Protect access layers from BYOD node creep

Bring your own device doesn't mean bring your own network support. What is BYOD doing to your data center's network resources?

CIOs, system administrators and other IT decision makers, take note -- the supposed cost savings associated with...

BYOD may actually cost you in other areas.

The bring your own device (BYOD) phenomenon is a peculiar development in technological evolution, and it isn't going away. The many tentacles of this relatively new concept reach into various areas of the enterprise, most profoundly, the data center.

Wi-Fi connectivity to wireless local area networks places an increasingly heavy burden on network resources. As more enterprise networks reside in data center architectures, this increased load is the hidden cost of BYOD.

Rather than restrict consumerization to conserve network resources, many organizations embrace BYOD. Employees are permitted to bring their own wireless devices into their respective networks, as opposed to the enterprise furnishing hardware. BYOD exponentially increases the number of wireless access points (WAPs) on the network. This, in turn, creates a domino effect with respect to data center architecture: Each WAP is a member of a virtual LAN, which necessitates more layer 2 network switches, which changes the data center's access layer topology, which at some point forces the distribution layer configuration to change, and so on and so forth.

Every item in a traditional data center architecture resides in the access layer, the aggregation (or distribution) layer or the core. Access layers are closest to the end users. The aggregation layer pulls together every packet from access layers and properly delivers them to the core. The core layer, or backbone of the data center, typically faces the Internet. Its routers normally use interfaces rated for a minimum of 10 Gigabit Ethernet (GbE), or 40 GbE and 100 GbE at some Internet service providers. In this scenario, access layers are most prone to node creep from BYOD. As WAPs grow, layer 2 switches reach capacity and admins need to deploy more to accommodate additional wireless infrastructure.

Learn more about BYOD and networking

Four IT shops, four BYOD strategies

Tips for securing BYOD access

Unusual 'Ds' in the BYOD scheme

One way to approach this problem is via a bandwidth-conservation policy. System administrators block throughput hogs such as YouTube and other audio/video applications that strain networks.

If restrictions are too simplistic or draconian, CIOs may lobby for a rapid migration to the up-and-coming IEEE 802.11ac, or Gigabit Wi-Fi technology. More end users can use fewer wireless access points, protecting the access layer from major changes. Each organization must evaluate IEEE 802.11ac on a case-by-case basis.

Organizations can implement Wi-Fi hotspots, outfitting certain areas with WAPs. All attempts to access network resources via Wi-Fi must take place within those areas, effectively limiting node creep. Wi-Fi hotspots also allow system administrators to more accurately monitor what exactly is connected to their network, giving a narrowed threat vector. Hotspots may not be so unpalatable for end users, either, due greatly to the growing popularity of 4G cellular technology.

The continued improvement of 4G may render BYOD accommodations moot -- to a certain degree.

This was first published in April 2014

Dig Deeper on SDN and other network strategies



Find more PRO+ content and other member only offers, here.

Related Discussions

Brad Casey asks:

Does your enterprise allow BYOD? Why or why not?

2  Responses So Far

Join the Discussion

1 comment


Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: