netapp filer snapmirror tunneling with ssh

Hello all,

Can any one please give me some info if snapmirror can be tunneled over ssh? I am trying to do that and then while searching for some info I came across some comments mentioning that it is not possible.

Thanks
naufalAsked:
Who is Participating?
 
Duncan MeyersConnect With a Mentor Commented:
0
 
Duncan MeyersCommented:
No, it can't. It uses a straight IP connection, so the only way you can send it through an encrypted tunnel is to set up a VPN and send the traffic down that. Having said that, I thought SnapMirror encrypted replication traffic by default - but that may depend on the filer model and version of DataONTAP you're running.
0
 
naufalAuthor Commented:
Hi,

Thanks for your reply. Can you please tell me some source from where I can get this documented for my boss!!! Also what exactly do you mean by straight IP conenction? like straight as in straight no tunneling or some thing. I'll check on the netapp website about the filer model and data ontap version to see if encryption is possible in any of the model. Netapp support never mentioned this fact that it might be supoprted on any other filer models or Data ontap version.

Thanks a bunch again! I was trying to do this for days! thought should be pretty straight forward.
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
Duncan MeyersCommented:
My apologies - SnapMirror does not encrypt traffic. See: http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=75206

SnapMirror either uses a Fibre Channel connection or IP - it expects to be able to talk to another NetApp array either via FC or IP. You configure the IP addresses of the other NetApp array when you configure SnapMirror and it uses TCP to communicate.
0
 
naufalAuthor Commented:
Please correct me if I a wrong but does the SSH tunnel also not use IP. ITs just that the traffic is encrypted beneath no? What Ia am doing is that instead of directly giving the IP of the source filer which would be another private IP I am telling the destination filer the IP of my machine which has SSH tunnel up for the source filer.

Regards
0
 
Duncan MeyersCommented:
Yes, of course it does - but it has to be invisible to the filers - like a VPN tunnel.
0
 
naufalAuthor Commented:
so does is invisible in case of SSH tunnel!? May be is it that source filer makes an arbitrary connection back to destination filer which SSH tunnel cannot handle? But as far as I know, its the destination filer which connects to the source at port 10566 to initiate the transfer.



0
 
Duncan MeyersCommented:
Perhaps you've got a routing issue or port 10566 isn't going across the tunnel. See http://communities.netapp.com/thread/2171;jsessionid=4FFB40AE0AEAB790753734F98B4C5AE8?tstart=0

0
 
naufalAuthor Commented:
Hey,

Thanks, I got it!!! it was not only port 10566 but others as well.

Thanks,

0
 
Duncan MeyersCommented:
Thanks! Glad I could help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.