1
© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07 1
Cisco Campus Communication Fabric 2
Partner Update - 5.11.2007
Reijo Mäkipää
Consulting Systems Engineer
Cisco Systems Finland
2© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
The Enterprise User and Business Are Changing
� The New Millennial
� Totally connected world without edges
� Largest new work force since the baby boom
� Total technology blend with life
� Mobile, multi-cultural, multi-tasking
TodayReal-time Interaction
and Collaboration
1950s–1990sPaper Communication
Move in Days
1990s–2002Digital “Same Day”
Transactions
2
3© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
• Office Groove 2007 - 21st Century
Collaborative Application
• Peer-2-Peer data distribution
• Decentralized, Unpredictable
Workgroup Traffic Across Campus
• Drives need for application aware
access control, QoS
Killer Applications Will Transform Campus Networking …
3
• Cisco Telepresence - Strategic impact on
executive communication requires a
stronger Service-Level Agreement (SLA)
• Need for secure communications
• Need for highly reliable service
• Need for exemplary application
service and traffic management
4© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
E-mail, chat, & IM PC- & cable telephony Unified messaging
OS ApplicationsDevices &
Regulations
Peer to PeerPeer to Peer
Voice & Data Voice & Data ConvergenceConvergence
VideoVideo
VODVideo & audio streaming Video conferencing
Drives 10 GDrives 10 G
DrivesDrives
VirtualizationVirtualization
& Security& Security
Drives Drives
Deep PacketDeep Packet
InspectionInspection
Drives IPv6Drives IPv6
Music downloadOn-line gaming File Sharing
Windows VistaMAC OS XLINUX
And There is More To Come …
Green
Data Center Environmentals Corporate Green Initiatives
3
5© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
The Campus Communications FabricThe Campus Network
Through 2015…
� Access anytime, anyhow…to anything
� Immediate, enhanced collaboration
� Full protection, compliance a must
� Apply attached resources as needed
� No downtime—scheduled or unscheduled
� Operational autonomics in practice
Campus Networks Transforming into a Business Platform …
ApplicationIntelligence
UnifiedNetwork
Non-StopComms
IntegratedSecurity
VirtualizationOps
Mgmt
BasicControl
HighAvailability
“Wire”Speed
Connectivity
6© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Un
ifie
d N
etw
ork
Serv
ices
Virtu
aliz
atio
n
OperationalManageability
IntegratedSecurity
No
n-S
top
Co
mm
unic
atio
ns A
pp
licatio
n
Inte
lligen
ce
Campus Communication Fabric:Blueprint for Next Generation Architectures
4
7© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Cisco Campus Communication Fabric 2 Launch 7.11.2007
� Cisco Catalyst 4500 E-Series
� Cisco Virtual Switching System 1440
(Catalyst 6500 Supervisor 720-10GE)
8© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Cisco Catalyst 4500 E-Series
Overview
CenterFlexTechnology
5
9© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Introducing Cisco Catalyst 4500 E-Series
Next Generation Cisco Catalyst 4500 Series Extension
E-Series Chassis
E-Series Line Cards
Supervisor 6-E with CenterFlex Technology
10© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
What Is CenterFlex Technology?
Catalyst 4500 E-Series
CenterFlexTechnology
Innovations Enabled by Supervisor 6-E Centralized ASICs
Centralized
� Highest centralized performance
� Low latency / low power draw
� High availability
� Simplified operations
Flexible
� Mix and match new and classic** line cards
� Forward / backward compatibility, investment protection
� User configurable queuing resources
� Dynamic QoS, security, and IPv6 resource allocation
� Higher services capacity
19 New Patents
**Currently shipping non-E-Series line cards, supervisors and chassis
6
11© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Evolution of Centralized Switching Technology
1999
Sup I/II18 MppsL2 Only
2002
Sup II Plus to Sup V
48-72 MppsL2/L3
2007
Sup 6-E250 Mpps
(125Mpps IPv6)320Gbps
L2/L3IPv6
2004
Sup V-10GE102 Mpps136Gbps
L2/L310Gig
14X Increase Since ‘99
12© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Cisco Catalyst 4500 Supervisor 6-E with CenterFlex Technology
Highest Centralized Performance with Low Latency
� 320 Gbps fabric; 250 mpps; 24Gig per slot
� Supported in E-Series and Classic chassis
� Supports both E-Series and Classic line cards with no down speed
� Full redundancy with SSO/NSF/ISSU (phased)
� 2x 10GE or 4x SFP Gig ports
� IPv6 in Hardware
� Twin Gig module support (ships standard)
� User configurable queuing resources (up to 8)
� Dynamic QoS and security resource allocation
� Optimized for IPv4 and IPv6 dual mode / migration
7
13© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
CenterFlex Feature: Flexible Queuing Resources
Challenge
Solution
Benefits
Flexible Resources
Supervisor 6-E with CenterFlex
� Increasingly diverse traffic types and patterns
� Static buffering approach limits network optimization
� Configuring queues
� Flexible, user configurable per port level queues
� Queuing dynamically allocated based on configuration
� Unused resources can be assigned to any port
� Simplified queuing configuration, MQC compliant
� Fine-tune network for diverse applications
� Maximize network bandwidth and performance
� Enhance end user experience
Four Fixed Tx Queues per Port
Up to Eight User Configurable Tx Queues per Port
Classic Supervisors
2X Tx Q’sOf Classic
Sups
CenterFlexTechnology
14© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
CenterFlex Feature:Scalable and Flexible Services Capacity
Challenge
Solution
Benefits
�Catalyst 4500 E-Series Delivers
Two fold services capacity increase
Flexible TCAM resources
� Scale services as needed
� Service deployment flexibility
� Optimization for QoS/security policies
� Investment enhancement and protection
� Increasing Services in the Access—
� VoIP/Video/Security/Telepresence
Classic Supervisors
128k
SecurityQoS
Dedicated Resources
Flexible Resources
32kQoS
32kSecurity
Supervisor 6-E with CenterFlex
CenterFlexTechnology
2X Capacity of
Classic Sups
8
15© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
CenterFlex Feature: Flexible Resources for IPv4 & IPv6 Migration
Challenge
Solution
Benefits
� IPv6 applications appearing in the network
� IPv4 to IPv6 migration
� Performance and scalability compromised
� Increased forwarding table capacity
� Dynamic hardware tables for IPv4 to IPv6 migration
� Hardware-based performance for IPv4 and IPv6 data
� Customers provide end-end IPv4 and IPv6 services
� Customers can mix IPv4 and IPv6 traffic efficiently
AddressTable
(TCAMS)
AddressTable
(TCAMS)
Dynamic Allocation
Supervisor 6-E with CenterFlex
160 bit wide
320 bit wide
IPv4 and IPv6
320 bit wide
160 bit wide
IPv4
IPv6
Typical IPv4/IPv6 Allocations
IPv6 inHardware
CenterFlexTechnology
16© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst Supervisor 6-EUplink Redundancy for 4507R-E and 4510R-E
Supervisor 6-E in 4507R-E 3/1 3/2
4/1 4/2
10 GbE Default Uplink Configuration• 2 x 10GE (Full Line Rate)
Supervisor 6-E in 4507R-E 3/1
4/1
10 GbE Optional Uplink Configuration (phased)
• 4 x 10GE (2:1 Oversubscribed)
3/2
4/2
Supervisor 6-E in 4507R-E 3/3 3/4 3/5 3/6
4/3 4/4 4/5 4/6
GE SFP (with Twin Gig) Default Config• 4 x 1GE (Full Line Rate)
Supervisor 6-E in 4507R-E 3/3 3/4 3/5 3/6
4/3 4/4 4/5 4/6
GE SFP (with Twin Gig) Optional Config• 8 x 1GE (Full Line Rate)
CenterFlexTechnology
9
17© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst 4500 E-Series Copper Line Cards
WS-X4648-RJ45V+E
All E-Series Copper Line Cards ship
standard with PoE
WS-X4648-RJ45V-E
RequiresSup 6-E
48-Port 10/100/1000 PoE� Supports data with future proofing for PoE
� 24-Gig per slot (2:1 oversubscribed)
� Built in 802.3af PoE support
� Line card level temperature sensors
� Mix with classic cards with no performance hit
� Jumbo Frames
48 Port 10/100/1000 Premium PoE
� All capabilities of the PoE line card plus..
� 30 watts per port capable (future SW upgrade, PS ?)
18© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
E-Series 10 GbE Fiber Line Card
� 6-Port 10 GbE “E” Series
� 24-Gig per slot (2.5 to 1 oversubscribed)
� X2 or twin gig module—orderable option
� Mix/match X2/twin gig module
� Jumbo frame support
� Mix with classic cards with no performance hit
WS-X4606-X2-E
RequiresSup 6-E
10
19© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Cisco Catalyst 4500 E-Series Chassis
� Available in 3, 6, 7 (redundant) & 10 slot (redundant)
� Enables high performance E-Series line cards
� Up to 384 10/100/1000 PoE ports or 34 10GbE ports
� Compatible with all shipping Supervisors, Line cards & Power Supplies
� Pricing - same as current chassis
20© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Identifying a Catalyst 4500 E-Series Chassis
Catalyst 4507R-EFront View
Catalyst 4507R-ERear View
Supervisors Now in Slots 3 and 4
5 and 6Cat4510R-E
3 and 4Cat4507R-E
1Cat4506-E
1Cat4503-E
Sup SlotChassis
11
21© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Mix and Match Classic and E-Series
Label Legend
Purple Tab = PoE
Green Tab = 10GE
Red Tab = FE and GE
Blue Tab = Sup
Green Tab = 10GE
Red Tab = FE and GE“E”Series
EasyVisual
Identification
22© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst 4506-E Chassis
�24 Gbps per slot
�24 Gbps per slot
�24 Gbps per slot
�24 Gbps per slot
�24 Gbps per slot
Higher port density with oversubscription
Compatible with all Classic linecards/Sups
120 x GE + 2 x 10 GE nonblocking
�24 Gbps per slot
�24 Gbps per slot
�24 Gbps per slot
�24 Gbps per slot
�24 Gbps per slot
�20 Gbps Uplinks
12
23© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst 4507R-E Chassis
�24 Gbps per slot
�24 Gbps per slot
�Supervisor slot
�Supervisor slot
�24 Gbps per slot
�24 Gbps per slot
�24 Gbps per slot
All Line Card Slots are 24 GbpsSupport E-series & Classic Cards
120 x GE + 2 x 10 GE nonblocking
24© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst 4510R-E Chassis
�24 Gbps per slot
�24 Gbps per slot
�24 Gbps per slot
�24 Gbps per slot
�24 Gbps per slot
� 6 Gbps per slot
� 6 Gbps per slot
� 6 Gbps per slot
�Supervisor slot
�Supervisor slot
Line Card Slots 1,2,3,4,7 are 24 GbpsSupport E-series & Classic Cards
Line Card Slots 8-10 are 6Gbps Support Classic Line Cards
Bottom 3 Slots: Limitation of the Supervisor, not the Chassis!
13
25© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Sup I and II SupII+ : V-10GE Sup6-E
CenterFlex Feature: Catalyst 4500 Investment Protection
1st Gen 2nd Gen 3rd Gen
26© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
CenterFlex Feature: Investment Enhancement Delivered
100%=Investment
=
=
=
=
=
=
=
10%8 GBICs
27%2*48-Port 10/100/1000
24%2*48-Port 10/100
7%6 Port GBIC
15%Supervisor II
5%Dual AC Power
12%Chassis
Enhances classic line cards with CenterFlex Features
Cisco Catalyst 4506 with Supervisor II Upgrade to
Supervisor 6-E with
CenterFlex
85% of Initial Investment IsMaintained!
= 15%Supervisor II
Original Investment
14
27© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Investment Enhancement
� L2 Only
� 2 Tx Q’s ( 136 packets)
� Box Wide L2 Qos
� Port/Telnet Security
� L2 to L4 � Up to 8 dynamic Tx Q’s ( 8K packets)� Per Port L2-L4 classification� Port Security/DHCP Snoop/MiTM etc� L2 to L4 ACL’s� uRPF� Policing� Ipv6� TCAM Scalability
Catalyst 4506 with Supervisor II
Catalyst 4506 Supervisor 6-E with CenterFlex Technology
28© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Extensive Back & Forth Compatibility Summary
E Series Chassis
Supervisor 6-E
Classic Supervisors
E-Series Line Cards
Classic Line Cards
Existing Catalyst 4500 Power Supplies
Mix and Match E Series and Classic
15
29© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Cisco Catalyst 4500 SeriesEvolutionary Centralized Architecture1999 2002 2004 2007 2012
Continued InnovationServices and Performance
Same Line Card
18Mpps 48Mpps 102Mpps
E-Series250 Mpps
10/100/1000
Layer 2
PoE L2/3/4
10 GbESSO
NAC/NSF
ISSUCISF
30© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
2007 Goldman Sachs Report
Exhibit 18: If you are updating Ethernet switching equipment in 2007, what is the primary reason?
Source: Goldman Sachs IT Spending Survey March 2007
New Features
31%
End of Life
34%
Capacity
35%
16
31© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
End of Sale Announced on the Following Products
Dec 2003
Nov 2004
May 2005
Nov 2004
May 2005
Nov 2004
End of Sale
No NetFlow Daughter Card OptionNo DBL, No Redundancy
Supervisor III
Lack of Supervisor IntegrationOccupies a Line Card SlotSeparate IOS SW Image
L3 Services Module
L2 Services Only, Limited QoS, Security, IP-TEL Support and Multicast Support
Supervisor II
L2 Services Only, Limited QoS, Security, IP-TEL Support and Multicast Support
Supervisor I
N+1 PS Redundancy Instead of 1+1, Limited PoE/IP-Tel Capabilities
Catalyst 4006
SUP I Support Only—Limited IP-Tel, Security, QoS, Multicast Functionality
Catalyst 4003
Key LimitationsNO NEW DEVELOPMENT
Product
32© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
What Happened on May 3, 2006 ?
May 3, 2006
The last possible date a routine failure analysis may be performed to determine
the cause of product failure or defect.
End of Routine Failure Analysis
May 3, 2006
For equipment and software that is not covered by a service-and-support
contract, this is the last date to order a new service-and-support contract or add
the equipment and/or software to an existing service-and-support contract.
End of New Service Attachment
May 3, 2006
The last date that Cisco Engineering may release any final software
maintenance releases or bug fixes.
After this date, Cisco Engineering will NO LONGER develop, repair,
maintain, or test CAT OS
End of Cat OS Software Maintenance Releases
DateDefinitionMilestone
http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_eol_notice0900aecd80324aee.html
17
33© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
What are the Recommended Transition Paths ?
= EOS(No new feature development)
= Strategic Direction of Platform
Chassis Transition/Positioning Supervisor Transition
Cat. 4507R-E
LOW-END
INSTALLED BASE/
HIGH-END
Sup 3 and L3 Svcs Module
INSTALLED BASE/HIGH-END
Cat. 4003
Sup 1
Sup 2
Sup V
Sup II-Plus
Sup II-Plus-10GE
Sup II-Plus-TS
Cat. 4510R-E
Sup V-10GE
7/26/20095/3/2010End of Support
7/26/20055/3/2006End of SW Maintenance
7/26/20045/3/2005End of Orderability
1/26/20045/3/2004External EoS Announcement
12/15/20033/22/2004Internal EoS Announcement
Cat4003, Sup I, Sup IIICat4006 and Sup IIMilestones
Cat. 4506-ECat. 4006
Cat. 4503-E
Sup IV
Sup 6-E
34© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Platform Extension
• Exceptional Investment Protection and Enhancement
Network Optimization
• Increased Network Flexibility and Control
Non-Stop Communications
• Deterministic sub-sec recovery
• Business continuity with no service disruption
Increased Performance
• 4x Per Slot Bandwidth • 2x Service Capacity
Catalyst 4500 E-Series:Key CenterFlex Benefits - Summary
18
35© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Switching Information and Tools
� Cisco Switching Competitive Reference Guide
Positions Cisco Catalyst Switches against following competitor products:
HP ProCurve 3Com
Extreme Foundry
� Cisco Catalyst Switch Guide
Cisco switching portfolio and recommended transition paths for your customers
� Available on-line and hard copy
http://www.cisco.com/web/partners/sell/technology/switching/advantage.html
36© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst 6500
Supervisor 720–10GE,Virtual Switching System,Whitney1 12.2(33)SXH,Supervisor 32-PISA
19
37© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Virtualization
Operational Manageability
Integrated Security
Application Intelligence
Non-Stop Communication
Unified Network Services
Wiring Closet Backbone Data Center EWAN Metro
SPNetwork
NEW
� LLDP-MED
� NAC Integration
� IPv6 Innovations
� 16 port 10G linecard
� VS-S720-10G � IPsec Leadership
� Multicast VPN Inter-AS and Extranet
� LLDP-MED
� NAC Integration
� IOS Modularity
� GOLD
� CPP
� Enhanced Object Tracking
� HSRP and GLBP SSO
� 16-w ay Loadbalancing
� Fast Fabr ic Sw itchover
� IOS Softw are Modularity
� BFD w ith BGP
� MPLS HA
� MPLS FRR link and Node protection
� Multiplexed UNI
� Smart Call Home
� Smart-Ports
� AutoSecure
� Multiple SPA N Enhancements
� EEM
� Smart Call-Home
� EEM
� IP SLA
� Smart Call-Home
� E-OAM (802.1ag and 802.3ah)
� MPLS MIBs
� Multi-VRF w ith Multicast
� 802.1x, MA C Auth, Web Auth for Access Control
� Smart Call Home
� Smart-Ports, AutoQoS, AutoSecure
� VRF Aw are Services
� L2, L3 VPN Innovations
� MPLS (L2, L3VPN, TE) Innovations
� VRF Aw are Services
� Pr ivate Hosts
� NBA R on PISA
� AutoQoS
� Per interface NDE
� NetFlow Top Talkers
� Multcast NDE
� NetFlow Top Talkers
� Per interface NDE
� Sophisticated QOS support w ith LLQ, cRTP, LFI, MLPPP
� Sophisticated QOS support for optimized Triple Play services
� FPM on PISA
� CIST, NA C, IBNS Solution Integration
� Policy-Based ACLs
� IGMP Filtering
� Policy-Based ACLs
� Multicast Router Guard
� 16K IPSec tunnels
� DMV PN support in HW
� Layer 3 NAC
� Address Spoofing Prevention
� CoPP
•12.2(33)SXH Software SHIPPING!
200+ Features with Full IOS Software Modularity
CatOS to IOS Transition Release
Major Security Enhancements (IBNS, 802.1x etc)
Virtual Switching & L2 Scalability Innovations
Continued End-To-End Leadership
38© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Hot-Sync Standby FabricImproves SSO Switchover Times
� Reduces SSO switchover time to less than 200ms
� Standby switch fabric is brought to an online state ready to switch traffic
� Data is only switched on the active switch fabric
� Supported on 67XX-seriesline cards
� Requires E-series chassis
� Available as of 12.2(33)SXH
ActiveSup720
Standby HotSup720
SXH SXH
65
00
-E C
ha
ss
is
Active StandbyStandbyHot-sync
67XX Line Card
67XX Line Card
65XX Line Card
Router# show fabric statusslot channel speed module fabric hotStandby Standby Standby
status status support module fabric
1 0 20G OK OK Y(hot)1 1 20G OK OK Y(hot)
2 0 20G OK OK Y(hot)2 1 20G OK OK Y(hot)
3 0 20G OK OK Y(hot)
3 1 20G OK OK Y(hot)4 0 20G OK OK Y(hot)
4 1 20G OK OK Y(hot)
5 0 20G OK OK Y(hot)6 0 20G OK OK Y(hot)
New in 12.2(33)SXHNew in 12.2(33)SXH
20
39© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
SSO Switchover in 12.2(SXH)
0.035
0.143
0.275 0.283
0
0.2
0.4
0.6
0.8
1
1.2
6708DFC 67xxDFC 67xxCFC Classic
SXF SXHTim
e i
n S
eco
nd
s
Average Duration of Frame Loss During Switchover Event For Non-Locally Switched Traffic
New in 12.2(33)SXHNew in 12.2(33)SXH
40© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
What Is Smart Call Home?
Call Home
Customer
Interactive Technical Services
TAC
Call Home DB
Service RequestTracking System
� Customer Notification� Device and Message Reports
� Exceptions/Fault AnalysisInternet
AutomatedDiagnosisCapability
Secure Transport1
2
3
Messages Received:� Diagnostics� Environmental� Syslog� Inventory and
Configuration
IOS 12.2(33)SXH
Unique Catalyst 6500 Differentiator
New in 12.2(33)SXHNew in 12.2(33)SXH
21
41© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Unsupported EoSale Product for Whitney1
WS-X6724-GE-TX
WS-X6748-GE-TX
31-Jul-04WS-X6316-GE-TX
WS-X6148-FE-SFP 1-Mar-01WS-X6224-100FX-MT
30-Apr-06
31-Jul-04
31-May-04
30-Apr-02
15-Mar-02
1-Mar-01
1-Mar-01
EoS Date
WS-X6148-FE-SFP
WS-X6148-FE-SFP
WS-X6724-SFP
WS-X6704
WS-X6708
WS-X6148-GE-45AF
WS-X6148-GE-45AF
WS-X6148-GE-45AF
Migration Product
WS-X6416-GE-MT
WS-X6324-100FX-SM
WS-X6024-10FL-MT
WS-X6501-10GEX4
WS-X6248A-TEL
WS-X6248-TEL
WS-X6248-RJ-45
Part ID
•Continue to be recognized in Rockies 3 and prior releases•Will not be recognized in Whitney1 and will be powered down
42© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Cisco 7600 Series SPA Interface Processor-4007600-SIP-400
Cisco 7600 Series SPA Interface Processor-2007600-SIP-200
Cisco7600/Catalyst6500 Enhanced FlexWAN, Fabric-enabledWS-X6582-2PA
Cisco 7600 / Catalyst 6500 IPSec VPN SPA - DES/3DES/AESSPA-IPSEC-2G
Cisco 7600 / Catalyst 6500 Services SPA Carrier Card7600-SSC-400
CISCO WIRELESS SERVICES MODULE (WISM)WS-SVC-WiSM-1-K9
Catalyst 6500 Network Analysis Module-2WS-SVC-NAM-2
Catalyst 6500 Network Analysis Module-1WS-SVC-NAM-1
600M IDSM-2 Mod for CatWS-SVC-IDS2-BUN-K9
Firewall blade for 6500 and 7600, VFW License SeparateWS-SVC-FWM-1-K9
COMMUNICATION MEDIA MODULEWS-SVC-CMM
Application Control Engine 20 HardwareACE20-MOD-K9
Application Control Engine Service ModuleACE10-6500-K9
DescriptionService Module
12.2(33)SXH Service Module Support
22
43© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Service Module Migration Recommendation
Service Module
Migration Product/Sol
utionCSM, CSM-SSL ACE
WLSM WiSM
VPNSM SSC-400 + SPA-IPSEC-2G
WebVPN ASA
SSL ACE
AON AON Appliance
CMM CMM*
Anomaly Guard and Detector
Anomaly Guard and Detector*
Coming in Whitney1.bubb
MWAM Not Available
PSD Not Available
CSG Not Available
•Service Modules continue to be supported in Rockies 3•Will not be recognized in Whitney1 and will be powered down
* 12.2(33)SXH rebuild
44© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst 6500 inthe Core, Distribution and High Performance Access
23
45© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst 6500Virtual Switching Supervisor Engine 720-10G
� Key enabler of Virtual Switching System (VSS 1440) technology
� 2x 10 Gigabit Ethernet ports (X2 optics); 3x Gigabit Ethernet Ports
Enhances Existing Cisco Catalyst 6500 Investments and Multi-Layer Switching Architectures with VSS Capabilities
� Enables System Performance of 450Mpps/ 720Gps Switching Fabric
� Supports multiple generations of line cards
� Rich services support such as NAM, firewall, wireless controller, Netflow, MPLS/ EoMPLS
OrderableNOW!!!
46© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
$15,000Adv Ent Svcs
$10,000Adv IP Svcs
$0IP Svcs
Software Images
$48,000VS-S720-10G-3CXL
$38,000VS-S720-10G-3C
$0IP Base
$39,995VS-C6509VE-S72010G
$33,995VS-C6506E-S720-10G
$37,995VS-C6509E-S720-10GE
$25,000IP Svcs +Adv Ent Svcs
$20,000IP Svcs +Adv IP Svcs
$10,000IP Svcs
Software Images
$43,995VS-C6513-S720-10G
$31,500VS-C6504E-S720-10G
$77,995VS-C6509VE-S72010G
$71,995VS-C6506E-S720-10G
$75,995VS-C6509E-S720-10GE
$15,000Adv Ent Svcs
$10,000Adv IP Svcs
$0IP Svcs
Software Images
$81,995VS-C6513-S720-10G
$69,500VS-C6504E-S720-10G
1. Regular – IP Services at $0
Sup720-10G-VSS Pricing 2. NEW – Layer 2 Access Chassis Bundle
VSS Included in IP Services and above
1GB Compact Flash (SP) by default
1GB DRAM (SP and RP) by default
Chassis
Fan Tray
Chassis
Fan Tray
24
47© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Data Center Chassis-6509-V-E Chassis
•Vertical 9 Slot E-Series Chassis
•80 Gbps/slot capable
•Front-to-Back Airflow
•Integrated Enhanced Cable
Management
•Redundant and removable fan tray
•21 RU (2 Chassis in a 42RU Rack)
•Supports Sup32 and Sup720 Series
•Supported in 12.2(18)SXF10 and
beyond
• List Price $11,995 (includes 2 Fan
trays)
Q4CY07
Target Orderability: NovemberTarget FCS: December
48© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Virtual Switching System
Virtual Switch System is a new technology break through for the Catalyst 6500 family…
12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07
25
49© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Introduction to Virtual SwitchConcepts
12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07
50© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Packet Forwarding DetailsIntroduction
Virtual Switch allows two physical Catalyst 6500’s to operate as a single network node. Two
Catalyst 6500’s operating in this mode are referred to as a Virtual Switch Domain - adjacent nodes view these two devices as a single device…
Catalyst 6500-A(VS Active)
Catalyst 6500-B(VS Standby)
VSL
Control Plane A
Data Plane A
Control Plane B
Data Plane B
Virtual Switch Domain
Both Control
and Data
Plane in VS Master are
active Only Data Plane in VS
Standby is active
Control Plane
in VS Standby
is in standby mode
Virtual Switch Link (VSL) is used to forward information between the two switches
that allow them to operate as a Virtual Switch
12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07
26
51© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Data CenterWAN Internet
SiSi
SiSi SiSi SiSi
SiSi
SiSi
SiSi
Access
Core
Data CenterWAN Internet
SiSi SiSi SiSi SiSi SiSi SiSi
SiSi SiSi
SiSi SiSiSiSi
SiSiSiSi
SiSi
Distribution
Distribution
Access Data CenterWAN Internet
SiSi SiSi SiSi SiSi SiSi SiSi
SiSi SiSi
SiSi SiSiSiSi
SiSiSiSi
SiSi
High Availability Campus DesignSimplified with VSS
12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07
52© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Core/Distribution Data Center Access
SiSi SiSi SiSi SiSiSiSi SiSi SiSi SiSi
Features
Network System Virtualization
Inter-Chassis Stateful Switch Over (SSO)
Multi-Chassis EtherChannel (MEC)
Benefits of VSS
Increased Operational Efficiency via Simplified Network
Boost Non-stop Communication
Scale the System Bandwidth Capacity to 1.4 Tbps
Virtual Switching System 1440Network System Virtualization
12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07
27
53© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
SiSi SiSi
Campus Network Campus Network
SiSi SiSi
Traditional L2/L3
Complex STP configuration and Management
HSRP/VRRP- 3 IP address
Manage Two Nodes and Config
VSS
STP – Not Dependant
No HSRP/VRRP- 1 IP address
Manage Single Node and Config
Manage additional routing peers Manage reduced routing peers
Increased Operational EfficiencySystem Virtualization Simplifying the Network
12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07
54© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Core/Distribution
SiSi SiSi
Note: 128 Multi-Chassis EtherChannels at FCS. Scaling to 512 in 1H2008
SiSi SiSiSiSi SiSi
Data Center Access Core/DistributionData Center Access
SiSi SiSi
Scale the Available Layer 2 BandwidthMulti-Chassis Etherchannel (MEC)
Traditional L2/L3
Idling Links
Under-utilized Links
Complex STP configuration
VSS
No Idling - Active/Active Links
Simple Etherchannel Config
Indertministic STP based convergence
Deterministic sub-second convergence
Fully Utilized Link – Granular LB
12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07
28
55© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Boost Non-Stop Communication Inter Chassis Stateful Failover
Active–Active Data Plane with 1440 Gbps Switching Capacity
Active–Hot Standby Control Plane with NSF/SSO Redundancy
SiSi SiSiSiSi SiSi
HSRPSTPIGP
NSFSSO
X X
Features
Configure and Maintain Multiple Control Protocols
Control Protocols not Sync needing re-convergence
Benefits of VSS
Eliminate and Minimize Control Protocols
Inter-chassis SSO - No re-convergence
12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07
56© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Virtual Switching Reduces Latency by 25%
SiSi SiSi
