[NetApp] Simulate Data OnTAP 7-mode ver 8.x archive link





[NetApp] OCUM 6.x/7.x enable diag shell (SSH)

OnCommand Unified Manager (UM) 6.x
OnCommand Unified Manager (UM) 7.0, 7.1

step01. choice 4) Support/Diagnostics

step02. type erds

Remote diagnostic acces is disabled.
Would you like to enable remote diagnostic access? (y/N) y


Enter new UNIX password: 輸入密碼
Retype new UNIX password: 輸入密碼
passwd: password updated successfully

Remote diagnostic access will be disabled after midnight UTC tomorrow (2019-03-08) to use.

Press any key to continue.

step05. 可以利用 WinSCP 或 putty 使用帳號 diag 及剛設定密碼登入OCUM.

[NetApp] 7-mode single interface use multiple IP

ifconfig interface_name [-]alias address

ifconfig e0a alias x.x.x.x

ifconfig e0a -alias x.x.x.x

** sample /etc/rc **
# Modify 2018-10-25 By xxxx
ifgrp create lacp bond0 -b rr e0a e0b e1a e1b
hostname Filer
ifconfig bond0 netmask mediatype auto mtusize 9000
ifconfig bond0 alias
route add default 1
routed on
options dns.enable on
options nis.enable off
setflag smb_enable_2_1 1 # enable SMB2.1 is 1 ; disable is 0
priv set diag; setflag smb_enable_2_1 0; priv set

wrfile /etc/rc , then “Ctrl+c"

source /etc/rc


Reference : NetApp – Create and remove aliases

[Windows] How to flush kerberos tickets

有時為了存取Windows 或 NetApp 之類機器檔案伺服器,總是遇到驗證不過。老是叫使用者重開機或登出再登入這有點老套。或是使用者有耐心叫他等個九個小時等票證過期 .(Default kerberos tickets age 9 hours)

換個方式若能像ipconfig /release  或 ipconfig /flushdns 清除快取之類總是時效好一些。

CIFS / SMB在存取檔案伺服器與Windows Active Directory 驗證時是用kerberos。微軟在Vista後的版本都有內建清除kerberos tickets.

[after vistat os]

step01. cmd.exe

step02.klist  // check current 快取的票證有幾個 ; 再者用 klist tgt (票證授予票(ticket-granting ticket))查看詳細票證相關資訊

step03.klist purge // Purge a user’s tickets

呼叫者登入識別碼: (0x0,0x3E7) // Purge tickets of the local system account
klist -li 0x3e7 purge

klist -lh 0 -li 0x3e7 purge

[Window XP & Windows Server 2003]

step01. download Windows Server 2003 Resource Kit Tools

step02. extract or perform ‘rktools.exe’

step03. klist.exe tickets // check current 快取的票證有幾個

step04. klist.exe purge

啟用kerberos log
step01. regedit.exe


Entry: LogLevel
Default Value: 0 改為 1 (0x1)

Reference :

  1. Microsoft – Kerberos protocol registry entries and KDC configuration keys in Windows
  2. Microsoft – Kerberos Authentication Tools and Settings (事件代碼參考)
  3. Web Debug – Kerberos认证问题的调试试验
  4. Norman Bauer – How to purge Kerberos tickets of the system account
  5. zhulinu的专栏 – Windows登录日志详解
  6. 从kinit到kerberos安全机制
  7. MIRU-CH – How to update group membership without logoff / logon /restart

[NetApp] 2 nodes upper Data lif happen redundant migrate other node not work?

在一般Case案件大多安裝是一套NA,於同事發生一件案例是二套NA FAS8200等於有 4 nodes,在驗證Data Lifs過程會發生lif移到線路down port造成問題。

Sample : node1 & node 2 (pairs) ; node3 & node4 (pairs)

node1 – 拔除nic cable ,lif migrate to node3

node2 – 拔除nic cable , lif migrate to node1 (馬上GG,因為node1線路全部拔除)

Resolution :

::> net int modify -vserver {SVM} -lif {lif-name} -failover-policy broadcast-domain-wide // 預設 SVM Data Lif 都用 system-defined

** 共有五種 Failover policy **

  • broadcast-domain-wide :
    This is the default setting for the cluster management LIF.You would not want to assign this policy to node management LIFs or cluster LIFs because in those cases the ports must be on the same node.
  • system-defined :
    This is the default setting for data LIFs.This setting enables you to keep two active data connections from two unique nodes when performing software updates. It allows for rolling upgrades; rebooting either odd-numbered or even-numbered nodes at the same time.
  • local-only:
    This is the default setting for cluster LIFs and node management LIFs.

    This value cannot be changed for cluster LIFs.

  • sfo-partner-only :
    Only those ports in the failover group that are on the LIF’s home node and its SFO (storage failover) partner node.
  • disabled:
    The LIF is not configured for failover.

    Reference :
    NetApp – Types of failover policies



[Storage] 增加NetApp DOT 7.x / 8.x / 9.x Filer被ping (ICMP Packet) 數量

因客戶需求有APP需每秒輸送出1000個ICMP packet 數量來判別Filer是否存在;因為原廠預設是針對Client單一能每秒150 ICMP packets來防止DoS ( denial-of-service) 攻擊.因此需提升接受單一Client能每秒1000個ICMP Packet.

<< Resolution >>


[7 mode]
options ip.ping_throttle.drop_level <數量> // default 150 ; Maximum 4294967295 (42億多)

[Clustered mode]
<ONTAP 8.x>
::> system run -node {nodename} -command “options ip.ping_throttle.drop_level <數量>"
<ONTAP 9.x>
system run -node {nodename} -command “options ip.ping_throttle.drop.level  <數量>

假若要不設限可以設為 ‘0’
<ONTAP 8.x>
system run -node {nodename} -command “options ip.ping_throttle.drop_level 0

<ONTAP 9.x>
system run -node {nodename} -command “options ip.ping_throttle.drop.level 0"

Checking the ping throttling threshold status
::> netstat -p icmp


Reference :

1. NetApp – Increasing the ping throttling threshold value

2. NetApp Document ID : FA1394

[NetApp] ESXi NFS use Thin Provisioning

* NFSv3 must be enabled on the storage system
* NFSv4.1 is available only on ONTAP 9.0

* VMware vSphere 5.0 or later must be available

1.download NetApp VAAI Plug-in ; 載點 https://nt-ap.com/2HxiF4T

2.install NetApp VAAI Plug-In @ESXi
> esxcli software vib install -n NetAppNasPlugin -d /NetAppNasPlugin.zip

3.@NetApp type command
::> vserver nfs modify –vserver {SVM-name} -vstorage enabled
> options nfs.vstorage.enable on
<7-Mode CLI for vFiler units>
> vfiler run vfiler_name options nfs.vstorage.enable on

4. verify install state
> esxcli software vib list | grep -i netapp

5. verify vaai enable (value是否為 1 (enable);若否請到 6. )
> esxcfg-advcfg -g /DataMover/HardwareAcceleratedMove
> esxcfg-advcfg -g /DataMover/HardwareAcceleratedInit

6. enable vaai
> esxcfg-advcfg -s 1 /DataMover/HardwareAcceleratedInit
> esxcfg-advcfg -s 1 /DataMover/HardwareAcceleratedMove

7.(options verify)
> vmkfstools -Ph /vmfs/volumes/onc_src/
> mkfstools -Ph /vmfs/volumes/46db973f-cca15877