When overseeing a network that serves thousands of users and hundreds of sites, efficiency is a network manager's best friend. For this edition of The Subnet, we caught up with Forrest Schroth, network manager at Atlanta-based staffing agency Randstad US, to find out how he handles the challenges of running a network that supports 300 sites.
What are you working on these days?
Schroth: Integrating VoIP to leverage more SIP functionality, creating tighter security zones to segment what users can access in the environment based on user credentials, moving away from DS1/DS3 technologies to Ethernet to make things more scalable, removing routers on Ethernet sites because switches have gotten smart…
Let's stop there. Can you tell me more about that last one?
Schroth: Routers were grounding points for technology that has really kind of gone away. On our MPLS -- which is an internal, private environment -- I used to run routers because routers could do routing and talk to switches. But switches got really smart; they can run BGP and policy maps and do QoS. At the end of the day, a switch could do everything I needed a router to do in a private [network]. The only reason I was keeping routers around was to terminate T1 lines, but as more and more vendors offered Ethernet as a means for transport -- instead of [only offering] T1s, OC3s and DS3s -- the switches got smart enough to be able to do everything I needed to do in a router. So, why support two objects when really you only need one?
Now, a lot of times my routers were supporting telephony stuff for VoIP. I would actually terminate a phone line in the router, so I kept the router around. But as I've moved some of those sites over to SIP and there's more of a data-based system, I don't need to put phone lines or T1s in the router because it's an Ethernet hand-off. So, I've been getting rid of routers.
How does that feel?
Schroth: It's fewer points to manage. I mean, I like saying, ‘Hey, I've got 20,000 nodes on my network to manage,' so now I've got half of that. But my support contracts on nodes are smaller and it's fewer points of failure. Really, it's just easier.
If there was a networking genie who could grant you three wishes, what would you ask for?
Schroth: Here's what I want from the networking genie: I want [carrier] Ethernet in 30 days, not 90 days. [Local exchange carriers] pretty much quote any turn-up on an Ethernet circuit at 90 days. I would say turn it up in 30 days like you would T1s. That would be very exciting to me.
Second, tiered Internet would disappear and net neutrality would triumph.
And third, easier reroutes in BGP -- the whole [issue] of, 'I'm on the Internet and I have to route BGP because that's what everybody routes on the Internet, and I fail a circuit and I want to fail over to another one.' There's some new protocol out called BGP PIC that's trying to do some fast reroute stuff, but it's tricky at best. So my biggest challenge really is in a BGP cloud, which I have to run on MPLS to get a faster reroute.
When and how did you figure out you wanted to be a network engineer?
Schroth: DEF CON '95. I saw people doing really cool stuff on the Internet and I wanted to learn more about it.
What TV show are you addicted to right now?
Schroth: I don't watch a lot of TV -- I watch movies and I watch The History Channel. But if I had to pick a show, I would go with "The Big Bang Theory" because nerds are finally cool.
- Check the network before moving to the cloud –SearchSecurity.com
- IT Handbook: Network Considerations for VDI –SearchDataCenter.com
- Mobile banking strategies - maximise your revenues –ComputerWeekly.com
- Emerging PaaS security tactics –SearchSecurity.com
Dig Deeper on Network Infrastructure
Network shaping: How does it enable BGP attacks to divert dataBy: Judith Myerson
Google BGP route leak was accidental, not hijacking
What does the expansion of MANRS mean for BGP security?
Origin authentication a small step toward resolving BGP security issues