Educational and Administrative Computing on the Same Wide Area Network

Warren Williams, Grossmont Union High School District
with credit and appreciation to LANNET, Inc.

Switched Ethernet and Virtual Workgroups Across a WAN

A dilema faced by many educational IS departments is how to segregate student and administrative traffic on the same WAN. Careful to protect administrative systems and users and mindful to conserve bandwidth, IS professionals are reluctant to allow student and teacher "experimentation" on the WAN. Solutions range from the unacceptable "just keep the students off of the network," to the very expensive "build a parallel network." In the past year, a range of technologies for switching Ethernet has become available, each promising different benefits. Handling adds, moves and changes to the network with simple clicks of the mouse; creating more affordable and 1ower-latency segmentation than bridges or routers; and turbocharging bandwidth to high-performance end-station--these are a few of the "switching solutions" held out to network managers. LAN managers are eager to implement these solutions. But first they should become aware of answers to the following:
How are switched networks managed, and what are "virtual LANs" and their benefits ?
How do you integrate switched Ethernet with ATM and other switched protocols such as switched FDDI and switched 100BaseT?
Networks are changing--whether it's moving to a client/server architecture, giving users higher bandwidth, addressing segmentation issues, or just keeping up with weekly adds, moves, and changes. Ethernet switching can help. The following information will describe how the various Ethernet switching technologies work, outlines typical network design and business problems they are designed to solve, and provides a guide for how to smoothly integrate and manage switched Ethernet products with other high-speed LANs such as switched FDDI, switched 100BaseT, and ATM.

The Ethernet Switching Technologies

Understanding Them & Choosing The Right Technology For The Problem

There are two core technologies currently available for the switching of Ethernet-the static Ethernet switch and the dynamic Ethernet switch.

The Static Ethernet Switch
The static Ethernet switch was designed to simplify the job of implementing adds, moves, and changes to an organization's network by automating these operations in software. The static Ethernet switch operates on traditional shared Ethernet networks-networks in which packets from nodes are transmitted past every port and often collide with each other then retry for network access in a collision-based arbitration scheme. Static switching is called "static" because, unlike the dynamic Ethernet switch (discussed in the next section), it requires involvement on an operation-by-operation basis by the network manager. That is, each time a node is to be moved or added on the network the LAN manager must perform operations in network management software. Once a static switching operation is completed, the job is done. The user or device has been moved to a new shared network segment and will stay there until it is moved again. The static switch works like this:

Figure 1. -- Static Ethernet Switching
1.6mb., 8 pages. (Includes Figures 1 through 8)

Static switches allow the network manager to easily move users from one shared LAN bus to another shared LAN bus within a hub. For example, in Figure 1 above, all eight users attached to ports on the static switch are originally connected to Ethernet Bus 1--the LAN segment shared by users in the Payroll department. Ethernet Bus 4 is the LAN segment shared by users in the Human Resources department (these users are not shown). These two LAN segments are traditional shared Ethernet LANs. What if the uppermost secretary (encircled) had been transferred to and wished to be connected to the Human Resources LAN segment (Ethernet Bus 4)?

With a static Ethernet switch installed, the LAN manager simply calls up a graphical view of the hub on the screen of his network management workstation. By using his mouse to point and click on the port of the secretary who is moving, the LAN manager selects this port. He can then assign the port to Ethernet Bus 4. From that moment forward, the static switch will direct packets originating from that secretary's port to Ethernet Bus 4 and allow packets originating from servers and users in Human Resources to reach the newly transferred secretary. The network change required only seconds to accomplish. Before static switching, if the secretary had been transferred to Human Resources, the LAN manager would have to walk to Payroll, trace the secretary's network cable to the wiring closet, physically find its connection to the hub, physically unplug it from the Payroll segment, and physically plug it into a module connected to the Human Resources segment. In organizations with numerous adds, moves and changes to the LAN each week or each day, this is obviously undesirable. Thus, the static Ethernet switch is designed to ease adds, moves, and changes. A further distinction between static and dynamic switching is that static switching does not address the issue of bandwidth (performance). The only way a user will get better performance with this kind of switching is if she is moved from an over- populated and congested shared LAN to a shared LAN with fewer users attached to it. Only the dynamic Ethernet switch--discussed next--was designed to increase the bandwidth of a standard Ethernet network.

