Choosing an edge switch: What to consider before you invest

Choosing an edge switch means considering a host of edge switch features that range from advanced security like IPS and malware-scanning to wireless LAN features like integrated access points and Power over Ethernet Plus.

In the first part of this series on switch testing, we explored how to  test 10 GbE switch latency. In part 2, we looked at  benchmarking core switches. In the third part, we outline features to consider when choosing an edge switch.

Edge switches may not be as powerful or expensive as 10 GbE core switches, but it is just as important to evaluate these products before investing. Given the bevy of edge switch features to choose from, the evaluation process can be even more confusing.

Using edge switches for security
LAN edge switch security features: filtering port traffic

Integrating LAN edge switch security and NAC

Using LAN edge switches for network access authentication

Testing raw performance may be the focus of core switches, but that isn't necessarily what to consider when choosing an edge switch. Stripped of their ancillary functions, edge switches route traffic from the office LAN across the WAN, usually to another office or corporate data center. Thus, the basic job of the edge router is just plain easy. It doesn't take advanced software or computational capacity to take data coming in from a Fast Ethernet or Gigabit Ethernet LAN port and queue it for transmission across a WAN port that is running at speeds of a few megabits per second. And given that most edge switch vendors use switch silicon from vendors like Broadcom, it is likely that the basic switching capabilities will work as advertised.

Edge switch functions to consider before investing

Routers enable firewall and VPN tunnel termination: These are almost standard offerings now and don't require a lot of horsepower since the WAN link speed will throttle down traffic to and from these WAN-oriented functions.

Added functionality on the LAN side of the router: Some vendors take an even more aggressive "all-in-one" approach to the edge switch integrating advanced security functions like IPS and malware-scanning. These switches may even have integrated wireless access points. Given the amount of processing power typically available in an edge switch, it is possible to load a lot of functionality in a modest little edge switch. While these functions are separate from basic edge switch functions, combining them means fewer devices to manage.

It is increasingly common to find that the edge switch will offer 24 LAN ports supporting Power over Ethernet (PoE) for VoIP phones, WLAN access points and so on. Currently, we are transitioning to next-generation PoE Plus, which provides higher power to connected devices. To my knowledge, one cannot upgrade PoE to PoE Plus. So, if you need it, make sure your switch is PoE ready.

It is important to investigate the processor and RAM specifications for multi-function devices. While requirements may vary, look for multiple gigabits of RAM and a multi-core processor. I was surprised recently when I saw a leading (and expensive) Web security device come equipped with only 512 MB of memory. It was not enough to store all the virus signatures needed for our testing.

Considering open source when choosing an edge switch

Even though throughput and scalability aren't likely to be major issues for your edge switch, tests over the years have shown that edge routers built on off-the-shelf, standard Intel platforms can outperform many vendors' purpose-built multi-service routers.

A look at two different Tolly tests of Vyatta routers running on Dell servers proves the point. In tests, Vyatta software beat out Cisco Integrated Services Routers (ISRs) on speed and border gateway protocol (BGP) performance. The production volumes of systems built using off-the-shelf hardware components, combined with the cost efficiencies of using a commercial or open-source OS, are reflected in the lower price.

There can be occasions when a proprietary appliance can be what you need -- and this is true for more than just edge routers. If the functions you want to deploy require a specialized OS and/or performance or functionality only available in custom ASICs, you will probably need to find an appliance-based solution that meets your particular requirements.


This was first published in April 2010

Dig deeper on LANs (Local Area Networks)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close