* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download tech brief - Arrow ECS
Zero-configuration networking wikipedia , lookup
Wireless security wikipedia , lookup
Passive optical network wikipedia , lookup
Airborne Networking wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Computer network wikipedia , lookup
Distributed firewall wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Internet protocol suite wikipedia , lookup
Power over Ethernet wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Point-to-Point Protocol over Ethernet wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Nonblocking minimal spanning switch wikipedia , lookup
Network tap wikipedia , lookup
Deep packet inspection wikipedia , lookup
Spanning Tree Protocol wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
TECH BRIEF The BlackDiamond 6804: One Small Switch from Extreme, One Big Boost for IT Pros Bigger is better? Just try telling that to an IT manager attempting to cram another piece of gear into an overcrowded wiring closet. At that point, small isn’t just beautiful, it’s also smarter. Extreme Networks® has something much more effective than a shoehorn or a sledgehammer for the spatially challenged. Introducing the four-slot BlackDiamond® 6804, the newest—and smallest—member of Extreme’s family of highly resilient Ethernet switches. Don’t confuse proportions with performance: The only thing undersized about the 6804 is its form-factor. Like its bigger brothers, it delivers wire-speed performance; scales seamlessly from 10 Mbps to 10 Gbps; offers a wealth of interface options; provides the industry’s most sophisticated Policy-Based Quality of Service (QoS); is engineered for maximum redundancy and reliability; and furnishes airtight security—including Network Login, Extreme’s pioneering authentication scheme. In fact, given its abilities, the 6804 doesn’t have to be restricted to the wiring closest. It’s equally at home in small data centers, on the edge of midsized enterprise networks, at remote offices and in R&D labs, where space is typically in short supply. It also can be used to aggregate traffic when oversubscription ratios aren’t excessively high. Actually, there is one difference between the 6804 and its bulkier brethren: the price of entry. Other than that, it’s pure BlackDiamond. And that’s very good news for Extreme customers who’ve already deployed 6808s or 6816s. Since all BlackDiamonds accept the same blades, management switch fabric modules (MSMs), power supplies, and gigabit interface connectors (GBICs), that can add up to some serious savings thanks to recycling (sparing). And with one switch series in place, IT managers don’t have to maintain separate inventories—another savings in investment and resources. What’s more, the 6804 runs the same ExtremeWare® software and uses the same Infrastructure & Services Management software suite found on all Extreme switches, thus ensuring consistent services and management across the enterprise. It’s also built around the “i”-series chipset that powers virtually every Extreme product. This sort of end-to-end thinking is nothing new for Extreme. Like its enterprise customers, Extreme understands that applications and services are no better than the networks they run on. By giving IT managers some common, easy-to-use management tools and utilities, Extreme frees them to concentrate on their real tasks: supporting and developing corporate apps. Further, by ensuring that BlackDiamond components are truly interchangeable, Extreme makes certain that enterprise networkers get the most bang for their budget. There’s another reason to go with a BlackDiamond: As the core of the Extreme product line, these switches are always first in line for the most advanced modules—like 10 Gigabit Ethernet. Meet the Family The BlackDiamond product line comprises three modular chassis. At 11 rack units, the 6804 features four slots for I/O modules, two for MSM, and two bays for load-sharing power supplies. Slotting in redundant supplies and management modules boosts switch reliability. Further, the power supplies and MSMs are hot swappable; they can be replaced in a matter of minutes while the 6804 keeps working. The 6804 also features a passive nonblocking 64 Gbps backplane; since there are no active components, there’s nothing to fail—increasing reliability even further. Fully equipped, the 6804 delivers 384 10/100 Mbps ports or 32 Gigabit Ethernet ports or four 10 gig ports and can process 48 million packets per second. At 15 rack units, the 6808 furnishes eight slots for switching modules, along with two for MSMs and two bays for redundant power supplies. Its 128 Gbps passive nonblocking backplane—and its ability to accommodate 672 10/100 Mbps ports, 64 Gigabit Ethernet ports, or eight 10 gig ports—make it ideal for heavy-duty aggregation. That enables enterprise networkers to deal effectively and cost-efficiently with oversubscription, which can easily reach ratios of 20-to-1, 30-to-1 or higher. And the fact that the 6808 churns through 96 million packets per second also explains why many companies deploy it in their data centers. TECH BRIEF The BlackDiamond 6804: One Small Switch from Extreme, One Big Boost for IT Pros That leaves the 35 rack-unit 6816, the behemoth of the BlackDiamond family. It boasts a 256 Gbps passive nonblocking backplane, four MSMs, and four redundant power supplies for quad redundancy. With its 16 slots loaded to the hilt, it can accommodate 1,440 10/100 Mbps ports, 192 Gigabit Ethernet ports, or sixteen 10 gig ports, which makes it the chassis of choice for heavy-duty data centers, supercomputing clusters, and other high-performance, high-availability apps. Its ability to rip through 192 million packets per second doesn’t hurt either. The Interface Angle Enterprise networkers who need easily scalable Ethernet will find everything they want—and then some—in the BlackDiamond blades. They can slot in 10/100 Mbps, 1 gig or 10 gig where and when needed. Extreme never forces them to buy more bandwidth than they really require or get caught short when it comes to capacity. BlackDiamond blades also offer a broad range of connectors and configurations. For example, the F96Ti supplies eight RJ-21 (50pin) connectors. Since each RJ-21 can accommodate a dozen 10/100 Ethernet ports, the module supports 96 Ethernet ports all told, which takes the challenge out of achieving massive connectivity. The F48Ti, in contrast, packs 48 RJ-45 connectors, each of which provides a single Ethernet port. If more throughput has to be on tap, the G8Xi accepts eight 1 gig GBICs, optical connectors that enable BlackDiamonds to work with both single-mode and multimode fiber. Extreme’s multimode-fiber GBIC can be extended to 550 meters; its single-mode counterparts reach 70 kilometers (ZX GBIC) or 100 kilometers (LX100 GBIC). It doesn’t make any difference if bandwidth is needed down the hall, across the campus, or at a remote site, the BlackDiamond can go the distance. And when only a really fat pipe will do, the BlackDiamond is ready, willing, and able. Its one-port 10GLRi pumps out 10 Gbps and drops right into the 6804, 6808, and 6816, all with a reach of up to 10 kilometers. In fact, the 6816 can be populated with sixteen 10 gig blades, more than enough bandwidth to meet the needs of the largest enterprise today—and tomorrow. And as noted, 10 Gigabit Ethernet is only available on the BlackDiamond. What about 10 gig GBICs? None are planned, but the XENPAK (pronounced “zenpack”) spec will allow different optical interfaces to be hot-swapped into a 10 Gigabit Ethernet switch, allowing it to work with multimode and single-mode fiber for short and long hauls. Extreme was one of the earliest backers of XENPAK and is a member of the XENPAK Multisource Agreement (MSA), a consortium of vendors and customers. A Lasting Legacy? Extreme also understands that enterprise networkers aren’t only running Ethernet—at least not yet. At many organizations, it’s Ethernet from the wiring closet to the workstation and asynchronous transfer mode (ATM) from the wiring closet to the backbone. In some cases, IT managers bought heavily into ATM when it looked like the technology of tomorrow. In others, they inherited legacy apps and infrastructure from their predecessors. Either way, no company can afford to walk away from its installed base—especially now that IT budgets are flat or falling. Thanks to Extreme, they don’t have to. Its four-port OC-3 ATM module lets Ethernet and ATM exist side by side in the enterprise. That doesn’t just protect legacy investments, it lets IT professionals stop funneling funds into a technology that has no long-term future on corporate networks. In fact, Extreme even has worked out a migration strategy that makes the cutover from ATM to Ethernet as painless as possible. There’s just one thing to keep in mind: The OC-3 ATM module—like the 10 gig blade—is only available for the BlackDiamond. The QoS Conundrum It doesn’t matter how much bandwidth is blasting through the pipe, however; if IT managers can’t make full use of it they’re wasting their money. And as contradictory as it sounds, the bigger the pipe, the more they need Policy-Based QoS. Page 2 TECH BRIEF The BlackDiamond 6804: One Small Switch from Extreme, One Big Boost for IT Pros Here’s the skinny: Enterprise networks are already supporting a maddening mix of applications and services, each with its own requirements. Letting bursty web traffic share a 1 Gbps or 10 Gbps link with delay-sensitive apps like voice over IP (VoIP) or enterprise resource planning (ERP) only guarantees one thing. The bursty data will grab as much of the throughput as it can, while the delay-sensitive services will slow to a crawl—if they run at all. Further, many legacy apps like IPX databases, which were intended to stay strictly local, simply can’t stand up to enterprise-level latencies. Of course, these are inevitably the missioncritical services that no one in IT has had time to port over to another protocol. That’s where Extreme’s Policy-Based QoS comes into play: It offers intelligent bandwidth management and bidrectional traffic shaping to ensure that every packet gets precisely the processing it needs. What’s more, since every port on every BlackDiamond blade has eight individual queues, packet prioritization is never a problem. And IT managers can independently set the bandwidth consumption, latency, and jitter of every queue, allowing them to fine-tune performance parameters to an extraordinary degree. QoS Up Close Let’s get a little closer to Extreme’s Policy-Based QoS: Intelligent bandwidth management makes it possible to control the latency and jitter of every packet stream passing through the BlackDiamond. That’s obviously good news for delay-sensitive apps like voice and video. But extending broadcast domains and virtual LANs (VLANs) over long distances also creates delay. Some apps, like storage, assume they’re on a single subnet and expect rapid response times. Latency can lead to false errors and session timeouts or can kill these apps entirely. Bidrectional traffic shaping, meanwhile, lets IT managers set maximum throughput thresholds for any type of traffic. This prevents aggressive apps from consuming more than their fair share of bandwidth and starving off better-behaved applications (and TCP is courteous to a fault). Setting thresholds is fine, but what happens to the packets that cross the line? Instead of simply dumping the overflow, the BlackDiamond buffers the packets until traffic eases up and then forwards them to their destinations. In addition, Extreme allows bandwidth not being used by one traffic type to be employed by another, rather than sitting idle. Even at 10 Gbps, the BlackDiamond makes every packet count. What’s more, every BlackDiamond can access QoS intelligence available at Layers 4-7, whether it’s switching at Layer 2 or routing at Layer 3. Extreme also fully supports the industry’s two QoS standards: IEEE 802.1p and IETF IP DiffServ. That means every BlackDiamond can instantly identify and apply these mechanisms, ensuring that predetermined service classes are always honored. Finally, every BlackDiamond can implement all its Policy-Based QoS capabilities at full wire speed, so there’s never a tradeoff between protecting packets and performance—whether IT managers are working at 10 Mbps or 10 Gbps. Old Faithful Business networks are in service 24/7/365. That’s why Extreme engineers its BlackDiamond to make resiliency a reality. At the physical level, the BlackDiamond 6804 and 6808 can be equipped with fully redundant, load-sharing power supplies. As noted, the 6816 has four supplies, to achieve quad redundancy. And since all supplies are hot swappable, there’s no need to power down the box if a new supply needs to be slotted in. Further, load-sharing supplies are generally under less stress and last longer than conventional units. The same sort of attention to reliability can be seen in the redundant (or quad redundant) management modules. Here again, if one MSM goes down, the others pick up the slack until a replacement can be hot-swapped in. At Layer 1, the BlackDiamond delivers three redundancy mechanisms. For starters, there’s Extreme’s implementation of IEEE 802.3ad link aggregation, which trunks up to eight links into a single logical connection. If any individual link fails, the BlackDiamond’s subsecond recovery time ensures that traffic will be instantly shared across the remaining links. Page 3 TECH BRIEF The BlackDiamond 6804: One Small Switch from Extreme, One Big Boost for IT Pros The BlackDiamond also can define redundant ports, either in hardware or software. If the primary port goes down, traffic is immediately shunted to the backup, so there’s no interruption in service. Extreme’s SmartRedundancy™ is similar but a bit brighter. It also lets IT managers designate a standby port in software, but when the failed link is repaired SmartRedundacy shifts traffic back onto it—once again making the most out of every connection. Two True At Layer 2, Extreme takes an equally extensive approach to redundancy and reliability. To begin with, the BlackDiamond runs Ethernet Automatic Protection Switching (EAPS™), a recovery mechanism for ring-based topologies. Like spanning tree, EAPS is a loop prevention scheme, but the resemblance ends there. EAPS delivers subsecond convergence around failures; spanning tree needs 30 seconds or more for the same task. What’s the secret to its speed? EAPS implements a single master on a single switch. All other BlackDiamonds on the network make forwarding decisions in hardware based on link state. Spanning tree, in contrast, runs on every switch; hundreds or even thousands of instances of the algorithm could need to be coordinated. This also explains why EAPS, which can scale to thousands of VLANs, is far more stable than spanning tree. Finally, EAPS enables spatial re-use, which means that every link can carry traffic. None of this is to suggest that Extreme has ignored IEEE 802.1D spanning tree, the most common Layer 2 redundancy mechanism. Actually, it’s improved on it with its Extreme spanning tree extensions, a software suite that cuts spanning tree recovery times to less than a second. In addition, the Extreme spanning tree extensions can use spanning tree’s standby port for active transmissions, boosting uptime and throughput. Third Base And how does the BlackDiamond fare at Layer 3? At Layer 3, the BlackDiamond routes traffic over multiple paths that are updated dynamically to reflect network trouble spots. Thus, if a link or port goes out of service, packets are automatically routed around the failure, once again increasing availability and uptime. Extreme implements two Layer 3 reliability mechanisms: Equal cost multipath (ECMP) and the Extreme Standby Router Protocol (ESRP™). ECMP routing ensures that redundant paths are always open. When the backup path isn’t needed, ECMP shunts traffic over it, effectively doubling available bandwidth. ESRP also is a redundant-path scheme—one that works at both Layer 3 and Layer 2. At the higher layer, ESRP establishes one active path for each VLAN, as well as one or more standby paths. The key point here is this: If one switch fails, the standby router transparently takes over by assuming the IP and MAC address “identity” of the failed switch. At Layer 2, its approach to redundancy is similar to spanning tree, except that its recovery rate ranges from two to six seconds. So how does ESRP compare to VRRP? VRRP was designed to support older shared-LAN environments made up of hubs and legacy routers, not today’s switched broadband infrastructures. Also, VRRP assumes that if any link to a subnet is active, the router has access to the entire subnet. While this assumption may have been valid for legacy shared LANs, it does not result in very intelligent failover decisions for switched infrastructures. Today’s networks use intelligent switches and routers, which may require multiple router ports to connect with a single subnet. Dual-homed configurations are commonly used to provide high availability by eliminating single points of failure. ESRP makes smarter decisions when link failures occur because it was designed with today’s switched infrastructures in mind. For example, ESRP counts the number of links active in an ESRP VLAN and determines the primary/backup router status based on this metric, always keeping the maximum number of connections as the primary device. In this scenario, ESRP would determine that the backup router has more active links to the VLAN and would therefore initiate a failover to the backup router. This decision preserves connectivity to the entire VLAN. Page 4 TECH BRIEF The BlackDiamond 6804: One Small Switch from Extreme, One Big Boost for IT Pros It can also use the status of a set of learned routes or a router uplink port as a metric when making a failover decision. When an uplink failure occurs on an active router, ESRP initiates a failover to the backup router that has an active uplink. To round out its offerings at Layer 3, BlackDiamond supports all industry-standard routing protocols: For IP unicast that includes open shortest-path first (OSPF), routing information protocol (RIP) versions 1 and 2, and the border gateway protocol 4 (BGP4) for either the exterior border gateway protocol (EBGP) or the interior border gateway protocol (IBGP). For the new breed of applications based on IP multicast, the list includes distance vector multicast routing protocol (DVMRP) and protocol independent multicast dense mode (PIM-DM) and PIM sparse mode (PIM-SM). And of course, all the multicast streams are delivered at wire speed. Playing Safe When every week seems to bring news of another seemingly unstoppable virus or costly denial-of-service (DoS) attack, IT managers have good reason to lay awake at night. Extreme’s BlackDiamond could be just what they need to get some sleep. For starters, ExtremeWare can stop DoS attacks dead, thanks to wire-speed, layer-independent Policy-Based QoS and access control lists (ACLs). For example, enterprise networkers can create security profiles that limit top throughput, working with the same simple tools used to set other policies. Since many DOS attacks attempt to flood servers with packets, security profiles prevent hacks from bringing servers down by discarding traffic once the predefined threshold is reached. ExtremeWare also gives IT managers the ability to create access lists based on IP addresses and subnet masks. These lists can be used to make filtering and forwarding decisions; as many as 1,000 rules can be defined and applied at wire speed. In fact, BlackDiamonds—like all other Extreme switches—execute all authentications and lookups at wire speed. In addition, route maps can be used to control which route information is learned from neighboring routers. At Extreme, protection never exacts a performance penalty. Login Logistics BlackDiamond’s security strengths don’t stop there. It implements Extreme’s innovative Network Login, which prevents unauthorized network access by requiring users to submit a username and password that are verified by a Remote Authentication Dial-In User Service (RADIUS) server. Until RADIUS gives its okay, users can communicate only with the switch; there’s no way to gain entry to network resources. What sets Network Login apart from other authentication schemes is that it’s built on a completely centralized database. That gives authorized personnel the freedom to access the network from anywhere—headquarters, remote sites, home, or on the road. Also, centralization means enterprise networkers don’t have to deploy authentication software to every desktop, simplifying troubleshooting and upgrades. Network Login also gives IT managers the choice of using Terminal Access Controller Access Control System (TACACS++) rather than RADIUS. TACACS++ (IETF RFC 1492) is based on TCP and validates every user on an individual basis, including administrators. This affords an additional layer of protection. Let’s Get Virtual To make sure that prying eyes inside or outside of a company don’t see more than they should, BlackDiamonds can implement IEEE 802.1Q VLANs and Layer 2 virtual private networks (VPNs). VLANs isolate traffic flows, keeping private information private. They also segment a network, which helps minimize damage if an attack occurs. And Extreme’s switches have been rigorously tested to ensure that packets stay on their own VLANs, thus eliminating the security risks associated with so-called leaky VLANs. Layer 2 VPNs enable encrypted traffic to travel securely over a public network, such as the Internet. Using the Internet as a communications backbone to tie together far-flung sites is a lot cheaper than leasing private lines, so IT managers can save money without scrimping on security. Page 5 TECH BRIEF The BlackDiamond 6804: One Small Switch from Extreme, One Big Boost for IT Pros Finally, ExtremeWare itself offers a double layer of protection. Only specifically authorized personnel can designate and verify network administrators, who handle everyday tasks like setting user profiles, adding and deleting users, and changing passwords. To keep things as locked down as possible, Secure Shell 2 (SSH2) is employed to encrypt telnet sessions between an administrator and a switch. Keep It Simple Despite its array of advanced features, the BlackDiamond is remarkably simple to deploy, maintain and manage. What’s the secret to its simplicity? The answer is a consistent