Keeping IP in trim
It's no good implementing sexy new network applications if the underlying IP infrastructure isn't fast enough to deal with the increased traffic; but new optimisation and management tools are proving there's speed in the old protocol yet, as E&T reports.
IP management is no longer just a lubricant for the machinery of enterprise networks. It has become a core part of the platform for delivering applications and enabling new business models to emerge: consider the huge impact that unified communications is starting to make, bringing key components such as presence along with IP-based voice and video into sharp focus.
At the same time the growth of virtualisation and cloud computing will need more sophisticated IP management to maintain the separation between applications and the underlying infrastructure. These developments all rely on the ability to manage both IP traffic and end devices including IP addresses on the basis of application and user level information.
Unified communications (UC) depends on identifying users and locating devices to select the correct message type and destination, which ultimately determine how the underlying IP traffic should be routed and what quality of service (QOS) be allocated to it.
"Managing identities gives a much bigger potential payback than just creating the UC infrastructure," says Bruno Hareng, EMEA Enterprise Edge Category manager at Hewlett Packard's ProCurve networking division. "It allows you to automate a lot of things triggered by that identity."
ProCurve achieves this in its networking products via its identity driven management (IDM) technology, which is used to set network QOS parameters, such as bandwidth and latency, as well as configuring VLANs (virtual local area networks) to direct traffic. The identity information is held in a single database using RADIUS (remote authentication dial-in user service) to provide centralised accounting and access control, along with lightweight directory access protocol (LDAP) or active directory for managing distributed components within the IDM system.
Enterprises can use this single database for all processes based on identity access control and secure routing between users within an IP network.
The ability to pin-point geographical locations is also becoming critical. As telephony migrates to Voice over Internet Protocol (VoIP), the need to locate an emergency call quickly can be a matter of life and death.
Tracking sales teams of field service engineers is also critical, relying on information from mobile and fixed-line devices. The key lies in effective integration of location services with IP management; and on this front there is growing momentum behind the LLDP MED (Link Layer Discovery Protocol - Media Endpoint Discovery), says Hareng.
This is designed to support plug-and-play networking through discovery of endpoint settings relating to location, QOS and VLAN policy, as well as to track network inventory. It is likely to become an integral component of IP management platforms.
Indeed, LLDP MED represents an important step forward for network management, which has recently struggled to keep up with the rapid rate of evolution in data communications, driven by the mobile office, VoIP, IP video, and Web-based services. Virtualisation and cloud computing have also turned the screw on network management and exposed its relative lack of progress, according to Richard Kagan, VP of marketing at Infoblox, a vendor of core IP network naming and addressing services.
"To get the benefits of virtualisation it is necessary for applications to move freely across the physical infrastructure," Kagan believes, "and we're seeing a lot of investment in tools at the OS and application layers to enable this kind of workload mobility."
However, the networks underlying these dynamic, virtualised data centres are still very static, relying on manual processes and tools: "When a dynamic application and OS environment meets a static network, there's a big disconnect," Kagan avers.
This perceived lag in network management has led to growing momentum behind the idea of the so-called 'infrastructure 2.0', bringing network and systems management up to the level of automation and control demanded by virtualisation and 'Web 2.0' services. In particular, it requires automating the IP address management that underpins virtualisation, providing a layer of abstraction between the application and the infrastructure.
This is needed by large enterprises that have consolidated branch office servers in central locations to achieve economies of scale, simplify administration, and retain skilled network management staff in just one location. Performance can then suffer, as applications and requests for IP addresses within the domain name server (DNS) system must cross the network.
This problem can be mitigated by caching responses locally in branch networking devices, with WAN and application optimisation vendor Blue Coat Systems offering such a solution. "We can identify and prioritise traffic from DNS or DHCP servers across the network," says BlueCoat's senior product marketing manager Dave Ewart. "Our branch devices can cache the responses as well as acting as a DNS server - so even workers in a 'serverless' branch office are served rapidly and efficiently."
Such rapid and efficient service depends on more than caching IP addresses, as the IP payload data still has to cross the network. This, as Ewart pointed out, requires identifying and classifying IP packets in real-time on the basis of the application that generated them, tracking the packets along their journey, and ensuring that resources are allocated at each point to achieve the specified level of service.
In June 2008, BlueCoat completed acquisition of the application traffic management vendor Packeteer to provide this higher level visibility.
BlueCoat has upgraded Packeteer's management system, PacketShaper, with a real-time dashboard indicating application performance at different points of the network paths taken by data. "It enables organisations to set and track service level agreements (SLA) for business-critical applications in real-time," Ewart says. "If application response time falls below an acceptable level, we can reassign bandwidth, set prioritisation levels, and apply other Blue Coat acceleration techniques."
Such acceleration techniques may not be required in the LAN, and even private WAN connections now often provide sufficient bandwidth to deliver fast response under heavy network loading; but this is not yet the case for mobile networks, nor for the huge number of enterprise applications that rely on Web services and are still at the mercy of the Internet with no guarantee of performance.
Enterprises have little direct control over the Internet infrastructure, which will become more congested in the short term, largely because of proliferating user-generated video. There are services available for larger online commerce operations that accelerate applications by calculating the best route in real-time (see box below for description of one such service from Akamai). Such technology also plays a vital role for smaller enterprises where applications are delivered via a software as a service model.
Over the next few years enterprises of all sizes will come to rely increasingly on externally provided services that incorporate elements of IP management and performance optimisation. The challenge will continue to lie in protecting business traffic, both from the deluge of user-generated content and from the security threats emanating even from supposedly trusted websites.