We first take a look at a the high-level logical view of a typical multi-tier architecture. FIGURE 2-2 shows the main logical networks that support an enterprise multi-tier based service infrastructure:
FIGURE 2-2 shows how the various services map directly to a corresponding logical Layer 3 network cloud, shown above in boxes, which then maps directly onto a Layer 2 VLAN. The mapping process starts with the high-level model of the services to be deployed onto the physical model. This top-down approach allows network architects to maintain some degree of platform neutrality. The target hardware can change or scale, but the high-level model remains intact.[1]
[1] Keep in mind the physical constraints imposed by the actual target hardware. Examples of physical constraints include the number of ports on a network switch and computing capacities.
This mapping process allows the software architecture to be decoupled from the hardware architecture, resulting in a flexible modular solution. From a network architecture perspective, there are two key tools you can use:
Layer 2 VLANs segregate Layer 2 broadcast domains and service domains. An example of a service domain would be a group of Web servers, load balanced, horizontally scaled, and aggregated to provide a highly available service with a single IP access point, commonly deployed in actual practice as a VIP on a load balancer.
Layer 3 IP networking segregates Layer 3 routed domains and service domains. Segregating service domains based on IP addresses makes this service network accessible to any host on any Layer 3 IP network. One advantage of this approach is that the service interface for each cloud only needs to be one endpoint, which is easily implemented by a virtual IP (VIP) address. The service is actually provided across many subservice instances running on physically separated servers, collectively forming a logical cluster. The external world does not need to know (and should not know for many reasons, especially security) about the individual servers that provide the service. By creating a layer of indirection, the requesting client need not be modified if any one server is removed or replaced. This decoupling improves manageability and serviceability.
This mapping process allows better control of the network traffic by providing a mechanism for routers and switches to steer the traffic according to user-defined rules. In actual practice, these user-defined rules are accomplished by configuring VLANs, static routes, and access control lists (ACLs). A further benefit allows traffic to be filtered at wirespeed to identify flows for other services such as Quality of Service (QoS).
Understanding the traffic flows is important when determining the inter-tier link bandwidth requirements. FIGURE 2-3 illustrates the typical network traffic flows as a result of a Web-based transaction. TABLE 2-1 describes each flow in detail, corresponding to the numbers in the illustration.
Item | Interface1 | Interface2 | Protocol | Description |
---|---|---|---|---|
1 | Client | Switch | HTTP | Client initiates Web request. |
2 | Switch | Web service | HTTP | Switch redirects client request to particular Web server based on L2-L7 and SLB configuration. |
3 | Web service | Directory service | LDAP | Web service request directory service. |
4 | Directory service | Web service | LDAP | Directory service resolves request. |
5 | Web service | Application service | RMI | Servlet obtains handle to EJB bean, invokes a method on remote object. Web server talks to the iAS through a Web connector, which uses NSAPI, ISAPI, or optimized CGI. |
6 | Application service | Database service | Oracle Proprietary TNS | Entity Bean requests to retrieve or update row in DB table. |
7 | Database service | Application service | Oracle Proprietary TNS | Entity Bean request completed. |
8 | Application service | Web service | RMI | Application server returns dynamic content to Web server. |
9 | Web service | Switch | HTTP | Switch receives reply from Web server. |
10 | Switch | Client | HTTP | Switch rewrites IP header, returns HTTP request to client. |
The Item column in TABLE 2-1 corresponds with the numbers in FIGURE 2-3.