Survivor's Guide to 2005: Infrastructure

How can you be sure to spend your infrastructure dollars wisely? By buying only the features and speed you need.

December 17, 2004

10 Min Read
Network Computing logo

On the security front, most of this year's edge switches will employ the IEEE 802.1X standard for network-based authentication. This standard lets you control access to your switch and internal resources. Although 802.1X is frequently mentioned with regard to wireless networks, the standard was developed for Ethernet. Most vendors provide fine-grained control over which users have access to specific networked resources or of which VLAN they'll be a part. With 802.1X, it's easy to set up guest logins with access to the Internet only or let internal users access the company's intranet network but not the payroll computers.

Although such security policies aren't new, 802.1X makes them much easier to set up based on user. These resources require additional layers of authentication, but the standard still hardens the center of the network. You don't have to sacrifice performance to add security to internal networks. Most vendors can do access lists in ASICs on their core routers, so there's no penalty for the extra overhead of filtering every packet.

Wireless features also continue to cross into the wired network. Extreme Networks, Foundry Networks and other vendors have edge switches that incorporate intelligence formerly found on the access points. This is done to simplify security and make it possible to roam from one AP to another. Cisco Systems released its WLSM (Wireless LAN Services Module) card this year for the high-end 6500 chassis. That card forces all wireless traffic to the core.Cisco continues to lead the features race, incorporating hardware to provide security and enable VoIP into its new 2800 and 3800 WAN router lines without sacrificing performance. These models feature VPN acceleration as well as intrusion detection. Smaller companies have gotten the idea, too. Lok Technology's Airlok appliances, for instance, provide bandwidth management, firewall capabilities, intrusion prevention, user authentication and even usage-based billing at a fraction of the cost of equivalent products. Although these devices are particularly good at enabling wireless services, they're also beneficial for wired networks. And even though the vendor's performance claims remain unproven, the price and functionality of these devices are too compelling to ignore. Meanwhile, Juniper Networks' recent purchase of firewall vendor NetScreen Technologies gives it the technology to add more functionality to its edge routers.

One feature fails to spark our imagination just yet: IPv6 may have some benefits in the carrier market (think individual IP addresses for cell phones), but for U.S. enterprise applications, this remains a technology ahead of its time. Far too many IPv4 addresses and an infinite supply of private NAT addresses are available in this country. Vendors who need to recoup their IPv6 R&D investments should look to the U.S. Department of Defense (whose networks are required to support IPv6) and the Pacific Rim, not U.S. enterprises. Still, the equipment is coming, bit by bit. Nokia recently demonstrated an IPv6-enabled phone, and all the major vendors' routers support the technology in some fashion.

Regardless of the vendor's market share, consider the benefits and risks of heavy integration. Consolidated management may ease your burden, but the downsides for such heavy integration include increased dependence on one vendor and a loss of flexibility. You can't upgrade one function without upgrading the whole device.

Inside infrastructure equipment, features rule. Outside, the name of the game is speed. All along your network, from the desktop to the backbone, bandwidth continues to get cheaper. That fact is sure to lead you to temptation--Gigabit edge switches and 10 Gigabit technology in the wiring closet sound so appealing. Now take a reality break. If 10 Gigabit equipment goes for $10,000 per port today, who's to say that price won't be $5,000 when you really need it?

As the price per port of 100-Mbps and Gigabit edge switches drops again this year, vendors' bandwidth mantra is likely to be, "Gigabit to the desktop." You should consider this only if you have demonstrated a need, or if you have other reasons to upgrade anyway. Most business applications still run just fine on wireless networks with a maximum speed of shared 6 Mbps, and telecommuters on a WAN get by with even less.Furthermore, before you blame the network for slow connections, pinpoint the source of your bottlenecks. Start by looking at your servers and desktops. An inexpensive analyzer--WildPackets and Network Instruments sell tools for less than $1,000--can do the trick. Windows XP users can even try the built-in tools under Task Manager's "Networking" tab. The open-source MRTG (Multi Router Traffic Grapher) can give you this information, too. Without getting to the root of the problem, it's too easy to point the finger at the network infrastructure and buy desktop bandwidth you don't need.

Server and backbone connections are a different story, as the higher-speed connections often are useful there. Monitoring network backbone connections is a little trickier than monitoring desktops, but not much, since midsize and large networking equipment typically comes with network-management software that tracks utilization. Use it. And don't buy into the myth that Ethernet can't be used to its maximum bandwidth. Believe it or not, some switch salespeople still try to perpetuate this falsehood, even though it was proven wrong in the 1980s.

