From Debian Clusters

A Typical Layout

A typical cluster layout.

A typical cluster setup has a few common components. First, it typically has one machine acting as the firewall and the gateway to the Internet. The firewall and all of the rest of the machines are then connected to an internal network with a switch. (There may be multiple internal networks – one for communication amongst the nodes, one for gathering runtime data, and such.) Users log into the head node, which is responsible for submitting jobs to all the other work nodes. Essential services like DHCP, DNS, and LDAP can be run on the firewall, head node, or on other dedicated services machines.

To access a service on the cluster - for instance, SSH or a web server – a user contacts the firewall. However, the firewall takes all requests to itself and forwards them on to an appropriate node (in other words, it takes requests and turns it around towards a pre-specified node on the inside network without the user needing to know what's going on behind the scenes). In this way, the firewall is transparent and only accessible from the inside of the network, making it much more secure. The firewall also does SNAT and DNAT (source network address translation and destination network address translation) to allow the machines on the internal network to send network traffic out through the firewall and also receive it.

To the right is network diagram typical for a cluster setup. Users SSH into the firewall's address but are validated through and connected to the head node. All of the machines are connected through the switch. The firewall has two IP addresses – one on the outside and one on the internal network. One machine is dedicated to running services for the cluster.

The dashed line indicates that, although the connection to the Internet runs through the firewall, from a user's perspective the firewall does not exist.

A Specific Layout

The cluster layout being used in the making of the Debian Clusters project.

To the left is the network layout I'll be using for my cluster, the one I'm building as I write the Debian Clusters documentation. The firewall will be providing most of the services in addition to doing SNAT/DNAT. It will be the DHCP server, DNS server, and LDAP server. The only service it's not providing is NFS, the file system. NFS is being provided by the head node because it is I/O intensive and the head node will not be doing anything other than interacting with users, which is less intensive than the worker nodes' job. This means that when people SSH into the head node, the file system won't need to be mounted on the machine they interact with, because it will be local.

People often name their cluster nodes with some theme, like types of penguins or coffee, or even just numbers (node100, node101, etcetera). I'll be using birds of prey in this cluster and in my examples.

Notice that the firewall has two IP addresses, one for the Internet (the X's), and one for the internal network. Each of the other machines has an internal IP address. The ranges for non-routable (private) IP addresses safe to use on the internal network are 192.168/16, 172.16/12, and 10/8. I'll be using 192.168.1/24.

Even before the cluster has been fully built, the IP addresses and host/domain names have been decided on, as well as the overall domain name for the internal network. This will be essential in configuring services. If you can get the MAC addresses of the worker nodes before setting them up, even better.

Here's a quick cheat sheet that might be helpful in following the examples:

Links

• RFC 1918