Once again, no-clue follow-the-herds analysts have no idea of this
combination.
The mkt for high-performance, security enhanced (check-point in ASIC), load-balancing capable switches will have a big mkt for both Enterprise and ISP. Based on the exponential growth of web servers and web caching needs there is a great potential. IMO, this will generate 40-50 M in revenue for the first 2 qtrs, 100 m to 150m in the next 2 qtrs. Going forward, the mkt for this sector is 2 to 3B $ and depending on how FORE can take advantage of the technology they can capture a large mkt share.
Another very key point is that, this will allow FORE to provide a better end-to-end support for various services (QoS etc).
IMO, this should add 4c to 6c (not including charge-off) for the first six months and up to 15C for the next six months.
---- Info for Exponent switches
By Paul Anderson and Gail
James
Network World, 7/20/98
A Layer 4 switch makes smarter
forwarding decisions than its Layer 2
and 3 predecessors by interrogating
application-level information, such as
TCP port number, in each packet it
receives. Berkeley and Alteon
accomplish this with negligible latency by
embedding the code for header
interrogation in Application Specific
Integrated Circuits (ASIC) in the switch.
Strictly speaking, however, the term
Layer 4 switch is a misnomer. ISO
Layer 4 transport protocols, including
User Datagram Protocol (UDP), TCP
and XNS, ensure reliable data transfer.
Switching implies a connection between
source and destination addresses, which
does not occur at Layer 4. It would be
more accurate to refer to these new
switches as Layer 2 or Layer 3
application switches and to describe
their function as router filtering.
Terminology aside, there's little
consistency in the way vendors are
implementing Layer 4 features.
Berkeley's Windows NT-based
exponeNT e4 is a Layer 3 switch with
quality-of-service (QoS) support and
firewall security, while Alteon's
ACEswitch 180 is a Layer 2 switch that
targets traffic load balancing, HTTP
cache server redirection and network
address translation over multiple servers.
Both vendors' switches support all
Ethernet speeds (10M, 100M and 1G
bit/sec); however, Berkeley's switch is
designed for large enterprise
installations, while Alteon's is intended
for organizations with large numbers of
Web or FTP servers.
The narrow focus of these
first-generation Layer 4 switches is not
unusual, so don't expect to find a long
list of application filters in a single Layer
4 switch any time soon. Rather, watch
for more Layer 4 switches that
concentrate on solving a specific
problem very well. (Two other vendors
- Cabletron Systems, Inc., with its
SmartSwitch Router, and Torrent
Networking Technologies, Inc., with its
IP9000 Gigabit Router - declined our
invitation to send their Layer 4 switches
for this review.)
The key to shopping for a Layer 4
switch is to find one that supports the
Layer 4 functions that will help you
most. For many network managers, this
means getting over a reluctance to install
switches from multiple vendors. If
managers can overcome this reluctance,
the advent of Layer 4 switches may
prove that performance benefits
outweigh a desire for uniformity.
Performance plus safety
Berkeley Networks' exponeNT e4
Layer 4 switch allows you to prioritize
traffic and firewall functions at LAN
speeds. The switch includes Check
Point Software Technologies, Ltd.'s
FireWall-1 embedded in ASICs, which
eliminates the latency associated with
firewall authentication that is
experienced with other switches. The
exponeNT e4 QoS feature can be used
to specify up to four priority levels for
many common network applications (or
on any field in the first 64 bytes of an
incoming packet). In addition, for very
special cases where security is a primary
concern and traffic levels are extremely
high, Berkeley Networks reports that
the exponeNT e4 switch can also
support load balancing of as many as
four firewalls.
In our tests, Berkeley's exponeNT e4
switch handled more than a gigabit of
aggregated traffic while performing
security authentication over a
combination of 10M and 100M bit/sec
Ethernet and Gigabit Ethernet ports. In
fact, we found that the traffic generators,
not the switch, were the limiting factor.
Our tests, during which we transmitted
more than a gigabit of traffic every
second, were unable to significantly
stress the 20G bit/sec switch fabric.
To test latency induced by the firewall
function, we first ran Check Point's
FireWall-1 on a separate security server
and switched traffic on the exponeNT
e4 switch without enabling the firewall
ASIC. Next, we enabled the ASIC and
again sent the same level of traffic over
the switch.
Our test showed that without firewall
ASIC enabled, the traffic throughput
peaked at just over 25M bit/sec
aggregate throughput with 96.7%
firewall server CPU utilization. With the
firewall ASIC enabled, bandwidth rose
and CPU utilization fell dramatically: The
exponeNT e4 switched secure traffic at
more than 1G bit/sec aggregate
throughput and only 0.2% server CPU
utilization.
Berkeley's management software for
switch and port configuration is among
the best we've seen for any switch or
router. You can control the exponeNT
e4 from either a console connection or
across the LAN. A command line
interface is also available for slower
modem connections and telnet access.
The configuration utility, which is
accessed through Windows NT Remote
Access Administrator, features a
comprehensive graphical user interface
(GUI) that's easy to use and loaded with
useful features.
Berkeley's management software also
provides useful statistics and reports
through Windows NT Performance
Monitor. Alternatively, you can
configure the switch through a second
Ethernet port on the switch management
module. This allows you to create a
separate management LAN completely
isolated from the users' network.
Berkeley plans to add server farm load
balancing functions and implement
integrated policy control using Windows
NT's Active Directory Services, Novell,
Inc.'s Novell Directory Services and
other Lightweight Directory Access
Protocol-compatible directories. The
company also plans to release a
browser-based configuration utility in
September and incorporate port
copying functions to funnel traffic to a
separate port for decoding by a
protocol analyzer. |
