{"id":2357,"date":"2012-10-01T12:50:37","date_gmt":"2012-10-01T18:50:37","guid":{"rendered":"http:\/\/www.jasemccarty.com\/blog\/?p=2357"},"modified":"2012-12-30T14:49:29","modified_gmt":"2012-12-30T20:49:29","slug":"configuring-emc-isilon-smartconnect-part-iii-isolated-storage-network","status":"publish","type":"post","link":"https:\/\/www.jasemccarty.com\/blog\/configuring-emc-isilon-smartconnect-part-iii-isolated-storage-network\/","title":{"rendered":"Configuring EMC Isilon SmartConnect \u2013 Part III: Isolated Storage Networks"},"content":{"rendered":"<p>Looking back that the <strong><a title=\"Configuring EMC Isilon SmartConnect \u2013 Part I: SmartConnect Basic\" href=\"http:\/\/www.jasemccarty.com\/blog\/?p=2131\">SmartConnect Part I<\/a><\/strong> post, remember that SmartConnect is handling DNS delegation of the SmartConnect Zone name (FQDN)&#8230; So&#8230; What happens if the SmartConnect Zone for an NFS data network is on an isolated network? Keep in mind, that DNS needs to contact the SmartConnect Service IP to request an IP resolution for the FQDN.\u00a0 How can this happen if the SmartConnect Service IP for that zone is on an isolated network?<\/p>\n<p>The first network defined for the &#8220;front-end&#8221; is typically configured as <strong>subnet0<\/strong>.\u00a0 It is a common practice to leverage subnet0 for the management of an Isilon cluster.\u00a0 When using IP based storage in vSphere environments, it is a best practice to have the storage traffic isolated from the regular network.\u00a0 In my previous posts (<strong><a title=\"Configuring EMC Isilon SmartConnect \u2013 Part I: SmartConnect Basic\" href=\"http:\/\/www.jasemccarty.com\/blog\/?p=2131\">SmartConnect Part I<\/a><\/strong> &amp; <strong><a title=\"Configuring EMC Isilon SmartConnect \u2013 Part II: SmartConnect Advanced\" href=\"http:\/\/www.jasemccarty.com\/blog\/?p=2133\">SmartConnect Part II<\/a><\/strong>) the SmartConnect Zone was on the same subnet\/pool.\u00a0 When this is the case, and isolated networks are being used, it is impossible to leverage SmartConnect on the isolated network, unless there is a DNS, and subsequent delegation, in that isolated network.<\/p>\n<p><!--more-->In my demo environment, I have the following configuration:<\/p>\n<ul>\n<li>8 Isilon nodes<\/li>\n<li><strong>subnet0 <\/strong>configured with\n<ul>\n<li>subnet 192.168.1.0<\/li>\n<li>netmask 255.255.255.0<\/li>\n<li>gateway 192.168.1.1<\/li>\n<li>SmartConnect service IP: 192.168.1.80<\/li>\n<li>SSIP DNS Name: ssip.domain.local<\/li>\n<\/ul>\n<\/li>\n<li><strong>pool0 <\/strong>configured with\n<ul>\n<li>IP range; 192.168.1.81-192.168.1.88<\/li>\n<li>Zone name: isilon.domain.local<\/li>\n<li>SmartConnect service subnet: subnet0<\/li>\n<\/ul>\n<\/li>\n<li><strong>subnet1<\/strong>configured with\n<ul>\n<li>subnet 172.16.1.0<\/li>\n<li>netmask 255.255.255.0<\/li>\n<li>gateway 172.16.1.1<\/li>\n<li>SmartConnect service IP: 172.16.1.80<\/li>\n<li>SSIP DNS Name: ssip.nfs.domain.local<\/li>\n<\/ul>\n<\/li>\n<li><strong>pool1<\/strong>configured with\n<ul>\n<li>IP range: 172.16.1.81-172.16.1.88<\/li>\n<li>Zone name: isilon.nfs.domain.local<\/li>\n<li>SmartConnect service subnet: subnet1<\/li>\n<\/ul>\n<p>&nbsp;<\/li>\n<\/ul>\n<p>The following graphic details the typical look-up process for the <strong>isilon.domain.local<\/strong> SmartConnect Zone.<\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/gif_12.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter  wp-image-2371\" title=\"SmartConnect I\" src=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/gif_12.gif\" alt=\"\" width=\"580\" height=\"313\" srcset=\"https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/gif_12.gif 725w, https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/gif_12-300x161.gif 300w\" sizes=\"auto, (max-width: 580px) 100vw, 580px\" \/><\/a><\/p>\n<p style=\"text-align: left;\">The process is as follows:<\/p>\n<ol>\n<li>Query the Isilon Fully Qualified Domain Name (isilon.domain.local)<\/li>\n<li>DNS delegates the query to the SmartConnect Service IP (ssip.domain.local DNS record)<\/li>\n<li>SmartConnect gives out the SmartConnect Zone Name<\/li>\n<li>The FQDN is accessed by the Management Network<\/li>\n<\/ol>\n<p><a href=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/querysc1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2403\" title=\"Query isilon.domain.local\" src=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/querysc1.png\" alt=\"\" width=\"496\" height=\"193\" srcset=\"https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/querysc1.png 496w, https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/querysc1-300x116.png 300w\" sizes=\"auto, (max-width: 496px) 100vw, 496px\" \/><\/a><\/p>\n<p>Because the IP returned is on the 192.168.1.x range, the data flow is between the vSphere <strong>Management Network<\/strong> and <strong>subnet0\/pool0<\/strong> of the Isilon Cluster.