Network latency Performance within data center
Hi there, all my linodes are in Fremont. I'd like to minimize latency between linodes if at all possible. Does the IPs they are using have anything to do with their physical proximity? Any correlation?
So if I have them all on IPs starting with say 172, does that matter or not?
3 Replies
This is a great question. The short answer is that no, the IP range for your Linode's IPv4 address has no baring on latency between two Linodes in the same data center. What does have an affect on latency is how you make the connection between Linodes in a data center. Public traffic takes more hops than private. That means for the best speeds, you'll want to set up your connections to use private networking, as this traffic is entirely within the data center.
Thank you for that. In followup, I forgot to mention a more general question as well.
If my linodes are communicating over private IPs, does that mean the traffic is not visible to other linode accounts? Or can other account's linodes potentially see my traffic if they are in the Fremont data center?
My reason for asking, is that I have each linode isolated performing specific functions, some have outside internet access, others are firewalled off from anything but vpn access.
My tentative topology plan, is to vpn into one linode, and then from there access the other linodes as their firewalls will allow connections from only my vpn linode. So I'm trying to figure out the most secure, easeful to setup and performant way of doing that.
I've recently been using wireguard instead of openvpn. I know it isn't production ready, but I'm not sending people to the moon, so it's ok.
When I'm SSHing between, I'm covered. It is more when the linodes are doing http rest api comms between each other that I'm concerned about. If I can avoid the hassle of setting up ssl certs on each of them, and just wireguard node them all, that may work. That said, I'd like to remove as many moving parts that could fail.
As an explicit example. linodeA is running a postgres db. linodeB is my apache server. if they are using a private IP to communicate, can I get away with not enabling the ssl.
Oops, I just partially answered my question from this article.
https://medium.com/linode-cube/ensuring-the-privacy-of-a-private-network-29ccde7562d9
I'll make another topic for my wireguard specific question.
Cheers,