Welcome to WebmasterWorld Guest from 3.227.233.78

Forum Moderators: phranque

Message Too Old, No Replies

Using BOTH 10/100/1000 port

I got two, should I use them?

     
4:14 pm on Nov 29, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 1, 2002
posts:776
votes: 0


I just popped in a new MySQL server. It has 2 built-in gigabit ports, em0 and em1. I have em0 hooked up and working, wired into my switch (which then goes to my 1U web servers).

I was wondering if I would gain anything my activating em1, and porting 1/2 my back-end requests to the MySQL server through that port. I have one VERY high use site, and 5-6 med use sites- I figured I would set up site 1 through em0, and all the rest through em1.

So, first off, can I do this? Second, do I want to? Will I gain anything? Third, how do I do this?

I have em0 set up as 1.2.3.4... so would I have to set up em1 as 1.2.3.5 (or also as 1.2.3.4)? Would MySQL pick up both if I use two different ip's (as long as it was on port 3306), or would I have to modify my.cfg to it listed on both ip's?

If we got this far, I might as well also ask this: since my 1U's also both have 2 gigabit ports, should I set them up so one port goes to the Internet, and the second is local for going TO the MySQL server? How should I do this?

Thanks for your help- sorry if I am over-thinking this!

Dave

8:38 am on Nov 30, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


Unless your MySQL server is a Cray, I find it hard to believe that it coming anywhere close to saturating a gBit port.

In any case, most managed switches will support bonding/link aggregation. As well, I believe that at least Intel and 3Com provide driver software that will support this on the server adapter. (Maybe only with certain high-end adapters.) It may be an optional install.

Start here:

[en.wikipedia.org...]

11:53 pm on Nov 30, 2007 (gmt 0)

Senior Member from NL 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2955
votes: 35


Do you serve your high traffic website from another webserver than your 5-6 medium traffic sites? In that case splitting traffic might be worth it, i.e. 1 gigabit port of your MySQL server connected to your high traffic webserver cluster and the second to your medium traffic server cluster.

But if all sites are served from the same group of webservers, I can't imagine that you will see any improvement with two parallel gigabit lines. That bandwidth is probably much larger than your current internet outlet, so that one should be the first to saturate.

12:44 am on Dec 1, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


Anyway, this is not difficult to do. I've done it myself - with perhaps a bit more justification (but probably not much!) on an IBM xSeries equipped with two 100-base-T ports (not gig, so that's why I'm saying "perhaps somewhat justified").

The switch had several financial feeds coming in, as well as several links out to order-entry systems for stocks. Latency was a critical issue. So, I doubled-up the connection from the server to the switch.

This allowed at least in theory one port to start receiving a packet from one quote provider while the other one was still busy receiving a packet from another one.

Some in the financial industry eschew switches altogether, and prefer to run one port on a server per feed. As a previous poster suggested, you might take a clue from this, and if appropriate, simply connect directly from your high-volume website to your MySQL server, without going through the switch.

6:16 am on Dec 1, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 1, 2002
posts:776
votes: 0


Thanks for your help. I am guessing that this is overkilll, but I always enjoy learning, so here goes....

New Server- that is my MySQL server. Xeon 2 g/4 core 1033 FSB, 8 gigs ram. 2 10/100/1000 ports. Up and running now, about a 5% load average. Its running SWEET!

1u # 1 Big site- 2+million uniques a month. Apache 1.3 front, mod_perl back. 3.2 gig xeon/2 core. Also has 2 10/100/1000 ports, runs at about 50-60%

1u # 2- other sites, probably total 1 million uniques/month 3.2 gig xeon/2 core. Also has 2 10/100/1000 ports, runs at about 60-70%. This one also has my ad servers on it, php too. 1 ad server does the big site, the other does the rest; both have separate mod_perl backs.

I have a Linksys 24 port 10/100/1000 switch, but my pipe from it to the web is 100.

I just want things running as smooth as I can.

What I was THINKING was to set 1u # 1 into one port, on 1.2.3.4, and 1u # 2 in on 1.2.3.5... but I guess that is a bit overkill, huh?

>>> simply connect directly from your high-volume website to your MySQL server, without going through the switch.

SO, could I just take the second out on u1 # 1 and plug that direct into the second in on the MySQL server? If so, how would I configure that? I would need a "twisted" nic cable, right?

6:39 am on Dec 1, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


I have a Linksys 24 port 10/100/1000

A Linksys may not cut it. Is this a managed switch? HP, Cisco, etc. managed switches can bond ports.

Check the documentation.

If it *does* support it, you'll still have to configure the switch.

SO, could I just take the second out on u1 # 1 and plug that direct into the second in on the MySQL server? If so, how would I configure that? I would need a "twisted" nic cable, right?

