Tweet

Computer networking vendors have been increasing the speed and port density of their Ethernet switches while reducing power draw and price per port. But while Ethernet switching hardware marches on linearly, thanks to 10, 40 and 100GbE, networking software is taking a different historical path as the pace of compute and network technology evolution has diverged, with networking lagging. Highly virtualized server deployment has broken traditional networking approaches on multiple levels, for example. In response, the industry is now developing a “virtualized infrastructure” or “stack” to add network flexibility. To close the technology gap, Software-Defined Networking (SDN) is promoted as the new “organizing principle” to deliver network software and service value. While it will be, likely, years before SDN’s organizing principles take hold, I propose that these two industry activities are inexplicably linked and phased; here’s why…

Software-Defined Networking

There are multiple definitions of SDN. Making it even harder to pin down SDN, the definitions are evolving too. But this is common in a new breakout space for the computer networking industry that’s evolving fast. For this Lippis Report Research Note, we take the SDN definition that is based upon splitting the data plane or the forwarding hardware of an Ethernet switch from its control plane or the logic that controls how packets flow from ingress to egress. This split of data and control planes opens up an innovation injection point into networking that has not been previously available.

During 2011, a market has opened up for controllers. Currently Big Switch Networks, Nicira Networks and NEC are offering standalone centralized controllers. But limited controllers are also available in open source software, OpenStack and VMware’s vSphere/vCloud too. In addition Cisco’s IOS, Juniper’s Junos, Arista’s EOS, etc., are distributed controllers that may interoperate with centralized controllers in the future. In fact, Arista’s EOS already supports OpenFlow, OpenStack and vSphere/vCloud.

The link between the separated data and control plane is an open interface called OpenFlow. Now some end their SDN definition here, but this is just the beginning as the real promise of SDN are the applications that will reside upon the controller to address a wide range of networking issues and opportunities. In fact researchers at Princeton and Cornell are developing the Frenetic programming language that provides high-level network abstraction that gives programmers direct control over the network, allowing them to specify what they want the network to do without worrying about how to implement it.

One can imagine a wide range of applications residing upon a controller such as WAN optimization, traffic engineering optimization, load balancing, security services, etc. In essence, the control plan allows network services that are currently deployed as appliances to be virtualized appliances/applications much like applications that reside on top of a VM. It gets even more interesting, as a centralized control plane can be easily split in to many little control planes, each of which sees its own slice of the data plane topology. In traditional networking where control and data planes are one and the same and in each box, it is much harder to merge control planes and split data planes. It’s possible, but harder to keep complexity and stability in check over the long term. Splitting control plans can have huge value in public cloud multi-tenant or private cloud multi-team networking.

SDN and OpenFlow are at the early stages of its industry matriculation. But one thing is clear: SDN is an organizing principle whereas network software is developed by both network vendors and third parties, and network services are virtualized. SDN thus represents a new industry order and structure as to how value is added to networks. But I digress. The real issue today is solving network inflexibility in the face of highly virtualized data centers.

Enter the “Virtualized Stack” or Virtualized Infrastructure”

Virtualized server deployment has been propelled en masse, thanks to increased data center efficiency, by delivering the same or greater application workload with a reduced number of servers. While this is good, many IT business leaders are now realizing huge consequences to highly virtualized data centers that span from IP address change management to application management.

At the IP address level, networking has become extremely rigid within virtualized environments, slowing down process, limiting moves and changes as well as elongating the time to spin up an application that resides within a VM. Necessary network services to support the virtual cloud infrastructure, such as IP address assignment and management, are still performed largely with manual tools and processes, such as spreadsheets shuffled between various departments or operational groups, which can result in days of delay for something as simple as assigning an IP address to a VM. Contrast that with the virtual server administrator. Virtual instances of servers and machines can be dynamically provisioned, migrated and shut down by a virtual server administrator in minutes.

Moving up the stack, challenges are rooted in application management plus Layer 4-7 services such as WAN optimization, Application Delivery Controllers and security, especially in environments that include multiple hypervisors, a wide variety of workload types and shifting virtual machines.

For example, the new challenges of enterprise application management in virtualized data centers include: what type of and location of network intelligence is required when multiple hypervisors and various workloads exist and shift? Also how do operations groups maintain consistent security policy across both virtualized and non-virtualized environments consistently? And how do operations groups monitor and maintain application flow visibility?

Cisco

Cisco, for example, is addressing these issues via its Virtualization Stack and is now organizing its products around this initiative. Three components define Cisco’s virtualization stack, those being: 1) virtual networking, 2) virtual security and application networking services and 3) orchestration and provisioning. An important part of Cisco’s strategy is the virtualization of appliances such as its VSG or Virtual Security Gateway, the ASA 1000v, the support of VXLAN, the Nexus 1000v, etc.

Brocade, F5, Citrix

But F5, Citrix and Brocade are all virtualizing their appliances, moving away from physical single application appliances to an integrated virtualized suite. One can imagine that these virtualized applications will some time reside upon an SDN controller as their next stage of evolution. In addition each application delivery vendor has a way for programmers to control application network behavior. For example, Brocade recently launched OpenScript, a Perl-based scripting language used to modify the content of and control delivery of packets at Layer 4 through Layer 7 on its ServerIron ADX products. These scripting languages could be standardized and reside within an SDN controller.

Embrane

A good example of what the virtualized Layer 4-7 future may hold is that of a start-up firm called Embrane.

Embrane has virtualized server load balancing, firewalls and VPN termination and placed them upon a distributed software platform called heleos. Heleos runs on x86 servers and any hypervisor. It leverages a distributed virtual architecture that decouples network services functionality from the underlying physical infrastructure and hypervisor technology that it says provides high scalability, flexibility and performance.

IBM & NEC

IBM and NEC offer the best example of a commercial SDN offering with OpenFlow. NEC’s pFlow OpenFlow controller that resides within an IBM server manipulates IBM System Networking G8264 OpenFlow switch’s flow table. The link between the two is OpenFlow 1.0.0. The NEC pFlow controls traffic, discovers topology, gathers stats and other functions while the G8264 forwards traffic based upon these flow commands.

What’s impressive about the IBM/NEC SDN solution is that it has customers such as: Tervela validated the IBM and NEC OpenFlow solution ensures predictable performance of Big Data for complex and demanding business environments. Selerity’s IBM and NEC’s OpenFlow solution improved real-time
decision-making for global financial markets. Stanford’s IT Department chose IBM and NEC’s OpenFlow solution to deliver network capacity on-demand to its academic community. What’s important about these use cases is that IBM is communicating SDN via OpenFlow’s value in business terms, which will only increase as industry adoption accelerates.

In essence the SDN market has started, and as its technology underpinnings solidify, many of today’s network services will fall under the SDN umbrella. In fact, nearly all network vendors are launching SDN programs as a new way to communicate existing product value and their evolution into a SDN. Just like the Appian Way where all roads lead to Rome, all network services may very well lead to an SDN.

Tweet

By Extreme Networks

Colleges and universities have made large investments in wiring dormitories and residence halls. However, today’s students are using mobile devices with no wired Ethernet connector. Today’s laptops, tablets and smartphones rely on 802.11n Wi-Fi. Campus administrators require a simple and effective way to deliver wireless service quickly; leveraging existing wired investment to keep cost down. It is also beneficial to maintain a wired connection in the rooms, delivering both wired and wireless service. Extreme Networks Altitude 4511 uniquely enables administrators to meet student demands while achieving business goals, with a cost-effective solution that is a snap to install and can scale as needs grow.

Get the White Paper

Tweet

By CFO World

With CAPEX accounting for only 20% of the cost of a network, it is important to look beyond initial expenditures and consider TCO and the business value a network can provide. A third-party TCO comparison of a Cisco network versus other vendors illustrates that Cisco can deliver a 13% better TCO even before business benefits, such as network uptime and employee productivity are considered. Further, the Cisco Borderless Network Architecture acts as a platform for service delivery, allowing your IT organization to say “yes” to business and revenue-enhancing opportunities.

Get the White Paper

Tweet

Modern corporate networks are under increasing pressure to support a wider variety of applications thanks to mobile and cloud computing, desktop virtualization plus video traffic having skyrocketed. Not only are bandwidth rates increasing from 1 to 10 to 40 GbE, but most importantly network services are needed to manage and support a different application portfolio mix and network access methods. Network services such as firewalls, WLANs, network diagnostics and monitoring plus application performance acceleration are needed to deliver a consistently excellent user experience. Cisco recently announced an upgrade to its popular Catalyst 6k with the availability of the Supervisor 2T that included re-vamped high performance service modules to deliver these network services. Goyal, product line manager at Cisco Systems joins me to discuss which network services need to be available in modern networks.

Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.

Listen to the Podcast

Tweet

Renato Recio, IBM Fellow & System Networking CTO

Listen to the Podcast

Tweet

During the middle of 2012, a few firms will introduce core switches for campus networking. Many of these products will be based upon merchant silicon such as HP Networking’s A10500 Series Enterprise Core Switch. While these products will boast performance advantage, they will find it difficult to win share against established firms such as Cisco’s Catalyst 6500, thanks to its investment in network services. In this Lippis Report Research Note 184, we explore the importance of network services and their role in campus network design.

Modern corporate networks are under increasing pressure to support a wider variety of applications, thanks to mobile and cloud computing, desktop virtualization plus video traffic having skyrocketed. Not only are bandwidth rates increasing from 1 to 10 to 40 GbE, but most importantly, network services are needed to manage and support a different application portfolio mix and network access methods. Network services such as firewalls, WLANs, network diagnostics and monitoring plus application performance acceleration are needed to deliver a consistently excellent user experience. Cisco recently announced an upgrade to its popular Catalyst 6500 with the availability of the Supervisor 2T or Sup2T that included re-vamped high performance service modules to deliver these network services.

By all counts, Cisco’s upgrade of the Catalyst 6500 via its new Sup2T is its most ambitious and thoughtful yet for the venerable platform. The Sup2T is a 2-Terabit (Tb) platform that triples the previous Sup720 performance. Thanks to the support of Virtual Switching System (VSS), the platform allows two 2 Tbps switches to combine into a single 4 Tbps virtual switch. The Sup2T is a major upgrade to the most widely-deployed switching platform in campus and data center networking in the industry. But while these performance numbers are impressive, it’s the new Catalyst 6500’s network services that deliver most of the value, which is partially found in the Sup2T’s Policy Feature Card or PFC that increases NetFlow monitoring and a new TCAM design offering improved Access Control List (ACL), Quality of Service design options, encryption security and many other features.

Cisco’s Catalyst 6500 is the firm’s most successful product with over 700,000 systems and110 million ports installed, worth some $42 billion in revenue over the years. This product’s success increases the stakes for Cisco as it introduces a major upgrade. Cisco had to consider backward and forward customer migration, increased competition and pricing pressure, especially as competitors are starting to offer core switches based upon merchant silicon. In short, Cisco had to eliminate the trade-off of innovation versus investment protection and find a way to deliver both simultaneously. The Lippis Report conducted the most comprehensive testing of the Catalyst 6500 Sup2T at Ixia’s iSimCity in November 2011 to verify Cisco’s performance and upgradability claims. While it’s impossible to test all of the Catalyst 6500’s new 200-plus features within the Sup2T, we rather focus on a select few that will have the widest impact on IT business leaders’ product acquisition decision process. The full report is found here; below are highlights.

Compatibility, Upgradeability and Investment Protection Test

In this test, we look to measure how smooth the upgrade from Sup720 to Sup2T is. What IT business leaders are looking for are incremental network upgrades with minimal disruption versus major disruption that usually accompanies a significant and, at times, a not so significant network upgrade. Therefore, we swap out Sup720 for Sup2T and bring up existing service modules and line cards. Remember that line cards represent the largest investment in switching equipment, so we demonstrate that older line cards interoperate at high performance when the new Sup2T replaces the Sup720.

Results: We found that upgrading the Catalyst 6500 from Sup720 to Sup2T within the 6513-E chassis was straightforward and compatible with existing line cards and service modules. Those who invested in the E series chassis (i.e., 6503-E to 6513-E) and purchased line cards and service modules will find that this investment is protected and enhanced as new network services such as NetFlow, TCAM architecture improvements, encryption, deeper QoS granularity, Access Control Lists (ACLs), dry-run and atomic commit, et al, are added during supervisor upgrade from 720 to 2T.

We verified backward compatibility of the 6513-E Catalyst 6500 Sup2T with existing service modules, bus-based and CFC-based line cards along with feature and performance benefits afforded by the Sup2T (PFC4). We further verify the upgradability of existing modules which currently employ the DFC3 (B and C) daughter card with feature and performance benefits afforded by the DFC4 upgrade. We also verify the migration of current IOS configuration (as applicable to existing line cards) as well as their use of existing interface transceivers (e.g., SFP & X2). Finally, we verify the Sup2T when combined with the 6513-E chassis enables high-performance (dual-fabric) line cards to operate in the upper 6 slots.

In the same 6513-E chassis, we replaced the Sup720 for Sup2T, upgraded the line cards in slots 1 and 2 for the new 6908s, upgraded the DFC4 daughter cards in slots 12 and 13 and kept the same service modules. All of this was done while the Catalyst 6500 was operational. The Sup2T triples the performance of Sup720 while adding greater network service features such as Flexible NetFlow monitoring, Mac-Sec of 802.1ae based encryption security, WLAN integration and firewall protection.

Switching Performance Test

Switching performance in enterprise networks is becoming increasingly important, as IT responsibility has been split between employees and IT departments, thanks to BYOD or Bring Your Own Device, and IT consumerization. As a result, the number of devices on the network has increased significantly as employees bring smartphones and other mobile devices into the work force. These devices and their applications are driving unforeseen network requirements in terms of performance and support of both IPv4 and IPv6 as many mobile devices are now set for IPv6 as the default.

For IPv4 and IPv6, dual stack implementations are most popular where desktops and mobile devices run both IPv4 and IPv6, therefore, the network infrastructure needs to support both equally at high performance. IPv6 performance has not been on par with IPv4 until now. To demonstrate how the Catalyst 6500 upgrade with Sup2T has improved IPv6 performance, we measure IPv4 and IPv6 unicast and bidirectional traffic performance via RFC 2544.

Results: We test the Catalyst 6500 for throughput between popular enterprise network frame sizes ranging from 256 to 9216 byte size packets. We find that each WS-X6908-10G delivers IPv4 and IPv6 throughput at the theoretical maximum possible for packet sizes ranging from 256 to jumbo size 9216 at 10GbE.

IP Multicast Test

IP Multicast traffic has been on the rise, thanks to the increased use of video services within the enterprise. Efficient use of multicast is important to interactive video, video surveillance, video dissemination, etc. Consider 500 to 1000 video surveillance cameras that need to stream their video to five or more locations within the enterprise, for regulation, storage, monitoring, etc. This is a popular requirement in gaming, retail, healthcare, etc. Streaming five streams per camera consumes a lot of bandwidth; therefore, using IP multicast reduces bandwidth consumption making video and other point-multipoint services efficient. Therefore, we test IP Multicast performance on the new catalyst 6500 Sup2T. This test stresses the packet replication ASIC built into the 6908-10G line cards for both point-multipoint and mesh or multipoint-multipoint configurations.

Results: For the point-multipoint configuration, the Catalyst 6500 Sup2T demonstrated zero packet loss or 100% throughput at line rate while a single 10GbE source was broadcast to 92 receivers.

For mesh multipoint-multipoint configuration, the Catalyst 6500 Sup2T demonstrated throughput performance that ranged from 49.8 Mpps to .53 Mpps for packet sizes that varied between 256 bytes to jumbo size or 9216 bytes. We find that the replication engine that is resident on Catalyst 6500 6908-10G line cards delivers multicast performance scale as there is no performance penalty for point-multipoint and multipoint-multipoint. This is due to the Sup2T having an improved hashing algorithm to support larger IP Multicast flows over the Sup720.

Access Control List Test

Access Control List or ACL are important tools in the configuration and customization of network attributes, especially with the Catalyst 6500. In the Catalyst 6500 upgrade with Sup2T, the TCAM has been both increased and its architecture improved. For ACL, one major concern was the lack of visibility of overflowing the TCAM when new ACL scripts were submitted, which would disrupt network operation. Updating ACLs occur infrequently and over a long period of time. As such multiple network engineers working on the same network may not even be aware of previous ACL updates. Further, an ACL update may drive multiple ACE (ACE = Access Control Entries), which occupy more TCAM resources than anticipated and thus over consume this resource. Therefore, Cisco developed the ACL Dry Run and ACL Atomic Commit to mitigate this scenario from occurring.

Results: We verify that this new efficient use of TCAM and
ACL safeguards perform as stated.

System Network Test Configuration: MPLS/VPLS/VSS

To test MPLS/VPLS and VSS throughput performance, we populate two Catalyst 6500 WS-C6513-Es with eight 10GbEports each via 6908-10G modules connected directly to Ixia test equipment. The Catalyst 6500s are connected via8 x 10G Distributed EtherChannels. This configuration created a full end-end 80Gbs path of full-mesh traffic; typical in the real world.

The test data result show that throughput performance is consistent independent upon protocol that being MPLS, VPLS and VSS. A contributing factor to the differences in throughput is found in different headers associated for each protocol. This result could not occur in the older generation of Catalyst 6500 with Sup720 with its 40Gbs per module backplane access speed.

Network Encryption with 802.1ae MACSec

We tested performance for 802.1ae MACSec to verify that there was no throughput performance degradation when encryption was enabled minus the additional 16 byte overhead of 802.1ae keys. MACSec encryption has become increasingly popular and important to campus network design, but previous switch performance degraded when forwarding encrypted traffic. Here we verify that the Catalyst 6500 does not suffer throughput performance degradation while MACSec traffic is being forwarded.

We tested the Catalyst 6500 via the cPacket Networks cTapSmart 10G passive probe to verify traffic flows were either MACsec encrypted or unencrypted. We found that there is no material difference in throughput performance, other than 802.1ae encryption key overhead, thanks to 16 additional bytes per packet.

Conclusion

We found that upgrading the Catalyst 6500 from Sup720 to Sup2T was straightforward and added significant value in the areas of MACsec encryption, improved ACL capabilities and IPv4/IPv6/MPLS/VPLS/VSS throughput performance. In addition, we found that the Sup2T supported existing service models, such as Network Analysis (NAM), Wireless (WiSM), Application Control Engine (ACE20), Firewall Service Module (FWSM) plus 6148A-GE, 6148E-GE with POE/POE+, 6724-SFP line cards plus 6704 and 6716 line cards after a trivial DFC3 to DFC4 daughter card swap. We found that line cards can be swapped and upgraded while the Sup2T is operational, avoiding off-hour scheduled downtime. In addition, we found that existing interface transceivers SFP and X2 being used in a Sup720 Catalyst 6500 can be reused with the Sup2T. Finally, we found that Sup720 IOS configurations may be copied and migrated to a Sup2T via a flash drive successfully upon boot up.

Much of the throughput performance advantages and scale of network services is due to custom ASICs resident in theSup2T, 6908-10G line cards and DFC4 daughter cards. We were particularly impressed with the ease of upgrade, the new ACL dry run and atomic commit plus MACsec performance.

For existing customers of Cisco’s Catalyst 6500 Sup720, we anticipate upgrade experiences similar, if not simpler, than ours as this test was conducted under tight time constraints with limited resources. It’s no wonder why the Catalyst 6500 is so popular as it offers a wide variety of network design options such as MPLS/VPLS/VSS. With the new upgrade to Sup2T and supporting line cards, we verify that throughput performance doubles over the Sup720 for IPv6, IP Multicast, MPLS/VLPS and VSS.

New entrants in the campus core market such as HP Networking A10500 later this year that boast pure performance without network services will find a chilly reception awaits them.

Tweet

By Extreme Networks

Today’s mobile users require consistent Wi-Fi with high throughput, but traditional ceiling-mounted access points can make it challenging to extend 802.11n into facilities with many rooms, walls and other obstructions. The combination of the Altitude™ 4511 wallplate access point, fortified with Motorola radio technology and intelligent switches from Extreme Networks, makes it faster and easier to deploy and manage a converged wired and wireless network edge with security and high performance
that’s right where the mobile users are located for better access and service.

Get the White Paper

Tweet

By Infoblox

When asked to identify the No. 1 cause of network performance problems, IT organization typically point to denial-of-service attacks, computer viruses, fiber cuts, power outages and hardware failures-the events that receive the most publicity and media coverage. However, studies by research firms such as Gartner Group and Enterprise Management Associates indicate that over two-thirds of network issues are actually tied to seemingly simple everyday activity: the process of IT staff making network configuration changes. This whitepaper looks at the top 5 common network performance management mistakes and discusses how IT organization can mitigate them via automating network management and giving appropriate visibility to different levels of IT staff.

Get the White Paper

Tweet

By Tim Green, Network World

Chicago-based real-estate management company Equity Office ran all its voice and data traffic over a 40-branch office network via a MPLS WAN, costing some $400K per year. But when poor peak-time performance drew complaints from end users, it switched to technology that delivers more bandwidth at half the cost, delivering a 10-month ROI. The new WAN blended DSL, cable, fiber and Ethernet over copper in a single local network via WAN virtualization from Talari Networks,

Get the White Paper

Tweet

WAN bandwidth, or the lack thereof, is the single largest contributor to poor application performance in branch offices resulting in reduced productivity and the inability of IT to implement their entire strategy. This is especially acute as applications are increasingly centralized in data centers and video traffic starts to dominate flows all of which put more pressure on the WAN. A new approach to wide area networking takes advantage of virtualization concepts. WAN virtualization promises to reduce WAN cost and increase performance. If your WAN utilizes T1 MPLS links at $300/month or higher and ADSL between $10-$15/ month, then you can benefit significantly from WAN virtualization as it offers 3 to 4 times the bandwidth at lower cost and in the process eliminates WAN design constraints limiting IT business leaders. Keith Morris of Talari Networks joins me to discuss WAN Virtualization. I have first-hand knowledge of how good this solution works; if you fit the above profile, then listen up.

Listen to the Podcast

Tweet

In this Lippis Report Research Note 183, we provide our very popular annual top 10 2012 industry predictions that were provided by Andre Kindness, senior analyst at Forrester Research, Nick Lippis, CEO of Lippis Enterprises, and Zeus Kerravala, principal at ZK Research. We take a look into the year ahead and provide our view as to what will come to pass. This Research Note is based upon the “2012 Networking Industry Predictions” Lippis Report podcast.

The following are our top 10 2012 Networking Industry Predictions.

Prediction One

2012 Is the Year of Data Center Fabrics: The back half of 2012 starts the kick-off of aggressive data center fabric deployments. While Cisco has been shipping FabricPath and Arista has been shipping MLAG and ECMP, Juniper will join the market with its long anticipated Qfabric, Avaya will be shipping a broader VINA enabled product set along with Brocade’s expanded VDX switches with VCS. Alcatel-Lucent and Huawei too will be shipping their version of SPB. In short, there will be plenty of product and options available from which to choose.

Prediction Two

Voice over LTE Goes Live: Verizon will aggressively deploy Voice over LTE to match AT&T’s talk while you surf on mobile devices functionality. AT&T will then respond with a Voice over LTE initiative. This will drive a huge wave of growth for internet infrastructure companies as VoIP enters the mobile market. Expect to see a robust year for Acme Packet, BroadSoft, Infoblox, Tekelec and many others.

Prediction Three

Repatriation of Holiday: Obama grants a repatriation holiday allowing large IT firms such as Cisco to bring billions of dollars back to the US market, and puts it to work by making two large acquisitions; one of them will be security and the other storage related.

Prediction Four

Wither Polycom: Amidst tremendous pressure from Cisco’s video communication and telepresence business, Polycom continues its slide. Polycom ends 2012 as an acquired company.

Prediction Five
 
The Year of Software-Defined Network Marketing: The SDN/OpenFlow industry marketing machine kicks in with all major networking companies wrapping their existing products around the SDN message. In addition, the SDN controller market starts up with data center switches equipped with controller plug-ins. All new networking concerns seeking VC dollars have SDN/OpenFlow in their business plan. Case in point: look at “Embrane.” While there is will few SDN revenue dollars made in 2012, marketing messaging will be loud.

Prediction Six

Huawei Enterprise Business Division Comes On Line: Huawei will climb to the number four spot in worldwide network switching at the expense of low cost providers. HP Networking will be the hardest hit, losing at least two points of Asia market share.

Prediction Seven

Network IPO Market Comes Back: At least four large networking IPOs occur, including Arista Networks, Ruckus Wireless, Infoblox and Palo Alto Networks, fueling liquidity into the networking market once again.

Prediction Eight

IBM Becomes a Networking Thought Leader: IBM System Networking will coalesce its networking investments around virtualized network infrastructure and SDN, renewing its place as a thought leader in the networking industry.

Prediction Nine

Brocade Gets into WLAN Market: Brocade will buy into the WLAN market by either acquiring Meru Networks, Aerohive or Meraki to shore up its enterprise network switch by offering a unified access value proposition.

Prediction Ten

Application Acceleration Market Fundamentally Changes: Citrix, Riverbed, Cisco, Brocade and F5 will start to compete in the application acceleration or delivery market by offering integrated WAN acceleration, Application Delivery Controllers or ADCs and security network services in both appliance and virtual form factors. Those who are able to tag and steer applications to network services while adding policy will win a larger percentage of market share.

In addition to the top ten predictions above, software network engineers will be the new rage in 2012 as the market shifts toward a value proposition rooted in software and network services. In addition, Cisco will dominate market share and thought leadership.

Tweet

IBM System Network looks into its clients’ needs and extracted their top 10 predictions. The data center network is experiencing a major transformation to support server virtualization and cloud computing, convergence of data storage, application-to-application traffic and new high-performance applications. To address these needs, the data center network will become smarter and faster in 2012. Here are 10 reasons why:

Get the White Paper

Tweet

By Jim Metzler, Ashton Metzler & Associates

This white paper proposes a new approach to architecting and designing data center networks for current dynamic and highly virtualized data centers.

Get the White Paper

Tweet

By CIO Magazine

Feature-rich, next-generation networks help drive innovation and value to midsize companies and position them for competitive advantage. Next-generation networks give midsize companies a competitive advantage. By removing many of the operational headaches of running a network, Cisco’s solutions free up departments to focus on driving business value and innovation. Feature-rich, strategic networks built for today and tomorrow remove the barriers to growth and give midsize businesses the agility they require to lead their markets. Find out how by downloading this executive white paper.

Get the White Paper

Tweet

Andre Kindness, Senior Analyst at Forrester Research, joins Zeus Kerravala, principal at ZK Research, and I for our annual predictions podcast. We discuss Cisco, IBM Network Systems, Huawei, Juniper, Extreme, Arista, Nicira, Big Switch, Verizon, AT&T, HP Networking, Citrix, F5, Riverbed, Brocade, Broadcom, Meru, Aerohive, Ruckus, Meraki, Infoblox, Palo Alto Networks, Polycom, Embrane, et al, and what 2012 will bring for them and you. Enjoy, Nick

Listen to the Podcast

Tweet

Having a plan to transition to IPv6 has moved way up in the priority list of IT projects for IT leaders as 2011 was officially the year we ran out of IPv4 unallocated addresses and not having IPv6 could cut-off corporations and applications from accessing the internet. In addition employees en masse are “BYOD” or bring your own device meaning smartphone and tables to work increasing the number of devices on the network significantly. These devices and their applications are driving support of both IPv4 and IPv6 as many mobile devices are now set for IPv6 as the default. As dual stack IP v4/v6 is the best practice, the real challenge lies within the domain name service or DNS. Infloblox has developed a range of solutions to automate the transition to IPv6 by supporting both addressing schemes. Tom Coffeen, Chief IPv6 Evangelist at Infoblox talks about solutions to automate the transition to IPv6. It’s one of our best IPv6 discussions.

Listen to the Podcast

Tweet

The Inflobox plug-in module for VMware’s vCenter Orchestrator promises to bridge network and virtual IT team silos by enabling automated assignment of IP addresses to VMs. The Infloblox plug-in enables IP addresses to be automatically assigned to virtual machines in less than a minute and then constantly monitored and managed, which simplifies troubleshooting, accelerates time to value and offers greater flexibility for the virtual team. Steve Garrison, VP Marketing for Infoblox and I discuss the problems of networking in virtualized environments and how Infoblox’s vCenter plug-in solves them.

Listen to the Podcast

Tweet

The Fall 2011 Open Industry Network Performance and Power Test Report is now available. Since our Spring 2011 test, we added four products from three vendors to the 11 products from eight vendors already tested. We now have data on 15 data center switching products from nine vendors in the new report to be released after Thanksgiving. Our cloud networking test of 10 and 40GbE is now the industry benchmark for cloud networking. In fact, only those companies that are sure of their product(s) enter the test at Ixia’s iSimCity. We found that 40GbE is hard, and thus you have to give credit to the vendors that go through the testing—in this test, those vendors are Extreme Networks, Brocade and Alcatel-Lucent. These firms have high performance data center switching product that is Enterprise and Cloud service provider ready. In this Lippis Report Research Note, we share our the top 10 findings from this round of testing. Lippis Report subscribers can download the 125-page report here, free of charge.

To assist IT business leaders with the design and procurement of their private or public data center cloud fabric, the Lippis Report and Ixia have conducted an open industry evaluation of 10GbE and 40GbE data center switches. These test were conducted at the Ixia iSimCity Santa Clara, CA, laboratories.

The Lippis Report test, based on independent validation, communicates credibility, competence, openness and trust to potential buyers of 10GbE and 40GbE data center switching equipment as the tests are open to all suppliers and are fair, thanks to RFC and custom-based tests that are repeatable. The private/public data center cloud 10GbE and 40GbE fabric test was free for vendors to participate and open to all industry suppliers of 10GbE and 40GbE switching equipment, both modular and fixed configurations.

While Lippis Report subscribers can download the full report here, below are our top ten findings from conducting these three rounds of testing. The Fall Lippis/Ixia test proved to show that the industry is advancing at a breakneck pace. And we do expect to see more products being submitted for test in the March 26th Spring 2012 test. Based upon three series of industry test, the following top ten findings have become evident.

1) 10GbE Top of Rack (ToR) and Core Switches: 10GbE ToR and core switches are ready for mass deployment. There have been 15 new switches since Interop 2011, and there will be 15 more launched during 2012.

2) Fastest Ethernet Switches under the Milky Way: We are in the 500 ns ToR and 2 us core switch era. For core switches, the Extreme x8 is two to nine times faster than any other core switch we have tested. ToR switch latency will decline to 100s of ns within two years, thanks to better merchant silicon plus Phy-less designs. Core switch latency will decline to ns area with 40 & 100GbE speeds plus the next generation of merchant silicon.

3) Merchant Silicon Proves Its Value: Most switches entering the Lippis Report test are based upon a new generation of merchant silicon. They are based upon a single chip design from Broadcom, Fulcrum or Marvell. Broadcom currently leads this space and is becoming the Intel of the networking industry.

4) Switch Vendors Differentiate Products Mostly on Software: There are differences between suppliers at both the box and system level. At the box level, we find latency, congestion, power and software differences. We also find differences in how these vendors propose building cloud networks. There is difference in cloud network architecture approach, such as support for TRILL, SBP, MLAG and/or ECMP. There are differences in network services and virtualization aware support.

5) Ability to Support Storage Engagement: Most core and ToR switches demonstrated throughput performance without loss and low latency variability to support storage enablement. Most switching firms will be offering a range of convergence options during 2012, including ToR switches with direct fiber channel connections and/or FCoE, ATA over Ethernet and iSCSI over Ethernet support.

6) 40GbE Is Ready: 40GbE support as a downlink from ToR to End of Row (EoR) and in the core at density is here, ready and performs as advertised. In addition 40GbE cost is approximately 3 to 4 times that of 10GbE, making 40GbE favorable from a pricing point of view too. There are plenty of ToR switches that support multiple 40GbE options such as Alcatel-Lucent OmniSwitch 6900-X40, IBM BNT RackSwitch G8264, Arista 7504 Series Data Center Switch, Dell/Force10 S-Series S4810, etc. In the core switch market, there is only one company with high-density 40GbE, and that’s Extreme BlackDiamond X8 with 192-40GbE. But we expect at least four more high-density 40GbE core switches to be launched in 2012. Note, at times, we did some observe difficulty with preamble and equalization at the physical QSFP+ level causing packet loss, but this we mitigated through software control.

7) Low Power Consumption: Power consumption in networking devices is dropping precipitously. All ToR and core switches offer low power consumption with energy cost over three-years estimated between 1.3% and 4% of acquisition cost. Two of the most impressive results we observed was that of Extreme Networks’ BlackDiamond X8 Core switch and Brocade’s VDXTM 6730-32 Data Center ToR Switch. The Extreme X8 consumed a low 5.2W/10GbE; that’s nearly as low as a Christmas bulb. Brocade’s VDXTM 6730-32 Data Center ToR switch consumed a low 1.5W/10GbE; that’s about 20% of the power a Christmas bulb consumes! In addition to power consumption all switches support front-rear or rear-front airflow in support of hot/cold aisle designs.

8) Virtualization Scale Support: All switches in this test are able to support far greater numbers of VMs and physical servers than their physical ports allow; that is, their logical networking scales to support very large virtualized data center infrastructure.

9) 10/40GbE Recommended as Cloud Network Fabric: From server connections to ToR to core switching plus storage enablement and virtualization aware software 10GbE is recommended as the fabric for cloud networking environments. We recommend that IT business leaders take full advantage of server I/O at 10Gbps bandwidth and low latency as it will provide the highest performance and greatest data center design options moving forward. With 10GbE ToR switch cost per port in the $350 to $670 range, core switch cost per 10GbE port in the $1.2K to $6K range plus 40GbE cost per port in the 3 to 4 times of 10GbE, Ethernet technology is well segmented for data center needs. 10GbE and 40GbE switches have the logical networking to support highly virtualized infrastructure with dense VM:physical server ratios of 30:1 to 60:1. With ToR and core switch latencies in the 500 ns to 2 microsecond range, the industry’s 10GbE switches possess the raw performance and capacity to support storage enablement, albeit this area is evolving.

10) Software-Defined Networking/OpenFlow: While not tested during these past three rounds of test, software-defined networking or SDN and OpenFlow will be increasingly important during 2012 as companies seek to differentiate their high performance switch products with increased features and functionality. SDN with OpenFlow promises to offer such added value.

The next Lippis Report test at iSimCity is scheduled for the week of March 26, 2012. We expect more 40GbE products in the Spring.

Tweet

By Zeus Kerravala, Senior Vice President and Distinguished Research Fellow

The enterprise data center has undergone several major transformations since the introduction of computing as a corporate resource. The computing platform has evolved from main frame computing, to client server, to Internet-based computing, and now we sit on the precipice of the next major data center transition—the evolution to a fully virtualized data center. Each transition saw the cost of computing driven down and the importance of the network elevated. Each phase allowed organizations to increase the efficiency of their data center operations and improve asset utilization, ultimately leading to a better experience for end-users. This white paper provides a perspective on the rise of network value as it acts as the backplane for the virtualized data center and provides design recommendations.

Get the White Paper

Tweet

By IBM

The cloud model isn’t about transforming IT. It’s about reinventing the way organizations do business. Organizations in every industry, regardless of size or geography, are embracing cloud computing as a way to reduce the complexity and costs associated with traditional IT approaches. Organizations that approach cloud in a tactical fashion risk adding complexity and inefficiency (not to mention security exposure) due to fragmentation, redundancy and operating silos. Conversely, organizations that embrace cloud strategically—from a business as well as IT perspective—can capture new business value through innovation, flexibility, speed, integrity and security—while reducing cost and complexity.

To deliver the cloud’s full business value, cloud-enabled data centers require speed, flexibility, cost-effective operation and scalability. This paper discusses the technical and business requirements of cloud computing, focusing on the networking layer of the cloud.

Get the White Paper

Tweet

By Cisco Systems

A new enterprise architecture for delivering policy-based services has become available. This document discusses the need for a policy-based architecture in today’s enterprise networks and presents “Policy-Governed Network” architecture as a pragmatic business solution. Building identity and context awareness into the network is critical to implementing an effective infrastructure.
Major topics include:

● What policies are and who implements them
● Changing network dynamics and problematic new technologies
● Important challenges to implementers
● Characteristics of a Policy-Governed Network architecture
● Policy-implementation platform: the Cisco® Identity Services Engine
● Scenarios showing how policies can address specific network issues
● How to begin transitioning to a Policy-Governed Network

Get the White Paper

Tweet

An exclusive cross vendor comparative test report conducted at Ixia’s iSmiCity defined by the Lippis Report. This report provides detailed test information on the following products that have not been previously tested in public. The report details test results of the following products:

Alcatel-Lucent OmniSwitch 10K
Aclatel-Lucent OmniSwitch 6900-40X
Arista 7504 Series Data Center Switch
Arista 7124SX 10G SFP Data Center Switch
Arista 7050S-64 10/40G Data Center Switch.
IBM BNT RackSwitch G8124
IBM BNT RackSwitch G8264
Brocade VDXTM 6720-24 Data Center Switch
Brocade VDXTM 6730-32 Data Center Switch
Extreme Networks BlackDiamond® X8
Extreme Networks Summit® X670V
Dell/Force10 S-Series S4810
Hitachi Cable, Apresia15000-64XL-PSR
Juniper Network EX Series EX8200 Ethernet Switch
Mellanox/Voltaire® VantageTM 6048

This 125-page report is a must for those evaluating 10/40 GbE data center switching equipment for private or public cloud infrastructure. You don’t want to buy data center switching gear until you read this report.

Get the White Paper

Tweet

While the Lippis Report test were being conducted of the Alcatel-Lucent OmniSwitchTM 6900-X40, Jean Luc Ronarch, Director Product Line Management Stackable Switches at Alcatel-Lucent Enterprise joined me to discuss the firm’s latest product investment. We talk cloud network architecture and what’s unique about the new OmniSwitchTM 6900-X40.

Download “Fall 2011 Open Industry Network Performance And Power Test Report” here.

Visit the Link

Tweet

While the Lippis Report test were being conducted of the Brocade VDX™ 6730-32, Gautam Roy, Product Marketing Manager at Brocade joined me to discuss the firm’s latest product investment. We talk cloud network architecture, data center fabric and convergence with a focus on how the VDX™ 6730-32 Data Center Switch contributes and delivers on Brocade’s Ethernet fabric strategy.

Download “Fall 2011 Open Industry Network Performance And Power Test Report” here.

Visit the Link

Tweet

The Lippis Report has conducted three open industry test of 10 and 40GbE data center fabric switches at Ixia’s iSimCity. Michael Githens of Ixia interviews Nick Lippis of the Lippis Report to look back on what we have learned after testing eleven products from nine vendors including Alcatel-Lucent, Arista Networks, Brocade, Dell/Force10, Extreme Networks, Hitachi Data Systems, IBM, Juniper Networks and Mellanox/Voltaire. We then look forward as to what the industry will be serving up in 2012 for data center fabrics.

Download “Fall 2011 Open Industry Network Performance And Power Test Report” here.

Watch the Video

Tweet

While the Lippis Report test were being conducted of the Extreme Networks BlackDiamond® X8 Core and Summit® X670V ToR data center fabric switches at Ixia’s iSimCity, Darius Goodall, Product and Technical Marketing of Extreme joined me to discuss the firm’s latest product investment. We talk cloud network architecture and what’s unique about the new X8 and X670V.

Download “Fall 2011 Open Industry Network Performance And Power Test Report” here.

Visit the Link

Tweet

Access Control List or ACL are important tools in the configuration and customization of network attributes, especially with the Catalyst 6500. In the Catalyst 6500 upgrade with Sup2T, the TCAM has been both increased and its architecture improved. For ACL, a major concern was the lack of visibility of TCAM overflows when new ACL scripts were submitted, disrupting network operation. Therefore, Cisco developed the ACL Dry Run and ACL Atomic Commit to mitigate this scenario. To verify ACL improvements, we use ACL Dry-Run to assure that the TCAM would not overflow, and then implement the changes safely with ACL Atomic-commit; assuring no network interruption. It’s a great short video that verifies how useful these new tools are in ACL management.

Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.

Tweet

During the week of October 31, 2011, the Lippis Report tested Cisco System’s new Catalyst 6500 with Supervisor 2T or Sup2T for performance, upgradability, control and scalability at Ixia’s modern iSimCity laboratory in Santa Clara CA. By all counts, Cisco’s upgrade of the Catalyst 6500 via its new Sup2T, is its most ambitious and thoughtful yet for the venerable platform. The Sup2T is a major upgrade to the most widely-deployed switching platform in campus and data center networking. It’s the new Catalyst 6500’s network services that deliver most of the value, which is partially found in the Sup2T’s Policy Feature Card or PFC that increases NetFlow monitoring and a new TCAM design offering improved Access Control (ACL), Quality of Service design options, encryption security and many other features. This Lippis Report test verifies many of Cisco’s performance and upgradability claims. While it’s impossible to test all of the Catalyst 6500’s new 200-plus features with the Sup2T, we rather focus on a select few that will have the widest impact on IT business leaders’ product acquisition decision process.

Get the White Paper

Tweet

MACsec encryption has become increasing popular and important to campus network design, but previous switch performance degraded when encrypted traffic was passing through it. Here we show that the catalyst 6500 does not suffer a performance degrade while MACsec traffic is passing through it. We tested the Catalyst 6500 via the cPacket Networks cTap 10G passive probe to verify traffic flows were either MACsec encrypted or unencrypted. We found that there is no material difference in throughput performance, other than 802.1ae encryption key overhead, thanks to 16 additional bytes per packet. The cPacket passive probe also measured line rate throughput performance. This is a great short video that verifies how the old encryption performance penalty is now gone.

Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.

Visit the Link

Tweet

For IPv4 and IPv6, dual stack implementations are most popular where desktops and mobile devices run both IPv4 and IPv6, therefore, the network infrastructure needs to support both equally at high performance. IPv6 performance has not been on par with IPv4 until now. To demonstrate how the Catalyst 6500 upgrade with Sup2T has improved IPv6 performance, we measure IPv4 and IPv6 unicast and bidirectional traffic performance via RFC 2544. IP Multicast traffic has been on the rise, thanks to the increased use of video services within the enterprise. Therefore, we test IP Multicast performance via RFC 3918 on the new Catalyst 6500 Sup2T to stresses its packet replication ASIC built into the 6908-10G line cards. We find that the new Catalyst 6500 delivers equal Ipv4 and Ipv6 performance; a 2x increase from the Sup720 for IP unicast, bidirectional and multicast forwarding.

Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.

Visit the Link

Tweet

One of the most impressive network design options available on the Catalyst 6500 is the use of VSS. Connecting two Catalyst 6500s equipped with Sup2Ts creates a virtual switch, adding each switch’s performance while operating as a single switch thus eliminating spanning tree in favor for active-active links. We configure two Catalyst 6500s via VSS. We measure throughput performance to verify that VSS throughput rates are equally high performance as the MPLS and VPLS scenarios. Check out the two-Catalyst 6500 configurations we deployed for this test.

Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.

Tweet

Network virtualization, or the ability to divide a physical network into multiple logical networks with unique attributes, is a design that has grown in popularity as IT business leaders have sort ways to segment their network with different attributes for different user groups. This is popular in healthcare, education, travel and other industries. Network virtualization can be implemented either in IP, and/or MPLS. In addition connecting the Catalyst 6500 directly to service provider MPLS networks is another popular design; therefore we test throughput performance for both scenarios here.

For active-active data center operation, disaster planning and load balancing are best practices when connecting data centers via MPLS or VPLS. VPLS layer 2 connected data centers deliver LAN-like service over the campus and/or wide area network. Layer 2 connectivity is important as server-server communications expect layer 2 connectivity as most applications have been designed with this assumption. For connecting more than two data centers, VPLS offers mesh connectivity. Data centers connected via VPLS look and act as if they are on the same LAN. Therefore, we test that VPLS throughput performance rates are equally high performance in this scenario as MPLS.

Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.

Visit the Link

Tweet

During the Lippis Report test of the Cisco Systems Catalyst 6500 at Ixia’s iSimCity we perform an upgrade from Supervisor Engine 720 to 2T. What IT business leaders are looking for are incremental network upgrades with minimal disruption. Therefore, we swap out Sup720 for Sup2T and bring up existing service modules and line cards. Remember that line cards represent the largest investment in switching equipment, so we’ll demonstrate that older line cards interoperate at high performance when the new Sup2T replaces the Sup720. We find that the upgrade process is easy and smooth with compatibility of line cards, configuration code, service modules, transceivers and chassis.

Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.

Visit the Link

Tweet

IT business leaders are seeking data center fabrics that scale to support increasing density of physical and virtual servers at cloud spec. In October of this year, Cisco delivered a monster data center fabric announcement aimed at increasing scale, security and new data center services. A few highlights are the second-generation Nexus 7000 capabilities, a new Nexus 7009 platform, plus FabricPath capabilities on the Nexus 5500 and expanded Nexus 1GbE and 40GbE form factors of the Nexus 3000. Shashi Kiran, Director of Market Management for Data Center/Virtualization and Enterprise Switching at Cisco Systems joins me to talk about what IT business leaders will gain from this new announcement from a business outcome and data center fabric design perspective.

Watch the Video

Tweet

You can’t manage what you can’t measure. Cisco’s next generation NetFlow provides deep application visibility, detailed measurement plus increased control and security for IT departments that are struggling to get ahead of an Enterprise application portfolio that is undergoing a massive transition thanks to mobile and cloud computing. Samuel Pasquier, product manager for Cisco Systems, and Adam Powers, chief technology officer for Lancope discuss best practices for securing and gaining visibility to applications that are flowing over enterprise networks with the next generation of NetFlow.

Listen to the Podcast

Tweet

Andre Kindness, Senior Analyst at Forrester Research and Zeus Kerravala, principal at ZK Research join me to discuss the shift-taking place in data center networking. Data Center networking is at an inflection point thanks to industry transitions driving new economics, technologies and IT delivery via mobile and cloud computing. These market transitions happen only once every decade or so and we detail its dynamics in this industry analyst round table. We discuss virtualization, merchant silicon, software defined networking, the rise of best of breed products, what network designs are working and which aren’t. We end with how IT business leaders can navigate an industry is transition.

Listen to the Podcast

Tweet

During the weeks of October 10 and October 31, 2011, at Ixia’s iSimCity, the Lippis Report conducted its third industry test of cloud networking data center switches operating at 10 and 40GbE. In just six short months, the industry has moved forward by breaking all previous records of data center switch speed, power consumption, port density and bandwidth. We added four products from three vendors to the eleven products from eight vendors already tested. We now have data on fifteen data center switching products from nine vendors in the new report to be released after Thanksgiving. During May 2011 Interop, we had eleven vendors provide verbal commitment to participate in this Fall industry test (remember it is free for vendors to submit products to test). As the deadline for signed agreements came, this field of eleven dropped to three because their products were simply not ready. 40GbE is hard, and thus you have to give credit to the vendors that go through the testing—in this test, those vendors are Extreme Networks, Brocade and Alcatel-Lucent. These firms have high performance data center switching product that is Enterprise and Cloud service provider ready. In this Lippis Report Research Note, we share our insights gained from testing all these products and provide the topic cloud networking industry trends taking shape now.

To assist IT business leaders with the design and procurement of their private or public data center cloud fabric, the Lippis Report and Ixia have conducted an open industry evaluation of 10GbE and 40GbE data center switches. These test were conducted at the Ixia iSimCity Santa Clara, CA, laboratories. The resources available for this test at Ixia’s iSimCity are out of reach for nearly all corporate IT departments with test equipment on the order of $9.5M, devices under test on the order of $2M, plus costs associated with housing, power and cooling the lab plus 22 or so engineers from around the industry. It’s our hope that this industry effort will remove performance, power consumption and latency concern from the purchase decision, allowing IT architects and IT business leaders to focus on other vendor selection criteria, such as post sales support, platform investment, vision, company financials, etc.

The Lippis Report test, based on independent validation at Ixia’s iSimCity, communicates credibility, competence, openness and trust to potential buyers of 10GbE and 40GbE data center switching equipment as the tests are open to all suppliers and are fair, thanks to RFC and custom-based tests that are repeatable. The private/public data center cloud 10GbE and 40GbE fabric test was free for vendors to participate and open to all industry suppliers of 10GbE and 40GbE switching equipment, both modular and fixed configurations.

Ixia supplied all test equipment needed to conduct the tests while Leviton provided optical SPF+ connectors and optical cabling, and Siemon provided copper and fiber optic QSFP+ cables and transceivers for 40GbE connections. Each 10GbE supplier was allocated lab time to run the test with the assistance of an Ixia engineer. Each switch vendor configured its equipment while Ixia engineers ran the test and logged the resulting data.

While we can’t just yet release data on the latest round of testing, we can share with some of the records that were broken. We measured for the first time core switch latency in single digit microseconds and single digit Watts/10GbE power consumption. Also for the first time, we measured power consumption in top of rack switches power consumption in very low single digits. We measured how fast core switches can forward packets at very high density being 256 0GbE plus 24 40 GbE ports, and this was only a third of this switch’s port density. We measured congestion, IP Multicast, cloud simulation, latency and throughout for 24 40GbE, a first in this series of industry test.

In just six short months, data center Ethernet core switching has increased in speed by nearly a factor of 10, its power consumption dropped by nearly 50% while port density increased by nearly 3 times. In ToR switching, power consumption is down by over 50% while these products add 40GbE uplines and storage enablement such as direct Fiber Channel and/or Fiber Channel over Ethernet connections. With all of these advances, the one thing that is holding steady is pricing as the industry serves up more features for the same or slighly more dollars.

The Fall Lippis/Ixia test proved to show that the industry is advancing at a breakneck pace. And we do expect to see more products being submitted for test in the Spring 2012 test. Based upon three series of industry test, the following trends have become evident.
Faster Forwarding: While the Fall test showed new records in latency measurements—that is, how fast a switch can forward packets at zero packet loss or 100% wire speed throughput—switching products will get even faster. While it’s anticipated that the Fall core switch latency records will not be broken in 2012, ToR switches will show significant improvement getting into the range of 100ns with 100Mbs Etherent uplinks.

Hybrid Cut-Through and Store and Forward Switching: To make switches faster, merchant silicon vendors have taken a new look at packet forwarding. It used to be that Ethernet switches were either cut-through (CT)—where packets were not stored for processing—or store and forward (S&F)—where packets were stored, processed then forwarded. Now switches use both forwarding techniques, where the first few hundred packets are forwarded via S&F and the rest, CT.

IP Multicast Rises in Importance. With the huge increase in video traffic, IP Multicast performance and, in particular, how switch replicator chips perform will be increasingly scrutinized. We tested the lowest latency of IP Multicast during the Fall test, indicating that switch speed of forwarding IP Multicast is becoming an important product selection criteria.

40GbE Arrives in 2012: Due to 40GbE component shortages in Asia, most vendors could not participate in the Fall test. These shortages will abate over the next quarter, creating a wave of new 40GbE modules and products during 2012. With 40GbE being 3 to 4 times the cost of 10GbE, look for a quick ramp up in ToR uplink and core switching modules.

The Rise of Merchant Silicon: Merchant silicon from Broadcom, Fulcrum MicroSystems and Marvell manufacture low-cost chips for network switches that have lowered the risks for new entrants into the hot data center Ethernet fabric market. In the last few months alone, 10 companies announced new products based upon one of the above merchant silicon 10 and 40 Gbps Ethernet chips. We expect to see enhancements to network virtualization, support for software-defined networking and a focus on buffer architecture.

New Set of Best of Breed Products: With merchant silicon competing with custom ASICS, a new class of best of breed products has emerged with more to follow during 2012. These products will be pushing the envelope on packet forwarding speed, power consumption, port density, storage enablement and network virtualization, thanks to VXLAN/NVGRE support and software-defined networking.

Software-Defined Cloud Networking: As best of breed Ethernet data center switches get more powerful while consuming less power, these products will need to tap into a growing software base to add value to these networking products. Software-Defined Cloud Networking or SDCN promises to ignite a cycle of innovation that shifts competitiveness to network software that enables firms like Cisco, HP, Extreme Networks, IBM, Arista Networks, Force10/Dell, Avaya, Huawei, Brocade, Juniper Networks, Alcatel-Lucent, Enterasys and others to compete by rapidly adding software features to low-cost merchant silicon-based network products. There are two approaches to SDCN: 1) OpenFlow based that defines an open interface between switches and a controller or 2) hypervisor virtual network controllers that plug directly into switches.

The next Lippis Report test at iSimCity is scheduled for the Spring of 2012. We expect more 40GbE products plus the observation and measurement of the above trends.

Tweet

By Avaya

This White Paper discusses the benefits and applicability of the IEEE 802.1aq Shortest Path Bridging (SPB) protocol, which is augmented with sophisticated Layer 3 routing capabilities. The use of SPB and the value to solve virtualization of today’s network connectivity in the enterprise campus as well as the data center are covered.

This document is intended for technically savvy network managers as well as network architects who are faced with:
• Reducing time to service requirements
• Less tolerance for network down time
• Network Virtualization requirements for Layer 2 (VLAN-extensions) and Layer 3 (VRF-extensions)
• Server Virtualization needs in data center deployments requiring a large set of Layer 2 connections (VLANs)
• Traffic separation requirements in campus deployments for security purposes as well as robustness considerations (i.e., contractors for maintenance reasons needing access to their equipment or guest access needs)
• Multi-tenant applications such as airports, governments or any other network with multiple discrete (legal) entities that require traffic separation

Get the White Paper

Tweet

Just as 10 Gigabit Ethernet (GbE) is going through widespread
deployment in the data center, the discussion has now shifted to even
higher speed interconnects—namely 40 GbE and 100 GbE
By IBM

In July 2006, the Institute of Electrical and Electronics Engineers (IEEE) Higher Speed Study Group was formed to look into the next evolutionary step after 10 Gigabit Ethernet (GbE). In the past, Ethernet speeds would increase by a factor of 10. However, the next generation jump from 10 GbE to 100 GbE has proven to be a technological challenge. Some within the IEEE group felt that 100 GbE made sense for communication service providers and other backbone network providers, but not as a next step for servers—it was simply more speed and expense than would be needed for the near future. While the IEEE initially planned to standardize only on 100 GbE as the next step after 10 GbE, server vendors initiated a push in early 2007 to include 40 GbE in the standard, with the rationale that the effort used to develop 40 GbE would be used for the development of 100 GbE.

In July 2007, the IEEE 802.3ba study group was named, and it is the first standard to include two different Ethernet speeds—the 40 Gbps rate for local server applications, and the 100 Gbps rate for internet backbone—to serve both market needs. In June 2010, the official 802.3ba standard was ratified, opening the field to higher performance in server systems and components, data centers, network storage and systems, high-performance computing (HPC) clusters, data centers, carriers, and the like. This paper provides perspective on the placement and use of 40 and 100GbE.

Get the White Paper

Tweet

by Cisco Systems

It can be easy to forget how much depends on the enterprise network—until you have to tell the VP of sales that he can’t use his iPhone on the corporate network because the appropriate security controls aren’t in place. Or you must tell the CIO that expanding the virtualization initiative to include business-critical applications will severely tax bandwidth. The truth is, nearly everything in modern businesses is dependent on the enterprise network, and every decision you make is based on whether the network can handle it. This paper takes a look at a common pitfall in IT circles that can have a serious impact on the IT decision maker’s ability to say “yes” to new business initiatives. It also offers recommendations for IT organizations that wish to act as business enablers.

Get the White Paper

Tweet

Cisco recently launched its VPN Internal Service Module or VPN ISM, which is a VPN accelerator for the Integrated Services Routers Generation 2 (ISR G2). The VPN ISM allows for greater VPN performance, meaning a larger number of faster VPN connections for both client-to-site and site-to-site communications. This module expands the range of branch office network design options allowing IT designers to architects lower cost and higher performance Wide Area Network (WAN) design paid for by arbitraging WAN facilities/operational cost and capital cost. In addition to the enterprise market, the VPN ISM supports the National Security Agency’s or NSA’s Suite B cryptographic algorithms in hardware, boosting performance of previous Suite B implementations by a factor of three to five, depending upon application. In this Lippis Report Research Note, we review the VPN ISM with a focus on the new WAN design options it affords for both federal government and enterprise IT departments.

The ISR G2’s routing security portfolio is second to none, literally, and Cisco’s 70.3% market share is indicative of the market’s acceptance of this fact. The ISR G2 security portfolio boasts firewall, IPS, a range of VPN services, voice and video security plus the recent integration of ScanSafe cloud web security services. The previous G1 ISR was equipped with a VPN accelerator module, and many Cisco customers have been waiting for the same on the newer G2 platform. They need not wait any longer. The VPN ISM is the VPN accelerator for the ISR G2. The VPN ISM delivers two to three times performance increase, meaning a larger number of VPN connections supported as well as faster VPN processing. While this scaling up of VPN support is important, especially with the boom in mobile devices requiring VPN services, it’s the VPN ISM’s support for the NSA’s Suite B that will further open up federal government spend to Cisco.

U.S. Federal Government and Suite B

U.S. federal government VPN IPsec applications require the support of the NSA Suite B set of cryptographic algorithms. Suite B for IPsec VPN is defined in RFC 4869. The NSA defines a set of Suite B algorithms for a range of government communications spanning from proprietary or personal data, to critical but unclassified, to secret to top secret. In short, if a vendor wants to be part of the U.S. federal government network, it must support Suite B. There is a very large list of vendors that support Suite B at various levels, all of which can be found on the FIPS 140-1 and FIPS 140-2 vendor list here.

As Cisco’s VPN ISM supports Suite B in hardware, it’s highly likely that it’s the fastest implementation in the industry for IPsec applications, but this needs to be verified via independent lab performance test. Cisco claims that its VPN ISM support of Suite B is three to five times faster than its previous implementation.

Enterprise Branch Office IPsec/SSL VPN Design Options

For enterprise branch office networks, the VPN ISM in the ISR G2 delivers VPN acceleration that support a greater number of mobile VPN clients while also reducing backhaul requirements to corporate offices/data centers. In short, IT architects will be able to support a larger number of faster VPNs connections. And with Cisco web access security service, ScanSafe, offloading public cloud VPN connections from corporate networks to the internet, less bandwidth will be used between branch offices and data centers, freeing up WAN bandwidth for private corporate application access and communication use.

The VPN ISM also fits into Cisco’s SecureX architecture. One of the key attributes of SecureX is distributed security enforcement to the closest enforcement point. In essence, security enforcement is pushed out throughout the network avoiding the pitfalls and vulnerabilities of centralized enforcement, delivering security services efficiently via the network. ISR G2 with ScanSafe was a proof point of SecureX’s distributed enforcement architecture attribute. VPN ISM is another proof point. Rather than connecting to a centralized head-end (Adaptive Security Appliance) ASA 5500 residing within a data center for all IPsec VPN connections and slowing down the WAN, a local branch office VPN ISM providing VPN connections offloads some of this IPsec VPN traffic from traversing the WAN. So in essence, the VPN ISM lightens the WAN load of VPN traffic, increases VPN performance and distributes security enforcement to the closest user point of network access.

Site-to-Site VPN Connections

While the above discussion focuses on IPsec VPN support, site-to-site VPN connectivity offers both security as well as the option for IT architects to choose to run IP traffic either over private WAN bandwidth such as MPLS, Frame Relay or private lines, or the internet via broadband connections, etc., to ISPs. The VPN ISM offers a range of site-to-site VPN options, including DMVPN (Dynamic Multipoint VPN) and GETVPN (Group Encrypted Transport VPN). DMVPN is primarily used for internet-based site-to-site VPN traffic via dynamic routing on tunnels while GETVPN is used for the transport of VPN traffic over private WANs via dynamic routing. DMVPN offers peer-to-peer protection while GETVPN offers group protection, thanks to their different encryption styles. Just to round out Cisco’s VPN technology, its EzVPN is the basis for its client-to-site AnyConnect IPsec offering, supporting software client VPN access for mobile and fixed endpoints.

