Novinky v oblastech Cisco routing & switching

Miroslav Brzek
Jaroslav ek
Radek Boch
Agenda
9:30-10:30 Novinky v modulrnch pepnach Catalyst 4500 a 6500
10:30-10:45 Pestvka na kvu
10:45-11:45 Novinky v oblasti pepna 3560-X/3750-X/2960-S, IE3000,
nov vlastnosti IOS, LMS4.0 a EnergyWise
11:45-12:15 Oberstven
12:15-13:15 Aktuln novinky v adch smrova ASR a ISR
13:15-13:45 IOS roadmap pedstaven hlavnch smr rozvoje Cisco
IOS
Cisco Catalyst 4500-E/4900 Update
Miroslav Brzek
mibrzek@cisco.com
Next Generation Cisco Catalyst 4500-E System
Catalyst 4500E and 4500E+
Chassis
848Gbps Switching Capacity
48G/slot
Rich hardware features
(FnF, TrustSec, Wireless, ERSPAN,
Tunneling, VRF-NG, VSS and more
Supervisor 7-E
48p 10/100/1000 non-blocking
48Gbps/Slot
30W/port (PoE+) on all 48 ports
Cisco TrustSec in Hardware
Jumbo frame support
WS-X4748-RJ45V+E
12 PORT 10GE 2.5:1 Line Card
Cisco Trustsec in Hardware
Jumbo Frame support
WS-X4712-SFP+E
Modern OS to leverage next-gen
switching HW
Enabling Open Service Platform
Cisco IOS-XE
Catalyst 4500E Chassis Portfolio
E Series chassis designed to support higher bandwidth per slot line cards . The
chassis provides 24G to 48G of bandwidth per slot with next generation supervisor
providing Investment Protection
WS-C4507R+E and WS-C4510R+E chassis add support for 48G/slot
Existing supervisors also support the +E chassis
The +E chassis is priced lower than the corresponding E chassis
WS-C4503-E (48G/slot)
3 slot chassis
With single
Supervisor
WS-C4506-E
(48G/slot)
6 slot chassis
With Single
supervisor
WS-C4507R-E (24G/slot)
WS-C4507R+E (48G/slot)
7 slot chassis
With Redundant
Supervisors
WS-C4510R-E (24G/slot)
WS-C4510R+E (48G/slot)
10 slot chassis with
Redundant supervisors
Per Slot Bandwidth in 10 and 7 Slot Chassis
24G
24G
24G
24G
Supervisor 6-E
Supervisor 6-E
24G
6G
6G
6G
WS-C4510R-E
24G
24G
24G
24G
Supervisor 7-E
Supervisor 7-E
24G
24G
24G
24G
WS-C4510R-E
48G
48G
48G
48G
Supervisor 7-E
Supervisor 7-E
48G
48G
48G
48G
WS-C4510R+E
24G
24G
24G
24G
Supervisor 6/6L-E
Supervisor 6/6L-E
24G
WS-C4507R-E
24G
24G
24G
24G
Supervisor 7-E
Supervisor 7-E
24G
WS-C4507R-E
48G
48G
48G
48G
Supervisor 7-E
Supervisor 7-E
48G
WS-C4507R+E
Introducing Supervisor Engine 7-E
Next Generation Cisco Catalyst 4500
48GB/Slot Performance Mix with Classic Cards with No Performance Hit
Orderable Now!
