IBM Spectrum NAS Network Guide

IBM Spectrum NASVersion 1.7.0.0

Network Guide

SC27-9231-00

IBM

This edition applies to IBM Spectrum NAS, Version 1.7.0.0, and to all subsequent releases and

modifications until otherwise indicated in new editions.

© Copyright IBM Corporation 2018.

US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP

Schedule Contract with IBM Corp.

IBM Spectrum NAS is a Software-defined storage solution that provides file storage and offers an

active/active storage solution to the end user.

This manual provides a detailed description of the networking layer associated with the IBM Spectrum NAS

solution. It explains the concepts behind the different types of logical networks that can be configured with

the IBM Spectrum NAS Management Tool, and describes the steps required in the network configuration

process. A number of use case examples are included to better illustrate the configuration process.

For installing the nodes, see the IBM Spectrum NAS Installation Guide.

For installing the Management Tool and setting up the storage cluster,

see the IBM Spectrum NAS Quick Setup Guide.

When preparing the network part, refer to the IBM Spectrum NAS Network Check List.

Network Overview ....................................................................................................... 4 Logical Networks ........................................................................................................... 4

Management Network ............................................................................................. 4 Private Network ........................................................................................................ 5 Public Network .......................................................................................................... 5 Antivirus Network ..................................................................................................... 6

File system Networking ................................................................................................ 6 Advanced Network Interface Configuration .............................................................. 7

Bonding ...................................................................................................................... 7 VLAN ........................................................................................................................... 7

Network Configuration How-To .................................................................................. 9 Network Interfaces Configuration ............................................................................... 9

Advanced Network Interface Configuration .......................................................... 9 Enabling IGMP .............................................................................................................. 10 Logical Networks Configuration ................................................................................ 11

Management Network Configuration .................................................................. 11 Private Network Configuration ............................................................................. 14 Public Network Configuration ............................................................................... 14 Antivirus Network Configuration .......................................................................... 15 Deleting Logical Networks ..................................................................................... 16

File System Network Configuration ........................................................................... 16 File system network configuration at creation time ........................................... 16 File system network configuration at a later time .............................................. 18 Multiple Public IPs .................................................................................................. 19

Use Case Examples .................................................................................................... 20 Use Case 1: One File system ...................................................................................... 20 Use Case 2: One File system with Bonding .............................................................. 22 Use Case 3: One File system with Bonding and VLAN ............................................ 24 Use Case 4: Two File systems, isolated with File system mask .............................. 26 Use Case 5: Two File systems, isolated with VLAN .................................................. 28

Getting Help ................................................................................................................ 30 IBM Spectrum NAS Support ....................................................................................... 30

Appendix ..................................................................................................................... 31 Bonding Options .......................................................................................................... 31

IBM Spectrum NAS Network Guide | Version 1.7.0.0

IBM Spectrum NAS Network Guide Version 1.7.0.0 2018

4

In an IBM Spectrum NAS storage solution, there are four types of network traffic to consider:

Management – for managing and monitoring the storage nodes and the cluster

Private – for node-to-node synchronization

Public – for client access to file system shares

Antivirus – for communication between the storage nodes and antivirus servers

Logical Networks

For each type of traffic, there is a Logical Network that is created and configured in the IBM Spectrum NAS

Management Tool:

Management Network

Private Network

Public Network

Antivirus Network

The management network and private network are configured and automatically created during the wizard

that adds storage nodes to a cluster. The public network is created later, prior to creating a file system. The

antivirus network is optional, and can be created prior to enabling antivirus functionality on a file system.

During their creation process, all logical networks are associated with physical interfaces that exist on the

storage nodes. The physical interfaces themselves can be configured to use VLAN and bonding, to improve

performance.

Multiple file systems can be placed on different subnets, accessed by multiple public networks. It is also

possible to place multiple file systems on the same subnet and isolate them by using the File system mask

parameter. Multiple public networks can also be used for adding more than one public network to each file

sysem.

When assigning IP addresses and network masks to the logical networks and the file systems, the various

subnets that are created must be kept separate (i.e. they cannot overlap). It is recommended to have a

complete plan for all subnets that will be created, prior to beginning the installation of the cluster. See the

IBM Spectrum NAS Network Checklist.

Management Network

The main purpose of the management network is to provide a communication path between the IBM

Spectrum NAS Management Tool and the storage nodes. The management tool manages and monitors the

storage. As this network is mainly used for gathering information from the storage nodes and distributing

configuration changes to the nodes when the administrator makes modifications, the requirements for

latency and bandwidth are moderate.

During the wizard that adds storage nodes to a cluster, you must configure the management network for

each node. For each node in the cluster, you pick a network interface, an IP address, a network mask, as well

as DNS, Gateway and NTP addresses. The management network is created automatically and it cannot be

deleted later, throughout the lifetime of the cluster. The interface, the network mask, the IP addresses, as

well as DNS, Gateway and NTP addresses of the management network can be changed later at any time, on

any node. You can have just one management network per cluster.

The management network may be configured on the same network interface and with the same IP address

as the private network. Keeping them separate, however, provides better performance.


5

For the management network to function properly, IGMP must be enabled on all switches. IGMP is a feature

that allows intelligent forwarding of multicast traffic.

The management network is the recommended path to use in the communication between the storage

nodes and a number of external servers:

The NTP server that keeps the time synchronized among nodes (mandatory)

The E-mail server used for sending e-mail management alerts (optional)

The SNMP Trap Receiver that receives management alerts from the nodes (optional)

The Syslog server that receives important log messages (optional)

The reason to prefer the management network for these types of traffic is to avoid using other networks

(Public, Private or Antivirus) which are dedicated to the regular operations of the cluster (data access from

the clients, data synchronization between the nodes).

The decision on which network is used for each type of traffic is influenced by the IP address of the external

server (NTP, E-mail, SNMP or Syslog) and the routing configuration of the node. If the IP of the server is on

the same subnet as the management network, then this network will be used. If the IP is on the same

subnet as another network, that network will be used. If the IP is in a subnet different from all existing

networks, then the default gateway on the management network will be used.

Private Network

The private network is used by the storage nodes to communicate with each other.

During the wizard that adds nodes to a cluster, you must configure the private network for the node. For

each node in the cluster, you pick a network interface, an IP address and a network mask.

During the process, the private network is created automatically and it cannot be deleted later, throughout

the lifetime of the cluster. The interface of the private network can be changed later at any time, on any

node. However, the IP address cannot be changed, on any node. You can create just one private network

per cluster.

The private network may be configured on the same network interface and with the same IP address as the

management network. Keeping them separate, however, provides better performance.

For the private network to function properly, IGMP must be enabled on all switches.

Public Network

The public network is used by external clients to connect to one or more file systems created on top of the

storage. It is also used by the storage nodes to communicate with the Active Directory, when a file system is

joined to the Active Directory.

The existence of a public network is a prerequisite in order to create a file system. When creating a public

network, you choose a name for the public network and, for each node in the cluster, a network interface

for that particular public network. The interface can be changed later, at any time, on any node.

The public network is not assigned IP addresses or network mask at creation time. Instead, the IP range

(with network mask, file system mask, DNS and Gateway address) is configured when the file system is

created. The result is that a file system is created with one primary public network. Additional public

networks can be created and then added to any file system after creation.

It is possible to use the same public network for several file systems. In this case, the traffic is separated by

using the file system mask of each file system, thus creating separated “slices” in a single subnet, one for

each file system. It is also possible to create multiple public networks on a cluster, to support clients in more

than one public network. Each file system can be configured to have one or many public networks assigned

to it.


6

Antivirus Network

The antivirus network is used to optimize the communication between the storage nodes and an external

antivirus server, when the antivirus functionality is enabled on the cluster. There is no need to create an

antivirus network if you do not use the antivirus functionality on the cluster.

It is possible, though not recommended, to enable the antivirus functionality without creating an antivirus

network. In this case, one of the other logical networks will be picked (depending on routing configuration),

which may negatively impact the performance of the cluster.

When creating an antivirus network, you must choose a netmask for the antivirus network and, for each

node in the cluster, a network interface and an IP address for the antivirus network. This must be on a

subnet that is able to reach the antivirus server.

The interface, the netmask and the IP address of the antivirus network can be changed later at any time, on

any node. You can have just one antivirus network per cluster. An antivirus network can be deleted later, at

any time.

File system Networking

In order to create a file system, a public network is required. When created, it is only associated with a

physical interface. All other networking configuration is postponed until a file system is created.

When a file system is created, it is associated with an existing public network and gets assigned a network

mask, a file system mask, a Gateway address and a DNS address (one of each per file system). At the same

time, for each storage node, an IP address is added. These are the IP addresses that external clients connect

to, in order to access the file system shares. This IP range is the primary IP range for the file system.

When choosing the IP addresses and the network mask of the file system, the subnet thus defined must not

overlap with any other subnets in use by any logical network or other file system.

The file system mask parameter can be used to allow several file systems to use the same subnet. The file

system mask effectively “slices” the subnet, so that each file system uses a separate IP range and the traffic

is thus kept isolated among multiple file systems.

Multiple public IPs (multi IP) makes it possible to add more than one network and IP range to each file

system. The main purpose of this is to support clients in different subnets using different IPs when

accessing a file share.

Additional public IP ranges can be added at any time, up to 8 IP ranges in total. Any one of these can be

selected as the primary network for the file system. The primary network is used to determine source IP

when communication is initiated by an IBM Spectrum NAS node, for example in AD, KDC, NIS, LDAP and

Hybrid Cloud traffic. Note that the DNS also needs to be reachable from the primary network. All IP ranges

must be unique and they are not allowed to overlap with any other network (public, private, management or

antivirus).

Use the Virtual IP feature to ensure that all nodes appear to be online when one node becomes offline due

to a rolling update or in case a node goes down. Healthy nodes will automatically be chosen to take

ownership of any public IPs configured for the node going down. Note that this process could be delayed

due to ARP information being updated by the network devices, if clients are to reside behind a router or

other Network Address Translation (NAT) devices, i.e. on a different subnet than the public network they are

accessing.


7

Advanced Network Interface Configuration

Bonding

On each node, any number of physical network interfaces can be bonded to act as one, for fault tolerance

and to achieve increased performance through one interface. You will find this option under the advanced

settings when adding nodes to your cluster. For bonding options, see Appendix: Bonding Options.

VLAN

Networks can be separated by using VLAN with tagging. This is to allow multiple logical networks on the

same physical interface, or to completely separate the access to multiple file systems. Each VLAN is given an

ID from 2 to 4094 (0, 1 and 4095 being reserved). Switches must support VLAN tagging.

Example

Any network interface can be split into VLANs. For example, you can bond two physical interfaces for fault

tolerance and then divide the bonded interface into virtual interfaces in order to separate the public and

private traffic, and further on to separate multiple file systems.

The following figure illustrates different examples of bonding for failover and/or use of VLAN to achieve

three virtual public networks.

Figure 1: Examples of bonding and/or use of VLAN

Examples, left to right:

1. One NIC is used for the private network, the other is divided into three public VLANs. The purpose

could be to use the three VLANs for multitenancy.

2. Two NICs are bonded. The bonded interface is divided into four VLANs. In this example, both the

private and the public networks consist of VLANs.

3. Four NICs are bonded as two and two. One bonded interface is used for the private network and

the other for three public VLANs.

4. Four NICs where one is used for the private network and the other three are bonded and used for

three VLANs.


8

By using VLANs, multiple file systems can be accessed like in the illustration below.

Figure 2: Three file systems accessed through three VLANs


9

Network Interfaces Configuration

The Network Interfaces are assigned IP addresses and network masks for the management network and

private network during the wizard that adds nodes to the cluster. Gateway, DNS and NTP addresses are

assigned to the management network during the same wizard. This procedure is detailed below, in the

sections Management Network Configuration and Private Network Configuration.

The Network Interfaces are also configured at the creation of public network and antivirus network, as well

as at the creation of any file system. For details, see the sections that follow: Public Network Configuration,

Antivirus Network Configuration and File system Networking Configuration.

Besides all these settings that are relevant for the Logical Networks (IP addresses for the nodes, net masks,

DNS, Gateway and NTP addresses), the Network Interfaces allow for some separate, more advanced,

configurations that can improve performance (VLAN and Bonding).

All settings, except the private IP addresses of the nodes, can be modified later, throughout the lifetime of

the cluster.

Advanced Network Interface Configuration

The physical interfaces can be configured to use VLAN and Bonding for improved performance or failover.

The Advanced Network Interface Configuration is reachable during the wizard that adds nodes to the

cluster, at the steps where the management network and the private network are configured, respectively,

by clicking on the Advanced button. The advanced configuration is also reachable later, at any time, by

navigating in the management tool to Cluster > Config > Network > Nodes. Right-click on a Node name and

select Advanced settings.

Bond

Select two or more network interfaces to bond and click Bond. The first created bond is named "bond0", the

second is "bond1", and so on.


10

VLAN

To create a VLAN, select an interface, choose a unique VLAN tag, and click Create VLAN. The interface you

select can be a physical, virtual or a bonded interface from the previous tab.

Enabling IGMP

IGMP is required for the management and private networks. Without, the cluster will not work properly.

IGMP is a feature that allows intelligent forwarding of multicast traffic. Make sure that IGMP is enabled for

all switches. This is especially important for all switches that handle the management and private network

traffic. With IGMP enabled, the switch will forward multicast messages only to nodes that request the traffic.

This prevents the switch from broadcasting to the complete network. It also prevents the nodes from

getting blocked by any switch.

Note: When enabling IGMP, both query master and snooping must be configured correctly,

for each network; see below.

For each network, enable IGMP as follows

1. IGMP snooping enabled on all switches.

2. IGMP query master enabled on one switch, with an IP address assigned (if more switches have an

IGMP querier enabled on them, the one with the lowest IP will be the master).

An IGMP querier must have a unique IP address assigned to it, within the same subnet as the management

network. For example, if the nodes have a range of 172.16.1.1/24 – 172.16.1.20/24 for private, the IP

assigned to the querier must be 172.16.1.x/24. The same applies for the private network.

An IGMP querier can be enabled globally for the switch, but if management network and private network

are on different subnets / interfaces / VLANs, then two querier masters are needed.


11

Logical Networks Configuration

Management Network Configuration

Management Network Configuration at creation time

The initial management network configuration is done in the Configuration wizard, step 2.

For bonding options and/or to create a VLAN, click the Advanced button. See the section Advanced Network

Interface Configuration for details about bonding and VLAN options.

During the wizard that adds storage nodes to a cluster, the management network must be configured,

before being automatically created. Make sure that the management network IP address and the client

where you run the management tool are on the same subnet. Make sure that any planned network is not

going to overlap this subnet.

Select a network interface intended for the management network. Enter the IP address, Netmask, DNS,

Default Gateway, MTU (default if empty), and NTP address.

Management Network Configuration at a later time

The Management Tool communicates with the nodes through the management network. You can choose to

use the same interface and IP addresses as the private network uses or a separate interface. If you need to

change from using the private interface to a separate one – or vice versa – you can do this by modifying the

management network settings. For modifications to apply, the nodes need to be taken offline and then

rebooted. Step-by-step instructions are shown below.

If you are separating the Management and the private networks, make sure you have IGMP snooping and

two IGMP querier IP addresses configured on the switch for the Management and private networks,

respectively.

Warning: Bringing a node offline will make the node and all the content unavailable.


12

Steps to switch interface for the management network

Step 1: Take the nodes offline

Go to Cluster > Maintenance. Multi-select all the nodes and click Take Offline. The cache will be

automatically drained before the node state goes offline.

Step 2: Management Network settings

Go to Cluster > Config > Network > Networks and select the Management Network.

In the Node configuration list, do one of the following:

a) To use a separate network for Management: For all nodes, select the interface intended for the

management network. Then set new IP addresses for all the nodes (press enter to move down the

list). No subnets are allowed to overlap.

b) To use the private network for both: Click Autofill private.

Click Apply. Then confirm.


13

Step 3: Reboot

Return to Cluster > Maintenance. Multi-select all the nodes and click Reboot. This will gracefully reboot the

nodes.

Because of the new settings for the management network, the nodes should now disappear from the Tool.

Continue with the next step to correct this.

Step 4: Change the network interface for the Tool

Right-click IBM Spectrum NAS at the top of the main navigation tree and click Change network interface.

