Embed Size (px)
Citation preview
ProSAFE Switch Series
Come strutturare la rete nei livelli
CORE, DISTRIBUZIONE e ACCESSO
Andrea RossiSenior System Engineer
Formazione Online
How to position all this?
NEW Sep 2015
How to position all this?
NEW Sep 2015
NETGEAR Switch Positioning
$4K
Solution price based?
Would also work by weight
$7K
$10K
$12K
$18K
$25K
Indicative pricing only
Sure, would you
want something…
Solution on perceived value?
NETGEAR Switch Positioning
Multi Tier Networking
6
Access layer
End-stations and servers connect to the enterprise at the access layer. Access layer devices are usually commodity switching
platforms, and may or may not provide layer 3 switching services. The traditional focus at the access layer is minimizing "cost-per-
port": the amount of investment the enterprise must make for each provisioned Ethernet port. This layer is also called the desktop
layer because it focuses on connecting client nodes, such as workstations to the network.
Distribution layer
The distribution layer is the "smart" layer in the three-layer model. Routing, filtering, and QoS policies are managed at the
distribution layer. Distribution layer devices also often manage individual branch-office WAN connections. This layer is also called
the Workgroup layer.
Core layer
The core network provides high-speed, highly-redundant forwarding services to move packets between distribution-layer devices
in different regions of the network. Core switches and routers are usually the most powerful, in terms of raw forwarding power, in
the enterprise; core network devices manage the highest-speed connections, such as 10 Gigabit Ethernet.
Multi Tier Networking
7
NETGEAR Switch PositioningSmart Managed Switches
Standalone Smart
+ 250-user or less networks
• Rackmount and Desktop
• Web Management only
• PoE/ PoE+ options
• Essential QoS, VLAN, Multicast, Bandwidth management
• Essential L3 Static Routing (no resiliency, no load-balancing)
• LIFETIME Warranty
• LIFETIME NBD / Technical Chat
Stackable Smart
+ 250-user or less networks
• S3300 series
• True Stacking technology
• 4 x 10G Ports Uplinks / Stacking
• Distributed link aggregation across the stack
• Master redundancy (with couple downtime during failover )
• Rackmount
• Web Management only
• PoE+ options
• Essential QoS, VLAN, Multicast, Bandwidth management
• DHCP L2 Relay
• Essential L3 Static Routing (no resiliency, no load-balancing)
• LIFETIME Warranty
• LIFETIME NBD / Technical Chat
Perfect fit for
SMB networks
NETGEAR Switch PositioningFully Managed Switches
Standalone Managed
+ Networks > 250 users
• M4100, M7100 series
• Telnet, SSH, CLI, Web GUI
• Advanced QoS, VLAN, Multicast, Bandwidth management
• DHCP L2/L3 Relay
• Advanced L3 Static Routing (resiliency, load-balancing)
• Scalable hardware
• Granular software
• LIFETIME Warranty / NBD / Chat
Stackable Managed
+ Networks > 250 users
• M5300, M7300 series
• Full Mesh Stacking technology
• 4 x 10G ports Uplinks / Stacking
• Distributed link aggregation across the stack
• Master redundancy with hitless, non-stop forwarding failover
• Telnet, SSH, CLI, Web GUI
• Advanced QoS, VLAN, Multicast, Bandwidth management
• DHCP L2/L3 Relay
• Advanced L3 Static Routing (resiliency, load-balancing)
• Full Layer 3 (Dynamic Routing)
• IPv6 to IPv4 tunnelling
• Scalable hardware
• Granular software
• LIFETIME Warranty / NBD / Chat
Smart
Stand-
alone
S3300
Stackable
Best fit for Medium Enterprise
and Campus networks
NETGEAR Switch PositioningChassis Switching
Managed Chassis Switch
+ Networks > 250 users
• M6100 series
• 480G Distributed Fabric
• Greater inter-module throughput & performance
• Distributed link aggregation across the chassis
• Supervisor redundancy with hitless, non-stop forwarding failover
• Passive backplane reliability and predictability advantages over typical stacking architectures
