Академический Документы
Профессиональный Документы
Культура Документы
Abstract
This paper discusses the key requirements that IT organizations
should consider when building a network. In brief, the network
should provide high availability, voice-quality network connections,
comprehensive security and ease of management and opera-
tions. We will introduce the concept of the two-tier architecture as
a way to effectively achieve these four stated requirements and
the benefits of migrating from a three-tier network architecture to
a more streamlined two-tier architecture. Individual network
components become the building blocks in delivering a stream-
lined and effective network capable of meeting the demands of
current and future business convergence initiatives.
Extreme Networks White Paper
© 2006 Extreme Networks, Inc. All rights reserved. A Two-Tier Architecture for Converged Networks—Page
Extreme Networks White Paper
FAN =
PSU =
PSU-E =
STACK NO
42 32 22 12 02 91 81 71 61 51 41 31 21
CONSOLE
© 2006 Extreme Networks, Inc. All rights reserved. A Two-Tier Architecture for Converged Networks—Page
Extreme Networks White Paper
AccessAdapt simplifies moves, additions and changes and control can be handled at the access or core layers depend-
can alleviate much of the complexity in administering usage ing on the IT organization’s requirements and preferences.
policies across wired and wireless, and voice and data
networks.
© 2006 Extreme Networks, Inc. All rights reserved. A Two-Tier Architecture for Converged Networks—Page
Extreme Networks White Paper
measure such performance. A preferable approach to bases. Extreme Networks has again taken an innovative
quantifying network availability is to focus on the time it approach to ensure the simplicity of its system. The key
takes for the network and applications to return to full characteristic of the ExtremeXOS is its modularity. Prior to
operational capability. modularity, network operators were forced to reboot the
entire OS to recover from process failures. A reboot was
Within the context of an overall high availability strategy, also required to add patches or new features to the system.
network architects must consider all facets of switch/router With the advent of modularity, the system supports hitless
performance from the component to the system level. The software upgrades and maintains dual images to allow
collapsing of network layers simplifies the network and thus network technicians to “fail back” to the former versions of
promotes high availability. Extreme Networks has demon- code. Furthermore, the software can isolate specific areas
strated its understanding of high availability requirements or faults to allow for additional maintenance without
by offering the EAPS protocol. In addition to sub 50 milli- impacting the operation of other software modules.
second failover, EAPS offers quick recovery at Layer 2— ExtremeXOS spans core and access layers decreasing the
obviating the need for any re-convergence of routing need for the administrator to learn and support multiple
protocols at Layer 3—and provides scalable network versions.
segmentation and fault isolation. By collapsing network tiers
into core and access, Extreme Networks is able to more Why Now? What Has Changed?
effectively ensure that high availability is a service delivered
across all layers of the network. While some environments Organizations resist change. As a result, there has to be a
favor complete device level redundancy (e.g. data centers), good reason for enterprises to veer from the incumbent
IT organizations can simplify the remainder of the network— position. Up to this point we have discussed the reasons
favoring lower costs, while maintaining a high level of uptime. enterprises architected a three-tier network. We have also
outlined the components that make up the two-tier
Core Security architecture. However, we have yet to discuss what has
Security becomes an important issue in the core due to the changed in the industry to make this shift possible. The
possibility of malicious traffic affecting the aggregate. The combination of advancements in the following areas has
network core and access layers must work cohesively to paved the way for overall network simplification.
ensure the broadest level of defense against malicious
activity. Layer 3 Virtual Switching is a unique offering from
Gigabit and 10 Gigabit Ethernet
Extreme Networks that leverages existing firewalls to
isolate traffic flows at Layer 3 based on predetermined The initial standard for Gigabit Ethernet revolutionized the
policies—a feature that mirrors the capabilities of the enterprise networking market. It gave birth to a plethora of
intelligent network access in the access layer. IT organiza- new equipment manufacturers eager to offer customers
tions can establish various access policies based on greater network scalability at a lower cost. Since the
employee function, line of business or any other predeter- ratification of the 10 Gigabit Ethernet standard, adoption
mined grouping. In addition to the Layer 3 Virtual Switching has remained limited. The majority of enterprises have yet
capability, Extreme Networks also offers CLEAR-Flow—the to invest substantially in 10 Gigabit Ethernet—largely due
ability to inspect traffic and gather information which can to a lack of immediate need. However, as vendors continue
then be passed to third party security appliances for further to increase economies of scale, price points are dropping to
action. CLEAR-Flow builds on the access layer’s ability to a point where it becomes cost-effective for average enter-
regulate traffic flows using granular ACLs, but also allows prises to deploy the technology. By deploying 10 Gigabit
the network to respond to Day-Zero attacks by quarantining Ethernet links between the network access and core, IT
suspect traffic. CLEAR-Flow relies on external appliances organizations can scale the access layer without worry of
for additional levels of security (e.g. IDS/IPS), freeing the contention. These 10 Gigabit Ethernet links allow enter-
network core to perform its primary function—delivering prises to remove the distribution layer as both core and
scalable bandwidth and advanced services to the entire access switches have enough capacity to aggregate traffic.
