2.3. Planning Network

Acronis Storage uses two networks (e.g., Ethernet): a) a internal network that interconnects nodes and combines them into a cluster, and b) a public network for exporting stored data to users.

The figure below shows a top-level overview of the internal and public networks of Acronis Storage. One network interface on each node is also used for management: through it, administrators can access the node from the management panel and via SSH.

../_images/stor_image1.png

2.3.1. General Network Requirements

  • Make sure that time is synchronized on all nodes in the cluster via NTP. Doing so will make it easier for the support department to understand cluster logs.

2.3.2. Network Limitations

  • Nodes are added to clusters by their IP addresses, not FQDNs. Changing the IP address of a node in the cluster will remove that node from the cluster. If you plan to use DHCP in a cluster, make sure that IP addresses are bound to the MAC addresses of nodes’ network interfaces.
  • Fibre channel and InfiniBand networks are not supported.
  • Each node must have Internet access so updates can be installed.
  • MTU is set to 1500 by default.
  • Network time synchronization (NTP) is required for correct statistics.
  • The management role is assigned automatically during installation and cannot be changed in the management panel later.
  • Even though the management node can be accessed from a web browser by the hostname, you still need to specify its IP address, not the hostname, during installation.

2.3.3. Per-Node Network Requirements

Network requirements for each cluster node depend on roles assigned to the node. If the node with multiple network interfaces has multiple roles assigned to it, different interfaces can be assigned to different roles to create dedicated networks for each role.

  • Each node in the cluster must have access to the internal network and have the port 8888 open to listen for incoming connections from the internal network.

  • Each storage and metadata node must have at least one network interface for the internal network traffic. The IP addresses assigned to this interface must be either static or, if DHCP is used, mapped to the adapter’s MAC address. The figure below shows a sample network configuration for a storage and metadata node.

    ../_images/stor_image2.png
  • The management node must have a network interface for internal network traffic and a network interface for the public network traffic (e.g., to the datacenter or a public network) so the management panel can be accessed via a web browser.

    The management node must have the port 8888 open by default to allow access to the management panel from the public network and to the cluster node from the internal network.

    The figure below shows a sample network configuration for a storage and management node.

    ../_images/stor_image3.png
  • A node that runs one or more storage access point services must have a network interface for the internal network traffic and a network interface for the public network traffic.

    The figure below shows a sample network configuration for a node with an iSCSI access point. iSCSI access points use the TCP port 3260 for incoming connections from the public network.

    ../_images/stor_image4.png

    The next figure shows a sample network configuration for a node with an S3 storage access point. S3 access points use ports 443 (HTTPS) and 80 (HTTP) to listen for incoming connections from the public network.

    ../_images/stor_image5.png

    Note

    In the scenario pictured above, the internal network is used for both the storage and S3 cluster traffic.

    The next figure shows a sample network configuration for a node with an Acronis Backup Gateway storage access point. Acronis Backup Gateway access points use port 44445 for incoming connections from both internal and public networks and ports 443 and 8443 for outgoing connections to the public network.

    ../_images/stor_image6.png

2.3.4. Network Recommendations for Clients

The following table lists the maximum network performance an Acronis Storage client can get with the specified network interface. The recommendation for clients is to use 10Gbps network hardware between any two cluster nodes and minimize network latencies, especially if SSD disks are used.

Storage network interface 1Gbps 2 x 1Gbps 3 x 1Gbps 10Gbps 2 x 10Gbps
Entire node maximum I/O throughput 100MB/s ~175MB/s ~250MB/s 1GB/s 1.75GB/s
Single VM maximum I/O throughput (replication) 100MB/s 100MB/s 100MB/s 1GB/s 1GB/s
Single VM maximum I/O throughput (erasure coding) 70MB/s ~130MB/s ~180MB/s 700MB/s 1.3GB/s

2.3.5. Network Interface Roles

For an Acronis Storage cluster to function, network interfaces of cluster nodes must be assigned one or more roles described below. Assigning roles automatically configures the necessary firewall rules.

  • Internal. If one or more internal roles are assigned to a network interface, traffic on all ports is allowed to and from said interface.
    • Management. The network interface will be used for communication between the nodes and the management panel. To perform this role, the network interface must be connected to the internal network. This role must be assigned to at least one network interface in the cluster.
    • Storage. The network interface will be used for transferring data chunks between storage nodes. To perform this role, the network interface must be connected to the internal network. This role must be assigned to one network interface on each storage node.
    • Object Storage private. The network interface will be used by the S3 and NFS storage access points. To perform this role, the network interface must be connected to the internal network. This role must be assigned to one network interface on each node running the S3 or NFS storage access point service.
    • ABGW private. The network interface will be used by the Acronis Backup gateway storage access point. To perform this role, the network interface must be connected to the internal network. This role must be assigned to one network interface on each node running the Acronis Backup gateway storage access point service.
  • Public. If one or more public roles (and no internal roles) are assigned to a network interface, only traffic on ports required by the public role(s) is allowed to and from said interface.
    • iSCSI. The network interface will be used by the iSCSI storage access point to provide access to user data. To perform this role, the network interface must be connected to the public network accessible by iSCSI clients.
    • S3 public. The network interface will be used by the S3 storage access point to provide access to user data. To perform this role, the network interface must be connected to the public network accessible by S3 clients.
    • ABGW public. The network interface will be used by the Acronis Backup gateway storage access point to provide access to user data. To perform this role, the network interface must be connected to the public network accessible by Acronis Backup Cloud agents.
    • Web CP. The network interface will be used to transfer web-based user interface data. To perform this role, the network interface must be connected to the public network.
    • SSH. The network interface will be used to manage the node via SSH. To perform this role, the network interface must be connected to the public network.
    • NFS. The network interface will be used by the NFS storage access point to provide access to user data. To perform this role, the network interface must be connected to the public network accessible by NFS clients.
  • Custom. These roles allow you to open specific ports on public network interfaces.

2.3.6. Sample Network Configuration

The figure below shows an overview of a sample Acronis Storage network.

../_images/stor_image7.png

In this network configuration:

  • The Acronis Storage internal network is a network that interconnects all servers in the cluster. It can be used for the management, storage (internal), and S3 (private) roles. Each of these roles can be moved to a separate dedicated internal network to ensure high performance under heavy workloads.

    This network cannot be accessed from the public network. All servers in the cluster are connected to this network.

    Important

    Acronis Storage does not offer protection from traffic sniffing. Anyone with access to the internal network can capture and analyze the data being transmitted.

  • The Acronis Storage public network is a network over which the storage space is exported. Depending on where the storage space is exported to, it can be an internal datacenter network or an external public network:

    • An internal datacenter network can be used to manage Acronis Storage and export the storage space over iSCSI to other servers in the datacenter, that is, for the management and iSCSI (public) roles.
    • An external public network can be used to export the storage space to the outside services through S3 and Acronis Backup Gateway storage access points, that is, for the S3 (public) and Acronis Backup Gateway roles.