Sanity Check: Converged Networks Require WorkSanity Check: Converged Networks Require Work
Managing change is challenging when dealing with converged networks.
February 20, 2014
Managing change is challenging when dealing with converged networks.
There's a message that resonates from the golden arches of McDonalds, and that is consistency. Whatever efforts go into converged networks, a key stabilizing and preferred method to attain high availability is to maintain consistency. This isn't necessarily easy--especially when infrastructure may consist of two, three or more generations of equipment.
If you're going to have issues--and you will--then having consistent issues, I think, is better than having numerous random issues, because consistent issues seem to be more readily identifiable and resolved.
Case in point: We reviewed several sites methodically, deciding to check, re-check and modify LAN switches, routing and firewall settings. We discovered nuances in firmware, and issues that seem to reduce availability of Wi-Fi. We also discovered some software limitations in aggregation and some tricks to speed up the process for registering IP/SIP endpoints.
The firewall group policy settings can provide uniformity. Once the policies are hashed out, implemented, tested and revised, a consistent method is devised to accommodate voice solutions (SIP Trunks, IP/SIP endpoints, UC Clients), remote access, Wi-Fi and network services for staff, guests and other groups.
Two additional areas within the switching infrastructure are inter-client separation and VLANs. Enabling inter-client separation prevents clients within the Virtual Access Point (VAP) from communicating directly with each other. VAPs, which are identified by SSIDs, let wireless users be separated into VLANs. This allows for separation between divisions of a company (for example: Marketing, Sales, Service, and Accounting departments) on both the wired and wireless LANs. Each VLAN may also be restricted or granted access to other VLANs.
The group firewall policies and rules must make sense and not errantly prohibit access when UC clients are deployed. Then, routing and firewall policies must not interfere with one another or with legitimate access to/from VLANs. As we learned early on in another post, content filtering can play havoc with maintenance programming from the desktop and UC Client in the LAN VLAN to the communications server in the Voice VLAN.
Switch ports that have end devices connected (PCs, telephones, SIP paging) may timeout or experience delayed connection attempts to the DHCP server (such as the IP-PBX or UC server), and using the edgeport mode will prevent this. Ports with edgeport enabled do not wait for the Spanning-tree Protocol (STP) calculation to complete before they begin forwarding traffic.
Having the same version of firmware is desirable, but when hardware is mixed (older with newer), features and performance may not be transparent. Then issues with firmware updates and trying to juggle between solving existing issues (known) and introducing new issues (Unknown in addition to the published anomalies or Factory Known issues) is another balancing act. The access points, SIP telephones and IP endpoints/devices add to the pile of maintenance.
We also found that aggregation between newer switches using copper and fiber has limitations, in that the bonding of the links really needs to be one-for-one--or not mixing 1-Gbps with 2.5-Gbps or other services. Bonding two 1-Gbps or two 2.5-Gbps links is acceptable.
In our Wi-Fi deployments dating back two years, we found that packet aggregation was causing problems with iPads, some Apple devices and tablets. At that time, we could not use the same SSID on the same subnet in a different controller on a different switch. When the software caught up with the ability to do so, packet aggregation issues were resolved, but not without updating the firmware of the access points.
Managing change and keeping up with the factory publications on what's working or not working on specific hardware is challenging. We've taken methodical sweeps, checking and rechecking the details in the programming of the hardware; and the road to consistency isn't necessarily paved or designed to be smooth. There's always disparity in hardware, firmware and software, so striving for consistency will prove challenging.
Learn more about managing and securing converged networks at Enterprise Connect Orlando 2014!
Follow Matt Brunk on Twitter and Google+!
@telecomworx
Matt Brunk on Google+
