Page 1
Solutions | Enterprise Networking
Allied Telesis Enterprise Networking Solutions
Page 2
Solutions | Enterprise Networking
Introduction
Today’s offices make ever-increasing use of online resources and
applications. When the network is down, productivity falls. Network
managers need to provide reliable, secure, fast networks that
keep businesses running smoothly today and into the future. This
dependence on network availability is moving IT managers to
review their current facilities to decide whether there are sufficient
capabilities to meet their needs and when to upgrade.
Choosing the right solution can be difficult when there are so many
different requirements that must be satisfied:
Bandwidth
Resilience
Application support
Management system
Security
Future proofing
Allied Telesis have been delivering innovation in this area for some
time. This document describes our Enterprise Network Solution,
using Allied Telesis products to provide a modular, scalable, and
flexible solution suitable for small to large enterprise businesses.
The technologies featured in this solution include:
Switch stacking with link-aggregation for resilience.
Layer 3 core switching.
Network Access Control (NAC) for security.
Quality of Service (QoS) for Voice over IP (VoIP) and video
streaming.
Building an optimum network
Determining the best design and implementation of your network
ensures optimal reliability, availability, scalability, security, and
performance for your enterprise.
A number of factors must be considered when deciding upon a
network design:
Bandwidth - the network must provide sufficient throughput now
and for a number of years to come. The exact speed
of edge ports and uplinks should match the requirements of
current and foreseeable future applications.
Allied Telesis solutions have options that cover 10/100
or 10/100/1000 at the edge with Gbit, (multiple Gbit) or
10Gbit uplinks on the backbone. The core switch needs
sufficient capacity to aggregate all of these connections from
the closest edge and provide for resilient server connectivity.
Resilience - down time immediately impacts on productivity, so
resilience is also vital.
The Allied Telesis solution uses split link-aggregation technology
in which links from core stacked switches to the edge switches
are connected to separate units but grouped together to act as
a single link achieving both resilience and improved bandwidth
availability.
Other resilience options are available if the design topology
and scale demand it. Ethernet Protected Switched Ring (EPSR)
provides fast failover for ring topology for the core. RSTP or
MSTP can be used as a fall-back technology or for integration
with existing legacy equipment. Here too, the use of stacked
switches means that uplinks can be connected to different units
in the stack.
Recovery times are another important factor. The failure of a
This document aims to help you build different bandwidth solutions
with similar resilience, QoS, and security features, ensuring that all
stacked unit can be quickly resolved by simply exchanging the
failed unit with a new one of the same stack ID.
your current network needs are met with future expansion and
new applications catered for.
2 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com
Page 3
NETWORK RESILIENCY SOLUTIONS
| VCStack + Link aggregation
Application Support - networks are now becoming more than
just a means for moving data from server to PC. Converged
networks are now becoming the norm with VoIP becoming
the telephony system of choice. Multimedia services are also
being added and applications are shifting larger files with more
graphical content. Network managers want to install equipment
that can support PC applications and IP telephony. Power over
Ethernet (PoE) options at the edge are available for all solutions.
Some may want to have dedicated PoE ports, some will want
to be able to plug any device anywhere. In order to support
all the necessary applications QoS is essential to ensure that
voice and multimedia pass through the network without loss
or delay. QoS also allows critical applications to be prioritized
above Internet access and other background functions. Many
standards-based VoIP systems now require LLDP-MED protocol
for auto-configuration of IP handsets. Support for this is
available on all PoE edge switches.
Management - a resilient network is only as good as the
management system that informs you that a failure has
occurred and the network has healed itself. The network
manager is then able to action the repair before the failure can
affect the network availability. The network management system
performs the following tasks:
Mapping and monitoring of network devices.
Monitoring of all resilient functions - PSU, Links, stacks etc.
Alerting of important failures by e-mail, paging etc.
Collection of statistics to allow reporting on key devices and
links.
Security - as the dependence on the network and PCs grow, so
do the risks of attack, either malicious or from viruses being
unknowingly brought in.
The Allied Telesis solution offers security for both the network
itself, via 802.1x or Network Access Control (NAC) and
Microsoft's Network Access Protection (NAP) compliance, and
also for the management of the network devices themselves
which can also be protected with centralised authentication.
Future Proofing - maximise the longevity of your IT investments
in a world of ever-changing protocols and constantly evolving
security dangers.
The Allied Telesis solution allows for future network growth,
both in total ports supported and in the uplink speeds that
can be used. For example, allowing your current Gigabit uplink
system to be increased to10Gbps in the future. The features
within the key switches also allow for flexible configuration to
accommodate the bandwidth and QoS requirements of future
applications. Core L3 switches are also already capable of IPv6
in hardware.
Training - Allied Telesis can provide scheduled or bespoke group-
based training on the equipment and configuration required
within the solution.
Other documents you may be interested in:
Solutions: Find out how Allied Telesis products and industr y-leading
features create solutions to meet business needs:
www.alliedtelesis.com / Resources / Library / Solutions-Market
www.alliedtelesis.com / Resources / Library / Solutions-Technology
How To notes: Find out ‘how to’ setup and configure key features on
Allied Telesis advanced switches and routers:
www.alliedtelesis.com / Resources / Library / How to Notes
Case Studies: Find out about other customers using Allied Telesis
superior products and features:
www.alliedtelesis.com / Resources / Library / Case Studies
3 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com
Page 4
Solutions | Enterprise Networking
Technologies
A set of advanced technologies enable Allied Telesis switches to
deliver high value solutions to your network. An overview of each
of these technologies is provided - explaining what it does and how
it adds value to your business.
Switch stacking - VCStack
Switch stacking - known as VCStackTM on the AlliedWare Plus
products, performs the following functions:
Combines a number of switches to form a single managed
‘virtual’ chassis, reducing complexity on the management
platform, as seen in Figure 1.
TM
Provides backup of management and configurations. If one unit
fails, another will take over management. Configuration files are
saved on at least two units.
Simplifies configuration and increases resilience - all functionality
is available across the stack, such as link aggregation, VLANs, etc.
Reduces failure recovery time by simply setting the stack ID
of the replacement and hot-swapping in place of the failed
unit. As the configurations are held on another unit, no further
reconfiguration is required.
Connects switches together in the stack using a high bandwidth
connection without losing front ports for connectivity to users,
servers, and uplinks.
8600
8000S
10 Gigabit link
1 Gigabit link
10/100 link
Link aggregation
Servers
SwitchBlade x908
CORE
x900
EDGE
Figure 1
4 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com
Page 5
NETWORK RESILIENCY SOLUTIONS
Split link-aggregation resilience
One of the perennial problems of Spanning Tree Protocol for resilience is the fact that some links in the system remain blocked when the
system is in normal operation, only becoming active when there is a failure. With bandwidth demands increasing on the network, split linkaggregation lets the network make use of the full bandwidth of all the links in the network but still offer failover capabilities quicker than
STP/RSTP. Switch stacking with functionality common across the stack is the key to deploying this technology.
| VCStack + Link aggregation
x900-12XT/S
8000GS/48
Stack
CORE
8000GS/48
Stack
ACCESS
As shown in Figure 2, links from ports on different switches in the core stack are connected to por ts on different switches in the edge
stacks. This is a simple deployment to understand and configure. If either a unit or link fails then the remaining link is used to continue
network operations and both core and edge stacks can still be managed so the fault can be diagnosed and quickly corrected.
Another benefit of this approach is that if the core switch has L3 configurations then there is no need for further resilience protocols such
as VRRP, since there is always a L2 link back to the core which will be acting as the gateway for the subnets attached.
1 Gigabit link
Link aggregation
Figure 2
5 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com
Page 6
Solutions | Enterprise Networking
Storm control
The most common reason for outages in an Enterprise LAN is a
packet storm caused by an inadvertent loop. Although resiliency
protocols like STP are very effective in protecting networks
from loops, they are still vulnerable to misconfigurations, and
implementation problems.
Therefore, Allied Telesis switches implement a range of loop
detection and storm protection mechanisms to contain and
suppress storms if loops do occur.
Rate limiting of flooded packets - broadcast, multicast, and
destination-lookup failures - ensure that the switch does
not spread the effects of a local storm to other parts of the
network.
Loop detection uses probe packets to detect packets returned
to the originator by loops, and takes evasive action when loops
are detected. (Available on AT-x series switches only)
MAC thrash protection detects cases where one or more MAC
addresses are being learnt on different ports in quick succession
(indicating that packets from those sources are being looped)
and takes evasive action. (Available on AT-x series switches
only)
Tri-authentication, identity-based networking and NAC
A key to a secure LAN is to ensure that devices connecting to the
network undergo an authentication process. The level of access
that a device is given to the network can then be determined from
its response to the authentication challenge. Allied Telesis switches
implement a number of options for authenticating devices attaching
to the network.
