Audrey's blog

Exploring Traditional and AWS Cloud (2-Tier and 3-Tier) Network Designs

Exploring Traditional and AWS Cloud (2-Tier and 3-Tier) Network Designs

Understanding Network architecture is very much necessary because it helps you comprehend the kind of architecture your business needs.

Akaeze Kosisochukwu's photo
Akaeze Kosisochukwu
·

9 min read

Table of contents

Prerequisites

To understand the architecture, it is advised that you know about basic network terminologies like network,network-enabled devices, switches, routers, IP address, VPCs, MAC address, and a bit of AWS services used in the article.

What are Traditional 2-tier and 3-tier Network Architecture?

Before the Cloud, businesses (eg. Government, fintech)make use of on-premises data centers and still do for reasons like Data Security and Compliance, Data Sovereignty, etc. But for many reasons, The cloud culture was adopted and the transition of datacentres to the cloud became a thing.

Before we progress, we need to understand the traditional 2-tier and 3-tier network architecture used within the on-premises data centers

3-tier Architecture

The 3 tier comprises 3 different layers:- Core Layer, Distribution Layer, and Access Layer.

  • Access Layer

    The access layer provides connectivity to the endpoints(servers, phones, computers, etc.). This layer has switches that have different network-enabled devices within it. Every Switch has a list of devices connected to it, and those devices communicate among themselves using the device's MAC address.

  • Distribution Layer

    This has different multi-layer switches which accommodate more connections than the normal switch. regardless of having different device connections, the switches in the Access layer broadcast their list of connected devices to the multi-layer too. Switch B has 2 devices connected to it and those devices are reflected on the switch list.

    From the diagram, switch B is connected to a multi-layer switch in the distribution Layer likewise switch A. In a scenario, where a device in switch A is trying to access a file on a device that is connected to switch B because the List of all connected devices is being broadcasted to the multi-layer switch, I can simply send my request to the distribution layer(multi-layer) and it searches for the devices within its list, then Routes back the file to the device in switch A using the fastest path putting into consideration Latency, Bandwidth, etc.

    However, if multi-layer switch A cannot find the particular file within it, it communicates to multi-layer switch B to also search for the file within it.

    The Multi Layer switch has better routing Capabilities than the normal switches but its routing capabilities are limited when compared to a Router because it still uses the device's MAC address.

  • Core Layer

    This provides the highest level of routing because it has routers that use both the MAC and IP address for their routing and also have access to the internet.

    Let's say we can't still find the file we were initially looking for in the distribution layer, a request is sent to the core layer which has access to all devices connected to the network and searches through it, and if still not found, it checks the internet using the IP address and then routes the data back to us.

    The core layer does the following with the help of the router

    • Accessing data within its network

    • accessing data over the internet

    • accessing data from different network architectures.

2-tier Architecture

The 2 tier has the Access layer and the Collapsed layer(combination of the core layer and distribution layer)

The access layer does the same thing as mentioned in the 3-tier why the collapsed layer does the work of the distribution and the core layer.

Differences and why do we need them?

Apart from the different layers they comprise, 2-tier architecture is usually used when there are fewer connections needed in the network, and those devices are a small distance apart, mainly used for small-scale businesses.
While for 3-tier, when multiple devices are involved in the network it is advised to use the 3-tier to handle large volumes of internal and external traffic. can be used in Banks, and school ICT centers

While most businesses implement these network architectures in their on-premises data centers (datacenters located within the office), it becomes difficult to scale up the 2-tier network architecture to a 3-tier during peak times (lots of traffic on the network) considering cost and the time it takes to implement the transition.

For that reason, most business transition to the cloud where the mentioned issue is handled by their cloud vendors.

2-Tier Network Architecture in the Cloud(AWS)

In the Cloud, the 2-tier network architecture can be called the Client Server Application and comprises the

  • Client tier(the frontend)

    This tier is basically what the end users interact with, it could be the user interface of an app or a website. this tier displays information, collects user inputs as well as provides a way for users to interact with the system.

    In a web-based architecture, the web tier (or client tier) includes the components responsible for presenting the user interface, processing user requests, and displaying the results to the users. It typically consists of user-facing components such as HTML, CSS, and JavaScript.

  • Data tier(the backend)

    This is the brain tier or powerhouse, it manages the logic operations of our app, stores data, processes the request of the frontend, and provides the necessary responses.

    Explaining the diagram in detail,

    1. From the Client Tier view when a user(client, mobile client) enters a domain name(eg. jumia.com) and searches for it across a network(internet), DNS resolution begins and the browser sends the request to a DNS resolver which checks the hosted zone(AWS Route 53) of Jumia that has the DNS records and matches it to its specific IP address.

