51-20-08 Creating Network Expressways Using Previous screen Switching Engines Andres Llana, Jr. Payoff Today, high-powered Ethernet switching engines with support for full-duplex technology and advanced multiprotocol filtering functions provide an inexpensive route to high-speed expressways. These devices, when properly deployed, can reduce network contention and greatly improve network throughput. Introduction The new, high-powered Ethernet switches provide the network administrator with many more options to more efficiently manage LAN traffic. Low-cost Ethernet switches can be used to create virtual LANs at the protocol or broadcast group level. For example, Internetwork Packet eXchange traffic could be filtered at the port level, restricting it from entering another network segment while Internet Protocol (IP) traffic might be allowed to pass. Broadcast traffic might be limited on a port-by-port basis to further control traffic on each network segment. High-bandwidth traffic can be selectively isolated from the rest of the network. Properly deployed, Ethernet switches can consolidate traffic in multiprotocol LANs (e.g., IP, Internetwork Packet Exchange (IPX), DECnet, AppleTalk) while effectively improving overall network throughput. Competitive switches selling for less than $4,000 (for as many as eight Ethernet ports with routing and filtering options) provide a cost- effective method for consolidating LAN segments, greatly improving network throughput. Conserving Bandwidth Network congestion has greatly increased in recent years as more nodes are added and applications become more complex. LAN segmentation was originally deployed as one means of organizing groups of users into separate but interconnected LAN segments. This technique improved network performance by reducing contention, however, it is not as effective as LAN switching. The advent of the LAN switch represented a major leap forward for LANs. The first Ethernet switch was introduced by Kalpana in 1990, with LAN switching taking on many more refinements since that time. A LAN switch can provide a dedicated bandwidth segment for the connection of high-traffic workstations or servers. These switching engines, when combined with the more advanced network management systems, extend the ability of the network administrator to fine-tune and tailor a network to optimum performance levels. The issue now—and the basis for discussion in this article—is how best to deploy this technology, particularly as Ethernet networks continue to expand and grow. Going Beyond Segmentation When properly integrated into the architecture of a LAN, intelligent hubs can greatly enhance the process for network optimization. For example, a network planner can easily reduce network traffic by aggregating users with common needs on separate LAN segments. Through this process, any requirements for large amounts of bandwidth between Previous screen common users can be restricted to their common segment environment. This process of establishing high-bandwidth users on common segments, however, can be further improved through the application of Ethernet switches. A switched LAN has several advantages over segmentation, including:

á Ease of migration. The introduction of a switch into a LAN does not create a problem for the network staff because the LAN technology remains the same.

á Capital conservation. Introduction of a switch does not affect the overall structure of the LAN because no new cabling, hardware, or network infrastructure changes are required.

á Evolutionary migration. Switches enable the network planner to migrate toward the development of a virtual LAN and eventually integration with Asynchronous Transfer Mode backbone facilities. About Ethernet Switches Original Ethernet was a shared LAN technology that allowed only one data conversation at a time. In this situation, the 10M bps of available bandwidth may end up being shared by multiple users. Consequently, when more than one user wants to access the network, collisions may result that cause delays limiting user productivity. Because of the half-duplex nature of the Ethernet network and its distributed arbitration methodology, only 40% to 50% of the network's throughput potential is ever realized. For this reason, an Ethernet switch might be viewed as a throughput enhancer that allows multiple conversations to occur at the same time on the network. An Ethernet switch essentially creates parallel data conversations by establishing a dedicated point-to- point connection between two workstations (see Exhibit 1). This type of capability can increase normal Ethernet 10M bps throughput to 20 or 40M bps.

Full-Duplex Point-to-Point Ethernet Connection Earlier switches were separate modules designed to fit into the backplane of an intelligent hub. The newer LAN switches, however, are robust standalone units that can be used to support desktop-to-desktop switching, workgroup switching, or serve as larger enterprise backbone switches. Desktop Switches These are used to link users with a common interest in applications that may be bandwidth intensive (e.g., imaging, high-speed modeling, or multimedia applications). An example of a desktop switch might be Fore System's ANTswitch or Cisco's Catalyst Switch series. Workgroup Switches These switches are deployed to add capacity to a congested LAN, allowing the connection of individual workstations or LAN segments. These switches can be connected to backbone networks or high-speed links connecting them to other servers. Examples of workgroup switches are LinkSwitch, Cabletron's TSX-1620, and Performance Technologies' Nebula 2000. Backbone Switches Larger switches provide very high speed backbone switching. These may use store-and- Previous screen forward or other advanced networking techniques to support large numbers of connections and high traffic volumes. These switches are likely to integrate a high degree of redundancy and support some form of interface to a high-speed public network facility (e.g., T1, frame relay, or Asynchronous Transfer Mode backbone). They also support multiple protocols. An example of an Enterprise Switch would be the IBM 8250/60 series multiprotocol switches, Alantec's Power Hub 7000,3Com's LANplex 6000, or XYLAN's OmniSwitch. Originally, Ethernet switching engines were deployed in conjunction with intelligent hubs to enhance and extend LAN segments. In this setting, an Ethernet switch— when deployed in a segmentation infrastructure—could clear up network bottlenecks that would under other circumstances create significant response time delays. They also provided the ability to establish high-speed multiport internetworking solutions to allow the LAN administrator to segregate those high-speed workstations that had high bandwidth requirements. LAN switches support 100M-bps LAN speeds to include 100Base-T, 100VG-AnyLAN, and FDDI networks. Not All Switches Perform the Same Not all Ethernet switching engines are designed the same and therefore their characteristics are a performance factor that must be considered in the configuration of an extended LAN. Switching modules are designed to interconnect LAN segments in much the same way that a telephone conversation is linked using a PBX. The LAN switching engine itself provides for the full wire speed interconnection of a LAN's segments. Although the terminology has changed in the past few years, two prevalent switching designs may be found in Ethernet switches: cut-through switching and store-and-forward switching. Cut-Through Switching Under this switching architecture, the switch has been designed to forward packets to their destination before a packet is fully received and before the collision window passes. This type of architecture does not limit the end-to-end throughput as do store-and-forward bridges, for example. Cisco and IBM switches use this design characteristic. Store-and-Forward Architecture Under this switching architecture, the whole packet is fully received before the forwarding process begins. Each packet is buffered in memory and the switch examines the entire packet. Because the packets can be inspected, more advanced management capabilities are available. The forwarding method used by Ethernet switches varies and is based on whether there is or routing software. Some vendors (e.g., 3Com, Cisco, and Performance Technologies, Inc.) have methods that combine techniques from cut-through and store and forward. Depending on error thresholds, these switches may switch from store and forward to a form of adaptive cut-through. Using proprietary software, a vendor will incorporate one of these designs into a proprietary switching matrix. This software switching matrix is integrated into specially designed hardware that will support back-to-back packets in a Full-DupleX mode. Most switch designs offer multiple ports (four to eight) to support simultaneous Ethernet connections between connected switches. Through this design, some Ethernet switches can offer as high as 40M-bps throughput with a transit delay as low as 70 microseconds. In some switches, filters are incorporated into the design of the switch to filter out packet fragments or runts generated as the result of the Ethernet collision process. Some Ethernet switches support both broadcast and multicast frames at as many as 59,520 packets per second. Although port designs vary among manufacturers, most use an RJ-45 Previous screen interface and provide support for several 10Base-T ports as well as multimedia (i.e., 10Base-2, 10Base-5). In some designs, provisions may exist for as many as 1,024 address per port with buffer sizes of as high as 1,500 packets per port. Other features include intrusion control and bridging security features, redundant clocking, and power supply modules. Multiprotocol (Workgroup) Switching One of the greatest applications of Ethernet switches is workgroup switching. This may be a result of the fact that many large networks evolve as an amalgamation of several different smaller LANs, each with a different protocol. The key to successful network management lies in the ability of the network administrator to filter network traffic as it arrives at specific points along the network. For this reason, protocol switches have come on the market that combine wire speed connectivity with the ability to filter multiprotocol Ethernet traffic (e.g., IP, Internetwork Packet eXchange, DECnet, and AppleTalk). Protocol switches often serve as workgroup accelerators or collapsed backbones. Protocol switches, when properly deployed, can support the organization of virtual LANs. Filtering is accomplished at the port level, where in some switches there can be as much as four tiers of wire speed filtering: broadcast groups, internal LANs, protocol filtering, and Media Access Control address filtering. Through this filtering process, these switches can block or filter the propagation of unwanted traffic across a network by forming a firewall. Firewalls For example, using this process an administrator might block Internetwork Packet Exchange (IPX) traffic from crossing onto a DEC network segment while IP traffic might be allowed to pass. MAC address filtering can be used to establish a secure means to restrict traffic to specific terminals. Broadcast domains can be established that restrict broadcast packets to specific segments or to ports that are members of the same broadcast group. In this way, specific broadcasts can be restricted to those segments of which they are members. Exhibit 2 shows the application of an inexpensive protocol switch, the Nebula 2000, which is used on the campuswide network at the University of California San Diego (UCSD). The Nebula 2000 links many diverse servers and local networks (e.g., Office LAN, mail servers, and Sun servers) by providing a high-speed protected link between networks.

University of California, San Diego Campus, Network Operations In this configuration, the Nebula 2000 has been divided into three separate partitions that comprise a collapsed backbone for the UCSD campus network. Protocol filtering and MAC address filtering provide a means to restrict certain types of traffic to specific segments while MAC address filtering ensures complete security against unauthorized access to privileged information. Here, the establishment of specific broadcast domains insulate all of the attached networks from broadcast saturation on unauthorized segments. The Nebula 2000 StarGazer Network Management System is used by the LAN administrator to reconfigure network segments and filtering patterns (firewalls)to suit any change in requirements. There is a complete diagnostic subsystem incorporated within the StarGazer system that allows the Network Administrator to monitor the entire system. A WAN port on the Nebula 2000 provides the support for remote diagnostics. This capability Previous screen allows the network administrator to access the Nebula 2000 remotely to monitor the activity on individual ports as well as reconfigure or resegment the network. Network Considerations Network configurations will be affected by the switching characteristics of a switch. For example, multiple nonblocking paths between individual pairs of ports on connected switches provide for full use of all available bandwidth. With cut-through design, a packet's latency is dramatically reduced because the leading edge of a packet exits the switch before the trailing edge enters. In this way, packets can be forwarded 20 times faster than conventional store-and-forward bridges. Although a regular bridge or typically will delay a full-size packet by about 1,200 microseconds, a cut-through Ethernet switch will measure transit delay in tens of microseconds. This difference in transit delay will force a quantum difference in the resulting end-to-end throughput. This type of switching, however, may propagate corrupted packets or ones containing errors. Exhibit 3 lists a few factors that can effect end-to-end throughput. As can be seen, the store-and-forward architecture avoids many of the problems associated with a cut- through architecture. This includes short or fragmented frames as well as the smooth handling of multicast packets. In addition, this architecture provides for a much easier migration to high-speed LAN technologies such as or Asynchronous Transfer Mode. Factors Effecting End-to-End Throughput

Feature Design Charcteristic Cut-Through Store/Forward Filter corrupt and No Yes fragmented packets Low latency Yes No Support for redundant links No Yes Full duplex Yes Yes Smooth handling of No Yes broadcast packets

Feature Design Charcteristic ------Cut-Through Store/Forward

Filter corrupt No Yes and fragmented packets

Low latency Yes No

Support for redundant No Yes links

Full duplex Yes Yes

Smooth handling No Yes of broadcast packets Previous screen Switch Types Ethernet switch configurations vary with their application design. For example, desktop switches are designed to provide a high-speed link between desk terminals using bandwidth-intensive applications. Ports are available to link several terminals as well as a server. Workgroup switches support Ethernet links or segments, with separate ports for each link. Workgroup switches are connected to hubs to provide segment connectivity. There may be several high-speed links to connect servers. A WAN port may be included to link to other remote LANs. Hub or backbone switches are used to connect several corporate resources across a collapsed backbone. These switches also provide ports for Ethernet links as well as high- speed WAN links that are used to link remote LANs by the public network (e.g., frame relay, T1, and ATM). Typical Midrange Switch Exhibit 4 shows the basic configuration for a typical midrange workgroup Ethernet switch, the Nebula 2000. This is a typical base line configuration for a stackable type switch. The summary for the Nebula 2000 Ethernet Switch states that any 10Base-T port can easily be connected to either a 10Base-T transceiver or 10Base-T device without requiring special crossover cables. Two of the 10Base-T ports are configurable to a Full-DupleX operation. A full-duplex link connecting two switches will enable the switches to transmit and receive simultaneously between them. Nebula 2000 Port Configuration

Nebula 2000 Port Port Type Full Duplex Port Console N/A Port Trace Port (LAN analyzer) Port WAN Port Supports IP (RIP) SLIP routing Port 1 10Base-T/RJ-45 No Port 2 10Base-T/RJ-45 No Port 3 10Base-T/RJ-45 No Port 4 10Base-T/RJ-45 No Port 5 10Base-T/RJ-45 No Port 6 10Base-T/RJ-45 No Port 7 10Base-T/RJ-45 Yes Port 8 10Base-T/RJ-45 Yes The full-duplex operation is a modification of a normal half-duplex operation. This technology enables a high-performance, low-latency connection between multiple servers, or other Nebula switches. In Exhibit 5, the high-speed SPARC station can be connected to the other high-speed SPARC station, and the workstation can be connected to the server.

Dual Nebula 2000 Switches Connected with a Full-Duplex Link Previous screen A full-duplex (20M bps) link is established between each of these devices. Because there is no media access delay nor collisions for any packet forwarded to a full-duplex link, network latency is greatly enhanced. In the full-duplex architecture of the Nebula 2000 Switch in Exhibit 5, all switching takes place within the Ethernet switch because the Ethernet switch serves as Front-End Processor for the segments distributed behind the switch. Application Not every Ethernet LAN is a candidate for switching. An ideal application requires the presence of multiple hubs residing in multiple departments, floors, or buildings. There should be the presence of high-performance workstations with applications that demand high bandwidth (e.g., CAD/CAM, imaging, and multimedia). These conditions would be characteristic of large campus environments typically associated with academic or industrial research activities. Typically in these environments there will be clusters of high-performance workstations (e.g., Sun SPARC and DEC Alpha) used for scientific, imaging, and multimedia applications. These applications generate large amounts of traffic with high demands for bandwidth. In this environment, Ethernet switches serve as a natural extension of the network segments. These switches would be capable of supporting parallel internetworking of subsegments thereby optimizing the capability of the network without sacrificing the investment in the infrastructure. Exhibit 6 shows an overview of the University of California Supercomputer Center Previous screen network that supports the academic and research requirements for University of California San Diego as a large user constituency scattered around the world. In this network, the planners have deployed an inexpensive Ethernet switch (Nebula 2000) to link a number of external and internal networks to their diverse computing resources.

San Diego Supercomputer Center This design concept makes use of a collapsed backbone network supported by a Nebula 2000 switch concentrating four different networks within their Supercomputer Center in La Jolla. The four-tier filtering capability of the Nebula 2000 makes it possible to extend the vast resources of the Supercomputer center to outside researchers, keeping all users within a well-defined set of boundaries. A router connects the Nebula 2000 to an FDDI network within the center, which in turn provides links to the Cray C-90, Intel Paragon XPS 30, and various other computing resources. Triggering Events The key element of this type of a strategy is the employment of network filtering to reduce the amount of traffic that flows across the network. This technique serves to contain extraneous traffic to the appropriate networks but allow passage of those packets of information with a specific requirement for access. Extensive application of MAC address filtering ensures that only those specific assigned users will have access to secured information resources. In this situation, the Nebula 2000 serves to selectively isolate traffic to specific LAN segments and broadcast groups to maintain overall performance levels. This form of segmentation allows for parallel communications as well as the isolation of specific workstation groups with requirements for high-speed throughput. In addition, in a university or campus situation there is likely to develop a number of workgroups with a demand for large amounts of bandwidth. In the case of the University, many workgroups are engaged in special research projects where there is an unnatural distribution of high-speed workstations (e.g., Sun SPARC terminals, DEC, and UNIX- based servers). The design concept for this type of network architecture is to establish, at an early stage, the capability to isolate or reorganize high-speed workstations into communities of interest before they impact the performance of the network. In a typical campus-type network environment, the application of a Nebula 2000 switch can greatly enhance the process for dividing the network into smaller more efficient workgroups. The Nebula 2000, supported by an established hierarchical structure across the campus, is capable of fully interconnecting each of the established subnetworks of the various departments. The Nebula 2000 filters the local traffic and connects specific segments at full wire speed. The university experiences frequent moves and changes, however, the Nebula 2000 StarGazer NM system can accommodate moves, additions, and changes to make for a very smooth implementation of a new LAN segment. A Network in Transition—A Case Study Exhibit 7 presents a general overview of a network for a large insurance company. Over the years their network expanded indiscriminately starting first as a Unisys minicomputer- based proprietary network. This network expanded to the point that the network was unable to support the user population. This gave rise to the establishment of several separate dedicated networks using PCs and high-speed workstations from Sun, Hewlett-Packard, Previous screen and Digital Equipment Corp. There are now more than 350 workstations that comprise several functional LANs.

Existing Installation of Standalone Networks As the company expanded through acquisitions and customer growth, a number of disparate networks evolved. The application of LAN network operating systems (e.g., NetWare and Lantastic) allowed individual user groups to set up LANs by lines of business. This expedited the automation of the company's lines of business, but left the company with several customer data base structures as well as a complex process for interLAN server communications. The establishment of a common corporate customer data base greatly improves sales and customer service. Exhibit 8 shows one solution for a design concept for the insurance company's expanding network. This concept deploys intelligent hubs and a large- scale Bay Networks router to support an enterprisewide network. Because the insurance company has consolidated their operations in a high-rise office complex, their network can be organized based on a collapsed fiber backbone. The old proprietary network can now be phased out and a migration path established to phase out the old Unysis A-series platform.

Insurance Companies Networks (from Exhibit 7) with Interworking Components Additional functional LANs can be phased in as required. For example, several functional LANs have been reestablished to support the fire and automobile lines of business on the casualty network. Health and life lines of business can now be supported to a newly established life policy network. The former administrative and Unysis network can now function to support E-mail, word processing, and general internal business applications (e.g., billing and receivables). The integration of intelligent hubs incorporating Ethernet switches over a fiber backbone provides for the segregation of communities of interest onto separate subsegments. Additional Ethernet switches provide for the direct interconnection of selected servers to improve access to customer files. This arrangement makes it possible to contain the amount of enterprisewide traffic and keep like traffic within the same community of interest. Therefore, bandwidth can be kept to a minimum across the enterprisewide network. Previously, server traffic often created network slowdowns during key periods of the work day because of frequent cross-server access by unrelated line-of-business users. To remedy this situation, some of the intelligent hubs have been introduced onto the network. This allows some of the key servers to be directly linked as well as some of their high-speed workstations. Once again, this strategy allows the network administrator to contain high bandwidth requirements to specific LAN subsegments optimizing the performance on the entire network. The Bay Networks router functions as both a bridge and router, providing for multiprotocol routing of all network traffic. This arrangement provides a collapsed backbone network architecture over a fiber backbone media. This strategy supports the continued addition of functional LANs to support a variety of new lines of business. Network Management Concerns Previous screen When implementing hub-mounted Ethernet switching engines, it is necessary to maintain a complete view of the Ethernet switch elements in terms of topology, configuration, status, and performance. As can be seen in the university model in Exhibit 6 and the insurance company network in Exhibit 7, in a widely distributed network it would be possible to quickly lose track of their topology and the status of their switching configurations without a system for management. Although the switch vendors(e.g., Cabletron and Bay Networks) have network management systems available for their switch products, it is important to recognize the elements of management that are required to support a high- speed widespread LAN. The university network shown in Exhibit 6 has the Nebula 2000 StarGazer network manager in place. This network management system provides a 3D graphics system that allows quick identification of network bottlenecks. A series of tools allows the network administrator to monitor network traffic in real time. Instantaneous feedback on individual ports and cumulative traffic allows the network manager to quickly identify network problems. A feature allows the user to calculate and display the configuration of the current network topology. A trace port provides for the interface of a LAN analyzer that runs with a diagnostic program allowing the network manager to evaluate each active port without removing cables. Various options allow the user to display the logical relationships of the Nebula switches and their relationship to other devices on the network. A port configurator function is available that allows the user to display the configuration of each Nebula port, its filtering setup, address resolution protocol leakage, and other control parameters in real time. The StarGazer is an icon-driven Windows product that provides a range of options for monitoring and gathering statistics. For example, there are options for viewing the status of the Ethernet switch, set traffic thresholds, measure traffic at each of the ports, and measure and evaluate a range of network faults. There is also an option for simulating network segmentation and the impact of traffic on the segment in relation to Ethernet switching. This is a valuable aid in managing the placement of Ethernet switches across the network. StarGazer is an SNMP compliant network management system supporting both in-band and out-of-band SNMP management using Windows for ease of use. ATM Switching and LAN Emulation Desktop Asynchronous Transfer Mode switching is being heralded as the next step in advancing the capability of a LAN or a multiple campus network to increase their throughput. This has become possible through the development of LAN emulation (e.g., LANE 1.0), an architecture developed by the ATM Forum that makes it possible for native LAN devices and protocols to communicate over Asynchronous Transfer Mode. In recent tests using backbone ATM links, both IP and Internetwork Packet eXchange Ethernet traffic could be handled easily over ATM. Although IP and Internetwork Packet Exchange (IPX) routing will work over Token Ring networks, source-ring bridging—a mandatory element in Token Ring networks—will not work over ATM. ATM integration can add significant complexity to a network configuration in terms of network management and network configuration. Not Plug and Play Previous screen Although users have become accustomed to the shrink-wrap nature of the PC world, the connection-oriented nature of ATM, along with developing standards and new techniques, presents a steep learning curve for the network administrator. For example, each ATM session is a direct connection between devices that demand a different set of analysis procedures that are quite different from that of a shared LAN environment. In addition, configuring an ATM gateway requires learning the operation of an entirely different device: an Asynchronous Transfer Mode switch. This dictates an additional set of tasks to get routers and servers properly interfaced. Such tasks involve configuring the ATM switch to establish the correct signaling protocol and related parameters. ATM Is Not Cheap ATM is still expensive because the equipment is still in limited production and the market is generally not ready to step up to the plate. For example, a baseline four-port ATM switch will cost about $33,000, while an ATM OC-3 port card for a router can cost as much as $26,000. Aside from costs, the LAN administrator will have to plan carefully because ATM switches do not interoperate. For this reason, it may be wise to start first with point-to- point backbone arrangements before interlinking multiple servers. Multiaccess LAN Servers Service providers are emerging to support the transport of high-volume LAN traffic. For example, these companies provide multitenant access to a single high-speed communications link. The cost of these high-speed links can be charged back to multiple users at a fraction of what they might cost for a private network link. These transport services provide transport of IP and Internetwork Packet Exchange (IPX) traffic in an ATM pipe. They are supported by special ATM edge switches that are designed to completely fill an ATM pipe, making it economically feasible to support many different users at the same time. An example of such a switch can be found in the NetEdge ATM Connect Switch, which is designed to support secure access to a single ATM link by multiple end users. This switch can support both permanent and switch virtual circuit arrangements. It will also support IP routing over Switched Virtual Circuit arrangements. Conclusion Newer high-performance workstations crowding the market are certain to expand the demand for bandwidth in the late 1990s and beyond. The introduction of low-cost Ethernet switches will allow network planners to extend the capabilities of their LANs as well as optimize degrading network performance as it may develop. Switching technology provides the LAN administrator with the ability to preserve a growing network infrastructure investment while meeting the needs of the network user for more bandwidth. As the application of Asynchronous Transfer Mode begins to evolve, the network administrator positioned with Ethernet switches will be able to migrate into the higher-performance levels of Asynchronous Transfer Mode. Author Biographies Previous screen Andres Llana, Jr. Andres Llana, Jr. is a telecommunications consultant with Vermont Studies Group, Inc., in Kind of Prussia PA. He attended Temple University, the US Army Signal Group, and the US Army Communications College.