思科可信网络架构与新一代 Catalyst6500 Sup2T 交换平台

Cisco Confidential 1© 2011 Cisco and/or its affiliates. All rights reserved.

思科可信网络架构与新一代 Catalyst6500 Sup2T 交换平台

思科中国无边界网络事业部

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

思科可信网络架构什么是思科可信网络架构 ?

网络的物理边界正在消失，客户需要更为安全、可靠的基础架构。思科可信网络架构对所有接入网络的用户、设备按需进行灵活的身份认证，能够智能识别各类非用户设备如 IP 话机、智能终端，并且依据灵活的安全策略管理上述设备。思科可信网络架构也能实现基于二层的线速流量加密功能，提供机密的数据传输平台。

可信网络架构

如何销售：•在数据中心领域，可以从 Macsec 入手，强调思科交换机的二层线速加密功能；•在园区网络领域，可以强调思科灵活的多因子网络准入授权策略（基于用户角色、接入时间、接入位置等） ;•在有线无线一体化领域 ; 可以强调思科 ISE 对 IP 话机、 IP 打印机及各种智能终端设备的智能识别及动态安全策略功能；如何交付：• 部署及配置文档： BU solution guide;• SBA design guide;

想了解更多？： External:http://www.cisco.com/en/US/netsol/ns1051/index.html

解决方案对客户的价值• 为客户提供安全的基础网络架构平台 ;• 为客户提供灵活的网络准入授权策略；• 为客户提供可视化的安全运维管理 ;

解决方案所包含组件：• 思科 ISE 策略服务器；• 思科交换机产品；• 思科无线产品；目标客户群 ?• 对网络准入有着严格要求的企业 ;• 需要有灵活、多样的网络准入策略的企业； • 企业网络需要识别各类非用户终端设备如 IP 话机、 IP 打印机及各类智能终端等，并且能够基于识别后设备类型来设置灵活的网络准入策略；解决方案对思科的价值•充分展示思科在基础网络安全上的架构优势 ; •结合客户的实际需求，将纯产品竞争转换为解决方案竞争，为对手设置较高的竞争门槛；•方案一旦被客户采用，将有利于锁定后续的升级项目 ;

设备可信

思科可信基础网络平台

链路可信用户可信

网络设备间双向身份认证用户名 : 口令接入时间

健康状态

接入位置

用户 / 设备鉴别多种组合条件出方向流量线速加密

入方向流量线速解密

数据传输为密文

RTW

#(*J0$^&*

http://www.cisco.com/en/US/netsol/ns1051/index.html

http://www.cisco.com/en/US/netsol/ns1051/index.html


设备可信

思科可信网络架构—下一代基础网络安全架构

思科可信基础网络平台

链路可信

用户接入网络时的身份认证，确认用户可信；根据规则（用户组、接入方式、接入时间、

接入位置）动态授予用户网络资源访问权限；用户网络资源访问记录审计；

设备接入网络时的身份认证，确认设备可信；网络设备只接收来自受信任邻居网络设备的流量；非信任邻居网络设备的流量将被丢弃；

设备之间经过“非信任”时链路连接时，设备间线速流量加密功能；服务器 / 客户机与交换机之间经过“非信任”链路时，具备线速流量加密功能；

用户可信

设备间认证用户名：口令接入时间

健康状态

接入位置

用户 / 设备鉴别多种组合条件出方向流量线速加密

入方向流量线速解密

数据传输为密文

RTW

#(*J0$^&*


6500 Sup2T 完整支持思科 TrustSec 解决方案Security Group Tagging and forwarding

Security Group Enforcement

MACSec Encryption

TrustSec Reflector

TrustSec on VSS

Sup2T 上的思科TrustSec

Sup2T 同时支持所有现有 6500 安全认证特性


思科 TrustSec 认证解决方案

Doctor (SGT 7)

IT Admin (SGT 5)

IT Portal (SGT 4)

Agent-less Device

ActiveDirectory

Sup2T

Users,Endpoints

CampusNetwork

Sup2T ACS v5.1802.1X

MAB

LWA

Public Portal (SGT 8) Internal Portal (SGT 9)

Patient Record DB (SGT 10)Untagged Frame

Tagged Frame

SGT=7

SGT Assignment

SGT Enforcement

Sup2T 对 SGT 控制及转发提供硬件支持

Sup2T


不影响其他包侦测特性点到点部署 , 可按链路情况控制支持 EoMPLS 上的 MacSec 保障全园区汇聚及核心网络链路层数据安全

6500 最新支持硬件 MACSec 加密

802.1ae 线速数据加解密及完整性控制从二层开始防止非法攻击

防嗅探防篡改防攻击

线速 2TBPS 加解密能力 !


