Internet Network Security Blog

For those who worry about things like which channel large groups of wireless access points are on, there hasn't been a lot to get excited about on the topic over the last couple of years. For most "smart WLAN systems", you put your faith in a murky channel selection algorithm, respect that the 2.4 GHz band only has three non-overlapping channels, and hope that the vendor built the right intelligence into the product set. That changes with ChannelFly, the new channel selection method from Ruckus that challenges tradition and promises big payoff for those willing to try the new magic.

Everyone in the wireless game knows that channels 1, 6, and 11 are safely spaced in the 2.4 Ghz band used by 802.11g and 11n, leaving each other alone from the perspective of adjacent-channel interference. This has been a fundamental tenant in designing networks from the days of manually-configured stand-alone access points, through today’s new sophisticated auto-channel systems that use various techniques to pick which frequencies that APs in a given area should be on. On occasion, a daring admin will go off of the reservation and use channels 1,4, 8, and 11 and swear that all is well with this combination, while those of us drawing spectral masks in our heads question the wisdom of playing with fire where channel edges are made to intentionally overlap by a smidgen. Then there’s the curious Meru single-channel architecture that is beyond explanation here. But for most of us, faithful adherence to the 1, 6, and 11 rule has been our motto and credo, and we’ve made it work in even the busiest environments. Or have we?

Until Ruckus’ ChannelFly feature set, controller-based WLANs have relied primarily on periodic off-channel scanning and simple noise and traffic instant-in-time measurements to see if there might be a better channel available in the range that the system is set up to use. The 1-6-11 mentality has permeated the market to the point where even top-tier vendors assume that it is the basic framework their deterministic RF management tools will use as they change in reaction to RF environmental conditions. ChannelFly challenges the conventional wisdom with a new bag of tricks and use of all channels that promises improved wireless capacity on the order of 25-100 % in congested environments.

Using what Ruckus describes as “a statistical adaptive channel selection technique”, ChannelFly says that an access point simply can’t make the best channel selection decision only on what it hears and senses. True and constant channel capacity testing is the secret ingredient in ChannelFly, and though I still have yet to fully understand the mechanics of it, I am impressed that Ruckus thinks so much of ChannelFly to invite users to allow all channels (not just 1, 6, and 11) to be selectable, thus making it a new day in this area. (I’ve dwelled on the 2.4 GHz band here, but ChannelFly also works in the more channel-rich 5 GHz spectrum as well.)

As I am not a Ruckus customer, I cannot comment on whether ChannelFly lives up to it’s billing as the next step in the evolution of the company’ patented BeamFlex antenna technology. But I do know that wireless environments are being lambasted by scads of new portable Wi-Fi capable devices that only support the 2.4 GHz band, thus making an already hostile spectrum even more contentious. If ChannelFly can really make things better in this increasingly performance-challenged territory, then existing Ruckus customers will greatly appreciate the free upgrade to supported access points, while those in the market for a WLAN solution will have something truly new to hear about for RF management.

At the time of publication, Ruckus has no business relationship with Lee Badman.

A new Infoblox-sponsored IPv6 Census conducted by the Measurement Factory reports a 1,900% increase in the percentage of zones under .com, .net and .org that support IPv6. Only 1.27% of the zones surveyed in 2010 supported the successor to Internet Protocol version 4 (IPv4), compared to today's 25.4%.

“That was beyond any of our expectations,” says Cricket Liu, GM of the Infoblox IPv6 Center of Excellence (Infoblox IPv6 Center of Excellence). While .com, .net and .org may be the best-known domains, there are hundreds of others, from top-level domains like GOV, EDU, MIL to more than 250 country-specific domains. “To get to 25% was completely unexpected to us.”

The huge increase is mainly attributed to Go Daddy, the world's largest domain registrar. “We didn't recognize that any one registrar could have that much impact,” says Liu. Without Go Daddy, the percentage of zones that support IPv6 more than doubled to just over 3%. The top three countries in IPv6 adoption are France, the U.S. and the Czech Republic, with three registrars driving the growth in France and the Czech Republic.

Each IPv4 or IPv6 address represents an IP resource such as a PC, tablet or smartphone used to access the Internet, a server hosting a Web site, or the web site itself. Demand for Internet addresses has been averaging 250 million per year, but the ongoing growth of mobile connections is expected to surge 11%, to 5.6 billion, this year, while the nascent machine-to-machine connectivity market is expected to add 25 billion connections by 2015. Demand has been outstripping the supply of 4.3 billion IPv4 addresses. Under its successor, IPv6 (128-bit), there are more than 340 undecillion addresses (340,000,000,000,000,000,000,000,000,000,000,000).

In addition to a virtually unlimited number of addresses, IPv6 can also increase Web application performance an average of 80%. It also provides directed data flows, simplified network configuration, support for new services and much tighter security. However the imminent end of IPv4 addresses hasn't been attracting much interest, according to a recent survey from Nemertes Research that found it's not even on the radar for almost 80% of respondents to the company's 2011-2012 benchmark, and 78% of the companies have no transition plan yet.

Liu attributes the massive growth to Go Daddy seeking a competitive advantage over other registrars, and expects many of them will now have to respond, which could drive next year's survey to more than 50% IPv6 support. He also says organizations don't have to adopt IPv6 in one great, costly leap. He recommends to focus first on providing IPv6 to the outside world and then work inward in stages. “Do this and deploying IPv6 will be relatively painless and prove to be a valuable long-term investment.”

See more on this topic by subscribing to Network Computing Pro Reports IPv6 Security: Problem Child Or Opportunity to Improve? (free, registration required).

For the price of an external hard drive or a printer, you can get a complete branch office network from Aerohive Networks. We're talking wired and wireless networking here. Granted, the branch that can be serviced for under a hundred bucks is a small one, but the story is still quite interesting as part of a larger trend. Cloud-managed networking continues to get less expensive and more feature rich, and the used-to-be-wireless-only guys are laying claim to more of the wired network in cool new ways.

Aerohive shares a place in my heart with Meraki Networks (and to a lesser degree, newcomer PowerCloud Systems) as the Little Engines That Could in the modern WLAN market. Each has their own interesting story to tell, but they are unified in their message to wireless customers and the industry: wireless controllers are a layer of complexity that isn’t required to get the job of feature-rich enterprise wireless done. And each is now making inroads into wired networking that, for the open-minded, can’t be ignored. Aerohive’s new baby is called Branch on Demand, and the pricing model alone is attention-grabbing.

More choices in broadband enable new opportunities for branch connectivity, and geographic diversification means a growing number of companies have branch needs. Traditional extend-the-network solutions can be expensive, with pricey site to site VPN boxes, stand alone switches and wireless APs, and other stand-alone, individually managed boxes. Alternatively, integrated branch routers offer a lot of functionality under the hood, but still bring support challenges and can be costly. Aerohive’s Branch on Demand seeks to upset the branch paradigm by leaving no features out but coming in at prices that truly commoditize IT, and leverage the cloud for centralized and local support.

I have turned up remote sites built on legacy bits and pieces, and have also gone the cloud-based route on a large overseas branch. In all cases, the remote site offers wired and wireless networking, and the expectation is that performance and reliability will be comparable with that of the enterprise network that these sites are an extension of. I like to think that I “get it” on this topic, and the details of Aerohive’s Branch on Demand have the wheels of my mind turning.

This Network-as-a-Service offering features Aerohive’s new Hive Router BR100 at the bottom end. There are options to purchase or lease; either way you go, $99 gets you a lot. Remember, we’re talking small branch setting here. Five Fast Ethernet ports, integrated single-band 11n wireless, USB support for 3G/4G backhaul, layer 3 IPSec VPN back to the mothership network, and pretty much any business network feature you’d need. Like firewalling, rate-limiting, policy-based administration, support for 802.1x, and a lot more for what Aerohive calls “micro-branch” environments.

On larger branch networks (loosely up to 50 users), the BR200 gets you wired Gig ports, 3x3 dual-band 11n wireless, two Power-over-Ethernet ports, and crypto acceleration. Both models are cloud-managed by HiveManager 5.0 (free) and connect back to the home network on a sub-$1000 Cloud VPN gateway that supports hundreds of remote sites.

Having kicked tires on Aerohive’s wireless APs and HiveManager in the past, I can testify that the company does not skimp on features and definitely sees itself as a serious business networking solution. Throughout the product set, ease of administration is made high priority. The new Branch on Demand offerings go beyond just making new small fixed remote sites easy to bring up as and made to function as if they were “the big network”, but also enables temporary network scenarios, vehicle-based networking using 3G/4G backhaul, and many more possibilities for the creative network admin.

Did I mention it starts at $99? If Aerohive can get some traction with it's Branch on Demand solution, it could have a definite affect on how the other cloud-based networking players set their pricing, but also make the network market leaders rethink their very complicated branch offerings.

At the time of publication, Aerohive has no business relationship with Lee Badman.

Dell is focused and while they aren't considered by many to be a solutions provider--many consider Dell to be a box pusher--they plan on changing perception. As Frtiz Nelson points out discussing Dells earnings, the company did a remarkable job in acquiring storage companies that fit with their overall vision, investing in the product lines doubling or tripling the head count in some cases, and setting off on an integration path that continues today. However, Dell has a difficult road ahead if they want to get beyond supplying servers to the data center.

Dell's acquisition of a networking company was not terribly surprising and Froce10 is a good fit for them. There were only a few other stand-alone vendors such as Arista and Extreme that might have been acquisition targets. Juniper was too big and Brocade is too heavy into fibre channel. It's surprising that it took them that long to acquire a networking company. Force10 has a good product line that is better known in the high performance computing where high port counts and micro-second latency matter. Force10 did have a campus line, but their market penetration was, and is, extremely low. Dell didn't buy Force10 for the customer list and they didn't buy Force10 just to have a networking company--not when they had OEM relationships for Ethernet networking with Brocade and Juniper. To compete with Cisco, IBM, and HP in the data center, Dell needed networking gear they owned and could integrate into a single offering.

Force10, back in 2010 launched it's Open Automation Framework that includes product features like bare metal provisioning of switch hardware, integration with system management and hypervisor products, and on-switch perl and python scripting all of which is meant to support automation and orchestration--the underpinning of a dynamic data center. Dell, for its part, needed not just a switching company, but one with products that it could jumpstart an integration process that would bring most of the features needed for a dynamic data center revolving around Dells own server, storage, networking, and management product lines. Bear in mind that Dell is also focused on the mid-market, not the huge mega data centers not large enterprises that are usually the targets of public and private cloud ventures. They aren't looking to scale to tens of thousands of switch ports and servers, initially.

Given Dells track recent track record to invest in acquisitions, we can expect to see Dell invest heavily in Force10, perhaps growing the staff 2-3 times over 12-18 months, develop a roadmap laying out their plan, and executing. Here is what I think Dell will, or should, do, with Force10.

First, Dell has already said that they are going to end-of-life their current crop of campus LAN switches they OEM from Juniper. They'll still be supported, but they won't sell more of the J line and Dell still OEM Junipers WAN routers and security products--it's not a break. They will start selling their Force10 LAN and data center switches instead. Getting customers to switch to Dells networking gear will be difficult. In the recent IT Pro Ranking: LAN Equipment Vendors [free, registration or account login required], 60 percent of respondents indicated they weren't interesting in replacing their current networking vendor while the remaining 40 percent were considering replacing either their primary or secondary vendor. That's either a market opportunity for the likes of Dell, or a fairly high hurdle to leap. The upside is that the top two reasons that would get the 60 percent to switch are considerable cost savings and new features. Dell has a habit of selling good equipment for less than competitors and since Force10 already relies in merchant silicon, they can probably drop their sales price and still retain good margins. Force10 was, and under Dell, is, innovating their product lines. They seem to be hitting both requirements.

We can then expect to see Dell start to tie in their networking with automated management and orchestration to their Advanced Infrastructure Management, acquired with Scalent in 2010. The automation features in the Force10 gear seems nicely aligned with Dells plans and provides a way that Dell can meet the demands that a dynamic data center places on the network infrastructure.

Along with their server and storage offerings, Dell has a good base to deliver a complete unified computing package based on Dell's equipment. Dell just has to put it all together. In that sense, they are in the similar position as Cisco was with UCS. They don't have a legacy of management applications to support and integrate; they are starting with a fairly clean slate which might make them more nimble than either HP or IBM.

Avaya is updating its Ethernet switch portfolio with six new models designed to bring the capabilities of its Virtual Enterprise Network Architecture (VENA) to the edge of the campus network. The additions to the Ethernet Routing Switch (ERS) 4000 portfolio offer plug and play capabilities for IP phones, Quality of Service (QoS) management, and support for both standard and enhanced Power over Ethernet (PoE and PoE+). The company says they feature Stackable Chassis technology that can handle almost three times more traffic than competing solutions while consuming 36% less energy and offering a 40% lower total cost of ownership. An additional 25-40% power savings, without traffic interruption, can be achieved by 'dimming' the network during off-peak hours with its Energy Saver functionality.

The new switches are another chapter in its VENA strategy, says Avaya, offering both tactical and strategic advantages. Tactically, the switches allow them to compete better in the enterprise, and strategically, the use of its chipsets future-proofs the products, allowing them to add capabilities like virtualization and extend the life of the switches to 7-10 years.

Tactically, this is a straightforward mid-range, high performance, stackable switch announcement with PoE+ and SFP+ support, says Rohit Mehra, director, enterprise communications infrastructure, IDC. “With some good QoS, and more importantly, UC-related integration capabilities, this will give Avaya customers a reason to look at both its voice and data portfolios.” Strategically, he says this will improve Avaya's value proposition with enterprise IT in terms of being a supplier that provides value through better integration of voice and data networking solutions. Also, from a strategic standpoint, this strengthens Avaya VENA architecture across the enterprise by adding another platform that participates in the virtual services fabric.

The timing is also significant, says Avaya, because a number of Cisco products are about to be discontinued so customers are evaluating different options. While it believes it also fares well against Juniper and HP, the company says Cisco is the only other vendor that can provide a full communications infrastructure, so that's where it sees the biggest opportunity.

Last quarter the Ethernet switch market slowed down to 7.1% sequential growth after an 'exceptional recovery' in the previous year, reports IDC. Second quarter 10GbE (Gigabit Ethernet) switch revenue increased 22.6% year over year due to continued adoption in datacenters and campus core deployments. Cisco continues to dominate, accounting for 63.4% of the Ethernet switch (Layer 2/3) market share in 2Q11 and 73.2% of the 10GbE segment.

Mehra says Avaya and Cisco are both major players within the UC/VoIP infrastructure space. “While Cisco's portfolio has spanned both the voice/UC and data networking markets for quite some time, Avaya, for the first time, is directly leveraging its voice/UC integration capabilities on the network switching side. At minimum, I expect existing Avaya customers to take a closer look at its data networking portfolio so they can benefit from the transition to a converged infrastructure.”

See more on this topic by subscribing to Network Computing Pro Reports Collaboration Breakdown (subscription required).

Dell is rolling out a new line of Kace appliances to address the midmarket, along with "pay-as-you-grow" pricing. Kace consists of two families of easy-to-use appliances that meet system management needs, from initial computer deployment to ongoing management and retirement. Targeted at organizations with 1,000 to 3,500 end-point systems, the K-Series Advanced Appliance line that features quad-core Xeon processors, RAID 5 configuration, high speed drivers and redundant power supplies, includes the K1100-ADV for system management, and the K2100-ADV for system deployment. In addition, Dell has collapsed its standard and enterprise support packages into one, ProSupport, which includes unified 24/5 assistance from the company's maintenance and support team.

Under Dell's stewardship, the Kace customer base has grown from 1,200 to more than 4,600 in the past year and the recent acquisition has just started to expand beyond its US base. A dedicated Kace.com website is now available in four new countries – China, France, Germany and Japan – and the company will continue to expand its international footprint by localizing its solutions in additional countries within Europe and Latin America throughout 2012.

Dell broadened its SMB capabilities in July with the launch of the M300 Asset Management Appliance to address routine IT tasks like hardware and software inventory, software license compliance, and asset tracking and management. In April, it enhanced the K1000 Management Appliance software (V5.3) with easier license management, new Dell warranty integration and an improved Windows agent that simplifies deployment to Windows-based systems.

Between 60-70% of customers purchase both appliances, says Dell. The company is also offering a buy-back program for customers with existing appliances, which will probably attract 10-20% of its customers who either will want to replace aging hardware or are growing and/or want to future-proof their Kace investments.

The midmarket is a huge opportunity, says Steve Brasen, managing research director for Enterprise Management Associates. EMA defines the midmarket on the low end as organizations with greater than 100 employees and on the high end as businesses that earn less than the top 1000 revenue makers (i.e. the Fortune 1000). According to the US Census bureau, this range includes roughly 100,000 businesses in the United States alone.

“There is clearly a vast difference – in terms of feature requirements vs. budgets – between the low and high ends of the mid-market, and Dell Kace has developed platforms to address both. The K1100 Systems Management and K2100 Deployment appliances provide basic functionality at a cost-effective price for smaller businesses, and the K1200 and K2200 appliances respectively provide more advanced feature sets for larger support stacks.”

But there is a critical market that fits between the two that need to support larger support stacks than they are able to with the low-end solutions, but do not have the budgets available to adopt the high-end solutions, he says. “To support these specific organizations, Dell Kace introduced the ADV platforms that extend the capabilities of the low-end solution – including providing support for a larger number of endpoints, performing more frequent inventories, and achieving higher volumes of patching and software distribution – without substantially increasing the cost. It should also be noted that a simple path for migration has been developed between three platforms, so an organization can enter with the low-cost KX100 appliances and then expand to the KX100-ADV and KX200 platforms as IT requirements increase and budgets become available.”

Brasen says EMA research indicates only about 40% of mid-market businesses have adopted automation solutions for managing their IT investments. “That leaves roughly 60,000 untapped businesses in the domestic US and a far larger number worldwide. Add to this the potential for Dell Kace to gain market share from competitors (most notably Microsoft) and the result is tremendous opportunity for platform adoption growth.”

This market is being driven by enterprise IT endpoints (particularly desktops and laptops) that have become essential for enabling a workforce to achieve business requirements, he says. “Employee productivity and business agility are directly related to workstation reliability and performance. Additionally, there continues to be a growing need for achieving security and compliance objectives. All of these factors coupled with emerging technologies (such as virtualization, mobile devices, and cloud services) have significantly increased the complexity of enterprise support stacks. Client lifecycle management solutions, such as the Dell Kace appliances, have become essential to simplifying endpoint support, allowing mid-sized organizations to meet requirements, compete equally against larger competitors, and achieve profitability.”

See more on this topic by subscribing to Network Computing Pro Reports Best Practices: Maximizing I/O (subscription required).

Since its founding in 1980, BMC Software has been successfully delivering management solutions to large enterprises. During that time, the vendor has been able to deftly maneuver around possible potholes to earn a top position (one that generated more than $2 billion for the company in fiscal 2011) in this highly competitive market sector.

But more work remains. Like other high tech segments, the management segment is experiencing slowing growth. The double-digit increases evident historically have given way to single digit growth. "There is a good possibility that consolidation will occur among the top tier management companies in the next few years," notes Jean-Pierre Garbani, VP at Forrester Research.

BMC may be a company ripe for the picking. The vendor is much smaller than behemoths such as HP, IBM, Microsoft and Oracle. To avoid being swallowed up, BMC has focused on delivering high-level management functions, such as end user experience monitoring and cloud management. Time will tell if it is positioned well enough to withstand future market shifts.

Even though the economy has recently been wallowing, BMC has fared well. In 2011, its sales increased 8% from the previous year. "BMC has done a good job anticipating customer needs," says Mary Johnston Turner, research VP, Enterprise System Management Software, IDC.

Companies are searching for ways to leverage their IT systems. "With budgets being constrained, corporations are looking to increase staff efficiency through automation," explains Matthew Selheimer, assistant VP of Solutions at BMC.

BMC moved in this direction with its Business Service Management (BSM) initiative. These tools enable IT departments to manage their business services from service definition through service request to provisioning and configuration. The tools are designed to help enterprises monitor infrastructure performance, as well as generate the reports needed to ensure governance.

The movement to cloud computing has presented a significant challenge to established management suppliers like BMC. Its products were built to monitor traditional enterprise data centers rather than operate over network connections, the model that cloud computing relies on.

Consequently, management vendors spent much of the previous few years revamping their products to support and be available via a cloud delivery model. BMC began delivering its Remedy help desk software in a cloud model at the end of the second quarter in 2010. Also, the vendor has been enhancing its management portfolio so it provides IT organizations with a unified view into physical, virtual and hybrid cloud environments.

In addition, IT department have been moving away from a component-level picture (what is happening on this switch) to a more comprehensive (where are my bottlenecks?) management view. In response, BMC purchased Coradiant, a maker of software for improving end user experience and tracking Web application performance, in April 2011. The technology competes with vendors such as Compuware, Keynote Systems and OPNET, and allows businesses to track the performance of on-premises, virtual and cloud-based applications. With the product, IT departments can pinpoint usability issues with enterprise applications, thereby increasing worker productivity, or they can ensure that their public portals and e-commerce sites are delivering information quickly.

Mobile management has been another area of burgeoning interest. BMC took one step in that direction in July 2011 with the purchase of Aeroprise, whose software tied Research in Motion BlackBerrys and Microsoft Windows Mobile smartphones to BMC’s Remedy help desk application. But BMC still lacks tools so that companies can track and secure mobile devices.

BMC seems to be accurately tracking evolving customer desires. However, the company remains one of the smaller management vendors. With management requirements becoming more complex and more comprehensive, the need for suppliers to expand (both product lines and sales) has become clear. Competitors like HP, IBM, Oracle and Microsoft are literally 30 to 50 times larger than BMC, so they have more ways to leverage sales of their management systems.

Given its more than 30 years of independence, BMC has no imminent plans to be acquired. However, long term, the company may need to do more than just nibble away at competitors' market share. In mature markets, the handful of top suppliers eventually gives way to a few vendors. BMC would like to remain in that grouping, but its market position is not guaranteed.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: Calculating APM Costs (subscription required).

Last week, some colleagues and I had a chance to spend the day at Dell's headquarters in Austin, Texas. It was seven hours of meetings, getting a dump on Dell's various lines of business, and was capped off with a meeting with the man himself, Michael Dell. It was an informative day, meeting with folks who run the storage, server, networking, and channel divisions of the company. I came away with one overriding thought: Here's a company that is focused.

Unlike many vendor representatives I talk to, those from Dell don't focus on selling to the Fortune 500. Dell focuses on the mid-market. Where it has the ability and when it thinks it makes sense, the company will move up to the larger enterprises. Frankly, the mid-market has many of the same demands that larger enterprises have, plus the additional pressures of less IT budget--the percentage of IT budget compared to the business many be the same, but the resulting dollars are proportionally less, which means less money for capital expenses (product prices are independent of budget) and less money to hire dedicated staff.

Addressing those latter two needs, Dell focuses itself on making products easy to use and lower in cost. Easy to use doesn't mean simple or featureless. Easy to use manifests itself through a unified UI, single-pane-of-glass management and smart defaults in products, and that results from integrating acquired or developed technologies into cohesive products. The net result is easier-to-use products across a product line or across vendor silos. We heard about it while talking with Dell's VP of storage, Darren Thomas, and heard the same sentiments echoed throughout the day from the server, networking and channel groups. If Dell's success in the storage line is any indicator, we'll be seeing more interesting, integrated products from Dell in the future.

That integration also allows price reductionsl. Dell's strategy to use the technologies and IP acquired from Exanet across its entire storage line should result in reduced overhead and cost in developing and supporting new storage products. By itself, the savings may not be much, but the more integration you can develop and the more code re-use a vendor can employ, the less overall they spend on new products.

The day was productive. Maybe I am still reeling from the Kool-Aid--all-day visits tend to do that--or maybe Dell is onto something. While I am not about to start making comparisons among vendors, we can all point to vendors that are known as places that good technology goes to die. What I heard from Dell is just the opposite.

P.S.: As we were leaving, a wall caught my eye. If you ever contacted Dell on Twitter, Facebook or other social media platforms, chances are you spoke to someone at Dell Cares. This wall is plastered with index cards that Dell employees write, such as "listen," "engage," "delight our customers," "connect with people from around the world" and "turn back the clock town hall-style." I dunno, it just spoke to me.

Disclosure: I traveled to Austin on my employer's (UBM TechWeb's) dime. Dell had lunch brought in. Estimated cost, $14.50 each (ham sandwich, chips and a Coke). No one has asked to buy my opinion, but, rest assured, it would cost more than $14.50.

The emergence of 'big data' and the total amount of data more than doubling every two years (IDC) is driving demand for high-performance computing and faster communications. According to Intersect360 Research, the HPC market grew 22% last year, to $25.6 billion in product and services, and will reach $36 billion by 2015 (Worldwide High Performance Computing (HPC) 2010 Total Market Model and 2011-15 Forecast: Overview). The 40 and 100 Gigabit Ethernet (GbE) market will reach $5.9 billion by 2017, according to a new report by Global Industry Analysts, Inc. Now Brocade is claiming the world's largest single-site deployment of 100GbE in a research institute, improving efficiency by 50%.

Janelia Farm Research Campus, the research facility for the Howard Hughes Medical Institute (HHMI), has chosen Brocade to replace its network infrastructure and increase performance by up to 10X. The medical research organization invests approximately $770 million in biomedical research per year and supports more than 250 staff scientists. It has 200 Gigabit connections to each of its network wiring closets, and 10 GbE connections going directly down to researchers’ systems.

HHMI started evaluating vendors in January, says Brocade's Daniel Williams, and deployment started in July. The institute was not only looking to increase its network performance, but also to ensure it continued to attract researchers affiliated with other labs, he says. “They view themselves as providing network connectivity services to their researchers.” They were running into problems when individual data sets were exceeding 10GbE, which led HHMI to explore 40 and 100GbE solutions, ultimately going with Brocade's 100GbE technology.

The institute has installed more than a dozen Brocade MLXe-32 and MLXe-16 routers, with the larger switches deployed in the datacenter, and smaller routers handling the edge or campus traffic. They are connected using Brocade's Multi-Chassis Trunk (MCT). Williams says the facility core aggregates two ports of 100 GbE to create a single 200 gigabit logical connection. The aggregation routers are two fully populated Brocade MLXe-32 routers with more than 2,400 GbE ports and a large subset of 10 GbE ports.

The GIA report, which was published at the end of October, says the US remains the largest regional market for 40 and 100 GbE, with Asia-Pacific represents the fastest growing regional market with revenue projected to increase at a CAGR of about 80% over the next four years. In addition to Brocade, other major players include Avago Technologies Ltd., Cisco Systems Inc, Ciena, Extreme Networks, Inc., EZchip Technologies Ltd., Finisar, Force10 Networks Inc, IXIA, JDS Uniphase Corporation, NetLogic Microsystems, Inc., NeoPhotonics Corporation, Oclaro, Opnext Inc, and Sumitomo Electric Industries Ltd.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: Unified Computing Stack Wars (subscription required).

OpenFlow is a specification now managed by the Open Networking Foundation, which defines the functions and protocols used to centrally manage switches via a centralized controller. OpenFlow is a command and control protocol that includes communication over SSL/TLS protected channels, feature discovery and configuration of devices by the controller, and managing the forwarding tables on the switches. The OpenFlow protocol doesn't stipulate how the network is designed or managed. That is up to implementers and vendors to decide.

OpenFlow was also designed to work with existing products--no specialized hardware is required. A number of vendors are offering experimental hardware that runs OpenFlow today and can run both OpenFlow and their native switching/routing software on the same switch by dedicating specific ports to OpenFlow and native switching/routing. Two vendors, Fujitsu and NEC, are shipping OpenFlow switches. Fujitsu's switch is OpenFlow-only, while NEC's is a hybrid.

Greg Ferro produced a Practical Introduction to Applied OpenFlow video that is worth watching and goes a bit more in-depth into the OpenFlow protocol.The problem with today's network stems from how Ethernet was originally designed as a simple framing protocol. As LANs became more complex, the Spanning Tree had to be introduced to remove the possibility of broadcast storms from loops in the network, thus reducing the network to a single rooted tree (not all paths could be used).

Quality of service is implemented on a per-device basis with no context of the neighborhood, resulting in inefficient traffic management. VLANs were introduced to segment traffic and extend Layer 2 networks across a campus or wide area. Link Aggregation (LAG), a.k.a. bonding, was developed to increase capacity between switches over multiple physical interfaces, but often less than 75% total capacity could be used.OpenFlow controllers have a holistic view of the network from edge to edge and know all the paths between any two points. OpenFlow can use most fields from Layer 2 to 4 headers to match flows (a unidirectional set of frames between two points) and look up the path through the network. You can use multiple forwarding mechanisms to get better load balancing and processing without being limited to the physical topology. The controller is a piece of software and can be dynamically programmed based on changing needs, hence the term software-defined networking. That is the promise anyway.The switch as position 1 is added to the network and configured with the credentials and address for the controller. It contacts the controller, which queries the switch for its capabilities and configuration. Then the controller pushes any configuration it has to the switch. The controller updates its view of the network and forwarding policies and updates the existing switches forwarding tables if necessary, making the new switch available to carry traffic.Think of defining how network traffic is forwarded much like you think about defining access policies in a firewall. You specify the conditions to match traffic on, such as source and destination addresses, which includes wild cards, and an action to take on a match. In OpenFlow, you define forwarding policies limited by the capabilities of the controller and your own needs, and as your needs change, so can your policy.

In general, we always want traffic to go via the fastest, shortest path. However, when congestion occurs, the fastest, shortest path becomes oversubscribed and we want to prioritize some traffic over others. With an SDN, you can set a policy that prioritizes time-sensitive traffic over bulk traffic. As congestion occurs, you can move some or all of the bulk traffic to a different path, reducing congestion on the shortest path for your time-sensitive traffic.While OpenFlow has a centralized controller, that doesn't mean that each new flow has to result in a controller lookup. If a new flow matches an existing rule, it will be processed according to that rule's actions. Rules can be pre-populated, reducing the number of lookups that occur. Intelligent policy development should mean a reduced number of controller lookups. In addition, rules have a time to live associated, so if the switch is disconnected from the controller for some reason, it can still process existing and new flows. Only those flows that result in a controller lookup would fail.

Controller technology is not new either. Enterprises have been using controller-based wireless and network access control for years successfully.Naturally, any critical system will have to be built with high availability in mind, and this requirement is not lost on OpenFlow controller vendors. The HA functions are not part of the Openflow protocol definition and will have to be implemented independently of the protocol. I'd expect to see HA implemented in other than active/standby, but how HA will actually be implemented will vary by vendor.Obviously, a network controller is a potentially high-value target for attackers, because if they get control of the controller, then they manage your network. However, an OpenFlow controller really doesn't present more of a target than any other critical network, system or hypervisor management system.

The controller needs to be protected from attack and needs to have strong authentication built in, rights management to control who can do what, an audit log to track and roll back changes, and all the other features you'd expect to protect a controller. Not having those features is a non-starter.Do you need OpenFlow to manage your network? No. Can OpenFlow controllers provide features and functions better than what are available today via existing standards? Absolutely. An OpenFlow controller can, within its OpenFlow management network, potentially replace most of the management protocols running in your existing network. You don't need to worry about loops, VLANs can lose meaning if needed, and you can use all of your capacity between any OpenFlow-enabled switches. You can potentially design the network of your dreams completely in software and deploy with a push of a button. If we sound breathless, it's because the potential to unlock the power of your network is very real. The breadth of that power depends on the capabilities of the controller.

Ivan Pepelnjak of IOShints reminds us that you don't need OpenFlow to solve every age-old problem. While his examples are directed at LLDP, his point applies to many Ethernet-related functions.An OpenFlow controller simply defines how frames are forwarded through the network, and the controller has an end-to-end view. It can potentially make more intelligent decisions based on the goals you want to achieve and the capabilities of the switch hardware, and can respond to changes in demand.

Not all applications are created equal. We already showed how VoIP traffic can maintain its SLA requirements, even under congestion, by dynamically moving lower-priority traffic to other paths. Similarly, you can define multiple paths with varying priorities so that if a primary path fails, a secondary path can be selected immediately with a lower failover time than with traditional L2/L3 methods.

Since the OpenFlow controller controls the network, it becomes the integration point for anything network-related, such as hypervisors, applications, security functions and load balancing. Integration moves from individual switches to the controller.This all leads to software-defined networking, where the network is designed and deployed in software. This leads to rapid changes with potentially fewer configuration errors and faster recovery times from errors. More importantly, all of your software can signal the network of the parameters it requires, and the controller can set forwarding policies based on business need versus technical need. Lastly, your network engineers can spend more time on engineering and less time tapping a CLI.OpenFlow does not commoditize switching. The LAN edge still needs intelligence to configure the switches and switch ports for things like VLAN assignment, management of Power over Ethernet budgets, authentication of hosts via 802.1X, and possibly integration with external switches using traditional Ethernet protocols. In the data center, there is a potential to commoditize switching if all you need is Ethernet access. However, data center networking demands usually involve lower latency overall and tighter control of the interconnections and less intelligence at the edge.