For guest users who have no 802.1x client in their PC, or who
have an 802.1x client, but whose credentials are not known to the
RADIUS server, there are two options:
The first option is to place these users into a Guest VLAN for
Internet access or basic server functionality.
The second option, (available on x series switches only), is
to use web-based authentication whereby the LAN switch
presents users with a web page into which they can enter a
username/password. Based on the credentials entered into that
web page, the RADIUS server will be able to inform the switch
whether or not to give the user access to the network.
For non-interactive peripheral devices, like printers and scanners,
which do not contain 802.1x clients, there is a third authentication
method. The switch will fall back to MAC-based authentication. The
MAC address of the peripheral device will have to be registered
with the RADIUS server, so only peripherals that have been so
registered will be allowed to access the network.
Authentication opens the door to identity-based networking. The
switch can place authenticated users into a VLAN handed out by
the RADIUS server, based on the user's identity. Doing this protects
the network, not only from rogue users but also ensures that users
can be placed into the correct VLAN with access rights relevant
to their job. This removes management overheads associated with
moves and changes or hot-desking so users can just plug in and
start working. Moreover, web-authenticated users are able to roam
within the network without needing to re-authenticate.
Network Access Control (NAC) takes the 802.1x with
dynamic VLAN concept another level up the scale. Allied Telesis
implementation supports Microsoft (NAP), Symantec (SNAC) and
Sophos Advanced NAC network access control solutions.
In these solutions a NAC server (as shown in Figure 3) will handle
the authentication process and will additionally check the PC client
has the appropriate firewall, anti-virus, and software patches running
to adhere to an enterprise-wide policy, before it grants access in the
appropriate VLAN for that user.
Users not meeting the policy requirements can be placed into a
'remediation' VLAN so that the appropriate ser vices can be installed
and enabled. In this way the network can protect itself from attack.
6 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com
Page 7
NETWORK RESILIENCY SOLUTIONS
| VCStack + Link aggregation
Quality of Service (QoS)
Whilst LAN networks are typically not limited by bandwidth these
days, it is still sensible to ensure that even temporary network
bottlenecks do not adversely affect those network services that are
very loss and delay sensitive.
VoIP and video transmission within LANs are proving very effective
in increasing the capability, and lowering the cost of business
communications. These services, however, do require very good
packet-delivery performance. The key to ensuring they receive the
performance they require lies in QoS. If all switches throughout
the network are configured to prioritise VoIP and video above all
Figure 3
other traffic, then they will be unaffected by all but the most serious
network congestion events.
Allied Telesis switches provide a very feature-rich QoS
implementation. All switches are able to prioritise traffic based on
802.1p and DSCP marking. Multiple egress queues on all ports
provide the ability to give multiple different levels of service to
different traffic types. In addition, AT-x series switches can perform
fine-grained classification of traffic types, and marking of packets with
QoS values that designate their level of prioritisation.
All this QoS activity is performed at wire-speed, with no CPU
impact.
7 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com
Page 8
Solutions | Enterprise Networking
Layer 3 core switching
As networks become larger the need for segmentation increases.
Allied Telesis core L3 switches have state of the art performance
and features for L3 networking. All forwarding is at full wire-speed
in hardware, including IPv6. Key features required for enterprise
networking to meet today's needs are:
Standards-based protocols such as RIP, OSPF, and BGP4 for
interoperability with other key network devices.
Equal cost multi-path routing support in hardware to guarantee
the most efficient use of all network links.
Flexible wire-speed hardware filtering via ACLs and QoS for
traffic control and security.
Future proofing with IPv6 routing already supported in
hardware.
Using L3 for larger network designs protects these networks from
the effects of broadcast storms and aids in rapid location and
resolution of problems. L2 resilience is also aided by reducing the
size of broadcast domains and the risk of CPU overload causing
problems with L2 resilience.
Multicasting
Reliable and effective video transmission on a LAN requires the
LAN switches to provide a good set of IP multicasting features.
Allied Telesis switches offer an excellent implementation of L2 and
L3 multicasting.
The IGMP querier and snooping feature-sets on the switches are
right at the fore-front of industry best-practice (which has moved
well ahead of the published standards). Per-VLAN snooping, query
solicitation, fast-leave, and group filtering all combine to provide a
multicast handling capability that matches any requirements.
The PIM implementation supports both Sparse-Mode and DenseMode, and has been well field-hardened to provide extremely
reliable, high-performance L3 multicasting.
Network Designs and Scaling
The feature-set available on the Allied Telesis LAN switch range
supports the requirements of a broad range of business networks.
Different networks, of course, are going to need networks at
different price and performance points. In addition, networks have a
variety of physical connectivity requirements - Copper vs Fibre, PoE
vs non-PoE.
Allied Telesis are well aware of these varying requirements, and
so offer a range of products and solutions that can satisfy these
different needs.
In this section, a set of product and design combinations are
presented, which provide an illustration of the range of requirement
combinations that can be satisfied by the Allied Telesis LAN switches.
8 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com
Page 9
NETWORK RESILIENCY SOLUTIONS
| VCStack + Link aggregation
1. Medium speed core, Gigabit to edge and 10/100 edge switching
This design (shown in Figure 5) comprises an x900 stack in the core going out to stacks of 8000s switches, including PoE for IP phones.
x900-12XT/S
8000S24/POE
Stack
CORE
8000S24/POE
Stack
ACCESS
1 Gigabit link
Link aggregation
Figure 5
2. Medium speed core and with Gigabit uplinks, Gigabit to the desk
This design (Figure 6) comprises an x900-12XT/S stack at the core with 8000GS/48 stacks at the access layer with multiple Gigabit links to
each stack. PoE provides for IP Phones.
x900-12XT/S
8000GS/48
Stack
CORE
8000GS/48
Stack
ACCESS
1 Gigabit link
Link aggregation
Figure 6
9 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com
Page 10
Solutions | Enterprise Networking
3. High speed core with 10Gigabit backbone and Gigabit to the desk
This design (Figure 7) comprises of a SwitchBlade x908 VCStack at the core with x600-24Ts/XP stacks at the access layer using 10Gigabit
uplinks.
10 Gigabit link
1 Gigabit link
Link aggregation
x600-24Ts/XP
x600-24Ts/XP
9424
SwitchBlade
x908
CORE
x600-24Ts/XP
ACCESS
Figure 7
10 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com
Page 11
NETWORK RESILIENCY SOLUTIONS
| VCStack + Link aggregation
4. Three tier model - high speed L3 distributed core, L2/3 distribution layer and Gigabit to the desk
This design (Figures 8 and 9) comprises of a SwitchBlade x908 VCStack at the core, x600-24Ts/XP stacks at the aggregation level and
8000GS/24 stacks at the access edge - showing how L3 resilience combines with basic split link-aggregation.
SwitchBlade x908
x600-24Ts/XP
Stack
8000GS/24
Stack
AGGREGATION
ACCESS
This design can also integrate into much larger routed solutions, as shown in the diagram below.
x600-24Ts/XP
Stack
IP routed
backbone
CORE
10 Gigabit link
1 Gigabit link
Link aggregation
Figure 8
8000GS/24
Stack
L3
AGGREGATION
10 Gigabit link
ACCESS
1 Gigabit link
Link aggregation
Figure 9
11 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com
Page 12
Solutions | Enterprise Networking
x
x
T
Product Summaries
SwitchBlade® x908
SwitchBlade x908
Advanced Layer 3 Modular Switch
8 x 60Gbps expansion bays
2 chassis can be stacked with 160Gbps aggregate bandwidth
using rear stacking ports
The Allied Telesis SwitchBlade® x908 industry leading modular
switch incorporates eight high speed 60Gbps expansion bays,
delivering a new generation of high performance.
x900-24X and 12X Series
x900-24XT
2 x 60Gbps expansion bays
24 x 10/100/1000BASE-T (RJ-45) copper ports
x900-24XS
2 x 60Gbps expansion bays
24 x 100/1000BASE-X SFP ports
x900-12XT/S
1 x 60Gbps expansion bay
12 x combo ports (10/100/1000BASE-T copper or SFP)
x600-24 and 48 Series
x600 24 and 48 Series
Intelligent Gigabit Layer 3+ Switches
4 units may be stacked using AT-Stack-XG modules and stacking
cables
x900 12X and 24X Series
The x600 Layer 3+ switches offer an impressive set of features in
a high-value package. The x600 family is scalable, with an extensive
range of port-density and uplink-connectivity options.
Advanced Gigabit Layer 3+ Expandable Switches
The x900 Layer 3+ switches have high-speed 60Gbps expansion
bays which provide a high level of port flexibility and application
versatility unmatched by any other 1RU Gigabit Ethernet switch
on the market. The expansion modules can be used in a variety of
x600-24Ts
24 x 10/100/1000BASE-T (RJ-45) copper ports
4 x 1000BASE-X SFP combo ports
configurations to provide tailored solutions that meet wide-ranging
physical networking requirements.
12 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com
Page 13
NETWORK RESILIENCY SOLUTIONS
T
h
x
A
A
| VCStack + Link aggregation
x600-24Ts/XP
24 x 10/100/1000BASE-T (RJ-45) copper ports
4 x 1000BASE-X SFP combo ports
2 x XFP ports
x600-48Ts
44 x 10/100/1000BASE-T (RJ-45) copper ports
4 x 1000BASE-X SFP ports
x600-48Ts/XP
44 x 10/100/1000BASE-T (RJ-45) copper ports
4 x 1000BASE-X SFP ports
2 x XFP ports
AT-8000GS Series
AT-8000GS/24PoE
10/100/1000Tx 24 ports PoE stackable Gigabit Ethernet switch
with 4 combo ports
AT-8000S Series
AT-8000S Series
The AT-8000S family are Layer 2 Stackable Fast Ethernet Switches,
that provide high performance Layer 2 switching in an affordable
t
fixed configuration platform.
fi
AT-8000S/16
16-port standalone 10/100TX L2 switch with1 active SFP bay
(unpopulated) and 1 standby 10/100/1000T ports (RJ-45)
AT-8000S/24
AT-8000GS Series
24-port stackable 10/100TX L2 switch with 2 active SFP bays
(unpopulated) and 2 standby 10/100/1000T ports (RJ-45)
The AT-8000GS family are L2 stackable Gigabit switches offering
Gigabit SFP combo, uplink ports, and PoE options. Stacking up to 6
units, these switches offer an advanced L2 feature set.
AT-8000S/24POE
24-port stackable 10/100TX Power over Ethernet switch with
2 active SFP bays (unpopulated) and 2 standby 10/100/1000T
ports (RJ-45)
AT-8000GS/24
10/100/1000T x 24 ports stackable Gigabit Ethernet switch
with 4 combo SFP ports
AT-8000S/48
48-port stackable 10/100TX L2 switch with 2 active SFP bays
(unpopulated) and 2 standby 10/100/1000T ports (RJ-45)
AT-8000GS/48
10/100/1000T x 48 ports managed stackable Gigabit Ethernet
switch with SFP x 4 combo ports
AT-8000S/48POE
48-port stackable 10/100TX POE switch with 2 active SFP bays
(unpopulated) and 2 standby 10/100/1000T ports (RJ-45)
13 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com
Page 14
Network Management Software
In addition to direct connection to the units for configuration via
console, Telnet, Web GUI, and secure SSH and SSL, Allied Telesis
managed switches offer rich SNMP functionality which is standardsbased. The user is not tied into any specific management software
platform. Allied Telesis offers the following products to meet the
requirements for monitoring status, statistics, and providing alerts of
failures in the resilient network.
AT-SNMPC-S7
Windows based SNMP network Management platform offering
extensive monitoring, reporting and alert functions. Various options
available to suit the size of network from single site Workgroup, to
full, multi-site enterprise with web-based reporting.
AT-AV-EMS
Allied Telesis Element Management System Plug-in for graphical
management of ATI products. Snaps into Castle Rock SNMPc,
IPSwitch WhatsUp, IBM Tivoli or Hp Openview.
About Allied Telesis Inc.
Allied Telesis is a world class leader in delivering IP/Ethernet
network solutions to the global market place. We create innovative,
standards-based IP networks that seamlessly connect you with voice,
video and data services.
Enterprise customers can build complete end-to-end networking
solutions through a single vendor, with core to edge technologies
ranging from powerful 10 Gigabit Layer 3 switches right through to
media converters.
Allied Telesis also offer a wide range of access, aggregation and
backbone solutions for Service Providers. Our products range from
industry leading media gateways which allow voice, video and data
services to be delivered to the home and business, right through
to high-end chassis-based platforms providing significant network
infrastructure.
Allied Telesis' flexible service and suppor t programs are tailored to
meet a wide range of needs, and are designed to protect your Allied
Telesis investment well into the future.
Visit us online at www.alliedtelesis.com
USA Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895
European Headquarters
Asia-Pacific Headquarters
| Via Motta 24 | 6830 Chiasso | Switzerland | T: +41 91 69769.00 | F: +41 91 69769.11
| 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830
www.alliedtelesis.com
© 2009 Allied Telesis Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademar ks are the property of their respective owners. C618-31015-00 Rev. C
Loading...