Hi,
we are currently evaluating the various network setup scenarios for renewing
our existing SunRay infrastructure and came across a question for which I
didn't find an answer yet:
Is it possible to have a combination of "dedicated interconnect" and "remote
shared subnet"?
In other words, we are looking for a scenario where we can separate
the "SunRay network traffic" from all other traffic to be directed through
different interfaces. The "classic" dedicated interconnect setup (with
RFC1918 addresses) which we are running now is not sufficient any longer
since we need to be much more flexible with respect to the DTU locations. The
primary goals of this setup is to ease the maintenance of router/firewall
ACLs and not having to expose (parts of) the primary LAN of the SunRay
servers.
We have done various experiments with a test setup, but it seems that for
a "dedicated network" (utadm -a) our DTUs won't connect via a remote (routed)
network unless we use "utadm -L on". The closest solution we have found so
far is to configure a shared network (utadm -A) on the multi-homed SunRay
server, set the default route to the "SunRay interface", and add (a lot) of
static routes for our various internal nets. But this would mean that
(non-SunRay) Internet traffic would have to go through the "SunRay interface"
as well, contradicting our our original intention for separating the network
traffic.
Is it possible what we intend to do here or are we trying to do something
stupid? As usual, any input on this issue is welcome. ;-) The target platform
for our setup is OpenSolaris (Build 134) with SRSS 4.2, in case that
matters...
cheers,
Torsten
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