Real Needs for Speed

There are, of course, good reasons to consider upgrading switches at the edge. You may be running niche applications, such as CAD, or you may be editing huge video files. You may be considering the QoS or PoE (Power over Ethernet) features that make VoIP possible. If that's the case, 100-Mbps or Gigabit desktop speeds may make sense at the edge. Get quotes for 100 Mbps and Gigabit from your vendor, and you may decide to jump right to Gigabit if the price differential isn't that great. Prices vary by manufacturer, but as an example, Hewlett-Packard's ProCurve 3400-48G, a 48-port Gigabit switch, costs $6,899, while the 48-port HP ProCurve 5348x1, a 100-Mbps unit, is $4,759.Keep in mind, though, that VoIP phones have built-in switches so that VoIP can be supported without adding another Ethernet cable. Since Gigabit phones are just starting to roll out--with Cisco's introduction of its 7971G-GE--you may have to live with 100-Mbps to the desktop anyway. Otherwise, you'll have to factor in additional costs for a Gigabit-capable phone or an extra cable connection if you want to reap the benefits of a Gigabit switch.

Most vendors now offer 802.3af (PoE) over both 100-Mbps and Gigabit interfaces, but you can expect to pay a big premium for the power and Gigabit combination. If you're planning to implement VoIP, you'll get much more use from PoE than Gigabit to the desktop. But PoE needs to draw its power from somewhere, so you may need to upgrade the power to your wiring closets. In addition, be clear about what you're getting--the amount of power per interface varies by vendor. The maximum is 15 watts per port, but different VoIP phones have different requirements. Make sure you have enough juice to power all the VoIP phones or wireless endpoints you plan to install.

At the network's core, technology is rapidly moving toward 10-Gbps connections, though some of the standards are still playing catch-up. Equipment with 10 Gig Ethernet fiber ports has dropped from $25,000 and $50,000 per port last year to well under $10,000 per port, and varies in price depending upon whether the ports are used in high-end chassis or standalone wiring-closet switches. If you do buy wiring-closet switches with Gigabit to the desktop as an insurance policy, some vendors, including Cisco, Extreme Networks, Foundry Networks and Hewlett-Packard, can provide Gigabit with the ability to upgrade to 10 Gigabit to the backbone when you really need it.

If you're installing new cabling this year, pay attention to new standards that the IEEE might be using to eke out faster speeds in the future. Running 10 Gigabit over twisted pair is a big challenge, but the industry is searching for a way to do it while minimizing cabling costs. The IEEE is preparing a standard for 10 Gigabit over twisted pair: 802.3an, which is expected to be ratified in 2006.

Category 6 cabling is expected to support transport distances of at least 55 meters, but there are no guarantees it will support 100 meters. Last year, the expensive, foil-wrapped Cat 7 cable appeared to be the only sure thing for 100 meters. Since then, the TIA/EIA (Telecommunications Industry Association/Electronic Industries Association) has designed a new version of Cat 6, called Augmented Cat 6, that supports 10 Gigabit Ethernet over 100 meters.By the time you read this, at least one cabling manufacturer, Systimax Solutions, will have a product supporting the draft version and guaranteed to support the final version, says Mike Barnick, Systimax's senior manager of solutions marketing. The cable will use thicker-gauge copper and thicker jackets than the current Cat 6 standard. Proper installation procedures will be a key to avoiding one of the biggest enemies of 10GBase-T, Barnick points out--cabling secured with tight tie wraps increases the likelihood of alien cross talk. Simply revising installation procedures may make standard Cat 6 more amenable to 10GBase-T, according to George Zimmerman, CTO of Solarflare Communications, a manufacturer of components for network interfaces.

If you're planning to adopt the 10GBase-T standard early, you'll need to prepare extra room in your cable runs, as Cat 6 is thicker than Cat 5e, and it looks like augmented Cat 6 will be thicker yet. Either version of Cat 6 will require more breathing space to minimize alien cross talk with 10GBase-T. For now, if you're looking for low-cost 10 Gigabit connectivity and can deal with distances of about 15 meters, look for products with 802.3ak support, which provides for copper-based Gigabit connectivity with special Twinax cables. The data center is the most likely place to use 10 Gigabit copper solutions.

WAN Services

For WAN services, pay attention to new MPLS (Multi-Protocol Label Switching)-based offerings that support Ethernet across the entire WAN. The IEEE 802.3ah standard (Ethernet in the First Mile) has made it easier for carriers to offer inexpensive end-to-end Ethernet services for both voice and data. Services can be provided at Layer 2, letting you manage the routing, and they also can provide a routed IP service, relieving you of having to manage a routed infrastructure. If you've been putting up with frame relay service, you should consider these newer offerings, since MPLS promises better QoS, lower latency and easier management at a lower cost.

VPLS (Virtual Private LAN Services) are on their way, too. Right now, smaller carriers like Masergy Communications are offering VPLS, and large carriers are likely to do the same this year. VPLS lets you plug in your Ethernet networks at multiple locations across the WAN, yet still appear as one big happy LAN. In 2005, at least, who could ask for anything more?Peter Morrissey is a full-time faculty member of Syracuse University's School of Information Studies, and a contributing editor and columnist for Network Computing. Write to him at [email protected].

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights