420 likes | 1.01k Views
Summit ® X350. Introducing Value Edge Switch Series from Extreme Networks ® Automate Edge Deployment. Agenda. Extreme Networks ® Summit ® switch portfolio overview Introducing Summit X350 series Optimized services for Enterprise wiring closet edge Comparison. 10/100 Edge. Summit X250e.
E N D
Summit® X350 Introducing Value Edge Switch Series from Extreme Networks® Automate Edge Deployment
Agenda • Extreme Networks® Summit® switch portfolio overview • Introducing Summit X350 series • Optimized services for Enterprise wiring closet edge • Comparison
10/100 Edge Summit X250e Fiber PoE Summit X350 Summit X150 PoE Summit & BlackDiamond 8800 Core & Data Center c-series BlackDiamond® 8800 a-series Aggregation SummitStack Gigabit Aggregation Fiber Summit® X450a NEBS-1 DC Fiber DC AdvancedEdge Gigabit Edge Summit X450e TAA BlackDiamond 8800 e-series DC PoE TAA PoE ValueEdge ExtremeXOS™
Summit® Product Portfolio Gigabit Ethernet Summit X450a series Advanced Aggregation Fast Ethernet Summit X450e series Summit X250e series Advanced Edge/Access Summit X350 Series Summit X150 Series Value Edge/Access
Summit X150/Summit X350NEW / Value Edge • Ideal for cost effective edge connectivity for static environment • ExtremeXOS™ scripting for ease of rapid deployment and management • ExtremeXOS modular operating system from backbone core down to value edge Summit X450e/Summit X250e / Advanced Edge • Ideal for the intelligent edge where multiple differing devices are connected • Universal Port to support dynamic changes • SummitStack 40Gbs stacking support Summit® X450a / Advanced Aggregation • Ideal for Network Aggregation and Server Aggregation • Highly scalable H/W resources to meet requirements • SummitStack™ 40Gps stacking support Extreme Networks® Comprehensive Fixed Configuration Switch Series
Simple Differentiation Between Product Series Core Summit® X450a Higher scale H/W (LPM, MAC, Buffer) EAPS-Full, PIM-SM/DM Full, OSPFv2/v3 IS-IS, BGP4, MBGP, BGP4+ Core License upgrade Adv Edge OSPFv2 Edge, PIM-SM Edge VRRP, ESRP Adv Edge License upgrade L3-Edge Summit X250e/Summit X450e Layer-3 unicast and multicast routing for IPv4 and IPv6 RIPv1/v2, RIPng, 6-to-4 and IPv6-in-IPv4, UDP forwarding SummitStack, Universal Port, Disable ARP, DHCP Option-82 L3-Edge L2-Edge Summit X150/Summit X350<All Layer 2-based feature sets> L2 switching with L2-L4 packet classification and 8 hardware queues for QoS with CIR/PR settings per queue 802.1D/w/s STP, EAPS Edge, VLAN (port, protocol, tag), 802.1ad, ACLs with Policy-based Switching sFlow, many-to-one, one-to-many mirroring, monitoring, Scripting, XML, SNMP, etc. L2-Edge Consistent from Core to Edge with ExtremeXOS™ operating system and hardware behavior
Value Edge Switch Summit X350 switch is ideal for the Enterprise edge where there is sparse user population and a less dynamic environment Entry level, stand-alone Gigabit Ethernet edge/access switch Provides Ease of Deployment/Management Summit X350 offers industry leading manageability by offering End-to-End ExtremeXOS™ Scripting for automated deployment ExtremeXOS™ ScreenPlay™ feature rich web-based management Feature Richness Summit X350 is an affordable yet highly intelligent L2 switch 8 hardware queues per port ASIC to support both IPv4/v6 traffic for packet classification (ACL) sFlow traffic sampling in hardware What is Summit® X350?
Product: Summit® X250e (10/100) Summit X450e (Gigabit) Ideal application: The enterprise edge where multiple types of devices to be connected Density from 10-200 devices The network enabled devices to move around the ports Automate network deployment and operation Scripting and Universal Port Product: Summit X150 (10/100) Summit X350 (Gigabit) Ideal application: The enterprise edge to provide basic connectivity Density from 10-48 per switch The network deployment is more static, pre-provisioned Automate network deployment Scripting Advanced Edge and Value Edge Switches Advanced Edge Switches Value Edge Switches
Summit® X350 Series Switches 24-port 10/100/1000BASE-T auto negotiation, auto polarity ports 4 shared 10/100/1000BASE-T or 100/1000BASEX SFP uplink ports Slot for XGM2 dual 10 gigabit option module External PSU support (EPS-500) Summit X350-24t 48-port 10/100/1000BASE-T auto negotiation, auto polarity ports 4 shared 10/100/1000BASE-T or 100/1000BASEX SFP uplink ports Slot for XGM2 dual 10 gigabit option module External PSU support (EPS-500) Summit X350-48t
Summit X350 Hardware High performance CPU and subsystem • MIPS 64-bit processor 400MHz • 256MB ECC DRAM and 256MB Compact Flash 4-port 10/100/1000BASE-T, SFP combo ports 20-port or 44-port 10/100/1000BASE-T ports External PSU connector Out of band mgmt port Internal AC PSU XGM2 Slot for dual 10GbE Picture shown here is Summit X350-48t
Supported Accessories • Optical Transceivers • Gigabit SFP ports on Summit® X350 support 1000M SFPs • XGM2 dual 10 gigabit option module • XGM2-2xf (XFP) • XGM2-2xn (Xenpak) • 1000M (1G) Ethernet SFPs • 1000BASE-SX • 1000BASE-LX • 1000BASE-ZX • 1000BASE-LX100 • 1000BASE-BX-U/D • 10 Gigabit Ethernet Pluggable Optics • SR XENPAK • LR XENPAK • ER XENPAK • ZR XENPAK • LX4 XENPAK • SX XFP • LR XFP • ER XFP
External Power Supply • Summit® X350 supports External Power Supply for high availability, providing full redundancy even under power anomaly • EPS-500 • Provides full redundancy • Stand-alone • One EPS-500 supports one Summit X350
Summit® X350 Application and Features
Overview • The value edge switch, Summit® X350 • Single OS across the network • Ease of Management via ExtremeXOS™ intelligence • High availability for mission critical applications • Highly Secure Infrastructure at the edge • Advanced ASIC capability for Layer-2 switching and high-speed control plane
Single OS Across the Network • ExtremeXOS™ modular operating system • Familiar consistent user experience • Same feature behavior across multiple products • Shared binary image across all fixed configuration switches • Total Cost of Ownership • No new training or operational change • Synchronized software release • Easier upgrade planning • Overcome the cost challenge • Summit™ X350 allows offering single-OS network at an affordable initial cost and significantly save operational burden Data Center Core ExtremeXOS End-to-End Aggregation Edge The Enterprise Network
Ease of Management • ExtremeXOS™ provides tools for ease of management • Complete sets of basic management capabilities • Console, Out-of-Band, In-band network management • Telnet, SSH, SNMP v1, v2c, v3, Syslog • Advanced management feature sets • EPICenter® integration • Web-based device management via XML and Adobe/Macromedia Flash technology • ExtremeXOS CLI scripting • Helps rapid deployment of edge network switches • CLI scripting template can be used as a base-line configuration • One command execution either through CLI or EPICenter
ExtremeXOS ScriptingExtensibility for the User Combine multiple commands to automate complex tasks Set var yneaps yes Set var eapsprimary 23 Set var eapsctrltag 4000 Set var eapssecondary 24 ################################## # Start of EAPS Configuration block ################################## if (!$match($yneaps,yes)) then create log entry Config_EAPs config eaps config-warnings off create eaps $eapsdomain config eaps $eapsdomain mode transit config eaps $eapsdomain primary port $eapsprimary config eaps $eapsdomain secondary port $eapssecondary create vlan $eapsctrl config $eapsctrl tag $eapsctrltag config $eapsctrl qosprofile qp8 config $eapsctrl add port $eapsprimary tagged config $eapsctrl add port $eapssecondary tagged config eaps $eapsdomain add control vlan $eapsctrl enable eaps enable eaps $eapsdomain else create log entry EAPs_Not_Configured endif • Write once – use many times across switches and ports • Reduces risk of configuration errors and typos • IF <condition> THEN <statements> ELSE <statements> ENDIF • Loop while condition is TRUE • WHILE <condition> DO <statements> ENDWHILE • System and user defined variables • Operators • Error handling: control abort / ignore • Specifically time saving for rapid deployment at the edge • Examples available from Extreme • Switch Initialization, EAPS, … • Professional Services available
Summit™ X350 Security • Comprehensive security feature-sets for highly secure network • Network Access Control • 802.1x, Web and MAC based authentication • Protocol Anomaly Detection • Denial of Service Protection • Powerful Access Control List capability • With L2-L4 classification • MAC Security • IP Security • Flexible mirroring • One to Many, Flow Based, VLAN Based, ACL Based, Port Based
Summit® X350 Security • Network Access Control • User authentication through 802.1x, HTTP/HTTPS and MAC • Network Login (WEB/MAC) via RADIUS and Local DB • Customizable WEB login • Multiple supplicant (devices) per physical port with Dynamic VLAN assignment • Each supplicant to be authenticated individually • Even users sharing the same physical port can have different VLAN • Microsoft NAP compatible
Protocol Anomaly DetectionSummit® X350 has “Built-in” Hardware-Based Protocol Checker • Allow users to drop the packets based upon the following matching: • SIP = DIP for IPv4/IPv6 packets. • TCP_SYN Flag = 0 for Ipv4/Ipv6 packets • TCP Packets with control flags = 0 and sequence number = 0 for Ipv4/Ipv6 packets • TCP Packets with FIN, URG & PSH bits set & seq. number = 0 for Ipv4/Ipv6 packets • TCP Packets with SYN & FIN bits are set for Ipv4/Ipv6 packets • TCP Source Port number = TCP Destination Port number for Ipv4/Ipv6 packets • First TCP fragment does not have the full TCP header (less than 20bytes) for Ipv4/Ipv6 packets • TCP header has fragment offset value as 1 for Ipv4/Ipv6 packets • UDP Source Port number = UDP Destination Port number for Ipv4/Ipv6 packets • ICMP ping packets payload is larger than programmed value of ICMP max size for Ipv4/Ipv6 packets • Fragmented ICMP packets for Ipv4/Ipv6 packets Denial of Service Attacks Ping of Death Tear Drop attacks ....................
