Why Cabletron Electronics
After five years of planning and construction, in July 1995, the first segment of the campus fiber network was being completed and would soon be available for use. In preparation for this, in Spring 1995, a campus fiber task force was organized by the Systems division of the Office of Information Technology (OIT). This task force was chaired by Jim Gogan, Director of OIT/Systems, and included the following representatives:
- School of Medicine
John LoonskRochelle Newton-Brown
- Computer Science
Ken WeaverKevin Jeffay
- Communications Studies
- Communication Technologies Office
David ValleroySteve Harward
- Administrative Data Processing
- UNC Hospitals
Bill GrovesJim KitchenMike Hawkins
- School of Public Health
This task force was charged with defining the requirements for the campus data network that would be included in a “Request for Information” to vendors of data networking equipment. In May 1995, the following RFI was sent to an exhaustive list of network vendors:
The University of North Carolina at Chapel Hill is in the process of installing a campuswide fiber-optic backbone cabling infrastructure. The initial purpose of this backbone will be to replace the existing 5 Mb/sec broadband coax data network with a more suitable, high performance network architecture. The first segments of this fiber infrastructure will be available for use by July 1995. To as great an extent as possible, data networking across these initial buildings needs to be migrated from the broadband coax to the fiber by the start of the 1995 fall academic semester. The level of network activity can no longer be met, even in the short term, by a 5 Mb/sec backbone system.
Those involved with planning for the campus data network believe that, ultimately, ATM (Asynchronous Transfer Mode) networking allows for the greatest potential in terms of scaleable bandwidth, traffic load balancing, and quality of service for time-sensitive services, such as multimedia network applications. However, at this time, the network planning groups believe that there are too many unknowns in terms of performance and scalability questions in ATM implementations to go directly from the existing 5 Mb/sec coax system to a production ATM environment within the next three months.
For that reason, the University is looking for vendor products that would provide a switched Ethernet over fiber solution to provide a transition phase from the existing coax backbone network.
The proposed topology is depicted below. In this diagram, the boxes represent fiber Ethernet switches as described in the section following. The unterminated lines from these switches represent fiber Ethernet segments to adjacent buildings; the appropriate fiber transceivers or repeaters for these “satellite” buildings are not a part of this request for information.
Two different models will be considered:
- all ten (10) switches offering 10/100 Mb/sec (user configurable) fiber Ethernet ports; or,
- six (6) switches with 10 Mb/sec fiber Ethernet ports and a minimum of two 100 Mb/sec fiber Ethernet ports, and four (4) switches with all 10/100 Mb/sec (user configurable) fiber Ethernet ports.
The required features for these switches are as follows:
- all switches must have a minimum of ten ports;
- the switches must allow multiple paths for redundancy, controlled by Spanning Tree algorithm;
- switches must provide capability for byte-level filtering per port;
- all products must be SNMP MIB-II compliant with Telnet access and out-of-band console management;
- all products must be deliverable by July 31, 1995.
The following switch features are desirable:
- all switches should support both ‘cut-through’ and store-and-forward, as configurable option;
- at least two of the switches (the switches to be located in Macnider and Phillips) should allow for multiple concurrent paths to be multiplexed together for greater aggregate bandwidth.
Vendors must include information as to the MAC address table size per port and per switch of the proposed switches, as well as indicate what happens when the table size is reached. In addition, the range of values for the aging timer should also be specified.
The selection of the switch products will be based on the above criteria, in addition to cost. Vendors replying to this request for information should indicate available support and warranty information, as well as any information about ATM upgrade plans for relevant switch products. All information should be sent by June 22, 1995 to:
Jim Gogan, Director
Responses were received from Kalpana/Cisco, PlainTree, SMC, Xylan, Cabletron, and 3Com. [IBM had been contacted and assured us that a proposal would be sent, but none ever was received. Bay met with the group and chose not to submit a proposal.] Unfortunately, 100 Mb/sec Ethernet fiber switches were not yet available from these vendors and would not be in the required time frame. The proposals that were submitted reflected this reality and proposed either FDDI or ATM for the building interconnect at this time. The task force accepted this and, based on considerations described above concerning ATM, focused on those proposals that utilized switched FDDI alternatives. Eventually, the choice was narrowed down to either 3Com or Cabletron. Both vendors submitted similar architectural proposals; the differences came down to fault tolerance considerations, management features and performance.
With unanimous support from the fiber task force in October 1995, the final choice of Cabletron was made based on the following purchase justifications:
- equipment must support switched FDDI, the planned backbone technology for UNC-CH, with Tier 1 chassis able to support no less than 20 separate FDDI rings;
- equipment must support switched Ethernet for internal building connectivity;
- equipment must support shared FDDI and Ethernet technologies;
- equipment must support (and be currently shipping) ATM connectivity;
- equipment for Tier 1 buildings must additionally:
support load sharing, redundant, host-swappable power supplies;utilize a passive backplane, with no discrete electrical components on the backplane;support dynamic and automatic reassignment of management function for the chassis across modules;
- equipment for Tier 2 and Tier 3 buildings must additionally: o support redundant power supplies with load sharing capabilities; o utilize a passive backplane; o allow swapping of media interface;
- Ethernet switching modules must support all RMON groups per port;
- all equipment must be provided by a single manufacturer for support considerations;
- equipment must support a strategy (either announced or shipping) for virtual routing through connection oriented switching services across multiple switches;
- where routing is deployed, system must utilize Cisco’s IOS routing software to be compatible with existing on-campus routing deployment;
- equipment must be fully manageable with no loss of function through Cabletron’s SPECTRUM network management system, the network management platform currently in use at UNC-CH.
The original backbone purchase was made on October 1995 for 48 switches. Since that time, over 300 Cabletron switches have been purchased and deployed throughout campus. In early 1996, fiber-based 100 Mb/sec Ethernet switches were available in quantity and the inter-building links (as well as numerous intra-building links) since mid-1996 have been deployed with 100 Mb/sec Fast Ethernet. We anticipate that future bandwidth requirements beyond full-duplex Fast Ethernet will be based on Gigabit Ethernet technologies.
Network Architecture and Principles
In terms of the physical architecture strategy, this can be seen in the attached document “UNC-CH Network Architecture Strategy”. The basis for this architecture has been a set of principles underlying the foundation of the UNC-CH data network. These are: manageability, a switched architecture, fault tolerance, user mobility, “virtual networking”, security, performance/capacity, and consistent philosophy by preferred vendor(s). The information below describes these principles and highlights why we believe Cabletron best addresses these principles.
One of the most outstanding features of Cabletron’s switch products is the implementation of RMON (Remote Monitoring) on all ports. RMON is an Internet standard for proactive monitoring and diagnostics for distributed networks. The RMON standard was designed as a distributed computing architecture, where agents communicate with a central management station through the Simple Network Management Protocol (SNMP). The key benefits of implementing RMON are high network availability for users and high productivity for network administrators. A recent study by McConnell and Company showed that with RMON capability, the larger the network, the larger the gain in productivity—as much as 2.5 times over networks without RMON support.
Per-port RMON allows us to manage and fully analyze traffic patterns on each switch segment. This feature is found on few switches since it adds significantly to the product’s price and, if implemented improperly, can create switch performance penalities. However, doing without RMON capability is a classic example of being “penny wise and pound foolish”.
With per-port RMON, we have the capability to obtain true analysis of the network. Rather than guessing as we implement load-balancing and switch threshold levels, these can be determined by actual traffic flows and historical data. Without per-port RMON, we would be seriously limited in our ability to analyze network problems and provide appropriate capacity planning.
Another aspect of Cabletron’s superior management philosophy is their network management software platform, SPECTRUM. Even before we had made a commitment to Cabletron networking hardware, we had conducted an extensive evaluation of the major network management systems on the market: HP OpenView, IBM NetView6000, Sun’s SunNet Manager and Cabletron’s SPECTRUM. Our evaluation put SPECTRUM far in front of the other products, due to its design as a true network systems management platform rather than as a manager of individual devices or network elements. Our findings have since been confirmed by other evaluators such as Network Magazine (who named SPECTRUM the 1996 Product of the Year), Network Computing (who awarded SPECTRUM their 1997 Network Management Platform honor), and most recently BBN (who has chosen SPECTRUM to manage their entire Internet backbone service). Not surprisingly, SPECTRUM, while able to manage all SNMP compliant network devices, is especially powerful in managing Cabletron’s own networking hardware.
In addition to SPECTRUM, Cabletron also has a device/element management software product known as SPECTRUM Element Manager (SPEL). SPEL is a Windows 95/NT product designed to facilitate device configuration and quick analyses of individual network switches. We have licensed this product for all Networking and Communications network staff notebook computers to facilitate both on-site and off-site network management.
To provide both the level of performance and the mobility requirements discussed below, we are firm advocates of the networking philosophy “switch when you can; route only when you have to.” Particularly as we begin to deploy more switched Ethernet directly to the desktop, network switching can increase aggregate bandwidth directly proportional to the number of switch ports deployed. However, in order to truly maximize the performance potential of switching architectures, the actual switching engine has to be provided in hardware, through the work of Application-Specific Integrated Circuits (ASICs). This approach provides a rich feature set and a much faster switching engine than systems that rely on software being executed on standard CPUs.
Cabletron’s entire product line is based on the concept of switching from the backbone to the desktop. There is no ambiguity as to the roles of switching vs. routing. Furthermore, Cabletron’s ASIC switching architecture is based on a single ASIC set across their entire product line, which facilitates a consistent solution.
