ONTAP 9.14

to Japanese version

Network features by release

Analyze the impact of network features available with each ONTAP 9 release.

Available beginning



ONTAP 9.13.1

Increased data LIF limits

ONTAP provides greater flexibility by increasing data LIF scaling limits for both HA pairs and clusters.

To view the number of IP data LIFs capable of being configured on each node, run the network interface capacity details show command.

For more information on adding LIFs, see Create a LIF.

ONTAP 9.12.1

LIF Services

You can use the management-log-forwarding service to control which LIFs are used to forward audit logs to a remote syslog server.

For more information on the log forwarding feature, see Manage audit log destinations.

ONTAP 9.12.1

ONTAP System Manager networking enhancements

ONTAP System Manager offers more control over the subnet and home port selection during network interface creation. ONTAP System Manager also supports the configuration of NFS/RDMA connections.

ONTAP 9.12.0

ONTAP System Manager networking enhancements

ONTAP 9.11.1

iSCSI LIF Failover

The new iSCSI LIF failover feature supports automatic and manual migration of iSCSI LIFs in an SFO partner failover and in a local failover.

It is available for All-Flash SAN Array (ASA) platforms.

ONTAP 9.11.1

LIF Services

New client-side LIF services provide more control over which LIFs are used for outbound AD, DNS, LDAP, and NIS requests.

ONTAP 9.11.1

Link Layer Discovery Protocol (LLDP)

The cluster network supports LLDP to allow ONTAP to work with cluster switches that do not support Cisco Discovery Protocol (CDP).

ONTAP 9.10.1

Automatic detection and repair recommendations for network wiring issues

ONTAP can automatically detect and recommend corrections for network wiring issues based on a broadcast domain constituent’s (ethernet ports) layer-2 reachability.

When a port reachability issue is detected, ONTAP System Manager recommends a repair operation to resolve the issue.

ONTAP 9.10.1

Internet Protocol security (IPsec) certificate authentication

IPsec policies now support pre-shared keys (PSKs) and certificates for authentication.

  • Policies configured with PSKs require sharing of the key among all clients in the policy.

  • Policies configured with certificates do not require sharing of the key among clients because each client can have its own unique certificate for authentication.

ONTAP 9.10.1

LIF services

Firewall policies are deprecated and wholly replaced with LIF service policies.

A new NTP LIF service provides more control over which LIFs are used for outbound NTP requests.

ONTAP 9.10.1


ONTAP offers support for NFS over RDMA, a higher performance realization of NFSv4.0 for customers with the NVIDIA GDX ecosystem. Utilizing RDMA adapters allows memory to be copied directly from storage to the GPU, circumventing the CPU overhead.

ONTAP 9.9.1

Cluster resiliency

The following cluster resiliency and diagnostic improvements improve the customer experience:

  • Port monitoring and avoidance:

    • In two-node switchless cluster configurations, the system avoids ports that experience total packet loss (connectivity loss). Previously this functionality was only available in switched configurations.

  • Automatic node failover:

    • If a node cannot serve data across its cluster network, that node should not own any disks. Instead its HA partner should take over, if the partner is healthy.

  • Commands to analyze connectivity issues:

    • Use the following command to display which cluster paths are experiencing packet loss:
      network interface check cluster-connectivity show

ONTAP 9.9.1

VIP LIF enhancements

The following fields have been added to extend virtual IP (VIP) border gateway protocol (BGP) functionality:

  • -asn or -peer-asn (4-byte value)
    The attribute itself is not new, but it now uses a 4-byte integer.

  • -med

  • -use-peer-as-next-hop

The asn_integer parameter specifies the autonomous system number (ASN) or peer ASN.

  • Beginning with ONTAP 9.8, ASN for BGP supports a 2-byte non-negative integer. This is a 16-bit number (0 - 64511 available values).

  • Beginning with ONTAP 9.9.1, ASN for BGP supports a 4-byte non-negative integer (65536 - 4294967295). The default ASN is 65501. ASN 23456 is reserved for ONTAP session establishment with peers that do not announce 4-byte ASN capability.

You can make advanced route selections with Multi-Exit Discriminator (MED) support for path prioritization. MED is an optional attribute in the BGP update message that tells routers to select the best route for the traffic. The MED is an unsigned 32-bit integer (0 - 4294967295); lower values are preferred.

