Home > Storage > ObjectScale and ECS > Product Documentation > Dell ECS: Networking Best Practices > Overview
Network separation allows for the separation of different types of network traffic for security, granular metering, and performance isolation. The types of traffic that can be separated include:
There is a mode of operation called the network separation mode. When enabled during deployment, each node can be configured at the operating system level with up to three IP addresses or logical networks for each of the different types of traffic. This feature has been designed for flexibility by either creating three separate logical networks for management, replication and data, or combining them to either create two logical networks. For instance, management and replication traffic is in one logical network and data traffic in another logical network.
ECS implementation of network separation requires each network traffic type to be associated with specific services and ports. For instance, the portal services communicate through ports 80 or 443, so these ports and services will be tied to the management logical network. The following table highlights the services fixed to a logical network. For a complete list of services and their associated ports, refer to the most recent version of the ECS Security Configuration Guide.
Services | Logical network |
ECS Portal, provisioning, metering and management API, SSH, DNS, NTP, AD, and SMTP | Management network (public.mgmt) |
Data across NFS, Object, and HDFS | Data network (public.data)
CAS only data network (public.data2) |
Replication data and XOR | Replication network (public.repl) |
SRS (Dell Secure Remote Services) | Based on the network that the SRS Gateway is attached (public.data or public.mgmt) |
Note: Starting from ECS 3.7 version, it allows S3 data access on both public.data and public.data2 network.