CAN THE INTRA-ARRAY NETWORK BE SHARED WITH OTHER SERVERS?
Bmack500
ISA 2006 EE SP1, SEVERAL ARRAYS
Dedicated Internal / DMZ / Intra-Array Nics
I have separate arrays of 5 servers sharing this intra-array network,
in addition to all the other non-isa servers.
Although I've defined my intra-array network to only include the
addresses which I'm using, I'm wondering if this can affect my arrays,
or their clusters.
Our network team has the Intra-VLAN shared with Exchange, SQL, and
other clusters. I can see the traffice from them on Network (selecting
only the intra-array network adapter).
Everywhere I seem to read that the intra-array network should be it's
own vlan (not a vlan shared with all these other items), or even
isolated to it's own hub/switch.
So when I sniff the intra-array network card, I see browser
announcments, and all kinds of noise from other systems on the same
network.
Is this okay? Or it could it be causing some of our problems? And if
not, is there a Link from Microsoft which explicitly states this -
otherwise I have no ammo to get it isolated.
Any help would be greatly appreciated!
Bmack500
Cluster nics which are shared on this same vlan.
Jens Mander
DOES THAT HELP?
http://technet.microsoft.com/en-us/library/cc302674.aspx
;-)
--
greets, jens mander...
www.aixperts.de
www.forefront-tmg.de
www.hentrup.net
|<-|
Bmack500
de> wrote:
> HI BRETT,
> DOES THAT HELP?http://technet.microsoft.com/en-us/library/cc302674.aspx
Thank you, but no. I simply need to know if it's okay to do. I recall
reading something on a Microsoft KB article about "Low level ethernet
traffic" escaping the grasp of the firewall. Unfortunately, it was
vague. So I'm wondering if having these intra-array adapters on the
same VLAN (even though I narrow my address range to just the addresses
of the individual ISA array) is causing problems.
NLB is working fine, but other things, like Insight Management agents,
are having many problems (system homepage crashes) despite the correct
ports being opened.
Jens Mander
> Thank you, but no. I simply need to know if it's okay to do. I recall
> reading something on a Microsoft KB article about "Low level ethernet
> traffic" escaping the grasp of the firewall. Unfortunately, it was
> vague. So I'm wondering if having these intra-array adapters on the
> same VLAN (even though I narrow my address range to just the addresses
> of the individual ISA array) is causing problems.
> NLB is working fine, but other things, like Insight Management agents,
> are having many problems (system homepage crashes) despite the correct
> ports being opened.
here is my approach in enterprise-scenarios:
in big environments we start at a minimum of 3 nics. internal, external,
intra-array (i know a separate adapter isn't necessary since w2k3sp1, but
i'am old school).
i use nlb on internal & external, not on intra-array! optional i can use the
intra-array network (v-lan) for monitoring purposes. in addition more
nic-interfaces can be used for dmz (nlb), or monitoring like ilo (no nlb).
i know this doesn't exactly answer your question, i only want to share my
experience in these cases. nlb on monitoring causes sometimes problems imho.
Bmack500
<~remove_this*jemand[at]aixperts[dot]de> wrote:
Thank You.
Yes, we are doing it with three nics, Public (actually DMZ), Private,
and intra-array. The thing I was concerned with is that they cannot
provide me with an isolated intra-array network, just some IP's on a
VLAN with many other load balanced and clustered servers on the same
VLAN (for the intra-array). Of course I'm not trying to load balance
the intra-array, just the DMZ & Internal. Enabled Web Proxy comms on
the intra-array.