Contents
Overview 1
Lesson: Selecting TCP/IP Addresses and
Routing for the Public Logical Network 2
Lesson: Selecting TCP/IP Addresses and
Routing for the Private Logical Network 17
Lesson: Positioning the Network Services
and Servers 30
Lab A: Designing a Highly Available
Logical Network 41

Module 4: Designing a
Highly Available Logical
Network



Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or

otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2001 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, Windows, Windows NT, Active Directory, BackOffice, FrontPage, Outlook,
PowerPoint, Visio, Visual Studio, Win32, and Windows Media are either registered trademarks or
trademarks of Microsoft Corporation in the U.S.A. and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.


Module 4: Designing a Highly Available Logical Network iii


Instructor Notes
This module provides the students with the knowledge and skills that they will
need to design a highly available logical network for their Web infrastructure.
They will be taught a general set of rules for interconnection strategies and
routing protocols.
After completing this module, students will be able to:
!
Select Transmission Control Protocol/Internet Protocol (TCP/IP) addresses
and routing for the public logical network.
!

Select TCP/IP addresses and routing for the private logical network.
!
Position servers and services in a highly available Web infrastructure.

To teach this module, you need the following materials:
!
Microsoft
®
PowerPoint
®
file 2088A_04.ppt
!
Delivery Guide
!
Trainer Materials compact disc

To prepare for this module:
!
Read all of the materials for this module.
!
Complete the practices and lab.

Presentation:
105 minutes

Practices:
30 minutes

Lab:
60 minutes

Required materials
Preparation tasks
iv Module 4: Designing a Highly Available Logical Network


How to Teach This Module
Ensure that the student understands that each lesson in this module is a critical
task in the design process and at the end of the module they will complete a lab
that helps to tie all of the lessons (tasks) together. Knowing that each lesson is a
step in the overall process will help the student to stay focused during
instruction.
The instructional strategy for this course is to introduce the students to the
concepts of a highly available TCP/IP based logical network. You may find that
the students have a general understanding of TCP/IP addressing and routing
protocols. They will learn the rules and protocols for highly available TCP/IP
addressing and routing.
The instructional strategy for this module divides the logical network into the
public and private logical networks. The public network maps to the User
Services tier and the private network maps to the Business Logic and Data
Services tiers.
Lesson: Selecting TCP/IP Addresses and Routing for the Public
Logical Network
The overview page for this lesson introduces the concepts of a highly available
TCP/IP based public logical network that consists of highly reliable
components.
The topic pages for this lesson and the appropriate instructional strategies are
listed as follows and you need to be familiar with all of them.
The students are introduced to the concept of providing fault tolerance for their
Web solution by having multiple connections to multiple Internet service
providers (ISPs). You need to emphasize the importance of including the User

Services tier and the ISP connections to determine the required number of
public addresses and the need for static or dynamic routing. You need to be
familiar with:
!
Providing fault tolerance
!
User Services tier

The students will understand the general concepts of IP addressing and routing,
but you will need to emphasize the importance of minimizing the number of IP
addresses and connections. You also need to ensure that they understand the
need to provide isolation and routing to and from their ISP. You need to be
familiar with the following topics:
!
Multiple subnets
!
Network address translation (NAT)
!
Routers and firewalls
!
Selecting appropriate protocols

ISP and User Services
tier architecture
Public IP addresses and
routin
g
protocols
Module 4: Designing a Highly Available Logical Network v



The purpose of this page is to introduce the students to how they can determine
the number of IP addresses for the individual servers. If they use network
address translation, they can reduce the number of public addresses. The
students can use server publishing, a feature of Microsoft Internet Security and
Acceleration (ISA) Server, to improve security. You need to be familiar with:
!
Network address translation
!
Server publishing

To provide high availability and fault tolerance, the students will learn to
configure many of the hosts in the User Services tier into clusters. This page
provides a high-level overview of Network Load Balancing and server cluster
IP address requirements. You need to be familiar with the following concepts:
!
Network Load Balancing
!
Server cluster

The guidelines page provides the students with the subordinate tasks that they
must address before they can create a logical network design for a highly
available Web infrastructure. You need to review the action steps with the
students and ensure that they understand how these steps relate to the task.
Emphasize to the students the importance of addressing all of these
requirements.
Practice: Select TCP/IP Addresses and Routing for the Public
Logical Network
You will divide the class into design teams. Give the students five minutes to
read through the scenario and the design considerations carefully before they

answer the questions. Tell the class that each team should be prepared to justify
their answers.
Number of IP addresses
for the individual
servers
Number of IP addresses
for server clusters
Guidelines
vi Module 4: Designing a Highly Available Logical Network


