Module 5: Designing a Highly Available Physical Network Contents Overview Lesson: Selecting Networks Based on Bandwidth Requirements Lesson: Selecting Redundant Paths for Network Connectivity 14 Lesson: Selecting the Appropriate Network Topology 20 Lesson: Selecting a Highly Available Switch Configuration 32 Lesson: Selecting a Highly Available Routing Configuration 46 Lab: Designing a Highly Available Physical Network 59 Information in this document, including URL and other Internet Web site references, is subject to change without notice Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, places or events is intended or should be inferred Complying with all applicable copyright laws is the responsibility of the user Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property  2001 Microsoft Corporation All rights reserved Microsoft, MS-DOS, Windows, Windows NT, Active Directory, BackOffice, FrontPage, Outlook, PowerPoint, Visio, Visual Studio, Win32, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries The names of actual companies and products mentioned herein may be the trademarks of their respective owners iii Instructor Notes Presentation: 150 minutes Practices: 30 minutes Lab: 60 minutes This module provides students with the knowledge and skills needed to design a highly available physical network The information in this module introduces the physical network of the Web infrastructure and the factors that impact availability After completing this module, students will be able to: Select a network based on bandwidth requirements ! Select redundant paths for network connectivity ! Select appropriate networking topology for the physical network ! Select a highly available switch configuration for the physical network ! Select a highly available routing configuration for the physical network ! Required materials ! Select the appropriate technologies, configurations, and hardware components required for designing a highly available physical network To teach this module, you need the following materials: ! ! Delivery Guide ! Preparation tasks Microsoft® PowerPoint® file 2088A_05.ppt Trainer Materials compact disc To prepare for this module: ! Read all of the materials for this module ! Complete the practices and lab iv Module 5: Designing a Highly Available Physical Network How to Teach This Module This section contains information that will help you to teach this module Inform the students that each lesson in this module is a critical task in the design process and that, at the end of the module, they will complete a lab that ties all of the lessons (tasks) together This knowledge will help them to stay focused during instruction The instructional strategy for this module is to provide students with the knowledge and skills that they need to design a highly available physical network based on bandwidth requirements, redundant path requirements, physical network topology requirements, and switch and router configuration requirements of a highly available Web infrastructure Lesson: Selecting Networks Based on Bandwidth Requirements This section describes the instructional methods for teaching each topic in this lesson The overview page for this lesson introduces the need for selecting a physical network based on the bandwidth requirements of a highly available Web infrastructure The instructional strategy for this lesson is to explain to students that they can select the appropriate physical network by determining the network throughput, the appropriate speed for the network, and the time needed to download data from the network The topic pages for this lesson and the appropriate instructional strategy are listed as follows: Factors affecting network performance The purpose of this page is to review the factors affecting network performance Tell students that network throughput plays an important role in the design of any Web infrastructure and application, whereas bandwidth and latency affect the choice of the client and application architecture Methods for determining the network throughput This page introduces the two commonly used methods of determining the network throughput: transactional cost analysis and default page analysis Explain to students that they need to know the number of bytes in a typical client transaction and the maximum amount of concurrent transactions per second going through the system to determine the amount of bandwidth needed for a Web infrastructure Considerations for determining the appropriate speed for the network The purpose of this page is to explain to students that they need to decide on the appropriate network speed that is required to meet the business needs of the Web infrastructure based on the required amount of network throughput and available network speeds Time required to download data from the network This page explains how to calculate the time required to download data from the network to clients by using different download speeds Emphasize to students that they need to determine the maximum number of concurrent connections and the amount of the data to be transmitted over the Web infrastructure to calculate this value Guidelines for selecting networks based on bandwidth requirements The guidelines page provides students with the action steps that they must address before they can select a physical network based on the bandwidth requirements of a Web infrastructure Review the action steps with the students and ensure that they understand how these steps map to the task Also, emphasize the importance of addressing all of these requirements v Practice: Select Networks Based on Bandwidth Requirements You will divide the class into design teams Give the students five minutes to read through the scenario and the design considerations carefully before they answer the questions Tell the class that each team must be prepared to justify their answers Lesson: Selecting Redundant Paths for Network Connectivity This section describes the instructional methods for teaching each topic in this lesson The overview page for this lesson introduces the need for selecting redundant paths for network connectivity The instructional strategy for this lesson is to explain how to add redundancy in the design for the Internet connectivity and the internal network connectivity to provide a greater level of fault tolerance The topic pages for this lesson and the appropriate instructional strategy are listed as follows: Considerations for determining redundant external network paths The purpose of this page is to explain that one way of making a physical network highly available is to add redundant connections from a Web infrastructure to the Internet Tell students that when they design the external network, they need to determine if a redundant Internet connection is possible and what are the implications of using one Internet service provider (ISP) or multiple ISPs Considerations for determining redundant internal network paths This page explains that students need to focus on making the local area network (LAN) more available for the Web infrastructure Emphasize that the key to making a LAN highly available is to configure backup paths to ensure there is no single path from end-to-end in the infrastructure Tell the students that they can select either redundant Ethernet network paths or redundant Fiber Distributed Data Interface (FDDI) network paths to make the internal network highly available Guidelines for selecting redundant paths for network connectivity The guidelines page provides students with the action steps that they must address before they can select redundant paths for network connectivity Review these steps with the students and ensure that they understand how these steps map to the task Emphasize the importance of addressing all of these requirements Review: Selecting Redundant Paths for Network Connectivity Give the students five minutes to read through the questions carefully before they answer them Tell students that they must be prepared to justify their answers vi Module 5: Designing a Highly Available Physical Network Lesson: Selecting the Appropriate Network Topology This section describes the instructional methods for teaching each topic in this lesson The overview page for this lesson introduces the need for selecting the appropriate topology for the physical network The instructional strategy for this lesson is to explain to students that they can select the appropriate network topology by selecting the appropriate Internet connection topology and the appropriate topology for the internal network The topic pages for this lesson and the appropriate instructional strategy are listed as follows: Types of Internet service providers This page introduces the types of ISPs that are available for hosting different Web environments Tell students that ISPs are broadly classified into in-house Web hosting services and outsourced Web hosting services, and use the PowerPoint slide for this page to differentiate between the characteristics of the various ISP types Considerations for determining the appropriate Internet connection topology The purpose of this page is to explain to students that they will need to select at least two connections to the most reliable ISP, and another connection to a separate ISP to ensure highly available Internet connectivity Emphasize that the Internet connectivity options for maintaining an in-house Internet data center differ from those for an outsourced Internet data center Considerations for determining the appropriate technology for the internal network topology This page explains to students that when selecting a high-speed network topology for high availability, they can choose from four technologies: Gigabit Ethernet, Fast Ethernet, FDDI, and asynchronous transfer mode (ATM) Explain to students the considerations for selecting each of the four technologies Guidelines for selecting the appropriate network topology The guidelines page provides students with the action steps that they must address before they can select the appropriate topology for the physical network Review the action steps with the students and ensure that they understand how these steps map to the task Also, emphasize the importance of addressing all of these requirements Practice: Select the Appropriate Network Topology You will divide the class into design teams Give the students five minutes to read through the scenario and the design considerations carefully before they answer the questions Tell the class that each team must be prepared to justify their answers vii Lesson: Selecting a Highly Available Switch Configuration This section describes the instructional methods for teaching each topic in this lesson The overview page for this lesson introduces the need for selecting a highly available switch configuration for the physical network The instructional strategy for this lesson is to explain to students that they can provide high reliability and fault tolerance in the network by determining the appropriate switches and the appropriate switch configuration for the physical network The topic pages for this lesson and the appropriate instructional strategy are listed as follows: Broadcast and collision domains This page introduces the concept of broadcast and collision domains Explain to students that they must be cognizant of the broadcast and collision domains for the network because these domains can impact the performance and the perceived availability of the Web infrastructure Considerations for selecting appropriate switches The purpose of this page is to explain to students that they need to use redundant or fault tolerant switches to provide high availability for the network topology Explain to students the importance of the factors affecting the selection of appropriate switches for a physical network A highly available switch configuration This page explains the characteristics of a highly available switch configuration Emphasize to students that when designing the layer network for the Web infrastructure, the scenario for the User Services and Business Logic tiers is not the same as that in a conventional enterprise LAN; there are considerations, such as the use of Network Load Balancing in each of these tiers, which will influence their design However, they will use the same design considerations for the servers in the Data Services tier that they would use for an enterprise LAN Considerations for selecting the appropriate switch configuration The purpose of this page is to explain to students that