Lippis Report Issue 77: The New Campus Networking Architecture
The campus network is a structural component of the network business platform. No other part of IT has the ability to deliver real corporate value like the campus network does. A disproportionate number of IT and business assets flow across and interact with a campus network. The evolution of computing and applications toward integrating personal and back-office computing environments is occurring over and in the campus network and in its wake is re-defining IT architecture and its relationship to the business platform. As the lines and boundaries of data center, storage, computing, applications and networking blend and blur IT architecture will evolve into a single corporate asset which spans the entire campus network, from the data center, through the campus, across desktops and laptops to mobile end-points. The campus network is changing into an agile and flexible fabric, able to change its configuration and properties based upon application flow to deliver optimized application performance with the goal of improved user experience and satisfaction. In short, campus networking requirements and thus design are fundamentally changing.
IT departments are required to support real-time multimedia services, seamless wired and wireless connectivity, virtualized resources, Web 2.0 applications and much more. On top of these new requirements is the fact that it´s been over six years since the Y2K build-out and many IT departments have not updated their campus networks since then. The result is that many campus networks are based on old technology while businesses require new applications and demands.
Shift in Traffic Profiles
Applications such as Microsoft´s Vista OS and Office Groove 2007 with their peer-to-peer developer links will wreak havoc on networks designed for client-server flows. Readers note, all campus networks were designed for client-server flows. Peer-to-peer networking allows Microsoft to short circuit Linux by minimizing data centers´ client-server flows with new computer-to-computer traffic. But it´s not just Microsoft who is leading the change away from client-server; Google is, too, as are services like BitTorrent, eDonkey/eMule, YouTube, Skype and many others.
Peer-to-peer networking is well on its way to dominating traffic types. CableLabs, the research organization of the North American cable industry, believes that BitTorrent could represent 55% of the upstream traffic on the cable company’s access network. CacheLogic puts that number at roughly 35% of all traffic on the Internet. As peer-to-peer networking grows traffic profiles and patterns will shift away from client-server toward a more multi-directional and unpredictable patterns. Unified Communications and communications-enablement are two additional and very large drivers delivering real-time collaboration among employees, suppliers, partners and customers which need to be factored into campus network design.
Campus Network Architecture
Campus network architecture needs to anticipate and support these trends by incorporating attributes that embrace these dynamics. Campus networks need to be application fluent, support virtualization, provide non-stop or fault tolerant operation with integrated security and be flexible enough to support all types of traffic flows. Yes, speed has always been a hallmark of campus networks, which have traditionally driven Ethernet´s five year, ten-time increase in speed cycle.
It´s not that bandwidth isn´t important; it is and industry data proves the point. Gigabit to the desktop is driving the need for 10 Gigabit Ethernet uplinks. 10 Gigabit Ethernet as well as 10/100/1000 multi-speed card sales are up while fast Ethernet is flat to down. The IEEE Higher Speed Study Group recently started the standards process for 100 Gbs Ethernet. So speed is very much a part of campus networks and will continue to be, but it´s not the sole attribute. Scale is no longer simply associated with connectivity, control and availability, but now campus network services need to scale to support new requirements.
With that said, campus network architecture is and will continue to be based upon a three-tier physical structure of end-point connectivity aggregating into a distribution layer which is connected via a core. In multi-building campus networks, cores are connected via high speed 1 to 10Gbs links going to 40 and eventually 100Gbs. This physical architecture will remain the same; however the placement of services and intelligence will change to support the networked business platform. For example, electrical power is not normally thought of in terms of networking, but it´s a service that the network is now delivering. Power over Ethernet or PoE is a major requirement for a campus network to support as it provides power for unified communications end-points, wireless access points, surveillance cameras, etc.
The bottom line is that a new campus network architecture is emerging that is based upon logical services rather than physical components. Network architecture is the bridge between business strategy and evolution. The best way to think about the new design rules for campus networks is through the use of guiding principals. I offer the following six design principals which will transform your campus network into a network business platform:
Principal One: Design for Fault-Tolerant or Non-Stop Communications
As campus networks are critical infrastructure components their operation needs to be designed for 100% up time, ensuring application availability. This is accomplished through redundant links and equipment so that a resilient campus infrastructure is realized. Redundant power systems in switches and routers will ensure that loss of power will not bring down the business platform, especially as voice and surveillance systems, in addition to critical data, flow across and interact with campus network elements. The ability to perform full image in-service software upgrades is important to keep the campus operational during times of upgrade while in service maintenance ensures business continues even when elements are being maintained.
As networks support more applications (voice, video, building control, surveillance systems, etc.) their status as a critical business platform increases. For example, network outages usually always result in loss of business, lower customer satisfaction and loss of business productivity. Adhering to Principal One, fault-tolerant communications will reduce downtime, increase productivity and customer/employee satisfaction, thanks to high availability. Principal One will also reduce network outages that translate into business outage with their resulting consequences of lost reputation and even potential law-suits.
Principal Two: Think Virtual
Virtualization offers powerful benefits in the areas of dynamic resource allocation and service utilization by carving out logically separate networks and control domains within a shared infrastructure. Virtualization maximizes asset utilization in the campus network. Some examples are helpful. Virtualization of the network layer allows a company to support multiple diverse business policy environments. Many corporations require separation of data, workflow, work product and information flow. This could be due to regulatory issues, a merger, outsourcing and diverse lines of business or private/government-focused divisions within a corporation.
Virtualization of the network layer also allows a company to collapse multiple parallel networks such as video surveillance, HVAC, Voice over IP, Video over IP and data onto a single network infrastructure while providing isolation of these networks safeguarding data or organizational control. Virtualization can also apply to functions performed by the network by integrated network modules in campus switches, such as firewalls and application services. The ability to virtualize these devices allows a single device to serve multiple lines of business or multiple security zones with separate management and reporting that is often necessary.
