I am introducing an NFS server which I would like to share with KVM guests across different VLANS. I am trying to find a solution which would strike a good balance between function, serviceability, observability, and security. In this case I have three KVM-Hosts which are configured as follows:
- Bond created for physical NICs on the KVM-Hosts (4x 1GB on each)
- Interfaces "vlanX" created for each vlan on all KVM-Hosts
- Bridges "brX" created for each "vlanX" interface.
- Machines are all connected to the same switch (Layer 2)
- Router has a single GB link to switch trunking all VLANS.
VLAN Membership based on hostname:
KVM1-Host: br10
KVM1-Guests: br20, br30, br40
KVM2-Host: br10
KVM2-Guests: br20, br30, br40
KVM3-Host: br10
KVM3-Guests: br20, br30, br40
Host Membership based on VLAN:
VLAN10: KVM1-Host, KVM2-Host, KVM3-Host
VLAN20: KVM1-Guests, KVM2-Guests, KVM3-Guests
VLAN30: KVM1-Guests, KVM2-Guests, KVM3-Guests
VLAN40: KVM1-Guests, KVM2-Guests, KVM3-Guests
My thoughts where to put the NAS:
- Place the NAS on VLAN10
- not really thrilled about having the NAS on a host management vlan.
- Create a separate VLAN for NAS
- Seems like an easy way to isolate the resource - existing monitoring would easily be able to observe resource usage - however - this would require the overhead of routing to and from each VLAN.
- Add the NAS to VLAN 20, 30, 40
- Guests can communicate with nas on the same vlan - less network overhead? I think I should validate this assumption with testing.
- Combination of 2 & 3.
- NAS would be accessible by resources not in VLAN20,30,40 on VLANX
- Guests can communicate with NAS on their own VLAN.
Please let me know your thoughts! I am still cutting my teeth in this area coming from a programming/dev background.
