Best new practices for network design, 11/13/00

The movement to IP, switching and convergence is forcing network architects to throw out tried-and-true design practices. Here's a look at the latest strategies.

By Cassimir Medford
Network World, 11/13/00
I magine being a router expert at a company whose chief information officer initiates a project called "Death of the WAN." Think you'd hang around for long?

The network staff running Novell's corporate WAN didn't when then-CIO Sheri Anderson announced plans to dismantle the company's enterprise WAN and replace it with a VPN. "Before we even started, all my Cisco guys quit," says Anderson, who was promoted in September to senior vice president and general manager of Novell Customer Services. No matter, she adds. "I didn't have to replace them."

Why would she, when VPN gateways and Internet tunnels represent a much better design option than the outgoing network that used routers and dial-up 800 services. By year-end, every Novell office with fewer than 10 employees - the majority of the company's 120 offices in 41 countries - will have a VPN connection.

"There are IT managers out there who will have cardiac arrest just reading this," Anderson says. "But this is an area where technology enables CIOs not just to cut costs, but to deliver a higher level of service."

The service goal has changed network design practices dramatically. "I don't want to manage Cisco routers anymore; I want to manage access and connectivity as services," Anderson says. "I don't want to care whether you are logged on directly to Novell's network or you are tunneling through the Internet via a VPN client, I want to deliver my services through a browser."

The best network designers no longer focus on the mountain of devices comprising the corporate network. After all, Layer 3 switches, Web servers and firewalls are fairly well understood and predictable today. Instead, top-notch net architects zero in on the all-important commodity that is being distributed on that network - bandwidth - and the services it makes possible.

IT executives point to three phenomena that have most significantly impacted network design practices: the triumph of switching over routing, the use of IP everywhere and convergence. Admittedly, the latter is still more concept than reality, but it is affecting network design decisions.

Switching to larger pipes
Under the old best practice, you designed the network to accommodate applications' required bandwidths. Adding an application meant further network segmentation. You added a hub and perhaps a router and, in the best-case scenario, upgraded the wiring closet.

But now the best practice is to replace shared networks with switched at every opportunity and to deliver dedicated pipes to every user.

"The price points in the marketplace are dictating this practice. The assumption today is that there is enough bandwidth to accommodate any application," says Marshall Eisenberg, director of product marketing for Gigabit Ethernet vendor Foundry Networks in San Jose.

This new best practice made perfect sense to Steve Leary, network analyst with clothing retailer Coldwater Creek, as he studied a network redesign. It let him focus on building an infrastructure for the company's future rather than on bandwidth accommodation, he says.

Traditionally a catalog company, Coldwater Creek has built a strong Web presence and is in the process of opening stores. "It was the ideal time to redesign. We had to accommodate the needs of our Web developers, and we had to be able to distribute our computing resources among our growing number of locations," Leary says. "Things were snowballing. We still have routers, but we're going to an all-switched network."

Coldwater Creek went from shared 10M bit/sec Ethernet to the desktop and switched 100M bit/sec Ethernet in the backbone to 100M bit/sec Ethernet to the desktop and Gigabit Ethernet in the backbone. "We needed more bandwidth for our Web servers, and we needed more flexibility. We are also making plans for a converged network," Leary says. "Down the road, we see ourselves on a company VPN with voice, data and video traffic moving back and forth on it."

Getting virtual, and private
If that materializes, Leary would find himself following another best new design practice - building a VPN to replace traditional remote access scenarios. VPNs easily accommodate the trend toward smaller offices and more mobile workers and telecommuters. Leased lines are overkill and cost-prohibitive here. Novell's "Death of the WAN" project, for example, lets the company dispense with expensive 800 lines and save on training.

Of course, many other new best design practices have resulted from the need to support increasingly complex Web activities. While designers used to consider making WAN pipes as large as possible and tuning the network to deny access to bandwidth-hogging applications best practices for preventing network congestion from unpredictable Internet traffic patterns, they no longer do. Under the new best practice, they employ internal and external Web caching to redirect traffic from the Internet to local caching devices or to a content delivery network such as one provided by Akamai.

NETWORK DESIGN Then and now
Here's a look at how best network practices have changed over time.
The Old	The New
When the network is congested, apply more bandwidth. Bandwidth is the chicken soup of networking; it cures all ills.	On converged voice-and-data networks, apply quality of service or another prioritization scheme.
To secure the company, place an impregnable wall at the LAN/WAN border to keep outsiders out and insiders in.	Maintain the LAN/WAN rule for the most part, but add more intelligence so security decisions can be made at every juncture of a distributed network.
To accommodate the traffic patterns the Web imposes on the corporate network, make the WAN pipe as big as possible, deny Internet access to workers who abuse the privilege and block bandwidth-hogging traffic at the firewall.	Redirect traffic from the Internet to local caching devices or to a content delivery network such as that provided by Akamai Technologies.
Think of the network from a bandwidth point of view, and don�t oversell it. Bandwidth is precious, and the new applications are pigs.	Think of the network from user and content points of view, particularly because a growing proportion of the user base will be mobile and working outside the range of technology support. Give them everything they need to get their jobs done.
Build networks that accommodate direct access by remote users, using leased lines for large offices and frame relay for cost-savings. Use dial-up for very small offices and individual mobile users and telecommuters.	Use VPNs for smaller offices and individuals, and investigate VPNs as a strategic direction throughout the company.
Solve congestion problems by segmenting the network. Fewer users sharing the pipe gives each user more bandwidth.	Change to a switched network. Give each user a dedicated pipe, and your worries end.
Use routers for multiprotocol traffic, switches to speed traffic in homogenous environments and load balancers to distribute traffic and prevent overloads.	Use multilayer switches to do everything � they can switch, route and balance loads.
— Cassimir Medford

The trends toward Web-hosted managed services and applications outsourcing also require new design practices. Because these erase a firm's traditional demarcation point between LAN and WAN, the best practice is to implement security throughout the network as a layer - not a border. All network components, even desktop PCs, should be given more intelligence so they can make decisions about security.

"If corporations stick with the old fortress rule, they could inadvertently lock out their own employees. Security requires flexible, adaptable solutions," says Laurie Gooding, senior analyst with Cahner's In-Stat Group, a research firm in Scottsdale, Ariz.

The emergence of popular broadband services such as DSL and cable modems have made corporations more vulnerable, so the need for intelligence in the network has increased. The great benefits of "always-on" connectivity are tempered by its vulnerability.

"Broadband and IP have changed the rules. To hack frame relay, you had to be inside the public network. Even then, you probably wouldn't get very far," says Bryan Long, vice president of marketing for Copper Mountain, a DSL equipment vendor in Palo Alto. "If it's IP, you need to have firewalls and Network Address Translation in place. Security has taken on a much bigger role."

Designing for convergence
Perhaps the most contentious best new network design practices revolve around convergence. Most everyone agrees that building networks capable of prioritizing voice and video over data is becoming imperative, but nobody quite agrees on the best practices for doing so. While some await quality-of-service (QoS) refinement, others suggest that the best network design practice remains to bring on more bandwidth.

QoS proponents say bandwidth may solve problems, but doesn't directly affect prioritization and latency, the two-headed monster that has delayed the real-world implementation of voice-data-video convergence.

"Bandwidth is not the problem on the LAN, it's prioritization. It is crucial that network managers employ some form of QoS," says Bob Stack, vice president of IS at Natural Microsystems, a network traffic management company in Framingham, Mass. "Adding packetized voice and video to the data network makes economic sense. But with voice and video, quality is crucial, so we are adding QoS and service-level agreements."

Throwing bandwidth at a problem doesn't cure latencies caused by delays and congestion at the aggregation points in the network. Adding intelligence across the network, a new best practice, is at least as important.

One network specialist says adding bandwidth sometimes hurts. "If there are problems in the routing of traffic on the enterprise, throwing bandwidth can bring down a router," says Lou Steinberg, vice president of software development at Micromuse, a management software vendor in San Francisco. "Today, understanding the problem and managing it is much more important than simply opening up the pipes. The old rule seems naive today."

While QoS may not be here yet, network managers are starting to design in placeholders for prioritization and SLA schemes.

"The question used to be, 'Do we have enough bandwidth for this or that application?'" Stack says. "The question now is, 'How do you distribute and prioritize bandwidth so that business goals are best achieved?'"

Cassimir Medford is a freelance writer specializing in networking technology. You can reach him at cmedford@bellatlantic.net
Related links

Test-drive your network designs
Network World, 05/24/99.

SBC can pretest your network design
Network World, 07/10/00.

Network design
Network World Fusion downloads.

To top

Send this article to a colleague

Responsible for insuring the safety of your network?

NWFusion offers two FREE security e-mail newsletters to help you keep your enterprise network secure.

Click here to sign-up.

Three free and easy ways to bring Network World's in-depth editorial content to your own Web site.
Learn more

Home
Contact us
Site Map
Today's news
This week in NW
Research

Free newsletters
Forums
Opinions
Careers
Terms of Service/Privacy
Network World, Inc.

Seminars & Events
Advertiser Index
Product Central
Vendor white papers
How to Advertise
NW Subscriptions