Home > Storage > ObjectScale and ECS > Product Documentation > Dell ECS: Networking Best Practices > Network separation configurations
In addition to the default network configuration, network can be partially separated, or all separated, using the following:
Network separation configures VLANs for specific networks and uses VLAN tagging at the operating system level. For the public network, traffic is tagged at the switch level. At a minimum, the default gateway is in the public network and all the other traffic can be in separate VLANs. If needed, the default public VLAN can also be part of the customer’s upstream VLAN, and in this case, the VLAN ID for public must match the customer’s VLAN ID.
Network separation is conducted during ECS installation before the installation of Hardware Abstraction Layer (HAL) or in an existing ECS environment. It requires static IP addresses. Planning for network separation requires decisions on how traffic should be separated in VLANs, the static IP addresses required, and subnet and gateway information needs to be determined. After network separation has been completed, virtual interfaces are created for the VLANs and the interface configuration files will be of the form ifcfg- public.{vlanID}.For examples, see the following terminal output.
admin@memphis-pansy:/etc/sysconfig/network> ls ifcfg-public*
ifcfg-public ifcfg-public.data ifcfg-public.mgmt ifcfg-public.repl
The operating system presents the interfaces with a managed name in the form of public.{trafficType} such as public.mgmt, public.repl, or public.data as can be observed by ip addr command output in the following code.
admin@memphis-pansy:/etc/sysconfig/network> ip addr | grep public inet 10.10.20.55/24 scope global public.mgmt
40: public.repl@public: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue st
inet 10.10.30.55/24 scope global public.repl
41: public.data@public: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue st
inet 10.10.10.55/24 scope global public.data
The HAL searches for these managed names based on the active_template.xml in /opt/emc/hal/etc. It finds those interfaces and presents those to the Fabric layer. Output of cs_hal list nics is shown in the following figure.
The HAL gives the above information to the Fabric layer which creates a JavaScript Object Notation (JSON file) with IP addresses and interface names and supplies this information to the object container. The code below is an output from Fabric Command Line (fcli) showing the format of the JSON structure.
admin@memphis-pansy:/opt/emc/caspian/fabric/cli> bin/fcli agent node.network
{
"etag": 12,
"network": {
"mgmt_interface_name": "public.mgmt",
"mgmt_ip": "10.10.20.55",
"data_interface_name": "public.data",
"data_ip": "10.10.10.55",
"hostname": "memphis-pansy.ecs.lab.emc.com",
"private_interface_name": "private.4",
"private_ip": "169.254.78.17",
"public_interface_name": "public",
"public_ip": "10.245.132.55",
"replication_interface_name": "public.repl",
"replication_ip": "10.10.30.55"
},
"status": "OK"
}
The mapped content of this JSON structure is placed in object container in the file /host/data/network.json as shown in the terminal output below in which the object layer can use to separate ECS network traffic.
{
"data_interface_name": "public.data",
"data_ip": "10.10.10.55",
"hostname": "memphis-pansy.ecs.lab.emc.com", "mgmt_interface_name": "public.mgmt",
"mgmt_ip": "10.10.20.55",
"private_interface_name": "private.4",
"private_ip": "169.254.78.17",
"public_interface_name": "public",
"public_ip": "10.245.132.55",
"replication_interface_name": "public.repl"
"replication_ip": "10.10.30.55"
}
Network separation in ECS uses source-based routing to specify the route that packets take through the network. In general, the path that packets come in on will be the same path going out. Based on the ip rules, the local node that originates the packet looks at the IP, looks at local destination, and if it is not local, it looks at the next. Using source-based routing reduces static routes that need to be added.