Network design/considerations

Hello All,

as first, I apologize for the long post...
The purpose of this post is to discuss some Isilon concepts/best practices
and to document it for myself, and maybe for some other people who are new
to Isilon and find this helpful. This post will be based on the external
network configuration, as I see it as the most complex part of the Isilon,
and there are still some things which aren't clear enough to me.

Idea is to make the "basic config" for external network configuration, which
could be later easily modified/expanded if required.

Let's assume we have following scenario:

1. Two Isilon Gen6 clusters - OneFS 8.2.X
2. Both 10-gige interfaces connected
3. The mgmt-1 interface connected
4. One subnet for production, and one subnet for test, separated with 2 VLANs
5. Two access zones (production and test), each with their own AD/DNS provider
6. SyncIQ between Isilon clusters
7. SMB and NFS protocols will be used, but will not access the same data
8. NDMP backup
9. Superna Eyeglass

Based on my understanding of Isilon and documentation I would configure it
on following way.

a. NETWORK INTERFACES
- According to the documentation the best practice is to use LACP if both
external NICs are connected
- The mgmt-1 interfaces will be used only for cluster administration (WebUI/SSH)

1. If for some reason customer doesn't want to use LACP, do you still
connect both interfaces, or just one?
2. According to the below article there are some issues with the mgmt-1
interface:

https://www.dell.com/support/kbdoc/en-hr/000037443/gen-6-the-bge0-mgmt-interface-should-be-used-for-ssh-only?lang=en

Do you still use mgmt-1 interface with 2nd workaround from the article, or
you don't use it at all?

b. SUBNETS/POOLS
- let's assume the mgmt-1 interface is being used
- since there should be 2 access zones with 2 different AD providers (no
trust), there should be at least 2 groupnets
- the 3rd groupnet may be needed if 1GB subnet is using different DNS settings
- There should be following 3 subnets:

SUBNET0 - 1GB

ID: groupnet0.subnet0
Name: subnet0
Groupnet: groupnet0
Pools: pool0
Addr Family: ipv4
Base Addr: 192.168.90.0
CIDR: 192.168.90.0/24
Description: Subnet for 1 GB
DSR Addrs: -
Gateway: 192.168.90.1
Gateway Priority: 20
MTU: 1500
Prefixlen: 24
Netmask: 255.255.255.0
SC Service Addrs: 192.168.90.10-192.168.90.10
SC Service Name:
VLAN Enabled: True
VLAN ID: 100

POOLS
ID: groupnet0.subnet0.pool0
Groupnet: groupnet0
Subnet: subnet0
Name: pool0
Rules: -
Access Zone: System
Allocation Method: static
Aggregation Mode: lacp
SC Suspended Nodes: -
Description: Pool created for ssh access
Ifaces: 1:ext-agg, 2:ext-agg, 3:ext-agg, 4:ext-agg
IP Ranges: 192.168.90.11-192.168.90.14
Rebalance Policy: auto
SC Auto Unsuspend Delay: 0
SC Connect Policy: round_robin
SC Zone:
SC DNS Zone Aliases:
SC Failover Policy: round_robin
SC Subnet:
SC TTL: 0
Static Routes: -

 

SUBNET1 - 10gB - prod

ID: groupnet1.subnet1
Name: subnet1
Groupnet: groupnet1
Pools: webui, smb, nfs, synciq, ndmp
Addr Family: ipv4
Base Addr: 192.168.91.0
CIDR: 192.168.91.0/24
Description: Subnet for production
DSR Addrs: -
Gateway: 192.168.91.1
Gateway Priority: 10
MTU: 1500
Prefixlen: 24
Netmask: 255.255.255.0
SC Service Addrs: 192.168.91.10-192.168.91.10
SC Service Name:
VLAN Enabled: True
VLAN ID: 101

POOLS
ID: groupnet1.subnet1.webui
Groupnet: groupnet1
Subnet: subnet1
Name: webui
Rules: -
Access Zone: prod
Allocation Method: static
Aggregation Mode: lacp
SC Suspended Nodes: -
Description: Pool created for webui access
Ifaces: 1:ext-agg, 2:ext-agg, 3:ext-agg, 4:ext-agg
IP Ranges: 192.168.91.15-192.168.91.18
Rebalance Policy: auto
SC Auto Unsuspend Delay: 0
SC Connect Policy: round_robin
SC Zone:
SC DNS Zone Aliases:
SC Failover Policy: round_robin
SC Subnet:
SC TTL: 0
Static Routes: -

ID: groupnet1.subnet1.smb
Groupnet: groupnet1
Subnet: subnet1
Name: smb
Rules: -
Access Zone: prod
Allocation Method: static
Aggregation Mode: lacp
SC Suspended Nodes: -
Description: Pool created for smb access
Ifaces: 1:ext-agg, 2:ext-agg, 3:ext-agg, 4:ext-agg
IP Ranges: 192.168.91.19-192.168.91.22
Rebalance Policy: auto
SC Auto Unsuspend Delay: 0
SC Connect Policy: round_robin
SC Zone:
SC DNS Zone Aliases:
SC Failover Policy: round_robin
SC Subnet:
SC TTL: 0
Static Routes: -

ID: groupnet1.subnet1.nfs
Groupnet: groupnet1
Subnet: subnet1
Name: nfs
Rules: -
Access Zone: prod
Allocation Method: dynamic
Aggregation Mode: lacp
SC Suspended Nodes: -
Description: Pool created for nfs access
Ifaces: 1:ext-agg, 2:ext-agg, 3:ext-agg, 4:ext-agg
IP Ranges: 192.168.91.27-192.168.91.34
Rebalance Policy: auto
SC Auto Unsuspend Delay: 0
SC Connect Policy: round_robin
SC Zone:
SC DNS Zone Aliases:
SC Failover Policy: round_robin
SC Subnet:
SC TTL: 0
Static Routes: -

ID: groupnet1.subnet1.synciq
Groupnet: groupnet1
Subnet: subnet1
Name: synciq
Rules: -
Access Zone: System
Allocation Method: static
Aggregation Mode: lacp
SC Suspended Nodes: -
Description: Pool created for synciq access
Ifaces: 1:ext-agg, 2:ext-agg, 3:ext-agg, 4:ext-agg
IP Ranges: 192.168.91.35-192.168.91.38
Rebalance Policy: auto
SC Auto Unsuspend Delay: 0
SC Connect Policy: round_robin
SC Zone:
SC DNS Zone Aliases:
SC Failover Policy: round_robin
SC Subnet:
SC TTL: 0
Static Routes: -

ID: groupnet2.subnet1.ndmp
Groupnet: groupnet1
Subnet: subnet1
Name: ndmp
Rules: -
Access Zone: System
Allocation Method: static
Aggregation Mode: lacp
SC Suspended Nodes: -
Description: Pool created for ndmp access
Ifaces: 1:ext-agg, 2:ext-agg, 3:ext-agg, 4:ext-agg
IP Ranges: 192.168.91.39-192.168.91.42
Rebalance Policy: auto
SC Auto Unsuspend Delay: 0
SC Connect Policy: round_robin
SC Zone:
SC DNS Zone Aliases:
SC Failover Policy: round_robin
SC Subnet:
SC TTL: 0
Static Routes: -

SUBNET2 - test
ID: groupnet2.subnet2
Name: subnet2
Groupnet: groupnet2
Pools: smb, nfs
Addr Family: ipv4
Base Addr: 192.168.92.0
CIDR: 192.168.92.0/24
Description: Subnet for test zone
DSR Addrs: -
Gateway: 192.168.92.1
Gateway Priority: 30
MTU: 1500
Prefixlen: 24
Netmask: 255.255.255.0
SC Service Addrs: 192.168.92.10-192.168.92.10
SC Service Name:
VLAN Enabled: True
VLAN ID: 102

ID: groupnet2.subnet2.smb
Groupnet: groupnet2
Subnet: subnet2
Name: smb
Rules: -
Access Zone: prod
Allocation Method: static
Aggregation Mode: lacp
SC Suspended Nodes: -
Description: Pool created for smb access
Ifaces: 1:ext-agg, 2:ext-agg, 3:ext-agg, 4:ext-agg
IP Ranges: 192.168.92.11-192.168.92.14
Rebalance Policy: auto
SC Auto Unsuspend Delay: 0
SC Connect Policy: round_robin
SC Zone:
SC DNS Zone Aliases:
SC Failover Policy: round_robin
SC Subnet:
SC TTL: 0
Static Routes: -

ID: groupnet2.subnet2.nfs
Groupnet: groupnet2
Subnet: subnet2
Name: nfs
Rules: -
Access Zone: prod
Allocation Method: dynamic
Aggregation Mode: lacp
SC Suspended Nodes: -
Description: Pool created for nfs access
Ifaces: 1:ext-agg, 2:ext-agg, 3:ext-agg, 4:ext-agg
IP Ranges: 192.168.92.15-192.168.92.22
Rebalance Policy: auto
SC Auto Unsuspend Delay: 0
SC Connect Policy: round_robin
SC Zone:
SC DNS Zone Aliases:
SC Failover Policy: round_robin
SC Subnet:
SC TTL: 0
Static Routes: -

1. How do you name the pools? Like pool0, pool1... or do you use smb,
nfs...?
2. How do you name the subnets? Like subnet0, subnet1... or something else?
3. Do you use System zone for NDMP backup in this scenario or prod/test?

c. ACCESS ZONES
- let's assume following

cluster1 hostname: isilon1
cluster2 hostname: isilon2

- best practice for root based directory is to name it /ifs/ /

1. On cluster isilon1 we create following 2 access zones:

Root base directory for production zone: /ifs/isilon1/prod
Root base directory for test zone: /ifs/isilon1/test

2. On cluster isilon2 we create following 2 access zones:

Root base directory for production zone: /ifs/isilon2/prod
Root base directory for test zone: /ifs/isilon2/test

3. In case Superna Eyeglass is used, we need to create (if I understand it
correctly) additional 2 access zones on each cluster, in order that
Eyeglass can failover DFS shares to the other cluster. As I understand it,
failover must be performed to the Access zone on the other cluster. If this
is correct we need to create/modify access zones and in the end it could
look like this with 4 access zones on each cluster:

a. On isilon1

Root base directory for isilon1 production zone: /ifs/isilon1/prod
Root base directory for isilon1 test zone: /ifs/isilon1/test
Root base directory for isilon2 production zone: /ifs/isilon2/prod
Root base directory for isilon2 test zone: /ifs/isilon2/test

b. On isilon2

Root base directory for isilon1 production zone: /ifs/isilon1/prod
Root base directory for isilon1 test zone: /ifs/isilon1/test
Root base directory for isilon2 production zone: /ifs/isilon2/prod
Root base directory for isilon2 test zone: /ifs/isilon2/test

Is this the best way to do it, or there is some other recommended way?

d. SHARES/EXPORTS
- Considering above, directory path for shares/exports should be as following:

/ifs/ / / /

For example for production zone on isilon1:

1. SMB share

/ifs/isilon1/prod/smb/share1

2. NFS export

/ifs/isilon1/prod/nfs/nfs_export1

For example for test zone on isilon1:

1. SMB share

/ifs/isilon1/test/smb/share1

2. NFS export

/ifs/isilon1/test/nfs/nfs_export1

e. ADDITIONAL QUESTIONS

1. Is the above design recommended and according to the best practices?
2. In case you need to have access to the same data using multiple
protocols (smb/nfs), how would you design access zones in this scenario?
2. Every now and then I stumble upon some articles where it's mentioned
that you can divide the network by multiple subnets (each with own vlanid).
For example you can have one subnet for smb, one subnet for nfs, one subnet
for synciq, one subnet for ndmp... However, I couldn't find some detailed
documentation about it. Is this approach possible, and what are the
cons/pros of this approach compared to the one described in this post?

Please comment/share your experience on above topics.

Thank you all!