Types of Traffic and Architectures in Data Centers

In a Data Center, network traffic can be characterized as either north-south or east-west. North-south traffic, on one hand, refers to data packets between an endpoint (e.g., a server) and a user that flow between the data center and an external location. This type of traffic was predominant in the early days of the internet. On the other hand, east-west traffic describes data traffic that flows within a data center from one server to another. Hardware virtualization and the Internet of Things (IoT) are two concepts that have led to the increase in this type of traffic in recent times. Currently, approximately 70% of the traffic in a data center flows east-west, from one server to another.
 

North-south traffic is suitable for a design consisting of three tiers – core, distribution, and access – a design commonly found in traditional data centers. In this scenario, a packet traverses the core level, is routed to the distribution switch, and then forwarded to the access switch where the destination server is connected. As a result, most packets traverse three hops, which makes the latency quite predictable.
 

In recent years, traffic within the same data center, that is, east-west traffic, has become increasingly common and has thus become the new standard. The main issue with the traditional three-tier design is that since the traffic is predominantly from server to server, it no longer traverses only three hops but four, five, or even more hops, adding additional latency to each flow and increasing the risk of bottlenecks or dropped packets.
 

In a modern data center, the recommendation is to have a two-tier architecture, with a level of spine switches (similar to core switches) and another level of leaf switches (similar to access switches). This architecture is much better suited for server-to-server traffic within the same data center and offers the following advantages:
 

• Resilience – each leaf switch connects to each spine switch, eliminating the need for spanning tree protocol (STP), and allowing each link to be utilized.
• Low latency – a maximum of two hops for east-west packets, resulting in predictable latency.
• Increased performance – active-active uplinks enable traffic to be transmitted through the least congested link.
• Scalability. 

It is worth mentioning that this type of architecture can be implemented in both traditional and software-defined networks, and in recent times, more and more companies are migrating their traditional infrastructure, whether it is WAN or Data Center, to Software-Defined Networking (SDN) networks.

But first of all, what are software-defined networks and what are their advantages?

Advantages of Software-Defined Networks

SDN networks have penetrated both the Data Center area (at a rate of 64%) and the WAN area (58%), as well as the LAN and network access area (40%), according to cisco.com. Regardless of the implementation area, SDN networks deliver a centralized, flexible, and easier-to-manage network, consisting of one or more controllers (the core element of an SDN architecture) and a set of APIs.
 

The key difference between SDN networks and traditional networks lies in the infrastructure: an SDN network is software-based, while a traditional network is hardware-based. An SDN network is much more flexible than a traditional network because the control plane is software-based, allowing administrators to control the network, perform configurations, provision resources, or monitor it from a centralized graphical interface.

Cisco Application Centric Infrastructure, or Cisco ACI, is an SDN solution for data centers that has been adopted by many companies. It provides a different way of monitoring and operating networks compared to traditional approaches.
 

What makes this solution so powerful and attractive?

Cisco ACI

Cisco ACI converts all switches into what is called a fabric, which is equivalent to a giant switch. The main purpose of a Data Center fabric is to route traffic on the most optimal path from a server – whether virtual or physical – to a destination, while simultaneously providing the following types of services:

• Traffic optimization
• Telemetry (which goes beyond traditional port counters)
• Application of security rules

The brain of an ACI solution is the Application Policy Infrastructure Controller (APIC), through which administrators create and apply policies throughout the network. In the event of connectivity loss with one or all of the controllers, the network remains functional.

One of the advantages of an ACI solution is that management is centralized through the APIC, either through a graphical interface or via REST APIs. The configuration process is intuitive compared to traditional networks where administrators had to log in to each device, managing it box by box. With ACI, the APIC pushes the configuration to the switches, eliminating the need for manual intervention by an administrator, which would otherwise result in reduced operational speed. Additionally, the risk of human errors is eliminated since the APIC does not accept incorrect configuration commands.

In ACI, tasks such as configuring a large number of switches or adding a new switch to the network are much simpler than in a traditional network, requiring only a few clicks without the need to log in to the command line. Therefore, fabric deployment and configuration are done from a single centralized management point. Troubleshooting is much faster, resulting in a significant reduction in diagnosis and issue remediation time, as the system ensures continuous monitoring of the entire infrastructure.

The ACI architecture is highly scalable. If more bandwidth is needed, more spine switches can be added. If a larger number of ports is required, more leaf switches can be added. These switches integrate into the solution automatically, inheriting the existing configuration from the APIC.

Through the APIC, end-to-end visibility of the entire network, including traffic between virtual machines, is achieved in a single graphical application.

Cisco ACI also integrates with security equipment, allowing the insertion of firewalls or IPS (Intrusion Prevention Systems) between logical groups formed by multiple servers. This ensures that east-west traffic between servers and north-south traffic between users and applications is secured. The solution also allows integration with third-party solutions such as VMware, providing the ability to create port groups in vCenter directly from the APIC’s graphical interface. This extends the network to the virtual machine, not just the hypervisor, reducing configuration time.
 

Arctic Stream specialists have implemented ACI migrations in data centers of various sizes, observing all the mentioned advantages in terms of automation, scalability, and easy management. If you are interested, please contact us for a discussion at [email protected].