Hello, On Thu, 12 Jan 2017 10:03:33 -0500 Sivaram Kannan wrote: > Hi, > > Thanks for the reply. The public network I am talking about is an > isolated network with no access to internet, but lot of compute > traffic though. If it is more about security, I would try setting up > both in the same network. My worry is more towards any performance > issues (due to re-balancing between the nodes) by configuring both > control and data in the same network? > Firstly, I think you'll have loads of "fun" getting this to work with docker, but that's maybe just me. I'm usually using only a single network, see my other mail just now for potential security impacts. You said you have a 10Gb/s link, can your OSDs actually saturate that bandwidth, 1GB/s sustained writes to your disks? In most cases when people where wondering about this the answer is no. Christian > Thanks, > ./Siva. > > On Thu, Jan 12, 2017 at 9:35 AM, Oliver Humpage <oliver@xxxxxxxxxxxxxxx> wrote: > > > >> I do recommend separating your public and cluster networks but there's not a whole lot of benefit to it unless they are using physically separate links with dedicated bandwidth. > > > > I thought a large part of it was security, in that it’s possible to DOS the cluster by disrupting intra-OSD traffic. Even with message signatures turned on, it’s unwise to bet on there not being any security bugs. > > > > If you only have one 10Gb connection, perhaps consider separate VLANs? > > > > Oliver. > > > > > -- Christian Balzer Network/Systems Engineer chibi@xxxxxxx Global OnLine Japan/Rakuten Communications http://www.gol.com/ _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |