[AppleNut]

Hello,
Is it possible to create 2 networks on the same computer?

I have an HP file server with 2 NIC's.

I have 2 groups of computers (about 10 each).

Both groups needs access to the file server.

In order to balance the traffic, both groups are connected to 2 separate switches.

The first NIC port on the HP file server is connected to switch #1 with the first group of computers. The second NIC port is connected to switch #2 with the second group of computers.

These 2 switches are also connected to another switch that is connected to the corporate domain.

All computers including the file server must be connected to the domain.

Is it possible to have all the computers of Group#1 / switch #1 connect to the file server using NIC #1, and all the computers of Group #2 / switch #2 connect to the file server using NIC #2?

I realize that all the computers on Group #2 would need 2 IP addresses.
1 for the corporate domain, 1 for accessing the second NIC port on the file server.

The computers on Group #1 would only need 1 IP address / 1 network.


Can someone please help explain how to set this up?

[Scleros]

Could you provide a higher level overview of what your goals are with this sort of arrangement?

[AppleNut]

We are in the post production computer graphics business.

I have a team about 15 CG artists colaborating on a project.
They are working off a single file server.
We also have a render farm with about 10 render nodes.
We use to have all of them on the same network, and when the farm was at work, since those computers also need access to the file server, the traffic would be so high that they would literally bring the network down.

I'm now trying to separate the traffic, and put the render farm computers on a separate switch. Since the file server has quad NIC cards, I would like to team 3 of them and connect that to the switch with the 15 CG artists.
As for the remaining NIC card on the file server, I would like to connect to the new switch with the Render farm computers.

The condition is that all of these computers must be on the same domain, which means that these 2 switches are phisically connected to another corporate domain switch.
All computers except for the File server has only 1 NIC.

Let me know if I should explain more in detail?

[mindtab]

Somewhere it doesn't make sense. You are excluding Group2 as needing 2 ip addresses... but before that, you say that ALL computers need access to both the file server and the domain.

A VPN setup would allow a computer to have 2 ip addresses with one network card. One ip from local (remote) dhcp, and the other through VPN (domain connection).

You could also implement RIP dynamic routing to avoid Xp getting confused over things.

[Scleros]

What switches are in use? What is max speed supported by the network adapters for all the devices?

I'd probably try first using a single switch with greater switching bandwidth and perhaps QoS. Were all 4 fileserver adapters teamed before?

[AppleNut]

The switch with the 15 CG artists is a DELL Power Connect 2748.
And the switch with the Render Farm is a DELL Power Connect 2724.

These 2 switches connect to another 2748 switch that gets them on the corporate domain.
2748 has a MAX 144Gbps capability.

All the NIC cards are 1Gbps.

The 15 CG artists only need 1 IP address because, they connect to the domain and the file server using the same DHCP served IP.

But the problem is with the 10 Render Farm machines. They would connect to the domain fine, but in order for these machines to directly access the file server using the second NIC port on the file server which is connected to the switch with the Render Farm machines, they would need a 2nd IP. Otherwise, the data routes through the other switch(with the 15 CG artists), to go to the file server.

I'm trying to separate the traffic so the Render Farm traffic goes directly to the second NIC port on the file server.
Is this possible?

Do I need a second NIC card on the 10 Render farm machines?

<<A VPN setup would allow a computer to have 2 ip addresses with one network card. <<One ip from local (remote) dhcp, and the other through VPN (domain connection).
<<You could also implement RIP dynamic routing to avoid Xp getting confused over things.

Can you elaborate on this please?

[retsoksirhc]

SO basically, if we picture the users on a switch on the right side, the render farm on a switch on the left side, the corporate domain connected switch at the top, and the file server with multiple NICs at the bottom... you want to keep the traffic from the render farm to the server, from going around the top, and instead go straight to the file server, yes?

If you want to be sure that the traffic doesn't leave that part of the network, you would need to put the render machines behind a router, which would sit between the corporate switch and their switch. Just put them on a different subnet, and then also put the 2nd NIC on the server into that subnet. Then they won't cross the router and go through the other side.

Theoretically, the rendering switch should keep in it's ARP table that the render machine's NIC is connected to it, and not send anything up through the other switch anyway, without the need for a router, although I suppose if it queries for mac addresses on ports sequentially, it could find the server through the other switches before it gets to the port the 2nd NIC is in. You could try plugging the 2nd NIC of the server into one of the first ports on the rendering switch, and see if that helps. Also be sure you're pointing the render farm to the 2nd IP of the server, otherwise it will go around to get to the other NIC either way.

[mindtab]

The VPN idea was this:
Just as the CG artists are setup: they connect to file server through Nic1. Setup the farm the same way, but connecting to Nic2. For farm to reach domain using different IP, either put a router between the farm and domain, with router VPN service configured, or setup a software based VPN solution on a server on the domain which the farm can log into. Their lan connection would still be to the file server nic2, while their VPN connection would receive whatever IP address is designed on the VPN.

Just like in a wifi situation. Let's look at simple setup: my computer is connecting to router. Router is connected to desktop, nic1. Nic 1 ip :192.168.0.1 Router Network Ip: 192.168.4.1 My IP:192.168.4.100
When I want encrypted traffic, or want to connect to work, I would fire up the VPN, and may get an address like 10.x.x.x
Now am still connected to my Lan, but am also connected to work with the 10.x.x.x address

[Scleros]

The switch with the 15 CG artists is a DELL Power Connect 2748.

2748 specs indicate max. bandwidth of 144 Gbps which for 15 CG machines (15 x 1 Gbps adapters) should be sufficient.

And the switch with the Render Farm is a DELL Power Connect 2724.

2724 specs indicate max. bandwidth of 48 Gbps which for 10 rendering machines (10 x 1 Gbps adapters) should be sufficient if Dell wasn't optimistic.

Maybe I'm missing something but I don't see how you are saturating a switch to cause problems. The file server however, may be another story. 25 machines @ max. 1 Gbps could saturate all the server NICs plus the storage subsystem. Rearranging the network topology will not help if the server is the bottleneck.

I would do this:

1. Figure out the bandwidth the render farm needs to/from the file server.
2. Connect the 2724 (render) to the 2748 (CG) with a Link Aggregation Group(s) (trunk) sized appropriately for the bandwidth the render farm needs.
3. Connect the file server to the 2748 (CG) and also trunk the NICs if the 2748 supports switch to NIC aggregation. Teaming can provide fault tolerance, increased bandwidth, or both depending on how it is setup and what the switch will support. Dell's documentation wasn't explicit on the aggregation scenarios supported beyond switch-switch.
4. Confirm the file server, particularly the storage subsystem, is capable of feeding the bandwidth available to it.
5. Connect the 2748 (CG) to the 2748 (Domain).
6. Ensure all the switches have the latest firmware. There looks to be some auto-negotiation bugs with some of the revisions leading to 10 Mbps port speeds.

You might also be able to effectively split the server making it appear as two servers connecting it to both switches with separate NICs and then both switches to the domain switch and still have everything addressed using one network. I've never implemented such an arrangement. Chuckhole here on AMHD would likely have better insights into this type of setup.

[AppleNut]

Thank you ALL for your suggestions including the VPN idea.

Mr. Scleros.
I like your idea about teaming the NICs and using the LINK aggregation features on the 2748 switch, between both the 2724 with the RENDER farm and the 4 NIC's on the file server.

You may be right in saying that with the setup we have, it may not be over saturating the switch, but instead the problem can be with the server.

I just bought a new HP DL380 G6 server. It's got 8 X 300GB (SAS drives) internally, with RAID 5. It has the HP smart array P410 I card, with the optional 512MB cache and battery kit.
Our old file server was a DL180 with 6 X 750GB SATA drives.

Would a fiber channel array make the bandwidth for the storage side better?

As for your suggestion on Figuring out the bandwidth the render farm needs to/from the file server, how can I do this? Is there a software utility that measures this?


Finally, although I like your idea about using the LINK aggregation features instead of creating a 2nd network with a different IP, I am wondering why you do not recommend this?
Can't I just simply add a second IP address to all the machines on the RENDER farm, and also to the 2nd NIC port on the file server, and use this IP for this independent network?

I really appreciate all your help in sorting this out.

Regards

[chuckhole]

I have been soooo busy at work and not have been able to post.

This is a good one. What you are talking about is exactly what VLANs are designed for. It does require at least one of the switches be Layer 3 capable so that it can handle the VLANs and routing.

Right now, you are on a flat network where everybody is on the same subnet. What subnet range are you using so that specific examples can be provided? What is your network ID and subnet mask?

