netapp filer snapmirror tunneling with ssh
Hello all,
Can any one please give me some info if snapmirror can be tunneled over ssh? I am trying to do that and then while searching for some info I came across some comments mentioning that it is not possible.
Thanks
Can any one please give me some info if snapmirror can be tunneled over ssh? I am trying to do that and then while searching for some info I came across some comments mentioning that it is not possible.
Thanks
Duncan Meyers
No, it can't. It uses a straight IP connection, so the only way you can send it through an encrypted tunnel is to set up a VPN and send the traffic down that. Having said that, I thought SnapMirror encrypted replication traffic by default - but that may depend on the filer model and version of DataONTAP you're running.
ASKER
Hi,
Thanks for your reply. Can you please tell me some source from where I can get this documented for my boss!!! Also what exactly do you mean by straight IP conenction? like straight as in straight no tunneling or some thing. I'll check on the netapp website about the filer model and data ontap version to see if encryption is possible in any of the model. Netapp support never mentioned this fact that it might be supoprted on any other filer models or Data ontap version.
Thanks a bunch again! I was trying to do this for days! thought should be pretty straight forward.
Thanks for your reply. Can you please tell me some source from where I can get this documented for my boss!!! Also what exactly do you mean by straight IP conenction? like straight as in straight no tunneling or some thing. I'll check on the netapp website about the filer model and data ontap version to see if encryption is possible in any of the model. Netapp support never mentioned this fact that it might be supoprted on any other filer models or Data ontap version.
Thanks a bunch again! I was trying to do this for days! thought should be pretty straight forward.
My apologies - SnapMirror does not encrypt traffic. See: http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=75206
SnapMirror either uses a Fibre Channel connection or IP - it expects to be able to talk to another NetApp array either via FC or IP. You configure the IP addresses of the other NetApp array when you configure SnapMirror and it uses TCP to communicate.
SnapMirror either uses a Fibre Channel connection or IP - it expects to be able to talk to another NetApp array either via FC or IP. You configure the IP addresses of the other NetApp array when you configure SnapMirror and it uses TCP to communicate.
ASKER
Please correct me if I a wrong but does the SSH tunnel also not use IP. ITs just that the traffic is encrypted beneath no? What Ia am doing is that instead of directly giving the IP of the source filer which would be another private IP I am telling the destination filer the IP of my machine which has SSH tunnel up for the source filer.
Regards
Regards
Yes, of course it does - but it has to be invisible to the filers - like a VPN tunnel.
ASKER
so does is invisible in case of SSH tunnel!? May be is it that source filer makes an arbitrary connection back to destination filer which SSH tunnel cannot handle? But as far as I know, its the destination filer which connects to the source at port 10566 to initiate the transfer.
Perhaps you've got a routing issue or port 10566 isn't going across the tunnel. See http://communities.netapp.com/thread/2171;jsessionid=4FFB40AE0AEAB790753734F98B4C5AE8?tstart=0
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey,
Thanks, I got it!!! it was not only port 10566 but others as well.
Thanks,
Thanks, I got it!!! it was not only port 10566 but others as well.
Thanks,
Thanks! Glad I could help.