Novinky v oblastech Cisco routing & switching

Miroslav Brzek

Jaroslav Čížek

Radek Boch

Agenda

9:30-10:30 Novinky v modulárních přepínačích Catalyst 4500 a 6500

10:30-10:45 Přestávka na kávu

10:45-11:45 Novinky v oblasti přepínačů 3560-X/3750-X/2960-S, IE3000, nové vlastnosti IOS, LMS4.0 a EnergyWise

11:45-12:15 Občerstvení

12:15-13:15 Aktuální novinky v řadách směrovačů ASR a ISR

13:15-13:45 IOS roadmap – představení hlavních směrů rozvoje Cisco IOS

Cisco Catalyst 4500-E/4900 Update

Miroslav Brzek

mibrzek@cisco.com

Next Generation Cisco Catalyst 4500-E System

Catalyst 4500E and 4500E+ Chassis

848Gbps Switching Capacity48G/slot

Rich hardware features (FnF, TrustSec, Wireless, ERSPAN,

Tunneling, VRF-NG, VSS and more…

Supervisor 7-E

48p 10/100/1000 non-blocking48Gbps/Slot

30W/port (PoE+) on all 48 portsCisco TrustSec in Hardware

Jumbo frame support

WS-X4748-RJ45V+E

12 PORT 10GE 2.5:1 Line CardCisco Trustsec in Hardware

Jumbo Frame support

WS-X4712-SFP+E

Modern OS to leverage next-gen switching HW

Enabling Open Service Platform

Cisco IOS-XE

Catalyst 4500E Chassis Portfolio

E Series chassis designed to support higher bandwidth per slot line cards . The

chassis provides 24G to 48G of bandwidth per slot with next generation supervisor

providing Investment Protection

WS-C4507R+E and WS-C4510R+E chassis add support for 48G/slot

Existing supervisors also support the +E chassis

The +E chassis is priced lower than the corresponding –E chassis

WS-C4503-E (48G/slot)

3 slot chassis

With single

Supervisor

WS-C4506-E

(48G/slot)

6 slot chassis

With Single

supervisor

WS-C4507R-E (24G/slot)

WS-C4507R+E (48G/slot)

7 slot chassis

With Redundant

Supervisors

WS-C4510R-E (24G/slot)

WS-C4510R+E (48G/slot)

10 slot chassis with

Redundant supervisors

Per Slot Bandwidth in 10 and 7 Slot Chassis

24G24G24G24G

Supervisor 6-ESupervisor 6-E

24G6G6G6G

WS-C4510R-E

24G24G24G24G

Supervisor 7-ESupervisor 7-E

24G24G24G24G

WS-C4510R-E

48G48G48G48G

Supervisor 7-ESupervisor 7-E

48G48G48G48G

WS-C4510R+E

24G

24G

24G

24G

Supervisor 6/6L-ESupervisor 6/6L-E

24G

WS-C4507R-E

24G24G

24G24G

Supervisor 7-ESupervisor 7-E

24G

WS-C4507R-E

48G

48G

48G

48G

Supervisor 7-ESupervisor 7-E

48G

WS-C4507R+E

Introducing Supervisor Engine 7-ENext Generation Cisco Catalyst 4500

48GB/Slot Performance — Mix with Classic Cards with No Performance Hit

Orderable Now!$19,995

250Mpps

Dual Core Processor

848Gbps total switching capacity

48Gbps/Slot

4 line-rate 10GE Uplink ports

SFP/SFP+ port flexibility on uplinks

Flexible Netflow support

IPv6/IPv4 Dual Stack

Cisco TrustSec in hardware*

Hardware based tunneling*

NAT*

ERSPAN*

* Supervisor7E capable of these features in HW. But it’s not supported in software at FCS

Supervisor 7-E Uplink ConfigurationsSingle Supervisor

10GE 10GE10GE 10GE

1GE 1GE 1GE 1GE

10GE10GE 1GE 1GE

1GE 1GE10GE 10GE

40G

4G

22G

22G

Supervisor 7-E uplinks can either operate in 10GE or 1GE mode

All modes are non-blocking

Any port can be used as 1GE or 10GE without any limitation

Speed selection is dynamic based on Optic type SFP / SFP+

Operationally simple

Supervisor 7-E Uplink ConfigurationsRedundant Supervisor

Supervisor 7-E uplinks can either operate in 10GE or 1GE mode

All modes are non-blocking

Different port speeds can be used on the same or across supervisors

Speed selection is dynamic based on optic type SFP/SFP+

Operationally simple

Inactive

10GE 10GE40G

10GE 10GE

1GE 1GE4G

1GE 1GE

10GE 10GE22G

1GE 1GE

10GE 1GE22G

10GE 1GE

IOS

FeaturesComponents

InfraMgmt

DriversKernels

IOS Classic IOS XE

HostedApps /

Services

IOSd

FeaturesComponents

Common Infrastructure / HA

Management Interface

Module Drivers

Kernel

IOS-XE

Modern IOS to enable multi-core CPU

Allows Lower TCO capabilities such as silent roll,

single sup ISSU

Smooth migration and investment protection with

consistent IOS look & feel

Fast adoption of latest Borderless Networks

Services

Enables open application platform

Next-Gen OS ArchitectureEnabling Integrated Open Service Platform

I5.0 Feature Componentization

Source Code Modularity (Routing,

QoS , Multicast, IPv6 …)

Improved IOS Quality

Cross Platform Feature consistency

Faster Feature Time-to-Market

© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 11

Catalyst 4500/4900 IOS Transition

IOS XE 3.0

IOSd – 15.0SG

IOS XE

Sup7-E and later

Sup7-E and future

Supervisors only run

IOS XE

The IOSd will be on

IOS 15.0SG train,

same as classic IOS

branch as Sup6/L-E

IOS

Non-E

Supervisors

4500/4900 12.2SG train

Transition to 15.0SG

train Q4CY2010 Sup6-E

Sup6L-E

Current 12.2SG

train. 12.2(53)SGx is

the Latest EM release

for 12.2SG

Sup6(/L)-E will

remains on classic

IOS with 15.0SG

Rich IOS

Services

Classic IOS

15.0SG

Rich IOS

Services

Classic IOS

15.0SG

IOS XE Application Hosting ExampleWireShark

Embedded WireShark application for real time traffic capture and decoding with customer-familiar user interface

Simplified monitoring and troubleshooting

WireShark hosted as a 3rd party application

Leverages IOS capabilities for selective packet capture

HostedAppsIOSd

Common Infrastructure / HA

Management Interface

Module Drivers

Kernel

WireShark

FeaturesComponents

2HCY11

Software Licensing and Activation on Supervisor 7-E Systems

IP

Base

IP

Base

Enterprise

Services

Feature License

Enterprise ServicesEnterprise

Services

IP Base

Un

ivers

al

imag

e

LAN Base

LAN Base

LAN Base

Cisco IOS Licensing Config

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/white_paper_c11-

579326_ps7078_Products_White_Paper.html

Catalyst 4500 IOS PackagingKey Features

Enterprise Services

BGPv4

IS-IS

EIGRP

OSPF v2/v3

PBR

VRF-Lite

IP-SLA

NSF

Multicast VRF-Lite

IP BASE

In Service Software

Upgrade

Stateful Switchover

EIGRP Stub

OSPF for Routed Access

QinQ

IP SLA Responder

Network Mobility Services

L2PT

Multicast Routing

Embedded Event Manager

HSRP/GLBP/VRRP

Auto QoS

Energywise

POE + IEEE 802.3at

Flexlink+

IGMP/MLD Snooping

Rapid-PVST+

IEEE 802.1x

Smartports

PACL/VACL

LAN BASE

IP BASE

Enterprise

Services

IP Base

Un

ive

rsa

l

ima

ge

LAN Base

Latest Catalyst 4500 Campus InnovationsDelivering Borderless Network Services

Performance Mobility, Collaboration, VideoSecurity

Lower TCOInfrastructure

ServicesSecurity Collaboration Mobility

Role-based access control

Simplified OperationEnergy Efficient

Resilient, Future Proof

Unified Location Services

Medianet, UC

o TrustSec Identity 4.1 (NEAT, CoA, User Distribution, MAC Move & Replace)

o IPv6 first hop security (PACL, RA Guard)

o EEM 3.2

o Smart CallHome

o EnergyWise Phase II

o Auto Smartport

o XML PI

o ISSU

o OSPF for routed access

o IPv6 Enhancements

o IS-IS (v4 & v6)

o Wired location with NMSP

o PoE Plus

o LLDP-MED TLV (DSCP, L2 CoS)

o SAF

o Medianet –Endpoint Auto provision

o Available o 12.2(54)SG

Catalyst 4500E Campus Access Portfolio

Entry

Configurations

Software

POEP Linecards

Data Linecards

Supervisors

WS-X45-SUP6L-E

24G/ slot, 225Mpps

Flexible Twin-Gig Uplinks

WS-X4648-RJ45-E

WS-X4648-RJ45V-E

IP Base IOS

WS-C4503-E , WS-C4506-E Upto 240 port Access Configurations

Investment protection with backward compatibility

1:2, 48 port Data only RJ45

10/100/1000

1:2 48 port POEP line card

10/100/1000

FHRP, RIPv2, PIM stub

Premium

Configurations

WS-X45-SUP7-E

48G/ slot, 250Mpps

Flexible SFP+ Uplinks

10 slot Chassis support, Netflow

WS-X4748-RJ45V+E

Enterprise Services IOS

WS-C4507R+E , WS-C4510R+E Upto 384 port Access configurations

Maximum Uptime with Supervisor Redundancy

1:1 48 port POE+ 10/100/1000

30W/ port (IEEE802.3at standard PoE-

Plus) on all 48 ports

Cisco Trustsec ready

Route Scalability, Full OSPF, NSF , PIMSM/SSM

848Gbps/slot system

WS-X4748-RJ45V+E 10/100/1000 POE+ LC

48 port non blocking 10/100/1000 POE + Line card

30W POE+ ( IEEE 802.3at ) on all 48 ports

Compatible with Supervisor 7-E , all E and all E+ chassis

IEEE 802.1ae Macsec Link encryption on all ports. Key exchange using IEEE 802.1X REV / Macsec Key Agreement **

Per port power consumption and reporting

** Hardware ready , software post FCS

Next Generation Access LinecardWS-X47xx PoE Line CardTarget FCS: Q1CY11

NGPoE+ (Intelligent 60W PoE/Port)

IEEE 802.3az (Energy Efficient Ethernet)

IEEE 802.1AVB (Audio Video Bridging)

IEEE 1588 (Boundary Clock)

NGPoE+ 60W PoE with max. line card budget of 1500W

Estimate Cable loss with intelligent diagnostics

LLDP enhancement to negotiate beyond 30W

Power X-Generation applications

IP Turrets in financial trading floors

Integrated Virtual Desktop Clients

Audio Video Bridging X-Generation standard for media applications

802.1Qat Stream Reservation

802.1Qav Queuing Enhancements for Time Sensitive Streams

802.1AS Network Timing and Synchronization

Energy Efficient Ethernet Compliant with IEEE 802.3az for:

100/1000 Base-T

Power consumption is based on link utilization

Green: Save up to 1W per link

Mandatory for Energy Star Compliance*

IEEE 1588 Accurate Clock Synchronization over Network

Key applications include

Financial trading floors

Industrial automation

* Energy Star requirements for enterprise switches expected to be published mid-2011

Next Generation Access Linecard 47xx Data Line Card

48 Port 10/100/1000 RJ45, Non-blocking Data line card

IEEE 802.3az (Energy Efficient Ethernet)

Power consumption is based on link utilization

IEEE 802.1AVB (Audio Video Bridging)

