Upload
rosa
View
375
Download
23
Embed Size (px)
DESCRIPTION
思科可信网络架构 与新一代 Catalyst6500 Sup2T 交换平台. 思科中国无边界网络事业部. 接入时间. 健康状态. 接入位置. 思科可信网络架构. 可信网络架构. 什么是思科可信网络架构 ? 网络的物理边界正在消失,客户需要更为安全、可靠的基础架构。思科可信网络架构对所有接入网络的用户、设备按需 进行灵活的身份认证,能够智能识别各类非用户设备如 IP 话机 、 智能终端,并且依据灵活的安全策略管理上述设备。思科可信网络架构也能实现基于二层的线速流量加密功能,提供机密的数据传输平台。. 解决方案对客户的价值 为客户提供安全的基础网络架构平台 ; - PowerPoint PPT Presentation
Citation preview
Cisco Confidential 1© 2011 Cisco and/or its affiliates. All rights reserved.
思科可信网络架构与新一代 Catalyst6500 Sup2T 交换平台
思科中国无边界网络事业部
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
思科可信网络架构什么是思科可信网络架构 ?
网络的物理边界正在消失,客户需要更为安全、可靠的基础架构。思科可信网络架构对所有接入网络的用户、设备按需进行灵活的身份认证,能够智能识别各类非用户设备如 IP 话机、智能终端,并且依据灵活的安全策略管理上述设备。思科可信网络架构也能实现基于二层的线速流量加密功能,提供机密的数据传输平台。
可信网络架构
如何销售:•在数据中心领域,可以从 Macsec 入手,强调思科交换机的二层线速加密功能;•在园区网络领域,可以强调思科灵活的多因子网络准入授权策略(基于用户角色、接入时间、接入位置等) ;•在有线无线一体化领域 ; 可以强调思科 ISE 对 IP 话机、 IP 打印机及各种智能终端设备的智能识别及动态安全策略功能; 如何交付:• 部署及配置文档: BU solution guide;• SBA design guide;
想了解更多?: External:http://www.cisco.com/en/US/netsol/ns1051/index.html
解决方案对客户的价值• 为客户提供安全的基础网络架构平台 ;• 为客户提供灵活的网络准入授权策略;• 为客户提供可视化的安全运维管理 ;
解决方案所包含组件:• 思科 ISE 策略服务器;• 思科交换机产品;• 思科无线产品;目标客户群 ?• 对网络准入有着严格要求的企业 ;• 需要有灵活、多样的网络准入策略的企业; • 企业网络需要识别各类非用户终端设备如 IP 话机、 IP 打印机及各类智能终端等,并且能够基于识别后设备类型来设置灵活的网络准入策略;解决方案对思科的价值•充分展示思科在基础网络安全上的架构优势 ; •结合客户的实际需求,将纯产品竞争转换为解决方案竞争,为对手设置较高的竞争门槛;•方案一旦被客户采用,将有利于锁定后续的升级项目 ;
设备可信
思科可信基础网络平台
链路可信用户可信
网络设备间双向身份认证用户名 : 口令接入时间
健康状态
接入位置
用户 / 设备鉴别 多种组合条件 出方向流量线速加密
入方向流量线速解密
数据传输为密文
RTW
#(*J0$^&*
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
设备可信
思科可信网络架构—下一代基础网络安全架构
思科可信基础网络平台
链路可信
用户接入网络时的身份认证,确认用户可信; 根据规则(用户组、接入方式、接入时间、
接入位置)动态授予用户网络资源访问权限; 用户网络资源访问记录审计;
设备接入网络时的身份认证,确认设备可信; 网络设备只接收来自受信任邻居网络设备的流量; 非信任邻居网络设备的流量将被丢弃;
设备之间经过“非信任”时链路连接时,设备间线速流量加密功能; 服务器 / 客户机与交换机之间经过“非信任”链路时,具备线速流量加密功能;
用户可信
设备间认证用户名:口令接入时间
健康状态
接入位置
用户 / 设备鉴别 多种组合条件 出方向流量线速加密
入方向流量线速解密
数据传输为密文
RTW
#(*J0$^&*
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
6500 Sup2T 完整支持思科 TrustSec 解决方案Security Group Tagging and forwarding
Security Group Enforcement
MACSec Encryption
TrustSec Reflector
TrustSec on VSS
Sup2T 上的思科TrustSec
Sup2T 同时支持所有现有 6500 安全认证特性
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
思科 TrustSec 认证解决方案
Doctor (SGT 7)
IT Admin (SGT 5)
IT Portal (SGT 4)
Agent-less Device
ActiveDirectory
Sup2T
Users,Endpoints
CampusNetwork
Sup2T ACS v5.1802.1X
MAB
LWA
Public Portal (SGT 8) Internal Portal (SGT 9)
Patient Record DB (SGT 10)Untagged Frame
Tagged Frame
SGT=7
SGT Assignment
SGT Enforcement
Sup2T 对 SGT 控制及转发提供硬件支持
Sup2T
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
不影响其他包侦测特性 点到点部署 , 可按链路情况控制 支持 EoMPLS 上的 MacSec 保障全园区汇聚及核心网络链路层数据安全
6500 最新支持硬件 MACSec 加密
802.1ae 线速数据加解密及完整性控制 从二层开始防止非法攻击
防嗅探 防篡改 防攻击
线速 2TBPS 加解密能力 !
