22
IBM Cloud Object Storage System ™ Version 3.14.0 Multi-Network Configuration IBM
IBM Cloud Object Storage System™
Version 3.14.0
Multi-Network Configuration
IBM
This edition applies to IBM Cloud Object Storage System™ and is valid until replaced by new editions.
© Copyright IBM Corporation 2016, 2018.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.
Contents
Chapter 1. Overview . . . . . . . . . 1
Chapter 2. Network configuration . . . . 3Configure physical layer (layer 1) . . . . . . . 3Configure DataLink layer (layer 2) . . . . . . . 3
Spanning Tree Protocol . . . . . . . . . . 3Bonding the interface . . . . . . . . . . 3
Configure network layer (layer 3) . . . . . . . 3Setting routing. . . . . . . . . . . . . 3
Configure transport layer (layer 4) . . . . . . . 4Set TCP/UDP ports and services . . . . . . 4
Chapter 3. Examples . . . . . . . . . 5Configure the management network . . . . . . 5
Configure the data and client networks . . . . . 6
Chapter 4. Limitations. . . . . . . . . 9
Notices . . . . . . . . . . . . . . 11
Trademarks. . . . . . . . . . . . . 13
Homologation statement . . . . . . . 15
© Copyright IBM Corp. 2016, 2018 iii
iv IBM Cloud Object Storage System™: Multi-Network Configuration
Chapter 1. Overview
Network administrators can configure the first four layers of the OSI model on a system to use separatenetwork traffic between storage data, management information, and client data.
An IBM Cloud Object Storage System™ that uses certified devices, can dedicate network interfaces (NICs)to three distinct networks to transfer:v Data within the systemv Management information to management systemsv Data to a client application
These networks are referred to as channels.
In separating data into channels, the system provides better security, more flexible management optionsand minimizes network congestion for high-performance applications.
Note: Performance can vary based on the network configuration.
Tip: Contact customer support for assistance in developing a specific configuration.
Figure 1. How multiple networks work at a high level
© Copyright IBM Corp. 2016, 2018 1
Note: For purposes of illustration, the guide uses a configuration that consists of IBM Cloud ObjectStorage Accesser®IBM Cloud Object Storage Accesser® 3100, IBM Cloud Object Storage Manager™ 3100and IBM Cloud Object Storage Slicestor® 2440 appliances for the multi-network system configuration.Only certified appliances can be used for this configuration. This list can grow and change over time.
2 IBM Cloud Object Storage System™: Multi-Network Configuration
Chapter 2. Network configuration
Configure physical layer (layer 1)
When using a 10Gb NIC with a 1Gb SFP+ transceiver link, the recommended setting for auto-negotiationshould be set to OFF. All other configurations are recommended to have the auto-negotiation set to ON.
Configure DataLink layer (layer 2)
Spanning Tree ProtocolThe system network interfaces connected to the customer network are not part of the Layer 2 switchingnetwork. The Spanning Tree Protocol is not needed on these ports and no Bridge Protocol Data Units(BPDU) are sent. Systems send only untagged Ethernet frames. No IEEE 802.1Q VLAN tagging is used.
Bonding the interfaceEach appliance can bond interfaces to prevent single point of failure or provide link aggregation forhigh-performance applications.
Note: See Configure Port Routing Rules for Network Switches and VPNs in the Appliance ConfigurationGuide for more details.
Configure network layer (layer 3)
Setting routingTable 1. Setting the routing
Network Externally Routable
Internal Data Storage N
Management Y
External Client Y
Static routes usage.
IBM Cloud Object Storage System™ appliances do not support any dynamic routing protocols.
Without static routes that are configured, the routing tables include only directly connected networks andthe default gateway, if previously configured. As a result, IP packets that are destined for remotenetworks can only be forwarded to the default gateway. Depending on the customer network topology,the default gateway can be configured on any network with nut channel command.
Static routes make systems aware of the remote networks by populating their routing tables with nexthop IP address for the specific remote network.
© Copyright IBM Corp. 2016, 2018 3
Configure transport layer (layer 4)
Set TCP/UDP ports and servicesTable 2. TCP/UDP Ports and Services
Network Ports
Internal Data Storage Only necessary TCP/UDP ports are open on each systemappliance.
Management Only necessary TCP/UDP ports are open on each systemappliance.
External Client Only HTTP/HTTPS traffic is open (TCP ports 80, 8080,443, and 8443).
Note: The complete list of open ports on Internal Data Storage and Management networks is provided inthe Port Specifications section of the Appliance Configuration Guide.
4 IBM Cloud Object Storage System™: Multi-Network Configuration
Chapter 3. Examples
This information illustrates how to use the Node Utility (nut) commands to configure the networks of anIBM Cloud Object Storage System™ system. The Node Utility sets the port, IP address, netmask, gateway,and routing for each network channel.
