Creating IP partnership

After creating portset and assigning IP addresses to the portset, you have to create IP partnership for replication.

Using the management GUI

To create IP partnership using the management GUI, complete these steps:

Select Settings > System > Partnerships and select Create Partnership.
On the Create Partnership page, select either IP (long distances using TCP) or IP (short distances using RDMA).
Enter the following information to configure the partnership:

Partner IP/FQDN

Select the IP address or the fully qualified domain name (FQDN) of the partner system. If you specify a fully qualified domain name, a DNS server must be configured on your system. To configure a DNS server for the system, select Settings > Network > DNS. You can also use the mkdnsserver command to configure DNS servers.
Secured IP partnerships
For more information on Secured IP partnerships, see Partnerships using IP Connectivity.
Enter the following information to obtain the certificate:
1. Select Secured IP partnerships to secure the connection between systems.
2. Click Test Connection to retrieve and validate the authorized-signed certificate of the remote system.
3. Select View certificate to display the certificate from the remote system. Verify that the certificate is signed by a trusted certificate authority, and that the subject and issuer names are the expected values.
4. If the retrieved certificate is signed by an unrecognized authority, select Upload File to upload the root certificate or certificate chain from the certificate authority that signed the partner system's certificate.
Secured IP partnerships support Both internally signed certificates and externally signed certificates. For more information, see System Certificates.
Link Bandwidth

Enter the amount of bandwidth used for replication between systems in the partnership.

Partner System's CHAP Secret (Optional):

Specify the CHAP secret for the partner system if you plan to use Challenge Handshake Authentication Protocol (CHAP) to authenticate connections between the systems in the partnership.

Compression enabled

On systems that support IP compression, select this option if data on the local system should be compressed prior to transfer to the partner system. To fully enable compression in an IP partnership, each system must support compression.

Portset Link 1

In single link configurations between partnered systems, select the portset that provides IP addresses for replication traffic.

Portset Link 2 (optional)

In dual link configurations between partnered systems, select the portset that provides IP addresses for replication traffic. Dual links provide redundancy for connections between systems.

Using the CLI

For creating secured IP partnerships, the authorities and certificate installation is a prerequisite. For more information, see System Certificates.

You can export the certificate from the remote system and import it on the local system in order to allow configuration changes to be coordinated across systems without manual authentication. Use the chsystemcert command to create and manage certificates on the system.

If the certificate is signed by the system's root certificate authority, or it is a self-signed certificate, then use the following command to export the entire certificate chain on the remote system. If the certificate is signed by a trusted third-party certificate authority, then the root certificate must be retrieved from the third-party certificate authority.

chsystemcert –export

The certificate is exported to the /dumps/certificate.pem directory on the configuration node.

To verify that the portset type is the replication for an IP partnership, enter the following command:
```
lsportset
```
In the results that display, verify and that the portset_type is replication. You can assign an IP partnership to a portset with the replication type.
If you are creating a partnership between systems that are connected through one inter-site link, enter the following command on the local system:
```
mkippartnership -clusterip ip_address_or_domain_name -linkbandwidthmbits 1000 -backgroundcopyrate 50 -link1 myportset1 -secured yes
```
where -secured is an optional parameter and needs to be used only for secured IP partnerships.
Note: To have a fully configured partnership, repeat the preceding command on the remote system.
If you are creating a partnership between systems that are connected through dual inter-site links, enter the following command on the local system:
```
mkippartnership -clusterip ip_address_or_domain_name -linkbandwidthmbits 1000 -backgroundcopyrate 50 -link1 myportset1 -link2 myportset2 -secured yes
```
where -secured is an optional parameter and needs to be used only for secured IP partnerships.
Note: To have a fully configured partnership, repeat the preceding command on the remote system.
To specify the aggregate bandwidth of the link between two systems in megabits per second (Mbps), use the -linkbandwidthmbits parameter in the mkippartnership command.
To specify the maximum percentage of aggregate link bandwidth that can be used for background copy operations, use the -backgroundcopyrate parameter in the mkippartnership command.
To define a path for the certificate in the remote system, specify -sslcert /dumps/partner_certificate.pem in the mkippartnership command.

After you complete all these steps, run lspartnership command on each system in the configuration and verify the following items:

Portsets are configured for all links between the systems.
All systems are in the Fully Configured state.

For more information, see lspartnership command.

Creating portset

You can create portset for IP partnership by using both the management GUI and the CLI.

Create and assign IP addresses to the Ethernet portset

To create an Ethernet portset in the management GUI, complete the following steps:

To create or manage an Ethernet portset in the management GUI, select Settings > Network > Ethernet Portsets.
To create or assign IP addresses to the portset, select Settings > Network > Ethernet Ports.
Verify that each port displays the Configured state after it has been added to the portset.
- Right-click the port and select either Modify Replication, Modify iSCSI hosts, or Modify Storage Ports. The traffic type for the port must match the traffic for the portset that you created.

Using the CLI

To create portset using the CLI, enter the following command:

mkportset -name portset_name -type portset_type -ownershipgroup owner_name

where portset_name is the name of the portset and portset_type is replication. The value owner_name indicates the name of the ownership group to which the portset belongs. It is an optional value.

Configuring VLAN for IP partnerships

To configure VLAN when you use IP (Internet Protocol) partnerships, consider the following requirements and procedures.

VLAN tagging is supported for IP partnership traffic between systems.
VLAN provides network traffic separation at the layer 2 level for Ethernet transport.
VLAN tagging by default is disabled for any IP address of a node port. You can use the management GUI or the command-line interface (CLI) to optionally set the VLAN ID for port IPs on systems in the IP partnership.
When a VLAN ID is configured for the port IP addresses that are mapped to the portsets, appropriate VLAN settings on the Ethernet network must also be properly configured to prevent connectivity issues.
Setting VLAN tags for a port is disruptive. Therefore, VLAN tagging requires that you stop the partnership first before you configure VLAN tags. Then, restart again when the configuration is complete.

Follow this procedure to configure VLAN tags for existing IP partnership setups:

Stop the partnership between the local and remote system.
Configure VLAN on node ports in the portsets on the local system.
Configure all intervening switches with appropriate VLAN tags.
Configure VLAN on node ports in the portsets on the remote system.
Check to see whether connectivity between the local and remote sites are restored.
Restart the partnership.