Category: Info Tech

To Architect or Design, that is the question?

In IT, there are various roles such as Architect or Designer and the line between these two definitions seem to get blurred. I find that it often means different things for different people and companies. This can also make understanding a potential candidates strengths hard as there is no clear formal definition, so whilst a person might have the title of network designer, that person may be performing more of a network architecture function, and vise versa.

In the IT industry the term designer and architect largely follow the broader known definitions used in other industries, but unlike other industries which may have very clear descriptions, in IT these are often used interchangeably. However I believe there is a significant difference between the two which, based on my own experience I will try to discuss here, and maybe provide some insight, and perspective. I also think both skills are critical to a successful IT department in any mid to large size organisation.

ISO/IEC 42010:20076 defines “architecture” as: “The fundamental organization of a system, embodied in its components, their relationships to each other and the environment, and the principles governing its design and evolution.”

TOGAF embraces, but does not strictly adheres to ISO/IEC 42010:2007 terminology. In TOGAF, (based on my 9.1 certification and knowledge) “architecture” has two meanings depending upon the context:

  • A formal description of a system, or a detailed plan of the system at a component level to guide its implementation.
  • The structure of components, their inter-relationships, and the principles and guidelines governing their design and evolution over time.

My thoughts on the role of an architect is to optimize, the often fragmented legacy processes, technologies and capabilities, which is responsive to change and enables the delivery of the business strategy. It enables the effective utilisation of information and technology to assist the business in achieving a competitive advantage, and enhancing the user experience both internal and external to the business.

IT architecture focuses is on the broader, holistic view on how systems inter operate with each other and the principles that they should adhere too. It typically defines the choice of framework, capabilities, scope, goals, and high level methodologies which will be utilised.

IT designers focus is to plan for how the systems will be organised, how the components of a system will work and integrate, how the system will be implemented and the specification which should be met during, and at the end of the implementation and or integration.

Whilst these may seem in large part like the same thing I believe IT architecture is more objective focused, analyzing the requirements, the system and how it will be measured, whilst design is more subjective, as it is based more on the usage of a system, and how it will operate and be managed.

Simply put IT architecture often involves looking at all the features, from a business and IT perspective, how they inter relate, the inputs and outputs of how the system will be supported or utilised and the broader implications to the business as a whole. Design is typically more focused on the system itself, and its technical aspects, features and constraints.

That said, as mentioned, both skills are important as an architect may focus on the overall aesthetics of the system and the integration with the business a designer is typically looking for the purest technical solution. Architecture faces towards strategy, structure and the abstract. Design faces towards implementation and practice, towards the concrete. Therefore when combined a design defines how a chosen architecture is applied to the given requirements.

Architecture without design does nothing: it can too easily remain stuck in an ‘ivory-tower’ world, seeking ever finer and more idealized abstractions and solutions with the risk at realizing practical outcomes .

Design without architecture tends toward point-solutions that are optimized solely for a single task and context, often developed only for the current techniques and technologies, and often with high levels of hidden ‘technical debt’.

Having skills in both disciplines can sometimes be challenging but for effective and efficient IT in a mid to large size organisation, both architecture and design are essential to arrive at appropriate, useful, maintainable solutions when both are in use and in appropriate balance.

Final Thoughts

I have worked from a technician to designer to solution architect to domain architect and seen the benefits and limitations of all of these roles. I believe, perhaps slightly egocentricity, that having experience in all areas help round out what is needed for the organisation. Whilst in large organisations these roles are typically filled by different people or groups they can be a single person or group.

Whilst it is often important to deliver to the goals and objective of a specific project, being able to ensure this aligns with the organisation’s overall strategy and leaves minimal tech debt (gap) is more ideal. I have briefly discussed this in a previous post IT Architecture Process

I guess the answer is that both Architecture and Design are important, one may be more so depending on the situation, and they are often not disparate skills, however more focus or weight can be applied to one area over the other, it really depends on what problem is trying to be solved.

Multiprotocol Label Switching (MPLS) Notes

Multiprotocol Label Switching (MPLS) is widely used in many large enterprise networks and as with all networking technologies it is the concepts which are important to remember and understand. Thus the following is just some general information about MPLS rather than configuration examples, which are easy to find on the interweb.

Unlike a traditional IP network which perform routing lookup based on IP addresses to determine the next hop, MPLS does label switching instead. Basically instead of looking up the next hop based on the IP address it finds the destination router, which is based on a predefined label to destination network association, and applies the appropriate label(s) to get to that router via a pre-determined path. Once the traffic reaches the destination router (PE) the label is removed (or via the penultimate P router if penultimate hop popping is enabled, which in most deployments it is) and the packets are delivered locally via normal IP routing.

