CompTIA Network+ N10-008 – Module: Examining Best Practices for Network Administration Part 4
7. 16.6 High Availability
One of the main goals of a network design is for that network to be up. We want there to be very high uptime. A lot of companies will suffer financially in a potentially massive way if the network is down for an extended period of time. The gold standard for high availability networks is called the five nines of availability, which means this network is up 99. 99% of the time. And if you do the math, that translates to about five minutes of downtime per year.
However, you’ve got to remember that high availability does come at a cost. So it’s a balancing act. Do you want to spend more money to have a little bit more availability, or is the budget causing you to go with a little less availability to save some money? Here’s one of the reasons we might have higher costs. We might require redundant components. For example, a power supply in a switch.
We might have to have two of those, and they might connect to different power sources. So if one power source goes down, the switch is still up and operational. If we lose power to the building, we might have an uninterruptible power supply or a generator that’s going to maintain power until hopefully, the electrical system comes back online.
Something else that can give us high Availability is to give our clients more than one router to get out to the rest of the world. In other words, more than one default gateway. Now, when a PC boots up and it has an IP address and it has a default gateway, it sends packets going out to the Internet or even off of its local network, it sends them first to the default gateway, which knows how to forward them on to their destination. Well, if that default gateway goes down, that client cannot get off of its network. That’s a single point of failure.
So there are some first hop redundancy protocols or Fhrps that can allow more than one router to act as that default gateway. In fact, they can even service the same IP address that the PC is pointing to as its default gateway. And there are some terms that I want you to understand when we talk about High availability. The first one is fault tolerance. This refers to a device’s ability to continue providing network connectivity if it has a failure of a single component. Maybe a link failure, maybe a power supply failure, maybe a supervisor engine failure, as an example. Now, if there is a failure, that might impact performance. And when you have a more fault tolerant network like the one we see on screen, where we have redundant links, that’s going to increase the complexity. And that might make troubleshooting a bit more challenging, but it can add some fault tolerance.
Something else that can give us high availability going out to the Internet is having more than one Internet service provider. More than one ISP. In other words, this can increase throughput because we may be able to do some load balancing and send some traffic out. One ISP and other traffic out another ISP and it’s going to be providing redundancy for us. So if one ISP goes down, we can just use the remaining ISP. For example, if ISP two goes down, we can just use ISP one. Something else that can give us high availability within our network or within the enterprise is something called nick teaming. We might see this in a data center or a server farm where a server has more than one network interface card. Here we’ve got four different network interface cards that are connecting into a switch. That way if one network interface card fails, we’ve got other ones left.
And that nick teaming allows us to do some load balancing among those four different links, increasing our throughput. And similarly, when we’re interconnecting our switches, we don’t want that single link to be a single point of failure and we don’t want that single link to be a bottleneck. So we might group several links together. That’s called port aggregation. We can bundle them together and that effectively increases our throughput while adding redundancy. In a data center or server farm, we may have multiple servers all containing the same data. And when requests come in for that data, maybe it’s a web server. For example, we can load balance using a load balancer, we can load balance traffic among those different servers. So the first request might go to the first server, the next one goes to the middle server, and the next request goes to the bottom server.
And this can provide some redundancy. Not only is it going to reduce the load on a server by spreading it out across multiple servers, if we do have a server that goes down, the other servers can continue to function. It’s even going to let us take a server out of service in case we need to do some maintenance on that server. We can simply take it out of the load balancing group and the site stays up while we do some maintenance, perhaps on that top server. And that’s a look at some High Availability considerations and ways to achieve High availability.
8. 16.7 Cloud High Availability
Many enterprises are taking data centers that traditionally resided at their sites and migrating those data center resources to a cloud provider. There’s a lot of cost savings that could come with that. The enterprise doesn’t have to purchase the hardware and maintain the hardware. But if we’re going to be relying on all of these cloudbased resources, we want to make sure that those resources are available. So in this video, we’re going to discuss a few strategies for cloud cloud high availability. First, with cyberattacks on the rise, in order for a cloud based system to be redundant, it needs to be properly protected from outside attacks. Now, if we had an onsite data center, we could physically install a firewall to protect those resources in that data center.
But our cloud provider is probably not going to allow us to walk in the front door with a firewall in hand and install that in their data center. Fortunately, just like we can virtualize servers, we can also virtualize network appliances like Firewalls. So we could have a virtual firewall protecting our VMs, running our apps in the cloud. Sometimes we might want to have multiple instances of a VM running that could give us load balancing and it also gives us redundancy. So if one VM were to fail, the other VM can still be running the app and providing those services to the users. And when we select a cloud provider, it’s important to understand how redundant their data center is.
What sort of disaster recovery plan do they have in place? The good news is data centers can be categorized and certified as belonging to specific tiers. And the tiers give us a good idea of how well our cloud resources are going to be protected. Let’s take a look at the four tiers into which a data center might be categorized. First is tier one. Tier one has little, if any redundancy or any backup systems, and the estimated uptime is 99. 671%. Now, over the period of a year, that comes out to an estimate of being down or unavailable for 28. 8 hours over a day. A tier two data center might lack some redundant power. They might lack some redundancy in their HVAC system, but they do offer some redundant components and they offer a backup system. And they have an estimated uptime of about 99. 74 1%. And that translates to being down about 22 hours annually.
A tier three data center does have redundant power. They do have a redundant HVAC system along with some redundant components and a backup system. Its estimated uptime is much better at 99. 982 percent, and that translates to only 1. 6 hours of downtime per year. And finally, we have a tier four data center. This is designed to be completely fault tolerant with redundancy for every device, and its estimated uptime is 99. 99 5%. That means its estimated downtime per year is only 26. 3 minutes. Now, obviously, you’re going to pay more for a higher tier data center. So it’s a design decision. You have to balance cost with availability. And that’s a look at a few ways to offer high availability to our apps, data, and other VMs that have made their way from our data center to the cloud.
9. 16.8 Active-Active vs. Active-Passive
We love to have redundancy in our network designs, but sometimes those redundant links are both active and sometimes one link is active and another link is just standing by waiting for the first link to fail. That’s what we want to consider from a couple of different perspectives. In this video, we want to take a look at an active active configuration versus an active passive configuration. Now here on screen we, we have an HQ router and it’s going out to the Internet. And we have a couple of Internet service providers. ISP one, ISP Two, and if both links are active, that means we can use the bandwidth from both links to go out to the Internet. That’s going to give us more overall throughput the configuration might be a bit more complex, or we might have to get some sort of a load balancing appliance to help us out with that. But we’re taking advantage of the bandwidth on both links combined. That’s as compared to an active passive configuration where one link is active and the other link is just sort of standing by.
So here we have traffic going from HQ down to ISP Two and to the Internet, but we don’t have any traffic actively going out to ISP One at the moment. But then something bad happens to that link between HQ and ISP Two. And that link between HQ and ISP one. It transitioned from passive to active. So now we can still get out to the Internet using that backup path. However, the bandwidth on that link was not being used until it transitioned to active. But this is going out to the Internet, or maybe going out to a Wan service provider. But let’s also think about active active versus active passive redundancy. Within the enterprise network we have different fhrps different first top redundancy protocols. And by first top, I’m talking about the default gateway. When that PC boots up, a DHCP server might say here’s your IP address and your subnet mask and your default gateway and your DNS server.
Well, that default gateway is the router that that PC is going to point to, to get out to the rest of the world to get off of its local subnet. Doesn’t that seem like a single point of failure? If that default gateway goes down, then the PC cannot get out. Well, to give us redundancy for that first hop, in other words, that default gateway, we can use a first hop redundancy protocol such as HSRP, that stands for Hot Standby Router Protocol. This is a Cisco proprietary protocol. And in this example, R One is going to be acting as our active router and R Two is going to be acting as our standby router. But notice the default gateway of PC One. It’s ten one one. That’s the IP address. Not of R one. Not of R two. But you see that ghosted out router I have in the middle? The virtual router that virtual router has an IP address of ten one one and it can be maintained by either R One or R Two. In this case, it’s maintained by R One. So we’re going to send traffic from the PC out to the Internet flowing through R One. But if R One were to fail, r Two would take over the active role.
Right now it’s just standing by. It’s not carrying traffic out to the Internet. And you might wonder how does R Two know that R One is no longer available? Well, R One every 3 seconds by default is going to be sending a hello message over to R Two, letting R Two know that it’s still there, that R Two does not need to take over. So now with R One up, the PC wants to go out to the Internet and you’ll notice the packet flow goes through R One. But then something happens to R One. And when that occurs, R Two is going to notice after a period of time that R One is no longer saying hello, it must be down. I need to transition to the active state from the standby state.
