The Lippis Report

Thanks for visiting the Lippis Report. We provide access to thousands of industry white papers, case studies, presentations and podcasts, all you need to do is register. Enjoy!

The network infrastructure industry is both consolidating and expanding its number of suppliers. In late September, 3Com was taken private by Bain & Company and Huawei. Juniper is rumored to be readying its launch into the high end LAN switching market during the first quarter of 2008. Companies such as Cisco Systems, Extreme Networks, Foundry Networks, ProCurve Networking by HP and Nortel possess full and broad product lines, which scale from the edge to the core. Over this next business cycle conventional wisdom suggests that consolidation may eliminate or combine a few of these firms as the market matures. The question is which companies will survive a consolidation phase? This question is on the minds of many business and IT leaders too as they view their network purchases as investing in platforms versus products. As both a hedge against consolidation and a risk mitigation strategy executives from large corporations are reviewing the single vs. dual network vendor strategy. For inspiration they look toward the service providers who have successfully deployed dual network vendors to deliver a service, thanks to standards. Risk management executives striving to increase uptime by mitigating the risk of network outages are recommending a dual vendor strategy. In this Lippis Report I explore the single versus dual network vendor strategy from a mitigation of network downtime risk perspective.

Increased Network Availability Through Risk Management

One of the best examples of increasing network availability through risk management is the over design of backbone networks. A completely redundant backbone network design is commonly referred to as the dual backbone network. Building and campus networks utilize a dual backbone design to ensure that paths between end-points, data centers, plus wide area and internet connections always stay open. The dual backbone design is a near total redundant backbone based upon redundancy at the edge, distribution and core tiers of a network. At the network edge both wireless LANs as well as dual wired LAN connections provide alternative paths between end-points and network access. There are redundant edge, distribution and core LAN switches along with their interconnections, which eliminate a single point of failure.

The dual backbone network is common in large corporations and provides high network availability operation. Some business leaders and risk management executives are exploring the concept of mixing network equipment vendors in a corporate network as another degree of redundancy in the hopes of increasing availability even further. By incorporating a dual network vendor design, the hope is that network outages due to specific vendor equipment faults and/or exploits targeting a vendor’s software will be mitigated by diversifying the number of suppliers in the network. On the surface this approach seems alluring; however, under deeper inspection network availability actually decreases while operational cost increase in mixed vendor environments.

Mixed Vendor Networks Drive Up Operational Cost While Reducing Network Availability

Dual backbone networks are often deployed in mission critical environments where network downtime results in significant and material consequences. In these environments risk management executives are focused on mitigating operational downtime risk. For corporate networking this translates into the following eight risk management goals:

1. High availability
2. High reliability
3. Low Mean Time To Repair (MTTR)
4. Maintaining business continuity during disaster recovery
5. Avoiding vendor lock-in
6. Achieving more favorable acquisition pricing due to competition
7. Avoiding single vendor risks such as targeted exploits against a supplier’s equipment
8. Avoiding the winding down or change of ownership of a supplier’s business operations

Dual sourcing network infrastructure cannot achieve the above availability goals as this strategy results in fundamental disadvantages. These disadvantages include:

• Complexity Inflation which drives up operational spend
• Logical Networking Vulnerabilities
• Network Services Relegated to Lowest Common Denominator
• Lower Availability and Reliability

Complexity Inflation

Multiple network equipment suppliers within a network increase network complexity, which drives up operational cost as well as the probability of outages. From a practical point of view, operational staff who have standardized on a smaller number of vendor’s management software are more proficient in its configuration, management, monitoring, trouble shooting and overall operations. When operational staff is required to support multiple vendors offering similar equipment the operational budget experiences complexity inflation or operational budgets are stressed due to challenges of supporting multiple vendors. Complexity inflation increases human capital cost as operational staff is required to be trained and proficient in new management software and its nuances. Complexity inflation is measured by either increased operational hours or additional staff required to manage the network. For many organizations complexity inflation is felt when operational staff is overwhelmed by an increase in tasks and assignments beyond proper workload. Unchecked complexity inflation results in network outages, delayed projects and/or re-sizing operational staff. The end result of a dual vendor strategy is that IT may not be able to operationally support either backbone network appropriately unless an infusion of human capital is appropriated.

Operational cost is dominated by human capital cost. Therefore, mixed network vendor environments drive up the most expensive cost component in total cost of ownership (TCO), that is operational cost. But beyond cost, mixed vendor network environments increase complexity and complexity is not reliability’s friend. The threat to network availability is complexity itself as complex systems break in complex ways. Mixed network vendor environments are more difficult to troubleshoot and isolate faults. For example, operational staff may view anomalistic behavior on one vendor’s equipment but not on the other, frustrating fault isolation attempts. Dual vendor networks make a significant contribution to complexity, which increases mean time to repair (MTTR), decreasing network availability.

Logical Networking Vulnerabilities

Network equipment does not operate in isolation as it shares physical and logical connections, which influence system behavior. From a physical connection point of view, the dual vendor network strategy has value in the fact that there are redundant systems; however network devices share information and files plus execute common protocols which they rely upon to perform their basic task of packet forwarding. For example, a malicious attack on a routing table of one vendor would result in corrupting both vendors’ routing tables as routing tables are updated and shared between vendors. While business or IT executives may have hoped that the dual vendor strategy would reduce risk, what has occurred is increased complexity of problem isolation. In short, vulnerability and risk has increased.

Network Services Relegated to Lowest Common Denominator

The interconnection between mixed vendor network equipment is via standard interfaces. The networking industry is perhaps the most standard of all IT segments thanks to the IETF and IEEE organizations and the advent of TCP/IP, the internet and local area networking. But while the networking industry is highly standardized, every vendor in the industry differentiates standard offering with leadership features, capabilities and value add. There is value add to basic standards such as quality of service, congestion management, multicast, network access control, wide area acceleration, application acceleration, route optimization, etc.

In a dual backbone architecture deployed with dual network equipment vendors, the services offered by the dual backbone are relegated to the least common denominator of standard offerings. While there may be powerful innovation offered by one of the vendors in the dual backbone of which an IT organization would like to take advantage, it will be precluded from doing so unless those innovations are available on both platforms. Even if the innovation is said to be available from both vendors, the likelihood of it being available simultaneously so that IT can implement and take advantage of it is doubtful as competitors never deliver features and innovation in unison. For example, in a mixed vendor dual backbone architecture, IT operations would be relegated to deploying the least sophisticated Quality of Service (QoS) architecture even if the secondary backbone is equipped with a more sophisticated set of capabilities. This set of attributes is a paradox as dual backbones are acquired to increase network availability and performance yet when mixed vendors are incorporated the direct opposite is realized.

In an industry dominated by standard interfaces, service providers for example choose to build their infrastructure with a small number of network vendors to leverage innovation selectively. A service provider’s business plan of delivering a standard service to a large number of customers is well suited to a dual vendor strategy. Service providers select suppliers to deliver solutions in specific parts of their network architecture. Seldom do service providers use multiple network vendors to deliver a service in the same part of their networks, be it edge, metro, core, etc. This dual vendor strategy allows service providers to gain competitive pricing and apply innovation where needed. While IT staff of very large corporations may operate similarly to service providers, they deliver service to their employees, which demand custom solutions, rather than a basic level of service common to all.

Lower Availability and Reliability

Defending against malware and exploits in a mixed vendor networks poses yet another exposure and vulnerability. Network security offers defenses against crippling exploits before they propagate throughout a network infecting end-points and servers, which send operational staff into a reactionary mode to contain the exploit and cleanse compromised systems. The recent industry introduction of network access control (NAC) is a defensive technology to mitigate risks during and post network access. Many NAC components are not standardized yet and thus vendors differ on their implementations. In mixed network environments, NAC deployments would be difficult at best resulting in islands of trusted and non-trusted networks.

In addition to NAC, network equipment suppliers have increased their response to known exploit signatures by alerting customers through security advisories and offering signature defenses to mitigate the exploit. Some IT and Risk Management executives find comfort in the concept that a mixed vendor network environment provides protection from exploits targeting a vendor’s architecture. The thinking here is that by deploying two network vendors their risk of such an attack is mitigated. The fact is that those who design exploits seek to maximize harm while minimizing effort. To meet that end, most network attacks focus across the implementation of a particular protocol rather than a specific vendor’s architecture vulnerabilities.

The Dual Vendor Strategy: A Lot of Pain, With Little Gain

Most business and IT executives view their networks as a platform investment, which delivers future feature dividends. When business and IT leaders make a platform decision they are not just choosing a supplier but choosing a partner that has the ability, skills, research and development, financial stamina and intent to invest in their platform. The dual network vendor strategy is a hedge across two platform investments. However, since innovation between competitors is different and their delivery not synchronized, this strategy does not allow corporations to exploit each platform’s innovation as network architects are limited to delivering basic interoperable standardized services.

Dual backbone networks constructed with more than one vendor cannot deploy different implementations of QoS, network security, application acceleration, network virtualization, and paradoxically innovations in high availability, which is the original dual backbone design goal. Even worse some of these innovations could simply not be deployed, as both platform providers do not support them. This limits the design options available to network architects precluding optimizing application performance and availability. In essence the dual vendor strategy handicaps an IT organization from exploiting the investment made in the two platforms while reducing research and development dollars available to each platform provider.

The dual vendor strategy forces an IT organization to sacrifice network security, QoS, application acceleration, network security, wide area acceleration, high availability capabilities, et al. All of these capabilities contribute to increased reliability of applications running on the network. With these capabilities precluded, a corporation runs a higher risk profile for network outage.

High Availability Dual Backbones: Single versus Multi-Vendor

The alternative to the multi-vendor solution is a single vendor approach to dual backbones. Clearly dual backbone architecture does not require dual vendors. The dual backbone approach is an excellent strategy to deliver high availability and business continuity. All of the difficulties identified above are not represented in the single vendor approach. Complexity is minimized, reducing operational spend and MTTR. Corporations are not relegated to delivering the lowest common denominator network services, but are free to exploit all the services and innovations a network platform affords.

Vendor selection importance increases as business and IT leaders seek to standardize their networks on a single supplier. Cleary not all vendors are the same as there are strengths and weaknesses to all. For the bulk of a corporate network a single network platform vendor is advised to reduce complexity and increase reliability. To be clear, while it may be impossible to solve all networking needs with a single vendor, the single vendor solution should be the rule with dual vendors being the exception. There are at least five large networking vendors available, which can deliver a network platform for large corporations. Choose wisely as you’re picking a strategic partner.