Networking guidelines

Follow these guidelines when configuring StorageGRID networks.

Grid Network guidelines

Subnet guidelines

Note: The following restrictions are enforced by the Grid Manager during deployment. They are provided here to assist in pre-deployment network planning.
  • The subnet mask for any network IP address cannot be 255.255.255.254 or 255.255.255.255 (/31 or /32 in CIDR notation).
  • The subnets defined by a given node’s IP/mask (CIDR) values for all networks it uses cannot overlap each other.
  • The subnet defined by a given node’s Admin Network IP/mask (CIDR) value cannot overlap any subnet in the Grid Network Subnet List.
  • The subnet defined by a given node’s Client Network IP/mask (CIDR) value cannot overlap any subnet in the Grid Network Subnet List, nor any subnet present in that node’s Admin Network External Subnet List (A-ESL).
  • The subnet defined by the Grid Network IP/mask (CIDR) value of any given node in the grid must be contained within at least one subnet present in the Grid Network Subnet List.
  • No subnet in the Grid Network Subnet List can overlap with any subnet in any node’s Admin Network External Subnet List (A-ESL).

Gateway guidelines

  • If set, the gateway for a given network must lie within the subnet defined by the node’s IP/mask (CIDR) value for that network.
  • If you configure an interface using static addressing, you must specify a gateway address other than 0.0.0.0.
  • If you do not have a gateway, best practice is to set the gateway address to be equal to the Grid Network IP address or to the .1 address on the subnet.

General guidelines

  • At least one NTP server must be reachable by the primary Admin Node, using the networking configuration you specified when deploying the primary Admin Node.
  • If you are not ready to configure the optional Admin and Client Networks during deployment, you can configure these networks when you approve grid nodes during the configuration steps.
  • Admin Nodes must always be secured from untrusted clients, such as those on the open internet. You must ensure that no untrusted client can access any Admin Node on the Grid Network, the Admin Network, or the Client Network.

    If you are using a Client Network, you can help secure StorageGRID from hostile attacks by accepting inbound client traffic only on explicitly configured endpoints. See the information about managing untrusted Client Networks in the instructions for administering StorageGRID.

  • Admin Nodes and Gateway Nodes that you intend to add to high availability groups must be configured with a static IP address.

Using network address translation (NAT)

You can use network address translation (NAT) between external clients and grid nodes, such as to provide a public IP address for a Gateway Node. However, you must not use NAT on the Grid Network between grid nodes or between StorageGRID sites. When you use private IPv4 addresses for the Grid Network, those addresses must be directly routable from every grid node at every site. Using NAT to bridge a public network segment is supported only when you employ a tunneling application that is transparent to all nodes in the grid, meaning the grid nodes require no knowledge of public IP addresses.

Post-configuration guidelines

After completing configuration:
  • If DHCP was used to assign IP addresses, you should configure a DHCP reservation for each IP address on these networks. You can only set up DHCP during the deployment phase. You cannot set up DHCP during configuration.

    Attention: Because nodes reboot when their IP addresses change, outages can occur if a DHCP address change affects multiple nodes at once.
  • You must use the IP address change procedures if you want to change IP addresses, subnet masks, and default gateways for a grid node. See information about configuring IP addresses in the recovery and maintenance instructions.
  • If you make networking configuration changes, including routing and gateway changes, client connectivity to the primary Admin Node and other grid nodes might be lost. Depending on the networking changes applied, you might need to re-establish these connections.

For more information about StorageGRID system architecture and topology, review the networking topics in the Grid primer.