VLAN X VLAN Y VLAN X VLAN Y
SiSi SiSi
VSS Simplifies Intra-Datacenter Traffic Pattern
—Minimum Hop to Intra-Data Center Destination—Reduced Latency up to 25% andSimplifies traffic pattern
—All links forwarding (= one hop less) resulting in simple traffic pattern—Etherchannel on virtual Switch member enhanced to prefer local link
Traditional L2/L3
12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07
29
57© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
VSS Hardware/Software Requirements
SiSi SiSi
Virtual Switch Link (VSL) – 10GE•Sup720-10G-VSS 10GE uplink•WS-X6708-10GE•WS-X6716-10GE (on non-blocking ports)•NB: cannot be WS-X6704
Virtual Switching System - FCS•Sup720-10G-VSS*
•67XX cards with CFC or DFC-3C•Non-E and E-Series Chassis• At FCS: only NAM, no MPLS, no IPv6
Software•12.2(33)SXH
* In the initial release, only single Sup720-10GE-VSS per virtual switch member chassis is supported
Investment Protection
Standards 10GE Based Connectivity
Minimal Configuration Changes
VSL Management support in Ciscoworks
Evolution of Traditional Multilayer Switching
12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07
58© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
VSS – Comparison to Alternate Technologies
L2 Flooding
31
No
1980
No
480 per switch
24 per switch
384 per switch
Yes
2
High
2
Split-MLT
21Control Plane
HighLowControl Protocols
66 per switch132Total 10GE Ports
NANo L2 FloodingVSL/IST total breakage
387 per switch771Total GE Ports
720 per switch1440 per VSSBackplane Capacity
64128 (512 in 1H2008)
Number of Etherchannel
YesYesCan Enable STP
40944094VLANs
NoYesSingle logical gateway
YesYesGeographically apart members
21Nodes to Maintain
Traditional L2/L3
VSSFeature
12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07
30
59© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
VSS comparison to Stackwise Plus
No L2 Flooding
128 (512 in 1H2008)
Yes
4094
Yes
1440 per VSS
132
771
Yes
1
Low
1
VSS
Dual Active
48
Yes
1005
Yes
64
18 per stack
468
No
1
Low
1
Stackwise
Plus
Control Plane
Control Protocols
Total 10GE Ports
VSL/Stack total breakage
Total GE Ports
Backplane Capacity
Number of Etherchannel
Can Enable STP
VLANs
Single logical gateway
Geographically apart members
Nodes to Maintain
Feature
12.2(33)SXH re12.2(33)SXH re--release, Dec07 release, Dec07
60© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
CiscoWorks LAN Management Solution (LMS) 3.0.1 Simplifying Management
� Centralized management of VSS deployments
- VSS setup wizard
- Inventory, Configuration and Software Image support of VSS enabled switches
- Physical view of both VSS member switch
� Additional Enhancements
- Identifies EoL / EoS devices
- Simplifies IOS Software Modularity image deployments
– Open “portal” framework and new workflows for setup and troubleshooting
New
31
61© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst 6500 inthe Wiring Closet
62© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst 6500 InvestmentsCatalyst 6500 InvestmentsChange driving requirementsChange driving requirements
Catalyst 6500 – Leading transitions in the Wiring Closet Transitions
High performance stateful application intelligence. Application aware QoS
Client–Server ���� Peer to Peer
Embedded HW deep packet inspection, foundational security CIST, NAC, Identity
Overlay ���� Integrated Security
Deep QoS buffers – tested for telepresence. Support for jumbo fames, TDR. EPoE on all 10/100/1000 linecards and daughter cards
Data/Voice and Mobile ConvergenceVideo applications e.g. Telepresence10/100/1000 PoE ���� 10/100/1000 EPoE
NSF/ SSO, Modular OS, Auto management with GOLD, EEM, SMART Call Home
Enhanced management tools with application aware Netflow, QPM, CSM
Managing services in the wiring closet
High Return on InvestmentPrice optimized for 96+ port wiring closet configurationsMin network disruptions, scalability, OS consistency, common HW sparingScalable modular architecture, redeployment options, tools for migration from Cat5k
Best Effort ���� Mission Critical HA
32
63© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst 6500 Wiring Closet PortfolioWhat to sell in the Wiring Closet this coming year
Catalyst 6500 Series Switches
Modular PoE upgradePoE upgradeability
WS-F6K-48-AF=
EnginesSupervisor 32 8x1GESupervisor 32 2x10GESupervisor 32 PISA 8x1GESupervisor 32 PISA 2x10GE
Power SupplyIndustry leading PoE scalability
3000Watt6000Watt8700Watt
Ethernet Line CardsLeading PoE density and scalability,
TDR, Jumbo Frames, Deep per-port BuffersWS-X6148A-GE-TX: 48 Port 10/100/1000 with PoE Option
WS-X6148A-RJ-45: 48 Port 10/100 with PoE Optionand others
PFCConsistent feature set with
backbonePFC 3B
64© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Security
• Unicast and multicast storm control2
• Port security features, 802.1x, IBNS, CIS• PACL, PBACL, CIST• IPv6 (ACLs and QoS)
HA and Manageability
• IOS software modularity• NSF/SSO, future ISSU• TDR, GOLD, EEM, SMART Call Home• ECC memory
Catalyst 6500 Wiring Closet Ethernet LinecardsOptimized solution for Data, Voice, Video
Available with 10/100/1000 (WS–X6148A–GE–45AF) and 10/100 (WS–X6148A–45AF)
1 ���� on 10/100/1000 card only2 ���� on 10/100 card only