Select the network interface that will connect to the management network and click Apply. Then restart the

Management Tool for the changes to apply.

Step 5: Bring the nodes online

Go to Cluster > Maintenance and see that all the nodes have reappeared. Select all the nodes and click

Bring online.


14

Private Network Configuration

Private Network Configuration at creation time

The initial private network configuration is done in the Configuration wizard, step 3.

For VLAN and bonding, click Advanced to access the Advanced Network Interface Configuration view.

If you want to use the same network as for management, check "Use management network." This can be

modified later.

Otherwise, select a network interface intended for the private network. Enter the IP address, netmask and

MTU (default if empty). Make sure that any planned public network is not going to overlap this subnet.

Click Next to apply the node configuration and proceed.

Private Network Configuration at a later time

For each node, it is allowed to change the Interface of the private network, but the IP address cannot be

changed. Go to Cluster > Config > Network > Networks and select the Private Network. Do the required

modifications and click Apply.

Public Network Configuration

Public Network Configuration at creation time

In the Network Config view (Cluster > Config > Network > Networks), right-click the Public Network icon

below your cluster and select Add Public Network.


15

Enter a name for the new network, and then, by using the drop-down menu, select the interface intended

for the public network, for each node. If needed, enable VLAN and set a unique ID (2-4094).

Note: IP addresses for the public network will not be configured here, but instead when creating a file

system. See below, File system Networking Configuration for details.

Click Create and then confirm the settings.

Public Network Configuration at a later time

Go to Cluster > Config > Network > Networks, expand the Public icon and click on the respective public

network that you want to edit. Make the configuration as described above and click Apply to confirm.

Antivirus Network Configuration

Antivirus Network Configuration at creation time

To create a network for antivirus, right-click the cluster icon and select Add Antivirus Network.

The name is preset: Antivirus. Select a netmask. For each node, enter the IP address and select the interface

to be used. Click Create.


16

Antivirus Network Configuration at a later time

Go to Cluster > Config > Network > Networks, select the antivirus network. Make the configuration as

described above and click Apply to confirm.

Deleting Logical Networks

To delete a Logical Network, right-click on the network and choose Delete Network. Note: Only public and

antivirus networks can be deleted.

File systems will become unavailable if you delete their network. If this happens, then create a new network.

File System Network Configuration

File system network configuration at creation time

In order to create a file system, at least one public network must exist on the cluster. For details on how to

create and configure a public network, see section Public Network Configuration.

You will do the initial networking configuration for the file system during step 2 of the wizard that creates a

file system. The IP range defined here will become the primary IP range for the file system. Additional IP

ranges can be added afterwards, as described in the chapter Multiple Public IPs.

Network and Netmask: Select a public network to be used for the new file system. Select a netmask, note

that IP ranges are not allowed to overlap any other subnets in use.

Hostname: Host names are prefilled automatically for your first file system. For additional file systems, you

may provide a base name for your hosts and click Apply. The base name is then prefilled to all gateways in

your cluster, with a unique number appended. Note: Host names should not contain dots.

Public IP: Enter the public IP address for the first node, press Enter for the following IP addresses to appear.

Examine the usable range displayed above the table before proceeding.


17

Advanced configuration

With Advanced configuration enabled, you can optionally customize a file system mask, gateway and DNS

addresses for your file system. You can use these settings to isolate several file systems inside the same

subnet.

File system mask: If the File system mask is the same as the Netmask, only one file system can be

configured on the subnet defined by the public IPs of the nodes and the Netmask.

When the File system mask is more restrictive than the Netmask (i.e. uses more bits in the network side), it

effectively “slices” the subnet defined by the public IPs of the nodes and the Netmask into several smaller

ranges, so that several file systems can use distinct ranges in order to keep traffic isolated.

Example

Both the Netmask and the File system mask have the value 255.255.255.0 (/24), which is a setup that allows

one file system with 256 host IP addresses within the IP range 192.168.1.0 - 192.168.1.255.

By changing the File system mask to the value 255.255.255.128 (/25), you can have two file systems within

the same /24 subnet but with different IP ranges (hosts in the range 0-127 and 128-255, respectively).

File system 1

Netmask: 255.255.255.0 (/24)

File system mask: 255.255.255.128 (/25)

Usable range: 192.168.1.128 – 192.168.1.255

Public IP for the nodes: 192.168.1.185 – 192.168.1.188 (example with 4 nodes)

File system 2

Netmask: 255.255.255.0 (/24)

File system mask: 255.255.255.128 (/25)

Usable range: 192.168.1.0 – 192.168.1.127

Public IP for the nodes: 192.168.1.51 – 192.168.1.54 (example with 4 nodes)

Since the first filesystem in our example has nodes in the 128-255 range, we can additionally create a

second filesystem with the same Netmask (/24) and the same file system mask (/25), but with the public IP

addresses of the nodes in the 0-127 range, in this example 192.168.1.51, .52, .53 and .54. The two file

systems are completely isolated while sharing the same /24 subnet.

A bit-level notation of the Netmask /24 and File system mask /25 example is provided in the following table:

Dot-decimal Binary Possible IP Range

Netmask 255.255.255.0 11111111. 11111111. 11111111.00000000 x.x.x.0-255

File system mask 255.255.255.128 11111111. 11111111. 11111111.10000000 0-127 or 128-255

Gateway (optional): A Gateway IP address is needed only in the situation when the nodes need to connect

to external hosts, which are not on the same subnet as the file system. An example of such situation is

when the external clients that access the file system shares (e.g. SMB or NFS clients) are on another subnet

than the file system. Another example is when the file system needs to communicate with an external

authentication provider (Active Directory, Kerberos, LDAP, NIS), placed on a different subnet than the file

system.

