How to restrict cifs traffic to a specific interface on DD2500

Hi All,

Does anyone know how to restrict cifs traffic to a specific interface on DD2500?

Appreciate your input.

0 Kudos
10 Replies
dynamox
6 Gallium

Re: How to restrict cifs traffic to a specific interface on DD2500

no can do, CIFS service binds itself to all network interfaces on DD.

0 Kudos
__14
1 Nickel

Re: How to restrict cifs traffic to a specific interface on DD2500

Yes , can possible .

Create a separate interface with dedicated ports and use this interface for eithor CIFS or NFS .

Hope this clarifies your concern .

Sam

0 Kudos

Re: How to restrict cifs traffic to a specific interface on DD2500

Interesting. Let me ask you this: I have configured an ifgroup with 4 onboard interfaces in it for Veeam DDBOST backups, and I configured 4 interfaces from an additional IO module in LACP for CIFS backups. I have assigned a virtual IP to the LACP for CIFS backups, and I have assigned each DDBOOST interface an individual IP. I have also created a DNS record for the CIFS interface, and entered it in the 'hosts' file on the backup host, to make sure that all the CIFS traffic goes to that CIFS LACP interface. I have mounted my DD CIFS share on the backup server using that DNS name which is associated with the LACP IP that I have configured for CIFS backups. In this case all my CIFS traffic will go via that LACP interface that I have configured on the DD and registered in DNS, won't it? It is not going to randomly grab the interfaces that I have assigned to an ifgroup, simply because that client is not allowed access to that ifgroup, is it?

0 Kudos
dynamox
6 Gallium

Re: How to restrict cifs traffic to a specific interface on DD2500

$@m wrote:

Yes , can possible .

Create a separate interface with dedicated ports and use this interface for eithor CIFS or NFS .

Hope this clarifies your concern .

Sam

i have multiple interfaces with dedicated ports, all ports are servicing CIFS and NFS.  How do you recommend restricting which ones are providing CIFS and or NFS ?

0 Kudos
dynamox
6 Gallium

Re: How to restrict cifs traffic to a specific interface on DD2500

i am trying to find this discussion we had maybe a year ago. We talked about how to use an ifgroup for DDBoost and how it would be load-balanced by using an LACP/DNS name inside of Veam/DDBoost plugin. DDBoost/Veam would point to the CIFS/LACP DNS name but upon connection would automatically jump to ifgroup. That's how it was described.

0 Kudos

Re: How to restrict cifs traffic to a specific interface on DD2500

That is true, when you are using DDBOOST, from Veeam you connect to any interface on DD - even CIFS/LACP DNS name, but not the ones in the ifgroup, and from there DDBOOST protocol on Veeam picks up the ifgroup and sends all data to the interfaces that are in that ifgroup.

0 Kudos
umichklewis
3 Zinc

Re: How to restrict cifs traffic to a specific interface on DD2500

This is incorrect.  If you check the interfaces with nmap or other TCP port-checking tools, all interfaces reply with all services.  Checking the CIFS interfaces via Powershell clearly shows an IPC$ listener on each port.  There's nothing to prevent a CIFS client from connecting to - and using - any interface they can detect like this.

0 Kudos

Re: How to restrict cifs traffic to a specific interface on DD2500

Even if I configure DNS name for the specific interface that I want to use for CIFS, and put it in the CIFS client hosts file, CIFS backups will go via any interface configured on DD?

0 Kudos
dynamox
6 Gallium

Re: How to restrict cifs traffic to a specific interface on DD2500

i am not using ifgroups yet but if you specify CIFS or NFS to connect to specific DNS name/interface, it will do just that. CIFS/NFS will not bounce and start using ifgroups like DDBoos does.

0 Kudos