Supported topologies

Supported options for a single network

Each cluster node has one network interface (NIC) for the following traffic:

  • NIC1: client, internal and mediation

A single network has the following characteristics:

  • The topology consists of a single physical network as shown in the figure below.

    All VIPs are in the same subnet as a single interface on each cluster node.

  • All of the ingress controller, mediation, and flow collection clients are on the same client, internal, or mediation network.

    For example, all NSP clients are on the same mediation network.

Figure D-1: Single network deployment
Single network deployment

nsp-config.yml has the following reference ingressApplications settings:

ingressApplications:

   ingressController:

     clientAddresses:

       virtualIp: "10.1.1.11"

     internalAddresses:

       virtualIp: ""

   trapForwarder:

     mediationAddresses:

       virtualIpV4: "10.1.1.12"

   flowForwarder:

     mediationAddresses:

       virtualIpV4: "10.1.1.13"

Note: In the platformingressApplicationsingressController section of the nsp-config.yml file, internalAddresses defaults to clientAddresses to advertise the internal address when the internalAddresses VIP is not specified. When internal clients are in the same network as the external clients, the same VIP can be advertised for both clients.

k8s-deployer.yml requires the following loadBalancerExternalIps settings and has three VIPs on the same client, internal, or mediation network:

loadBalancerExternalIps:

  - 10.1.1.11

  - 10.1.1.12

  - 10.1.1.13

Supported options for a dual network, variant 1

Each cluster node has two NICs to separate traffic as follows:

  • NIC1: client and Internal

  • NIC2: mediation

The dual network has the following characteristics:

  • The topology consists of two physical networks as shown in the figure below.

  • The client VIP needs to be on the same subnet as the client network interfaces.

  • The ingressController clients are on the client/internal network.

  • The mediation application clients for trapForwarder and flowForwarder are on the mediation network. The mediation VIPs need to be on the same subnet as the managed network interfaces.

Figure D-2: Dual network deployment, variant 1
Dual network deployment, variant 1

nsp-config.yml has the following reference ingressApplications settings:

ingressApplications:

   ingressController:

     clientAddresses:

       virtualIp: "10.1.1.11"

     internalAddresses:

       virtualIp: ""

   trapForwarder:

     mediationAddresses:

       virtualIpV4: "176.16.2.21"

   flowForwarder:

     mediationAddresses:

       virtualIpV4: "176.16.2.22"

Note: In the platformingressApplicationsingressController section of the nsp-config.yml file, internalAddresses defaults to clientAddresses to advertise the internal address when the internalAddresses VIP is not specified. When internal clients are in the same network as the external clients, the same VIP can be advertised for both clients.

k8s-deployer.yml requires the following loadBalancerExternalIps settings and has three VIPs; one VIP is on the client/internal network and two VIPs are on the mediation network:

loadBalancerExternalIps:

  - 10.1.1.11

  - 176.16.2.21

  - 176.16.2.22

Supported options for a dual network, variant 2

Each cluster node has two NICs to separate traffic as follows:

  • NIC1: client

  • NIC2: internal and mediation

The dual network has the following characteristics:

  • The topology consists of two physical networks as shown in the figure below.

  • You must specify an internal VIP on the same subnet as the mediation VIPs; otherwise the internal VIP defaults to the client VIP.

  • ingressController clients are on the client and internal/mediation networks. External clients are on client network; internal clients are on the internal/mediation network.

  • Mediation application clients are on the internal/mediation network.

Figure D-3: Dual network deployment, variant 2
Dual network deployment, variant 2

nsp-config.yml has the following reference ingressApplications settings:

ingressApplications:

   ingressController:

     clientAddresses:

       virtualIp: "10.1.1.11"

     internalAddresses:

       virtualIp: "176.16.2.20"

   trapForwarder:

     mediationAddresses:

       virtualIpV4: "176.16.2.21"

   flowForwarder:

     mediationAddresses:

       virtualIpV4: "176.16.2.22"

k8s-deployer.yml requires the following loadBalancerExternalIps settings and has four VIPs; one VIP is on the client network and three VIPs are on the internal/mediation network.

loadBalancerExternalIps:

  - 10.1.1.11

  - 176.16.2.20

  - 176.16.2.21

  - 176.16.2.22

Supported options for three networks

Each cluster node has three NICs to separate traffic as follows:

  • NIC1: client

  • NIC2: internal

  • NIC3: mediation

The network has the following characteristics:

  • The topology consists of three physical networks as shown in the figure below.

  • The client VIP needs to be on the same subnet as the client network interfaces.

    The mediation VIPs need to be on the same subnet as the managed network interfaces.

    The internal VIP needs to be on the same subnet as the internal network interfaces.

  • The ingressController external clients are on the client network, ingressController internal clients are on the internal network, and mediation application clients are on the mediation network.

Figure D-4: Three network deployment
Three network deployment

nsp-config.yml has the following reference ingressApplications settings:

ingressApplications:

   ingressController:

     clientAddresses:

       virtualIp: "10.1.1.11"

     internalAddresses:

       virtualIp: "192.168.2.20"

   trapForwarder:

     mediationAddresses:

       virtualIpV4: "176.16.2.21"

   flowForwarder:

     mediationAddresses:

       virtualIpV4: "176.16.2.22"

k8s-deployer.yml requires the following loadBalancerExternalIps settings and has four VIPs. One VIP is on the client network, one is on the internal network, and two are on the mediation network.

loadBalancerExternalIps:

  - 10.1.1.11

  - 192.168.2.20

  - 176.16.2.21

  - 176.16.2.22