Home > Storage > ObjectScale and ECS > Product Documentation > ECS: Overview and Architecture > Network separation
ECS supports separating different types of network traffic for security and performance isolation. The types of traffic that can be separated include:
There is a mode of operation called the network separation mode. In this mode each node can be configured at the operating system level with up to three IP addresses, or logical networks, for each of the different types of traffic. This feature has been designed to provide the flexibility of either creating three separate logical networks for management, replication and data, or combining them to either create two logical networks, for instance management and replication traffic is in one logical network and data traffic in another logical network. A second logical data network for CAS-only traffic can be configured, allowing separation of CAS traffic from other types of data traffic like S3.
ECS implementation of network separation requires each logical network traffic to be associated with services and ports. For instance, the ECS portal services communicate using ports 80 or 443, so these ports and services will be tied to the management logical network. A second data network can be configured; however, it is for CAS traffic only. The following table highlights the services fixed to a type of logical network. For a complete list of services associated with ports, refer to the latest ECS Security Configuration Guide.
Services | Logical network | Identifier |
WebUI and API, SSH, DNS, NTP, AD, SMTP | Management | public.mgmt |
Client data | Data | public.data |
| CAS data/S3 data | |
Replication data | Replication | public.repl |
Dell Secure Connect Gateway | Based on network Dell Secure Connect Gateway is attached | public.data or public.mgmt |
Note: ECS 3.7 allows S3 data access on both data (default) and data2 networks (though S3 is not enabled by default on ECS versions earlier than 3.7 on the data2 identifier).
Network separation is achievable logically using different IP addresses, virtually using different VLANs or physically using different cables. The setrackinfo command is used to configure IP addresses and VLANs. Switch-level or client-side VLAN configuration is the customer’s responsibility. For physical network separation, customers need to submit a Request for Product Qualification (RPQ) by contacting Dell Global Business Service. For more information about network separation refer to the ECS Networking and Best Practices white paper that provides a high-level view of network separation.