A Layer 3 switch can perform the VLAN routes or if you have a router that supports multiple VLAN's, you can use what you have now.

[AppleNut]

The DELL switch I have (Power Connect 2748 and 2724) is Layer 2.
I think these switches do support some sort of VLAN's but I'm not sure if it does what you are suggesting.

Most of the computers on our domain get their IP addresses from the DHCP.

As for the second group of computers on switch #2 ( Render Farm), they need to have static IPs to connect to the DOMAIN, and also a second IP to connect directly to the second NIC port on the file server.

[Scleros]

It's got 8 X 300GB (SAS drives) internally, with RAID 5.

Take a look at what data the CG folks are accessing and what data the render farm is accessing and then configure and allocate storage to optimize access. Instead of having one big RAID 5 array that was seeking, reading, and writing all over the place, you could have two (or even more) arrays - one for CG (mostly reading?) and one for farm (mostly writing?). The choice of RAID levels is also an opportunity to optimize access for what a particular group is doing.

Would a fiber channel array make the bandwidth for the storage side better?

Yeah, but that stuff's expensive. :eek: I'd try to exhaust what was possible by tailoring my RAID setup first.

As for your suggestion on Figuring out the bandwidth ...how can I do this? Is there a software utility that measures this?

The majority of software utilities to measure bandwidth or % utilization rely on SNMP. Unfortunately, these Dell PowerConnect switch models don't support SNMP. They support RMON. The web interface of the switch has a RMON statistics section. You may be able to figure out the % utilization for a particular port from a packet count for a given time. It also looks like the web interface page can be set to refresh periodically. You could sample data for several times and build a usage picture.

Otherwise, if you can run a typical render farm job after hours when the file server is idle, the network adapter utilities may show utilization or if the server is Windows based, Windows own performance tools can be used to see utilization.

... creating a 2nd network with a different IP, I am wondering why you do not recommend this?

Several reasons:

• Mainly, I'm not convinced you will see an improvement. The initial premise was "when the farm was at work...the traffic would be so high that they would literally bring the network down". The "network" is the switches which implies the switches themselves are a bandwidth bottleneck. Changing how the machines are connected to the switches in order to localize the traffic between a group of machines within a single switch is a reasonable step. Changing or adding logical network addressing will not do diddly for switch based bandwidth problems. If the switches are actually the bottleneck, simply putting the farm on it's own switch should resolve the problem - no additional network needed. If doing this doesn't resolve the problem, something else is the bottleneck. The only other "network" component all the machines are dependent on is the file server.
• So what could be issues at the file server? The usual culprits are CPU bound, network bound (adapter saturated), or storage bound. For network bound, adding another network adapter and network would alleviate the issue, but only if the file server is able to provide 2 Gbps of data to both adapters. Where does the data come from? The storage subsystem typically provides the data. Adding another adapter will only increase the amount of data requested from the storage subsystem compounding the problem if storage performance is an issue.
• Doing so adds management overhead, complexity, and possibly additional devices.

[AppleNut]

Your suggestion about not having one big array but separating the array according to the workflow might be a good solution.

Do I actually make a separate partition on the same group of disks? Or do I create another partition on another set of harddrives, phisically separating the group of disks, in order to alleviate the read and write tasks of the disk controller?

[Scleros]

...do I create another partition on another set of harddrives, phisically separating the group of disks...

Yes. With the DL380's available internal storage you could for example have a two drive mirrored system disk and a six drive RAID 1+0 disk for data. Or, a two drive mirrored system disk and two three drive RAID 5 disks for different data sets. Or, any other combination that yields the reliability needed but attempts to separate the data in such a way that accesses to different data sets are as independent as possible and distributed across as many disks as possible. Once the data access profile is determined, you may even find that adding an external storage enclosure, additional controllers, and disks could be beneficial. This Dell centric article on Optimizing RAID Storage Performance covers issues applicable to any RAID implementation.

[AppleNut]

Mr. Scleros

Thank you VERY much for all your suggestions.
Your experience and knowledge in this field is very valuable, and I don't take it for granted.

Thank you very much.

I'm starting to think that my server congestion problem might have more to do with the data storage configuration, and that is where I'll try to focus on next.

Might be back on the forum again soon with questions regarding storage.

Regards

[Scleros]

Good luck. A local system integrator might have further insight after examining your installation as well.