Mr. Mark Welton Three-tiered Architecture Collapsed core – no distribution Collapsed core – no distribution or access Most common design when network covers multiple buildings Physical separation of the three levels usually occurs when there is a physical need to do so Access devices are connected at the access-layer switches These switches connect to the distribution-layer switches Distribution-layer switches then connect to the core-layer Internet and server farm (data center) typically connect to the core-layer Common in single building designs with multiple floors Distribution-layer switches are removed and access layer goes directly in core Distribution-layer maybe collapsed into the core-layer switches or removed completely This design is most common in smaller implementations Core switches act as all layers in the design For this design Ethernet runs must remain within the distance limitations of the cable (100 Meters) High-density chassis switches are used in this design Trunks – will be necessary anywhere switches are interconnected EtherChannels or port aggregation – This allows multiple switch connections to increase bandwidth between switches Spanning tree – end devices ports should not run spanning tree. Ports connecting other switches must run it and be configured correctly including setting a correct primary and secondary root bridge VTP – allows for centralized control of VLAN in your network VLAN – How many? Make sure they are planned out ahead of time Internet Internet inside Server farm User VLANS (include all user devices that need segmented i.e. VoIP) ◦ OOB??? ◦ ◦ ◦ ◦ Most web-based applications today use a three tier design Internet Layer - Web servers are used by the end users to access the application Application layer – used to access the database layer and provide separation between the database and users. Also contains logic and access control for application Database layer – contains data needed by application There are generally two accepted methods in the design Bridging – the lower interfaces of the upper layer are connected to the same VLAN as the upper interfaces of the layer beneath them Routing – routers are placed between the layers The advantages of this design are simplicity and speed Disadvantages are decreased security This has changed with the advances in security devices (layer-2 firewalls) The advantages of this design are increased security Disadvantages increases complexity and adds processing (which means latency) Is there any other issue that may need addressed in the design???? Can not easily manage the server remotely Can not easily manage the server remotely Every interface will need an IP address. In some server high-availability solutions, you’ll need a third IP address for each VLAN. For example, IP multipathing requires a virtual IP address on each VLAN in addition to one for each physical interface. Every IP address you assign may need a DNS entry (including virtual IP addresses). Which interface is primary? Does the server need a default gateway? If so, where does it go? Can the server support multiple defaults? How will this work? Web servers need a default gateway that points to the Internet. This will require your management VLAN to have specific routes on the servers. How many physical network cards do you need in a server to support six Ethernet interfaces? Make sure you have enough. Extra interfaces are even better. Will the servers have both interfaces active in each VLAN, or just one? Some server high-availability solutions require the switches to be configured a certain way, while others require different configurations. Work this out in a lab before you build your network. Will your servers support remote Ethernet consoles? Will you need a dedicated network for this traffic? With Virtual environment your access-layer switches are also virtualized This will make the server network requirements more like a access-layer switch uplink Multiple 10 Gb ports are common