As we progress through each year, one thing is certain — network gear gets faster.

Sometimes the increase manifests itself by a move up the Ethernet speed ladder, from 100 to 1,000 or now 10,000Mbps. Other times it is marked by faster look-up engines or greater port capacity.

In any case, the network vendor’s mantra seems to be that you can never be too fast or have too many ports. But that is starting to change.

Over the past year we’ve conducted validation projects for a series of vendors of security infrastructure and server load balancers where the focus on enough speed and enough bandwidth — enough to meet or exceed the WAN or LAN access bandwidth that the prospective customer had available to drive the infrastructure gear — was of paramount importance.

To paraphrase a vendor CTO: Why do you need to buy a Gigabit-throughput perimeter security device if your broadband access link will never exceed 100Mbps? This fact is nothing new. We’ve seen it when vendors providing VPN products to customers running T-1 links would fight over performance — one, say, capable of 50Mbps and the other of 70Mbps. Both solutions represented such overkill to the measly 1.5Mbps delivered by the T-1 that a comparison was academic.

Vendors now seem to recognize the obvious — that their devices can be placed effectively in a variety of configurations, that the key element of that configuration is going to be the access bandwidth, and that this can vary exponentially (T-1 to Fast Ethernet to Gigabit Ethernet) among customers that are in the same class.

A build-to-fit approach makes both practical and economical sense. Being able to buy a box guaranteed to deliver 100Mbps — or 1Gbps — at an appropriate price is attractive to prospective customers. Interestingly, vendors take different approaches when delivering this bandwidth-oriented model.

Some use these calibrated bandwidth and throughput delivery levels to select the bill of materials for the box — the components used to construct the appliance. Knowing the target performance levels, it is much easier to right-size the components by avoiding buying an overly powerful (and overly expensive) network processor and other components that affect the build cost and, ultimately, the customer’s price. Customers can then buy the model that suits their environment.

Others take what can be called a lock-and-load, or perhaps load-and-lock, approach. They build a single box that can deliver at a variety of performance levels and use licence keys to lock it to a certain level. A given box might be able to perform up to 1Gbps, but will only do so when the appropriate licence key is purchased and applied.

The obvious upside to such an approach is that customers can develop their environment without the proverbial forklift upgrade. On the other hand, one wonders whether one might be overpaying for powerful processing that cannot be used (without the upgrade) and might not be necessary to use.

So as you look at your intrusion, encryption, load balancer and other edge infrastructure, keep in mind your need for speed, now and in the future.

QuickLink: 059992

–Tolly is president of The Tolly Group, a strategic consulting and independent testing company in Boca Raton, Fla. He can be reached at