they need to use fullduplex interfaces and Inter Switch Links and trunks In addition, they must ensure the availability of adequate switch buffer memory when selecting the appropriate switch configuration for the physical network Guidelines for selecting the appropriate switch configuration The guidelines page provides students with the action steps that they must address before they can select the appropriate switch configuration Review the action steps with the students and ensure that they understand how these steps map to the task Emphasize to the students the importance of addressing all of these requirements Review: Selecting a Highly Available Switch Configuration Give the students five minutes to read through the questions carefully before they answer them Tell students that they must be prepared to justify their answers viii Module 5: Designing a Highly Available Physical Network Lesson: Selecting a Highly Available Routing Configuration This section describes the instructional methods for teaching each topic in this lesson The overview page for this lesson introduces the need for selecting a highly available routing configuration for the physical network The instructional strategy for this lesson is to explain to students that when selecting the appropriate routing configuration, it is recommended that they separate the Business Logic and Data Services tiers from the User Services tier, but their solution may require several subnets in each tier to achieve the required performance and isolation The topic pages for this lesson and the appropriate instructional strategy are listed as follows: Routing protocols for a highly available physical network This page introduces the various routing protocols used in redundant IP routing and dynamic routing protocols Explain to students how each routing protocol works A highly available IP routing configuration The purpose of this page is to explain to students the characteristics of a highly available IP routing configuration Considerations for determining the routing architecture for the User Services tier This page explains the considerations for determining the routing architecture for the User Services tier Explain to students the need for considering the availability of the Internet connection from the Web infrastructure traffic, the number of public addresses required for the Web infrastructure, and the use of load-balanced multihomed configurations when selecting the routing architecture for the User Services tier Considerations for determining the routing architecture for the Business Logic and Data Services tiers The purpose of this page is to explain to students the considerations for determining the routing architecture for the Business Logic and Data Services tiers Emphasize to students the need for considering the types of hosts in the Web infrastructure, the types of addresses required for the hosts, and the number of subnets required for the Web solution when selecting the routing architecture for the Business Logic and Data Services tiers Guidelines for selecting a highly available routing configuration The guidelines page provides students with the action steps that they must address before they can select the appropriate routing configuration Review the action steps with the students and ensure that they understand how these steps map to the task Emphasize the importance of addressing all of these requirements Review: Selecting a Highly Available Routing Configuration Give the students five minutes to read through the questions carefully before they answer them Tell students that they must be prepared to justify their answers ix Lab: Designing a Highly Available Physical Network In this lab, students will design a highly available physical network to meet the needs of the Government Portal scenario Their design will include components that meet the bandwidth requirements, redundant path requirements, physical network topology requirements, and switch and router configurations requirements of the given scenario The students will then make appropriate high availability recommendations for the design As with the practices, you will divide the class into design teams Give the students 30 minutes to read through the scenario and the design considerations carefully before they answer the questions If white board space is available, have each team draw their design on the board Or, if Microsoft Visio® is available and the students are comfortable using it, they could forward their design to you for display on the screen Each team must be prepared to justify their answers Depending on team experience, the Web infrastructure designs can be relatively simple or quite complex You may also discover that some features of their Web infrastructure design may be incomplete or wrong because they not have the prerequisite knowledge You should only focus on the part of the design that addresses the lesson component being taught You can allow other teams to critique each design, but it is important that you explain to the students that there are no wrong or right answers What they need to take from this exercise is the opportunity to practice their design ideas and get peer review in a lab environment Depending on business requirements, their actual designs may vary 48 Module 5: Designing a Highly Available Physical Network Dynamic routing protocols Routers used for the Internet and large enterprise networks are often configured to use a routing protocol to exchange routing information and dynamically update their routing tables when network topology changes, such as when a router or link fails A network under one administrative domain, such as an organization’s intranet, is known as an autonomous system A routing protocol that is used within an autonomous system is an interior routing protocol Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) are two popular interior routing protocols When different autonomous systems exchange routing information, they generally use an exterior routing protocol (an interdomain routing protocol) The Internet exterior routing protocol is BGP, which the IETF defined in Request for Comments (RFC) 1771 Each autonomous system needs a unique autonomous system number from the Internet Network Information Center (InterNIC) to run BGP on the Internet BGP typically runs in routers on an autonomous system’s border BGP routers send BGP routing information to the autonomous systems that they and their peer routers can reach This information includes the Internet routes that the routers have received from other routers, and the intranet routes that the routers have received from an interior routing protocol or static routing configuration Peer routers use KeepAlive messages to check each others’ availability If a router does not receive a KeepAlive message from a peer after a predefined interval, the router drops the BGP session, removes the routes of the unreachable peer from its BGP routing table, and sends an update message about the change to its other peers BGP uses an aggregated or Classless Inter-Domain Routing (CIDR) IP address (called a prefix), such as 192.1.0.0/16, to represent the route to an autonomous system CIDR is an architecture for efficiently allocating IP addresses in the Internet A BGP router also associates an AS-PATH attribute with each route This attribute denotes the path from the advertising router’s autonomous system to the autonomous system associated with the CIDR address In a BGP router, you can define a policy that filters which routes a router accepts from a peer and which routes the router advertises To optimize routing and implement redundancy, you can incorporate attributes, such as preferences and metrics, into received and advertised routes BGP that runs between two autonomous systems is known as external BGP (EBGP) BGP running between routers within the same autonomous system is known as internal BGP (IBGP) All IBGP routers in an autonomous system must communicate with one another You use IBGP rather than a conventional interior routing protocol, such as OSPF, because IBGP can take advantage of the routing policy feature of BGP Module 5: Designing a Highly Available Physical Network 49 A Highly Available IP Routing Configuration ! A highly available IP routing configuration is characterized by: " Redundant paths " Network convergence " Multiple default gateways " Static and dynamic IP addresses " Load-balanced multiple routers " Router discovery " Virtual router redundancy *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction A common way to achieve highly available IP routing is to use redundant routers and redundant Internet connections Multiple routers with interfaces on the same subnet ensure that a gateway to the Internet and other network subnets is available when a pathway fails Establishing multiple connections to several ISPs, or multihoming, provides alternative routes to the Internet when one Internet link or router is unavailable Highly available IP routing configuration A highly available IP routing configuration has the following characteristics: ! Redundant paths You can add routers to a network topology to provide redundant data paths between subnets This redundant router topology, also known as a mesh topology, can provide fault tolerance when a router fails by allowing data to travel along an alternate path Mesh topology is most often used in a large backbone network in which the failure of a single router can result in a large portion of the network losing communications Mesh networks can use the following topologies: • Partial mesh topology Includes some redundant data paths to provide a level of fault tolerance, and is more commonly implemented in large internetworks • Full mesh topology Provides a direct link between each pair of nodes (routers) on a network Full mesh topologies provide the highest level of fault tolerance, but they increase the computational load on dynamic routers because the routers need to calculate their routing tables It is recommended that you consider using only partial mesh topologies in your network design because they provide adequate fault tolerance ! Network convergence Convergence is the process of communicating changes in a network topology and re-computing routes based on the changes Many logical networks are designed to be fault tolerant by using redundancy at both the Network and the Data Link layers IP routers at the Network layer use convergence to build tables of accessible networks and routes by using dynamic routing protocols, such as RIP and OSPF, to handle redundant paths and prevent routing loops from occurring 50 Module 5: Designing a Highly Available Physical Network ! Multiple default gateways A computer sending information to the Internet delivers that information to a local router or a layer switch in the local subnet of the computer, which in turn forwards the information to another router and then to the Internet The local router is usually the default gateway of the computer To provide fault tolerance, you must use two or more gateways on each subnet However, this type of configuration requires the computer to support multiple default gateways If the default router fails, the computer must fail over to an available router ! Static and dynamic IP addresses If you use static IP addresses for your network hosts, you can include multiple router IP addresses in the TCP/IP default gateway setting of each host However, if you use dynamic IP addresses, you can include multiple router IP addresses in the default gateway setting of the DHCP server’s subnet scope List router addresses in order of preference, and when a host starts, it tries the first address in the list If the system cannot reach the first address after retrying a set number of times, the system uses the second default gateway ! Load-balanced multiple routers Multiple default gateways enable you to load balance statically across multiple routers For example, if two routers, Router and Router 2, are on the same subnet, you can set half the computers on the subnet to try Router first, and the other half to try Router first This setup works for static IP addresses, but it is difficult to implement by using a DHCP server running Microsoft Windows NT® because the DHCP server cannot have multiple scopes on the same subnet However, the DHCP server in Windows 2000 supports a vendor- and userspecific option through which you can define different scopes on the same subnet ! Router discovery Multiple default gateways require that you