The Dynamic Ethernet Switch
If you imagine an Ethernet switch to work something like a telephone switch (a system that dynamically connects many simultaneous point-to-point conversations on demand as needed), that is the basic idea behind the dynamic Ethernet switch. In this way, a dynamic Ethernet switch greatly increases bandwidth available to standard Ethernet nodes--i.e. end-stations and servers equipped with standard Ethernet Network Interface Cards (NICs), drivers, cabling, and applications. This Ethernet switch works like this: Packets originating from a PC connected to a port on a dynamic Ethernet switch are examined by the switch; the switch identifies the packet's source and destination port addresses; the switch then dynamically opens a dedicated 10 Mbps circuit (essentially a private Ethernet network created on demand) that carries the packet through the switching fabric from source port to destination port.

Figure 2. -- Dynamic Ethernet Switching
1.6mb., 8 pages. (Includes Figures 1 through 8)

For example, in Figure 2 above, packets being sent from workstation A to workstation B are examined by the dynamic switch; a dedicated 10 Mbps point-to-point circuit through the switching fabric is dynamically established, and the data packets are sent. Significantly, the packets are not transmitted to all workstations on the network as in a traditional shared Ethernet. Instead, the switch creates a full 10 Mbps point-to-point Ethernet circuit for each data transmission. End-stations connected to the dynamic switch can still use standard Ethernet NICs, drivers, cable, and applications. But inside the dynamic switch, the collision-based network access mechanism of traditional Ethernet is no longer in operation. There is little or no contention for the network. The "collisions" normally associated with Ethernet LANs are substantially reduced or even eliminated, giving each user access to the LAN's full bandwidth capability--for Ethernet, a full 10Mbps. Since all packets are switched through private, point-to-point 10 Mbps circuits, the dynamic Ethernet switch delivers more than enough bandwidth needed to network the most data-intensive traffic such as shared client-server applications, distributed databases, imaging, CAD, even multimedia, all the way to the desktop using standard Ethernet. Since data is not transmitted past every port, the network also cannot be eavesdropped upon or "sniffed." Thus the dynamic switch environment also provides a more secure solution than a shared Ethernet LAN.

At the same time workstation A is transmitting to workstation B, the dynamic switch can also actively examine other packets originating from workstations connected to its other ports and simultaneously open dedicated 10 Mbps circuits that carry these packets from their source to destination ports as well. Thus many "private source-to destination Ethernets" can be flowing in parallel through the switch at any given time. This parallel, point-to-point characteristic of the dynamic Ethernet switch emulates a phone switch and is similar to Asynchronous Transfer Mode (ATM) networks. Once an individual port's request for a source-destination data transmission has been fulfilled, the switch drops the circuit and dedicates its attention to other requests. In this way bandwidth through the dynamic switch is allocated on demand. This bandwidth-on demand characteristic is another feature found in ATM networks. But since dynamic Ethernet switches deliver this capability over a standard Ethernet network (standard NICs, drivers, cabling and applications), users of such a network can be said to enjoy ATM-like dedicated bandwidth and increased security while leveraging their investments in an already-installed Ethernet infrastructure.

