About Us | Login | Follow CITO Research:

What Slows Down Enterprise Networks? 7 Deadly Sins of Network Congestion

Network Congestion
Written by Atchison Frazer | October 24, 2012 | 0 comments

Ethernet remains the dominant network protocol because of its low-cost scalability. However, its underlying architecture of collision detection/collision avoidance means that if a packet is blocked, it keeps trying to send more packets, increasing redundancy and congestion. A number of other problems, 7 to be exact, add even greater complexity to the congestion dilemma.

Bad Configuration Management

According to the 2012 Network Barometer Report from Dimension Data, Cisco’s largest SI partner, the total number of configuration violations per networking device increased from 29 to 43, which is a regression to 2009 levels. Overall, the number of security-related configuration errors also increased. Authentication errors in particular jumped from 9.3 per device in the previous year to 13.6 this year, and continue to be the most frequently occurring policy violation. Compounding the problem is the fact that Cisco networking devices ship with much more functionality than is needed for the application the core infrastructure devices are supporting; some 85% of the settings are not needed.

Over and above the fact that poor configuration can impact security, configuration errors also impact network availability. With networks increasing in complexity and IT engineers frequently overwhelmed by the diversity of equipment and device inter-dependencies, configuration drift is increasing. On top of this, end-users are bringing more and more devices onto the network, along with the expectation that it can handle voice, video, and data optimally, adding unnecessary network topology strain down the line.

Additionally, the misconfiguration or overprovisioning of features can cause a single point of degradation or failure in the network and impede application availability; this is especially true of the underlying databases that support the applications, which are often left down-level by third-party services consultants and not visible to vendor services personnel operating the network.

Security Vulnerabilities

Failure to implement the recommended Cisco Product Security Incident Response Team software updates to the respective network device, most prevalently Cisco switches, may expose the network to denial of service attacks, which could lead to a severe reduction in availability to service network requests.

According to the 2012 Network Barometer Report, 75% of all devices carry at least one known security vulnerability. This figure is statistically consistent with the 73% figure of the previous year. Cisco’s own collector tool routinely reveals a startling high percentage of vulnerabilities across medium and large enterprise networks.

Security vulnerabilities not only slow the network down, but more critically, expose it to exploit or attack. An infected or polluted network is not only at more severe risk of degrading performance, but even greater risk to disruption or discontinuity altogether.

IOS Version Proliferation

The greater the number of IOS versions running on a network, the more difficult and costly it is to manage and troubleshoot them (IOS is Cisco’s network operating system). For example, PSIRTs are IOS-specific; consequently, the greater the number of IOS versions an organization has, the greater the likelihood they will have a plethora of PSIRTs and a more complex and time-consuming patching process.

Technology upgrades become more complicated when there are multiple IOS versions and each new device has to be tested to ensure that it works with legacy equipment. Older versions of IOS may be unable to support newer technologies and communications services, such as video, resulting in greater risks to networks, severe degradation, downtime, and reduced business agility.

The Network Barometer Report found an average of 5.1 major versions of IOS and 20.3 minor versions of IOS per assessment. In the most extreme cases, Cisco’s enterprise networks were running as many as 21 major versions and 153 minor versions of IOS.

Outdated Hardware

Some 40% of all devices have been past EoS (End of Sale) for the last four years. This suggests a trend of increasing obsolescence in network estates. While the overall percentage of EoX (End of Sale/Support/Life) devices increased from 38% to 45%, there was a dramatic change in the breakdown of those devices by their lifecycle category.

The percentage of devices that were simply End-of-Sale (the earliest lifecycle milestone and therefore the least risky) jumped from 4.2% in 2011 to 70% in 2012. The Financial Services vertical comprised the largest percentage of networks covered in the study, at 16%. Having such a large percentage of devices no longer receiving feature or IOS upgrades, or slated to have support phased out, introduces significant risk to sluggish network support and potential business inertia.