maintain the default gateway settings on computers or DHCP scopes By contrast, IRDP lets a router advertise its availability A computer can then dynamically discover the best available gateway on the subnet, and if the current one fails, automatically switch to the next best gateway At set intervals, an IRDP-enabled router sends multicasts of an advertisement on the local subnet The advertisement includes the router’s interface address, a preference number, and a lifetime number, which denotes how long a computer can use this router as its default gateway before the router becomes unavailable An IRDP-enabled computer selects as its default gateway the router that has the lowest preference number Windows 2000 includes host support for IRDP ! Virtual router redundancy VRRP is a more efficient router redundancy protocol that does not require computer involvement in router discovery A virtual router, which includes multiple physical routers that are running VRRP (or HSRP), uses a virtual router ID address and virtual router IP address to represent the virtual router The master physical router provides primary routing for the corresponding virtual router IP The backup physical routers monitor the status of the master router and become active if the master router fails Routers are allocated a priority so that if you have more than one backup router, the physical router with the highest priority becomes the active router Module 5: Designing a Highly Available Physical Network 51 Considerations for Determining the Routing Architecture for the User Services Tier ! When determining the routing architecture for the User Services tier, consider the: " Availability of the Internet connection for Web infrastructure traffic " Number of public addresses required for the Web infrastructure " Use of load-balanced multihomed configurations *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can make your Web solution redundant and fault tolerant by connecting your Internet routers to routers at two or more ISPs This configuration adds more reliability to your Internet connections because if one ISP experiences a major network outage, the other ISPs will provide the Internet access Within the public and private network used in your solution, you will have multiple routers providing connectivity between subnets and tiers When determining the routing architecture for the User Services tier, consider the following: Availability of the Internet connection ! Availability of the Internet connection for Web infrastructure traffic Your connection to the Internet may be specifically used to carry only the data for your Web infrastructure, or it can carry other traffic, such as that for corporate access to the Internet It is recommended that you use a separate Internet connection for your Web infrastructure to ensure predictable performance characteristics Where the Internet connection must be shared with other traffic, it is recommended that you consider the use of Quality of Service (QoS) channels between the ISP and your perimeter routers to ensure that bandwidth allocations meet your design criteria Your perimeter routers will have configuration entries which define a logical route in your infrastructure that is comprised of a network number, a network mask, a Next Hop address, and a route metric 52 Module 5: Designing a Highly Available Physical Network Properties for each route allow the administrator to define routing characteristics, such as: • NAT It defines whether NAT translation is applied to traffic on the logical route • Multicasting It defines whether multicasting is supported on the logical route • QoS It defines logical paths and bandwidth requirements based on an assigned priority level • Mapping of the logical route to the physical route The separation of logical and physical routing allows multiple logical routes, each exhibiting different characteristics, to be mapped to a single physical route For example, Internet access for the User Services tier of your Web infrastructure may be routed by using public addresses, and traffic to and from a corporate LAN may be translated through a NAT process Both traffic types share the same physical connection to the Internet but undergo different routing actions by the router Number of public addresses ! Number of public addresses required for the Web solution When you are allocated a block of public addresses from an ISP, they will usually be contiguous unless you require a large number of addresses Irrespective of the subnet design that you implement based on these public addresses, your perimeter routers can advertise a single CIDR block as a single route The notation for a CIDR block is an address followed by /nn where nn is the number of bits of in the subnet mask CIDR block notation does not allow for noncontiguous subnet masks, such as 255.255.128.255 It assumes that after the first is reached in a subnet mask, all remaining bits are For example, 128.196.128.131 /24 refers to a subnet that contains the address 128.196.128.131 and whose subnet mask begins with 24 1s (the rest being 0s) It is recommended that you request a sufficiently large block of addresses to meet the future growth of your Web solution However, applying for more addresses may make your routers more complex to maintain because noncontiguous address spaces prevent route aggregation by the perimeter routers Load-balanced multihomed configurations ! Use of load-balanced multihomed configurations When you have redundant connections to the Internet that are based on multiple connections to the same ISP, it is recommended that you load balance your solution traffic across those connections You can create a load-balanced, multihomed configuration by specifying which of your perimeter routers advertise and receive information about your internal routes If your Internet router accepts specified routes that are advertised from your ISPs’ routers, you can load balance these routes for outbound traffic from your Web solution You can use the same methods to load balance and add fault tolerance to a multihomed configuration that has multiple connections to multiple ISPs However, when you connect to multiple ISPs, you must design your routing to block all of the ISP-established routes and their