cisco campus communication fabric 2 › c › dam › global › fi_fi › assets › ... · killer...

1

© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07 1

Cisco Campus Communication Fabric 2

Partner Update - 5.11.2007

Reijo Mäkipää

Consulting Systems Engineer

Cisco Systems Finland

2© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07

The Enterprise User and Business Are Changing

� The New Millennial

� Totally connected world without edges

� Largest new work force since the baby boom

� Total technology blend with life

� Mobile, multi-cultural, multi-tasking

TodayReal-time Interaction

and Collaboration

1950s–1990sPaper Communication

Move in Days

1990s–2002Digital “Same Day”

Transactions

2


• Office Groove 2007 - 21st Century

Collaborative Application

• Peer-2-Peer data distribution

• Decentralized, Unpredictable

Workgroup Traffic Across Campus

• Drives need for application aware

access control, QoS

Killer Applications Will Transform Campus Networking …

3

• Cisco Telepresence - Strategic impact on

executive communication requires a

stronger Service-Level Agreement (SLA)

• Need for secure communications

• Need for highly reliable service

• Need for exemplary application

service and traffic management


E-mail, chat, & IM PC- & cable telephony Unified messaging

OS ApplicationsDevices &

Regulations

Peer to PeerPeer to Peer

Voice & Data Voice & Data ConvergenceConvergence

VideoVideo

VODVideo & audio streaming Video conferencing

Drives 10 GDrives 10 G

DrivesDrives

VirtualizationVirtualization

& Security& Security

Drives Drives

Deep PacketDeep Packet

InspectionInspection

Drives IPv6Drives IPv6

Music downloadOn-line gaming File Sharing

Windows VistaMAC OS XLINUX

And There is More To Come …

Green

Data Center Environmentals Corporate Green Initiatives

3


The Campus Communications FabricThe Campus Network

Through 2015…

� Access anytime, anyhow…to anything

� Immediate, enhanced collaboration

� Full protection, compliance a must

� Apply attached resources as needed

� No downtime—scheduled or unscheduled

� Operational autonomics in practice

Campus Networks Transforming into a Business Platform …

ApplicationIntelligence

UnifiedNetwork

Non-StopComms

IntegratedSecurity

VirtualizationOps

Mgmt

BasicControl

HighAvailability

“Wire”Speed

Connectivity


Un

ifie

d N

etw

ork

Serv

ices

Virtu

aliz

atio

n

OperationalManageability

IntegratedSecurity

No

n-S

top

Co

mm

unic

atio

ns A

pp

licatio

n

Inte

lligen

ce

Campus Communication Fabric:Blueprint for Next Generation Architectures

4


Cisco Campus Communication Fabric 2 Launch 7.11.2007

� Cisco Catalyst 4500 E-Series

� Cisco Virtual Switching System 1440

(Catalyst 6500 Supervisor 720-10GE)


Cisco Catalyst 4500 E-Series

Overview

CenterFlexTechnology

5


Introducing Cisco Catalyst 4500 E-Series

Next Generation Cisco Catalyst 4500 Series Extension

E-Series Chassis

E-Series Line Cards

Supervisor 6-E with CenterFlex Technology


What Is CenterFlex Technology?

Catalyst 4500 E-Series


Innovations Enabled by Supervisor 6-E Centralized ASICs

Centralized

� Highest centralized performance

� Low latency / low power draw

� High availability

� Simplified operations

Flexible

� Mix and match new and classic** line cards

� Forward / backward compatibility, investment protection

� User configurable queuing resources

� Dynamic QoS, security, and IPv6 resource allocation

� Higher services capacity

19 New Patents

**Currently shipping non-E-Series line cards, supervisors and chassis

6


Evolution of Centralized Switching Technology

1999

Sup I/II18 MppsL2 Only

2002

Sup II Plus to Sup V

48-72 MppsL2/L3

2007

Sup 6-E250 Mpps

(125Mpps IPv6)320Gbps

L2/L3IPv6

2004

Sup V-10GE102 Mpps136Gbps

L2/L310Gig

14X Increase Since ‘99


Cisco Catalyst 4500 Supervisor 6-E with CenterFlex Technology

Highest Centralized Performance with Low Latency

� 320 Gbps fabric; 250 mpps; 24Gig per slot

� Supported in E-Series and Classic chassis

� Supports both E-Series and Classic line cards with no down speed

� Full redundancy with SSO/NSF/ISSU (phased)

� 2x 10GE or 4x SFP Gig ports

� IPv6 in Hardware

� Twin Gig module support (ships standard)

� User configurable queuing resources (up to 8)

� Dynamic QoS and security resource allocation

� Optimized for IPv4 and IPv6 dual mode / migration

7


CenterFlex Feature: Flexible Queuing Resources

Challenge

Solution

Benefits

Flexible Resources

Supervisor 6-E with CenterFlex

� Increasingly diverse traffic types and patterns

� Static buffering approach limits network optimization

� Configuring queues

� Flexible, user configurable per port level queues

� Queuing dynamically allocated based on configuration

� Unused resources can be assigned to any port

� Simplified queuing configuration, MQC compliant

� Fine-tune network for diverse applications

� Maximize network bandwidth and performance

� Enhance end user experience

Four Fixed Tx Queues per Port

Up to Eight User Configurable Tx Queues per Port

Classic Supervisors

2X Tx Q’sOf Classic

Sups



CenterFlex Feature:Scalable and Flexible Services Capacity

Challenge

Solution

Benefits

�Catalyst 4500 E-Series Delivers

Two fold services capacity increase

Flexible TCAM resources

� Scale services as needed

� Service deployment flexibility

� Optimization for QoS/security policies

� Investment enhancement and protection

� Increasing Services in the Access—

� VoIP/Video/Security/Telepresence

Classic Supervisors

128k

SecurityQoS

Dedicated Resources

Flexible Resources

32kQoS

32kSecurity



2X Capacity of

Classic Sups

8


CenterFlex Feature: Flexible Resources for IPv4 & IPv6 Migration

Challenge

Solution

Benefits

� IPv6 applications appearing in the network

� IPv4 to IPv6 migration

� Performance and scalability compromised

� Increased forwarding table capacity

� Dynamic hardware tables for IPv4 to IPv6 migration

� Hardware-based performance for IPv4 and IPv6 data

� Customers provide end-end IPv4 and IPv6 services

� Customers can mix IPv4 and IPv6 traffic efficiently

AddressTable

(TCAMS)

AddressTable

(TCAMS)

Dynamic Allocation


160 bit wide

320 bit wide

IPv4 and IPv6

320 bit wide

160 bit wide

IPv4

IPv6

Typical IPv4/IPv6 Allocations

IPv6 inHardware



Catalyst Supervisor 6-EUplink Redundancy for 4507R-E and 4510R-E

Supervisor 6-E in 4507R-E 3/1 3/2

4/1 4/2

10 GbE Default Uplink Configuration• 2 x 10GE (Full Line Rate)

Supervisor 6-E in 4507R-E 3/1

4/1

10 GbE Optional Uplink Configuration (phased)

• 4 x 10GE (2:1 Oversubscribed)

3/2

4/2

Supervisor 6-E in 4507R-E 3/3 3/4 3/5 3/6

4/3 4/4 4/5 4/6

GE SFP (with Twin Gig) Default Config• 4 x 1GE (Full Line Rate)

Supervisor 6-E in 4507R-E 3/3 3/4 3/5 3/6

4/3 4/4 4/5 4/6

GE SFP (with Twin Gig) Optional Config• 8 x 1GE (Full Line Rate)


9


Catalyst 4500 E-Series Copper Line Cards

WS-X4648-RJ45V+E

All E-Series Copper Line Cards ship

standard with PoE

WS-X4648-RJ45V-E

RequiresSup 6-E

48-Port 10/100/1000 PoE� Supports data with future proofing for PoE

� 24-Gig per slot (2:1 oversubscribed)

� Built in 802.3af PoE support

� Line card level temperature sensors

� Mix with classic cards with no performance hit

� Jumbo Frames

48 Port 10/100/1000 Premium PoE

� All capabilities of the PoE line card plus..

� 30 watts per port capable (future SW upgrade, PS ?)


E-Series 10 GbE Fiber Line Card

� 6-Port 10 GbE “E” Series

� 24-Gig per slot (2.5 to 1 oversubscribed)

� X2 or twin gig module—orderable option

� Mix/match X2/twin gig module

� Jumbo frame support

� Mix with classic cards with no performance hit

WS-X4606-X2-E

RequiresSup 6-E

10


Cisco Catalyst 4500 E-Series Chassis

� Available in 3, 6, 7 (redundant) & 10 slot (redundant)

� Enables high performance E-Series line cards

� Up to 384 10/100/1000 PoE ports or 34 10GbE ports

� Compatible with all shipping Supervisors, Line cards & Power Supplies

� Pricing - same as current chassis


Identifying a Catalyst 4500 E-Series Chassis

Catalyst 4507R-EFront View

Catalyst 4507R-ERear View

Supervisors Now in Slots 3 and 4

5 and 6Cat4510R-E

3 and 4Cat4507R-E

1Cat4506-E

1Cat4503-E

Sup SlotChassis

11


Mix and Match Classic and E-Series

Label Legend

Purple Tab = PoE

Green Tab = 10GE

Red Tab = FE and GE

Blue Tab = Sup

Green Tab = 10GE

Red Tab = FE and GE“E”Series

EasyVisual

Identification


Catalyst 4506-E Chassis

�24 Gbps per slot

�24 Gbps per slot

�24 Gbps per slot

�24 Gbps per slot

�24 Gbps per slot

Higher port density with oversubscription

Compatible with all Classic linecards/Sups

120 x GE + 2 x 10 GE nonblocking

�24 Gbps per slot

�24 Gbps per slot

�24 Gbps per slot

�24 Gbps per slot

�24 Gbps per slot

�20 Gbps Uplinks

12


Catalyst 4507R-E Chassis

�24 Gbps per slot

�24 Gbps per slot

�Supervisor slot

�Supervisor slot

�24 Gbps per slot

�24 Gbps per slot

�24 Gbps per slot

All Line Card Slots are 24 GbpsSupport E-series & Classic Cards

120 x GE + 2 x 10 GE nonblocking


Catalyst 4510R-E Chassis

�24 Gbps per slot

�24 Gbps per slot

�24 Gbps per slot

�24 Gbps per slot

�24 Gbps per slot

� 6 Gbps per slot

� 6 Gbps per slot

� 6 Gbps per slot

�Supervisor slot

�Supervisor slot

Line Card Slots 1,2,3,4,7 are 24 GbpsSupport E-series & Classic Cards

Line Card Slots 8-10 are 6Gbps Support Classic Line Cards

Bottom 3 Slots: Limitation of the Supervisor, not the Chassis!

13


Sup I and II SupII+ : V-10GE Sup6-E

CenterFlex Feature: Catalyst 4500 Investment Protection

1st Gen 2nd Gen 3rd Gen


CenterFlex Feature: Investment Enhancement Delivered

100%=Investment

=

=

=

=

=

=

=

10%8 GBICs

27%2*48-Port 10/100/1000

24%2*48-Port 10/100

7%6 Port GBIC

15%Supervisor II

5%Dual AC Power

12%Chassis

Enhances classic line cards with CenterFlex Features

Cisco Catalyst 4506 with Supervisor II Upgrade to

Supervisor 6-E with

CenterFlex

85% of Initial Investment IsMaintained!

= 15%Supervisor II

Original Investment

14


Investment Enhancement

� L2 Only

� 2 Tx Q’s ( 136 packets)

� Box Wide L2 Qos

� Port/Telnet Security

� L2 to L4 � Up to 8 dynamic Tx Q’s ( 8K packets)� Per Port L2-L4 classification� Port Security/DHCP Snoop/MiTM etc� L2 to L4 ACL’s� uRPF� Policing� Ipv6� TCAM Scalability

Catalyst 4506 with Supervisor II

Catalyst 4506 Supervisor 6-E with CenterFlex Technology


Extensive Back & Forth Compatibility Summary

E Series Chassis

Supervisor 6-E

Classic Supervisors

E-Series Line Cards

Classic Line Cards

Existing Catalyst 4500 Power Supplies

Mix and Match E Series and Classic

15


Cisco Catalyst 4500 SeriesEvolutionary Centralized Architecture1999 2002 2004 2007 2012

Continued InnovationServices and Performance

Same Line Card

18Mpps 48Mpps 102Mpps

E-Series250 Mpps

10/100/1000

Layer 2

PoE L2/3/4

10 GbESSO

NAC/NSF

ISSUCISF


2007 Goldman Sachs Report

Exhibit 18: If you are updating Ethernet switching equipment in 2007, what is the primary reason?

Source: Goldman Sachs IT Spending Survey March 2007

New Features

31%

End of Life

34%

Capacity

35%

16


End of Sale Announced on the Following Products

Dec 2003

Nov 2004

May 2005

Nov 2004

May 2005

Nov 2004

End of Sale

No NetFlow Daughter Card OptionNo DBL, No Redundancy

Supervisor III

Lack of Supervisor IntegrationOccupies a Line Card SlotSeparate IOS SW Image

L3 Services Module

L2 Services Only, Limited QoS, Security, IP-TEL Support and Multicast Support

Supervisor II

L2 Services Only, Limited QoS, Security, IP-TEL Support and Multicast Support

Supervisor I

N+1 PS Redundancy Instead of 1+1, Limited PoE/IP-Tel Capabilities

Catalyst 4006

SUP I Support Only—Limited IP-Tel, Security, QoS, Multicast Functionality

Catalyst 4003

Key LimitationsNO NEW DEVELOPMENT

Product


What Happened on May 3, 2006 ?

May 3, 2006

The last possible date a routine failure analysis may be performed to determine

the cause of product failure or defect.

End of Routine Failure Analysis

May 3, 2006

For equipment and software that is not covered by a service-and-support

contract, this is the last date to order a new service-and-support contract or add

the equipment and/or software to an existing service-and-support contract.

End of New Service Attachment

May 3, 2006

The last date that Cisco Engineering may release any final software

maintenance releases or bug fixes.

After this date, Cisco Engineering will NO LONGER develop, repair,

maintain, or test CAT OS

End of Cat OS Software Maintenance Releases

DateDefinitionMilestone

http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_eol_notice0900aecd80324aee.html

17


What are the Recommended Transition Paths ?

= EOS(No new feature development)

= Strategic Direction of Platform

Chassis Transition/Positioning Supervisor Transition

Cat. 4507R-E

LOW-END

INSTALLED BASE/

HIGH-END

Sup 3 and L3 Svcs Module

INSTALLED BASE/HIGH-END

Cat. 4003

Sup 1

Sup 2

Sup V

Sup II-Plus

Sup II-Plus-10GE

Sup II-Plus-TS

Cat. 4510R-E

Sup V-10GE

7/26/20095/3/2010End of Support

7/26/20055/3/2006End of SW Maintenance

7/26/20045/3/2005End of Orderability

1/26/20045/3/2004External EoS Announcement

12/15/20033/22/2004Internal EoS Announcement

Cat4003, Sup I, Sup IIICat4006 and Sup IIMilestones

Cat. 4506-ECat. 4006

Cat. 4503-E

Sup IV

Sup 6-E


Platform Extension

• Exceptional Investment Protection and Enhancement

Network Optimization

• Increased Network Flexibility and Control

Non-Stop Communications

• Deterministic sub-sec recovery

• Business continuity with no service disruption

Increased Performance

• 4x Per Slot Bandwidth • 2x Service Capacity

Catalyst 4500 E-Series:Key CenterFlex Benefits - Summary

18


Switching Information and Tools

� Cisco Switching Competitive Reference Guide

Positions Cisco Catalyst Switches against following competitor products:

HP ProCurve 3Com

Extreme Foundry

� Cisco Catalyst Switch Guide

Cisco switching portfolio and recommended transition paths for your customers

� Available on-line and hard copy

http://www.cisco.com/web/partners/sell/technology/switching/advantage.html


Catalyst 6500

Supervisor 720–10GE,Virtual Switching System,Whitney1 12.2(33)SXH,Supervisor 32-PISA

19


Virtualization

Operational Manageability

Integrated Security

Application Intelligence

Non-Stop Communication

Unified Network Services

Wiring Closet Backbone Data Center EWAN Metro

SPNetwork

NEW

� LLDP-MED

� NAC Integration

� IPv6 Innovations

� 16 port 10G linecard

� VS-S720-10G � IPsec Leadership

� Multicast VPN Inter-AS and Extranet

� LLDP-MED

� NAC Integration

� IOS Modularity

� GOLD

� CPP

� Enhanced Object Tracking

� HSRP and GLBP SSO

� 16-w ay Loadbalancing

� Fast Fabr ic Sw itchover

� IOS Softw are Modularity

� BFD w ith BGP

� MPLS HA

� MPLS FRR link and Node protection

� Multiplexed UNI

� Smart Call Home

� Smart-Ports

� AutoSecure

� Multiple SPA N Enhancements

� EEM

� Smart Call-Home

� EEM

� IP SLA

� Smart Call-Home

� E-OAM (802.1ag and 802.3ah)

� MPLS MIBs

� Multi-VRF w ith Multicast

� 802.1x, MA C Auth, Web Auth for Access Control

� Smart Call Home

� Smart-Ports, AutoQoS, AutoSecure

� VRF Aw are Services

� L2, L3 VPN Innovations

� MPLS (L2, L3VPN, TE) Innovations

� VRF Aw are Services

� Pr ivate Hosts

� NBA R on PISA

� AutoQoS

� Per interface NDE

� NetFlow Top Talkers

� Multcast NDE

� NetFlow Top Talkers

� Per interface NDE

� Sophisticated QOS support w ith LLQ, cRTP, LFI, MLPPP

� Sophisticated QOS support for optimized Triple Play services

� FPM on PISA

� CIST, NA C, IBNS Solution Integration

� Policy-Based ACLs

� IGMP Filtering

� Policy-Based ACLs

� Multicast Router Guard

� 16K IPSec tunnels

� DMV PN support in HW

� Layer 3 NAC

� Address Spoofing Prevention

� CoPP

•12.2(33)SXH Software SHIPPING!

200+ Features with Full IOS Software Modularity

CatOS to IOS Transition Release

Major Security Enhancements (IBNS, 802.1x etc)

Virtual Switching & L2 Scalability Innovations

Continued End-To-End Leadership


Hot-Sync Standby FabricImproves SSO Switchover Times

� Reduces SSO switchover time to less than 200ms

� Standby switch fabric is brought to an online state ready to switch traffic

� Data is only switched on the active switch fabric

� Supported on 67XX-seriesline cards

� Requires E-series chassis

� Available as of 12.2(33)SXH

ActiveSup720

Standby HotSup720

SXH SXH

65

00

-E C

ha

ss

is

Active StandbyStandbyHot-sync

67XX Line Card

67XX Line Card

65XX Line Card

Router# show fabric statusslot channel speed module fabric hotStandby Standby Standby

status status support module fabric

1 0 20G OK OK Y(hot)1 1 20G OK OK Y(hot)


3 0 20G OK OK Y(hot)


4 1 20G OK OK Y(hot)


New in 12.2(33)SXHNew in 12.2(33)SXH

20


SSO Switchover in 12.2(SXH)

0.035

0.143

0.275 0.283

0

0.2

0.4

0.6

0.8

1

1.2

6708DFC 67xxDFC 67xxCFC Classic

SXF SXHTim

e i

n S

eco

nd

s

Average Duration of Frame Loss During Switchover Event For Non-Locally Switched Traffic



What Is Smart Call Home?

Call Home

Customer

Interactive Technical Services

TAC

Call Home DB

Service RequestTracking System

� Customer Notification� Device and Message Reports

� Exceptions/Fault AnalysisInternet

AutomatedDiagnosisCapability

Secure Transport1

2

3

Messages Received:� Diagnostics� Environmental� Syslog� Inventory and

Configuration

IOS 12.2(33)SXH

Unique Catalyst 6500 Differentiator


21


Unsupported EoSale Product for Whitney1

WS-X6724-GE-TX

WS-X6748-GE-TX

31-Jul-04WS-X6316-GE-TX

WS-X6148-FE-SFP 1-Mar-01WS-X6224-100FX-MT

30-Apr-06

31-Jul-04

31-May-04

30-Apr-02

15-Mar-02

1-Mar-01

1-Mar-01

EoS Date

WS-X6148-FE-SFP

WS-X6148-FE-SFP

WS-X6724-SFP

WS-X6704

WS-X6708

WS-X6148-GE-45AF

WS-X6148-GE-45AF

WS-X6148-GE-45AF

Migration Product

WS-X6416-GE-MT

WS-X6324-100FX-SM

WS-X6024-10FL-MT

WS-X6501-10GEX4

WS-X6248A-TEL

WS-X6248-TEL

WS-X6248-RJ-45

Part ID

•Continue to be recognized in Rockies 3 and prior releases•Will not be recognized in Whitney1 and will be powered down


Cisco 7600 Series SPA Interface Processor-4007600-SIP-400

Cisco 7600 Series SPA Interface Processor-2007600-SIP-200

Cisco7600/Catalyst6500 Enhanced FlexWAN, Fabric-enabledWS-X6582-2PA

Cisco 7600 / Catalyst 6500 IPSec VPN SPA - DES/3DES/AESSPA-IPSEC-2G

Cisco 7600 / Catalyst 6500 Services SPA Carrier Card7600-SSC-400

CISCO WIRELESS SERVICES MODULE (WISM)WS-SVC-WiSM-1-K9

Catalyst 6500 Network Analysis Module-2WS-SVC-NAM-2

Catalyst 6500 Network Analysis Module-1WS-SVC-NAM-1

600M IDSM-2 Mod for CatWS-SVC-IDS2-BUN-K9

Firewall blade for 6500 and 7600, VFW License SeparateWS-SVC-FWM-1-K9

COMMUNICATION MEDIA MODULEWS-SVC-CMM

Application Control Engine 20 HardwareACE20-MOD-K9

Application Control Engine Service ModuleACE10-6500-K9

DescriptionService Module

12.2(33)SXH Service Module Support

22


Service Module Migration Recommendation

Service Module

Migration Product/Sol

utionCSM, CSM-SSL ACE

WLSM WiSM

VPNSM SSC-400 + SPA-IPSEC-2G

WebVPN ASA

SSL ACE

AON AON Appliance

CMM CMM*

Anomaly Guard and Detector

Anomaly Guard and Detector*

Coming in Whitney1.bubb

MWAM Not Available

PSD Not Available

CSG Not Available

•Service Modules continue to be supported in Rockies 3•Will not be recognized in Whitney1 and will be powered down

