Network segmentation through bridging and switching helps break down a large, congested network into an aggregation of smaller, more efficient networks. Routers edit A typical home or small office router showing the ADSL telephone line and Ethernet network cable connections. Efficient Processing of Deep Neural Networks Vivienne Sze, Yu-Hsin Chen, Tien-Ju Yang, Joel Emer Massachusetts Institute of Technology Reference: V. Sze, Y.-H.Chen, T.-J. Emer, ”Efficient Processing of Deep Neural Networks,” Synthesis Lectures on Computer Architecture, Morgan & Claypool Publishers, 2020. One of the most important pieces of an efficient network infrastructure is the core network switch design and implementation. Without properly implemented network switches, your computers cannot communicate with one another resourcefully, or with peripheral devices such as wireless networks and networked printers.
Consider This When You Start Your Network Design
A great number of factors need to be considered when designing a secure, efficient, and scalable network. While individual network demands will vary greatly between networks, it is important to think through your network design. Here are eleven design tips that will make your network secure, efficient, and scalable.
1. Firewalls
A firewall acts as a traffic cop for networks. It can allow or deny communication based on a number of parameters. Most people see firewalls as a perimeter-only device. This use isn’t the only way to implement a firewall. If your company has the capability, it is a good idea to secure any important information with a firewall. Securing a database that holds credit card information or putting the HR and finance departments behind a firewall are all good ways to protect a company’s intellectual property and other sensitive data.
2. VLAN
VLAN (Virtual Local Area Network) is the logical separation of network devices while utilizing the same physical infrastructure. A VLAN is a good idea for many reasons. Typically paired with a proper subnetting scheme, proper VLAN assignment can reduce network overhead, improve security, and ease administration. A good implementation of VLAN would be to have device management on its own network. This approach would give greater control over which users can access your network devices.
3. Subnet
A subnet is another way to separate a network logically. Subnets commonly correlate with physical network locations, but they don’t have to when designed properly with VLANs. Properly subnetting a network can ease administration and network overhead. A coherent subnet scheme will easily identify sites, departments, and special secure areas as separate subnets. Following a clear assignment convention will make it easy for an administrator to identify subnets and their assignments. Depending on the size of your company and security requirements, it is a good idea to have HR and finance departments on separate networks. This way you can have better control of those machines with sensitive data.
Subnetting isn’t only for security. It can allow you to reduce network overhead across your organization by containing network traffic to required areas only when used with proper VLAN design. When designed around future growth, properly subnetting your network can provide enormous scalability.
4. DMZ
A DMZ (demilitarized zone) is a segment of the network that users can access from the Internet. This design allows external users to access a service such as a website or an email without accessing the internal network. A DMZ can add security to your network by taking the systems that need to be accessed by external resources and segmenting them. While the public can access the DMZ’s resources, they are not able to access your internal network, where you have implemented a stricter security policy.
5. Quality of Service
Quality of Service, shortened to QoS, goes along with a proper subnetting and VLAN design. This feature of routers and switches will give priority to one VLAN over another. Priority is important when designing a VoIP (Voice over IP) network. If your voice network has a latency of over 150ms, you may experience dropped calls and other in-call anomalies. QoS will make sure that when the network is at high utilization, the voice traffic will receive priority over data. After all, it doesn’t matter if a webpage takes another half second to load, but a phone call can’t handle that delay.
6. Hierarchy
Designing your network in a tiered design will allow you to scale the hardware requirements, build in redundancy, and ensure your network operates at optimal speeds. Cisco recommends a 3 tier design consisting of core, distribution, and access layers. Fundamentally, the quickest route to any destination is a direct path. The hierarchical design scales this principle to enterprise levels, allowing data to traverse the network in the shortest path possible while still providing efficiency. Most expensive and feature-rich switches will be in the core and distribution layers. Less expensive switches can be used for the access layer, where end users connect to the network.
7. Spanning Tree
Spanning tree is a loop avoidance protocol that allows a network to have multiple connections to points without creating problems. When designing a hierarchical network, you need to take control of your spanning tree settings on your network. The default settings will work, but most likely won’t be the most effective or efficient solution. Best practices suggest the root of your spanning tree implementation should be in the core layer of the network.
If your network isn’t clearly tiered, the root switch should be at least the one closest to the Internet or the servers (whichever gets the most traffic).