Lesson: Selecting TCP/IP Addresses and Routing for the Private
Logical Network
The overview page for this lesson introduces the concepts of a highly available
TCP/IP based private logical network that consists of highly reliable
components. Emphasize to the students the importance of isolating the Business
Logic and Data Services tiers from the Internet.
The topic pages for this lesson and the appropriate instructional strategies are
listed as follows and you need to be familiar with all of them.
The students will learn how to determine the appropriate level of isolation and
the number of hosts for the subnets in their Web infrastructure design. If they
have multiple subnets, they need to provide routing protocols that ensure
communications between the subnets. You will need to be familiar will all of
the following topics:
!
Improving security
!
Network address translation
!
Dynamic routing protocol

!
Default gateway
!
Multiple default gateways
!
Load balancing by using default gateways

The focus of this page is IP addressing and routing between the Internet and the
Business Logic and Data Services tiers. Some of the same topics that were
discussed in the first lesson for the User Services tier are covered here, but only
as they apply to the back end of the Web infrastructure. You will need to be
familiar with:
!
Routing traffic between tiers
!
Selecting appropriate routing protocols
!
Multiple subnets
!
Network address translation

The requirements for the individual servers on the back end will be different
than the requirements for the front end. The students will be given
recommendations for how they can provide improved security against external
attacks. You will need to be familiar with NAT as it applies to isolation
between the User Services, Business Logic, and Data Services tiers, in addition
to the following topics:
!
Network address translation
!

Documenting the IP address structure

As with the public network or User Services tier, this page recommends that the
student configure many of the hosts in the Business Logic and Data Services
tiers into clusters. Like the previous lesson, you will need to be familiar with
the following:
!
Network Load Balancing
!
Server cluster
Subnet isolation
IP addresses and
routing protocols
Number of IP addresses
for the individual
servers
Number of IP addresses
for server clusters
Module 4: Designing a Highly Available Logical Network vii


The guidelines page provides the students with the subordinate tasks that they
must address before they can create a logical network design for a highly
available Web infrastructure. You need to review the action steps with the
students and ensure that they understand how these steps relate to the task.
Emphasize to the students the importance of addressing all of these
requirements.
Practice: Select TCP/IP Addresses and Routing for the Private
Logical Network
You will divide the class into design teams. Give the students five minutes to

read through the scenario and the design considerations carefully before they
answer the questions. Tell the class that each team should be prepared to justify
their answers.
Lesson: Positioning the Network Services and Servers
The purpose of this lesson is to give the students the knowledge and skills that
they require to position the servers and services in a highly available Web
infrastructure.
The topic pages for this lesson and the appropriate instructional strategies are
listed as follows.
There are several tables on this page that the students can use as a reference for
the features of a highly available Web solution, and the positioning of
Microsoft services and products. By using the tables, you will review the
reasons why and how these features, services, and products support a highly
available Web infrastructure. You need to be familiar with:
!
Network services
!
Positioning Microsoft products

The students will need to know how to position servers and services in the User
Services tier. Use the graphic in the slide to emphasize the positioning
strategies for applications and services listed in the table. You need to be
familiar with:
!
Network adapter cards
!
Applications and services
!
Positioning strategies


The students now need to know how to position servers and services in the
Business Logic tier. Use the graphic in the slide to emphasize the positioning
strategies for applications services listed in the table. You need to be familiar
with:
!
Network adapter cards
!
Applications and services
!
Positioning strategies

Guidelines
Network servers and
services in n-tier
architecture
Network servers and
services in the User
Services tier
Network servers and
services in the Business
Lo
g
ic tier
viii Module 4: Designing a Highly Available Logical Network


Finally, the students need to know how to position servers and services in the
Data Services tier. Use the graphic in the slide to emphasize the positioning
strategies for applications and services in the table. You need to be familiar
with:

