Survivor's Guide to 2006: Network Infrastructure

VoIP (voice over IP) will eliminate access and toll charges for long-distance and international calls. Besides reducing phone bills, it will let enterprises centralize call operations in one U.S. location, outsource operations overseas, or both. For these reasons, many of our readers will have implemented VoIP or have started a pilot project in 2006. And overall, the number of VoIP access lines will continue to grow through 2008.

Converging applications onto one network will increase stress on corporate backbones and links to workgroups and branch offices. Gigabit interfaces to the network are now affordable even on the desktop, and 10 Gigabit Ethernet is becoming common on the backbone. But building new IP freeways is only a small part of the infrastructure necessary for converged networks. You still must deal with the traffic.

All the devices we've tested in our Real-World Labs® in the past year, from 3Com's 5500G-EI switches to Cisco System's 3800 Series Integrated Services Routers, have excellent support for 802.1p Layer 2 traffic prioritization and DiffServ (Differentiated Services) for Layer 3 QoS (quality of service) over LANs and WANs. That's not the only good news. These devices also make it easy to implement a QoS strategy from a GUI or command-line interface. There should be no more excuses about how managing QoS is difficult. Once you have a handle on traffic, look closely at a standards-based operation. It's within reach.

VoIP Catches FireIn our 2004 reader survey, only 3 percent of readers said VoIP had the most positive impact on their enterprise. Just a year later, most of our survey respondents said they will be in some stage of implementing VoIP in 2006. What's behind the sudden shift to VoIP?

Telephone systems upgraded or purchased for Y2K are getting old. Leases on KTS (Key Telephone Systems) and support contracts for conventional PBX switches began to expire in 2004. Meanwhile, new IP PBX manufacturers have started competing with major vendors including Avaya, Cisco and Nortel Networks. These new players are providing cost-effective form factors for IP PBX switches that make VoIP affordable for enterprises with fewer than 30 employees. Zultys Technologies' MX 30 and Nortel's Business Communication Manager (BCM) 50 joined 3Com's NBX offering of a small form factor IP PBX for small and midsize businesses last year. The BCM 50 costs only $350 per user for converged IP telephony. Although it does not support standards-based SIP (Session Initiation Protocol), it still provides hundreds of telephony features, from three-way calling to call park and pickup, all over IP--as do all IP PBX switches. On the high end, Siemens' HiPath system for enterprises supports SIP and accommodates more than 100,000 users from a single data center.

In 2005, SIP-based IP PBXs simplified call initiation and termination, and allowed voice, video and data to be carried on a common IP protocol. SIP-based IP PBX switches from vendors such as Interactive Intelligence and Siemens also offer integrated support for instant messaging, presence management, unified messaging and Find Me, Follow Me features.

Feature-rich and easy to use, SIP-based IP PBXs will take off in 2006 and will propel unit sales of IP PBX lines past those of conventional PBX and KTS telephone systems next year. But don't leave your IP phones behind. SIP enables more intelligence in those phones. In fact, demand the most out of your IP phones in 2006. They should support a standard dial plan so they can automatically send a call after punching three or four digits, and IEEE 802.3af to power the phone from the Ethernet cable. Each phone also should contain a switch to plug in other devices such as a computer or a cradle to a PDA.

With the network upgrades many enterprises undertook last year, problems of delay, jitter and packet loss should be resolved, but a pilot project will determine whether your network can handle VoIP. The ITU G.114 recommends no more than 300 milliseconds of round-trip delay, but more than 250 ms of round-trip delay makes LAN-based calls sound worse than PSTN calls.

Jitter, the variance in delay, can make a call uneven and choppy. And packet loss can make it downright inhospitable. Even a 1 percent packet loss can be fatal if customers are traversing an IVR (Integrated Voice Response) system using DTMF (Dual-Tone Multifrequency) tones--one dropped tone and the customer is lost. If your packet loss exceeds 1 percent in 2006, look at a TDM (Time Division Multiplexing)-based trunk to the IP PBX for the automated attendant to handle customers.

Provisioning the appropriate bandwidth and implementing QoS such as IEEE 802.1p, DiffServ or RSVP (Resource Reservation Protocol) also will improve call quality. Voice can be segregated and prioritized on its own virtual LAN, for both quality and security.

Keep It Secure

Like any other application over IP, VoIP is subject to security concerns. Eavesdropping on a TDM-based phone conversation requires a physical tap on the dedicated line or an integration point on the switch itself. VoIP calls, however, share a network medium and any point along that medium is potentially a tap that can trap all the packets of a call for replay. To keep your conversations private, segregate voice traffic on its own network or virtual LAN and reduce the number of segments that can be used to tap conversations. If you need absolute privacy, look into encrypting the conversation in transit using TLS (Transport Layer Security).

Software updates for your new IP phones will typically be found on the network or the Internet over TFTP or FTP. Because many IP phones search for their update server on boot, intruders can easily identify an update server, establish a rogue server that masquerades as the update server and deliver malicious code to the phone. At a minimum, use a CRC (cyclical redundancy check) for all IP phone updates via executable images in 2006. For added protection, use cryptography to build a strong hash code to identify those updates.

IP phones are subject to software flaws and vulnerabilities such as buffer overflows and unexpected results from handling improper packet headers. These flaws can expose critical system information on the phone or even a proxy server and lead to DoS (denial of service) attacks. Segregate voice traffic onto its own network and use NAT (network address translation) to protect it from outsiders. Also, avoid using basic authentication to access proxy servers and Web servers on TUIs (telephone user interfaces). Sending user passwords over the wire in clear text is just asking for trouble.

Although Cisco still dominates the Ethernet switch market, 3Com, Hewlett-Packard and Nortel Networks keep gaining every year. Sales revenue is dropping for Fast Ethernet ports, gaining for 1-Gbps ports and slowly rising for 10-Gbps ports.

The cost of 1-Gigabit ports keeps dropping. What sold for $510 apiece in 2002 and $297

in 2003, according to Gartner, can now be had from Netgear for less than $10 per port. If you're looking for fiber uplinks to your backbone network, expect to pay a little more. Before you go with the lowest price per port, however, make sure you can configure VLANs (IEEE 802.1Q), prioritize traffic (IEEE 802.1p) and maintain a QoS strategy like Diffserv or RSVP (see "Standards Track," left) across all your hard infrastructure. If you can't, converging voice, video and data applications on one IP network will be like a tugboat pulling a luxury liner across the Atlantic.

Meanwhile, 10 Gigabit is where 1 Gigabit was six years ago. 10-Gigabit switches amounted to just 1 percent of port shipments in 2004, according to TIA's 2005 Telecommunications Market Review and Forecast. Many enterprises and educational institutions have 10-Gigabit backbone networks on WANs and MANs (metro area networks), but this technology is still too costly for edge and workgroup computing. The average cost per port was $55,000 in 2002, $15,000 in 2003 and $7,500 in 2004. Gartner predicts it will take five years for the price to drop to $1,000 per port.Besides price, 10-Gigabit has architectural roadblocks that require much consideration before you upgrade. First and foremost, what will you do with your security products at 10-Gigabit speeds? Packet inspection for IDS/IPS (intrusion detection/protection system) products just weaseled past the 1-Gbps mark, but they don't come close to handling 10 Gbps effectively. Next, picture internal firewalls and access control lists at 10 Gbps. Are you seeing queues fill up and spill over?

10-Gigabit networks will certainly put you in the forefront of network computing. But don't upgrade if the implementation won't integrate with the rest of your core infrastructure components, especially security like IDS/IPS. A fast network with no security is no improvement.

What in the WAN ... ?

Carriers are accelerating their fiber deployments to residential and commercial premises and calling it Metro Ethernet. No doubt the Federal Communications Commission fueled this fire by exempting carrier fiber deployments from sharing bandwidth availability with competitors. With Metro Ethernet, enterprises can easily add bandwidth by using an Ethernet switch or a WAN edge router outfitted with an Ethernet adapter. Metro Ethernet can push data at faster speeds and lower costs than its TDM competitors--ATM and frame relay. Furthermore, it can be doled out in incremental amounts on demand, making it more cost effective than TDM.

The IEEE ratified the 802.3ah (Ethernet in the First Mile) standard in June 2004. That standard identified protocols and interfaces for using Ethernet over copper and handling QoS for carriers. But Metro Ethernet can't heal itself the way ATM can over Sonet. A ringed implementation of Sonet can detect outages quickly and reroute traffic accordingly.Metro Ethernet can improve reliability with MPLS (Multiprotocol Label Switching). With MPLS, enterprises can set a path for packets that relieves routers from looking up the path. This makes for a cost-effective routing scheme and QoS. MPLS tags can differentiate and prioritize voice and video traffic.

For 2006, the Metro Ethernet market will not revolutionize the WAN. In the United States, the TIA projects a modest climb to $2.6 billion in annual revenue by 2008. But the market will evolve and open a whole new class of Ethernet services from the likes of AT&T, Bell South, SBC and Verizon, as well as continue services of smaller, well-established players like Masergy Communications. Don't get caught renewing a long-term T1 lease until you've looked into Metro Ethernet and MPLS.

Sean Doherty is a senior technology editor and lawyer based at our Syracuse University Real-World Labs®. A former project manager and IT engineer at Syracuse University, he helped develop centrally supported applications and storage systems. Write to him at [email protected].

IEEE 802.1p: Layer 2 traffic prioritization

IEEE 802.1Q: Connecting LANs together via MAC bridges

IEEE 802.1X: Network-based authentication

IEEE 802.3ae: 10-Gigabit Ethernet

IEEE 802.3af: Power over EthernetIEEE 802.3ah: Ethernet in the First Mile

Diffserv (Differentiated Services), IETF 2474: Layer 3 QoS, www.ietf.org/rfc/rfc2474.txt?number=2474

RSVP (Resource Reservation Protocol), IETF RFC 2205: Resource reservations for multicast and unicast data flows, www.ietf.org/rfc/rfc2474.txt?number=2474

SIP (Session Initiation Protocol), IETF RFC 3261: Simplifies VoIP session initiation and termination, www.ietf.org/rfc/rfc3261.txt?number=3261

The slow but steady uptick in spending on upgraded network pipes will finally start to pay off for the enterprise.Metropolitan and last-mile connectivity are improving with Metro Ethernet, but Sonet will continue to dominate through 2007.

Service-oriented WANs are finally a reality, thanks to the worldwide availability of MPLS. Come for the flatpricing and fully meshed connectivity, but choose a provider based on services that can be moved into the cloud. -->

BPL competes with cable and DSL technology to deliver broadband over power lines and into electrical outlets in homes and offices at speeds of 300 Kbps per second to 3 Mbps. It requires repeaters that cost $1,000 to $5,000 every half mile, making the infrastructure an expensive proposition for electrical companies. But just imagine the potential for BPL.

Anything that plugs into an electrical outlet could be interconnected on an IP network. That includes a refrigerator, microwave, television, toaster, coffee maker, and computer. You could be waiting for a conference call and receive an SNMP broadcast from the microwave telling you that lunch is ready while the Web server on the coffee maker tells you there is one cup of coffee left.

Yet BPL is plagued by interference problems from amateur radio operators. BPL bundles RF energy on the same line as electrical currents. They don't interfere with each other because they operate on different frequencies. But BPL does interfere with amateur radio frequencies. The FCC has put the onus on the electrical companies to fix this problem, which means that BPL implementations must reduce their power levels or change their frequencies.In addition to the interference problems, the FCC has yet to lay out a regulatory framework for BPL. In fact, it isn't the only regulatory agency with a stake in the matter. Public utility companies in each state also have a vested interest. So until the interference problems clear up and the regulatory framework is set, don't look to BPL taking off in 2006. And don't let anyone sell you an IP-based toaster.

Last year we predicted IPv6 would not take off in the enterprise because there was sufficient IPv4 space with unlimited NAT addresses available in the United States. That prediction held true, and it's one we'll stick with for 2006.

However, despite our forecast, VPLS (Virtual Private LAN Services) didn't take off. It still is being used only by small carriers like Masergy Communications. And though MPLS (Multiprotocol Label Switching) networks promise better QoS (quality of service), less latency and easier management at lower costs than leased lines, enterprises did not cut their existing cords with their tried-and-true carriers.

But we're going to extend this prediction, just in case no one heard us last time around. The WAN technology of the future will be MPLS-based because of its efficient traffic flows and QoS services that can live in the cloud rather than in a hub-and-spoke architecture. This market will accelerate as soon as Metro Ethernet ramps up in 2006.

We predicted that expensive Category 7 (shielded copper) cable for 10-Gigabit Ethernet would not go the required 100 meters to replace expensive fiber optic cable. We were right on this call, and we don't expect to see any Cat 7 next year either. In its quest to reduce 10-Gigabit Ethernet costs, the electronics industry is pushing new standards, with cable providers such as Systimax Solutions' (GigaSPEED X10D) ahead of the game.The TIA/EIA (Telecommunications Industry Association/Electronic Industries Association) is pushing a new version of augmented Cat 6, and we're all looking forward to the IEEE 802.3an (10GBase-T) standard, due June 2006. This standard will support a new PHY (Physical Layer entity) to move 10-Gigabit Ethernet over 100 meters of copper (about 330 feet).