Five Design Principles for the Network Architect - Scalability
(#3 of 7)
Continuing our series on design principles, the next area of consideration is scalability. Every design guide you ever read extols the virtues of making networks scalable, but in reality what does this mean?
The usual definition of the term relates to ensuring a network has sufficient capacity for the current usage patterns and for projected future growth. This works at two levels - at a micro level, this is ensuring that we provide sufficient ports of the appropriate speed, that we use network devices with sufficient aggregate throughput, that the circuits we specify have sufficient bandwidth for the use cases identified during the collection of user requirements. We monitor those elements and carry out trend analysis to ensure the environment stays within the bounds within which we built the network, and we can add more capacity simply and with minimal disruption when it is required.
At a macro level, we ensure our overall network architecture is built in a modular fashion, and we use standard repeatable templated designs so that sites, floors, user groups can be added/removed without impacting any existing/remaining elements. Note that scale can work both ways of course - businesses can grow, merge or acquire, leading to the scale up, or they can divest or contract depending on market conditions - both scenarios need to be catered for. An effective design allows us to add or remove capacity with the minimum of disruption in the wider network. Tools to help here might include good use of network summarisation, the correct routing protocol choice, or WAN technology selection.
Another form of scale, sometimes overlooked, is the ability to introduce new capabilities to the network where a new application requirement is required for the same users. The network should be easily able to accommodate these, whether that means new VRFs, VLANs and subnets; application segmentation and security; new user groups and their associated rights and so on. It amounts to ensuring flexibility in the design to be able to add new virtual functions to the existing physical hardware without an uplift, upgrade or similar disruption where possible. This may mean new virtual appliances which need to be deployed to the branch offices - selecting a certain router platform for that might mean that no extra server hardware is needed on site to accommodate as they can be deployed as VNFs (virtual network functions).
Building multi-purpose capabilities into the network can act as a facilitator or an enabler for new requirements. The best illustration of that is an example - and in my experience, there is no better example than Cisco's Identity Service Engine product. Initially installed into networks to provide guest portals and wireless authentication, a whole range of extended security capabilities become possible once it is implemented. Integration with threat detection mechanisms for quarantining misbehaving endpoints; segmentation of traffic based on identity of the user or of the type of endpoint rather than IP address; providing identity context to logging information. Once these enabling technologies exist in the network, they simply require configuration to meet new requirements - the key element here is to look for potential capabilities that the customer doesn't explicitly require but may be of use to them at a later time.
Addressing the scalability question shows that you are building with an eye for the future and so have the long term needs of the network owner in the forefront of your mind during the design stages. As usual, thoughts or comments are welcome!