Home > Storage > ObjectScale and ECS > Product Documentation > Dell ECS: Networking Best Practices > ECS switch configuration for network separation
Depending on customer requirements, network separation may involve modification of the basic configuration files for the data switches. This section will explore examples of different network separation implementations in the switch level such as the default, single domain, single domain with public set as a VLAN, and physical separation.
The default settings use configuration files that are bundled with ECS. In this scenario, there is no VLAN and there is only the public network. Also, there is no tagged traffic in the uplink connection. All ports are running in access mode. The following table and figure provide an example of a default ECS network setup with customer switches.
Interface | VLAN ID | Tagged | Uplink connection |
Public | None | No | MLAG:po100 No tagged traffic |
In a single domain, a LACP switch or an LACP/MLAG switch pair is configured on the customer side to connect to the ECS MLAG switch pair. Network separation is achieved by specifying VLANs for the supported traffic types. In the example in the following table and figure, data and replication traffic are separated into two VLANs and the management stays in the public network. The traffic on the VLANs will be tagged at the operating system level with their VLAN ID which in this case is 10 for data and 20 for replication traffic. The management traffic on the public network is not tagged.
Interface | VLAN ID | Tagged | Uplink connection |
Public | None | No | MLAG:po100 All named traffic tagged |
Data | 10 | Yes | |
Repl | 20 | Yes |
Both data switch configurations files would need to be modified to handle the VLANs in above example. The terminal output below shows how this can be specified for Arista switches. Things to note from the configuration file include:
This example shows a single domain’s switch settings with two VLANs for public switches.
vlan 10, 20
interface po1-12
switchport trunk native vlan 1
switchport mode trunk
switchport trunk allowed vlan 1,10,20
!For 7050S-52 and 7050SX-64, the last port channel is 24
interface po100
switchport mode trunk
switchport trunk allowed vlan 1, 10,20
Customers may desire to have the public network in a VLAN and in this scenario, the traffic going through the public network will be tagged at the switch level and the other VLANs will be tagged at the operating system level. The following table and figure provide switch and configuration details for a single domain with public VLAN setup.
Interface | VLAN ID | Tagged | Uplink connection |
Public | 100 | Yes (switch) | MLAG:po100 All traffic tagged |
Data | 10 | Yes (OS level) | |
Repl | 20 | Yes (OS level) |
The settings within the configuration files of the data switches would need to be changed to include all the VLANs specified for network separation. As can be seen from the terminal output below, an update to the native VLAN is done to match the customer VLAN for public. In this example, the public VLAN is identified as VLAN 100.
Here is example code that shows a single domain with two VLANs and public VLAN settings for public switches.
vlan 10, 20, 100
interface po1-12
switchport trunk native vlan 100
switchport mode trunk
switchport trunk allowed vlan 10,20,100
interface po100
switchport mode trunk
switchport trunk allowed vlan 10,20,100
For physical separation, an example setup may include multiple domains on the customer network defined for each type of traffic. An example of the setup and details are shown in the following table and figure. As shown in the table, the public network is not tagged and will be on port channel 100, data traffic will be on VLAN 10, tagged and on port channel 101 and replication traffic will be on VLAN 20, tagged and on port channel 102. The three domains are not MLAG together.
Interface | VLAN ID | Tagged | Uplink connection |
Public | None | No | MLAG:po100 |
Data | 10 | Yes | MLAG:po101 |
Repl | 20 | Yes | MLAG:po102 |
The terminal output below shows what the settings would be on the data switches for this configuration on Arista switches. Port-channel 100 is set up to remove uplink ports 2 through 8, leaving only the first uplink for the public network. Port-channel 101 defines the settings for the data traffic and port channel 102 is for the replication traffic where the corresponding VLANs are allowed and switchport is set to trunk. Connections to the data nodes are defined by interface po1-12.
For situations where customers would want the public network on a VLAN, the following table and the subsequent terminal output provide example details of the configuration. In this case, all traffic is tagged and public is tagged with ID 100, data traffic tagged with 10 and replication tagged with 20. Uplink connections and port channel 100 are set up as the trunk, and VLAN 10, 20, and 100 are allowed. The connections to the nodes defined in interface po1-12 are also set accordingly.
Interface | VLAN ID | Tagged | Uplink connection |
Public | 100 | Yes (switch) | MLAG:po100 All traffic tagged |
Data | 10 | Yes | |
Repl | 20 | Yes |
Best practices: