QUESTION & ANSWER

Q&A: Jim Metzler previews the networking track at Interop

By Shamus McGillicuddy, News Editor 14 May 2009 | SearchNetworking.com

Digg This!     StumbleUpon     Del.icio.us

Jim Metzler

You have introduced a new session called "What's wrong with the WAN firewall?" What's the answer to that question?

Jim Metzler: The easiest example of that is the Port 80 issue. We started life with firewalls, and the world was simpler and there weren't many bad people out there. We had this thinking where, "Oh, well, Port 80 is Web traffic and Port 80 will be open, and we'll let Internet traffic come in and out." The stateful model for firewalls -- that's about all you can do. With all this traffic coming in, you can't look too far into the packet. You need a somewhat simplistic assumption as to what is good or bad. You either accept an application or you block an application.

Well, the world has gotten a whole lot more complicated with things like Skype and instant messaging, and a whole bunch of applications can port hop around. If it goes to a certain port and that's blocked, they'll port hop over to Port 80. So now you have a whole bunch more things going through Port 80 that maybe you want to know more about. And the sophistication and types of attacks going on out there are getting more numerous and more complex. And so the simple assumption is, "Well, I'll build a firewall on general-purpose computers, and I'll look at the first packet in this flow, and I'll look at the flow and you can pretty much guess what's going on." I think those days are over with, and you combine that with the increase in processors, and we're applying deep packet inspection in a whole bunch of areas.

There's a need now to say I need to be a little more sophisticated with my firewall. I need to look deeper into the packet, maybe into multiple packets. I need to actually inspect what's there and not make simplistic assumptions like: "Oh well, if it's Port 80, I'll assume it's Web services and assume that no one would ever port hop to Port 80" -- moving away from simplistic "you're a nice guy, I'm a nice guy," to a better reality of what's going on. The WAN firewall, which quite frankly we don't talk about, but the reality is they've been staid for too long and we need to rethink their functionality.

You've introduced a session called "Is routing undergoing a midlife crisis?" What is the routing midlife crisis?

Metzler: If you take a look at routing, there's a whole bunch of things going on there. For example, one of the panelists I have is Vyatta. Open source. One of the possibilities there is moving away from appliances and in some sense the efforts you see in 2009 and 2010, which is to squeeze as much cost as possible out of the system. And for me, that's sort of back to the future because the first routers were software-based routers running on mini-computers. So part of it is: Is there now a reasonable movement to open source? Do we really need these routers?

And on the other hand, you're going to have the opposite question. Do we need more highly reliable routers, more scalability? I've been talking to the financial services industry. They say, "We're heading towards zero." And I say, "What the hell does that mean?" And they say, "We're heading toward zero latency. There are some applications we are measuring in microseconds." It's the kind of thing, you're a broker and you put in an order for such and such. It had better happen instantaneously or else there could be big penalties created because the price shoots up a point or half point on 100 million shares.

So we have some real high-end demands for routing with just incredibly low latency. And we have the opposite happening. Maybe there is some need for open source, lower-cost, basic functionality and also demand for incredible scalability. Some of the data centers we're talking about now have thousands of servers, each having 10 VMs on them. And you've got to be able to do switching and routing through tens of thousands of different devices. We need to rethink this fundamental building block.

Why do you think wired and wireless LAN integration is important? How is the industry evolving to meet that need?

Metzler: Wireless LANs took off in a huge way in the home. People went out and got an access point. It was a little slower taking off in the enterprise. Enterprises already had wired LANs. So why are they going to put an overlay in. Is this thing any more than a toy? And they had a lot of security issues. Over the last couple of years, a lot of those issues have gone away. And you now very often have a wired and wireless LAN. I visit a lot of companies, and if I turn my Wi-Fi on, I'll find five, 10, 15, 18 different wireless LANs inside most of those companies. And they still have wired LANs. We've had a lot of proliferation of wireless LANs.

And one of my favorite words is integration. The more pieces we have of the end-to-end puzzle -- me on some kind of iPhone or laptop trying to get an application back to all the things between me and what I want to get to. The more disparate pieces we have that aren't integrated, [the more they] drive up the costs, make management a nightmare, and introduce more sources of latency and outage. So the point here is [that] we just need to think holistically about our wired and wireless LANs. The first time you put an access point in, you're not going to rethink your LAN. You put a second one in, no big deal. By the time you've got a significant deployment, you're thinking more about integrating it with everything else: how you can manage it holistically; how you can move from one AP to another; how you can go from wired to wireless without dropping sessions. As it reaches more of a critical mass of wireless LANs in enterprises to supplement or augment the wired LAN, that's the time to think about it.