enterprise network. Thus, instead of trying to integrate
security directly into the chassis through bolt on modules, Wire-Speed Access Layer
Extreme Networks leverages CLEAR-Flow to integrate Incumbent vendors have had limited success in developing
“cutting edge” functionality from leading security technol- access layer switches capable of switching at wire-speed
ogy vendors. with a high-density of Gigabit Ethernet ports. This lack of
horsepower was a key reason many vendors advocated a
Modular Operating System three-tier architecture. Extreme Networks delivers access
The network OS has evolved to be one of the most complex layer switches that are non-oversubscribed—passing
parts of the entire network. As certain vendors’ product packets at wire-speed on all ports.
offerings have evolved over time, the OS has taken on a life
of its own—often time splitting into various strains and code
© 2006 Extreme Networks, Inc. All rights reserved. A Two-Tier Architecture for Converged Networks—Page
Extreme Networks White Paper
This level of performance allows network architects to shift cases, organizations that occupy historical buildings with
their focus from limiting network contention to the support older cable plants or restrictions on physical infrastructure
of more advanced IP applications such as converged changes may also be limited in their ability to cleanly
communications. With high-performance access switches migrate to a two-tier design. While a two-tier design should
the need to groom traffic across multiple layers is no longer decrease the amount of space required for the physical
necessary. housing of switches, some building layouts may not have the
flexibility of providing space where it is required.
High-Density PoE
As a general rule, enterprises with a physical separation
Still relatively young feature in the networking portfolio,
between the data center or access layer and the core that is
PoE has the promise of substantially decreasing the cost
greater than 100 meters for copper runs and 300 meters for
required to deploy a converged infrastructure. IT organiza-
multi-mode fiber, could be faced with the relatively more
tions have the flexibility to power any mix of IP telephones,
expensive option of using higher powered optics to cover
wireless APs and IP video or surveillance end points.
the greater distances. This additional cost should be
Previously, IT organizations were forced to buy specific
weighed carefully against the cost of supporting additional
switches or mid-span products capable of injecting power
network layers. Fundamentally, the largest issues prohibit-
onto the wire. With the Extreme Networks universal port
ing a two-tier architecture are distance, age of cable plants
concept, this additional step is eliminated and the enter-
and the flexibility of the building structure. Assuming none
prise is left with an infrastructure that provides the greatest
of these are of major concern, the enterprise is best served
degree of flexibility and investment protection.
by collapsing layers and simplifying overall network design.
© 2006 Extreme Networks, Inc. All rights reserved. A Two-Tier Architecture for Converged Networks—Page
Extreme Networks White Paper
In the case of an IP telephone, the network will immediately in meeting compliance rules. Extreme Networks two-tier
recognize the device as a telephone, provide power, assign architecture uses several technologies to help ensure the
it to the appropriate VLAN and verify that the telephone network is highly secure. At the network edge,
has all the configuration information required to operate Extreme Networks is able to authenticate a person or device
effectively. Once the telephone has been identified, the based on their credentials. This is irrespective of the mean
network can also assign policies for QoS. By delivering low of access (wired or wireless). Once on the network,
latency, low jitter and predictable performance, the network Extreme Networks Layer 3 Virtual Switching technology
is ready for converged applications. In the case of the combined with third party integration of firewalls and
wireless deployment, the network responds in a similar security gateways ensures these users do not gain access to
fashion. There is automatic recognition of wireless APs sensitive financial information. Finally, leveraging its
followed by the provisioning of power and requisite security partnerships, Extreme Networks can detect
configuration and identity information. In addition, the AP anomalies with its CLEAR-Flow technology and take quick
is immediately brought into the established security policies action to alert administrators to the potential breach of
of the business––helping to ensure the utmost in integrity. security policy. Security is at the top of the business agenda.
This ability to differentiate and tailor services based on the Extreme Networks focus on accountability within the
endpoint or application is at the heart of the quality network framework provides the IT organization with the
connections concept. requisite tools needed for a highly secure environment.
© 2006 Extreme Networks, Inc. All rights reserved. A Two-Tier Architecture for Converged Networks—Page
Extreme Networks White Paper