Multi-NIC Node Configuration

If you want to segregate the communication traffic across multiple channels, you can configure a KeyControl node to use multiple virtual NICs (Network Interface Cards). For example, you may want one NIC to handle the communication between the KeyControl webGUI and the KeyControl nodes on TCP/443 while a second NIC handles the cluster traffic on TCP/8443 and a third NIC handles the internal node management traffic on port TCP/2525.

With multiple NICs, one NIC must be designated as the "management interface", and this interface must be able to communicate on port TCP/2525. KeyControl uses the internal node management interface to:

Determine the administrative MAC address for the node.
Initializes the communication traffic between the nodes in the cluster.
Handle any authentication requests that come into the cluster.

All management interface communication must take place on the management interface. You cannot split management communication across multiple interfaces.

Considerations

When you are configuring multiple NICs on a node, keep the following things in mind:

The first release of KeyControl on the CentOS platform (KeyControl version 5.0) will not support multi-NIC configurations. If you plan to upgrade KeyControl to version 5.0, do not set up multi-NIC at this time. If you do so, only the management interface configuration will be retained during the upgrade and all traffic will be rerouted back to the management interface.

Multiple NICs will be supported on CentOS in a future KeyControl 5.x release.
KeyControl supports a maximum of four virtual NICs. One NIC must be the management interface, as described above. In addition to the management interface, you can specify up to three additional NICs that can be used for inbound and outbound traffic. This includes inbound client and KeyControl webGUI traffic as well as outbound syslog, NFS, and email traffic.
All NICs must be of the same interface adapter type. For example, if the first NIC specified uses the adapter type VMXNET, all other NICs must be of type VMXNET.
All NICs use global values for their DNS settings, NTP settings, default gateway, and DNS server list. Any change made to those settings on one NIC affects all NICs.
When you deploy a new KeyControl node through an OVA template or an ISO image, you must specify basic network information such as an IP address, domain, gateway, and DNS server list. When you do so, KeyControl automatically designates that IP address as the management interface on port TCP/2525. We strongly recommend that you do not change this interface if the node is already part of a cluster or if any VMs have already been registered with the node.

If you want to select the management interface during deployment, you must install KeyControl from the ISO image on an existing VM that already has all of the required NICs configured. In this case, KeyControl will prompt you to select the management interface during the installation.
Adding additional NICs to the VM after deployment requires you to shut down the KeyControl node while you add the NICs. You cannot add NICs to a running system.

If the node is part of a cluster, the cluster will become degraded if the node is unreachable for too long. If the node is a standalone node, any VMs registered with the node will be unable to retrieve their keys while the network services are offline, and any VM heartbeats will fail.
KeyControl automatically restarts the network services on the node every time you change the configuration for a NIC. The node will be unavailable for a brief period until this process has finished.