I'm hoping this will help some others out there, but also would like to assess the viability of this solution.
I will get a /29 ip address block with 5 useable IP addresses from the colocation data centre where it will be hosted.
I should be able to pre-configure off site the pfsense firewall/router, set one of those external IP addresses as a static IP, set it's gateway, configure it to do NAT to local network addresses for IPMI nics, cluster nics, and vms.
I don't know exactly what, if any switch config might need doing to support this setup. The switch is a Cisco WS-C4948-S 48 Port. Does it need to have VLANs configured before any of this will work?
Ideally all external traffic goes through pfSense so nothing is exposed to internet directly. As long as at least one server node is up, a pfsense instance should be up and this will be possible to get access to IPMI etc if necessary.
I believe I need to keep one NIC dedicated to the pfSense WAN side on every host. Which means that I'll only have 1Gbs bandwidth for internal cluster traffic, not ideal. Perhaps there is a better way?
I will get a /29 ip address block with 5 useable IP addresses from the colocation data centre where it will be hosted.
I should be able to pre-configure off site the pfsense firewall/router, set one of those external IP addresses as a static IP, set it's gateway, configure it to do NAT to local network addresses for IPMI nics, cluster nics, and vms.
I don't know exactly what, if any switch config might need doing to support this setup. The switch is a Cisco WS-C4948-S 48 Port. Does it need to have VLANs configured before any of this will work?
Ideally all external traffic goes through pfSense so nothing is exposed to internet directly. As long as at least one server node is up, a pfsense instance should be up and this will be possible to get access to IPMI etc if necessary.
I believe I need to keep one NIC dedicated to the pfSense WAN side on every host. Which means that I'll only have 1Gbs bandwidth for internal cluster traffic, not ideal. Perhaps there is a better way?