It is recommended, though not strictly required, that
you run your DRBD replication over a dedicated connection. At
the time of this writing, the most reasonable choice for this is
a direct, back-to-back, Gigabit Ethernet connection. If and when
you run DRBD over switches, use of redundant components and the
Linux bonding driver (in
active-backup mode) is recommended.
It is generally not recommended to run DRBD replication via routers, for reasons of fairly obvious performance drawbacks (adversely affecting both throughput and latency).
In terms of local firewall considerations, it is important to understand that DRBD (by convention) uses TCP ports from 7788 upwards, with every TCP resource listening on a separate, configurable, but unchanging TCP port. DRBD uses two separate TCP connections (one in either direction) for every resource configured. For proper DRBD functionality, it is required that these connections are allowed by your firewall configuration.
Security considerations other than firewalling may also apply if a Mandatory Access Control (MAC) scheme such as SELinux or AppArmor is enabled. You may have to adjust your local security policy so it does not keep DRBD from functioning properly.
You must, of course, also ensure that the TCP ports you will be using for DRBD are not already being used by another application.
![[Note]](images/note.png) | Note |
|---|---|
It is not possible to configure a DRBD resource to
support more than one TCP connection. If you want to provide
for DRBD connection load-balancing or redundancy, you can
easily do so at the Ethernet level (again, using the
|
For the purposes of this guide, we assume a very simple setup:
Our two DRBD hosts each have a currently unused network interface,
eth1, with IP addresses10.1.1.31and10.1.1.32assigned to it, respectively.No other services are using TCP ports 7788 through 7799 on either host.
The local firewall configuration allows both inbound and outbound TCP connections between the hosts over these ports.