!
Network adapter cards
!
Applications and services
!
Positioning strategies

The guidelines page provides the students with the subordinate tasks that they
must address before they can create a logical network design that supports a
highly available Web infrastructure. You need to review the action steps with
the students and ensure that they understand how these steps relate to the task.
Emphasize to the students the importance of addressing all of these
requirements.
Lab A: Designing a Highly Available Logical Network
In this lab, the student will design a logical TCP/IP network to meet the needs
of the Government Portal scenario. Their design will include Internet
connectivity, IP addressing, routing for routers and firewalls, IP addressing and
routing for servers and clusters, and positioning of network services in the Web
infrastructure. The students will then make appropriate high availability
recommendations for the design where required. As with the practices, you will
divide the class into design teams. Give the students 30 minutes to carefully
read through the scenario and the design considerations before they answer the
questions.
If white board space is available, each team should be required to put their
design on the board. If Microsoft Visio
®
is available and the students are
comfortable using it, you could have them send their design to you for display
on the screen. Each team should be prepared to justify their answers.
Depending on team experience, the Web designs can be relatively simple or

quite complex. You may also discover that some features of their Web design
may be incomplete or wrong because they do not have the prerequisite
knowledge. You should only focus on the part of the design that addresses the
lesson component being taught.
You can allow the other teams to critique each design, but it is important that
you explain to the students that are no wrong or right answers. What they need
to take from this exercise is the opportunity to practice their design ideas and
obtain peer review in a lab environment. Depending on business requirements,
their actual design may vary.
Network servers and
services in the Data
Services tier
Guidelines
Module 4: Designing a Highly Available Logical Network 1


Overview
!
Selecting TCP/IP Addresses and
Routing for the Public Logical
Network
!
Selecting TCP/IP Addresses and
Routing for the Private Logical
Network
!
Positioning the Network Services
and Servers
Designing a Highly Available Logical
Network

Start End

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
In this module, you will consider only highly available Transmission Control
Protocol/Internet Protocol (TCP/IP) based logical networks. You will design
your address space by using a group of allocated IP addresses or translate your
public IP addresses to the private address space in use.
It is recommended that your design solution include high quality components. If
your components are of moderate quality, it is possible to achieve high
infrastructure reliability by using multiple moderate quality components to
provide redundancy. You can load balance clients across these multiple
components, or switch the clients to surviving components when failures occur.
Successful Web-based electronic commerce or IP-based intranets require a
highly available network infrastructure. The principle elements in creating a
reliable and highly available network infrastructure are IP addressing, routing
configurations, and services.
When there were fewer choices for technologies, network designers used a
general set of rules that functioned well for interconnection strategies and
routing protocols. With the increasing range of viable technologies, you must
adapt your network design to a wider variety of available options for building
networks and the different types of services that your network may offer to
users.
After completing this module, you will be able to design a highly available
logical network.
Introduction
Ob

j
ectives
2 Module 4: Designing a Highly Available Logical Network


Lesson: Selecting TCP/IP Addresses and Routing for the
Public Logical Network
!
ISP and User Services Tier Architecture
!
Public IP Addresses and Routing Protocols
!
Number of IP Addresses for Individual Servers
!
Number of IP Addresses for Server Clusters
!
Guidelines for Selecting Addresses and Routing for
the Public Logical Network
Selecting TCP/IP Addresses and Routing for the Public Logical
Network

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
To achieve high availability, the logical network must consist of highly reliable
components, which will not fail or must be fault tolerant. You can achieve this
redundancy and fault tolerance by including multiple:
!

International Organization for Standardization (ISO) layer 1 hubs/repeaters.
!
ISO layer 2 switches.
!
ISO layer 3 routers.

You can achieve high availability by using redundant physical and logical
network paths, Internet connections, and services to eliminate single points of
failure in your design. Multiple connections to several Internet service
providers (ISPs) can provide alternative routes to the Internet when one Internet
link or router is down.
Acquiring a large number of public addresses is expensive and in most cases
unnecessary. You can typically avoid this cost by using network address
translation. However, if your logical network design requires that a large
number of IP addresses be directly accessible from the Internet, you must
obtain an appropriate contiguous range of public IP addresses.
Introduction
Module 4: Designing a Highly Available Logical Network 3


To allow for future growth in your solution, you must ensure that you have a
sufficient number of public IP addresses. Acquiring public IP addresses at a
later date that may not be in the same contiguous range can complicate your
routing solution.
After completing this lesson, you will be able to:
!
Identify the fault tolerant components of multiple Internet service provider
connections and the User Services tier architecture.
!
Determine the public IP addresses and routing protocols for routers and

firewalls.
!
Determine the number of IP addresses for the individual servers.
!
Determine the number of IP addresses for the server clusters.
!
Select the public addresses and routing for a highly available public logical
network.

Lesson objectives
4 Module 4: Designing a Highly Available Logical Network


ISP and User Services Tier Architecture
ISP A
ISP A
ISP B
ISP B
User Services Tier
User Services Tier
Firewall/Router
Firewall/Router
Switch
Switch
Switch
Switch
Front-End
Servers
Front-End
Servers

Internet
Internet
Router
Router
Router
Router
Firewall/Router
Firewall/Router
Router
Router
Router
Router

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
If your organization uses a public addressing scheme, you need to anticipate
network growth to ensure that you have acquired sufficient public addresses for
your solution. The total number of available addresses can restrict Web
infrastructure growth. You will not be able to add devices to the public network
after you have assigned all of the public addresses.
The Internet Network Information Center (InterNIC) assigns public addresses
and these addresses consist of class-based network IDs or blocks of Classless
Inter-domain Routing (CIDR) based addresses (called CIDR blocks) that are
guaranteed to be globally unique to the Internet. When the public addresses are
assigned, the routers of the Internet are programmed with route information so
that traffic to the assigned public addresses can reach their locations.
You can provide the highest availability and fault tolerance for your Web

solution by having connections to multiple ISPs. These multiple connections
can provide alternative routes to the Internet when one Internet link or provider
fails. When you design your infrastructure with redundant connections to the
Internet, you will use a routing protocol or load-balanced routers to ensure fault
tolerance.
To provide the highest availability for the User Services tier, you must ensure
that there are fault tolerant networks between the ISP connections and the User
Services servers. The inbound network must be able to tolerate failures of the
firewalls, routers, and switches, while still providing access to the servers in the
User Services tier.
For example, as shown in the graphic, the User Services tier is isolated from the
ISPs by two firewall/routers. All servers on the User Services tier are on a
single subnet that is using a fault tolerant switched configuration. To provide
routing to the ISPs and the Internet, the computers in the User Services tier
could all use public addresses, with dynamic routing provided between Firewall
A and the routers in ISP A, and Firewall B and the routers in ISP B.
Introduction
Providin
g
fault tolerance
Module 4: Designing a Highly Available Logical Network 5


It is recommended that your Web solution design include the User Services tier
architecture and the ISP connections to ensure that you can determine the
required number of public addresses and the requirements for either static or
dynamic routing. You may need dynamic routing protocols if your ISP
connection includes routing, but typically only static routing is required in the
User Services tier.
If network address translation is part of your solution, you may not need to

allocate public IP addresses for the servers in the User Services tier. You will
need public IP addresses for at least the inbound firewalls or routers.
User Services tier
6 Module 4: Designing a Highly Available Logical Network


Public IP Addresses and Routing Protocols
!
Multiple subnets
!
Network address translation
!
Routers and firewalls
!
Routing protocols

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
To connect your Web infrastructure solution to the Internet you must provide
public addresses that are accessible for inbound clients to connect to. To
determine the appropriate public TCP/IP address structure, you must evaluate
your Internet accessibility needs, the use of routers, and public address
availability.
Prior to completing your design, you need to consider the Internet connectivity
for the public network operation and the addressing structures that allow subnet
routing.
Variable length subnet masks (VLSM) and CIDR support multiple masks or

prefixes per network. Both VLSM and CIDR require routers that support more
advanced interior routing protocols, such as Routing Information Protocol (RIP)
version 2 and Open Shortest Path First (OSPF).
It is recommended that you base your design on the use of RIP version 2 or
OSPF to permit dynamic reconfiguration of the network, but your infrastructure
may have to support Border Gateway Protocol (BGP) if that is what the ISP
uses.
The network design for your user services can include multiple subnets and you
must optimize the number of subnets and the number of hosts per subnet. It is
recommended that you always attempt to minimize the number of addresses
exposed to the Internet to minimize the number of DNS entries that your
infrastructure requires. Your solution will have a minimum of one subnet, but
you can design it to have multiple subnets where the subnets provide greater
reliability, fault tolerance, and performance.
When you use multiple subnets, you will have to provide routing facilities that
meet your availability and fault tolerance requirements. In many designs, it is
the performance requirements of the infrastructure that limit the number of
hosts that are supported on a subnet.
Introduction
Multiple subnets
Module 4: Designing a Highly Available Logical Network 7


Your network design can include a network address translation (NAT) device
(which may be part of a firewall/router configuration) to act as an intermediary
between the user services network for your solution and the Internet/ISP. With
this architecture, the only mandatory IP address visible to the Internet is the IP
address of the NAT device. NAT is convenient to minimize the number of
required public addresses, and can permit the use of multiple subnets with
private addresses in the User Services tier.

There are limits on the number of hosts per subnet, and when determining the
host population per subnet, you will need to consider:
!
Network design specifications. You can create your network design
specifications to meet required performance and throughput goals.
!
NAT and router device performance. You can evaluate the number of
subnets that any new or existing routers support, and the number of hosts
per subnet that are based on data separation, security, and router
performance.

To provide isolation and routing to and from the ISP, your solution will have
either packet filtering routers or firewalls positioned between your User
Services tier and the service provider.
You must ensure that the IP address structure and the routed paths available are
suitable for the number and functionality of the Web servers in your solution.
Most solution designs will constrain the Web infrastructure in a screened subnet
or perimeter network (also known as DMZ and demilitarized zone), and so the
address and routing structure must minimize unrelated data flows, to prevent
the possibility of security breaches.
You will select the appropriate protocols to provide routing redundancy based
on the router and firewall devices that are used and the type of failure response
that your Web solution requires. For example, in a Web solution designed with
two links to the Internet, the protocols used in the routers may load balance the
data flows across both routers by using a common virtual IP address, or may
use a single routed connection with the redundant path unused unless a failure
occurs.
You will typically select OSPF, RIP version 2, or BGP as the routing protocols
for your infrastructure; but if you are using load-balanced routers, your system
may require additional protocol support. For example, Cisco provides Internet

routers, which use BGP, and they support multihomed BGP routing by using a
load balance protocol between the routers called Hot Standby Router Protocol
(HSRP).
You should use static routing and minimize the use of dynamic routing
protocols to eliminate the convergence required for dynamic routing after a
failure. You can minimize the need for dynamic routing protocols by using
load-balanced routers, which permit the use of virtual IP gateways for a subnet.
Network address
translation
Routers and firewalls
Routin
g
protocols
8 Module 4: Designing a Highly Available Logical Network


Number of IP Addresses for Individual Servers
!
Network address translation
"
10.0.0.0
"
172.16.0.0
"
192.168.0.0
!
Server publishing
"
Publish to the Internet
"

Client requests pass through ISA Server

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
Your Web solution design can include servers providing various functions in
the User Services tier. Your Web solution may have File Transfer Protocol
(FTP) servers and Web servers positioned in the User Services tier.
All of your Web solution interfaces on a public network will require public IP
addresses, and if no address translation or server publishing is included, each
server in the perimeter network will require public addresses.
In a simple design, you must define an IP address for every adapter connected
to the subnet that you are designing. Some interfaces may require more than
one IP address, for example where a single server running Microsoft
®
Internet
Information Services (IIS) links multiple Web sites to separate IP addresses for
an adapter. In this scenario, a single network adapter might support many IP
addresses—one for each individual Web site.
When your design includes the use of teaming adapters for a server, a logical
network adapter may consist of several physical adapters with only one IP
address being used. In this scenario, every logical network adapter connected to
the subnet that you are designing must have at least one IP address.
When NAT is provided by the boundary devices in your design, the addresses
that are used for servers in the perimeter network are not required to be public
addresses. Using a private addressing scheme for the perimeter network is
inexpensive because you do not need so many public addresses, and you can
design it to accommodate virtually unlimited network growth.

Request for Comments (RFC) 1918 lists the IP address ranges that are reserved
and available for use in private addressing schemes. The Internet Assigned
Numbers Authority (IANA) has reserved the following three blocks of the IP
address space for private internets:
!
10.0.0.0 - 10.255.255.255 (10/8 prefix)
!
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
!
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

Introduction
Network address
translation
Module 4: Designing a Highly Available Logical Network 9


Microsoft Internet Security and Acceleration (ISA) Server includes a feature
called server publishing, which provides a SecureNAT solution. When
ISA Server provides server publishing, the addresses that are used for servers in
the perimeter network may or may not be public addresses. It is recommended
that when you use server publishing, you use private addresses for servers to
minimize public address requirements.
If you expose only the IP address of ISA Server, you improve the security of
your solution, reduce the number of DNS entries required, and terminate the
majority of denial of service attacks at ISA Server.
Server publishing
10 Module 4: Designing a Highly Available Logical Network



Number of IP Addresses for Server Clusters
!
Network Load Balancing
"
One virtual IP address per cluster
"
Individual dedicated IP address for each cluster
member
"
All clusters members on the same IP subnet
!
Server Cluster
"
One virtual IP address per cluster
"
Heartbeat and other traffic on separate networks

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
To provide high availability and fault tolerance, you will configure many of the
hosts in the User Services tier in clusters. When using clusters to provide
services, the number of IP addresses will be larger because the cluster provides
a virtual IP address for the cluster and dedicated IP addresses for each cluster
member. You need to determine the number of public addresses for your
Microsoft Windows
®
Clustering solutions that use Network Load Balancing

and Microsoft Cluster service clusters.
You must define an IP address for every adapter connected to the subnet in a
simple design. If Windows clustering forms part of your solution, some
interfaces will require more than one IP address. For example, a server cluster
can have multiple virtual IP addresses defined for a cluster adapter. In this
scenario the cluster network adapter might support many IP addresses, one for
each individual resource defined for the cluster.
If your design includes the use of teaming adapters for a server, a logical
network adapter may consist of several physical adapters, with only one IP
address being used. In this scenario, every logical network adapter connected to
the subnet that you are designing must have at least one IP address.
Introduction
Module 4: Designing a Highly Available Logical Network 11


Network Load Balancing requires at least one virtual IP address per cluster and
an individual dedicated IP address for each cluster member. Additional virtual
IP addresses can be required to support the functionality of the Web
infrastructure. These addresses must all be on the same IP subnet, so if the
Network Load Balancing servers use public IP addresses for the virtual IP
address, they must use public IP addresses for the dedicated IP addresses.
Server ServerServer
NLB Virtual IP #
192.168.0.25
Dedicated IP #
192.168.0.10
Dedicated IP #
192.168.0.11
Dedicated IP #
192.168.0.12


Network Load Balancing
12 Module 4: Designing a Highly Available Logical Network


Server clusters require at least one virtual IP address per cluster adapter.
Additional virtual IP addresses can be required to support the functionality of
the Web infrastructure. These addresses will typically all be on the same IP
subnet.
The heartbeat and other traffic are separated onto other networks, so that they
have no impact on address requirements for the public connectivity subnet, but
will require additional IP addresses on the other subnets.
Data Services Tier
Fiber Switch
Node A Node B
10.0.0.1 10.0.0.2
Private Network
192.168.0.35 192.168.0.36
Cluster Server IP = 192.168.0.44
Cluster Virtual Server 1 IP = 192.168.0.45
Cluster Virtual Server 2 IP = 192.168.0.46
Cluster Virtual Server 3 IP = 192.168.0.47
Data Data
Data

Server cluster
Module 4: Designing a Highly Available Logical Network 13


Guidelines for Selecting Addresses and Routing for the Public

Logical Network
!
Analyze the public network connection
architecture for the User Services tier
!
Determine the number of public IP addresses for
the public network routers or firewalls
!
Determine the number of public IP addresses for
individual servers
!
Determine the number of public IP addresses for
your cluster solutions

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
To design a highly available network infrastructure, you must document the
architecture and determine the required public addresses and routing protocols.
It is recommended that you always minimize the number of public addresses to
simplify the DNS and routing configuration required.
You will need to apply the following guidelines as you design a highly
available logical network:
!
Analyze the public network connection architecture for the User Services
tier. You need to consider the following components:
• The security boundary devices that are used to isolate the user services
perimeter network from the Internet/ISP (for example, router filters,

firewalls, proxy, NAT, and so on).
• A public IP address for each interface for the boundary devices in your
design, unless you use NAT. When you use NAT, public IP addresses
are only required for the Internet facing interfaces.
• For each autonomous system, designate routing paths to the Internet/ISP.
• For each boundary path where you use multiple links, specify links
where load balancing is required.
• For each autonomous system, designate a routing strategy, providing
load balance or failover (for example, static, OSPF, RIP version 2, BGP,
and so on).
Introduction
Design guidelines
14 Module 4: Designing a Highly Available Logical Network


!
Determine the number of public IP addresses for the public network routers
or firewalls. You need to consider the following components:
• Public addresses for each interface on routers in the public network.
• Public addresses to Internet facing interfaces on NAT devices, such as
ISA Server with Server Publishing.
!
Determine the number of public IP addresses for individual servers. You
need to consider the public addresses to each server that must be directly
resolved from the Internet.
!
Determine the number of public IP addresses for your cluster solutions.
You need to consider the following components:
• Public addresses for the virtual addresses that are required for each
cluster solution.

• Public addresses for the dedicated IP addresses for Network Load
Balancing cluster members where the virtual IP address is a public
address.

Module 4: Designing a Highly Available Logical Network 15


Practice: Selecting TCP/IP Addresses and Routing for the Public
Logical Network
In this practice you will:
!
Select TCP/IP addresses and routing for
the Public Logical Network using a
scenario

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
The instructor will divide the class into design teams. You have five minutes to
read through the scenario and the design considerations carefully before you
answer the questions. Each team should be prepared to justify their answers to
the rest of the class.
You are designing a highly available Web infrastructure and have determined
that two Web clusters with eight servers each will be required. You have
decided to use Network Load Balancing for balancing the traffic to the Web
site. The site will also include a failover server cluster providing FTP services.
Consider the following Web infrastructure requirements for your design:
!

The Web servers will host a total of five Web sites on Hypertext Transfer
Protocol (HTTP) port 80.
!
Host headers will not be used.
!
The site will not use network address translation as part of the solution.
!
Each server in the User Services tier will be connected to both the public
network and a private network for communications to other servers in other
tiers of the infrastructure.

Directions
Scenario
16 Module 4: Designing a Highly Available Logical Network


1. How can you configure your logical network design to ensure high
availability and fault tolerance for the User Services tier?
Provide alternative routes to the Internet by having redundant
connections to multiple Internet service providers.
Provide fault tolerant networks between the ISP connections and the
User Services servers.


2. What must you consider if network address translation is part of your Web
infrastructure solution?
You may need to allocate public IP addresses for the servers in the User
Services tier.



3. What feature of Microsoft Windows 2000 can you include as part of your
design that will enable any service on your internal network to be made
available on the Internet?
You can use server publishing to allow virtually any service on your
internal network to be made available on the Internet.


4. Your User Services tier architecture will use Network Load Balancing and
server clusters to provide for high availability and fault tolerance. What are
the minimal IP address requirements for each technology?
Network Load Balancing requires at least one virtual IP address per
cluster. Each cluster node requires an individual dedicated IP address.
Server cluster requires at least one virtual IP address per cluster.




Questions
Module 4: Designing a Highly Available Logical Network 17


Lesson: Selecting TCP/IP Addresses and Routing for the
Private Logical Network
!
Subnet Isolation in an N-Tier Architecture
!
IP Addresses and Routing Protocols
!
Number of IP Addresses for the Individual Servers
!

Number of IP Addresses for Server Clusters
!
Guidelines for Selecting Addresses and Routing for
the Private Logical Network
Selecting TCP/IP Addresses and Routing for the
Private Logical Network

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
A Web infrastructure solution can have some public addresses for the User
Services tier routers, firewalls, and servers directly accessible from the Internet.
However, it is recommended that you isolate the servers for the Business Logic
and Data Services tiers from the Internet and not use public addresses.
Isolation of these servers from the Internet can be based on security devices
such as firewalls, but there are benefits to implementing a private addressing
structure. Using a private addressing scheme for an intranet or perimeter
network is inexpensive and you can design the scheme to accommodate
virtually unlimited network growth and reconfiguration.
You can create your network design specifications to meet required
performance and throughput goals or to specify isolation requirements. For
example, in many solutions the business logic servers and database servers will
be on the same subnet to minimize hops between servers, therefore maximizing
the network performance. Or you can position the servers in a number of
separate subnets where the number of hosts per subnet is based on data
separation and security, rather than performance.
After completing this lesson, you will be able to:
!

Describe subnet isolation.
!
Determine the private IP addresses and routing design strategy for the
logical network.
!
Determine the number of private IP addresses for the individual servers.
!
Determine the number of private IP addresses for the server clusters.
!
Select the private addresses and routing for the logical network.

Introduction
Lesson ob
j
ectives