If this Gateway IP address is filled in, it must be on the same subnet as the file system. If not filled in, clients

outside the file system subnet will not be able to access the file system shares; moreover, the nodes will not

be able to access any host on a subnet different than the file system subnet. This means, for example, that


18

the file system will not be able to join an Active Directory outside the file system subnet. The file system

subnet is the subnet defined by the public IPs of the nodes and the Netmask.

DNS (optional): A DNS IP address is needed in situations when the file system needs to access a dedicated

DNS server (different than the default DNS address of the node). An example is when the file system is

joined to an Active Directory and needs to access the DNS server of the Active Directory.

If this DNS IP address is filled in and the IP address is outside the subnet of the file system, a Gateway IP

address must be filled in as well (with the IP address on the same subnet as the file system), in order for the

nodes to find the way to the external DNS IP address. If not filled in, the default DNS IP address configured

on the node is used whenever the node needs to resolve a DNS name (to see the default DNS IP address of

each node, go to Cluster > Config > Network > Nodes > Node name, and note the value “DNS” in the right

side of the window).

Click Next to enable the configuration.

File system network configuration at a later time

To change the Networking Configuration of the file system, go to Cluster > Config tab > Network tab > File

systems tab. Select the domain to see the network settings for the file system: Here you can see and change

the chosen primary public network and the optional DNS.

In the navigation tree, select one IP range below the domain to see its configuration:


19

Multiple Public IPs

A file system must have at least one IP range and no more than 8 IP ranges. A file system can only have one

primary IP range, one DNS, and one hostname for each node. Make sure that the subnet you choose for

your public IP addresses does not overlap any other subnets in your cluster (other public IP ranges, private,

management or antivirus networks). Note that DNS entries in AD are not automatically updated when IPs

are added, changed or removed.

To add IP ranges, right click the domain and select Add public IPs:

Each IP range is connected to one public network and has a netmask that defines the subnet. Select a public

IP for each node by entering the first and press Enter.

Remove a public IP range

To remove a public IP range, right click on the IP range to be removed and click Remove public IPs. The last

IP range cannot be removed without first adding a new range.


20

Use Case 1: One File system

Overview

This example describes how to set up IBM Spectrum NAS with the following characteristics:

10 Gbit/s interface for private network

10 Gbit/s interface for public network

1 Gbit/s interface for management network

One switch (no redundancy)

1 File system

In this example, each node has two 10 Gbit/s and 1 Gbit/s network interfaces. Only one switch is used,

which means there is no redundancy if the switch would fail. This is not a recommended setup for a

production environment because the switch is a single point of failure that affects the entire service.

IGMP snooping and two IGMP querier IP addresses must be configured on the switch for the Management

and private networks, respectively.

Management tool

Management 172.16.1.0 /24

Private 172.16.2.0 /24

Public 192.168.1.0/24

Switch

Public NetworkDefault Gateway

SMB/NFS Clients

ADDNS

NTP

Syslog

SnmpTrap reciever

Mail

Management NetworkDefault Gateway

1Gb 10Gb 10Gb

Node1

1Gb 10Gb 10Gb

Node2

1Gb 10Gb 10Gb

Node3

1Gb 10Gb 10Gb

Node4

Public

Private

Man

agement

Man

agemen

t

Man

agemen

t

Man

agemen

t

Public

Private

Public

Private

Public

Private


21

Configuration steps

For each step, see the Quick Setup Guide for details.

Step 1: Configure the cluster, see "Adding nodes to your cluster". For each node:

Select a node, click Configure node and proceed.

For this example, select the 1 Gbit/s interface for the management network.

Select the 10 Gbit that will be used for the private network.

Complete the wizard for each node in the cluster.

Step 2: Create a public network.

Go to Cluster > Config > Network > Networks, right click Public and select Create Public Network.

For each node, select the second 10 Gbit interface and click Create.

Step 3: Create a file system (start the File System Wizard).

Use the public network from the previous step.

Select a netmask for the public network, for this example: 255.255.255.0 (/24)

Due to gateway and DNS (optional), enable Advanced configuration.

Here, set the file system mask equal to the netmask: 255.255.255.0 (/24)

Enter the Gateway IP address to be used by the file system. Without a gateway address,

the clients outside the file system subnet cannot communicate with the file system shares.

Enter the IP addresses that will be used as the public IPs for the nodes. External clients can

communicate with any of these IPs in order to access the file system shares.

Continue with the wizard until it is completed.


22

Use Case 2: One File system with Bonding

Overview



2 x 10 Gbit/s interfaces bonded for private traffic

2 x 10 Gbit/s interfaces bonded for public traffic

2-switch configuration for redundancy

1 File system

Node1

1Gb 10Gb 10Gb

Node4

10Gb10Gb

Node3

1Gb 10Gb 10Gb 10Gb10Gb

Node2

1Gb 10Gb 10Gb10Gb 10Gb

Node1

1Gb 10Gb 10Gb 10Gb10Gb

Public 192.168.1.0/24

Management tool

Private 172.16.2.0 /24

SMB/NFS Clients

ADDNS

NTP

Syslog

SnmpTrap reciever

Mail

Public 192.168.1.0/24

Bond0

Switch1 Switch2




Man

agem

et

Pri

vate

Pu

blic

Bond1

In this example, each node has four 10 Gbit/s and one 1 Gbit/s network interfaces.

The 1Gbit/s interface is used by the management network.

