Upload
feyn987
View
42
Download
0
Embed Size (px)
DESCRIPTION
dd
Citation preview
Novinky v oblastech Cisco routing & switching
Miroslav Brzek
Jaroslav ek
Radek Boch
Agenda
9:30-10:30 Novinky v modulrnch pepnach Catalyst 4500 a 6500
10:30-10:45 Pestvka na kvu
10:45-11:45 Novinky v oblasti pepna 3560-X/3750-X/2960-S, IE3000, nov vlastnosti IOS, LMS4.0 a EnergyWise
11:45-12:15 Oberstven
12:15-13:15 Aktuln novinky v adch smrova ASR a ISR
13:15-13:45 IOS roadmap pedstaven hlavnch smr rozvoje Cisco IOS
Cisco Catalyst 4500-E/4900 Update
Miroslav Brzek
Next Generation Cisco Catalyst 4500-E System
Catalyst 4500E and 4500E+ Chassis
848Gbps Switching Capacity48G/slot
Rich hardware features (FnF, TrustSec, Wireless, ERSPAN,
Tunneling, VRF-NG, VSS and more
Supervisor 7-E
48p 10/100/1000 non-blocking48Gbps/Slot
30W/port (PoE+) on all 48 portsCisco TrustSec in Hardware
Jumbo frame support
WS-X4748-RJ45V+E
12 PORT 10GE 2.5:1 Line CardCisco Trustsec in Hardware
Jumbo Frame support
WS-X4712-SFP+E
Modern OS to leverage next-gen switching HW
Enabling Open Service Platform
Cisco IOS-XE
Catalyst 4500E Chassis Portfolio
E Series chassis designed to support higher bandwidth per slot line cards . The
chassis provides 24G to 48G of bandwidth per slot with next generation supervisor
providing Investment Protection
WS-C4507R+E and WS-C4510R+E chassis add support for 48G/slot Existing supervisors also support the +E chassis The +E chassis is priced lower than the corresponding E chassis
WS-C4503-E (48G/slot)
3 slot chassis
With single
Supervisor
WS-C4506-E
(48G/slot)
6 slot chassis
With Single
supervisor
WS-C4507R-E (24G/slot)
WS-C4507R+E (48G/slot)
7 slot chassis
With Redundant
Supervisors
WS-C4510R-E (24G/slot)
WS-C4510R+E (48G/slot)
10 slot chassis with
Redundant supervisors
Per Slot Bandwidth in 10 and 7 Slot Chassis
24G24G24G24G
Supervisor 6-ESupervisor 6-E
24G6G6G6G
WS-C4510R-E
24G24G24G24G
Supervisor 7-ESupervisor 7-E
24G24G24G24G
WS-C4510R-E
48G48G48G48G
Supervisor 7-ESupervisor 7-E
48G48G48G48G
WS-C4510R+E
24G
24G
24G
24G
Supervisor 6/6L-ESupervisor 6/6L-E
24G
WS-C4507R-E
24G24G
24G24G
Supervisor 7-ESupervisor 7-E
24G
WS-C4507R-E
48G
48G
48G
48G
Supervisor 7-ESupervisor 7-E
48G
WS-C4507R+E
Introducing Supervisor Engine 7-ENext Generation Cisco Catalyst 4500
48GB/Slot Performance Mix with Classic Cards with No Performance Hit
Orderable Now!$19,995
250Mpps
Dual Core Processor
848Gbps total switching capacity
48Gbps/Slot
4 line-rate 10GE Uplink ports
SFP/SFP+ port flexibility on uplinks
Flexible Netflow support
IPv6/IPv4 Dual Stack
Cisco TrustSec in hardware*
Hardware based tunneling*
NAT*
ERSPAN*
* Supervisor7E capable of these features in HW. But its not supported in software at FCS
Supervisor 7-E Uplink ConfigurationsSingle Supervisor
10GE 10GE10GE 10GE
1GE 1GE 1GE 1GE
10GE10GE 1GE 1GE
1GE 1GE10GE 10GE
40G
4G
22G
22G
Supervisor 7-E uplinks can either operate in 10GE or 1GE mode
All modes are non-blocking
Any port can be used as 1GE or 10GE without any limitation
Speed selection is dynamic based on Optic type SFP / SFP+
Operationally simple
Supervisor 7-E Uplink ConfigurationsRedundant Supervisor
Supervisor 7-E uplinks can either operate in 10GE or 1GE mode
All modes are non-blocking
Different port speeds can be used on the same or across supervisors
Speed selection is dynamic based on optic type SFP/SFP+
Operationally simple
Inactive
10GE 10GE40G
10GE 10GE
1GE 1GE4G
1GE 1GE
10GE 10GE22G
1GE 1GE
10GE 1GE22G
10GE 1GE
IOS
FeaturesComponents
InfraMgmt
DriversKernels
IOS Classic IOS XE
HostedApps /
Services
IOSd
FeaturesComponents
Common Infrastructure / HA
Management Interface
Module Drivers
Kernel
IOS-XE
Modern IOS to enable multi-core CPU Allows Lower TCO capabilities such as silent roll, single sup ISSU
Smooth migration and investment protection with consistent IOS look & feel
Fast adoption of latest Borderless Networks Services
Enables open application platform
Next-Gen OS ArchitectureEnabling Integrated Open Service Platform
I5.0 Feature Componentization
Source Code Modularity (Routing,
QoS , Multicast, IPv6 ) Improved IOS Quality Cross Platform Feature consistency Faster Feature Time-to-Market
2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 11
Catalyst 4500/4900 IOS Transition
IOS XE 3.0
IOSd 15.0SG
IOS XE
Sup7-E and later
Sup7-E and future Supervisors only run
IOS XE
The IOSd will be on IOS 15.0SG train,
same as classic IOS
branch as Sup6/L-E
IOS
Non-E
Supervisors
4500/4900 12.2SG train
Transition to 15.0SG train Q4CY2010 Sup6-E
Sup6L-E
Current 12.2SG train. 12.2(53)SGx is
the Latest EM release
for 12.2SG
Sup6(/L)-E will remains on classic
IOS with 15.0SG
Rich IOS
Services
Classic IOS
15.0SG
Rich IOS
Services
Classic IOS
15.0SG
IOS XE Application Hosting ExampleWireShark
Embedded WireShark application for real time traffic capture and decoding with customer-familiar user interface
Simplified monitoring and troubleshooting
WireShark hosted as a 3rd party application
Leverages IOS capabilities for selective packet capture
HostedAppsIOSd
Common Infrastructure / HA
Management Interface
Module Drivers
Kernel
WireShark
FeaturesComponents
2HCY11
Software Licensing and Activation on Supervisor 7-E Systems
IP
Base
IP
Base
Enterprise
Services
Feature License
Enterprise ServicesEnterprise
Services
IP Base
Un
ivers
al
imag
e
LAN Base
LAN Base
LAN Base
Cisco IOS Licensing Config
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/white_paper_c11-
579326_ps7078_Products_White_Paper.html
Catalyst 4500 IOS PackagingKey Features
Enterprise Services
BGPv4
IS-IS
EIGRP
OSPF v2/v3
PBR
VRF-Lite
IP-SLA
NSF
Multicast VRF-Lite
IP BASE
In Service Software
Upgrade
Stateful Switchover
EIGRP Stub
OSPF for Routed Access
QinQ
IP SLA Responder
Network Mobility Services
L2PT
Multicast Routing
Embedded Event Manager
HSRP/GLBP/VRRP
Auto QoS
Energywise
POE + IEEE 802.3at
Flexlink+
IGMP/MLD Snooping
Rapid-PVST+
IEEE 802.1x
Smartports
PACL/VACL
LAN BASE
IP BASE
Enterprise
Services
IP Base
Un
ive
rsa
l
ima
ge
LAN Base
Latest Catalyst 4500 Campus InnovationsDelivering Borderless Network Services
Performance Mobility, Collaboration, VideoSecurity
Lower TCOInfrastructure
ServicesSecurity Collaboration Mobility
Role-based access control
Simplified OperationEnergy Efficient
Resilient, Future Proof
Unified Location Services
Medianet, UC
o TrustSec Identity 4.1 (NEAT, CoA, User Distribution, MAC Move & Replace)
o IPv6 first hop security (PACL, RA Guard)
o EEM 3.2
o Smart CallHome
o EnergyWise Phase II
o Auto Smartport
o XML PI
o ISSU
o OSPF for routed access
o IPv6 Enhancements
o IS-IS (v4 & v6)
o Wired location with NMSP
o PoE Plus
o LLDP-MED TLV (DSCP, L2 CoS)
o SAF
o Medianet Endpoint Auto provision
o Available o 12.2(54)SG
Catalyst 4500E Campus Access Portfolio
Entry
Configurations
Software
POEP Linecards
Data Linecards
Supervisors
WS-X45-SUP6L-E
24G/ slot, 225Mpps
Flexible Twin-Gig Uplinks
WS-X4648-RJ45-E
WS-X4648-RJ45V-E
IP Base IOS
WS-C4503-E , WS-C4506-E Upto 240 port Access Configurations
Investment protection with backward compatibility
1:2, 48 port Data only RJ45
10/100/1000
1:2 48 port POEP line card
10/100/1000
FHRP, RIPv2, PIM stub
Premium
Configurations
WS-X45-SUP7-E
48G/ slot, 250Mpps
Flexible SFP+ Uplinks
10 slot Chassis support, Netflow
WS-X4748-RJ45V+E
Enterprise Services IOS
WS-C4507R+E , WS-C4510R+E Upto 384 port Access configurations
Maximum Uptime with Supervisor Redundancy
1:1 48 port POE+ 10/100/1000
30W/ port (IEEE802.3at standard PoE-Plus) on all 48 ports
Cisco Trustsec ready
Route Scalability, Full OSPF, NSF , PIMSM/SSM
848Gbps/slot system
WS-X4748-RJ45V+E 10/100/1000 POE+ LC
48 port non blocking 10/100/1000 POE + Line card
30W POE+ ( IEEE 802.3at ) on all 48 ports
Compatible with Supervisor 7-E , all E and all E+ chassis
IEEE 802.1ae Macsec Link encryption on all ports. Key exchange using IEEE 802.1X REV / Macsec Key Agreement **
Per port power consumption and reporting
** Hardware ready , software post FCS
Next Generation Access LinecardWS-X47xx PoE Line CardTarget FCS: Q1CY11
NGPoE+ (Intelligent 60W PoE/Port)
IEEE 802.3az (Energy Efficient Ethernet)
IEEE 802.1AVB (Audio Video Bridging)
IEEE 1588 (Boundary Clock)
NGPoE+ 60W PoE with max. line card budget of 1500W Estimate Cable loss with intelligent diagnostics LLDP enhancement to negotiate beyond 30W Power X-Generation applications
IP Turrets in financial trading floors Integrated Virtual Desktop Clients
Audio Video Bridging X-Generation standard for media applications 802.1Qat Stream Reservation 802.1Qav Queuing Enhancements for Time
Sensitive Streams
802.1AS Network Timing and Synchronization
Energy Efficient Ethernet Compliant with IEEE 802.3az for:
100/1000 Base-T Power consumption is based on link utilization Green: Save up to 1W per link Mandatory for Energy Star Compliance*
IEEE 1588 Accurate Clock Synchronization over Network Key applications include
Financial trading floors Industrial automation
* Energy Star requirements for enterprise switches expected to be published mid-2011
Next Generation Access Linecard 47xx Data Line Card
48 Port 10/100/1000 RJ45, Non-blocking Data line card
IEEE 802.3az (Energy Efficient Ethernet)
Power consumption is based on link utilization
IEEE 802.1AVB (Audio Video Bridging)
802.1Qat Stream Reservation
802.1Qav Queuing enhancements for Time sensitive streams
802.1AS Network Timing and Synchronization
IEEE 1588
Cisco TrustSec
Q1CY2011*
Catalyst 4500 Campus Distribution Portfolio
Base
Configurations
Software
10G Line cards
GE Line cards
Supervisors
WS-X45-SUP6L-E 24G/ slot, 225Mpps
Flexible Twin-Gig Uplinks
WS-X4612-SFP-E
WS-X4606-X2-E
IP Base IOS
WS-C4503-E , WS-C4506-E
Low Density Configurations
Non Redundant Option for two-chassis Distribution designs
1:1, 12 port SFP
12 port scale increment
2.5:1, 6 port 10G
VSS Ready
G/10G Flexibility with X2
FHRP, RIPv2, PIM stub
Premium
Configurations
WS-X45-SUP7-E 48G/ slot, 250Mpps
Flexible SFP+ Uplinks
10 slot Chassis support, Netflow
WS-X4624-SFP-E
WS-X4712-SFP+E
Enterprise Services IOS
WS-C4507R+E , WS-C4510R+E
High Density configurations
Maximum Uptime with Supervisor Redundancy
1:1, 24 port SFP
24 port scale increment
2.5:1, 12 port 10G with MacSec
VSS Ready
G/10G Flexibility with SFP+
VRF-Lite, VRF aware services, Full OSPF, NSF, PIM SSM
Catalyst 4500 - Fiber Line cards Transitions
WS-X4712-SFP+E WS-X4624-SFP-E
Hig
h D
ensity
Low
Density
24 ports 1:1 non blocking SFP
196 ports/ system 12 ports 2.5: 1, 10GE
1G/ 10G flexibility, LRM SFP+
WS-X4606-X2-E
6 ports, 2.5:1 10G
1G/ 10G flexibility, LRM X2
NEW
GE Fiber 10G Fiber
NEW
WS-X4612-SFP-E
12 ports, 1:1 non blocking SFP
Entry point pricing
Granular 12 port increments
Why Transition?
- GBICs instead of SFP
- 6G/ slot
- Old Technology
- Shipping since 1999
- Old Supervisors EoS
- To be End of Saled soon:
WS-X4418-GB
WS-X4506-GB-T
TRANSITION
OLD LINECARDS
NEW High Performance E-Series Options
List $20,000 List $26,995
List $15,000 List $5,995
WS-X4712-SFP+E 12 port 10GE Fiber LC
* Hardware ready , software post FCS
12 port 10GE line card 2.5:1 oversubscribed
Increases the 10GE port density on 4500E to 96 10GE ports
SFP+ optics for 10GE . SFP optics for 1GE
All ports can be used as 1GE ports with SFP optics
IEEE 802.1ae Macsec link encryption on all ports. Key exchange using IEEE 802.1X REV / Macsec Key Agreement ( MKA )*
Dynamic speed selection based on SFP type
Works with Supervisor 7-E and 4503E , 4506E , 4507R+E , 4510R+E chassis
High performance
Next-gen ASIC enables scalable and high-
performance NetFlow monitoring, supports up
to 128K cached flows
Flexibility
User-defined flow records reusable in different
flow monitors for different applications with per-
port, per-VLAN, or per-port-per-VLAN
granularity
Extensibility
In-depth traffic visibility allows monitoring extensive key and non-key fields, including Layer 2, Layer 3 (IPv4 or IPv6), Layer 4 header fields.
