Network Architecture at nine.ch

nine Team Jan 23, 2017
Network Architecture at nine.ch

The implementation of a network across multiple locations and with various customer groups requires not only the right equipment, but also the right architecture. In this article we want to give an overview of the network architecture at nine.ch.

#Overview

At nine.ch, the network is implemented in a traditional core-distribution-access architecture.

Simplified representation of the architecture
Simplified representation of the architecture

This type of architecture allows us to be flexible in terms of the locations and the so-called “network segments”. In each case, a network segment consists of the location and the customer group. Managed product customers in the data centre e-shelter are therefore located in a different segment to that of Colocation customers in the data centre colozüri.ch.

Access

Let us start with a detailed look at the lowest layer, the access layer:

Access layer with connections to the server and to the distribution layer
Access layer with connections to the server and to the distribution layer

At nine.ch, the access area consists of two top-of-rack switches to which all servers are connected. You can read about this in detail in the blog post A Look at a nine.ch Rack.

Each of the two 48-port Brocade VDX switches is connected to a distribution router and to the second switch in the rack. That way, we can ensure the transfer of packets to the Internet via the second router in the case that one router fails.

On the network side, there are access ports with the respective VLAN connected to most servers. In some cases, there may also be trunks or LACP bonding.

Distribution

For reasons of redundancy, there are two distribution routers for each segment. In them, all racks belonging to the respective segment come together.

In the managed segments and root segments, Brocade VDX routers are used which boast 4 x 40 Gbit/s ports in addition to the 48 x SFP+ ports. The exciting thing about these devices is that they form a single-point-of-management fabric not only among each other, but also with the access switches. In this way, all 20 devices belonging to one fabric can be controlled with one log-in, and the configuration file is not limited to one device, but distributed in the fabric.

The distribution routers are connected to two different core routers, that in the event of a failure everything will run as usual.

Core

Now let us turn our attention to the most powerful part of our network, the core layer.

Our Core-Network exists out of four MLXe-8 routers
Our Core-Network exists out of four MLXe-8 routers

With an empty weight of 78 kg and eight interface slots, this machine is not just big, but also able to handle heavy-load.

One of these Brocade MLXe-8 routers is located at each main location. A total of four devices are connected to each other via a dark fibre ring.

Connections between the core routers and to the upstreams
Connections between the core routers and to the upstreams

However, the core routers do not merely connect the locations and form the uplink for the distribution routers, but rather they also form the connection to the Internet. Each of these routers has its own link to a different upstream provider. Thanks to generously dimensioned interface band widths, we can also easily intercept load peaks.

A considerable amount of processing power is required to handle such a high volume of traffic, upstreams and IPs. Within the core layer, the different routes are exchanged via iBGP, and we receive more than 600,000 routes per eBGP from our upstream providers. It now needs to be determined which upstream provider has the best path to which target. For our part, nine.ch has 61 network address prefixes so that our customers can find us through different paths.


With this design, we ensure that even a failure of several devices can be intercepted and failures can be minimized. For more information about our infrastructure you can contact us by phone or email.