Note: While following examples use IPv4 addresses, you can configure the networks by using IPv6addresses with the ipv6_ip, ipv6_netmask, and ipv6_gateway node utility commands.
Configure the management network
For the network architecture that is shown in the figure below, the nut commands all start with channelto designate the channel (management in this example). Then, the specific part of the network to beconfigured.
Figure 2. Example management network configuration
© Copyright IBM Corp. 2016, 2018 5
Commands to configure an IBM Cloud Object Storage Accesser® appliance.
Note: The following examples can also be completed by using IPv6 addresses with the ipv6_ip,ipv6_netmask, and ipv6_gateway commands.$ channel management port eth0 1
$ channel management ip 192.168.12.240 2
$ channel management netmask 255.255.248.0 3
$ channel management gateway 192.168.8.1 4
v 1 Sets the Management Network to use NIC #1.v 2 Sets the Management Network IP to 192.168.12.240.v 3 Sets the Management Network Mask to 255.255.248.0.v 4 Sets the Management Network IP Gateway to 192.168.8.1.
Commands to configure an IBM Cloud Object Storage System™ Managerappliance.
Note: The following examples can also be completed by using IPv6 addresses with the ipv6_ip,ipv6_netmask, and ipv6_gateway commands.$ channel management port eth0$ channel management ip 192.168.6.92$ channel management netmask 255.255.254.0$ channel management gateway 192.168.6.1
Commands to configure the first IBM Cloud Object Storage Slicestor® (slicestor1).
Note: The following examples can also be completed by using IPv6 addresses with the ipv6_ip,ipv6_netmask, and ipv6_gateway commands.$ channel management port eth0$ channel management ip 192.168.12.243$ channel management netmask 255.255.248.0$ channel management gateway 192.168.8.1
Configure the data and client networksFor the network architecture that is shown in the figure below, the nut channel commands designate thechannels (data and client). Then, the specific part of the network to be configured.
6 IBM Cloud Object Storage System™: Multi-Network Configuration
Commands to configure an IBM Cloud Object Storage Accesser® appliance.$ channel data port eth2, eth3$ channel data bonding balanced$ channel data ip 10.1.80.4$ channel data netmask 255.255.255.0$ channel client port eth4, eth5$ channel client bonding balanced$ channel client ip 192.168.240.4$ channel client netmask 255.255.255.0$ route add 10.1.81.0/24 10.1.80.1 data 1
$ route add 192.168.230.0/24 192.168.240.1 client 2
v 1 Sends traffic that is destined for remote Slicestor® Node to the internal data storage network.v 2 Sends traffic that is destined to the HTTP/HTTPS client to the external client network.
Commands to configure an IBM Cloud Object Storage Manager™ appliance.$ channel data port eth2$ channel data ip 10.1.80.50$ channel data netmask 255.255.255.0$ route add 10.1.81.0/24 10.1.80.1 data 3
v 3 Sends traffic that is destined for remote Slicestor® Node to the internal data storage network.
Commands to configure the first Slicestor® Node (slicestor1).$ channel data port eth2$ channel data ip 10.1.80.5$ channel data netmask 255.255.255.0$ route add 10.1.81.0/24 10.1.80.1 data
Commands to configure the remote Slicestor® Node$ channel data port eth2$ channel data ip 10.1.81.11$ channel data netmask 255.255.255.0$ route add 10.1.80.0/24 10.1.81.1 data 4
v 4 Sends traffic that is destined for Accesser® Node and Slicestor® Node to the remote internal datastorage network.
Figure 3. Example internal data storage and external client networks
Chapter 3. Examples 7
Note: When the channel, data, and client information are added into the nut configuration and activated,the appliance's routing table is automatically updated if a route does not exist. To verify the route, runthe route -n command from a shell on the appliance.
8 IBM Cloud Object Storage System™: Multi-Network Configuration
Chapter 4. Limitations
Only internal storage network IP addresses displayed in the Manager WebInterface
Since the management network IP addresses are not displayed in the Manager Web Interface, it mightcause a problem during troubleshooting when using ssh to access the appliances. The simple workaroundis to ssh to the Manager appliance first, then use data IP addresses (displayed in the Manager WebInterface) to ssh to all other appliances. For the same reason, email notifications the Manager generatecontain only the internal storage network IP address for the Manager Node.
Only Internal Storage Network IP addresses can be used in the Manager API
When using the REST API editVaultAccess.adm, supply the IBM Cloud Object Storage Accesser® NodeData Storage IP address, not the Management IP address.
Analytics needs Management Network IP addresses
When using the analytics feature, the Active Jobs and Job History links that are provided under theAnalytics Status section of the top-level Monitor page on the Manager Web Interface do not work. Onlythe internal storage network IP addresses are presented. Use the Management IP addresses instead.
