Feeds

And here's how a datacentre network works...

It's all about layers

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

The job of a datacentre network is to connect the equipment inside to the outside world, and to connect the internal systems to each other. It needs to be secure, high performance and operate with an eye on energy consumption, with a guiding principle of minimising device numbers and costs, so you end up with a system that can do what's needed while remaining as simple as possible.

Every facility is different, so there's no off-the-shelf answer as to what exactly goes into a datacentre network. Component selection will vary according to budget, business requirements, site location and capacity, available power and cooling, and a host of other criteria depending on circumstances. That said, you're likely to find that most datacentre networks arrive at common solutions to common problems and so look fairly similar.

You can conceive of a datacentre network as a series of layers, with the stored data at the bottom. On the first layer is the connection to the outside world - the internet - and, if it's an enterprise's own datacentre, to the rest of the company. If the datacentre is owned by a service provider and is servicing a number of external clients, the Internet connection and any other connections linking clients directly also sit on the outside ring.

The second layer, commonly referred to as the edge or access layer, consists of IP-based, Ethernet devices, such as firewalls, packet inspection appliances and switches, that route traffic to and from the core of the datacentre to the outside world. Here too sit many web servers in a so-called demilitarised zone or DMZ: hemmed in by firewalls, external visitors are allowed this far into the datacentre network but no further.

Below this is the core, with large, high-performance switches consisting of blades plugged into chassis, with each blade providing dozens of ports. The chassis is likely to be managed by a management blade, while other features such as security and traffic shaping can be provided by further blades. All data passes through these devices.

Closer to the servers will be a further layer, consisting of a series of switches, maybe one per rack or row of racks, depending on density, tasked with distributing data to and between servers in order to minimise load on the core.

Behind the servers, conceptually, is the main storage. This, the fourth and final layer, consists of a series of high-performance storage arrays connected via a Fibre Channel network that's entirely separate from the main network. This means that only the servers can connect directly to the storage, although there's likely also to be a link from the storage to the IP network for management purposes.

The Fibre Channel network needs separate switches and management systems to configure it, adding to IT staff's workload, so this situation is slowly changing. In ten years time, industry analysts expect that most storage systems will be connected using the IP-based Ethernet network, probably running at either 40Gbps or 100Gbps.

Let's look at an example of the network's job. You click on a link in your browser, which generates a request for data that arrives at our datacentre via the Internet connection. The incoming request is scanned for malware, and is re-assembled and decrypted if WAN optimisation and encryption are in use. It's then sent on to a switch in the access layer. This switch routes the request to a web server in the DMZ, which might be physical or virtual, and which might be fronted by a load balancer to allow a cluster of servers to handle high traffic levels.

The web server receives and processes the request. A response needs information from a database, so the web server calls for data from a database server at the core of the network.

The data demand is passed to a core switch which routes it to a database server. The processed request traverses the storage network, is pulled off the disks, arrives back from main storage, is packaged up and sent back to the web server. It's then assembled into a web page and pushed back out the Internet connection.

While a broad-brush look at network design, this is the template with which a datacentre network designer will approach the problem of building a new network from scratch. ®

Security for virtualized datacentres

More from The Register

next story
TEEN RAMPAGE: Kids in iPhone 6 'Will it bend' YouTube 'prank'
iPhones bent in Norwich? As if the place wasn't weird enough
iPAD-FONDLING fanboi sparks SECURITY ALERT at Sydney airport
Breaches screening rules cos Apple SCREEN ROOLZ, ok?
Crouching tiger, FAST ASLEEP dragon: Smugglers can't shift iPhone 6s
China's grey market reports 'sluggish' sales of Apple mobe
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
The British Museum plonks digital bricks on world of Minecraft
Institution confirms it's cool with joining the blocky universe
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.