Like Prussian soldiers, Cisco Systems Inc. continued its march to advance its Intelligent Information Network vision for embedding advanced services into the network with a range of new software and hardware enhancements for the Catalyst line of modular and stackable switches.
The enhancements, launched Thursday at the CeBIT exhibition in Hannover, Germany, span the Catalyst 6500, Catalyst 4500 and Catalyst 3750 network switches, bringing new security, manageability and performance to the network core, data center and wiring closets.
New software-based security enhancements, applicable across all Catalyst switches, layer on such new features as the ability to lock down ports to prevent MAC address flooding attacks; prevent attacks coming from false DHCP servers; and restrict network access through port-level Access Control Lists. Cisco also extended the authentication capabilities in standard IEEE 802.1x to be able to assign authenticated traffic to a specific virtual LAN or add QOS (quality of service) features as well as prevent denial-of-service attacks by dynamically inspecting Address Resolution Protocol traffic and binding appropriate MAC and IP addresses to specific ports.
“Were looking at how to make the physical network provide a layer of defense. With [distributed denial-of-service attacks], spoofing and other attacks bogging the network down, you need pervasive security within the switch to mitigate such attacks,” said Steven Shalita, senior manager for worldwide product marketing at Cisco in Hannover.
Cisco also sought to reduce the complexity of configuring more advanced services such as QOS for voice Over IP through new macro templates that package a series of command language interface configuration commands into a more digestible whole. The templates can still be customized, but the intent is to “make it simpler to implement these features,” said Shalita. “You can download from a Web site everything you need for voice QOS,” he added.
Shalita acknowledged that such complexity has held back adoption of those advanced features. “For large organizations it provides a great way to consistently deploy the same configuration across a large-scale network, and SMB environments that dont have big staffs can [more easily exploit the advanced features],” he said.
On the hardware front, Cisco added a new copper transceiver interface for the Catalyst 6500s 10 Gigabit Ethernet interfaces that can help to bring down its cost. The new CX4 Xenpack, which works over coaxial cable up to distances of 15 meters, is well-suited for data centers where servers are clustered. It is $600, compared with optical fiber interfaces that can range from $2,000 to $12,000, according to Shalita.
Cisco also added multimode fiber support for the Catalyst 6500s 10 Gigabit Ethernet support. Although the standard calls for single-mode fiber, fewer enterprises have deployed single-mode fiber. “Multimode allows customers to use their existing fiber plant and easily migrate those to 10 Gigabit Ethernet by adding the new interface. The multimode fiber support can span distances up to 300 meters.
In addition, Cisco doubled the port density for Gigabit Ethernet in the Catalyst 6500 with a new 48-port module. The new module leverages Ciscos Supervisor 720 module architecture to provide a 40G-bps throughput on the switchs backplane. Cisco added a new policy daughtercard for the Supervisor 720 that can support up to 1 million IP v 4 routes or 500,000 IP v 6 routes and provides advanced functions for Multiprotocol Label Switching.
For the wiring closet, Cisco added a new 10-slot chassis to the Catalyst 4500 line dubbed the Catalyst 4510R. It can support up to 336 ports, and Cisco is adding a new supervisor module to scale performance.
Cisco is also bringing 10 Gigabit Ethernet uplinks to its Catalyst 3700 line of stackable wiring closet switches with the new Catalyst 3750G-16TD, which provides 16 ports of 10/100/1000 Gigabit with a single 10 Gigabit Ethernet uplink.
“Weve seen a significant increase in 10/100/1000 deployments. As you get more of that to the desktop, you have to aggregate that up to the core of the network. We will probably see this year that the number of 10/100/1000 desktop ports [shipped] will be more than 10/100 ports,” Shalita said.
The new offerings are available between now and the end of May and range from $600 for the new 10 Gigabit Ethernet Xenpack interface to $40,000 for the new 720 Supervisor module for the Catalyst 6500.