software architecture that spans the entire network. And Extreme delivers it via the Infrastructure & Services Management (ISM) software portfolio, which oversees the Layer 2-7 applications infrastructure. At the heart of ISM is the ExtremeWare software that runs on all of Extreme’s “i”-series switches. It delivers the uncompromising routing performance, capacity control and security for today’s enterprises using standards-based multilayer switching and PolicyBased QoS. Deploying consistent ExtremeWare software network-wide means plug-and play compatibility and stable wire-speed performance on BlackDiamond, as well as Extreme’s Summit™ and Alpine™ switches. For network management, there’s EPICenter®, a web-accessible suite of utilities that keep IT managers in the know about trouble spots by automatically detecting faults, issuing alarms and reporting statistics—in real time, so fixes don’t take forever. The configuration manager, for example, takes the effort out of setting up BlackDiamonds and third-party devices. It also archives configurations, giving IT managers a failsafe way to fall back to an earlier implementation. The big picture is provided by the topology tool, which hierarchically displays device connectivity on a series of map and submaps. ExtremeView™, meanwhile, delivers detailed stats about every port on every BlackDiamond, while the MAC/IP address finder maps IP and media access control (MAC) addresses to any port, cutting down on configuration errors and enabling far more efficient troubleshooting. The policy manager, as the name suggests, enables IT managers to establish and enforce policies at Layers 1-4, regardless of whether a BlackDiamond is switching at Layer 2 or routing at Layer 3. The policy manager also allocates bandwidth and prioritizes applications, ensuring that mission-critical traffic is never slowed or shunted aside in favor of less important apps. That leaves ServiceWatch®, a powerful software component that monitors applications at Layers 4-7—from the end-user’s perspective. ServiceWatch also makes it possible to pinpoint exactly the source of a problem, whether it’s a sluggish server or a balky back-end database, speeding troubleshooting and putting an end to finger pointing. What’s more, if application response time falls below a specified level, ServiceWatch immediately notifies the IT manager via e-mail, pager, or on-screen alert. And when ServiceWatch is teamed with Extreme’s SummitPx1™ Application Switch, it can actually power down servers that appear to be functioning fine but are actually limited by faulty back-end systems. The Extreme Advantage The BlackDiamond isn’t just a family of Ethernet switches that offers unprecedented Policy- Based QoS, matchless modularity, unsurpassed security, and unbeatable bandwidth. It’s the heart of Extreme’s Ethernet Everywhere® philosophy, a global blueprint for the future that puts the most flexible, cost-effective products and services at the disposal of IT managers. Extreme delivers a unified, ultra-high-performance solution that scales simply and cost-effectively from 10 Mbps to 10 Gbps, regardless of transport or topology. The result: IT managers have an effortless migration strategy that lets them step into tomorrow at their own speed. 3585 Monroe Street Santa Clara, CA 95051-1450 Phone 408.579.2800 Fax 408.579.3000 Email [email protected] Web www.extremenetworks.com © 2002 Extreme Networks, Inc. All rights reserved. Extreme Networks, BlackDiamond, Summit, Summit7i, ExtremeWare, ServiceWatch, Extreme Ethernet Everywhere, Ethernet Everywhere, Extreme Velocity, Extreme Turbodrive and the color purple are registered trademarks of Extreme Networks, Inc. in certain jurisdictions. Alpine, ExtremeWare Vista, Extreme Standby Router Protocol, ESRP, Summit1i, Summit4, Summit4/FX, Summit5i, Summit24, Summit24e2, Summit24e3, Summit48, Summit48i, SummitLink, SummitGbX, SummitRPS, SummitPx1, PxSilicon, EPICenter, vMAN, the BlackDiamond logo, the Alpine logo and the Extreme Networks logo are trademarks of Extreme Networks, Inc., which may be registered or pending registration in certain jurisdictions. ExtremeWorks, the Extreme Turbodrive logo and the Go Purple-Extreme Solution Partner logo are service marks of Extreme Networks, Inc., which may be registered or pending registration in certain jurisdictions. All other registered trademarks, trademarks and service marks are property of their respective owners. Specifications are subject to change without notice. L-TB-BD04ENT-205 Page 6