$19,995
250Mpps
Dual Core Processor
848Gbps total switching capacity
48Gbps/Slot
4 line-rate 10GE Uplink ports
SFP/SFP+ port flexibility on uplinks
Flexible Netflow support
IPv6/IPv4 Dual Stack
Cisco TrustSec in hardware*
Hardware based tunneling*
NAT*
ERSPAN*
* Supervisor7E capable of these features in HW. But its not supported in software at FCS
Supervisor 7-E Uplink Configurations
Single Supervisor
10GE 10GE 10GE 10GE
1GE 1GE 1GE 1GE
10GE 10GE 1GE 1GE
1GE 1GE 10GE 10GE
40G
4G
22G
22G
Supervisor 7-E uplinks can either operate in 10GE or 1GE mode
All modes are non-blocking
Any port can be used as 1GE or 10GE without any limitation
Speed selection is dynamic based on Optic type SFP / SFP+
Operationally simple
Supervisor 7-E Uplink Configurations
Redundant Supervisor
Supervisor 7-E uplinks can either operate in 10GE or 1GE mode
All modes are non-blocking
Different port speeds can be used on the same or across supervisors
Speed selection is dynamic based on optic type SFP/SFP+
Operationally simple
Inactive
10GE 10GE
40G
10GE 10GE
1GE 1GE
4G
1GE 1GE
10GE 10GE
22G
1GE 1GE
10GE 1GE
22G
10GE 1GE
IOS
Features
Components
Infra
Mgmt
Drivers
Kernels
IOS Classic
IOS XE
Hosted
Apps /
Services
IOSd
Features
Components
Common Infrastructure / HA
Management Interface
Module Drivers
Kernel
IOS-XE
Modern IOS to enable multi-core CPU
Allows Lower TCO capabilities such as silent roll,
single sup ISSU
Smooth migration and investment protection with
consistent IOS look & feel
Fast adoption of latest Borderless Networks
Services
Enables open application platform
Next-Gen OS Architecture
Enabling Integrated Open Service Platform
I5.0 Feature Componentization
Source Code Modularity (Routing,
QoS , Multicast, IPv6 )
Improved IOS Quality
Cross Platform Feature consistency
Faster Feature Time-to-Market

2009 Cisco Systems, Inc. All rights reserved. Presentation_ID 11

Catalyst 4500/4900 IOS Transition
IOS XE 3.0
IOSd 15.0SG
IOS XE
Sup7-E and later
Sup7-E and future
Supervisors only run
IOS XE
The IOSd will be on
IOS 15.0SG train,
same as classic IOS
branch as Sup6/L-E
IOS
Non-E
Supervisors
4500/4900 12.2SG train
Transition to 15.0SG
train Q4CY2010
Sup6-E
Sup6L-E
Current 12.2SG
train. 12.2(53)SGx is
the Latest EM release
for 12.2SG
Sup6(/L)-E will
remains on classic
IOS with 15.0SG
Rich IOS
Services
Classic IOS
15.0SG
Rich IOS
Services
Classic IOS
15.0SG
IOS XE Application Hosting Example
WireShark
Embedded WireShark
application for real time traffic
capture and decoding with
customer-familiar user interface
Simplified monitoring and
troubleshooting
WireShark hosted as a 3
rd
party
application
Leverages IOS capabilities for
selective packet capture
Hosted
Apps
IOSd
Common Infrastructure / HA
Management Interface
Module Drivers
Kernel
WireShark
Features
Components
2HCY11
Software Licensing and Activation on
Supervisor 7-E Systems
IP
Base
IP
Base
Enterprise
Services
Feature License
Enterprise Services
Enterprise
Services
IP Base
U
n
i
v
e
r
s
a
l

i
m
a
g
e
LAN Base
LAN Base
LAN Base
Cisco IOS Licensing Config
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/white_paper_c11-
579326_ps7078_Products_White_Paper.html
Catalyst 4500 IOS Packaging
Key Features
Enterprise Services
BGPv4
IS-IS
EIGRP
OSPF v2/v3
PBR
VRF-Lite
IP-SLA
NSF
Multicast VRF-Lite
IP BASE
In Service Software
Upgrade
Stateful Switchover
EIGRP Stub
OSPF for Routed Access
QinQ
IP SLA Responder
Network Mobility Services
L2PT
Multicast Routing
Embedded Event Manager
HSRP/GLBP/VRRP
Auto QoS
Energywise
POE + IEEE 802.3at
Flexlink+
IGMP/MLD Snooping
Rapid-PVST+
IEEE 802.1x
Smartports
PACL/VACL
LAN BASE
IP BASE
Enterprise
Services
IP Base
U
n
i
v
e
r
s
a
l

i
m
a
g
e
LAN Base
Latest Catalyst 4500 Campus Innovations
Delivering Borderless Network Services
Performance Mobility, Collaboration, Video Security
Lower TCO
Infrastructure
Services
Security Collaboration Mobility
Role-based access
control
Simplified Operation
Energy Efficient
Resilient,
Future Proof
Unified Location
Services
Medianet, UC
o TrustSec
Identity 4.1
(NEAT, CoA, User
Distribution, MAC
Move & Replace)
o IPv6 first hop
security (PACL,
RA Guard)
o EEM 3.2
o Smart
CallHome
o EnergyWise
Phase II
o Auto Smartport
o XML PI
o ISSU
o OSPF for routed
access
o IPv6
Enhancements
o IS-IS (v4 & v6)
o Wired location
with NMSP
o PoE Plus
o LLDP-MED
TLV (DSCP,
L2 CoS)
o SAF
o Medianet
Endpoint Auto
provision
o Available o 12.2(54)SG
Catalyst 4500E Campus Access Portfolio
Entry
Configurations
Software
POEP Linecards
Data Linecards
Supervisors
WS-X45-SUP6L-E
24G/ slot, 225Mpps
Flexible Twin-Gig Uplinks
WS-X4648-RJ45-E
WS-X4648-RJ45V-E
IP Base IOS
WS-C4503-E , WS-C4506-E
Upto 240 port Access Configurations
Investment protection with backward
compatibility
1:2, 48 port Data only RJ45
10/100/1000
1:2 48 port POEP line card
10/100/1000
FHRP, RIPv2, PIM stub
Premium
Configurations
WS-X45-SUP7-E
48G/ slot, 250Mpps
Flexible SFP+ Uplinks
10 slot Chassis support, Netflow
WS-X4748-RJ45V+E
Enterprise Services IOS
WS-C4507R+E , WS-C4510R+E
Upto 384 port Access configurations
Maximum Uptime with Supervisor
Redundancy
1:1 48 port POE+ 10/100/1000
30W/ port (IEEE802.3at standard PoE-
Plus) on all 48 ports
Cisco Trustsec ready
Route Scalability, Full OSPF,
NSF , PIMSM/SSM
848Gbps/slot system
WS-X4748-RJ45V+E 10/100/1000 POE+ LC
48 port non blocking 10/100/1000 POE + Line card
30W POE+ ( IEEE 802.3at ) on all 48 ports
Compatible with Supervisor 7-E , all E and all E+ chassis
IEEE 802.1ae Macsec Link encryption on all ports. Key exchange
using IEEE 802.1X REV / Macsec Key Agreement **
Per port power consumption and reporting
** Hardware ready , software post FCS
Next Generation Access Linecard
WS-X47xx PoE Line Card
Target FCS: Q1CY11
NGPoE+ (Intelligent 60W PoE/Port)
IEEE 802.3az (Energy Efficient Ethernet)
IEEE 802.1AVB (Audio Video Bridging)
IEEE 1588 (Boundary Clock)
NGPoE+
60W PoE with max. line card budget of 1500W
Estimate Cable loss with intelligent diagnostics
LLDP enhancement to negotiate beyond 30W
Power X-Generation applications
IP Turrets in financial trading floors
Integrated Virtual Desktop Clients
Audio Video Bridging
X-Generation standard for media applications
802.1Qat Stream Reservation
802.1Qav Queuing Enhancements for Time
Sensitive Streams
802.1AS Network Timing and Synchronization
Energy Efficient Ethernet
Compliant with IEEE 802.3az for:
100/1000 Base-T