Two of the 10 Gbit/s interfaces are bonded together to be used by the private network.

The other two 10 Gbit/s interfaces are bonded together to be used by the public network.

The two 10Gbit/s interface pairs that are bonded are connected to two different switches. The bonded

interfaces provide load sharing and redundancy. If one of the switches should fail, the other switch will be

used for all the traffic. If an interface, cable or one of the switches should fail, the traffic would not be

interrupted.

Depending on the switch model and brand, additional configuration may be needed in the switches to

support bonding and network redundancy functionality used in this example.

IGMP snooping and two IGMP querier IP address are configured on the switches for the Management and

private networks, respectively.


23

Configuration steps





Configuring the private network, click Advanced to access the Bond options.

1) Select the two 10 Gbit/s interfaces that will be used for the private network and click Bond.

The bonded interface is named bond0.

2) Select the two 10 Gbit/s interfaces that will be used for the public network and click Bond.


3) Exit Advanced network management. For the private network, select bond0. Enter the

IP address and network mask and click Next.




Here, for each node, select the interface named bond1 and click Create.





Here, set the file system mask equal to netmask: 255.255.255.0 (/24)

Enter the gateway IP address to be used by the file system. Without a gateway address, the

clients outside the file system subnet cannot communicate with the file system shares.





24

Use Case 3: One File system with Bonding and VLAN

Overview


2 x 10 Gbit/s bonded interfaces, for private VLAN and public VLAN.


2-switch configuration, for redundancy

1 File system

Management tool

VLAN ID 101Private 172.16.2.0 /24


SMB/NFS Clients

ADDNS

NTP

Syslog

SnmpTrap reciever

Mail

VLAN ID 102 Public 192.168.1.0/24

Node1

Switch1 Switch2

1Gb 10Gb 10Gb

1Gb 10Gb 10Gb

1Gb 10Gb 10Gb

10Gb 10Gb

Node1

Node2Node3

Node4


Bond0

1Gb

Public

Man

agemen

t

Private


In this example, each node has two 10 Gbit/s interface bonded together for load sharing and redundancy.

On top of the bonded interface, a private VLAN and a public VLAN are created.

By using VLAN on the bonded interface, both the private and public networks will have redundant paths. If

an interface, cable or one of the switches should fail the traffic will use the other connection instead.

The two 10GB interfaces are connected to two different switches for redundancy. If one of the switches is

faulty, the other switch will be used for all the traffic.

Depending on the switch model and brand, additional configuration may be needed in the switches to

support the bonding, VLAN and network redundancy functionalities used in this example.

IGMP snooping and two IGMP querier IP addresses are configured on the switches for the Management and

private networks, respectively.


25

Configuration steps





Configuring the private network, click Advanced to access the Bond options.

1) Select the two 10 Gbit/s interfaces that will be used for the private network and click Bond.


2) Click the VLAN tab to access the VLAN options.

3) Select the new bond0 interface, select a VLAN tag, for example 101, and click Create VLAN.

This will be the VLAN for the private network. The VLAN for the public network is created

later.

4) Close the Advanced network management. For the private network, select VLAN 101

(bond0). Enter the IP address and network mask and click Next.




Here, for each node, select the interface named bond0, enable VLAN and select a new unique VLAN

tag, for example 102. Note that the tag will not display until after it is created. Click Create.






Enter the gateway IP address to be used by the file system. Without a gateway address, the

clients outside the file system subnet cannot communicate with the file system shares.





26

Use Case 4: Two File systems, isolated with File system mask

Overview


Multitenancy with two separate file systems.

Network separation using File system mask

Netmask /24, File system mask /28

Management/Private 172.16.1.0 /24

Public 192.168.1.0/24

Switch

Node1

10Gb 10Gb

Node1

Filesystem AFile system mask: 255.255.255.240 /28Valid IP range 192.168.1.1-192.168.1.15

Public IP A Node1 192.168.1.2Public Gateway A 192.168.1.1

Filesystem BFile system mask: 255.255.255.240 /28

Valid IP range 192.168.1.16-192.168.1.31

Public IP B Node1 192.168.1.17Public Gateway B 192.168.1.16

Public Gateway B 192.168.1.16

SMB/NFS Clients

ADDNS

Public Gateway A 192.168.1.1

SMB/NFS Clients

ADDNS

Enterprise A Enterprise B

Public IP A Node1 192.168.1.2Public IP B Node1 192.168.1.17

Public 192.168.1.0/24

In this example, two file systems are created, to serve two different organizations. Each file system will have

their own public IPs. Different Gateway addresses will be configured for the file systems. The two file

systems are sharing the same public network interface.


27

Configuration steps




Using the first interface, configure the management and private networks and complete the wizard

for each node in the cluster.



Using the second interface, then click Create.



Set a netmask, for example: 255.255.255.0 /24 allowing 256 IP addresses.

Enable Advanced configuration. The File system mask is used to specify a range of public

IPs that this file system is using, for example: 255.255.255.240 /28 giving a possible range

of 0-15 or 16-31, 32-47 etc.

Enter the gateway IP address to be used by the file system. The gateway IP needs to be in

the range of the netmask, for example: 192.168.1.1. Without a gateway address, the clients

outside the file system subnet cannot communicate with the file system shares.

Set public IP for each node, for example starting with 192.168.1.2 (with usable range 0-15).


Step 4: Create a second file system.

Repeat step 3 to create another file system (requires a license with the multitenancy feature),

except this time the gateway used is 192.168.1.16 and the public IP for each node should be in

another range than for the first file system, for example starting with 192.168.1.17. The usable

range is now 16-31 compared to 0-15 of the first file system, given a file system mask of /28.