Catalyst 6500-E 新一代 2T 平台

Sup2T and 6513-E 服务模块WiSM-2ASA-SMNAM-3ACE-30

69xx Series 单槽 80Gbps8p 10G 全线速

4p 40G/16p 10GBuilt-in DFC4

68xx/67xx Series 单槽 40Gbps1GbE Fiber: 24p/48p

10/100/1000: 48p10GBASE-T: 16p10G Fiber: 16pBuilt-in DFC4

投资保护

创新Cat6500-E

所有 E-系列机框从 67xx 线卡轻松升级兼容旧款服务模块所有 61XXPOE/ POE+ 线卡


在所有 E系列机框上支持 80G/160G

6503-E 6504-E 6506-E 6509-V-E6513-E6509-E

80G/Slot

E-系列机框全线支持 “ 2T”

34x10GE96x1GE8x40GE150Mpps







Catalyst 6500 产品线更新

Power Supply

Service Module Portfolio

3000W AC, 4000W AC6000W AC, 8700W AC4000W DC, 6000W DC

Industry-Leading Power Efficiency

10G Copper

1 GE

CopperFiber

10GE

Fiber

OversubscribedNonblocking

Line-Card Portfolio

10-GE Line-Card PortfolioWiSM 1/2 FWSM /

ASA-SMNAM 2/3 ACE 30

WS-X6148A-GE-TXWS-X6148E-GE-45AT

WS-X6816-10T-2T(XL)

Supervisor Engine Portfolio

10-GEUplink

VS-S2T-10GVS-S2T-10G-XL

WS-X6848-TX-2T(XL)

WS-X6848-SFP-2T(XL)

WS-X6824-SFP-2T(XL)

WS-X6908-10G-2T(XL)

WS-X6816-10G-2T(XL)

Wiring Closet 10 / 100 /1000 TX & PoE


轻松进入 2T 时代 : 全新 Supervisor 2T

迄今为止最强的 Catalyst 6500 平台3X System Performance4X Data Plane Scalability

4T Virtual Switching System40 Gigabit Ethernet Ready

Up to 13M NetFlow Entries/system1 million routes and 25k6 multicast groups

Large Packet Buffers

Catalyst 平台上最丰富的无边界网络特性集合End to End Network Virtualization – MPLS, EoMPLS, L2VPN/VPLS, VRF-Lite, Easy Virtual Networks (EVN)

Security with TrustSec, MACsec, Atomic ACL’s and ASA-SM Application Visibility with NAM-3 and Flexible NetFlow

Unified Mobility with WiSM2 Comprehensive IPv6 Ready for Transition

Future Proof: 40G Ready, OTV Ready, TRILL Ready, LiSP Ready

Supported with LMS 4.1 & DCNM


8 端口 10G 全线速线卡 4 端口 40G 线卡

69xx 系列— 80G 线卡

• Two SKUs: regular and XL tables (DFC4)• X2 Transceiver or SFP+ w/ adapter• Wire Rate MacSec (IEEE 802.1AE)• Large packet buffers (256MB/port)• Virtual Switch Link (for VSS)• A-VPLS , OTV and LISP ready*

• IEEE 802.3ba standard compliant• Two SKUs: regular and XL tables (DFC4)• CFP Transceiver for 40G, SFP+ for 10G• Wire Rate MacSec (IEEE 802.1AE)• 10G mode via FourX adapter• Virtual Switch Link (for VSS)• A-VPLS , OTV and LISP ready*


Reference: http://www.ethernetalliance.org/files/static_page_files/2Ethernet_Alliance_Demonstration_at_SC10.pdf