* 12.2(33)SXH rebuild


Catalyst 6500 inthe Core, Distribution and High Performance Access

23


Catalyst 6500Virtual Switching Supervisor Engine 720-10G

� Key enabler of Virtual Switching System (VSS 1440) technology

� 2x 10 Gigabit Ethernet ports (X2 optics); 3x Gigabit Ethernet Ports

Enhances Existing Cisco Catalyst 6500 Investments and Multi-Layer Switching Architectures with VSS Capabilities

� Enables System Performance of 450Mpps/ 720Gps Switching Fabric

� Supports multiple generations of line cards

� Rich services support such as NAM, firewall, wireless controller, Netflow, MPLS/ EoMPLS

OrderableNOW!!!


$15,000Adv Ent Svcs

$10,000Adv IP Svcs

$0IP Svcs

Software Images

$48,000VS-S720-10G-3CXL

$38,000VS-S720-10G-3C

$0IP Base

$39,995VS-C6509VE-S72010G

$33,995VS-C6506E-S720-10G

$37,995VS-C6509E-S720-10GE

$25,000IP Svcs +Adv Ent Svcs

$20,000IP Svcs +Adv IP Svcs

$10,000IP Svcs

Software Images

$43,995VS-C6513-S720-10G

$31,500VS-C6504E-S720-10G

$77,995VS-C6509VE-S72010G

$71,995VS-C6506E-S720-10G

$75,995VS-C6509E-S720-10GE

$15,000Adv Ent Svcs

$10,000Adv IP Svcs

$0IP Svcs

Software Images

$81,995VS-C6513-S720-10G

$69,500VS-C6504E-S720-10G

1. Regular – IP Services at $0

Sup720-10G-VSS Pricing 2. NEW – Layer 2 Access Chassis Bundle

VSS Included in IP Services and above

1GB Compact Flash (SP) by default

1GB DRAM (SP and RP) by default

Chassis

Fan Tray

Chassis

Fan Tray

24


Data Center Chassis-6509-V-E Chassis

•Vertical 9 Slot E-Series Chassis

•80 Gbps/slot capable

•Front-to-Back Airflow

•Integrated Enhanced Cable

Management

•Redundant and removable fan tray

•21 RU (2 Chassis in a 42RU Rack)

•Supports Sup32 and Sup720 Series

•Supported in 12.2(18)SXF10 and

beyond

• List Price $11,995 (includes 2 Fan

trays)

Q4CY07

Target Orderability: NovemberTarget FCS: December


Virtual Switching System

Virtual Switch System is a new technology break through for the Catalyst 6500 family…

12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07

25


Introduction to Virtual SwitchConcepts



Packet Forwarding DetailsIntroduction

Virtual Switch allows two physical Catalyst 6500’s to operate as a single network node. Two

Catalyst 6500’s operating in this mode are referred to as a Virtual Switch Domain - adjacent nodes view these two devices as a single device…

Catalyst 6500-A(VS Active)

Catalyst 6500-B(VS Standby)

VSL

Control Plane A

Data Plane A

Control Plane B

Data Plane B

Virtual Switch Domain

Both Control

and Data

Plane in VS Master are

active Only Data Plane in VS

Standby is active

Control Plane

in VS Standby

is in standby mode

Virtual Switch Link (VSL) is used to forward information between the two switches

that allow them to operate as a Virtual Switch


26


Data CenterWAN Internet

SiSi

SiSi SiSi SiSi

SiSi

SiSi

SiSi

Access

Core

Data CenterWAN Internet

SiSi SiSi SiSi SiSi SiSi SiSi

SiSi SiSi

SiSi SiSiSiSi

SiSiSiSi

SiSi

Distribution

Distribution

Access Data CenterWAN Internet

SiSi SiSi SiSi SiSi SiSi SiSi

SiSi SiSi

SiSi SiSiSiSi

SiSiSiSi

SiSi

High Availability Campus DesignSimplified with VSS



Core/Distribution Data Center Access

SiSi SiSi SiSi SiSiSiSi SiSi SiSi SiSi

Features

Network System Virtualization

Inter-Chassis Stateful Switch Over (SSO)

Multi-Chassis EtherChannel (MEC)

Benefits of VSS

Increased Operational Efficiency via Simplified Network

Boost Non-stop Communication

Scale the System Bandwidth Capacity to 1.4 Tbps

Virtual Switching System 1440Network System Virtualization


27


SiSi SiSi

Campus Network Campus Network

SiSi SiSi

Traditional L2/L3

Complex STP configuration and Management

HSRP/VRRP- 3 IP address

Manage Two Nodes and Config

VSS

STP – Not Dependant

No HSRP/VRRP- 1 IP address

Manage Single Node and Config

Manage additional routing peers Manage reduced routing peers

Increased Operational EfficiencySystem Virtualization Simplifying the Network



Core/Distribution

SiSi SiSi

Note: 128 Multi-Chassis EtherChannels at FCS. Scaling to 512 in 1H2008

SiSi SiSiSiSi SiSi

Data Center Access Core/DistributionData Center Access

SiSi SiSi

Scale the Available Layer 2 BandwidthMulti-Chassis Etherchannel (MEC)

Traditional L2/L3

Idling Links

Under-utilized Links

Complex STP configuration

VSS

No Idling - Active/Active Links

Simple Etherchannel Config

Indertministic STP based convergence

Deterministic sub-second convergence

Fully Utilized Link – Granular LB


28


Boost Non-Stop Communication Inter Chassis Stateful Failover

Active–Active Data Plane with 1440 Gbps Switching Capacity

Active–Hot Standby Control Plane with NSF/SSO Redundancy

SiSi SiSiSiSi SiSi

HSRPSTPIGP

NSFSSO

X X

Features

Configure and Maintain Multiple Control Protocols

Control Protocols not Sync needing re-convergence

Benefits of VSS

Eliminate and Minimize Control Protocols

Inter-chassis SSO - No re-convergence



Virtual Switching Reduces Latency by 25%

SiSi SiSi

VLAN X VLAN Y VLAN X VLAN Y

SiSi SiSi

VSS Simplifies Intra-Datacenter Traffic Pattern

—Minimum Hop to Intra-Data Center Destination—Reduced Latency up to 25% andSimplifies traffic pattern

—All links forwarding (= one hop less) resulting in simple traffic pattern—Etherchannel on virtual Switch member enhanced to prefer local link

Traditional L2/L3


29


VSS Hardware/Software Requirements

SiSi SiSi

Virtual Switch Link (VSL) – 10GE•Sup720-10G-VSS 10GE uplink•WS-X6708-10GE•WS-X6716-10GE (on non-blocking ports)•NB: cannot be WS-X6704

Virtual Switching System - FCS•Sup720-10G-VSS*

•67XX cards with CFC or DFC-3C•Non-E and E-Series Chassis• At FCS: only NAM, no MPLS, no IPv6

Software•12.2(33)SXH

* In the initial release, only single Sup720-10GE-VSS per virtual switch member chassis is supported

Investment Protection

Standards 10GE Based Connectivity

Minimal Configuration Changes

VSL Management support in Ciscoworks

Evolution of Traditional Multilayer Switching



VSS – Comparison to Alternate Technologies

L2 Flooding

31

No

1980

No

480 per switch

24 per switch

384 per switch

Yes

2

High

2

Split-MLT

21Control Plane

HighLowControl Protocols

66 per switch132Total 10GE Ports

NANo L2 FloodingVSL/IST total breakage

387 per switch771Total GE Ports

720 per switch1440 per VSSBackplane Capacity

64128 (512 in 1H2008)

Number of Etherchannel

YesYesCan Enable STP

40944094VLANs

NoYesSingle logical gateway

YesYesGeographically apart members

21Nodes to Maintain

Traditional L2/L3

VSSFeature


30


VSS comparison to Stackwise Plus

No L2 Flooding

128 (512 in 1H2008)

Yes

4094

Yes

1440 per VSS

132

771

Yes

1

Low

1

VSS

Dual Active

48

Yes

1005

Yes

64

18 per stack

468

No

1

Low

1

Stackwise

Plus

Control Plane

Control Protocols

Total 10GE Ports

VSL/Stack total breakage

Total GE Ports

Backplane Capacity

Number of Etherchannel

Can Enable STP

VLANs

Single logical gateway

Geographically apart members

Nodes to Maintain

Feature



CiscoWorks LAN Management Solution (LMS) 3.0.1 Simplifying Management

� Centralized management of VSS deployments

- VSS setup wizard

- Inventory, Configuration and Software Image support of VSS enabled switches

- Physical view of both VSS member switch

� Additional Enhancements

- Identifies EoL / EoS devices

- Simplifies IOS Software Modularity image deployments

– Open “portal” framework and new workflows for setup and troubleshooting

New

31


Catalyst 6500 inthe Wiring Closet


Catalyst 6500 InvestmentsCatalyst 6500 InvestmentsChange driving requirementsChange driving requirements

Catalyst 6500 – Leading transitions in the Wiring Closet Transitions

High performance stateful application intelligence. Application aware QoS

Client–Server �� Peer to Peer

Embedded HW deep packet inspection, foundational security CIST, NAC, Identity

Overlay �� Integrated Security

Deep QoS buffers – tested for telepresence. Support for jumbo fames, TDR. EPoE on all 10/100/1000 linecards and daughter cards

Data/Voice and Mobile ConvergenceVideo applications e.g. Telepresence10/100/1000 PoE �� 10/100/1000 EPoE

NSF/ SSO, Modular OS, Auto management with GOLD, EEM, SMART Call Home

Enhanced management tools with application aware Netflow, QPM, CSM

Managing services in the wiring closet

High Return on InvestmentPrice optimized for 96+ port wiring closet configurationsMin network disruptions, scalability, OS consistency, common HW sparingScalable modular architecture, redeployment options, tools for migration from Cat5k

Best Effort �� Mission Critical HA

32


Catalyst 6500 Wiring Closet PortfolioWhat to sell in the Wiring Closet this coming year

Catalyst 6500 Series Switches

Modular PoE upgradePoE upgradeability

WS-F6K-48-AF=

EnginesSupervisor 32 8x1GESupervisor 32 2x10GESupervisor 32 PISA 8x1GESupervisor 32 PISA 2x10GE

Power SupplyIndustry leading PoE scalability

3000Watt6000Watt8700Watt

Ethernet Line CardsLeading PoE density and scalability,

TDR, Jumbo Frames, Deep per-port BuffersWS-X6148A-GE-TX: 48 Port 10/100/1000 with PoE Option

