The Networking Setup
When ordering dedicated servers from? a hosting company without giving them any special instructions, they will probably set them up as shown in Figure 2.
Using this configuration, the network interface of the web server will be used for both public (web) traffic and for the communications between the web server and the MySQL server. This is not the best configuration possible for several reasons.
Usually the switch of the hosting company works at 100 Mbps, so even if the servers have Gigabit Ethernet ports, the network interface will be limited to 100 Mbps, which can be easily reached on the communications between the web server and the MySQL server of a busy website. When this limit is reached, the website will be very slow.
Also because the network interfaces will be running at 100 Mbps, the latency (ping time) between the two servers will be higher than if the interfaces were configured as Gigabit Ethernet.
Another issue is that you will have database traffic circulating on the hosting company’s switch, which can pose a security risk.
The best approach to connect a web server to a MySQL server is to use a separate Gigabit Ethernet connection linking the second network interface (eth1) of the servers. We show this possibility in Figure 3. Since almost all servers have two Gigabit Ethernet ports, this configuration is very easily done, however you must ask the hosting company to perform it for you. (You must use a cross-over cable for the connection shown in Figure 3; another option is to use a Gigabit switch connecting the two servers.)
While the first network interface (eth0) will have a public IP address, the second network interface (eth1) must use a private IP address (such as 192.168.0.x). After setting up the physical connection, don’t forget to reconfigure your web applications (e.g., editing the application’s config.php file) to use the MySQL server’s eth1 IP address (192.168.0.x in our example), otherwise it will still use the public IP address.
With this configuration, the eth0 interface of the web server will be used only to carry public traffic; the traffic between the web server and the MySQL server will be moved to the private Gigabit connection, and it will be faster and more secure. The public IP address of the MySQL server must be used only for remote access to the server, using SSH.
Some system administrators paranoid with security simply disconnect the eth0 interface of the MySQL server from the hosting company’s switch; this way the MySQL server won’t be able to be publicly accessed. In this case, for you to access the MySQL server remotely using SSH, you will need to first open an SSH connection to the web server and then, from inside the web server, you can open an SSH connection the MySQL server using its private IP address (192.168.0.2, for example).