Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

12 April 2008

Network Element

During our Computer Network course in the university, we used to study the differences between LAN Switches and Routers, and one of the main differences between them was that Switches forward traffic using Layer-2 header (MAC Address) while Routers forward traffic based on Layer-3 header (IP Address). Later on, in my professional life, I realized that there are also Layer-3 switches, and these Switches can do Routing, ACL's, Network Address Translation, and all other Routers functionalities.

According to Wikipedia, "The major difference between the packet switching operation of a router and that of a Layer 3 switch is the physical implementation. In general-purpose routers, packet switching takes place using a microprocessor, whereas a Layer 3 switch performs this using application-specific integrated circuit (ASIC) hardware". And may be that's why Layer-3 switches have higher throughput and process more packets per second than routers. LAN Switches also have higher port density and the cost of an Ethernet port on a Switch is much cheaper than that of a Router. Ok, in fact, the behaviour of the traffic in a LAN environment is different than that in an ISP, and that's why the Router's interface hardware is different than that of a Switch. The Buffers and Queues of Router's interfaces are different than those of a Switch's interfaces, and that's why the Switch's interfaces is cheaper. But I am sure one day the Switch's interfaces will inherit those advanced features in their Router's equivalents, especially with the boom of Metro Ethernet. There Routers nowadays also support WAN Interfaces such as Serial Interfaces, E1's and STM-1's, while switches on the other hand do not support such kind of interfaces. MPLS is another protocol that you cannot find in Switches, however Foundry's NetIron for example supports it.

As you can see, in the following few years, the boundaries between LAN Switches and Routers are going to disappear.

Now, let's see what's is going on in the Network Security field. We used to have Firewalls, IDS's/IPS's, Network-Based Antivirus, Antispam, Anti-X. Each one of those, was a separate product. Now we just deploy a UTM, and it's just a Firewall, IPS, Antivirus, all in a single box. UTM's may be suitable now to SOHO and Medium Enterprises more than ISP's and Large Data Centres due to their performance limitations and so. But believe me the advances in Processors and ASIC's - Intel and Cavium Networks are doing great job here - are capable of getting the UTM's into your Data Centre soon.

But wait a minute, now the Network products are getting combined, and so are the security products. What about combining the Network and Security products together as well? Ok, let's see what the two main players are doing. Cisco is adding security features to their ISR (Integrated Services Router).
"Cisco Integrated Services Routers help maximize the power of your organization’s network with unified network services, integrated security, mobility, and application intelligence", Cisco Systems.
The also decided to open their ISR for Application developers to build their own applications and addons on top of it.
At the Cisco Partner Summit 2008 in Honolulu, the San Jose, Calif.-based networking giant unveiled the Cisco Application eXtension Platform (AXP). The AXP consists of open, Linux-based Cisco ISR hardware modules for application development and hosting to support a tighter integration of the network and applications. According to Inbar Lasser-Raab, Cisco's senior director of access routing and switching, several off-the-shelf and custom applications are already available for the ISR, along with a development and support ecosystem that includes a downloadable software development kit (SDK) and application programming interface (API) for application developers.
Lasser-Raab said opening the ISR to third-party applications, on top of the more than 30 services already available for the platform, creates a link between the network and applications and imbeds those applications directly onto the platform, instead of having them just hosted on the router. Services available for the ISR include VoIP, wireless, WAN access, unified communications and a host of security tools like NAC, IPS, content filtering and VPN.
Andrew R Hickey, ChannelWeb.
Juniper on the other hand introduced their SSG-Series of Firewalls/UTM few years ago, they can have multiple LAN as well as WAN interfaces, and they also can run all those well known dynamic routing protocols. Later on, Juniper wraps Security Services Into JUNOS, their Router's and Switches Operating System.
Juniper Networks (NSDQ:JNPR) took JUNOS one step further, announcing that it is now wrapping the security services typically found in its ScreenOS operating system into JUNOS, meaning ScreenOS firewall, IPsec VPN, NAT, DOS and D-DOS capabilities will run on top of JUNOS software.
Michael Frendo, Juniper's senior vice president of high-end security systems, said integrating security services into the vendor's line of J-Series services routers, with integration with EX switches to follow, solidifies Juniper's vision of "fast, reliable and secure networking".
Andrew R Hickey, ChannelWeb
Juniper have opened their Operating System to Application developers even before Cisco.
Juniper has announced a Partner Solution Development Platform (PSDP) allowing customers and partners to develop specialized applications on its JUNOS operating system.
The company claims the PSDP is the industry's first partner development platform for a carrier-class network operating system, and anticipates its customers and partners will deploy new services unique to their businesses, and improve network operations productivity.
Rodney Gedda , Computerworld.
In brief, I don't think in the coming few years, there will be dedicated, Firewalls, Switches, or Routers. There will be a Network Element instead. An all in one product that will be capable of doing all the Networking, Security and may be IP Telephony tasks.

Tags: , ,

3 comments:

  1. That's a correct conclusion. The lines between the Routers and switches keep diminishing and get crossed. In fact, routers, bridges and switches are all going to become relatively "smarter" and function at more network layers.
    This is actually being driven more by the network companies to push into the space of service companies. (think, Cisco pushing up the network stack into Microsoft, Sun, Linux space) While more software companies are pushing Down the network stack (all the above service companies have some sort of a Routing/switching solutions. But it still can't beat the network companies in their field)
    So for the near future it's going to continue to be like this. Upper layer dominated by companies who know how to make a good UI (not Cisco of course, although they're dreaming about it)
    Firewalls and Proxies are currently the battle field between the guys. They're all pushing for a bigger piece of that. While many are pushing better, cheaper and faster set-top boxes which sacrifice a lot more elsewhere.
    Ultimately, the network companies want to provide the upper layer functionality (think presentation layer, and application layer), they're already doing some DNS, every single one of their devices has a built in webserver. Many devices has RADIUS and can terminate EAP. Some already perform fantastic VoIP feats, IPTV, but the upper layer dudes are making sure they monopolize this area soon

    So, this battle is far from over :)

    ReplyDelete
  2. This is one of the magnificent and good post.Your blog information is very unique.This is one of the useful post.
    Android app developers

    ReplyDelete
  3. Nice story and its a good interesting information, i think mostly peoples likes your blog because its having the wonderful entertainment. so thanks for providing these good time.

    ReplyDelete