WS-X6148A-RJ-45: 48 Port 10/100 with PoE Optionand others

PFCConsistent feature set with

backbonePFC 3B


Security

• Unicast and multicast storm control2

• Port security features, 802.1x, IBNS, CIS• PACL, PBACL, CIST• IPv6 (ACLs and QoS)

HA and Manageability

• IOS software modularity• NSF/SSO, future ISSU• TDR, GOLD, EEM, SMART Call Home• ECC memory

Catalyst 6500 Wiring Closet Ethernet LinecardsOptimized solution for Data, Voice, Video

Available with 10/100/1000 (WS–X6148A–GE–45AF) and 10/100 (WS–X6148A–45AF)

1 �� on 10/100/1000 card only2 �� on 10/100 card only

• Multipoint conferences: 5MB buffer/ port1

• Jumbo frames1

• QoS with strict priority queues, DWRR1

Video

• Scalability to 400+ phones/ chassis• Support for enhanced PoE (802.11n AP)1

• Field upgradeable PoE cards• Intelligent power monitoring

Voice/ Wireless

WS–X6148A–GE–45AF

recommended by the Telepresence Team

Link to Telepresence design guide at: www.cisco.com/go/srnd

33


► NBAR

Application awareness and intelligent classification

Supervisor Engine 32 PISA Overview

Supervisor Engine 32 PISA2x10GE Uplinks + 1x 10/100/1000

Supervisor Engine 32 PISA8x1GE Uplinks + 1x 10/100/1000

► Flexible Packet Matching

Rapid Security Protection

Multigigabit Performance

Multigigabit Performance

► Programmable architecture

Seamless new service adoption

► Full Integration with

IPv4 & IPv6 in hardware

Advanced multicast & MPLS

Enhanced Manageability

HA with NSF/SSO and more

011111101010101011111101010101

12.2(18)ZY IOS TRAIN !!!!


*3750E, 4500-E, and 6500 all have 90 day warranty with low wiring closet SMARTNet pricing

Catalyst 6500 Wiring Closet Upside Opportunity

Up

se

ll

Standard Catalyst Wiring Closet

Stateful Application Intelligence

Worm Virus Mitigation

Programmable Services

IOS Software Modularity

GOLD, EEM, Netflow,

CoPP, Bi-Dir PIM, MPLS, IPv6, GRE, NAT, ERSPAN

Catalyst 6500 Sup32-PISA 2x10GE or 8x1GE

IBNS, NAC, 802.1s

IOS Software Modularity, GOLD, EEM, CoPP, Netflow, Bi-Dir PIM, MPLS, IPv6, GRE, NAT, ERSPAN

Sup32-GE

Sup32-10GE

15%

30%

Same Premium as PoE!

5–10%

5–10%

34


$-

$5

$10

$15

$20

$25

$30

$35

$40

$45

96 144 192 240

Port Count in System

AS

P p

er

po

rt/

ye

ar

Sup32-GE Sup32-PISA-10GE

Sup32–PISA – Incremental cost vs. benefits*Sup32–PISA Incremental Benefits:

· Web application QoS· Peer-to-peer application control. Rich media application control· L4–7 simple packet classification· User-defined application filters· Full packet length filters against day-zero attacks· Cisco provided set of application & security filters

$4 incremental cost

* 10/100/1000 PoE configurations with 7 year lifecycle


ApplicationFull Stateful Application Visibility and Intelligent

Classification

Video Prioritizing Video Over Recreational Traffic and Protection Against Security Threats

Security

Worm Virus Mitigation and Day 0

Attack Protection

Slammer Mydoom Blaster

Voice

Enforcing Corporate Compliance and Usage Policies

Catalyst 6500 Sup32-PISAEmbedded Advanced Technologies Shipping

35


� Support dynamic protocol definition language module (PDLM) upload for new protocols

� Support user-defined custom applications

� Support sub-port classification or classification based ondeep inspection (customization)

– HTTP by URL, hostname or MIME type

– Citrix ICA priority

– RTP payload type

Catalyst 6500 Hardware NBARNetwork-Based Application Recognition

ToS SourceIP addr

DestIP addr

IP Packet TCP/UDP Packet

SrcPort

Data Packet

Sub-Port/Deep InspectionDstPort

Protocol


Wiring Closet

� Protocol Discovery: discover what apps are running on your network and provide real-time statistics

� Per-interface, per-protocol, bidirectional statistics

bit rate (bps); packet count; byte count

� SNMP accessible for centralized monitoring or via CLI

� Supported by Partner products (Concord|CA, InfoVista, Micromuse|IBM) and MRTG

Catalyst 6500 Hardware NBAR NBAR Protocol Discovery

36


Catalyst 6500 Hardware NBARNBAR and MQC

� NBAR works together with QoS to assign QoS actions based on application classification

� Modular QoS CLI (MQC) traffic classification

� New match criteria: “match protocol<protocol_name>”

Policy MapPolicy Map

Class MapClass Map

Policing/Trust actionsPolicing/Trust actions

Policy Map Can Contain Up to 32 Class Maps

Refers to a Set of Classification Criteria for the Following Action Criteria—These Can Be DSCP, ACL, or protocol

Action Settings for Trust and Policing

Sw

itch

Inte

rface

(config)#policy-map NBAR_policy

(config-pmap)#class-map myApp

(config)#class-map match-any myApp

(config-cmap)#match access-group 101

(config-cmap)#match protocol http(config-cmap)#match protocol rtp

(config)#policy-map NBAR_policy

(config-pmap)#class-map myApp

(config-pmap)#set dscp af32

Application

Access-list

DSCP

QoS Engine:Mark, Police


Catalyst 6500 Hardware NBAR Deployment Examples

Wiring Closet Deployment:

� Mark/Police traffic based on application at the wiring closet, queue based on priority at the distribution block

WAN Edge Deployment:

� Mark/Police traffic based on application at the wiring closet, queue based on priority at the distribution block

Conditional Trust + NBAR-Policy (Policing/Marking) + Queuing

Trust DSCP + Queuing

No Trust + NBAR-Policy (Policing/Marking) + Queuing

WAN EdgeWiring Closet

200 Remote Sites

NBAR-Policy

NBAR-Policy

Congestion Management

37


Sup32–PISA for simple and accurate QoS for voice

“The biggest problem with voice on switches is how to apply QoS policies to voice traffic with just L4 ACL's ... The benefit of PISA in the wiring closet would be to have an option to classify or remark RTP traffic on the ingress or on the uplink ports…”

- Wolfgang Riedel, CSE 73

Challenges:

� To reduce the security risk of trusting CoSon Cisco IP phones (CDP can we spoofed)

� To accurately apply QoS policies to 3rd party IP phones (port number range not good)

� To apply voice QoS for soft phones (port number range not good)

Trust CoS

Policy map for UDP range

Trust PC DCSP or

match UDP port range

Soft phone

3rd party IP phone

Cisco IP phone

Wiring Closet

Sup32-PISA

Solution:

� Deploy PISA NBAR to match RTP-audio for voice packets, and SIP or Skinny for controlpackets

Benefits:

� Consistent QoS for voice traffic

� Easy management with a secure, uniformand more accurate solution

class-map match-any Voice-Bearer

match protocol rtp audio

class-map match-any Voice-CS

match protocol skinny


Enterprise network

QoS based RTP video Payload type

Sup32-PISA

NAM

Link Utilization

Voice

P2P

E-mailBackup,

etc.

Bulk

Streaming-Video

M ission-Critical

Routing

Interactive-Video

Call-SignalingNet M gmt

Transactional

Real-Time ≤ 33%

Critical Data

Best Effort≥ 25%

Sup32–PISA to analyze and prioritize video traffic

Benefits:

� QoS guarantees for different video applications

� Better network capacity planning

“With Sup32-PISA we’ve prioritized interactive video different from streaming video. We’ve identified video and audio application consolidation opportunities and been able to troubleshoot application performance problems”

- Healthcare customer deploying Telepresence

Solution:

� Deploy PISA NBAR QoS policy for RTP video

� Redirect video traffic to NAM for statistics

Class-map TelePresence-H264

Match protocol rtp video

Challenges:

� QoS policies for different video applications

� Application performance analytics to betterplan network capacity

38


Flexible Packet Matching

� ACL can match traffic based on L2-L4 information: legitimate traffic could be blocked

� Classification is dependant on hardware PFC3 TCAM support:

No support for the following match criteria: packet length, TTL

� Predefined supported classification criteria, only match one stack layer:

Can match some IPv4 TCP/UDP, IPv4 IGMP, IPv4 ICMP, IPv4 ESP, ARP/RARP, MPLS, IPv6 TCP/UDP, IPv6 ICMP, IPv6 ESP, L2 packet header fields

� FPM is a stateless solution

� Matches any characteristics in a packet header and payload:

Matches L2-L7 information

Specify arbitrary bits/bytes at any offset

� Supports multiple stack layers

Can match not only on outer IP header, but also inner header—for instance, the inner header of a GRE encapsulated packet

� String match and regular expressions

� Set up custom filters rapidly using XML-based policy language

0111111010101010000111000100111110010001000100100010001001

Match Pattern And Or Not


WAN Edge

Flexible Packet Matching FPM Deployment

� Rapid worm mitigation for atomic, single packet attacks: Identify worm and drop malicious traffic

No packet Reassembly: will not reconstruct an application stream across multi-packet data attacks

� Enforce application compliance

� Deploy as close to the edge as possible

Wiring Closet

200 Remote SitesFPM

FPM

FPM

39


Alternative to the FPM CLITraffic Classification Definition Files

� Traffic Classification Definition Files (TCDF) are published on CCO!

Bittorrent

IIS-Unicode

IOS HTTP vuln.

Skype

(www.cisco.com/cgi-bin/tablebuild.pl/fpm)


PISA Management Model

NBAR Policy

FW/IPS/VPN Policy

IPS 4200

Series

Catalyst 6500

IPS module

Router IPS

in Software

Catalyst 6500

PISA

Router

ASA 5500

AIP-SSM

FPM Policy

Central Management

DeviceQoS Policy

Manager

Centralized QoS Management

• NBAR Provisioning• NBAR Monitoring

Central Management

Device

CiscoSecurity

Manager

Enable Management of Integrated Security

• FPM Policy Management with FlexConfig Option

CS-MARS

Monitoring/ Analysis/ Mitigation

� Pre-defined FPM filters on CCO work in progress(4 TCDF’s published and 20 more on the way)

Pre

-def

ined

FPM

filt

ers

BitTorrent

IIS-Unicode

IOS HTTP vuln.

Skype

40


Key Takeaways

The Key Takeaways of this presentation are:

� Catalyst 6500 will drive modular switching growth for many years to come

� Catalyst 6500 continues to innovate for every Place in the Network (PIN)

� There are several new products to drive upselland major deals to Cat6k in FY08 with innovations such as VSS and PISA

� The Catalyst 6500 has a strategic services direction and is future-proofed for 80G/slot

� Catalyst 6500 has ASIC, hardware, and software investments which will drive innovation on the platform beyond 2012


cisco campus communication fabric 2 › c › dam › global › fi_fi › assets › ... · killer...

Documents