One of the most likely failures on today’s networking hardware comes from power supplies. Cabletron provides for redundant power supplies at all levels of their product, from the highest end chassis to the stackable 24-port switch.
In addition to that, the core switch of our network environment, the Cabletron MMAC-Plus, is designed for maximum fault tolerance. The chassis does not rely on a single module for any function; the failure of a module will only affect the devices connected to that specific module. The buses and backplane of the MMAC-Plus chassis utilize passive technology, void of any fixed, active components. Furthermore, each backplane bus, including management, power and data is fully redundant.
Beyond just basic fault tolerance, Cabletron’s architecture allows for automatic load balancing among multiple parallel interswitch links or meshed connections (which we are planning to implement). In addition to the fault tolerance this provides, it also allows interswitch bandwidth to scale as all parallel or meshed links can be fully active and function as multiple trunks with N x bandwidth. Redundant links on other switches based on traditional Spanning Tree models can provide fault tolerance only without the scalability of bandwidth. Furthermore, the link state protocol used by Cabletron with the parallel or meshed links can sense a failed link and re-route traffic over alternate paths in as little as 3 seconds.
In a large, open academic environment, such as UNC-CH, there is a requirement for end-users to be able to utilize their IP address without re-configuration in locations across campus. As notebook computers become more prevalent, it will be common for faculty to bring their computers from their offices to the classroom. Having to reconfigure information such as IP address, subnet mask, default gateway as one moves from one building to another is not something that we want faculty members to have to do. The combination of a flat, switched architecture combined with the functionality of “virtual LANs” (VLANs) provides that mobility while still providing the broadcast controls of routing. We believe that Cabletron is best positioned to provide this capability.
Most of the networking industry today has strategies in place or in development to allow for the existence of “virtual LANs” or VLANs over a switched infrastructure. This basically is a mechanism to allow for a switch-based broadcast domain that emulates a direct wire connection among various network entities. In general, most of these VLANs are based on either the port of the switch or the hardware/MAC address of the user’s Ethernet adapter. The purpose of VLANs is to facilitate the “adds, moves, and changes” that can be complicated by the need to change network addresses as you move physical locations. By implementing VLANs, users can stay as members of a common broadcast domain regardless of physical location.
However, most VLANs are based only on port or MAC address. Cabletron’s VLAN implementation not only supports port and MAC address, but also allows for protocol-based and policy-based VLAN creation. Examples of policy-based VLANs are in broadcast and security issue considerations. Creating a policy-based secure VLAN would mean that traffic couldn’t move from any other VLAN to the secure one unless it passes through a router, allowing for router access-lists only where necessary.
Cabletron’s VLAN approach has been found by many evaluators (such as Communications Week, Network Computing and Data Communications) to have the most powerful yet flexible VLAN implementation of all switch vendors. The key to Cabletron’s solution relies on each switch’s ability to keep track of every source packet and its destination. In doing so, the switch associates the Layer 3 (protocol) information to its Layer 2 hardware/MAC address. This lets the switch “cut-through route” any packet for which it knows the end-to-end connection. The switches do a peer-to-peer distribution of VLAN mappings to support user mobility.
One of the other powerful aspects of Cabletron’s VLAN implementation addresses the broadcast concerns of a flat, switched network. There are three features to control and limit broadcast; these are based on the protocol features of Cabletron’s VLANs. First, is Broadcast Scoping, under which broadcast packets are sent only to network devices that need them; for example, IPX or AppleTalk broadcasts can be kept from being sent to switch ports that don’t have Novell or AppleTalk devices on them. Second is Broadcast Interception, which recognizes a broadcast packet destined for a specific client and converts it to a unicast packet; an example of this would be IP/IGMP multicast traffic. This is significantly important to us as we begin to deploy more IP multicast applications to support desktop video services at UNC-CH. The third feature is Broadcast Storm Protection, which allows us to establish broadcast packet thresholds for each switch port, and either log or disable ports that exceed this threshold.
The final element of the SecureFast model is SecureFast Virtual Networking (more than just VLANs) that delivers many of the benefits of ATM, without the complexities or replacement of existing Ethernet network infrastructure. SecureFast Virtual Networking provides for a connection-oriented environment wherein the first packet is routed as the best-path connection is set up, but all successive packets are switched, providing a best of all worlds approach.
We believe first and foremost that the emphasis for security in information technology be at the host level. We have seen too many instances of system administrators wanting to have the network do their work for them. It is imperative that good system administration skills and practices be supported across campus, ensuring that proper security configuration procedures are implemented at system installation, that known security patches from CERT are applied in a timely and appropriate manner, and that authentication and encryption tools like Kerberos, S/MIME and PGP be used in a consistent manner.
Nevertheless, one of the major security concerns that relates specifically to the network is keeping unauthorized users from “snooping” or eavesdropping passing over the network. With a “broadcast based” technology such as Ethernet, it is possible to utilize software that puts the network adapter in a “promiscuous” mode, allowing a user to view every packet that passes through their connection to the network. With a highly switched architecture, however, particularly as we implement switching to the desktop, no unicast traffic can be seen even by a “sniffer” program. Only basic broadcasts that are part of the normal functioning of network protocols can be viewed, not user data.
The eventual implementation of Cabletron’s full SecureFast Virtual Networking strategy will more fully enhance this security through the policy-based VLANs. We will be able to restrict where traffic can go and who is allowed access to what networks and network resources, much like routers today, but with the added advantage of not basing these restrictions on geographic/building location.
A key element to the UNC-CH network has got to be the high performance required for the leading edge instructional and research applications that exist today and are being developed for tomorrow. The three characteristics that we use to measure performance are: high throughput, low latency (delay between packet transmissions), and minimal jitter (the variance in that delay). Low latency and jitter, in particular, are critical requirements for the successful delivery of multimedia applications.
We have found Cabletron switches to excel not only in raw throughput, but also in the areas of latency and jitter. Others have found the same high levels of performance. At the end of 1996, the Cabletron MMAC-Plus/SmartSwitch architecture was studied by Strategic Networks Consulting and Scott Bradner from Harvard (a leading Internet authority on measuring network performance and throughput).
The summary of their findings is as follows:In particular, the goal was to verify that the fully distributed switching architecture of the MMAC-Plus SmartSwitch provides media rate throughput that scales well into the multi-gigabit per second range. The aggregate throughput performance is higher than any previously observed by Strategic Networks or Scott Bradner for routers or frame switches. The high performance of the MMAC-Plus SmartSwitch is complemented by the high degree of functionality provided through SecureFast Virtual Networking. SecureFast provides many of the benefits of router functionality without compromising the performance, price, and ease-of-administration advantages characteristic of a switched internetwork.
The distributed switching architecture of the MMAC-Plus SmartSwitch provides local, on-module switching bandwidth in addition to the multi-gigabit capacity of the INB backplane. This allows for throughput capacity thresholds to be entirely independent of the INB backplane. This independence was demonstrated by a test in which 40 streams of local Fast Ethernet traffic were forwarded at full theoretical media rates without a single packet of control or route distribution traffic crossing the backplane. In this test, aggregate throughput among the modules equalled 4.0 Gbps… No packets were lost in this test…
A second test reflected traffic patterns more likely to be experienced in production networks where some traffic is locally switched on-module, while some traffic is switched between modules across the INB backplane. The MMAC-Plus SmartSwitch achieved the full wire speed throughput rate of 2.8 Gbps … when switching 28 Fast Ethernet streams in a mixture of on-moudle switching and off-module switching over the INB… No packets were lost in this test … Scalability of performance and performance capability are also crucial considerations. Cabletron equipment has been shown to be sufficiently modular to support not only additional modules and ports as required, but to advance to new technologies as bandwidth considerations required and Quality of Service issues become more defined. For example, the MMAC-Plus architecture is capable of supporting an aggregate bandwidth of up to 75 Gb/sec, a throughput of 10.5 million packets per system, and a port capacity of hundreds of Ethernet segments. We have seen, in a short 18 months, the ability to support as diverse a range of technology as Ethernet, FDDI, Fast Ethernet, ATM, and most recently, Gigabit Ethernet all within the same architecture.
Of all the network vendors with which we interact, Cabletron has the most consistent network philosophy and architecture. Unlike some vendors that can’t decide if they want to sell you switches or routers, or if it’s switching, is it “NetFlow Switching” or “Tag Switching”. Since we’ve been working with them, Cabletron has been very consistent in terms of their concept of SecureFast Virtual Networking/Switching. The cornerstone of their VLAN implementation embodies an overall approach to networking that is both logical and elegant, as well as consistent across all hardware platforms, be they packet switching (Ethernet and FDDI) or cell switching (ATM). With the MMAC-Plus technology, they have provided a superior hardware infrastructure that can remain in place while only individual modules are replaced with life-cycle upgrades. In short, Cabletron’s networking philosophy is based on an architecture that protects the customer investments, reduces the total cost of network administration, and provides migration to multiprotocol, connection-oriented, virtual networks regardless of LAN topology.
It is the opinion of the ATN Networking and Communications group that Cabletron Systems, to this day, continues to provide the best product fit and philosophy of networking to match the UNC-CH architecture principles. While there are a number of areas that have not yet reached their potential on this campus, such as the scalability requirements for SecureFast Virtual Networking, Cabletron is continuing to work with us at an appropriately advanced engineering level to give us confidence that our long-range operational goals can be successfully met.