I suppose it's been what's been handed down to me, but as a general rule... I never run any kind of SNMP system on routers that link to the internet / datacenter switch or router. SNMP is very insecure (unless my information is out of date) and could open you up to someone at the very least viewing your data.
if you must do this.. be sure that the snmp agent is listing on something that's on it's own vlan and has a non routable Ip address. With today's firewalls.. it would be very easy to setup a P2P link between racks / datacenters which would allow your vm's access to a private network across datacenters.
From: Matthew Law [matt@xxxxxxxxxxxxxxxxxx] Sent: Friday, February 12, 2010 1:16 PM To: Robbie A. Garrett Cc: xen-users@xxxxxxxxxxxxxxxxxxx Subject: RE: [Xen-users] Dom U bandwidth monitoring - pmacct, bandwidthd?
On Fri, February 12, 2010 5:27 pm, Robbie A. Garrett wrote: > How would the switch know that traffic is for DomU or internet? > > this would have to be on a presence router / switch and track by ip > address which I think is a bad idea.
Thanks, Robbie.
I'm interested to know why you think that's a bad idea? - one of the solutions I was considering is to setup a SPAN port against the uplink on each switch and use bandwidthd on that. I have very little network experience at this level, so I'm likely missing something (and that's the main reason I decided to ask here as it is very likely others have been here and learned the lessons).
> What I would suggest is that you allow there vm's to be able to use there > own private network to move the data from one vm to another. A lot of > houses do it like this so they can let the customers who setup there vm's > in a cluster have there cluster traffic bandwidth free.
Thanks. Definitely an option being considered!
Cheers,
Matt.
|