Catalyst 6500 40G 端口就绪于 2010年九月业界演示

业界第一款 40G 以太交换模块• 在 Supercomputing 中成功演示业界第一款 40G 交换模块• 在 CRS-3 上展示业界第一款

100GE模块• 展示 40G模块针对服务器及各种线缆和模块的良好支持

40GE

10GE 10GE10GE 10GE

CiscoUSC C200 M2

CiscoUSC C200 M2

http://www.ethernetalliance.org/files/static_page_files/2Ethernet_Alliance_Demonstration_at_SC10.pdf


Performance 10 Gbps

Access Points 500

Clients 10,000

Concurrent AP Upgrade/Joints Up to 500

Mobility, Domain Size Up to 18,000 APs

新一代无线服务模块 - WiSM-2

新一代无边界网络服务模块支持 Sup720 and Sup2T

UP to 16 Gbps Performance

Up to 6 Gbps Compression

30,000 Transactions per Second

250 Virtual Context

250 VLANs

新一代负载均衡模块 - ACE-30

Monitoring Performance 10 Gbps Plus

Capture to External Disk Up to 5 Gbps

Performance Analytics 1588Timestamps

HW Filters/ Pkt Captures

新一代流量分析模块 - NAM-3

64 Gbps Chassis Performance16 G Performance

10,000,000 Concurrent Sessions300,000 Connections per Second

250 Security Contexts1,000 VLANs

新一代防火墙模块 - ASA-SM


Supported67xx Series w/ CFC

WS-F6K-DFC4-E6716-10GE Fiber

WS-F6K-DFC4-A6704-10GE w/ DFC3

WS-F6K-DFC4-A67xx Series 1GbE w/ DFC3

WS-F6K-DFC4-E6716-10GBASE-T

6908-10G Fiber (80G)6708-10G Fiber

Supported上一代服务模块Supported61xx Series

如何将 720 平台升级至 Sup2T 平台Sup720 Sup2T


Sup2T— 支持传统线卡及新老服务模块Next Gen.

Service Modules61xx

Line CardsLegacy

Service Modules

ASA-SM *

ACE 30

WiSM-2

NAM-3 *

FWSM

ACE 20

WiSM

NAM-1

NAM-2

WS-X6148A-RJ-45

WS-X6148A-45AF

WS-X6148-FE-SFP

WS-X6148A-GE-TX

WS-X6148A-GE-45AF

WS-X6148E-GE-AT


新一代 Catalyst 企业园区网兼具性能和服务优势

接入TrustSecEnergyWiseNGPoE (60W) ReadyFlexible NetflowIPv6 First Hop Sec.

Next Gen Cat4k/ Sup7-E Cat3k/ 3750XCat2K/2960S

核心4T VSS40G 端口就绪Tunnels, L3VPNomGREL3SGT For TrustSec InteroperabilityOTV, Trill ReadyFlexible Netflow

VSS 4TNext Gen Cat6k/Sup2T

汇聚

4T VSSIntegrated NG Svcs (WisM2, ASA, NAM, ACE-30), Multicast HASmart Install Director*OTV, Trill ReadyFlexible Netflow, Egress Netflow

Next Gen Cat6k/Sup2T

VSS 4T

健壮简单弹性支持 IPv6虚拟化视频优化

VDI就绪安全


WAN

Catalyst 6500 在企业园区网独有的端到端优势2T720

完整的核心网络特性集合

强大的核心矩阵4T VSS

40G readyL3VPN o mGRE

完整的虚拟化支持VRF-Lite, L3VPN, L2VPN, EVN*, LISP*

完善的高可用性VSS Quad Sup SSO*

业界领先的 IPv6 和多播支持Tunnels, URPF, 256K mcast Groups

业界领先的流量分析能力Flexible Netflow, Egress, Sampled

完善的安全特性TrustSec, L3 SGT,

性能卓越的新一代服务模块WiSM2, ASA SM*, NAM*, ACE30

丰富的接入网络特性集合

完善的 PoE+ 能力Smart Install*

EnergyWise

Medianet

TrustSec Identity KitTrustSec Reflector

IPv6 First Hop Security

DHCP SnoopingDynamic ARP Inspection

IP Source GuardPACL

Autosecure

Smartports/Auto QoSAuto Smartports*

OSPF Router Acces

720Sup32 2T


6500 “2T” 同样适用于传统数据中心前所未有的升级良机• 业界领先 Table Scalability: ACL, Netflow, IPv4/v6• 业界领先 Packet Buffers: up to 256MB/10GbE port( 业界最高 )• 业界领先 Multicast 转发能力 • 提升至 16K Bridge Domains 为云部署提供高扩展性• 从 1GbE 平滑过度 10GbE/40GbE

