Network model

You can configure three networks for use with the StorageGRID system. Each network type must be on a separate subnet with no overlap.

To understand how these three networks are used, consider the three types of network traffic that are processed by nodes in a StorageGRID system:

To allow you more precise control and security, you can configure one, two, or three networks to manage these three types of traffic.

Grid Network

The Grid Network is required. It is used for all internal StorageGRID traffic. The Grid Network provides connectivity between all nodes in the grid, across all sites and subnets. All hosts on the Grid Network must be able to talk to all other hosts. The Grid Network can consist of multiple subnets. Networks containing critical grid services, such as NTP, can also be added as Grid subnets.

When the Grid Network is the only StorageGRID network, it is also used for all admin traffic and all client traffic. The Grid Network gateway is the node default gateway unless the node has the Client Network configured.

Attention: When configuring the Grid Network, you must ensure that the network is secured from untrusted clients, such as those on the open internet.
The Grid Network is mapped using GRID_NETWORK_TARGET (eth0 inside the container).
IP/Mask Gateway Static routes Default route (0.0.0.0/0)
CIDR for static IP

The Grid Network gateway must be configured if there are multiple grid subnets.

The Grid Network gateway is the node default gateway until grid configuration is complete.

Static routes are generated automatically for all nodes to all subnets configured in the global Grid Network Subnet List.

The Grid Network Gateway IP is the default gateway.

If a Client Network is added, the default gateway switches from the Grid Network gateway to the Client Network gateway when grid configuration is complete.

Admin Network

The Admin Network is optional. It is a closed network used for system administration and maintenance. The Admin Network is typically a private network and does not need to be routable between sites.

Using the Admin Network for administrative access allows the Grid Network to be isolated and secure. Typical uses of the Admin Network include access to the Grid Manager, access to critical services, such as NTP and DNS, access to audit logs on Admin Nodes, and SSH access to all nodes for maintenance and support. The Admin Network is never used for internal grid traffic. An Admin Network gateway is provided and allows the Admin Network to span multiple subnets. However, the Admin Network gateway is never used as the node default gateway.

The Admin Network is mapped using ADMIN_NETWORK_TARGET (eth1 inside the container).
IP/Mask Gateway Static routes Default route (0.0.0.0/0)
CIDR for static IP The Admin Network gateway is required if multiple admin subnets are defined. Static routes are generated automatically to each subnet configured in the node's Admin Network Subnet List. N/A

Client Network

The Client Network is also optional. It is an open network used to provide access to grid services for client applications such as S3 and Swift. The Client Network enables grid nodes to communicate with any subnet reachable through the Client Network gateway. Optionally, you can configure the Client Network so that the appliance can be accessed over this network using only the ports that you choose to open. The Client Network does not become operational until you complete the StorageGRID configuration steps.

You can use the Client Network to provide client access to the grid, so you can isolate and secure the Grid Network. The following nodes are often configured with a Client Network:
  • Gateway Nodes and Storage Nodes, because these nodes provide S3 and Swift protocol access to the grid.
  • Admin Nodes, because these nodes provide access to the Tenant Manager.

When a Client Network is configured, the Client Network gateway is required and becomes the node default gateway after the grid has been configured.

The Client Network is mapped using CLIENT_NETWORK_TARGET (eth2 inside the container).
IP/Mask Gateway Static routes Default route (0.0.0.0/0)
CIDR for static IP The Client Network gateway is required if the Client Network is configured. The Client Network gateway becomes the default route for the grid node when grid configuration is complete. N/A Added if a Client Network Gateway IP is configured