Power consumption is based on link utilization
Green: Save up to 1W per link
Mandatory for Energy Star Compliance*
IEEE 1588
Accurate Clock Synchronization over Network
Key applications include
Financial trading floors
Industrial automation
* Energy Star requirements for enterprise switches expected to be published mid-2011
Next Generation Access Linecard
47xx Data Line Card
48 Port 10/100/1000 RJ45,
Non-blocking Data line card
IEEE 802.3az (Energy Efficient
Ethernet)
Power consumption is based on
link utilization
IEEE 802.1AVB (Audio Video
Bridging)
802.1Qat Stream Reservation
802.1Qav Queuing
enhancements for Time sensitive
streams
802.1AS Network Timing and
Synchronization
IEEE 1588
Cisco TrustSec
Q1CY2011*
Catalyst 4500 Campus Distribution Portfolio
Base
Configurations
Software
10G Line cards
GE Line cards
Supervisors
WS-X45-SUP6L-E
24G/ slot, 225Mpps
Flexible Twin-Gig Uplinks
WS-X4612-SFP-E
WS-X4606-X2-E
IP Base IOS
WS-C4503-E , WS-C4506-E
Low Density Configurations
Non Redundant Option for two-
chassis Distribution designs
1:1, 12 port SFP
12 port scale increment
2.5:1, 6 port 10G
VSS Ready
G/10G Flexibility with X2
FHRP, RIPv2, PIM stub
Premium
Configurations
WS-X45-SUP7-E
48G/ slot, 250Mpps
Flexible SFP+ Uplinks
10 slot Chassis support, Netflow
WS-X4624-SFP-E
WS-X4712-SFP+E
Enterprise Services IOS
WS-C4507R+E , WS-C4510R+E
High Density configurations
Maximum Uptime with
Supervisor Redundancy
1:1, 24 port SFP
24 port scale increment
2.5:1, 12 port 10G with MacSec
VSS Ready
G/10G Flexibility with SFP+
VRF-Lite, VRF aware services,
Full OSPF, NSF, PIM SSM
Catalyst 4500 - Fiber Line cards Transitions
WS-X4712-SFP+E
WS-X4624-SFP-E
H
i
g
h

D
e
n
s
i
t
y
L
o
w

D
e
n
s
i
t
y
24 ports 1:1 non blocking SFP
196 ports/ system
12 ports 2.5: 1, 10GE
1G/ 10G flexibility, LRM SFP+
WS-X4606-X2-E
6 ports, 2.5:1 10G
1G/ 10G flexibility, LRM X2
NEW
GE Fiber 10G Fiber
NEW
WS-X4612-SFP-E
12 ports, 1:1 non blocking SFP
Entry point pricing
Granular 12 port increments
Why Transition?
- GBICs instead of SFP
- 6G/ slot
- Old Technology
- Shipping since 1999
- Old Supervisors EoS
- To be End of Saled soon:
WS-X4418-GB
WS-X4506-GB-T
TRANSITION
OLD LINECARDS
NEW High Performance E-Series Options
List $20,000
List $26,995
List $15,000 List $5,995
WS-X4712-SFP+E 12 port 10GE Fiber LC
* Hardware ready , software post FCS
12 port 10GE line card 2.5:1 oversubscribed
Increases the 10GE port density on 4500E to 96 10GE ports
SFP+ optics for 10GE . SFP optics for 1GE
All ports can be used as 1GE ports with SFP optics
IEEE 802.1ae Macsec link encryption on all ports. Key exchange using
IEEE 802.1X REV / Macsec Key Agreement ( MKA )*
Dynamic speed selection based on SFP type
Works with Supervisor 7-E and 4503E , 4506E , 4507R+E , 4510R+E
chassis
High performance
Next-gen ASIC enables scalable and high-
performance NetFlow monitoring, supports up
to 128K cached flows
Flexibility
User-defined flow records reusable in different
flow monitors for different applications with per-
port, per-VLAN, or per-port-per-VLAN
granularity
Extensibility
In-depth traffic visibility allows monitoring
extensive key and non-key fields, including
Layer 2, Layer 3 (IPv4 or IPv6), Layer 4 header
fields.
