Internet Network Security Blog

As a reformed network geek who has turned to the dark side to follow the storage market, I've been especially intrigued by the evolution of data center Ethernet as fundamentally different not only from the 10Mbps shared media Ethernet of old but, more significantly, from the direction of campus Ethernet. As we bring DCB, TRIIL like layer 2 multipathing and the like into the data center network, I would like to propose that many of us can eliminate the expensive modular switch that's typically served as the network core.

We have traditionally built networks around a pair of massively redundant core switches using additional access and aggregation layers of switches to funnel traffic to the core. This design was driven by the limitations of previous generations of smaller switches, the spanning tree protocol and yesterday’s traffic patterns.

Just a few years ago, much of the traffic in an enterprise was users running 2 tier client server applications and accessing file services. This resulted in large volumes of so called north-south traffic between user PCs, external systems, and servers. Today, much of the traffic is server to server or east-west as web and application servers access databases. Virtualization adds to the east-west traffic pattern with live migration traffic and virtual desktops.

If we’re building a network for east-west traffic, why are we connecting ToR (Top of Rack) switches through oversubscribed uplinks to the core? If you have 100 to 300 or so servers with dual 10 gigabit connections, you could just build a full mesh of 48, 60 or 96 port ToR switches.

Let’s take a full mesh of 8-60 port switches with 20Gbps interconnects as an example. Each switch would use 14 10gbps ports for connections to it’s peers for providing 140Gbps of fabric bandwidth. That would leave 46 ports on each switch for server and storage connections, which would easily support 150 or so servers with dual connections and plenty of storage connections to boot. Each server would be no more than 2 switch hops from any other and the inter-switch links would be only about 3:1 oversubscribed.

A more conventional design would use a pair of core switches that the ToR switches all uplinked to. If we use 40Gbps uplinks, we boost the oversubscription level from 3:1 to 6.5:1 (52:8) and add another switch hop to the data path between any 2 servers connected to different switches. Using dedicated storage switches also connected to the core would further stress the uplinks. We may be able to save a few bucks on ToR switches but we’d have to spend several times that much to buy line cards for the core, let alone the cost of a pair of Nexus 7000 type core switches.

As you add layer 2 multipath capable ToR switches, consider using the fabric itself as the core. It could save you more than a few dollars while providing reliability and performance comparable to a more conventional design. Of course, full meshes can only scale so large. Adding more switches to the mesh requires more inter switch link ports so you can reach the point where with adding another switch to the mesh you’ll actually reduce the number of useable ports in the fabric. So if you’re building a network for 1000 servers, those core switches with high port counts might pay off.

So would you build a data center network without a core? Comments solicited.

Disclaimer: Brocade, who makes switches that could be used to build such a mesh network, is a client of DeepStorage.net.

Pano System 5, the latest version of Pano Logic's zero client desktop virtualization hardware and software product, introduces Pano Controller, a modular architecture that enables flexible deployment options for large heterogeneous virtual environments, and Pano Maestro, which eases device monitoring of distributed zero client endpoints. It also improves the user experience with 30-40 percent reductions in network bandwidth utilization and 25 percent better video frame rate quality, and extends support for VMware's vSphere 5 and View 5.

The new release is intended to address the needs of larger organizations as opposed to the company's traditional midmarket, up to 2,000 employees. Pano Logic says 5.0 makes it much easier to deploy and manage its PC alternative, as well as extending support for VMware's most recent releases. Customers can now centralize the management of multiple distributed VDI deployments through VMware View or Citrix XenDesktop while significantly reducing the amount of onsite maintenance in each remote office, the company says, and with Pano Maestro, they can also monitor all of their Pano Zero Client devices through one interface, whether those devices are supported by a VMware, Citrix or Microsoft virtualization platforms. With Pano Controller, which works with a variety of desktop brokers, including VMware View, Citrix XenDesktop or Pano Virtual Desktop Broker, and hypervisors such as ESX, XenServer or HyperV, customers get platform independence and ease of management for large scale deployments.

According to a recent report from IDC (IDC MarketScape: Worldwide Desktop Virtualization 2011 Vendor Analysis), the desktop virtualization market is expected to make significant gains in both revenues and total customer count well into the second half of the decade. It says customers are intrigued by the possibility of a better desktop management model and the operational savings desktop virtualization could deliver, which has led to the emergence of a number of vendors offering systems and desktop virtualization products that address from small start-ups to Fortune 100 companies.

A specialist in VDI, Simon Bramfitt, founder and research director, Entelechy Associates, says desktop virtualization is taking off with more deployments and licenses being sold in larger groups, including 10,000-seat deployments. “We are starting to understand realistically what the technology is capable of... and the technology is becoming affordable and scaling up to meet large enterprise needs.”

The new Pano release puts them into competition with thin clients like Wyse, HP and Dell, he says. “It also suggests that Pano Logic feels the need to scale up for these large deployments.” Bramfitt says the company has been quite successful in the SMB space, in large part by making the the purchasing decision and deployment very simple. “What's happening now with 5.0 is very interesting because it gives them the opportunity to look at something like XenDesktop which is targeted at the high end, and against thin clients.”

See more on this topic by subscribing to Network Computing Pro Reports Research: Virtualization Management (subscription required).

Brocade is looking to shake up the enterprise campus networking market with a new set of solutions that will deliver a 35% total cost of ownership advantage. Due out this month, with a starting price of $5,595, the ICX 6610 is an Ethernet access switch that combines chassis-like reliability and performance with the flexibility and affordability of a stackable switch, says the company, delivering five times the stacking bandwidth of the leading competitor and providing 810 Gigabit Ethernet (GbE) uplink ports and the highest aggregation bandwidth in its class.

Also available this month are the FastIron SX Series modules starting at $4,495 USD, while Multi-Chassis Trunking (MCT) will be available in early 2012 for this series. Brocade is also announcing an immediate price reduction for the FCX Series stackable switches.

Brocade's claims clearly hit on the point that the campus LAN has become more standardized and with this shift it is clearly possible to drive down the costs of campus networks, says Gartner's Mark Fabbi, VP, distinguished analyst, network & data center infrastructure. Gartners advice to enterprises is to target a minimum of 30%, but potentially a 50% reduction in expenditures when upgrading this portion of the network. At the edge of the network, performance numbers arent particularly meaningful all the players can provide more than enough capacity and capabilities to connect devices to the network. At the aggregation/campus core level, performance becomes more important to support the increasing amounts of rich media that is traversing the network and delivering improved performance levels at reduced prices should certainly be part of the evaluation criteria.

Responsible for Brocade's campus business, Joe Ammirato says the new solutions are intended to address an enterprise solution gap, bridging the divide between over-engineered, complex and expensive solutions versus basic, inflexible and affordable solutions. Together, these solutions deliver 5x the performance at 1/3 the price of comparable Cisco offerings. At $13 billion annually, the campus networking market is the largest of all networking market segments, he says.

Equipped with new high-density 810 GbE blades, the Brocade FastIron SX can scale up to 128 ports of 10 GbE. Additional new features include Multi-Chassis Trunking (MCT), for active-active resiliency that delivers twice the bandwidth of traditional active-passive redundant designs, plus MACsec and Energy Efficient Ethernet (EEE)-ready hardware for investment protection.

While the pricing implications are important, Fabbi thinks the most significant part of the announcement is the simplification of Brocade's campus switch portfolio. Reducing the complexity of the offering will clearly help Brocade. He adds that the trend towards competitive evaluations and procurement is expected to continue on and this announcement illustrates the moves by one of the viable players to continue to exploit the ongoing standardization and competitiveness in the market.

IDC's Rohit Mehra, director, enterprise communications infrastructure, says the ICX 6610 switch platform is in the premium segment of the access switching market, and supports advanced functionality including high availability built on a non-blocking, wire-speed architecture with 40GbE stacking ports. Given the high performance of this new switch, it can also be positioned as an entry level aggregation switch.

The second and equally relevant aspect is that this launch makes Brocade's switching portfolio that much more appealing for value-oriented IT buyers than before, he adds. With reduced Capex to Opex across the switching product line, Brocade has also looked ahead in introducing its new Network Subscription Service, which provides enterprises with another option of acquiring network infrastructure under a flexible format that helps them align infrastructure closely with business needs.

Network Subscription is an acquisition model that lets companies pay for network ports when they are used. As monthly demand changes, the port count and costs rise and fall. This is a good model for companies with large differences between normal and peak usage, though subscribers pay more over time compared with a capital purchase.

Mehra says the ICX 6610, along with the revised price positioning of the FSX series, changes the economics behind Brocade's campus switching portfolio, offering higher performance and advanced capabilities at a much more attractive price than before. Existing and new customers will certainly want to take a closer look at the Brocade's enterprise campus switching portfolio.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: Unified Computing Stack Wars (subscription required).

The new 2.0 release of OneCommand Vision delivers increased scalability, usability improvements, custom alerting, and added operating system and hypervisor support, says Emulex. The software, which addresses the proverbial 'blind spot' in the datacenter, namely I/O, analyzes end-to-end I/O latency, various protocol events and other critical performance metrics, says Emulex VP Shaun Walsh. "That has really been the key, understanding the latency; the more you eliminate latency, the easier it is to achieve SLAs (service level agreements)."

Better known for its hardware, including Fibre Channel host bus adapters, network interface cards, converged network adapters, controllers, embedded bridges and switches, OneCommand Vision debuted in 2009 and was targeted at the Microsoft ecosystem. Hundreds of companies, primarily service providers and hosting companies, adopted V1.0, and with the addition of Oracle and Solaris support, demand is expected to climb, says Walsh.

Expected to ship this quarter with an entry-level configuration starting at $28,000, 2.0 provides "Application View" of performance availability, end-to-end performance management that covers 100% of the I/O Path. I/O SLA Management is provided by real-world performance baseline and availability metrics that ensure the specific needs of each application are met after the storage infrastructure is migrated. There are five feature modules for I/O management, including: I/O Latency (to collect, trend, analyze and present end-to-end latency information specific to each I/O path), I/O Profile (to collect, map and present I/O characteristics specific to each I/O path), I/O Analyzer (to collect and present protocol event information, including SCSI and transport information), Intelligent Alerts (to detect and resolve issues), and I/O Reports (to provide a data center-wide view of pertinent I/O network information).

Through the company's Analytics and Correlation Engine (ACE), users can detect performance issues and relate them back to infrastructure hot spots and protocol errors by combining historical I/O availability and performance data, exposing potential oversubscription in the server, network and storage domains. In addition to Oracle Enterprise Linux (OEL) and Solaris 10, the new release also supports Microsoft Windows Hyper-V, and VMware ESX v4.1 and 5.0.

The addition of Oracle and Solaris support should help drive interest in this product, especially when you consider the mission critical apps that are typically running on Solaris or being supported by an Oracle database, says Bob Laliberte, senior analyst, Enterprise Strategy Group. Starting with Windows made sense given the rise in server virtualization, and he expects increased adoption for that environment as VM density increases over the next 18 months and the I/O blender really gets going.

According to ESG research, 30% of enterprise respondents anticipated having 25 or more VMs per physical machine. “Getting back to Oracle and Solaris, the ability to provide additional insight into the performance of these applications should be welcomed. Think about the firms on Wall Street looking for any advantage they can get. A key to the expanded adoption will be to help raise awareness of its capabilities.”

