentation/productlibrary/index.html?productID=62791

There are some cluster level CLI commands as well I believe, like "dashboard performance show", "cluster statistics show", and statistics show-periodic -interval 1

So hopefully that has given you enough info to move forward. 🙂

Thank you very much for information!
Let me try this.

Yep. I have seen this first hand. It seems to “secure” VLANs, they are asked to disable gARP on the VLANs. When I tested failover, heck I just tried to migrate a LIF, and it failed. As soon as we enabled the gARP, things were normal

Hi All... I am trying to setup iSCSI on my netapp C190. I have created 4 lifs and a Vserver for iSCSI and added all 4 lifs for the vserver. These lifs then get connected to 2 switches, which then get connected to 2 HPE servers. I can ping all lifs from both servers but if I try to ping the servers from netapp, it seems not to be pinging. To get a better understanding:

I created a subnet with a range of 172.16.40.2-40.6 when I created the lifs

Are you using 2 switches?

I am

Is the difference going across switches?

So I didnt change any cables and it worked before

Sounds like you didn't set up the intra-switch switching right.

cant remember doing that previously

True, but I remember you having some pinging problems before.

DId you wipe the switches?

Thats right, I had this same issue and I manage to get it working after trying few things

Switches arent configured

So go back through the few things you tried and try them again. 😄

Lol only if I taken notes the first time 😂

I am taking notes this time though

Didn't you talk about it here?

I did

Maybe it is in the chat history?

I had a look, someone suggested check igroups

I don't know HP switches at all so I have zero clue

Fully indexed and searchable, discord is!

anyone else read that in Yoda's voice, or just me.

https://tenor.com/view/laugh-yoda-star-wars-old-yoda-chuckle-gif-17180360

I've reset the switches, I dont understand why I can ping all 4 lifs from the servers but not the other way around 😦

Go back through your old chats. I have no idea.

A diagram may help. Like how is it all wired up?

I think you or @quaint ether helped initially. 😄

can't ping from the storage side to the host side? and are you specifying the lif that the ping is going out of?

storage side, I can ping from the host side

Physically this is how it is:
Green ports (Nd1 e0c & Nd2 e0c) are the ones that are working fine
Red ports (Nd1 e0d & Nd2 e0d) doesnt seem to be making a connection in the iSCSI initiator
These ports go into 2 switches which are then connected to the HPE servers.

I don’t get that iSCSI config. What you should have:
2 VLANs with different Subnets (they are your fabrics A and B)
1 IP per fabric (Subnet) per Server (2 in total)
Per SVM 1 IP per fabric (VLAN) and per Node (4 in total)

Best to not use any gateway and keep it a layer 2 network for each fabric

I second that. ^

When all IPs are in the same subnet how do you control which path is used? It is possible that the ping is received on one IP but the reply is send via the other IP and the route is known and will be used

i scrolled up. - based on the pings it looks like it's two different networks, but not.

He mentioned a subnet for all storage IPs. With that, all traffic need to be routed via layer 3 and routes will be used

Some old-ish diagrams but in general you want it like the guys have said above. Create effectively two fabrics.

Then you add the paths to your hosts and the hosts will handle MPIO

And if it's in the same VLAN/subnet, it avoids any spanning tree or asynchronous routing issues.

And it's quicker since it only has to go to layer 2 but never layer 3, which takes less CPU and hops.

Less networking CPU

i swear we had an express guide for iscsi at one point for windows / esxi

There might still be. The FlexPod guides cover it pretty well too, just ignore the fabric interconnect parts

found this one - https://docs.netapp.com/us-en/flexpod/pdfs/sidebar/FlexPod_Express_with_Cisco_UCS_C_Series_and_NetApp_AFF_C190_Series_Deployment_Guide.pdf

C190 and c series

iscsi express from 8.3 https://library.netapp.com/ecm/ecm_download_file/ECMP1547466

the GUI is way the hell different, but concepts are more or less the same.

config by host type -https://docs.netapp.com/us-en/ontap-sanhost/index.html

I have setup VLANs at the switch level. I have set 3 VLANs. 1 for all iSCSI traffic, one for all other traffic and one for Switch cluster. As mentioned it worked before with the same config as, I've backed up the switch config and reset both switches and uploaded the config back

Anyway: build a fabric. iSCSI needs to have 2 VLANs. If you don’t want to build it properly no one can help you, sorry

Hi guys, is there interoperability between ONTAP version and ONTAP Mediator for Metrocluster IP?

So for example, if you're using ONTAP 9.10.1 in your Metro-IP you need update to Mediator 1.3, etc

I can't find anything in IMT, HWU, KB, Docs, etc

🤷‍♂️

I oddly can't either. i'm going to ask an MCC SA i know.

"All Mediator versions are supported on MetroCluster IP configurations running ONTAP 9.7 or later."

https://docs.netapp.com/us-en/ontap-metrocluster/install-ip/concept_mediator_requirements.html#network-requirements-for-using-mediator-in-a-metrocluster-configuration

you know if there is a cli version for this

there might be.

I have added a gateway to the subnet I created for iSCSI, and I think it doesnt need a gateway, maybe this is where I went wrong

typically iscsi networks aren't route-able.

https://docs.netapp.com/us-en/ontap/pdfs/sidebar/SAN_management_with_the_CLI.pdf

that maybe?

I will remove everything to do with iSCSI and start from scratch, it may decide to work this tieme

any one know what security style is used for iSCSI: unix, ntfs, or mixed.

we always use unix

but it should not really matter

with SAN SVMs

Ok thank you

ah nice, I missed that sentence 🙈

Still no luck after reset, I must be missing something....😦 does interface groups have any relevance to iSCSI?

Nope - if they're healthy / up and configured correctly (switch side too)

It must be a switch thing as I can ping all lifs from the host side, but not all host ports from the lifs

@tame marten Please paste the output from „network interface show“ here

iSCSI
iSCSILif1 up/up 172.16.40.2/24 RAMSDENS-01 e0c true
iSCSILif2 up/up 172.16.40.3/24 RAMSDENS-01 e0d true
iSCSILif3 up/up 172.16.40.4/24 RAMSDENS-02 e0c true
iSCSILif4 up/up 172.16.40.5/24 RAMSDENS-02 e0d true

RAMSDENS::> net port reachability show -port e0c
(network port reachability show)
Node Port Expected Reachability Reachability Status

RAMSDENS-01
e0c Default:iSCSI ok
RAMSDENS-02
e0c Default:iSCSI ok
2 entries were displayed.

RAMSDENS::> net port reachability show -port e0d
(network port reachability show)
Node Port Expected Reachability Reachability Status

RAMSDENS-01
e0d Default:iSCSI ok
RAMSDENS-02
e0d Default:iSCSI ok
2 entries were displayed.

RAMSDENS::> net port show
(network port show)

Node: RAMSDENS-01
Speed(Mbps) Health
Port IPspace Broadcast Domain Link MTU Admin/Oper Status

e0M Default Management up 1500 auto/1000 healthy
e0a Cluster Cluster up 9000 auto/10000 healthy
e0b Cluster Cluster up 9000 auto/10000 healthy
e0c Default iSCSI up 1500 auto/10000 healthy
e0d Default iSCSI up 1500 auto/10000 healthy
e0e Default Filer up 1500 auto/1000 healthy
e0f Default - down 1500 auto/- -

Node: RAMSDENS-02
Speed(Mbps) Health
Port IPspace Broadcast Domain Link MTU Admin/Oper Status

e0M Default Management up 1500 auto/1000 healthy
e0a Cluster Cluster up 9000 auto/10000 healthy
e0b Cluster Cluster up 9000 auto/10000 healthy
e0c Default iSCSI up 1500 auto/10000 healthy
e0d Default iSCSI up 1500 auto/10000 healthy
e0e Default Filer up 1500 auto/1000 healthy
e0f Default - down 1500 auto/- -

So LIF 1+3 must be VLAN A and LIF 2+4 must be VLAN B

Build 2 different networks. Make sure that lif1 can’t reach lif2

Otherwise it won’t work

This is already the case, but when I try to setup the fail over cluster on the host, it fails on network communication.

No, this is not the case. Your LIFs on the NetApp are all in the same network, their IPs are too close to each other… this are not different networks.
You need to do this not only on a physical layer but also on a logical layer. This is not FC so you need to do a bit more than just having 2 switches

But they are VLAN'd through the switch, is that not right? This is how I had to before when it was working

But your subnet ist 172.16.40.0/24 where all your LIFs are located, why not creating different subnets (maybe a little bit smaller than /24) for the different VLANs?

This subnet is only for the lifs and 4 NIC on the hosts and has no gateway. Not sure what difference it would make having a smaller subnet or are you suggesting have different subnets per node?

anyone done a lot of LUN moves under 9.9.1 ? Any reason this would drop from 54% back to 25% ?

What I'm trying to say is make your VLAN the same size as your subnet. Define some subnet for example /27 or /28 and use a unique VLAN for it.

No, that's weird. Anything in event log show?

(run from diag)

there is not a lot in the logs.. i did see a lot of WAFL scans running so maybe either an Aggr or Vol scan happend ? its no big deal it finished eventually

Weird. Maybe a perf archive would show something as it has some counters, but oh well.

Maybe it hit a checkpoint and had to restart a certain stage?

hello team!

is there any update regarding the trial version of ontap select. I have received many comments that the trial cannot be accessed because it requires an active support contract?

Also, I would like to know if there is any initiative to provide NFR licenses for people who have netapp certifications?

I've always heard that too.

NFR?

Honestly this sounds like a question for your account rep.

There's not anything like that that i'm aware of. Even before I joined netapp I have (and helped write) just about every non-cloud cert NetApp had, including SME and SME elite and NFR was never even talked about. There are labs out there for testing or the sim.

You can get temp keys for trials on systems via your account team. But they will expire after x time.

NOT FOR RESALE.

O

sorry, NFC, why that was all caps

It's been a while since I checked, but it at least used to be accessible from a guest account. Though maybe they broke that in the last big support site update. I had a guest level account for checking these things but I think it died.

I'm pretty sure they tightened up licensing now for stuff like that.

If you buy a cheap CVO you should be able to be upgraded too.

well I got back into my guest account and its supposed to be here:
https://mysupport.netapp.com/site/info/product-evaluation