Broad Partner Ecosystem
Version 9 (the most flexible) format exported to
a wide range of industry netflow collectors
Flexible NetFlow on Catalyst 4500 Supervisor 7-E
Next Generation Application, Performance, Security, and Visibility
New
Flexible NetFlow
Traditional NetFlow vs. Flexible NetFlow
Traditional NetFlow
SrcIf SrcIPaddDstIf DstIPadd Protocol SrcPort DstPort
Fa1/0 173.100.21.2 Fa0/0 10.0.227.12 11 00A2 00A2
Fa1/0 173.100.3.2 Fa0/0 10.0.227.12 6 15 15
Fa1/0 173.100.20.2 Fa0/0 10.0.227.12 11 00A1 00A1
Fa1/0 173.100.6.2 Fa0/0 10.0.227.12 6 19 19
NetFlow Cache
Fixed 7 keys
Export
Export
Export
Export
Destination 1
Destination 2
Destination 3
Flow cache 1
DstIPadd Protocol TOS
10.0.227.12 11 80
10.0.227.12 6 40
10.0.227.12 11 80
10.0.227.12 6 40
Protocol TOS Flgs
11 80 10
6 40 0
11 80 10
6 40 0
SrcIf SrcIPadd DstIf
Fa1/0 173.100.21.2 Fa0/0
Fa1/0 173.100.3.2 Fa0/0
Fa1/0 173.100.20.2 Fa0/0
Fa1/0 173.100.6.2 Fa0/0
Flow Monitor 1
Flow Monitor 2
Flow Monitor 3
Flow cache 2
Flow cache 3
IGPs
Incoming VLAN
traffic mapped to
VRF
Each VRF
requires a sub-
int, IP address,
and VLAN ID
Today: VRF-Lite
A hop-by-hop virtualization Technology
Segmentation, guest, reduce cost
Configuration and operation can be
complex
L2
L3
Next Gen Campus Virtualization
VRF-NG Simplified Operations
VNET trunk to simplify provisioning
Virtual CLI context for easy troubleshooting
Support shared services with IGP
Work with existing VRF-aware services
Fully Interoperable with VRF-Lite and MPLS
IGPs
Incoming VLAN traffic
mapped to VRF
VNET trunk
multiplexes VRF
traffic. No sub-
interface needed.
Only one IP address
VNET Tag
L2
L3
Campus
Campus
Catalyst 4500 Virtual Switching System
Single point of mgt, one L2/L3 node
Loop-free topology
Operational consistency with Cat6K VSS
Si Si Si Si
VSS
Campus
Requires Sup7-E
Support E-series chassis (R and non-R)
Supports all existing LCs
46xx and 47xx 10G links & Sup7-E
uplinks support VSL
Feature parity w/ standalone switch in IP
Base and above
Support L2 MEC
Support L3 MEC and Dual Sup*
Inter-Chassis SSO/NSF
Inter-Chassis ISSU
Operational Simplicity
Hardware Support
Software Support
*post FCS
Catalyst 4500 Campus Security
MACSec
Encrypted links
Benefits
Protect data integrity, confidentiality
and meet compliance needs
Prevents man-in-the-middle attacks
Campus Deployment Scenarios
Building-to-building encryption
Host-to-Access switch: Prevent
man-in-the middle attacks
Why MACSec
Standard-based L2 HW line rate
encryption (Sup7-E uplinks and 47xx
LCs)
Hop-by hop encryption: Security
without impacting network services
(QoS, NetFlow etc)
Campus
AAA
IPv6-
only site
IPv4+IPv6 site
IPv6
IPv4
Catalyst 4500E IPv6 Ready Campus
Forwarding in hardware at line rate
Dual stack forwarding
Security
IPv6 Migration Ready
High Performance
Secure access perimeter with IPv6 First
Hop Security
IPv6 app. visibility with Flexible NetFlow
Robust IPv6 Ready Infrastructure
OSPFv3, EIGRP, IS-IS, BGP, HSRPv6,
Fast Convergence*
Optimized App & Video Delivery
IPv6 Qos, MLDv2/v3, PIM SM/SSM for IPv6
Management Plane Migration
SYSLOG, SNMP, Telnet, SSHv6,
TACACS+*, RADIUS*, TFTP*, FTP*, NTP*
over IPv6
WAN
IPv4-
only site
