I haven't heard any responses to this request. I've spent a bit more time attempting to get netcat, and/or ssh to help the AFF8020's node management IPs to traverse the private layer 2 network to get to a DNS server and an NTP server in the local campus RFC1918 IPs, without success.

Instead, I've configured the node management IPs to use RFC1918 IPs, where they can see DNS, NTP, and web proxy servers without any special network translations. This has allowed autosupport to work.

Re:

From: Brian Parent bparent@ucsd.edu Date: Mon, 4 Apr 2016 14:20:48 -0700 Subject: node and cluster management network architecture, proxy, port forwarding To: toasters@teaparty.net Cc: Andreas Epple andreas.epple@datalink.com, "Kennedy, Jeffrey" Jeff.Kennedy@netapp.com

I'm running into some problems with the network layout on our AFF8020 running CDOT 8.2.3.

It seems that using a private layer 2 vlan for node management provides the significant benefit of reducing potential attack sources to servers on that private vlan (where such vlan has a small number of hosts, all with lots of access restrictions, none of which run DNS, ntp, SMTP services).

I was hoping to use port forwarding from a server in that vlan to enable things like https, DNS, ntp, and smtp, but have not been successful yet. Before I spend too much more time on it, I thought I should check to see whether others have had success with similar network topology.

-- Brian Parent Information Technology Services Department IT Infrastructure Operations Group Workplace, Internal, Research, and Educational Platforms (WIRE) team UC San Diego (858) 534-6090 _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters