jeff green april 2011 may v1
TRANSCRIPT
Extreme Pressure delivers cutting edge
results.Cloud, mobility, security and simplicity…
Jeff Green
248-521-7593
Too Big to Innovate (Brand 1st )
Customer-centric Innovation or too Big to Innovate
BrandSolutionUltra-loyalPlatform v Brand
BrandValueNot- loyal
BrandSolutionloyal
In the beginning (1996)
I/O I/OPort Port
Vertically IntegratedCONVERGENCE
To Horizontally Layered
MetroNETWORK
MODERN ENTERPRISE
MetroNETWORK
ENTERPRISENETWORK
Vid
eo
Voi
ce
T1
Ser
vice
PS
TN
Inte
rnet
PA
BX
DA
TAVirtualized Applications
VoIP & Video Service
Switching & Routing
Enhanced Services
Differentiated Access
Optics, Copper & Wireless
Ethernet with “ATM like” QoS delivers toll-quality voice even under adverse congestion conditions
• low latency (.1ms), • low jitter (.01ms)• zero packet loss
Performance w features turned on
L3 built-in.
L2 “SONET Like” convergence
How much does a dropped call cost?
Leadership & Innovation
Enterprise Service Provider
Awards
Switching Genome
Data Center
Ask the hard question?
With all the crazy discounts?
Asymmetric warfare
Would you take it for free?
Not symmetric warfare
Next Generation Ethernet (15 years experience)
Data Center
Consumer Electronic
Metro
Enterprise
Simplicity is the killer app.
Event Driven Edge
Response: Trigger profiles handsets.
Result: Dynamic device configuration
Event Driven Edge
Response: Trigger profiles handsets.
Result: Dynamic device configuration
Ethernet like a PBX made simple
Create enterpriseedge policiesIncluding:QoS,VLAN,IP, 802.1XLLDPDynamically
Create enterpriseedge policiesIncluding:QoS,VLAN,IP, 802.1XLLDPDynamically
Deploy Automated Power Savings modules and policies to switches
Deploy Automated Power Savings modules and policies to switches
1
2
Converged Requirement Innovation for XYZ Customer's
Phone = Switch
NACIntegrated Wireless
Ethernet as SONET, ATM made simple
Ethernet EverywhereWith QoS,L2 Networks,MPLS, EAPSMAC in MACQ in Q
Ethernet EverywhereWith QoS,L2 Networks,MPLS, EAPSMAC in MACQ in Q
10G & 1GEthernet Demarcation.10G & 1GEthernet Demarcation.
1
2
Converged Requirement Innovation for XYZ Customer's
Modular Operating System Hitless SW UpgradeProcess MonitoringGraceful restartCPU DoS Protection
Software Resiliency
Service Isolation
(EAPS <50ms)
EAPS - Sub 50ms Restoration
Resiliency
(Milliseconds)
Data Center Convergence made simple
EPICenter® XNV™Feature Pack
Direct Attach™ each network-tier adds another two hops.
40G Ethernet
VEPA Support
VM
2
VM
1
VM
3
VM
4
Multi-core CPU
Converged Requirement Innovation for XYZ Customer's
Requirements Ultralow Latency Non-Blocking Rapid Convergence
New requirements Lossless Fabric, Lossless Ethernet, Virtualization,
Requirements Ultralow Latency Non-Blocking Rapid Convergence
New requirements Lossless Fabric, Lossless Ethernet, Virtualization, 1
2 Server = Switch
Departmental Divide
(Next Gen Ethernet (Microseconds') )
You shouldn’t call it just a switch anymore!
Switching in the beginning....
…Eliminated Collisions
• Isolates traffic into collision domains (Speed)
• Extending segment and repeater rules (Reach)
…Replaced hubs • Basic connectivity (Utility)• Deliver basic diagnostics
(Structure)
(It is a FastPath Platform)
For Internal Use Only. Extreme Networks Confidential and Proprietary. Not to be distributed outside of Extreme Networks, Inc
Thinking inside the box
Before (Line-rate w features turned on) Now (Lossless data transmission)
Router
Slow Path
merchant silicon Jawbreaker
Fast Path
Switch
For Internal Use Only. Extreme Networks Confidential and Proprietary. Not to be distributed outside of Extreme Networks, Inc
Support for Network and Storage Convergence
Priority Based Flow Control(PFC)
Enhanced Transmission Selection(ETS)
DCB Capabilities Exchange (DCBX)
Data Center Bridging (DCB) Protocols
Block Based Storage
iSCSI FCoE
File Based Storage
NFS CIFS
Dynamic Scripting
CLEAR-Flow
ExtremeXOS® Infrastructure Layer
For Internal Use Only. Extreme Networks Confidential and Proprietary. Not to be distributed outside of Extreme Networks, Inc
What is Data Center Bridging?
Data
Storage
Data
Storage Network
EthernetNetwork
Server
ServerServer
Fibre ChannelEthernet Switch
Converged Network
Server
ServerServer
DCB Switch
Storage
(iSCSI or FCoE)
… …
CNAs
Not just about building a better mouse trap
We build better networks…
Elastic Ethernet & Product Fit
Flexible cross platform stacking
10/40/100G Data Center
X250 & X450
Value (Utility)• PoE 15w (802.3af)• 40G Stacking• Distributed Forwarding• Virtual Chassis• XoS (UPM)• Active Directory
10G/40G Aggregation
Keep it simple!
Event Driven Edge
Flexible cross platform stacking
10/40/100G Data Center
10G/40G Aggregation
X460
P90X
Max Feature Function • 48+4 Gigabit• PoE 30w (802.3at)• 80G Stacking• Fiber Stacking (4KM) • Active fiber (100M)• 16 Switch Stack• Hot Swappable PSU• Virtual Routing• Integrated Wireless
Keep it simple!
Event Driven Edge
Flexible cross platform stacking
10/40/100G Data Center
10G/40G Aggregation
X480
Metro (Fat 512K Routes)• Fiber/ NEB-1• 40G Stacking• 128G Stacking• 40G Ethernet• 512K Fast Path for BGP
integration• Storage over Ethernet BCB,
CEE or DCE• VEPA• MPLS, PBB, ect.
Keep it simple!
Event Driven Edge
Flexible cross platform stacking
10/40/100G Data Center
10G/40G Aggregation
X670/670V
Massive Bandwidth • 48 or 64each 10 Gigabit • 80G/160G Stacking• 40/100G Ethernet• Core Bandwidth• Non-blocking Stack• Compatible with all
Stackable Summit X250/450/480/650
• Cut-through (Low Latency)• MLAG (L2 Dual Cores)
Keep it simple!
Event Driven Edge
Flexible cross platform stacking
10/40/100G Data Center
10G/40G Aggregation
Keep it simple!
Event Driven Edge
Next Generation Gigabit Edge/Aggregation solution
X460
X480
X250 & X450
X670
40 Gbps to 512Gbps stacking interfaces with
distributed L2/L3 switching and routing
Summit X460 Tomorrow’s Switch, Today
Fan Tray
10 GbE Module Stacking Modules
Redundant AC/DC Power Supplies
Passive Copper
Active Fiber
Optics + MTP Cable
Cross Platform Summit Stacking
Simplifies
Summit X670* Series Design
Summit® X670V-48x
• 48-port dual speed 1 GbE/10 GbE switch
• Single expansion slot for
VIM4-40G-4X provides:
– 4-port 40 GbE
– 16-port 10 GbE with splitters
– 64-port 10 GbE maximum with splitters
– SummitStack™-V160 using two 40 GbE ports
• SummitStack-V using two 10 GbE ports
Summit X670-48x• 48-port dual speed 1 GbE/10 GbE switch
• SummitStack-V using two 10 GbE ports* Future availability.
NEW
Wiring Closet
We believe in the elasticity of Ethernet “one-size-fits-all”
NEW
Aggregation/Core Data CenterMax Value
PoE ConnectivityPort FitUtility
Low LatencyPort Density
Mix and match blades edge to DC
Cards can be reused across systems
Access Edge1
PoE Attached Devices23
Summit®X450eSummit®X250e
Data Center
4
w/ S-POE
8500-G48T-e
8500-G48T-e
8500-MSM248500-MSM248800-G48X-c
8800-MSM48-c8800-MSM48-c
8900-10G24X-c
8900-MSM1288900-MSM128
Flexible Port fit in a Chassis
Need to connectservers Add 8900-series modules
4Need to aggregatewiring closetsAdd 8800 c-series
3Need to connect PoE devicesAdd PoE daughter card
2
Company Growth
Need to connect a small networkWith 8500-series modules
1
A Complete Flexible PlatformD
ATA C
ENTER
WIR
ING
CLO
SETC
OR
E
Sum
mitS
tack
BlackDiamond 8800
Data Center Bridging M-LAG Direct Attach™ / VEPA
BlackDiamond X8Summit X670*
Summit X480
Summit X460
Summit X250/ X450
100MB to 10Gigabit
BlackDiamond X8* System Architecture
* Future availability.
True Future-Proof Chassis Architecture: No Mid-Data Plane Design
For Internal Use Only. Extreme Networks Confidential and Proprietary. Not to be distributed outside of Extreme Networks, Inc
Intelligent and Efficient Cooling System
<3 µsec Latency
BlackDiamond® X8* – Data Center in a Box • Single Tier Physical and Logical Network
• Supports Up to 768 10 GbE Servers in a Single
Switch
• Supports 128,000 Virtual Machines in a Single
Switch
• Heterogeneous Hypervisor Integration
• M-LAG Support for “Multi-path” Capability
• VEPA Support – Moving Switching Back to the
Network
• Data Center Bridging for data and storage
integration
• XNV (ExtremeXOS® Network Virtualization) for
VM Mobility Management
For Internal Use Only. Extreme Networks Confidential and Proprietary. Not to be distributed outside of Extreme Networks, Inc
Of Identity, Location, and Presence?
Of People, Devices, and Machines?
The first decade was about speeds, feeds and protocols
Now it’s about: Identity Virtualization Provisioning Automation
Is your Network Aware?
Event Awareness
Application Aware
Device Aware
Location Aware
Service Aware
User Aware
The Foundation: Extreme Networks
Applied Performance
if X + Y, then Z
Actionable Network Tasks based on Event
TriggersEvent Aware
“if ” user matches a defined attribute value …
…. “then” place user into a defined ROLE
XYZ Customer Global Event Driven Identity Manager
Tracking and provisioning of network users based on identity – Netlogin 802.1X Login ID
– Netlogin Web-based ID
– Netlogin MAC-radius
– Windows Active Directory Domain Login
(Passive Authentication through KERBEROS Snooping)• Transparent method of tracking users attached to the network
Tracking of network devices based on:• LLDP-based device identification (e.g. VoIP Phone)
• Computer Name
• RFID Tags
• Location, location, location
Page 30
Active Directory ServerRADIUS Server
LDAP Server
Passive Authentication
Internet
Intranet
Mail Servers
CRM Database
1
User logs into the domain
2
XoS “snoops”
3
Active Directory validates4
XoS grants network access
Username IP MAC Computer Name VLAN Location Switch Port #
Rene_Paap 10.1.1.101 00:00:00:00:01 Laptop_1011 1 24
Success
Page 31
Role-based Access Control (Wired)
Active Directory ServerRADIUS Server
LDAP Server
Who is Rene?
Match Department =
Employee
Internet
Intranet
Mail Servers
DataCenter
Who is Alice?
Role Internet Intranet Mail CRM/Database VLAN
Unauthenticated Yes No No No Default
Contractor Yes Yes No No Default
Employee Yes Yes Yes Yes Default
Role Derivation» Users are assigned to a “role”.» Network policies control access to network resource.
User: YouRole: EmployeeResource Access = Permit All
User: AliceRole: ContractorResource Access = Deny Mail and CRM
User: Jeff GreenRole: UnauthenticatedResource Access = Internet Only
Match Company =
IBM
LDAP Response
LDAP Response
No Authentication Detected =
Unauthenticated Role
Internet
Intranet
Mail Servers
Data Center
Page 32
Role-based Access Control (Wireless)
Active Directory ServerRADIUS Server
LDAP Server
Role Derivation» One Control Plane instead of two.» Ethernet simplification Wired or Wireless.» Future further wired and wireless integration.
User: ReneRole: EmployeeResource Access = Permit All
Summit WM3000
Query
LDAP Response
MatchGroup =
Employee
Internet
Intranet
Mail Servers
DataCenter
Role Internet Intranet Mail CRM/Database VLAN
Unauthenticated Yes No No No Default
Page 33
Two-factor authentication with no token and no supplicant
Page 34
Jeff ‘s unqualified opinion (plus cut and paste)
AgentWeb Services | Gateway
SSL
PHONE NETWORK
PhoneFactor Service
Phone Factor
Step2Remote
LoginWebsite
LoginFunds
Transfer
CustomApplications AD/LDAP Oracle/SQL
User Portal
Step1
Direct SDKJava | .NET | PHP
RADIUS
MgmtPortal
Step 1:User logs into any application using their standard username and password.
Step 2:
35
Black Lists/White Lists
• Ability to black list and white list users and/or devices such printers, etc…
Network Zones
• Ability to create security zones (defined by IP, MAC, Subnet, etc) and associate these ‘zones’ to a policy. For example:
Users in “guest role” deny access to “internal zone”
Network zone “finance” deny access to network zone “internet”
ACL Enhancements
• Ability to define more flexible combination of match qualifiers (i.e. MAC Source + Destination IP ACLs)
Roles per VLAN
• Ability to assign users/devices to VLAN based on role assignment
RADIUS Snooping
• Ability to snoop RADIUS username/identity for wireless deployments
LLDP Mapping
• Ability to handle devices as identities, for example, create a printer role, or phone role
Identity Management: Continued Innovation
*April 2011 Roadmap, subject to change without notice
CY 2011-12
XYZ Customer Service Isolation (up to 8 Virtual Routers)
• L3 virtual switches act as separate routers housed in a single physical enclosure.
• Segregation of internal physical resources including CPU cycles, packet memory, forwarding table space
• A single L3VS-capable switch replaces multiple physical switches
XYZ Customer Hardware, Software & Network Resiliency
Network Resiliency
EAPS – Sub 50ms Restoration
Hardware Resiliency
Passive BackplaneRedundant SwitchingRedundant ManagementRedundant PowerRedundant Fans
Software Resiliency
Modular Operating System Hitless Failover Process MonitoringGraceful restartCPU DoS Protection
Multi-Switch LAG (Simple L2 XYZ Customer redundancy)
Link Aggregation Multi-Chassis Link Aggregation
active-active paths and topology awareness.
No Ethernet LoopJust more bandwidth!
Core Network
Multi-Switch Link Aggregation
M-LAG Group 1
M-LAG Group 2
Inter-Switch Connection
(ISC)
Data Center
Efficient Bandwidth Usage• Allows combining ports on ‘two’ switches
to form a single logical connection to another network device
• Aggregate dual-homed servers or switches redundantly while utilizing full available bandwidth
• Active-active paths. No STP port blocking
• Peer Switches communicate with each other to learn LAG states, MAC FDB, and IP multicast FDB
39
CY 2010
TRILL (Transparent Interconnection of Lots of Links )
active-active paths and topology awareness.
The new TRILL Control Plane Loop Free for flooded traffic Plug & Play efficient MAC learning Pay as you grow Active-Active bandwidth used Fast Recovery and Convergence Any-to-Any connectivity to Spread
Risk (“like RAID”) and add flexibility Lower latency Flat Addressing No complicated L3 MPLS required No Spanning Tree
Several different states must be synced
TRILL uses IS-IS to carry routing information about MAC Addresses devices connected to VLANs and to build a shorted path tree for each MAC address in the VLAN.
TRILL encapsulates forwarded traffic with a new TRILL header and requires receipt from a TRILL interface.
TRILL extended the L2 bridging logic with Bridge nicknames to determine whether bridged traffic is local or not.
RBridgeRBridge
RBridge RBridge
For Internal Use Only. Extreme Networks Confidential and Proprietary. Not to be distributed outside of Extreme Networks, Inc
IPFIX Monitoring Virtual Security Resource
Zero Day Threat Mitigation (Avoiding Availability Risks)
Sentriant
1
1Attack
Launched
2Auto Detectand Mirror
3Analyze
& Request Action
4Take Action
CLEAR-FlowSecurity
Rules Engine2
4 3
XoS supports Wide keyed ACLs
ACL enables full classification, including
• Ethernet source MAC address, destination MAC address
• Ethernet packet type
• IP protocol (GRE, ICMP, PIM, OSPF, etc.)
• IP Source address, Destination address
• Type of Service (ToS) or DiffServ Codepoint
• IP options, fragment
• TCP / UDP source port, destination port (including ranges)
• TCP flags
• IGMP message type
• ICMP type, ICMP code
New fields supported without disruptive upgrades
• Full access to first 120 bytes of packet header
• Flexible inspection, modification, tagging, monitoring
Ethernet Dest (first 4 bytes)
Eth Dest Eth Src
Eth Src (last 4 bytes)
Type Code
IP ver LengthIh
Identification Fragment OffF
TTL Proto Checksum
IP Src Address
TCP Src Port TCP Dest Port
Sequence Number
Acknowledgement Number
IP Dest Address
Off Ec WindowRs Flag
Checksum Urgent
IP Options (Variable Length)
TCP Options (Variable Length)
Data (Variable Length)
ToS
MID
Low
High
-
Voice
Video
Data
Best Effort
-
Voice
Voice
Data
Video
Traffic Classification Policing Remarking
Discard or best
effort
Page 42
Observe => choose an egress queue based on an ingress valueManipulate => overwrite using specified code pointPreserve => preserved and observed throughout the infrastructure.
OpenFlow
Page 43Jeff ‘s unqualified opinion (plus cut and paste)
<5 µsec Latency
Network in a (pair of) Boxes
Up to 76810 GbE Connection
Sales Engineering Finance Conference Rooms
InternetFirewall
IPS
The Extreme Way!
Built into the infrastructure
Extinguish the Firewall!
Firewall
IPS
Firewall Firewall Firewall
IPS IPS IPS
Sales Engineering Finance Conference Rooms
InternetFirewall
IPS
$$ $$ $$ $$
$$
The Competitors Approach
$$ $$ $$ $$
SalesEngineering
FinanceConference Rooms
Page 44
Device Aware
Location Aware
User Aware
XYZ Customer’s Application Awareness
Service Aware
Event Aware
The Foundation: Extreme Networks
Applied Performance
Moving up the stack to enable …
ApplicationMobility
Application Aware
ExtremeXOS®
End to End
Virtualized End-of-Row
Save Power, Cost and SpaceLower Latency while increasing bandwidth
Top of Rack solution with End-of-Row benefit4 You can physically mount ToR switch per Rack4 But you don’t have to manage ToR switch one-by-one4 Very high speed stacking with distributed forwarding
Data Center Trends
Servers• Becoming faster with multi-core CPU
• VM explosion, 8-16 today 64-128
• Adding multiple 10G interfaces
• Converged 10G adapters
• VEPA enabled
Power
• 2-4W per 1Gig 10-30W per 10Gig
• Higher power/cooling cost
• Green initiative, premium cap and trade
• Need for efficient power management
Convergence
• Storage, HPC move to Ethernet
Network has Zero visibility into VM Lifecycle
Server Manager
e.g.
NIC NIC
Hypervisor Hypervisor
Switch PortIP: 1.1.1.2MAC: 00:0AQoS: QP7ACL: Deny HTTP
Network Admin
Task to move VM: Administrator has NO visibility into VM location or when the
movement will occur
Switch Port Config None or Disabled
VM1IP: 1.1.1.2
MAC: 00:0A
Initiate
Resulting Configuration:
Port is incorrectly configured for a specific VM.
Direct Attach with XNV visibility into VM Lifecycle
Server Admin
NIC NIC
Hypervisor Hypervisor
Network Admin
VM1IP: 1.1.1.2
MAC: 00:0A
Query
Switch Port Cfg IP: 1.1.1.2MAC: 00:0AQoS: QP7ACL: Deny HTTP
Switch Port Config None-Disabled
Direct Attach VM awareness
VM info
Virtual Port ProfileIP: 1.1.1.2MAC: 00:0AQoS: QP7ACL: Deny HTTP
XNV-enabled
Initiate
Switch Port Config None or Disabled
Virtual Port ProfileIP: 1.1.1.2MAC: 00:0AQoS: QP7ACL: Deny HTTP
Ridgeline provisioning
Pull VM Inventory Locate VMs Show Port Mapping Define Virtual Port Profile Assign (VPP) to VMs Respond to VM motion
Eliminate the vSwitch (Reducing Network Tiers)
Data Center Core
VM1 VM2
vSwitch
Minimal traffic provisioning (if any) is done at the vSwitch.
Today’s Inter-VM Switching
Direct Attach: Eliminate the vSwitch
Page 51Jeff ‘s unqualified opinion (plus cut and paste)
Data Center Core
VM1 VM2
vSwitch
VM2VM1
Inter-VM traffic provisioning at the network-level.• Dynamic ACLs• QoS• Rate-limiting• Anomaly Detection• etc…
Direct Attach™ Enabled Switch
Virtually” Reducing Network Tiers
Eliminate the vSwitch
VM2
Direct Attach™ Enabled SwitchGuest OS: UbuntuActive applications:• gnome-system-monitor
for network and CPU utilization
• tcpdump to monitor attack traffic from VM1
VM1
Guest OS: UbuntuActive applications:• gnome-system-monitor
for network and CPU utilization
• hping to generate DoS attack targeted at VM2
VM2
Inter-VM traffic is transmitted and received on the same network physical port. VM2 CPU and network utilization severely impacted, due to DoS attack.
CLEAR-Flow enabled to dynamically provision/block DoS traffic. VM2 CPU and network utilization reverts to healthy.
Lossless Ethernet and FCoE
Page 53Jeff ‘s unqualified opinion (plus cut and paste)
PFC creates eight virtual links to allow different types of traffic to coexist on single physical link by selectively applying pause on per virtual link basis as defined in PFC vector• PFC and ACL based
bandwidth partitioning• Priority Flow Control and
ACL based bandwidth partitioning (ETS sort)
• Application availability • PFC provides flow control
for lossless traffic and ETS bandwidth partition
40 4545
Link Agg Group 5
Link Agg Group 6
Core Network
Q1
Tx Queue
Q2Q
3Q4Q
5Q6Q
7Q8
Rx Queue
Q1
Tx Queue
Q2
Q3
Q4
Q5
Q6
Q7
Q8
Rx Queue
IPC with 20% with P1 and P5SAN with 40% with P2, P4 and P6LAN with 40% with P3, P45and P8
20 404020
40 40
t1 t2 t1 t2
4515 15
Opinion
Direct Attach VEPA (feature pack pn/11011)
VM A
VM B
VM C
VM D
VEPA hairpin turn
Automation of virtual edge provisioning:
overcoming the ‘silo impasse’
Server Admin Network Admin
Query
VM info
Initiate
Get list of connections types
Get connection instance
Network Edge retrievesthe connection profile
Push VM & connection instance to VM Host
Edge Learnof new connection instance
VM Edge
Physical ServerRunning
Hypervisor
Edge Module (Blade or TOR)
Server Edge
Page 54
Convergence should do more with less!
Direct-Attach architecture reduces network tiers
Fewer switches
Lower cost design
High performance
Reduced cabling
Reduced power
How big is your VM toolbox?
• How Complex?
• How Expensive?
Ethernet in theFirst Mile
MPLS in the Last Mile
VMAN Service Multiplexing
VMAN Service Multiplexing
VMAN 900
VMAN 800 VLAN Mapping
VLAN 100
VLAN 200
VLAN 300VLAN 100
VLAN 200
VLAN 300
• Provides subscriber scalability and separation of subscriber/provider Ethernet control traffic
• Preservation of customer VLAN tags and IP routing information simplifies deployments
• Hybrid Ethernet/VPLS Metro• Now MPLS
Ethernet CoreCustomer EdgeCustomer Edge
Page 57
EAPS+PBB Redundant Access
58
• EAPS-aware SVLAN/CVLAN mapping to BVLANs
• On a shared-link failure, the EAPS Controller will give precedence to the BVLAN port, port 3:38 in this case, when selecting an Active-Open port
• If the BVLAN port which was Active-Open failed, EAPS selects the lowest port number as the next Active-Open
• If the BVLAN port recovers, EAPS will revert Active-Open to back to BVLAN port
Ridgeline Point-and-Click Service Deployment
Monetizing the Network
The creation and provisioning of a new, billable service
for a subscriber
Monitoring service qualityand troubleshooting problems
before they impact the subscriber
Traffic engineering to carry the maximum number of services over the network
Services Management • View configured services in a map or device group• Provision and modify an E-Line or E-LAN service• Enable/disable service• Delete service
eToggle
XYZ Customer Global Custom Services & Price
Page 60
Control
Convergence
Connectivity
CEE (PFC)Direct Attach
Data Centers
VM MobilityMulti-switch LAG
High-Speed StackingStacking over 10G
Tunable DWDMLAG: RR, PP, Redirect
ExtremeXOS 12.5
Markets Enterprise Campus Service Providers
Role Based Security
CLEAR-Flow for EdgeAuto-Provision Edge
EAPS Priority DomainsEAPS with PBB access
Summit® X460; Demo 40G; X450e Copper; BlackDiamond® 20K Hybrid Card
IPv6: BGP, VR for OSPFv3 & RIPng, /126 address, BGP HA; IPFIX; MPLS (stacked X480, 8900-XL)
Scale Mirroring, Multicast, ARP; Configurable Buffer, DHCP Relay per VLAN, SNMP per VR Profile Logging; Stats for VLAN, IP ARP, FDB; Disable Flooding per VLAN; DDMI phase-2
Wide ACL Key
Page 61
DDMI
62
• Provide Industry-Standard Diagnostics• Proactive Digital Diagnostics • Coupled with UPM can be automated
* (pacman) BlackDiamond-8806.12 # show ports 2:3 transceiver information detail
Port : 2:3
Media Type : XFP_ER Part Number : TRF7052BN-GA170 Serial Number : 1012A-80190
Temp (Celsius) : 36.30 Low Warn Threshold : -10.00 High Warn Threshold : 80.00 Low Alarm Threshold : -13.00 High Alarm Threshold : 83.00 Status : Normal
Tx Power (dBm) : 0.87 Low Warn Threshold : -1.00 High Warn Threshold : 2.00 Low Alarm Threshold : -2.00 High Alarm Threshold : 3.00 Status : Normal
Current computed value of temperature in
Celsius
Low threshold values for warning and alarms read
from XFP EEPROM
High threshold values for warning and alarms read
from XFP EEPROM
Show transceiver details
Synchronous Ethernet
63
• Packet Networks were initially designed to work in asynchronous mode
• The MEF 22 standard with G.8261, G.8262 and G.8264 specify distribution of timing over a packet network
Stratum 1 Traceable Reference
Clock
Data
Physical LayerDPLL
DPLL
DPLL
Physical Layer
Packet Network
Physical Layer
Tunable DWDM
64
• Tune to a given wavelength/channel
• Eliminates need to maintain inventory of XFPs for different wavelengths
* (pacman) BlackDiamond-8806.1 # sh ports 2:1 config no-refreshPort ConfigurationPort Virtual Port Link Auto Speed Duplex Flow Load Media router State State Neg Cfg Actual Cfg Actual Cntrl Master Pri Red================================================================================2:1 VR-Default E A OFF 10000 10000 FULL FULL NONE TWDM21 ================================================================================ > indicates Port Display Name truncated past 8 characters Link State: A-Active R-Ready NP- Port not present L-Loopback Port State: D-Disabled, E-Enabled Media: !-Unsupported Optic Module Media Red: * - use "show port info detail" for redundant media type
•(pacman) BlackDiamond-8806.2 # config ports 2:1 dwdm channel 35
* (pacman) BlackDiamond-8806.3 # sh ports 2:1 config no-refreshPort ConfigurationPort Virtual Port Link Auto Speed Duplex Flow Load Media router State State Neg Cfg Actual Cfg Actual Cntrl Master Pri Red================================================================================2:1 VR-Default E A OFF 10000 10000 FULL FULL NONE TWDM35 ================================================================================ > indicates Port Display Name truncated past 8 characters Link State: A-Active R-Ready NP- Port not present L-Loopback Port State: D-Disabled, E-Enabled Media: !-Unsupported Optic Module Media Red: * - use "show port info detail" for redundant media type
The new channel is “35”
Show the current configuration of T-DWDM
module
Configure it to new channel “35”
Show the current configuration of T-DWM
module
Current channel the module is tuned to “21”
Tunable Lasers Have Arrived!
IPFIX
65
• Client sends IPFIX events• Collector receives IPFIX • Analyze the collected data• Display the data
Client
IPFIXCollector
IPFIX events from client to collector
WAN
The Complete Framework
Application Aware`
Device Aware
Location Aware
Service Aware
User Aware
Event Aware
The Foundation: Extreme Networks
Applied Performance
Page 66
For Internal Use Only. Extreme Networks Confidential and Proprietary. Not to be distributed outside of Extreme Networks, Inc
Tomorrow’s Network. Today.
VLAN 1
VLAN 2
VLAN 3
Accounting Server (VLAN 3)
Main Server (All VLANs)
Shared Media Segment
PC 1Marketing
VLAN 2
PC 2Marketing
VLAN 2
PC 4Engineering
VLAN 3
PC 3IT Dept.VLAN 1
PC 5Marketing/IT
VLANs 1 and 2
VLAN Statistics
* (Beta) PO-CO-MAUE_Man.7 # configure ports 3:1 monitor vlan "cv3001"
* (Beta) PO-CO-MAUE_Man.8 # show port 3:1 vlan statistics <cr> Execute the command no-refresh Page by page display without auto-refresh * (Beta) PO-CO-MAUE_Man.8 # show port 3:1 vlan statistics Port VLAN Statistics Wed Nov 3 15:04:35 2010 Port Vlan Rx Frames Rx Byte Tx Frame Tx Byte Count Count Count Count ================================================================================ 3:1 cv3001 1400 2132194 1421 114524
• VLAN statistics were previously implemented in ExtremeXOS® for the BlackDiamond®12K. In ExtremeXOS 12.5, support for VLAN statistics is extended to the BlackDiamond 8K and Summit X series switches.
• Need to provide VLAN-level statistics for VLAN #1, #2 and #3 in order to gain insight into traffic behavior on given port Configure a given VLAN on a given
port for monitoring
Show statistics pertaining to all the VLAN on a given port
Statistics pertaining to “cv3001” VLAN includes Tx/Rx Frame and Byte count
Auto Provisioning for Edge Switches
DHCP Server
TFTP Server
1
DHCP Discover
2Responds with TFTP Addr
3Config file ftp transfer initiated
4FTP successful
Config file is saved and switch reboots with saved config file
5
• Designed to reduce operational cost and deployment time in large scale deployment
• Minimal human interaction required to bring the switch with right configuration
• Designed to scale in large deployment
• Summit® switches
Access Profile List
How to Configure it Access Profile listconfigure snmp access-profile add <rule> first
configure telnet access-profile add <rule> first
configure web http access-profile add <rule> first
configure ssh2 access-profile add <rule> first
configure snmp access-profile add <rule> after <previous_rule>
configure telnet access-profile add <rule> before <previous_rule>
Existing Commandsconfigure snmp access-profile <policy>
configure telnet access-profile <policy>
enable ssh2 access-profile <policy>
configure ssh2 access-profile <policy>
Application(SNMP, Telnet,
HTTP)Access-profile 2Access-profile 1 Access-profile 3
Traffic to Application
Access profile list
show access-list counter process http
=============================================================
Access-list Permit Packets Deny Packets
=============================================================
a1 10 0
a3 0 25
a2 0 6
=============================================================
Total Rules : 3
EMS Log information
09/03/2010 13:34:59.25 <Warn:SNMP.Master.DropReqAccessDeny> SNMP access from source 10.120.89.13 is denied by rule deny_10_120. Dropping this Request.
One Platform addressing customer pain points
VM MobilityStacking::ClusteringDisaster Recovery
VirtualizedData Centers
Massive applicationdensity per rack complexto manage with growing
server, storage, andnetwork virtualization
Identity Management Wireless Integration
Universal Port
Service ScaleRidgeline EAPS 3.0
Markets
Key Pain Point
SustainableDifferentiation
Context-AwareEnterprise Campus
Service-AwareCarrier Transport
Ethernet basedservices simpler,
but lacking matureservice management& monitoring tools
leveraging One Modular OS enabling simplicity and best-of-breed systems
Convergence hard to manage & secure with growing set of
mission-critical video, voice & data applications
Page 71
Speeds & Feeds
Y exceeds your need Z exceeds your need
X exceeds your need
Z BUS
Y CPU
X I/O
fn(x,y,z)
What If?
Then?
Price (Initial & COO) Relationships (People)
Company (Brand)
Disrupt and Innovate
“derail Cisco gravy train”
POE Plus uplink and switches 4 POE Ports
Keeping it XYZ Customer cabling Cool “Big Ticket” Items for 802.3at
Propose an efficient switch with Layer-2 power management protocol for enhanced power allocation, beyond just heating, cooling and cabling considerations:• LLDP delivers low complexity and higher
interoperability potential• LLDP / LLDP-MED for PoE Plus• Fine-grain power negotiation• Power conservation modes (e.g. extend UPS
battery life during disasters)• Power priority (critical, high, low)• Ongoing dynamic re-negotiation (e.g. video
call in process) Support both initial booting and ongoing operation
• Power priority (e.g. must keep “red phone” alive)
LLDP-MED Advanced Power Management
Layer 1
Layer 2
PoE Plus (XYZ Customer gets Ultra PoE w Intelligence)
Advanced Edge
Summit X460 Edge Switch
Create enterprise edge policiesCreate enterprise edge policies
Deploy Automated Power Savings modules and policies to switches
Deploy Automated Power Savings modules and policies to switches
1
2
Time triggered eventTime triggered event3
Profiles to power off the IP handsets on specified edge ports.
Profiles to power off the IP handsets on specified edge ports.
4
MIMO 802.11nWiMAX
POS terminals
video-surveillancewith pan/tilt/zoom