HPE Community
Operating System - Linux
1825793 Members
2529 Online
109687 Solutions
New Discussion

Re: Creating a seperate VLAN for NFS data traffic between filer and servers

 
SOLVED
Go to solution
Alexander Fedyashov
Advisor

‎10-17-2007 10:38 AM

‎10-17-2007 10:38 AM

Creating a seperate VLAN for NFS data traffic between filer and servers

We are considering on creating a seperate VLAN for NFS data traffic between our filer and servers. WOuld it be plausible to do so? I'm having trouble finding information regarding VLAN and NFS, any docs/whitepapers/manuals would be helpful.

Any help would be appreciated.

Thanks,
Alex
0 Kudos
Reply
5 REPLIES 5
Stuart Browne
Honored Contributor

‎10-17-2007 10:42 AM

‎10-17-2007 10:42 AM

Re: Creating a seperate VLAN for NFS data traffic between filer and servers

Youd on't need any docs or whitepapers for such a simple concept.

You're just wanting a separate network interface, routed though a vlan on a siwtch (unless you were wanting to use vlan tagging only, which is also possible), on it's own little subnet.

It's the dedicated NIC's which is the issue, not the VLAN part.

We use a dedicated local ntework for all our 'internal' traffic in our server farm, whilst leaving public interfaces available.
One long-haired git at your service...
0 Kudos
Reply
Alexander Fedyashov
Advisor

‎10-17-2007 12:07 PM

‎10-17-2007 12:07 PM

Re: Creating a seperate VLAN for NFS data traffic between filer and servers

My question is if Creating a seperate VLAN for NFS data traffic between filer and servers is feasable and why?
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎10-19-2007 06:58 AM

‎10-19-2007 06:58 AM

Solution

Re: Creating a seperate VLAN for NFS data traffic between filer and servers

Alexander,

You need to create VLANs using your switches. This is known as VLAN-Tagging and once in place it encapsulates each IP packet with headers and footers. This then effectively makes the traffic invisible to all interfaces that are not configured with the same VLAN-ID (AKA Tag).

To configure a VLAN tag and interface bridge in Linux edit the "/etc/sysconfig/network-scripts/" files as follows:

ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
TYPE=Ethernet

Copy ifcfg-eth0 to ifcfg-eth0.4
DEVICE=ipcfg-eth0.4 (Where 4 is the VLAN-ID)
VLAN=yes

vconfig add eth0 4
ifconfig eth0.4 192.168.16.235 network 255.255.255.0 broadcast 192.168.16.255 up
cat /proc/net/vlan/eth0.4
ifconfig eth0.4 down
vconfig rem eth0.4
cat /proc/net/vlan/* | less Shows packets sent and received on each VLAN

/etc/sysctl.conf
net.ipv4.ip_forward=1

cat /proc/net/vla/eth0.4 Shows traffic for this VLAN

ifconfig eth0 0.0.0.0 up
ifconfig eth1 0.0.0.0 up
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
brctl show|showstp br0
brctl stp br0 on
ifconfig br0 x.x.x.x netmask 255.255.255.0 up

brctl addbr brt0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig eth0 down
ifconfig eth1 down
ifconfig eth0 0.0.0.0 up
ifconfig eth1 0.0.0.0 up
ifconfig br0 x.x.x.x netmask 255.255.255.0 up

showstp = Show spanning tree
brctl stp on = Enables spanning-tree
brctl setbridgeprio = Sets priority when multiple setpathcost bridges

ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
brctl addbr mybridge eth0
brctl addbr mybridge eth1
ifconfig mybridge up
ifconfig mybridge 192.168.1.5 netmask 255.255.255.0 up

or dhclient mybridge

==
ifconfig eth0 0.0.0.0 up
vconfig add eth0 10
vconfig add eth0 20
ifconfig eth0.10 192.168.10.1/24
ifconfig eth0.10 192.168.20.1/24
vconfig eth1 10
vconfig add eth1.10 up

brctl addbr br br10
brctl addif br10 eth0.10
brctl addif br10 eth1.10
ifconfig br10 up

brctl show | showmacs
Creates â /proc/net/vlan/configâ

Repeat this three times for br20, eth0.20, eth1.20)
The IP-Address is on br20.

Reply
Matti_Kurkela
Honored Contributor

‎10-19-2007 08:08 AM

‎10-19-2007 08:08 AM

Re: Creating a seperate VLAN for NFS data traffic between filer and servers

I don't see any NFS-specific issues.

The important question is, what are you doing it for?

Creating a separate VLAN to allow tighter control of the NFS traffic is certainly feasible.

But if you're planning to do this for performance reasons, I suggest you to rethink your plan: if the physical NIC is busy because of traffic in one VLAN, it's blocked from using other VLANs too. You would get no performance improvement over your current situation.

If you need more performance, you would want another physical NIC. You could then use one interface for NFS VLAN, and another for the "other" VLAN.

Or you might use bonding (AKA trunking) to join two physical NICs into a single virtual NIC with double the bandwidth and fault tolerant behaviour (if one NIC fails, you lose half of your bandwidth, but both VLANs are still accessible). If you do this, your switch must support NIC bonding.

MK
MK
0 Kudos
Reply
Kevin Wright
Honored Contributor

‎11-06-2007 05:28 AM

‎11-06-2007 05:28 AM

Re: Creating a seperate VLAN for NFS data traffic between filer and servers

absolutely, it's recommended to create a separate 'backend' network for NFS traffic, both from a security and performance aspect. Not sure what other docs your looking for, configure the backend networks, add static routes through your backend interfaces to the netapps, and configure NFS exports/mounts to the backend IP's.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.