**OT** Info from Berkeley Networks home page
berkeleynet.com
The Need for a New Switch Architecture
With the industry convergence on IP and Ethernet in enterprise
LANs, and the emergence of multi-Gigabit routing switches,
simplified deployment of scalable high-speed switched enterprise
networks is now within reach. However, a new set of problems is
surfacing. Next-generation applications, being readied for
deployment in enterprise computing environments, will have an
unprecedented impact on the network. Media-rich groupware,
object-based ERM software, Web publishing, distributed
databases, collaborative video and "push" technology are all
examples of applications that significantly increase the demands
on the network's bandwidth, responsiveness, availability, security
and administration. These demands cannot be addressed in a
cost-effective and simplified manner with today's switches and
routers, which are both blind to the applications as they flow
through the network and unaware of their resource needs.
The Next Step - Intelligent Networks
The next step in networking is the creation of an intelligent
infrastructure, which can meet the demands of next-generation
applications. An intelligent network infrastructure will deliver the
following core benefits:
1.Application visibility - Provides full visibility into the
performance of the network for specified applications
without loss of performance (e.g., how much SAP R/3 traffic
was sent into the network and how much of this traffic was
lost).
2.Secure control - Authenticates the use of network
resources by both applications and users (e.g.,
authenticates an application or user sourcing multicast
traffic onto the network).
3.Policy-driven application optimization - Authorizes and
enforces the optimized delivery of applications according to
business-specified policies (e.g., in the manufacturing plant,
treat any traffic to or from the inventory database server as
high priority).
4.Simplified administration - All networking and computing
elements are administered from a single point of
authoritative control from anywhere in the network (i.e., the
directory service provides a single common datastore for
the secure exchange of information between applications,
clients, servers and network elements.
An intelligent network infrastructure has two fundamental
components: 1) integration of network services and 2) application
awareness.
Integration of Network Services
A network operating system is used to provide directory, naming,
security, and management services for this new generation of
network-focused applications. As applications become more
dependent on the network for mission-critical operation, the
network operating system must integrate a broader range of
network services, including those services required to control the
network infrastructure. For example, the Windows NT network
operating system now includes industrial-strength routing and
remote access services (i.e. Steelhead) and DHCP for dynamic
allocation of IP addresses. The release of Windows NT 5.0
promises an even more comprehensive set of network services
and applications from both Microsoft and third-party ISVs
(independent software vendors).
But switches and routers require direct access to the services
provided by the network operating system to support these new
applications and to maintain a stable and controlled network
environment. Such access is not available in current products,
which are predominantly controlled through the SNMP protocol.
Tight integration and cooperation of directory services, security
services, naming services, and transport services (e.g. routing,
multicast, QoS) is critical for next generation intelligent networks.
To meet this challenge, todays network software architecture
responsible for controlling routers and switches must undergo a
fundamental change. One obvious answer to this problem is to
integrate the network operating system directly into network
switches and routers.
Application Awareness
Integration of the network services with the network infrastructure
provides the knowledge necessary to manage and control
application resource requirements in an intelligent network.
However, the underlying switching and routing elements must be
able to make use of this knowledge by dynamically classifying
application flows and enforcing traffic and security policies at
wire-speed.
Application classification is done at wire-speed by switching
hardware, which examines the TCP and UDP port fields of IP
packets. Some applications, such as HTTP, have a well-known
reserved TCP port defined by the IETF. Others, such as SAP
R/3, require that a network administrator configure the TCP or
UDP port to be used. By processing the TCP/UDP port
information, the switch determines the applications flowing
through the network and can enforce static monitoring and
class-of-service policies. This mechanism is no different from the
application of TCP/UDP traffic filters in a traditional router, except
that the filter classification and resulting action is done at
wire-speed.
However, this simple mechanism does not address the needs of
a new class of applications that dynamically negotiate the TCP or
UDP port for network transport. Such applications include H.323
streaming audio and video applications, certain push
applications, CORBA/IIOP applications and DCOM applications.
All of these applications have a control channel, which
dynamically negotiates the final port number for the data transfer.
Therefore the simple setting of a static filter based on a
well-known TCP/UDP port does not work. A more intelligent
switching mechanism is required which can understand the
dynamic nature of these new applications.
Meeting the two fundamental requirements of network service
integration and application awareness for intelligent networks is
the driving force behind a new architectural concept. The
integrated network services switch, an approach originated by
Berkeley Networks, will provide a fully integrated set of
multi-vendor networking services on an application-aware
switched infrastructure that is simple to manage and can provide
one to two orders of magnitude increase in network performance
over the current installed infrastructure. |