Quality of Service Provisioning

Typically, organizations will layer on top of core networking infrastructure quality of service software or quality of service provisioning to analyze traffic and bottleneck issues between Layer 2 (switching) and Layer 3 (routing). These diagnostic tools must reside on commodity servers external to the switch and so add routing latency and degrade network performance. Cisco also recommends a constant network probe with bidirectional intelligence from the enterprise network device back to Cisco or a partner.

Given that the typical Cisco switch utilizes only 15% of its bandwidth fabric due to conventional congestion, filtering traffic through an intermediate analyzing engine before the Layer 3 routing handoff introduces a significant new bottleneck to efficiently streaming network traffic.

Devices Run Amok

Bring-your-own software and/or device trends have run amok in the enterprise network. A recent survey by Avecto found that three out of four IT professionals have no idea what unauthorized software might be running on their networks. If you’re not aware of 75% of applications running through your network, can you be sure that at any given time business critical apps will not conflict with rogue app updates, not to mention open new security holes, licensing and entitlement issues, and the like?

Rogue mobile device usage (BYOD) is well-documented, but to add further fuel to the fire, rogue servers running shadow IT applications out of a data center are throttling network performance exponentially. The typical reaction to BYOD is to overprovision bandwidth, which is costly and time-consuming.

Rogue Adapter Broadcasts

Rogue adaptor cards can generate enough traffic to bring a network to a standstill, and yet be almost impossible to control. As the enterprise and data center network fabric becomes ever larger and more complex, these problems seem even more intractable. With tens of thousands of adaptor cards in large converged networks, suddenly the statistically unlikely events that cause a network failure happen regularly and are difficult to locate. Conflicting jumbo frames in parallel processing compute and storage clusters need clear pathways in the I/O circuits, and thus cannot be compromised by such faux traffic.

Tackling the congestion and latency challenges of a network in Layer 3 only is a temporary fix at best. As networks evolve in ad hoc directions, with more storage and more adaptors, the network architecture itself can act to slow down the overall data rates.

A new architecture for switching can provide a way to overcome the traditional problems of congestion in the network and act to protect users, network managers, and organizations from the catastrophic effects of network failure.

The technology is already being implemented in large, high performance computing (HPC) networks and in financial trading equipment for the advantages of low latency (HFT). The advantages of using fair arbitration and fast feedback in the control plane can provide dramatic reduction in congestion in large, complex networks, freeing the fabric to deliver business value for its users, managers, and owners.

Gnodal: The Fabric to Free the Network

Gnodal’s congestion avoidance management systems combine the following into one fabric:

Custom ASIC Architecture. Gnodal has developed a unique way to eliminate network congestion within a multi-switch Ethernet framework that effectively frees up available bandwidth in the network fabric. At the heart of Gnodal's technology is a customized chip, the Gnodal Peta ASIC (application specific integrated circuit)—designed and developed by Gnodal in Bristol, England—which encapsulates significant intellectual property supporting a number of multi-path, loop-free routing techniques that combine to deliver industry-leading performance and throughput.
Congestion Avoidance Fabric. In a third-party analysis performed by Network Test, the Gnodal fabric significantly improved performance in the case of typical and extreme network congestion by negotiating load-balancing flows between switches with no performance hit. Using a unique Gnodal-tagged frame, ensuing congestive traffic is prevented from consuming all network resources. The result is free and fast delivery of uncongested traffic.
Fairness Algorithmic Priority. The Gnodal fabric implements a unique feedback system exchanging pre-emptive tokens predicated on congestion avoidance so that control information about the usage of outgoing (egress) ports can be applied to the incoming (ingress) ports, allowing data packets to be routed properly and efficiently, otherwise avoiding hot spots in the network. Gnodal's implementation of a 'fairness' algorithm operating across a multi-stage switch fabric prioritizes packets in the network and ensures that broadcast data or other large frame traffic, such as localized storage sub-systems, will not unfairly consume bandwidth.
Atchison Frazer is the CMO of Gnodal. He previously held senior marketing positions within Cisco’s Enterprise Services business, driving professional consulting and technical services strategies across the top 150 enterprise networks worldwide. Prior to Cisco, Atchison was head of corporate marketing at Fortinet and HP Enterprise.