28

Use Case 5: Two File systems, isolated with VLAN

Overview


Multitenancy with two separated file systems.

File system mask is the same as the Netmask

Network separation using VLANs

Management/Private 172.16.1.0 /24

VLAN 101 Public1 192.168.1.0/24

Switch

Node1

10Gb 10Gb

Node1

Filesystem ANetwork Mask 255.255.255.0 /24

Public1 IP Node1 192.168.1.2Public1 Gateway A 192.168.1.1

Filesystem BNetwork Mask 255.255.255.0 /24

Public2 IP Node1 192.168.2.2Public2 Gateway 192.168.2.1

Public Gateway B 192.168.2.1

SMB/NFS Clients

ADDNS

Public Gateway A 192.168.1.1

SMB/NFS Clients

ADDNS

Enterprise A Enterprise B

File system A Public1 VLAN 101 IP 192.168.1.2File system B Public2 VLAN 102 IP 192.168.2.2

VLAN 102 Public2 192.168.2.0/24

Network Public1 VLAN 101 192.168.1.0/24

VLAN 102 Public2 192.168.2.0/24

NetworkPublic2 VLAN 102 192.168.2.0/24

In this example, two file systems are created to serve two different organizations. Each file system will have

their own network and public IPs. VLANs will be used to create multiple separated public networks.


29

Configuration steps




Configure the management and private networks and complete the wizard for each node in the

cluster. The private network uses the same settings as the management network.

Step 2: Create two public networks, one for each file system.


Here, set the first network name to, for example, Public A.

Enable VLAN and enter a unique VLAN tag, for example 101.

For each node, select the interface intended for the public networks. Note that the tag will not

display until after it is created. Click Create.

Repeat for the second public network: Public B, only this time enter another tag, for example 102.


Use the first public network from the previous step: Public A.




Enter the gateway IP address to be used by the file system: 192.168.1.1. Without a gateway

address, the clients outside the file system subnet cannot communicate with the file

system shares.

Enter the IP addresses that will be used as the public IPs for the nodes, starting with

192.168.1.2. External clients can communicate with any of these IPs in order to access the

file system shares.


Step 4: Create a second file system.

Repeat step 3 to create another file system (requires a license with the multitenancy feature),

except this time using the network named Public B, gateway 192.168.2.1, and the nodes starting at

192.168.2.2.


30

IBM Spectrum NAS Support

The support service is available to answer your questions by email, phone or web, based on your support

offering.

To get help on troubleshooting, please contact technical support.

Please note that providing us with background information will help us to do preliminary research to

understand your issue better and to make a more efficient interaction possible. We would, therefore, ask

you to provide the following information when you send a support request:

Cluster ID.

Software version of all relevant software.

An approximation of time when the issue first occurred.

Whether the issue is reproducible.

Steps taken so far to solve the problem.

Your location Method of contacting the IBM Support Center In the United States Call 1-800-IBM-SERV for support.

Outside the United States Contact your local IBM Support Center or see the

Directory of worldwide contacts.

https://www.ibm.com/planetwide/


31

Bonding Options

Round Robin Transmissions are received and sent out sequentially on each bonded slave

interface, beginning with the first available. For fault tolerance and load

balancing.

Active/Backup Transmissions are received and sent out via the first available bonded slave

interface, and another bonded slave interface is only used if the active bonded

slave interface fails. For fault tolerance.

XOR The interface matches up the incoming request’s MAC address with MAC address

for one of the slave NICs. Once this link is established, transmissions are sent

sequentially, beginning with the first available interface. For fault tolerance and

load balancing.

Broadcast All transmissions are set on all slave interfaces, for fault tolerance

LACP (802.3ad) Creates aggregation groups that share the same speed and duplex settings.

Transmits and receives on all slaves in the active aggregator. Requires a switch

that is 802.3ad compliant.

Adaptive Transmit

Load Balancing

The outgoing traffic is distributed according to the current load on each slave

interface. Incoming traffic is received by the current slave. If the receiving slave

fails, another slave takes over the MAC address of the failed slave. For fault

tolerance and load balancing.

Adaptive Load

Balancing

Includes transmit and receive load balancing for IPV4 traffic. Receive load

balancing is achieved through ARP negotiation. For fault tolerance and load

balancing.

IBM Spectrum NAS Network Guide | 1.7.0.0

Notices

This information was developed for products and services offered in the US. This material might beavailable from IBM in other languages. However, you may be required to own a copy of the product orproduct version in that language in order to access it.

IBM may not offer the products, services, or features discussed in this document in other countries.Consult your local IBM representative for information on the products and services currently available inyour area. Any reference to an IBM product, program, or service is not intended to state or imply thatonly that IBM product, program, or service may be used. Any functionally equivalent product, program,or service that does not infringe any IBM intellectual property right may be used instead. However, it isthe user's responsibility to evaluate and verify the operation of any non-IBM® product, program, orservice.

IBM may have patents or pending patent applications covering subject matter described in thisdocument. The furnishing of this document does not grant you any license to these patents. You can sendlicense inquiries, in writing, to:

IBM Director of Licensing IBM Corporation North Castle Drive, MD-NC119 Armonk, NY 10504-1785 US

For license inquiries regarding double-byte character set (DBCS) information, contact the IBM IntellectualProperty Department in your country or send inquiries, in writing, to:

Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 19-21, Nihonbashi-Hakozakicho, Chuo-ku Tokyo 103-8510, Japan

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS"WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOTLIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY ORFITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express orimplied warranties in certain transactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodicallymade to the information herein; these changes will be incorporated in new editions of the publication.IBM may make improvements and/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM websites are provided for convenience only and do not inany manner serve as an endorsement of those websites. The materials at those websites are not part ofthe materials for this IBM product and use of those websites is at your own risk.

