Colocation network setup
Hi guys,
Looking to colocate a few different servers in the future and was wondering what the go-to setup for most people would be?
I am not super experienced with networking - but have the following scenario:
I will be getting a quarter rack, with a /28 subnet on a single network drop.
I would like to rack about 8 seperate 1u machines in this rack, and assign each of them their own (or potentially two or more in the future) ip's.
I want to ensure that none of the machines can "steal" an IP from the other machines.
I also want to have the IPMI accessible only from a VPN (if possible)
In this instance, what kind of networking equipment would you recommend? From my research it seems like I will be looking at either a Layer 3 switch, or a managed switch that will allow me to apply an ACL to each port.
Obviously the "easy" solution to this is to get a dumb switch, and set a static ip address on each machine, but this doesn't remove the possibility of the user of the server assigning themselves different or more IP's from the subnet.
If you have any specific hardware you'd recommend feel free to post it, the more simple solution the better
I'd also like to ensure I don't lose loads of IPs from my /28 setting up multiple gateways.
Thanks,
Mike
Comments
Hi Mike,
With just a /28 and 1/4 rack, you're going to be exhausted before you start. That's only 13 usable IPs, even if they all share the same subnet. If you pare that down to even /32s through a half-decent L3 switch like a Juniper EX3400, you're still going to need to filter based on MAC/etc to ensure nobody steals from the pool if you're not directly routing it yourself, and that's not a guarantee unless you isolate all of the boxes, and assume someone won't spoof their MACs and several other things that come into play at this point.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
Hi WSS!
Thanks so much for your reply. If I was able to get a few more ips or a larger allocation what kind of route would I go down then?
I would like to assume someone isn't going to end up spoofing their MAC, since it's going to be mostly friends and local businesses, and if they do I can give them a firm warning not to do it again.
Maybe I'm just naive and would love to think there is a solution that allows me to assign a certain ip or multiple ips to a specific port on the switch.
Thanks
If you don’t want to spend a lot of money with routers and other stuff And not comfortable with networking , you can make your life easy by making everything a big VM
. You will waste 2 IP per node but, it will be easier to prevent spoofing that way if you don’t own the right equipments and let dc handle basic routings.
With proxmox clustering, you can have a neat and simple setup for everyone and won’t have to worry about manual os install and what not.
Just a dirty quick hack
.
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
You can save IP's for the IPMI by not putting it on public IP's.
Please, do yourself a favor, put a small switch and a small raspi or something that runs a private LAN (with private IP's) for IPMI's.
Francisco
Hi,
Thanks for the idea, but I'd rather avoid going down the virtualization route.
Hi Fran,
I do intend on making the Ipmi on a private LAN both to keep it more secure and also to save on IPs.
Thanks
>
Yes!
Get a used Juniper EX4200 as suggested on WHT
PureVoltage - Custom Dedicated Servers Dual E5-2680v3 64gb ram 1TB nvme 100TB/10g $145
New York Colocation - Amazing pricing 1U-48U+
Oh also get a larger subnet!
PureVoltage - Custom Dedicated Servers Dual E5-2680v3 64gb ram 1TB nvme 100TB/10g $145
New York Colocation - Amazing pricing 1U-48U+