T E C H N O L O G Y W H I T E P A P E R

Converging Legacy Networks for Real Time Applications

on a Local Area Network

Converging legacy networks for cost savings and future applications is driving the
requirements for Local Area Networks (LANs). Providing end users with seamless and
secured application access as well as telephony and video communications requires a
robust and highly available network infrastructure. A properly converged LAN should be
protected from unsolicited access, provide electric power to its peripherals and recover
from link and LAN switch failures without disturbing applications in use. In addition,
it should reduce the time associated with network service windows (interfering with
availability), and enable repair and maintenance during operations without network
impact. Finally, deployment and management should be as intelligent as possible to
improve the effective employment of skilled personnel.
Table of contents
1 1. The changing Local Area Network

1 2. High availability in LANs

1 2.1 Resilient LAN topology
3 2.2 Comprehensive fault management
3 2.3 Maintenance with minimal downtime

4 3. Secure the converged network infrastructure

6 4. Telephony and video convergence

6 4.1 Telephony convergence
6 4.2 Video convergence

6 5. Converged management

7 6. Network infrastructure deployment

8 7. Conclusion

8 8. References

9 9. Acronyms
1. The changing Local Area Network
Telephony and video equipment have been converted to communicate over LANs. At the same
time, the convergence of legacy networks, which is designed to deliver cost savings and set the
stage for future applications, is driving requirements for future LAN infrastructures.

The next-generation LAN must provide end users with seamless and secured application access,
as well as telephony and video communications. This can only be accomplished with a robust
and highly available network infrastructure that provides:
• Access control through embedded authentication
• In-line electric power for peripherals
• Fast recovery from link and LAN switch failures
• Reduced downtime associated with network maintenance
• Traffic prioritization for real-time applications
• Intelligent system deployment and network management to improve IT staff efficiency

The Alcatel-Lucent OmniSwitch™ portfolio enables LANs to be designed and built to provide
the quality of service (QoS), high availability and security characteristics required for real-time
and critical applications. The traffic priority, in-line power, availability and security technologies
integrated in OmniSwitch solutions are based on industry standards. Industry standards support
interoperability during migrations as well as future extensions.

In addition, Alcatel-Lucent offers intelligent management tools that enable effective management
of configuration and faults, and also provide a holistic view of the performance of the network
infrastructure, applications deployed and connected systems.

2. High availability in LANs

Alcatel-Lucent recognizes that the LAN is the foundation of automated business processes and
real-time communications. Therefore, both the users’ and IT staff’s experience must be optimized
by continuous operations that avoid the costs caused by network infrastructure interruptions.
Enabling continuous LAN operation is a three-step process:
1. Design a resilient LAN topology with redundant elements
2. Use a comprehensive fault management system
3. Enable maintenance with minimal downtime

2.1 Resilient LAN topology

As a well-known manufacturer of IP telephony solutions, Alcatel-Lucent understands how to
develop LAN switches that support real-time communications and availability required by new
applications, such as voice over IP (VoIP).

Alcatel-Lucent is well aware that interruptions of a network for more than 200 milliseconds are
annoying during voice conversations, and that end users get frustrated with disruptions of more
than a second. Research has revealed that during interruptions of a conversation for more than a
second, people tend to end a call. Therefore, it is not difficult to imagine how long interruptions
(a few seconds or more) at the core of a network infrastructure during thousands of voice conversa -
tions can affect overall telephony communications. Depending on the service level required by the
organization and possible interoperability requirements during migrations, the network designer
should consider the most appropriate resiliency protocols. The emphasis should be on standards-
based protocols that can be leveraged to future-proof the LAN.

Converging Legacy Networks for Real Time Applications on a Local Area Network | Technology White Paper 1
 As one of the few manufacturers of a comprehensive portfolio of IP telephony, unified communications,
contact center and network infrastructure solutions, Alcatel-Lucent offers the OmniSwitch LAN
switches, which provide best availability for real-time business communications. The OmniSwitch
family supports a number of protocols that enable quick recovery from link failures in a network
infrastructure, including:
• ITU-T G.8032 Ethernet Ring Protection (ERP) enables ring topologies in the core of a LAN
to recover from a link failure in less than 50 milliseconds.
• Dual-Home Link (DHL) enables access switches to connect to two different core or aggregation
chassis, and ensures a convergence of less than 100 ms in case of a link failure. It is based on the
IEEE 802.3ad Link Aggregation standard and, therefore, is interoperable with any switch that
supports IEEE 802.3ad.
• Bi-directional forwarding detection (BFD) and graceful restart overcome the shortcomings of
initial routing protocol implementations while maintaining openness and interoperability. BFD
is a simple “hello protocol” designed to provide fast failure detection between router entities
and better convergence times than the routing protocols themselves. BFD supports Open Shortest
Path First (OSPF), Border Gateway Protocol (BGP), Distance Vector Multicast Routing Protocol
(DVMRP), Virtual Router Redundancy Protocol (VRRP) and static routes. It divides the topology
recovery times of these protocols by a factor of six1, and is more efficient and much less painful
than playing with the timers of each of these routing protocols to reduce convergence time.

