Understanding Network Architectures and Models

in this video we'll look at a number of different architectures we use when designing our networks we'll start with a very common type of architecture this is the three-tier architecture and we'll go through what each of those tiers consists of we'll start with the core of the network sometimes we refer to this as the center of the network and this is usually where our major services are located we might have web servers database servers name servers and other important services would be contained in this core almost everybody in the organization will need access to these services so it makes sense to put these services in the middle of the network the users though don't connect directly to the core there's a midpoint called the distribution layer this distribution tier manages the communication between all of the end users and the core of the network this not only provides the users with a way to connect to the core but it also provides a way for redundancy and control of traffic into and out of the core and the last tier is the access tier this is where the users are located and usually there is an access switch somewhere close to where those users are located is very similar to the way we lay out our cities for example there might be a core or downtown area of a city but this is often where our office buildings are and we don't commonly live in the core of the city instead we have a way to get from our home into the center of the city through some type of distribution network or distribution highway we would then use those distribution highways to get in and out of the core of the city and of course we would live outside of the city we would take the distribution network to be able to gain access to the core and then back to our homes and usually everything that's in our local neighborhood are things that we might need immediate access to for example if we wanted to go to the local grocery store or a neighbor's house we would only stay in that local access area but if we needed to gain access to any other part of the city we would use our distribution of highways to gain access to the core if we were to show this as a network diagram this is the topology you would have all of your users are down here at the bottom and those users are connected to access switches the access switches are then connected to distribution switches and you can see there are multiple distribution switches and the access switches might connect to those multiple switches to provide redundancy the distribution switches are then finally connected to the core providing that final tier between the users and the services in the core on larger networks you can expand this three-tier architecture to even work between different buildings so you might have an access switch on each floor of a building those access switches connect to distribution switches and those distribution switches finally connect to the core the same thing would occur in the other building with access switches and distribution switches meaning everybody in all of these buildings would be able to gain access to the services they need in the core in recent years we've taken this idea of physical networking components and we've tried to virtualize those systems similar to what we've done with virtual servers we've been able to take the different functions of these networking devices and separate them into separate functional planes of operation there are three primary planes of operation the data plane the control plane and the management plane and all of these together act as sdn or software-defined networking this design fits perfectly with our cloud-based architectures we're able to take these networking components break them up into individual functional pieces and be able to manage each of those separately for example we might create an infrastructure layer we often refer to this as the data plane as the part that's doing the real work of the networking component for example if this is a switch it may be processing network frames and network packets if it's a firewall or router it could be performing forwarding or trunking or encryption or network address translation all of that work to be able to forward traffic between locations is handled by the data plane there has to be something to manage what the data plane is doing and that's managed through the control layer or the control plane if you're keeping track of where routing tables might be switching tables or understanding where network address translation may be working it's all handled by the control layer but of course we as network administrators need some way to control these devices and we control them through the management plane this is the application layer of sdn and this is where you the network administrator would control and manage those networking devices let's overlay this sdn architecture on what is a traditional physical switch so instead of having a physical switch we'll start by breaking out these individual interfaces this is the data plane or the infrastructure layer where all of the forwarding really occurs all of our frames and packets are being moved around thanks to the data plane we can then take our routing tables our switching tables or our network address translation tables and manage those through the control layer or control plane and of course we have our traditional section of the switch that we would connect to to be able to manage the device and that would be pulled into the application layer or the management plane now we can remove the physical components that we used to connect with and deal only with the virtualized or the cloud-based architecture for example we'd use the infrastructure layer or the data plane to be able to transfer data between network devices we could then reference the control layer or the control plane to be able to provide updates to routing tables or switching tables and then lastly we need to manage these devices through the application layer or the management plane and we might use an ssh console to be able to manage the device or perhaps this is more programmatic we might use snmp or api calls to be able to manage these cloud-based sdn architecture devices another popular architecture for network connectivity is the spine and leaf architecture this is where you would have services that connect to leaf switches that ultimately connect to spine switches each one of these spine switches