jeff green april 2011 may v1

Extreme Pressure delivers cutting edge

results.Cloud, mobility, security and simplicity…

Jeff Green

248-521-7593

Too Big to Innovate (Brand 1st )

Customer-centric Innovation or too Big to Innovate

BrandSolutionUltra-loyalPlatform v Brand

BrandValueNot- loyal

BrandSolutionloyal

In the beginning (1996)

I/O I/OPort Port

Vertically IntegratedCONVERGENCE

To Horizontally Layered

MetroNETWORK

MODERN ENTERPRISE

MetroNETWORK

ENTERPRISENETWORK

Vid

eo

Voi

ce

T1

Ser

vice

PS

TN

Inte

rnet

PA

BX

DA

TAVirtualized Applications

VoIP & Video Service

Switching & Routing

Enhanced Services

Differentiated Access

Optics, Copper & Wireless

Ethernet with “ATM like” QoS delivers toll-quality voice even under adverse congestion conditions

• low latency (.1ms), • low jitter (.01ms)• zero packet loss

Performance w features turned on

L3 built-in.

L2 “SONET Like” convergence

How much does a dropped call cost?

Leadership & Innovation

Enterprise Service Provider

Awards

Switching Genome

Data Center

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

http://www.sec.gov/

Ask the hard question?

With all the crazy discounts?

Asymmetric warfare

Would you take it for free?

Not symmetric warfare

Next Generation Ethernet (15 years experience)

Data Center

Consumer Electronic

Metro

Enterprise

Simplicity is the killer app.

Event Driven Edge

Response: Trigger profiles handsets.

Result: Dynamic device configuration

Event Driven Edge

Response: Trigger profiles handsets.

Result: Dynamic device configuration

Ethernet like a PBX made simple

Create enterpriseedge policiesIncluding:QoS,VLAN,IP, 802.1XLLDPDynamically

Create enterpriseedge policiesIncluding:QoS,VLAN,IP, 802.1XLLDPDynamically

Deploy Automated Power Savings modules and policies to switches


1

2

Converged Requirement Innovation for XYZ Customer's

Phone = Switch

NACIntegrated Wireless

Ethernet as SONET, ATM made simple

Ethernet EverywhereWith QoS,L2 Networks,MPLS, EAPSMAC in MACQ in Q

Ethernet EverywhereWith QoS,L2 Networks,MPLS, EAPSMAC in MACQ in Q

10G & 1GEthernet Demarcation.10G & 1GEthernet Demarcation.

1

2


Modular Operating System Hitless SW UpgradeProcess MonitoringGraceful restartCPU DoS Protection

Software Resiliency

Service Isolation

(EAPS <50ms)

EAPS - Sub 50ms Restoration

Resiliency

(Milliseconds)

Data Center Convergence made simple

EPICenter® XNV™Feature Pack

Direct Attach™ each network-tier adds another two hops.

40G Ethernet

VEPA Support

VM

2

VM

1

VM

3

VM

4

Multi-core CPU


Requirements Ultralow Latency Non-Blocking Rapid Convergence

New requirements Lossless Fabric, Lossless Ethernet, Virtualization,

Requirements Ultralow Latency Non-Blocking Rapid Convergence

New requirements Lossless Fabric, Lossless Ethernet, Virtualization, 1

2 Server = Switch

Departmental Divide

(Next Gen Ethernet (Microseconds') )

You shouldn’t call it just a switch anymore!

Switching in the beginning....

…Eliminated Collisions

• Isolates traffic into collision domains (Speed)

• Extending segment and repeater rules (Reach)

…Replaced hubs • Basic connectivity (Utility)• Deliver basic diagnostics

(Structure)

(It is a FastPath Platform)

For Internal Use Only. Extreme Networks Confidential and Proprietary. Not to be distributed outside of Extreme Networks, Inc

Thinking inside the box

Before (Line-rate w features turned on) Now (Lossless data transmission)

Router

Slow Path

merchant silicon Jawbreaker

Fast Path

Switch


Support for Network and Storage Convergence

Priority Based Flow Control(PFC)

Enhanced Transmission Selection(ETS)

DCB Capabilities Exchange (DCBX)

Data Center Bridging (DCB) Protocols

Block Based Storage

iSCSI FCoE

File Based Storage

NFS CIFS

Dynamic Scripting

CLEAR-Flow

ExtremeXOS® Infrastructure Layer


What is Data Center Bridging?

Data

Storage

Data

Storage Network

EthernetNetwork

Server

ServerServer

Fibre ChannelEthernet Switch

Converged Network

Server

ServerServer

DCB Switch

Storage

(iSCSI or FCoE)

… …

CNAs

Not just about building a better mouse trap

We build better networks…

Elastic Ethernet & Product Fit

Flexible cross platform stacking

10/40/100G Data Center

X250 & X450

Value (Utility)• PoE 15w (802.3af)• 40G Stacking• Distributed Forwarding• Virtual Chassis• XoS (UPM)• Active Directory

10G/40G Aggregation

Keep it simple!

Event Driven Edge



10G/40G Aggregation

X460

P90X

Max Feature Function • 48+4 Gigabit• PoE 30w (802.3at)• 80G Stacking• Fiber Stacking (4KM) • Active fiber (100M)• 16 Switch Stack• Hot Swappable PSU• Virtual Routing• Integrated Wireless

Keep it simple!

Event Driven Edge



10G/40G Aggregation

X480

Metro (Fat 512K Routes)• Fiber/ NEB-1• 40G Stacking• 128G Stacking• 40G Ethernet• 512K Fast Path for BGP

integration• Storage over Ethernet BCB,

CEE or DCE• VEPA• MPLS, PBB, ect.

Keep it simple!

Event Driven Edge



10G/40G Aggregation

X670/670V

Massive Bandwidth • 48 or 64each 10 Gigabit • 80G/160G Stacking• 40/100G Ethernet• Core Bandwidth• Non-blocking Stack• Compatible with all

Stackable Summit X250/450/480/650

• Cut-through (Low Latency)• MLAG (L2 Dual Cores)

Keep it simple!

Event Driven Edge



10G/40G Aggregation

Keep it simple!

Event Driven Edge

Next Generation Gigabit Edge/Aggregation solution

X460

X480

X250 & X450

X670

40 Gbps to 512Gbps stacking interfaces with

distributed L2/L3 switching and routing

Summit X460 Tomorrow’s Switch, Today

Fan Tray

10 GbE Module Stacking Modules

Redundant AC/DC Power Supplies

Passive Copper

Active Fiber

Optics + MTP Cable

Cross Platform Summit Stacking

Simplifies

Summit X670* Series Design

Summit® X670V-48x

• 48-port dual speed 1 GbE/10 GbE switch

• Single expansion slot for

VIM4-40G-4X provides:

– 4-port 40 GbE

– 16-port 10 GbE with splitters

– 64-port 10 GbE maximum with splitters

– SummitStack™-V160 using two 40 GbE ports

• SummitStack-V using two 10 GbE ports

Summit X670-48x• 48-port dual speed 1 GbE/10 GbE switch

• SummitStack-V using two 10 GbE ports* Future availability.

NEW

Wiring Closet

We believe in the elasticity of Ethernet “one-size-fits-all”

NEW

Aggregation/Core Data CenterMax Value

PoE ConnectivityPort FitUtility

Low LatencyPort Density

Mix and match blades edge to DC

http://www.extremenetworks.com/products/blackdiamond-8800-modules.aspx#link

Cards can be reused across systems

Access Edge1

PoE Attached Devices23

Summit®X450eSummit®X250e

Data Center

4

w/ S-POE

8500-G48T-e

8500-G48T-e

8500-MSM248500-MSM248800-G48X-c

8800-MSM48-c8800-MSM48-c

8900-10G24X-c

8900-MSM1288900-MSM128

Flexible Port fit in a Chassis

Need to connectservers Add 8900-series modules

4Need to aggregatewiring closetsAdd 8800 c-series

3Need to connect PoE devicesAdd PoE daughter card

2

Company Growth

Need to connect a small networkWith 8500-series modules

1

A Complete Flexible PlatformD

ATA C

ENTER

WIR

ING

CLO

SETC

OR

E

Sum

mitS

tack

BlackDiamond 8800

Data Center Bridging M-LAG Direct Attach™ / VEPA

BlackDiamond X8Summit X670*

Summit X480

Summit X460

Summit X250/ X450

100MB to 10Gigabit

BlackDiamond X8* System Architecture

* Future availability.

True Future-Proof Chassis Architecture: No Mid-Data Plane Design


Intelligent and Efficient Cooling System

<3 µsec Latency

BlackDiamond® X8* – Data Center in a Box • Single Tier Physical and Logical Network

• Supports Up to 768 10 GbE Servers in a Single

Switch

• Supports 128,000 Virtual Machines in a Single

Switch

• Heterogeneous Hypervisor Integration

• M-LAG Support for “Multi-path” Capability

• VEPA Support – Moving Switching Back to the

Network

• Data Center Bridging for data and storage

integration

• XNV (ExtremeXOS® Network Virtualization) for

VM Mobility Management


Of Identity, Location, and Presence?

Of People, Devices, and Machines?

The first decade was about speeds, feeds and protocols

Now it’s about: Identity Virtualization Provisioning Automation

Is your Network Aware?

Event Awareness

Application Aware

Device Aware

Location Aware

Service Aware

User Aware

The Foundation: Extreme Networks

Applied Performance

if X + Y, then Z

Actionable Network Tasks based on Event

TriggersEvent Aware

“if ” user matches a defined attribute value …

…. “then” place user into a defined ROLE

XYZ Customer Global Event Driven Identity Manager

Tracking and provisioning of network users based on identity – Netlogin 802.1X Login ID

– Netlogin Web-based ID

– Netlogin MAC-radius

– Windows Active Directory Domain Login

(Passive Authentication through KERBEROS Snooping)• Transparent method of tracking users attached to the network

Tracking of network devices based on:• LLDP-based device identification (e.g. VoIP Phone)

• Computer Name

• RFID Tags

• Location, location, location

Active Directory ServerRADIUS Server

LDAP Server

Passive Authentication

Internet

Intranet

Mail Servers

CRM Database

1

User logs into the domain

2

XoS “snoops”

3

Active Directory validates4

XoS grants network access

Username IP MAC Computer Name VLAN Location Switch Port #

Rene_Paap 10.1.1.101 00:00:00:00:01 Laptop_1011 1 24

Success

Role-based Access Control (Wired)


LDAP Server

Who is Rene?

Match Department =

Employee

Internet

Intranet

Mail Servers

DataCenter

Who is Alice?

Role Internet Intranet Mail CRM/Database VLAN

Unauthenticated Yes No No No Default

Contractor Yes Yes No No Default

Employee Yes Yes Yes Yes Default

Role Derivation» Users are assigned to a “role”.» Network policies control access to network resource.

User: YouRole: EmployeeResource Access = Permit All

User: AliceRole: ContractorResource Access = Deny Mail and CRM

User: Jeff GreenRole: UnauthenticatedResource Access = Internet Only

Match Company =

IBM

LDAP Response

LDAP Response

No Authentication Detected =

Unauthenticated Role

Internet

Intranet

Mail Servers

Data Center

Role-based Access Control (Wireless)


LDAP Server

Role Derivation» One Control Plane instead of two.» Ethernet simplification Wired or Wireless.» Future further wired and wireless integration.

User: ReneRole: EmployeeResource Access = Permit All

Summit WM3000

Query

LDAP Response

MatchGroup =

Employee

Internet

Intranet

Mail Servers

DataCenter

Role Internet Intranet Mail CRM/Database VLAN

Unauthenticated Yes No No No Default

Two-factor authentication with no token and no supplicant

Jeff ‘s unqualified opinion (plus cut and paste)

AgentWeb Services | Gateway

SSL

PHONE NETWORK

PhoneFactor Service

Phone Factor

Step2Remote

LoginWebsite

LoginFunds

Transfer

CustomApplications AD/LDAP Oracle/SQL

User Portal

Step1

Direct SDKJava | .NET | PHP

RADIUS

MgmtPortal

Step 1:User logs into any application using their standard username and password.

Step 2:

35

Black Lists/White Lists

• Ability to black list and white list users and/or devices such printers, etc…

Network Zones

• Ability to create security zones (defined by IP, MAC, Subnet, etc) and associate these ‘zones’ to a policy. For example:

Users in “guest role” deny access to “internal zone”

Network zone “finance” deny access to network zone “internet”

ACL Enhancements

• Ability to define more flexible combination of match qualifiers (i.e. MAC Source + Destination IP ACLs)

Roles per VLAN

• Ability to assign users/devices to VLAN based on role assignment

RADIUS Snooping

• Ability to snoop RADIUS username/identity for wireless deployments

LLDP Mapping

• Ability to handle devices as identities, for example, create a printer role, or phone role

Identity Management: Continued Innovation

*April 2011 Roadmap, subject to change without notice

CY 2011-12

XYZ Customer Service Isolation (up to 8 Virtual Routers)

• L3 virtual switches act as separate routers housed in a single physical enclosure.

• Segregation of internal physical resources including CPU cycles, packet memory, forwarding table space

• A single L3VS-capable switch replaces multiple physical switches

XYZ Customer Hardware, Software & Network Resiliency

Network Resiliency

EAPS – Sub 50ms Restoration

Hardware Resiliency

Passive BackplaneRedundant SwitchingRedundant ManagementRedundant PowerRedundant Fans

Software Resiliency

Modular Operating System Hitless Failover Process MonitoringGraceful restartCPU DoS Protection

Multi-Switch LAG (Simple L2 XYZ Customer redundancy)

Link Aggregation Multi-Chassis Link Aggregation

active-active paths and topology awareness.

No Ethernet LoopJust more bandwidth!

Core Network

Multi-Switch Link Aggregation

M-LAG Group 1

M-LAG Group 2

Inter-Switch Connection

(ISC)

Data Center

Efficient Bandwidth Usage• Allows combining ports on ‘two’ switches

to form a single logical connection to another network device

• Aggregate dual-homed servers or switches redundantly while utilizing full available bandwidth

• Active-active paths. No STP port blocking

• Peer Switches communicate with each other to learn LAG states, MAC FDB, and IP multicast FDB

39

CY 2010

TRILL (Transparent Interconnection of Lots of Links )

active-active paths and topology awareness.

The new TRILL Control Plane Loop Free for flooded traffic Plug & Play efficient MAC learning Pay as you grow Active-Active bandwidth used Fast Recovery and Convergence Any-to-Any connectivity to Spread

Risk (“like RAID”) and add flexibility Lower latency Flat Addressing No complicated L3 MPLS required No Spanning Tree

Several different states must be synced

TRILL uses IS-IS to carry routing information about MAC Addresses devices connected to VLANs and to build a shorted path tree for each MAC address in the VLAN.

TRILL encapsulates forwarded traffic with a new TRILL header and requires receipt from a TRILL interface.

TRILL extended the L2 bridging logic with Bridge nicknames to determine whether bridged traffic is local or not.

RBridgeRBridge

RBridge RBridge


IPFIX Monitoring Virtual Security Resource

Zero Day Threat Mitigation (Avoiding Availability Risks)

Sentriant

1

1Attack

Launched

2Auto Detectand Mirror

3Analyze

& Request Action

4Take Action

CLEAR-FlowSecurity

Rules Engine2

4 3

XoS supports Wide keyed ACLs

ACL enables full classification, including

• Ethernet source MAC address, destination MAC address

• Ethernet packet type

• IP protocol (GRE, ICMP, PIM, OSPF, etc.)

• IP Source address, Destination address

• Type of Service (ToS) or DiffServ Codepoint

• IP options, fragment

• TCP / UDP source port, destination port (including ranges)

• TCP flags

• IGMP message type

• ICMP type, ICMP code

New fields supported without disruptive upgrades

• Full access to first 120 bytes of packet header

• Flexible inspection, modification, tagging, monitoring

Ethernet Dest (first 4 bytes)

Eth Dest Eth Src

Eth Src (last 4 bytes)

Type Code

IP ver LengthIh

Identification Fragment OffF

TTL Proto Checksum

IP Src Address

TCP Src Port TCP Dest Port

Sequence Number

Acknowledgement Number

IP Dest Address

Off Ec WindowRs Flag

Checksum Urgent

IP Options (Variable Length)

TCP Options (Variable Length)

Data (Variable Length)

ToS

MID

Low

High

-

Voice

Video

Data

Best Effort

-

Voice

Voice

Data

Video

Traffic Classification Policing Remarking

Discard or best

effort

Observe => choose an egress queue based on an ingress valueManipulate => overwrite using specified code pointPreserve => preserved and observed throughout the infrastructure.

OpenFlow


<5 µsec Latency

Network in a (pair of) Boxes

Up to 76810 GbE Connection

Sales Engineering Finance Conference Rooms

InternetFirewall

IPS

The Extreme Way!

Built into the infrastructure

Extinguish the Firewall!

Firewall

IPS

Firewall Firewall Firewall

IPS IPS IPS

Sales Engineering Finance Conference Rooms

InternetFirewall

IPS

$$ $$ $$ $$

$$

The Competitors Approach

$$ $$ $$ $$

SalesEngineering

FinanceConference Rooms

Device Aware

Location Aware

User Aware

XYZ Customer’s Application Awareness

Service Aware

Event Aware


Applied Performance

Moving up the stack to enable …

ApplicationMobility

Application Aware

ExtremeXOS®

End to End

Virtualized End-of-Row

Save Power, Cost and SpaceLower Latency while increasing bandwidth

Top of Rack solution with End-of-Row benefit4 You can physically mount ToR switch per Rack4 But you don’t have to manage ToR switch one-by-one4 Very high speed stacking with distributed forwarding

Data Center Trends

Servers• Becoming faster with multi-core CPU

• VM explosion, 8-16 today 64-128

• Adding multiple 10G interfaces

• Converged 10G adapters

• VEPA enabled

Power

• 2-4W per 1Gig 10-30W per 10Gig

• Higher power/cooling cost

• Green initiative, premium cap and trade

• Need for efficient power management

Convergence

• Storage, HPC move to Ethernet

Network has Zero visibility into VM Lifecycle

Server Manager

e.g.

NIC NIC

Hypervisor Hypervisor

Switch PortIP: 1.1.1.2MAC: 00:0AQoS: QP7ACL: Deny HTTP

Network Admin

Task to move VM: Administrator has NO visibility into VM location or when the

movement will occur

Switch Port Config None or Disabled

VM1IP: 1.1.1.2

MAC: 00:0A

Initiate

Resulting Configuration:

Port is incorrectly configured for a specific VM.

Direct Attach with XNV visibility into VM Lifecycle

Server Admin

NIC NIC

Hypervisor Hypervisor

Network Admin

VM1IP: 1.1.1.2

MAC: 00:0A

Query

Switch Port Cfg IP: 1.1.1.2MAC: 00:0AQoS: QP7ACL: Deny HTTP

Switch Port Config None-Disabled

Direct Attach VM awareness

VM info

Virtual Port ProfileIP: 1.1.1.2MAC: 00:0AQoS: QP7ACL: Deny HTTP

XNV-enabled

Initiate

Switch Port Config None or Disabled

Virtual Port ProfileIP: 1.1.1.2MAC: 00:0AQoS: QP7ACL: Deny HTTP

Ridgeline provisioning

Pull VM Inventory Locate VMs Show Port Mapping Define Virtual Port Profile Assign (VPP) to VMs Respond to VM motion

Eliminate the vSwitch (Reducing Network Tiers)

Data Center Core

VM1 VM2

vSwitch

Minimal traffic provisioning (if any) is done at the vSwitch.

Today’s Inter-VM Switching

Direct Attach: Eliminate the vSwitch


Data Center Core

VM1 VM2

vSwitch

VM2VM1

Inter-VM traffic provisioning at the network-level.• Dynamic ACLs• QoS• Rate-limiting• Anomaly Detection• etc…

Direct Attach™ Enabled Switch

Virtually” Reducing Network Tiers

Eliminate the vSwitch

VM2

Direct Attach™ Enabled SwitchGuest OS: UbuntuActive applications:• gnome-system-monitor

for network and CPU utilization

• tcpdump to monitor attack traffic from VM1

VM1

Guest OS: UbuntuActive applications:• gnome-system-monitor

for network and CPU utilization

• hping to generate DoS attack targeted at VM2

VM2

Inter-VM traffic is transmitted and received on the same network physical port. VM2 CPU and network utilization severely impacted, due to DoS attack.

CLEAR-Flow enabled to dynamically provision/block DoS traffic. VM2 CPU and network utilization reverts to healthy.

Lossless Ethernet and FCoE


PFC creates eight virtual links to allow different types of traffic to coexist on single physical link by selectively applying pause on per virtual link basis as defined in PFC vector• PFC and ACL based

bandwidth partitioning• Priority Flow Control and

ACL based bandwidth partitioning (ETS sort)

• Application availability • PFC provides flow control

for lossless traffic and ETS bandwidth partition

40 4545

Link Agg Group 5

Link Agg Group 6

Core Network

Q1

Tx Queue

Q2Q

3Q4Q

5Q6Q

7Q8

Rx Queue

Q1

Tx Queue

Q2

Q3

Q4

Q5

Q6

Q7

Q8

Rx Queue

IPC with 20% with P1 and P5SAN with 40% with P2, P4 and P6LAN with 40% with P3, P45and P8

20 404020

40 40

t1 t2 t1 t2

4515 15

Opinion

Direct Attach VEPA (feature pack pn/11011)

VM A

VM B

VM C

VM D

VEPA hairpin turn

Automation of virtual edge provisioning:

overcoming the ‘silo impasse’

Server Admin Network Admin

Query

VM info

Initiate

Get list of connections types

Get connection instance

Network Edge retrievesthe connection profile

Push VM & connection instance to VM Host

Edge Learnof new connection instance

VM Edge

Physical ServerRunning

Hypervisor

Edge Module (Blade or TOR)

Server Edge

Convergence should do more with less!

Direct-Attach architecture reduces network tiers

Fewer switches

Lower cost design

High performance

Reduced cabling

Reduced power

How big is your VM toolbox?

• How Complex?

• How Expensive?

Ethernet in theFirst Mile

MPLS in the Last Mile

VMAN Service Multiplexing

VMAN Service Multiplexing

VMAN 900

VMAN 800 VLAN Mapping

VLAN 100

VLAN 200

VLAN 300VLAN 100

VLAN 200

VLAN 300

• Provides subscriber scalability and separation of subscriber/provider Ethernet control traffic

• Preservation of customer VLAN tags and IP routing information simplifies deployments

• Hybrid Ethernet/VPLS Metro• Now MPLS

Ethernet CoreCustomer EdgeCustomer Edge

EAPS+PBB Redundant Access

58

• EAPS-aware SVLAN/CVLAN mapping to BVLANs

• On a shared-link failure, the EAPS Controller will give precedence to the BVLAN port, port 3:38 in this case, when selecting an Active-Open port

• If the BVLAN port which was Active-Open failed, EAPS selects the lowest port number as the next Active-Open

• If the BVLAN port recovers, EAPS will revert Active-Open to back to BVLAN port

Ridgeline Point-and-Click Service Deployment

Monetizing the Network

The creation and provisioning of a new, billable service

for a subscriber

Monitoring service qualityand troubleshooting problems

before they impact the subscriber

Traffic engineering to carry the maximum number of services over the network

Services Management • View configured services in a map or device group• Provision and modify an E-Line or E-LAN service• Enable/disable service• Delete service

eToggle

XYZ Customer Global Custom Services & Price

http://www.extremenetworks.com/about-extreme/press2009/pr08_03_09.aspx

Control

Convergence

Connectivity

CEE (PFC)Direct Attach

Data Centers

VM MobilityMulti-switch LAG

High-Speed StackingStacking over 10G

Tunable DWDMLAG: RR, PP, Redirect

ExtremeXOS 12.5

Markets Enterprise Campus Service Providers

Role Based Security

CLEAR-Flow for EdgeAuto-Provision Edge

EAPS Priority DomainsEAPS with PBB access

Summit® X460; Demo 40G; X450e Copper; BlackDiamond® 20K Hybrid Card

IPv6: BGP, VR for OSPFv3 & RIPng, /126 address, BGP HA; IPFIX; MPLS (stacked X480, 8900-XL)

Scale Mirroring, Multicast, ARP; Configurable Buffer, DHCP Relay per VLAN, SNMP per VR Profile Logging; Stats for VLAN, IP ARP, FDB; Disable Flooding per VLAN; DDMI phase-2

Wide ACL Key

DDMI

62

• Provide Industry-Standard Diagnostics• Proactive Digital Diagnostics • Coupled with UPM can be automated

* (pacman) BlackDiamond-8806.12 # show ports 2:3 transceiver information detail

Port : 2:3

Media Type : XFP_ER Part Number : TRF7052BN-GA170 Serial Number : 1012A-80190

Temp (Celsius) : 36.30 Low Warn Threshold : -10.00 High Warn Threshold : 80.00 Low Alarm Threshold : -13.00 High Alarm Threshold : 83.00 Status : Normal

Tx Power (dBm) : 0.87 Low Warn Threshold : -1.00 High Warn Threshold : 2.00 Low Alarm Threshold : -2.00 High Alarm Threshold : 3.00 Status : Normal

Current computed value of temperature in

Celsius

Low threshold values for warning and alarms read

from XFP EEPROM

High threshold values for warning and alarms read

from XFP EEPROM

Show transceiver details

Synchronous Ethernet

63

• Packet Networks were initially designed to work in asynchronous mode

• The MEF 22 standard with G.8261, G.8262 and G.8264 specify distribution of timing over a packet network

Stratum 1 Traceable Reference

Clock

Data

Physical LayerDPLL

DPLL

DPLL

Physical Layer

Packet Network

Physical Layer

Tunable DWDM

64

• Tune to a given wavelength/channel

• Eliminates need to maintain inventory of XFPs for different wavelengths

* (pacman) BlackDiamond-8806.1 # sh ports 2:1 config no-refreshPort ConfigurationPort Virtual Port Link Auto Speed Duplex Flow Load Media router State State Neg Cfg Actual Cfg Actual Cntrl Master Pri Red================================================================================2:1 VR-Default E A OFF 10000 10000 FULL FULL NONE TWDM21 ================================================================================ > indicates Port Display Name truncated past 8 characters Link State: A-Active R-Ready NP- Port not present L-Loopback Port State: D-Disabled, E-Enabled Media: !-Unsupported Optic Module Media Red: * - use "show port info detail" for redundant media type

•(pacman) BlackDiamond-8806.2 # config ports 2:1 dwdm channel 35

* (pacman) BlackDiamond-8806.3 # sh ports 2:1 config no-refreshPort ConfigurationPort Virtual Port Link Auto Speed Duplex Flow Load Media router State State Neg Cfg Actual Cfg Actual Cntrl Master Pri Red================================================================================2:1 VR-Default E A OFF 10000 10000 FULL FULL NONE TWDM35 ================================================================================ > indicates Port Display Name truncated past 8 characters Link State: A-Active R-Ready NP- Port not present L-Loopback Port State: D-Disabled, E-Enabled Media: !-Unsupported Optic Module Media Red: * - use "show port info detail" for redundant media type

The new channel is “35”

Show the current configuration of T-DWDM

module

Configure it to new channel “35”

Show the current configuration of T-DWM

module

Current channel the module is tuned to “21”

Tunable Lasers Have Arrived!

IPFIX

65

• Client sends IPFIX events• Collector receives IPFIX • Analyze the collected data• Display the data

Client

IPFIXCollector

IPFIX events from client to collector

WAN

The Complete Framework

Application Aware`

Device Aware

Location Aware

Service Aware

User Aware

Event Aware


Applied Performance


Tomorrow’s Network. Today.

VLAN 1

VLAN 2

VLAN 3

Accounting Server (VLAN 3)

Main Server (All VLANs)

Shared Media Segment

PC 1Marketing

VLAN 2

PC 2Marketing

VLAN 2

PC 4Engineering

VLAN 3

PC 3IT Dept.VLAN 1

PC 5Marketing/IT

VLANs 1 and 2

VLAN Statistics

* (Beta) PO-CO-MAUE_Man.7 # configure ports 3:1 monitor vlan "cv3001"

* (Beta) PO-CO-MAUE_Man.8 # show port 3:1 vlan statistics <cr> Execute the command no-refresh Page by page display without auto-refresh * (Beta) PO-CO-MAUE_Man.8 # show port 3:1 vlan statistics Port VLAN Statistics Wed Nov 3 15:04:35 2010 Port Vlan Rx Frames Rx Byte Tx Frame Tx Byte Count Count Count Count ================================================================================ 3:1 cv3001 1400 2132194 1421 114524

• VLAN statistics were previously implemented in ExtremeXOS® for the BlackDiamond®12K. In ExtremeXOS 12.5, support for VLAN statistics is extended to the BlackDiamond 8K and Summit X series switches.

• Need to provide VLAN-level statistics for VLAN #1, #2 and #3 in order to gain insight into traffic behavior on given port Configure a given VLAN on a given

port for monitoring

Show statistics pertaining to all the VLAN on a given port

Statistics pertaining to “cv3001” VLAN includes Tx/Rx Frame and Byte count

Auto Provisioning for Edge Switches

DHCP Server

TFTP Server

1

DHCP Discover

2Responds with TFTP Addr

3Config file ftp transfer initiated

4FTP successful

Config file is saved and switch reboots with saved config file

5

• Designed to reduce operational cost and deployment time in large scale deployment

• Minimal human interaction required to bring the switch with right configuration

• Designed to scale in large deployment

• Summit® switches

Access Profile List

How to Configure it Access Profile listconfigure snmp access-profile add <rule> first

configure telnet access-profile add <rule> first

configure web http access-profile add <rule> first

configure ssh2 access-profile add <rule> first

configure snmp access-profile add <rule> after <previous_rule>

configure telnet access-profile add <rule> before <previous_rule>

Existing Commandsconfigure snmp access-profile <policy>

configure telnet access-profile <policy>

enable ssh2 access-profile <policy>

configure ssh2 access-profile <policy>

Application(SNMP, Telnet,

HTTP)Access-profile 2Access-profile 1 Access-profile 3

Traffic to Application

Access profile list

show access-list counter process http

=============================================================

Access-list Permit Packets Deny Packets

=============================================================

a1 10 0

a3 0 25

a2 0 6

=============================================================

Total Rules : 3

EMS Log information

09/03/2010 13:34:59.25 <Warn:SNMP.Master.DropReqAccessDeny> SNMP access from source 10.120.89.13 is denied by rule deny_10_120. Dropping this Request.

One Platform addressing customer pain points

VM MobilityStacking::ClusteringDisaster Recovery

VirtualizedData Centers

Massive applicationdensity per rack complexto manage with growing

server, storage, andnetwork virtualization

Identity Management Wireless Integration

Universal Port

Service ScaleRidgeline EAPS 3.0

Markets

Key Pain Point

SustainableDifferentiation

Context-AwareEnterprise Campus

Service-AwareCarrier Transport

Ethernet basedservices simpler,

but lacking matureservice management& monitoring tools

leveraging One Modular OS enabling simplicity and best-of-breed systems

Convergence hard to manage & secure with growing set of

mission-critical video, voice & data applications

Speeds & Feeds

Y exceeds your need Z exceeds your need

X exceeds your need

Z BUS

Y CPU

X I/O

fn(x,y,z)

What If?

Then?

Price (Initial & COO) Relationships (People)

Company (Brand)

Disrupt and Innovate

“derail Cisco gravy train”

POE Plus uplink and switches 4 POE Ports

Keeping it XYZ Customer cabling Cool “Big Ticket” Items for 802.3at

Propose an efficient switch with Layer-2 power management protocol for enhanced power allocation, beyond just heating, cooling and cabling considerations:• LLDP delivers low complexity and higher

interoperability potential• LLDP / LLDP-MED for PoE Plus• Fine-grain power negotiation• Power conservation modes (e.g. extend UPS

battery life during disasters)• Power priority (critical, high, low)• Ongoing dynamic re-negotiation (e.g. video

call in process) Support both initial booting and ongoing operation

• Power priority (e.g. must keep “red phone” alive)

LLDP-MED Advanced Power Management

Layer 1

Layer 2

PoE Plus (XYZ Customer gets Ultra PoE w Intelligence)

Advanced Edge

Summit X460 Edge Switch

Create enterprise edge policiesCreate enterprise edge policies



1

2

Time triggered eventTime triggered event3

Profiles to power off the IP handsets on specified edge ports.

Profiles to power off the IP handsets on specified edge ports.

4

MIMO 802.11nWiMAX

POS terminals

video-surveillancewith pan/tilt/zoom

jeff green april 2011 may v1

Technology

low jitter

centric innovationortoo

onl3 builtin

triggerprofiles handsets

l2 networks

copper wirelessioioportporthow

tollquality voice

crazy discounts