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Catalyst 6500-E 新一代 2T 平台
Sup2T and 6513-E 服务模块WiSM-2ASA-SMNAM-3ACE-30
69xx Series 单槽 80Gbps8p 10G 全线速
4p 40G/16p 10GBuilt-in DFC4
68xx/67xx Series 单槽 40Gbps1GbE Fiber: 24p/48p
10/100/1000: 48p10GBASE-T: 16p10G Fiber: 16pBuilt-in DFC4
投资保护
创新Cat6500-E
所有 E-系列机框 从 67xx 线卡轻松升级 兼容旧款服务模块所有 61XXPOE/ POE+ 线卡
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
在所有 E系列机框上支持 80G/160G
6503-E 6504-E 6506-E 6509-V-E6513-E6509-E
80G/Slot
E-系列机框全线支持 “ 2T”
34x10GE96x1GE8x40GE150Mpps
50x10GE144x1GE12x40GE210Mpps
82x10GE240x1GE20x40GE330Mpps
130x10GE384x1GE32x40GE510Mpps
130x10GE384x1GE32x40GE510Mpps
180x10GE528x1GE44x40GE720Mpps
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Catalyst 6500 产品线更新
Power Supply
Service Module Portfolio
3000W AC, 4000W AC6000W AC, 8700W AC4000W DC, 6000W DC
Industry-Leading Power Efficiency
10G Copper
1 GE
CopperFiber
10GE
Fiber
OversubscribedNonblocking
Line-Card Portfolio
10-GE Line-Card PortfolioWiSM 1/2 FWSM /
ASA-SMNAM 2/3 ACE 30
WS-X6148A-GE-TXWS-X6148E-GE-45AT
WS-X6816-10T-2T(XL)
Supervisor Engine Portfolio
10-GEUplink
VS-S2T-10GVS-S2T-10G-XL
WS-X6848-TX-2T(XL)
WS-X6848-SFP-2T(XL)
WS-X6824-SFP-2T(XL)
WS-X6908-10G-2T(XL)
WS-X6816-10G-2T(XL)
Wiring Closet 10 / 100 /1000 TX & PoE
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
轻松进入 2T 时代 : 全新 Supervisor 2T
迄今为止最强的 Catalyst 6500 平台3X System Performance4X Data Plane Scalability
4T Virtual Switching System40 Gigabit Ethernet Ready
Up to 13M NetFlow Entries/system1 million routes and 25k6 multicast groups
Large Packet Buffers
Catalyst 平台上最丰富的无边界网络特性集合End to End Network Virtualization – MPLS, EoMPLS, L2VPN/VPLS, VRF-Lite, Easy Virtual Networks (EVN)
Security with TrustSec, MACsec, Atomic ACL’s and ASA-SM Application Visibility with NAM-3 and Flexible NetFlow
Unified Mobility with WiSM2 Comprehensive IPv6 Ready for Transition
Future Proof: 40G Ready, OTV Ready, TRILL Ready, LiSP Ready
Supported with LMS 4.1 & DCNM
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
8 端口 10G 全线速线卡 4 端口 40G 线卡
69xx 系列— 80G 线卡
