5

I apologize if this is a really dumb question.

Objective

Ensure that traffic that is meant to go between nodes in a cluster does not (inefficiently) go outside the cluster and then come back in, but goes directly between nodes.

Background

We are using external IP addresses when making requests that are intended to go between nodes.

The current architecture looks like this:

            Verizon FIOS ISP (Business, multiple static IPs)
                   |
                   |
            Verizon FIOS Router (Actiontec MI424WR)
            (Configured by forwarding external IPs to internal IPs using 
             Static NAT)
                   |
                   |
            Managed Swtich (Dlink DGS-1100-24)
               |      |      |      |
               |      |      |      |
            Node1   Node2   ...    Node(n)

Each node is running Linux Centos and is configured with an internal IP address (192.168.1.xxx)

The router is configured to route the external IP address that is assigned to each Node to the Node's internal IP address using Static NAT.

Concerns

  • Can/Should I configure forwarding from external IP addresses to internal IP addresses in the switch?
  • With the current configuration is the traffic between nodes getting directed to the correct node at the level of the switch, the router, or going all the way out to a DNS server or something?
  • Considering that the router also converts the signal from the coaxial cable to ethernet, should I be using Static NAT or somehow configuring the Nodes themselves to have their external IP addresses. disregarding the need for internal IP addresses completely?
  • Is there something completely different that I should be doing instead, or something else fundamentally wrong with this architecture?

Thanks so much!

Chris Dutrow
  • 725
  • 7
  • 19
  • NAT Reflection/Hairpin NAT/Inside-Inside NAT are all names for what you're wanting to achieve. All the data will hit the router if you do this, but if the router can keep up then that should be OK. But it's not as easy as it sounds, depending on the capabilities of your router – Mark Henderson Jul 22 '13 at 04:24
  • 1
    fwiw I would do your 3rd bullet point if possible (attach public IPs to the nodes themselves), because if all the hosts are on the same public subnet, and the destination is on the same subnet, they will ARP and not touch the router at all – Mark Henderson Jul 22 '13 at 04:26

1 Answers1

1

Can/Should I configure forwarding from external IP addresses to internal IP addresses in the switch?

It will not help - currently nodes don't know thing about their external addresses and will not accept traffic to external IPs. However, you can configure multiple IPs per network interface and that is what you probably should do - on each node, add it's external IP to it's network interface. Then configure the switch as you said.

With the current configuration is the traffic between nodes getting directed to the correct node at the level of the switch, the router, or going all the way out to a DNS server or something?

If it currently works,it is either directed on the router or goes to your ISP and comes back to your router etc. DNS server is irrelevant here.

Is there something completely different that I should be doing instead, or something else fundamentally wrong with this architecture?

I think this architeture is usual. I think if in your case all traffic bounces via ISP - it is badly wrong, but if it routed on the router, it's sorta ok. For what to do - see above.

Sandman4
  • 4,045
  • 2
  • 20
  • 27