On Wed, 21 May 2003 11:40, Glenn Hocking wrote: > Has anyone put any thought and testing whether it is better to have one > network card with multiple IP assigned or 2-3 net cards with separate IP > numbers. > > Actual specs, The cards are all 10/100 Intel's connected to the net via > a 10mb/s ethernet with direct public IPs. The secondary IPs are private > local addresses for local backup and maintenance.
It's generally regarded as a good idea to have separate network cards and switches or VLAN's for public and private IP addresses. Some people even have three VLANs, one for public IP addresses, one for private IP addresses used for management, and one for private IP addresses used for the servers to talk to each other. Segregating the network in this way can provide a number of benefits. Firstly it means that a large transfer of management data (EG a backup) does not reduce the bandwidth used for the Internet. Another benefit is that it may make it slightly more difficult for an attacker. If they take over a router at the front-end then they can't easily use it to attack the servers or sniff any data that your ISP couldn't sniff. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