• Two SKUs: regular and XL tables (DFC4)• X2 Transceiver or SFP+ w/ adapter• Wire Rate MacSec (IEEE 802.1AE)• Large packet buffers (256MB/port)• Virtual Switch Link (for VSS)• A-VPLS , OTV and LISP ready*
• IEEE 802.3ba standard compliant• Two SKUs: regular and XL tables (DFC4)• CFP Transceiver for 40G, SFP+ for 10G• Wire Rate MacSec (IEEE 802.1AE)• 10G mode via FourX adapter• Virtual Switch Link (for VSS)• A-VPLS , OTV and LISP ready*
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Reference: http://www.ethernetalliance.org/files/static_page_files/2Ethernet_Alliance_Demonstration_at_SC10.pdf
Catalyst 6500 40G 端口就绪于 2010年九月业界演示
业界第一款 40G 以太交换模块• 在 Supercomputing 中成功演示业界第一款 40G 交换模块• 在 CRS-3 上展示业界第一款
100GE模块• 展示 40G模块针对服务器及各种线缆和模块的良好支持
40GE
10GE 10GE10GE 10GE
CiscoUSC C200 M2
CiscoUSC C200 M2
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Performance 10 Gbps
Access Points 500
Clients 10,000
Concurrent AP Upgrade/Joints Up to 500
Mobility, Domain Size Up to 18,000 APs
新一代无线服务模块 - WiSM-2
新一代无边界网络服务模块支持 Sup720 and Sup2T
UP to 16 Gbps Performance
Up to 6 Gbps Compression
30,000 Transactions per Second
250 Virtual Context
250 VLANs
新一代负载均衡模块 - ACE-30
Monitoring Performance 10 Gbps Plus
Capture to External Disk Up to 5 Gbps
Performance Analytics 1588Timestamps
HW Filters/ Pkt Captures
新一代流量分析模块 - NAM-3
64 Gbps Chassis Performance16 G Performance
10,000,000 Concurrent Sessions300,000 Connections per Second
250 Security Contexts1,000 VLANs
新一代防火墙模块 - ASA-SM
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Supported67xx Series w/ CFC
WS-F6K-DFC4-E6716-10GE Fiber
WS-F6K-DFC4-A6704-10GE w/ DFC3
WS-F6K-DFC4-A67xx Series 1GbE w/ DFC3
WS-F6K-DFC4-E6716-10GBASE-T
6908-10G Fiber (80G)6708-10G Fiber
Supported上一代服务模块Supported61xx Series
如何将 720 平台升级至 Sup2T 平台Sup720 Sup2T
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Sup2T— 支持传统线卡及新老服务模块Next Gen.
Service Modules61xx
Line CardsLegacy
Service Modules
ASA-SM *
ACE 30
WiSM-2
NAM-3 *
FWSM
ACE 20
WiSM
NAM-1
NAM-2
WS-X6148A-RJ-45
WS-X6148A-45AF
WS-X6148-FE-SFP
WS-X6148A-GE-TX
WS-X6148A-GE-45AF
WS-X6148E-GE-AT
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
新一代 Catalyst 企业园区网兼具性能和服务优势
接入TrustSecEnergyWiseNGPoE (60W) ReadyFlexible NetflowIPv6 First Hop Sec.
Next Gen Cat4k/ Sup7-E Cat3k/ 3750XCat2K/2960S
核心4T VSS40G 端口就绪Tunnels, L3VPNomGREL3SGT For TrustSec InteroperabilityOTV, Trill ReadyFlexible Netflow
VSS 4TNext Gen Cat6k/Sup2T
汇聚
4T VSSIntegrated NG Svcs (WisM2, ASA, NAM, ACE-30), Multicast HASmart Install Director*OTV, Trill ReadyFlexible Netflow, Egress Netflow
Next Gen Cat6k/Sup2T
VSS 4T
健壮 简单弹性 支持 IPv6虚拟化 视频优化
VDI就绪安全
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
WAN
Catalyst 6500 在企业园区网独有的端到端优势2T720
完整的核心网络特性集合
强大的核心矩阵4T VSS
40G readyL3VPN o mGRE
完整的虚拟化支持VRF-Lite, L3VPN, L2VPN, EVN*, LISP*
完善的高可用性VSS Quad Sup SSO*
业界领先的 IPv6 和多播支持Tunnels, URPF, 256K mcast Groups
业界领先的流量分析能力Flexible Netflow, Egress, Sampled
完善的安全特性TrustSec, L3 SGT,
性能卓越的新一代服务模块WiSM2, ASA SM*, NAM*, ACE30
丰富的接入网络特性集合
完善的 PoE+ 能力Smart Install*
EnergyWise
Medianet
TrustSec Identity KitTrustSec Reflector
IPv6 First Hop Security
DHCP SnoopingDynamic ARP Inspection
IP Source GuardPACL
Autosecure
Smartports/Auto QoSAuto Smartports*
OSPF Router Acces
720Sup32 2T
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
6500 “2T” 同样适用于传统数据中心前所未有的升级良机• 业界领先 Table Scalability: ACL, Netflow, IPv4/v6• 业界领先 Packet Buffers: up to 256MB/10GbE port( 业界最高 )• 业界领先 Multicast 转发能力 • 提升至 16K Bridge Domains 为云部署提供高扩展性• 从 1GbE 平滑过度 10GbE/40GbE
• 128K MAC Table (effective +50% vs. Sup720)• VPLS in HW for L2 extension/VM Mobility• Large L2 domains up to 1152 GbE ports/VSS for VM Mobility• LISP and OTV ready • 为服务器提供 10GBASE-T 接入• Simplify w/ VSS: no STP, no FHRP, 减少维护成本• 一致性 IOS 方便用户升级•唯一一款带独立带外管理系统 CMP 的交换机•丰富的控制层保护 CoPP, SPAN/RSPAN/ERSPAN/mini protocol analyzer…• Open Manageability with XML/Web service API
• ASA-SM Firewall blade for up to 64 Gbps (Chassis Performance)• ACE-30 Load Balancer for up to 16 Gbps• Performance analytics and 1588 services with NAM-3• Up to 13M Netflow entries w/ FNF, Sampled, Egress, Multicast…• Full IPv6 Hardware parity with IPv4
可扩展性
虚拟化
运维简化
丰富服务
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
特性每槽带宽虚拟交换系统MPLS/VPLS安全服务模块无线服务模块网络分析模块可采样 Netflow灵活 NetflowERSPAN/EEM/GOLDTrustSec路由表规模 (IPv4)支持 40G 端口LISP 就绪EVN 就绪
80 G
1M
80 G 60-120G/24-48G 48 G
512K 256K 256K
*
230 G
1M
C6K-Sup2T EX8200 A9500/A7500 C4500 N7000
与 Catalyst 4500 及 Nexus 7000 对比
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
与友商主力产品定位比较
HP A12500/10500Juniper EX8200
HW S12700
HP A9500HW S9300
Juniper EX8200
HP A7500
接入
汇聚
核心Catalyst 6500
Sup2T-VSS
Catalyst 4500E
Catalyst 6500Sup2T
Catalyst 6500Sup2T-VSS
Nexus 7000
Catalyst 6500Sup2T-VSS
侧重性价比 侧重性能
PE
RFO
RM
AN
CE
PRIC
E
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Catalyst 6500 体现思科无边界网络核心价值
Manageability
Energy Sustainability
Network Virtualization
IPv6
VSS4T
TrustSec
Security ToolKit
Application Performance and
Monitoring
Robust Control Plane
MediaNet
VSS 4T
VSS 4T
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Next GenerationLinecards asWell as 67XX
Service Modules Support
L2 and L3 MEC Enhancements
将 VSS 提升到更高阶段
TrustSec
VSS 1440
VSS 4TFlexible Netflow
Up to 4T bps on up to 388 TenGig Ports
Based Infrastructureof 6500, so VSS 4T
Supports Standalone Features and More
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
ACL 的巨大提升What’s New with Sup2T?• ACL “Dry Run”—test if the ACL will fit in the TCAM
before applying it
Protect your control plane from unanticipated disruption due to ACL programming
• ACL Atomic “Hitless” update
No traffic disruption when applying complex ACL
• Role-based ACL with SGACL
Identity aware ACL
• 1:1 ACL masking to maximize TCAM usage
• New match criterias—DSCP, IP Prec, TTL, length, Q-Q inner and outer CoS and Vlan
