Network model

You can configure three networks for use with the StorageGRID Webscale system. Each network type must be on a separate subnet with no overlap.

To understand how these three networks are used, consider the three types of network traffic that are processed by nodes in a StorageGRID Webscale system:

To allow you more precise control and security, you can configure one, two, or three networks to manage these three types of traffic.

Grid Network

The Grid Network is required. It is used for all internal StorageGRID Webscale traffic. The Grid Network provides connectivity between all nodes in the grid, across all sites and subnets. All hosts on the Grid Network must be able to talk to all other hosts. The Grid Network can consist of multiple subnets. Networks containing critical grid services, such as NTP, can also be added as Grid subnets.

When the Grid Network is the only StorageGRID Webscale network, it is also used for all admin traffic and all client traffic. The Grid Network gateway is the node default gateway unless the node has the Client Network configured.

Attention: When configuring the Grid Network, you must ensure that the network is secured from untrusted clients, such as those on the open internet.

Admin Network

The Admin Network is optional. It is a closed network used for system administration and maintenance. The Admin Network is typically a private network and does not need to be routable between sites.

Using the Admin Network for administrative access allows the Grid Network to be isolated and secure. Typical uses of the Admin Network include access to the Grid Manager, access to critical services, such as NTP and DNS, access to audit logs on Admin Nodes, and SSH access to all nodes for maintenance and support. The Admin Network is never used for internal grid traffic. An Admin Network gateway is provided and allows the Admin Network to span multiple subnets. However, the Admin Network gateway is never used as the node default gateway.

Client Network

The Client Network is also optional. It is an open network used to provide access to grid services for client applications such as S3 and Swift. The Client Network enables grid nodes to communicate with any subnet reachable through the Client Network gateway. The Client Network does not become operational until you complete the StorageGRID Webscale configuration steps.

You can use the Client Network to provide client access to the grid, so you can isolate and secure the Grid Network. The following nodes are often configured with a Client Network:
  • API Gateway Nodes and Storage Nodes, because these nodes provide S3 and Swift protocol access to the grid.
  • Admin Nodes, because these nodes provide access to the Tenant Manager.

When a Client Network is configured, the Client Network gateway is required and becomes the node default gateway after the grid has been configured.

Supported networks

The table summarizes the supported networks.

Network Interface IP/Mask Gateway Static routes Default route (0.0.0.0/0)
Grid Network (required) eth0 CIDR for static IP The Grid Network gateway must be configured if there are multiple grid subnets. The Grid Network gateway is the node default gateway until grid configuration is complete. Static routes are generated automatically for all nodes to all subnets configured in the global Grid Network Subnet List. The Grid Network Gateway IP is the default gateway. If a Client Network is added, the default gateway switches from the Grid Network gateway to the Client Network gateway when grid configuration is complete.
Admin Network (optional) eth1 CIDR for static IP The Admin Network gateway is required if multiple admin subnets are defined. Static routes are generated automatically to each subnet configured in the node's Admin Network Subnet List. N/A
Client Network (optional) eth2 CIDR for static IP The Client Network gateway is required if the Client Network is configured. The Client Network gateway becomes the default route for the grid node when grid configuration is complete. N/A Added if a Client Network Gateway IP is configured