And now the traffic from PC One to the Internet, it’s now flowing through R Two. Now, this is an example of a first top redundancy protocol that is Cisco proprietary. Let’s compare that to an industry standard first top Redundancy protocol VRRP, which stands for the Virtual Router Redundancy Protocol. In both HSRP and VRRP, they’re demonstrating examples of active passive redundancy. With HSRP r Two was in Standby. It was passive until it needed to take over. The terminology is a bit different with VRRP, but the basic operation is the same. We still have a virtual router. And let’s say that it’s still with an IP address of ten one one. Subtle thing that is different though you might notice the Gig one interface on R One, it’s also ten one one. That’s not allowed with HSRP, but with VRRP it’s not a requirement. But it’s an option that your virtual router’s IP address can be the IP address of one of your routers physical interfaces. Now, personally, I don’t see a huge advantage of doing that, but I wanted you to know that is a distinction between the Cisco proprietary HSRP and the industry standard VRRP. And instead of saying that R One is the active router and R Two is the standby router, terminology is a bit different. With VRRP, R One is considered to be the master and R Two is considered to be the backup.
And instead of sending hellos from R One to R Two, r One is going to be sending what are called advertisements. And by default it’s going to send an advertisement every 1 second over to R Two to let R Two know that it is still there. And here with both routers up and functioning, if PC One wants to get out to the Internet, it’s going to go through the master router. It’s going to go through R One. Notice that R Two is passive. At this moment, we’re not actively sending traffic through R Two to get to the Internet. But if something happens to the master you guessed it R Two is going to transition to the master role. And now when PC One wants to get out to the Internet, it’s going to flow through R Two. And R Two is maintaining ten one one right now. Oh, by the way, it’s not just the IP address that gets transferred over to the backup or to the standby router. With HSRP.
There’s also a virtual Mac address that goes along with the virtual IP address. So the master with VRRP or the active router with HSRP, they’re maintaining both the default gateway’s IP address and Mac address. But with each of these first top Redundancy protocols, we’re in an active passive state. There is a first top redundancy protocol that can operate in an active active mode. It is Cisco proprietary, and it’s called GLBP gateway. Load balancing protocol. And I think this is really clever the way it works. Here we have one router designated as an Avg, an active virtual gateway. Its responsibility is to respond to ARP queries. So let’s say PC One, PC Two, they boot up and their DHCP server says, here’s your IP address, here’s your subnet mask, here’s your DNS server, here’s your default gateway. And the default gateway is ten one one. But the PCs, when they boot up, they don’t know the Mac address for ten one one.
So what do they do? They send out an ARP or broadcast saying, hey, can somebody out there tell me the Mac address for ten one one? And the Avg the active virtual gateway, it’s its responsibility to respond to those ARP queries. Now, you’ll notice both R One and R Two are perfectly capable of getting either PC out to the Internet. So they’re called AVFs Active Virtual Folders. And in this example, we just have two AVFs. But GOBP allows us to have as many as four active virtual folders that can actively be forwarding traffic out to the Internet. But how does this work? How do some PCs use R One to get out to the Internet while other PCs would use R Two? And the answer is, when we ask the Avg, what’s the Mac address for ten one one? It’s going to give different answers. Here’s what I mean. PC One is going to send out an ARP saying, hey, what’s the Mac address of ten one one? And R. One says, oh, yeah, that’s the all one’s mac address. Which is the mac address of R One. PC Two is going to ask the very same question what is the Mac address of ten one one? And R One says, oh, that’s the all twos Mac address.
That’s the mac address of R Two. You see what happened? The avg, the active virtual gateway gave different answers to the same question. It told PC One that R one’s Mac address was associated with ten one one. It told PC Two that R Two’s Mac address was associated with that virtual IP. So now when PC One wants to go out to the Internet, it’s going to go through R One. But when PC Two wants to go to the Internet, you guessed it, it’s going to go through R Two. That’s going to give us an active, active configuration where we don’t have one router just standing by waiting for the other to fail. We’re actively using the bandwidth associated with each router. That’s going to give us a bit more throughput, and it does give us redundancy. If R Two were to fail, r One would start servicing that old two’s Mac address, so PC Two would still be able to get out to the Internet. So it’s going to give us more throughput and it’s going to give us redundancy. But keep in mind, this is a Cisco proprietary first top redundancy protocol. And that’s a look at a couple of different approaches, both a Wan approach and an enterprise network approach to having an active active and an active of passive redundant topology.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »