Cisco Systems is following its rivals lead in extending greater intelligence to the edge of the corporate network with a new Supervisor module for its Catalyst 6500 Series switches and a new small-form-factor router.
Introduced April 30, Ciscos Catalyst 6500 Series Supervisor Engine 32 with PISA (Programmable Intelligent Services Accelerator) technology can perform deep packet inspection to classify network traffic or spot malicious traffic and apply security or QOS (quality of service) policies accordingly.
Cisco officials said customers are using the companys Catalyst 6000 Series network switches in wiring closets, although the devices were designed for the campus network core.
“One quarter of all [Catalyst 6000s] today are going into the wiring closet or enterprise WAN edge as a router,” said John Yen, senior manager for network systems at Cisco, in San Jose, Calif. “[Their] presence in the campus network is expanding beyond core deployment.”
“There are an awful lot of [Catalyst 6000s] in wiring closets, but this does limit [use of the new technology] to larger enterprises,” said Zeus Kerravala, an analyst with Yankee Group.
Rivals such as Hewlett-Packard and Extreme Networks already are distributing intelligence for security and policy enforcement to the network edge and offer such capabilities in smaller, less costly switches. Cisco intends to migrate the functions into smaller-form-factor Catalyst switches as the market dictates.
“They werent first to market, but I think youd be hard-pressed to say theyre late,” Kerravala said. “Cisco tends to hit markets at the right time, and their presence legitimizes the market.”
Driving such adoption is a change in the pattern of network traffic. With more peer-to-peer traffic from VOIP (voice over IP), video over IP and similar applications, network traffic no longer involves just client-to-data-center-based servers.
To help customers better design networks to accommodate that change, Cisco created the Campus Communication Fabric blueprint. “We call it a fabric because the campus network is being stretched in multiple directions. It becomes a key communications medium as more and more business services are being rolled out on top of [it],” said Marie Hattar, senior director for network systems marketing at Cisco.
“[Using the Supervisor Engine 32 with PISA,] you can now identify what applications are running on your network; see how much bandwidth they are using; and, after you identify the application, you can rate-limit them, block them or prioritize them,” Yen said.
Deep packet inspection, implemented in hardware on the module, enables stateless or stateful inspection. That allows users to more easily identify applications that move from one port to another, such as Skype, and discern which of the growing number of Web applications are business-related or, as with Kazaa or BitTorrent, are recreational. Deep packet inspection can also identify whether video traffic is for a videoconference or a video-on-demand training exercise.
Ciscos Supervisor Engine 32 with PISA uses flexible pattern matching to match string patterns associated with known worms and viruses; this capability also works on partial matches to catch variants of those known worms and viruses. Once a match is found, the packets can be blocked and discarded.
“PISA does prefiltering at the edge and allows centralized security services in the core to scale more effectively,” said Yen.
One Catalyst 6500 user briefed on Ciscos Supervisor Engine 32 with PISA was pleased to see such control.
“We want more control over our access layer. As traffic comes into our network, we want to be able to mark it for QOS,” said Luis Chanu, global network and security architect at PDL BioPharma, in Fremont, Calif.
“By having inspection in hardware, we can classify our various applications and mark them and be alerted of any viruses that may exist in the closets,” Chanu said. “We want to leverage the PISA capability and use flexible pattern matching to see virus outbreaks as they occur and mitigate them.”
Cisco also extended its 7200 Series line with the Cisco 7201, a compact router that features higher performance and lower power consumption. The 7201 can be used as a WAN edge router or for broadband aggregation.