Академический Документы
Профессиональный Документы
Культура Документы
JANUARY 2010
Networking
Deep
Dive
The Networking
Primer
Copyright 2010 InfoWorld Media Group. All rights reserved.
i By Paul Venezia
CORE CONSIDERATIONS
The term network applies to everything from LAN
to SAN to WAN. All these variations require a network
core, so lets start there.
The size of the organization will determine the size
and capacity of the core. In most infrastructures, the
datacenter core is constructed differently from the LAN
core. If we take a hypothetical network that has to serve
the needs of a few hundred or a thousand users in a
single building, with a datacenter in the middle, its not
uncommon to find that there are big switches in the
middle and aggregation switches at the edges.
Ideally, the core is composed of two modular switching platforms that carry data from the edge over gigabit
fiber, located in the same room as the server and storage
infrastructure. Two gigabit fiber links to a closet of, say,
100 switch ports is sufficient for most business purposes.
In the event that its not, youre likely better off bonding
multiple 1Gbit links rather than upgrading to 10G for
those closets. As 10G drops in price, this will change, but
for now its far cheaper to bond several 1Gbit ports than
to add 10G capability to both the core and the edge.
In the likely event that VoIP will be deployed, it may
be beneficial to implement small modular switches at
the edge as well, allowing PoE (Power over Ethernet)
modules to be installed in the same switch as the nonPoE ports. Alternatively, deploying trunked PoE ports to
INFOWORLD.COM DEEP DIVE SERIES
GOING VIRTUAL
Speaking of storage networking, youre going to need
some form of it if you plan on running enterprise-level
virtualization. The ability for virtualization hosts to migrate
virtual servers across a virtualization farm absolutely
requires stable and fast central storage. This can be FC,
iSCSI, or even NFS in most cases, but the key is that all the
host servers can access a reliable central storage network.
INFOWORLD.COM DEEP DIVE SERIES
Networking virtualization hosts isnt like networking a normal server, however. While a normal server
might have a front-end and a back-end link, a virtualization host might have six or more Ethernet interfaces.
One reason is performance: A virtualization host pushes
more traffic than a normal server due to the simple fact
that as many as dozens of virtual machines are running
on a single host. The other reason is redundancy: With
so many VMs on one physical machine, you dont want
one failed NIC to take a whole bunch of virtual servers
offline at once.
To combat this problem, virtualization hosts should
be constructed with at least two dedicated front-end
links, two back-end links, and ideally a single management link. If this infrastructure will service hosts that live
in semi-secure networks (such as a DMZ), then it may
be reasonable to add physical links for those networks
as well, unless youre comfortable passing semi-trusted
packets through the core as a VLAN. Physical separation
is still the safest bet and less prone to human error. If
you can physically separate that traffic by adding interfaces to the virtualization hosts, then do so.
Each pair of interfaces should be bonded using some
form of link aggregation, such as LACP (Link Aggregation Control Protocol) or 802.3ad. Either should suffice,
though your switch may support only one form or the
other. Bonding these links establishes load-balancing
as well as failover protection at the link level, and is an
absolute requirement, especially since youd be hardpressed to find a switch that doesnt support it.
In addition to bonding these links, the front-end
bundle should be trunked with 802.1q. This allowed
multiple VLANs to exist on a single logical interface
and makes deploying and managing virtualization farms
significantly simpler. You can then deploy virtual servers
on any VLAN or mix of VLANs on any host without
worrying about virtual interface configuration. You also
dont need to add physical interfaces to the hosts just
to connect to a different VLAN.
The virtualization host storage links dont necessarily need to be either bonded or trunked unless your
virtual servers will be communicating with a variety of
back-end storage arrays. In most cases, a single storage
array will be used, and bonding these interfaces will not
necessarily result in performance improvements on a
per-server basis.
J A N U A R Y 2 010
WIDE-AREA NETWORKING
When organizations have multiple locations, connecting
those locations with fast and reliable links can have a significant impact on the users at that site. Unfortunately,
no tried-and-true method of WAN interconnectivity can
be applied to every organization. The approach you use
depends on the services available at the main datacenter
and the remote office site.
In an ideal situation, both sites are served by a single
carrier that can drop in fiber links at each location. This
will provide the highest bandwidth and lowest latency
of any solution, and will probably be cheaper to boot. If
this option is available to you, be sure to treat the link as
untrusted and use a VPN across the pipe to encrypt the
traffic which, after all, will be flowing across someone
elses network.
Without the same carrier on both ends, youll need
alternative connection methods. The most popular of
these is MPLS (multiprotocol label switching). This is
somewhat related to the traditional frame-relay networking model, but is generally cheaper and offers
higher bandwidth for a lower cost.
INFOWORLD.COM DEEP DIVE SERIES
NETWORK MONITORING
All the best hardware and network designs in the world
cant help you figure out what your network is doing on
a day-to-day basis. Network monitoring tools can, and
no network should be without them. There are myriad
options in this space, both open source and commercial,
and there are key elements that need to be constantly
monitored to ensure proper operation. For instance,
you should be measuring the latency and bandwidth
utilization across all WAN circuits, and retaining that
data for trending purposes to highlight how bandwidth
needs grow over time. Also, keep a close eye on each
VLAN default route, all aggregate links, and CPU usage
in the core switches and aggregation routers if any. Its
also a good idea to catch STP and HSRP state changes
if applicable.
Its also a good idea to use the syslogging facilities
present in each switch. Configure a syslog server and
point all your switches at it and youll have a record of
every pertinent event on a switch-by-switch basis, which
is invaluable when trying to determine what might have
gone wrong during periods of instability.
And finally, dont forget to back up all that hard work
J A N U A R Y 2 010
J A N U A R Y 2 010