Chapter 13. Choosing a Deployment Architecture
158
13.2. Large-Scale Redundant Setup
This diagram illustrates the network architecture of a large-scale CloudPlatform deployment.
• A layer-3 switching layer is at the core of the data center. A router redundancy protocol like VRRP
should be deployed. Typically high-end core switches also include firewall modules. Separate
firewall appliances may also be used if the layer-3 switch does not have integrated firewall
capabilities. The firewalls are configured in NAT mode. The firewalls provide the following functions:
• Forwards HTTP requests and API calls from the Internet to the Management Server. The
Management Server resides on the management network.
• When the cloud spans multiple zones, the firewalls should enable site-to-site VPN such that
servers in different zones can directly reach each other.
• A layer-2 access switch layer is established for each pod. Multiple switches can be stacked to
increase port count. In either case, redundant pairs of layer-2 switches should be deployed.