Prepare Your Network For VoIP update from February 2005

The Promise: New enhancements to switching and routing software and hardware aim to eliminate or reduce the time the network spends recovering from failures.

The Players: Every major infrastructure vendor is actively engaged in improving their product sets to accommodate VoIP and, increasingly, other critical applications, such as video. These vendors include Alcatel, Cisco, Enterasys, Extreme, HP, Nortel Networks, and 3Com.

The Prospects: The enhancements being made to layer-2 and layer-3 protocols can dramatically reduce downtime, but 100 percent recovery without impacting voice calls is still impossible. Callers will hear audio distortion during the call whenever the network recovers from a failure.

Infrastructure providers would like you to believe that data networks are ready to deliver the reliability needed to run non-stop VoIP. The vendors are investing marketing dollars to cement that fact in the minds of IT managers. Over the past three months, they've also made technological investments, introducing new software and hardware features to back up those claims.But a close analysis of the announcements and technologies should leave you wary. Unless you're prepared for users to experience dropped VoIP calls, unless you're prepared to lock yourself into one infrastructure vendor, and unless you're prepared to limit the scope of VLANs to your critical VoIP infrastructure, no practical network architecture is going to provide the reliability that vendors claim.

The fact is that data networks take too long to resolve fault conditions for voice traffic to be unaffected--a problem that only gets worse the higher up you go in the stack. The Spanning Tree Protocol (STP, 802.1d) converges in 30 seconds; OSPF and the Border Gateway Protocol (BGP) in up to three minutes. Vendors are touting new and existing protocols, standard and proprietary, that claim to reduce those intervals to under three seconds, but even that's too long for a VoIP network.

The recent protocol enhancements go a long way toward addressing concerns about the network's suitability for supporting VoIP, but they aren't perfect. You should still strongly consider VoIP, but be prepared to do what network architects have always done--that is, try to capitalize on the technology's benefits to the business while minimizing its risks.

LAYER TWO

The internetworking communities have taken both preventative and reactive measures toward reducing fault recovery times. On the preventative side, vendors have continued to improve the hardware and software designs of their access switches. For example, Extreme Networks' recently announced access switch, the Aspen, includes hot-swappable and redundant switching fabrics, fans, controller boards, and power suppliers, along with a passive backplane. Cisco Systems built greater intelligence into its 6500 series access switches last fall with the Supervisor Engine 32, a combination switch fabric and management module that runs for $15,000, or just about half the price of the existing Supervisor Engine 720. The 32 provides in-system diagnostics to detect hardware failures before they occur.The Aspen is the first access switch from Extreme to implement its ExtremeWare XOS, the OS introduced in 2003 on the company's BlackDiamond 10K core switches. XOS brings software modularity to the access switch, allowing individual software modules to be upgraded and restarted without rebooting the entire switch. Enterasys Networks says it already offers software modularity on its access switches. Cisco delivers software modularity in its new CRS-1 router and plans to port those capabilities down to the 6500, says Doug Gourlay, director of the company's Internet Switching Business Unit. Gourlay couldn't provide a specific date, however. At present, HP's switches lack software modularity.

On the reactive side, vendors are improving the network's ability to wrap around failures at layers 2 and 3. Cisco, HP, and Enterasys all rely on the Rapid Spanning Tree Protocol (RSTP, 802.1w) to direct traffic around a failed link. Whereas the original STP could take up to 30 seconds to converge after a failure, RSTP can do so in about a second. This is fast enough to preserve a VoIP call--Session Initiation Protocol (SIP)-based calls can tolerate up to 64 seconds before timing out--but active calls will be noticeably affected.

Vendors are also tweaking STP in proprietary ways. Enterasys, for example, has built redundancy into the STP root so that if the device carrying the root fails, the network will fail over to a backup switch without having to reconverge the network. Cisco introduced Per VLAN Rapid Spanning Tree (PVRST), which runs RSTP without the more complex Multiple Spanning Tree Protocol (MSTP, 802.1s), which is normally required.

On the other hand, designing for STP's fastest convergence times may cramp VoIP's style. A Cisco design document urges limiting VLANs to a single closet wherever possible, thus improving STP convergence times. However, network architects commonly spread VLANs across wiring closets for numerous reasons, such as to accommodate far-flung departmental users on the same VLAN.

Extreme, Foundry Networks, and HP also implement their own layer-2 techniques to improve STP. Extreme, for example, is now selling its Ethernet Automatic Protection Switching (EAPS) algorithm as part of the software bundle running on its enterprise switches. Previously, EAPS was only available on carrier-grade equipment. EAPS provides a sub-50ms failover that's fast enough to remain undetected by VoIP callers.Similarly, Foundry is getting ready to offer its Metro Ring Protocol (MRP) on its edge switches. Like Extreme, Foundry claims that MRP provides subsecond failover. MRP can be enhanced with the Virtual Switch Redundancy Protocol (VSRP), Foundry's layer-2 version of the IETF's Virtual Router Redundancy Protocol (VRRP).

HP relies on the HP Switch Meshing protocol. Whereas all switches today can load-balance between links connecting two devices, HP's Switch Meshing allows IT to load-balance traffic across clusters of up to 12 links between a group of devices. Aside from the performance benefits, HP uses the technology to provide link-layer resiliency. Toward the end of this year, HP will expand those capabilities to encompass 32 links.

LAYER THREE

To protect clients from losing their default gateways, switch vendors implement VRRP to form a virtual router group sharing a single IP address. The catch is that VRRP only works with one active router per VLAN. Last December, Cisco introduced the Gateway Load Balancing Protocol (GLBP), an enhancement to VRRP that allows the master and backup routers to function simultaneously on the same VLAN, thus balancing the traffic load between them. Enterasys expects to deliver its own GLBP-like protocol later this year. Extreme and HP have no such plans presently.

That same month, Cisco also announced technologies that improve general router stability by allowing routers to fail over to backup management modules without forcing OSPF or BGP to recalculate routing tables. Cisco's Nonstop Forwarding (NSF) with Stateful Switchover (SSO) technology extends routing protocols so that adjacent NSF-aware peers will keep forwarding router traffic to a 6500 even when switching over to a backup switch fabric. In so doing, the protocol prevents routers from route flapping, or rapidly turning on and off, which leads to network instability and untimely BGP routing table recalculation. Previously, the 6500 had been able to fail over to a backup management and fabric card using what Cisco calls Single Router Mode (SRM) with SSO, but BGP could still take three minutes to recalculate. Both Extreme and Foundry offer functionality comparable to Cisco's SRM with SSO. HP is developing its own technology for its core switches.A NEW ENTERPRISE NETWORK

The result of these efforts is a move toward more carrier-like network architectures, where technologies that enhance security and reliability are being pushed out to the access layer, and the core is focused on providing predictable and reliable transport.

Designing the access switches with "carrier-grade" features will play out well for traditional infrastructure vendors. If Ethernet switching was headed toward commoditization, it's the reliability and predictability factor that blue chip vendors will use as a means of distinguishing their products from those competing on price.

For network architects, any effort on the part of vendors to improve network reliability should be welcome news. However, while most companies choose one supplier for their core switches, that's not always the case with access-layer switches. Often, low-end switches may be chosen largely for price. Being able to preserve those price gains and prevent vendor lock-in while still devising a resilient network may be your toughest challenge yet.

Executive Editor David Greenfield can be reached at [email protected].0