Written by:  

Joris van Steen

Building your first network stack; what to expect

What does it take to build a stack? Since we believe that the best way to learn is from each other, our Itility stack engineer community has begun building its own stack. This is a great opportunity for hands-on learning and practical experimentation. In this series of blog articles, you can read all about the issues we encounter and the tests we conduct on the stack.

Designing and building

The entire process begins with some important choices. Do we want to host the infra services such as DNS and authentication for the stack in the cloud or on the stack itself? Do we want to make use of services that are already available within Itility (e.g. AD) or should we develop those ourselves? Do we need LDAP and when do we want the stack to be humming along? For now, everyone agrees that on-premise and in-house development is best, because that makes us less dependent on others. We can always migrate to the cloud at a later stage.

Four servers and two switches are yearning to be unpacked 

Stack inspection

The group splits up into teams of builders and designers. The builders get a stack of boxes and an empty server rack. Four servers and two switches are yearning to be unpacked – or is it the other way around? It doesn’t take long before one of the servers has been opened up, so the team can admire its internal workings. Meanwhile, the other team is working on the stack’s conceptual design. How should we structure the stack? What apps should run on it? How are the switches, servers and firewall connected? Which VLANs do we need and how large will the networks be? 

Before long, the whiteboard contains a list of OOB, MGMT, VMOTION, VSAN and SERVERLAN. The firewall zones are divided into four segments: Internet, Infra, Core and Apps.

There is a discussion about speed versus usability

The first success

Over an enjoyable constructive discussion, the schematic steadily progresses. There is a constant choice to be made between the speed of implementation in the stack and the ease of using the planned applications. And last but not least the VPN layer is added to the VLAN overview. It is a little painful to admit that the addresses on the whiteboard are no longer in the right order, but never mind, the basic design is sound.


The builders note that this is starting to look like a real project. The power supply for the server room has not been connected yet. The screws for the server rack, which are usually found somewhere in a data center, are nowhere to be found. Luckily, some power cables and a few screws are discovered in a storage room somewhere at HQ. After plough through the Chinese manuals, installing the screws and determining what is up and down, it is time to bring on the noise and light. The next step is specifying the design and the shopping list, in which system names, ports and IP-addresses.

backBack to overview

Want to stay updated?