• Configuring IP routes

    PDF

    Configuring IP routes

    About NAS server routing

    You configure the IP interfaces and routing settings independently for each NAS server.

    Configuring routes for responding to client requests

    There are two ways to configure the routes for responding to client requests:

    • Configure routing with IP packet reflect enabled.
    • Configure routing with IP packet reflect disabled.

    Every outbound packet sent in response to a client request always exits thorough the same interface that the inbound request used. This does not depends on IP packet reflect settings.

    When IP packet reflect is enabled, you do not have to configure routing to clients that connect to the storage system, because the reply packets are sent back to the host or router where the packets came from. IP packet reflect is disabled by default.

    Requests that originate from the Unity system cannot leverage IP packet reflect, so you may still need to configure routing for external services, such as DNS and LDAP, when IP packet reflect is enabled.

    When IP packet reflect is disabled, each NAS server interface uses static routing for directing packets to their destinations. To configure routes for responding to client requests, use the per-interface routing table, which is located by selecting Show external routes for interfaces on the Network tab of the NAS server properties page. You can add, modify, and delete routes in this table. Each route in the routing table directs a packet from the NAS server interface to which the route is linked.

    With static routing, the system does not check the link status or router availability. IP reflect, however, provides a return response that uses the request path of the client, without regard to the servers default or statically configured routes. If there is a router failure, replacement, or IP change, IP packet reflect supports the correct routing without interrupting the client connection.
    Configuring routes to external services

    In most cases, the NAS server interfaces are configured with a default gateway, which is used to route requests from a NAS server's interface to external services. You can add or view the default gateway for each NAS server interface by accessing the External Services Access Routes table. To access this table, select the Routes to External Services sub-tab on the Network tab of the NAS server properties page.

    You can add or view default gateways by accessing the Manage Routes page, which displays all routes configured for the storage system in one place. To access this page, select the Settings icon, and then select Access > Routing.

    You can add additional routes to these tables, as you would to any standard routing table, and you can modify or delete existing routes. When you make changes to routes in one table, the changes are reflected in the other table.

    In a complex environment, you may need to configure granular routes to external services. To access a server from a specific interface through a specific gateway, add a route with the following information following to the External Services Access Routes table:

    • From: <interface_ip>
    • Type: host
    • Gateway: <gateway_ip>
    • Destination: <external_server_ip>
    • Netmask/Prefix Length: 255.255.255.0

    For example, to configure resilient DNS access, the standard recommendation is to configure the NAS server with three DNS servers, with each being accessed by a different physical or virtual connection. To do this:

    • Add three DNS server IP addresses to the NAS server DNS configuration.
    • Configure three NAS server interfaces, with each on a different physical port and/or VLAN.
    • Add three routes as shown above, with each using a different NAS server interface IP and a different DNS server IP.

    To access a server located on a different subnet, add a route like the following with the following information to the External Services Access Routes table.

    • From: <interface_ip>
    • Type: net
    • Gateway: empty
    • Destination: < subnet number>
    • Netmask/Prefix Length: <length>
    NAS server routing tables

    The per-interface routing table specifies routes from NAS server interfaces to client hosts. The system logic for picking the route of the per-interface table follows these rules:

    • The routes are chosen from the NAS server's interfaces.
    • The chosen interface must be active.
    • If there are multiple routes to the same destination, the route specified by the preferred interface is chosen.
    • If there are multiple routes to the same destination and there is no preferred interface, the most specific route takes precedence over the other routes. The order of precedence is host, net, default, with host being the most specific

    The External Services Access Routes table is dynamically created by merging the per-interface routing tables with preferred interface information. The system chooses the best possible routing configuration when NAS server interfaces are added, modified, or deleted, either manually or through replication changes. The system logic for picking the route of the External Services Access Routes table follows these rules:

    • The routes are chosen from the NAS server's interfaces.
    • If there are multiple routes to the same destination, the route specified by the preferred interface is chosen.
    • If there are multiple routes to the same destination and there is no preferred interface, the most specific route takes precedence over the other routes. The order of precedence is host, net, default, with host being the most specific

    For both routing tables, the system logic also contains algorithms for handling more complicated configurations.

    NAS server interfaces

    When you modify an IP interface for a NAS server, you can specify whether it:

    • Is a production or backup interface.
    • Is a preferred interface, which is used for outgoing communication with non-locally connected hosts.

    Preferred interfaces for NAS servers

    If you have multiple interfaces configured for a NAS server, the system will automatically select the interface that the default route uses for outgoing communication to external services. To change which interface is selected, you can specify preferred interface settings.

    The NAS server uses preferred interfaces in the following circumstances:

    • The application does not specify the source interface.
    • The destination is on a remote subnet.
    Locally connected hosts, which are attached to the same subnets as the NAS server interfaces, are accessed by using corresponding interfaces directly, and not through the preferred interface gateways.

    You can select one preferred interface for each of the following interface types:

    • IPv4 interface of type Production
    • IPv6 interface of type Production
    • IPv4 interface of type Backup & DR Testing
    • IPv6 interface of type Backup & DR Testing

    When the Preferred Interface field is set to Auto (the default), the system selects the preferred interface automatically, based on how many routes the interface has and how wide the destination range is of its routes. For most user environments using Auto provides an optimal selection of the preferred interface.

