WHY AVAYA NETWORK
OPERATING SYSTEM?
TABLE OF
CONTENTS
Hyper-Segmentation .............. 2
High Performance Multicast........................................4
For years, large scale cloud players such as Google, Amazon and Facebook
have purchased white-box switching hardware directly from manufacturers
and used a mix of open source and home grown tools to create powerful,
highly optimized networks. This model slowly gained traction in other
markets, and a number of network operating system vendors started to pop up around the industry and have a limited list of deployments. Their
network operating systems are optimized for Data Center and Web 2.0 type
consumers.
Elegant Data Center InterConnectivity................................ 5
Spanning Tree-Free................... 5
Lightning-Fast Recoveries...... 5
They assume a required skillset and operational infrastructure for loading
each Open Network Install Environment (ONIE) enabled white-box switch
with a network operating system before configuring and implementing. If
troubles arise at any point during the lifetime of the switch, they often have
fragmented support capabilities to assist and troubleshoot issues.
SDN Edge Integration.............. 5
Appendix A - Eliminating
Complexity: From Over 10
Protocols to just 1 ....................6
Appendix B – Complexity of
Multicast Routing.......................6
Introducing Avaya Network Operating System
By contrast, Avaya Network Operating System (NOS) is proven Enterprise
software. It has been deployed across millions of ports in every major
industry across the globe. Avaya NOS is backed by Avaya’s industryrecognized global support organization that operates 24x7x365 and is the
single point of contact for all issues, both hardware and software. Further,
Avaya Support serves both the Avaya branded customer base as well as the
private label customer base and is backed by the Avaya product
development team providing confidence to the customer that they will be
well taken care of.
As the brains of every network switch, the operating systems of switches
have been around for over 25 years1. While switching features have
advanced, most of the protocols used today have not; and have been
around for decades. In fact, many of the features in use today were
developed to alleviate the complexity that these legacy protocols have
created.
https://web.archive.org/
web/20100105152318/http://
www.networkcomputing.
1
Avaya’s approach to network operating system software is fundamentally
different. Avaya has implemented a protocol change at the most
foundational layer of the operating system software. This change negates
the need for up to 10 legacy protocols (for details see Appendix A) that
makes once formidable networking tasks now possible, all while improving
performance elements in a switch. Some of the most impactful networking
features are listed below.
avaya.com | 1
Unfortunately,
Hyper-Segmentation
network
Virtual network segmentation is a powerful networking process that greatly
segmentation
The need for network segmentation is great. Think of Point of Sale (PoS) data and
today is only
Portability and Accountability Act (HIPAA) requirements, video surveillance and
implemented by
either building
physically
separate networks
or implementing
within patches of
the network.
enhances security, improves efficiency of the network, and eases troubleshooting.
Payment Card Industry (PCI) requirements, healthcare data and Health Insurance
Supervisory Control and Data Acquisition (SCADA) traffic. This traffic is highly
sensitive and should be isolated from other network traffic.
Regulated and mission-critical traffic is not all that should be isolated and
protected. Think of departments and work groups that would benefit from traffic
isolation: fire, police, and courts for municipalities; students, faculty, research for
universities; R&D, assembly plants, and OEM’s for manufacturing companies, etc. Creating virtual segments for these groups improves network efficiency and
mitigates data leakage and unapproved access.
Unfortunately, network segmentation today is only implemented by either building
physically separate networks or implementing within patches of the network. For
instance, segments are implemented at the edge of the network with VLAN’s to
separate collision zones. They are also implemented on a standalone basis via
overlays in the data center. The big problem is that most Enterprise data transverses
the entire network and cannot be placed into segments that span the whole
network.
To connect these segments means either implementing a complicated carrier
service like MPLS or manual configuration of VLAN’s across every node that every segment would touch. Both of these are impractical. So, as a result, most
organizations either don’t do segmentation at all or do it on a very limited basis.
Native to Avaya NOS is the ability to easily create network-wide virtual segments.