    2. If I was searching for static content associated with the Jumia domain, such as images or files. The DNS records in the hosted zone can be configured to point to the appropriate Amazon S3 bucket which is a container for storing static content. But if we were looking for data that is not frequently accessed we can get that from the Amazon Glacier. This in turn reduces latency and improves performance.

    3. Not looking for any of the mentioned ones above? then a request is sent to the Edge (AWS Cloudfront Service) which is a cloud content delivery network that locates the requested content from the edge location closest to the user.

    4. From the Edge location, we have the Virtual Private Cloud(VPC) to ensure the Web application will be secure, and an internet gateway that allows communication between the VPC and the internet allowing traffic to flow in and out of the VPC. The internet Gateway uses Elastic Load Balancers for distributing incoming traffic across the VPC.

    5. Within the VPC cloud, we have two Availability zones(AZs) for redundancy and fault tolerance which are subdivided into 4 different subnets, These subnets help for better network isolation and high availability and they could be Public or Private depending on if we want our resources to be publicly accessible from the internet.

    6. The Elastic load balancers are in direct connection with the web servers and they act as a traffic distribution layer between clients and web servers. They improve the scalability, availability, and fault tolerance of web applications by efficiently distributing incoming requests and monitoring the health of the backend servers.

    7. The Data tier as explained before does the logic and data storage and it performs this with the help of the web servers, here is a breakdown of what the web servers do

      • receives requests from the client tier, these requests can be HTTP requests for web pages, APIs, or other resources.

      • Processes the request by executing the necessary logic which could be authentication, authorization, business rules, or any other operations required to fulfill the request.

      • Communicates with Data Store which in our diagram is the RDS database. This interaction can involve querying a database, accessing files, or using other data storage mechanisms and then sending the responses back to the Client.

    8. The locks on each subnet signify that there are network access control lists (ACLs) associated with the subnets. Network ACLs act as a firewall for controlling inbound and outbound traffic at the subnet level. This gives an additional layer of security and control over the network traffic within your AWS infrastructure.

And lastly, we see the IAM, CloudWatch, CloudFront, AWS Cloud Formation
These are not part of the tiers but they play a crucial role in managing and optimizing the AWS infrastructure, securing access, monitoring resource performance, and enhancing content delivery within the network architecture.

This 2-tier and 3-tier architecture is the same for all cloud providers but they vary based on the individual services of the providers. eg Azure will use Azure DNS in place of Amazon Route 53 likewise Google too. They can only vary based on the type of application you are building, could be a single-page application, web application etc.

3-Tier Network Architecture in Cloud(AWS).

This tier comprises the Client Tier, Data Tier, and Application tier.

  • Client Tier

    This does the same thing as the client tier in a 2-tier network architecture.

  • Application Tier

    This is an additional tier added to the 3-tier network to help separate the business logic away from the data tier. it handles logic such as validating user inputs, executing calculations, and applying business rules before interacting with the data tier for storage or data retrieval. This approach makes it easier to modify logic without affecting the underlying data storage and retrieval process in the data tier.

  • Data Tier

    Having the business logic abstracted away from the data tier, makes it easier for it to fully focus on data storage and retrieval. This in turn leads to efficient and faster responses to requests made.

Explaining the 3-tier network architecture here,

  • Similar to the 3-tier, we have the internet gateway connecting our VPC and the internet

  • Within the VPC, we have the two availability zones (US-east 1a and U-east 1b)

    which has different subnets.

  • The Public Web subnet is our Client Tier which involves the user's interaction with our app and can be publicly accessed over the Internet.

  • Then we have the Private App subnet which is our Application Tier and this handles all the logic and it cannot be publicly accessed over the internet.

  • Then the Private DB Subnet which is our Data Tier handles all the data storage and retrieval.

With the 3-tier, we have the separation of concerns which improves scalability, flexibility, performance and so many other benefits.

But at the same time, it may also introduce additional complexity, deployment, and management overhead compared to a simpler 2-tier architecture.

In conclusion, it's essential to carefully consider the specific needs of your application, anticipated traffic patterns, scalability requirements, and the trade-offs between complexity and flexibility before choosing a particular network architecture for your business.

In my next article, I will be walking through the practical guide on how to set up the different architecture on AWS Cloud. Still confused about the explanation of this article? Do use the comment session.....

Network Architectureaws 2-tier networkaws 3-tier-networktraditional network architecture