• Telnet, SSH, CLI, Web GUI
• Advanced QoS, VLAN, Multicast, Bandwidth management
• DHCP L2/L3 Relay
• Advanced L3 Static Routing (resiliency, load-balancing)
• Full Layer 3 (Dynamic Routing)
• Policy Based Routing for tailored load-balancing and failover capabilities
• IPv6 to IPv4 tunnelling
• Scalable hardware and granular software
• LIFETIME Warranty / NBD / Chat
Smart
S3300
Stackable
Stand-
alone
M4100, M7100
Standalone
M5300, M7300
Stackable
Best fit for Medium Enterprise
and Campus networks
DISCOVER the problems:
Increasing %
of
IT resources
distracted
by legacy
maintenance
needs
Network
Management
Network
Flexibility3-tier networks are complex, costly and hard
to maintain; even harder to upgrade
Disparate network management tools make for
an inefficient network management experience
Network
Availability
Downtimes on a segment of the network lead
to difficult operations restart for VMs and SAN,
RDP or TSE applications, databases etc…
Network
Performance
Uneven wired and wireless user experience
Rising traffic levels posing congestion
challenges
DEVELOPMENT: Value for the customer
Simplified management with policy
enforcement spanning security and access
privileges across multiple device types and
use needs
Simpler two-tier network architectures with
more density, more intelligence at the edge
and less burden for the core layer
Ensure
consistent quality of
service for
evolving user
and growing
bandwidth
intensive
application
needs
Stop spiralling
IT footprint
and costs
Network reliance and importance requires
downtime must be minimised or eliminated,
whether planned or unexpected
Investment protection through architectures
that can both scale and support growing
bandwidth demands
Consistent
Management
Consistent
Flexibility
Consistent
Performance
Consistent
Availability
Performance
+ How much traffic in your network today? And in future?• Northbound / Southbound
• Westbound / Eastbound
+ Where are bottlenecks? Costs to applications, services?
+ Do you measure performance today? (sFlow)North
South
West East
WestEast
Education on Performance
+ All about 1G or 10G speeds between switches
+ Standalone Smart or Managed offer 1G uplinks only
+ Stackable Smart or Managed usually offer 10G uplinks
+ But what about Stacking backplane then? Still couple 10G so blocking when 10G uplinks
+ Chassis offers 8 x 10G access to the backplane per slot northbound/southbound and westbound/eastbound traffic
is WIRE-SPEED on 1G blades even when 4 x 10G
uplinks on each
Network availability
+ How do you backup your network today?• Spanning Tree (too complex? slow convergence time? Does it even work?)
• Stacking, Distributed link aggregations, active-active server topologies?
+ What happens when parts of your network are down?
+ What is the cost of downtime today? And tomorrow?
+ How critical is the network uptime? Single points of failure?
Education on Availability
+ All about how to get rid of Spanning Tree ‘backup’
+ Spanning Tree is slow and too complex for midsize networks
+ Stacking allows for distributed link aggregations hence providing load-balancing AND redundancy / failover capabilities
+ Stacking is all about how FAST the recovery must be
+ Stackable Smart Managed can offer ‘reduced’ downtimes
+ Stackable Fully Managed can offer NSF sub-second failovers’
+ Chassis Switches will allow for Non-Stop-Forwarding in any situation with added predictability over stack (fixed architecture) and more efficient N+1 power redundancy
Network management
+ Do you know about problems before users come to you?• Network map, monitoring, reporting, top-10s metrics and bandwidth utilization
+ Any centralized administration (TACACS, Radius users)
+ Can you automate configuration backup / restore, FW upgrade?
+ Is your network predictable? What is the cost when not?
