Re: 1 or more network cards
On Wed, 21 May 2003 11:40, Glenn Hocking wrote:
> Has anyone put any thought and testing whether it is better to have one
> network card with multiple IP assigned or 2-3 net cards with separate IP
> numbers.
>
> Actual specs, The cards are all 10/100 Intel's connected to the net via
> a 10mb/s ethernet with direct public IPs. The secondary IPs are private
> local addresses for local backup and maintenance.
It's generally regarded as a good idea to have separate network cards and
switches or VLAN's for public and private IP addresses.
Some people even have three VLANs, one for public IP addresses, one for
private IP addresses used for management, and one for private IP addresses
used for the servers to talk to each other.
Segregating the network in this way can provide a number of benefits. Firstly
it means that a large transfer of management data (EG a backup) does not
reduce the bandwidth used for the Internet. Another benefit is that it may
make it slightly more difficult for an attacker. If they take over a router
at the front-end then they can't easily use it to attack the servers or sniff
any data that your ISP couldn't sniff.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: