Many networks are built using well-established design criteria. In this video, you’ll learn about three-tier architectures, collapsed core designs, and traffic flow in a data center.
Many enterprise networks take advantage of a three-tiered architecture. This is a very common design. And you’ll find many organizations use a three-tiered network design for their network.
This starts with the core of the network. And this is where we might have the central point for all of our resources. So our servers, our applications, our databases, and other critical points are going to be contained within the core of the network.
The second tier in a three-tiered architecture is the distribution layer. This distribution is the midpoint between the users and those core resources. This is usually a series of switches that provides redundancy and connectivity for those users to access those critical resources.
And lastly, our users need somewhere to connect. And they often connect to an access layer. These are switches that are usually located very close to the user, usually on the same floor of a building, for example. And that access layer allows us to connect to the distribution, which then connects to the core of the network.
This three-tiered architecture is very common to what we might see in a large city. The downtown area of the city is the core of the city. And all of the major resources for that city may be located in a very small geographical area in the center or core of that location.
To be able to get to downtown, we need some type of distribution method. For example, we need some type of highway that might connect our homes to the downtown area. And our homes are usually connected to these larger highways through access roads. This allows us to use our local roads for all of our daily chores. But when we need to get to the core downtown, we may need to use those distribution highways.
Here’s what this three-tiered architecture looks like in a network diagram. The core of the network usually has core routers that are allowing us to connect to other resources in the core. The distribution layer in the middle is the one connecting the core to the access switches. And at the very bottom, the access layer is the one that all of the users are connected to.
You’ll notice there are multiple links between the access and the distribution. And occasionally, you might even find multiple links between the distribution and the core. So if one component happens to fail, we can always use other parts of the network to complete that communication path.
This is often combined with multiple buildings. So here on a single campus, we have two separate buildings. All the users are connected on each floor of the building to an access switch. Each access switch in the building is usually connected to one or more distribution switches, and those distribution switches are connected to the core of the network, which may be located in a central data center.
If you’re a smaller organization, there may not be a need for a much larger three-tiered architecture. Instead, you might want to use a collapsed core architecture. This is a two-tier architecture that combines the core and distribution layer into a single collapsed core. And you could see the access layer is still exactly the same as it was before.
This allows for a more simplified design and hopefully a much easier design when you’re troubleshooting. This is also a lot less expensive to implement because you have less devices that you have to purchase and install onto the network. However, as you can tell by this diagram, there’s not a lot of options for redundancy. So this may not be quite as resilient if you happen to lose any of these individual components.
When you’re describing the flow of traffic within a data center, it’s important to know where the traffic originates and what the destination is for that traffic. One way to describe traffic flow is an east-west traffic flow. This means that the origination and destination for this data flow is all within the same data center. This also means that we probably have very good response times from one device to another, since they’re all located on the same local network.
If the traffic flow is one that is leaving the data center or is coming into the data center from an external source, you would refer to that as north-south traffic. This would probably have a bit of a different security posture than something that is east-west traffic, because we really don’t know where this traffic is going once it leaves the data center. And any inbound traffic could be coming from potentially anywhere.
Here’s a better view of this traffic type. If data is coming into the network from the internet or we’re sending information out to the internet, we refer to that as north-south traffic. Any traffic that is inside this local data center– for example, if we have a file server that is sending information to an image server, all of that traffic is staying within the data center and would be considered east-west traffic.