|
Independent Evaluations of Networking Products and Tools |
Network Testing Labs Review:Critical Network ServicesOur quest to find the best DNS, DHCP and IPAM network services prompted us to test Alcatel-Lucent’s new appliances in some difficult and stringent situations. We found them to be especially fast, reliable and easy to administer.
Executive Summary
Alcatel-Lucent’s VitalQIP-based appliances easily win the Network Testing Labs World Class Award for best DNS/DHCP/IPAM network services. The devices earned their top honors in our February, 2009 testing by quietly but unrelentingly delivering critical services across networks of varying sizes and complexities. The Alcatel-Lucent appliances quickly and easily brought order and sanity to every IP address scheme we tested, even the most chaotic and badly-managed. We learned in our testing that, surprisingly, the best DNS/DHCP/IPAM product isn't the most expensive -- in fact, on a cost per request and cost per lease basis, the Alcatel-Lucent appliances are actually far more economical than other DNS/DHCP/IPAM products. The Alcatel-Lucent AMM/AMS/ESM devices were blazingly fast, they exhibited enduring and unrelenting reliability, they were broadly scalable, and they were easy and intuitive to use. Kudos to Alcatel-Lucent for a job well done.
Discussion
DNS and DHCP servers are just as essential to your network as cables, switches and routers. In fact, your network would carry virtually no traffic at all if it weren’t for DNS (Domain Name System) and DHCP (Dynamic Host Control Protocol) servers. A DNS server supplies the associated IP address whenever someone uses a URL to access a network resource, while a DHCP server assigns IP addresses to client computers at boot time. When these services bog down or fail completely, your network bogs down or fails completely. Large, complex networks have large, complex IP addressing schemes. IPAM (IP Address Management) helps network administrators productively and efficiently make simple work of organizing a complex network’s IP addresses. The ideal DNS/DHCP/IPAM network service quickly and reliably responds to requests to resolve a URL into its associated IP address. It rapidly and robustly responds to client computer requests for dynamic (i.e., leased/assigned) IP addresses. And it allows a network administrator to easily manage even the most excessively complex IP addressing schemes. To weigh the merit of its new appliances, we asked Alcatel-Lucent to submit its new AMS 1000, ESM 1000 and AMM 1000 devices for testing in our Alabama lab. We tested primarily for performance, reliability, scalability and ease of administration. The three model 1000 devices are Alcatel-Lucent’s mid-range products. The vendor also offers two other series of appliances, the model 500 and the model 5000. The model 500 units are intended for small office or retail deployments whereas the model 5000 units are intended for use by large carriers. The AMS (Appliance Management Software) 1000 manages the other two units. The ESM (Enterprise Server Module) 1000 provides IPAM, database and user interface VitalQIP services, while the AMM (Appliance Management Module) 1000 supplies remote DNS, DHCP, SNMP and other network services. The Alcatel-Lucent appliances earned flying colors in the evaluation. They were blazingly fast, unremittingly robust, pervasively scalable and extremely simple to use. The new Alcatel-Lucent DNS/DHCP/IPAM devices earned our Network Testing Labs World Class Award for best DNS/DHCP and best IPAM network services.
Performance and ScalabilityWe bombarded the Alcatel-Lucent appliances with 500,000 DHCP requests, timing the test operation with a computer program. Impressively, the model 1000 units responded with remarkable speed and efficiency. Table 1 reveals the average number of leases per second we obtained across a series of tests – a blistering rate of 6,203/second. Practically speaking, this stress test is the equivalent of 500,000 employees arriving at work at the same time and concurrently booting their computers to begin their day’s work. Note that the Alcatel-Lucent appliances would have these half-million workers up and running in just over a minute. That’s simply amazing.
*500,000 divided by the elapsed seconds value Table 1. IP address assignment performance.
In our DNS tests, we flooded our network with 500,000 URL-to-IP-address resolution requests. The model 1000 Alcatel-Lucent appliances responded with astonishing speed, achieving an average of 56,179 name resolutions per second. Table 2 shows the detailed results.
*500,000 name requests divided by the elapsed seconds value Table 2. DNS resolution performance.
These results led us to the inescapable conclusion that the model 1000 appliances cost less to use than any of the competition’s products. A three-tier architecture is the holy grail of virtually every set of Best Practices guidelines. Rather conveniently, the AMS/ESM/AMM 1000 devices come pre-configured in just such a 3-tier arrangement. Your high-performance IPAM/DNS/DHCP network services operate with an exceedingly scalable three-tier architecture – and you don’t have to fuss and fumble with a vendor’s instructions for how to configure a product for 3-tier operation. It’s already done for you. We noted during our testing that the ESM 1000 appliance can also manage legacy DNS/DHCP hardware. Furthermore, the Appliance Manager software contains support for Anycast DNS. The devices also support High Availability (HA) DNS, host SNMP (in addition to DHCP and DNS SNMP), NTP, TFTP, Auto Discovery and a number of other services. Alcatel-Lucent supports the Internet Software Consortium’s (ISC’s) Berkeley Internet Name Domain (BIND) standards, with extensions. In our tests, the DNS/DHCP servers, no matter whether designated primary or secondary, interoperated perfectly with other DNS/DHCP implementations. The AMS/ESM/AMM 1000 appliances also integrated perfectly with Windows Server Active Directory. VitalQIP’s management of Windows’ DNS and DHCP servers includes Active Directory authorizations, support for multicast address allocation, the proper emitting of DNS Server Resource Records (SRV) according to the DNS dynamic update protocol (RFC 2136), flexible dynamic DNS updates, secure DNS support and multi-master DNS support. VitalQIP has a unique and yet highly interoperable approach to incremental zone transfers (IXFRs). Instead of embracing the cumbersome and unreliable RFC 1995 process, the Alcatel-Lucent programmers designed a BIND extension that uses Dynamic DNS to accomplish the transfer and keep master and slave servers synchronized. As a further backup mechanism, VitalQIP periodically performs full zone transfers (AXFRs). Its unique implementation lets VitalQIP update both primary and secondary servers using Dynamic DNS and, at the same time, fully support both the IXFR and the AXFR mechanisms. The AMM 1000 and AMS 1000 appliances contain an Intel Xeon Dual-Core CPU, 1 GB of RAM and a 250 GB hard drive. The ESM 1000 also is based on an Intel Dual-Core CPU, also has a 250 GB hard drive and has 4 GB of RAM. The model 5000 units are even more capacious. The appliances run a hardened, specially-configured version of Red Hat Linux, and they incorporate V15.0 of the Sybase Adaptive Server relational database. The AMS, ESM and AMM appliances are particularly “green.” They consume less power and, accordingly, emit less heat, thus reducing cooling costs. The appliances accomplish this by leveraging Intel’s shift towards parallel architecture CPUs. In addition to their scalability, the Alcatel-Lucent appliances exhibit rock-solid reliability. The devices easily survived our abrupt power outage, power spike, high temperature and vibration tests. Except of course in the power outage tests, the units continued to provide network services without failing or even blinking. If you install multiple devices, the appliances gracefully and seamlessly “fail over” to the backup machines.
Ease of Use and SecurityWe were delighted to find that the built-in VitalQIP 7.2 Web browser interface provides a complete set of administrative tools and functions via its Web GUI. While earlier VitalQIP Web GUI versions did not include every single function, the current version corrects that and gives even remote browser-based operators full control of VitalQIP. The VitalQIP 7.2 browser-based interface is a joy to use. It’s intuitive, easy to navigate and quite responsive. For the sake of security, the appliances are hardened for secure deployments. They include a firewall to limit connections to only registered progams. The appliances are customized to have a minimal network footprint, thus reducing attack points and ensuring that each unit runs only the necessary software. In addition, authorized management communication to an appliance is always encrypted with SSH. By default the appliance has no default logins accessible by password. To thwart cyberattacks that attempt to gain control of the appliances, the DNS functions themselves run in a non-privileged mode. We also noted that Alcatel-Lucent is quick to respond to its customers with both ISC and Red Hat security patches. The Alcatel-Lucent documentation is comprehensive, easy to follow and accurate. The devices can be installed and be operational in less than 30 minutes.
ConclusionNetwork services, especially critical ones like DNS, DHCP and IPAM, should be neither seen nor heard in day-to-day operation. The Alcatel-Lucent AMS/ESM/AMM 1000 appliances come closest to providing set-it-up-and-forget-about-it essential network services. The AMS/ESM/AMM 1000 appliances are robust, responsive, easy to use, secure and scalable. We recommend you evaluate these network services appliances for use in your own computing environment.
Test bed and methodologyOur test environment consisted of six routed Fast Ethernet subnet domains and a T-1 Internet connection. The Internet link let us perform massive zone transfers and other large-scale IP address operations, but most of our testing was local. Each subnet’s 50 client computers were a mix of Windows 2000 Professional, Windows Vista, Windows 98, Windows ME, Windows XP, Red Hat Linux and Macintosh platforms. The relational databases on the network were Oracle, Sybase Adaptive Server and Microsoft SQL Server. Windows Advanced Server shared files, while Internet Information Server (IIS), Netscape and Apache software served up Web pages. We tested the appliances’ ability to dynamically distribute large quantities of IP addresses, equate IP addresses to host names, register IP addresses in directory/name resolution services and flexibly maintain a useful repository of IP addresses and host names. We also evaluated the appliances for scalability, security, ease of use and any special features they offered. To simulate a high volume of DNS/DHCP requests, we ran several concurrent instances of a C++ program that issued both valid and invalid DHCP-DISCOVER messages. To test performance, we measured how quickly the devices responded to 500,000 IP address client requests and 500,000 URL resolution requests. We also moved clients from one subnet to another, gave unique values to the DHCP client ID field and assigned different values to the user class ID and vendor class ID DHCP parameters to see how the DHCP servers responded.
DNS/DHCP/IPAM Report CardGrade scale is A through F, with F = Failing and A = Perfect
Vendor Details
|