Combining ERP and DHL as Layer 2 topology protection has significant advantages over the
widely deployed Spanning Tree Protocol (STP). Link recovery is much faster and network impact
is much lower due to the absence of complete Spanning Tree topology changes (Figure 1).

Figure 1. Fast topology recovery during link failures

< 50 ms
2 < 100 ms

Ethernet Ring Protection Dual-Home Link

(ITU-T G.8032) (Based on IEEE 802.3ad)

To further enhance the availability of a LAN topology, switches can be equipped with redundant
components that can ensure the network is protected against failures of power supplies, defective
fans, management modules and switch fabrics.

The OmniSwitch series of LAN switches has these redundancy features. For example,
OmniSwitch 9000 and 9000E Chassis LAN Switches support the use of redundant power supplies
and redundant switching fabrics. The switching fabric in the OmniSwitch 9000 and 9000E is
capable of a failover of less than 50 milliseconds, which is invisible to end users, even during
real-time communications.

1 Based on Alcatel-Lucent internal tests results.

2 Converging Legacy Networks for Real Time Applications on a Local Area Network | Technology White Paper
The OmniSwitch 6850 Stackable LAN Switch, which is commonly used for connecting peripherals,
offers similar redundancy features in addition to the option to assemble multiple switches in a
“virtual chassis” by using a high capacity, redundant stacking interface.

2.2 Comprehensive fault management

A highly available network infrastructure without comprehensive management is considered
unreliable. LAN switch and topology failures that may occur can be recovered so quickly that
they are invisible or inaudible to end users at work. An unnoticed failure followed by a secondary
failure could make a network infrastructure totally unavailable. Therefore, to enable efficient LAN
operation, these failures must be properly displayed and network maintenance personnel must be
alerted whenever they occur.

The Alcatel-Lucent OmniVista™ 2500 Network Management System (NMS) has the ability to
display faults and deliver alerts related to the network infrastructure, the telephony services, and
connected peripherals, such as phones and cameras. It can provide the location of a fault and a
problem description, as well as diagnostic capabilities that allow network maintenance teams to
quickly correct failures.

2.3 Maintenance with minimal downtime

Stopping operations for maintenance reduces the productivity of end users and the efficiency
of an entire organization, especially when there is just one network infrastructure. Unfortunately,
network infrastructure maintenance is unavoidable. However, the impact on operations can be
drastically reduced.

The core of a LAN is most prone to network maintenance operations. But minor bug fixes or
operating system feature upgrades for switches in the core of the network should not impact operations.

The OmniSwitch 9000E Chassis LAN Switch supports In-service Software Upgrade (ISSU). During
an upgrade, operations can continue while it is not necessary to completely restart the switch to
make the upgrade effective.

On the hardware side, redundant, hot-swappable power supplies allow maintenance teams to
exchange defective power supplies without interrupting operations. This is important because
statistics show that, in general, the moving parts of a power supply make it the component most
prone to failure. Alcatel-Lucent has integrated this hot-swappable feature in the OmniSwitch
9000E and 9000, as well as the OmniSwitch 6850 and various OmniSwitch 6400 and 6250
Stackable LAN Switches.

In addition, the OmniSwitch 9000 and 9000E can continue operation during (hot) swapping of
failing network interface modules, management modules and switching fabrics (Figure 2). This
enables continuous operation during maintenance without interrupting applications. (Of course,
provided fast topology recovery has been enabled.)

With these fast topology recovery features, there is no need to run an unreliable network longer
than needed because defective links can be repaired while in operation.

Converging Legacy Networks for Real Time Applications on a Local Area Network | Technology White Paper 3
 Figure 2. Alcatel-Lucent LAN products support in-service maintenance and upgrades

In-service
software upgrade
Fast topology recovery
1
Hot-swappable Service levels
power supplies

Maintenance 3 OmniSwitch families

VitalSuite

2
Faults and alerts

OmniVista 2500 NMS

3. Secure the converged network infrastructure

When multiple networks are converged into one, the single, converged network is more vulnerable.
Alcatel-Lucent OmniSwitch products include many features that make it easier to secure a converged
network infrastructure, including Denial of Service (DoS) defense, secure network management
access, and embedded Network Access Control (NAC).