<\/p>\n<p>As previously stated, this isn&#8217;t the preferred method.\u00a0 Subnet0\/pool0 aren&#8217;t isolated.<\/p>\n<p>We really want our NFS datastores to be accessed on our NFS Storage Network (172.16.1.x) which is serviced by <strong>subnet1\/pool1<\/strong> on our Isilon Cluster, with the SmartConnect Zone name of <strong>isilon.nfs.domain.local<\/strong>.<\/p>\n<p>Following the same process, it would be:<\/p>\n<ol>\n<li>Query the Isilon Fully Qualified Domain Name (isilon.nfs.domain.local)<\/li>\n<li>DNS delegates the query to the SmartConnect Service IP (ssip.nfs.domain.local DNS record)<\/li>\n<li><del>SmartConnect gives out the SmartConnect Zone Name<br \/>\n<\/del><\/li>\n<li><del>The FQDN is accessed by the NFS Data Network<\/del><\/li>\n<\/ol>\n<p><a href=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/querysc2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2405\" title=\"Query isilon.nfs.domain.local\" src=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/querysc2.png\" alt=\"\" width=\"531\" height=\"183\" srcset=\"https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/querysc2.png 531w, https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/querysc2-300x103.png 300w\" sizes=\"auto, (max-width: 531px) 100vw, 531px\" \/><\/a><\/p>\n<p>But this doesn&#8217;t work&#8230; Because there is no connectivity from our DNS server to our SmartConnect Service IP for our second Zone (isilon.nfs.domain.local).<\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/gif_2.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter  wp-image-2383\" title=\"SmartConnect II\" src=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/gif_2.gif\" alt=\"\" width=\"580\" height=\"313\" srcset=\"https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/gif_2.gif 725w, https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/gif_2-300x161.gif 300w\" sizes=\"auto, (max-width: 580px) 100vw, 580px\" \/><\/a><\/p>\n<p style=\"text-align: left;\">Examining at the SmartConnect settings for each pool will show why this does not work.<\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/smartconnect.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2385\" title=\"Pool0\" src=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/smartconnect.png\" alt=\"\" width=\"452\" height=\"116\" srcset=\"https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/smartconnect.png 452w, https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/smartconnect-300x76.png 300w\" sizes=\"auto, (max-width: 452px) 100vw, 452px\" \/><\/a><strong>Pool0<\/strong><\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/smartconnect1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2386\" title=\"Pool1\" src=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/smartconnect1.png\" alt=\"\" width=\"459\" height=\"123\" srcset=\"https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/smartconnect1.png 459w, https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/smartconnect1-300x80.png 300w\" sizes=\"auto, (max-width: 459px) 100vw, 459px\" \/><\/a><strong>Pool1<\/strong><\/p>\n<p style=\"text-align: left;\">Notice how each pool is leveraging the SmartConnect service subnet that it resides in?<\/p>\n<p style=\"text-align: left;\"><strong>Pool0<\/strong>, which is part of <strong>subnet0<\/strong>, is using the <em>SmartConnect service subnet of <strong>subnet0<\/strong><\/em>.<\/p>\n<p style=\"text-align: left;\">The DNS server has access to subnet0, and can properly return a value for <strong>isilon.domain.local<\/strong>.<\/p>\n<p style=\"text-align: left;\"><strong>Pool1<\/strong> on the other hand, is configured for a <em>SmartConnect service subnet of <strong>subnet1<\/strong><\/em>.<\/p>\n<p style=\"text-align: left;\">Because the DNS server does not have access to subnet1, it cannot delegate to the SmartConnect service IP (172.16.1.80) for resolution of <strong>isilon.nfs.domain.local<\/strong>.<\/p>\n<p style=\"text-align: left;\">Making a couple changes will correct the issue.<\/p>\n<ul>\n<li>Update the DNS Delegation to point to ssip.domain.local<br \/>\n(which is on subnet0, and accessible by the DNS server)<br \/>\n<a href=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/ssip1.png\"><img loading=\"lazy\" decoding=\"async\" title=\"Delegation\" src=\"\/blog\/wp-content\/uploads\/2012\/10\/ssip1.png\" alt=\"\" width=\"497\" height=\"83\" \/><\/a><\/li>\n<li>Update the SmartConnect service subnet for subnet1\/pool1 to use subnet0 to answer SmartConnect queries <em>on behalf of <\/em>subnet1.<br \/>\n<a href=\"\/blog\/wp-content\/uploads\/2012\/10\/smartconnect2.png\"><img loading=\"lazy\" decoding=\"async\" title=\"SmartConnect III\" src=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/smartconnect2.png\" alt=\"\" width=\"456\" height=\"125\" \/><\/a><\/li>\n<\/ul>\n<p>Now the process is:<\/p>\n<ol>\n<li>Query the Isilon Fully Qualified Domain Name (isilon.nfs.domain.local)<\/li>\n<li>DNS delegates the query to the SmartConnect Service IP (ssip.domain.local DNS record)<\/li>\n<li>SmartConnect gives out the SmartConnect Zone Name<\/li>\n<li>The FQDN is accessed by the NFS Data Network<\/li>\n<\/ol>\n<p>Attempting this again, shows the proper results.