IBM may use or distribute any of the information you provide in any way it believes appropriate withoutincurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose of enabling: (i) theexchange of information between independently created programs and other programs (including thisone) and (ii) the mutual use of the information which has been exchanged, should contact:

IBM Director of Licensing IBM Corporation North Castle Drive, MD-NC119 Armonk, NY 10504-1785 US

Such information may be available, subject to appropriate terms and conditions, including in some cases,payment of a fee.

© Copyright IBM Corp. 2018 32

The licensed program described in this document and all licensed material available for it are providedby IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement orany equivalent agreement between us.

The performance data discussed herein is presented as derived under specific operating conditions.Actual results may vary.

Information concerning non-IBM products was obtained from the suppliers of those products, theirpublished announcements or other publicly available sources. IBM has not tested those products andcannot confirm the accuracy of performance, compatibility or any other claims related to non-IBMproducts. Questions on the capabilities of non-IBM products should be addressed to the suppliers ofthose products.

Statements regarding IBM's future direction or intent are subject to change or withdrawal without notice,and represent goals and objectives only.

All IBM prices shown are IBM's suggested retail prices, are current and are subject to change withoutnotice. Dealer prices may vary.

This information is for planning purposes only. The information herein is subject to change before theproducts described become available.

This information contains examples of data and reports used in daily business operations. To illustratethem as completely as possible, the examples include the names of individuals, companies, brands, andproducts. All of these names are fictitious and any similarity to actual people or business enterprises isentirely coincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, which illustrate programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programsin any form without payment to IBM, for the purposes of developing, using, marketing or distributingapplication programs conforming to the application programming interface for the operating platform forwhich the sample programs are written. These examples have not been thoroughly tested under allconditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of theseprograms. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not beliable for any damages arising out of your use of the sample programs.

Each copy or any portion of these sample programs or any derivative work must includea copyright notice as follows:

© (your company name) (year).Portions of this code are derived from IBM Corp.Sample Programs. © Copyright IBM Corp. _enter the year or years_.

If you are viewing this information softcopy, the photographs and color illustrations may not appear.

TrademarksIBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International BusinessMachines Corp., registered in many jurisdictions worldwide. Other product and service names might betrademarks of IBM or other companies. A current list of IBM trademarks is available on the Web atCopyright and trademark information at www.ibm.com/legal/copytrade.shtml.

Intel is a trademark of Intel Corporation or its subsidiaries in the United States and other countries.

33

http://www.ibm.com/legal/us/en/copytrade.shtml

Java™ and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/orits affiliates.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.

Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, orboth.

UNIX is a registered trademark of the Open Group in the United States and other countries.

Terms and conditions for product documentationPermissions for the use of these publications are granted subject to the following terms and conditions.

Applicability

These terms and conditions are in addition to any terms of use for the IBM website.

Personal use

You may reproduce these publications for your personal, noncommercial use provided that allproprietary notices are preserved. You may not distribute, display or make derivative work of thesepublications, or any portion thereof, without the express consent of IBM.

Commercial use

You may reproduce, distribute and display these publications solely within your enterprise provided thatall proprietary notices are preserved. You may not make derivative works of these publications, orreproduce, distribute or display these publications or any portion thereof outside your enterprise, withoutthe express consent of IBM.

Rights

Except as expressly granted in this permission, no other permissions, licenses or rights are granted, eitherexpress or implied, to the publications or any information, data, software or other intellectual propertycontained therein.

IBM reserves the right to withdraw the permissions granted herein whenever, in its discretion, the use ofthe publications is detrimental to its interest or, as determined by IBM, the above instructions are notbeing properly followed.

You may not download, export or re-export this information except in full compliance with all applicablelaws and regulations, including all United States export laws and regulations.

IBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESE PUBLICATIONS. THEPUBLICATIONS ARE PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OFMERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.

IBM Online Privacy StatementIBM Software products, including software as a service solutions, (“Software Offerings”) may use cookiesor other technologies to collect product usage information, to help improve the end user experience, totailor interactions with the end user or for other purposes. In many cases no personally identifiableinformation is collected by the Software Offerings. Some of our Software Offerings can help enable you to

Notices34

collect personally identifiable information. If this Software Offering uses cookies to collect personallyidentifiable information, specific information about this offering’s use of cookies is set forth below.

This Software Offering does not use cookies or other technologies to collect personally identifiableinformation.

If the configurations deployed for this Software Offering provide you as customer the ability to collectpersonally identifiable information from end users via cookies and other technologies, you should seekyour own legal advice about any laws applicable to such data collection, including any requirements fornotice and consent.

For more information about the use of various technologies, including cookies, for these purposes, SeeIBM’s Privacy Policy at http://www.ibm.com/privacy and IBM’s Online Privacy Statement athttp://www.ibm.com/privacy/details the section entitled “Cookies, Web Beacons and OtherTechnologies” and the “IBM Software Products and Software-as-a-Service Privacy Statement” athttp://www.ibm.com/software/info/product-privacy.

IBM Spectrum NAS: Network Guide 35

http://www.ibm.com/privacy

http://www.ibm.com/privacy/details

http://www.ibm.com/software/info/product-privacy

Notices

IBM®

Printed in USA

SC27-9231-00

Documents

IBM Spectrum NAS Network Guide