... | @@ -1190,6 +1190,40 @@ There are two distinct IPsec networks: |
... | @@ -1190,6 +1190,40 @@ There are two distinct IPsec networks: |
|
through DNS. it provides internal routing for Ganeti commands and
|
|
through DNS. it provides internal routing for Ganeti commands and
|
|
[howto/drbd](howto/drbd) storage mirroring.
|
|
[howto/drbd](howto/drbd) storage mirroring.
|
|
|
|
|
|
|
|
### MAC address prefix selection
|
|
|
|
|
|
|
|
The MAC address prefix for the gnt-fsn cluster (`00:66:37:...`) seems
|
|
|
|
to have been picked arbitrarily. While it does not conflict with a
|
|
|
|
known existing prefix, it could eventually be issued to a manufacturer
|
|
|
|
and reused, possibly leading to a MAC address clash. The closest is
|
|
|
|
currently Huawei:
|
|
|
|
|
|
|
|
$ grep ^0066 /var/lib/ieee-data/oui.txt
|
|
|
|
00664B (base 16) HUAWEI TECHNOLOGIES CO.,LTD
|
|
|
|
|
|
|
|
Such a clash is fairly improbable, because that new manufacturer would
|
|
|
|
need to show up on the local network as well. Still, new clusters
|
|
|
|
SHOULD use a different MAC address prefix in a [locally administered
|
|
|
|
address](https://en.wikipedia.org/wiki/MAC_address#Universal_vs._local) (LAA) space, which "are distinguished by setting the
|
|
|
|
second-least-significant bit of the first octet of the address". In
|
|
|
|
other words, the MAC address must have 2, 6, A or E as a its second
|
|
|
|
[quad](https://en.wikipedia.org/wiki/Nibble). In other words, the MAC address must look like one of those:
|
|
|
|
|
|
|
|
x2 - xx - xx - xx - xx - xx
|
|
|
|
x6 - xx - xx - xx - xx - xx
|
|
|
|
xA - xx - xx - xx - xx - xx
|
|
|
|
xE - xx - xx - xx - xx - xx
|
|
|
|
|
|
|
|
We used `06:66:38` in the gnt-chi cluster for that reason. We picked
|
|
|
|
the `06:66` prefix to ressemble the existing `00:66` prefix used in
|
|
|
|
`gnt-fsn` but varied the last quad (from `:37` to `:38`) to make them
|
|
|
|
slightly more different-looking.
|
|
|
|
|
|
|
|
Obviously, it's unlikely the MAC addresses will be compared across
|
|
|
|
clusters in the short term. But it's technically possible a MAC bridge
|
|
|
|
could be established if an exotic VPN bridge gets established between
|
|
|
|
the two networks in the future, so it's good to have some difference.
|
|
|
|
|
|
### Hardware variations
|
|
### Hardware variations
|
|
|
|
|
|
We considered experimenting with the new AX line ([AX51-NVMe](https://www.hetzner.com/dedicated-rootserver/ax51-nvme?country=OTHER)) but
|
|
We considered experimenting with the new AX line ([AX51-NVMe](https://www.hetzner.com/dedicated-rootserver/ax51-nvme?country=OTHER)) but
|
... | | ... | |