Flipping switches

Switches are changing. The workaday, data-routing box is falling from favour, with successful models more aware of the changing nature of network traffic. This means IT professionals must re-think the criteria they use when considering which switch will deliver the greatest benefits.

  • E-Mail
By  Simon Duddy Published  September 17, 2005

|~|Mehawej,-Josep_m.jpg|~|“End users are more demanding of the network. It is mandatory to have quality of service (QoS) on the LAN in order to make sure that business critical applications have priority.” - Joseph Mehawej, marketing and technical sales manager at Nortel Middle East.|~|Network traffic in the enterprise can be compared to traffic in a city. Traditionally, the main aim in both systems has been to combat congestion but they are also increasingly aware of the type as well quantity of traffic. Town planners create special lanes for bicycles and heavy vehicles because not all traffic carries the same aims, expectations or characteristics. It is exactly the same story in the enterprise network. Not all data packets are created equally and switches must have the intelligence to recognise important differences and implement policies to ensure that new applications can be effectively deployed. In today’s enterprise, the emphasis is shifting from data-centric traffic to converged traffic comprising data, voice and video. Switches are evolving to cope with these changes and also taking on more security functions to provide another layer of protection against rapidly advancing threats. Convergence has changed the picture for switches, with quality of service (QoS) a much bigger issue now than it was just a few years ago. Most network vendors incorporate some kind of QoS system into their solutions. This allows network managers to prioritise traffic according to importance. To do this, the switch needs to recognise different types of application traffic, so an IT manager can rank them, with for example, voice getting top priority, followed by CRM info and with less time critical traffic such as e-mail at the bottom of the ranking. Realising the contrasting characteristics of different network traffic, means that IT managers can be much more subtle in coping with latency and other issues. The catch-all solution for many IT managers was to add more bandwidth when it became scarce. But with effective QoS built-in to switches and adequate processes developed by the IT team, existing bandwidth can be much better utlised, saving long term costs. “End users are more demanding of the network,” says Joseph Mehawej, marketing and technical sales manager at Nortel Middle East. “It is mandatory to have quality of service (QoS) on the LAN in order to make sure that business critical applications have priority,” he adds. The data network was initially ill equipped to cope with increased voice traffic. Voice packets were treated like data but users could not tolerate the levels of latency that was not a problem with data. Now as QoS becomes more prevalent, the data network can better handle the demands of voice. The largely savings driven move to put voice on to the IP network is arguably only now beginning to pay. The demand for converged products has also meant the integration of power over Ethernet (PoE) support into switches. This allows switches to connect to phones while also using the connection to ferry power to the devices. However, some commentators have cautioned that these measures must be prevalent throughout the network to be effective. Combining a converged switch with older switches is like having a Bentley with a bad tyre, it will never hit optimal performance. The installation of converged switches in a network is making it necessary to weed out existing older and less intelligent switches because they immediately become the weak link in the network and negatively impact ROI. “Convergence on the LAN is happening today, and while much of the focus on convergence starts at the edge, the core must also be fully capable of supporting the QoS and policy defined at the edge of the network,” says Youb Saim, marketing manager for Alcatel Enterprise Solutions. In response to varied new traffic, vendors are building VoIP quality monitoring into the infrastructure, so if calls fall below a quality threshold an alarm alerts the administrator to counter the problem. Obviously for this to work monitoring must have visibility over the entire network. There is also a need to set increasingly automated policies, as administrators will not always be on hand to make the tweaks that keep phone and other services jitter free. “End users are finding that as their IT demands increase, they are not able to scale headcount to keep pace. This means there is pressure on switch vendors to build smarter technology into products that allows the IT team to be attain greater operating efficiency,” says John Yen, senior manager for switch product marketing at Cisco. Cisco has embedded an event manager into some switches, which allows an administrator to create custom scripts and programme the switch to automatically react to problems. For example, if a switch is consuming too much processing power, it can be programmed to re-start, generate diagnostics, and e-mail results to the administrator. Protocols such as weighted random early detect (WRED) also help to control traffic, by anticipating when switch and router buffers will fill and throttling back traffic. With extra traffic on the network and more business critical applications deployed network-wide, there is also arguably greater need for resilience. Extreme Networks estimates that a one hour network outage can cost a small shipping company up to US$30,000, while one hour’s downtime can cost up to US$6 million for an average sized bank. Switch resilience is becoming a crucial factor in converged networks. Unlike traditional systems, converged networks deliver an array of services some of which may be critical. For example, a call to an emergency service, such as ambulance or fire department, from a VoIP phone must be processed reliably in spite of failure in some network components or routes. As IP becomes the de facto protocol for storage and telephony, 100% availability is less of an option and more of a necessity. This greater emphasis on resilience has impacted switch design. “It’s a network-wide issue and the ultimate goal is application availability,” says Mehawej. “The network needs to be agile enough to cope with problems without loss. This is resiliency, but this is based on device redundancy and that comes two ways. Either you can double up on devices, so that if one fails another takes over, or you can have redundant components within devices, for example, power supplies, hot swappable input output modules, and redundant switch fabrics,” he explains. On-switch software also plays an important part in ensuring redundancy. An easy software upgrade process should be established and the network should also have the intelligence to react automatically and provide failover if disaster strikes. Vendors have come up with software solutions that enhance the resilience of switches, such as Extreme’s modular operating system, ExtremeWare XOS. This allows network managers to start, stop and restart as well as add and activate software modules without taking the network down by rebooting the switch. Another important sea change in thinking about switches, is the greater emphasis now placed on security. Stopping threats has not traditionally been the role of the switch but as the virus and hacking danger has evolved, vendors have not been slow to recognise that switches can play a part in the overall security picture. One example of this is Extreme’s BlackDiamond 10k switch, which uses a policy engine called Clearflow, in conjunction with the external Sentriant device, to filter security threats at 10Gigabit throughput. The benefits of security features include enhancing the layered approach to security. Most commentators agree that security-wise, it is not a good idea to ‘put all of your eggs in one basket’. It also gives the enterprise the opportunity to monitor traffic within the LAN. Most security devices monitor the perimeter, but if something is released within the network or gets past the perimeter, having security features on the switch can prove a helpful back-up. “Security on switches also means that authentication can take place at the user level and at a device MAC-level basis, doubling the protection in accessing the network,” says Wael Fakharany, regional manager, 3Com Middle East. On the other hand, many security vendors are sceptical of the extent to which switches can protect the enterprise. Sceptics charge that switches are too central to the network to provide effective defence against threats and that once a threat reaches the switch it’s too late to avoid damage. Switch companies also come under fire for lacking the necessary security experience to build robust enterprise ready solutions. “Switches are built for a purpose: to switch traffic! Having more security features in them might overwhelm the processing power of a switch, and affect the basic function it is built for. Therefore, security related overheads shall be a critical issue while designing those switches,” says Hatem Ali, territory technical manager for ISS Middle East. The enterprise is right to be a little wary of switch firms building themselves up as security companies but there is no doubt that security in the switch will be a key feature in the next few years and must be understood to be used effectively. Essentially, switch-based security features will complement rather than replace traditional security devices. “Switches will front end security devices and offload them from resource intensive tasks such as DoS and network layer attack protection. So basically by using both techniques simultaneously the scalability of legacy security solutions will be extended,” says Yarob Sakhnini, regional technical manager at Foundry. The increasing sophistication of switches must lead to a change in attitude on the part of enterprise end users. It is no longer enough to simply install a switch and forget about it. With switches being capable of so much more, users must acquaint themselves with the technology if they are to fully realise the benefits. “Most of the features on switches have not been utilised. It’s the 80-20 principle. 80% of people use only 20% of features. Cisco switches have supported QoS for five years but most users don’t switch it on,” says Hatem Al Sibai, CIO of Al Ghurair Group. This means that while sophisticated features can save time and money by automating processes, staff must also invest more time getting to grips with increasing sophistication on switches. These two factors have the potential to cancel each other out to some extent. While awareness of features has crept to number one in the criteria list for users pondering a particular switch, that does not mean that the ‘speeds and feeds’ issue is dead. As faster technologies become available and port densities grow, users must pay heed. A good example of this is Gigabit Ethernet to the desktop. “Port-prices for Gigabit Ethernet are now at a level that enterprises can afford. The cost of a Gigabit port on an Extreme switch today is equivalent to the cost of a Fast Ethernet port in 2001, when it went mainstream,” says Jan Hof, director of marketing at Extreme Networks EMEA. Scalability is also a crucial consideration; with network managers looking to pack as many ports as possible into a box that is as small as possible. This saves physical space and can be a big consideration in offices and wiring closets with limited space. “We have seen switch fabric capacities double every two to three years allowing system vendors to build very high capacity and space-efficient solutions,” says Val Oliva, product marketing manager at Foundry. The switch market is seeing serious changes, with some commentators saying enterprises are on the cusp of a major new buying cycle. “The next big buying phase in switches is imminent, with the models bought five years ago having attained ROI and the models available today able to do so much more,” enthuses Al Sibai. To make the most of what could be a frenzy of switch spending, network and IT professionals must stay on top of the latest standards and features in switching. Due to the fast pace of development, this is not an easy task. Also, the introduction of feature rich converged switches into an existing network may necessitate additional upgrades or replacement of other network equipment before the full benefits can be reaped.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code