Because these segments are over the fabric infrastructure, this capability is called,
Hyper-Segmentation. Hyper-Segments spanning the entire network can be created
by simply provisioning edge nodes – everything else is automatic. Hyper-segments
can even be created automatically using network events as triggers. Once Hyper-segments are created, a network can experience the following
advantages:
•A reduction in the attack surface
•A quarantine function if a segment is breached
•An improvement of anomaly scanning
•Greater firewall efficiency
avaya.com | 2
Proper hyper-segmentation must have three characteristics: span the network end-to-end, have a native stealth topology, and have elastic scalability. Currently,
Avaya NOS is the only networking operating system that offers these
characteristics. Let’s delve further into each of these characteristics.
End-to-End Reach
As mentioned above, IT personnel have at times, tried to perform network-wide
segmentation through VLAN tagging, domain stitching, and by using MPLS in the
Enterprise only to find that the complexity and costs were too high. Effectively, this
makes hyper-segmentation impractical for most companies.
With Avaya NOS, hyper-segmentation natively extends from the data center to the desktop. Network-wide segments are seamless and are created with two
configuration commands on designated edge devices. The architecture of the
software then automatically permeates the configuration throughout the core of the network – eliminating error-prone and time consuming network-wide
configuration practices. Now, organizations are able to add new services or make
changes to existing services in minutes rather than days, weeks or months. Avaya
also offers new levels of flexibility in network design. Avaya NOS allows any logical
topology to be built, whether it is Layer 2, Layer 3, or a combination of the two –
anywhere where there is Ethernet connectivity. This eliminates design constraints
and offers the freedom to build service segments on demand, wherever and
whenever they are needed.
Stealth Topology
Because Avaya NOS creates segments on the fabric infrastructure, there are no flat
routing tables to be exposed to hackers. The traffic traveling through the virtual
segments are also invisible to IP hacking tools looking for a lateral attack base. This
is done as Avaya NOS creates hyper-segments in a way that encapsulates data
packets which are not inspected until the last switch at the network edge. So,
although hyper-segmented data travels on the same physical network, it travels
undetected throughout.
Elastic Scalability
Avaya has pioneered the concept of “network elasticity” in relation to hypersegmentation. The “elastic network” stretches network services (containerized in hyper-segments) to the Edge, only as required and only for the duration of a
specific application session. As applications terminate, or end-point devices
closedown or disconnect, the now-redundant networking services retract from the
Edge. Let’s use two examples to demonstrate the benefits of network elasticity.
avaya.com | 3
…elasticity has two obvious
Internet of Things
Take an example of a hospitality venue that is hosting an unusually large event
and needs to shift its video surveillance footprint. Video surveillance cameras
benefits: it
are plugged into the network port at the new location. Using Identity Engines
simplifies and
assigned to the video surveillance hyper-segment which allows surveillance
expedites
and the Fabric Attach feature, the cameras are detected, identified, and
traffic to only travel along the segment and to the video surveillance server and
back. An Intrusion Detection instance is assigned to the surveillance segment to
provisioning monitor for anomalies. This data is immediately stealth and cannot be seen by
for the ever-
versa.
increasing At the conclusion of the event, the cameras are unplugged from the network
number of
network devices,
any IP scanning tools and is unable to leak into any other segments and vice
and moved to another location, the provisioning for that port is torn down
automatically, and the port becomes effectively dead. When the cameras are
plugged into the network at their new location, they are recognized and set up
into their stealth video surveillance segment.
and it has the
added benefit of
reducing a
Data Center
Data center servers are rapidly transitioning to virtual instances. Imagine that
an online retailer is having a sale and the point of sale servers are getting network’s
taxed so a virtual server is spun up to meet the higher demand. With Avaya
exposure and
automatically assigned to the POS hyper-segment without any involvement
attack profile.
automatically torn down.
software, using IEEE approved Auto Attach functionality, the virtual switch is
from IT personnel. When the server is torn down, access to the segment is also
This elasticity has two obvious benefits: it simplifies and expedites provisioning for
the ever-increasing number of network devices, and it has the added benefit of
reducing a network’s exposure and attack profile. After all, you don’t walk about
with your wallet in our hand, open and your cash exposed -- you produce it only
when specifically needed.
High Performance Multicast
Many technologies such as next-generation video surveillance, IPTV, digital signage,
desktop imaging, financial applications, and some network overlays rely on
Multicast. In the early days of networking, Multicasting was a major innovation. But
the option to implement IP Multicasting belies its complexity. The technologies
needed to make Multicasting work in a traditional Ethernet environment are
complicated, involving protocol overlays that must be kept rigorously in synch with
underlying network topologies. Current approaches are ill-suited to next-generation
IP Multicasting applications such as video surveillance, as well as emerging Data
Center transport models such as VXLAN and NVGRE. Many of these applications
involve not just one source to multiple destinations, but multiple sources to multiple
destinations (see Appendix B for more details).
avaya.com | 4
Avaya NOS offers a native scalable, reliable and efficient way of supporting IP
Multicast Routing, without the onerous requirement of configuring, deploying, and
maintaining a complex overlay such as Protocol-Independent Multicast (PIM).
Imagine a Multicast network without Reverse Path Forwarding (RPF) checks,
Rendezvous Points (RP), and complex configuration. Deliver IP Multicast with the simplicity of a single control plane protocol with edge-only configuration, while offering vastly enhanced scale, performance, and reliability. Eliminate your
PIM-induced headaches forever!
Elegant Data Center Inter-Connectivity
Enterprises have realized the power of virtualizing multiple data centers and are
seeking solutions to make the connectivity seamless and simplified. Avaya NOS
offers the ability to create a single end-to-end service construct that can extend
between multiple geographically dispersed data centers without requiring any
overlay protocols or complex protocol stitching. This allows for resource sharing,
seamless VM mobility and true active - active connectivity between data centers
and any other Ethernet-connected location.
Spanning Tree-Free
Spanning Tree Protocol was invented in 19852 and with its many flavors provides a
basic function of avoiding loops in networks by configuring an active link / idle link
algorithm. As each network has to construct this on a customized basis it is complex
and inefficient. Since Avaya NOS uses a fabric end-to-end, all links are active and
passing traffic all the time thereby reducing failover times and increasing overall
network efficiency. Lightning-Fast Recoveries
The elimination of overlay protocols has a profound impact on the ability for the
network to recover after a link or unit failure. Avaya NOS customers report average
recovery times of 320 milliseconds. This represents a vast improvement over
conventional Spanning Tree or Open Shortest Path First (OSPF) based networks,
and a massive improvement when compared to average recovery times in PIMbased Multicast networks.
SDN Edge Integration
Much of the focus of Software-Defined Networking (SDN) has been in the data
center core and to a lesser degree in the wide area network. However, Avaya
Perlman, Radia (1985). “An
Algorithm for Distributed
Computation of a Spanning Tree
in an Extended LAN”. ACM
SIGCOMM Computer
Communication Review 15 (4):
44–53
2
believes that the most powerful application of SDN lies in the edge of the network
where thousands of users, devices, and servers reside. Avaya has recently
introduced solutions that allow SDN control to marry with its Fabric Attach/Auto
Attach features to automate provisioning of users, devices, and servers. Avaya has
leveraged several main stream industry projects such as OpenDaylight, OpenFlow,
Open vSwitch and OpenStack to accomplish this.
avaya.com | 5
The economics of white-box switching is compelling and the maturity and support
of branded network operating systems is essential. The Avaya NOS network
operating system provides the ability to eliminate a trade-off between the two.
Further, with modern protocols and features geared to the new worlds of IoT and
BYOD, Avaya NOS is an ideal solution. Appendix A - Eliminating Complexity: From Over 10
Protocols to just 1
When looking at conventional networks built over the last 20 years, it can be
observed that successive layers of complexity have accumulated, principally in
order to meet evolving applications needs. Virtual LANs (VLAN) create Layer 2
virtualization, and aggregation is enabled by Multi-Link Trunking (MLT) and IEEE
Link Aggregation Control Protocol (LACP). Then there’s dynamic IP Routing that
utilizes either Routing Information Protocol (RIP) or OSPF, often combined with
Equal-cost multi-path routing (ECMP) to provide Layer 3 load-sharing/aggregation
across multiple links. Then we need to need to add Internet Group Management
Protocol (IGMP) (Layer 2) and Distance Vector Multicast Routing Protocol (DVMRP)
or PIM (Layer 3) to support Multicast, and going further afield there’s BGP to
provide peering to Internet providers. Here is the comprehensive list: STP, MSTP,
RSTP, RIPv1, RIPv2, OSPF, EIGRP, ECMP, PIM-SM/PIM-SSM, DVMRP, LSP, GMPLS,
TRILL… and even more are often needed to satisfy sophisticated requirements. Not every protocol will always be used simultaneously in every network, but a
majority will.
It should be obvious that the legacy network architecture has reached a very high
level of complexity. More challenging, all of these protocols also have very high
levels of inter-dependency. For example, if there are any problems, failures, or bugs
at Layer 2 then all the upper layers – and crucially, business applications – will be
most impacted. Think of the “House of Cards” analogy, a stack that could (and
does) collapse, triggers costly business outages that are exacerbated by the slow
and unsynchronized re-convergence of multiple inter-dependent protocol layers.
Appendix B – Complexity of Multicast Routing
Conventionally, IP Multicasting relies on a Distribution Tree built by a Multicast
Routing protocol, typically Protocol Independent Multicast Sparse Mode (PIM-SM),
to deliver packets from the sender/source to the receivers that reside on different
IP subnets. Multicast Routing protocols need to operate in overlay mode with an
underlying Unicast routing protocol, such as OSPF. This dependency commonly
results in issues where packets transmitted by a sender do not reach receivers due
to improper building of the Multicast Tree. In the case of PIM-SM, there is additional
dependency on a device called a Rendezvous Point (RP) to build the Tree for a
Multicast Group. Improper configuration of these protocols and functions can result in packet delivery issues.
avaya.com | 6
Another common cause of non-delivery of packets to receivers is a Reverse Path
Forwarding (RPF) check failure which can occur when the Unicast forwarding path
and the Multicast Tree are not sufficiently congruent.
The pseudo-state established by PIM-SM must remain in exact correlation with the
underlying Unicast routing topology. If this state is lost or becomes ambiguous, all
bets are off. Any change to the network topology can adversely affect the stability
of the IP Multicast service. Additions, deletions, sudden outages for any reason
(e.g., a faulty link, port or module) can all wreak havoc; the Tree truncates and the
distribution service for that length of the Tree is effectively lost. PIM-SM overlays
are also very dependent on timers for the operating protocols and these timers
must be fine-tuned. Mutual dependencies like these are difficult and timeconsuming to troubleshoot, which means longer repair cycles and higher
operational expenses.
Anyone that has been involved in deploying and maintaining large-scale Multicast
environments has the scars to prove it. Indeed, many have found it simply too
problematic and have reverted to Unicast, despite the downside of inefficient
bandwidth utilization. However, IP Multicast is making a comeback, more out of
necessity rather than choice.
About Avaya
Avaya is a leading,
global provider of
customer and team
engagement solutions
and services available
in a variety of flexible
on-premise and cloud
deployment options.
Avaya’s fabricbased networking
solutions help simplify
and accelerate the
deployment of business
critical applications
and services. For more
information, please visit
www.avaya.com.
avaya.com | 7
© 2016 Avaya Inc. All Rights Reserved.
Avaya and the Avaya logo are trademarks of Avaya Inc. and are registered in the
United States and other countries. All other trademarks identified by ®, TM, or SM are registered marks, trademarks, and service marks, respectively, of Avaya Inc.
Other trademarks are the property of their respective owners.
06/16 • DN7869
Provide feedback for this document