Dual Stack
IPv4 address depletion in 2011
Endpoint IPv6 on & preferred
National IT Strategy
Infrastructure Evolution
*roadmap
Catalyst 4900 Top of Rack Portfolio
1
0

G
E

A
c
c
e
s
sFiber Access
1

G
E

A
c
c
e
s
s
Copper Access
16X 10GE-T, 8X 10 GE Fiber
Bandwidth 320Gpbs
Cisco Catalyst 4900M
New
Full featured 1Gig server access
Double the uplink capacity
Datacenter optimized airflow
Netflow lite
Cisco Catalyst 4948E
Cisco Catalyst 4900M
1G / 10G modular flexibility
Optimized for middle of the row
Non blocking north to south
24X 10 GE
Bandwidth 320Gpbs
Cisco Catalyst 4900M
Cisco Catalyst 4948
Datacenter grade
Redundant power and cooling
Full L2/3 features
Line-rate Multicast
10GE Uplink GE Uplink
New
Cisco

Catalyst 4900M
8-Port 10GBase-T Line Card
Deployment Areas
Data Center Access
Data Center Distribution
Key Features
8 port, 2:1 oversubscribed 10GBase-T line card
1/10GE auto-negotiating
802.3an compliant
Up to 100 meters reach
Same fit form and function as other half cards for the Catalyst 4900M
Interoperability works with all 802.3an standard NIC and MAC
Cisco Catalyst 6500 Update
Miroslav Brzek
mibrzek@cisco.com
Cisco Catalyst 6513-E Series Switch
Density & Scalability (w/Sup2T)
80 Gbps on all 13 slots
2 Tbps system performance scaling to 4 Tbps with VSS
Up to 180 ports of 10G and 534 ports of 1G per System
Superior PoE/ePoE Capacity
500+ PoE/ePoE Support per System
Maximum Power 14,500 W
Ease of Manageability
Rear-serviceable fan tray
Ideal for deployment in 2-post racks
Catalyst 6513-E chassis paving the way to 2 Terabits
switching !
List Price $16,000
16 Port 10G Copper
16-Port 10Gbase-T Module
Feature Highlights
16 ports of 10Gbase-T IEEE 802.3an compliant
40G Fabric Interfaces Compatible with Sup2T and Sup720
Copper-based Virtual Switch Link (VSL) Support
387 Watt of Power Usage per Card
Network Design Validation
Borderless Network Campus 1.0
Design Guide
Interoperability
Interoperability works with all
802.3an standard NIC and MAC
First Modular Platform in industry to ship 10G Copper !
WS-X6716-10T-3C
List Price $22,500
WS-X6148E-GE-45AT
48-Port 1G PoE+ capable (IEEE 802.3at)
Feature Highlights
48 port 10/100/1000 RJ45 PoE/ePoE & PoE+
Field upgradable PoE+ daughter card
PoE/ePoE & PoE+
500+ PoE/ePoE support at FCS
PoE+ capable
Investment Protection
Supported by future Sup2T
500+ PoE/ePoE in a fully configured 6513-E chassis!
Side to Side Airflow Chassis: 6509E
Supervisor: VS-Sup720-10G
6000W AC Dual Power supply &9E Fan Tray
WiSM
FWSM
1G
10G
2 * FWSM Modules
20 VC License, 2M Concurrent Connections
1 * WiSM Module
8G G, 300AP, 10, 000 clients
16 port 4:1 oversubscribed 10G module
OR
24 port 1GSFP module
Borderless Services Node
Product SKU Whats
Included
List Price Bundle Price Service
Pricing
8X5XNBD
BSN09E-
VS720-10G
WS-C6509-E
2 * WS-CAC-6000W
WS-C6509-E-FAN
VS-S720-10G-3C
2 * WS-SVC-FWM-1-K9
2 * FR-SVC-FWM-VC-T1
WS-SVC-WISM-1-K9
WS-X6716-10G-3C
IP Services Software
$239,000 $160,000 $13,440
BSN09E-
VS720-1G
WS-C6509-E
2 * WS-CAC-6000W
WS-C6509-E-FAN
VS-S720-10G-3C
2 * WS-SVC-FWM-1-K9
2 * FR-SVC-FWM-VC-T1
WS-SVC-WISM-1-K9
WS-X6724-SFP
IP Services Software
$214,000 $140,000 $11760
Borderless Services Node
Pricing
33% Off
35% Off 35% Off
26% Off
Data Center Services Node
Aggregate list price (w/o discount) - $325K
9-slot Bundle list price : $180K
6-slot Bundle list price : $175K
3 * FWSMModules
1 * ACE20Module (16 Gbps License)
20 Virtual Contexts (FWSM&ACE20)
Side to Side Airflow Chassis: 6509E/6506E
OR
Front to Back Airflow Chassis: 6509-V-E
Supervisor: Sup720-10G
4 port non-blocking 10G module
Flexible Power Supply option (AC or DC)
45% OFF
N
e
t
w
o
r
k
S
e
r
v
i
c
e
s
P
r
i
c
i
n
g
Catalyst 6500 Next Generation Platform
2 Terabit
Switching
10G &40G
interfaces
Next Gen
Services
Features
Scalability
Next-Generation 6500 Platform Components
80 Gbps Backplane
Earl 8 Lite and Heavy Versions
X2 Transceiver Form Factor or SFP+ with
OneX Adapter
CTS and L2 Encryption IEEE 802.1ae on all
ports - wire speed
Virtual Switch Link supported on all ports
OTV and LISP Ready
IEEE 802.3ba Standard Compliant
80Gbps Backplane
CFP Transceiver Form Factor
Earl8 Lite and Heavy Versions
Convertible to 16p 10GbE ports via SFP+ via FourX
Adapter
CTS and line rate 10G/40G L2 encryption
Virtual Switch Link supported on all ports
OTV and LISP ready
Sup 2T
8 Port 10GbE 1:1
(2QCY2011)
Sup2T Target Release 2QCY2011
Target Release 2HCY2011
4p 40GbE or
16p 10GbE 2:1
PFC4 - Hw Feature Summary
PFC4 - Default PFC (EARL8)
FIB & Netflow @ 256K entries
PFC4XL - Upgrades FIB &
Netflow Table to 1M entries
PFC4
Increased MAC Table (128K)
L2 Bridge Domains (16K)
L3 Logical Interfaces (128K)
Increased Forwarding (60Mpps)
Increased Throughput (80Gbps)
Scalability
Native (H)VPLS
MPLS Aggregate Labels (16K)
Multi-point EoMPLS
L2oGRE
VRF-based NAT & FnF
Virtualization
IPv6 Tunneling in FIB
Unicast RPF for IPv6
IPv6 Multicast in FIB
512K Multicast Routes
IGMPv3 / MLDv2 Snooping
IP Routing
Cisco TrustSec & SGACLs
Increased ACL TCAM (256K)
Increased ACL Labels (16K)
Per-Port / Per-VLAN QoS
Distributed Policers (512)
QoS & Security Flexible Netflow (FnF)
Egress Netflow
L2 (per VLAN) Netflow
TCP Flags
Per-Protocol Counters
Monitoring
New & Improved
NDA Material
VSS Quad-Sup Uplink Forwarding
VSS Quad-Sup design significantly improves
network downtime.
Inter-chassis redundant supervisor minimizes
impact on network capacity.
Provides flexibility to utilize all 10G & 1G stand-by
supervisor uplink ports.
100%
50%
0%
Network Impact with Single-Sup
Single-Home Devices
MEC (Dual-Home) Devices
Supervisor Failed
100%
50%
0%
Network Impact with Dual-Sup
Un-deterministic Network
Recovery *
Deterministic
Network
Recovery
VSS Domain
Active
Warm
Standby
Hot
Standby
Warm
Standby
New
12.2(33)SXI4
Catalyst 6500 12.2(33)SX IOS Roadmap
VSS
Service Modules FWSM, IDSM,
WiSM, ACE
512 MECs
High Availability
EFSU
GLBPv6, HSRPv6
Multicast HA Support for group to
RP mappings
SXI1
VSS in IP Base
SXI2a
X2-SFP+
6000W PS
SIP-400 1x10GE
CSM and SSL Module
IPv6 with VSS
MPLS with VSS
BFDSSO
802.1agCFM Draft 8.1
SXI3 and beyond
Patching Deprecated
New Safe Harbor
12.2(33)SXI
Shipping
Hardware
ES+XT-4TG3C (and XL) 4x10G
Hqos
AVM (App Visibility and Monitoring)
NAM10 Service Module Support
new 10G WISM
X2 10GBase-T
Borderless Networks and DC
NEAT
