Embed Size (px)
Citation preview
MathWorks Network Architecture
What is the MathWorks network?
It is a collection of semi-independent net-
works all inter-connected together using ei-
ther switching or wide-area networking tech-
nologies. We have a lot of networks here and
they are all brought together using wide-area
networking technology.
What is the wide-area network?
It is built via VPN and PIP. VPN Uses IP Securi-
ty which is a suite of protocols that encrypts
information going across networks. It is al-
ways on and never goes down. PIP is a term
that Verizon uses, at its core it is an MPLS
network which allows Any to Any connectivi-
ty. It allows us to do quality of service across
the WAN and prioritize Voice, which is the top
priority application on the network.
How is the network put together?
Via routers, which allow different networks to
communicate together. They run dynamic
routing protocols which allow us to stay up
and running in event of a failure across the
network. If we have a failure this will allow us
to automatically continue to operate so there
is as little impact as possible. Switches are
used to extend networks. Once you have
defined what the network is, the switch allows
for a number of people or devices to connect.
Common Network Questions
Current MathWorks WAN using Network Mapping Tool
Each MathWorks location has two routers, a primary and a secondary one. Each
router has an active function on the network. The Mapping Tool shows the con-
nections to Verizon’s MPLS network as well as which ones connect to the Inter-
net. If a site goes down it will change the color to red and have an X next to it.
Natick Campus Networks
Over 200 networks in Apple Hill
What is a network?
It is a combination of a VLAN and an IP address range. Whenever we define a
VLAN there is always a unique IP address that is associated with that particular
VLAN. In the closets we have networks defined as Client, Voice and Device.
Is there something wrong with the network?
This is one of the most often asked questions. Because we have close to 300 net-
works between the Natick and Lakeside campuses, that question at first may be
difficult to answer because we need to locate what network is in question. Is it a
client network that happens to exist in Apple Hill Two, floor one? Or is it the en-
tire Apple Hill Two building?
These are all different pieces of information that are needed when trying to diag-
nose the problem. So it is important to have context to where a problem may be
occurring. The WAN Mapping Tool is a good place to start to diagnose the prob-
lem and where it may be happening. Just under 100 networks in Lakeside
MathWorks Network Architecture
Benefits of a 3-Tier network
It is a flexible and open design that will allow you to add a
new distribution layer, as an example adding Apple Hill 5,
and then making it very easy to connect to. All we need
to do is just add a pair of Distribution routers and plug
into the core.
It allows you to segment different parts of the network
off, which is important from a security perspective so that
you can contain any issues that may arise. It also allows
in the event of a network breakdown at a particular part
of the campus, for you to contain that problem to that
particular part of the campus.
Ethernet connections
The Network is built with 10 Gigabyte Ethernet. We can
scale this to many number 10 Gigabyte Ethernet connec-
tions. Most buildings have two 10 Gigabyte connections
going to a Distribution router in each building.
These connections are aggregated together, so we have
the capability of using a full 20 Gigabyte of bandwidth in
each building. Due to the high concentration of Develop-
ers, there is 40 Gigabytes of bandwidth in Apple Hill 4.
Lakeside Overview
Built using a 3-Tier network architecture, which is an industry
standard for building a network. Composed of three layers:
Access layer – Where all of your clients or potentially your
servers connect into.
Distribution layer – Completely dedicated to a particular
function. We have a Distribution layer for Apple Hill 1 and
Lakeside as well as for each server network.
Core layer – A very specific layer which aggregates every-
thing together. This is the brains, where all of the infor-
mation comes back to and gets routed. There are no
VLANS on the core, it is all dynamically routed.
The device we use is a Cisco Nexus 7000,
which is one of the most powerful devices
on the network. It stands three feet tall with
a number of modules inside it with a very
high through put device, so most of all the
campus traffic goes through it.
Apple Hill Campus Logical Network Design
Lakeside Campus Logical Network Design
Everything we have in Apple Hill has been replicated at
Lakeside. We have 60GB of bandwidth between the
two facilities using dark fiber, so we can run as much
bandwidth over those links as possible. Our web pres-
ence is hosted here, so whenever someone connects to
www.mathworks.com, this is where their request goes.
Apple Hill Overview
Future Network Design Considerations
MathWorks Network Architecture
Regional Office Overview Typical Regional Office Logical Network Design
Each regional office has redundant network connectivity back to
the Hub locations. In order to provide that, we have implement-
ed two routers in each location connected to the Internet and
the WAN.
There are a couple of different types of offices. There are offices
that have Internet only so they have two Internet connections,
and then there are offices that have Internet and Private IP. So
it’s either Internet and Internet or Internet and MPLS.
The benefits of the MPLS network involve quality of service, as it
recognizes that certain types of Internet traffic have priority
over others. The Internet only sites do not have Any to Any
Connectivity, it is Point to Point. These sites by default connect
back to their regional hub. There are 3 regional hubs:
Apple Hill
Cambridge, United Kingdom
Tokyo, Japan
In the event an office loses connectivity, they have backup con-
nections, which are always active and connects back to the oth-
er locations, most often to Natick. If one of the connections
goes down, there is an expected three minute outage before it
goes to the alternative path.
The architecture in the regional offices is called a Collapsed Core
design, which takes a couple of the tiers and consolidates them
into one device. These offices have a consolidated core and an
access layer. This means the devices that are providing the core
functionality, such as defining IP networks and VLANS, are also
the devices that clients can connect to, where the routers are
acting as switches.
All sites have multiple routers and some sites have
PIP and Internet or Internet and Internet and this
reflects the different methods of connecting back.
Most often all the servers connect directly back into
the core. Sometime clients connect to the core and
for some of the larger offices, where there are mul-
tiple floors, they can connect in with access switch-
es also.
Virtualization – Will drive the Data Center design, as at the
moment we are 90% virtualized in the Data Center, this
technology would allow you to take a virtual server and
have it automatically show up in different locations.
IP Based Bridging Technologies – Where the VLANS will
span from one location or another.
Fabric Path – One of the reasons we chose Cisco for our
core network is because of Fabric Path, which is a protocol
that allows you to span VLANS across different data cen-
ters.
VXLAN – Is one of the newer technologies that is used to tie
virtual environments together.
Software Defined Networks (SDN) - If and when this hap-
pens it will completely change how networking is done.
Where today there is a lot of intelligence built into switch-
ing and routers, it makes the devices you purchase for a
closet very expensive.
This will allow people to centrally manage network func-
tions., and it will also be the brains of how network traffic
is supposed to go across the network in a centralized loca-
tion.
Hybrid Network Design – Takes bits and pieces of all of
these designs and most likely be how the network will
evolve.