802.1Qat Stream Reservation

802.1Qav Queuing enhancements for Time sensitive streams

802.1AS Network Timing and Synchronization

IEEE 1588

Cisco TrustSec

Q1CY2011*

Catalyst 4500 Campus Distribution Portfolio

Base

Configurations

Software

10G Line cards

GE Line cards

Supervisors

WS-X45-SUP6L-E 24G/ slot, 225Mpps

Flexible Twin-Gig Uplinks

WS-X4612-SFP-E

WS-X4606-X2-E

IP Base IOS

WS-C4503-E , WS-C4506-E

Low Density Configurations

Non Redundant Option for two-chassis Distribution designs

1:1, 12 port SFP

12 port scale increment

2.5:1, 6 port 10G

VSS Ready

G/10G Flexibility with X2

FHRP, RIPv2, PIM stub

Premium

Configurations

WS-X45-SUP7-E 48G/ slot, 250Mpps

Flexible SFP+ Uplinks

10 slot Chassis support, Netflow

WS-X4624-SFP-E

WS-X4712-SFP+E

Enterprise Services IOS

WS-C4507R+E , WS-C4510R+E

High Density configurations

Maximum Uptime with Supervisor Redundancy

1:1, 24 port SFP

24 port scale increment

2.5:1, 12 port 10G with MacSec

VSS Ready

G/10G Flexibility with SFP+

VRF-Lite, VRF aware services, Full OSPF, NSF, PIM SSM

Catalyst 4500 - Fiber Line cards Transitions

WS-X4712-SFP+E WS-X4624-SFP-E

Hig

h D

ensity

Low

Density

24 ports 1:1 non blocking SFP

196 ports/ system 12 ports 2.5: 1, 10GE

1G/ 10G flexibility, LRM SFP+

WS-X4606-X2-E

6 ports, 2.5:1 10G

1G/ 10G flexibility, LRM X2

NEW

GE Fiber 10G Fiber

NEW

WS-X4612-SFP-E

12 ports, 1:1 non blocking SFP

Entry point pricing

Granular 12 port increments

Why Transition?

- GBICs instead of SFP

- 6G/ slot

- Old Technology

- Shipping since 1999

- Old Supervisors EoS

- To be End of Sale’d soon:

WS-X4418-GB

WS-X4506-GB-T

TRANSITION

OLD LINECARDS

NEW High Performance E-Series Options

List $20,000 List $26,995

List $15,000 List $5,995

WS-X4712-SFP+E 12 port 10GE Fiber LC

* Hardware ready , software post FCS

12 port 10GE line card 2.5:1 oversubscribed

Increases the 10GE port density on 4500E to 96 10GE ports

SFP+ optics for 10GE . SFP optics for 1GE

All ports can be used as 1GE ports with SFP optics

IEEE 802.1ae Macsec link encryption on all ports. Key exchange using IEEE 802.1X REV / Macsec Key Agreement ( MKA )*

Dynamic speed selection based on SFP type

Works with Supervisor 7-E and 4503E , 4506E , 4507R+E , 4510R+E chassis

High performance

Next-gen ASIC enables scalable and high-

performance NetFlow monitoring, supports up

to 128K cached flows

Flexibility

User-defined flow records reusable in different

flow monitors for different applications with per-

port, per-VLAN, or per-port-per-VLAN

granularity

Extensibility

In-depth traffic visibility allows monitoring extensive key and non-key fields, including Layer 2, Layer 3 (IPv4 or IPv6), Layer 4 header fields.

Broad Partner Ecosystem

Version 9 (the most flexible) format exported to a wide range of industry netflow collectors

Flexible NetFlow on Catalyst 4500 Supervisor 7-ENext Generation Application, Performance, Security, and Visibility

New

Flexible NetFlow

Traditional NetFlow vs. Flexible NetFlow

Traditional NetFlow

SrcIf SrcIPaddDstIf DstIPadd Protocol SrcPort DstPort

Fa1/0 173.100.21.2Fa0/0 10.0.227.1211 00A2 00A2

Fa1/0 173.100.3.2Fa0/0 10.0.227.126 15 15

Fa1/0 173.100.20.2Fa0/0 10.0.227.1211 00A1 00A1

Fa1/0 173.100.6.2Fa0/0 10.0.227.126 19 19

NetFlow Cache

Fixed 7 keys Export

Export

Export

Export

Destination 1

Destination 2

Destination 3

Flow cache 1DstIPadd Protocol TOS

10.0.227.12 11 80

10.0.227.12 6 40

10.0.227.12 11 80

10.0.227.12 6 40

Protocol TOS Flgs

11 80 10

6 40 0

11 80 10

6 40 0

SrcIf SrcIPadd DstIf

Fa1/0 173.100.21.2 Fa0/0

Fa1/0 173.100.3.2 Fa0/0

Fa1/0 173.100.20.2 Fa0/0

Fa1/0 173.100.6.2 Fa0/0

Flow Monitor 1

Flow Monitor 2

Flow Monitor 3

Flow cache 2

Flow cache 3

IGPs

Incoming VLAN

traffic mapped to

VRF

Each VRF

requires a sub-

int, IP address,

and VLAN ID

Today: VRF-Lite

A hop-by-hop virtualization Technology

Segmentation, guest, reduce cost

Configuration and operation can be complex

L2

L3

Next Gen Campus Virtualization

VRF-NG – Simplified Operations

―VNET trunk‖ to simplify provisioning

Virtual CLI context for easy troubleshooting

Support shared services with IGP

Work with existing VRF-aware services

Fully Interoperable with VRF-Lite and MPLS

IGPs

Incoming VLAN traffic

mapped to VRF

VNET trunk

multiplexes VRF

traffic. No sub-

interface needed.

Only one IP address

VNET Tag

L2

L3

Campus

Campus

Catalyst 4500 Virtual Switching System

Single point of mgt, one L2/L3 node

Loop-free topology

Operational consistency with Cat6K VSSSiSi SiSi

VSS

Campus

Requires Sup7-E

Support E-series chassis (R and non-R)

Supports all existing LCs

46xx and 47xx 10G links & Sup7-E

uplinks support VSL

Feature parity w/ standalone switch in IP

Base and above

Support L2 MEC

Support L3 MEC and Dual Sup*

Inter-Chassis SSO/NSF

Inter-Chassis ISSU

Operational Simplicity

Hardware Support

Software Support

*post FCS

Catalyst 4500 Campus SecurityMACSec

Encrypted links Benefits

Protect data integrity, confidentiality and meet compliance needs

Prevents man-in-the-middle attacks

Campus Deployment Scenarios

Building-to-building encryption

Host-to-Access switch: Prevent man-in-the middle attacks

Why MACSec

Standard-based L2 HW line rate encryption (Sup7-E uplinks and 47xx LCs)

Hop-by hop encryption: Security without impacting network services (QoS, NetFlow etc)

CampusAAA

IPv6-

only site

IPv4+IPv6 site

IPv6IPv4

Catalyst 4500E IPv6 Ready Campus

Forwarding in hardware at line rate

Dual stack forwarding

Security

IPv6 Migration Ready

High Performance

Secure access perimeter with IPv6 First Hop Security

IPv6 app. visibility with Flexible NetFlow

Robust IPv6 Ready Infrastructure

OSPFv3, EIGRP, IS-IS, BGP, HSRPv6, Fast Convergence*

Optimized App & Video Delivery

IPv6 Qos, MLDv2/v3, PIM SM/SSM for IPv6

Management Plane Migration

SYSLOG, SNMP, Telnet, SSHv6, TACACS+*, RADIUS*, TFTP*, FTP*, NTP* over IPv6

WAN

IPv4-

only site

Dual Stack

IPv4 address depletion in 2011

Endpoint IPv6 ―on‖ & ―preferred‖

National IT Strategy

Infrastructure Evolution

*roadmap

Catalyst 4900 Top of Rack Portfolio1

0 G

E A

cce

ss Fiber Access

1 G

E A

cce

ss

Copper Access

16X 10GE-T, 8X 10 GE Fiber

Bandwidth 320Gpbs

Cisco Catalyst 4900M

New

• Full featured 1Gig server access

• Double the uplink capacity

• Datacenter optimized airflow• Netflow lite

Cisco Catalyst 4948E

Cisco Catalyst 4900M

• 1G / 10G modular flexibility

• Optimized for middle of the row

• Non blocking north to south

24X 10 GE

Bandwidth 320Gpbs

Cisco Catalyst 4900M

Cisco Catalyst 4948

• Datacenter grade

• Redundant power and cooling

• Full L2/3 features

• Line-rate Multicast

10GE UplinkGE Uplink

New

Cisco® Catalyst 4900M 8-Port 10GBase-T Line Card

Deployment Areas

• Data Center Access

• Data Center Distribution

Key Features• 8 port, 2:1 oversubscribed 10GBase-T line card

• 1/10GE auto-negotiating

• 802.3an compliant

• Up to 100 meters reach

• Same fit form and function as other half cards for the Catalyst 4900M

• Interoperability – works with all 802.3an standard NIC and MAC

Cisco Catalyst 6500 Update

Miroslav Brzek

mibrzek@cisco.com

Cisco Catalyst 6513-E Series Switch

Density & Scalability (w/Sup2T)

80 Gbps on all 13 slots

2 Tbps system performance scaling to 4 Tbps with VSS

Up to 180 ports of 10G and 534 ports of 1G per System

Superior PoE/ePoE Capacity

500+ PoE/ePoE Support per System

Maximum Power 14,500 W

Ease of Manageability

Rear-serviceable fan tray

Ideal for deployment in 2-post racks

Catalyst® 6513-E chassis paving the way to 2 Terabits switching ! List Price $16,000

16 Port 10G Copper 16-Port 10Gbase-T Module

Feature Highlights

16 ports of 10Gbase-T – IEEE 802.3an compliant

40G Fabric Interfaces– Compatible with Sup2T and Sup720

Copper-based Virtual Switch Link (VSL) Support

387 Watt of Power Usage per Card

Network Design Validation

Borderless Network Campus 1.0 Design Guide

Interoperability

Interoperability – works with all 802.3an standard NIC and MAC

First Modular Platform in industry to ship 10G Copper !

WS-X6716-10T-3CList Price $22,500

WS-X6148E-GE-45AT48-Port 1G PoE+ capable (IEEE 802.3at)

Feature Highlights

48 port 10/100/1000 RJ45 PoE/ePoE & PoE+

Field upgradable PoE+ daughter card

PoE/ePoE & PoE+

500+ PoE/ePoE support at FCS

PoE+ capable

Investment Protection

Supported by future Sup2T

500+ PoE/ePoE in a fully configured 6513-E chassis!

Side to Side Airflow Chassis: 6509ESupervisor: VS-Sup720-10G6000W AC Dual Power supply &9E Fan Tray

WiSM

FWSM

1G10G

2 * FWSM Modules 20 VC License, 2M Concurrent Connections1 * WiSM Module8G G, 300AP, 10, 000 clients

16 port 4:1 oversubscribed 10G module OR24 port 1GSFP module

Borderless Services Node

Product SKU What’s

Included

List Price Bundle Price Service

Pricing

8X5XNBD

BSN09E-

VS720-10G

•WS-C6509-E•2 * WS-CAC-6000W•WS-C6509-E-FAN •VS-S720-10G-3C•2 * WS-SVC-FWM-1-K9•2 * FR-SVC-FWM-VC-T1 •WS-SVC-WISM-1-K9•WS-X6716-10G-3C•IP Services Software

$239,000 $160,000 $13,440

BSN09E-

VS720-1G

•WS-C6509-E•2 * WS-CAC-6000W•WS-C6509-E-FAN •VS-S720-10G-3C•2 * WS-SVC-FWM-1-K9•2 * FR-SVC-FWM-VC-T1 •WS-SVC-WISM-1-K9•WS-X6724-SFP•IP Services Software

$214,000 $140,000 $11760

Borderless Services NodePricing

33% Off

35% Off 35% Off

26% Off

Data Center Services Node

Aggregate list price (w/o discount) - $325K

9-slot Bundle list price : $180K

6-slot Bundle list price : $175K

3 * FWSMModules

1 * ACE20Module (16 Gbps License)

20 Virtual Contexts (FWSM&ACE20)

Side to Side Airflow Chassis: 6509E/6506EOR

Front to Back Airflow Chassis: 6509-V-E Supervisor: Sup720-10G 4 port non-blocking 10G module Flexible Power Supply option (AC or DC)

45% OFF

Net

wo

rkSe

rvic

esP

rici

ng

Catalyst 6500 Next Generation Platform

2 Terabit Switching

10G &40Ginterfaces

Next GenServices

FeaturesScalability

Next-Generation 6500 Platform Components

80 Gbps Backplane Earl 8 Lite and Heavy Versions X2 Transceiver Form Factor or SFP+ withOneX Adapter CTS and L2 Encryption IEEE 802.1ae on allports - wire speed Virtual Switch Link supported on all ports OTV and LISP Ready

IEEE 802.3ba Standard Compliant 80Gbps Backplane CFP Transceiver Form Factor Earl8 Lite and Heavy Versions Convertible to 16p 10GbE ports via SFP+ via FourX Adapter CTS and line rate 10G/40G L2 encryption Virtual Switch Link supported on all ports OTV and LISP ready

Sup 2T 8 Port 10GbE 1:1

(2QCY2011)

Sup2T Target Release 2QCY2011

Target Release 2HCY2011

4p 40GbE or16p 10GbE 2:1

PFC4 - Hw Feature Summary

PFC4 - Default PFC (EARL8)FIB & Netflow @ 256K entries

PFC4XL - Upgrades FIB & Netflow Table to 1M entries

PFC4

• Increased MAC Table (128K)

• L2 Bridge Domains (16K)

• L3 Logical Interfaces (128K)

• Increased Forwarding (60Mpps)

• Increased Throughput (80Gbps)

Scalability

• Native (H)VPLS

• MPLS Aggregate Labels (16K)

• Multi-point EoMPLS

• L2oGRE

• VRF-based NAT & FnF

Virtualization

• IPv6 Tunneling in FIB

• Unicast RPF for IPv6

• IPv6 Multicast in FIB

• 512K Multicast Routes

• IGMPv3 / MLDv2 Snooping

IP Routing

• Cisco TrustSec & SGACL’s

• Increased ACL TCAM (256K)

• Increased ACL Labels (16K)

• Per-Port / Per-VLAN QoS

• Distributed Policers (512)

QoS & Security • Flexible Netflow (FnF)

• Egress Netflow

• L2 (per VLAN) Netflow

• TCP Flags

• Per-Protocol Counters

MonitoringNew & Improved

– NDA Material

VSS Quad-Sup Uplink Forwarding

• VSS Quad-Sup design significantly improves network downtime.

• Inter-chassis redundant supervisor minimizes impact on network capacity.

• Provides flexibility to utilize all 10G & 1G stand-by supervisor uplink ports.

100%

50%

0%

Network Impact with Single-Sup

Single-Home Devices

MEC (Dual-Home) Devices

Supervisor Failed

100%

50%

0%

Network Impact with Dual-Sup

Un-deterministic Network

Recovery *

Deterministic

Network

Recovery

VSS Domain

Active

Warm

Standby

Hot

Standby

Warm

Standby

New

12.2(33)SXI4

Catalyst 6500 12.2(33)SX IOS Roadmap

VSS Service Modules FWSM, IDSM,

WiSM, ACE 512 MECs

High Availability EFSU GLBPv6, HSRPv6 Multicast HA Support for group to

RP mappings

SXI1 VSS in IP Base

SXI2a X2-SFP+ 6000W PS SIP-400 1x10GE CSM and SSL Module IPv6 with VSS MPLS with VSS BFDSSO 802.1agCFM Draft 8.1

SXI3 and beyond Patching Deprecated New Safe Harbor

12.2(33)SXIShipping

Hardware ES+XT-4TG3C (and XL) – 4x10G

Hqos AVM (App Visibility and Monitoring) NAM10 Service Module Support new 10G WISM X2 10GBase-T

Borderless Networks and DC NEAT mLACP (for L2 access ports) 256 Port channels (from 128 today) Multi-auth with VLAN

