Young people working in an open plan office

Technologies

Figure 2

Storm control

The most common reason for outages in an Enterprise LAN is a packet storm caused by an inadvertent loop. Although resiliency protocols like STP are very effective in protecting networks from loops, they are still vulnerable to misconfigurations, and implementation problems.

Therefore, Allied Telesis switches implement a range of loop detection and storm protection mechanisms to contain and suppress storms if loops do occur.

  • Rate limiting of flooded packets - broadcast, multicast, and destination-lookup failures - ensure that the switch does not spread the effects of a local storm to other parts of the network.
  • Loop detection uses probe packets to detect packets returned to the originator by loops, and takes evasive action when loops are detected. (Available on xSeries switches only)
  • MAC thrash protection detects cases where one or more MAC addresses are being learnt on different ports in quick succession (indicating that packets from those sources are being looped) and takes evasive action. (Available on xSeries switches only)

Tri-authentication, identity-based networking and NAC

A key to a secure LAN is to ensure that devices connecting to the network undergo an authentication process. The level of access that a device is given to the network can then be determined from its response to the authentication challenge. Allied Telesis switches implement a number of options for authenticating devices attaching to the network.

For guest users who have no 802.1x client in their PC, or who have an 802.1x client, but whose credentials are not known to the RADIUS server, there are two options:

  • The first option is to place these users into a Guest VLAN for Internet access or basic server functionality.
  • The second option, (available on xSeries switches only), is to use web-based authentication whereby the LAN switch presents users with a web page into which they can enter a username/password. Based on the credentials entered into that web page, the RADIUS server will be able to inform the switch whether or not to give the user access to the network.

For non-interactive peripheral devices, like printers and scanners, which do not contain 802.1x clients, there is a third authentication method. The switch will fall back to MAC-based authentication. The MAC address of the peripheral device will have to be registered with the RADIUS server, so only peripherals that have been so registered will be allowed to access the network.

Authentication opens the door to identity-based networking. The switch can place authenticated users into a VLAN handed out by the RADIUS server, based on the user’s identity. Doing this protects the network, not only from rogue users but also ensures that users can be placed into the correct VLAN with access rights relevant to their job. This removes management overheads associated with moves and changes or hot-desking so users can just plug in and start working. Moreover, web-authenticated users are able to roam within the network without needing to re-authenticate.

Quality of Service (QoS)

Whilst LAN networks are typically not limited by bandwidth these days, it is still sensible to ensure that even temporary network bottlenecks do not adversely affect those network services that are very loss and delay sensitive.

VoIP and video transmission within LANs are proving very effective in increasing the capability, and lowering the cost of business communications. These services, however, do require very good packet-delivery performance. The key to ensuring they receive the performance they require lies in QoS. If all switches throughout the network are configured to prioritize VoIP and video above all other traffic, then they will be unaffected by all but the most serious network congestion events.

Allied Telesis switches provide a very feature-rich QoS implementation. All switches are able to prioritize traffic based on 802.1p and DSCP marking. Multiple egress queues on all ports provide the ability to give multiple different levels of service to different traffic types. In addition, xSeries switches can perform fine-grained classification of traffic types, and marking of packets with QoS values that designate their level of prioritization.

All this QoS activity is performed at wirespeed, with no CPU impact.

Layer 3 core switching

As networks become larger the need for segmentation increases. Allied Telesis core L3 switches have state of the art performance and features for L3 networking. All forwarding is at full wirespeed in hardware, including IPv6. Key features required for enterprise networking to meet today’s needs are:

  • Standards-based protocols such as RIP, OSPF, and BGP4 for interoperability with other key network devices.
  • Equal cost multi-path routing support in hardware to guarantee the most efficient use of all network links.
  • Flexible wirespeed hardware filtering via ACLs and QoS for traffic control and security.
  • Future proofing with IPv6 routing already supported in hardware.

Using L3 for larger network designs protects these networks from the effects of broadcast storms and aids in rapid location and resolution of problems. L2 resilience is also aided by reducing the size of broadcast domains and the risk of CPU overload causing problems with L2 resilience.

Multicasting

Reliable and effective video transmission on a LAN requires the LAN switches to provide a good set of IP multicasting features.

Allied Telesis switches offer an excellent implementation of L2 and L3 multicasting.

The IGMP querier and snooping feature-sets on the switches are right at the forefront of industry best-practice (which has moved well ahead of the published standards). Per-VLAN snooping, query solicitation, fast-leave, and group filtering all combine to provide a multicast handling capability that matches any requirements.

The PIM implementation supports both Sparse-Mode and Dense-Mode, and has been well field-hardened to provide extremely reliable, high-performance L3 multicasting.

Network Designs and Scaling

The feature-set available on the Allied Telesis LAN switch range supports the requirements of a broad range of business networks. Different networks, of course, are going to need networks at different price and performance points. In addition, networks have a variety of physical connectivity requirements—Copper vs Fiber, PoE vs non-PoE.

Allied Telesis are well aware of these varying requirements, and so offer a range of products and solutions that can satisfy these different needs.

In this section, a set of product and design combinations are presented, which provide an illustration of the range of requirement combinations that can be satisfied by the Allied Telesis LAN switches.

1. Medium speed core and with Gigabit uplinks, Gigabit to the desk

This design comprises an x930 stack at the core with GS900MPX stacks at the access layer with multiple Gigabit links to each stack. PoE provides power for IP Phones.

2. High speed core with 10 Gigabit backbone and Gigabit to the desk

This design comprises of a SwitchBlade x908 GEN2 VCStack at the core with x530L stacks at the access layer using 10 Gigabit uplinks.

3. Three tier model—high speed L3 distributed core, L2/3 distribution layer and Gigabit to the desk

This design comprises of a SwitchBlade x8100 at the core, x930 stacks at the aggregation level and GS900MX stacks at the access edge - showing how L3 resilience combines with basic split link aggregation.

4. Distributed network with long distance VCstack

This design has a SwitchBlade x908 Gen2 at the core, and uses long-distance stacking (VCStack-LD) to connect a remote location, with distribution x530 switches acting as a single virtual unit.

Network Management Software

Allied Telesis devices can be managed individually with a direct connection to the units for configuration via console, Telnet, SSH, and the web-based Device GUI.

For centralized network automation and management, Allied Telesis Autonomous Management Framework, and Vista Manager EX enable a powerful and easy-to-use solution.

Autonomous Management Framework Plus (AMF Plus)

AMF Plus delivers real and immediate value to businesses by solving one of IT’s most pressing needs. It provides a converged infrastructure that can be managed as a single entity, reducing complexity and TCO, and allowing more to be done with less.

AMF Plus is an embedded technology native to Allied Telesis switches and routers that delivers real and immediate value to businesses. The most pressing needs of many organizations demand a single, converged infrastructure that can be managed as a single entity, reducing complexity and TCO and allowing more to be done with less.

AMF Plus achieves this and more by delivering:

  • Unified network management from any device across the network.
  • Graphical management of the network with Vista Manager EX.
  • Private or public cloud deployment options with AMF Plus Cloud.
  • Network automation that simplifies and automates tasks across the network.
  • Network intelligence that reacts to changes within the network and automatically changes the topology of the network.
  • Automatic backup, restore, and recovery of devices as they are added to the network.

Through this combination of robust features, AMF Plus drives lower network operating expenses by reducing the complexity and level of effort required to maintain the network. One Allied Telesis customer has reported a 60% reduction in operational costs by deploying AMF Plus.

Vista Manager EX—Powerful network management and monitoring

Vista Manager EX is the intelligent way to monitor and manage your entire network, including AMF Plus controlled switches and routers, AWC controlled wireless access points, and third party devices.

Single-pane-of-glass visibility improves network management. Enjoy complete network monitoring from the dashboard—including network details, status, event information and a topology map, where critical issues are highlighted for timely resolution. Intuitive access to powerful features like service and performance monitoring, control of wired and wireless devices, and automation tools, makes networking easy.

Further intuitive tools include wireless floor and heat maps to easily check on access point performance, a network traffic map to view utilization and protocol use across all links, and a central orchestrator for inter-branch WAN links.

This broad management feature-set supports network administrators in enabling a secure online LAN and WAN environment for all users.