Powerful Access Control List • Summit® X350 can lookup fields in L2-L4 header with remapping and re-writing capability • Source/Destination MAC, 802.1p, VLAN-id, Double-tagged VLAN-id, Ethertype • Source/Destination IP address for IPv4 and IPv6, protocol • TCP/UDP port, port-range, syn/syn-ack, • Etc, etc, etc • ACL can be used to filter (drop), meter (measure and police), map (QoS priority), re-map CoS value (dot1p, diffserv), flow-redirect (ignore FDB) • Typical Layer 2 isn’t capable of classifying the packets with multiple field • Doesn’t even have ACL for filter, MAC filtering only, dot1p for CoS setting only, etc. Summit X350 L1 L2 L3 L4 DATA Typical L2 Switch
IP Security • Source IP Lockdown • Prevent many different types of attacks that use random source addresses for their traffic • Place “source IP address” filters on all ports automatically, i.e. allow only traffic sourced from a valid DHCP-assigned address or authenticated user’s IP static address to enter the network. • Trusted DHCP server • Allow to configure a set of ports to be valid for DHCP Server responses • DHCP Option 82 (Planned for future release) • The following IP security requires Layer-3 routing, no support on Summit® X350 • Disable ARP learning, Gratuitous ARP Protection, DHCP secured ARP
High Availability • The Operating System • Modularity provides higher availability than non-modular OS • Each modularized processes runs in a protected memory • Each processes can be stopped or restarted manually and automatically • Denial of Service attach protection with dynamic ACL • The Network • Summit® X350 provides feature sets to provide high availability at network level • Ethernet Automatic Protection Switching (EAPS) • Standard based 802.1d/w/s and Extreme Proprietary EMISTP • EARP-Aware for rapid failover of uplink ports connecting to ESRP master/slave • The Hardware • Partitioned storage for software and configuration and dual or more copies can be stored on 256MB flash • Redundant PSU for power anomaly both for internal PSU failure and power source failure
Advanced L2 ASIC and CPU System Built In • ASIC Performance and Intelligence • Packet forwarding at wire rate with very low latency, 6 micro seconds at 100% traffic • Complete L2 through L4 packet classification/access control list including IPv4/IPv6 header matching • 8 queues per port with strict priority, weighted fair queuing with per queue level bandwidth provisioning • Hardware based source MAC learning to prevent MAC thrashing being impacting CPU control plane • L2 policy based switching/flow redirection to route the L2 forwarding path to fine granular path control • sFlow packet sampling in hardware • High Power CPU • 64-bit MIPS compatible processor running at 400Mhz • 256MB DDR-DRAM for the complex running configuration and table management • 256MB Storage space to store dual image and multiple configuration, script files, etc
Summit X350-24t block diagram (24-port) DDR-SDRAM256MB Compact Flash256MB Boot Flash4MB RS-232C Console Port Out-of-Band Management Port XGM2 Slot 40Gbps Stacking Interfaces MMI CPU64-bit 400MHz PCI Switching ASIC SGMII SGMII SGMII 4-port PHY 4-port PHY 4-port PHY 24-port 10/100/1000BASE-T (includes 4x1G combo ports) SFP
Summit X350-48t block diagram (48-port) DDR-SDRAM256MB Compact Flash256MB Boot Flash4MB RS-232C Console Port Out-of-Band Management Port XGM2 Slot 40Gbps Stacking Interfaces MMI CPU64-bit 400MHz PCI Switching ASIC Switching ASIC 12Gbps x 2 SGMII SGMII SGMII SGMII SGMII SGMII 4-port PHY 4-port PHY 4-port PHY 4-port PHY 4-port PHY 4-port PHY SFP 48 (2x24) -port 10/100/1000BASE-T (includes 4x1G combo ports)
Quality of Service, Bandwidth Control • Ingress Metering/Rate-limiting = number of ACLs • Action can be drop precedence, drop packets • 8 egress queues (2 default) with port limiter (2-tier hierarchical) • Both at 64kbps granularity Egress queues Egress port limiter Summit X350 Scheduler Ingress Port Egress Port Priority andMin/Max Bandwidth Configuration Strict PriorityorWRR Ingress Meter and Rate Limiting ACL
ACL Slice Architecture 8 slices total Each slice has 128 rules max (1,024 ACLs total) Each slice to have packet filed to be lookup • Refer to the ExtremeXOS™ concept guide for ACL implementation details
Layer 2 Policy Based Flow Redirection • This feature allows matching packets to override the normal forwarding decision and be Layer 2 switched to the specified physical port. entry one { if { protocol tcp; source-port 81; destination-port 200 ; } then { count num_pkts_redirected; redirect-port 25; } } #25 #26 If traffic matches the ACL, the packet will be forwarded to port #25 regardless of switch’s FDB