NMS300 screenshots
Education on Management
+ Management costs are OPEX
+ Solid management platform helps
+ Centralization administration brings automation capabilities for configuration and ongoing management tasks
+ Smart Managed Switches offer Web GUI administration, SNMP monitoring (no -set) and no RADIUS user/admin management
+ Fully Managed Switches add Telnet/SSH automation, RADIUS, TACACS, SNMP-set programming, sFlow performance analysis
+ Both Smart and Fully Managed stacking architectures are disruptive for network monitoring when master ‘changes’ –a new MAC address indicates a new stack to NMS system
+ Chassis switches remain monitored (no MAC address change) when failover / failback operations
Things to explain
Network flexibility
+ Can you easily update your network or make changes?• How many switches total to manage, can you still upgrade / configure them
+ Can you implement new network functions or security enforcements? • Access control, AAA (Radius, NPS / LDAP), MAC addresses authentication
• Network load balancing, routing policies, network redundancy
+ If you can’t, what does it cost
Education on Flexibility - architecture
+ In general, the less switches the better
+ Less management interfaces, less configuration, more standardization
+ Smart Managed, or Fully Managed stacking architectures a good idea for reducing the number of logical units to install and manage
+ Chassis switches even simpler to install (faster than stacks)
+ With stacks or chassis, distributed link aggregation a plus for redundancy and load balancing using LACP
+ Smart Managed switches offer L2 hashing LACP so no load balancing when L3 routing on switches (all packets have same MAC destination = routing interface). Only one default hash
+ Fully Managed and Chassis switches will offer L3 / L4 hashing LACP capabilities for universal load-balancing (7 hash methods)
Education on Flexibility - VLAN routing
+ Traditional flat networks which places all the traffic in a single broadcast domain, can easily overload switch links
+ Instead, VLANs send traffic only where it needs to do with inter-VLAN routing
+ Stackable Smart Managed switches support 15 routed VLANs
+ Smart Managed switches support static routing, with only one route towards a final destination
+ Stackable Fully Managed switches support hundreds of routes, static or dynamic, in both cases with redundant routes and lower priority routes for load-balancing
+ Chassis switches will offer policy based routing for multiple paths which can detect network reachable state in order to direct traffic (ideal for branches with several VPN connections)
Education on Flexibility - VLAN security
+ Cross-VLAN broadcast traffic is prevented, but L3 routing allows hosts in different VLANs to communicate
+ Access Control Lists (ACLs) restrict inter-VLAN access based on policies at L2, L3 or L4 with possible rate limiting
+ Standard ACLs filter on the source when Extended ACLs also look at destination
+ ACLs can be applied at Ingress (traffic coming to the switch from a port or VLAN) and at Egress (traffic going from the switch to a port or a VLAN)
+ Stackable Smart Managed switches offer 100 Extended ACLs up to 50 rules each, at Ingress only and without rate-limiting
+ Stackable Managed switches and Chassis offer 100 Extended ACLs up to 1K rules each at Ingress / Egress and rate-limiting
Education on Flexibility - Access Control
+ Policy enforcement spanning security and access privileges across multiple device types and use needs now a must
+ Radius authentication can also be based on LDAP / domain using MS NPS
+ 802.1x MAC Address Authentication Bypass (MAB) is interesting for 802.1x unaware devices
+ Smart Managed switches support 802.1x Radius
+ Fully Managed switches offer 802.1x Radius with added MAB timeout letting non-802.1x devices bypass the traditional 802.1x process altogether if they have their MAC address registered
+ Chassis switches offer tiered-authentication with 802.1x Radius, MAB authentication after timeout, and then ultimately captive portal authentication for guests for instance
Consider a portfolio as a tool…
And if M6100 effectively can be the solution, conclude that our Chassis is better than Stacking…
+ High Speed Fabric• 4 times interconnect speed
• 1G blades line-rate to the fabric
• 10G blades 3:1 oversubscription
• Equivalent stacking topology would involve 8 x 10G stacking ports for each switch
Performance
+ Modular and Redundant• Everlasting passive backplane
• Highly reliable fabric-based design
• Control and management planes failover
• Centralized Power Management & N+1 PSUs
Availability
+ Stable Behaviour, Including Failover• Supervisor handles control and management
• Secondary supervisor stand-by mode
• Hitless failover can be anticipated
• Hitless failback on demand
Predictability
