Network Switch for Web Application

Question

I'm migrating a web application from a single server to a three server config, two running the database and one the web tier. I need to purchase a network switch to string these servers together although I'm not quite sure what features I should be looking for in the switch given this use case? My servers are co-located in a data center.

Obviously high availability is the number one concern for web hosting, is it worth buying a couple of cheap switches and having one as a cold spare? or would it be preferable just to go for an enterprise grade switch? I would like the ability to firewall most ports except for the standard 80,443 and 3389. Any thoughts on this?

Sorry for my lack of expertise in this area, I'm a one man operation covering a few different bases and networking isn't my forte.

Answer 1

Switches aren't firewalls, so if you want firewalling you will need to buy a firewall or use a host-based firewall. Don't buy an el-cheapo switch but at least one you can manage remotely (e.g. ssh into its management interface from one of the DB servers).

Answer 2

Obviously high availability is the number one concern for web hosting, is it worth buying a couple of cheap switches and having one as a cold spare?

How will that buy you high availability? Will you drive to your co-lo to replace it if it fails? You'll network infrastructure between your servers will be down the entire time. On the other hand, you'll buy yourself all kinds of other issues due to not using decent equipment. Right idea here, just the wrong implementation.

I would like the ability to firewall most ports except for the standard 80,443 and 3389.

As @Dennis Kaarsemaker noted - switches are not firewalls although many enterprise grade switches have the ability to do basic Layer-3/Layer-4 filtering using ACLs. Again, depending on your specific needs this may be sufficient. If you have complex requirements for your firewall you will want to buy dedicated devices for that purpose.

Would it be preferable just to go for an enterprise grade switch?

Yes. Professionals use professional gear. You will want to buy at least two of what are called "managed" switches (see What should I pay attention to when I'm buying a network switch? for an overview.). You haven't mentioned any benchmarks on what kind of network traffic you measured between your servers, how much bandwidth they will need, whether or not the protocols you are using are latency sensitive and what your plans are for expansion. Accordingly, you might want to consider switches that are modular so you can support many different Layer-1 technologies and with a robust enough backplane if it turns out you need 10Gb speeds. Again, without having done any benchmarks you could easily overbuild your solution or just as likely underbuild it and end up buying new infrastructure again shortly.

You will probably want configure Spanning-Tree Protocol and Port Channels/LACP so that you can run both switches in "parallel", preferably with each switch on its own power. Each line represents multiple network connections that are bundled together to ensure redundancy.

Answer 3

You don't need a switch in this situation. What you need is just the one server which then connects to the back-end DB servers which I assume you would have clustered.

Even if you were running more then one web server you would still not use a switch. You would want to run a load balancer.