mLACP (for L2 access ports)
256 Port channels (from 128 today)
Multi-auth with VLAN
Assignment/VMs
NTPv4 for IPv6
TACACS+ for IPv6
EoMPLS NSF/SSO
Energywise Phase III
VRF/VLAN Aware TrustSec
Storm control errdisable & SNMP
trap
10GDCI Leadership
ES40 VSS Support
ES40 with A-VPLS/A-VPLS over
GRE
VSS - IPSec Support VPN SPA
Flexible VLAN translation
VPLS IRB/SVI Routing Feature
12.2(33)SXJ
FCSApril CY2011
Hardware
16 Port 10G Base T
ACE-30
48 Port 1GPoEP Capable LC
VSS
VSSQuad Sup Uplink Forwarding
SIP-400 on VSS
Borderless Networks
SAF
EnergyWise Ph. I & II
MPLS Egress Netflow
TrustSec 1.5
IPv6 and Multicast
PACL for IPv6
RA Host Guard Mode for IPv6
Multicast NAT Service Reflect
DCI Leadership
VPLS Mac Address Withdrawal
Active/Active Load Balancing for
VPLS/VPLSoGRE aka FAT PW
VPLS HA (NSF/SSO)
Enterprise-Friendly CLI for DCI
12.2(33)SXI4a
Shipping
Available Today
Netflow Innovations
Sup2T with PFC4/DFC4 scales up to 13M Netflow
entries for virtualized environments
Scale
Sup2T with CPU-bound NDE to provide more
optimal CPU utilization
CPU
Sup2T supports hardware-based sampling methods
for high-flow backbone environments
Sampled
Netflow
Sup2T can support flow collection in both ingress
and egress directions for multi-protocols (IPv4,
IPv6, multicast, MPLS)
Multi-
protocol
Sup2T supports Flexible Netflow (FNF) which offers
the ability to monitor a wider range of packet
information and eliminating flow mask conflicts with
other features
Flow
Mask
Rigidity
Trustsec on 6500
Identity-enabled network services architecture for the Borderless Network
802.1X
Protected
Resources
IP Phones
Supplicant
Users,
Endpoints
Guest User
Source SGT Assignment via
802.1X, MAB, Web Auth
SXP
SXP
IP-SGT Binding
Exchange vis SXP
Sup2T applies SGT
SGACL Enforcement
Encryption Link to Link* and
Downlink (MACSec)
SGT Assignment
SXP (SGT-IP Binding)
Authentication via 802.1x, MAB, WebAuth
NEAT, Multi Auth, MAC move, MAC Replace, Identity Port Mapping
Identity
Encryption
802.1 AE (key mgt) SAP
802.1x REV MKA (2012)
SGACL
(a.k.a. RBACL)
Subnet to SGT Mapping
VLAN to SGT mapping,
L2/L3 SGT Handling
L2 RBACL, IPv6 RBACL,
VRF/VLAN aware TrustSec
FIPS 140-2 Compliant
Linksec for VSL
Supported on
8p 10G 1:1 LC at line rate
4p 40G 2:1 / 16p 10G 2:1
Sup2T Uplinks
Ready for Trustsec in CY11
MPLS-based LAN Extensions
MPLS
IP
DC-2
Vlan 1-1000
DC-1
EEM
STP
EEM
STP
Vlan 1-1000
Vlan 1-1000
Main Issues
#1. Complex Edge Redundancy
#2. Sub-optimal Bandwidth Utilization
#3. VPLS Configuration Complexity
The A-VPLS Virtual Ethernet Solution
nPE
Agg
Agg
nPE
VSS system
Agg
Agg
IP/MPLS Cloud
Agg
Agg
VSL
VSL
VSS system
Up to 8 equal cost paths between any two sites
Flexible transport: IP or MPLS
Representation via a single Virtual Ethernet interface
Loadbalancing at L2/L3/L4
LSP/GRE
Tunnel
A-VPLS (FAT) Pseudowire Single Virtual Ethernet across Multiple Interfaces
Efficient Load Balancing
Advanced VPLS (A-VPLS)
Leverages VSS MEC for DCI
L2/L3/L4 Flow Based Balancing
Simplified Edge Redundancy
Optimal Bandwidth Utilization
Flexibility to trunk VLANs over either an MPLS or IP
transport easily
Sub-1 second fail-over
Integration with existing VPLS solutions