learned routes except the routes that you require Otherwise, the router of an ISP might discover a shorter path to another Internet destination through your autonomous system, and your network might become a transit autonomous system for traffic between ISPs, impacting the performance of your Web solution Module 5: Designing a Highly Available Physical Network 53 Considerations for Determining the Routing Architecture for the Business Logic and Data Services Tiers ! When determining the routing architecture for the Business Logic and Data Services tiers, consider the: " Types of hosts in the Web infrastructure " Types of addresses required for the hosts " Number of subnets required for the Web solution *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction If your Web solution has a large number of servers, you may be unable to acquire a block of addresses that is large enough to permit the use of public addresses for all of the servers You can limit the number of public addresses that the Business Logic and Data Services servers need by following the considerations for determining the routing architecture for the Business Logic and Data Services tiers When determining the routing architecture for the Business Logic and Data Services tiers, consider the following: Types of hosts ! Types of hosts in the Web infrastructure The hosts in a Web infrastructure fall into three broad categories: • Hosts that need access to a network layer outside of the Web infrastructure (provided through IP connectivity) Hosts in this category require IP addresses that are globally unique • Hosts that not require access to hosts in other enterprises or the Internet at large Hosts in this category can use IP addresses that are unique within an enterprise, but may be ambiguous between enterprises • Hosts that need access to a limited set of outside services, such as e-mail, and File Transfer Protocol (FTP), which can be handled by mediating gateways, such as application layer gateways For many hosts in this category, an unrestricted external access (provided through IP connectivity) may be unnecessary and even undesirable for privacy or security reasons Hosts in this category may use IP addresses that are unambiguous within an enterprise, but may be ambiguous between enterprises 54 Module 5: Designing a Highly Available Physical Network Types of addresses ! Types of addresses required for the hosts Hosts in the first category are typically perimeter routers and Web services servers, which must have public addresses (unless you use NAT) Hosts in the second and third categories are typically allocated addresses from the private address ranges For example, the use of the 10.x.x.x address space is common in many solutions because this network is not routed on the Internet The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for use in private intranets: • 10.0.0.0 through 10.255.255.255 (10/8 prefix) • 172.16.0.0 through 172.31.255.255 (172.16/12 prefix) • 192.168.0.0 through 192.168.255.255 (192.168/16 prefix) If you are configuring your Business Logic and Data Services tiers to use private addresses, select from the previous ranges It is recommended that unless there are specific communication reasons to allocate public addresses, you always use private addresses for the Business Logic and Data Services tiers to limit the use of public addresses Routing services for this portion of your solution may be provided by a firewall or router that isolates the User Services tier and minimizes the potential for attack against servers in the Business Logic and Data Services tiers Number of subnets ! Number of subnets required for the Web solution If the number of servers in your Web solution is large, you may use several subnets to provide adequate performance for your Web infrastructure It is recommended that you minimize the number of routers in the Business Logic and Data Services tiers to minimize the number of hops for data requests and responses If your Web solution uses combined switches and routers, you may be limited to a minimum of two routers, combined with the layer switches required for redundancy Minimize any hierarchy in the routing plan to achieve better performance, and minimize the number of required redundant paths to provide fault tolerance with a flat routing structure Module 5: Designing a Highly Available Physical Network 55 Guidelines for Selecting a Highly Available Routing Configuration ! Determine the need for redundant routers per path ! Select routers with appropriate bandwidth and configuration ! Select the routing architecture for the User Services tier ! Select the routing architecture for the Business Logic and Data Services tiers *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To extend the life of the IP version public address space, address registration authorities are increasingly demanding more justification for the issuance of public address blocks This issue is making it harder for organizations to acquire public address space You must design your Web infrastructure to minimize the use of public addresses, and use a private address structure for those hosts that not specifically require public addresses The routing structure that you design for your Web infrastructure must provide isolation and security between the perimeter network (also known as DMZ, demilitarized zone, and screened subnet) for the User Services tier, while providing the required level of fault tolerance for all of the hosts in all of the tiers Design guidelines As you select a highly available routing configuration for the physical network, apply the following guidelines: ! Determine the need for redundant routers per path To determine the need for redundant routers per path for the User Services tier and for the Business Logic and Data Services tiers: • Select appropriate routing protocols that are required for the front-end and back-end networks Use static routing, multiple default gateways, and load-balancing protocols to provide the required fault tolerant responses • Use load-balanced routers rather than router failover to make the best use of available bandwidths • Select a flat router architecture rather than a hierarchical architecture to minimize the need for dynamic routing protocols, which