HP ProCurve Powers A Unified Switching Architecture

Solid solution taps ProCurve switches and management software, hitting all requirements in our RFI.

July 16, 2008

8 Min Read

In our review of enterprise switches tailored to the needs of TacDoh, a fictitious, growing company that provides deep-fried food through retail outlets, we found that Hewlett-Packard built a solid product using ProCurve switches and management software. InformationWeek Reports

For the price and features, HP's network redesign hit all of our requirements. The products selected provided ample room to expand the network density, from adding more ports to migrating to 10 Gigabit Ethernet when the time comes.

HP's support for voice over IP and other real-time media is comparable with other companies' switch product support, but ProCurve has made strides in port security and management for smaller networks.

THE UPSHOT

CLAIM: Hewlett-Packard's ProCurve switches can serve as a unified switching platform from the access layer to the core and offer the features required to manage today's dynamic networks. At the same time, HP keeps costs down and backs its products with the best warranty in the business.

CONTEXT: As the distant No. 2 switch vendor by units or ports shipped, HP's ProCurve switch line usually gets on the short list, but more often than not, it loses to Cisco. Of course, HP also is competing against 3Com and Nortel Networks, along with other switch vendors.

CREDIBILITY: HP's ProCurve switches are every bit as full-featured as similar offerings from Cisco. Missing from HP's portfolio are data center switches comparable to the Nexus 7000, although our RFI didn't require a switch with that capacity.

HP ProCurve is a distant second to Cisco in the enterprise switch market. HP garnered about 10% of the gigabit switch ports shipped, with 3Com close behind, according to a Dell'Oro Group report for the first quarter of 2008. The competition really isn't with Cisco, which carries up to 70% of the switch market. Rather, the fight is for the remaining 30% market share.

As part of our request for information, we asked vendors to supply us with a network redesign based on our company's existing network, current business needs, and future plans. We wanted it all: high speed, high reliability, high flexibility, and a low price. (Click Here for The complete RFI.)

HP's switch does it all for $89,573, excluding service and support. Included with the purchase of any ProCurve switch is a lifetime warranty on the hardware, including next-day replacement, free firmware upgrades, and free e-mail and phone support during regular business hours. Packages with 24-hour and on-site support also are available.

Our original network design took into account the way networks often grow; as new facilities are needed, infrastructure is purchased and installed. In addition, mergers and acquisitions bring their own hardware. The result was a network that contained a hodgepodge of switch models, firmware releases, and vendors.

The RFI is a chance to bring the entire organization to a single platform and build in features such as redundancy at the hardware and network layers, simplify management through a unified platform, leverage advanced traffic and network management to support real-time media, and gain additional security features.

Rolling Reviews present a comprehensive look at a hot technology category, including market analysis, product reviews, and wrapping up with a synopsis of our findings. See our more at Rolling Reviews.

DESIGN ANALYSIS
HP's redesigned network incorporates switch lines that contain Layer 2 or 3 switches in configurations and port densities to fit neatly into any deployment scenario, from the access layer--where wiring closet issues such as power, cooling, and hands-off management are as important as port counts--to core switches that require high availability, high performance, and high port counts.

Starting at the core, HP replaced TacDoh's redundant data center switches and core switch-router with two ProCurve 5406zl-48G Intelligent Edge switches with redundant power supplies. A premium license is an additional $2,999 per unit, but it's required for the Virtual Routing Redundancy Protocol, which provides failover for routing. HP's reasoning for collapsing the data center servers and core switch router onto two 5406-48G switches is to simplify the network topology and provide an aggregation point between the data center and the access switches.

The 5406-48G is a six-slot chassis that ships with 48 10/100/1,000 Ethernet ports, which take up two slots and a single power supply. HP added an additional power supply for redundancy. There are four slots available for growth. Given the number of ports required for the data center servers and the access switches, TacDoh will have plenty of ports available as its network needs grow.

HP's redesign uses switch chassis from the 5400zl line--one for each department--populated with 10/100/1,000 Power over Ethernet ports to support the existing user base. Two smaller switches from the 3500 line are used for locations that have fewer ports. The access switches are underpopulated in the design; TacDoh plans to double its workforce in the next year and the chassis will allow incremental expansion.

HP chose to use chassis versus individual stacking switches to improve performance.

HP's solution has a number of high-availability features. The access switches are dual-homed using 1000Base-T uplinks to both core switches and Layer 2 protocols such as the Multiple Spanning Tree Protocol and the Link Aggregation Control Protocol. The zl modules are hot-swappable and and can be shared among the 5400zl chassis, so fewer spares need to be kept on hand. In addition, modules, mini-gigabit interface converters, and power supplies are hot-swappable.

We also wanted to make sure that the chosen vendor's products will support changes as the network expands, both in size and in the types of applications supported. HP's infrastructure support goes beyond speeds and feeds. Traffic monitoring uses industry standard protocols such as RMON for remote monitoring and sFlow for monitoring network traffic flows, and provides integration with third-party monitoring tools. However, sFlow is generally less supported than Cisco's NetFlow, so your choices of third-party applications that can use flow data may be limited.

Management is through HP's ProCurve Manager Plus management tool. The tool, known as PCM+, offers a full suite of management tools for device discovery, configuration management, monitoring, troubleshooting, and Layer 2 and Layer 3 mapping. Designed for small installations, PCM+ provides a wealth of tools to manage the installation. HP's command line interface has useful features as well. CLI policies can automate repeated configuration tasks and can be automatically executed by an event within the switch.

SPEAK OUT
Like many organizations, TacDoh is migrating from its digital Centrex service to an IP-PBX and VoIP for internal communications. Supporting voice means applying quality of service to voice traffic, distributing power, and supporting E-911 requirements. Like all switches, the ProCurve switches support QoS marking and prioritization based on marking in the packets or though Layer 4 ports. As long as your IP phones are tagging the traffic they're sending, the ProCurves can prioritize it.

IN DETAIL

FEATURED PRODUCTS:
Network redesign using HP ProCurve 5400zl switches, ProCurve 3500yl switches, ProCurve Premium License, ProCurve Manager Plus management software, ProCurve Identity Driven Manager. Price: $89,573.

ABOUT THIS ROLLING REVIEW:
We issued an RFI to network switch vendors to assess how well their solutions and products would fit a growing network for TacDoh, a fictional company that wants to simplify management, unify its architecture, incorporate VoIP, and add security features. We asked vendors to provide a network design and justify their product selection and price.

ALREADY TESTED:
• This is the first switch architecture of this Rolling Review. Next up will be 3Com.
OTHER VENDORS INVITED:
Alcatel, Cisco, Extreme Networks, Foundry Networks, Juniper Networks, Nortel Networks

A bigger source of difficulty is support for PoE. Network engineers look at PoE as Ethernet that carries data; building managers look at PoE as power distribution that carries data. The two views aren't completely opposing, but they can be at odds. In any case, PoE, while making cabling easier, does require planning to get additional power and cooling to the switches. Once to the switch, the two 875-watt internal power supplies that ship with the switch aren't enough to power a fully populated switch with redundancy. Another rack-mounted appliance for external power supplies might be needed.

For example, a typical phone requires 8 watts of power. The two 1,500-watt external supplies can power either 144 devices using both power supplies, or 112 phones with the power supplies in a redundant configuration. The ProCurves support the Link Layer Discovery Protocol for Media Endpoint Devices to let the switch adjust the power level on a per-port basis, and provide location information to the phone for emergency services.

SECURITY MATTERS
The ProCurve switches sport advanced security features that augment other security initiatives, such as worm containment, network access control, and partitioning. The ProCurves feature SSH for remote CLI access, SSL for secure Web management, and SNMPv3. These security features are becoming standard on enterprise switches.

Leveraging 802.1x for network authentication, HP's ProCurve also supports multiple, simultaneous 802.1X clients on the same port, where each authenticated host is treated separately from all other hosts on the port.

In addition, users can be placed on individual VLANs and access control lists can be applied based on user authentication. HP suggests adding its ProCurve Identity Driven Manager, or IDM, which also plugs into PCM+, to manage user policies. IDM allows polices to be based on a user role, time of day, or location. IDM also integrates with HP's NAC-800 network access control appliance.