Feeds

Make life easier on campus with a simpler LAN

Three layers into one will go

SANS - Survey on application security programs

The campus LAN is probably the most common network in use today, but its customary trio of layers is coming under examination as the need to reduce costs, add wireless access and increase performance continues to grow.

Back to basics: a campus LAN interconnects users in separate and multi-floored buildings in a smallish area, such as a university campus.

The numbers involved can be large – upwards of 25,000 registered devices with 2,000 to 3,000 concurrent users who may be using desktop PCs, cabled or Wi-Fi notebooks, or Wi-Fi or 3G-connected tablet computers and smartphones.

Then there may be voice over IP phones and radio frequency identification readers and other security devices.

The users want to be able to gain access to the building, send email, use word processing and spreadsheets, run server applications across the campus in a data centre, access web sites and use social media.

Trouble at t’mill

Whatever they are doing now, more of them will be doing more of it in a few months’ time.

The campus network is usually divided into three layers: an access layer, then an aggregation (or distribution) layer and finally a core-switching layer. The rationale for this network design is to keep trouble in one part of the network, on a floor of a building for example, from affecting other parts.

Each layer has its own devices. The access layer has access switches to which groups of edge devices connect. Then groups of access switches connect to distribution devices and these in turn connect to one or more core switches.

Each floor in a building may have one or more access switches and the building probably has its own distribution switch.

These switches connect to a core switch, creating a three-layer cake of devices with data traffic from a user in one building to a server in another, for example, passing through the user's nearby access switch.

The data moves on to the building's distribution switch, then to the core switch where it is routed to the destination building's distribution switch, then to the access switch for the device and finally to the server. Five network devices are used.

If one layer of this network design could be removed, such as the distribution layer, then there would be three devices between the user and the server.

In a large campus LAN this could easily mean getting rid of a hundred or more devices.

One idea is to aggregate the core and distribution layers by linking core switches directly to access switches (HP supports this approach).

The core switch still handles the same number of packets of data, but instead of coming from, say, 50 distribution switches they come from 250 access switches.

Something old, something new

This means the expanded core switch requires 250 incoming ports instead of 50 and must be able to route traffic from any port to another.

A problem at the edge is that the growth in the the number of users and devices, and hence traffic growth, means that new switch ports must be added.

For example, wireless access added to a building could mean another 500 accessing devices needing more ports and thus more access switches.

It is a good idea to be able to simply stack access switches on top of one another, so to speak, and then to manage the collection of stacked switches from a central point as a single management domain.

It is a good idea to be able to mix the different kinds of switch technologies

Over time switch technology advances and you end up with older and newer switches. It is clearly a good idea to be able to mix the different kinds of switch technologies in a stack so you can continue to use the older switches as the newer ones arrive.

More intelligence in these access layer switches enables this to happen. In addition, aggregating the core and distribution layers can be useful. Brocade provides a unique way to do this.

For example, Brocade is developing HyperEdge technology to view and manage different switches as a single logical device.

HyperEdge also enables different types of switches to be stacked together, the newer switches sharing more advanced services with other members in the stack.

Campus networks tend to be expensive but their use is growing. Collapsing the network layers makes for a simpler wiring task, with fewer devices to purchase and a less onerous management responsibility.

Easy life

The ability to mix and match different generations of access switches and manage them in a single logical management domain is another incremental improvement. It reduces the difficulties involved in growing the scale of a campus LAN.

A three-layer wired design, with separate per-layer management domains that works for 5,000 devices and 500 users, is unlikely to be cost effective for 50,000 devices and 5,000 users.

It would make sense to move to a two-layer architecture and have a resilient edge switch concept. This would enable you to use switches for as long as they are useful, while bringing in newer switches that help scale the numbers and types of devices at the network edge.

Whatever devices you buy or lease for the layers in your campus LAN, their architectures should provide an open road to scalable growth, enabling you to simplify operations and lower your total cost per port. ®

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
IBM rides nightmarish hardware landscape on OpenPOWER Consortium raft
Google mulls 'third-generation of warehouse-scale computing' on Big Blue's open chips
It's GOOD to get RAIN on your upgrade parade: Crucial M550 1TB SSD
Performance tweaks and power savings – what's not to like?
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.