Multiple groupnets using the same subnet

Question

Hello, Could someone advise with onefs 8.x, we can setup multiple groupnets from the same network subnet ? Our Customer intends to accommodate 2 AD domains using 2 groupnets on their isilon from the same network subnet due to fewer network resorces at DR site. As far as i tested in lab, it does't allow overlapping subnet between different groupnets. I'm wondering if this is by design and if there's a future plan for any enhancement. --------------------------------------------------------------------------------------------- ex) iq221-1# isi network groupnet list ID        DNS Cache Enabled  DNS Search    DNS Servers   Subnets ----------------------------------------------------------------- groupnet0 True               isidom1.local 10.32.239.201 subnet0 groupnet1 True               isidom.local  10.32.7.250   subnet0 ----------------------------------------------------------------- Total: 2 iq221-1# iq221-1# isi network subnet list ID                Subnet         Gateway|Priority  Pools  SC Service ----------------------------------------------------------------------- groupnet0.subnet0 10.32.239.0/24 10.32.239.1|10    pool0  10.32.239.223                                                    pool1 groupnet1.subnet0 0.0.0.0/24     0.0.0.0|20        -      0.0.0.0 ----------------------------------------------------------------------- Total: 2 iq221-1# iq221-1# iq221-1# isi network subnets modify groupnet1.subnet0 --gateway=10.32.239.1 Subnet 'subnet0' (10.32.239.0/24) overlaps with 10.32.239.0/24 iq221-1# iq221-1# --------------------------------------------------------------------------------------------- Thanks in advnace!!

tezuky · Answer

Thanks sjones, i understand isilon's subnet only can belong to single groupnet.

sjones51 · Answer

Hi tezusky,

This is by design, and I am not aware of any plan to change this. Groupnets are designed to enable multi-tenant DNS support per access zone.

This explanation comes from the OneFS 8.0.0 Release notes on page 12:

Multi-tenant DNS support

OneFS 8.0.0 supports multiple DNS servers for each access zone so different tenants

that operate on the same Isilon cluster can use different DNS servers to perform host

name lookups. DNS servers are configured by a new network object called a

groupnet, which lives above a subnet. Each groupnet is associated with a single

access zone. The default system access zone is automatically associated with the

default groupnet. Authentication providers that communicate with an external server

must be associated with a groupnet. The DNS cache has been enhanced to maintain

separate caches for separate groupnets. You must create new access zones in order

for the groupnets to be used by protocols. The protocols that support groupnets are

SMB, NFS, HDFS, and Swift.

Peter_Sero · Answer

For each AD domain there will be one access zone on the cluster

(not counting the system access zone).

From a networking standpoint, the access zones are configured at the

same level as the SmartConnect zones, namely on the address pool level.

So you would use

one groupnet

one subnet

two address pools (specific IP addresses used by Isilon nodes, not clients)

- per pool: one SmartConnect zone, one access zone, one AD domain

Makes sense?

-- Peter

tezuky · Answer

Thank you, Peter. In our case, we have to consolidate CIFS servers on 2 VNX to the single isilon from two separate AD domains. There's no DNS forwarding or other equivalent feature between these AD domains, so we need to have 2 groupnets as per DNS server.

Isilon

Was this post helpful?