Typically vendors have not focused on the adapters as a source of information, relying instead on hypervisors, servers, SAN switches and storage arrays, says Laliberte. That means most management products will pull information from one or potentially several of those environments (so all those vendors have a management offering covering their area of expertise). “However, the technology in these cards has advanced dramatically over the past few years and can provide valuable information. As mentioned above, visibility into the I/O path will become even more essential as VM density increases, mission critical apps are moved into virtual environments and even to help them move – baseline I/O performance in a physical setting and then validate in a virtualized or cloud environment.”

See more on this topic by subscribing to Network Computing Pro Reports Best Practices: Maximizing I/O (subscription required).

Network infrastructure services management vendor Infoblox is introducing a new appliance that handles domain name server (DNS) queries five times faster than can current legacy systems. The Infoblox-4010 is designed to handle the explosion of DNS queries as more devices, including smartphones and tablet computers, seek access to corporate and service provider networks and more IP addresses are being created.

The 4010 can deliver as many as 200,000 DNS queries per second, and when a number of the appliances are arrayed in a grid formation -- and managed by the Infoblox Trinzic Multi-Grid Manager -- can handle 3 billion DNS queries per second and 5 billion dynamic host control protocol (DHCP) -- technology that assigns IP addresses -- queries per day. The grid layout in this example is 50 grids of 250 appliances each all linked together, the company said.

Demand for a faster appliance is driven by the proliferation of devices on a network that have their own IP addresses and the number of queries involved in performing some common network access transactions, said Kevin Dickson, Infoblox’s vice president of product management. Someone checking their e-mail involves eight DNS queries, finding a map involves seven, updating two mobile applications requires 16, visiting Facebook takes 24 queries and starting an Apple iPhone for the first time involves 36 queries, he said. Downloading the various components of a Web page or application requires multiple DNS queries, which is why people see a Web page or app slowly building itself on the screen.

The 4010 appliance is designed to keep pace with demand for DNS queries from a variety of devices, particularly mobile devices that are owned personally by employees for work, Dickson said, citing industry figures of 110 million iPhones on the market and a forecast of 441 million tablet computers to be sold in the next five years. “These devices all use core network services, they need IP addresses and they create traffic which generates DNS queries. The network, as it stands today, just isn’t ready for the numbers [of devices] that are coming online,” he said.

The 4010 supports three main network protocols: DNS, DHCP and Internet Protocol Address Management (IPAM). Infoblox calls its technology “active DDI,” which is derived from the first letter of each of those acronyms, Dickson said.

Legacy DNS and DHCP services run on industry standard BIND software -- for Berkeley Internet Name Domain, referring to the university where the specification was created -- that runs on generic servers. That solution requires significant capital expense, ongoing maintenance costs, is unreliable and has limited performance and scalability. Technology such as the Infoblox-4010 offers the automation, performance and scalability to consistently deliver increasingly critical network services, he said. “These core network services, if they don’t work, the networks don’t operate properly and it’s as simple as planes don’t fly and cash machines don’t give money out,” Dickson said.

The Infoblox appliance handles DNS, DHCP and IPAM more effectively than existing solutions and those of some competitors, said Zeus Kerravala, principal analyst at ZK Research. It also supports the new IPv6 numbering system for IP addresses, which is the successor to IPv4 addresses, which are quickly running out.

“Infoblox has better scalability, automation and real time control versus BlueCat [Networks] and the other solution providers in this space. I thought the 4010 announcement evolves this market in a direction that is consistent with the current IT trends,” Keravalla said, such as the consumerization of IT. The Infoblox-4010 is available now at a starting price of $99,995 in the U.S. and $119,995 in the EMEA and Asia Pacific regions.

See more on this topic by subscribing to Network Computing Pro Reports Best Practices: IPv6 Transition (subscription required).

Gee, I've got five bars on my wireless adapter but can't get near the 300 Mbps data rate that the guy down the hall gets on our new 802.11n network. And I'm just a few feet away from an access point! I better open a trouble ticket, right? Whatta you mean the problem might be my device? This laptop is like almost brand new, and it's got an 11n adapter!

Ah, clients. What would our wireless networks be without them? Things can be quirky enough with power-save settings, local RF conditions, and general machine health and resources when it comes to wireless performance, but add to the mix the general confusion that the wireless client adapter industry has created, and you can hardly fault your users for not understanding (or even wanting to hear about) the nuances of different wireless adapters in a given network.

A shrinking number of environments are fortunate enough from the support perspective to be able to dictate what wireless devices will be used on the network, and how they are rigidly and uniformly configured. For the rest of us, we strive to build out standards-based, high-performing WLAN environments that will hopefully serve a diverse range of clients well. But guaranteeing equal performance (whether measured or perceived) across different client devices is difficult. Much of the frustration lies with device manufacturers.

This is one area that I find myself ripping on Apple fairly often for. It can be maddening to see what every minor OS version update does to wireless performance across the Apple product line, and release notes tend to be sparse on specific changes. At the same time, I have to give it up for Apple, for their long-running inclusion of dual-band adapters in the Mac notebook line. Macs produced even before the 11n standard was ratified came with 11a/g adapters that were 11n-ready, with the new capabilities toggled on in software at the appropriate time. This has been huge in my environment, but more on that in a bit.

As for PC manufacturers, I’ll be blunt. I realize that a penny saved during manufacturing can equal a nickel profit at time of sale, but these guys are making life frequently miserable for wireless admins. Furthermore, I stand here today and call out PC and wireless client manufacturers for impeding the progress and greater good of the wireless world at large. The sin? Turning out machines with 2.4 GHz-only adapters when they have the capability of also adding 5 GHz 11a/n capabilities to far more devices than we see offered up in the Sunday ads.

A recent mailing list discussion among wireless admins at a number of higher-ed institutions revealed a pretty common trend. Since my own wireless network makes the point, I’ll use it as the example. On a typical day, where a peak load of 10,000 simultaneous clients are cranking away in the air, no more than around 30% are utilizing the preferred 5 GHz side of the WLAN. For those not in the know, 5 GHz is a better deal for wireless clients in a properly designed network because there tends to be far less interference, fewer clients, triple-digit data rates available in 11n, and way more channels to makes use of. So 70% of all clients slug it out in the channel-constrained 2.4 GHz spectrum, where 11g and the other, slower half of 11n reside. But it doesn’t have to be this way.

In my environment, the vast majority of those enjoying the 5 GHz connectivity that our big, expensive WLAN provides are using Apple products that simply ship with the right chipset. Again- my thanks to Apple for this. For many Windows platforms, you have to go out of your way to figure out whether a 5 GHz radio is even available for a given machine, and often it’s a not-so obvious upgrade option. Go to the Dell web site and do some browsing; you can sort by screen size, hard drive capacity, and processor, but not by available wireless adapter type. I did a quick scan of Best Buy’s online PC offerings and was briefly excited to see the option of sorting by “wireless capability”, but the results were just bizarre. The first one in the list was a laptop running “BGN”, and the last was a Lenovo IdeaPad that offered “Wi-Fi”. Woo woo. Wading through either site looking to upgrade bargain laptops to dual-band 11n is challenging, if not impossible. Like A/C and cruise control on even low-end vehicles, dual-band 11n should now be the baseline standard if the computing device supports it.

Is the joke on us in WLAN Nation for spending huge dollars on dual-band top-end 11n networks, when 70% (or something close to it) of clients are going to continue to come in the door for the foreseeable future with bargain wireless adapters, through arguably no fault of their own? It’s common knowledge that 802.11a 5 GHz never really gained much traction for many of the same reasons, but c’mon- this is the era of super-hyped dual-band 11n. The marketing math only delivers on its most impressive promises if the client part of the equation keeps up, and on lower-end computers (where most of my clients shop, evidently) it ain’t keeping up. It’s time for the Acers, Dells, and Lenovos of the world to do their part and retire the single-band wireless adapter everywhere they can, and help the wireless community at large to realize the benefits of 802.11n to the extent possible. Our networks are ready and waiting, lets end the madness.