Skip to main content

Creating a cluster peer relationship (starting with ONTAP 9.4)

You can create a cluster peer relationship between two clusters by providing a system-generated passphrase and the IP addresses of the intercluster LIFs of the remote cluster.

About this task

Beginning in ONTAP 9.6, cluster peering encryption is enabled by default on all newly created cluster peering relationships. Cluster peering encryption is not available for clusters running ONTAP 9.5 or earlier. Therefore, both clusters in the peering relationship must be running ONTAP 9.6 in order to enable cluster peering encryption.

Cluster peering encryption uses the Transport Security Layer (TLS) to secure cross-cluster peering communications for ONTAP features such as SnapMirror and FlexCache.

You can use the cluster peer create command to create a peer relationship between a local cluster and a remote cluster. After the peer relationship has been created, you can run the cluster peer create command on the remote cluster to authenticate the peer relationship to the local cluster.
Note
For the complete command syntax, refer to the main page.

Before you begin

Before creating a cluster peer relationship, you should create the intercluster LIFs on each node in the peered clusters.

Procedure

  1. To create a peer relationship with the source cluster on the destination cluster, run the command cluster peer create -generate-passphrase -offer-expiration MM/DD/YYYY HH:MM:SS|1...7days|1...168hours -peer-addrs peer_LIF_IPs -ipspace ipspace.
    Note

    • If you specify -generate-passphrase and -peer-addrs, only the cluster whose intercluster LIFs are specified in -peer-addrs can use the generated password.

    • If the custom IPspace is not used, you can ignore the -ipspace option.

    • Following is the example for creating a cluster peer relationship on an unspecified remote cluster:
      cluster02::> cluster peer create -generate-passphrase -offer-expiration 2days

              Passphrase: UCa+6lRVICXeL/gq1WrK7ShR
          Expiration Time: 6/7/2017 08:16:10 EST
      Initial Allowed Vserver Peers: -
          Intercluster LIF IP: 192.140.112.101
              Peer Cluster Name: Clus_7ShR (temporary generated)

      Warning: make a note of the passphrase - it cannot be displayed again.
  2. To authenticate the source cluster to the destination cluster, run the command cluster peer create -peer-addrs peer_LIF_IPs -ipspace ipspace.
    Following is the example for authenticating the local cluster to the remote cluster at intercluster LIF IP addresses 192.140.112.101 and 192.140.112.102:
        cluster01::> cluster peer create -peer-addrs 192.140.112.101,192.140.112.102

        Notice: Use a generated passphrase or choose a passphrase of 8 or more characters.
            To ensure the authenticity of the peering relationship, use a phrase or sequence of 
            characters that would be hard to guess.

        Enter the passphrase:

        Confirm the passphrase:

        Clusters cluster02 and cluster01 are peered.
    Enter the passphrase for the peer relationship when prompted.
  3. To verify that the cluster peer relationship is created, run the command cluster peer show -instance.
    Following is the example:
    cluster01::> cluster peer show -instance

                Peer Cluster Name: cluster02
            Remote Intercluster Addresses: 192.140.112.101, 192.140.112.102
        Availability of the Remote Cluster: Available
                Remote Cluster Name: cluster2
                Active IP Addresses: 192.140.112.101, 192.140.112.102
                Cluster Serial Number: 1-80-123456
            Address Family of Relationship: ipv4
        Authentication Status Administrative: no-authentication
        Authentication Status Operational: absent
                    Last Update Time: 02/05 21:05:41
                IPspace for the Relationship: Default
  4. To check the connectivity and status of the nodes in the peer relationship, run the command cluster peer health show.
    Following is the example:
    cluster01::> cluster peer health show
    Node    cluster-Name    Node-Name
            Ping-Status     RDB-Health Cluster-Health  Avail…
    ---------- --------------------------- ---------  --------------- --------
    cluster01-01
        cluster02        cluster02-01
        Data: interface_reachable
        ICMP: interface_reachable true    true    true
                         cluster02-02
        Data: interface_reachable
        ICMP: interface_reachable true    true    true
    cluster01-02
        cluster02        cluster02-01
        Data: interface_reachable
        ICMP: interface_reachable true    true    true
                             cluster02-02
        Data: interface_reachable
        ICMP: interface_reachable true    true    true