WHY AVAYA NETWORK OPERATING SYSTEM? TABLE OF CONTENTS Hyper-Segmentation .............. 2 High Performance Multicast........................................4 For years, large scale cloud players such as Google, Amazon and Facebook have purchased white-box switching hardware directly from manufacturers and used a mix of open source and home grown tools to create powerful, highly optimized networks. This model slowly gained traction in other markets, and a number of network operating system vendors started to pop up around the industry and have a limited list of deployments. Their network operating systems are optimized for Data Center and Web 2.0 type consumers. Elegant Data Center InterConnectivity................................ 5 Spanning Tree-Free................... 5 Lightning-Fast Recoveries...... 5 They assume a required skillset and operational infrastructure for loading each Open Network Install Environment (ONIE) enabled white-box switch with a network operating system before configuring and implementing. If troubles arise at any point during the lifetime of the switch, they often have fragmented support capabilities to assist and troubleshoot issues. SDN Edge Integration.............. 5 Appendix A - Eliminating Complexity: From Over 10 Protocols to just 1 ....................6 Appendix B – Complexity of Multicast Routing.......................6 Introducing Avaya Network Operating System By contrast, Avaya Network Operating System (NOS) is proven Enterprise software. It has been deployed across millions of ports in every major industry across the globe. Avaya NOS is backed by Avaya’s industryrecognized global support organization that operates 24x7x365 and is the single point of contact for all issues, both hardware and software. Further, Avaya Support serves both the Avaya branded customer base as well as the private label customer base and is backed by the Avaya product development team providing confidence to the customer that they will be well taken care of. As the brains of every network switch, the operating systems of switches have been around for over 25 years1. While switching features have advanced, most of the protocols used today have not; and have been around for decades. In fact, many of the features in use today were developed to alleviate the complexity that these legacy protocols have created. https://web.archive.org/ web/20100105152318/http:// www.networkcomputing. 1 Avaya’s approach to network operating system software is fundamentally different. Avaya has implemented a protocol change at the most foundational layer of the operating system software. This change negates the need for up to 10 legacy protocols (for details see Appendix A) that makes once formidable networking tasks now possible, all while improving performance elements in a switch. Some of the most impactful networking features are listed below. avaya.com | 1 Unfortunately, Hyper-Segmentation network Virtual network segmentation is a powerful networking process that greatly segmentation The need for network segmentation is great. Think of Point of Sale (PoS) data and today is only Portability and Accountability Act (HIPAA) requirements, video surveillance and implemented by either building physically separate networks or implementing within patches of the network. enhances security, improves efficiency of the network, and eases troubleshooting. Payment Card Industry (PCI) requirements, healthcare data and Health Insurance Supervisory Control and Data Acquisition (SCADA) traffic. This traffic is highly sensitive and should be isolated from other network traffic. Regulated and mission-critical traffic is not all that should be isolated and protected. Think of departments and work groups that would benefit from traffic isolation: fire, police, and courts for municipalities; students, faculty, research for universities; R&D, assembly plants, and OEM’s for manufacturing companies, etc. Creating virtual segments for these groups improves network efficiency and mitigates data leakage and unapproved access. Unfortunately, network segmentation today is only implemented by either building physically separate networks or implementing within patches of the network. For instance, segments are implemented at the edge of the network with VLAN’s to separate collision zones. They are also implemented on a standalone basis via overlays in the data center. The big problem is that most Enterprise data transverses the entire network and cannot be placed into segments that span the whole network. To connect these segments means either implementing a complicated carrier service like MPLS or manual configuration of VLAN’s across every node that every segment would touch. Both of these are impractical. So, as a result, most organizations either don’t do segmentation at all or do it on a very limited basis. Native to Avaya NOS is the ability to easily create network-wide virtual segments. Because these segments are over the fabric infrastructure, this capability is called, Hyper-Segmentation. Hyper-Segments spanning the entire network can be created by simply provisioning edge nodes – everything else is automatic. Hyper-segments can even be created automatically using network events as triggers. Once Hyper-segments are created, a network can experience the following advantages: •A reduction in the attack surface •A quarantine function if a segment is breached •An improvement of anomaly scanning •Greater firewall efficiency avaya.com | 2 Proper hyper-segmentation must have three characteristics: span the network end-to-end, have a native stealth topology, and have elastic scalability. Currently, Avaya NOS is the only networking operating system that offers these characteristics. Let’s delve further into each of these characteristics. End-to-End Reach As mentioned above, IT personnel have at times, tried to perform network-wide segmentation through VLAN tagging, domain stitching, and by using MPLS in the Enterprise only to find that the complexity and costs were too high. Effectively, this makes hyper-segmentation impractical for most companies. With Avaya NOS, hyper-segmentation natively extends from the data center to the desktop. Network-wide segments are seamless and are created with two configuration commands on designated edge devices. The architecture of the software then automatically permeates the configuration throughout the core of the network – eliminating error-prone and time consuming network-wide configuration practices. Now, organizations are able to add new services or make changes to existing services in minutes rather than days, weeks or months. Avaya also offers new levels of flexibility in network design. Avaya NOS allows any logical topology to be built, whether it is Layer 2, Layer 3, or a combination of the two – anywhere where there is Ethernet connectivity. This eliminates design constraints and offers the freedom to build service segments on demand, wherever and whenever they are needed. Stealth Topology Because Avaya NOS creates segments on the fabric infrastructure, there are no flat routing tables to be exposed to hackers. The traffic traveling through the virtual segments are also invisible to IP hacking tools looking for a lateral attack base. This is done as Avaya NOS creates hyper-segments in a way that encapsulates data packets which are not inspected until the last switch at the network edge. So, although hyper-segmented data travels on the same physical network, it travels undetected throughout. Elastic Scalability Avaya has pioneered the concept of “network elasticity” in relation to hypersegmentation. The “elastic network” stretches network services (containerized in hyper-segments) to the Edge, only as required and only for the duration of a specific application session. As applications terminate, or end-point devices closedown or disconnect, the now-redundant networking services retract from the Edge. Let’s use two examples to demonstrate the benefits of network elasticity. avaya.com | 3 …elasticity has two obvious Internet of Things Take an example of a hospitality venue that is hosting an unusually large event and needs to shift its video surveillance footprint. Video surveillance cameras benefits: it are plugged into the network port at the new location. Using Identity Engines simplifies and assigned to the video surveillance hyper-segment which allows surveillance expedites and the Fabric Attach feature, the cameras are detected, identified, and traffic to only travel along the segment and to the video surveillance server and back. An Intrusion Detection instance is assigned to the surveillance segment to provisioning monitor for anomalies. This data is immediately stealth and cannot be seen by for the ever- versa. increasing At the conclusion of the event, the cameras are unplugged from the network number of network devices, any IP scanning tools and is unable to leak into any other segments and vice and moved to another location, the provisioning for that port is torn down automatically, and the port becomes effectively dead. When the cameras are plugged into the network at their new location, they are recognized and set up into their stealth video surveillance segment. and it has the added benefit of reducing a Data Center Data center servers are rapidly transitioning to virtual instances. Imagine that an online retailer is having a sale and the point of sale servers are getting network’s taxed so a virtual server is spun up to meet the higher demand. With Avaya exposure and automatically assigned to the POS hyper-segment without any involvement attack profile. automatically torn down. software, using IEEE approved Auto Attach functionality, the virtual switch is from IT personnel. When the server is torn down, access to the segment is also This elasticity has two obvious benefits: it simplifies and expedites provisioning for the ever-increasing number of network devices, and it has the added benefit of reducing a network’s exposure and attack profile. After all, you don’t walk about with your wallet in our hand, open and your cash exposed -- you produce it only when specifically needed. High Performance Multicast Many technologies such as next-generation video surveillance, IPTV, digital signage, desktop imaging, financial applications, and some network overlays rely on Multicast. In the early days of networking, Multicasting was a major innovation. But the option to implement IP Multicasting belies its complexity. The technologies needed to make Multicasting work in a traditional Ethernet environment are complicated, involving protocol overlays that must be kept rigorously in synch with underlying network topologies. Current approaches are ill-suited to next-generation IP Multicasting applications such as video surveillance, as well as emerging Data Center transport models such as VXLAN and NVGRE. Many of these applications involve not just one source to multiple destinations, but multiple sources to multiple destinations (see Appendix B for more details). avaya.com | 4 Avaya NOS offers a native scalable, reliable and efficient way of supporting IP Multicast Routing, without the onerous requirement of configuring, deploying, and maintaining a complex overlay such as Protocol-Independent Multicast (PIM). Imagine a Multicast network without Reverse Path Forwarding (RPF) checks, Rendezvous Points (RP), and complex configuration. Deliver IP Multicast with the simplicity of a single control plane protocol with edge-only configuration, while offering vastly enhanced scale, performance, and reliability. Eliminate your PIM-induced headaches forever! Elegant Data Center Inter-Connectivity Enterprises have realized the power of virtualizing multiple data centers and are seeking solutions to make the connectivity seamless and simplified. Avaya NOS offers the ability to create a single end-to-end service construct that can extend between multiple geographically dispersed data centers without requiring any overlay protocols or complex protocol stitching. This allows for resource sharing, seamless VM mobility and true active - active connectivity between data centers and any other Ethernet-connected location. Spanning Tree-Free Spanning Tree Protocol was invented in 19852 and with its many flavors provides a basic function of avoiding loops in networks by configuring an active link / idle link algorithm. As each network has to construct this on a customized basis it is complex and inefficient. Since Avaya NOS uses a fabric end-to-end, all links are active and passing traffic all the time thereby reducing failover times and increasing overall network efficiency. Lightning-Fast Recoveries The elimination of overlay protocols has a profound impact on the ability for the network to recover after a link or unit failure. Avaya NOS customers report average recovery times of 320 milliseconds. This represents a vast improvement over conventional Spanning Tree or Open Shortest Path First (OSPF) based networks, and a massive improvement when compared to average recovery times in PIMbased Multicast networks. SDN Edge Integration Much of the focus of Software-Defined Networking (SDN) has been in the data center core and to a lesser degree in the wide area network. However, Avaya Perlman, Radia (1985). “An Algorithm for Distributed Computation of a Spanning Tree in an Extended LAN”. ACM SIGCOMM Computer Communication Review 15 (4): 44–53 2 believes that the most powerful application of SDN lies in the edge of the network where thousands of users, devices, and servers reside. Avaya has recently introduced solutions that allow SDN control to marry with its Fabric Attach/Auto Attach features to automate provisioning of users, devices, and servers. Avaya has leveraged several main stream industry projects such as OpenDaylight, OpenFlow, Open vSwitch and OpenStack to accomplish this. avaya.com | 5 The economics of white-box switching is compelling and the maturity and support of branded network operating systems is essential. The Avaya NOS network operating system provides the ability to eliminate a trade-off between the two. Further, with modern protocols and features geared to the new worlds of IoT and BYOD, Avaya NOS is an ideal solution. Appendix A - Eliminating Complexity: From Over 10 Protocols to just 1 When looking at conventional networks built over the last 20 years, it can be observed that successive layers of complexity have accumulated, principally in order to meet evolving applications needs. Virtual LANs (VLAN) create Layer 2 virtualization, and aggregation is enabled by Multi-Link Trunking (MLT) and IEEE Link Aggregation Control Protocol (LACP). Then there’s dynamic IP Routing that utilizes either Routing Information Protocol (RIP) or OSPF, often combined with Equal-cost multi-path routing (ECMP) to provide Layer 3 load-sharing/aggregation across multiple links. Then we need to need to add Internet Group Management Protocol (IGMP) (Layer 2) and Distance Vector Multicast Routing Protocol (DVMRP) or PIM (Layer 3) to support Multicast, and going further afield there’s BGP to provide peering to Internet providers. Here is the comprehensive list: STP, MSTP, RSTP, RIPv1, RIPv2, OSPF, EIGRP, ECMP, PIM-SM/PIM-SSM, DVMRP, LSP, GMPLS, TRILL… and even more are often needed to satisfy sophisticated requirements. Not every protocol will always be used simultaneously in every network, but a majority will. It should be obvious that the legacy network architecture has reached a very high level of complexity. More challenging, all of these protocols also have very high levels of inter-dependency. For example, if there are any problems, failures, or bugs at Layer 2 then all the upper layers – and crucially, business applications – will be most impacted. Think of the “House of Cards” analogy, a stack that could (and does) collapse, triggers costly business outages that are exacerbated by the slow and unsynchronized re-convergence of multiple inter-dependent protocol layers. Appendix B – Complexity of Multicast Routing Conventionally, IP Multicasting relies on a Distribution Tree built by a Multicast Routing protocol, typically Protocol Independent Multicast Sparse Mode (PIM-SM), to deliver packets from the sender/source to the receivers that reside on different IP subnets. Multicast Routing protocols need to operate in overlay mode with an underlying Unicast routing protocol, such as OSPF. This dependency commonly results in issues where packets transmitted by a sender do not reach receivers due to improper building of the Multicast Tree. In the case of PIM-SM, there is additional dependency on a device called a Rendezvous Point (RP) to build the Tree for a Multicast Group. Improper configuration of these protocols and functions can result in packet delivery issues. avaya.com | 6 Another common cause of non-delivery of packets to receivers is a Reverse Path Forwarding (RPF) check failure which can occur when the Unicast forwarding path and the Multicast Tree are not sufficiently congruent. The pseudo-state established by PIM-SM must remain in exact correlation with the underlying Unicast routing topology. If this state is lost or becomes ambiguous, all bets are off. Any change to the network topology can adversely affect the stability of the IP Multicast service. Additions, deletions, sudden outages for any reason (e.g., a faulty link, port or module) can all wreak havoc; the Tree truncates and the distribution service for that length of the Tree is effectively lost. PIM-SM overlays are also very dependent on timers for the operating protocols and these timers must be fine-tuned. Mutual dependencies like these are difficult and timeconsuming to troubleshoot, which means longer repair cycles and higher operational expenses. Anyone that has been involved in deploying and maintaining large-scale Multicast environments has the scars to prove it. Indeed, many have found it simply too problematic and have reverted to Unicast, despite the downside of inefficient bandwidth utilization. However, IP Multicast is making a comeback, more out of necessity rather than choice. About Avaya Avaya is a leading, global provider of customer and team engagement solutions and services available in a variety of flexible on-premise and cloud deployment options. Avaya’s fabricbased networking solutions help simplify and accelerate the deployment of business critical applications and services. For more information, please visit www.avaya.com. avaya.com | 7 © 2016 Avaya Inc. All Rights Reserved. Avaya and the Avaya logo are trademarks of Avaya Inc. and are registered in the United States and other countries. All other trademarks identified by ®, TM, or SM are registered marks, trademarks, and service marks, respectively, of Avaya Inc. Other trademarks are the property of their respective owners. 06/16 • DN7869 Provide feedback for this document