But are vendors ready to provide that when enterprises do reach that point?

Metzler: They all claim they will. Whenever you ask a vendor, "Here's a need, can you meet it?" they're all going to say yes to that. A real part of the session is to understand what the various vendors are doing, what they mean by integration, what aspects of that they've covered. And then it's up to the members of the audience to reach their own conclusions as to [whether] the vendors are meeting what the end users see as the need today. Is the plan they have in place for the next six to 12 months adequate? Or are they just putting lipstick on a pig?

You can't be a LAN vendor and not have some kind of wireless LAN story, whether you own the other company, or you have a tight relationship. But the danger of a tight relationship is that if you have a tight relationship with someone and they get bought out by a competitor, then you don't have a tight relationship anymore. Part of the sessions is how tightly integrated are the wired and wireless product lines today, and what can the vendors talk about for the next six to 12 months -- where they think things are going.

What is the next generation LAN switch going to look like, and why should we care?

Metzler: When we first brought out LAN switching in 1996, 1997, 1998, boy -- those first switches were dumb. Before that, we had shared 10 megabit Ethernet. Then they said we're going to give you your own 10 megabit Ethernet. Those devices we attached to those switches couldn't pump out at 10 megabits per second. You gave this person all the capacity he could ever dream of.

One of my favorite stories in the early '90s was two engineers (who shall remain nameless) at a high-tech company who wrote an article explaining why you could never exhaust a shared 10 megabit LAN. That's because their assumptions were me at a terminal hunting and pecking and sending a document off to get printed. Well, since we first deployed those high-speed 10 megabit LANs, really dumb access switches, we started doing all kinds of things. Once you started doing voice -- well, gee, you want Power over Ethernet and you want quality of service and you want auto-discovery. We're putting more and more functionality into the LAN to support mobility, to support voice, to support virtualization. Now you've got to have a data center with 1,000 servers and 10,000 VMs, and you do switching and routing with them with minimal delay. How much intelligence and security and Power over Ethernet?

In the old days, if I was a LAN administrator and there was someone on my LAN, I could assume he was a good guy. Now, if you walk into a hospital, they'll give you Internet access. If I'm a doctor, I'll have access to my patients' records but nobody else's. Same with the nurse. Now you have to have LAN with all this kind of intelligence with things like network access control. We're expecting an awful lot more from our LAN. The second thing is most people keep their LAN switches for about five years. So if you bought your LAN switches last year, you'll end up keeping them for a while. Well, if that LAN switch you bought in 2008 can't support your needs come 2010, 2011, that's a real problem.

The bottom-line is we need to think about the requirements on the LAN long before they're there. If we're halfway through a technology refresh cycle, it could be two or three years before we can refresh it again. There is a lot of stuff going on here. There are some vendors like HP going after the sacred cow, the three-tier architecture (access, distribution and core). Even in large data centers, they're recommending in some cases a two-tier architecture partly as a way to reduce cost, save on air conditioning and cut down the latency.

Tags: LANs (Local Area Networks),  Data Center Network Infrastructure,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT LANs (Local Area Networks) 3Com acquisition confirms HP-Cisco battle for China Integrated wireless and wired LAN: Brocade-Motorola deal ups the ante Enterprise passive optical networks: a spanning-tree LAN alternative 10 Gigabit Ethernet tutorial: Connecting data centers, storage, LAN and beyond Intelligent edge switches: Complexity is driving a smarter LAN Extreme's port extender can replace consumer devices at network edge VLANs versus IP subnets: Why use a VLAN over IP subnetting? Troubleshooting VLANs: How to monitor 802.1q tagged traffic Top 10 networking advice of 2008 During a recession, align the network with business priorities Data Center Network Infrastructure Out-of-band network management ensures data center network uptime 3Com acquisition confirms HP-Cisco battle for China Where's the Juniper unified fabric strategy? Still waiting FCoE network roadmap: Do you need a unified fabric strategy? Green data center networks: Smarter architecture, not expensive devices Server virtualization standards may fix network management, security 10 Gigabit Ethernet tutorial: Connecting data centers, storage, LAN and beyond Internal cloud computing on the cheap: Free automated provisioning? IBM data center networking strategy: Battle HP with partnerships Cloud computing networks: Preparing for the future

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 32-bit IP addressing  (SearchNetworking.com) ARCNET  (SearchNetworking.com) master  (SearchNetworking.com) master/slave  (SearchNetworking.com) Port Address Translation (PAT)  (SearchNetworking.com) subnet  (SearchNetworking.com) subnet mask  (SearchNetworking.com) system administrator  (SearchNetworking.com) Technical Office Protocol  (SearchNetworking.com) virtual systems management  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary