Newly deployed 8.2.1 cluster with two nodes (one fail-over pair). We have the node and cluster management port and lifs on a private network (10.10.x.x). Data vservers are on a different other "public" subnets. We see that the secd (security daemon) is using both data and cluster management lifs. Seems as if secd on each node is using either a data lif or the cluster management lif depending on the vserver making the request. Our issue is that not all the information services are accessible via the 10.10.x.x subnet. Is there a way to tell secd to use the data lifs only?
I guess a related question is if it matters if secd on one node is always failing, while the other is fine?
Netapp support said to alter the route metrics (increase the metric number for the management lifs). Is that the solution or is there another? On the phone with support we changed the metrics for the node management lif, while really we probably need to adjust the metric for the cluster lif.
I'm wondering if there isn't a way to "bind" secd to particular lifs.