• 128K MAC Table (effective +50% vs. Sup720)• VPLS in HW for L2 extension/VM Mobility• Large L2 domains up to 1152 GbE ports/VSS for VM Mobility• LISP and OTV ready • 为服务器提供 10GBASE-T 接入• Simplify w/ VSS: no STP, no FHRP, 减少维护成本• 一致性 IOS 方便用户升级•唯一一款带独立带外管理系统 CMP 的交换机•丰富的控制层保护 CoPP, SPAN/RSPAN/ERSPAN/mini protocol analyzer…• Open Manageability with XML/Web service API

• ASA-SM Firewall blade for up to 64 Gbps (Chassis Performance)• ACE-30 Load Balancer for up to 16 Gbps• Performance analytics and 1588 services with NAM-3• Up to 13M Netflow entries w/ FNF, Sampled, Egress, Multicast…• Full IPv6 Hardware parity with IPv4

可扩展性

虚拟化

运维简化

丰富服务


特性每槽带宽虚拟交换系统MPLS/VPLS安全服务模块无线服务模块网络分析模块可采样 Netflow灵活 NetflowERSPAN/EEM/GOLDTrustSec路由表规模 (IPv4)支持 40G 端口LISP 就绪EVN 就绪

80 G

1M

80 G 60-120G/24-48G 48 G

512K 256K 256K

*

230 G

1M

C6K-Sup2T EX8200 A9500/A7500 C4500 N7000

与 Catalyst 4500 及 Nexus 7000 对比


与友商主力产品定位比较

HP A12500/10500Juniper EX8200

HW S12700

HP A9500HW S9300

Juniper EX8200

HP A7500

接入

汇聚

核心Catalyst 6500

Sup2T-VSS

Catalyst 4500E

Catalyst 6500Sup2T

Catalyst 6500Sup2T-VSS

Nexus 7000

Catalyst 6500Sup2T-VSS

侧重性价比侧重性能

PE

RFO

RM

AN

CE

PRIC

E


Catalyst 6500 体现思科无边界网络核心价值

Manageability

Energy Sustainability

Network Virtualization

IPv6

VSS4T

TrustSec

Security ToolKit

Application Performance and

Monitoring

Robust Control Plane

MediaNet

VSS 4T

VSS 4T


Next GenerationLinecards asWell as 67XX

Service Modules Support

L2 and L3 MEC Enhancements

将 VSS 提升到更高阶段

TrustSec

VSS 1440

VSS 4TFlexible Netflow

Up to 4T bps on up to 388 TenGig Ports

Based Infrastructureof 6500, so VSS 4T

Supports Standalone Features and More


ACL 的巨大提升What’s New with Sup2T?• ACL “Dry Run”—test if the ACL will fit in the TCAM

before applying it

Protect your control plane from unanticipated disruption due to ACL programming

• ACL Atomic “Hitless” update

No traffic disruption when applying complex ACL

• Role-based ACL with SGACL

Identity aware ACL

• 1:1 ACL masking to maximize TCAM usage

• New match criterias—DSCP, IP Prec, TTL, length, Q-Q inner and outer CoS and Vlan