VIP BGP provides default route automation using BGP peer grouping to simplify configuration. ONTAP has a simple way to learn default routes using the BGP peers as next-hop routers when the BGP peer is on the same subnet. To use the feature, set the -use-peer-as-next-hop attribute to true. By default, this attribute is false.


Auto port placement

ONTAP can automatically configure broadcast domains, select ports, and help configure network interfaces (LIFs), virtual LANs (VLANs), and link aggregation groups (LAGs) based on reachability and network topology detection.

When you first create a cluster, ONTAP automatically discovers the networks connected to ports and configures the needed broadcast domains based on layer 2 reachability. You no longer have to configure broadcast domains manually.

A new cluster will continue to be created with two IPspaces:

Cluster IPspace: Containing one broadcast domain for the cluster interconnect. You should never touch this configuration.

Default IPspace: Containing one or more broadcast domains for the remaining ports. Depending on your network topology, ONTAP configures additional broadcast domains as needed: Default-1, Default-2, and so on. You can rename these broadcast domains if desired, but do not modify which ports are configured in these broadcast domains.

When you configure network interfaces, the home port selection is optional. If you do not manually select a home port, ONTAP will attempt to assign an appropriate home port in the same broadcast domain as other network interfaces in the same subnet.

When creating a VLAN or adding the first port to a newly created LAG, ONTAP will attempt to automatically assign the VLAN or LAG to the appropriate broadcast domain based on its layer 2 reachability.

By automatically configuring broadcast domains and ports, ONTAP helps to ensure that clients maintain access to their data during failover to another port or node in the cluster.

Finally, ONTAP sends EMS messages when it detects that the port reachability is incorrect and provides the "network port reachability repair" command to automatically repair common misconfigurations.


Internet Protocol security (IPsec) over wire encryption

To ensure data is continuously secure and encrypted, even while in transit, ONTAP uses the IPsec protocol in transport mode. IPsec offers data encryption for all IP traffic including the NFS, iSCSI, and SMB protocols. IPsec provides the only encryption in flight option for iSCSI traffic.

Once IPsec is configured, network traffic between the client and ONTAP is protected with preventive measures to combat replay and man-in-the-middle (MITM) attacks.


Virtual IP (VIP) expansion

New fields have been added to the network bgp peer-group command. This expansion allows you to configure two additional Border Gateway Protocol (BGP) attributes for Virtual IP (VIP).

AS path prepend: Other factors being equal, BGP prefers to select the route with shortest AS (autonomous system) Path. You can use the optional AS path prepend attribute to repeat an autonomous system number (ASN), which increases the length of the AS path attribute. The route update with the shortest AS path will be selected by the receiver.

BGP community: The BGP community attribute is a 32-bit tag that can be assigned to the route updates. Each route update can have one or more BGP community tags. The neighbors receiving the prefix can examine the community value and take actions like filtering or applying specific routing policies for redistribution.


Switch CLI simplification

To simplify switch commands, the cluster and storage switch CLIs are consolidated. The consolidated switch CLIs include Ethernet switches, FC switches, and ATTO protocol bridges.

Instead of using separate "system cluster-switch" and "system storage-switch" commands, you now use "system switch". For the ATTO protocol bridge, instead of using "storage bridge", use "system bridge".

Switch health monitoring has similarly expanded to monitor the storage switches as well as the cluster interconnect switch. You can view health information for the cluster interconnect under "cluster_network" in the "client_device" table. You can view health information for a storage switch under "storage_network" in the "client_device" table.


IPv6 variable length

The supported IPv6 variable prefix length range has increased from 64 to 1 through 127 bits. A value of bit 128 remains reserved for virtual IP (VIP).

When upgrading, non-VIP LIF lengths other than 64 bits are blocked until the last node is updated.

When reverting an upgrade, the revert checks any non-VIP LIFs for any prefix other than 64 bits. If found, the check blocks the revert until you delete or modify the offending LIF. VIP LIFs are not checked.


Automatic portmap service

The portmap service maps RPC services to the ports on which they listen.

The portmap firewall service is eliminated. Instead, the portmap port is opened automatically for all LIFs that support the NFS service.


Cache search

You can cache NIS netgroup.byhost entries using the vserver services name-service nis-domain netgroup-database commands.

Top of Page