Campus Networks

Campus Network Infrastructure, Design Guide-HyperEdge Architecture for K12 School Districts

by on ‎03-29-2013 08:39 AM - edited on ‎04-09-2014 01:34 PM by Community Manager (7,927 Views)

Synopsis: Design templates based on Brocade's HyperEdge Architecture for campus networks showing the application of Brocade wired and wireless networking products to the requirements of K-12 school districts.

 

Contents 

 

Preface

 

Overview

 

Public education is undergoing a revolution. This is driving unique requirements for the network infrastructure as more school districts integrate the internet, social media and video content and distance learning into their curriculum. With the growth of personal devices such as tablet computers and smart phones extending down to the elementary school, parents expect the school to be an extension of their at-home network. But, many school districts have networks built with technology that was popular a decade or more ago. They need to upgrade and to be confident that the new equipment will co-exist with older technology already in-place.

Brocade is being approached by school districts across the United States to help them extend their networks into the 21st century. We see three important trends driving districts to upgrade the network.

  • More devices connected to the network such as Voice over IP (VoIP) phones, security cameras with pan/tilt/zoom features and badge readers.
  • Wireless LAN (WLAN) access reaching into every classroom capable of handling interactive multi-media, streaming video, and interactive on-line instruction.
  • A limited number of trained network administrators mean districts have to minimize the need for to travel to schools for configuration, management and troubleshooting.

 

Districts need cost-effective solutions that keep the network from becoming the “weak link” that prevents better outcomes for their students.

In response, Brocade introduced an innovative campus network architecture, Brocade HyperEdge™, that meets the challenges faced by public school districts. Important HyperEdge features include:

  • 1, 10 and 40 GbE stacking links to cost-effectively scale stacking performance from the edge to the core.
  • 10 GbE uplinks for bandwidth intensive video, voice and streaming web traffic flows.
  • sFlow support for traffic analysis and monitoring via monitoring applications from Brocade and our partners.
  • Power over Ethernet Plus (POE+) for high performance wireless LANs (WLAN) and the newer generation of security cameras with pan, tilt and zoom control.
  • Mix-and-match stacking for cost-effective combined Layer 2 and Layer 3 traffic in a stack.
  • Integrated wired and wireless LAN (WLAN) management with support for partner applications that simply WLAN network access control so student, guest and faculty traffic is secure over all wired and WLAN segments.
  • A WLAN architecture that minimizes administrator effort to configure and manage the WLAN while ensuring efficient data traffic between WAPs.
  • Integration of partner security applications for uniform application of access control and security policies.
  • Brocade Network Advisor (BNA) to centralize configuration, monitoring and management across the entire network.

 

Rich media and real time access to it drives the need for more bandwidth in the school. Today, 10 GbE inter-switch links ensure the traffic flowing between the classroom and the district MAN isn’t congested negatively impacting classroom instruction. As more tablets and smart phones are used in the school, the WLAN bandwidth is increasing to each classroom. WAPs (AP) supporting the 802.11n protocol is needed to meet that demand, and the even faster 802.11ac standard to be ratified soon require more power. Switches with PoE+ provide the needed power for these faster WAPs. Switches with PoE+ use existing Category-5 cable and allow remote administration and configuration of all powered devices including VoIP phones and security cameras so costly site-visits are eliminated. Finally, with more traffic flowing between the district MAN and the classroom, traffic analysis and monitoring is important to keep the network running effectively. Brocade includes sFlow, an open standard protocol in Brocade campus switches at no extra cost. sFlow provides both Layer 2 and Layer 3 network traffic monitoring and that’s important because many districts use only Layer 2 networking within a school building to keep cost low. Other traffic monitoring tools are limited to Layer 3 only and so aren’t effective for traffic monitoring and engineering in K-12 school districts.

 

Purpose of This Document

This guide provides building blocks and reusable design templates tailored for the unique requirements of K-12 school districts.

 

Audience

School district network engineers and administrators who are responsible for network design and network upgrades.

 

Objectives

This document extends the content found in the Campus LAN, Base Reference Architecture to the requirements of K-12 school districts based on Brocade’s HyperEdge Architecture.

 

Related Documents

 

References

 

About Brocade

Brocade® (NASDAQ: BRCD) networking solutions help the world’s leading organizations transition smoothly to a world where applications and information reside anywhere. This vision is designed to deliver key business benefits such as unmatched simplicity, non-stop networking, application optimization, and investment protection.

Innovative Ethernet and storage networking solutions for data center, campus, and service provider networks help reduce complexity and cost while enabling virtualization and cloud computing to increase business agility.

To help ensure a complete solution, Brocade partners with world-class IT companies and provides comprehensive education, support, and professional services offerings. (www.brocade.com)

 

Key Contributors

The content in this primer was provided by the following key contributors.

  • Lead Architect:          Prasad Bal, Strategic Solutions Lab
  • Lead Author:            Brook Reams, Strategic Solutions Lab

 

Document History

Date                  Version        Description

2013-04-09        1.0                Initial Release

 

Reference Architecture

The Brocade solution for school districts is designed for easy integration with products from other vendors provided they, like Brocade, have chosen to support open networking standards and protocols.

The figure below shows the Brocade HyperEdge architecture of school districts.

 

SchoolDistrict_RefArc.jpg

  Brocade Reference Architecture for School Districts (click to enlarge)

 

The HyperEdge architecture brings together a number of campus innovations that simplify the network, integrate management of wire and wireless network segments, and centralize end-to-end operations of the entire network dramatically reducing cost.

 

Business Requirements

 

K-12 school districts tend to have unique fiscal constraints. They are usually funded by local governments. Their financial outlay for network operations is very low. Their networking department staffing tends to be minimal. Consequently they require a simple, low maintenance network with minimal complexity and protocol overhead.

Brocade’s solution for school districts cost-effectively addresses a number of technology challenges with three key networking technologies:

  • 10 Gigabit Ethernet (10 GbE),
  • sFlow traffic monitoring and
  • Power-over-Ethernet Plus (PoE+).

And with Brocade’s campus networking products, districts receive the following important benefits:

  • Simple and easy to manage network architecture
  • Single point of administration
  • Integrated wired & wireless security
  • Plugin scalability for future growth
  • Collaboration, rich media & unified communications ready
  • Products with open standard management tools
  • Lowest OpEx and CapEx with an option to “rent the network” instead of buy it

Brocade’s solution for schools is based on the HyperEdge architecture, an optimized two-tier architecture that addresses the unique requirements of school districts. A minimal number of network devices can be used to deliver cost-effective, scalable school networks that easily interconnect via a Metro Ethernet/WAN network to access the internet and the central district office’s applications. Brocade’s architecture scales from small districts with hundreds of students and a few school buildings to large districts with tens of thousands of students, and hundreds buildings.

Brocade’s solution includes advanced features such as.

  • High density 10 GbE/40 GbE links for high-bandwidth video and other applications.
  • Integrated single-point of management for wired and WLAN networks
  • Efficient WLAN traffic management with intelligent WAPs that eliminate rerouting traffic through the core or distribution layers
  • Innovative mix-and-match stacking provides Layer 3 features on a few switches that can be shared with lower cost Layer 2 switches in the same stack significantly reducing stacking cost and complexity
  • Robust security suite for both wired and WLAN networks for threat detection, mitigation and response.
  • Standard CLI for easy management and configuration.
  • Designed with open standards so districts retain free choice of future network components.
  • The most power efficient switches in the industry which translates into a continual savings annuity.
  • Brocade Network Subscription option offering districts the opportunity to rent their network rather than rely on hard to pass bond issues to fund network improvement

 

Special Considerations

The scale of school districts varies over a wide range, form hundreds of students and a few buildings to more than 100,000 students and hundreds of buildings. Geographic extent can cover a few square miles to hundreds of square miles in the western regions. Brocade’s solution uses a minimum number of blocks that can be easily replicated to cover the wide range of requirements.

 

As districts adopt curriculum with more technology-based instructional alternatives, the district network experiences more traffic, has more diverse traffic including voice, video and web, and must handle growth in wireless traffic as mobile devices proliferate requiring the network to support “bring your own device” (BYOD) in the classroom. Combined, these create unique design requirements for a school district campus network.

 

Design

Topology

 

The diagram below shows the reference architecture used in this design. It is based on the Campus Network Infrastructure Base Reference Architecture publication.

SchoolDistrict_NetworkTopology.jpg

  Typical Network Topology for K-12 School District (click to enlarge)

 

Shown are high, middle and elementary schools connected to a central district office with a datacenter. A metropolitan-area network (MAN) connects the Distribution block at each site to the Campus Backbone block at the District Office.

 

At a school, a cost-effective two-tier network topology is used consisting of one or more Access blocks connecting wired and Ethernet powered devices with PoE/PoE+ and a Distribution block. The Layer 2 / Layer 3 boundary is at the Distribution block. Access blocks use Layer 2 switch stacks to keep cost down and minimize configuration. Devices can connect at up to 1 GbE link rates and can be computers, printers, laptops, and powered devices using PoE/PoE+ such as Voice over IP (VoIP) phones, WAP and security cameras. Uplinks from the Access blocks to the Distribution block use 10 GbE links with LAG for resiliency and enough bandwidth to handle video on demand and streaming video traffic.

 

In the United States, school districts exhibit a wide variety of sizes and environments. Districts range from a few buildings with less than a hundred students to districts with more than several hundred buildings and over a million students. Districts in the western part of the country operate facilities spread over as much as 94,000 square miles while smaller districts cover less than a square mile.

 

In general, districts have many more elementary schools than middle or high schools. This means there are many more points of management for elementary schools. For this reason, the Brocade HyperEdge Architecture with mixed stacks can be placed in the elementary schools so there is only one logical switch to manage per school. This reduces management and administrative cost and simplifies the district network.

 

The MAN is typically provided as a service by a Telco or cable provider in many districts today. High and middle schools can connect using 10 GbE service while elementary schools, due to their smaller size and fewer devices, can connect with 1 GbE service.

 

The Campus Backbone block is located at the district office provides the point of interconnection between the MAN, the Internet and the datacenter network operated by the IT department. It also connects to Access blocks in the district office supporting wired and wireless devices for administrative staff. Network management applications including network access control (NAC) and network traffic monitoring based on sFlow are hosted on servers in the IT department. These network tools let network administrators configure, monitor and manage the network down to an individual switch or WLAN Access Point (WAP) in a school. For example, a WAP using PoE+ can be remotely powered off and on again without the need for a site visit. Wireless NAC policies can be configured once and pushed to all WAP across the district reducing operating cost and eliminating travel time to individual schools.

 

Districts often have limited IT staff. Hence the ability to administer the network with low effort is important. With Brocade’s HyperEdge ICX Mix-and-Match stacking, all switches in a stack are managed as a single device. With Brocade Network Advisor (BNA), network administrators can monitor, configure and manage any switch in any building remotely avoiding time consuming and costly site visits. With partner supplied sFlow traffic monitoring and integrated wire and wireless NAC policy applications, central management of all network assets in the district are now a reality.

 

Base Design

The Base Design uses blocks and templates and Brocade’s HyperEdge architecture to address funding and staffing challenges faced by districts everywhere. The figure below shows the templates commonly used for district networks.

SchoolDistrict_DesignTemplates.jpg

  School District Base Design (click to enlarge)

 

The larger grey boxes are templates (e.g., School Template, Core Backbone Template). The blue boxes with dotted outline show icons for the blocks used in a template. The switch icons and links show a schematic representation of how the blocks connect together.

 

A MAN interconnects all school buildings (and other remote facilities) to the District Office. The IT department is commonly located there. Campus network core backbone routers provide connectivity to the MAN, Internet and also support device connectivity for district staff. Network management, access control and sFlow traffic monitoring applications provide local configuration, monitoring and management of the network at remote school buildings. For example, Brocade Mobility Controllers attached to the core routers can remotely configure and monitor Brocade Mobility Access Points which are WAPs, or WAP, avoiding the need for administrators to travel to school buildings. Brocade partner applications for wired/wireless network access control (NAC) and sFlow monitoring are integrated into a complete management solution reducing the complexity and cost to administer the network. Centralized management of these distributed assets is highly desirable.

The design is modular. Reusable building blocks are assembled into templates that scale-up and scale-out. Templates are easy to replicate at high, middle and elementary schools. This simplifies testing, maintenance and configuration management while reducing complexity, training and operating cost.

Alternate blocks, can be used in a template as desired. Some alternates designs commonly found in school districts are described later in the Alternate Design section.

 

School Template

The modular architecture relies on extensible building blocks connected into templates that are easy to replicate and scale.

SchoolDistrict-Template-School.jpg 

  School Template with Stacking (click to enlarge)

 

As shown above, the school network has a Distribution/Access topology. A Distribution Stack block using stacking connects to Access Stack blocks. The Distribution block is the Layer 2 / Layer 3 boundary for the school and provides the gateway to the MAN. An Access Stack block uses stacking for high availability and easy scale-up. The HyperEdge Architecture offers distributed stacking as an option allowing switches in a stack to be distributed across wiring closets. This reduces cost and complexity by reducing the number of management points in the school.

 

The WAP block includes WAP points for wireless access in the school. Brocade Mobility Access Points are available with a variety of radio designs and form factors. When deployed in a mesh, the WLAN is self-healing automatically rerouting connections when a WAP goes off-line to its neighbors. And, peer-to-peer traffic within a mesh can be forwarded directly between WAP via RF transmission avoiding rerouting traffic from one WAP to the WLAN Controller and back to the other WAP. This is more efficient, and reduces latency and unnecessary traffic on uplinks.

 

The template scales-out by adding more Access Stack or WAP blocks as required. This ensures cost-effective connectivity for a wide range of school designs. The Distribution block uses higher performance switches, such as the Brocade ICX 6610 with 40 GbE stack links. An alternate template substitutes a Distribution block with multi-chassis trunking (MCT) and VRRP_E and is described in the Alternate Design section.