VPN Branch Network Design Options

With the addition of Cisco’s VPN ISM within its popular ISR G2 and the hardware support of Suite B, Cisco should find a warm welcome from the U.S. federal government as it looks to speed up the various VPN connections supported with Suite B. For enterprise IT architects and designers, this module, along with Cisco’s ScanSafe, provides a range of design options to support various kinds of VPN traffic, be it client based for mobile and fixed endpoints or site-to-site. The VPN ISM module ranges in price between $2.0 to $4.5K list, but this module will be acquired via router bundles by most which affords reduction in price by some 20 to 40%. The IT architect could cost justify this upgrade with WAN arbitrage. That is the reduction of backhaul traffic over private WANs and its associated cost trades off WAN facilities operational cost for capital cost, which is usually a favorable trade-off, especially if the capital investment reduces operational cost by 15% annually. But in addition to economics, there is increased performance and greater scale of VPN connections. The tools available to IT architects—such as siphoning off web/cloud bound traffic via ScanSafe, reducing backhaul traffic, distributing security, choice of internet or private WAN VPN, etc.—thanks to VPN ISM, offer a range of WAN/VPN design options to meet various cost reduction and performance enhancement goals.

Tweet

Simplified and optimized service orchestration maximizes the return from a virtualized computing environment
By Avaya

This white paper discusses Avaya’s approach to Data center Networking from a fabric perspective. Virtualization within the data center is now taken for granted, with some declaring that ‘Cloud Computing’ will be the choice of most enterprises and that applications and information will become commodities. Experience has proved one thing; the data center of the future cannot be built on the technology of the past. General-purpose products, outmoded techniques, and legacy designs cannot be re-packaged as ‘data center-ready’. Ethernet is readily available, cost-effective, extensible, and – as the 40/100 Gigabit developments prove – scalable. Find out Avaya’s approach to data center networking fabric by downloading this white paper.

Get the White Paper

Tweet

A third-party business consulting firm analyzed the total cost of ownership (TCO) of Cisco enterprise customer networks, and contrasted that TCO to “good enough” networks from other networking vendors. Key findings:
1) TCO is a better metric than CapEx to assess network cost because it considers the full impact on IT spend, including CapEx, services, labor, bandwidth and energy.
2) The Cisco Borderless Network Architecture can deliver up to 13% better TCO than a “good enough” network, offering compelling value for the strategic Cisco investment.
3) Even if architectural benefits are discounted in the analysis, Cisco is, at most, a 7% TCO premium over other vendors due to IT labor savings and extended product lifecycles from Cisco solutions.
4) The single biggest benefit of Cisco’s architectural approach is labor savings. Labor constitutes 50% of TCO and Cisco delivers 5% to 10% labor savings driven by unified wired and wireless and embedded security.
5) A quality network delivers business benefits beyond TCO, including improved network uptime, higher user productivity and a lower threat of security breaches.

Get the White Paper

Tweet

Power over Ethernet or PoE has evolved from delivering 7 Watts/port to support IP phones to now 60 Watts/port to power a wide range of devices that span WLAN access points, surveillance video cameras, video conferencing end points, IP turrets for financial trading, and now, thin client desktop devices to support virtualized desktops. The current high PoE standard is IEEE 802.3at that details 30 Watts/port, so Cisco’s Universal PoE or UPOE solution at 60W is a pre-standard offering. The key point about UPOE is that it provides a new range of design options in both power distribution, but more importantly, how virtualized desktops and other electronics are powered. Pradeep Parmar, Senior Marketing Manager, Borderless Networks, at Cisco Systems, joins me to talk about the fundamental change PoE is taking, thanks to Cisco’s UPOE solution.

Listen to the Podcast

Tweet

The problems of network configuration changes required when virtualization operations managers need to move a VM between subnets are well documented. There are virtual networking options to solve this problem such as building very large flat networks, tunneling between subnets, and now a standard approach called VXLAN. VXLAN is a special encapsulation mechanism that runs between virtual switches and enables VMs to be deployed and moved on or between any server within the network. VXLAN requires no changes to the underlying IP addressing architecture and should require no major changes to installed infrastructure in the data center. Ken Duda Founder and Vice President, Software Engineering at Arista Networks joins me to discuss VXLAN, the first major protocol of virtual networking.

Listen to the Podcast

Tweet

By all counts, Cisco’s upgrade of the Catalyst 6K via its new Supervisor 2T, or Sup2T, is its most ambitious and thoughtful yet for the venerable platform. The Sup2T is a 2 Terabit (Tb) platform that triples the previous Sup720 performance. Thanks to the support of Virtual Switching System (VSS), the platform allows two 2 Tbps switches to combine into a single 4 Tbps virtual switch. The Sup2T is a major upgrade to the most widely-deployed switching platform in campus and data center networking in the industry. But while these performance numbers are impressive, it’s the new Cat6K’s network services and pricing that deliver most of the value. From a services’ point of view, the Cat6K stands alone.

Cisco’s Cat6K is the firm’s most successful product with over 700,000 systems and 110 million ports installed, worth some $42 billion. This product’s success increases the stakes for Cisco as it introduces a major upgrade. Cisco had to consider backward and forward customer migration, increased competition and pricing pressure especially as many firms are starting to offer core switches based upon merchant silicon. In short, Cisco had to eliminate the trade-off of innovation versus investment protection and find a way to deliver both simultaneously. A detailed review of the new Cat6K with Sup2T finds that Cisco has navigated well by incorporating customer feedback from multiple theaters and industry segments in the form of some 200 features, most of which are incorporated into ASICs, something with which merchant silicon based switching firms cannot compete.

Merchant Silicon versus Custom ASIC

There will be an increase in the number of core switches offered from various vendors during 2012 thanks to the availability of merchant silicon, but these products, for the most part, will be focused on primarily performance while falling short on network services. Network services are hardware and software features that provide the tools, customization and design options for IT architects to optimize their networks and applications to either run faster and maintain secure, reliable, high-quality user experiences whether it’s for video traffic, virtualized desktops, general purpose office productivity or client facing web traffic.

For example, consider something as mundane as counters. In the Cat6K Sup2T and new modules, there are more than two million counters, enough to have separate counters for every protocol, including IPv4, IPv6, multicast, unicast, MPLS, etc. What this says is that Network Operations engineers will be afforded a level of granularity and visibility into the network well beyond anything they previously could gather. But I digress; let’s focus on the big picture of the new Cat6K.

The New Cat6K by the Numbers

The last major upgrade for the Cat 6K was the Sup720-10G in 2007, which was the first management module with 10GbE uplinks. The Sup2T enables 40GbE interoperability and interface speed transition as the Cat6K will support 100MbE, 1GbE, 10GbE and now 40GbE in a modular chassis platform. The performance leap on the 2 Tb portfolio is complemented by a quadrupling, or more, of the NetFlow, Access Control List and Quality of Service capacities of the platform to meet the increasing manageability, security and service demands of enterprise networks. The platform now offers 720 Mpps of IPv4 and 360 Mpps of IPv6 performance, roughly a twofold increase over the previous generation. In a word, the Cat6K scales logically.

What Cisco engineering has done is tripled the performance, quadrupled the platform scalability and added new network services—several of which are industry firsts and all of which protect investment by being backward compatible with these forward innovations. For example, central forwarding line cards that started shipping in 2003 are supported in the Sup2T. The E-series chassis and power supplies that started shipping in 2004 are supported with the Sup2T. For a large segment of the Cat6K installed base, all that is required is the install of the new Sup2T to gain increased performance, scale and network services. This is perhaps one of the easiest refresh offers Cisco has ever made.

Network Services Rich

As for network services, the Cat6K supports some 2,600 features that the market has demanded. Most of these features were developed over time with many firms depending upon them to run their networks. In addition to hardware backward compatibility, Cisco had to be software backward compatible too by supporting these 2,600 features, which are supported in the Sup720 and the wiring closet Sup32, in the Sup2T. Some of these features include IPv6, multicast, NetFlow, MPLS, etc. But clearly the market does not stand still, and Cisco engineering has added some 200 new innovations to the Sup2T, some of which will also be supported on previous versions of supervisor engines.

Interestingly enough is that with backward support of new network services supported on the Sup720, IT architects can choose to move these Cat6Ks down a network layer and place the Sup2T Cat6Ks in the distribution and core, extending the entire portfolio of network services from access, distribution and core. Some of these new innovations are Flexible NetFlow, Role-based Access Control, Virtual Private LAN Service (VPLS), Bridged Domain Technology, etc. Following are a few of the next generation innovations introduced with the Sup2T.

NetFlow: NetFlow scalability in the Cat6K Sup2T has increased fourfold with larger tables being supported in the ASICs. Up to 13 million NetFlow entries are possible in a single system. That is up to eight times the visibility afforded by the previous generation of NetFlow hardware. Over time, most networks will have a mix of 1GbE, 10GbE and 40GbE; this new version of NetFlow introduced sample NetFlow so NetOps does not have to export all traffic to collector, a huge complexity and time reduction. Also NetFlow visibility is now protocol independent, meaning that it does not matter if a network is running IPv4, IPv6, MPLS, Unicast, Multicast, etc. In addition, select modules, rather than the central supervisor, are able to export NetFlow to the NetFlow collector offering yet another way to scale.

MACsec: From a security perspective, the Cat6K Sup2T natively supports MACsec, or IEEE 802.1AE, embedding it within line cards offering line-rate, hop-by-hop encryption and decryption. In addition to the new Cat6K, the Nexus 7K, Cat 3K and Cat 4K currently support MACsec, thereby enabling end-to-end secure communications much like IPSec and SSL but over the LAN.

Role-Based Access Control List (RBACL): Access Control Lists, or ACLs, can now be programmed in role-based scenarios controlling user access to IT resources. Roles can be finance, human resources, marketing, engineering, sales, executive management, etc. Role-based access control allows NetOps to configure which IT resources each user is allowed to access for each type of job role, thereby controlling their access to servers, applications, WAN connections, etc. Role-based access control is an addition to the Sup2T’s ACL Dry Run, which first tests if ACL changes will fit in the ACL Ternary Content-Addressable Memory or TCAM before they go live with the configuration. Using ACL Dry Run will help avoid potential network disruption since NetOps engineers will know whether the ACL changes will be supported in hardware before implementing them. If an ACL change does not pass the Dry Run, then the system will indicate which resources are being exhausted, allowing the NetOps staff to adjust the ACL accordingly.

Network Virtualization: The new Cat6K Sup2T boosts its network virtualization capabilities that enables physical infrastructure to be logically divided. For example, airports, such as Zurich, Munich, Toronto, etc., use network virtualization to change gate attributes as an airline carrier completes the boarding process and transitions the gate to another carrier. They also use network virtualization to separate out kiosk vendors from operations from WLAN AP guest access to airline carrier support, etc. Governments network virtualization to logically segment departments while they share the same physical building/floors/office spaces. Universities use network virtualization to logically segment administration, research, faculty and student interests. Just as with other previously-mentioned capabilities, Sup2T increases the scalability for network virtualization up to fourfold with support for up to 4K MPLS VPNs, 32 instances of (VPN Routing and Forwarding) VRF-lite, native VPLS in hardware, allowing for VPLS-facing interfaces to be any interface in the system, and more.

New Service Modules

Admittedly, the Cat6K with the Sup2T is not the fastest Ethernet switch on the market with 2 Tbps of switching capacity. Cat6K doesn’t need to be the fastest given its place in campus networking and mid-range data centers. However, it does need more than enough performance to never be the bottleneck in IT delivery while providing a wide range of software options to control traffic and optimally design enterprise IP networks. Cisco engineering has done this with 2 Tbps, and 4Tbps with VSS, far greater capacity of most, if not all, campus and mid-range data center networks operating at a range of 10/100/100, 10GbE and soon 40GbE. For higher performance, Cisco offers the Nexus 7K with 9 Tbps of switching capacity for data center switching designs.

To increase performance in the Cat6K, it’s not just the supervisor engine that’s been upgraded. New service modules, such as the new Wireless Service Module 2 (WiSM-2), Adaptive Security Appliance Service Module (ASA-SM) firewall, Network Analysis Module 3 (NAM-3) and Application Control Engine 30 (ACE30) load balancing were introduced to take the Cat6K with Sup2T to the next level of hardware-based services processing. Remember, service modules allow IT business leaders to reduce the number of devices in their network they need to manage, improving energy efficiency and reducing carbon footprint. These new service modules have been upgraded for performance and scalability, as services performance has to scale with network performance. For example, the ASA-SM offers a threefold increase in performance with 15-20 Gbps of stateful application firewalling. NAM-3 has been upgraded in performance by a factor of fifteen, allowing application visibility and analysis at 15 Gbps. The WiSM-2 scales up to 20 Gbps of throughput and support for up to1,000 centrally-managed access points, a threefold increase in performance and scalability.

Integrated and Virtualized Network Services

Unique to a Cisco environment is that service modules and appliances basically share the same operating system, meaning that there is operational consistency between the two platforms. For example, if an IT architect implements an ASA appliance and ASA-SM, NetOps will experience the same operating system, management and look and feel between the appliance and service module. This consistency allows NetOps to best utilize and manage network services independent of physical packaging and network location, thereby increasing operational efficiency and innovation injection. Thanks to network services being integrated into the Cat6K, and the ability to virtualize services, IT architects are afforded design choices where they can regulate the number of appliances versus service modules in their network by choosing to utilize service modules more over time and obtain their green benefits too. Note that the ASA-SM and ACE-30 can be virtualized or divided between users/groups, thereby extending their reach throughout a corporate network and reducing the number of appliances in the process.

Cat6K with Sup2T Pays to Upgrade to 10GbE

From a pricing point of view, it’s best to think of the Cat6K with Sup2T as the device to transition a campus and mid-range data center network from 1GbE to 10GbE. With 1GbE in the access layer, via upgraded Cat4K with Sup7-E and/or Cat3K / 3750X, connected to a Cat6K with Sup2T in the distribution layer providing 10GbE to the core, Cisco estimates that this configuration will be 20% less costly than a similar configuration utilizing the Sup720 and older versions of the Cat4K and 3K. This design provides for 10GbE between access, distribution and core. In essence, Cisco is paying IT leaders 20% to upgrade to 10GbE with a new generation of switching.

Economics plays a large role in network design. From an economics perspective, Cisco is responding to competitive pressure with new pricing and design options with this Cat6K upgrade. While the Cisco Cat6K Sup2T represents increased performance, what IT business leaders will find is that for typical configurations independent of data center or campus, 1GbE, or 10GbE, the overall cost of a Cat6K network is actually reduced by 20 to 25%. For example, the 48 port 10/100/1000 copper line cards were sold in two versions: centralized and distributed forwarding modes. The centralized forwarding mode is priced at $15K and comes with 256MB of memory, while distributed forwarding is $22.5K. New Ethernet line cards (6800 Series) have Distributed Forwarding Card 4 (DFC4) daughtercards by default and come with 1GB of memory that are priced at the same $15K as the centralized forwarding mode cards, closing the price gap between centralized and distributed forwarding mode to the lower cost centralized pricing. IT architects are offered distributed forwarding performing line cards, which are higher performance throughout the system, at a third of previous generation cards. This is but one important example that demonstrates that the Sup2T is a price reduction over Sup720 around 10GbE.

New Network Design Options and Economics

Campus networking traffic patterns are dominated by north-to-south flows, thanks to the centralization of IT application delivery within data centers. While over time, an increase in east-to-west flows may occur thanks to peer-to-peer applications, north-to-south flows are getting thicker and denser especially as the industry adopts virtualized desktop computing and real time video communications. These thicker north-to-south flows are being accentuated as more applications are being hosted in corporate data centers and private cloud facilities for IT complexity and cost reduction. At the same time, enterprise mobile computing has skyrocketed with the adoption of iPhones, Android-based devices and iPads. For example, Gartner predicts that 55 million tablets will be sold worldwide by the end of 2011. Thanks to lower power output antennas on these new mobile devices, the density of WLAN APs are also increasing to provide coverage. This is creating a challenge to roam seamlessly without user experience interruption.

Mobile and cloud computing economics and increasing traffic volume are driving a new model for campus networking. It’s a model that seeks to increase wired and wireless network bandwidth, scale logical networking and extend network services such as security throughout the enterprise network via centralized management control methods. It’s a model that also seeks greater visibility and control of flows to optimize performance and apply resources where needed. Network virtualization, where physical network infrastructure is logically segmented to assign different network attributes to various groups/departments/entities, has become a mandatory requirement in some industry segments. And from a design point of view, high reliability needs to be systemic as all corporate productivity is flowing across this IT asset.

For those with Cat6K-based networks, installing the Sup2T offers a range of new network design options and economics. For example, encryption is now embedded and integrated. Network services are increasingly becoming virtualized, offering greater reach, cost effectiveness and lower carbon footprint. 10GbE and 40GbE speeds can be strategically placed where bandwidth is needed. NetOps is offered a common look and feel between appliances and service modules, reducing operational cost and increasing efficiency. Logical networking can scale to support more IPv6, more WLAN APs and users, greater visibility into the network via NetFlow, greater stateful application firewalling, etc. It’s clear that Cisco engineering has made tremendous efforts on security with TrustSec, taking ACLs to the next level, NetFlow’s deeper visibility, network virtualization via MPLS or VPLS for segmentation and bringing parity to IPv6 and IPv4.

Cisco is paying customers to upgrade to both the Cat6K Sup2T and 10GbE. Obviously, there’s additional capital cost to spend to gain the return, but from a historic perspective, the upgrade cost is a fraction of previous switch generations. With the Cat6K Sup2T upgrade, IT business leaders gain a wide range of network services, some of which are mentioned above, that will prove to be invaluable as IT marches on toward an IT delivery model dominated by mobile and cloud computing with nearly everything becoming virtualized.

Tweet

By Arista Networks

VMWARE VXLAN is a new network technology developed by VMware that enables stateful VM mobility across traditional L3 routed boundaries. This enables more freedom and flexibility in matching workloads to computing power. By enabling a larger, and essentially flatter network while building on top of proven models for stable scaling of networks such as routing and equal-cost multipath forwarding, VXLAN enables any workload to be provisioned on any virtualized host, anywhere in the network that is IP reachable. No longer do routed topology decisions restrict workload mobility.

If you are a VMware and network administrator who is building virtualized networks with more than 250 VMs or want to stretch a virtual machine farm across two data centers or two or more routed domains with full workload portability, then you need to read this white paper.

Get the White Paper

Tweet

By Extreme Networks

Several technology inflection points are coming together that are fundamentally changing the way networks are architected, deployed and operated, both in the public and private cloud. From performance, to scale, to virtualization support and automation to simplified orchestration, the requirements are rapidly changing and driving new approaches to building data center networks. This white paper does an excellent job at articulating cloud-scale network architecture via an open fabric that accounts for all major industry trends.

Get the White Paper

Tweet

By IBM

Data centers are undergoing monumental paradigm shifts. As demand for greater processing continues to outstrip available floor space, rack space, power and air-conditioning, the market has turned to virtualization to use the resources available efficiently. Most networking switches are not aware of VMs. This creates security and availability issues for both server and network administrators as they try to exploit the value of virtualization and manage this new environment. IBM® System Networking offers VMready®, switches. Find out how these switches solve the most difficult VM mobility and visibility problems.

Get the White Paper

Tweet

By Cisco Systems

Enterprise workspace is quickly evolving with new networked devices to improve communication, collaboration, security and productivity. Power over Ethernet (PoE), a way to deliver electrical power over LAN cabling to networked devices, has been widely deployed over the years to provide power to various endpoints. Cisco® Catalyst® 4500E, a market leader of PoE technology, continues to innovate to deliver Universal PoE (UPOE) technology with up to 60 watt power to enable even broader endpoint support, with additional benefits of higher availability, lower OpEx and faster deployment.

This paper provides an overview of the Cisco UPOE technology. It describes how Cisco has evolved PoE technology to UPOE, the use case examples of UPOE to simplify enterprise deployment, and UPOE architecture and operations.

Get the White Paper

Tweet

We have a new app for iPhone, iPad and iPod Touch available on the App Store. Now you can get all of your favorite Lippis Report content in a native app on your iOS device. The app features:

• Update Notifications, so you’ll be alerted when a new Research Note or download is available.
• Easy sorting by download type, so you can get just the type of content you want, when you want it.
• Listen to all of the latest Podcasts directly on your iDevice.
• Read our white papers and Research Notes.
• Watch the latest videos from the Lippis Report.
• Easily share content via your Twitter, Facebook or Email account.

Follow the link above for the free download.

Visit the Link

Tweet

Back in November of 2009, I wrote Lippis Report Research Note 136 titled “HP Plans to Acquire 3Com Accelerating a New IT Convergence Era.” In that Research Note, I wrote

“When 3Com is fully integrated into HP what kind of networking revenue and market share can HP gain? ProCurve + 3Com is approximately $2B of revenue now. With the existing product lines can HP generate $5B, $10B or more of network revenue over five years? Time will tell.”

Well after nearly two years, HP Networking or HPN’s North America (NA) layer 2/3 Ethernet switch market share by revenue is nearly the same, bouncing between 5% and 6.1%, according Dell’Oro, with HPN’s Q2CY11 NA switch revenue share being down to 6%. Considering HPN’s limited results after significant investments in sales, channels and marketing, including its “proof-of-concept” plus “A Catalyst for Change” Cisco Trade-in program, not to mention engineering investment, the question is can HP make it in networking? We attempt to answer that question in this Lippis Report Research Note.

Market Share Analysis: 2% Growth Comes from Asia and RoW

HP had approximately 6% WW (Worldwide) layer 2/3 Ethernet switch market revenue share with its ProCurve product line before the 3Com acquisition, according to Dell’Oro. Post 3Com acquisition, HPN’s WW Ethernet switch revenue market share rose to approximately 10%, thanks to 3Com’s 4% share contribution, and stayed that way for three quarters until Q1CY11 where an additional 2% was gained thanks to increases in APR (Asia and Pacific Rim) and RoW (Rest of the World) theaters, according to Dell’Oro. In short, HPN’s NA switch market share has been flat since it acquired 3Com. From a WW switching perspective, HPN’s share of ports has also been flat with 20% share in Q1CY10 to 20.2% share in Q1CY11, according to Dell’Oro. In this same period, NA share of ports has been on a steady decline but with HPN maintaining share thanks to gains in APR and RoW.

In short, in nearly two years, HP gained 2% of WW layer 2/3 Ethernet switch revenue market share, all of which came in Q1CY11 and held during Q2CY11, according to Dell’Oro, and is directly attributed to APR and RoW markets. Its bright spots are in routing and WLANs, which increased 2.5% and 2.2% in revenue share, respectively, between Q1CY10 to Q1CY11. Its IPS/IDS revenue share has been steadily declining, losing .3% share over the same period.

Yes, it’s very difficult to gain share in an established market as HPN has discovered. HPN’s value proposition has been grounded as a lower cost alternative to Cisco, a firm that’s greater than 20 times HPN but sells architected solutions.

Huawei Could Shut Down APR and RoW

HPN’s growth is coming from APR and RoW theaters, which is understandable considering that HP obtained H3C, the once Huawei/3Com joint venture (JV) when HP acquired 3Com. Remember that Huawei and 3Com entered into a JV back in the early 2000s called H3C with the hope that H3C could produce lower cost networking products that 3Com would sell in NA while opening up the Chinese market. In Lippis Report Research Note 16, Bruce Claflin, 3Com’s then President and CEO, had hoped that H3C would deliver success much like Amdahl did over IBM in the 1980s and 1990s when Amdahl gained huge market share from IBM in the Front End Processor (FEP) business by offering similar products priced well below IBM.

Fast forward to late 2006 when Huawei agreed to sell its stake in H3C to 3Com. Huawie had a non-compete agreement with 3Com post the sale of its stake in H3C, which has since expired, allowing Huawie to more aggressively and organically pursue the Ethernet switch market. And it has, as in early 2011, Huawie announced a new Enterprise Business Division.

Surprisingly H3C’s massive product portfolio has not made it into the HPN NA channel, partly explaining HPN’s flat NA share growth. H3C’s products were to be HPN’s competitive advantage. More alarming for HP, however, is the prospect that Huawie’s Enterprise Business Division will bring its enterprise product portfolio right to H3Cs Asian customers, cutting off HPN from this bright spot. Also when H3C was partly owned by Huawei, the Chinese government was tremendously supportive of H3C, but since H3C is 100% owned by HP, the Chinese government has no incentive to support H3C and will more than likely shift its support to Huawie when its Enterprise portfolio is ready. The danger here is that in the quarters to come, HPN’s APR and RoW market could start to dry up. Much of the future growth for H3C had been pinned on continuing its China dominance. But wait it gets worse.

Huawie is threatening to hijack Bruce Claflin’s and now HPN’s low cost networking value proposition and use it for its own advantage. First Huawie will more than likely go after the H3C installed base in Asia then onward to NA and Europe. One possible scenario has HPN competing with Huawie as to who is the lowest cost provider of networking. This would push HPN up market and force it to change its value proposition to an architected solution, where it will find Cisco. HPN has started to move in this direction with its recently announced FlexNetwork Architecture. This scenario would, in essence, squeeze HPN between Huawie on the low end and Cisco on the high end. If networking gets into a price war game, Huawei could out low price HPN and that should be the major concern to HPN as it represents an estimated $800 million a year in revenue.

But Huawie will face stiff headwinds in NA as Huawei has a credibility problem with most North American buyers. IT business leaders know it as a low cost provider and that Cisco did a good job of raising the visibility of how Huawei tried to steal intellectual property source code. Therefore, while Huawei could have some impact in NA, the most immediate opportunity for Huawei enterprise is in China, specifically the install base that H3C had built.

Lacking Data Center Network Strategy and Products

HP certainly has product to support one of the most comprehensive data center visions in the industry. HP has servers, storage, a huge services group and network products. HPN’s FlexNetwork architecture is an interesting vision if an IT architect wishes to extend a fabric across an entire campus, branch and data center but the underlying architectural detail and products are missing. The A12500 series has been available for two years, but not in NA in any great numbers. HPN recently said that it will be available in the 2H2011. The new A10500 data center switch was announced in May but is scheduled to ship some time in the second half of 2012. HP’s networking strategy in highly virtualized data centers is limited to its Virtual Connect product. HPN’s data center networking share according to Infonetics, and UBS is estimated at 6% versus Cisco’s 81%. This is where the networking market is at its hottest versus HPN’s strong hold in education and low cost networking.

For a company with the portfolio size of HP and its strength in data centers, it’s curious that HP is the only mainstream network vendor that doesn’t have a good data center fabric story. Cisco clearly does, as does Brocade, Juniper, Extreme, Dell/Force10, Arista Networks, Alcatel Lucent, IBM, Mellanox, etc. HP doesn’t, and it’s surprising, considering its large position in the data center market. It would be refreshing to hear HP communicate what a unique HP data center architecture looks like tied into mainstream industry pain points.

How Can HPN Win?

How can HPN turn this around and participate in an effective way, utilizing its deep assets of broad product line, services, software, support, brand, financial strength and low price points to bring value to both customer and shareholders? Certainly HPN has product but it needs to bring the H3C products to NA and wrap the services group around them. HPN needs high performance and low latency 10GbE and 40GbE data center switching products since 10GbE represents some 25% of the total Ethernet switch market and growing, according to Infonetics. HPN recently announced a family of Top of Rack (ToR) switches called the 5830-switch family targeted for 2H2011 availability, but few details are available. HPN should consider acquiring Arista Networks, which may cost it two quarters of switching revenue but would add between 5 and 10% to its switch revenue and plug a major hole in its networking product line.

In addition, HPN needs leadership consistency as HPN has transitioned leadership from Marius Haas, previous HPN GM who left HP for KKR in May, to now Bethany Meyer, a marketing executive who is interim SVP and GM of HPN. Bottom line: HPN needs to create leadership stability. The first order of business for whomever is to lead HPN should be to communicate what the unique HPN vision is as it’s still not clear to the market. In short, what is it about the HP data center and HPN that’s going to create a competitive advantage over Cisco, IBM, Dell and Oracle other than low cost. For example, consider Cisco’s data center vision, which is very clear. Cisco’s data center business advantage architecture is a system’s approach that bundles products together to deliver business outcomes.

The above is a straight-line approach to winning an established game, but HP needs to do something big and radical that is out of the box but meets market needs. It could consider acquiring Xsigo, a firm that recently released its server-based fabric as an alternative to processing at the network layer. This could be an approach that disrupts what networking actually is in the data center. HP would best be served to develop a compute centric view of the world. Clearly some IT business leaders will buy into this model while others may not, but one thing is certain and that is data center computing buyers tend to be closer to the CIO, offering HP a potential competitive advantage.

HPN needs to develop a new vision for computing and networking, and deliver it via a bold strategy and vision that’s disruptive rather than “we sell cheaper than everybody else.” HP has the brainpower and financials to develop a disruptive approach to data center networking; they just need the thought and executive leadership. In short, HPN needs to lead this industry and not just be a fast follower.

Tweet

By IBM

Use of Ethernet as a switching fabric provides servers with a single connection and can greatly reduce the amount of equipment required in the data center. Companies with storage networks are switching from Fiber Channel to Ethernet-based storage solutions that use 10GbE. This trend is accelerating now with lossless DCB or Data Center Bridging Ethernet products such as IBM BNT RackSwitch G8124. With the adoption of the new DCB Ethernet protocols, Ethernet switching fabric can offer the technical features and the economic value necessary to become the switching fabric of choice for data center networking, storage and clustering. Find out how by downloading this white paper.

Get the White Paper

Tweet

By Cisco Systems

Hundreds of Cisco customers have debated the trade-off of prioritizing the lowest price for a point product or service in their network over a strategic plan for how they architect their network infrastructure. Through interactions with many customers, Cisco has analyzed various network designs and implementations. Our findings show that although there is a place for building a low-cost tactical network, the ongoing operations, upgrades and lack of preparedness to meet new business challenges prove to be hindrances to organizations in the long run. Rather than just considering capital cost, organizations are well served to look at total cost of ownership, including operations and return on investment plus business capabilities enabled by a strategic network, as they build out their networks to address business needs today and tomorrow. Forrester Consulting Group provides an excellent analysis in this paper too.

Get the White Paper

Tweet

On Tuesday Auguest 16th a week before HP’s news of potentially exiting the PC business, Zeus Kerravala, Senior VP of Research at the Yankee Group and Andre Kindness Senior Analyst at Forrester Research joined me in a round table discussion to reflect on HP Networking. We assess HP Networking’s progress since it announced the acquisition of 3Com back in Nov of 2009 and its prospects for the future. In a word our mutual assessment is disappointment with major short and long-term threats from Huawei. But there is hope for the future if HP can create a bold new vision for the industry and execute it. If you are going to listen to one podcast this year about HP, this should be it.

Listen to the Podcast

Tweet

In Lippis Report 172, I mentioned three huge trends that are starting to interact with each other creating a perfect storm that is gripping the tech industry. One of those trends is the creation of a software ecosystem in the networking market, thanks to the Clean Slate program out of Stanford University that has spawned the Software-Defined Networking (SDN) initiative and open controller protocol called OpenFlow. I spent a week in the Valley talking to people at Stanford and many industry executives from Cisco, Juniper, Marvell, Big Switch, Nicira, Arista, IBM and others. In this Lippis Report Research Note, I share with you what I learned. OpenFlow-based SDN is being both hyped and in its current state, limited, but it does represent a new paradigm that has the industry abuzz, filled with possibilities.

Centralized Controller Model

OpenFlow is a protocol, or API, that modifies forwarding tables in network switches. It sits between a switch and controller. The controller can run on a centralized computer/server that has an Über view of the network and its topology. When a packet enters a switch and the forwarding table does not contain a path for the packet, it’s passed to the controller. The controller then searches the packet’s destination address and defines a table entry with associated attributes to create a path through the network, which the packet and subsequent packets are to follow. The controller then sends a message to each switch in the path the packet will traverse via the switch’s OpenFlow API, which modifies the switch’s forwarding table. Every subsequent packet with the same destination address will then be forwarded based upon this table in cut-through mode. The first store-and-forward stage takes about 50ms; yes, a long time, but it can be significantly shortened. Subsequent packets being forwarded in cut-through mode travel at switch latency, which for 10GbE Top-of-Rack (ToR) switches is between 500ns and a few microseconds.

Now this search method is a bit controversial as some claim that all that the controller needs is a large TCAM to compute the table flow. Some worry that a Cartesian explosion may occur, corrupting the calculation, but this is an engineering problem with an engineering solution, perhaps via multi-staging the flow tables.

This centralized controller model can scale as has been proven in distributed computing models used by all the major cloud providers. An example at Stanford demonstrated that a network of 35,000 PCs with approximately 2,000 switches generated 15 to 20k flows/sec. A controller can support 2M flows/sec at half a 2007 PC processor capacity. Further, modern 48-port ToR switches can request 100s of flows/sec with controllers supporting 2M flows/sec, which means that a single controller can support 10s of thousands of ToR switches. In short, a centralized controller-based OpenFlow SDN can theoretically scale.

How an OpenFlow SDN Is Different than Today’s Network Architecture

The above model departs significantly from today’s network architecture in a few key ways. First there is the concept of a centralized controller(s) versus a distributed packet forwarding architecture based upon topology discovery. There may be separate links for control and data plane communications, which would also be a significant departure from today’s single physical network that supports both control information and data forwarding. There is no layer 2 and 3 construct in an OpenFlow SDN, which has been the semantics of computer networking over the past twenty plus years.

Software-Defined Network Ecosystem

Further, on top of the controller is another API, yet to be fully defined, that enables application developers to write network applications without knowledge of the underlying network structure. In short, the API abstracts the network, allowing the programmer to focus on what she/he needs to accomplish versus how to configure the network to comply. The creation of a software ecosystem creates the possibility of a new network paradigm where low cost Asian switches populated with SDN software force an economic collapse of the existing network market. While this is highly unlikely, it does warrant careful observation and mitigation planning on the part of established vendors.

An OpenFlow SDN offers significant differences, which is why there is such excitement surrounding OpenFlow. The genius of the approach is the separation of data and control plain so that SOA-based application developers and researchers can layer applications onto the network, injecting innovation at speed via a software ecosystem. Further centralized controller-based networks such as the national cellular network plus dense compute management have proven to reduce operational cost and increase control in complex systems.

There is an industry group called the Open Network Foundation, or ONF, that is promoting the use and interoperability of OpenFlow SDN enabled switches. The above OpenFlow SDN example is primarily an academic description as OpenFlow is well regarded as the leading open implementation to date for providing SDNs within the research community. But there will be many networking concerns introducing controllers that reside in the switch. Further, the definition of a controller is a bit vague as some define it as a network operating system, such as Cisco’s IOS or NX-OS, Juniper’s JUNOs, Arista’s EOS, etc., while others define it as a management entity, performing configuration changes. But before we dive into this, let me explain a few problems that an OpenFlow SDN may solve.

Innovation at Speed: The institutions that were created to assure interoperability and inject innovation into our industry have become too cumbersome and slow such that networking has fallen behind compute and storage advances. The way innovation is injected into networking today is that a proposal is made to a standards group, such as the IETF, IEEE, etc., and all interested parties compete for the best ideas or technical advantage. This process can take a few years just to modify a few bits in the header of a packet. Then, once the standard is completed, companies build to it, which can take another eighteen to twenty-four months. This approach is not serving the industry any longer, and there needs to a more rapid way to inject innovation. An OpenFlow SDN promises such an approach where applications can be added to the network rapidly, thanks to the abstraction of layer 2 and 3 forwarding.

Traffic Engineering: Fine-grained traffic engineering utilizing a variety of forwarding actions is an application that service providers and enterprises seek to optimize application performance.

Tagging vs. Table Manipulation: There is much agreement in the industry that the network has become too ridged in virtualized data centers, restricting the movement of VMs between racks, data centers, etc. Further, as appliances such as firewalls, load balancers, IPS, etc., have become virtualized, there needs to be a method to steer traffic to them to service an application. The industry has responded to this by proposing the placing of tags on packets to guide its path to the right VM, appliance. An OpenFlow SDN implementation could simply modify switch-forwarding tables to guide the application through a chain of appliances mitigating tagging and offering applications appliance servicing within highly virtualized infrastructures.

The Real World

An OpenFlow SDN is new, and it’s unrealistic to think that it’s without challenges; here are some OpenFlow challenges.

Trust: The single largest issue an OpenFlow SDN has is trust. Will IT business leaders trust it within their networks, especially their data center? If a controller is sourced from a new company, how comfortable will the IT team be that it’s modifying switch-forwarding tables? How many controllers are needed for a particular load? What will the support model be? How complicated will it be to manage multiple controllers?

Interoperability: The current construct of OpenFlow requires knowledge of the switch’s hardware semantics of L2/L3/VLAN architecture; therefore, each controller implementation may be different and thus unclear how controller interoperability is achieved. Further, it’s unclear how applications written for one controller will work on another.

Network Stability: This issue may be linked with trust, but it’s unclear why a third-party controller should search packets to define a path through the network topology. Rather, why not use existing network operating systems for what they are good at—topology discovery, etc.—so that IT business leaders are more comfortable running OpenFlow-based SDN applications on top of a stable network. In short, will OpenFlow controllers introduce instability?

Controller Placement: If we take the definition of a controller to include existing network operating systems, then there will be both distributed and centralized controllers within a network. From a design point of view, how does an IT architect approach distributed versus centralized controllers and what are the trade-offs?

It’s unfair to expect that a new approach to networking would have the above issues all sorted out before deployment. These are not barriers to entry but rather challenges that the OpenFlow SDN community will work on over the next one to two business cycles. Let me be clear…OpenFlow-based SDN is a very big deal and is being embraced by all vendors including established firms and start-ups. What is driving most companies is the promise of a software ecosystem to inject innovation and value into their network products.

Established firms will support OpenFlow SDN via OpenFlow client reference implementation within their switches but will add proprietary extensions that differentiate their OpenFlow version from others. Cisco, Juniper, Arista, et al, will differentiate based upon how much of their network operating system they expose. Established firms should have an advantage over smaller ones in attracting software developers as their installed base is much larger.

Tweet

By Ken Won, Force10 Networks

Most IT organizations have implemented server, storage and/
or network virtualization to some degree, but to fully realize
the benefits of virtualization, IT organizations need to consider
adopting all three in an integrated manner. Server virtualization for
x86 servers has been around for about a decade, and is relatively
mature. Storage virtualization is not quite as mature, but numerous
storage virtualization products are available today. And while
network virtualization in the form of VLANs and VPN has been
around for many years, new types of network virtualization are just
now being introduced to the industry. In this white paper, we’ll
take a look at virtualized servers, storage, and networking, and see
how automated network switching helps unify these environments
into a cohesive whole.

Get the White Paper

Tweet

By Nicholas John Lippis III

IT business leaders are demanding a unified policy-driven
management strategy for network access and security, mobile
endpoints including iPads, tablets and smartphones. A holistic
network approach is the unification of these management assets
to simplify operations and shift control to IT leaders. A holistic
network approach from Cisco Systems is to streamline NetOps
through the automated orchestration of policy, management and
infrastructure. In this model, network administrators will not have
to access multiple different management systems to collect data,
correlate it manually and then attempt to identify problem location.
One management system, Cisco Prime NCS with integrated
links to ISE delivers this service to NetOps drastically improving
network visibility and reducing troubleshooting time through a
client- or user-focused approach to managing corporate networks
in the age of mobile and cloud computing.

Get the White Paper

Tweet

By IBM

This white paper provides a summary of how IBM® Tivoli®
Storage Productivity Center supports the IBM System Storage®
SAN Volume Controller. This information is intended to describe
the management capabilities of Tivoli Storage Productivity Center
in a virtualized storage configuration.

Get the White Paper

Tweet

It seems like every week or so there is news of a massive cyber attack where criminals get away with stealing credit card and other personal data on the order of tens of millions of individual records. Sony, Bank of America, Epsilon, Nintendo, the International Monetary Fund, the US Senate and CIA are but a few of the targets for high-profile cyber attacks that took place in 2011. According to a recent study by the Ponemon Institute, “cyber attacks have recently become more harsh and recurrent. At least 90% of the IT practitioners surveyed claimed that they had experienced one or more cyber breaches within the last year, and 89% of these respondents could not identify the source of these breaches.”

To mitigate and avoid these breaches and protect credit card information, the Payment Card Industry (PCI) Security Standards Council issued PCI Data Security Standard (DSS) 2.0 in late 2010. The emphasis of PCI DSS 2.0 is two-fold: 1) provide increased protections not addressed in the previous standard (i.e., wireless and virtualized infrastructure) and 2) maintain compliance. As all of the breached organizations above were in compliance at some time but failed to maintain it, this exposed their customers to hackers and ultimately being breached. In short PCI DSS 2.0 is about being vigilant about maintaining security.

In the data center, virtualized servers are now defined within PCI and guidance is given on how to secure them given that all hypervisors are deemed insecure. In addition, wireless detection methods were expanded to address the variety of retailer capabilities.

IT business leaders who support any organization that stores, processes or transmits credit card data are required to ensure PCI 2.0 compliance not only during an assessment but continually to avoid the fate of the above-mentioned organizations. The key to a successful PCI assessment is to simplify this major effort. Some tech firms are assisting this effort through validation and assessment of compliance prior to installation. In this Research Note, we review Cisco’s PCI Solution 2.0 as it offers a unique network-based approach that is comprehensive, holistic and end-to-end. It has been tested in a simulated retail environment and assessed for compliance by a Qualified Security Assessor, QSA, and Verizon Business.

Cisco’s PCI Solution 2.0

The Cisco PCI Solution 2.0 is built on network security best practices, proven Cisco products and partner technologies that meet Payment Card Industry security standards. Because PCI covers many parts of the network, no single product or technology meets all PCI technology requirements. Therefore Cisco’s updated PCI Solution 2.0 is an architectural approach that maps to the updated PCI DSS 2.0 requirements. This comprehensive perspective allows retailers to see the bigger picture to prepare and design across the relevant parts of the enterprise. Cisco’s PCI Solution 2.0 is a holistic approach as it spans an end-end architecture.

Cisco’s approach provides templates and services that simplify PCI compliance. This simplification enables customers to maintain compliance year round, not just during assessments. Detailed information, including product configurations from validation efforts, is included in the Cisco PCI Solution 2.0 Design and Implementation Guide (DIG) to provide additional guidance and best practices.

Simplifying PCI Compliance

As a first step toward simplifying compliance, Cisco recommends segmenting the IT infrastructure and isolating cardholder data from the rest of the network. As with any complex problem, breaking a problem down into smaller solvable pieces reduces the complexity and simplifies the solution. Cisco’s approach reduces the scope of audit via network segmentation. Without network segmentation, the entire IT infrastructure is in PCI scope, which drives cost and complexity significantly upward. While segmentation sounds easy, it’s a bit more challenging in a virtualized data center infrastructure.

PCI Compliance in the Virtualized Data Center

Most IT business leaders are challenged with complex PCI audits within virtualized infrastructure as well as rogue wireless access detection. These two areas, virtualized infrastructure and rogue wireless access detection, tend to be the two largest pain points. Confusion around virtualization and security has existed for several years until the PCI standards body clarified that all hypervisors are considered insecure. With so many organizations having virtualized their data centers, this detail results in extra compliance considerations to protect cardholder data. Before virtualization, traditional infrastructure could be easily protected with a firewall appliance, as this device was placed directly in the path of traffic. In highly-virtualized environments, traffic is not as well-behaved, offering IT managers a challenge to restrict cardholder data.

Cisco’s Virtual Security Gateway (VSG), along with its Nexus 1000k virtual switch, intercepts and steers traffic to either VSG or firewall appliances before it gains access to cardholder data, providing a means for segmentation and access restriction in virtualized data centers.

Therefore to be PCI DSS 2.0 compliant, both physical and virtualized infrastructure need to secure and restrict access to cardholder data. Cisco does this with both its own VSG solution as well as with technology partners such as EMC, VMware, VCE and HyTrust.

Rogue Wireless Access Detection

Rogue access point detection is a PCI requirement. Even if a merchant does not use wireless technology within its stores, it still must have a method for detecting unauthorized access points that may have been inadvertently or maliciously deployed. The PCI Council expanded the flexibility of the requirement to allow for several methods, including Wireless IDS and NAC/802.1x to detect rogue wireless access points.

Unified Wireless and Cisco’s Identity Services Engine (ISE) technology offer technical solutions for these methods that have been validated by Verizon Business to successfully address these requirements. In addition, Cisco offers CleanAir technology, which monitors the entire frequency spectrum, surpassing the security requirements of PCI.

Risk Management

While a portion of PCI compliance is addressed through technology, it’s also addressed with process and compliance audits. One of the largest challenges is to maintain compliance between audits. Many retailers seek the lowest cost solution to achieve PCI compliance during the audit, but this may very well be penny wise and pound foolish. For example, some retailers conduct a visual inspection of Ethernet switches quarterly to ensure that unauthorized wireless access points are not connected into the corporate network, thereby opening a door to rogue access. The difficulty of this approach is that quarterly physical scans only work during inspection day. The day after the quarterly scan someone can plug in a wireless access point, putting the site and cardholder data at risk until the next quarterly inspection. A more continuous and secure approach is the implementation of wireless IDS, IPS, CleanAir and ISE, where every single wave is monitored and wireless devices plugged into the corporate network are detected assuring continual PCI compliance.

How to Approach PCI Compliance?

PCI can be an overwhelming topic. How do IT and small business leaders approach PCI compliance? To simplify PCI, Cisco offers three recommendations.

Recommendation One: Reduce PCI Scope. Scope means all systems and people that are touching cardholder data (i.e., firewalls and IT administrators). Are there people accessing cardholder data who shouldn’t be? If they are, then remove their access by restricting access to the systems that contain cardholder data. Are there systems or applications or networks that are touching cardholder data that don’t need to? Segment and narrow the scope of the Cardholder Data Environment (CDE) with network addressing and filters to decrement the risk as much as possible. If the CDE is smaller, the cost of the audit will be smaller as will be the complexity of maintenance. Standardizing network and system architectures across branches can also decrease cost and complexity as it allows auditors to sample same store/branch footprints and data center designs.

Recommendation Two: Secure the Perimeter. With a new smaller PCI scope implemented, the perimeter of that scope needs to be secure. Firewalls configured to only allow business-justified access to the cardholder data environment and IDS need to be installed. In addition, administrative access to this environment needs to be locked down to the bare minimum with complete logging for audit trails.

Recommendation Three: Maintain and Simplify. It’s not good enough just to segment and reduce the scope of cardholder data and then protect the perimeter. IT business leaders need to maintain and simplify their PCI recommended implementation. Cisco’s solution utilizes RSA technology to provide real-time alerts, tuned logs and compliance management dashboards that assist in maintaining compliance. The firms mentioned in the opening paragraph were all in compliance at some point in time, but they were not when they were breached. So take these requirements seriously.

Implementing a PCI Solution 2.0

The above three recommendations will go a long way toward reducing cost and keeping an organization’s systems PCI compliant. Cisco has made a huge commitment in its thoughtful approach to PCI DSS 2.0 compliance where it offers an end-end architecture that has been assessed and documented. A critical element of the Cisco PCI Solution for Retail 2.0 is Cisco network architecture and validated network designs. Cisco network architectures have been designed for stores, enterprise data centers and the Internet edge to support e-commerce operations, store employees, customers and teleworkers. Cisco’s PCI solution also supports wireless 3G technology deployments and multiple store formats, including pop-up stores, and convenience stores, in addition to typical small, medium and large stores.

Cisco’s PCI Solution 2.0 offers thought leadership for those seeking to simplify their PCI deployments; Cisco’s new PCI DIG is an in-depth, roadmap for organizations looking to achieve PCI compliance. It addresses technologies such as virtualization, wireless and mobile payments. As the number of high profile and alarming plus brazen cyber attacks occur, IT business leaders would be well-served to review Cisco’s PCI Solution 2.0 and Design and Implementation Guide.

Tweet

By Frost & Sullivan

The world is becoming increasingly mobile, and businesses are feeling the impact of managing PCs, smart phones, desk phones and tablets. Equally important are the effects of consumer mobility trends on businesses’ IT agendas. Learn how to keep costs in check, boost user productivity, deliver a consistent experience, and maintain a single, manageable corporate identity for all end-users.

Get the White Paper

Tweet

By (IDC) 

The consumerization of IT is helping to drive a shift towards collaborative applications convergence. Employees want to plug their consumer technology experiences into their daily work lives. Particularly, IDC believes the industry is on a trend to combine key technologies, such as email, instant messaging (IM), team workspaces, video, voice, Web conferencing and social features into a single “superset” user environment. This Technology Spotlight discusses collaborative applications and explores the role that Avaya plays in this increasingly important market.

Get the White Paper

Tweet

By Cisco Systems

The Payment Card Industry Data Security Standard (PCI DSS) Version 2.0 has been released, providing clarification and reinforcing the need for merchants and other organizations to identify all system components, people and processes to be included in a PCI DSS assessment. Simply achieving device and system compliance is not enough to protect your retail business and your customers. Cisco® PCI Solution for Retail 2.0 helps you:

• Address current PCI compliance requirements
• Protect customer data in your data center, stores, Internet edge, contact center and between partners, such as payment processors
• Simplify compliance
• Offer guidance on security best practices

Get the White Paper

Tweet

Avaya has expanded its cloud networking product portfolio with the Virtual Services Platform or VSP 7000, a 10GbE Top of Rack (ToR) Switch and its new Virtualization Provisioning Service or VPS management software.
The VSP 7000 boasts a multi-Terabit Fabric capable of horizontally stacking many 7000s, offering a new approach to server connections. The VPS virtualization management application provides visibility and automated control of virtualized infrastructure. VPS is designed to provide NetOps and SysOps shared visibility of physical, logical and now virtual IT assets. Dan DeBacker, Director of Data Solutions Architecture at Avaya, discusses the new VSP 7000 plus VPS and the new data center design options they afford.

Listen to the Podcast

Tweet

In Cisco’s Data Center Fabric, it has delivered a set of features and innovations that solve some of the most difficult networking challenges found in virtualized infrastructure. IP address and VM mobility plus adapter and VM Fabric EXtenders (FEX) offer increased support for virtualized data center infrastructure, offering designers flexibility to move virtualized assets independent of location. These innovations are proposed by Cisco that promises virtualization aware networking, lower cost and increased performance. Omar Sultan, Senior Manager, Data Center Architecture at Cisco Systems, and I discuss Cisco’s new data center virtualization tools.

Listen to the Podcast

Tweet

Two years after Cisco launched its Unified Computing System it has 5,400 customers, holds the #3 market share ranking for x86 blade servers WW, behind only HP and IBM, according to IDG and recently broke numerous world computing performance benchmark records. While UCS has leaped frog competitors with performance plus memory and I/O capacity the most important aspect of UCS is the business value it drives. I explore this topic with Todd Brannon, Senior Manager for UCS marketing at Cisco Systems about the vision and strategy of Cisco’s Fabric Compute and the value its customers are gaining from its use. Todd brings great customer examples to this podcast, which is a must for any IT leader evaluating a data center fabric.

Listen to the Podcast

Tweet

The tech sector is at a crossroads. In just 18 short months, mobile and cloud computing has fundamentally changed business assumptions and technical underpinnings of IT delivery. And in the process IT business leaders are fundamentally changing their buying requirements and corporate IT investments challenging existing vendor relationships. The tech sector served up corporate IT along technical lines of computing, networking, storage and applications, but these lines are blurring as every major multi-billion dollar IT firm now seeks to deliver vertical offerings comprised of a single rack of compute, storage and networking to address scale and simplicity associated with the new mobile and cloud computing models. Cisco, IBM, HP, Dell and Oracle all are repositioning their data center offers to address the market opportunity and shift to assist IT leaders building iBusinesses. In this Lippis Report Research Note, we dive into Cisco’s Data Center Fabric as it’s the furthest along at integrating compute, networking and storage access for corporate advantage offering a glimpse of IT’s future.

What’s driving a new fabric or structure of data centers is rooted in the interplay between technology and business opportunity. The efficiency of server virtualization to reduce energy consumption and increase server utilization drove its massive deployment that was boosted by an economic cycle starving for efficiency. At nearly the same time, mobile computing, thanks in large part to Apple’s iPhone and iPad plus Google’s android- based devices, introduced a new tier of computing that unleashed increased corporate productivity, evident in today’s productivity boom. Equipped with a new IT delivery model that is both more flexible and centralized, IT business leaders have begun en masse to build private cloud facilities.

The iBusiness

The end result is the construction of iBusinesses that possess simultaneously lower IT cost and the ability to quickly address market dynamics, thanks to faster application deployments plus a nimbler and mobile workforce. While it’s too early to aggregate the benefits of iBusiness in terms of productivity improvements, market share gains, IT expense as a percentage of corporate revenue and other metrics, early adopters are experiencing improvements that span IT departments and most importantly, corporate operations.

In short, a Data Center Fabric of compute, networking and storage reduce IT operational cost, the largest budget component of IT Total Cost of Ownership (TCO) and provide the foundation for a faster responding business that is able to exploit the value of mobile and cloud computing to corporate advantage.

Data Center Fabric Requirements

A core set of data center fabric requirements is emerging, thanks to early adopter deployments that possess the following attributes fundamental to iBusinesses.

Scale: Computational density is increasing at a fast pace with the ability to support hundreds to hundreds of thousands of servers per data center. This increased density of computing is also driving higher virtualization ratios as the ratio of virtual to physical servers is increasing from 10:1 to soon 60:1, which taxes the logical network of MAC address, /32 IP host route table size and ARP entry size. The ability to support both east-west and north-south traffic flows over an increasingly 10GbE and 40GbE low latency, non-blocking, high performance network fabric has become paramount as small queries from mobile devices drive a tsunami of east-west plus north-south data center traffic flows, all of which must be combined and transmitted back to the mobile device at millisecond speeds.

Mobility: As virtual machines (VMs) are moved within and between racks of computing and between data centers plus between private and public cloud facilities, the ability of the Data Center Fabric to support such moves is fundamental. VM aware Data Center Fabrics support VM mobility, allowing IT business leaders to maximize efficiency while enabling a degree of freedom to move containers of IT workloads (data, applications, VMs) as business requirements demand.

Consolidated IO: A significant cost reduction strategy and performance enhancement is the deployment of a single physical 10GbE and soon 40GbE network that supports both storage and network traffic. Cost savings is found in reduced cabling requirements, storage and network switches as well as server network and storage interface cards.

Consolidated Management: As compute, storage and networking converge into a single virtualized Data Center Fabric, the ability to manage these resources across operational groups become increasingly important. Not only is the technology converging, but IT organizational design is under review to focus this human resource into a services organization rather than siloed technology departments. The ability to manage the Data Center Fabric as a centralized resource that is partitioned to unique IT departments is an aid to organization re-design. It’s very helpful that a common look and feel for all resources be available so as to hasten a learning curve and accelerate cross-discipline service delivery.

Cloud Enabled: The combination of the above attributes results in a Data Center Fabric that is cloud-enabled, meaning that containers of workload are movable not only within a data center but also between them and into private and public cloud facilities. The ability to move workloads provides IT leaders with the tools to expand and contract their IT resources and shop their IT needs from a wide range of cloud providers, assuring executive management that their IT cost is competitive.

iBusiness Outcomes

Those who have deployed a Data Center Fabric are rewarded with favorable business outcome results. Cisco’s Data Center Fabric unifies network services, networking and storage plus computing through its Unified Network Services (UNS), Unified Fabric (UF) and Unified Computing System (UCS), respectively. Early adopters have benefited by viewing and procuring their data center assets from this unified holistic perspective versus compute, network and storage separately. For example, Kindred Healthcare saved approximately $6.6M on just cabling cost for a 1,000-server data center, thanks to its deployment of a Data Center Fabric. Additional operational savings was gained by a reduction in the number of management points the operations group has to manage too. To Kindred’s surprise and delight they noticed that the Data Center Fabric enabled different groups—the virtualization team, the network team, and the storage team—to work together as one on a common platform versus in silos; a huge help to hasten deployments especially as Kindred has been growing through acquisitions.

Other early adopters are Almaviva wine producers that saw its revenue increase 2 to 3%, thanks to its data center fabric deployment that also reduced its cabling and power consumption cost by 70% and 60%, respectively. Tutor Perini Corporation was able to reduce its device count and power consumption by 60% and 38%, respectively. Coca Cola was able to consolidate 80 servers down to four, plus reduced cabling 30 to 60%. Terremark saw a 30% improvement in application performance and server density increased by a factor of four. The Apollo Group, owner of the University of Phoenix and other educational properties, doubled the size of its network without an increase in IT staff, lowered per-port switching cost while increasing port volume and freed up several rows of space in its data centers. Avago Technologies, a manufacturer, accelerated batch processing by 30 to 40%, increased business flexibility and decreased operational cost by 40% while adding a third data center. CareCore National, a health benefit management concern, increased business agility by being able to launch new lines of business in just two weeks, down from six months. These iBusinesses’ benefits were gained, in large part through the insight and leadership of IT executives and their deployment of Cisco’s Data Center Fabric architecture.

Cisco has been investing heavily in its Data Center Fabric portfolio. It owns some 80% of the data center switching market and in just two short years, possesses the number three-market share ranking for x86 blade servers worldwide, behind HP and IBM, according to an IDC report released in May. Over the past quarter, Cisco has added to its UF portfolio with the new Nexus 3000, 5548 and 5596 switches. It has expanded its Fabric Extender (FEX) offering to include the adapter and VM FEX, a key technology in converged IO plus virtualization aware networking. To increase mobility of workloads, it has added IP address location independence with its OTV (Overlay Transport Virtualization) and LISP (Location ID/Separation Protocol) features to its Nexus Operating System. Fiber Channel over Ethernet (FCoE) can traverse more devices, thanks to a new director-class multihop FCoE feature available on the Nexus 7000 and MDS 9500. Data Center LANs, SANs and virtualization infrastructure can now be managed via a single pane of glass, thanks to the Cisco Data Center Network Manager. On the computing side, Cisco has expanded the UCS server portfolio with multiple form factors, including Blade and Rack-Mounted, and in the process, has broke three world performance records. Cisco has followed up that with a new set of I/O components for UCS, which was just announced on July 13th.

At the crossroads of the tech industry are two paths; one is a legacy approach of building data centers by acquiring compute, storage and networking gear separately with IT professionals integrating these components. The other road is one of vertically-integrated offerings of compute, storage and networking where IT professionals focus on automating business processes turning their corporation into an agile iBusiness. I advise choosing the latter.

Tweet

Cisco’s Nexus Operating System that runs on the Nexus switches and evolved from Cisco’s MDS SAN-OS is a fundamental building block of its Data Center Fabric. Berna Devrim, Senior Manager of Data Center and Virtualization Marketing at Cisco Systems, discusses the next generation of Nexus OS designed to address the biggest data center issues. These issues are virtualization scale and mobility, cloud spec scale, LAN and SAN convergence plus operational efficiency. This is one of the best audio podcast we’ve produced, so sit back listen, learn and enjoy.

Listen to the Podcast

Tweet

In November of 2010 Avaya launched its Virtual Enterprise Network Architecture or VENA, which describes its computer networking investment strategy and technology direction. VENA was designed for virtualized data center infrastructure but has been expanded to include campus and branch office networking. Dan DeBacker, Director of Data Solutions Architecture at Avaya discusses the unique attributes VENA possesses to meet today’s enterprise networking needs and the business outcomes its customers are gaining by its deployment.

Listen to the Podcast

Tweet

By Infoblox

Organizations of all sizes are transitioning to virtualization technology at a dramatically increasing rate. Conducted between September and December 2010, Gartner’s annual survey of 2,014 CIOs collectively responsible for $160 billion in IT spending in 50 countries across 38 industries found that “Currently, 3% of CIOs have the majority of IT running in the cloud or on SaaS technologies, but over the next four years CIOs expect this number to increase to 43%.” The motivation for adopting the new technology is enticing: increased flexibility, decreased workload for internal IT departments, faster access to on-the-fly infrastructure needs, increased worker productivity, and significant capex cost reductions. Despite this worldwide trend across all industries, most organizations will fail in the conversion process to these new technologies, thanks to complexity. This white paper explains how network automation calms complexity allowing IT business leaders to reap the rewards of dense virtualization deployment.

Get the White Paper

Tweet

by Force10 Networks

As data centers scale to support thousands of servers, IT managers are seeking better ways to network those servers while reducing costs and power consumption. Moreover, in large-scale data center cluster environments, inter-node communication bandwidth is increasingly becoming the main bottleneck. Compute nodes located across different physical switches may not have full bandwidth in a conventional hierarchical network design of interconnected switches. The solution is a distributed core architecture based on low-cost, high-capacity switches. This paper describes the use of Force10 Network’s® Z9000™ core switching system in a distributed core architecture to address these issues.

Get the White Paper

Tweet

By IBM

How are technology leaders helping their organizations adapt to the accelerating change and complexity that mark today’s competitive and
economic landscape? To find out, we spoke in person with 3,018 CIOs, spanning 71 countries and 18 industries. They shared how they are innovating with technology for organizational success. CIOs increasingly help their organizations cope with complexity by simplifying operations, business processes, products and services. To increase competitiveness, 83 percent of CIOs have visionary plans that include business intelligence and analytics, followed by mobility solutions (74 percent) and virtualization (68 percent). Since our 2009 Global CIO Study, cloud computing shot up in priority, selected by 45 percent more CIOs than before and leaping into a tie for fourth place with business process management (60 percent each). In this report, CIOs provide you insight in to both their challenges and opportunities from increasing complexity.

Get the White Paper

Tweet

By Cisco Systems

CareCore National, a health benefit management concern, increased business agility by being able to launch new lines of business in just two weeks, down from six months. This business benefits were gained, in large part through the insight and leadership of IT executives and their deployment of Cisco’s Data Center Fabric architecture. This white paper describes how the CareCore National achieved this transformation.

Get the White Paper

Tweet

By Cisco Systems

Avago Technologies is a manufacturer. Its IT business leaders accelerated batch processing by 30 to 40%, increased business flexibility and decreased operational cost by 40% while adding a third data center. This white paper describes how Avago Technologies achieved this transformation.

Get the White Paper

Tweet

By Cisco Systems

The Apollo Group, owner of the University of Phoenix and other educational properties doubled the size of its network without an increase in IT staff, lowered per-port switching cost while increasing port volume and freed up several rows of space in its data centers. This white paper describes how the Apollo Group achieved this transformation.

Get the White Paper

Tweet

By Cisco Systems

Consider how central and critical the capabilities that the network provides are to business goals. In all other areas of the company, business leaders look to strategic thinking and innovation to pull the company ahead of its competitors. Why should the network be any different? The allure of the tactical is always present in any business. A “good-enough-for-now” network may solve some of the problems of today, but does it set up businesses to solve the problems of tomorrow? When the network fails to adapt to the challenges of the future, the business follows the same path. Taking a strategic approach to the network is not just a good idea. It makes business sense. This white paper argues the strategic importance of the corporate network to achieving business objectives.

Get the White Paper

Tweet

Cisco has expanded it relationship with Fax over IP partner Sagemcom by integrating its XMediusFAX into Cisco’s Unity Connection and Cisco Unified Communication Manager (CUCM ) in its 8.0 update. Further, at Cisco Live in Las Vegas, the two announced interoperability testing with Cisco UCS Express (SRE-V). John Nikolopoulos, Marketing and Product Management Director at Sagemcom, discusses Sagemcom’s deepening relationship with Cisco and what it means to IT business leaders who manage branch office networks and communications.

Listen to the Podcast

Tweet

In the quest to build a data center network that is flat, fast and fault tolerant, the networking industry has served up a new two-tier architecture made up of Top-of-Rack or ToR server connecting switches and highly dense Core switches. Core switches connect ToR devices. The key question is how best to provide switch connectivity to deliver a lossless, high performance, low latency fabric that supports virtualization mobility. The answer is found in Multi-Chassis Link Aggregation Group or MC-LAG, Transparent Interconnection of Lots of Links or TRILL and/or Shortest Path Bridging (SPB). Dhritiman Dasgupta, Director of Product Marketing for Fabric and Switching Technologies at Juniper Networks, discusses its QFabric approach and why TRILL’s hair pinning method to inter-VLAN routing is a poor approach. It’s a fascinating discussion that you have to listen to. You can also download a white paper on this topic here.

Listen to the Podcast

Tweet

Eric Murray, Senior Network Engineer at Kindred Healthcare, and Ashish Shah, Senior Product Manager, Data Center Switching Technology Group at Cisco Systems, discuss the value gain of data center convergence or a single Ethernet fabric to support IP datagram and storage traffic. In this podcast, Eric Murray shares his experience of deploying a converged data center while Ashish explains Cisco’s end-to-end Data Center LAN/SAN consolidation strategy. This is a fascinating discussion of data center network design with cost and benefit trade-offs. In short, Kindred Healthcare has saved many millions of dollars in capital spend plus operational cost, thanks to a reduction in the number of management points.

Listen to the Podcast

Tweet

Cisco is the only large vertical IT supplier with compute, storage and deep networking capabilities making its data center offering unique. It’s Unified Network Services or UNS, Unified Computing System or UCS, Unified Fabric and policy based management make up the Cisco Data Center Fabric. In this Lippis Report podcast I talk with Shashi Kiran; Director of Market Management for Data Center/Virtualization at Cisco Systems about the vision and strategy of Cisco’s Data Center Fabric and the value its customers are gaining from its use.

Watch the Video

Tweet

Being close to customers has proven to be a good strategy over the past business cycle as IT business leaders have invested in their branch offices. New customer-based applications continue to be added at the branch level expanding revenue generating opportunities while at the same time video communications have increased significantly for both client and employee interactions. In addition to corporate applications and video, internet access and cloud-based applications have boomed too over the past business cycle thanks to smartphones and mobile tablets connected to local branch Wireless Local Area Networks or WLANs. All of this would be fine if for not one issue…all application and communication traffic is being forced to backhaul over the same (wide area network) WAN/VPN to either connect to corporate data centers, public clouds or the internet. In this Lippis Report Research Note, we explore a new cloud-enabled branch office strategy from Cisco that’s simple, eliminates backhauling of internet-bound traffic while increasing security, visibility and management. What’s fascinating about this new approach is that the Return on Investment or ROI is very short as it’s paid by WAN arbitrage.

Branch office WANs are usually based upon Metro Ethernet, MPLS, frame relay networking, etc. Integrated services routers such as Cisco’s ISR G2 dominate the market and provide a range of services in one hardware platform, including routing, switching, WLAN, unified communications, an application development environment, UCS platform, firewall, IPS, VPN, etc. IT business managers have come to see the ISR as a branch IT platform where they can enable multiple sets of functionality to simplify management plus maintenance and extend that functionality over time.

And extend functionality they have. Branch office networking is being equipped with a wide range of corporate applications, IP-based voice and video communications plus internet access and increasingly cloud-based applications. Most, if not all, of the traffic associated with these applications flow over the WAN to a data center where corporate applications and IP voice and video communications are routed to their respective corporate servers. Traffic flows bound to the internet and cloud providers are routed to the corporate firewall to perform policy and/or security control then off to the internet, all of which is expensive and adds latency.

Keep in mind upload versus download speeds. A small query from an iPhone, iPad or Android-based device connected to a branch WLAN will send a small message to a server over the internet which usually responds with more than ten times the amount of downstream traffic, most of which flows over the data center internet access link and branch office WAN. As mobile cloud computing has expanded significantly over the past eighteen months so has its consumption of branch WAN and data center Internet access bandwidth. At the same time, video communications has been added to branch offices for a wide range of purposes, including real-time video content, Telepresence meetings between employees plus employees and customers, employee training, making content experts available to customers, etc. The combination of all these flows over the branch office WAN is forcing many IT leaders to either increase WAN plus their data center internet access bandwidth, or prioritize applications and do without.

Cloud-Enabled Branch Office

A new option is now available that does not require any new hardware, either in the branch office or data center. This new option is called the cloud-enabled branch office. This strategy separates internet-bound traffic from corporate applications and internal communications. Separating internet-bound traffic at the branch level eliminates this traffic from flowing over the WAN and consuming data center Internet access bandwidth. This separation of traffic provides more WAN bandwidth for corporate applications and communications, which is sorely needed in most enterprises as video to the branch has become a requirement. With increased WAN bandwidth for video too, lower latency should be observed, increasing user video experience.

The cloud-enabled branch office approach not only increases WAN and data center internet access bandwidth by re-directing internet- and cloud-bound traffic to local internet access, but in the process solves a lingering issue with which most IT leaders have been struggling and that is inconsistent and complex branch office web security solutions. In addition, Cisco’s approach offers a quick and easy deployment model for cloud-based web policy and security to protect against zero-day threats with no impact to ISR router performance.

Traditionally, IT teams had the choice to backhaul all traffic to a central point to filter and secure, or to deploy additional web security hardware at each location. These options can add additional latency and have inconsistent policy enforcement as well as vastly increased management and maintenance overheads. Cisco ISR Web Security offers the ability to deploy and enforce centralized policy and security across a distributed enterprise; avoiding the cost and complexity of backhauling traffic while minimizing management overhead.

Cisco’s ISR Web Security with Cisco ScanSafe

Cisco is approaching the cloud-enabled branch office solution by integrating its ISR Web Security solution and ScanSafe into IOS for the ISG G2. IT leaders who own and run branch office networks with ISR G2s can cloud enable them with a software update. Additional Command Language Interface or CLI commands cloud enables the branches plus provides authentication and centralized identity services.

Cisco ISR Web Security with Cisco ScanSafe integrates into authentication services, such as Active Directory, to enable branch offices to enforce granular security and control policy protecting branch office users from malware. ScanSafe provides centralized management and reporting controls for web content/url filtering. This provides one management point for policy, reporting, maintenance and management. That is a global view provided to IT operations with the ability to make changes of policy, etc., that are implemented globally from a centralized location.

By cloud enabling the branch office, backhaul bandwidth related to internet traffic can be eliminated from the WAN, which reduces cost and provides a higher web performance experience. For multinationals with thousands to tens of thousands of branch offices around the world, the backhaul reduction plus centralized management, maintenance, policy definition and control of web traffic afforded by ISR Web Security and ScanSafe reduces complexity and saves operational cost.

Another way to view this option is the backhaul reduction potentially postpones a WAN and data center internet access upgrade, which funds cloud-enabled branch office activation. A calculation of this trade off and its potential cost savings is advised. The larger the number of branch offices, the shorter the ROI and the larger the potential savings.

Cloud-enabled Branch Office Solution Evolution

From the above, it’s clear that Cisco is enabling ScanSafe via its ISR G2 offering as part of its cloud-enabled branch strategy. ISR G2 customers will benefit from Cisco’s ability to inject new cloud-based services into the ISG G2 platform. This approach to add value extends existing ISR G2 investment. With the ISR G2 integrating networking, communications, security plus computing, it’s expected that additional features and functions will be added through software upgrades such as the cloud-enabled branch. Look for interesting management advantages in the coming quarters.

With cloud-enabled branch office networking, employees can access the internet and cloud services without backhauling. In addition, ScanSafe delivers a range of security features that mitigates threats plus provides IT leaders with centralized control and policy definition.

As enterprises increasingly utilize mobile and cloud computing, the cloud-enabled branch office affords IT business leaders an approach to do so securely. For example, a major benefit of cloud computing is the reduction of in-house application development as IT leaders seek to augment their application portfolio mix with cloud-based applications. Therefore, armed with a method to increase the use of cloud computing at the branch office level, IT business leaders will find new flexibility in branch office application delivery. In short, the cloud-enabled branch office provides an IT deployment model for IT leaders that allow cloud services to be deployed with centralized policy definition and control plus management.

Tweet

IBM’s System Networking is focused upon creating an interconnect fabric/System Network within data centers upon which servers and storage rely upon to deliver IT applications. IBM recently formed IBM System Networking that includes BNT along with partnerships of Cisco Brocade, Juniper and Mellanox plus its management solutions of Tivoli. Vikram Mehta, Vice President IBM System Networking is my guest as we discuss IBM’s expanding role in System Networking.

Watch the Video

Tweet

by Infoblox

By all accounts, 2011 is the year that we exhausted all available public IPv4 addresses. It was also the year that the clock started ticking on your adoption of IPv6. Like it or not, the transition to IPv6 will happen in your organization. How that transition should occur is a question we sought to answer as we spoke with engineers and IT professionals who have deployed IPv6 from across the globe. In those conversations and in our research, we discerned a rational action plan for deploying IPv6 and specific threats and challenges any practitioner will face when rolling out the new addressing scheme. In this white paper, we detail best practices for IPv6 deployment.

Get the White Paper

Tweet

by Force10 Networks

Cloud computing is an emerging computing model that promises a new era of flexibility and control in providing data center resources. In the cloud model, data center managers can mix and match computing, storage, and networking resources to provide an agile and highly flexible resource for customer applications. To realize the full potential, this paradigm requires open, standardized interfaces between data center layers of compute resources, the network, and storage elements. While the industry has moved toward open computing and storage layers over the past few years, networking has remained largely proprietary. Force10’s Open Cloud NetworkingSM framework is intended to unlock the network layer so data center operators can get the most out of their data center architectures and, in turn, get the most out of their cloud deployments.

Get the White Paper

Tweet

by Cisco Systems

Cloud computing is gaining customer attention at a fascinating pace. An Infonetics research report published in early 2011 noted a significant increase in customers’ interest in cloud computing between 2009 and 2010—most of respondents indicated interest in 2010, up from only 10% in 2009. Many studies have concluded that software as a service (SaaS) and infrastructure as a service (IaaS) are leading the way in adopting cloud computing. Meanwhile according to an April 2011 Forrester report, the third largest cloud category, platform as a service (PaaS) is predicted to surpass IaaS to become the second largest cloud category by 2014. But according to Forrester, security is one of the top barriers to cloud computing. This white paper details an approach to secure cloud computing to mitigate threats and increase its adoption.

Get the White Paper

Tweet

Force10 introduced a disruptive set of products to address the new cloud networking market driven by massive virtualization and cloud spec scale data centers. First its new Z9000 Distributed Core System promises to be 1/10th the footprint, at 1/5th the price and 1/20th the power consumption of other core switches. The Z9000 is 32x40GbE or 128x10GbE platform where multiple Z9000s are connected via an open distributed core supporting up to 24,000 10GbE server links. In addition, Force10 introduced a next generation ToR switch, the S7000 that supports 40x10GbE, 12×2/4/8G FC plus 4x40GbE combining networking, storage and Open Cloud Applications. Arpit Joshipura, Chief Marketing Officer at Force10 Networks, discusses Force10’s Open Cloud Networking products and strategy, and the new design options they afford to IT architects.

Listen to the Podcast

Tweet

Extreme Networks has added to its Extreme Open Fabric cloud networking portfolio by introducing a unique 10/40GbE ToR switch in its Summit X670; an ultra low latency switch thanks to a PHY-less design and cut-through switching. For the core, the new BlackDiamond X8 is a massive core switch built for virtualized infrastructure. It boasts 192x40GbE or 768 10GbE ports, 5 Watts/10GbE port power consumption, 128K VMs, high reliability and compact size being only one-third of a rack or 14.5 RUs. In this Lippis Report podcast, I talk with Shehzad Merchant, VP of Technology at Extreme Networks, about Extreme’s new cloud networking products and the architecture it now offers to IT architects and designers.

Listen to the Podcast

Tweet

IBM’s System Networking is focused upon creating an interconnect fabric/System Network within data centers upon which servers and storage rely upon to deliver IT applications. IBM recently formed IBM System Networking that includes BNT along with partnerships of Cisco, Brocade, Juniper and Mellanox plus its management solutions of Tivoli. Vikram Mehta, Vice President, IBM System Networking, is my guest as we discuss IBM’s expanding role in System Networking.

Listen to the Podcast

Tweet

Email not displaying correctly? View it in your browser. The Open Cloud: The Nexus Between Open Source and Cloud Computing The next wave of cloud computing’s growth will be fueled by the growth of open-source software. From Eucalyptus to Openstack, and OpenNebula to Nimbus, open-source is growing in importance at all layers of the cloud compute stack. Today’s CIOs see open-source as a viable alternative to proprietary software both in their own data center as well as in the public-cloud and hybrid cloud environments. In order to learn about the increasingly important nexus between open-source and the cloud, please join GigaOM Pro and Rackspace for a free one hour analyst roundtable on June 15 at 10 a.m. PDT. We’ve assembled a panel of cloud experts, including: Paul Miller, Cloud Curator, GigaOM Pro – Moderator Nick Lippis, CEO/Industry Analyst/Consultant, Lippis Enterprises Inc. Derrick Harris, Infrastructure Curator, GigaOM Network Jonathan Bryce, Co-Founder, The Rackspace Cloud Some of the questions we’ll discuss include: How open source fits within the public and private cloud environments The potential benefits of utilizing open-source within cloud environments The relationship between open-source and cloud-computing standards Are there downsides to going with non-proprietary solutions? How to prepare your business to transition to an open-source cloud environment  Who should attend: CIOs IT decision makers Cloud platform providers Service provider executives Enterprise software and technology vendors This free webinar, hosted by GigaOM Pro and our sponsor, Rackspace, will take place Wednesday, June 15, 2011 at 10 a.m. PDT. Register today to get a glimpse into The Open Cloud. The Open Cloud Register here to attend the upcoming GigaOM Pro webinar, sponsored by Rackspace.

View the Presentation

Tweet

In Lippis Report 172, I mentioned three huge trends that are starting to interact with each other creating a perfect storm that is gripping the tech industry. One of those trends is the creation of a software ecosystem in the networking market, thanks to the Clean Slate program out of Stanford University that has spawned the Software Defined Network (SDN) initiative and open controller protocol called OpenFlow. I spent a week in the Valley talking to people at Stanford and many industry executives from Cisco, Juniper, Marvell, Big Switch, Nicira, Arista, IBM and others. In this Lippis Report Research Note, I share with you what I learned. OpenFlow-based SDN is being both hyped and in its current state, limited, but it does represent a new paradigm that has the industry abuzz, filled with possibilities.

Centralized Controller Model

OpenFlow is a protocol, or API, that modifies forwarding tables in network switches. It sits between a switch and controller. The controller can run on a centralized computer/server that has an Über view of the network and its topology. When a packet enters a switch and the forwarding table does not contain a path for the packet, it’s passed to the controller. The controller then searches the packet’s destination address and defines a table entry with associated attributes to create a path through the network, which the packet and subsequent packets are to follow. The controller then sends a message to each switch in the path the packet will traverse via the switch’s OpenFlow API, which modifies the switch’s forwarding table. Every subsequent packet with the same destination address will then be forwarded based upon this table in cut-through mode. The first store-and-forward stage takes about 50ms; yes, a long time, but it can be significantly shortened. Subsequent packets being forwarded in cut-through mode travel at switch latency, which for 10GbE Top-of-Rack (ToR) switches is between 500ns and a few microseconds.

Now this search method is a bit controversial as some claim that all that the controller needs is a large TCAM to compute the table flow. Some worry that a Cartesian explosion may occur, corrupting the calculation, but this is an engineering problem with an engineering solution, perhaps via multi-staging the flow tables.

