Академический Документы
Профессиональный Документы
Культура Документы
I have chosen this topic because not only is it very interesting to me, I see how it could improve the
efficiency and usability of networks, large and small. The idea that the network resources can be
made granular enough so that instead of allocating very large amount of resources, or locking up
limited hardware resources for specific tasks is very attractive, for the IT personnel, who feel the
strain directly, and for the end users who see resources more fairly and transparently.
Virtual Networks
It’s no news that today, applications are demanding a enormous amount of resources on computer
systems and the the networks linking them, as data files packets tend to increase in size, while the
applications become even more time sensitive. Although this is true, not all applications are so
demanding, but they are so widely used, that when a network is large, there can be as many as tens
of thousands of clients generating traffic. This creates a problem, in which the networks are
implemented with a single routing protocol, that that is hardly ever effective for both high
performance and for scalability of the network. Routing protocols today have to ensure
reachability, scalability, traffic optimization, fast convergence, security, etc, so that not all tasks will
be implemented perfectly, and the improvements in some, usually are at the cost of decreased
performance in other features. One solution would be for a network to run several protocols, each
optimized for a specific type of application. An example vould be voice communication, in which,
the network could run a different protocol or even a different network layer, and the data
processing delegated to separate CPU resources. This could solve the convergence delay/scalability
compromise issue. On the issue of security versus reachability, two virtual networks could be used,
with different policies for access. Terminals could then connect to different virtual networks to
The network resources can then be managed from a central control pane, so that only the
administrators see the different networks as well as the actual physical infrastructure from which
Another benefit would be that administering several networks with a less number of applications
provides a modular factor to the IT process and makes it easier than managing one large complex
network.
Network virtualization
network virtualization is the process of configuring a networks physical and logical structure so
that the logical structure is abstracted from the physical structure in a way that customers are
unaware of. In essence, one network could be made to appear as many different networks or vice
versa. This would allow resources to be either consolidated or segmented. Which option is chosen
depends on how the network will be used, for example, if there are several networks at various
sites of a company, but their respective users need to be on a common address space and share
resources, these networks could be consolidated, so that the geographical locations do not affect
the users experience. On the other hand, if a business needs to separate certain groups of users or
customers, for example in a software development company where antivirus software is tested
against malicious software, a lab would need to be implemented in a separate network from the
rest of the company network. Although the same physical network might be used, the network
could be separated logically, and even addressing and routing rules could be different. There are
many benefits to virtualizing networks, some of which have already been illustrated in this
paragraph. Other benefits include reduced costs in setting up several networks and administering ...
There are several ways in which this can be achieved, one of which I will talk about in this paper.
Today, most enterprises go about virtualization in several different ways, one of which is the
This solution consisted in creating a layer 2 domain, meaning that for every isolated group, there
would be a VLAN spanning across the entire physical network, hence the name campuswide VLANS.
Spanning tree: this factor directly affects scalability, as the spanning tree algorithm gets very
complex and quicly increases the risk of a layer 2 loop. For networks intended to be for smaller,
closed groups, the network diameter is also large, and is a limiting factor for the spanning tree
protocol.
Moreover, as the VLAN clients increase, so do the number of broadcasts, an effect that can be seen
as an increase in the CPU load in networks and client devices, as well as network performance
decrease. STP issues usually affect all groups in the network, as well the the business process of the
enterprise.
Layer 3 campuswide VLAN
Using Layer 3 switching, in the distribution layer solves the issues of the layer 2 solution mentioned
above, and results in a resilient, hight performance network implementation. The only problem is
that layer 3 switches tend to switch between all networks in a routing table, making it difficult to
segment the various user groups. Using access control protocols such as Access control lists (ACL),
policy based routing (PBR) or overlay generig routing encapsulation (GRE) tunnels are good
solutions to segment traffic from isolated groups, but they have drawbacks. For example, ACLs are
stored in a single location, which could result in a leak an dallow unauthorized groups or malware
to access data from other groups. ACL and PBR also have the issue that although by carefully
chosing an addressing scheme greatly simplifies adminisration, changing end systems addressing
affects all network groups and the respective administrator within each group.
Layer 3 VPNs
There are wo types of layer 3 VPNs, IP Security (IPSec) and Multiprotocol Label Switching (MPLS).
IPSecs are focus on point to point encryption, whereas MPLS focus on logically separating networks
sitting on a common physical insfrastructure. MPLS has been used by service provides for around a
decade, but enterprises started embracing it at around 2006, mainly because of the costs incurred
and the fact that the technology was only available in carrier grade hardware. Since segmentation is
implicitly built into MPLS it offered a clear solution to Unique, the operator of Zurich airport. The
airport harbors around 180 companies and offers work for about 20,000 individuals and transports
about 18 million passengers per year. The need for a network that separates between airport
operations such as security scans and checks, baggage processing, internet kiosks, dedicated
networks for airport service providers and to the various constituents of an airport is obvious, and
MPLS technology presents a solution. Closed groups are defined using different VPNs, which are
transported independently over the core of the network using labels. This way, any VPN can be
configured to be present in any location on the network without affecting the performance of the
underlying physical network, or its network design. Since the user groups are completely
autonomous, flexibility of addressing is also implicitly supported and each VPN has its own virtual
routing and forwarding (VRF) table, which is a separate routing table for each VPN, allowing
various routing protocols to run on a single physical network, without overlapping one another,
although addressing is independent and can be overlapping. If DNS, email and internet access are
that, or of the underlying structure. There would be any to any connectivity through thr VRFs and
the speed requirements would range from a few Mbps to multiple Gigabit Ethernet ports.
The Product
The product used by Unique to implement such a solution is the Cisco Catalyst 6500 Series Switch
with Supervisor Engine 720, which would accommodate the following requirements:
o Internet access for Internet kiosks that are scattered throughout airport terminals
o Building automation such as badge readers, parking meters, air conditioning, etc.
o operations center
network
The Cisco Catalyst 6500 Series Switch with Supervisor Engine 2 already offered MPLS VPN support
with the additional use of Optical Services Modules (OSMs), but the Supervisor Engine 720 with
integrated PFC31 introduced MPLS VPN support on LAN interfaces. Effectively, All LAN ports in the
network could use the hardware-based MPLS forwarding (PE or P router). Fabric enabled line cards
could use optional DFC3s, which increased the performance to support switching local to the line
Latest Developments
Although the solution mentioned above was implemented in 2006, the Cisco Catalyst 6500 switches
are still in production and have had several improvements, like IPv6 support. Another feature of
these switches is the ability to add modules, such as wireless LAN and Firewall Services modules. A
lot of the changes also occur in the switch operating system, Cisco IOS.
Works Cited
Cisco Press. (2010, July 4). Cisco Catalyst 6500 and 6500-E Series Switches Obtain IPv6 Ready
Logo Phase-2. Retrieved July 4, 2010, from Cisco:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product__bulletin_c
25_542215.html?areaOfInterest=bn_Page
Cisco Press. (2010, July 4). Cisco Catalyst 6500 Series Switches. Retrieved July 4, 2010, from
Cisco: http://www.cisco.com/en/US/products/hw/switches/ps708/
Cisco Press. (2010, July 4). Models Comparison. Retrieved July 4, 2010, from CIsco:
http://www.cisco.com/en/US/products/hw/switches/ps708/prod_models_comparison.html
Cisco's Catalyst 6500 Remains the Network Switch to Beat. (n.d.). Retrieved July 4, 2010, from
Townsendassets: http://www.townsendassets.com/company/catalyst_6500_article.htm
Feamster, N., Gao, L., & Rexford, J. (2006). How to lease the Internet in your spare time.
Georgia: Georgia Tech.