Rocks: Public NAS Access through VLAN

1. Configure Private Switch to pass a VLAN other than the clusters native VLAN

So what I Would do is plumb a VLAN from your public network to your private cluster switch. Let me call this VLAN 666. On one port of your cluster switch enable only VLAN 666, plug that port onto your corporate network. The tag will completely isolate your internal ("private") traffic for. On all other ports in your switch, enable VLAN 666 on other ports, but do NOT make it the default VLAN.

For an SMC-style switch your config for the port connected to your public might look like.

interface ethernet 1/1
 switchport allowed vlan add 666 tagged
 switchport native vlan 666
 switchport allowed vlan remove 1
 switchport mode trunk

And compute node port on the switch might look like

interface ethernet 1/2  
 switchport allowed vlan add 1 untagged  
 switchport native vlan 1  
 switchport allowed vlan add 666 tagged  
 spanning-tree edge-port

1/1 only allows tagged traffic. Any untagged traffic will be tagged with vlan ID 666 1/2 allows vlan 1 (default) and vlan 666. It will pass 666-tagged traffic.

2. Add a vlan tagged interface to nodes on your cluster.

You will need an address for every node of your cluster. The address is on your corporate network.

For each node in your cluster

# rocks add host interface <compute node> eth0.666 \
        vlan=666 ip=<ipaddress on corporate vlan>  \
        subnet=public name=<name on corporate vlan>

Then, to actually enable the config

# rocks sync config
# rock sync host network

If you have everything done correctly, you will be able to mount directly your Corporate NAS from a node on your cluster (they both have addresses on the same subnet).

If the NAS is in a different subnet, you need to add a static route on each node that corresponds to your local gateway for the public network.