We here talk about the best new network option if you are (1) building your networks to support mostly wireless clients, and (2) putting most of your servers and other shared resources in the cloud. If you are doing this, and handing out Chromebooks to students, you are well on the way to a NORTH-SOUTH network architecture.
We will assume that this is where you are going, or where you are already, and talk about how you can build a new network to save some real money, improve network performance, and reduce your network management time.
Choosing the optimum switched network
What you do not need: If you are supporting mainly NORTH-SOUTH—student to Internet—traffic, your network bottleneck will always be your Internet connections. It therefore makes little sense to place high-capacity switches at the network edge, because their capacity will never be used. If you have a small school system with no more than 25 or 50 gigabits/second worth of Internet capacity, or a larger school system with no more than 100 gigabits/second worth of Internet capacity, putting more than gigabit Ethernet edge switches with 10 or 20 gigabits’ worth of uplink capacity at the edges will enrich some salesperson, but it won’t help you.
In a NORTH-SOUTH world the wired network only serves to pass traffic from the (probably wireless) edge to a school core switch, and then to the school WAN. Putting in complex edge switches just wastes money and makes your network management job harder. You do need a Layer 3 switch in the school core, but basic Layer 2 switches downstream from that one core switch are all that is needed.
Do you need the added expense of multi-rate (SmartRate, 802.3bz) ports? No. We’ll get to wireless later and show you why not.
Do you also need high-capacity PoE switches with 60 or 90 watts of PoE? No, unless you want to restrict your options to high-cost edge switches and then not use very much of that power capability. If you have a favorite salesperson to reward with a fat commission, then by all means invest in these. If you don’t, then stick with the familiar PoE+. If you do need to support the occasional exceptionally power-hungry device or two, add in a high-power injector (example—we provide one for free with any outdoor access point that needs to power a downstream device like an IP camera on a pole). This is much more cost-effective than providing high-capacity power for all switch ports and then not using most of them.
What you ought to have: You do need to support high-capacity wireless access points at the edge, and you will probably have multiple access points plugged into the edge switches. This means that your Layer 2 edge switches in the IDFs will need 10 gigabit uplinks, because the downstream access points may well fill up their one or two gigabit uplinks to the serving switch from time to time, and you need to support the ability to surge to this capacity when needed.
What to put at the school core? You do need to put in one Layer 3 switch to take in the connections from the downstream IDFs at 10 GBPS and transition them to one or more 10 GBPS WAN links; or perhaps in a few years, to transition school traffic to a 40 GBPS WAN connection, to match an upgrade of your Internet connections to one or two 50 or 100 GBPS links.
If you are doing mostly wireless networking, you also have a reduced need for wired network ports, and one to two stackable switches is appropriate in any wiring closet. Chassis-based core switches with lots of wired ports are overkill in a NORTH-SOUTH world.
You do not need extra capacity or that extra power, or those extra ports—but what DO you need? Security is important, and if switches offer special features that can be programmed into them during installation, then you ought to take advantage of it. One very useful feature in a NORTH-SOUTH world is the ability to block peer-to-peer traffic on most VLANs. You might need to set up an EAST-WEST VLAN in a school to support teacher PC connection to smartboards, overhead projectors or Apple TV, or to support your voice VLAN. But the other VLANs that funnel traffic up to the Internet and that have the greatest chance of being attacked from their edge devices need to support vertical movement only, to stop hacking and malware propagation (hint: block peer-to-peer communications on those VLANs).
Summing up the switches. Keeping it as simple as possible on the switched network side saves you money and makes your life easier—and in a primarily NORTH-SOUTH world, simplicity will provide all that you need to have for the foreseeable future.
On to the wireless edge… If you are supporting a wireless-first architecture and a NORTH-SOUTH traffic flow, the other critical element besides Internet capacity at the core is at the other end of the networks—at the wireless edge. When we talk about wireless access point capacity, we talk about back-side capacity (the side facing the switch) and front-side capacity (the side facing the students and other users). The back-side capacity decision is easy, so we’ll get it over first. Recall that unless you happen to have around 100 gigabits of Internet bandwidth at your network cores and about 40 gigabit Ethernet from each school to the school system core, and have more than a handful of access points in any school, it makes no sense to have switches that support more than gigabit Ethernet connections. Therefore, to match capacities, you do not need to provision more than one or two gigabit Ethernet uplinks in the access points. Spending extra money on high-capacity access point uplinks—which then drives the need for more expensive switches—which then overrun your school WAN and Internet connections—is more money wasted.