Variations Of The Core Technologies
Segment Switching, Port Switching, And Module Switching As Implementations Of Dynamic & Static Switch Technology

There are two implementations of each of the dynamic switch and static switch technologies. Accounting for these implementations yields the full spectrum of Ethernet switching options:

In static switching, the difference between port and module switching is minor and the applications of the two are for all purposes identical. In dynamic switching, however, the dynamic segment switch has a very distinct application from the dynamic port switch. The four implementations look and function like this:

Figure 3. -- Dynamic Port Switch
1.6mb., 8 pages. (Includes Figures 1 through 8)

The Dynamic Port Switch--Turbocharged Bandwidth To The Desktop
The dynamic port switch functions as previously described in the discussion of the dynamic switch. Each of its ports is intended to connect to a single end-station or server. Since the switch gives each port a dedicated 10 Mbps "private Ethernet" circuit on demand, its function is to allocate much greater network bandwidth to individual endstations and servers than is possible using a traditional shared Ethernet with its collision based network access mechanism. For example, in Figure 3 above, packets sent from workstation A to workstation B are examined by the dynamic port switch. The switch reads the source and destination addresses of the packets and opens a dedicated 10 Mbps private Ethernet from workstation A to workstation B, and the packets are sent. The switch can create many of these source-to-destination circuits simultaneously. After a transmission is complete, the private circuit is dropped and the switch continues serving other requests. Since standard Ethernet NICs, driver software, cabling and applications can be used in end-stations and servers, the dynamic port switch is ideal for cost effectively providing the bandwidth to carry data-intensive applications such as clientserver applications, distributed databases, imaging, CAD/CAM/CAE, desktop video conferencing, and multimedia over the network to the desktop. The existing standard Ethernet infrastructure can be preserved while realizing a very large increase in bandwidth for users.

Figure 4. -- Dynamic Segment Switch
1.6mb., 8 pages. (Includes Figures 1 through 8)

The Dynamic Segment Switch--A Better Way To Segment LANs
The dynamic segment switch functions internally in exactly the same way as the dynamic port switch. It allocates private, point-to-point 10 Mbps circuits to its ports on demand across the switching fabric. However, each dynamic segment switch port is able to connect to an entire network segment (i.e. a traditional shared Ethernet LAN) rather than only to an individual end-station or server. The dynamic segment switch accomplishes this by being able to identify a large number of MAC addresses--addresses of individual end-stations--on each port. The ability to string entire networks from each port often allows the dynamic segment switch to be substituted for bridges and routers in the job of segmenting networks. For example, in Figure 4 above, if users in Network Segment A send data among themselves, the switch recognizes the traffic as local to Network A and does not allow those packets to reach the rest of the network. Network A is segmented from the remainder of the LAN. But if a user on Network A sends packets to a user on Network Segment B, the switch recognizes that those packets need to be sent across the switching fabric to Network B. The switch opens a dedicated 10 Mbps circuit and sends the data to the destination user on Network B.

Segmentation, the process of breaking a large congested network into a series of smaller LANs each with fewer users and less traffic, has traditionally been implemented by dividing LAN segments with bridges and routers. Dynamic segment switches segment LANs compare favorably to bridges and routers because: (1 .) they can be more cost-effective; (2.) switches are easier to manage--they are plug-and-play where routers require complex network management at the Network Layer of the OSI protocol stack; (3.) switches are faster--because they examine only the source and destination addresses in the header portion of data packets, the switch has shorter latency than bridges and routers which capture and examine the entire packet before forwarding it on.

Figure 5. -- Static Port Switching
1.6mb., 8 pages. (Includes Figures 1 through 8)

The Static Port Switch--Port-Level Adds, Moves, And Changes To The Network Via Software
The static port switch functions as previously described in the discussion of static switching. It lets network managers move users via software from one of a hub's shared Ethernet buses to another, facilitating adds, moves and changes to the network. The static port switch gives LAN managers the greatest possible flexibility in implementing these moves by allowing individual ports to be selected and assigned to different shared Ethernet buses. For example in Figure 5 above, port 2 is moved from Ethernet Bus 1 (Payroll) to Ethernet Bus 4 (Human Resources) while the other ports remain connected to the Payroll Bus. Selecting and moving individual ports can also maximize port usage, reducing the number of modules that need to be purchased for the hub. For instance, if eight users are being added to the network but they will work in four different departments served by four different Ethernet buses, all of the users could be served by a single static port-switching module. The alternative would be to purchase four new modules and attach each to a different Ethernet bus. Most of the ports on the four new modules would be unused--an inefficient and costly purchase.