Broad Partner Ecosystem
Version 9 (the most flexible) format exported to a wide range of industry netflow collectors
Flexible NetFlow on Catalyst 4500 Supervisor 7-ENext Generation Application, Performance, Security, and Visibility
New
Flexible NetFlow
Traditional NetFlow vs. Flexible NetFlow
Traditional NetFlow
SrcIf SrcIPaddDstIf DstIPadd Protocol SrcPort DstPort
Fa1/0 173.100.21.2Fa0/0 10.0.227.1211 00A2 00A2
Fa1/0 173.100.3.2Fa0/0 10.0.227.126 15 15
Fa1/0 173.100.20.2Fa0/0 10.0.227.1211 00A1 00A1
Fa1/0 173.100.6.2Fa0/0 10.0.227.126 19 19
NetFlow Cache
Fixed 7 keys Export
Export
Export
Export
Destination 1
Destination 2
Destination 3
Flow cache 1DstIPadd Protocol TOS
10.0.227.12 11 80
10.0.227.12 6 40
10.0.227.12 11 80
10.0.227.12 6 40
Protocol TOS Flgs
11 80 10
6 40 0
11 80 10
6 40 0
SrcIf SrcIPadd DstIf
Fa1/0 173.100.21.2 Fa0/0
Fa1/0 173.100.3.2 Fa0/0
Fa1/0 173.100.20.2 Fa0/0
Fa1/0 173.100.6.2 Fa0/0
Flow Monitor 1
Flow Monitor 2
Flow Monitor 3
Flow cache 2
Flow cache 3
IGPs
Incoming VLAN
traffic mapped to
VRF
Each VRF
requires a sub-
int, IP address,
and VLAN ID
Today: VRF-Lite
A hop-by-hop virtualization Technology
Segmentation, guest, reduce cost
Configuration and operation can be complex
L2
L3
Next Gen Campus Virtualization
VRF-NG Simplified Operations
VNET trunk to simplify provisioning
Virtual CLI context for easy troubleshooting
Support shared services with IGP
Work with existing VRF-aware services
Fully Interoperable with VRF-Lite and MPLS
IGPs
Incoming VLAN traffic
mapped to VRF
VNET trunk
multiplexes VRF
traffic. No sub-
interface needed.
Only one IP address
VNET Tag
L2
L3
Campus
Campus
Catalyst 4500 Virtual Switching System
Single point of mgt, one L2/L3 node
Loop-free topology
Operational consistency with Cat6K VSSSiSi SiSi
VSS
Campus
Requires Sup7-E
Support E-series chassis (R and non-R)
Supports all existing LCs
46xx and 47xx 10G links & Sup7-E uplinks support VSL
Feature parity w/ standalone switch in IP Base and above
Support L2 MEC
Support L3 MEC and Dual Sup*
Inter-Chassis SSO/NSF
Inter-Chassis ISSU
Operational Simplicity
Hardware Support
Software Support
*post FCS
Catalyst 4500 Campus SecurityMACSec
Encrypted links Benefits
Protect data integrity, confidentiality and meet compliance needs
Prevents man-in-the-middle attacks
Campus Deployment Scenarios
Building-to-building encryption
Host-to-Access switch: Prevent man-in-the middle attacks
Why MACSec
Standard-based L2 HW line rate encryption (Sup7-E uplinks and 47xx LCs)
Hop-by hop encryption: Security without impacting network services (QoS, NetFlow etc)
CampusAAA
IPv6-
only site
IPv4+IPv6 site
IPv6IPv4
Catalyst 4500E IPv6 Ready Campus
Forwarding in hardware at line rate
Dual stack forwarding
Security
IPv6 Migration Ready
High Performance
Secure access perimeter with IPv6 First Hop Security
IPv6 app. visibility with Flexible NetFlow
Robust IPv6 Ready Infrastructure
OSPFv3, EIGRP, IS-IS, BGP, HSRPv6, Fast Convergence*
Optimized App & Video Delivery
IPv6 Qos, MLDv2/v3, PIM SM/SSM for IPv6
Management Plane Migration
SYSLOG, SNMP, Telnet, SSHv6, TACACS+*, RADIUS*, TFTP*, FTP*, NTP* over IPv6
WAN
IPv4-
