universal4
Cadet
- Joined
- Jan 12, 2021
- Messages
- 6
I had been preparing a Truenas install for a while and was finally confident the server was ready to take to the data center. It is a minimum 4 to 5 hour drive round trip, usually turns in to a much longer trip then that so I most often try to have the majority of setup done in advance.
Last thing I had done was change the ip from the 192.168.1.x ip to the true public, add a 3rd ip on port #2 of the 4 available and reboot to make sure all was ok.
Before the lecture starts about not assigning a public ip, if I felt the install was so insecure that it was such a bad thing for the public ip binding, I could easily disable the switch port and only enable it when needed. I like to have public ip's accessible to enable if I feel the need.
I later discovered that the reason the web interface would no longer answer was that the ip's that I (the administrator) assigned to specific nic's have been reordered, and therefore the ip's went to different ports. (now suddenly bge0 is actually bge2) and (bg1 is different and switched to bge3) and (bge 2 is now bge1) and finally (bge3 is bge0) or something similar to that. Thus if in fact the port 0 (first nic) was disabled in the switch, TrueNas might decide it knows a better ip set then I do and reorder the nic's and all of them would be on the wrong vlans talking to the wrong subnets.
Suggesting that different ports be used is not a logical solution for a number of reasons. That would immediately mean that all consistency on the backside of the rack is gone, and the first port on one server is completely different then all the other servers. Any basic logic can easily see that is FAR more risky and much more prone to making cabling mistakes.
Honestly, how many data centers have you ever been in where 5 out of 10 servers have the left nic public and the other 5 the right nic is public?
Also, If there is no way to guarantee port x is ip=x and port=y is ip=y, any reboot could easily mean that port=y connects first and it will be assigned ip=x and port=x will get the remaining ip=y.
Is there any guaranteed method to assign ip's to the ports I WANT, so the ports defined by administrators are always plugged in to the proper vlan's so each of the assigned ip's can reach their desired destinations in the correct subnets? Maybe by mac address? Nic alias?
Last thing I had done was change the ip from the 192.168.1.x ip to the true public, add a 3rd ip on port #2 of the 4 available and reboot to make sure all was ok.
Before the lecture starts about not assigning a public ip, if I felt the install was so insecure that it was such a bad thing for the public ip binding, I could easily disable the switch port and only enable it when needed. I like to have public ip's accessible to enable if I feel the need.
I later discovered that the reason the web interface would no longer answer was that the ip's that I (the administrator) assigned to specific nic's have been reordered, and therefore the ip's went to different ports. (now suddenly bge0 is actually bge2) and (bg1 is different and switched to bge3) and (bge 2 is now bge1) and finally (bge3 is bge0) or something similar to that. Thus if in fact the port 0 (first nic) was disabled in the switch, TrueNas might decide it knows a better ip set then I do and reorder the nic's and all of them would be on the wrong vlans talking to the wrong subnets.
Suggesting that different ports be used is not a logical solution for a number of reasons. That would immediately mean that all consistency on the backside of the rack is gone, and the first port on one server is completely different then all the other servers. Any basic logic can easily see that is FAR more risky and much more prone to making cabling mistakes.
Honestly, how many data centers have you ever been in where 5 out of 10 servers have the left nic public and the other 5 the right nic is public?
Also, If there is no way to guarantee port x is ip=x and port=y is ip=y, any reboot could easily mean that port=y connects first and it will be assigned ip=x and port=x will get the remaining ip=y.
Is there any guaranteed method to assign ip's to the ports I WANT, so the ports defined by administrators are always plugged in to the proper vlan's so each of the assigned ip's can reach their desired destinations in the correct subnets? Maybe by mac address? Nic alias?