Network Considerations

ARTESCA can integrate with multiple network configurations. However, some initial integration choices cannot be modified post-installation using the standard product tools and procedures.

This section introduces the key concepts of ARTESCA’s services and networks to help you define the appropriate integration during the installation phase.

Important

These ranges are reserved respectively for ARTESCA pods and services:

  • 10.233.0.0/16:

  • is the range of IP addresses allocated to the pods network;

  • is the network used by ARTESCA components;

  • has inter nodes traffic;

  • stays only in the ARTESCA cluster.

  • 10.96.0.0/12:

  • is the range of IP addresses allocated to the service network;

  • is the network for service IPs that facilitates communication between different services within a Kubernetes cluster where ARTESCA is deployed.

  • has no inter nodes traffic.

The pods network has to communicate with the service network. These communications are handled by iptables that redirects the 10.96.0.0/12 IPs to the right 10.233.0.0/16 IPs.

They are used for internal communication between the ARTESCA components and should not be used by any other element. Conflicts with your current network configuration will cause system malfunctions.

You can change the ranges of the IP addresses by setting the --pods-cidr and --services-cidr options when generating the configuration file during the installation process.

If those forbidden CIDRs are problematic for you, contact Scality Support.

ARTESCA Networks

ARTESCA front-end and internal services communicate over two isolated networks:

  • Management Network (also named Control Plane Network (CP)) for communication among the components managing the cluster.

  • Data Network (also named Workload Plane Network (WP)) for communication among the components managing the data. This network requires substantial bandwidth).

ARTESCA Front-End Services

ARTESCA provides two types of front-end services:

  • Management Services: Management UI and API services are for administering the platform, or accessing S3 / IAM operations. These services are accessible via a management IP address. This is typically used by a person working with the platform.

  • Data Services: S3 API and IAM API. These services are accessible via a hostname, and require (DNS) resolution to the data IPs.

ARTESCA Internal Services

Two types of internal services are provided by ARTESCA:

  • Data processing services like data protection, replication, and lifecycle mechanisms

  • Cluster management, and self-healing services

Network Configuration on Virtual Appliance

For the virtual appliance, communications are established over a single network interface card (Single Network). This network is used for both :

  • management (also named Control Plane - CP)

  • data (also named Workload Plane -WP) traffic

During installation, the network interfaces card will be associated with the network range you define in the OVF deployement form.

Warning

After this step, it is not possible to change the node IP address of this interface without a complete reinstallation of ARTESCA. However, you do have the ability to add a new interface to your virtual machine and change the listening IP for the Data and/or Management Services.

In all cases, you are encouraged to define your network configuration in advance to meet your needs.

Access to Front-End Services on Virtual Appliance

The ARTESCA front-end management service:

  • Is exposed on the Management Network on TCP-port 8443.

  • Can be exposed on 1 Virtual IP managed by ARTESCA using the procedure Change Management IP.

The ARTESCA front-end Data Service:

  • Is exposed on the Data Network on TCP-port 443 (optionally on tcp-port 80).

  • Can be exposed on several Virtual IPs managed by ARTESCA using the procedure Change Data Listening IP.

Note

If you use an external Load Balancer you don’t need such a configuration.

Refer to High Availability for more information.

The OS Reconfiguration procedure allows you to reconfigure your front-end interfaces (IP, Bonding, VLAN Tagging).

The Change Management IP procedure allows you to expose the management services on an IP and optionally on 1 Virtual IP. Refer to High Availability for more information.

The Change Data Listening IP procedure allows you to expose the S3 and IAM services on IPs and optionally on Virtual IPs. Refer to High Availability for more information.

The Change ARTESCA Subdomain procedure allows you to change the domain name suffix of the ARTESCA S3 service.

Default Gateway Setup on Virtual Appliance

ARTESCA supports the configuration of only one default gateway. Therefore, in case of segregated management and data networks with strong requirements for securing platform management, the default gateway is the preferred set up on the data network. Platform management requests will come from the client within the management network (LAN).

In the case you want to access segregated CP and WP networks from two distinct remote networks, contact Scality to configure ARTESCA appropriately.

Refer to Change Default Gateway to change the default gateway from the CP Network Interface to the WP Network Interface.