Designing a network is unique to the requirements of each enterprise data center. There is not a “one size fits all” design and not a single “good network design.” When approaching network design, use principles as a leading factor, coupled with the enterprise requirements. The requirements must include current and future application consumption, providing the guiding factor in major decisions.
Network design is based on many concepts;. Note the following considerations and principles to guide the process:
- Single points of failure: Ensure that the network design has layers of redundancy. Dependence on a single device or link relates to a loss of resources or outages. The enterprise requirements consider risk and budget, guiding the level of redundancy. Implement redundancy through backup paths and load sharing. If a primary link fails, traffic uses a backup path. Load sharing creates two or more paths to the same endpoint and shares the network load. When designing access to PowerScale nodes, assume links and hardware will fail, and ensure that access to the nodes will survive those failures.
- Application and protocol traffic: Understanding the application data flow from clients to the PowerScale cluster across the network allows for resources to be allocated accordingly while minimizing latency and hops along this flow.
- Available bandwidth: As traffic traverses the different layers of the network, the available bandwidth should not be significantly different. Compare this available bandwidth with the workflow requirements.
- Minimizing latency: Ensuring that latency is minimal from the client endpoints to the PowerScale nodes maximizes performance and efficiency. Several steps can be taken to minimize latency. Consider latency throughout network design.
- Prune VLANs: Limit VLANs to areas where they are applicable. Pruning unneeded VLANs is also good practice. Trunking unneeded VLANs further down the network imposes additional strain on endpoints and switches. Broadcasts are propagated across the VLAN and affect clients.
- VLAN hopping: VLAN hopping has two methods, switch spoofing and double tagging. Switch spoofing is when a host imitates the behavior of a trunking switch, allowing access to other VLANs. Double tagging is a method where each packet contains two VLAN tags—the assigned or correct VLAN tag is empty and the second tag is the VLAN where access is not permitted. Assigning the native VLAN to an ID that is not in use is recommended. Otherwise, tag the native VLAN to avoid VLAN hopping, allowing a device to access a VLAN it normally would not have access to. Also, only allow trunk ports between trusted devices and assign access VLANs on ports that are different from the default VLAN.