Colocation network setup

Hi guys,

Looking to colocate a few different servers in the future and was wondering what the go-to setup for most people would be?

I am not super experienced with networking - but have the following scenario:

I will be getting a quarter rack, with a /28 subnet on a single network drop.
I would like to rack about 8 seperate 1u machines in this rack, and assign each of them their own (or potentially two or more in the future) ip's.
I want to ensure that none of the machines can "steal" an IP from the other machines.
I also want to have the IPMI accessible only from a VPN (if possible)

In this instance, what kind of networking equipment would you recommend? From my research it seems like I will be looking at either a Layer 3 switch, or a managed switch that will allow me to apply an ACL to each port.

Obviously the "easy" solution to this is to get a dumb switch, and set a static ip address on each machine, but this doesn't remove the possibility of the user of the server assigning themselves different or more IP's from the subnet.

If you have any specific hardware you'd recommend feel free to post it, the more simple solution the better

I'd also like to ensure I don't lose loads of IPs from my /28 setting up multiple gateways.

Thanks,

Mike

Thanked by (1)vpsgeek

Comments

  • WSSWSS OGRetired

    Hi Mike,

    With just a /28 and 1/4 rack, you're going to be exhausted before you start. That's only 13 usable IPs, even if they all share the same subnet. If you pare that down to even /32s through a half-decent L3 switch like a Juniper EX3400, you're still going to need to filter based on MAC/etc to ensure nobody steals from the pool if you're not directly routing it yourself, and that's not a guarantee unless you isolate all of the boxes, and assume someone won't spoof their MACs and several other things that come into play at this point.

    My pronouns are like/subscribe.

  • @WSS said:
    Hi Mike,

    With just a /28 and 1/4 rack, you're going to be exhausted before you start. That's only 13 usable IPs, even if they all share the same subnet. If you pare that down to even /32s through a half-decent L3 switch like a Juniper EX3400, you're still going to need to filter based on MAC/etc to ensure nobody steals from the pool if you're not directly routing it yourself, and that's not a guarantee unless you isolate all of the boxes, and assume someone won't spoof their MACs and several other things that come into play at this point.

    Hi WSS!

    Thanks so much for your reply. If I was able to get a few more ips or a larger allocation what kind of route would I go down then?

    I would like to assume someone isn't going to end up spoofing their MAC, since it's going to be mostly friends and local businesses, and if they do I can give them a firm warning not to do it again.

    Maybe I'm just naive and would love to think there is a solution that allows me to assign a certain ip or multiple ips to a specific port on the switch.

    Thanks

    Thanked by (1)vpsgeek
  • @mikecolo said:

    @WSS said:
    Hi Mike,

    With just a /28 and 1/4 rack, you're going to be exhausted before you start. That's only 13 usable IPs, even if they all share the same subnet. If you pare that down to even /32s through a half-decent L3 switch like a Juniper EX3400, you're still going to need to filter based on MAC/etc to ensure nobody steals from the pool if you're not directly routing it yourself, and that's not a guarantee unless you isolate all of the boxes, and assume someone won't spoof their MACs and several other things that come into play at this point.

    Hi WSS!

    Thanks so much for your reply. If I was able to get a few more ips or a larger allocation what kind of route would I go down then?

    I would like to assume someone isn't going to end up spoofing their MAC, since it's going to be mostly friends and local businesses, and if they do I can give them a firm warning not to do it again.

    Maybe I'm just naive and would love to think there is a solution that allows me to assign a certain ip or multiple ips to a specific port on the switch.

    Thanks

    If you don’t want to spend a lot of money with routers and other stuff And not comfortable with networking , you can make your life easy by making everything a big VM :). You will waste 2 IP per node but, it will be easier to prevent spoofing that way if you don’t own the right equipments and let dc handle basic routings.

    With proxmox clustering, you can have a neat and simple setup for everyone and won’t have to worry about manual os install and what not.

    Just a dirty quick hack :).

    Thanked by (1)vpsgeek
  • FranciscoFrancisco Hosting ProviderOG

    You can save IP's for the IPMI by not putting it on public IP's.

    Please, do yourself a favor, put a small switch and a small raspi or something that runs a private LAN (with private IP's) for IPMI's.

    Francisco

    Thanked by (2)FlamingSpaceJunk WSS
  • @seriesn said:

    @mikecolo said:

    @WSS said:
    Hi Mike,

    With just a /28 and 1/4 rack, you're going to be exhausted before you start. That's only 13 usable IPs, even if they all share the same subnet. If you pare that down to even /32s through a half-decent L3 switch like a Juniper EX3400, you're still going to need to filter based on MAC/etc to ensure nobody steals from the pool if you're not directly routing it yourself, and that's not a guarantee unless you isolate all of the boxes, and assume someone won't spoof their MACs and several other things that come into play at this point.

    Hi WSS!

    Thanks so much for your reply. If I was able to get a few more ips or a larger allocation what kind of route would I go down then?

    I would like to assume someone isn't going to end up spoofing their MAC, since it's going to be mostly friends and local businesses, and if they do I can give them a firm warning not to do it again.

    Maybe I'm just naive and would love to think there is a solution that allows me to assign a certain ip or multiple ips to a specific port on the switch.

    Thanks

    If you don’t want to spend a lot of money with routers and other stuff And not comfortable with networking , you can make your life easy by making everything a big VM :). You will waste 2 IP per node but, it will be easier to prevent spoofing that way if you don’t own the right equipments and let dc handle basic routings.

    With proxmox clustering, you can have a neat and simple setup for everyone and won’t have to worry about manual os install and what not.

    Just a dirty quick hack :).

    Hi,

    Thanks for the idea, but I'd rather avoid going down the virtualization route.

    @Francisco said:
    You can save IP's for the IPMI by not putting it on public IP's.

    Please, do yourself a favor, put a small switch and a small raspi or something that runs a private LAN (with private IP's) for IPMI's.

    Francisco

    Hi Fran,

    I do intend on making the Ipmi on a private LAN both to keep it more secure and also to save on IPs.

    Thanks

  • PureVoltagePureVoltage Hosting ProviderOG

    @Francisco said: Please, do yourself a favor, put a small switch and a small raspi or something that runs a private LAN (with private IP's) for IPMI's.

    >
    Yes!
    Get a used Juniper EX4200 as suggested on WHT :)

    Thanked by (1)Francisco

    PureVoltage - Custom Dedicated Servers Dual E5-2680v3 64gb ram 1TB nvme 100TB/10g $145
    New York Colocation - Amazing pricing 1U-48U+

  • PureVoltagePureVoltage Hosting ProviderOG

    Oh also get a larger subnet!

    PureVoltage - Custom Dedicated Servers Dual E5-2680v3 64gb ram 1TB nvme 100TB/10g $145
    New York Colocation - Amazing pricing 1U-48U+

Sign In or Register to comment.