A fundamental building block of a secure network infrastructure is the ability to control access to
network resources based on whether the device or user has the appropriate credentials. With NAC,
systems, users and guests can access and use the infrastructure based on centrally-defined security
policies. The most common network access mechanisms used by administrators are 802.1X, Media
Access Control (MAC), and web-based authentication. But one of the major hurdles in controlling
network access is matching an authentication method with a user or device. Often, devices must
be individually configured to properly authenticate to the network.

For example, many legacy peripherals, like printers, lack the proper hardware or software to properly
authenticate. These legacy devices require an alternative authentication method. If the device
changes or needs to be moved to another location, the configuration has to be changed manually.
But a hands-on-approach to managing network peripherals is a burden in both time and money.

The Alcatel-Lucent Access Guardian™ combined with the Alcatel-Lucent OmniVista 2500 NMS
Quarantine Manager provide one of the most comprehensive and easy to manage NAC solutions
in the industry.

The Access Guardian feature set allows Alcatel-Lucent OmniSwitches to dynamically assign the
appropriate authentication mechanism to each network peripheral. Regardless of what is connected
to a switch port, every device is identified and the appropriate, preconfigured authentication
process is applied.

4 Converging Legacy Networks for Real Time Applications on a Local Area Network | Technology White Paper
For example, when managed devices capable of 802.1X authentication (Figure 3) attempt to
connect to the network, they will be challenged to provide their credentials. Other legacy devices,
such as printers, will not be challenged, but will be granted access through MAC authentication.
Likewise, guests or devices unknown to the network will be directed to provide authentication
credentials using a web-based interface. Once configured, the security workflow operates with
minimal administrator intervention.

Figure 3. Alcatel-Lucent IP Touch phone supports IEEE 802.1X authentication

Often, only limiting access to the network by implementing firewalls and intrusion detection and
prevention systems (IDS/IPS) is not enough. Further fine tuning is required through the addition
of monitoring and filtering mechanisms. These technologies use deep packet inspection to provide
administrators with highly granular, yet expensive, control of network traffic.

The OmniSwitch User Network Profiles (UNP) configuration allows administrators to define
access control for user groups by leveraging OmniSwitch wire-speed hardware capabilities. With
this feature, access to network resources is based on a user’s (and/or system’s) profile instead of a
MAC address, IP address or port. This simplifies the configuration of the network while allowing
for increased peripheral mobility. Initial classification of devices is provided by the Access Guardian
authentication methods. The profiles are then linked to the appropriate access control, allowing
an administrator to define which resources are available to a group of users (and/or systems),
regardless of source subnet, virtual LAN (VLAN) or other characteristics.

The Access Guardian feature enhances the functionality of Alcatel-Lucent OmniSwitch products
by integrating authentication, system compliance and access control functions directly into the
hardware. Access Guardian simplifies the network infrastructure security configuration by dynamically
controlling authentication of users and devices. It reduces administrative overhead because less
human intervention is needed for common tasks, such as moves, adds and changes. And it provides
active security by enforcing user and device compliance through host integrity checking and access
control at the switch port, thereby eliminating security threats before allowing access to the network.

Converging Legacy Networks for Real Time Applications on a Local Area Network | Technology White Paper 5
4. Telephony and video convergence
4.1 Telephony convergence
Alcatel-Lucent has developed many features in its LAN switching portfolio that enable reliable,
high quality and easy to deploy IP telephony on data networks. In addition to high availability,
OmniSwitch products can support the strict requirements that enable convergence of IP telephony
in a Local Area Network:
• QoS for end-to-end speech quality uses standard protocols like IEEE 802.1p, Type of Service
(ToS), and DiffSERV and provides the ability to program the QoS behavior of a network from
a central management system. Alcatel-Lucent OmniSwitches support IEEE 802.1AB Link Layer
Discovery Protocol Media Endpoint Detection (LLDP-MED) for automatic configuration of
QoS and VLAN parameters of IP phones (including the extended edition of the Alcatel-Lucent
IP Touch phone).
• Dynamic Power over Ethernet (PoE) provides the ability to connect standardized PoE peripherals
and adjust the required power based on the device’s requirements. This allows very granular
PoE commissioning and reduces the need for power supplies that waste space and energy.
• Authentication and authorization of systems includes IP phones that support IEEE 802.1X.
Alcatel-Lucent recognized the need for access authentication by peripherals, so Alcatel-Lucent
IP Touch phones were the first IP phones to support this type of authentication.

4.2 Video convergence

If convergence of a video network is required, video applications must be categorized based on
their impact to the network:
• Video surveillance relies on many IP cameras and IP multicasting capabilities and requires little
bandwidth per camera. Therefore, delay sensitivity to the network is medium.
• Video on demand (VoD) relies on many, single IP streams from one server to many displays and
requires high bandwidth per IP stream, based on video quality. Therefore, delay sensitivity to
the network is medium.
• Broadcast video relies on many IP multicast streams and requires high capacity IP multicasting
and high bandwidth. Therefore, delay sensitivity is high.
• Video communication relies on one-to-one or many one-to-one direct IP streams (using a video
communications concentrator) and requires average bandwidth. Therefore, delay sensitivity is
very high.

The OmniSwitch portfolio allows network infrastructures to be built that support all of these
characteristics. The low latency hardware and multiple, hardware-based queues are designed to
manage differentiation of traffic priority, keep forwarding latency low, and avoid delay and jitter
for the differentiated traffic. To optimize bandwidth use, the possibility to replicate single infor-
mation streams to multiple receivers is supported in hardware by multicast switching and routing.

For example, the OmniSwitch 9000E supports over 4000 multicast streams over a single or
multiple 10 Gigabit Ethernet connections to potential tens of thousands of end systems.

5. Converged management
As an IP telephony and network infrastructure manufacturer, Alcatel-Lucent offers systems that
enable configuration and management of telephony and network infrastructures through a single
management interface.

The Alcatel-Lucent OmniVista NMS includes two components: The OmniVista 2500 NMS for
network infrastructure management and the OmniVista 4760 NMS for telephony system and user
management.

6 Converging Legacy Networks for Real Time Applications on a Local Area Network | Technology White Paper
 The OmniVista 2500 can discover an Alcatel-Lucent OmniPCX™ Enterprise telephony system
and display a converged topology map that includes Alcatel-Lucent OmniSwitches and the
OmniPCX Enterprise. It gathers all traps and events related to telephony and network infrastructure
elements and provides converged alerting. It can also be used for full-featured configuration and
management of each of these elements.

Advanced configurations, such QoS and security (related to the Alcatel-Lucent NAC framework
described in Section 3) are simple and wizard-based. Comprehensive user and device QoS and
security profiles can be configured and pushed throughout the entire network.

Beyond element management, Alcatel-Lucent offers the Alcatel-Lucent VitalQIP™ Appliance

Manager Platform, which reduces complexities related to IP address, domain name service (DNS)
and Dynamic Host Configuration Protocol (DHCP) service management. These complexities
include the doubling of IP addressable devices in an infrastructure due to the adoption of IP telephony.

Finally, to enable proper reporting of performance and service levels, the Alcatel-Lucent VitalSuite™
Performance Management Software measures current performance and predicts future network
degradations across an organization’s entire network. This includes everything from e-mail and
web applications to IP telephony and contact centers with products such as the OmniPCX Enterprise
Communication Server and Alcatel-Lucent or Genesys™ contact centers. It provides comprehensive
service level reporting to IT maintenance teams so they can control and maintain end user service
level agreements (SLAs).

6. Network infrastructure deployment

To make LAN expenses more cost-efficient, organizations must split design, configuration and
deployment efforts among a limited number of complex core switches and many, similar switches
at the edge of a network infrastructure. In the past configuration and deployment of a network
infrastructure was managed by the same, highly skilled employee who was also responsible for
setting and changing access control for edge devices. Effective design of a LAN infrastructure still
needs these skilled people to configure and deploy the core of the network. However, the cost of
edge deployments can be reduced by allowing these employees to build complex configurations
that leverage the power of the Alcatel-Lucent OmniSwitch family and then make those
configurations available for automatic download.

Consequently, employees with less IT skills can deploy OmniSwitches at the edge by just mounting
and connecting them to the network. This is possible because OmniSwitches can automatically
download and configure themselves upon first start.

More cost savings can be achieved by preventing manual settings and changes at the edge of the
network infrastructure. One way to accomplish this is to integrate UNPs in the OmniSwitches
used at the edge. These profiles will enforce authentication, authorization, bandwidth limits and
QoS dynamically by ensuring that a system or user connecting to the infrastructure is assigned a
profile based on identification through a central database.

Another way to reduce deployment costs is to make use of the Media Endpoint Detection feature
of the OmniSwitch switches and IP Touch phones. This feature allows IP phones to automatically
configure themselves for VLAN and QoS assignment upon connection. Alcatel-Lucent IP Touch
phones can automatically download and configure themselves upon first start and the Alcatel-Lucent
IP Touch Extended Edition supports MED.

By using the correct equipment and employees at the right time, there is no longer a need for
highly qualified personnel to deploy and maintain the edge of a LAN and the connected phones.

Converging Legacy Networks for Real Time Applications on a Local Area Network | Technology White Paper 7
7. Conclusion
As a leading manufacturer of telephony systems, video collaboration applications and network
infrastructure solutions, Alcatel-Lucent understands what convergence means and how it can be
cost-effectively implemented. Alcatel-Lucent offers a complete, converged solution, which includes
LAN, IP telephony, video collaboration, management and more. The Alcatel-Lucent OmniSwitch
family supports all relevant open standards, enabling the deployment of interoperable and future-
proof network infrastructures.

Alcatel-Lucent experience in the areas of availability of communication servers and network

infrastructure, network and user security, and speech and video management, brings organizations
significant advantages when deploying converged networks. Automation of deployment processes
and access security, as well as fast link or hardware failure recovery enables enterprises to deploy
and maintain a reliable, converged solution that will reduce costs compared to deploying and
maintaining multiple legacy networks.

Alcatel-Lucent works with certified Business Partners to provide comprehensive, converged solutions.
This offers the advantage of solutions leveraging the power of the Alcatel-Lucent Business Partner
program for purchasing, procurement and technical support. Having to deal with a single vendor
for telephony, video collaboration and network infrastructure simplifies administration, and it
provides one partner who is responsible for supporting the entire solution.

8. References
Alcatel-Lucent Network Infrastructure Solutions
http://enterprise.alcatel-lucent.com/?solution=DataNetworks&page=Homepage

Alcatel-Lucent Network Infrastructure Products

http://enterprise.alcatel-lucent.com/?solution=DataNetworks&page=Homepage#

Alcatel-Lucent Building and Campus Solutions

http://enterprise.alcatel-lucent.com/?solution=DataNetworks&page=MainCampus

Alcatel-Lucent Voice and Data Solutions

http://enterprise.alcatel-lucent.com/?solution=DataNetworks&page=VoiceData

Alcatel-Lucent Data Network Management Solutions

http://enterprise.alcatel-lucent.com/?solution=DataNetworks&page=ManagementSolutions

Strategic White Paper: Improving Business Operations with Unified Video Communications
http://enterprise.alcatel-
lucent.com/private/active_docs/EPG3310091111_Unified_Video_EN_StraWhitePaper.pdf

Alcatel-Lucent IP Telephony Solutions

http://enterprise.alcatel-lucent.com/?solution=IPTelephony&page=Homepage

Alcatel-Lucent IP Telephony Products

http://enterprise.alcatel-lucent.com/?solution=IPTelephony&page=Homepage#

Alcatel-Lucent Voice and Data Convergence Solutions

http://enterprise.alcatel-lucent.com/?solution=IPTelephony&page=VoiceData

8 Converging Legacy Networks for Real Time Applications on a Local Area Network | Technology White Paper
 Strategic White Paper: Enabling Cost Reductions through Convergence
http://enterprise.alcatel-lucent.com/private/active_docs/Gartner_Cost-Reductions-
Convergence_EN_Sep09_EPG3310090513.pdf

Alcatel-Lucent business partner locator to find a reseller

http://enterprise.alcatel-lucent.com/?dept=PartnerwithAlcatelLucent&page=HowToBuy

9. Acronyms
BFD Bidirectional forwarding detection
BGP Border Gateway Protocol
DHCP Dynamic Host Configuration Protocol
DHL Dual-Home Link
DNS Domain Name Service
DoS Denial of Service
DVMRP Distance Vector Multicast Routing Protocol
ERP Ethernet Ring Protection
IDS/IPS intrusion detection and prevention systems
IEEE Institute of Electrical and Electronics Engineers
ISSU In-service Software Upgrade
LAN Local Area Network
LLDP-MED Link Layer Discovery Protocol Media Endpoint Detection
MAC Media Access Control
NAC Network Access Control
OSPF Open Shortest Path First
PoE Power over Ethernet
QoS Quality of Service
SLA service level agreement
STP Spanning Tree Protocol
ToS Type of Service
UNP User Network Profiles
VLAN virtual LAN
VoD video on demand
VoIP voice over IP
VRRP Virtual Router Redundancy Protocol

Converging Legacy Networks for Real Time Applications on a Local Area Network | Technology White Paper 9
www.alcatel-lucent.com Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo
are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.
The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility
for inaccuracies contained herein. Copyright © 2010 Alcatel-Lucent. All rights reserved.
EPG0599100401 (05)