only site
Dual Stack
IPv4 address depletion in 2011
Endpoint IPv6 on & preferred
National IT Strategy
Infrastructure Evolution
*roadmap
Catalyst 4900 Top of Rack Portfolio1
0 G
E A
cce
ss Fiber Access
1 G
E A
cce
ss
Copper Access
16X 10GE-T, 8X 10 GE Fiber
Bandwidth 320Gpbs
Cisco Catalyst 4900M
New
Full featured 1Gig server access Double the uplink capacity Datacenter optimized airflow Netflow lite
Cisco Catalyst 4948E
Cisco Catalyst 4900M
1G / 10G modular flexibility Optimized for middle of the row Non blocking north to south
24X 10 GE
Bandwidth 320Gpbs
Cisco Catalyst 4900M
Cisco Catalyst 4948
Datacenter grade Redundant power and cooling Full L2/3 features Line-rate Multicast
10GE UplinkGE Uplink
New
Cisco Catalyst 4900M 8-Port 10GBase-T Line Card
Deployment Areas
Data Center Access Data Center Distribution
Key Features 8 port, 2:1 oversubscribed 10GBase-T line card 1/10GE auto-negotiating 802.3an compliant Up to 100 meters reach Same fit form and function as other half cards for the Catalyst 4900M Interoperability works with all 802.3an standard NIC and MAC
Cisco Catalyst 6500 Update
Miroslav Brzek
Cisco Catalyst 6513-E Series Switch
Density & Scalability (w/Sup2T)
80 Gbps on all 13 slots
2 Tbps system performance scaling to 4 Tbps with VSS
Up to 180 ports of 10G and 534 ports of 1G per System
Superior PoE/ePoE Capacity
500+ PoE/ePoE Support per System
Maximum Power 14,500 W
Ease of Manageability
Rear-serviceable fan tray
Ideal for deployment in 2-post racks
Catalyst 6513-E chassis paving the way to 2 Terabits switching ! List Price $16,000
16 Port 10G Copper 16-Port 10Gbase-T Module
Feature Highlights
16 ports of 10Gbase-T IEEE 802.3an compliant
40G Fabric Interfaces Compatible with Sup2T and Sup720
Copper-based Virtual Switch Link (VSL) Support
387 Watt of Power Usage per Card
Network Design Validation
Borderless Network Campus 1.0 Design Guide
Interoperability
Interoperability works with all 802.3an standard NIC and MAC
First Modular Platform in industry to ship 10G Copper !
WS-X6716-10T-3CList Price $22,500
WS-X6148E-GE-45AT48-Port 1G PoE+ capable (IEEE 802.3at)
Feature Highlights
48 port 10/100/1000 RJ45 PoE/ePoE & PoE+
Field upgradable PoE+ daughter card
PoE/ePoE & PoE+
500+ PoE/ePoE support at FCS
PoE+ capable
Investment Protection
Supported by future Sup2T
500+ PoE/ePoE in a fully configured 6513-E chassis!
Side to Side Airflow Chassis: 6509ESupervisor: VS-Sup720-10G6000W AC Dual Power supply &9E Fan Tray
WiSM
FWSM
1G10G
2 * FWSM Modules 20 VC License, 2M Concurrent Connections1 * WiSM Module8G G, 300AP, 10, 000 clients
16 port 4:1 oversubscribed 10G module OR24 port 1GSFP module
Borderless Services Node
Product SKU Whats Included
List Price Bundle Price Service
Pricing
8X5XNBD
BSN09E-
VS720-10G
WS-C6509-E2 * WS-CAC-6000WWS-C6509-E-FAN VS-S720-10G-3C2 * WS-SVC-FWM-1-K92 * FR-SVC-FWM-VC-T1 WS-SVC-WISM-1-K9WS-X6716-10G-3CIP Services Software
$239,000 $160,000 $13,440
BSN09E-
VS720-1G
WS-C6509-E2 * WS-CAC-6000WWS-C6509-E-FAN VS-S720-10G-3C2 * WS-SVC-FWM-1-K92 * FR-SVC-FWM-VC-T1 WS-SVC-WISM-1-K9WS-X6724-SFPIP Services Software
$214,000 $140,000 $11760
Borderless Services NodePricing
33% Off
35% Off 35% Off
26% Off
Data Center Services Node
Aggregate list price (w/o discount) - $325K
9-slot Bundle list price : $180K
6-slot Bundle list price : $175K
3 * FWSMModules
1 * ACE20Module (16 Gbps License)
20 Virtual Contexts (FWSM&ACE20)
Side to Side Airflow Chassis: 6509E/6506EOR
Front to Back Airflow Chassis: 6509-V-E Supervisor: Sup720-10G 4 port non-blocking 10G module Flexible Power Supply option (AC or DC)
45% OFF
Net
wo
rkSe
rvic
esP
rici
ng
Catalyst 6500 Next Generation Platform
2 Terabit Switching
10G &40Ginterfaces
Next GenServices
FeaturesScalability
Next-Generation 6500 Platform Components
80 Gbps Backplane Earl 8 Lite and Heavy Versions X2 Transceiver Form Factor or SFP+ withOneX Adapter CTS and L2 Encryption IEEE 802.1ae on allports - wire speed Virtual Switch Link supported on all ports OTV and LISP Ready
IEEE 802.3ba Standard Compliant 80Gbps Backplane CFP Transceiver Form Factor Earl8 Lite and Heavy Versions Convertible to 16p 10GbE ports via SFP+ via FourX Adapter CTS and line rate 10G/40G L2 encryption Virtual Switch Link supported on all ports OTV and LISP ready
Sup 2T 8 Port 10GbE 1:1
(2QCY2011)
Sup2T Target Release 2QCY2011
Target Release 2HCY2011
4p 40GbE or16p 10GbE 2:1
PFC4 - Hw Feature Summary
PFC4 - Default PFC (EARL8)FIB & Netflow @ 256K entries
PFC4XL - Upgrades FIB & Netflow Table to 1M entries
PFC4
Increased MAC Table (128K) L2 Bridge Domains (16K) L3 Logical Interfaces (128K) Increased Forwarding (60Mpps) Increased Throughput (80Gbps)
Scalability
Native (H)VPLS MPLS Aggregate Labels (16K) Multi-point EoMPLS L2oGRE VRF-based NAT & FnF
Virtualization
IPv6 Tunneling in FIB Unicast RPF for IPv6 IPv6 Multicast in FIB 512K Multicast Routes IGMPv3 / MLDv2 Snooping
IP Routing
Cisco TrustSec & SGACLs Increased ACL TCAM (256K) Increased ACL Labels (16K) Per-Port / Per-VLAN QoS Distributed Policers (512)
QoS & Security Flexible Netflow (FnF) Egress Netflow L2 (per VLAN) Netflow TCP Flags Per-Protocol Counters
MonitoringNew & Improved
NDA Material
VSS Quad-Sup Uplink Forwarding
VSS Quad-Sup design significantly improves network downtime.
Inter-chassis redundant supervisor minimizes impact on network capacity.
Provides flexibility to utilize all 10G & 1G stand-by supervisor uplink ports.
100%
50%
0%
Network Impact with Single-Sup
Single-Home Devices
MEC (Dual-Home) Devices
Supervisor Failed
100%
50%
0%
Network Impact with Dual-Sup
Un-deterministic Network
Recovery *
Deterministic
Network
Recovery
VSS Domain
Active
Warm
Standby
Hot
Standby
Warm
Standby
New
12.2(33)SXI4
Catalyst 6500 12.2(33)SX IOS Roadmap
VSS Service Modules FWSM, IDSM,
WiSM, ACE 512 MECs
High Availability EFSU GLBPv6, HSRPv6 Multicast HA Support for group to
RP mappings
SXI1 VSS in IP Base
SXI2a X2-SFP+ 6000W PS SIP-400 1x10GE CSM and SSL Module IPv6 with VSS MPLS with VSS BFDSSO 802.1agCFM Draft 8.1
SXI3 and beyond Patching Deprecated New Safe Harbor
12.2(33)SXIShipping
Hardware ES+XT-4TG3C (and XL) 4x10G
Hqos AVM (App Visibility and Monitoring) NAM10 Service Module Support new 10G WISM X2 10GBase-T
