Creating IP partnership

After creating portset and assigning IP addresses to the portset, you have to create IP partnership for replication.

Using the management GUI

To create IP partnership using the management GUI, complete these steps:
  1. Select Settings > System > Partnerships and select Create Partnership.
  2. On the Create Partnership page, select either IP (long distances using TCP) or IP (short distances using RDMA).
  3. Enter the following information to configure the partnership:
    Partner IP/FQDN
    Select the IP address or the fully qualified domain name (FQDN) of the partner system. If you specify a fully qualified domain name, a DNS server must be configured on your system. To configure a DNS server for the system, select Settings > Network > DNS. You can also use the mkdnsserver command to configure DNS servers.
    Secured IP partnerships

    For more information on Secured IP partnerships, see Partnerships using IP Connectivity.

    Enter the following information to obtain the certificate:
    1. Select Secured IP partnerships to secure the connection between systems.
    2. Click Test Connection to retrieve and validate the authorized-signed certificate of the remote system.
    3. Select View certificate to display the certificate from the remote system. Verify that the certificate is signed by a trusted certificate authority, and that the subject and issuer names are the expected values.
    4. If the retrieved certificate is signed by an unrecognized authority, select Upload File to upload the root certificate or certificate chain from the certificate authority that signed the partner system's certificate.
    Secured IP partnerships support Both internally signed certificates and externally signed certificates. For more information, see System Certificates.
    Link Bandwidth
    Enter the amount of bandwidth used for replication between systems in the partnership.
    Partner System's CHAP Secret (Optional):
    Specify the CHAP secret for the partner system if you plan to use Challenge Handshake Authentication Protocol (CHAP) to authenticate connections between the systems in the partnership.
    Compression enabled
    Select this option if data on the local system is compressed before it is sent to the partner system. To fully enable compression in an IP partnership, each system must support compression.
    Portset Link 1
    In single link configurations between partnered systems, select the portset that provides IP addresses for replication traffic.
    Portset Link 2 (optional)
    In dual link configurations between partnered systems, select the portset that provides IP addresses for replication traffic. Dual links provide redundancy for connections between systems.

Using the CLI

For creating secured IP partnerships, the authorities and certificate installation is a prerequisite. For more information, see System Certificates.

You can export the certificate from the remote system and import it on the local system in order to allow configuration changes to be coordinated across systems without manual authentication. Use the chsystemcert command to create and manage certificates on the system.

If the certificate is signed by the system's root certificate authority, or it is a self-signed certificate, then use the following command to export the entire certificate chain on the remote system. If the certificate is signed by a trusted third-party certificate authority, then the root certificate must be retrieved from the third-party certificate authority.

chsystemcert –export
The certificate is exported to the /dumps/certificate.pem directory on the configuration node.
  1. To verify that the portset type is the replication for an IP partnership, enter the following command:
    lsportset
    In the results that display, verify and that the portset_type is replication. You can assign an IP partnership to a portset with the replication type.
  2. If you are creating a partnership between systems that are connected through one inter-site link, enter the following command on the local system:
    mkippartnership -clusterip ip_address_or_domain_name -linkbandwidthmbits 1000 -backgroundcopyrate 50 -link1 myportset1 -secured yes
    where -secured is an optional parameter and needs to be used only for secured IP partnerships.
    Note: To have a fully configured partnership, repeat the preceding command on the remote system.
  3. If you are creating a partnership between systems that are connected through dual inter-site links, enter the following command on the local system:
    mkippartnership -clusterip ip_address_or_domain_name -linkbandwidthmbits 1000 -backgroundcopyrate 50 -link1 myportset1 -link2 myportset2 -secured yes
    where -secured is an optional parameter and needs to be used only for secured IP partnerships.
    Note: To have a fully configured partnership, repeat the preceding command on the remote system.
  4. To specify the aggregate bandwidth of the link between two systems in megabits per second (Mbps), use the -linkbandwidthmbits parameter in the mkippartnership command.
  5. To specify the maximum percentage of aggregate link bandwidth that can be used for background copy operations, use the -backgroundcopyrate parameter in the mkippartnership command.
  6. To define a path for the certificate in the remote system, specify -sslcert /dumps/partner_certificate.pem in the mkippartnership command.
After you complete all these steps, run lspartnership command on each system in the configuration and verify the following items:
  • Portsets are configured for all links between the systems.
  • All systems are in the Fully Configured state.
For more information, see lspartnership command.

Creating portset

You can create portset for IP partnership by using both the management GUI and the CLI.

Using the management GUI
To create portset using the management GUI, complete these steps:
  1. Select Settings > Network > Portsets.
  2. Select Create Portset.
  3. On the Create Portset page, enter a name of the portset, and select Host Attachment, Replication, or High speed replication for the portset type.
  4. (Optional) Select the ownership group for the portset. An ownership group defines a subset of users and objects within the system. When you define an ownership group for portsets, you can limit, and restrict users to view and manage only specific portsets.
  5. Click Create.
Using the CLI
To create portset using the CLI, enter the following command:
mkportset -name portset_name -type portset_type -ownershipgroup owner_name
where portset_name is the name of the portset and portset_type is replication. The value owner_name indicates the name of the ownership group to which the portset belongs. It is an optional value.

Assigning IP addresses to the portset

After creation of the portset for the traffic type, you must assign the IP addresses to portset. This is required to assign the portset to the new IP partnership.

Using the management GUI
To assign IP addresses to the portset using the management GUI, complete these steps:
  1. Select Settings > Network > Ethernet Ports.
  2. Right-click the port and select Manage IP addresses.
  3. On the Manage IP Addresses page, select Add IP Address. Enter the following information for the IP address that you are adding to the selected port:
    • IP address

      Enter the IP address to associate with the selected port.

    • Type

      Select the IP protocol version of the IP address.

    • Subnet Mask or Prefix

      Enter the subnet mask for the IPv4 addresses or enter the prefix for IPv6 addresses.

    • VLAN

      Enter the corresponding VLAN tag that this IP address belongs to.

    • Portset

      Select the name or ID of the portset and ensure that the portset type matches the traffic type that is assigned to the port.

  4. Click Back to return to the Ethernet Ports page. Verify that the port displays the Configured state. Select another port and add more IP addresses to corresponding portsets.
  5. Right-click the port and select either Modify Replication, Modify iSCSI hosts, or Modify Storage Ports. The traffic type for the port must match the traffic for the portset that you created.
Using the CLI
To assign IP addresses to the portset using the CLI, enter the following command:
mkip -node <id | name> -port <id> -portset <id | name> -ip <ip address> -prefix <subnet prefix> -gw <gateway address> -vlan <vlan_id> 
where id | name is the name or ID of the node; id is the port identifier; and id | name indicates the name or ID of the portset that was created earlier. Enter either a valid IP address for the -ip and include the values for the address. This address that is assigned to the portset and more addresses can be added to portset with the mkip command.

Configuring VLAN for IP partnerships

To configure VLAN when you use IP (Internet Protocol) partnerships, consider the following requirements and procedures.

  • VLAN tagging is supported for IP partnership traffic between systems.
  • VLAN provides network traffic separation at the layer 2 level for Ethernet transport.
  • VLAN tagging by default is disabled for any IP address of a node port. You can use the management GUI or the command-line interface (CLI) to optionally set the VLAN ID for port IPs on systems in the IP partnership.
  • When a VLAN ID is configured for the port IP addresses that are mapped to the portsets, appropriate VLAN settings on the Ethernet network must also be properly configured to prevent connectivity issues.
  • Setting VLAN tags for a port is disruptive. Therefore, VLAN tagging requires that you stop the partnership first before you configure VLAN tags. Then, restart again when the configuration is complete.

Follow this procedure to configure VLAN tags for existing IP partnership setups:

  1. Stop the partnership between the local and remote system.
  2. Configure VLAN on node ports in the portsets on the local system.
  3. Configure all intervening switches with appropriate VLAN tags.
  4. Configure VLAN on node ports in the portsets on the remote system.
  5. Check to see whether connectivity between the local and remote sites are restored.
  6. Restart the partnership.