• IPv4/IPv6 parity in ACL features
• Large Scale ACL
0
4000
8000
12000
16000ACL Labels
x4
PFC3 PFC4
0
50000
100000
150000
200000Security ACEs
PFC3 PFC4
x6
0
4000
8000Port ACLs
PFC3 PFC4
x4
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
更好的控制层面安全性Protect Your Most Important CPUs of Your Infrastructure
Why it matters?• When under a DOS attack, you want to
avoid network meltdown, so you need to keep control on your network
How it protects the CPU?• Control Plane Policing protects the Switch
Control Plane from being Compromised from excessive traffic loads
• Select and limit the traffic that will hit your CPU
What’s new with Sup2T?Netflow on CoPP interfaceEasy Provisioning
Per byte / Per Packet accountingMore Granularity
Hardware Distributed PolicingPredictable Policing
IP O
ptio
ns
ICM
P
IPv6
ND
P
SNM
P
TTL=1
Control Plane Policing
IGMP
Etc…
PIM
Sup2T’s CoPP
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
FlexibleNetflow
Sup2T 创新的 Netflow 体系 适用于高流量骨干网络灵活性及可自定义性 Increased flexibility and customization by selecting the fields to match and collect
CPU FriendlyExport
CPU 优化Optimal CPU utilization with Yielding Netflow Data Export, direct export from linecard Up to 13M
Flows/System
更强 flow 处理能力Bigger tables mean more entries per DFC. Up to 13 million entries with a 13 slot chassis. You can get better visibility in your network
SampledNetflow in Hardware
优化硬件利用率To optimize the Netflow tables utilization and minimize load on analyzers
EgressNetflow
支持出口方向 NetFlow Allow to use netflow after ingress lookup is done (ex: after DSCP remarking is done)
Allow to account for multicast traffic per destination instead of per group
Sup2T Netflow
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
EEM
Multi-Protocol Analyzer Comprehensive MIBs
Gold Smart Call Home ERSPAN
Sup2T更加方便运维
Open Manageability XML API
Blue Beacon LEDs
Over 2 million counters!
Per Protocol (v4, v6, MPLS, VPN Interface) Interfaces Statistics
Connectivity Management Processor (CMP)
Manageability NEW onSup2T
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Sup2TSup720MPLS
VRF Services
L2VPN
VRF-Lite
Operations
• 4000 VRF support• L3VPN o mGRE • Label Switched Multicast (LSM)*
• VRF aware: WCCP, NTP, SSH, FTP, IPv6 Tunnels
• Native VPLS any Ethernet port• No multicast flooding on VPLS*
• 1000 VRF support• MPLS TE, CSC• Multicast VPN
• VRF aware ACLs, VACL, BFD, HSRP, PBR, Syslog, TACACS, Telnet, GLBP, VRRP
• VPLS on WAN linecards• Advanced VPLS• EoMPLS Native Ethernet
• Up to 8 VRFs • Easy Virtual Networks (EVN)*• 32 VRFs
• MPLS interface counters• MPLS aware Netflow P Router*• Flexible Netflow for MPLS
• Set syslog to a VRF loopback• MPLS egress Netflow• Call Home email in a VRF• NDE collector in a VRF• IP SLA Phase 1
6500 Sup2T 提供更完善的虚拟化支持
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Supervisor 2T 带给金融行业的优化
Compliance
Performance
Microbursts
Control
Security
• PIM Registers and SPT switch in Hardware• IEEE 1588 Timestamps (NAM-3)*• PIM SM, PIM SSM, Bidir-PIM, IGMP v2/3
• Multicast Flexible Netflow v9, SPAN, VACL, • Replication Drop Counters
• Deep Packet Buffers 256MB/port WS-X6908• Resiliency with VSS, Multicast High Availability
• L3 and L2 Multicast Replication @880 Gbps• 2 Terabit Fabric Bandwidth with 500+ ports• 256,000 multicast routes in new mFIB• NAT in Hardware• IGMPv3/MLDv2 Snooping in Hardware
• MD5 authentication, Router Guard, Multicast Group-Range, Multicast Boundary, CoPP Multicast enhancements
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
• Dual Stack IPv4/IPv6• V6 over v4 tunnels:
6vPE/6PE, L3VPNoMGRE, DMVPNv6, Static tunnels
• 6 to 4 translation, LISP*• NAT64 with ASA*
• EIGRPv6, OSPFv3, BGPv6
• IPv6 PBR*
• IPv6 IPsec• IPv6 Firewall Security• IPv6 IDS• IPv6 ASA Service Module*
• IPv6 PIM-SSM, MLDv2, Embedded RP
• IPv6 QoS• DHCPv6 Relay Agent• HSRPv6/GLBPv6• IPv6 support for VSS
• Dual Stack IPv4/IPv6 • 6vPE/6PE • 6to4 tunneling • ISATAP tunnels• LISP*• Unified VRRP*
• IPv6 ACL• IPv6 ACL Atomic
Commit/Dry Run • uRPF• IPv6 Ingress Netflow• IPv6 Flexible Netflow
• Stateless Auto configuration• IPv6 management: SNMP,
Syslog, SSH, NTPv4, Tacacs+
• IPv6 interface stats
• IGMPv3/MLDv2 Snooping• IPv6 First Hop Security• IPv6 PACL/RA Guard
• Dual Stack IPv4/IPv6• ISATAP and static
Tunnels
Edg
eA
cces
sD
istri
butio
nC
ore
针对 IPv6 安全性针对 IPv6 优化 针对 v4-v6 迁移
• EIGRPv6, OSPFv3, IS-IS• IPv6 support for VSS• ECMP• OSPFv3 GR
• IPv6 CoPP • Dual Stack IPv4/IPv6• 6to4 tunneling, ISATAP• LISP*
MPLS/ IPv4/IPv6 Core Internet
Supervisor 2T 在园区 IPv6 网络的领导地位
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
2010 2015 2020+2000 2005
Sup 1A Maintain Support
Sup2 Maintain Support
Sup720-3B
Sup 2T—Next Generation Supervisor
EOS
EOS
12 years
12 years
Sup32
Sup720-10G (VSS Enabled)
EOL
EOL
Sup720-3A Maintain SupportEOS EOL
12 years
Supervisor 2T 发布于 2011七月
Catalyst 6500 生命周期长至 2020+
交换行业史无前例的超强生命力平台EOS
EOL
End of Sale
End of LifeEnd of Support
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
全球 2000+ Sup2T 预售客户
“Rackspace is a long-standing Cisco customer with Catalyst 6500 switches deployed throughout their network for various use cases; Internet Edge, IP Core, as well as L3 Aggregation utilizing VSS for services applicable to both Cloud and Managed Hosted environments. … Rackspace is looking to the Sup2T to provide more capacity; Control Plane scalability, bandwidth scalability at 80G per slot, and the ability to utilize the larger Netflow tables are all key metrics. Sheer capacity is key for hosting companies, and Flexible Netflow is ideal for Denial of Service mitigation techniques.
– Ellis Merworth, SE Rackspace,
“Video is a core technology at Apple; … The Supervisor Engine 2T, with VSS implementation, expands the existing, available bandwidth of all deployed E-Series Catalyst 6500 chassis to 4 Terabits per second. This compounded with 80 Gigabits per slot capacity and scaled, hardware multicast route support ensures the operational integrity of Apple’s network.”
– Patrick Millette, AM Apple
… BT, a long-time Catalyst customer, has 6500 switches deployed throughout the network in IP Core, Data Center, Enterprise, and Ethernet aggregation points. The Sup2T, in VSS configuration, enables BT to leverage their extensive existing infrastructure andd expand the current switch bandwidth to 2-Terabit capacity and future-proof for 40G readiness. ….” – Jim Wicks, SE, BT
“For Penn State University, Bandwidth is at the forefront of their core network requirements. With Catalyst 6500 Switches deployed through the core and into distribution, Penn State is looking to the Supervisor Engine 2T to expand the current bandwidth to 2-Terabit capacity and future-proof the existing infrastructure for 40G readiness. Flexible Netflow capability enables the transition to IP-based statistics collection, driving enhanced billback capabilities” – Chris Sullivan, AM Penn State
“We are excited to be working with Cisco to receive some of the first shipments of the eagerly awaited Supervisor 2T modules. Loughborough's IT service provision requires the cutting edge technology these new modules provide, complementing the new functions on Cisco's IPv6 roadmap. We look forward to working with Cisco for many years to come.”
– Matthew Cook, Network and Security Manager, Loughborough University, IT Services
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34Cisco Highly Confidential
Ope
ratio
nsSc
alab
ility
+ 800%-3200%
+180 10G ports
+3200%
Configurable Security/QoS
+ 400%
升级至“ 2T” 平台的 50个理由Fast Forward To… Sup1A Sup2 Sup2T
Performance 32 Gbps 256 Gbps 2048 Gbps
10 GbE Fiber/Copper
Netflow Table 32K 32K 1024K
ACL Scalability 16K 32K 256K
Bridge Domains 4K 4K 16K
FIB Table - 256K 1M
EEM/GOLD/Smart CH
NAM
ERSPAN
Flexible Netflow
Sampled Netflow
Per protocol stats
Per VPN stats
2M counters pkt/byte
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35Cisco Highly Confidential
QoS
+pkt len/TTL+IP opt v4/v6Ingress/egress
Secu
rity
升级至“ 2T” 平台的 50个理由Fast Forward To… Sup1A Sup2 Sup2T
CPU Rate Limiters
Control Plane Policing
Enhance uRPF
NAT/PAT in HW
Role Base ACL
Atomic ACL
ACL “dry run”
MacSec (L2 encrypt.)
Netflow TCP flags
UBRL
Egress Policing
Distributed Policing
Enhanced classificat.
Microflow policing
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36Cisco Highly Confidential
Mul
ticas
tVi
rtual
izat
ion
升级至“ 2T” 平台的 50个理由Fast Forward To… Sup1A Sup2 Sup2T
MPLS L3 VPN
VPLS and L2oMGRE
VRF-lite
Virtual Switching
GRE HW Tunneling
VPN aware Netflow
VPN aware NAT
Multicast in HW
Egress Replication
Bidir PIM
Multicast VPN
Multicast IPv6
IGMPv3 (SSM)
PIM register in HW
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Thank you.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Backup slides
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Catalyst 6500 Strategy and Direction
CATALYST 6500E-SERIES
DIFFERENTIATIONINNOVATION
COMPETITIVELEADERSHIP
Innovation withInvestment Protection
TRANSITION
The Network Services Platform for Unified
Access and Unified Fabric
Driving Next-Gen Ethernet
In the Campus1G » 10G » 40G » 100G
Lead Core/Distribution Platform in Industry
over HP (A7500/A9500)and Juniper (EX8200)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Enterprise Core FlexibilityCatalyst Nexus
Mod
ular
Fixe
d
Access Aggregation Core Core Aggregation Access
Nexus 7K
Nexus 3K | Nexus 2KN5K
Catalyst 4500 Catalyst 6500
Catalyst 3750Catalyst 2960
Catalyst 4900
Cisco Unified Services | Cross Architecture Network ValueFabricPath » Medianet » LISP » FEX-linkOTV » Netflow v9 » TrustSec » VSS / vPC
Cisco Unified Access | Enterprise Campus DifferentiationNGA 1.0 / NCS » EnergyWise
ISE » UPOE
Cisco Unified Fabric | Data Center Architectural InnovationUnified Ports » DCB / FCoE
Nexus 1000v » VDCUnified Fabric = Nexus + NXOSUnified Access = CATALYST + IOS!
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Cisco IOS Software 12.2(33)SXI3 Features Set
MPLS IPv6 ACL Enh. CoPP Enh CMP XML API
VPLS NAT TrustSec FnF QoS MCast
Sup2T 软件特性更新
…总计超过 200 项新特性支持 !
Cisco TrustSecRBACL
TrustSec Ingress/Egress reflectorSGT Tagging and Filtering
Dry run for ACLs Atomic ACL Update
Flexible NetflowEgress Netflow
Sampling Netflow in HW Hardware CoPP
New level of IPv6 supportDistributed Aggregate Policers
EEM v3.0EVC 2.0
E-OAM 3.0IPSLA support for EVC
802.1ag CFM Draft 8Service Module Support
On Board Failure Logging Netconf, Http, Soal, TCL… over IPv6
IPv6 uRPFPACL support for IPv6
CMPXML Programmatic interface
Web ServicePIM Registers in HW
IP-Based IGMPv3 Snooping supportBi-dir Enhancements
Stateful EoMPLSEtherchannel Enhancements
Native VPLSVRF aware SSH, FTP, NTP
DAI accelerated in HWWCCP Closed group
MQC Queuing policy for ingress/egressDSCP classification
QoS ACL per policy classPer-protocol statistics
Per VLAN broadcast statisticsACL/QoS scalability
uRPF + ACLNew ACL classifications Options