Borderless Networks and DC NEAT mLACP (for L2 access ports) 256 Port channels (from 128 today) Multi-auth with VLAN
Assignment/VMs NTPv4 for IPv6 TACACS+ for IPv6 EoMPLS NSF/SSO Energywise Phase III VRF/VLAN Aware TrustSec Storm control errdisable & SNMP
trap
10GDCI Leadership ES40 VSS Support ES40 with A-VPLS/A-VPLS over
GRE VSS - IPSec Support VPN SPA Flexible VLAN translation VPLS IRB/SVI Routing Feature
12.2(33)SXJFCSApril CY2011
Hardware 16 Port 10G Base T ACE-30 48 Port 1GPoEP Capable LC
VSS VSSQuad Sup Uplink Forwarding SIP-400 on VSS
Borderless Networks SAF EnergyWise Ph. I & II MPLS Egress Netflow TrustSec 1.5
IPv6 and Multicast PACL for IPv6 RA Host Guard Mode for IPv6 Multicast NAT Service Reflect
DCI Leadership VPLS Mac Address Withdrawal Active/Active Load Balancing for
VPLS/VPLSoGRE aka FAT PW VPLS HA (NSF/SSO) Enterprise-Friendly CLI for DCI
12.2(33)SXI4aShipping
Available Today
Netflow InnovationsSup2T with PFC4/DFC4 scales up to 13M Netflow
entries for virtualized environmentsScale
Sup2T with CPU-bound NDE to provide more
optimal CPU utilizationCPU
Sup2T supports hardware-based sampling methods
for high-flow backbone environmentsSampled
Netflow
Sup2T can support flow collection in both ingress
and egress directions for multi-protocols (IPv4,
IPv6, multicast, MPLS)
Multi-
protocol
Sup2T supports Flexible Netflow (FNF) which offers
the ability to monitor a wider range of packet
information and eliminating flow mask conflicts with
other features
Flow
Mask
Rigidity
Trustsec on 6500Identity-enabled network services architecture for the Borderless Network
802.1X
Protected
Resources
IP Phones
Supplicant
Users,
Endpoints
Guest User
Source SGT Assignment via 802.1X, MAB, Web Auth
SXP
SXP
IP-SGT Binding Exchange vis SXP
Sup2T applies SGT
SGACL Enforcement Encryption Link to Link* and Downlink (MACSec)
SGT Assignment
SXP (SGT-IP Binding)
Authentication via 802.1x, MAB, WebAuth
NEAT, Multi Auth, MAC move, MAC Replace, Identity Port MappingIdentity
Encryption802.1 AE (key mgt) SAP
802.1x REV MKA (2012)
SGACL (a.k.a. RBACL)
Subnet to SGT Mapping
VLAN to SGT mapping,
L2/L3 SGT Handling
L2 RBACL, IPv6 RBACL,
VRF/VLAN aware TrustSec
FIPS 140-2 Compliant
Linksec for VSL
Supported on
8p 10G 1:1 LC at line rate
4p 40G 2:1 / 16p 10G 2:1
Sup2T Uplinks
Ready for Trustsec in CY11
MPLS-based LAN Extensions
MPLS
IP
DC-2
Vlan 1-1000
DC-1
EEM
STP
EEM
STP
Vlan 1-1000 Vlan 1-1000
Main Issues
#1. Complex Edge Redundancy
#2. Sub-optimal Bandwidth Utilization
#3. VPLS Configuration Complexity
The A-VPLS Virtual Ethernet Solution
nPE
Agg
Agg
nPE
VSS system
Agg
Agg
IP/MPLS Cloud
AggAgg
VSL VSL
VSS system
Up to 8 equal cost paths between any two sites
Flexible transport: IP or MPLS
Representation via a single Virtual Ethernet interfaceLoadbalancing at L2/L3/L4
LSP/GRE
Tunnel
A-VPLS (FAT) Pseudowire Single Virtual Ethernet across Multiple Interfaces
Efficient Load Balancing
Advanced VPLS (A-VPLS)
Leverages VSS MEC for DCI
L2/L3/L4 Flow Based Balancing
Simplified Edge Redundancy
Optimal Bandwidth Utilization
Flexibility to trunk VLANs over either an MPLS or IP transport easily
Sub-1 second fail-over
Integration with existing VPLS solutions