Virtualization enables the construction of secure guest or contractor access to defined network resources. It also allows IT executives to segregate departments for compliance requirements such as separating human resources from finance. These virtualized segmentations are logical and thus can be guided by business requirements.
Principal Three: Operational Management Excellence
Perhaps the most overlooked and undervalued principal during equipment acquisition is operational management. This is due to the difficulty of assigning budget to operational tools and network gear with built-in software features. But its value is deep. Operational management can accelerate service implementation, ease and lower the cost of management, automate infrastructure management and facilitate plus document changes.
Traffic flow analysis plays a large role in operational management. For example, traffic flow analysis through tools like deep packet inspection provides an in-depth view of the campus network traffic breakdown and associated performance. This insight allows IT executives to plan for growth, tweak application performance, optimize existing infrastructure and locate problems. Some vendors provide solutions to provide the ability to track network assets as well as ?¬¢‚Äö√á¬®?√¨Tagged" non-network assets such as hospital equipment, A/V devices, and potentially unwanted devices like rogue Access Points providing IT operational personnel with a full view of the network and all devices and applications which reside within it. The benefit to IT executives is lowered operational costs when automation is able to provide information necessary to control the network, locate assets, and accelerate deployment of new features, applications and business initiatives.
Principal Three is key to enabling businesses to change and grow, thus meeting its objectives. Strong and automated operational management delivers a benefit to users by minimizing user downtime in network maintenance/operations.
Principal Four: Design for Integrated Security
Principal Four states that the campus network will support integrated security services, which include pervasive security policies and built-in protections for access, identities, resources and content. Without integrated network security IT executives cannot deliver on availability or reliability. Guaranteed uptimes, non-stop performance and business process protections will be impossible to achieve; and there are the many regulatory and legislative conformance requirements to deal with as well.
Integrated security ensures regulatory requirements, safeguards client identity and application/data confidentiality and provides pro-active threat detection and containment. From a business reliability point of view, integrated security is an absolute must principal.
Principal Five: Ensure Application Fluency
Application fluency is one of the most important principals, as it will have a direct impact on user experience. Application fluency or awareness means that the campus network recognizes applications, and controls traffic accordingly to ensure delivery. Application fluency allows the campus network to react to network congestion and guarantee response times at the application layer for critical applications. Many applications are imbedded in web browser windows; therefore, campus networks need to see deep into traffic flows to provide service level performance required by most critical applications. The ability to look deep into network traffic provides security benefits as well. Deep packet inspection in the campus network allows it to protect itself from malicious or misbehaving applications. Principals Three and Five are linked in that they both build upon packet inspection.
Principal Six: Unified Network Services For Mobility
There are multiple networking options for mobile users and data center connectivity. The campus network plays an important role in unifying these networks so that people can connect to any resource and/or person through any device and obtain consistent services and performance independent of wired or wireless access. Consider mobility. To deliver mobility, the ability to support diverse media end-points such as cell phones, laptops, PDAs, desktops, phones, video terminals, etc., using diverse media connectivity including wireless, wired and cellular, becomes essential for the network to deliver. Campus networks which are able to offer mobile solutions where wireless services are built directly into switching and routing platforms allow the enterprise to extend services throughout the campus. This approach offers an electrical power advantage also, as scalable power services to closet switches in which to power phones, access points and other end-points are provisioned and can scale as future power service requirements grow.
Principal Six delivers the business value of offering any application to any screen´s end-point, which increases productivity thanks to increased application access.
If you follow the six guiding principals your company will be rewarded with a more responsive business that achieves its business goals and objectives through IT. Business process will run smoother as operations shift from reactive to a more proactive management posture. An improved productivity and user experience will result too. Peace of mind through network security and business continuity will also be achieved as will lower operational cost.
Clearly these benefits are subjective and highly dependent upon pre-existing network conditions. In my experience very few IT organizations architect their networks. Rather they choose vendors, equipment, software and services for each requirement or project with which they are confronted. The result is similar to house construction. Often consumers can choose a builder´s package and save a few dollars or do it right and hire an architect to customize a solution for their needs. The architected solutions can cost more and at times take slightly longer but the pay-back is big. You can always tell an architected home. The rooms are pleasing to the eye, the space is planned out and works well, rooms flow into each other and the home sits perfectly on its land. The builder´s package often comes with odd-sized rooms, a poor flow, disproportionate windows and doors and the feeling that something is just not right. Often times additional work is done and paid for to fix these anomalies or the buyer lives with dissatisfaction.
In IT an architected solution is business driven and provides an excellent experience for employees, customers, partners and suppliers. The interfaces work well, performance is within human delay tolerances, shifting between applications is painless and work just flows. The IT systems are not frustrating and fatiguing to work with, but support business process as effortlessly as possible.
The time to use the above guiding principals is every time a new project is being evaluated. Have the IT team review every major design decision by applying each of the guiding principals and discussing them, one by one, to ensure that the campus network design supports the principals. Don´t move forward until there is agreement that the architecture supports the principal. Over time the campus network will take on more and more of the attributes identified above.
While I discuss the pay-off above, there is one other item to consider. Campus networks will evolve to be more responsive to applications to the point of auto-configuring to improve application performance and user experience. For example, a group may start a telepresense session and the network will detect this event and respond by configuring VLANs and QoS to ensure excellent performance. Building a campus network with the above principals will set your campus network up to be able to deliver that type of dynamic application agility.
The campus network is a structural component of the network business platform which means it demands thoughtfulness in design.