Multitier Data Networking Architecture
When networking (switching and routing) vendors talk about three-tier and two-tier designs, they are referring to how switches and routers are deployed in a data center. The traditional switching and routing layers in the legacy data center are as shown in Figure 1-1.
)
Figure 1-1 Networking View of Three-Tier Data Center
Access switches normally connect to the server network interface cards (NICs) and form the first level of data multiplexing. These are also called top-of-rack (ToR) switches because they sit on top of the rack connecting all Ethernet NICs coming from the servers within the same rack. Access switches are usually L2 switches, but they can also be L2/L3. The choice depends on cost and particular designs. L2 switches are a lot cheaper than L2/L3 switches because they deliver less functionality.
Aggregation switches, also called distribution switches, aggregate toward the core all Ethernet interfaces coming from the access switches. The aggregation switches normally work at L2. Traditionally, this layer existed because it reduced the number of “expensive” interfaces at the core router, it created a certain level of redundancy by having dual connections between the access switch and the aggregation layer (keeping in mind that aggregation switches are cheaper than core routers), and it shielded the core layer from L2 functionality. As shown later in this book, the newest designs can skip this layer and go directly from the access (now called leaf), to the core (now called spine). In this case, L3 functionality must start at access switches. The aggregation layer also offers connectivity to the networking services such as firewalls, load balancers, and others, as seen in Figure 1-1. The networking services are either standalone appliances or embedded inside the aggregation switches.
Core switches/routers collect all interfaces coming from the aggregation layer and multiplex them toward the WAN or the campus LAN. Most layer 3 functionality—such as routing between subnets, running routing protocols such as Open Shortest Path First (OSPF), Intermediate System to Intermediate System (IS-IS), and Border Gateway Protocol (BGP)—is done at this layer. As discussed earlier, in the newest leaf and spine designs where there is no aggregation, the core switches connect directly to the access layer and support L2 and L3 functionality. The access switches have to do some L3 functionality as well.
Logical Server Grouping
Servers are connected to access switches and grouped logically into multiple tiers, such as a web tier, an application tier, and a database tier. This distributes functionality over multiple servers, which gives higher availability to the application. Failure in one of the tiers does not affect the others. Also, a more distributed approach spreads each tier over multiple servers; for example, the web server actually runs on multiple servers located in the same data center or multiple data centers. If a web server is down, other servers absorb the load. The same distributed approach applies to application servers and database servers. As discussed earlier in this chapter, load balancers distribute the traffic between different servers based on L4 or L7 and different criteria. Figure 1-1 shows a web server, an application server, and a database server design, with load balancers distributing traffic between different servers and firewalls protecting traffic at the entry point to the data center and between the different application components.
Multitier designs require the existence of multiple servers within the same tier talking to each other and to the other tiers. This communication is normally done at L2 using a logical separation via VLANs. In the simplest form, an IP subnet is associated with a VLAN, and servers within the same subnet share the same VLAN ID and talk to each other via their MAC addresses. The VLAN is considered a broadcast domain and is isolated from other broadcast domains. This means that broadcast packets generated within a certain VLAN are contained within that VLAN. This is important in scaling the network as the number of servers and applications increase. In Figure 1-2, web servers, application servers, and database servers are grouped in different subnets, and each subnet is associated with a VLAN. There could be many web/app/database servers in the same subnet, but for simplicity, only one of each is illustrated here.
)
Figure 1-2 Logical Server Grouping
Servers house one or many NICs, and the NICs contain one or more Ethernet, 1 GE, 10 GE, or higher speed interfaces. The NICs are dual homed to the access switches for better redundancy and fault tolerance, and NIC ports work in active-active or active-passive modes. Servers within the same VLAN do not need to be connected to the same access switch or in the same rack; they can be connected to different access switches as long as the VLANs are extended across the network. Note that VLANs 100 and 200 stretch across the access and distribution switches.
As a simple example, subnet 10.0.1.0/24 is associated with VLAN 100 and contains web server 1 (W1), application server 1 (AP1), and database server 1 (DB1). Subnet 10.0.2.0/24 is associated with VLAN 200 and contains web servers, application servers, and database servers W2, AP2, and DB2, respectively.