In short, if you've invested in ATM technology, plan on consolidating it at the core of your network, while moving to Gigabit Ethernet for fanout to the fringes. Use Gigabit Layer 3 switches to address your routing needs, and eliminate the one-arm ATM router. Leverage PNNI at the core for improved fault tolerance, and reap the price/performance advantages of Gigabit Ethernet edge devices.

No. 3: Layer 3 Switching
As you buy new equipment for your network, plan to deploy Layer 3 switching instead of legacy routers to boost network performance. Layer 3 switches put you in prime position for policy-based networking and other network functions that require an intelligent infrastructure. Likewise, Layer 3 at the edge gives you the flexibility to route where you need it and switch where you don't.

Layer 3 switches are ideal for a Gigabit Ethernet-based IP network migration. As you move from 100 Mbps to gigabit technology in your backbone, you'll find it essential to scale your routing performance with your network performance. Layer 3 switches make this effort practical and inexpensive.

The ideal network will consist of high-density switches at the edge of the network that cascade into gigabit Layer 3 switches. Edge switches should be able to filter and forward based on application-layer information. Generally, that means Layer 3 switches at the edge of the network, though a new class of Layer 2 switches are appearing that are Layer 4-aware. Features and routing protocols will vary by vendor. Cabletron and Foundry support IP and IPX wire-speed routing in hardware; Foundry also supports AppleTalk routing. Other vendors--including Nortel Networks, Extreme Networks and 3Com--route IP and bridge other protocols.

No. 4: Policy-Based Networking
"Policy-based networking" is a heavy-duty term for the ability to monitor and manage your users through the network--and it's one of the advantages you can achieve if you deploy Layer 3 switches across the entire enterprise. Although Layer 3 switching in itself is not part of the policy-based networking scheme, the intelligence necessary for the network to interact with the desktop is found only in these higher-level products. Big vendors--Cisco, Nortel and 3Com, to name three--all have timelines for rolling out policy-based networking and management products.

Simply defined, policy-based networking is the ability for a network device, such as a switch, to know who is attached to a given port. This might be accomplished by monitoring login traffic under Microsoft Windows NT or Novell NetWare, or, more likely, through an LDAP client/server structure that communicates among the workstation, the switch and a central policy repository. If a user is not allowed to log into a particular workstation on the network, the network itself will block the transaction.

Policy-based networking simplifies management. By uniting RMON 2 resources, LDAP-enabled switches and a policy server, it's possible to locate a user on the network by clicking on that user's name in an LDAP directory. If you want to capture traffic from that user's login, click again on the management workstation. You also can administer moves, adds and changes via a policy server. Granting access to a subnet by name, instead of by MAC (Media Access Control) address, becomes trivial. Need to know what switch a user is plugged into? Query the policy-based network to find the device, and eliminate hours of tracing and hunting with this architecture. Want to give e-mail priority over Web traffic? A single policy deployed across your network will save you hours in switch configuration.

By tying user authentication to the network, a whole new level of functionality is added to your management console. But adding this type of intelligence to the network requires significant computing horsepower, as well as integration of the network client. To date, 3Com has made the greatest strides toward a total solution with its DynamicAccess product (www.3com.com/dynamic access), but other vendors are quickly following suit.