Assignment/VMs NTPv4 for IPv6 TACACS+ for IPv6 EoMPLS NSF/SSO Energywise Phase III VRF/VLAN Aware TrustSec Storm control errdisable & SNMP

trap

10GDCI Leadership ES40 VSS Support ES40 with A-VPLS/A-VPLS over

GRE VSS - IPSec Support VPN SPA Flexible VLAN translation VPLS IRB/SVI Routing Feature

12.2(33)SXJFCS—April CY2011

Hardware 16 Port 10G Base T ACE-30 48 Port 1GPoEP Capable LC

VSS VSSQuad Sup Uplink Forwarding SIP-400 on VSS

Borderless Networks SAF EnergyWise Ph. I & II MPLS Egress Netflow TrustSec 1.5

IPv6 and Multicast PACL for IPv6 RA Host Guard Mode for IPv6 Multicast NAT Service Reflect

DCI Leadership VPLS Mac Address Withdrawal Active/Active Load Balancing for

VPLS/VPLSoGRE aka FAT PW VPLS HA (NSF/SSO) Enterprise-Friendly CLI for DCI

12.2(33)SXI4aShipping

Available Today

Netflow InnovationsSup2T with PFC4/DFC4 scales up to 13M Netflow

entries for virtualized environmentsScale

Sup2T with CPU-bound NDE to provide more

optimal CPU utilizationCPU

Sup2T supports hardware-based sampling methods

for high-flow backbone environmentsSampled

Netflow

Sup2T can support flow collection in both ingress

and egress directions for multi-protocols (IPv4,

IPv6, multicast, MPLS)

Multi-

protocol

Sup2T supports Flexible Netflow (FNF) which offers

the ability to monitor a wider range of packet

information and eliminating flow mask conflicts with

other features

Flow

Mask

Rigidity

Trustsec on 6500Identity-enabled network services architecture for the Borderless Network

802.1X

Protected

Resources

IP Phones

Supplicant

Users,

Endpoints

Guest User

Source SGT Assignment via 802.1X, MAB, Web Auth

SXP

SXP

IP-SGT Binding Exchange vis SXP

Sup2T applies SGT

SGACL Enforcement • Encryption Link to Link* and Downlink (MACSec)

SGT Assignment

SXP (SGT-IP Binding)

Authentication via 802.1x, MAB, WebAuth

NEAT, Multi Auth, MAC move, MAC Replace, Identity Port MappingIdentity

Encryption802.1 AE (key mgt) SAP

802.1x REV MKA (2012)

SGACL (a.k.a. RBACL)

Subnet to SGT Mapping

VLAN to SGT mapping,

L2/L3 SGT Handling

L2 RBACL, IPv6 RBACL,

VRF/VLAN aware TrustSec

FIPS 140-2 Compliant

Linksec for VSL

Supported on –

8p 10G 1:1 LC at line rate

4p 40G 2:1 / 16p 10G 2:1

Sup2T Uplinks

Ready for Trustsec in CY11

MPLS-based LAN Extensions

MPLS

IP

DC-2

Vlan 1-1000

DC-1

EEM

STP

EEM

STP

Vlan 1-1000 Vlan 1-1000

Main Issues

#1. Complex Edge Redundancy

#2. Sub-optimal Bandwidth Utilization

#3. VPLS Configuration Complexity

The A-VPLS Virtual Ethernet Solution

nPE

Agg

Agg

nPE

VSS system

Agg

Agg

IP/MPLS Cloud

AggAgg

VSL VSL

VSS system

Up to 8 equal cost paths between any two sites

Flexible transport: IP or MPLS

Representation via a single Virtual Ethernet interfaceLoadbalancing at L2/L3/L4

LSP/GRE

Tunnel

A-VPLS (FAT) Pseudowire – Single Virtual Ethernet across Multiple Interfaces

Efficient Load Balancing

Advanced VPLS (A-VPLS)

Leverages VSS MEC for DCI

L2/L3/L4 Flow Based Balancing

Simplified Edge Redundancy

Optimal Bandwidth Utilization

Flexibility to trunk VLANs over either an MPLS or IP transport easily

Sub-1 second fail-over

Integration with existing VPLS solutions