<\/p>\n<p><a href=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/querysc3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2407\" title=\"Query isilon.nfs.domain.local\" src=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/querysc3.png\" alt=\"\" width=\"523\" height=\"279\" srcset=\"https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/querysc3.png 523w, https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/querysc3-300x160.png 300w\" sizes=\"auto, (max-width: 523px) 100vw, 523px\" \/><\/a><\/p>\n<p>This graphic demonstrates the process:<\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/gif_3.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter  wp-image-2400\" title=\"Data Flow\" src=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/gif_3.gif\" alt=\"\" width=\"580\" height=\"313\" srcset=\"https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/gif_3.gif 725w, https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/gif_3-300x161.gif 300w\" sizes=\"auto, (max-width: 580px) 100vw, 580px\" \/><\/a><\/p>\n<p style=\"text-align: left;\">In my previous SmartConnect posts (<strong><a title=\"Configuring EMC Isilon SmartConnect \u2013 Part I: SmartConnect Basic\" href=\"http:\/\/www.jasemccarty.com\/blog\/?p=2131\">SmartConnect Part I<\/a><\/strong> &amp; <strong><a title=\"Configuring EMC Isilon SmartConnect \u2013 Part II: SmartConnect Advanced\" href=\"http:\/\/www.jasemccarty.com\/blog\/?p=2133\">SmartConnect Part II<\/a><\/strong>), I did not really cover the process of assigning a different SmartConnect service subnet to accommodate for subnets\/pools that were isolated.\u00a0 I hope that this clears things up.<\/p>\n<p style=\"text-align: left;\">And just for refreshers, the Best Practice Guide can be found here: <strong><a title=\"EMC Isilon Scale-out Storage and VMware vSphere 5 Best Practice Guide\" href=\"http:\/\/simple.isilon.com\/doc-viewer\/1739\/emc-isilon-scale-out-storage-and-vmware-vsphere-5-best-practice-guide.pdfhttp:\/\/\" target=\"_blank\">EMC Isilon Scale-out Storage and VMware vSphere 5 Best Practice Guide.<\/a><\/strong><\/p>\n<p style=\"text-align: left;\">Thanks go to <strong><a title=\"James Walkenhorst\" href=\"http:\/\/twitter.com\/walkjaw\" target=\"_blank\">James Walkenhorst<\/a><\/strong> for his input.<\/p>\n<p style=\"text-align: left;\"><strong>Update:<\/strong> Something I forgot to add. in the past, I have always setup a gateway address and SmartConnect service IP on each subnet I had created.\u00a0 Upon standing up a new cluster tonight, I realized that the above method also works for subnets\/zones that do not have a SSIP associated with it.\u00a0 In standing up a new cluster, I left the SmartConnect service IP blank (not really using it on the isolated network), and it still works.\u00a0 Again, this is because the SSIP for subnet0 is answering for the SmartConnect Zone on subnet1.\u00a0 (I used different addresses, as my primary cluster is still running)<\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/validation.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter  wp-image-2429\" title=\"Update\" src=\"http:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/validation.png\" alt=\"\" width=\"592\" height=\"324\" srcset=\"https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/validation.png 986w, https:\/\/www.jasemccarty.com\/blog\/wp-content\/uploads\/2012\/10\/validation-300x164.png 300w\" sizes=\"auto, (max-width: 592px) 100vw, 592px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Looking back that the SmartConnect Part I post, remember that SmartConnect is handling DNS delegation of the SmartConnect Zone name (FQDN)&#8230; So&#8230; What happens if &hellip; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,12],"tags":[35,47,58,124,111],"class_list":["post-2357","post","type-post","status-publish","format-standard","hentry","category-storage-2","category-virtualization","tag-emc","tag-isilon","tag-nfs","tag-smartconnect","tag-vsphere"],"_links":{"self":[{"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/posts\/2357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/comments?post=2357"}],"version-history":[{"count":59,"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/posts\/2357\/revisions"}],"predecessor-version":[{"id":2410,"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/posts\/2357\/revisions\/2410"}],"wp:attachment":[{"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/media?parent=2357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/categories?post=2357"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/tags?post=2357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}