HPE Community
StoreVirtual Storage
1752782 Members
6305 Online
108789 Solutions
New Discussion юеВ

P4500 with 10 Gb Ethernet - IP Configuration / Subnets Question

 
SOLVED
Go to solution
SimonQ
New Member

тАО10-29-2009 01:06 AM

тАО10-29-2009 01:06 AM

P4500 with 10 Gb Ethernet - IP Configuration / Subnets Question

I have 2 x P4500 Nodes with 10 Gb Ethernet Adapters. We would like to (if possible) have a completely isolated iSCSI VLAN / Subnet.

The big question is, can CMC manage this from another Subnet? Or more to the point, how can I assign a couple of NICs to another Subnet for management, but not allow iSCSI connections to these management NICs.

As I understand it, when I give two NICs an address on a different Subnet (and attach the SANiQ to these NICs), the CMC (or SANiQ interfaces) must still communicate with the Virtual IP Address (on iSCSI Subnet). It can't because there is no routing between the subnets. If I add a VIP on the management Subnet, then I believe people can still make a connection to these targets defeating the purpose of a secure iSCSI Subnet.

Just to confuse matters I would ideally like all 10 Gb adapters on the iSCSI Subnet. Does replication occur only through the SANiQ interfaces? If so then would I lose out by using 1 Gb Ethernet for the SANiQ interfaces?
0 Kudos
Reply
2 REPLIES 2
Gauche
Trusted Contributor

тАО10-29-2009 09:52 AM

тАО10-29-2009 09:52 AM

Solution

Re: P4500 with 10 Gb Ethernet - IP Configuration / Subnets Question

I'd advise you use the two 10Gb adapters (preferably bonded) for all you iSCSI and replication. You can make that a totally isolated network.
You'll assign the 10Gb network as the "SAN/iQ" network. That means all iSCSI traffic and replication will occur there.
Using either of the 1Gb adapters (or both bonded, also the preferred method) to connect to a "public" type network for you to do management is fine.
The CMC can connect and manage the system on either network.
The CMC does not need to connect to the VIP, VIP is only used for iSCSI discovery.

Essentially the "SAN/iQ interface" is the one used for iSCSI and replication, and management is allowed on any network.
Adam C, LeftHand Product Manger
Reply
Bryan McMullan
Trusted Contributor

тАО11-02-2009 08:03 AM

тАО11-02-2009 08:03 AM

Re: P4500 with 10 Gb Ethernet - IP Configuration / Subnets Question

For management, could you just manage the cluster from one of the machines that are connected to the iSCSI subnet? Meaning just remote desktop to a machine that connects to a volume on the cluster?

You've got other options for management as well, you can setup routing to the iSCSI VLAN and then use ACL's to block all but the specific management stations access to the iSCSI VLAN.

For management, you need access to all the nodes individually (I believe). The VIP is uses for iSCSI access and load balancing, not for management.

Hope that helps.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.