Rolling Review Wrap-Up: Vendors' RFP Responses Make The Case For Switching
But revamping your network won't be easy, and Cisco casts a long shadow.
September 3, 2008
An organization distributes a request for proposal when it's thinking about making a vendor switch or substantially upgrading an existing system. We invited several companies to respond to an RFP specifying a new network architecture for TacDoh, a fictional, fast-growing purveyor of deep-fried desserts. In its RFP, TacDoh aimed to simplify management, unify its architecture, incorporate voice over IP, and add security features.
Wowing potential customers is important to vendors responding to RFPs because incoming vendors have a hard time supplanting incumbents.
That incumbent vendor is most likely Cisco: The company dominates in the access, distribution, and core switching layers as well as the data center. Interestingly, for all the complaining we hear about Cisco from peers, IT administrators, and CIOs, in a recent InformationWeek Research survey of 295 technology pros, 76% of respondents say they'd prefer to purchase Cisco gear, followed by Hewlett-Packard ProCurve at 22%, then everyone else.
We didn't position this RFP-based Rolling Review as "anyone but Cisco," but Cisco declined to participate, citing resource issues. We received responses from five other vendors: Alcatel-Lucent, Extreme Networks, Foundry Networks, HP ProCurve, and 3Com.
Alcatel-Lucent, HP ProCurve, and 3Com all made our short list because their proposed network designs hit all of our requirements, with resilience and advanced features to support TacDoh's VoIP and security initiatives.
DIG DEEPER
A KNACK FOR SECURITY
Find out how smart switches and NAC can boost your control.
Download this free
InformationWeek Report
>> See all our Reports <<
HP ProCurve is the best value because it came in with the lowest price and the company has the best no-cost warranty, with free software upgrades and a lifetime next-day replacement program for hardware--options that other vendors, including Foundry and Extreme, charge for.
But that doesn't mean Foundry and Extreme were second-rate: Foundry presented a strong set of products for data center computing, and its recently announced acquisition by Brocade should boost its position in the market. We like some of the advanced features Extreme offered, such as event scripting. But Extreme is a pure-play switch vendor, and its limited product line puts it at a disadvantage and made it a poor choice for TacDoh.
WHY UPGRADE?
There are plenty of reasons to upgrade a switching infrastructure. When asked what technical drivers would induce them to upgrade, respondents to our survey cited more capacity in the access, distribution, and core layers, and more capacity in the data center as their top technical reasons for upgrading. The need to improve fault tolerance wasn't far behind.
The top business drivers among IT professionals we surveyed were to improve network security, support real-time communications, and improve fault tolerance and network flexibility (see chart, "How important are these switch upgrade factors?", below).
Performance is very important. In this Rolling Review, we considered a few factors that affect performance, such as how devices are interconnected and what types of switches (stackable or chassis) are used at the edge and the core. In addition to raw throughput, TacDoh's plan for VoIP requires a low-latency network.
Redundant 10-Gbps links were common in all the designs. The difference lies in whether multiple links can be aggregated, accumulating bandwidth as needed. Extreme's uplinks were active/passive, which limited us to 10 Gbps. Designs from Foundry and 3Com aggregated multiple 10-Gbps uplinks for increased bandwidth and high availability, which provided plenty of room for growth. Alcatel-Lucent's edge switches can support two 10-Gbps ports each, but the company specified a single core in its design, so adding more uplinks would only add more capacity--the sole core switch is a single point of failure.
HP ProCurve's design includes redundant, aggregated 1-Gbps uplinks to the core/server switches. This provides only 2-Gbps capacity, but the 5400zl chassis line can be upgraded to 10 Gbps in the future. This fit within the requirements of our RFI, so the lack of 10 Gbps doesn't detract from the design. The inclusion of 10 Gbps from other vendors means fewer upgrades in the future.
Comparing stackable switches versus chassis at the edge is really a comparison of cost, flexibility, and performance. The stackables from all the vendors are remarkably similar. All boast a bidirectional ring topology so traffic can pass in either direction on the ring, up and down the stack, via the shortest route. Switches can be added anywhere in the stack up to eight high, for a maximum density of 384 ports in 48-port increments. Stacking access switches, which Alcatel-Lucent's, Extreme's, and 3Com's designs offer, is a lower-cost way to add ports incrementally.
Foundry's SuperX chassis supports up to 206 Gbps ports, while HP ProCurve's 5406zl access switches have a maximum capacity of 144 Gbps ports. We would have to add whole new chassis plus uplinks to add capacity, which is more costly than adding a stacked switch. The main difference, however, is the capacity between hosts on the same switch. Many stacked switches, such as those from 3Com, only push 48-Gbps bidirectional traffic: 24 Gbps up and 24 Gbps down over the stacking cable. With two cables, that's 96 Gbps total. Foundry's SuperX, however, can pump 510 Gbps over the chassis backplane.
At the access layer, even a seemingly paltry 24 Gbps is more than enough capacity in situations where there will be little connectivity between hosts. The added capacity is required at the core, however, where all traffic is aggregated and redistributed. All the designs except 3Com's had chassis solutions at the core. 3Com has chassis switches, but chose a stacked core for the TacDoh network design. The capacity offered by the 3Com design would fit the needs stated in the RFP, but we foresee having to migrate to a chassis in the future.
(click image for larger view)THE POWER OF VOICE
A full 66% of survey respondents indicate that support for real-time media, like VoIP and live streaming video, is a business driver for upgrades. Real-time media requires low latency and low-jitter networks in order to perform well. Unlike audio and video on demand, real-time media can't be buffered and smoothed out. On a per-call basis, the bandwidth required is small--a worst case is a VoIP call encoded using a G.711 codec (meaning no compression), which requires 80 Kbps. From a pure capacity perspective, a fast Ethernet connection can handle more than 1,000 VoIP calls simultaneously.
More important are latency, the delay between two endpoints, which should be less than 125 milliseconds, and jitter, the variation in per-packet delay, which should be less than 30 milliseconds.
The switching platforms presented by all the vendors use similar methods to support real-time media. Methods included automatically detecting a media endpoint on a switch port using LLDP and LLDP-MED, and placing the port into a voice virtual LAN configured for low-latency throughput, as well as marking and honoring quality-of-service settings on a per-packet basis.
LLDP and LLDP-MED also are used to manage other components of VoIP, such as setting the required Power over Ethernet (PoE) wattage on a per-port basis and providing location information to VoIP phones for emergency (E911) location. The key VoIP differentiator is support for vendor-specific attributes for phones. Alcatel-Lucent and 3Com have their own VoIP product lines; the others partner with VoIP vendors and integrate the VoIP equipment on their switch platforms.
The other issue to contend with is PoE. Wiring closet systems must be able to accommodate higher power and heat loads. We've heard horror stories about PoE switches overheating in poorly ventilated closets. Overprovisioning is a requirement to ensure that there's adequate power to phones.
All of the switches in the RFP responses can power a subset of their total ports using internal power supplies, but plan on making space for dedicated power modules to provide adequate redundancy. Be sure your switches support power prioritization, so that in the event of power loss critical systems stay online in an emergency. All of the vendors here support power prioritization.
(click image for larger view)
SECURITY IS A TOP DRIVER
Whether your organization has to comply with regulations or you're concerned about locking down IT systems, improving security is a common business driver, say 71% of survey respondents. Security features are fairly uniform across the switching lines here, with support for secure management over SSL, SSH, and SNMPv3.
But not all features are supported on all switches within a single line. For example, 3Com's 5500G access switch line supports DHCP tracking, which tracks DHCP requests and responses; ARP inspection, which maps MAC addresses to DHCP leases; and IP Source Guard, which maps IP addresses to ports. 3Com's 4200G switch line does not.
Of course, network infrastructure and network access control are tightly coupled. All the vendors in the Rolling Review either partner with a NAC vendor or resell a NAC vendor's equipment. The integration point is typically 802.1X and Radius. Support for Microsoft's Network Access Protection using 802.1X or DHCP also is common.
The combination of port security features and NAC makes user-based access control at the network edge possible with relatively minimal changes after initial configuration. HP ProCurve's Identity Manager applies access policies based on user name and group membership, location, and time of day, providing basic NAC features without the expense of a third-party product.
About the Author
You May Also Like