When using PRIMECLUSTER on public clouds, connectivity between the cluster node and the API endpoint must be ensured to deal with split-brain. Because the API endpoint is on the Internet, it must be connected to the Internet. Use the API endpoint to control the power of the cluster node.
PRIMECLUSTER provides architectural patterns for ensuring the connectivity between the cluster node and the API endpoint. For smooth design of a cluster system, choose from these architectural patterns.
The following are the architectural patterns for ensuring the connectivity between the cluster node and the API endpoint and the appropriate scenarios for each pattern.
Architectural pattern | Appropriate scenario | Note |
|---|---|---|
Ensuring connectivity with the router | Ensuring low cost and secure connectivity of back-end servers | Operation management is not required by the user since the NAT function provided by the router of NIFCLOUD is used. |
Ensuring connectivity with the NAT server | Ensuring secure connectivity of back-end servers without using the router function | Building and operation management by a user is required for the NAT server. For the following configurations that cannot be configured by the router function, secure the connectivity with the NAT server. - Using multiple global IPs without directly allocating them to the server, such as using different global IP between DNAT and SNAT - Connecting the Internet in an environment where the router is already used, such as in an environment in "Figure 8.1 Connecting only the private LAN1 to the Internet in an environment where the router is already used" |
Ensuring connectivity with the global IP address | Ensuring low cost connectivity of front-end servers | To allow the access from the global network to the server, IP permission restrictions or the firewall rule must be firmly established. This architecture is simple because there are a low number of system components since the router is not required. |
Figure 8.1 Connecting only the private LAN1 to the Internet in an environment where the router is already used
An architecture pattern with the router can block access from the Internet, and it also ensures connectivity between the cluster node and the API endpoint.
Place the cluster node of back-end servers in a private LAN. This server is not given a global IP address and has no direct connectivity with the Internet.
Use the router for connectivity with the endpoint since the API endpoint that forcibly stops PRIMECLUSTER exists over the Internet.
See
For details on the NAT function of the router, refer to the official NIFCLOUD documentation.
Figure 8.2 Ensuring connectivity with the router
An architecture pattern with the NAT server can block access from the Internet, and it also ensures connectivity between the cluster node and the API endpoint.
This architectural pattern is identical to the architecture pattern with the router, except that the router is replaced by the NAT server in the placement of components.
Figure 8.3 Ensuring connectivity with the NAT server
This architectural pattern is simpler than architectural patterns with the router or the NAT server.
However, since the cluster node is accessible from the Internet, IP permission restrictions or the firewall rule must be firmly established.
When using this architectural pattern, you only need to give the global IP address to the cluster node.
Figure 8.4 Ensuring connectivity with the global IP address
