Review the following list of best practices, requirements, and planning information prior to separating networks.
- ECS networks are separated using VLANs.
- Network separation can be configured as part of the ECS install procedure, or in an existing ECS environment using the IP Change procedure.
- Network separation is not supported for custom installations of ECS software. Separating networks using Virtual IP Addresses is not supported.
The following information applies to separating networks either during ECS installation, or when separating networks in existing ECS environments:
- Most ECS installations are configured with the data, management, and replication traffic on a single network. Network separation should only be configured when there is an explicit requirement to separate one or more of the ECS networks, such as for QoS for replication traffic. Each separated network must have a unique VLAN ID and must sit on a different network segment from any other separated network.
- The IP addresses of the nodes, hostnames, and DNS and NTP settings must be static. See the ECS Installation Guide for details.
- By default, a static IP address must first assigned to the public network.
- If separating networks, it is recommended to create replication and data networks and to dedicate the public network for the management traffic. If the management network must be on a VLAN, this can be achieved by updating the native VLAN on the front-end (public) switches.
- By design, DNS/NTP/SMTP/LDAP are forced to use the management network. If the management network is separated, DNS/NTP/SMTP/LDAP will use the defined management network.
- When separating networks, it is required to assign each traffic type (data, management, or replication) a unique VLAN ID.
- To use network separation with VLANs, the front-end switches (rabbit and hare) must be configured to pass packets with the chosen VLAN tags. Ensure that this configuration has been performed.
- The default gateway will always be set on the public interface. When configuring separated interfaces on networks not routable from the default gateway, static routes may be required to support the address resolution of the interfaces.
- Clients accessing ECS use the data or management network IP addresses. In the case of the data network, traffic should be balanced across the addresses that are assigned to the data network.
Note: CAS applications use the load balancer that is built into the CAS SDK, however if using another protocol, an external load balancer is required.
- For multirack configurations, the same network separation must be implemented across all the nodes within the VDC.
- For network separation in GEO configurations, it is recommended to have symmetrical network configurations across sites. The key requirement is that the respective networks can be routed to each other.
- While the networks are separated, replication data from one VDC to another will be unavailable until the endpoints have been configured between all the VDCs.
- The VLAN ID for each VLAN separated network should be the same for all sites that are in the same bridge domain, but can be different if the separated network is terminated by a router.
Network separation is achievable logically using VLANs, or physically using different cables. The command setrackinfo is used to configure the IP addresses and VLANs. Any switch-level or client-side VLAN configuration is the customer’s responsibility.