Segmenting Your Network

When I think about performance tuning, I always see images of car-racing pit crews using precision instruments to make subtle adjustments to their cars' engine, tires, and chassis. To get the maximum performance from their cars, pit crews tweak their cars' parts to suit environmental factors such as track condition and air temperature. Similarly, Windows NT administrators continually apply patches and tweak settings on their networks in an ongoing effort to squeeze as much performance as possible out of their systems. This issue of Windows NT Magazine provides many suggestions to help you improve the responsiveness of the systems you administer. As you make performance improvements to your individual machines, don't forget to maintain a sound physical network infrastructure. A poorly designed physical network can completely negate any performance improvements you make on a server, just as flat tires would restrain a finely tuned Indy-car engine. Use the following tips and techniques to properly segment your network and maximize the benefits of performance tuning your systems.

What Is Network Segmenting?
Segmenting at its most basic level is the process of separating certain portions of network traffic, either for performance, security, or reliability reasons. You can use a bridge, a switch, or a router to separate your network's devices into segments.

Performance tuning is at once a science and an art. Knowing your options for grouping various devices to form a network is the science of network segmenting. However, successful networking requires you to choose your segmentation points wisely, considering all the devices on your network—this requirement is the art of network segmenting. To master this art, you must understand the types of traffic on your network and the path each type of traffic takes. Then, you must minimize the number of devices between the source and destination points of each packet.

NT Servers Between Segments
Many administrators use NT servers as routers between their network's segments because of budget constraints or because adding NICs to an existing server is easier than restructuring a network. Figure 1 depicts a network with two servers—each of which has two NICs—and two user segments. This network might seem simplistic, but many companies employ this type of network configuration—sometimes with hundreds of user workstations. This segmenting scheme places a performance burden on the two servers. The servers not only provide standard user services, but they are also responsible for routing packets between network segments. In addition, both servers in this network design must be available for users on one segment to be able to access the other segment. If one server goes down, users on that server's segment are unable to access the failed server and are also unable to access resources on the other segment.

To maximize performance, this network's administrators need to place a bridge between the two segments, as Figure 2 depicts. In Figure 2, each server is on the segment on which it gets the most use. Bridges don't retransmit packets that don't need to pass through them, so this configuration reduces network traffic without introducing routing overhead onto the servers. In addition, Figure 2's users won't lose access to the other network segment if one server crashes; the bridge will route traffic, so users on both sides of the network will still have access to the functional server. Bridges occasionally crash, and a bridge failure would prevent users on each segment from accessing the other segment. But most bridges crash far less often than servers crash, and in the event of a bridge crash, users on each side of the network can access the server on their segment.

Switched Environments
Suppose your network has grown to the point that you don't want to keep all your devices on one physical segment anymore. Switches provide the easiest and most common way to segment traffic. Switches and bridges behave similarly; both devices accept traffic on any of their ports, examine each packet for destination information, and transmit the packet only to the port on which the target device resides. The primary difference between a switch and a bridge is that switches work on a larger scale. Switches usually have at least a dozen ports, but bridges usually have only two ports.

Unlike switches and bridges, a hub transmits packets to all of its active ports. Many people refer to hubs as shared media because every device that connects to the hub has to share its bandwidth with all the other devices that connect to the hub. If you connect too many hubs, you end up with a shared network too large to let users work effectively.

To design a switching layout for your network, start with a switch on the central backbone of your enterprise network. This switch must extend to hubs or more switches. Users on some networks connect to the network through those secondary switches; this configuration is commonly referred to as a switched-to-the-desktop setup. This setup is becoming more common as low-cost switches are becoming more prevalent. This configuration provides more security and better performance for each user than any other network segmenting configuration, but it costs more per port than any other segmenting method.

Most companies still connect their user workstations to hubs. If your central switch connects to hubs or groups of hubs for user workstations, you can take several steps to improve your network's performance. Keeping in mind how traffic flows on your network, use the following guidelines to improve your network performance in a switched-and-shared environment.

   Previous  [1]  2  Next