on the top connect to all of the leaf switches that are in the network and the leaf switches don't connect to each other they all connect back to the spine and then the spine determines where the traffic goes from there you'll also notice that the spine switches don't connect directly to each other that all of the communication is either occurring from leaf to spine or spine to leaf it's common to associate this spine and leaf architecture with what we call top of rack switching this is referring to the physical network rack that might be in your data center so you can think of all of these leaf switches as being on the top of a particular 19-inch rack and within the rest of the rack you might have image servers directory servers web servers or some other type of service this allows you to have some very simple cabling between the leaf and the spine you've got built-in redundancy for all of these connections and this provides some very efficient and very fast communication however if you add another rack to your network which requires another leaf switch you'll have to create additional connections for all of the spine switches so adding additional switches could rapidly increase the cost associated with this connectivity when you're working inside a data center it's useful to know where data is originating and where the destination is we refer to this path between source and destination in directional terms for example an east-west traffic is traffic that is going between devices within the same data center so communication between an image server and a web server inside the same data center is east-west traffic the other type of traffic may be going outside of our data center and we refer to that traffic as north-south traffic since this north-south traffic is going outside of our data center and therefore outside of our control we may have different security postures for north-south traffic than we would use for east-west traffic which all stays within our controlled network as a network administrator you may be installing equipment in many different locations there may be users in a branch office that need local devices there might be a local switch router or firewall or you may be installing client devices in that branch office you might also install information in an on-premises data center this is an in-house data center that you're responsible for you manage the cooling you manage the electrical systems and you're responsible for the ongoing monitoring of those systems your organization also might contract with a third party to use their data center or portion of their data center through something called co-location this is where multiple companies may have their equipment and all of them are running within the same facility you can see there are cages and locked doors set up so that only your organization would have access to your equipment and you'd be protected from anyone else who might be entering the data center usually there's a third party company that runs the co-location center and they're responsible for the ongoing monitoring and the security of those systems you

in this video we&#39;ll look at a number of different architectures we use when designing our networks we&#39;ll start with a very common type of architecture this is the three-tier architecture and we&#39;ll go through what each of those tiers consists of we&#39;ll start with the core of the network sometimes we refer to this as the center of the network and this is usually where our major services are located we might have web servers database servers name servers and other important services would be contained in this core almost everybody in the organization will need access to these services so it makes sense to put these services in the middle of the network the users though don&#39;t connect directly to the core there&#39;s a midpoint called the distribution layer this distribution tier manages the communication between all of the end users and the core of the network this not only provides the users with a way to connect to the core but it also provides a way for redundancy and control of traffic into and out of the core and the last tier is the access tier this is where the users are located and usually there is an access switch somewhere close to where those users are located is very similar to the way we lay out our cities for example there might be a core or downtown area of a city but this is often where our office buildings are and we don&#39;t commonly live in the core of the city instead we have a way to get from our home into the center of the city through some type of distribution network or distribution highway we would then use those distribution highways to get in and out of the core of the city and of course we would live outside of the city we would take the distribution network to be able to gain access to the core and then back to our homes and usually everything that&#39;s in our local neighborhood are things that we might need immediate access to for example if we wanted to go to the local grocery store or a neighbor&#39;s house we would only stay in that local access area but if we needed to gain access to any other part of the city we would use our distribution of highways to gain access to the core if we were to show this as a network diagram this is the topology you would have all of your users are down here at the bottom and those users are connected to access switches the access switches are then connected to distribution switches and you can see there are multiple distribution switches and the access switches might connect to those multiple switches to provide redundancy the distribution switches are then finally connected to the core providing that final tier between the users and the services in the core on larger networks you can expand this three-tier architecture to even work between different buildings so you might have an access switch on each floor of a building those access switches connect to distribution switches and those distribution switches finally connect to the core the same thing would occur in the other building with access switches and distribution switches meaning everybody in all of these buildings would be able to gain access to the services they need in the core in recent years we&#39;ve taken this idea of physical networking components and we&#39;ve tried to virtualize those systems similar to what we&#39;ve done with virtual servers we&#39;ve been able to take the different functions of these networking devices and separate them into separate functional planes of operation there are three primary planes of operation the data plane the control plane and the management plane and all of these together act as sdn or software-defined networking this design fits perfectly with our cloud-based architectures we&#39;re able to take these networking components break them up into individual functional pieces and be able to manage each of those separately for example we might create an infrastructure layer we often refer to this as the data plane as the part that&#39;s doing the real work of the networking component for example if this is a switch it may be processing network frames and network packets if it&#39;s a firewall or router it could be performing forwarding or trunking or encryption or network address translation all of that work to be able to forward traffic between locations is handled by the data plane there has to be something to manage what the data plane is doing and that&#39;s managed through the control layer or the control plane if you&#39;re keeping track of where routing tables might be switching tables or understanding where network address translation may be working it&#39;s all handled by the control layer but of course we as network administrators need some way to control these devices and we control them through the management plane this is the application layer of sdn and this is where you the network administrator would control and manage those networking devices let&#39;s overlay this sdn architecture on what is a traditional physical switch so instead of having a physical switch we&#39;ll start by breaking out these individual interfaces this is the data plane or the infrastructure layer where all of the forwarding really occurs all of our frames and packets are being moved around thanks to the data plane we can then take our routing tables our switching tables or our network address translation tables and manage those through the control layer or control plane and of course we have our traditional section of the switch that we would connect to to be able to manage the device and that would be pulled into the application layer or the management plane now we can remove the physical components that we used to connect with and deal only with the virtualized or the cloud-based architecture for example we&#39;d use the infrastructure layer or the data plane to be able to transfer data between network devices we could then reference the control layer or the control plane to be able to provide updates to routing tables or switching tables and then lastly we need to manage these devices through the application layer or the management plane and we might use an ssh console to be able to manage the device or perhaps this is more programmatic we might use snmp or api calls to be able to manage these cloud-based sdn architecture devices another popular architecture for network connectivity is the spine and leaf architecture this is where you would have services that connect to leaf switches that ultimately connect to spine switches each one of these spine switches on the top connect to all of the leaf switches that are in the network and the leaf switches don&#39;t connect to each other they all connect back to the spine and then the spine determines where the traffic goes from there you&#39;ll also notice that the spine switches don&#39;t connect directly to each other that all of the communication is either occurring from leaf to spine or spine to leaf it&#39;s common to associate this spine and leaf architecture with what we call top of rack switching this is referring to the physical network rack that might be in your data center so you can think of all of these leaf switches as being on the top of a particular 19-inch rack and within the rest of the rack you might have image servers directory servers web servers or some other type of service this allows you to have some very simple cabling between the leaf and the spine you&#39;ve got built-in redundancy for all of these connections and this provides some very efficient and very fast communication however if you add another rack to your network which requires another leaf switch you&#39;ll have to create additional connections for all of the spine switches so adding additional switches could rapidly increase the cost associated with this connectivity when you&#39;re working inside a data center it&#39;s useful to know where data is originating and where the destination is we refer to this path between source and destination in directional terms for example an east-west traffic is traffic that is going between devices within the same data center so communication between an image server and a web server inside the same data center is east-west traffic the other type of traffic may be going outside of our data center and we refer to that traffic as north-south traffic since this north-south traffic is going outside of our data center and therefore outside of our control we may have different security postures for north-south traffic than we would use for east-west traffic which all stays within our controlled network as a network administrator you may be installing equipment in many different locations there may be users in a branch office that need local devices there might be a local switch router or firewall or you may be installing client devices in that branch office you might also install information in an on-premises data center this is an in-house data center that you&#39;re responsible for you manage the cooling you manage the electrical systems and you&#39;re responsible for the ongoing monitoring of those systems your organization also might contract with a third party to use their data center or portion of their data center through something called co-location this is where multiple companies may have their equipment and all of them are running within the same facility you can see there are cages and locked doors set up so that only your organization would have access to your equipment and you&#39;d be protected from anyone else who might be entering the data center usually there&#39;s a third party company that runs the co-location center and they&#39;re responsible for the ongoing monitoring and the security of those systems you

Transcript for:Understanding Network Architectures and Models

Transcript for:
Understanding Network Architectures and Models