 

Distribution Stack Block

Synopsis

A Distribution Stack block terminates the Layer 2 LAN in a building, or campus of buildings, and routes traffic over the MAN to other schools, district facilities and the central office and to the Internet via the Distribution Backbone at the district office.

 

A stack of dual Brocade ICX 6610 switches are configured as a two-switch stack providing resiliency, high port density, 40 GbE stacking bandwidth and advanced Layer 3 routing services. The stack can scale-up to eight switches if necessary.

 

Distribution Stack blocks are designed to provide:

  • Layer 3 connection to the MAN allowing traffic to flow between any school building in the district and to access the Internet.
  • They have 10 GbE fiber links (dual links for resiliency) to the MAN which are commonly used by service providers.
  • Distribution Stack blocks require higher performance than Access Block switches.
  • Distribution Stack blocks support commonly used Layer 3 protocols, such as OSPF, to route traffic across the MAN.

 

In legacy designs based on technology available in the last decade, a distribution router was commonly used requiring a more expensive modular switch to meet the bandwidth, port density and performance requirements. Modular switches typically consume more power and have larger footprints than stackable switches. Now with the availability of 40 GbE for stacking links, multiple Brocade ICX 6610 switches provide the same capability found in older modular products but with a smaller footprint, lower power consumption and lower average port cost.

 

Block Diagram

SchoolDistrict-Block-40GEStackMan.jpg

  Distribution Stack Block, 40 GbE Stacking with Routing (click to enlarge)

 

Key Features

ICX 6610 40 GbE stacking links

Avoids bottlenecks for combined voice, video and streaming Internet streaming to all classrooms in the school

Stack management

All switches in a stack are managed as a single device simplifying network configuration.

10 GbE LAG links to MAN

Provides 20 Gbps of bandwidth with automatic link resiliency between the school and the MAN

Chassis Switches with MCT

Option to use chassis switches with Multi-Chassis Trunking for link resiliency, switch resiliency for Distribution. These can be Brocade or non-Brocade switches with MCT.

Chassis switches with VRRP-E

Option to use chassis switches with VRRP-E for gateway resiliency to the MAN. Both routers are in a active-active cluster configuration and are able to forward gateway traffic to the MAN.

 

 

References

 

 

Access Stack Blocks

 

Synopsis

 

An Access Stack block provides scalable Layer 2 connectivity to devices in a building or small campus with several buildings. Access Stack blocks optionally have PoE/PoE+ ports on one or more switches in the stack to power Voice over IP (VoIP) phones, security cameras and WAPs (AP). Brocade provides both in-wall WAP, such as the Brocade Mobility AP 6511, and multi-antenna mesh AP, such as the Brocade Mobility AP 7131.

Multiple Access blocks are used to provide device connectivity within the distance limitations of the wired cable plant and WAP signal. For school campuses, an Access Stack would be located in each building. For multi-story schools, an Access Stack can be located on each floor or wing within a floor as needed.

 

The Access Stack block is scalable, available and flexible as a single Brocade ICX 6450 stack can have up to 384 1 GbE ports and a maximum of eight switches. One switch is a master switch and one switch is a standby switch. Hitless fail-over of the master to the standby ensures traffic is not disrupted should a switch fail or be taken off-line for upgrades and maintenance. Any switch in a stack can have powered PoE/PoE+ ports so stacks can include both powered and un-powered Ethernet ports. PoE+ power levels are needed when powering higher bandwidth 802.11n WAP and for security cameras with pan/tilt/zoom (PTZ) features that are increasing used in schools. The ICX 6450 switch has four 10 GbE ports that can be used as stack ports and for uplinks to the Distribution block.

 

An Access Stack of ICX 6450 switches with PoE/PoE+ ports can include one or more Brocade ICX 6400 EPS external power supplies. The ICX 6400 EPS enables all 48 ports in an ICX 6450 to provide PoE+ power levels. It can also be used to increase the availability of any stack by providing backup power supplies to the all switches.

Below are some common criteria for designing and Access Stack block for school buildings.

 

  • Two to eight Ethernet connections and one wireless access point for a typical classroom. Classroom phone and the teacher’s computer each take one Ethernet connection.
  • Computer and science labs require several connections.
  • Large and medium buildings require multiple ICX 6450 switches, which are stacked together so they are managed as a single switch. Each building is connected to the MAN via a Distribution Stack block of ICX 6610 switches.
  • The Access block connect to the Distribution block with dual 10 GbE for resiliency with adequate bandwidth for streaming video and other types of multicast traffic today and tomorrow.
  • Certain areas such as a gymnasium or band room are often some distance from the classrooms and need to connect only a few devices. Standalone Brocade ICX 6450 switches work well in this situation. In this case these single switches can use 1 GbE LAG uplinks to the Distribution Stack block as the traffic may not require using 10 GbE uplinks.
  •  
Block Diagram

Below is an Access Stack block with PoE/PoE+ ports with 1 GbE device connective that provides power to WAP, VoIP phones and security cameras. As shown, both PoE/PoE+ enabled and wired only ICX 6450 switches can be combined into a single stack. This flexibility allows optimization of the number of more expensive PoE/PoE+ ports based on the actual need for powered device connectivity. The green line labeled “To WLAN Controller” indicates WAP configuration and management within a school is performed from a central location.  See the Core Backbone WLAN Controller Block section for more details.

 

SchoolDistrict-Block-EdgeStack10GEPoE.jpg

  Access Stack Block, 10 GbE Stack with PoE/PoE+ & WAP (click to enlarge)

 

Key Features

1 GbE device connectivity

Avoids bottlenecks for combined voice, video and streaming Internet streaming to the classroom

PoE+ connectivity

Meets power requirements of 802.11n WLAN connections required for higher bandwidth to mobile devices

10 GbE stacking

Provides 10 GbE stacking bandwidth to all switches in the stack and 10 GbE uplinks to the Distribution block avoiding bottlenecks. Hitless failover of stack controller avoids network downtime should a switch fail.

10 GbE LAG uplinks

Provides 20 Gbps of uplink bandwidth with automatic link resiliency

Stack management

All switches in a stack are managed as a single device simplifying network configuration.

Layer 2 switching

Lowers cost and simplifies configuration of the school network

 

References

 

WAP Block

The WAP block includes Brocade Mobility Access Points for wireless device access in the school. Each WAP unit connects to a PoE/PoE+ port in an Access block that provides power to the WAP device. Brocade Mobility Access Points are available with a variety of radio designs and form factors.

Brocade Mobility AP 7131 devices are intelligent so data forwarding between each WAP does not require data traffic to go through the WLAN controller or even to go over wired switch connections to get from one WAP to another. Peer-to-peer data traffic can use available radio bandwidth to move directly between WAP devices in the RF mesh network. This minimizes the amount of traffic on the wired infrastructure and reduces the number of Access block ports needed to deploy WAP devices since a few WAPs in the mesh RF network need to connect to a powered PoE port. The result is less physical wiring; fewer switch ports in the Access block and lower bandwidth on the wired network all saving cost while simplifying operation and maintenance.

Configuration and management of WAP devices is centralized using Brocade Mobility Controllers. See the District Office Template for more details.

 

Block Diagram

The diagram below shows how a central WLAN Controller at the core can configure and manage a large number of distributed WAP in schools and other facilities across a district.

 

Campus_RA_Block_Access-WAP&Controller.jpg

  WAP Block with WLAN Controller (click to enlarge)

 

Key Features

PoE+ powered

Meets power requirements of 802.11n WAP required for higher bandwidth to mobile devices

WAP Mesh

  • Resilient mesh with automatic connection migration to available WAP when a WAP goes off-line.
  • Peer-to-Peer traffic forwarded within the mesh avoids unnecessary traffic on uplinks to the WLAN Controller
  • Only a few WAP in a mesh need to connect to PoE ports on Access switches reducing cost and complexity.

Central management

Remote WAP devices can be configured and managed centrally from Brocade Mobility Controllers. This reduces travel time, operating cost and simplifies management of remote devices.

 

References

 

District Office Template

In most school districts, there is a district office where administrative functions are housed. Often, this facility includes the district datacenter and IT department.

 

SchoolDistrict-Template-DistrictOffice.jpg

  District Office Template (click to enlarge)

 

This template includes a Core Backbone block with two sub-blocks, Routing and WLAN Controller. The Routing block provides secure Internet access for the entire district, connection to a service provider supplied MAN with 10 GbE and/or 1 GbE links, connection to the datacenter network so schools can access central applications as required, and links to local Distribution and Access blocks within the district office for administrative staff. The WLAN Controller block includes Brocade Mobility WLAN controllers used to configure, manage and secure local and remote WAP units in schools and facilities. The WLAN Controller block connects to the Routing block.

The District Office includes a Network Management block with Brocade Network Advisor (BNA), a Network Access Control (NAC) block for securing wired and wireless device traffic using partner NAC appliances, and a Traffic Monitoring block with sFlow. Brocade includes sFlow support in its switches at no extra cost. Brocade and its partners provide applications that collect sFlow management traffic to enable centralized IT management.

 

Campus Backbone Routing Block

 

Synopsis

The Routing block provides Layer 3 routing to Distribution blocks in all school networks via the MAN, the Internet, the data center core router, and Distribution and Access blocks in the district office. It is common to use a MAN service provided by a regional telephone or cable service provider with link rates of 1 GbE and 10 GbE.

 

Block Diagram

SchoolDistrict-Block-CampusBackbone.jpg

  Core Backbone Router Block (click to enlarge)

 

Core backbone routers forward all traffic flows between schools, the district office, the datacenter and the Internet. Brocade’s SX Series of chassis switch-routers are ideal choices. When configured with VRRP-E and Multi-chassis Trunking (MCT), the SX Series provides a high performance, high availability gateway between the Internet, the MAN and the district office LAN.

 

The district data center has servers hosting administrative applications, Email, attendance and grading, on-demand video courses, etc. The Router block routes client connections from teacher desktop/laptop computers in the classrooms to district applications (grading, attendance, etc.) and file servers with instructional materials, videos, etc.

 

Key Features

BGP support

Scalable routing protocol for Internet edge

Metro Ring Protocol (MRP)

Routing over service provider metro LAN ring

Chassis-based

Flexible configuration with excellent scalability

Brocade BNA support

Single pane of glass manageability of entire district network

PoE/PoE+

Same chassis can provide power for security, WAP and phones at district office.

 

References

 

 

WLAN Controller Block

 

Synopsis

The WLAN Controller block communicates with all WAPs in WLAN AP blocks via a pair of clustered Brocade Mobility Controllers. WAP policy and configuration information is centrally setup in the controller and then pushed, in-band, over the MAN to the managed WAPs in schools and remote facilities. WLAN Controllers can manage up to 1,024 WAP and 96,000 wireless devices per controller.

 

Designed for high-bandwidth WLAN deployments, Brocade Mobility 802.11n controllers provide highly scalable mobility in remote offices, campuses, and data centers. The Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade Mobility RFS7000, and Brocade Mobility RFS7000-GR Controllers provide best-in-class performance, security, scalability, and manageability.

 

Brocade Mobility controllers provide tools to simplify and minimize day-to-day management. A comprehensive set of services offers security, reliability, and mobility for high-performance 802.11n networks. Easy to deploy and manage, these controllers provide a converged platform to deliver a wide range of networking functions, including:

  • Non-blocking, high-performance 802.11n architecture
  • SMART RF management of the network and location management
  • Wi-Fi Multimedia Extensions for data, voice, and video traffic
  • Extensive authentication and encryption support
  • Secure guest access with built-in captive Web portal
  • 802.11 traffic prioritization and precedence
  • Hyper-fast secure roaming
  • IPSec VPN gateway
  • Wired/wireless role-based firewall
  • Comprehensive integrated IDS/IPS
  • Rich real-timelocationing services
  • Hitless failover capabilities
  • AP licenses shared by redundant controllers

The WLAN Controller block connects to the Router block in the district office, as shown below.

 

Block Diagram

 

SchoolDistrict-Block-CentralWLANControl.jpg 

  WLAN Controller Block Integrated with Campus Backbone Router Block (click to enlarge)

 

 

Key Features

Central WLAN Policy Control

Reduced administrative cost. Consistent WLAN policies district-wide

Remote WAP power on/off

Reduced administrative cost.

Scalable WLAN Controllers

Can scale from 500 to 96,000 mobile devices per controller pair. Can scale from 36 to 1,024 WAP per controller cluster.

WLAN Controller Cluster

High-availability and scalability

Brocade BNA Support

Integrated wired and wireless management

 

References

 

Management Blocks

 

Synopsis

The administrative activities of the district are often located at a central office. The management, security, access control and other supervisory functionality is encapsulated into the Management block.

 

Security policies prevent unauthorized access to the network and detection, reporting and mitigation of threats the network and its devices. The security policies need to identify authorized connections and automatically assign appropriate network resources for both the wired and WLAN networks. Guest users may be assigned limited access while others may be blocked. There may be separate policies for students, faculty and staff. Student policies may have to be compliant with directives regarding content restriction.

 

SchoolDistrict-Template-Management.jpg

  Network Management Block (click to enlarge)

 

The same policies can be applied to wireless clients (devices connecting via the WLAN. The ability to consolidate the configuration and propagation of policies in a centralized setup, as well as to update and control all wireless devices reduces the management overhead of the network considerably.

 

Brocade provides a management application, Brocade Network Advisor(BNA). The advanced functionality of BNA allows administrators to view the network on a single screen and markedly improves operations and management of the network. With BNA, uniform application of network policies in the network services block are easy to configure and employ ensuring consistent network security policies are deployed in every school in the district. And, Brocade integrates sFlow in its campus switch products enabling partner applications that provide traffic monitoring and engineering to ensure network uptime and avoid congestion.

 

Key Features

Wired and Wireless Management

Single platform reduces cost and simplifies management of wired and WLAN networks

sFlow support

Brocade switches with sFlow support enable traffic monitoring via partners supplied sFlow applications to identify and eliminate bottlenecks

WLAN Network Access Control (NAC)

NAC policies integrated via partner applications ensure student, teacher and visitor access controls are uniform and consistently applied to every WAP in the district

Central WLAN Controller

Brocade BNA support for central WLAN controller configuration simplifies configuration of remote WAP policies and network security.

