Multiple server Nic cards-public and private

I have seen a lot of questions on this subject and I happend to have some graphs handy so I thought I would put up a post that should help all "big" boards understand this a little better.
In a multi server setup the web server needs to talk to 2 different places. The internet so users can come and get their data and the database server to get the information they are requesting. This diagram shows that relationship:


The web server should have 2 seperate NIC cards, one facing the internet and 1 facing the database server. Even if your traffic is not that high trying to do this over 1 nic card is not a good idea because database requests will have to wait for the web requests.
The database server NIC will handle far more traffic than the public NIC. Let's look at some graphs. This graph shows 24 hours on my web server. That would be about 300 users at the low and 2200 simoultaneous users at peak



The blue line represents the amount of data going out to the users, the green line represents the data coming in. Notice that there is far more going out as the web server serves up the pages. The "95th percentile" a measure of how much bandwidth you use is 4.97 mbits or megabits per second so out to the users a 10 based connection would be more than enough.

Here is the same graph between the webserver and the database server:



In this case the blue line, way at the bottom represents the data from the web server to the database server. The green lines are the database server returning data to the web server. Notice how much more data goes over this connection than actually goes out to the users. That is one of the reasons it is so important to have it on a seperate nic card. Also note that the 95th percentile is 38.8 mbit so you would not be able to run a 10 based nic card you need a 100 based to not create a bottleneck. It is not neccesary to run a gigabit card although you would still see some improvement from that as it would let stuff get "off the wire" quicker at peak load.

Hope this helps!

[khalid]

Very informative alexi and nicely presented.

Thanks.

[FlyBoy73]

Great example.
I was billed almost $1,900.00 in overage expenses from my host one month because the PNet was not setup properly and my dual server setup was talking publicly over the net. The communication bandwidth was huge between our web server and our database server. I thought it was inaccurate, and not to contest the billing, but because I did not know they "chattered" that much..

Thankfully, they dropped the overage because it was partly their mistake. Needless to say they were happy to supply a crossover cable after this at no charge and give the data base server the single connection to the web server only.

[GNDI]

this is the teori, how do you do this for real whit freebsd 6.1?

my case:

I have a lovely server whit two nics. I want to "abuse" them both

The first nic should handle the normal www traffic (The outsite card)
The second nic should route to the DB server.

My OS is FreeBSD 6.1-RELEASE
www= Apache 2.2

The DB is Mysql 5.x

My IP-Addresses is 87.52.171.128/24 and the IP to the first nic is
87.52.171.131

How do I set this up to force the second nic only to get to the DB server
(Only one nic installed)

Other hardware to use for networking build is two swicthes One fare better
than the second, therefore I'll prefere to only use that one. One Cisco
router.

I have been reading a lot on this site
http://www.freebsd.org/doc/en_US.ISO...k-routing.html
but i didn't understand it :/ mayby I have been reading to little.

Please give me the exact scipting lines and setup (For dummies)

[DevilYellow]

I will soon have 2 boxes each with 2 Gbit NIC's. On the first box I bonded both NIC's together. The new box could be set up almost the same. I was thinking of connecting the DB server directly to the Webserver accross one of these NIC's and not do the bonding - but then I'd have to maintain the DB server thru the Webserver.

Thoughts?

Surely 2 bonded Gbit NIC's will have no problem talking to each other thru a Switch. The Firewall would block all traffic directly to the DB box and I would VPN in to maintain it.

[gabrielt]

Hi there,

Thanks for this idea, I have never thought about this before.

We have two webservers and one DB server here. How could we implement this idea here, since in your example you had only one webserver?

I though about adding two network cards on each server, i.e. on each webserver we would have one NIC connected to the Internet and the other NIC connected to the DB server, and on the DB server two NICs, one connected to each webserver. Would this work?

Thanks,
Gabriel.

[alexi]

That would work but I'm not sure I would do it that way. The DB server would have to have 2 ip addresses that would make configuring things a lot tougher.
What I would do is put in a gigabit switch and run 1 cable to the the database server and each web server. If your database server had dual nics you could team them.
Do you need access to the database server from the web for administration? If so you could use a low speed nic for that

[gabrielt]

Hi Alexi,

Thanks a lot for your input. I think this idea is really better.
No, we do not access our DB server via www.

Cheers,
Gabriel

[gabrielt]

Any ideas on how to measure the NIC performance, i.e. how to create a chart similar to the one posted on this thread? I wish to analyse how is the traffic on our NIC right now.

Thanks,
Gabriel.

[alexi]

Google MRTG, it's free

[gabrielt]

Thanks for the tip. I installed MRTG and also created some scripts for monitoring and the network traffic is around 10-12 Mbps right now on each web server and around 20 Mbps on MySQL server.

Thanks
Gabriel