• Multipoint conferences: 5MB buffer/ port1
• Jumbo frames1
• QoS with strict priority queues, DWRR1
Video
• Scalability to 400+ phones/ chassis• Support for enhanced PoE (802.11n AP)1
• Field upgradeable PoE cards• Intelligent power monitoring
Voice/ Wireless
WS–X6148A–GE–45AF
recommended by the Telepresence Team
Link to Telepresence design guide at: www.cisco.com/go/srnd
33
65© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
► NBAR
Application awareness and intelligent classification
Supervisor Engine 32 PISA Overview
Supervisor Engine 32 PISA2x10GE Uplinks + 1x 10/100/1000
Supervisor Engine 32 PISA8x1GE Uplinks + 1x 10/100/1000
► Flexible Packet Matching
Rapid Security Protection
Multigigabit Performance
Multigigabit Performance
► Programmable architecture
Seamless new service adoption
► Full Integration with
IPv4 & IPv6 in hardware
Advanced multicast & MPLS
Enhanced Manageability
HA with NSF/SSO and more
011111101010101011111101010101
12.2(18)ZY IOS TRAIN !!!!
66© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
*3750E, 4500-E, and 6500 all have 90 day warranty with low wiring closet SMARTNet pricing
Catalyst 6500 Wiring Closet Upside Opportunity
Up
se
ll
Standard Catalyst Wiring Closet
Stateful Application Intelligence
Worm Virus Mitigation
Programmable Services
IOS Software Modularity
GOLD, EEM, Netflow,
CoPP, Bi-Dir PIM, MPLS, IPv6, GRE, NAT, ERSPAN
Catalyst 6500 Sup32-PISA 2x10GE or 8x1GE
IBNS, NAC, 802.1s
IOS Software Modularity, GOLD, EEM, CoPP, Netflow, Bi-Dir PIM, MPLS, IPv6, GRE, NAT, ERSPAN
Sup32-GE
Sup32-10GE
15%
30%
Same Premium as PoE!
5–10%
5–10%
34
67© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
$-
$5
$10
$15
$20
$25
$30
$35
$40
$45
96 144 192 240
Port Count in System
AS
P p
er
po
rt/
ye
ar
Sup32-GE Sup32-PISA-10GE
Sup32–PISA – Incremental cost vs. benefits*Sup32–PISA Incremental Benefits:
· Web application QoS· Peer-to-peer application control. Rich media application control· L4–7 simple packet classification· User-defined application filters· Full packet length filters against day-zero attacks· Cisco provided set of application & security filters
$4 incremental cost
* 10/100/1000 PoE configurations with 7 year lifecycle
68© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
ApplicationFull Stateful Application Visibility and Intelligent
Classification
Video Prioritizing Video Over Recreational Traffic and Protection Against Security Threats
Security
Worm Virus Mitigation and Day 0
Attack Protection
Slammer Mydoom Blaster
Voice
Enforcing Corporate Compliance and Usage Policies
Catalyst 6500 Sup32-PISAEmbedded Advanced Technologies Shipping
35
69© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
� Support dynamic protocol definition language module (PDLM) upload for new protocols
� Support user-defined custom applications
� Support sub-port classification or classification based ondeep inspection (customization)
– HTTP by URL, hostname or MIME type
– Citrix ICA priority
– RTP payload type
Catalyst 6500 Hardware NBARNetwork-Based Application Recognition
ToS SourceIP addr
DestIP addr
IP Packet TCP/UDP Packet
SrcPort
Data Packet
Sub-Port/Deep InspectionDstPort
Protocol
70© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Wiring Closet
� Protocol Discovery: discover what apps are running on your network and provide real-time statistics
� Per-interface, per-protocol, bidirectional statistics
bit rate (bps); packet count; byte count
� SNMP accessible for centralized monitoring or via CLI
� Supported by Partner products (Concord|CA, InfoVista, Micromuse|IBM) and MRTG
Catalyst 6500 Hardware NBAR NBAR Protocol Discovery
36
71© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst 6500 Hardware NBARNBAR and MQC
� NBAR works together with QoS to assign QoS actions based on application classification
� Modular QoS CLI (MQC) traffic classification
� New match criteria: “match protocol<protocol_name>”
Policy MapPolicy Map
Class MapClass Map
Policing/Trust actionsPolicing/Trust actions
Policy Map Can Contain Up to 32 Class Maps
Refers to a Set of Classification Criteria for the Following Action Criteria—These Can Be DSCP, ACL, or protocol
Action Settings for Trust and Policing
Sw
itch
Inte
rface
(config)#policy-map NBAR_policy
(config-pmap)#class-map myApp
(config)#class-map match-any myApp
(config-cmap)#match access-group 101
(config-cmap)#match protocol http(config-cmap)#match protocol rtp
(config)#policy-map NBAR_policy
(config-pmap)#class-map myApp
(config-pmap)#set dscp af32
Application
Access-list
DSCP
QoS Engine:Mark, Police
72© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Catalyst 6500 Hardware NBAR Deployment Examples
Wiring Closet Deployment:
� Mark/Police traffic based on application at the wiring closet, queue based on priority at the distribution block
WAN Edge Deployment:
� Mark/Police traffic based on application at the wiring closet, queue based on priority at the distribution block
Conditional Trust + NBAR-Policy (Policing/Marking) + Queuing
Trust DSCP + Queuing
No Trust + NBAR-Policy (Policing/Marking) + Queuing
WAN EdgeWiring Closet
200 Remote Sites
NBAR-Policy
NBAR-Policy
Congestion Management
37
73© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Sup32–PISA for simple and accurate QoS for voice
“The biggest problem with voice on switches is how to apply QoS policies to voice traffic with just L4 ACL's ... The benefit of PISA in the wiring closet would be to have an option to classify or remark RTP traffic on the ingress or on the uplink ports…”
- Wolfgang Riedel, CSE 73
Challenges:
� To reduce the security risk of trusting CoSon Cisco IP phones (CDP can we spoofed)
� To accurately apply QoS policies to 3rd party IP phones (port number range not good)
� To apply voice QoS for soft phones (port number range not good)
Trust CoS
Policy map for UDP range
Trust PC DCSP or
match UDP port range
Soft phone
3rd party IP phone
Cisco IP phone
Wiring Closet
Sup32-PISA
Solution:
� Deploy PISA NBAR to match RTP-audio for voice packets, and SIP or Skinny for controlpackets
Benefits:
� Consistent QoS for voice traffic
� Easy management with a secure, uniformand more accurate solution
class-map match-any Voice-Bearer
match protocol rtp audio
class-map match-any Voice-CS
match protocol skinny
74© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Enterprise network
QoS based RTP video Payload type
Sup32-PISA
NAM
Link Utilization
Voice
P2P
E-mailBackup,
etc.
Bulk
Streaming-Video
M ission-Critical
Routing
Interactive-Video
Call-SignalingNet M gmt
Transactional
Real-Time ≤ 33%
Critical Data
Best Effort≥ 25%
Sup32–PISA to analyze and prioritize video traffic
Benefits:
� QoS guarantees for different video applications
� Better network capacity planning
“With Sup32-PISA we’ve prioritized interactive video different from streaming video. We’ve identified video and audio application consolidation opportunities and been able to troubleshoot application performance problems”
- Healthcare customer deploying Telepresence
Solution:
� Deploy PISA NBAR QoS policy for RTP video
� Redirect video traffic to NAM for statistics
Class-map TelePresence-H264
Match protocol rtp video
Challenges:
� QoS policies for different video applications
� Application performance analytics to betterplan network capacity
38
75© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Flexible Packet Matching
� ACL can match traffic based on L2-L4 information: legitimate traffic could be blocked
� Classification is dependant on hardware PFC3 TCAM support:
No support for the following match criteria: packet length, TTL
� Predefined supported classification criteria, only match one stack layer:
Can match some IPv4 TCP/UDP, IPv4 IGMP, IPv4 ICMP, IPv4 ESP, ARP/RARP, MPLS, IPv6 TCP/UDP, IPv6 ICMP, IPv6 ESP, L2 packet header fields
� FPM is a stateless solution
� Matches any characteristics in a packet header and payload:
Matches L2-L7 information
Specify arbitrary bits/bytes at any offset
� Supports multiple stack layers
Can match not only on outer IP header, but also inner header—for instance, the inner header of a GRE encapsulated packet
� String match and regular expressions
� Set up custom filters rapidly using XML-based policy language
0111111010101010000111000100111110010001000100100010001001
Match Pattern And Or Not
76© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
WAN Edge
Flexible Packet Matching FPM Deployment
� Rapid worm mitigation for atomic, single packet attacks: Identify worm and drop malicious traffic
No packet Reassembly: will not reconstruct an application stream across multi-packet data attacks
� Enforce application compliance
� Deploy as close to the edge as possible
Wiring Closet
200 Remote SitesFPM
FPM
FPM
39
77© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Alternative to the FPM CLITraffic Classification Definition Files
� Traffic Classification Definition Files (TCDF) are published on CCO!
Bittorrent
IIS-Unicode
IOS HTTP vuln.
Skype
(www.cisco.com/cgi-bin/tablebuild.pl/fpm)
78© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
PISA Management Model
NBAR Policy
FW/IPS/VPN Policy
IPS 4200
Series
Catalyst 6500
IPS module
Router IPS
in Software
Catalyst 6500
PISA
Router
ASA 5500
AIP-SSM
FPM Policy
Central Management
DeviceQoS Policy
Manager
Centralized QoS Management
• NBAR Provisioning• NBAR Monitoring
Central Management
Device
CiscoSecurity
Manager
Enable Management of Integrated Security
• FPM Policy Management with FlexConfig Option
CS-MARS
Monitoring/ Analysis/ Mitigation
� Pre-defined FPM filters on CCO work in progress(4 TCDF’s published and 20 more on the way)
Pre
-def
ined
FPM
filt
ers
BitTorrent
IIS-Unicode
IOS HTTP vuln.
Skype
40
79© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Key Takeaways
The Key Takeaways of this presentation are:
� Catalyst 6500 will drive modular switching growth for many years to come
� Catalyst 6500 continues to innovate for every Place in the Network (PIN)
� There are several new products to drive upselland major deals to Cat6k in FY08 with innovations such as VSS and PISA
� The Catalyst 6500 has a strategic services direction and is future-proofed for 80G/slot
� Catalyst 6500 has ASIC, hardware, and software investments which will drive innovation on the platform beyond 2012
80© 2007 Cisco Systems, Inc. All rights reserved.Partner Update 05.11.07
Top Related