Prepare Cluster Networking Infrastructure
This section describes the cluster network preparation required for the installation of an Exasol cluster.
Setup a Basic Network
The basic network setup consists of at least a cluster-internal network (CICN), and a public network (CSCN). In addition, each node has an interface for Lights Out Management (out-of-band management).
Private Network (CICN - Cluster Internal Communication Network)
Create a dedicated and isolated VLAN (for example, called "VLAN CICN") and connect a NIC of each cluster member to it (license node and all data nodes). For the CICN, configure the following:
- Disable STP (Spanning Tree Protocol)
- Disable EEE (Energy Efficient Ethernet)
- (Optional) Disable Flow-Control to optimize performance for less network latency.
The CICN VLAN must not be routed.
CICN IP Address Numbering
By default, the CICN is an IPv4 Class A network. The IP addresses are assigned through cluster-internal DHCP.
When configuring nodes in EXAoperation, the Number setting represents the last octet of the node's IP address. For example, if the node's internal number is '15', the private IP address of the node is 27.1.0.15. This number is also known as the Node ID or Internal ID. For more information on configuring nodes, refer to Create the First Data Node.
Public Network (CSCN - Client Side Communication Network)
You can set up a public network in two ways:
- Create a dedicated VLAN (for example, called "VLAN CSCN") and connect an NIC of each cluster member to it (license node and all data nodes).
- Use an existing VLAN and connect an NIC of each cluster member to it (license node and all data nodes).
CSCN IP Address Numbering
The CSCN can either be an IPv4 class A network or a class C private network. The default IP address range is 10.50.1.0/24.
When configuring nodes in EXAoperation, the External Number setting is used to determine the last octet of the node's IP address. This is done by adding the External Number assigned to the node to the last octet of the public network IP address.
Example
Client-Side Network Address + External Number = Client-Side Node IP Address
| Public Network Access | Network Mask | External Number | Node IP Address |
|---|---|---|---|
| 10.70.0.50 | 255.255.255.0 (24) | 34 | 10.70.0.84 |
| 10.70.0.70 | 255.255.255.0 (24) | 1 | 10.70.0.71 |
For more information on configuring nodes, refer to Create the First Data Node.
If you plan to use EXA2EXA for data transfer, the public IP addresses of the nodes must be a continuous, consecutive address block.
Setup Additional Networks (optional)
Additional network interfaces can be implemented in two ways, depending on whether network failsafety or link bonding is wanted. Both methods can be implemented for either cluster internal or client side communication.
The following example describes both methods for the cluster internal communication network (CICN). The license node must access all CICN networks.
If the license node has fewer physical network interfaces than the data nodes, add VLAN tagging (802.1q) on the license server's CICN interface.
Private Failover Interface (for network failsafety)
Add 3rd NIC of each cluster member to existing VLAN 'CICN'
Private Bonding Interface (for link bonding)
Create a new dedicated and isolated VLAN 'CICN_2':
- Add 3rd NIC of each cluster member to it
- Disable Flow-Control
- Disable STP (Spanning Tree Protocol)
- Disable EEE (Energy Efficient Ethernet)
For multiple internal networks, each needs to have different IP address numbering. For example:
- Private1 27.1.0.0/16
- Private2 27.65.0.0/16
- Private3 27.66.0.0/16
Internal traffic must not be rooted.
Network Switch Configuration
The following features must be disabled on the switch ports connected to the cluster to maximize network performance:
- IEE802.3az: Energy-Efficient Ethernet (EEE) ("no interface A1-A24 energy-efficient-ethernet") - refer to Energy-Efficient Ethernet
- IEEE 802.3x: Flow-Control ("no interface A1-A24 flow-control") - refer to Ethernet flow control.
Configure VPN Tunnel for Exasol Support
If you opt for Exasol to provide support via VPN, you will need to configure a site-to-site VPN tunnel. The proposed setup is an IPSec tunnel with the following phases:
- Phase 1: AES 256 / SHA1 / DH-Group 5: MODP 1536; Lifetime: 7800 seconds
- Phase 2: AES 256 / SHA1 / PFS-Group 5: MODP 1536; Lifetime: 3600 seconds
For maintenance tasks, the following service/ports need to be accessible, at least on the cluster's public and LOM IP addresses:
- TCP/20 (SSH)
- TCP/22 (Cluster-SSH)
- TCP/443 (HTTPS access to EXAoperation and the LOM web interface)
- ICMP ECHO REQUEST/REPLY (ping)
- UDP/123 (NTP)
If you mandate Exasol to monitor clusters or to perform incident management, additional ports will be required.
