n-series technical overview
TRANSCRIPT
“There is nothing more important than our customers”
Enterasys Matrix™ N-Series Architectural Overview
Modular Switching - Matrix™ N-Series
“There is nothing more important than our customers”
Agenda
Switch Architectural Approaches
Product Review & Positioning
Feature Overview
Competitive Positioning
Summary
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Switch Architectural Approaches
Redundant Switch/Route/MgmtRedundant Switch/Route/Mgmt
Switch/Route/MgmtSwitch/Route/Mgmt
Point-to-Point Backplane
Line CardLine Card Line CardLine Card Line CardLine Card Line CardLine Card
Centralized DesignCentralized Design
Distributed DesignDistributed Design
Fully Meshed Backplane
Switch/Route/ Mgmt/Line CardSwitch/Route/
Mgmt/Line CardSwitch/Route/
Mgmt/Line CardSwitch/Route/
Mgmt/Line Card
Switch/Route/ Mgmt/Line CardSwitch/Route/
Mgmt/Line CardSwitch/Route/
Mgmt/Line CardSwitch/Route/
Mgmt/Line Card
•There are two primary approaches to designing chassis based switch/router architectures The traditional approach,
used by most vendors leverages centralized forwarding architectures
Matrix™ N-Series is based on a distributed forwarding architecture, designed from inception to support high availability environments
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Traditional Centralized Architecture
Access Ports: 10/100, 10/100/1000 or 100FX
Uplinks: Gigabit
Uplinks: Gigabit
Packet Forwarding
Packet Forwarding
CPUCPU
Packet Queuing
Packet Forwarding
Packet Forwarding
CPUCPU
Packet Queuing
Co
ntr
ol
Access Ports: 10/100, 10/100/1000 or 100FX
Uplinks: Gigabit
Sw
itch
Fab
ric
Bac
kpla
ne
Sw
itc
h
Fa
bri
cS
wit
ch
F
ab
ric
Sw
itc
h
Fa
bri
cS
wit
ch
F
ab
ric
Po
int-
to-P
oin
t B
ack
pla
ne
Packet Queuing
Packet Queuing
Packet Forwarding
Packet Forwarding
Packet Forwarding
Packet Forwarding
Packet Forwarding
Packet Forwarding
Packet Queuing
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Traditional Centralized Architecture
• Performance limited by Switch/Route/Mgmt modules
• As modules are added, overall system performance decreases
• Higher performance requires modules and daughter-card upgrades
• No feedback QoS mechanism between Central Switch/Router and Line Cards
• Limited guarantee of High priority traffic (specifically Voice) QoS
• More than Two Uplinks requires Costly Additional Line Cards
• Maximum 1+1 redundancy
To achieve distributed forwarding, additional option modules are necessary, increasing overall system cost
› In one vendor’s platform, the maximum central performance is 30M 64 byte packets per second, the equivalent of 20 Gbps maximum through put
• Slot dependencies can limit customer flexibility
Redundant Switch/Route/MgmtRedundant Switch/Route/Mgmt
Switch/Route/MgmtSwitch/Route/Mgmt
Point-to-Point Backplane
Line CardLine Card Line CardLine Card Line CardLine Card Line CardLine Card
Centralized DesignCentralized Design
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Distributed Architecture
• Designed from inception to support high availability environments
• Every module provides both control plane and forwarding plane functionality
• Performance scales as modules are added
• Future generation modules add new services without forcing the obsolesce of existing modules
• Control functions are distributed
• N+6 Redundancy
• Modules are automatically upgraded and configured as they are plugged into the system
• Optimized for Edge, Distribution and Server farm connectivity
• No Slot dependencies
Distributed DesignDistributed Design
Fully Meshed Backplane
Switch/Route/ Mgmt/Line CardSwitch/Route/
Mgmt/Line CardSwitch/Route/
Mgmt/Line CardSwitch/Route/
Mgmt/Line Card
Switch/Route/ Mgmt/Line CardSwitch/Route/
Mgmt/Line CardSwitch/Route/
Mgmt/Line CardSwitch/Route/
Mgmt/Line Card
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Access and/or Uplinks
Enterasys Matrix N-Series Architecture
Access and/or Uplinks
Packet Forwarding
Packet Forwarding
CPUCPU
Packet QueuingS
wit
ch
F
ab
ric
Sw
itc
h
Fa
bri
c
DFE
Packet Forwarding
Packet Forwarding
CPUCPU
Packet QueuingS
wit
ch
F
ab
ric
Sw
itc
h
Fa
bri
cDFE
Packet Forwarding
Packet Forwarding
CPUCPU
Packet Queuing S
wit
ch
F
ab
ric
Sw
itc
h
Fa
bri
c
DFE
Packet Forwarding
Packet Forwarding
CPUCPU
Packet Queuing S
wit
ch
F
ab
ric
Sw
itc
h
Fa
bri
c
DFE
Access and/or Uplinks
Access and/or Uplinks
Fully Meshed Backplane
Queuing Control Across all Modules
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Enterasys nTera™ ASIC Family
Use
r P
ort
s
nTera™ Host
Accelerator
nTera™ Host
Accelerator
Host Processor
Host Processor
Bac
kpla
ne
DFE Architecture
nTera™ Distributed
Fabric
nTera™ Distributed
Fabric
nTera™ Packet
Processor
nTera™ Packet
Processor
nTera™ Packet
Processor
nTera™ Packet
Processor
nTera™ Packet
Processor
nTera™ Packet
Processor
Increases Host Performance for
Concurrent (and Future) Services
Increase Overall Packet Scalability, Performance and
Control
Enables High-Capacity Distributed Switching and
Reliability
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
•Advantages:
High Availability (N:6) – No single CPU
Low Entry Cost; Redundancy built into each switch module – Pay as you go
Scalability; Port Density and Performance
Return on Investment - Inherent backwards compatibility and future proofing
Low Latency - Each module has a connection to every other module
•Performance Characteristics Total Backplane Capacity with 20 Gbps
per slot› 21 segments X 20 Gb = 420 Gb
Future Backplane Capacity at 80 Gbps› 21 segments X 80 Gb = 1.68 Tb
Slo
t 7
Slo
t 6
Slo
t 5
Slo
t 4
Slo
t 3
Slo
t 2
Slo
t 1
Fully Distributed Passive Backplane
Matrix™ N-Series Distributed Architecture
Each of the 21 Backplane Segments supports 20 Gbps (10 Gbps
Bidirectional)
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Agenda
Switch Architectural Approaches
Product Review & Positioning
Feature Overview
Competitive Positioning
Summary
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Matrix N7 Switch
• 7 Slot Fully Redundant Chassis
All slots are usable for connectivity and hot-swappable
• Meshed 1.68 Tbps Backplane
• Scalable Port Densities
504 10/100 Ethernet ports
420 10/100/1000 Ethernet ports
336 100BaseFX Ethernet ports
168 Gigabit Ethernet ports
14 10 Gigabit Ethernet ports
• Industry Leading Performance
Switch Fabric Capacity: 126 Gbps
Switch Performance: 94.5 MppsMatrix N7
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
N Series - N7 Power Supply : 6C207-3
• 1600 Watt capacity
• Required to support Matrix E7 configurations with six or seven Distributed Forwarding Engines
• Advanced System Monitoring
SNMP traps for power supply failure, loss of redundancy, and fan failure
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Matrix N5 Switch
• 5 Slot Fully Redundant Chassis with integrated PoE Power Shelf
All slots are usable for connectivity and hot-swappable
• Integrated Power over Ethernet (PoE) Power Shelf
4,800 Watts Total Power (4 x 1,200W supplies)
PoE DFEs draw PoE power from the backplane
• Scalable Port Densities
360 10/100 Ethernet ports
360 10/100/1000 Ethernet ports
240 100BaseFX Ethernet ports
120 Gigabit Ethernet ports
10 10 Gigabit Ethernet ports
• Industry Leading Performance
Switch Fabric Capacity: 90 Gbps
Switch Performance: 67.5 MppsMatrix N5
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Matrix N3 Switch
• 3 Slot Fully Redundant Chassis
All slots are usable for connectivity and hot-swappable
• Scalable Port Densities
216 10/100 Base-TX Ethernet ports
216 10/100/1000 Base-TX Ethernet ports
144 100 Base FX Ethernet ports
72 Gigabit Ethernet ports
6 10 Gigabit Ethernet ports
Industry Leading Performance
Switch Fabric Capacity: 54 Gbps
Switch Performance: 40.5 Mpps
Matrix N3
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Introducing the N-1
• Matrix N1 single slot chassis
• Dual Redundant Auto-Ranging AC Power Supplies
• 2 RU in height
• Flexible and Capable of supporting all DFE Gold and Platinum Modules Optimum edge configuration for
small to medium wiring closets› 10/100 Densities from 25-72 Ports
Optimum aggregation configuration for Small Distribution deployments
› Fiber - Using the 12 Port GIG SFP module
› Copper –Using the 30 Port Triple Speed Module
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
2G4082-25 Systems
Lowest cost of entry for the N-Series
Platinum feature set
1. 2G4082-25-SYS
2G4282-25 DFE
7C111 (1 Slot Chassis)
2. 2G4082-25-SYS-U
2G4282-25 DFE
7C111 (1 Slot Chassis)
7G6MGBIC-A
• When operating with multi-slot N-Chassis
It will work as a standalone device
• Shipped in a overpack (assembly required)
2G4282-25
24 Port Tri-speed w/NEM
7G-6MGBIC-A
6 Port SFP
7C111
1 Slot N Chassis
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Matrix N Standalone Switch
A Premium Edge/Data Center switch for smaller wiring closets
• Creates a broader range of N-Series solutions
The N Series scales with switch solutions from 48 to 420 10/100/1000 ports in the same product family
Allows customers to deploy common N Series solutions throughout all network tiers
Supports all N-Series Platinum features
• 10/100/1000 Switch/Router
(48) 10/100/1000 RJ-45 Ports
(4) SFP ports
• 2 U Standalone
• Redundant power
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
• Leverages Enterasys’ nTera™ ASIC Design Fully integrated advanced Switching, Routing, and
Management Unmatched User-based Multilayer Packet
Classification/QoS and Rate Limiting Industry-standard SNMP and CLI management High Performance, Capacity and Density
• Scalable Performance/Bandwidth 13.5 Mpps/18 Gbps per DFE
• Wide Range of Ethernet Interfaces 10/100Base-TX, 1000Base-X, 10/100/1000Base-TX,
100Base-FX and 10GigE
• Power over Ethernet Support 10/100 and 10/100/100 Base-TX with 802.3af PoE
• Three Types to Meet Different Requirements
Diamond DFE (Enhanced routing, security and policy scalability)
Platinum DFE (High Features/Performance for Edge, Distribution, and Core)
Gold DFE (Cost-Effective Edge Connectivity)Distributed Forwarding Engine (DFE)
MatrixTM N-Series Chassis Modules(Distributed Forwarding Engine)
EOSL© 2007 Enterasys Networks, Inc. All rights reserved. Last Updated August 2007
• Per slot control processor upgraded 50% increase in processing capacity per slot
30% improvement in ACL processing
• Increased Flow Capacity Double the Flow Table Capacity per blade
Diamond up to 512K/blade, 3.6M/Chassis
› Platinum up to 256k/blade, 1.8M/Chassis
• Diamond modules include Platinum options 256 MB Host memory included on all blades
N-EOS-L3 - Advanced Router license
N-EOS-PPC - Per Port User Capacity Increases
• Optimized for backbone routing Enables the DFE to handle larger backbones, larger ACL lists, complex
route policies
Significant Processing Enhancements over Platinum DFE’s, plus increased Security, Routing & Policy Scalability.
Diamond DFEs
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
• 48 port 10/100 Power over Ethernet (802.3af) w/NEM NEM Uplink option slot (MSM, 1Gb, 10Gb)
• 48 port 10/100/1000 Power over Ethernet (802.3af) w/NEM
NEM Uplink option slot (MSM, 1Gb, 10Gb)
• 72 port 10/100/1000 with PoE Operates as triple speed blade in a N1, N3, N7
• Provides power to any 802.3af compliant device IP Phones
Access Points
Web video cameras
• Legacy Cisco detect support
• Supports all DFE embedded software features
• Fully interoperable with all other DFEs
• 48 Port blades supported in the Matrix N1, N3 and N7 with external power shelf
• 48 and 72 port blades supported in the Matrix N5 via internal power
Power over Ethernet DFE Modules
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
• External Power Shelf for Matrix N3, N7 and E7
Enables N1/N3/N7 to support PoE DFE modules
N5 Power Shelf is integrated in the chassis
• 4,800 Watts Total Power (4 x 1,200W supplies)
Supports up to 336 class 2 devices such
as a VoIP phone
• Fully 802.3af compliant
• Multiple chassis can be supported by a single Power Shelf (up to 7 DFEs per shelf)
• Supports Class 1 (4 Watts) Class 2 (7 Watts), and Class 3 (15.4 Watts) devices
• Requires a DFE-POE-CBL-2M for every PoE DFE (Ordered separately - Not required on N5)
• Power management via CLI and SNMP
N3 with PoE Power Shelf
N5 has integrated Power Shelf
MatrixTM N7& N3 PoE
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Matrix Security Module
Matrix N3
Matrix N1
Matrix N5
Matrix N7
• Available for all modular Matrix N-Series chassis
Supports all Distributed Forwarding Engines (DFEs) with Network Expansion Modules (NEM)
Supports Gold, Platinum and Diamond DFEs
• Two options
Dragon Intrusion Defense
Enterasys NAC Apliance
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Extensive DFE Portfolio
• 48 port 10/100 (RJ45) w/exp. slot• 72 port 10/100 (RJ45) • 48 port 10/100 (RJ21) w/exp. slot• 72 port 10/100 (RJ21) • 48 port 100FX w/exp. Slot• 48 port 10/100 (RJ45) with PoE and
exp. slot• 48 port 10/100/1000 w/exp. Slot POE• 72 port 10/100/1000 POE
• 48 port 10/100 (RJ45) w/exp. slot• 72 port 10/100 (RJ45) • 48 port 10/100 (RJ21) w/exp. slot• 72 port 10/100 (RJ21) • 48 port 100FX w/exp. Slot• 48 port 10/100 (RJ45) with PoE and
exp. slot• 48 port 10/100/1000 w/exp. Slot POE• 72 port 10/100/1000 POE
Platinum DFE TypesPlatinum DFE Types
• 10 & 12 port 1G (Fiber)• 18 port 1G (Fiber) w/exp. slot• 30 port 10/100/1000• 2 port 10 Gigabit• 48 port 10/100/1000 w/exp. Slot• 72 port 10/100/1000
• 10 & 12 port 1G (Fiber)• 18 port 1G (Fiber) w/exp. slot• 30 port 10/100/1000• 2 port 10 Gigabit• 48 port 10/100/1000 w/exp. Slot• 72 port 10/100/1000
• 48 port 10/100 (RJ45) w/exp. slot• 72 port 10/100 (RJ45) • 48 port 10/100 (RJ21) w/exp. slot• 72 port 10/100 (RJ21) • 48 port 100FX w/exp. Slot• 48 port 10/100 (RJ45) with PoE and exp. Slot• 48 port 10/100/1000 w/ & w/o PoE and exp. Slot• 72 port 10/100/1000 w/ & w/o PoE
Gold DFE Types
Network Expansion Module• 6 port 1G (Fiber) • 6 port 1G (Fiber) + 2 port 10 G• Dragon IDS/IPS• Sentinel Processor
Diamond DFE Types
• 12 port 1 G (Fiber)• 18 port 1G (Fiber) w/exp. slot• 30 port 10/100/1000• 2 port 10 Gigabit
Diamond DFE Types
• 12 port 1 G (Fiber)• 18 port 1G (Fiber) w/exp. slot• 30 port 10/100/1000• 2 port 10 Gigabit
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Matrix N Series Port Densities
Matrix N3Matrix N3 Matrix N5Matrix N5 Matrix N7Matrix N7
10/100 ports 216 360 504
10/100 ports (with uplink option*) 144 240 336
10/100/1000 ports 216 360 504
10/100/1000 ports (with uplink option*) 144 240 336
100FX ports 144 240 336
100FX ports (with uplink option*) 144 240 336
1000 Base-X Ports 72 120 168
10 Gigabit Ports 6 10 14
*Includes a single module with the Expansion Slot for uplinks
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Matrix N-Series: Optimized High Availability (N+6)
•Automatic Service Fail-Over (Self Healing)
All Services in Milliseconds
Intra-chassis Routing Redundancy
•Automatic Module Self-Configuration
Inserted “blank” module gets configuration from other modules
•Local Module Upgrades
Only affects users on upgraded module
Services Automatically Distributed across DFEs at Chassis Boot-up
SwitchingServices SwitchingServices
RoutingServices Routing
Services
MulticastServices MulticastServices
PortServices
PortServices
HostServices
HostServices
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Gold DFE 1+1 Redundancy
• Centralized system administration, protocol participation (spanning tree, OSPF, etc) and management
• Distributed Switching, VLAN, multicast, QoS, etc
• Rapid ~1 sec Failover (typical switches 60+ sec)
• Automatic module re-configuration
Primary and Secondary located in slots 1 and 2
Simple software license (N-EOS-RED) enables redundancy Simple software license (N-EOS-RED) enables redundancy
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Platinum
(7 Series)
GOLD PLATINUM DIAMOND
Interface Types Edge Edge, Dist and Core
Distribution and Core
Performance (Module/System Maximum)
6.5/45.5 Mpps
13.5/94.5 Mpps 13.5/94.5 Mpps
High Availability 1+1 (optional)
Optimized N:6 Optimized N:6
Policy-based, Flow Switching Yes Yes Yes
(Double Platinum Capacity)
Advanced QoS/Rate Limiting/Mirroring Features
No Yes Yes
Authentication/Policy Services Single User/ Per Port
Multi-User/Per Port
Multi-User/Per Port
Basic and Advanced (optional) Routing
Basic Advanced (with license)
Advanced (large route
tables)
Legacy Matrix E7 chassis support Yes Yes Yes
1st, 2nd and 3rd Gen Modules Interoperability
No Yes Yes
Gold
(4 Series)
MatrixTM N-Series Overview
Diamond
(7R Series)
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
DFE Configuration Rules
• Chassis Support Gold DFEs .Platinum DFEs and Diamond DFEs can go into any slot in the Matrix N3,
N5 or N7 chassis.
Multiple Gold DFEs work seamlessly in the same chassis, but can not be mixed with Platinum or Diamond DFE in the same chassis.
Gold DFEs work in a Matrix E7 chassis, but without any other type module.
Platinum DFEs and Diamond DFEs can be mixed in the same chassis, it is recommended to have a minimum of two Diamond DFEs in a mixed configuration.
• High Availability By default the Gold DFE does not provide any high availability (system redundancy).
To get 1+1 redundancy, the N-EOS-RED software license must be purchased and installed. Only one 1+1 Redundancy license (N-EOS-RED) is required per chassis.
For redundancy, the primary and secondary Gold DFE have to be in slots 1 and 2.
• Routing Basic EOS routing (static routes and RIP) is included with each Gold DFE.
Gold DFEs support Enterasys’ Advanced Routing Package (N-EOS-L3) that includes OSPF, DVMRP, and PIM-SM.
Only one advanced Routing Package (N-EOS-L3) is required per chassis.
Diamond DFEs ship with the advanced Routing Package (N-EOS-L3)
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
• A Flow is basically a conversation between end devices
• MatrixTM N-Series Traffic is flow-based (Enterasys’ nTera™ ASIC Design)
Provides context for network traffic
› Who, Where, What
Packet fields of interest are described below for standard network functions.(L2) Switching– SA, DA, Port, VLAN
(L3) Routing – DA, VLAN, EtherType, SIP, DIP
(L4) Application –’LSNAT’ – DA, VLAN, EtherType, SIP, DIP, L4 Source, L4 Dest
• Packet forwarding switches do not keep track of context
Traffic is forwarded based upon “next hop” only
Cannot differentiate one connection from another
• Secure Networks configuration contributes fields to the flow definition based on active profiles and their rule-sets.
Flow-Based Switching
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Matrix™ N Series Distributed Flow Based Switching
• Granular visibility and control of the individual flow between users and IT resources
Permit/Deny/Prioritize/Rate Limit
Discover, classify and prioritize IPT soft phone clients and IPT handsets connected to the same port as user desktop/laptop
Advanced flow mirroring
• Centralized policy administration ensures ease of configuration and deployment while distributed enforcement delivers scalability
Firewall-like control everywhere without the box-by-box configuration burdens or
extensive CLI scripting
Traffic Flows
SAP traffic.
Market Data Feed
Known Worm/Virus
Zero day threat controlled by
Flow Setup Throttling
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
10 G
bE F
iber
10 G
bE F
iber
InternetVPN/IntranetU
sers
Use
rs
Use
rsU
sers
Ser
vers
Ser
vers
Premium EdgePremium Edge
Collapsed BackboneCollapsed Backbone
Matrix N7
Matrix N7
Backbone Routing (tier two
environments)
Backbone Routing (tier two
environments)
Server AggregationServer Aggregation
Matrix N7
10/100/1000
10/100/1000
Matrix N7
Matrix N3/N5
MatrixTM N-Series DFE Applications
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
• Three Tier Implementation – 10-Gigabit Ethernet connectivity between Distribution and Core, Gigabit connectivity between Edge and Distribution, user ports 10/100/1000
Core - MatrixTM X
Distribution – MatrixTM N with Platinum and/or Diamond DFE
Edge – SecureStack B/C
Use
rsU
sers
Use
rsU
sers
Ser
vers
Ser
vers
Matrix X4
SecureStack C2
SecureStack C2
Matrix N7
Matrix N7
Matrix X4
Three Tier Implementation
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
• Two Tier Implementation
Often see this design in buildings supporting 1000-1500 devices
Perfect for N-Series & Diamond providing granular control and integrated security for the core and distribution layers
Use
rsU
sers
Use
rsU
sers
Ser
vers
Ser
vers
SecureStack C2
SecureStack C2
Matrix N7
Matrix N7
Two Tier Implementation
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Agenda
Switch Architectural Approaches
Product Review & Positioning
Feature Overview
Competitive Positioning
Summary
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Integrated Services Design
Enterasys OS (EOS) Feature Summary
Multilayer Classification
Multilayer Classification
Switching/ VLAN Services
Switching/ VLAN Services
Native IP Routing
Native IP Routing
Security (User, Network & Host)Security (User,
Network & Host)Management,
Control and AnalysisManagement,
Control and Analysis
• Spanning Trees, Multiple Spanning Trees, VLANs
• Link Aggregation/Rapid Reconfiguration
• Span Guard• Flow Setup Throttling
• User, Port and Device Level• Multiple Control Features• Granular QoS/Rate Limiting• VLAN to Policy Mapping• Multi-field Classification
• IPv4 Unicast/Multicast• RIP 1/2, OSPF • IGMP, DVMRP• Multi-Path OSPF • VRRP• PIM-SM (Sparse Mode)
• User: Auth (802.1X, MAC and Web), MAC Locking
• Multi-user Authentication/Policy• Network: ACL – Basic and Extended,
Policy-based Services (Acceptable Use)
• Host: SSH, SNMP v3
• Industry-Standard CLI, • SNMP v1/v2c and Web• RMON (1,2,3,9)• TELNET• BOOTP, DHCP,TFTP • Multiple images
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
DFE Packet Classification/QoS
• Layer 2 through 4 Packet Classification
• QoS Mapping to WFQ Priority Queues (802.1p) 4 TX queues per 10/100 and 10/100/1000 port
16 TX queues per GbE and 10GbE port
• Bandwidth Control (Rate Limiting) Granular 8 kbps – 4 Gbps
Per Port, Flow, Aggregate of Flows and Classification Rules
Packet Classification/QoS enables the delivery of critical applications to specific
users via traffic awareness and control
Packet Classification/QoS enables the delivery of critical applications to specific
users via traffic awareness and control
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Dynamic Flow Based Classification: scaleable up to 56k rules per system
Sept 5, 2003 17Enterasys Confidential (Internal Only)
Dynamic Flow-based Packet Classification (DFPC)
Deny
Permit
Contain
Priority/QoS
Rate Limit
Access ControlLayer 2 MAC Address EtherType (IP, IPX, AppleTalk, etc)
Layer 3 IP Address IP Protocol (TCP, UDP, etc) ToS
Layer 4 TCP/UDP port (HTTP, SAP, Kazaa, etc)
Layer 2 MAC Address EtherType (IP, IPX, AppleTalk, etc)
Layer 3 IP Address IP Protocol (TCP, UDP, etc) ToS
Layer 4 TCP/UDP port (HTTP, SAP, Kazaa, etc)
Class of Service
Us
er
Po
rt
Matrix N-Series
Sw
itc
hF
low
VL
AN
Granularity
Why does Enterasys make the best Secure Networks™ switches in the industry?
- What can I identify?
- What can I control?
- How can I control it?
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
DFE Switching/VLAN Services
•High-Performance Switching
•VLAN Services Support Link Aggregation (IEEE 802.3ad)
Multiple Spanning Trees (IEEE 802.1s)
Rapid Reconfiguration of Spanning Tree (IEEE 802.1w)
•Policy-based Switching
Switching/VLAN Services provides high-performance connectivity, aggregation,
and adaptation to device failure
Switching/VLAN Services provides high-performance connectivity, aggregation,
and adaptation to device failure
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
DFE IP Routing
IP Routing provides dynamic traffic optimization, broadcast containment and
more efficient network resilience
IP Routing provides dynamic traffic optimization, broadcast containment and
more efficient network resilience
•Base Routing Features IPv4 Unicast Routing (per-port)
›RIP version 1 and 2, OSPF v2 and DHCP/BootP Relay
•Routing Upgrade (via Software License)•Fully distributed forwarding engine
Frames are routed locally (one hop routing) Forwarding Databases are resident on all modules
(Route table and ARP table)
•Control Plane resides on a single module Up to two active control planes Redundancy through industry standard routing protocols (Including VRRP)
•Protocol Support IPv4 Unicast/Multicast RIP 1/2, OSPF IGMP, DVMRP, PIM-SM (Sparse Mode) Multi-Path OSPF VRRP LSNAT
•Advanced Routing features are licensed – (N-EOS-L3)
LSNAT, PIM, OSPF, DVMRP and Extended ACLs.
•Scalable capacities via memory expansion
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
DFE Security
•User Security Authentication (802.1X, MAC and Web), MAC (Static and Dynamic) Port
Locking
Multi-User Authentication/Policies
•Network Security Access Control Lists (ACL) – Basic and Extended
Policy-based Security Services (Examples: Spoofing, Unsupported Protocol Access, Intrusion Prevention, DoS Attacks Limits)
•Host Secure access to the Matrix N-Series via SSH, SSL, SNMP v3
Security protects a business against network misuse, and controls access to resources and confidential information
Security protects a business against network misuse, and controls access to resources and confidential information
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
DFE Management, Control and Analysis
•Configuration Industry-Standard CLI and Web Support
Multiple Images with Editable Up/Downloadable configuration files
•Network Analysis
SNMP v1/v2c/v3, RMON/RMON II, and SMON (rfc2613) VLAN and Stats
Port/VLAN Mirroring (One to one, one to many, many to many)
•Automated Set-up and Maintenance Replacement engine will automatically get previous engine configuration
Management, Control and Analysis provide streamlined tools for maintaining
network availability and health
Management, Control and Analysis provide streamlined tools for maintaining
network availability and health
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Network
Security and Control: ACL and VLAN vs. Policy
Issues
• Costly, time-consuming VLAN management
• Mobility becomes an issue as VLAN spread across the campus
• VLANs provide no inherent security
within the VLAN no control
All users share the same ACL
• VLAN changes for quarantine require proper endsystem support (DHCP renew etc.)
Benefits
• Simple, quick to implement
• Rapid response to security threats
• Much more granular control
• Far more scaleable
• No mobility issues
• No issues when user is quarantined
Matrix N-Series
Policy-based
User authenticated to port
User authenticated to port
Access control (policies) mapped to user
Access control (policies) mapped to user
VLAN-based
Network
Matrix N-Series
User authenticated to port
User authenticated to port
Port mapped to VLAN (with VLAN access control (ACLs)Port mapped to VLAN (with
VLAN access control (ACLs)
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Multi-user Authentication/Policy
• Diamond/Platinum DFE feature that allows a large number of users to be authenticated on a single port, and unique policies to be enforced.
Backbone
Matrix N-Series
Extends access and application control (for security, convergence, and on-demand networking) to users aggregated by devices with limited features
Access
User authenticated/access and application control enforced here
User physically connected here
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Rapid Reconvergence
Matrix E7 Matrix E7
Layer 2 Availability: Spanning Tree
• IEEE 802.1D Spanning Tree
• IEEE 802.1w Rapid Re-Convergence of Spanning Tree
Reduces Spanning Tree convergence times
• IEEE 802.1s Multiple Spanning Trees
Network VLAN’s into multiple Spanning Trees
› Convergence of one of the Spanning Trees does not impact the others
Overall network availability increases as uplinks can now load-share traffic
64 Spanning Tree Instances supported
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Layer 2 Availability: Link Aggregation
•IEEE 802.3ad Link Aggregation
Up to 32 groups
Up to 8 ports per group
Ability to aggregate links over multiple blades in a chassis
Multiply bandwidth between switches
Improve resiliency
•No support for SmartTrunking
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Advanced Port Mirroring
• Supported Mirrors: Physical ports (Front Panel, FTM-1)
Virtual Ports (802.3ad Aggregated Link, Host)
VLAN
IDS› One to many mirror
• Destination ports allowed to be active at any time:
- One Intrusion Detection Systems mirroror
- One Port and one VLAN mirroror
- Three Port mirrorsor
- Three VLANs mirrors
• Port Mirroring configured at the system-level using NetSight Atlas via the SMON MIB or by CLI
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Port Mirroring Features
• Possibility to mirror: Received frames only
Transmitted frames only
Or both
• All frames are copied to the destination port in the same format as it was received by the switch Any header changes performed by the switch will be done after the frame
has been mirrored
• There is no restriction on the number of ports or VLANs that can be included in the mirror to a destination port
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
DragonSensors
Network Core
Intrusion Detection System Mirroring
• One to many port mirror designed for use with an Intrusion Detection System
• Source traffic is load-shared between all destination ports to ensure no packet loss
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Advanced Set-up and Maintenance
• Ability to store 2 functional images (firmware) on the chassis Every module keeps a copy of both images
All modules have same firmware version› Upgrading a module equals upgrading the entire chassis
• Ability to store several configuration files on each module
• Every module keeps a copy of the current configuration Editable txt appended configuration files contain L2 and L3 configuration
› Generic chassis configuration txt
› Board specific configuration txt
• The result : automated set-up and maintenance Add a blank module in the chassis and this module will automatically get its
configuration from the other blades
Remove a module and replace it by a blank same module and the new module will automatically get the same configuration as the previous module
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Enhanced Security
• Protect selected resources
• Create secure workgroups
• Secure management access
• Authenticate users & devices
• Policy network access, communications and access to information
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
• Host
Hardened OS
Management VLANs
RADIUS Authentication
SSH v2
• User
802.1X User Authentication
User Personalized Networking (UPN)
MAC Based Port Locking
MAC Authentication
Extensive Security Mechanisms
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
User-Based Security
• IEEE 802.1X User Authentication:
Support for IEEE 802.1X means that true standards based User-based VLANs are now possible.
› When an endstation powers up, to an 802.1X supporting switch, the user will be prompted for a login and password to authenticate to the network.
› Existing authentication methods like RADIUS can be used to keep the cost of ownership down.
Key component of Secure Networks
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
User-Based Security
• Other Authentication Methods MAC-based Authentication
› Allows authentication of devices that have no supplicant Printers Light clients (X-Terms…)
› Provides Layer 2 mobility
Web-based Authentication› Operating System Independent
› No need to purchase 3rd party 802.1X supplicants
› No need to “touch” every desktop to install supplicants
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Multi-User Authentication
• Feature : Ability to authenticate multiple users on a single Matrix
N Series port
Ability to map several different network policies (profiles) on a single Matrix N Series port
• Benefits : Authenticate users even if the edge switches do not
support authentication
Deliver Policy-Based Network even if the edge switches do not support authentication and/or policing
User A User B
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
MU
A L
og
ic
802.1X
PWA
MAC
RA
DIU
S A
uth
ority
Dynamic Admin Rule
DFE
802.1X Credentials
PWA Credentials
802.1X Login
Filter ID Policy Sales
SMAC = Anita
SMAC = BobPWA Login
SMAC = TedAny Traffic
MAC Credentials
Filter ID Policy Engineering
Dynamic Admin Rule
Dynamic Admin Rule
Port X
Filter ID Credit
Policy Sales
Policy Credit
Policy Engineering
• From 8 up to 256 per port (with N-EOS-PPC) and 2048 per system (with N-EOS-PUC).
• Different authentication methods (in random combination per port/user)
802.1x, PWA (Web), MAC authentication, Default Role
• Single physical interface
Security and Control: Multi-user Authentication and Policy
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Security and Control: non sampled NetFlow
• NetFlow flow accounting technology
• Provides high fidelity instrumentation
Non sampled statistics!
Usable for security applications
• Netflow function will work in-band and out-of-band
OoB means the N-Series can become a NBAD sensor within enterprise class networks
• The N-Series becomes a reason to sell Dragon SCC
Analysis of network wide NBAD data collection
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Security and Control: Network Attack Characteristics
• Network worms and hacker attacks rely on ability to discover machines on a network and assess their vulnerability.
The process of discovering machines on a network is typically done by attempting to establish ICMP communication with a randomly generated IP destination address (address scanning).
• Each attempt to discover network device or assess its vulnerability requires new flow to be created. Since attacks desire to discover susceptible machines as quickly as possible, flow build-up is unavoidable.
Worm description User Duration Packet (flows) Fps (mean)Packet size
(mean)
Welchia: ICMP sweep 140.112.215.131 18.94 1203 63.52 110
Welchia: ICMP sweep 140.112.240.132 18.82 2361 125.36 110
Welchia: ICMP sweep 140.112.242.5 18.51 2006 108.36 110
Welchia: ICMP sweep 140.114.232.103 18.69 2061 110.28 110
Welchia: ICMP sweep 140.115.236.59 18.95 1893 99.91 110
Welchia: ICMP sweep 140.115.240.83 18.95 1894 100 110
Welchia: ICMP sweep 140.115.86.136 18.94 1855 97.3 110
Welchia: ICMP sweep 140.116.201.118 18.72 2244 119.9 110
Welchia: ICMP sweep 140.116.246.164 18.5 1967 106.3 110
Welchia: ICMP sweep 140.116.99.117 18.94 702 37.07 110
SQL: UDP 1434 scan 140.115.95.47 17.871 34985 1957.66 421.721
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Flow Setup Throttling
• Flow Setup Throttling (FST) is Enterasys proprietary solution which tracks flow setup and provides mechanism to respond to excessive flow buildup (typically a suspicious behavior).
• Using FST, network administrator can define acceptable per port flow counts and flow setup rate.
When violations are detected, FST can apply reactive measures such as SNMP notifications (and start a ASM reponse (via SEG) or disabling the interface.
• Flow monitoring provides additional visibility into network activities by indicating the network communication paths or how many conversations are occurring. Like bandwidth utilization indicator, flow buildup can warn of suspicious behavior.
• FST provides ability to limit the number of flows on a port.
Putting restriction of flow usage penalizes the user as far as number of network activities (conversations) that can be performed at once, but the user is not penalized (but can be through DIR/ASM) in bandwidth usage.
• FST is only implemented on flow-based systems (N-Series, Matrix E1/E6/E7).
• Other detection mechanisms available on the Matrix N Series
Policy Hit Accounting
Inbound Rate Limiter (pps rates)
Anti Spoofing
Dragon Integrated Security Processor
Netflow
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
MAC Based Port Locking (Dynamic)
• The first MAC address learned on the port will be the only one allowed to communicate on the network
• Traffic from other MAC addresses will be discarded
• Prevents the use of Unauthorized hubs
• When the locked station goes away, the next MAC address to be learned will be locked
• Easy configuration with NetSight Atlas Policy Manager
Valid User Rouge User
Enterprise Network
Unauthorized hub
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
MAC Based Port Locking (Static)
• Use NetSight Policy Manager to statically define which MAC address(es) can communicate on the port
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Advanced Management and Control
• Via Single IP Address System Management
N + 6 Redundant Management Support
One module acts as the master manager for the system, all other modules act as backup
• Web Based Management Support
• Secure Socket Layer : Secure access to embedded configuration web server
• SNMP v1/v2c/v3
• RMON (9 Groups) / RMON2
• SMON : VLAN and priority statistics, Port/VLAN mirroring configuration
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Advanced Management and Control
• RFC 2674 (Standards based VLAN management)
• Port/VLAN Mirroring
One to one, one to many
• Industry standard CLI
• Telnet
• Secured Shell 2 : secure access to chassis configuration
• Broadcast Suppression
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Advanced Management and Control
• Enterasys Discovery Protocol (neighbor discovery)
• Node & Alias Table : mapping of device name and MAC/IP address
• Simple Network Time Protocol : Allows automated set-up of date/time on device
• Syslog : export all events to external management system
• RADIUS Accounting
• NetSight Atlas management applications support
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
IPv6 Strategy
• IPv6 extends IPv4 theoretical limit of 4 billion addresses to 340 trillion
Internet devices will grow by magnitudes over the following years
IPv4 addresses may run out sometimes between 2006 and 2010
• For the Enterprise network, IPv6 provides improvements over IPv4
Security, mobility, QoS, and scalability
• IPv6 will become the de facto standard for the Internet in the future
• Today’s Matrix N-Series chassis is IPv6-ready
IPv6 will now be provided in the N-Series in Generation 5 DFEs
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Agenda
Switch Architectural Approaches
Product Review & Positioning
Feature Overview
Competitive Positioning
Summary
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Competitive Products
•Matrix Gold DFEs
Cisco Catalyst 4500
•Matrix Platinum DFEs
Cisco Catalyst 6500
•Matrix Diamond DFEs
Cisco Catalyst 6500
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Matrix X and N Series Competition – Cisco Catalyst 6500 Series
• The Catalyst 6500 Family of Multi Layer Switches is Cisco’s Flagship switch products.
5 chassis. (6513, 6509NEBS, 6509, 6507,6503)
All 6500 series modules can be used in any chassis variant
● Cisco claims significant performance levels and very advanced functionality and low cost !!
• Supports high density LAN, Metropolitan Area and WAN interfaces, Security Modules, Firewall & IDS Modules, and IP Telephony Modules.
• High Performance
720 Gbps system performance
400 Mpps throughput
• Hardware based IP
Wirespeed IPv4, IPv6 & MPLS
• Advanced Virtual Network capabilities
MPLS L2 and L3 VPNs
IP in IP Tunneling
Generic Router Encapsulation
• Advanced Security Capabilities
High performance Firewall Modules
5 Gbps per module
Intruder Detection & Prevention Module
SSL and Traditional VPN Gateways
Identity Based Network Policies
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Common Components
•Three types of modules
Supervisor Engines
› Central Control Plane, 1 required per chassis
› Forwarding engine in many configurations
Switch Fabric Module
› Enables the Fabric backplane which can operate at 256 Gbps or 720 Gbps
› The Supervisor 720 is both Control Module and Switch Fabric on a single blade
I/O Modules
› Provides LAN, MAN and WAN interfaces
› Highest density is 48 ports
› Special Service Modules for Firewall, IDS and Telephony
Supervisors
Fabrics
I/O Modules
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Classic B
us
Fabric B
ackplane
Catalyst Backplanes
• The Catalyst supports two different backplane types
• The Classic Bus backplane is marketed as a 32 Gbps bus that provides for a useful 16 Gbps of bandwidth
• The Fabric Backplane provides high speed dedicated channels to every slot and requires that a switch fabric module is installed within the chassis
Each fabric channel can be clocked at 16 Gbps or 40 Gbps Full Duplex
The backplane is not fully implemented within the 6513
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Catalyst 6500 Supervisor Positioning
• Supervisor 720
Enterprise Core, Data Center, Service Provider Applications
› Hardware IPv6, MPLS, 30 Mpps Supervisor IPv4 performance
› Distributed forwarding allows for maximum of 400 Mpps forwarding
• Supervisor 2 with MSFC2 & PFC2
Distribution and WAN Edge
› Hardware IPv4 only, 30 Mpps Supervisor IPv4 performance
› Distributed forwarding allows for maximum of 100 Mpps forwarding
• Supervisor 2 with PFC2 Only
Premium Wiring Closet and Server Farms
› 30 Mpps Bridging Only
› Enhanced Security & QoS
• Supervisor 1A without PFC2 or MSFC2
Wiring Closet
› Up to 15Mpps Bridging and IPv4 Forwarding / 32Gbps shared bus
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Catalyst Switch Fabrics
• The Catalyst’s Fabric backplane provides a high speed interconnect for the various Catalyst modules.
• There are two switch fabric models available for the Catalyst
The Supervisor 720 provides 16 channels which allow for up to 20 Gbps operation per direction per channel. The Channels can be clocked down to support 8 Gbps per direction operation allowing support for older generation module
The Switch Fabric Module (SFM) provides for 16 channels with 8 Gbps per direction performance. Newer CEF720 modules will not operate with a SFM.
All packet lookup takes place on a supervisor engine, unless Distributed Forwarding Cards are installed. Switch Fabrics only act as transport. A Supervisor Engine can look up 30 Million headers a second whether the received frame was 64 bytes or 1500 bytes long. This capability allows for full wirespeed fabric operation with large packets even if no DFCs are installed.
Switch Fabric Module (SFM)
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Cisco Sales Tactics
• Cat 6500 has an extensive list of modules.
Enables broad performance and feature claims while still being able to offer extremely low priced configurations to customers
• Every Cisco sales person will claim that the Cat6500 is a 720 Gbps with 400 Mpps,
• But..... they will most certainly lead with Classic Bus or Generation 2 (CEF256) Modules which never hit the 720 Gbps performance plateau, and are significantly less expensive.
• Almost all of Cisco’s line modules rely on the supervisor engine for packet look up & they will not operate without a supervisor in the chassis.
• Fabric enabled line cards can have local look-up engines called Distributed Forwarding Modules enabling slot to slot communications without a supervisor engine. DFC’s list for about $7500.
• Ensure you are comparing Apples with Apples
Bait & Switch
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Diamond Competitive Comparison
General Specifications
Matrix N-Series Diamond
Catalyst 6500 Black Diamond 8800 FastIron Super X
# of Slots 1/3/5/7 3/6/9/13 6/10 8/16
Chassis Architecture
Distributed Switching and Routing
Centralized Supervisor Engine with DCEF cards
Centralized Centralized
Fault Tolerance Distributed Fault Tolerance
1+1 Supervisor Engine 1+1 MSM 1+1 Switch Fabric
Port Density 504 10/100/1000168 1000BaseX14 10Gbps
577 10/100/1000410 1000BaseX32 10Gbps
384 10/100/1000224 1000BaseX32 10Gbps
384 10/100/1000384 1000BaseX36 10Gbps
Forwarding Architecture
Flow-basedgranular policyvisibility and control
Longest prefix match via Cisco Express Forwarding
Longest prefix match Longest prefix match
Layer 2 Topology 802.3ad/s/w
ASIC-based QoS & rate shaping
L2-L4 Classification
802.3ad/s/w 802.3ad/s/w
Proprietary EMISTP
802.3ad/s/w
Layer 3 Topology RIP/OSPFVRRPDVMRP/PIM-SM
RIP/OSPF/BGP/MPLS/ VRRP/HSRPDVMRP/PIM-SM
RIP/OSPF/BGP/MPLS/ VRRP/ESRP/EAPSDVMRP/PIM-SM
RIP/OSPF/BGP/MPLSVRRPDVMRP/PIM-SM
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Diamond Competitive Comparison
Policy-based Security & QoS
Matrix N-Series Diamond
Catalyst 6500 Black Diamond 8800 FastIron Super X
Security Granularity
Port/VLAN/Flowvia centrally administered Policy
Port/VLAN via ACL Port/VLAN via ACL Port/VLAN via ACL
Convergence Discovery
Standards-based
LLDP/LLDP-MED 802.1ab
Proprietary Proprietary Proprietary
Multi-method Authentication
YES
802.1xWeb-based PWAMAC Address
NO
802.1x
NO
802.1x
NO
802.1x
Multi-user Authentication
YES
1,000 users per port using MAC, PWA or 802.1x simultaneously
NO NO NO
Access Control EmbeddedNAC/IDS/IPS/NBA/SI
Zero-day Threat Protection
EmbeddedFirewall/IDS/VPN
External External
Policy Enforcement
Dynamic based on User, Application, Device, Flow, Port or VLAN
Static based onPort or VLAN
Static based onPort or VLAN
Static based onPort or VLAN
Location Services
YES
Embedded directory with MAC/IP/Host/Port
NO NO NO
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
Agenda
Switch Architectural Approaches
Product Review & Positioning
Feature Overview
Competitive Positioning
Summary
EOSL© 2007 Enterasys Networks, Inc. All rights reserved.
•Secure Networks!•Most sophisticated SN feature set in the Enterasys portfolio
•Distributed Management
•High availability
•Flexibility
•Chassis footprints
•Module Port speeds and densities from edge to core
•Performance and Price Points (Gold / Platinum/ Diamond)
Why customers choose
N-Series…
N-Series
EOSL© 2007 Enterasys Networks, Inc. All rights reserved. 77
Thank you
Last Updated September 2007