© Copyright IBM Corp. 2016, 2018 9
10 IBM Cloud Object Storage System™: Multi-Network Configuration
Notices
This information was developed for products and services offered in the US. This material might beavailable from IBM® in other languages. However, you may be required to own a copy of the product orproduct version in that language in order to access it.
IBM may not offer the products, services, or features discussed in this document in other countries.Consult your local IBM representative for information on the products and services currently available inyour area. Any reference to an IBM product, program, or service is not intended to state or imply thatonly that IBM product, program, or service may be used. Any functionally equivalent product, program,or service that does not infringe any IBM intellectual property right may be used instead. However, it isthe user's responsibility to evaluate and verify the operation of any non-IBM product, program, orservice.
IBM may have patents or pending patent applications covering subject matter described in thisdocument. The furnishing of this document does not grant you any license to these patents. You can sendlicense inquiries, in writing, to:
IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.
For license inquiries regarding double-byte character set (DBCS) information, contact the IBM IntellectualProperty Department in your country or send inquiries, in writing, to:
Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan, Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS"WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOTLIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY ORFITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express orimplied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodicallymade to the information herein; these changes will be incorporated in new editions of the publication.IBM may make improvements and/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not inany manner serve as an endorsement of those websites. The materials at those websites are not part ofthe materials for this IBM product and use of those websites is at your own risk.
IBM may use or distribute any of the information you provide in any way it believes appropriate withoutincurring any obligation to you.
© Copyright IBM Corp. 2016, 2018 11
Licensees of this program who wish to have information about it for the purpose of enabling: (i) theexchange of information between independently created programs and other programs (including thisone) and (ii) the mutual use of the information which has been exchanged, should contact:
IBM Director of LicensingIBM CorporationNorth Castle Drive, MD-NC119Armonk, NY 10504-1785US
Such information may be available, subject to appropriate terms and conditions, including in some cases,payment of a fee.
The licensed program described in this document and all licensed material available for it are providedby IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement orany equivalent agreement between us.
The performance data discussed herein is presented as derived under specific operating conditions.Actual results may vary.
Information concerning non-IBM products was obtained from the suppliers of those products, theirpublished announcements or other publicly available sources. IBM has not tested those products andcannot confirm the accuracy of performance, compatibility or any other claims related to non-IBMproducts. Questions on the capabilities of non-IBM products should be addressed to the suppliers ofthose products.
Statements regarding IBM's future direction or intent are subject to change or withdrawal without notice,and represent goals and objectives only.
All IBM prices shown are IBM's suggested retail prices, are current and are subject to change withoutnotice. Dealer prices may vary.
This information is for planning purposes only. The information herein is subject to change before theproducts described become available.
This information contains examples of data and reports used in daily business operations. To illustratethem as completely as possible, the examples include the names of individuals, companies, brands, andproducts. All of these names are fictitious and any similarity to the names and addresses used by anactual business enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programsin any form without payment to IBM, for the purposes of developing, using, marketing or distributingapplication programs conforming to the application programming interface for the operating platform forwhich the sample programs are written. These examples have not been thoroughly tested under allconditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of theseprograms. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not beliable for any damages arising out of your use of the sample programs.
If you are viewing this information softcopy, the photographs and color illustrations may not appear.
12 IBM Cloud Object Storage System™: Multi-Network Configuration
Trademarks
IBM, the IBM logo, and ibm.com® are trademarks or registered trademarks of International BusinessMachines Corp., registered in many jurisdictions worldwide. Other product and service names might betrademarks of IBM or other companies. A current list of IBM trademarks is available on the web atCopyright and trademark information at www.ibm.com/legal/copytrade.shtml.
Accesser®, Cleversafe®, ClevOS™, Dispersed Storage®, dsNet®, IBM Cloud Object Storage Accesser®, IBMCloud Object Storage Dedicated™, IBM Cloud Object Storage Insight™, IBM Cloud Object StorageManager™, IBM Cloud Object Storage Slicestor®, IBM Cloud Object Storage Standard™, IBM Cloud ObjectStorage System™, IBM Cloud Object Storage Vault™, SecureSlice™, and Slicestor® are trademarks orregistered trademarks of Cleversafe, an IBM Company and/or International Business Machines Corp.
Other product and service names might be trademarks of IBM or other companies.
© Copyright IBM Corp. 2016, 2018 13
14 IBM Cloud Object Storage System™: Multi-Network Configuration
Homologation statement
This product may not be certified in your country for connection by any means whatsoever to interfacesof public telecommunications networks. Further certification may be required by law prior to making anysuch connection. Contact an IBM representative or reseller for any questions.
© Copyright IBM Corp. 2016, 2018 15
16 IBM Cloud Object Storage System™: Multi-Network Configuration
IBM®
Printed in USA
