By Stephen J. Bigelow, Senior Technology Writer
Switching and routing are core functions of any network, but they have grown beyond the traditional role of connecting network segments. Solution providers can see that switches and routers are getting more intelligent; even low-end and mid-range products now include features that were once found only in enterprise data centers. But what capabilities are really important for your client and their network? Here are five major considerations for your next network infrastructure project:
Consider rich security features available on the device. Network security is no longer an afterthought addressed with separate appliances or software. "In this day of regulatory compliance and the legal impact of information leakage, it's important for an organization to know what's traveling through the pipes," said Steven Reeves, director of solutions marketing for Nexus Information Systems, a Cisco channel partner headquartered in Valencia, Calif. Solution providers can select switches and routers with user login/authentication features, integrated firewalls, intrusion detection/prevention (IDS/IPS), and a variety of other port level checks and filtering features.
Let's consider a few examples. An enterprise-class intelligent switch can implement network login to block all user packets onto the network until the user is properly authenticated. After authentication, access control lists (ACLs) restrict user access to pre-defined areas of the network. Layer 3 protocol authentication combats data leakage by preventing unauthorized devices from joining the network. Traffic classification can prioritize certain application data (such as voice) or block traffic from undesirable applications. Devices also employ port spanning (a.k.a. port mirroring) to copy traffic from a selected port (or VLAN) to another port that monitors network traffic. Reeves points out that the security features implemented in today's switch/router products are most effective when they map to the client's security policies.
Consider virtualization features emerging on the device. Network virtualization combines different LANs into a single network. It can also create multiple virtual LANs from a single physical network infrastructure. Successful network virtualization requires intelligent switches and routers that can execute virtualization software and provide superior interoperability between other virtualized devices.
Many solution providers see the value of automation in network virtualization -- the ability to adjust the network in the event of faults and outages while imposing little (if any) impact on the end users. "My routing platform realizes that my primary data center's email server is down and it's failed over to a secondary data center," Reese said. "The router is intelligent enough to route the traffic automatically and the switching platform is intelligent enough to reassign the VLAN and reroute automatically."
Consider management capabilities including centralized and remote features. Management should be a key point of evaluation for any switch or router. The device should support conventional command line interfaces (CLI) along with a graphical user interfaces (GUI) available across a secure Web connection (such as SSL). The management interface should be sensible, intuitive, and easy to navigate. "When it comes to routers and switches, 95% of what we need to do involves only 5% of the features on the device," said Karl W. Palachuk, CEO of KPEnterprises Business Consulting Inc., a small business IT consulting firm located in Sacramento, Calif. "The configuration, troubleshooting, and documentation of those key features should be as useful as possible." Also look for management interoperability between switches. For example, a solution provider may select a new switch that uses the same OS as an existing switch, allowing both devices to use the same known commands -- easing the learning curve for the new device.
Look for centralized management that emphasizes management features, especially when it comes to upgrades. "It can be very labor intensive to backup the configuration, apply updates, backup the configuration again, and test systems," Palachuk said. "The more automated this process from a central location, the better." Also look for centralized management of other devices through the switch or router. The device should support network monitoring and provide a single view of network health. The device should also enforce global network policies and push upgrades to other devices on the network.
Other advanced switch management features include 802.1X network access control (NAC), VLAN awareness and configuration, link aggregation (a.k.a. port trunking), port spanning, and SNMP monitoring of device and link health.
Consider features that optimize traffic performance. Most clients employ video, voice or other rich media traffic in their enterprise. The core network devices should implement Quality of Service (QoS) features to prioritize desired traffic types or the ports channeling that traffic. Prioritization also prevents packet discard and delay which can disrupt rich media types. Bandwidth rate limiting (also dubbed "bandwidth throttling") and I/O queues allow devices to further control traffic and prevent network link saturation caused by busy applications or overused network segments.
Consider powerful logging and reporting features. Finally, solution providers should consider switches and routers that include versatile and detailed logging, reporting and diagnostic capabilities. Logging and reporting should be clear and easy to understand, and the device should push the logs to an external server for storage and further analysis. Network professionals like Michael S. Wherry, technical architect for the Global Hyatt Corporation in Chicago Il, suggest selecting devices that generate standardized NetFlow data which can be assessed in detail using tools like NetFlow Analyzer from ManageEngine. Reporting and logging should also provide clear and useful information about any virtual LANs configured on the device.
While basic reporting is often built into the firmware of low-to mid-range switches and routers, enterprise-class devices may offer management and monitoring tools as an application module such as 3Com's Network Monitoring Module for the Switch 8800.
This was first published in January 2009