• IPv4/IPv6 parity in ACL features

• Large Scale ACL

0

4000

8000

12000

16000ACL Labels

x4

PFC3 PFC4

0

50000

100000

150000

200000Security ACEs

PFC3 PFC4

x6

0

4000

8000Port ACLs

PFC3 PFC4

x4


更好的控制层面安全性Protect Your Most Important CPUs of Your Infrastructure

Why it matters?• When under a DOS attack, you want to

avoid network meltdown, so you need to keep control on your network

How it protects the CPU?• Control Plane Policing protects the Switch

Control Plane from being Compromised from excessive traffic loads

• Select and limit the traffic that will hit your CPU

What’s new with Sup2T?Netflow on CoPP interfaceEasy Provisioning

Per byte / Per Packet accountingMore Granularity

Hardware Distributed PolicingPredictable Policing

IP O

ptio

ns

ICM

P

IPv6

ND

P

SNM

P

TTL=1

Control Plane Policing

IGMP

Etc…

PIM

Sup2T’s CoPP


FlexibleNetflow

Sup2T 创新的 Netflow 体系适用于高流量骨干网络灵活性及可自定义性 Increased flexibility and customization by selecting the fields to match and collect

CPU FriendlyExport

CPU 优化Optimal CPU utilization with Yielding Netflow Data Export, direct export from linecard Up to 13M

Flows/System

更强 flow 处理能力Bigger tables mean more entries per DFC. Up to 13 million entries with a 13 slot chassis. You can get better visibility in your network

SampledNetflow in Hardware

优化硬件利用率To optimize the Netflow tables utilization and minimize load on analyzers

EgressNetflow

支持出口方向 NetFlow Allow to use netflow after ingress lookup is done (ex: after DSCP remarking is done)

Allow to account for multicast traffic per destination instead of per group

Sup2T Netflow


EEM

Multi-Protocol Analyzer Comprehensive MIBs

Gold Smart Call Home ERSPAN

Sup2T更加方便运维

Open Manageability XML API

Blue Beacon LEDs

Over 2 million counters!

Per Protocol (v4, v6, MPLS, VPN Interface) Interfaces Statistics

Connectivity Management Processor (CMP)

Manageability NEW onSup2T


Sup2TSup720MPLS

VRF Services

L2VPN

VRF-Lite

Operations

• 4000 VRF support• L3VPN o mGRE • Label Switched Multicast (LSM)*

• VRF aware: WCCP, NTP, SSH, FTP, IPv6 Tunnels

• Native VPLS any Ethernet port• No multicast flooding on VPLS*

• 1000 VRF support• MPLS TE, CSC• Multicast VPN

• VRF aware ACLs, VACL, BFD, HSRP, PBR, Syslog, TACACS, Telnet, GLBP, VRRP

• VPLS on WAN linecards• Advanced VPLS• EoMPLS Native Ethernet

• Up to 8 VRFs • Easy Virtual Networks (EVN)*• 32 VRFs

• MPLS interface counters• MPLS aware Netflow P Router*• Flexible Netflow for MPLS

• Set syslog to a VRF loopback• MPLS egress Netflow• Call Home email in a VRF• NDE collector in a VRF• IP SLA Phase 1

6500 Sup2T 提供更完善的虚拟化支持


Supervisor 2T 带给金融行业的优化

Compliance

Performance

Microbursts

Control

Security

• PIM Registers and SPT switch in Hardware• IEEE 1588 Timestamps (NAM-3)*• PIM SM, PIM SSM, Bidir-PIM, IGMP v2/3

• Multicast Flexible Netflow v9, SPAN, VACL, • Replication Drop Counters

• Deep Packet Buffers 256MB/port WS-X6908• Resiliency with VSS, Multicast High Availability

• L3 and L2 Multicast Replication @880 Gbps• 2 Terabit Fabric Bandwidth with 500+ ports• 256,000 multicast routes in new mFIB• NAT in Hardware• IGMPv3/MLDv2 Snooping in Hardware

• MD5 authentication, Router Guard, Multicast Group-Range, Multicast Boundary, CoPP Multicast enhancements


• Dual Stack IPv4/IPv6• V6 over v4 tunnels:

6vPE/6PE, L3VPNoMGRE, DMVPNv6, Static tunnels

• 6 to 4 translation, LISP*• NAT64 with ASA*

• EIGRPv6, OSPFv3, BGPv6

• IPv6 PBR*

• IPv6 IPsec• IPv6 Firewall Security• IPv6 IDS• IPv6 ASA Service Module*

• IPv6 PIM-SSM, MLDv2, Embedded RP

• IPv6 QoS• DHCPv6 Relay Agent• HSRPv6/GLBPv6• IPv6 support for VSS

• Dual Stack IPv4/IPv6 • 6vPE/6PE • 6to4 tunneling • ISATAP tunnels• LISP*• Unified VRRP*

• IPv6 ACL• IPv6 ACL Atomic

Commit/Dry Run • uRPF• IPv6 Ingress Netflow• IPv6 Flexible Netflow

• Stateless Auto configuration• IPv6 management: SNMP,

Syslog, SSH, NTPv4, Tacacs+

• IPv6 interface stats

• IGMPv3/MLDv2 Snooping• IPv6 First Hop Security• IPv6 PACL/RA Guard

• Dual Stack IPv4/IPv6• ISATAP and static

Tunnels

Edg

eA

cces

sD

istri

butio

nC

ore

针对 IPv6 安全性针对 IPv6 优化针对 v4-v6 迁移

• EIGRPv6, OSPFv3, IS-IS• IPv6 support for VSS• ECMP• OSPFv3 GR

• IPv6 CoPP • Dual Stack IPv4/IPv6• 6to4 tunneling, ISATAP• LISP*

MPLS/ IPv4/IPv6 Core Internet

Supervisor 2T 在园区 IPv6 网络的领导地位


2010 2015 2020+2000 2005

Sup 1A Maintain Support

Sup2 Maintain Support

Sup720-3B

Sup 2T—Next Generation Supervisor

EOS

EOS

12 years

12 years

Sup32

Sup720-10G (VSS Enabled)

EOL

EOL

Sup720-3A Maintain SupportEOS EOL

12 years

Supervisor 2T 发布于 2011七月

Catalyst 6500 生命周期长至 2020+

交换行业史无前例的超强生命力平台EOS

EOL

End of Sale

End of LifeEnd of Support


全球 2000+ Sup2T 预售客户

“Rackspace is a long-standing Cisco customer with Catalyst 6500 switches deployed throughout their network for various use cases; Internet Edge, IP Core, as well as L3 Aggregation utilizing VSS for services applicable to both Cloud and Managed Hosted environments. … Rackspace is looking to the Sup2T to provide more capacity; Control Plane scalability, bandwidth scalability at 80G per slot, and the ability to utilize the larger Netflow tables are all key metrics. Sheer capacity is key for hosting companies, and Flexible Netflow is ideal for Denial of Service mitigation techniques.

– Ellis Merworth, SE Rackspace,

“Video is a core technology at Apple; … The Supervisor Engine 2T, with VSS implementation, expands the existing, available bandwidth of all deployed E-Series Catalyst 6500 chassis to 4 Terabits per second. This compounded with 80 Gigabits per slot capacity and scaled, hardware multicast route support ensures the operational integrity of Apple’s network.”

– Patrick Millette, AM Apple

… BT, a long-time Catalyst customer, has 6500 switches deployed throughout the network in IP Core, Data Center, Enterprise, and Ethernet aggregation points. The Sup2T, in VSS configuration, enables BT to leverage their extensive existing infrastructure andd expand the current switch bandwidth to 2-Terabit capacity and future-proof for 40G readiness. ….” – Jim Wicks, SE, BT

“For Penn State University, Bandwidth is at the forefront of their core network requirements. With Catalyst 6500 Switches deployed through the core and into distribution, Penn State is looking to the Supervisor Engine 2T to expand the current bandwidth to 2-Terabit capacity and future-proof the existing infrastructure for 40G readiness. Flexible Netflow capability enables the transition to IP-based statistics collection, driving enhanced billback capabilities” – Chris Sullivan, AM Penn State

“We are excited to be working with Cisco to receive some of the first shipments of the eagerly awaited Supervisor 2T modules. Loughborough's IT service provision requires the cutting edge technology these new modules provide, complementing the new functions on Cisco's IPv6 roadmap. We look forward to working with Cisco for many years to come.”