Front-end wireless access point capacity is what you are after. This capacity is determined in two ways: by the number of payload radios that each access point provides, and by the total front-side wireless frame rate of the access point that’s spread out over the radios. This is then driven by the wireless Ethernet standards that the access points meet, and also by the capability of the embedded chipsets. You should seek out 802.11ax-conformant standards for the most efficient wireless and therefore the highest capacity, all other factors being equal. You should also seek out the newer and higher-capacity chipsets. Wireless access points on the market have a combination of newer and older chipset technology, and of course the older ones provide fewer payload radios, less flexibility in assigning channels and frequencies, and in total wireless frame rate capacity. If the cost is not different, it always is best to choose the newest wireless technology. This just makes sense, but you need to know that all access points conforming to the same standards do not have identical hardware capabilities.
Increased front-end capability on newer chipsets gives you a couple of evident advantages: more active radios to give you greater flexibility in assigning channels and frequencies to match your client’s wireless adapters, and to take advantage of more channel separation in the serving bands (which means that 5 GHz, with 23 non-interfering channels is generally a better option than 2.4 GHz, with three non-interfering channels). Newer chipsets also generally give you more wireless frame rate capacity on the assigned channels. More on channel separation: we bet that the most important factor in your last choice of Chromebooks was based on cost—if so, that makes you usual rather than unusual. Chromebook manufacture is then a race to the bottom on cost, which impacts things like wireless capability. If you are serving Chromebooks it pays to treat them as gently as possible, lest their lowest-cost wireless adapters get confused by things like having to choose between multiple signals on the same wireless frequency, or to choose the best wireless signal from the standpoint of available capacity. Those newer chipsets in the wireless access points will therefore treat your Chromebooks—and other edge devices—more gently.
Some access points—like switches—may have special security features. If these are available and do not cost extra, they should factor in your decision. The same security feature found in some network switches—to block peer-to-peer traffic on wireless access points—can greatly limit the reconnaissance and then lateral spread of viruses and other malware.
Even within the same wireless standards there is a lot of room to deviate and add special features. These features include things like transmit beam forming, band steering, and matching wireless channel capacity to the version of adapters (called ‘Airtime Fairness’ in some places). These features can make slight differences generally or can have significant benefit if your wireless design or wireless capacity in any area is running on the edge. Look for them.
When determining front-end capacity you need to make sure that it will be able to fill up the back-end capacity of one or two gigabit Ethernet uplinks (two uplinks in the higher traffic areas like stadiums, gyms, cafeterias, and media centers; one gigabit uplink otherwise). Recall that this matches the connection capability of the serving switches, which then are sized to match the capability of your serving WAN and (more properly) the capability of your Internet connections that serve all the traffic from all clients on all edge connections, across all sites, in a NORTH-SOUTH traffic service.
Summing up the wireless access points. Since most of your future traffic will connect to the network through a wireless connection rather than an RJ-45 port, you need to build as much capacity and flexibility into your wireless base. This means hewing to the latest mainstream wireless standards (currently 802.11ax), seeking out wireless access points with the latest and higher-capacity chipsets for radio capacity and overall wireless frame rate capacity, and the ability to support multiple 5 GHz channels to limit the potential for capacity-sapping/ management time-eating co-channel interference. Seek out built-in security if that additional security doesn’t cost more.
Management. The most limited resource you have is technical time, and it pays to buy-and-design networks to limit your management effort.
You should try to design network connections to require as much management effort as those two connections on the left, rather than suffer the effort of managing the connections on the right, which drives your network to the level of a continuous utility. You can get there by wisely investing in capacity, redundancy, seeking out the least complicated network components, and centralizing management of all components into an easy-to-use, graphical management environment.
If you’d like to have a talk with us about it, send an email to sales@mxncorp.com.