A typical example of this is when a tenant advertises its IP subnet (pick your favorite routing protocol) associated with its VRF to the PE router which will associate that subnet to a label. The PE then exports those tenant routes from the tenant’s VRF into MPLS and transmits them across the cloud / backbone, to their destination. Those routes are then imported back into the destination VRF and locally advertised by a routing protocol, thus creating a virtual private network. Note: Private in this instance does not imply any encryption but rather segregation of information from other tenants.

Because the PE associated the tenants IP subnet to a label and those labels are communicated via the control plane to all MPLS participating PE devices as an MP-BGP extended attribute, other PE’s know what label to associate to get back to that tenants IP subnet. When the traffic is sent across the MPLS core the PE adds the destinations PE label, which it already knows via the control plane learning and then if required also adds an additional label for the next router in the predefined path towards the destination.

This pre-determined path or label-switched paths (LSP) is established via the Label Distribution Protocol (LDP) which creates a unidirectional tunnel between the PE routers.

MPLS is typically deployed in an Enterprise as a method to connect tenant environments across a shared backbone and/or to segregate tenants across a shared backbone from each other. Whilst there is some perception that MPLS is faster than performing an IP route lookup, and this is likely true, for the most part given today’s router processing speeds, for all but the largest networks, this is of negligible benefit.

For pure IP routing to work the router must use control plane protocols, like OSPF, to first populate the IP routing table and then populate the CEF Forwarding Information Base (FIB).

Similarly, for MPLS forwarding to work, MPLS relies on control plane protocols to learn which MPLS labels to use to reach each IP prefix, and then populate both the FIB & LFIB with the correct labels.

A diagram I find useful is as follows:

mpls-diagram

The LFIB resides in the data plane and contains a local label to next-hop label mapping along with the outgoing interface, which is used to forward labeled packets.

A unique MPLS label is allocated for each VPNv4 prefix which is inserted between the L2 and L3 header. Multiple labels can be inserted, in fact this is how the MPLS VPNs work, by stacking multiple labels.

For example, the ingress PE will place two labels on the packet, label 1 (L1) is the path label (provided by LDP), and label 2 L2 is the VPN label (provided by BGP).

Thus, as per the following example, the mpls will populate the LFIB with labels associated with prefixes and the outgoing interface / next hop. Also if this router is the last MPLS hop for a destination prefix the label is removed, or ‘popped off’ before sending the packets to the local VRF (VRF-BLUE).

router1#sho mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16         Pop Label  IPv4 VRF[V]      2941227361    aggregate/VRF-BLUE
17         No Label   10.0.42.0/24[V]  496031973389  Vl3500     172.16.50.70
18         157        172.16.6.24/30   0             Po101      172.16.51.17

Virtual Routing and Forwarding (VRF)
VRFs can be used to store routes separately for different tenets (customers, groups, domains). Each VRF has three main components:

  1. An IP routing table (RIB)
  2. A CEF FIB, populated based on the VRFs RIB
  3. A separate instance or process of the routing protocol used to exchange routes.

Route Distinguisher (RD) : = 96 bit VPNv4
RDs allow BGP to advertise and distinguish between duplicate IPv4 prefixes. It does this by adding the RD to the IPv4 prefix, creating what is called a VPNv4, which is comprised of two parts:

  1. A 64-bit RD
  2. A 32-bit IPv4 prefix

Route Targets (RT) :
PE routers advertise RTs in BGP updates as BGP extended community path attributes (PA). MPLS uses RTs to determine into which VRF a PE places iBGP learned prefixes.

NOTE: RD & RT are separate, independent values. While a particular prefix can have only one RD, it can have one or more RTs assigned to it.

Misc

  • Labels are locally significant (similar to frame-relay DLCI, or VLANs)
  • MPLS is based, not tied to the routing table!
  • Always ensure basic connectivity and routing is functioning correctly before implementing MPLS

The capability vrf-lite command disables the DN-bit (down bit) and domain-tag checks in OSPF. Since the CE router acts as the PE router in VRF-lite, these checks should be disabled, because the PE routers advertise VPN routes with DN-bit set to the CE routers

When VPN routing and forward (VRF) is used on a router that is not a PE (that is, one that is not running BGP), the checks can be turned off to allow for correct population of the VRF routing table with routes to IP prefixes.