8. Port Channel
Port channel is also known as Ether channel, NIC teaming, or link aggregation. Port channel bundles multiple network cables into a single link. This process does two things for you. First, it increases the speed of the link between two devices on the network. If you channel two, 1Gbps ports together, you effectively have one, 2Gbps connection. Second, it provides redundancy. This configuration doesn’t require all configured ports to be active. So, if a port fails, or you have a bad cable, the connection doesn’t drop, you simply have a lower speed. While this is a degraded state, it is still active and operational.
9. Wireless
Today, wireless access is very popular because it alleviates costly wiring. However, it is inherently very insecure. Modern wireless has become more secure, but broadcasting your data through the air in every direction still has major security concerns. The most secure way to implement a wireless solution is to allow Internet only access to wireless users. This method would require employees to use a VPN to connect back into work if using wireless. The employees are using an encrypted tunnel to transmit sensitive information.
And remember that you are still responsible for the activity on the network. It is vital to set up web filters and firewalls to make sure that your network isn’t being used for nefarious activities.
10. Port Security
Most small and medium business switches have a feature called port security. This feature only allows a particular computer or multiple computers to use that port on the switch. If the switch notices a violation, the switch can disable the port, shutting off network access. While this feature is implemented in typically only very secure environments, it is still a good idea to consider. This method isn’t always feasible for small businesses or organizations that have shared workspace.
11. Physical Security
Physical security doesn’t fall into the logical network design, but if you are fortunate enough to help design a workspace or office layout, it is very important. Companies need to set physical security for all network hardware and mobile devices. Only employees who need to access the hardware should have access to it. Proximity cards, keyed locks, fingerprint readers, PIN pads, retina scanners are all examples of physical security technologies. While the level of security and the amount of money available to secure the network will vary greatly, this is an area that needs attention.
Physical access to devices can give an intruder sensitive information about encryption schemes, network layout, IP addressing and even usernames and passwords. All of these make a more advanced attack on your network much easier at a later date.
What are You Doing to Make it More Difficult for Hackers to Access Your Data?
Designing the network that works well for your company can be challenging. However, by following best practices and planning around security and efficiency, the design of the network can fall into place almost effortlessly. Implementing any of these suggestions will add another layer of security to your network.
What are you doing to make it more difficult for hackers to access your data?
Joe Baker
Senior Network Engineer
AfidenceIT
About AfidenceIT
AfidenceIT is a technology consulting and services firm launched in 2010 with a goal to earn trusted relationships by surrounding their clients with clear, transparent, and honest solutions unmatched in the IT Industry. AfidenceIT serves over 80 active clients in the Cincinnati-Dayton region, extending into 30 states and 15 countries. Headquartered in Mason, Ohio, AfidenceIT also maintains support offices in Miamisburg, Ohio. To learn more about AfidenceIT, please visit our website.
Abstract: Shift operation is an efficient alternative over depthwise separableconvolution. However, it is still bottlenecked by its implementation manner,namely memory movement. To put this direction forward, a new and novel basiccomponent named Sparse Shift Layer (SSL) is introduced in this paper toconstruct efficient convolutional neural networks. In this family ofarchitectures, the basic block is only composed by 1x1 convolutional layerswith only a few shift operations applied to the intermediate feature maps. Tomake this idea feasible, we introduce shift operation penalty duringoptimization and further propose a quantization-aware shift learning method toimpose the learned displacement more friendly for inference. Extensive ablationstudies indicate that only a few shift operations are sufficient to providespatial information communication. Furthermore, to maximize the role of SSL, weredesign an improved network architecture to Fully Exploit the limited capacityof neural Network (FE-Net). Equipped with SSL, this network can achieve 75.0%top-1 accuracy on ImageNet with only 563M M-Adds. It surpasses othercounterparts constructed by depthwise separable convolution and the networkssearched by NAS in terms of accuracy and practical speed.
Submission history
From: Di Xie [view email][v1]Wed, 13 Mar 2019 01:44:39 UTC (591 KB)
Full-text links:
Download:
Current browse context:Efficient Networks 5100
References & Citations
DBLP - CS Bibliography
Di Xie
Yuan Zhang
Shiliang Pu
Efficient Networks 5851 Manual
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Efficient Networks Speedstream 5667
Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs and how to get involved.