Lippis Report 169: Making Sense of Data Center Switching Fabrics

March 28th, 2011

nicklippis.jpgIn the Lippis Report, we have discussed the fundamental changes shaping a new data center network architecture. These drivers are massive virtualization, a sea change in traffic patterns that are now dominated with east-west flows on top of existing north-south traffic, ultra low latency, the emergence of cloud spec data centers, etc. As a result, data center networking attributes are changing with requirements of traffic, steering in virtualized infrastructure, avoiding manual network changes as VMs move, removing oversubscription (thanks to spanning tree), streamlining network tiers to hasten east-west traffic flows, etc. The industry is responding to these changes and requirements with new approaches to data center networking, such as the Open Networking Foundation, Cisco’s FabricPath, Juniper’s QFabric, Brocade’s VCS, Avaya’s VENA, Nicira Networks’ network virtualization software, etc. In this Lippis Report Research Note, we explore a key technology to enabling two-tier network fabrics, and that’s link aggregation and its various approaches, including Multi-Chassis Link Aggregation Group, Transparent Interconnection of Lots of Links (TRILL) and Shortest Path Bridging (SPB).

Read the rest of this entry »

Lippis Report 168: Cisco Pulls All the Pieces of Its Network Security Program into One Architecture: SecureX

March 15th, 2011

nicklippis.jpgCisco recently launched its SecureX architecture that extends perimeter-based network security to secure modern IT, recognizing the huge growth in mobile and cloud computing. SecureX is a multi-layer architecture built upon Cisco’s AnyConnect client, its global footprint in real-time threat intelligence found in SIO (Security Intelligence Operation), Cisco TrustSec, including policy servers of NAC manager and server appliances, ASA firewall and the security enforcement features of its switches and routers. SecureX is an architecture to Cisco’s network security products and service to work together in an effort to create deeper defenses and contain exploit infestation if, and when, they occur. Fundamental to SecureX is the concept of “context aware” policy across the enterprise, including remote endpoint devices, centralized policy creation with distributed security device and network enforcement. SecureX provides for innovation injection points through APIs (Application Programming Interfaces) for management and SIEM or Security Information and Event Management. In this Lippis Report Research Note, we explore SecureX with a focus on how context increases defenses and keeps IT assets safer.

Read the rest of this entry »

Lippis Report 167: Alcatel-Lucent Jumps into the Data Center Switching Market with Its OmniSwitch 10K

February 28th, 2011

nicklippis.jpgThe data center switching market is heating up. To address the scale issues posed by mobile and cloud computing nearly every network vendor is launching its own version of a 10/40/100 GbE fabric to connect servers and storage to the internet. At the heart of this fabric is a two-tier (Fat-Tree) network made up of leaf/ToR and spine/Core switches. Here leafs connect servers and spines connect leafs while also being interconnected in a logical mesh. The protocols to create this logical mesh are based upon IS-IS link state routing, but each vendor is taking a unique approach with Cisco using its FastPath, Alcatel-Lucent and Avaya using SPB (802.1aq Shortest Path Bridging) while Brocade VDX is based upon TRILL (Transparent Interconnection of Lots of Links). Juniper recently announced QFabric but has not detailed what it’s using for logical meshing. At the center of new data center design are leaf and spine switches. In Lippis Report Research Note 166, we detailed the latest ToR switches. In this Lippis Report Research Note 167, we dive into performance and power consumption measurements plus the use of SPB of Alcatel-Lucent’s OmniSwitch 10K, a new entry into spine/core data center switching market.

Read the rest of this entry »

Lippis Report 166: A New Generation of Top-of-Rack Data Center 10GbE Switching Is Here

February 14th, 2011

nicklippis.jpgDuring December 6-10, 2010, the Lippis Report and Ixia conducted the industry’s first 10GbE data center switching evaluation of Top-of-Rack and Core Ethernet switches at the modern iSimCity lab in Santa Clara, CA. We evaluated Alcatel-Lucent’s OmniSwitch 10K, Arista’s 7504 Series Data Center Switch, BLADE Network Technologies’, an IBM Company, IBM BNT RackSwitch G8124 and IBM BNT RackSwitch G8264, Force10 Network’s S-Series S4810, Hitachi Cable’s Apresia 15000-64XL-PSR, Juniper Network’s EX Series EX8216 Ethernet Switch and Voltaire®’s Vantage™ 6048. We are conducting a second round of test scheduled for the week of April 4-8 at iSimCity, and it is open to all suppliers of 10GbE data center switching. We learned a lot about these products, both in the lab and out. In this Lippis Report Research Note, we dive into the Top-of-Rack 10GbE switches we tested as they represent a new generation of products that exhibit low power consumption, low latency, high performance and are all based upon new single chip designs from Broadcom, Marvell or Fulcrum Micro.

Read the rest of this entry »

Lippis Report 165: Network Security in a Virtualized World

January 31st, 2011

nicklippis.jpgThere are powerful market forces changing IT delivery. IT application delivery is becoming increasingly centralized thanks to data center server virtualization plus mobile and cloud computing. Desktops are being virtualized, too, thanks to network speeds that deliver low latency and high bandwidth, creating a thin client user experience that is indistinguishable from a thick client but at lower desktop management cost. One serious implication of this concentration of IT in data centers is that a new IT security model is needed as mobility brings greater threat exposure while virtualization changes traffic patterns and the rules of security appliance placement. In this Lippis Report Research Note, we present a new model for IT security in the virtualized mobile and cloud-computing era.

Read the rest of this entry »

Lippis Report 164: Cisco Builds a Modern Network Service Layer for Virtualized and Cloud Infrastructure

January 17th, 2011

nicklippis.jpgAny IT business leader knows that the single most important technology driving data center design change is server virtualization to the point that a virtual machine (VM) is now the data center building block. As server virtualization marches on until nearly every physical server has been virtualized, networking in a virtualized environment is being forced to fundamentally change too. By networking, I mean not only layer 2 and 3 forwarding but network services too, such as application controllers, WAN optimizes, firewalls, etc., which are fundamental for mission critical application performance, cost reduction and high application availability especially where service level agreements are required.

Read the rest of this entry »

Network Automation with the Force10 Open Automation Framework

Get the White Paper

January 17th, 2011

By Force10 Networks

Deriving a return on virtualization investments means deploying effective automation techniques that can simplify the virtualized environment while allowing a policy-based deployment model. While many network vendors have chosen a proprietary path to automate network changes, Force10’s approach is to utilize open and industry standard technologies based on the extensible and modular Force10 Operating System (FTOS), across a range of the heterogeneous Force10 switch and routers portfolio.

Find out how to automate network changes in virtualized infrastructure by downloading this white paper

XNV (ExtremeXOS Network Virtualization) Bringing Virtual Machine Lifecycle Management to the Network

Get the White Paper

January 17th, 2011

By Extreme Networks

Server virtualization brings with it a set of network operational challenges: from configuration challenges around Virtual Machine (VM) switching to managing virtual machine mobility, to providing VM location and inventory in the network. There are few tools available to the network administrator that provides visibility, control and insight into the VM environment until now. Extreme Networks® XNVTM provides network-level visibility and control of the server VM environment in a hypervisor-agnostic manner and without requiring any changes to the server virtualization operating environment.

Find out how by downloading this white paper:

Data Center Network Virtualization—the Final Frontier

Get the White Paper

January 17th, 2011

By BLADE Network Technologies, an IBM Company

Server virtualization brings both benefits and drawbacks to the data center: it can maximize underutilized resources and minimize infrastructure spending—but add complexity and administrative overhead for the network administrator. BLADE Network Technologies’ VMready™ software addresses this problem by automatically migrating network policies along with virtual machines as they migrate across different physical servers.

Find out how by downloading this white paper

IPv6 Endpoint Support without Changing Applications Using Stateless NAT 64

Get the White Paper

January 17th, 2011

By Cisco Systems

This two-page guide provides information on IPv6 client support without changing applications via using stateless NAT 64.

Learn about IPv6 endpoint support by downloading this guide.

Dual Stack Network

Get the White Paper

January 17th, 2011

By Cisco Systems

This two-page guide provides information on dual stack IPv4 and IPv6 implementations and its impact from client to network infrastructure.

Learn about dual stacking IPv4 and IPv6 by downloading this guide.

Reducing Network Tiers in Virtualized Infrastructure

Listen to the Podcast

January 17th, 2011

Shehzad MerchantA typical “non-virtualized” data center has three network layers, Top-of-Rack, End-of-Row and Core switches. But virtualized infrastructure adds two additional layers—the virtual switch and blade switch—raising the number of tiers from 3 to 5. This significantly increases latency plus the number of network elements within the data center resulting in increased data center management complexity. I talk with Shehzad Merchant, Senior Director for Strategy at Extreme Networks, about Extreme’s flattening approach to data center network fabric through its DirectAttach.

Lippis Report 163: A Multi-Vendor Security Management Approach via a Cisco SIEM Ecosystem

December 13th, 2010

nicklippis.jpgIn an effort to offer a multi-vendor SIEM (Security Information and Event Management) solution, Cisco is placing its SIEM product, CS-MARS, in end-of-life and in its place, offering the industry its first SIEM ecosystem. Cisco acquired MARS six years ago in December 2004. MARS provided traditional event management and security monitoring along with limited forensic capabilities and compliance reporting. But the market demanded a broader cross-vendor SIEM solution rather than a SIEM focused primarily on Cisco products. In response Cisco has launched a SIEM ecosystem to support deep event monitoring, forensics and compliance reporting across a heterogeneous enterprise network. IT has also expanded the role of its Cisco Security Manager or CSM to support policy management and troubleshooting across a wider range of Cisco products. In this Lippis Report Research Note, we examine the new distribution of security responsibilities that now stretch across Cisco CSM and its new SIEM ecosystem with an eye toward stronger defense of IT assets.

Read the rest of this entry »

Cisco 3Q10 Global Threat Report

Get the White Paper

December 13th, 2010

By Cisco Systems

Key Highlights

• 79% of clicks on “Here You Have” email occurred within the first three hours of the worm’s spread.
• During 3Q10, 7% of all Web malware encounters resulted from Google referrers, followed by Yahoo at 2%, Bing/MSN at 1% and Sina at 0.1%.
• Exploits targeted Sun Java increased from 5% of all Web malware encounters in July 2010 to 7% in September 2010.
• The Rustock Botnet was the highest occurring ROS event in 3Q10, at 21% of events handled during the report period.
• Peak Rustock activity occurred in late August 2010, declining in September 2010.

Download the report here