Premium Network, Four Ways
CradletoGrave, our fictional insurance company, is in the market for an end-to-end infrastructure that will help it outmatch the competition. Foundry filled the bill, and its standards compliance earned top
March 17, 2003
Nortel never responded to our invitation, and Cisco declined to participate. Allied Telesyn's response did not qualify because the company did not adhere to our requested format and offered no 10 Gigabit capabilities.
Those vendors that stepped up with qualified responses--Alcatel, Enterasys, Extreme and Foundry--impressed us, proving that at least four major networking vendors can deliver robust, manageable, end-to-end switching and routing connectivity from the wiring closet to the core, over the LAN and over the WAN. We've put the complete RFI as well as detailed responses online. The level of detail was high--the vendors provided more information than we could fit in print--and we recommend that anyone considering a major infrastructure purchase take a look.
Keep It Basic
For our C2G scenario, we stuck with switching and routing because it would have been difficult for our target vendors to do soup-to-nuts proposals. For example, Alcatel has a very good VoIP system, and Enterasys is a player in the wireless market, but neither does both. So, we indicated in our RFI that we wanted C2G's network to be ready for both VoIP and wireless, thus keeping our options open and not giving any vendor an advantage based on specialized offerings. It's the best of both worlds in that we were able to consider Alcatel for VoIP no matter whose switching and routing we chose (though, if C2G did give the bid to Alcatel, it would have an edge).
As for PoE, the estimate is that 802.3af will be finalized around June. Companies that are ready now will see that Foundry and Enterasys came up with nice compromises by partnering with vendors that provide external equipment for adding power. These "midspan" devices introduce power into a desktop connection by tapping into the cable. Note, however, that this solution is not a panacea: The devices take up space, are additional points of failure and generally add complexity to the network. For now, when purchasing any PoE-related products, insist they be guaranteed to support the final standard.
Vendors at a Glanceclick to enlarge |
On the bright side, support for other standards that enable VoIP and wireless technologies is consistently good. In the case of QoS, which is essential for a successful VoIP implementation, not only are standards like DiffServ and 802.1p there, the implementations are mature. For example, all the vendors support features that make it possible to maintain Layer 2 QoS settings (802.1p) through a router, which can sometimes be problematic because routers strip off Layer 2 frames and thus lose initial Layer 2 priority settings (which means there won't be any prioritization if the frame encounters Layer 2 switching after going through a router). Most VoIP-phone vendors will turn on Layer 2 and Layer 3 QoS, and all the vendors can rebuild Layer 2 QoS settings as frames emerge from the router based on Layer 3 QoS settings.
All the vendors can police QoS settings and reset them based on factors such as VLAN and IP address. And they can do all this magic in ASICs--read: at or close to true wire speed.
We were surprised to learn from our reader poll that only 8 percent of you are using DiffServ or its equivalent, ToS (Type of Service), for marking priorities at Layer 3. However, 15 percent of you plan to do this by year's end. A much larger number of you prioritize packets based on TCP or UDP ports (33 percent) or by IP address (again, 33 percent), and more of you plan to do so in 2003. You'll be glad to know that all four vendors claimed to have this capability, as well as many variations, all done in ASICs. All four vendors' chassis support lots of redundancy. For example, all offer redundant power supplies and CPU cards. A bad power supply would cause no downtime, and a bad CPU would require just a minute or so to switch to the backup card. Although this is a lot quicker than installing a replacement card, the downtime would probably be enough to be noticed by end users.
Alcatel and Enterasys indicated they could upgrade some nonspecified features without any downtime, and all the vendors allowed storage of multiple software images, which can be handy when upgrading to a new image causes problems. In most cases, however, downtime still is measured in a minute or more when upgrading software or switching images because a reboot is always required.
We were encouraged that all the vendors offered GUI applications that could manage QoS from end to end. Although it's possible to set up QoS on the command line, the reality is that QoS takes a lot of expertise and time to set up and maintain on multiple switches and routers. The GUIs can handle ACLs (access-control lists) and store and update configuration and software revisions. Another feature common to all four vendors is 802.1x support on edge switches. Although 802.1x is an authentication protocol originally developed to allow user authentication on Ethernet switch ports, it has been adopted for use with wireless access points, which cannot physically deny access to a wireless network. Only recently has 802.1x been embraced by switch vendors.
Overall, we were pleased with the amenities offered to C2G. The vendors support most of the features we sought; among these features are extensive VLAN support and standards-based multicast, which more than half of the readers responding to our poll have implemented or plan to install this year.
We requested pricing based on four scenarios: with 100-Mbps Ethernet ports in the wiring closet; with gigabit ports in the wiring closet; with 100-Mbps Ethernet ports in the wiring closet and PoE; and with gigabit ports in the wiring closet and PoE. The lowest-priced proposal was Alcatel's 100-Mbps setup at $268,275. Unfortunately, Alcatel didn't provide a 10 Gigabit quote, which in part accounted for the lower pricing.
The highest-priced solution, at $1,194,265, was Foundry's gigabit setup with PoE, followed by Enterasys' proposal, at $1,066,284. These were both chassis-based. The Foundry pricing scenario did take some liberties with our design, combining several wiring closets to reduce the number of chassis--if wiring plans has still been in the design stage this would have been a good suggestion, but that's a big "if" for a vendor to assume. Foundry also provided a much more affordable stackable solution for gigabit in the closet, at $654,865. The stackable setup lacked some features of the chassis solutions but did include Layer 2 and Layer 3 QoS as well as 802.1x support. Each stackable switch was connected to a Foundry chassis in each building with all the bells and whistles.
We were curious as to how much PoE would cost and were pleased to discover that it added only about $20,000, or roughly $20 per port--pretty insignificant considering the numbers we're throwing around. Going from 100-Mbps Ethernet to gigabit in the closet roughly doubled the cost per port. However, when you consider that you're getting 10 times the bandwidth for only twice the price, it seems to be a good value. The big question, though, is how soon C2G will require speeds above 100 Mbps, given the applications it will be running and its next upgrade cycle.
Scoring the Responses
RFI Pricingclick to enlarge |
Our judgment is based on the vendors' responses to our questions in the RFI. If C2G weren't just a figment of our diabolical imagination, the RFI process would be followed up by further information gathering, including meetings with the vendors and an on-site evaluation of products. While the company with the strongest RFI showing would have the edge going into this process, all four vendors are capable of providing viable solutions and each would likely have made it to the next step. We particularly liked the quality of Enterasys' entry. In fact, if we were giving a prize to the vendor with the most thorough, professional response, Enterasys would have nailed it. Enterasys was also the only vendor besides Alcatel capable of doing NAT (Network Address Translation) in ASICs. Furthermore, Extreme presented a solution that combined the benefits of Sonet and Ethernet, and Alcatel was the only vendor with PoE built into its switches.
We gave our Editor's Choice nod to Foundry, which demonstrated the best ability to meet all our technical requirements while maintaining a commitment to standards--a primary consideration. As we said in "Shoot for the Moon," standards are the key to maintaining flexibility, and Foundry is secure enough in its designs to allow its customers this openness. Foundry also provided the widest set of options and the most redundancy.
Foundry, which came in a close second in our recent review of 10 Gigabit switches, (see "Life in the Really Fast Lane," at ) was able to provide everything C2G required, including standards-based 10 Gigabit interfaces that have been shipping for months. Foundry also provided the most redundancy, offering dual-redundant, gigabit-fiber connections to two different core routers based on 802.3ad (link aggregation) and VRRP (Virtual Router Redundancy Protocol) standards. Although Foundry's scenario does have some proprietary elements, we were impressed by the fact that it pushes mostly standards-based solutions.
Although Foundry does not have support for PoE built into its switches, it has partnered with a leading external power vendor, PowerDsine, and provided us with a very long list of compatible VoIP phones and access points. PowerDsine is active in the 802.3af committee and also indicated support for the current revision of the standard. As we pointed out, there are disadvantages to providing PoE externally, so we're glad Foundry has partnered with a respected vendor. Foundry not only responded to all four variations of our wiring-closet scenarios, it was the only vendor to give us both a chassis-based and a stackable solution for each. The stackables were the least expensive, at $399,880 for 100 Mbps at the edge, to a whopping $1,194,265 for gigabit chassis-based gear with PoE. Although this was the highest of all the chassis-based quotes, it included totally redundant equipment at the core, which accounts for the difference. In general, we found that making the jump from powered to nonpowered hubs was insignificant compared with the increase from 100 Mbps to gigabit in the closet: Even sticking with Foundry's stackables, the cost increased by more than 60 percent. This might be hard to justify with a tight budget, but it's arguably dirt cheap for a magnitude higher of bandwidth. The real question is, will C2G's desktop applications need even 100 Mbps of bandwidth over the next four to five years? For an insurance company it isn't likely, unless the company decides to start transmitting high-quality video to desktops. If that happens, it will have to add 10 Gigabit uplinks from the closet as well. If stackables are used, it may be difficult or impossible to provide this option.
Foundry Networks' Solutionclick to enlarge |
Foundry's chassis-based proposal was pricey--the 100-Mbps setup cost about the same as its stackable gigabit solution. Foundry pointed out a number of advantages of the chassis design, however. First, greater redundancy: It's possible to have two management modules in a chassis along with redundant power supplies and fans. It's also possible to provide 10 Gigabit aggregation within the building and to add more desktop ports if necessary. In addition, more of the network could be aggregated on the switch backplane. There are also TCO (total cost of ownership) benefits because we could use the same chassis for every piece of the network. This simplifies training and makes swapping boxes easier and less expensive in that C2G would have fewer spares to purchase and track. While this all appeals to our network manager side, we're not sure the ROI could be justified for such a high price.
We liked that Foundry's management application uses a Sybase database, making the data easier to extract if necessary. We were also intrigued by Foundry's support, in its equipment as well as in its network-management software, of the new sFlow standard, (RFC 3176, which provides for network-traffic monitoring and accountability technology in switches and routers; see www.inmon.com/PDF/sFlowOverview.pdf and www.sflow.org/rfc3176.txt for more details). This could give us a way to leverage applications from other vendors that could provide troubleshooting and reporting information on individual high-speed interfaces otherwise difficult to gather. All the management applications were accessible from the Web and didn't require client installs. Enterasys was the only vendor besides Foundry to propose solid, standards-based solutions for all four of our scenarios. It was edged out by Foundry because some of Enterasys' proposed products were not planned for release until April 2. Also, its 10 Gigabit card has not shipped yet, though it's scheduled to hit the streets by the time this goes to print. You could argue that this will become less of an issue over time, but you could also argue that such delays are indicative of a vendor's track record for adopting new technology. The 10 Gigabit standard was approved last June, and it was solid enough to develop standards-based products even before then.
Overall, however, Enterasys appeared ready to meet all our needs while adhering to standards, a major factor. The quality of its response set a high bar for the other vendors--the company provided thorough answers for all our questions, and its proposal showed a level of clarity and detail that far surpassed the competition.
We were also impressed by the details Enterasys revealed about its internal tech support. It was clear to us that, at least on paper, the tech support processes are efficient and well-thought-out. Of course, that doesn't guarantee they work, but it would certainly give us some good questions for the other vendors were we to investigate tech support further. We would also, of course, talk to customers of all the candidates about the effectiveness of their tech support. Pricing for Enterasys' 100-Mbps scenario was the second lowest of all the vendors, at $373,034. Its gigabit solution, however, was priced the second highest, at $1,043,796, just below Foundry's $1,194,265. The Enterasys gigabit-desktop setup required four models of chassis and stackables because the stackables alone do not have enough port density to support gigabit in the closet. And, though it's price was less than that of Foundry's chassis solution, unlike Foundry, Enterasys didn't have a less expensive alternative, and it used four different platforms to pull this off.
One feature of the Enterasys platform that was technically superior to Foundry's was the ability to do NAT in ASICs on the Expedition platform that is used at the core, and to aggregate wiring closets. Normally, this is done between a internal network and its Internet connection, where the speeds tend to be slower, making performance less of an issue. But if you are doing NAT on a high-speed Internet link, or for some reason are doing translations inside your network, you could probably expect better performance from the Enterasys solution. Like Foundry, Enterasys partnered with a midspan vendor to offer PoE, using Red Hawk 8000 products for this purpose.
Enterasys uses its NetSight Atlas management platform for centralized management. We were a little disappointed that it didn't support a SQL database. Pulling out management statistics and loading them into a report is much easier with a standard database. Sharing the ton of info that the management platform collects can be handy, and proprietary stores limit flexibility.
Like the other vendors, Enterasys claimed that its management would ease the configuration of things like QoS. In fact, on two of the platforms, the Matrix E7 and the Matrix N3, Enterasys also claimed to have 16 queues per port available for QoS, twice those of the other vendors. It's hard to imagine needing that many queues, but if you do, that's something to investigate. Extreme won our 10 Gigabit switch review, so we were anxious to see what it had to offer. Neither Alcatel nor Enterasys participated in that test, so it was clear to us that Extreme had a big advantage in its ability to deliver standards-based 10 Gigabit. While it did indeed meet just about all our other technical requirements, we were a little disappointed with Extreme's approach to PoE. Its solution was to recommend a vendor, Mitel Networks, with whom it had done interoperability testing. In fairness, this can be attributed to the immaturity of the standard, but that didn't stop Foundry and Enterasys from coming up with comprehensive solutions and including them in their designs and price.
One unique aspect of Extreme's solution was its building-to-backbone connectivity. It proposed its EAP (Extensible Authentication Protocol) technology, which sets up something similar to a Sonet ring running over Ethernet, linking all the buildings to the main data center. The purpose of this architecture is to ensure, according to the company, "Sonet-speed, ring-based failover." While there may be advantages to this type of architecture, we had mixed feelings. For one, it's a new kind of networking architecture that would raise issues in regard to training and troubleshooting. It also made the assumption that the buildings could be daisy-chained in a physical ring topology, even though we specified a star topology. In theory, it might be possible to link the buildings in this manner by using jumpers to connect fiber at the main building, but this would significantly increase distances and negate some benefits of connecting the buildings in a true ring. For example, in a true ring, if one of the fibers were cut, there could be a redundant physical path to the next building that would maintain connectivity to the network. We're a little leery of this proprietary technology, but we would have been willing to follow up and hear more about it.
Network Backbone Featuresclick to enlarge |
A number of Extreme's other proposals were also proprietary, and were listed in place of standards-based solutions. For example, it proposed "Extreme Networks' Software-Controlled Redundant Port" technology as a replacement for standards-based Spanning Tree Protocol (IEEE 802.1d) without mentioning the alternative RSTP (Rapid Spanning Tree Protocol, IEEE 802.1w), which Foundry claimed converged in 52 ms compared with STP's 30 to 45 seconds. No doubt Extreme believes its approach is superior--and perhaps the company is correct--but our preference is to stick with standards. It would take a lot to convince us otherwise. And, in place of 802.1x, Extreme suggested its "Network Login," system, touting its superiority. Again, it will take some convincing for us to adopt this view.
Pricing of Extreme's solution providing 100 Mbps to the desktop included its chassis-based products at the core and as aggregators in the buildings, with stackables delivering desktop connectivity. The bottom line was $590,657, comparable to the price of Foundry's stackable solution and almost twice the price of the Enterasys and Alcatel stackable proposals. The RFI revealed no reason for this imbalance.
Extreme's gigabit to the desktop scenario used chassis from end to end, and the $1,040,040 cost was comparable to those of the Foundry and Enterasys proposals. Alcatel's proposal for 100-Mbps desktop connectivity was the least expensive of all the vendors' proposals for that scenario, both for powered ports, at $331,912, and for nonpowered ports, at $268,275. The company did not, however, provide pricing for 10 Gigabit ports, which could have had a significant impact on our price calculations.
Alcatel was the only vendor to offer built-in PoE support. This isn't a surprise when you consider that the company has had a leading VoIP solution for several years. One caveat: The PoE component was not based on the 802.3af standard, so in case we might decide to use another vendor's Ethernet phones down the road, we would need some assurance they would be compatible.
Unfortunately Alcatel didn't come up with a gigabit-to-the-desktop quote. We did follow up on this, and a spokesperson said the company is working on a stackable solution but couldn't provide any details. Another problem was that Alcatel was unable to deliver a 10 Gigabit interface. The company claimed that it has one planned for mid-2003 but said it was unable to give more specifics. Like the competition, Alcatel was able to provide all the other features we sought, from route forwarding and QoS in ASICs to WAN connectivity to our remote building. It was the only vendor besides Enterasys that could do NAT in ASICs.
Alcatel proposed a core router and building aggregator switch with redundant management and power supplies. It also highlighted its support for VRRP (Virtual Router Redundancy Protocol), 802.1w and 802.3ad, though it did not propose any redundancy in the network between the buildings and the core. Alcatel did discuss its "Smart Continuous Switching" feature, which it claims makes it possible to switch to a backup management module without any interruption to existing connections, including voice conversation. This sounded impressive.
Alcatel also appears to have mature centralized GUI management capabilities comparable to those of the other vendors, provided by its OmniVista applications. OmniVista was designed to do discovery and inventory of equipment, even gather serial numbers. The other vendors provide this capability as well, and it's a welcome feature for anyone who has tried to maintain a large inventory of switches for maintenance contracts. Unique to Alcatel's management platform was its ability to manage both voice and data, an advantage for companies that also own Alcatel's VoIP platform. If C2G's plans were delayed, it would want to reconsider Alcatel's offering in light of the company's plans to add 10 Gigabit support and more options for gigabit links later this year.
Peter Morrissey is a full-time faculty member of Syracuse University's School of Information Studies, and a contributing editor and columnist for Network Computing. Write to him at [email protected].
Post a comment or question on this story.
CradletoGrave is a medium-size insurance company with about 1,000 employees. The company has outgrown its current digs and will soon occupy four separate buildings in an office complex, in addition to maintaining its current satellite location. The company has decided to build a new network before occupying these buildings and has compiled these facts to help in planning:
• One building will contain the data center and 75 employees. The other three buildings will house about 300 employees each.
• Each building will have two subnets, and the data center will have three of its own subnets.
• The buildings will be linked by single- and multimode fiber.
• The company's satellite office will house about 50 employees, is 80 miles away from the main site and is linked by a T3 connection. CradletoGrave, C2G to its friends, is thinking growth. It wants to replace its core switch/router as well as the wiring closet switches, and it sees a VoIP (voice over IP) network in its future, so it must ensure that the upgrade can handle VoIP. For example, it wants to have an infrastructure in place that will support QoS (Quality of Service) at Layer 2 and Layer 3, and will allow the company to power the phones from the wiring closets via Power over Ethernet. C2G wants to build a vendor-neutral network. The insurer is considering deploying a wireless LAN, which would also benefit from Power over Ethernet.
In addition, the company is looking for 802.1x support in its switches, not just for possible authentication of access points but for employees who use their laptops in conference rooms. C2G also wants to be in a position to support video via multicast streaming. And it is very interested in high-availability features because ERP (enterprise resource planning) applications and the future VoIP system will require that the network be up and running 24x7. The company's data center needs to be connected to the network. The 12 servers there run ERP and file-sharing applications, and may run video and voice applications in the future. And the company wants room to add 12 more servers to its data center.
C2G wants a Gigabit Ethernet connection to each building as well as two 10 Gigabit ports on the backbone switch/router to be prepared for possible growth in one of the external buildings.
RFI Specs
General Specifications and Instructions: • IP protocol
• Multicast support on all equipment
• VLAN support
• Layer 2 and Layer 3 QoS
• 802.1x authentication on wiring-closet switches
• Redundant/high-availability solution
• Redundant connections to buildings
• 10 Gigabit Ethernet support at core
Main Building Configuration
Data-center servers: 12
Data-center desktops: 7
Data-center T3 connections: 1
Wiring closets:
No. 1: 20 desktops, 50 meters from data center
No. 2: 35 desktops, 75 meters from data center
No. 3: 15 desktops, 90 meters from data center
Fiber terminations to external buildings Four pair each of single-mode and multimode fiber to each external building
All buildings are less than 500 meters from the main building "Foundry Targets Midsize Switch Market" (Network Computing, Feb. 6, 2003)
"2003 Survivor's Guide to Infrastructure" (Network Computing, Dec. 15, 2002)
"The End All of Network Performance Management" (Network Computing, Dec. 1, 2002)
"Fewer Vendors, More Simplicity" (InformationWeek, Nov. 18, 2002) "10 GIG Can't Wait To Interoperate" (Network Computing, Aug. 5, 2002)
"Managing Your Vendor" (Network Computing, April 16, 2001)
"Faster Due Diligence" (InformationWeek, Jan. 22, 2001) As we've mentioned, we created a fictional insurance company, CradletoGrave, outfitted it with pie-in-the-sky plans, and issued an RFIs to several companies.
The responses to our questionnaire are below in PDF format:
You May Also Like