Actually, you may not need the crossover cable, if at least one of the machine has auto-MDIX. There are sometimes problems, though, if BOTH have auto-MDIX. You may have to set an option to force one of the NICs to either MDI or MDIX.

9:32 am on Dec 1, 2007 (gmt 0)

Senior Member from NL 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2955
votes: 35


From your first post I couldn't determine if the high-volume site was served from one webserver or from a cluster, but with only one webserver I would certainly follow jtara's advice to connect that webserver directly to the MySQL server without going through the switch. You not only eliminate one point of failure and a possible slow component in your datalink, but configuring network topology in such a way that the MySQL server is not directly connected with the internet is also a security enhancement.
5:00 pm on Dec 1, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 1, 2002
posts:776
votes: 0


You are all very kind- thank you for your advice.

To be honest, I NEED the MySQL on the Internet, if only just a bit. Without breaking Forum protocol, I can say that I often (as in nearly daily!) organize new data locally (in Excel), then upload it to the server, and add the info. This is my version of Brett's "ten new pages a day.

Needless to say, I have pretty strong measures to insure safety and security (the IP prior to this box is a honeypot, and will get you locked out via IPFW, ftp is blocked, ssh is on a non-standard port, MySQL is locked to only my IP range and NOT on port 3306, etc. Passwords are all 10+ characters, non-dictionary, letters, numbers and symbols. Port scans will get you blocked via IPFW, too). I would not say it is foolproof, but it is pretty strong.

Before I got all my security up, I had a guy trying to get in via blunt force on ssh about 2 hours after the server went up- so I know security is important!

All my servers are pretty new- 2 years or so. The 1Us are Dell sc1425s, the 2U is supermicro, the OS is FreeBSD. Would you think these should reverse the nic cables (sorry, I do not know the proper terms!).

If I plugged it in direct, I would have to use a new IP, right? I know how to configure my programs- just change the IP they lookto for MySQL. But how do I set MySQL to look to a second IP?

Dave

5:34 pm on Dec 1, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 1, 2002
posts:776
votes: 0


Oh, I also wanted to let you know about my (lack of) experience level. I knew NOTHING about Network admin until 5 years ago when my isp told me I was too much for a shared, and they wanted me to colo. They held my hand in those first servers, but now I am at a real colo center, so I do not get that hand-holding.

The good news is that I built and got this server up by myself- and it was working straight off- so I have learned a bit in the last few years. The server is all up-to-date with CPAN and CVS, running 6.3 FreeBSD and 5.1 MySQL.

Anything beyond the basic care and feeding of these is probably beyond me. If, at this experience level, you think I am biting off more than I can chew, tell me. I can take it!

6:19 pm on Dec 1, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


MySQL is locked to only my IP range and NOT on port 3306, etc.

How do you access it from home/work? I'd recommend using an SSH tunnel, if you aren't already. No reason to expose anything but port 80 and SSH (yes, on an alternate port sounds good!) to the Internet.

Any administrative services you need to access remotely should be tunneled over SSH. That way you have but a single entry point to worry about.

(BTW, you can even use a SINGLE machine on your local network as a gateway for tunneling through SSH to multiple boxes on your network. So I really do mean ONE entry point.)

If I plugged it in direct, I would have to use a new IP, right? I know how to configure my programs- just change the IP they lookto for MySQL. But how do I set MySQL to look to a second IP?

Yes, the second interface on each machine will have a new IP. That comes with the territory. I forgot to mention you'd have to add a route to each machine as well.

By default MySQL will answer on any IP on the box. So, the way you get it to look to a second IP is to *not* tell MySql to block that IP!

7:36 pm on Dec 1, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 1, 2002
posts:776
votes: 0


OK, now my ignorance is showing.... I *think* I know what tunneling is, but I am not sure.

Here is what I have done. Let's say I have ssh running on port 225 (which is NOT where it really is!). In IPFW, I have allowed TCP and UDP on port 225 from my static IP's only- so I should be the only one to get in. Is this tunneling, or just as good as tunneling? I have port sentry running, and have it watching 215-235 all ports, so if someone is hunting, they will get blocked in that area, too.

I know you will HATE me for this, but I use Webmin. I find it VERY useful, but, again, I have it pretty locked down. The IPFW only allows in from MY IP's, and port sentry watches the close-by ports. It is running on a non-standard port, and has a very tough non-dictionary password.

>>> you can even use a SINGLE machine on your local network as a gateway for tunneling through SSH to multiple boxes on your network

I have NO IDEA what you mean by this- do you have a link I could read about this at?

>>> you'd have to add a route to each machine as well

Again, not sure what this means... I probably know how to do it, just do not understand the words you use. I would bring em1 up on 1.2.3.5- got that. Then I would have to add 1.2.3.5 in rc.conf with ifconfig, right?

Sorry I am not so bright on this!

Dave

8:55 pm on Dec 1, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


Is this tunneling

No.

You've set up SSH on an alternate port. You've limited access to your static IPs (or somebody spoofing your static IPs ;) ). That's great so far!

OK, next step... how to access MySQL and Webmin remotely, THROUGH your SSH port...

[en.wikipedia.org...]

There are quite a number of Windows clients that will do this. I think most Windows ssh clients support tunneling.

Let's say you want to connect from the GUI MySQL Administrator program to your server. Once you have the tunnel set-up, you wouldn't set MySQL Administrator to connect to your server. You'd set it to connect to a local port on your PC. The tunnel makes it "look" like your server's MySQL port is on your own PC. There's a "tunnel" between the two.

Now, this can be (optionally) extended past the "gateway" machines (the tunnel endpoints) in either direction.

In fact, you can even browse the web from your server's Internet connection as if you were sitting at your server's console! (You have to change your default route on your PC to do that. Some of the clients will do this for you easily.)

So, all your admin interfaces - MySQL, WebMin, whatever - can be routed through a tunnel. The only thing you have to expose to the Internet is a single SSH port.

1:06 am on Dec 2, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 1, 2002
posts:776
votes: 0


Thanks! I googled "set up an ssh tunnel in freebsd" and found a step by step guide. I will DEFINITELY do this! That was worth the price of admission!

Now, on to the MySQL server. Check this, and see if I have all I need please.

1) I need to activate NIC # 2 on both the BIG server and the MySQL server, each with a NEW IP address. Can I use the 192.168.0.0/24 block, or should I use one of my "real" IPs?

2) Add something like:

ifconfig_em1="inet 192.168.0.4 netmask 255.255.255.0"

to my rc.conf and restart.

Do I need to change or add to "defaultrouter="1.2.3.0"?

3) Tell the MySQL program on Big Server to connect to MySQL on 192.168.0.4

4) Sit back and enjoy.

There, do I have it?

Dave

2:59 am on Dec 2, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


1) I need to activate NIC # 2 on both the BIG server and the MySQL server, each with a NEW IP address. Can I use the 192.168.0.0/24 block, or should I use one of my "real" IPs?

First, forget my previous advice that you'd need to add "route" commands. You won't need to - the routes will be added automatically.

Note that if you were bonding ports to connect to your switch - yes, then you would use one of your public IPs. Unless you have everything behind a NATed firewall, but it sounds like you don't. Also, there's a bit more configuration you'd have to do if you were going to do that. I'm unfamiliar with how you'd do it in Linux. In Windows, you'd have to enable that feature in your driver (possibly installing optional software) and the option is then typically there in the GUI setup. It varies from NIC vendor to NIC vendor - I've only done it with Intel adapters.

Use a subnet in a "private" IP block. Definately not your "real" IPs! I tend to use the 10.... block, because it is less-used as a default address range by routers, etc.

2) Add something like:

ifconfig_em1="inet 192.168.0.4 netmask 255.255.255.0"

to my rc.conf and restart.

Yes.

Do I need to change or add to "defaultrouter="1.2.3.0"?

No. When you add the interface, it will automatically ad a route for 192.168.0.4/24 to go through the new interface. If you need to route to anything behind your MySQL server (unlikely) then you would need to add a route (or routes), but in any case it wouldn't be the default route.

3) Tell the MySQL program on Big Server to connect to MySQL on 192.168.0.4

4) Sit back and enjoy.

There, do I have it?

I think so. Of course, you have to do this on both machines. Of course, with different addresses, but the same subnet.

5:37 am on Dec 2, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 1, 2002
posts:776
votes: 0


Gotcha!

OK, it will be a few days before I get to try this- I have to go down and add the cabling!

Oh, and that 10... block- is it the WHOLE ten block, and I can just pick a series of octets I like, or is it like the 192 block, where (i think!) you can only use the 192.168.0.0/24 block? (could be 192.168.0.0/16, I do not know for sure- I stick with the first 255 ips).

In the meantime, you will be happy to know I have tinyproxy running on my server, and an SSH tunnel running.

Thank you very much for your help on this, and for the kick in the pants to get me going on Tunneling. Way Cool!

Dave

5:39 am on Dec 3, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 13, 2005
posts:1078
votes: 0


We run dual Nics on all our servers and we run them bridged. This way if one Nic should ever fail(somewhat common) we're not dead in the water. I've never come close to saturating a Gbit card, so it's just for redundancy.

As for a DB connected directly to the net, it wouldn't be my first choice, but I have done it with non vitale installs before. Really the best thing is to setup a VPN to your hosting facility and leave the DB LAN accesible only.

Chip-