can take many seconds to converge after a failure 56 Module 5: Designing a Highly Available Physical Network ! Select routers with appropriate bandwidth and configuration To select routers with appropriate bandwidth and configuration: • Use combined routers and switches to achieve the highest bandwidth with the lowest latency between subnets • Select the appropriate configuration to ensure the correct utilization and security of the bandwidth Consider the use of QoS for bandwidth allocation and NAT for address translation ! Select the routing architecture for the User Services tier To select the routing architecture for the User Services tier, consider the: • Availability of the Internet connection for Web infrastructure traffic • Number of public addresses required for the Web solution • Use of load-balanced, multihomed configurations ! Select the routing architecture for the Business Logic and Data Services tiers To select the routing architecture for the Business Logic and Data Services tiers, determine the: • Types of hosts in the Web infrastructure • Types of addresses that are required for the hosts • Number of subnets that are required for the Web solution Module 5: Designing a Highly Available Physical Network 57 Review: Selecting a Highly Available Routing Configuration ! Routing Protocols for a Highly Available Physical Network ! A Highly Available IP Routing Configuration ! Considerations for Determining the Routing Architecture for the User Services Tier ! Considerations for Determining the Routing Architecture for the Business Logic and Data Services Tiers ! Guidelines for Selecting a Highly Available Routing Configuration *****************************ILLEGAL FOR NON-TRAINER USE****************************** Which protocol for IP routing can provide flow control and first-hop gateway redirection? Internet Control Message Protocol (ICMP) How does mesh topology provide fault tolerance in an IP routing configuration? Mesh topology can provide fault tolerance in an IP routing configuration by allowing data to travel along an alternate path Mesh topology is most often used in a large backbone network in which the failure of a single router can result in a large portion of the network losing communications How does IRDP enable automatic router discovery on a local subnet? IRDP lets a router advertise its availability A computer can then dynamically discover the best available gateway on the subnet, and if the current one fails, automatically switch to the next best gateway At set intervals, an IRDP-enabled router sends multicasts of an advertisement on the local subnet The advertisement includes the router’s interface address, a preference number, and a lifetime number, which denotes how long a computer can use this router as its default gateway before the router becomes unavailable An IRDP-enabled computer selects as its default gateway the router that has the lowest preference number 58 Module 5: Designing a Highly Available Physical Network What is the method for load balancing multiple redundant connections to the Internet? Specify which of your perimeter routers advertise and receive information about your internal routes If your Internet router accepts specified routes that are advertised from your ISPs’ routers, you can load balance these routes for outbound traffic from your Web solution What are the considerations for determining the routing architecture for the Business Logic and Data Services tiers? When determining the routing architecture for the Business Logic and Data Services tiers, consider the types of hosts in the Web infrastructure, types of addresses required for the hosts, and the number of subnets required for the Web solution Module 5: Designing a Highly Available Physical Network 59 Lab: Designing a Highly Available Physical Network ! Lab overview ! Network bandwidth requirements ! Redundant path requirements ! Physical network topology requirements ! Switch and router configuration requirements ! Other technical requirements and configurations ! Lab questions *****************************ILLEGAL FOR NON-TRAINER USE****************************** Lab overview In this lab, you will evaluate the Government Portal’s requirements for network bandwidth, redundant network paths, physical network topology, and highly available switch and routing configurations for the Web infrastructure You will make design recommendations based on those requirements Network bandwidth requirements It is expected that the majority of the portal users will have connection speeds from 28.8 to 56 Kbps with an average of 40 Kbps The average size of a Web page for the portal is 50 KB, which includes graphics and overhead It is expected that the number of peak concurrent users will be 3,000, or percent of the user base, during the first year of operation In your design, allow for 150 percent growth over the next three years Web stress analysis shows that the existing fast Ethernet network in the data center has sufficient bandwidth to handle server-to-server communications between the User Services, Business Logic, and Data Services tiers However, include in your design recommendations for handling any bottlenecks that may occur Redundant path requirements During the Lab for Module 4, it was determined that you should use a minimum of two ISPs to provide redundant paths to the Internet so that the impact to Government Portal performance is minimal in the event of a single ISP outage Each server in the Web infrastructure must continue to be available in the event of a single network adapter card or switch failure Physical network topology requirements Although the Government has an existing data center, they would like to evaluate various options for hosting the Web infrastructure The Government’s server administrators must be able to monitor all of the servers continuously and add servers to the infrastructure or rebuild failed servers within a two-hour timeframe The existing data center consists of a 100-Mbps Ethernet infrastructure The Government wants to ensure that the network connections to each server are redundant 60 Module 5: Designing a Highly Available Physical Network Switch and router configuration requirements Because a minimum of two separate ISPs will be used to provide connections to the Internet, the IP address spaces for the User Services tier will be noncontiguous The switch and router configurations must provide for multiple subnets and subnet isolation in the infrastructure Other technical requirements and considerations Your solution should include Microsoft technologies where appropriate Lab questions How much bandwidth does the design need to provide? 