 

 

References

 

Alternate Designs

School districts are quite diverse and so are the networking requirements. This section covers some alternatives to the base design to illustrate options available to the designer.

 

Alternate Small School Template

 

Synopsis

For some elementary schools and smaller facilities, there are fewer devices to network. These schools can use modified Distribution Stack and Access Stack blocks. In that case, 1 GbE LAGs between the Distribution and Access blocks may be satisfactory. The School template is modified to use a two-switch ICX 6450 in the Distribution Stack block and one or more ICX 6430 switches in the Access Stack block.

The Distribution Stack block with ICX 6450 switches has 10 GbE stacking and uplinks so 10 GbE connectivity to the MAN is available. The Access Stack block with ICX 6430 switches has a maximum of four switches. These can be configured with PoE/PoE+ powered ports. Stacking use 1 GbE links while uplinks use LAG with 1 GbE links.

 

Block Diagrams

This is the Distribution Stack block with ICX 6450 switches with 1 GbE links to the Access Stack block and 10 GbE uplinks to the MAN.

 

SchoolDistrict-Block-10GECoreStack-Alternate.jpg

   Alternate Distribution, Stack with 10 GbE Uplinks and 1 GbE Access Block Links (click to enlarge)

 

 

This is the Access Stack block with ICX 6430 switches with 1 GbE stacking links and 1 GbE LAG uplinks to the alternate Distribution Stack block.

 

SchoolDistrict-Block-EdgeStackGEPoE.jpg

   Alternate Access, Stack with 1 GbE Stack and Uplinks (click to enlarge)

 

 

Alternate Large/Medium School Template

Synopsis

In larger schools, the Distribution Stack block can be replaced by a Distribution MCT + VRRP-E block with Chassis switches. This block has two SX Series chassis switches configured with MCT and VRRP-E. Chassis switches scale-up by installing more cards in the Chassis. Each card comes in a variety of port configurations providing a lot of flexibility in how devices are connected. The SX Series includes support for PoE/PoE+ port cards.

Another alternate Distribution block is collapses the distribution and access layers into a pair of chassis switches, or Edge block, of two SX Series chassis switches with VRRP-E. In this configuration, all devices use “home run” cabling from wall ports and WAP devices to the Edge block.  Port cards in installed in the SX Chassis with PoE/PoE+ for powered devices.

 

Block Diagrams

This the alternate Distribution MCT+VRRP-E block that replaces the Distribution Stack block in the Large/Medium School template.

 

SchoolDistrict-Block-CoreChassisWithMCT-VRRPE.jpg

   Alternate Distribution, Chassis with MCT and VRRP-E (click to enlarge)

 

This is the alternate Edge block that replaces the Distribution Stack block and eliminates the Access Stack block in the Larger/Medium School template.

 

SchoolDistrict-Block-Collapsed CoreVRRPE.jpg

   Alternate Edge, Collapsed Distribution/Access Block with VRRP-E (click to enlarge)

 

References

 

 

Alternate Edge Template with Mix-and-Match Stacking

 

Synopsis

In contrast to the traditional core/distribution/access topology, Brocade offers core/edge topologies as well. An edge collapses the distribution/access tiers embedding the Layer 2 / Layer 3 boundary within a single management point. The ICX Mix-and-Match stacking feature can be used to collapse the distribution and access layers, and their independent stacks, into a single Edge block.

 

SchoolDistrict-Template-ICXMix&MatchStack.jpg

 

   Alternate Edge Template, Mix-and-Match Stacking (click to enlarge)

 

 

A Mix-and-Match stack reduces cost and simplifies management. Mix-&-Match stacking is an innovative capability of the Brocade HyperEdge architecture that combines Layer 2 and Layer 3 capable switches into the same stack. With older technology, all switches in the stack had to have the same features licensed on all switches in the stack. This is not a cost effective approach. Instead, Mix-and-Match stacks allow some switches to be licensed with Layer 3 features that are shared by all switches in the stack. This means both Layer 2 and Layer 3 features are configured and managed one time in a single stack.

 

The Edge Mix-and-Match Stack block provides scalable Layer 2 and Layer 3 connectivity for devices in a building or campus with several buildings. A Mix-and-Match stack collapses both the distribution and access into a single stack creating and Edge block. Switches in the stack include the ICX 6610 with Layer 3 connectivity and ICX 6450 switches. Any switch in the stack can include PoE/PoE+ ports to power Voice over IP (VoIP) phones, security cameras and WAPs. Brocade provides both in-wall WAP, such as the Brocade Mobility AP 6511, and multi-antenna mesh WAP, such as the Brocade Mobility AP 7131.