Figure 6. -- Static Module Switching
1.6mb., 8 pages. (Includes Figures 1 through 8)

The Static Module Switch--Moving An Entire Module From Bus To Bus Via Software
The static module switch also operates as a software-controlled system for implementing adds, moves, and changes to the network. However, the static module switch moves the entire hub module including all its ports from one shared bus to another. For example, in Figure 6 above, the eight-port module is moved via a point-and click operation in management software from Ethernet Bus 1 (Payroll) to Ethernet Bus 4 (Human Resources). Note that before the move all ports on the module were black indicating connection to Ethernet Bus 1 (black). After the move all ports on the module changed to gray showing connection to Ethernet Bus 4 (white).

Software Control Of Switched Networks

The full power of both dynamic and static Ethernet switches is unleashed when the switches are controlled via network management software. In the case of static Ethernet switches, network management is straightforward. A graphical user interface allows a network manager to point and click on a port or module and assign it to any Ethernet bus in the hub. The LAN manager may repeat this process until all moves, adds and changes are done.

What Is A Virtual LAN?

Software control of dynamic switched networks offers a diverse range of solutions based on the creation of virtual LANs. A virtual LAN is a secure, softwaredefined group of nodes that function as a networked workgroup of users sitting close together although the nodes may actually be located in diverse places around the LAN-i.e. in different departments, on different floors, or in different buildings. The virtual LAN is called "virtual" because it is defined entirely in software and may be quickly deleted or altered at any time by the network manager to fit the changing workflow needs of the business. Virtual LANs within a dynamic Ethernet switch network share many characteristics with ATM-based virtual LANs while leveraging an organization's investment in standard Ethernet NICs, drivers, cabling and applications. Like adds, moves, and changes with a static Ethernet switch, a dynamic switch's virtual LANs are also configured on-the-fly via network management software. Virtual LANs constitute a new kind of network design tool created to help LAN managers quickly adapt the network to fit a competitive organization's frequently changing work flow requirements. Using virtual LANs, for example, a network manager can quickly create interdepartmental project task-forces on the network which support a corporate "reengineering" effort; he can create secure subnetworks for confidential workgroups or servers while still allowing those users access to "company--wide" shared resources such as an E-mail server; quickly add users or delete users from these secure workgroups as workflow needs change; or implement firewalling against server broadcast storms.

Examples Of Virtual LAN Applications

Following are several examples of how virtual LANs can be used to solve network design and workflow problems in dynamic Ethernet switch networks.

Figure 7. -- Virtual LANs create secure workgroups while allowing access to shared resources
1.6mb., 8 pages. (Includes Figures 1 through 8)

In Figure 7 above, the network manager has used virtual LANs to create secure subnetworks in Payroll, Human Resources and a student lab. These departmental virtual LANs make sure that only employees within a department can access the departmental server, keeping the server's data secure. The global virtual LAN contains the company's shared network resources such as the print server and E-mail server and allows all users to access them.

Figure 8. -- Virtual LAN creates project-oriented task force with shared resources
1.6mb., 8 pages. (Includes Figures 1 through 8)

Creating Interdepartmental Project Teams On-The-Fly
Segregating Student Traffic
In Figure 8 above, virtual LAN 4 has been created to include project team members in School 1 and School 2 along with several Curriculum Department staff members on a task force formed to create a new Course Outline and course materials. The virtual LAN allows, for example, School 1 and School 2 teachers to perform concurrent design on the outline and on the instructional tools needed to deliver it. Shared printing resources and project management databases reside on the Curriculum server--also included in virtual LAN 4--where they would be accessible for real-time review and updating by all task force members. Likewise, students in School 1 and School 2 can be seperated from the site network to be included a Student Network. The problems of segregating student and office traffic are resolved with this software solution. The necessity to maximize educational technology infrastructures for multi-purpose applications forces creative solutions for the manager of WAN resources. Switched Ethernet and Virtual LANS offer the IS departments the opportunity to constantly recreate the network to fit educational design and mission critical operations.