Ethernet networks have become a standard for communications networks for mission-critical applications. However, the Ethernet and TCP/IP standards, and their attached protocols, are quite complex and should not be underestimated. Very often it is seen that mission-critical Ethernet networks are implemented with the minimum amount of pre-planning, and while the network will work, it will not perform to its full potential and over time problems will start to present themselves. This article discusses 10 of the most common mistakes made with regards to mission-critical networks, and how they should best be addressed.
Physical parameters and monitoring
Physical cable degradation is the first point. Cables (both fibre and copper) are subject to degradation, especially when exposed to the elements, buried underground, or installed in other harsh environments. EMI affecting copper cables is also a concern as this can affect traffic over these cables, which can cause severe network problems. Inspection and correct installation are key preventative measures that must be addressed with regards to cables.
Next, we next discuss cable redundancy and why it is so important that this be implemented correctly. Redundancy is a key component for any mission-critical communications network, and cannot be trivialised or overlooked. However, although having redundancy in place is critical, without correct monitoring it can become largely ineffectual. Various options are available to ensure correct monitoring of the network, both physically and logically. Logical monitoring generally includes the use of an automated NMS (network management system) and SNMP (simple network management protocol). The article discusses the advantages of these rather than performing manual monitoring of the network and its attached devices, not only as it relates to time and effort saved, but also the accuracy of the automated mechanisms versus manual methods.
Protecting the network against attack
We then move on to include monitoring of possible malicious attacks on the network, specifically viruses/malware and potential hackers. Software and hardware exist that can and should be used to increase security on the network, however, it is important to realise that company policies plays just as important a role in protecting against these types of attacks. For instance, correct access control, and how the company/site deals with outside storage (USBs, HDDs etc.) which could contain potential viruses, are two company policies that can increase the safety and reliability of the network.
Maintenance
Monitoring and maintenance are two closely linked concepts, as simply monitoring a network and attached devices without acting on any potential problems is pointless. Maintenance includes not only physical maintenance (checking cables, hardware, power supplies etc.) but also logical maintenance such as firmware updating and checking of device logs. Firewalls and anti-viruses are also critical and must be maintained regularly. Anti-virus needs constant (preferably twice daily) updating of virus definition databases in order to protect against all viruses in the wild, new and old. Firewall rules should also be regularly checked in order to adapt to a changing environment and new/replacement devices on the network.
Open systems and structures?
The next mistake we look at is vendor locking, where network administrators use proprietary protocols for critical network functionality (such as redundancy). Proprietary mechanisms may often work better than the open standards that are available, however using them means that future expansion will often be tied in to a single supplier, as changing away from this equipment (and the proprietary functionality) could require replacing most of the networking hardware.
Linked to the above is another error that many network administrators make, which is to become too comfortable with the existing network. This means that newer protocols and steps in technology are often ignored. Ethernet is constantly evolving, and networks (especially mission critical ones) should not be allowed to stagnate too much. Improvements in existing mechanisms, or completely new ones, could greatly improve the stability and reliability of the network, and also can provide advanced monitoring options which can assist in future troubleshooting or expansions.
We move on to look at some of the logical mistakes made on these networks, such as incorrectly designed and implemented IP structures and VLANs. As IP structures are part of the heart of any network, designing them correctly and efficiently is essential, especially if there may be expansion in the future. Related to this is correct broadcast and multicast control on the network, which will help keep the logical network clean of unwanted and erroneous traffic. Finally the article briefly discuss time synchronisation and how this can assist greatly with troubleshooting and analysis of the network, even if it is not directly required for any end device functionality.
Interested readers can download the full paper at: http://instrumentation.co.za/+j113
| Tel: | +27 11 454 6025 |
| Email: | [email protected] |
| www: | www.h3isquared.com |
| Articles: | More information and articles about H3iSquared |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version