 

The Edge Mix-and-Match block is scalable, available and flexible as a single stack can have up to 384 1 GbE ports and a maximum of eight switches. One switch is a master switch and one switch is a standby switch. Hitless fail-over of the master to the standby ensures no traffic disruption should a switch fail or be taken off-line for upgrades and maintenance. Any switch in the stack can have PoE/PoE+ ports so a stack includes both powered and un-powered Ethernet ports. PoE+ power levels are needed when powering higher bandwidth 802.11n WAP units and for security cameras with pan/tilt/zoom (PTZ) features that are increasing used in schools. The ICX 6450 switch has 10 GbE ports that can be used as stack ports to the ICX 6610 switches in the block. The ICX 6610 switches have 40 GbE stack ports ensuring low over-subscription of traffic within the stack.

A Mix-and-Match Stack with ICX 6450 switches and PoE/PoE+ ports can include one or more Brocade ICX 6400 EPS external power supplies. The ICX 6400 EPS enables all 48 ports in an ICX 6450 to provide PoE+ power levels. It can also be used to increase the availability of any stack by providing backup power supplies to the all switches.

 

A common Mix-and-Match stack configuration uses two ICX 6610 switches with Layer 3 features. These are configured as a VRRP-E cluster providing resiliency, high-availability and an active-active gateway to the MAN. These switches use 40 GbE stacking ports. Each ICX 6610 has 10 GbE ports to extend the stack to multiple ICX 6450 switches and for uplinks to the MAN.

 

The ICX 6450 switches use 10 GbE ports for stacking and integrate into the ICX6610 switches via their 10 GbE ports. Several stacking topologies are supported.  See the FastIron Administrator Guide for details.

 

Block Diagram

 

SchoolDistrict-Block-ICXMix&MatchStack.jpg

   Edge Stack, Mixed Stacking with PoE (click to enlarge)

 

 

Key Features

ICX 6610 40 GbE stacking links

Avoids bottlenecks for combined voice, video and streaming Internet streaming to all classrooms in the school

ICX mix-and-match stacking

Extends the to provide cost-effective Layer 2 switching within the same stack

Stack management

All switches in a stack are managed as a single device simplifying network configuration.

10 GbE LAG links to MAN

Provides 20 Gbps of bandwidth with automatic link resiliency between the school and the MAN

1 GbE device connectivity

Avoids bottlenecks for combined voice, video and streaming Internet streaming to the classroom

PoE+ connectivity

Meets power requirements of 802.11n WLAN connections required for higher bandwidth to mobile devices

Layer 2 switching

Lowers cost and simplifies configuration of the school network

 

 

References

 

Components

The following lists typical components that can be used in the design templates.

 

School Template Components

Brocade ICX 6430/6450 Switches

ICX 6430: 1 GbE device support for Layer 2 only with or without PoE/PoE+. Ideal for smaller facilities.

ICX 6450: 1 GbE device support with Layer 2 / Layer 3 support with or without PoE/PoE+ and 10 GbE stacking and uplinks. Well suited for larger facilities with maximum of 384 ports.

Brocade ICX 6610 Switches

High performance stacking switches with 40 GbE stacking links and 10 GbE uplinks and maximum of 384 ports with or without PoE/PoE+

Brocade FastIron SX Series Switches

Scalable and highly available chassis switches for core access to MAN, Internet, datacenter core routers and Access blocks in the district office.

Brocade Mobility WLAN Access Points

  1. 802.11n for high bandwidth traffic to mobile devices and security cameras with pan/tilt/zoom.

 

District Office Template Components

 

Brocade FastIron SX Series Switches

Scalable and highly available chassis switches for core access to MAN, Internet, datacenter core routers and Access blocks in the district office.

Brocade Mobility WLAN Controllers

Centralized WLAN controllers that can be clustered for availability and scalability minimizing on-site support for WAP configuration

Brocade Network Advisor (BNA) Software

Centralized, single-pane of glass for comprehensive management of district network and WAP in schools

Partner WLAN Network Access Control Software

Integrated and tested software applications for WLAN NAC reduces time and cost to administer consistent NAC policies district-wide

Partner sFlow Traffic Monitoring/Engineering Software

Integrated and tested software applications for open standard sFlow traffic monitoring. Brocade switches include sFlow support at no extra cost.

Comments
by Sharan
on ‎04-25-2013 06:50 PM

This design guide is very useful. Do we have any plans to release a deployment guide for campus architecture?

by Community Manager
on ‎04-26-2013 01:33 PM

I agree.  It would be very helpful to have to the deployment guide.

by pbal
on ‎04-26-2013 01:41 PM

We will update you next week on the deployment details.

by pbal
on ‎05-03-2013 02:17 PM

We have a blueprint available. We are currently discussing the best way to publish this on this forum, since the format is different from the typical Word document.