– Matthew Cook, Network and Security Manager, Loughborough University, IT Services

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34Cisco Highly Confidential

Ope

ratio

nsSc

alab

ility

+ 800%-3200%

+180 10G ports

+3200%

Configurable Security/QoS

+ 400%

升级至“ 2T” 平台的 50个理由Fast Forward To… Sup1A Sup2 Sup2T

Performance 32 Gbps 256 Gbps 2048 Gbps

10 GbE Fiber/Copper

Netflow Table 32K 32K 1024K

ACL Scalability 16K 32K 256K

Bridge Domains 4K 4K 16K

FIB Table - 256K 1M

EEM/GOLD/Smart CH

NAM

ERSPAN

Flexible Netflow

Sampled Netflow

Per protocol stats

Per VPN stats

2M counters pkt/byte


QoS

+pkt len/TTL+IP opt v4/v6Ingress/egress

Secu

rity


CPU Rate Limiters

Control Plane Policing

Enhance uRPF

NAT/PAT in HW

Role Base ACL

Atomic ACL

ACL “dry run”

MacSec (L2 encrypt.)

Netflow TCP flags

UBRL

Egress Policing

Distributed Policing

Enhanced classificat.

Microflow policing


Mul

ticas

tVi

rtual

izat

ion


MPLS L3 VPN

VPLS and L2oMGRE

VRF-lite

Virtual Switching

GRE HW Tunneling

VPN aware Netflow

VPN aware NAT

Multicast in HW

Egress Replication

Bidir PIM

Multicast VPN

Multicast IPv6

IGMPv3 (SSM)

PIM register in HW


Thank you.


Backup slides


Catalyst 6500 Strategy and Direction

CATALYST 6500E-SERIES

DIFFERENTIATIONINNOVATION

COMPETITIVELEADERSHIP

Innovation withInvestment Protection

TRANSITION

The Network Services Platform for Unified

Access and Unified Fabric

Driving Next-Gen Ethernet

In the Campus1G » 10G » 40G » 100G

Lead Core/Distribution Platform in Industry

over HP (A7500/A9500)and Juniper (EX8200)


Enterprise Core FlexibilityCatalyst Nexus

Mod

ular

Fixe

d

Access Aggregation Core Core Aggregation Access

Nexus 7K

Nexus 3K | Nexus 2KN5K

Catalyst 4500 Catalyst 6500

Catalyst 3750Catalyst 2960

Catalyst 4900

Cisco Unified Services | Cross Architecture Network ValueFabricPath » Medianet » LISP » FEX-linkOTV » Netflow v9 » TrustSec » VSS / vPC

Cisco Unified Access | Enterprise Campus DifferentiationNGA 1.0 / NCS » EnergyWise

ISE » UPOE

Cisco Unified Fabric | Data Center Architectural InnovationUnified Ports » DCB / FCoE

Nexus 1000v » VDCUnified Fabric = Nexus + NXOSUnified Access = CATALYST + IOS!


Cisco IOS Software 12.2(33)SXI3 Features Set

MPLS IPv6 ACL Enh. CoPP Enh CMP XML API

VPLS NAT TrustSec FnF QoS MCast

Sup2T 软件特性更新

…总计超过 200 项新特性支持 !

Cisco TrustSecRBACL

TrustSec Ingress/Egress reflectorSGT Tagging and Filtering

Dry run for ACLs Atomic ACL Update

Flexible NetflowEgress Netflow

Sampling Netflow in HW Hardware CoPP

New level of IPv6 supportDistributed Aggregate Policers

EEM v3.0EVC 2.0

E-OAM 3.0IPSLA support for EVC

802.1ag CFM Draft 8Service Module Support

On Board Failure Logging Netconf, Http, Soal, TCL… over IPv6

IPv6 uRPFPACL support for IPv6

CMPXML Programmatic interface

Web ServicePIM Registers in HW

IP-Based IGMPv3 Snooping supportBi-dir Enhancements

Stateful EoMPLSEtherchannel Enhancements

Native VPLSVRF aware SSH, FTP, NTP

DAI accelerated in HWWCCP Closed group

MQC Queuing policy for ingress/egressDSCP classification

QoS ACL per policy classPer-protocol statistics

Per VLAN broadcast statisticsACL/QoS scalability

uRPF + ACLNew ACL classifications Options

Documents

思科可信网络架构 与新一代 Catalyst6500 Sup2T 交换平台

思科可信网络架构与新一代 Catalyst6500 Sup2T 交换平台