0

So I will be taking my single server (one external ip address) and splitting it into 3 different servers (live, testing, nfs-share storage) at a new datacenter. I don't really know how i can set up the networking that (i think) i'd like to have.

I was thinking that each server can have a public ip address, but also be hooked up together on a local network. Is this something that is possible, or am i completely misunderstanding how all of this works?

The reason i'd like a local network is because i don't really understand if the nfs-share will be operating at local network speeds (since they are all in the same physical location after all...), or if it will be acting as if it is just a regular external ip address.

I haven't bought any switches/routers/whatever yet.

Thanks for the info.

Eric
  • 5
  • 1
  • Well you should definitely have a local network between the three servers. So you datacenter would give you the option to add internal IPs using virtual interfaces. Any communication between the servers should be done on the private network. – Junaid Sep 16 '16 at 05:54
  • So i would be able to assign static ips to each server, but the datacenter could also hook me with with my own virtual interface (which contains only me on it)? – Eric Sep 16 '16 at 05:56
  • You can have two ip addresses on a single interface. So probably your servers will have a public IP assigned to each. From your Datacenter management interface you would be able to get Private IPs for each, then you will have to assign these new private IPs to your machines. We will have to know the OS versions if you want to know how that's done. – Junaid Sep 16 '16 at 05:58
  • Below from one of my CentOS Servers. As you can see i have a public and private IP assigned to the same eth0 interface. eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether f2:3c:91:84:b7:08 brd ff:ff:ff:ff:ff:ff inet 166.53.110.213/24 brd 166.53.110.255 scope global eth0 valid_lft forever preferred_lft forever inet 192.168.173.88/17 brd 192.168.255.255 scope global eth0:1 valid_lft forever preferred_lft forever – Junaid Sep 16 '16 at 06:01

2 Answers2

1

In my opinion this is quite a basic question and not really on-topic for server fault. This is not the place for research, this is the place to come when you have exhausted other options and want other professionals who have also put in the time and effort to solve problems on their own.

That said, I'm in a good mood so here's some free advice that wouldn't fit in a comment box. I am breaking my own rule about posting an answer to a question I feel is off-topic. I feel so ashamed.. I hope someone downvotes and / or deletes my post to punish me.

To get you started: Yes, everything you said is possible.

Advice: I'd suggest you not spend too much effort in designing how you're going to set everything up and focus on your actual requirements. Not 'I'd like's, but 'it must do x'. Build to that first. Work from there. If you were doing this all on one server before, you don't need two separate networks at this point.

I think you're over-designing it already. A simple approach that most common house-hold routers use would probably solve your biggest concerns. You don't want your 'internal' traffic to be using public addresses.

You don't need to put a public address on any of your servers (strictly speaking IPv4 here, IPv6 the concept is the same, you just don't need to NAT). You have an edge device (a simple router, or firewall, or load balancer, or another server set up to act as one of those). All of the server traffic happens on a single network.

Only your edge device needs to be on two networks. The public and your internal network. That edge device controls what can talk to your internal network. On home connections people do this all the time when they add a 'port forward'.

At my workplace we do the exact same thing in probably 90%+ of our use cases. And we have tens of thousands of servers. We just use very expensive load balancers that have much better control and performance for simple requests to spread among several servers or we use firewalls to control access to individual services.

  • Yeah, but server1 and server2 both run websites using a variety of ports for various python webservers. I'd like a direct mapping of port 80 --> port 80, i dont want server2 to require some funky ports to make it work. I could obviously port forward everything to one ip address, but that doesn't interest me in this case. – Eric Sep 16 '16 at 06:23
  • So use two IP addresses on the edge device. That's how load balancers work, but you can do the same with virtually any business grade router that can handle NAT. I do this just fine with my cheap sub $100 router I use for my house. –  Sep 16 '16 at 06:24
  • Fair enough, my apologies. Just a humble developer who got thrown into the networking world for this project.. – Eric Sep 16 '16 at 06:27
  • I don't know how active it is, but http://networkengineering.stackexchange.com/ might be a resource that'll help you understand the details better. –  Sep 16 '16 at 06:30
0

Yeah, definitely keep the NFS stuff on a local private network, if only for security reasons. That's a pretty nasty thing to have on public addresses. Do make sure to restrict NFS to use only the private interface on the NFS server itself (if that's to be a host you manage and not a shared storage solution from the datacenter). Ideally, if you were managing the NFS server, it wouldn't even have a public IP.

What you want can be accomplished with VLANs, and / or a separate physical network. VLANs will give you the ability to isolate the broadcast domains entirely from the public network and the private network, while staying on the same network fabric if need be via tagging.

One could also use an entirely separate physical network for this (or in addition to), but since this is in a datacenter, all networks (no matter if they are on the same fabric or on an entirely different one) should have separate VLANs.

Don't put two subnets on the same VLAN. That's trash, and there are really good reasons not to do that.

Setting up VLANs on your hosts is extremely easy. You create a sub-interface with the proper vlan number (such as eth0.300 for vlan 300). Then you use it like any other interface. I imagine the datacenter will be able to provide you with two or more VLANs.

Spooler
  • 7,046
  • 18
  • 29