Creating Subnets for Business Applications

All,

I am kind of a newbie here so please bear with me.

I have to create an infrastructure where we basically would have application servers communicating with database servers constantly. I have to create GigE switch fabric, if you will, and connect all these Windows based servers to it.

I was thinking would it be a better practice to create 1 network and place all application\\database servers in this network to communicate with each other, rather than creating 2 networks and place the application servers in one network and the databases in the other.

Mind you, I am planning to purchase a C5000 catalyst switch for this, or maybe a c6500 series would work as well.

My questions are:

  1. Does it make sense to create 1 network for the app\database servers or 2 networks to separate the functions?

  1. All servers will be connected to the same catalyst. Will the speed increase in terms of communication and processing if on the same network or 2 separate ones.

  2. Since they are Windows based systems, which we all know to be very chatty on the network, would the 1 network scenario create a huge broadcast domain? Whereas using 2 networks would reduce this broadcast domain?

  1. Is it safe to say that if using the same switch and same network, the servers will be using more layer two type communication, rather than layer 3? Because the way I understand these Windows based systems, they use the MAC addresses to communicate with each other if on the same network. But if communicates spans networks, they will use IP, which is layer 3.

Any insight would be helpful. Thanks in advance!

John B.

Reply to
toureg69
Loading thread data ...

I wouldn't recommend that, for two reasons:

A) the Cat 5000 series is EOS (End of Sale), so you would not be able to buy a new one, would not be able to get support, would not be able to "relicense" a used one so as to have legal use of the software (which is non-transferable), and would not be able to use modern software releases because they don't make them for the Cat 5000 or 5500 anymore.

formatting link
B) The 5000 and 5500 series are not well equipped to handle multiple gigabit interfaces at full speed. The backplane bandwidth just isn't there. You can do two full gigabits, but (if my memory is correct) you cannot quite do a third. You can get an 8-port gigabit line card, but it is "oversubscribed" and cannot handle full-out gigabit to all ports even if it all remains on the line cards.

Between the above, if you are going simple and flat and don't need much in the way of WAN capabilities (e.g., NAT or firewall features) then it would be much less expensive and much more cost effective to go for a Catalyst 2970 or Catalyst 3750. If you need more advanced features, then you could consider the Catalyst 4500 series, but you cannot get more than about 4 GB/s across the backplanes on those, so for business crucial systems with more advanced features, you would probably end up in the Catalyst 6500 series.

Is this all for in-house access, or are there signficant security concerns due to outside access? If it is all in-house then the general rules are "switching is usually faster than routing" and "each hop adds latency". (Note: if it is simple routing without much state inspection or NAT, then the Catalyst 3750 route at the same speed as they switch.) If you start adding security layers, then you have to start thinking along the lines of "If someone outside has access to this device and managed to take control of it, which other devices would they be able to attack directly or be able to exploit 'trust relationships' to?". For security, well-considered isolation is usually better.

See above in part. In the more general situation, where the number of broadcasts might be high (NETBIOS, ARP, whatever) then isolation would help contain broadcasts and thus reduce network traffic. If you have aren't using that bandwidth anyhow or don't have a lot of broadcasts, then the general rules above are the guide.

But I think you should reconsider the "all servers will be connected to the same catalyst". That's not a great idea from a security standpoint, but even if you have no applicable security concerns, you need to consider that this is obviously business critical for the organization and so the failure of that single catalyst (or the need for reconfiguration or the need for software updates or preventative maintaince) would wipe out your organization's data flow. For business critical data flows, "Don't put all your eggs in one basket" -- and read some of the white papers on Vincent C. Jones' web site, networkingunlimited.com

Windows does not have to imply "chatty on the network". Turn off the broadcast NETBIOS, and consider using the LDAP based domain registries.

True if you are selective about your facts and interpretations. For a more complete description, please see one of my previous postings,

formatting link
which I would add that some layer 3 switches now handle the BGP routing protocol.)

Reply to
Walter Roberson

Consider giving your application and database servers two network cards. One for communication between application and database servers only and the other for front end client traffic and and administrative/management traffic. This allows you to provide an isolated vlan/network for application server-to-database traffic.

BernieM

Reply to
BernieM

formatting link

4500 with a recent supervisor (Sup 5) has a switching matrix on the processor rather than a bus based backplane.

AFAIR the bandwdith per slot is 6 Gbps full duplex.

still not good for lots of GigE connected servers though...

Reply to
stephen

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.