Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit

131

132

133

134

135

136

137

138

139

140

Fabric OS Encryption Administrator’s Guide 117

53-1002159-03

Configuring cluster links

Special consideration for blades

HA clusters of FS8-18 blades should not include blades in the same DCX chassis.

For FS8-18 blades, the slot number must also be included in the ipaddrset command, for example:

switch:admin> ipaddrset -slot 7 -eth0 --add 10.32.33.34/23

switch:admin> ipaddrset -slot 7 -gate --add 10.32.1.1

There are additional considerations if blades are removed and replaced, or moved to a different

slot. On chassis-based systems, IP addresses are assigned to the slot rather than the blade, and

are saved in non-volatile storage on the control processor blades. IP addresses may be assigned

even if no blade is present. If an FS8-18 blade is installed in a slot that was previously configured

for a different type of blade with two IP ports (an FC4-16E blade, for example), the FS8-18 blade is

assigned the address specified for -eth0 in that slot.

To be sure the correct IP addresses are assigned, use the ipaddrshow command to display the

IP address assignments, as shown in the following example:

switch:admin> ipaddrshow -slot 7

SWITCH

Ethernet IP Address: 10.33.54.207

Ethernet Subnetmask: 255.255.240.0

Fibre Channel IP Address: none

Fibre Channel Subnetmask: none

Gateway IP Address: 10.33.48.1

DHCP: Off

eth0: 10.33.54.208/20

eth1: none/none

Gateway: 10.33.48.1

NOTE

The IP address of the cluster link should be configured before enabling the encryption engine for

encryption. If the IP address is configured after the encryption engine is enabled for encryption, or

if the IP address of the cluster link ports is modified after the encryption engine is enabled for

encryption, the encryption switch must be rebooted, and the encryption blade must be powered off

and powered on (slotpoweroff/slotpoweron) for the IP address configuration to take effect. Failure

to do so will result in the re-key operation not starting in the encryption group or high availability (HA)

cluster.

IP Address change of a node within an encryption group

Modifying the IP address of a node that is part of an encryption group is disruptive in terms of

cluster operation. The change causes the encryption group to split, and if the node was part of an

HA cluster, failover/failback capability is lost. The ipaddrset command issues no warning and you

are not prevented from changing a node IP address that is part of a configured encryption group or

HA cluster. The recommended steps for modifying the IP address of a node are provided below. the

procedures are based on whether the node is a group leader or a member node.