Extreme's Universal Port Aims to Ease Routine Configuration
Just imagine what your life would be like if you were freed up from that constant stream of routine configuration tasks that come up every day—or hundreds—or thousands of times a day?
What if, rather than dispatching a technician every time someone plugs an IP phone into the network just to make sure it is properly configured, you could have the LAN itself handle the job, based on profiles and policies you set up?
Seem too good to be true? The notion is not altogether a pipe dream; Santa Clara, California-based Extreme Networks has endowed its entire portfolio of switching infrastructure with just such capabilities—a configuration/management framework it calls Universal Port.
Harpreet Chada, Extreme's senior director of product management, explained to Enterprise Networking Planet that the Universal Port framework rests on the foundation of the Extreme Operating System (XOS), which is deployed across the entire product line.
"One of the things we do well at Extreme—and I think we've kind of set a new bar for the industry —is running a common operating system across our entire portfolio," Chada said. "XOS is running everything from a 10 meg [switch] to a 10 gig [switch]—edge to data center." This in turn provides a strong foundation to introduce new capabilities on the network.
"About a year ago, we added a new capability—Universal Port," Chada continued. "What it does—at a high level is simplify configuration at the network edge." This not only significantly reduces the workload associated with running a network, it gives the administrator increased control over network resources.
With Universal Port, the network responds to dynamic "trigger" events by executing profiles or scripts that the administrator has deployed—stored out in the network switches. Triggers fall into three categories: device discovery, user authentication or time.
XOS uses the IEEE standard Link Layer Discovery Protocol (LLDP, also known as 802.1AB) to recognize when devices such as IP phones, Wi-Fi access points, surveillance cameras, or mobile computing devices connect to the network, and responds by exchanging information with the device, both querying it for its MAC address or other ID information, and setting the parameters—power over Ethernet requirements, VLAN tag, QoS (802.1p) requirements, and IP address—set forth in the script or policy.
"Ten years ago, if somebody gave you a phone, you could basically plug that copper cable into [the phone network] and everything worked," Chada told Enterprise Networking Planet. "Today, when you put in an IP phone, you get a lot more intelligence, but there's also a lot of manual configuration that is required: What VLAN should it be part of? What is the IP address of the call server? We've made that automatic."
Sure, you can still do that configuration by hand, Chada said, but "if you have 4,000 users on the network, typically there will be 4,000 phones, so you want to be able to have a single policy that you can leverage across the entire user base."
When users log onto the network Universal Port invokes the appropriate network access rights and resources for those users. XOS supports three types of authentication: MAC-address-based, Web-based (user login/password), and IEEE standard 802.1x. Typically, the user's identity is associated with a role profile that's stored in a database.
"We have customers that have tied that to a RADIUS database," Chada explained, "so that when a user comes on the network they quickly check is that user one of the allowed users on the network, based on the RADIUS setting. And from the RADIUS database you can pick which policy you have selected for that type of user, and that policy gets automatically applied to the port. The beauty is that you don't have to distribute these configurations down to thousands of devices on the network; you can store them in one place and replicate across the network."
Moreover, when a user moves—logging off in one location and back on in another, say—the access and resource rights move with him or her, dynamically, rather than being statically associated with a particular port.
The time trigger gives a network administrator a high degree of control over how things operate on the LAN. With the one-time creation of a script (incidentally, Universal Port scripts can be written in virtually any recognized scripting language) an admin can, say, turn off selected phones at the end of the normal work day, for power savings and security—or, in a university setting, for an entire time block (e.g., summer vacation).
Again, in theory, these jobs could be done manually, but in a sizable network, it just isn't going to be logistically feasible—and wont be done.
While managing the configuration of IP phones is perhaps the most commonplace device-discovery task for Universal Port, the range of its capabilities is pretty much "the sky's the limit," according to David Boyer, senior network administrator at Iowa-based Buena Vista University, which upgraded its LAN in 2008 with Extreme's switches.
"In addition to IP phones, we plan to use Universal Port for gaming machines," Boyer told Enterprise Networking Planet. "Years ago, we created a gaming VLAN on our network to make it easier for our students to have LAN gaming parties. Having those devices in their own VLAN also made it easier to manage their traffic." Although they have not yet put the pieces into place, Boyer expects to be able to use Universal Port to auto-configure the ports based on LLDP information or on the MAC prefix of the connecting consoles.
"We're also using Universal Port for loop detection and elimination, rather than spanning tree [the spanning tree protocol or STP], Boyer said. "We use Universal Port with Extreme's Loop Detection Protocol, Ethernet Automatic Protection Switching (EAPS), to stop a loop dead in its tracks, right on the offending port—and without the mess that STP would otherwise create.
"We then use EAPS to get sub-50ms failover times on our trunk/core links. Even with VoIP or UDP streams, there's no perceptible interruption when EAPS rings fail over or fail back. No one in the industry has anything like this," Boyer said.
While, in Boyer's words "we are barely scratching the surface of what Universal Port can do," he is nonetheless using it for a range of LAN maintenance chores.
"You can trigger Universal Port scripts based on port events and log events, which covers a lot of territory. If a NIC on my LAN is going bad and sending out a broadcast storm of mangled frames, I can use a Universal Port script to rate-limit the port or shut it down—and send me an alert. Ditto for any type of rx, tx, or collision errors I might see."
What's the overall affect of Universal Port technology on Boyer's workload? It's hard to quantify, he says. But given 150 IP phones and "all those gaming consoles"—configuring each port as to VLAN, QoS profile, etc., specific to the device that's plugged into it definitely adds up.
"Now extrapolate that further with students moving, and both employees and students coming and going, and the reclaim productivity/time savings is significant," Boyer said.
"Even more so, Universal Port basically gives us the ability to 'program' the switches to do things in ways that go beyond what the software and hardware engineers built into the devices. The real idea is that Extreme's engineers built the construct for the devices to be extensible, thereby becoming whatever each institution needs them to be," he concluded.