This centralized controller model can scale as has been proven in distributed computing models used by all the major cloud providers. An example at Stanford demonstrated that a network of 35,000 PCs with approximately 2,000 switches generated 15 to 20k flows/sec. A controller can support 2M flows/sec at half a 2007 PC processor capacity. Further, modern 48-port ToR switches can request 100s of flows/sec with controllers supporting 2M flows/sec, which means that a single controller can support 10s of thousands of ToR switches. In short, a centralized controller-based OpenFlow SDN can theoretically scale.

How an OpenFlow SDN Is Different Than Today’s Network Architecture

The above model departs significantly from today’s network architecture in a few key ways. First there is the concept of a centralized controller(s) versus a distributed packet forwarding architecture based upon topology discovery. There may be separate links for control and data plane communications, which would also be a significant departure from today’s single physical network that supports both control information and data forwarding. There is no layer 2 and 3 construct in an OpenFlow SDN, which has been the semantics of computer networking over the past twenty plus years.

Software Defined Network Ecosystem

Further, on top of the controller is another API, yet to be fully defined, that enables application developers to write network applications without knowledge of the underlying network structure. In short, the API abstracts the network, allowing the programmer to focus on what she/he needs to accomplish versus how to configure the network to comply. The creation of a software ecosystem creates the possibility of a new network paradigm where low cost Asian switches populated with SDN software force an economic collapse of the existing network market. While this is highly unlikely, it does warrant careful observation and mitigation planning on the part of established vendors.

An OpenFlow SDN offers significant differences, which is why there is such excitement surrounding OpenFlow. The genius of the approach is the separation of data and control plain so that SOA-based application developers and researchers can layer applications onto the network, injecting innovation at speed via a software ecosystem. Further centralized controller-based networks such as the national cellular network plus dense compute management have proven to reduce operational cost and increase control in complex systems.

There is an industry group called the Open Network Foundation, or ONF, that is promoting the use and interoperability of OpenFlow SDN enabled switches. The above OpenFlow SDN example is primarily an academic description as OpenFlow is well regarded as the leading open implementation to date for providing SDNs within the research community. But there will be many networking concerns introducing controllers that reside in the switch. Further, the definition of a controller is a bit vague as some define it as a network operating system, such as Cisco’s IOS or NX-OS, Juniper’s JUNOs, Arista’s EOS, etc., while others define it as a management entity, performing configuration changes. But before we dive into this, let me explain a few problems that an OpenFlow SDN may solve.

Innovation at Speed: The institutions that were created to assure interoperability and inject innovation into our industry have become too cumbersome and slow such that networking has fallen behind compute and storage advances. The way innovation is injected into networking today is that a proposal is made to a standards group, such as the IETF, IEEE, etc., and all interested parties compete for the best ideas or technical advantage. This process can take a few years just to modify a few bits in the header of a packet. Then, once the standard is completed, companies build to it, which can take another eighteen to twenty-four months. This approach is not serving the industry any longer, and there needs to a more rapid way to inject innovation. An OpenFlow SDN promises such an approach where applications can be added to the network rapidly, thanks to the abstraction of layer 2 and 3 forwarding.

Traffic Engineering: Fine-grained traffic engineering utilizing a variety of forwarding actions is an application that service providers and enterprises seek to optimize application performance.

Tagging vs. Table Manipulation: There is much agreement in the industry that the network has become too ridged in virtualized data centers, restricting the movement of VMs between racks, data centers, etc. Further, as appliances such as firewalls, load balancers, IPS, etc., have become virtualized, there needs to be a method to steer traffic to them to service an application. The industry has responded to this by proposing the placing of tags on packets to guide its path to the right VM, appliance. An OpenFlow SDN implementation could simply modify switch-forwarding tables to guide the application through a chain of appliances mitigating tagging and offering applications appliance servicing within highly virtualized infrastructures.

The Real World

An OpenFlow SDN is new, and it’s unrealistic to think that it’s without challenges; here are some OpenFlow challenges.

Trust: The single largest issue an OpenFlow SDN has is trust. Will IT business leaders trust it within their networks, especially their data center? If a controller is sourced from a new company, how comfortable will the IT team be that it’s modifying switch-forwarding tables? How many controllers are needed for a particular load? What will the support model be? How complicated will it be to manage multiple controllers?

Interoperability: The current construct of OpenFlow requires knowledge of the switch’s hardware semantics of L2/L3/VLAN architecture; therefore, each controller implementation may be different and thus unclear how controller interoperability is achieved. Further, it’s unclear how applications written for one controller will work on another.

Network Stability: This issue may be linked with trust, but it’s unclear why a third-party controller should search packets to define a path through the network topology. Rather, why not use existing network operating systems for what they are good at– topology discovery, etc.–so that IT business leaders are more comfortable running OpenFlow-based SDN applications on top of a stable network. In short, will OpenFlow controllers introduce instability?

Controller Placement: If we take the definition of a controller to include existing network operating systems, then there will be both distributed and centralized controllers within a network. From a design point of view, how does an IT architect approach distributed versus centralized controllers and what are the trade-offs?

It’s unfair to expect that a new approach to networking would have the above issues all sorted out before deployment. These are not barriers to entry but rather challenges that the OpenFlow SDN community will work on over the next one to two business cycles. Let me be clear…OpenFlow-based SDN is a very big deal and is being embraced by all vendors including established firms and start-ups. What is driving most companies is the promise of a software ecosystem to inject innovation and value into their network products.

Established firms will support OpenFlow SDN via OpenFlow client reference implementation within their switches but will add proprietary extensions that differentiate their OpenFlow version from others. Cisco, Juniper, Arista, et al, will differentiate based upon how much of their network operating system they expose. Established firms should have an advantage over smaller ones in attracting software developers as their installed base is much larger.

New companies such as Big Switch Networks and Nicira will focus on solving particular problems in the data center, service provider and enterprise network that existing layer 2/3 networks either don’t solve or don’t solve easily. Virtualization of both servers and desktop are two prime areas, and I expect a suite of SDN Virtualized Applications to emerge from these firms and others.

The service provider market is perhaps the biggest OpenFlow SDN winner as early experiments have shown that the existing three-tier service provider architecture of packet switching, optical core and edge may shrink over time to just two, thanks to traffic management applications.

OpenFlow SDN has successfully introduced the concept of controller-based networking and the controller market. OpenFlow 1.1 is in standardization process and once completed, will be the first defined open controller API to communicate between network and controller, offering greater control of cloud network resources and management. But perhaps the greatest contribution an OpenFlow SDN will offer is the potential to usher in a wave of fast-paced innovation not seen before in the networking industry.

Tweet

By Evangelyze Communications, LLC

With a broad series of new Unified Communications (UC) and collaboration offerings by Avaya and Microsoft, IT organizations have been prompted to evaluate their UC strategy. Microsoft promises to lower the overall Total Cost of Ownership (TCO) of a UC platform by leveraging an all-encompassing software powered communications environment integrated with its Microsoft Office™ suite through the release of Microsoft Lync, while Avaya introduces its newly released UC platform through Avaya Aura.

The purpose of this whitepaper is to clearly identify the comparisons between both provider’s UC offerings through a process of evaluating value that matter to IT organizations in selecting the right UC platform.

Get the White Paper

Tweet

By Robin Gareiss Nemertes Research

Although line shipments for IP telephony have outstripped TDM for some time, many organizations have not yet fully replaced their TDM phones. In fact, only 17% of companies have fully deployed the technology, and the bulk of those are small and midsize businesses. Larger organizations have rolled out the technology in a spotty manner where the TDM system is end-of-life, or other tactical reasons. IT organizations are evaluating the economics, plus desktop IP phones investment when people increasingly rely on mobile devices and soft clients.

Many others are re-evaluating the market as they solidify unified-communications plans and once again contemplate go-forward strategy for IPT. Will they use the same vendor(s)? Will they shift to a hosted- or managed-services model? And what is the true business case? Understanding the true costs is crucial to a successful business case—and a cost-effective implementation.

Get the White Paper

Tweet

By Juniper Networks

Juniper Networks has a long history of supporting industry standards that are mature and enable customers to effectively solve their networking problems. Therefore, before jumping on the Transparent Interconnection of Lots of Links (TRILL) bandwagon, Juniper took a close look at how the protocol proposes to solve the fundamental issues plaguing the data center, specifically as they relate to connecting infrastructure designed for cloud computing. This white paper outlines the results of those reviews and presents Juniper’s conclusions about TRILL.

Get the White Paper

Tweet

In the world of High-Frequency Trading (HFT), opportunities exist only fleetingly and therefore trading solutions must run at the lowest latency to be competitive. Low-latency 10 Gigabit Ethernet has become the interconnect of choice for HFT solutions. IBM® and Mellanox® have demonstrated a solution that performs at high throughput rates and low latency to facilitate High-Frequency Trading solutions.

Get the White Paper

Tweet

This paper revisits the benefits of centralized 802.11n wireless LAN networks and describes the case for transforming the controller-based architecture to match market needs. Centralization of wireless LANs (WLANs) delivers networks that are easy to deploy, scale, and manage. A local-mode controller-based campus environment delivers increased device scalability and an interactive multimedia experience coupled with enhanced policy to manage the full range of mobile devices. A controller-based deployment using FlexConnect technology enables multisite, lean branches to manage the increased scale of deployments without additional increase in operational complexity.

Get the White Paper

Tweet

Three strong trends are taking shape that are so powerful they threaten the status quo of the networking industry. These trends are more like storms than new markets; in fact they represent a major industry discontinuity. The first storm is happening now and is represented by merchant silicon for 10 and 40 GbE chips lowering the barrier of entry for new entrants in the Ethernet switch market. The second storm is much weaker but promises to be just as big, or bigger, than the first. This second storm is the creation of a software ecosystem in the networking industry, thanks to initiatives such as Software Defined Networks (SDN), OpenFlow, Arista Network’s EOS Central, etc. The third storm is the paradigm shift in enterprise IT spending thanks to mobile and cloud computing. These three storms are starting to interact and feed upon each other, forming a perfect storm in the networking industry. The perfect storm is already doing damage, as all major IT firms position product portfolios to navigate through it and prepare for its aftermath of making existing networking legacy.

IBM, for example, sees the perfect storm as an opportunity to optimize performance of IBM systems for new and emerging workloads like cloud computing and analytics that require instant access to information by investing in networking. In this Lippis Report Research Note, we focus on IBM’s networking strategy and analyze its potential impact.

IBM created the System Networking group to organize its network resources and execute its strategy. It’s a strategy to implement a data center fabric that ushers in a smart compute model that federates storage, compute, memory and I/O into pools of resources that are brought together to meet business requirements. It recently acquired BLADE Network Technologies (BNT), which produces blade and Top of Rack (ToR) data center switching gear, network-aware virtualization technology, load-balancing and management software. From an organizational point of view, IBM System Networking includes BNT and an IBM group that used to be called Data Center Networking that possesses Fiber Channel and InfiniBand assets. System Networking also maintains working relationships with networking leaders such as Brocade, Cisco, Juniper Systems and Mellanox.

IBM has been selling system networking solutions with its servers and storage offerings for decades. Systems and networking are now more interconnected, making it important to continue partnering with core networking providers like Brocade, Cisco and Juniper while enabling closer connections with IBM servers by increased investment in systems networking technology.

But why did IBM enter the System Networking business and why now? In short, IBM executives saw an opportunity to gain control of a critical data center asset, address customer needs, and add a key component to deliver on its vision of Smarter Computing. From discussions with IBM executives, they stress common concerns of their largest data center customers, which have propelled IBM into the System Networking business. Clearly, Cisco’s launch of Unified Computing System or UCS and the forecasted perfect storm also factor heavily into IBM’s calculus. IBM is hearing demand and seeing a shift in the networking industry that has opened a door for it to be a leader in data center enterprise networking, or System Networking, as IBM now calls it.

Cloud Spec Scale

The largest data center customers are implementing cloud spec facilities that are boosting up their infrastructure spend and deployment by an order of magnitude in many cases. Yes, that’s ten times the size of their normal data centers. This scale has created unique problems that challenge linear approaches and are focusing IT business managers to seek alternative solutions to scale.

The old model of increasing capacity of memory, compute, I/O, and storage, etc., by acquiring more servers does not work any longer. IBM seeks to solve this scale problem with Smarter Computing that delivers elastic services to federate a pool of resources that are brought together to meet business needs for Big Data analytics and private and public clouds. Resources could be memory, I/O, compute or storage. The goal is to bring together the right proportion of resources to solve a particular workload.

Why Networking Is Important to IBM

To deliver on Smarter Computing, IBM realized that to offer a federated pool of resources, it needs a network fabric that connects these assets, and thus this is what System Networking is all about. IBM let other industry players connect high-density blade and rack system with their network gear. This left IBM out of the innovation loop and control allowing others to set the rate and pace of network innovation.

The need to own the network and provide IT business leaders with vertical IT expertise has become apparent. If the data center rack is the new computer, and multiple racks are the new super pod, how does a supplier make this system look and feel like one large computer? It all starts with connecting these elements together in a very smart fashion using physical connections and software to orchestrate resources and infrastructure simpler than today’s approach.

How can IBM make dense IT infrastructure simpler to deploy and manage as its largest customers deploy ten times more infrastructure? Most IT business leaders translate this into the need for rack infrastructure management, configuration management, and database technology to keep track of IT assets, etc. While IBM has director and utility tools, System Networking is a critical component of Smarter Computing. IBM executive management figured that System Networking will play an even more important role in solving new IT business leader requirements that include simplifying massive amounts of IT infrastructure installation and orchestration, be it physical or virtual.

At the high end of the enterprise computing market, IT business leaders are acquiring IT assets like airlines buy airplanes and hotel builders buy property. Both airlines and hospitality concerns worry about the same thing: use or occupancy rate management. Airlines want to ensure that they have the right size aircraft for a particular flight route so that few, if any, seats are left empty.

As IT business leaders scale up their data centers to cloud spec, thanks to IT service demand, how do they ensure that the capacity acquired is effectively utilized and not over or under designed? Most, if not all, IT business leaders have embraced server virtualization as the key technology affording efficiency gain.

Without System Networking, IBM management realized that it was unable to address IT business leaders’ full virtualization requirements. The data center network needs to be virtual machine aware. In fact, this is one of the biggest reasons why IBM acquired BNT as IBM needed BNT’s network virtualization expertise.

More Business Goes Online

The reason why IT business leaders are deploying so much more infrastructure is that more of their business is going online. Just think about your average day. When communicating to each other we text, email, VoIP and videoconference. When you want to go see a movie, you book it online. You bank online. You pay your bills online. You trade stock online. You make airline reservations online. You read news online, your photos are stored online, office productivity tools are online, etc. As more and more business goes online, the scale of IT infrastructure needed increases.

In addition to more business going online, IBM’s big analytics business needed networking too to be first class. IT business leaders are putting in place more analytic systems, decision support systems and data warehousing systems so they can mine their depositories of vast amount of information that they have about customers, business, products, competitors and supply chain, etc., so they can make smart important business decisions.

This is why data warehousing, data mining, smart analytics or solving the big data equation is so important to IBM. This is why IBM acquired Netezza. Now, what is the difference between a good data warehousing engine and a great one? The answer: how fast data can be transported to and from the analytic engine, or how fast is the network. For IBM to be a successful player in smart analytics and be recognized as the clear leader in this large and very important market, it realized that it needed to be in the networking business.

Controlling TCO at Scale

As data centers have been scaling up, so too has Total Cost of Ownership or TCO. For every dollar that CFOs spend on servers and storage, they spend between 15 and 25 cents on networking. IBM is not able to control a customer’s TCO as it has no control over 15 to 25% of the IT budget. Therefore, how could IBM profess to solve the TCO equation when it can’t provide a credible solution to 15 to 25% of the TCO problem? IBM needed to have a voice and solution for TCO, thus this too factored into its thinking of re-entering the networking industry.

The change in IT buying requirements is the first of three storms that IBM saw as IT business leaders are building private clouds and experiencing scale issues associated with them. Data center buying criteria is changing as scale, density, deployment, orchestration management, efficiency and utilization, security, being able to extract meaningful decision support information out of information repositories, as well as cost of ownership become high priority items. The merchant silicon storm stirred up by companies such as Broadcom and Fulcrum Microsystems got IBM’s attention. IBM got a close up look at this storm, as BNT built its new ToR switches with Broadcom’s Trident-1 10GbE and 40GbE chips and decided to invest by acquisition. It was these two storms and its forecast of a third in the creation of a network software ecosystem emerging that in the end tipped IBM’s hand and led it into the data center system networking industry, or System Networking, as IBM now calls it.

The New IBM

IBM realized that not having System Networking was a competitive disadvantage especially in its analytical systems business. There was an underlying reliance on the network that IBM didn’t control. IBM realized that System Networking is a strategic asset, and it needed to invest.

IBM is now a three-stack business with its platform business including compute, storage and networking, then software and lastly, services. Software is the biggest business followed by services, and then its platform business. Without networking, IBM’s business model was incomplete. How can you drive innovation in software and smart analytics, etc., and all the services to go around it, if you have one or two missing pieces in the platform equation?

Others to Follow

IBM is not the only large vertical IT player to beef up its networking business. Clearly there is HP, Oracle, IBM, Dell and Cisco. Cisco possesses a different portfolio mix than the others with its dense networking portfolio. HP, on the other hand, possesses approximately $2.5 billion worth of networking products/revenue, but lacks data center networking.

Consider Oracle and IBM—they are both focused on the data center. With Oracle’s recent acquisition of Sun, it too is viewing the perfect storm as an opportunity to enter the networking market. But the fundamental thing that is different about IBM is that it is singularly focused on the data center. This contrasts with Cisco’s network focus while HP strives to be the low cost alternative to Cisco, plus its huge consumer line of products, such as printing and personal computing. Dell, on the other hand, is focused on transitioning away from the personal computing market into higher margin businesses, networking being one of them.

What all of these firms are searching for is a new networking model to emerge, and the perfect storm may very well provide it. With low cost merchant silicon that competes with custom ASICs, network switching is fast, low latency, low power consuming and low cost. With software defined networking (SDN), a new software ecosystem could emerge that challenges established network services and in the process, starts an innovation race between established vendors and a new software industry. SDN is critical if a new networking model is to emerge as it could enable innovation that differentiates common merchant silicon-based network switches. In short, the perfect storm could enable the large IT vendors to leapfrog into a new system networking paradigm.

IBM has its work cut out for itself. BNT has expanded from Ethernet embedded blade server switches to ToR switches. IBM will enter the aggregation space with the implementation of technologies such as TRILL (Transparent Interconnection of Lots of Links) and 802.1Qbg, the Edge Virtual Bridging (EVB) standard that will seek to break the model of large centralized mainframe like modular switches. And, through partners such as Brocade, Cisco, Juniper and Mellanox, IBM System Networking offers a portfolio of Fibre Channel and Infiniband as well as Ethernet solutions, for servers and storage from network edge to core. IBM’s point is that if servers and storage can scale out then why can’t networking?

IBM is developing new networking products that it hopes would enable it to change the networking landscape and how people think of networking. It seems that IBM System Networking is working on a scale out networking model that allows IT business leaders to start smaller and expand as needed without large upfront capital outlays. It is looking to make networking a bit smarter.

IBM System Networking is focused on building what it calls “a scalable fabric,” which connects servers, storage and networking. Thus IBM advocates to keeping network intelligence close to servers and storage making its fabric fast, low cost, virtual and reliable.

Time will tell how successful IBM is in System Networking, but one thing is for sure, cloud computing has kicked up quite a perfect storm for it.

Tweet

By Juniper Networks

Today’s data center networks are under tremendous pressure. Not only are they growing geometrically to keep pace with rapidly escalating business demands, support new application architectures and virtualized environments, and improve the overall user experience, they are expected to do so more efficiently and more cost-effectively than ever before.

The problem lies in the fact that, while everything else in the data center (applications, storage, servers) has evolved over time, the network architecture itself has not. Rather than evolve, the data center network has instead become extremely complex. This
complexity prevents the network from scaling properly, restricting available resources and limiting the ability to virtualize the data center. The Juniper Networks 3-2-1 Data Center Network Architecture delivers a strategy for simplifying the data center by flattening the existing multilayer tree structure to improve overall performance as well as the user experience.

Get the White Paper

Tweet