3,000 concurrent users at an average connection speed of 40 Kbps require 120,000 Kbps, or 120 Mbps of total bandwidth Use two OC3 (155.53 Mbps) connections to provide the appropriate bandwidth for current loads while providing redundancy The anticipated 150 percent growth will require an additional 180 Mbps of bandwidth in the next three years Because the current architecture uses redundant connections to the Internet, and 155 Mbps allows for approximately 30 percent over capacity based on current bandwidth demands, plan for an additional OC3 in the future If parts of the data center internal network become bottlenecks, you can upgrade those network segments to gigabit Ethernet Alternatively, if there is significant non-Web generated traffic on the network, you can create a separate management network to isolate that traffic How would you design the network paths for connections to the Internet? a Internet connections A minimum of two ISP connections is required to meet the redundancy requirements for client connections More than two ISP connections may provide cost savings The cost per connection and additional administrative and hardware costs must all be taken into consideration b Internal Web infrastructure network Configure each network connection in a server that is required to support redundancy and fault tolerance as a teamed adapter with a minimum of two members Each member of the team must connect to a separate physical switch or switch blade to ensure reliability For each subnet in the solution that requires routed paths to other networks, provide either multiple routers with interfaces on the subnet or load balanced routers which support hot failover Module 5: Designing a Highly Available Physical Network 61 How would you design the physical network topology? a Data center location Typically, hosting your own data center is the most expensive solution, because you must provide the support infrastructure to maintain the whole physical site However, in this case, Government has a large, established data center, which includes a network and server operations infrastructure By hosting their own servers, they can more easily satisfy the requirements for constant server monitoring and rapid server deployment and recovery b Internet connections If you select two Internet connections that each provide a minimum of 300 Mbps of bandwidth, then to ensure that the incoming network does not become saturated, the Government needs to use a gigabit Ethernet network topology between the WAN connection and front-end switches for the Data Services tier Because you will load balance the traffic over several servers, 100-MB Ethernet should provide sufficient bandwidth to each server c Intra-Web infrastructure communications Because the existing full-duplex 100-MB Ethernet topology is expected to provide sufficient bandwidth for server-to-server communications in the Web infrastructure, the most important design consideration is redundancy With Ethernet networks, redundancy is achieved by teaming two network adapters together in each server and connecting each adapter to ports on two separate switches that are part of the same VLAN As an alternative, you could use an FDDI server backbone in the data center, which provides a fault tolerant two ring design 62 Module 5: Designing a Highly Available Physical Network How would you design high availability for the switches and routers? With two Internet connections and noncontiguous IP addressing, a multiple VLAN switch architecture is appropriate for the front-end switches Likewise, to support multiple isolated subnets in the Business Logic and Data Services tiers, a multiple VLAN switch architecture is appropriate for the back-end switches Configure multiple VLANS across two physical switches with Inter Switch Links You can manually set both of the ports on the switches and the network adapters in the servers to full-duplex mode to minimize collisions and recovery time upon switch or adapter failover Disable auto negotiated features, such as speed, media and duplex sensing, and set appropriate manual configurations The front-end switches must to support both gigabit and 100-Mbps Ethernet connections In addition, configure redundant routers for each subnet and implement some method of router or gateway failover You can configure router or gateway failover between the routers by using routers that support a dynamic load balancing protocol with a virtual router ID as the default gateway for the subnet Alternatively, you can configure the servers with multiple default gateways so that they automatically switch to an alternate router when the primary gateway fails The second method also allows for static load balancing of traffic between routers It may be appropriate to separate inbound and outbound Internet traffic over two routers in the User Services tier to minimize the possibility of errors caused by interaction between inbound, outbound, and heartbeat traffic The routers connecting to the Internet will possibly need to support BGP if the telecommunication provider requires this protocol Because there will be connections to multiple ISPs, you must design routing to block all of the ISP-established routes and their learned routes except for the routes that you require ... configuration for a highly available physical network ! Select the appropriate switch configuration for the physical network Module 5: Designing a Highly Available Physical Network 33 Broadcast and... Module 5: Designing a Highly Available Physical Network Lesson: Selecting a Highly Available Switch Configuration Selecting a Highly Available Switch Configuration ! Broadcast and Collision Domains... their actual designs may vary Module 5: Designing a Highly Available Physical Network Overview Designing a Highly Available Physical Network Start ! Selecting Networks Based on Bandwidth Requirements