1 / 35

OmniSwitch 9000

OmniSwitch 9000. EMEA SEs Training Presentation (OS9000). Outline. AOS 6.1.3R01 status The new Hardware The new Software Roadmap. AOS 6.1.3R01 Status. DR4 targeted by the end of October (10/26/2006) Pre-DR4 shipment started in mid-Sept 40+ OS9800 (Chassis & CMMs)

zuwena
Download Presentation

OmniSwitch 9000

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. OmniSwitch 9000 EMEA SEs Training Presentation (OS9000)

  2. Outline • AOS 6.1.3R01 status • The new Hardware • The new Software • Roadmap

  3. AOS 6.1.3R01 Status • DR4 targeted by the end of October (10/26/2006) • Pre-DR4 shipment started in mid-Sept • 40+ OS9800 (Chassis & CMMs) • 100+ OS9-GNI-P24 • 15+ OS9-XNI-U6 • 30+ OS6850-U24X • 400+ Dual speed SFP • SW is locked since 10/04/2006 • Limited check-in prior to SW freeze & final SQA validation DR4 planned on October 26th

  4. Outline • AOS 6.1.3R01 status • The new Hardware • The new Software • Roadmap

  5. OS9800-CHASSIS 16-slot for NIs 2-slot for CMMs 4-bay for PSUs (AC/DC) OS9800-CMM CPM: same as OS9700 CFM: still a single chip design2 x the capacity of OS9700 Red. CMM RAM Flash Eth. Switch CPU NI slot #1 USB Processor board SwitchFabric (16 x 12G) Logically independent, but physically one board NI slot #16 Fabric board AOS 6.1.3R01The new Hardware - OS9800

  6. OS9-XNI-U6 6-port 10GigE (XFP) Wire-rate on each local ASICs Port # 1-3 => channel-A (12Gbps) Port # 4-6 => Channel-B (12Gbps) OS9-GNI-P24 24-port 10/100/1000 (RJ45) w/ PoE Wire-rate on local ASICs Require dedicated Power Shelf(identical to OS9-GNI-C24 otherwise) AOS 6.1.3R01The new Hardware - OS9 interfaces Ch. A Ch. B

  7. OS9-IP-SHELF Applicable to all OS9000 Bundle to provide Large shelf 4 cables (shelf <> chassis) 1 OS9-IPS-0600 (600W AC) Up to 2,400W OS9-IP-SHELF + 3 x OS9-IPS-0600A OS9-IPS-230 / OS9-IPS-390 Applicable to OS9600 only Exclusive w/ OS9-IP-SHELF Bundle to provide Compact shelf (rack mount bracket) 1 cable (shelf <> chassis) 1 AC PSU based on model Up to 230W / 390W 230W option 380W option AOS 6.1.3R01The new Hardware - OS9 PoE shelves

  8. OS6850-U24X 22-port 100/1000 (SFP) 2-port combo 10/100/1000 (RJ45) 100/1000 (SFP) OS6850-Lite 20/44-port 10/100 (RJ45)SW upgradeable to 10/100/1000 4-port combo 10/100/1000 (RJ45) 1000 (SFP) Supported models OS6850-24L / OS6850-48L OS6850-P24L / OS6850-P48L AOS 6.1.3R01The new Hardware - OS6850 Fully stackable with existing OS6850 units

  9. AOS 6.1.3R01The new Hardware - Optics

  10. SFP-DUAL-MM (short reach) Using 1310nm wavelength Compatible with 100-FX over MMF Typical reach < 2km Compatible with 1000-LX over MMF Typical reach < 550m Compatible with SFP-DUAL-MM <2km at 100Mbps - <550m at 1Gbps Not compatible with 1000-SX 1000-SX is using 850 nm … SFP-DUAL-SM10 (long reach) Using 1310nm wavelength Compatible with 100-FX over SMF Typical reach < 10km Compatible with 1000-LX over SMF Typical reach < 10km Compatible with SFP-DUAL-SM10 <10km at 100Mbps / 1Gbps AOS 6.1.3R01The new Hardware - Dual Speed Optics OS9000: OS6850-U24X:  OS6850-combo:  OS6800:  100Mbps at $995 an optic: expensive ! 1Gbps 100Mbps1Gbps Warning

  11. Outline • AOS 6.1.3R01 status • The new Hardware • The new Software • Roadmap

  12. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • VLAN Stacking • Per-port • Provider VLAN is assigned only based on the source slot/port • Per-port per-VLAN (max of 768 entries per ASICs - no wildcard) • Provider VLAN is assigned based on the source slot/port & customer VLAN • Configuration • Provider VLAN are created under the “vlan svlan” cmd • A provider VLAN-Id cannot be used for a customer VLAN-Id • Per port options • Configurable TPID (per port parameter - default 0x88A8) • Configurable BPDU behavior (flooded or dropped) • Configurable type of customer traffic (tagged-only, untagged-only or all) NB: switching a port to VLAN-Stacking will prevent that port from doing advanced processing (such as routing)

  13. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • VLAN Translation (max of 768 entries per ASICs - no wildcard) • Re-using the VLAN Stacking configuration to translate instead of stack • Operation on a per-port basis is stack XOR translate >vlan svlan port 1/1 double-tag cvlan 10 svlan 20 >vlan svlan port 1/1 translate cvlan 10 svlan 20 payload Vlan 10 payload Vlan 10 Vlan 20 payload Vlan 10 payload Vlan 20

  14. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • Large L2 Table • In the default mode, Source Learning is centralized • Total system MAC is therefore 16K (with all ASICs synchronized) • A new mode is introduced: Distributed • MAC are learnt normally on all ASICs • Based on traffic patterns, each ASICs is going to retain only the needed MACs • MAC entries are refreshed where needed (SA/DA) and flushed otherwise • Flush on inactive module is not immediate (aging period) • Consequences • More flooding as a known MAC in the system may be unknown for a given NIEquivalent to OS7000 but still featuring HW based Source Learning • MACs behind Aggregate or Static entries are still distributed • OS9600 => 64K MACs ; OS9700 => 128K MACs ; OS9600 => 256K MACs Goal is mostly for RFP qualification (64K L2 table)Recommended designs should fit the HW table

  15. A B B A C A C A AOS 6.1.3R01 OS9000: OS6850:  OS6800:  A => B : Destination is unknown , packet is flooded, Source A is learnt everywhere • Large L2 Table (example) B => A : Destination is known , packet is switched, Source B is learnt on module 2 & 1 1 A C B  A : Despite the communication between A & B, A is aged on module 3 & 4 (after normal aging) A B 2 B C C => A : Despite A is known to the system, it is not known on this module, packet is flooded, Source C is learnt everywhere B A 3 C C A A => C : Destination is known, packet is switched, A is learnt on module 3 4 C B  A, CA : Despite the established communications, C is aged on module 2 & 4 (after normal aging) A

  16. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • L2 Static Multicast • Equivalent to HA-VLAN from legacy BoP • A L2 Multicast MAC (non-IP) is statically configured • MAC must be like 01:xx:xx:xx:xx:xx but not 01:00:5E:xx:xx:xx • Flooding is restricted to the configured port(Default would be all ports from the VLAN) • Forwarding is wire-rate • No HA restriction with Q-tagged link, aggregate nor Spanning Tree • No more than 1K MAC can be configured

  17. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • IEEE 802.1D (2004) - IEEE 802.1Q (2005) • Spanning Tree Protocol are defined in two IEEE standards: • IEEE 802.1D for single spanning tree (no VLAN awareness) • Initiated in 1998 • Amended in 2001 with 802.1w for Rapid Re-configuration (now the default) • Updated in 2004 • IEEE 802.1Q for multiple spanning tree (no VLAN awareness) • No real STP support in the beginning (only proprietary such as 1x1) • Amended in 2002 with 802.1s for Multiple Spanning Tree • Updated in 2005 => State machines & algorithms have been updated to meet both std

  18. AOS 6.1.3R01 OS9000:  OS6850:  OS6800:  • Access Guardian • Capability to mix • Active Authentication (802.1x - per client port access) • Passive Authentication (MAC based) • Guest VLAN (and/or others mobility rules) • Dimensioning • Today, all authenticated users to leverage 1K table, synchronized • Synchronization to be abandoned in the future release (1K per module - 4K per system)

  19. AOS 6.1.3R01 OS9000:  (new)OS6850:  OS6800:  • Port Mapping • Extending the AOS 5.xx implementation • Defining 2 set of ports & controlling the communication within each set • Up to 8 Port Mapping sessions (in general, ports can only belong to a single session - except uni. network pts) • Uni-directionnal • User-port - no direct user-to-user traffic, only user-to-network • Network-port - network-to-user & network-to-network • Bi-directional • User-port - no direct user-to-user traffic, only user-to-network • Network-port - no direct network-to-network traffic, only network-to-user

  20. AOS 6.1.3R01 OS9000:  (new)OS6850:  OS6800:  • Option 82 - Subscriber Information • Option 82 is only supported through DHCP Relay (L2 / L3) • DHCP Servers must be defined under “ip helper address” commands • Option 82 will provide • Circuit Id - VLAN & slot/port information of the DHCP request • Remote Id - MAC Address of the Router interface receiving the DHCP request • Two mode of operation (exclusive) • Relay w/ DHCP option 82 • The most flexible, with configurable behavior (add / drop / keep / replace) • Relay w/ DHCP Snooping & option 82 • Can only add the option 82 (must not be already present)

  21. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • Generic UDP Relay • Extending relay capability from BOOTP (UDP 67/68) to any UDP • Support for service name and custom ports: • DNS (53), TACACS+ (65), TFTP (69), NTP (123), NBNS (137), NBDD (138) • Custom port (1-65535)

  22. AOS 6.1.3R01 OS9000:  (new)OS6850:  OS6800:  • DHCP Snooping • DHCP Snooping is only supported through DHCP Relay (L2 / L3) • DHCP Servers must be defined under “ip helper address” commands • Highlights • MAC Address verification (packet vs payload) • Option 82 insertion • DHCP port status • Trusted DHCP traffic is fully allowed (request/reply) • Client only DHCP traffic is partially allowed (request only) • Block no DHCP traffic allowed • IP Source filtering (binding table) • Port - MAC - IP • Traffic suppression (filtering the HW based flooded DHCP request)

  23. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • BGP Graceful Restart • Enabled by default • Benefit under the following circumstances • HW redundancy (smart continuous switching) • Dual CMMs for OS9000 • Multiple units in a stack for OS6800 / OS6850 • All BGP peers to support ‘BGP Graceful Restart)

  24. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • PIM Dense Mode for IPv4 • Provide IP Multicast Routing, assuming dense environment • Very close to the DVMRP behavior • Fully integrated with the existing PIM Sparse Mode for IPv4 • Re-using “pim” configuration • Part of the Advanced Routing package • Optional for OS6800 / OS6850 • Included for OS9000

  25. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • IPv6 Route Redistribution • Allow Route redistribution into IPv6 Routing Protocol (RIPng / OSPFv3) • Supported sources are • Local IPv6 interfaces • Static IPv6 routes • RIPng routes (not applicable for redistribution toward RIPng) • OSPFv3 routes (not applicable for redistribution toward OSPFv3) • Using route-map to control the redistribution (applies to IPv4 / IPv6) • Offering flexible control over route redistribution • Filtering, aggregation based on matching route / interface / next-hop …

  26. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • VRRP v3 • To provide gateway redundancy for IPv6 hosts with • Preempt (CMM Takeover typically induces a VRRP takeover) • Tracking (local interface, local slot/port, remote address) • Similar to VRRPv2 (IPv4) in behavior • Key differences • VRRPv3 to apply for IPv6 only • Advertisement interval from second to centi-second • No VRRP Authentication supported (per RFC) • Note that a VRRPv3 will accept VRRP msg from an ‘authenticated’ group but will not be accepted in return => unexpected behavior will result

  27. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • OSPF v3 (for IPv6) • Equivalent to OSPFv2 for IPv4 • Same configuration steps (under “ipv6 ospf” commands) • Part of the Advanced Routing package • Optional for OS6800 / OS6850 • Included for OS9000

  28. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • ACL & QoS on IPv6 • Classification on IPv6 requires a 2 x 128 bits match • For complete lookup (SA/DA) two slices are required (one for SA, one for DA) & associated • Old modules (U24/C24/U2) are based on rev A1 ASICs • Current ASICs (A1) cannot allow qos condition on IPv6-SA & IPv6-DA • While “IPv6-SA only” is supported by the HW, it is not on the SW • While “IPv6-DA only” is supported by the HW, it is not on the SW • In the future, these modules will leverage B2 revision • New modules (P24/U6) are based on rev B2 ASICs • Full support for qos condition on IPv6-SA and/or IPv6-DA

  29. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • Large L3 Table • Each ASICs is now autonomous in regards to using its L3 information • A master table is built on the local SW on the module • The HW is then used as a cache • 8K entries for local hosts (ARP) • 12K entries for subnet (local subnet & remote routes) • If an entry is cached then forwarding is HW based (wire-rate)otherwise the forwarding is SW based • Any SW processed entry is candidate for the HW • Any HW entry not hit is candidate for removal is contention exist Goal is mostly for RFP qualification (120K routing table)Recommended designs should fit the HW table

  30. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • Server Load Balancing • Capability to classify on IP-DA (aka Virtual IP) or any qos condition • Capable of load balancing http traffic coming from a given uplink/subnet(condition based on source port, source network and destination service) • Capability to specify is SLB is to be enforced at L2 or L3ealth • Health Monitoring of servers using probes (ping, http, pop, imap, tcp, …) • Dimensioning • Up to 16 clusters, up to 16 servers per cluster • Load balancing is based on CRC32 of L3/L4 information • SLB is consuming resources from the ECMP capability • w/o SLB - AOS to support up to 512 ECMP (4 GW per destinations) • w/ SLB - AOS to support up 448 ECMP (4 GW per destinations)

  31. AOS 6.1.3R01 OS9000: OS6850:  OS6800:  • TACACS+ • AAA has been enhanced with TACACS+ support (not for users auth.) • Need to designated the AAA server • Using “aaa tacacs+-server” cmds • TACACS+ implementation • Authentication & authorization support • Authentication alone is supported • Authorization alone is not supported (always requires Authentication) • Command authorization re-use Partition Management syntax • Accounting of commands only apply after boot-up for CLI only • Configuration file is not taken into account

  32. AOS 6.1.3R01Security

  33. AOS 6.1.3R01Miscellaneous (1)

  34. AOS 6.1.3R01Miscellaneous (2)

  35. www.alcatel.com

More Related