    When a NAS server initiates outbound traffic to an external service, it compiles a list of all the available network interfaces on the proper subnet and performs one of the following actions if a preferred interface of the appropriate type (IPv4 or IPv6) is in the compiled list:

    • If the preferred production interface is active, the system uses the preferred production interface.
    • If the preferred production interface is not active, and there is a preferred active backup interface, the system uses the preferred backup interface.
    • If the preferred production interface is not active (as in the case of a NAS server failover), and there is no preferred backup interface, the system does nothing.

    If a preferred interface is not in the compiled list, the underlying operating environment platform chooses the network interface.

    IP Packet reflect functionality for NAS server interfaces

    IP packet reflect functionality for NAS servers ensures that outbound (reply) packets always exit through the next hop gateway through which inbound (request) packets entered. Because the majority of network traffic on a NAS server (including all file system I/O) is client-initiated, the NAS server can use IP packet reflect to reply to client requests. IP packet reflect is disabled by default.

    Interface selection is not affected by IP packet reflect settings.

    IP packet reflect provides the following advantages:

    • With IP packet reflect, there is no need to determine the route for sending the reply packets.
    • Improves network security. Because reply packets always go out the same next hop gateway as the request packets, request packets cannot be used to indirectly flood other LANs. In cases where two network devices exist, one connected to the Internet and the other connected to the intranet, replies to Internet requests do not appear on the intranet.
    • Supports multiple subnets, with each on a different NIC. With this configuration, each subnet uses a router, and the router port for each subnet filters incoming packets, so only packets from that subnet are forwarded. Replies, therefore, must be sent through the same next hop gateway as the incoming requests. IP packet reflect satisfies this requirement.
    • Helps clients that have a single IP address and multiple MAC addresses. Although unusual, this configuration creates a problem for the server if IP packet reflect is not enabled. For each IP address, the NAS server keeps only one associated MAC address in the Address Resolution Protocol (ARP) table. With IP packet reflect enabled, this problem is resolved, because the server does not need to look up the MAC address from the ARP database for the reply. Instead, the server uses the MAC address of the request to send the reply.

    Manage NAS server network interfaces and default routes

    Procedure
    1. Under Storage, select File > NAS Servers.
    2. Select the NAS server to modify, and select the Edit icon.
    3. Select the Network tab.
    4. Make the desired changes as follows:
      Task
      Description
      Add a network interface and default route
      1. In the Network Interfaces field, select the Add icon, and then select the type of IP interface to add.
      2. Select the port and enter the IP address for the new interface.
      3. Optionally enter a gateway to use for the default route.
      4. If the switch port supports VLAN tagging, optionally specify a VLAN ID (between 0 and 4095) for the VLAN with which the NAS server is associated. If the NAS server is associated with a tenant, you must select a VLAN ID.
      Modify a network interface
      1. In the Network Interfaces field, select the network interface to modify, and then select the Edit icon.
      2. Modify the desired values.
      Specify or change the preferred network interfaces
      1. Select Change Preferred Interface.
      2. Select the appropriate preferred interfaces or select Auto.
      Remove a network interface
      Select the network interface you wish to remove from the NAS Server configuration, and click the Delete icon.
      If you delete a preferred interface, the system will select a new preferred interface.

    Manage NAS server routes for responding to client requests

    Procedure
    1. Under Storage, select File > NAS Servers.
    2. Select the NAS server, and then select the Edit icon.
    3. Select the Network tab, and then select the interfaces for which you are configuring routes.
    4. Select Show external routes for interfaces, near the bottom of the screen.
    5. To add a route, select the Add icon in the per-interface routing table, and then specify the relevant information.
    6. To change a route, follow these steps.
      1. Select the interface in the network interfaces table.
      2. Select the route and select the Edit icon in the per-interface routing table.
      3. Specify the relevant information.

    Manage NAS server routes for external service requests

    Routes for external service requests are routes that the system uses to request external services, such as LDAP or DNS.
    Procedure
    1. Under Storage, select File > NAS Servers.
    2. Select the NAS server, and then select the Edit icon.
    3. Select the Network tab.
    4. Select Routes to External Services.
    5. To add a route, select the Add icon, and then specify the relevant information.
    6. To change a route, select the route, select the Edit icon, and then specify the relevant information.
    7. To hide default and local subnet routes from view, select More Actions > Hide default and local subnet routes.

    Enable or disable IP packet reflect for a NAS server

    Before you begin
    You can enable or disable IP packet reflect for each NAS server. IP packet reflect is disabled for all NAS servers by default.

    Before you disable IP packet reflect, make sure that the hosts are reachable through a default, network, or host route. Otherwise, some hosts may become unavailable when IP packet reflect is disabled.

    Procedure
    1. Under Storage, select File > NAS Servers.
    2. Select the NAS server to modify, and select the Edit icon.
    3. Select the Network tab.
    4. In the Packet Reflect field, select the Edit, icon, and then select Enabled or Disabled.

    Verify NAS server routes

    You can verify NAS server routes using the Ping and Trace operations. You can verify routes from all system interfaces, except the management interface.
    Procedure
    1. Under Storage, select File > NAS Servers.
    2. Select the NAS server, and then select the Edit icon.
    3. Select the Network tab.
    4. To verify routes from a specific interface:
      1. From the Interfaces & Routes sub-tab, select the interface, and then select Ping/Trace.
      2. Fill in the requested information, and select Ping or Trace.
    5. To verify routes from any interface:
      1. Select the Routes to External Services sub-tab, and then select Ping/Trace.
      2. Fill in the requested information, and select Ping or Trace.