1 / 39

思科可信网络架构 与新一代 Catalyst6500 Sup2T 交换平台

思科可信网络架构 与新一代 Catalyst6500 Sup2T 交换平台. 思科中国无边界网络事业部. 接入时间. 健康状态. 接入位置. 思科可信网络架构. 可信网络架构. 什么是思科可信网络架构 ? 网络的物理边界正在消失,客户需要更为安全、可靠的基础架构。思科可信网络架构对所有接入网络的用户、设备按需 进行灵活的身份认证,能够智能识别各类非用户设备如 IP 话机 、 智能终端,并且依据灵活的安全策略管理上述设备。思科可信网络架构也能实现基于二层的线速流量加密功能,提供机密的数据传输平台。. 解决方案对客户的价值 为客户提供安全的基础网络架构平台 ;

rosa
Download Presentation

思科可信网络架构 与新一代 Catalyst6500 Sup2T 交换平台

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 思科可信网络架构 • 与新一代Catalyst6500 Sup2T交换平台 • 思科中国无边界网络事业部

  2. 接入时间 健康状态 接入位置 思科可信网络架构 可信网络架构 什么是思科可信网络架构? 网络的物理边界正在消失,客户需要更为安全、可靠的基础架构。思科可信网络架构对所有接入网络的用户、设备按需进行灵活的身份认证,能够智能识别各类非用户设备如IP话机、智能终端,并且依据灵活的安全策略管理上述设备。思科可信网络架构也能实现基于二层的线速流量加密功能,提供机密的数据传输平台。 • 解决方案对客户的价值 • 为客户提供安全的基础网络架构平台; • 为客户提供灵活的网络准入授权策略; • 为客户提供可视化的安全运维管理 ; • 解决方案所包含组件: • 思科ISE策略服务器; • 思科交换机产品; • 思科无线产品; • 目标客户群? • 对网络准入有着严格要求的企业; • 需要有灵活、多样的网络准入策略的企业; • 企业网络需要识别各类非用户终端设备如IP话机、IP打印机及各类智能终端等,并且能够基于识别后设备类型来设置灵活的网络准入策略; • 解决方案对思科的价值 • 充分展示思科在基础网络安全上的架构优势; • 结合客户的实际需求,将纯产品竞争转换为解决方案竞争,为对手设置较高的竞争门槛; • 方案一旦被客户采用,将有利于锁定后续的升级项目; 链路可信 设备可信 多种组合条件 出方向流量线速加密 用户/设备鉴别 • 如何销售: • 在数据中心领域,可以从Macsec入手,强调思科交换机的二层线速加密功能; • 在园区网络领域,可以强调思科灵活的多因子网络准入授权策略(基于用户角色、接入时间、接入位置等); • 在有线无线一体化领域;可以强调思科ISE对IP话机、IP打印机及各种智能终端设备的智能识别及动态安全策略功能; • 如何交付: • 部署及配置文档: BUsolutionguide; • SBAdesignguide; 用户可信 网络设备间双向身份认证 用户名:口令 数据传输为密文 RTW#(*J0$^&* 思科可信基础网络平台 想了解更多?: External: http://www.cisco.com/en/US/netsol/ns1051/index.html 入方向流量线速解密

  3. 接入时间 设备可信 链路可信 接入位置 健康状态 思科可信网络架构—下一代基础网络安全架构 • 设备之间经过“非信任”时链路连接时,设备间线速流量加密功能; • 服务器/客户机与交换机之间经过“非信任”链路时,具备线速流量加密功能; • 用户接入网络时的身份认证,确认用户可信; • 根据规则(用户组、接入方式、接入时间、接入位置)动态授予用户网络资源访问权限; • 用户网络资源访问记录审计; • 设备接入网络时的身份认证,确认设备可信; • 网络设备只接收来自受信任邻居网络设备的流量; • 非信任邻居网络设备的流量将被丢弃; 用户/设备鉴别 多种组合条件 出方向流量线速加密 用户可信 设备间认证 用户名:口令 数据传输为密文 RTW#(*J0$^&* 入方向流量线速解密 思科可信基础网络平台

  4. 6500 Sup2T 完整支持思科TrustSec 解决方案 • Security Group Tagging and forwarding Sup2T上的思科TrustSec Security Group Enforcement • MACSec Encryption TrustSec Reflector • Sup2T 同时支持所有现有6500 安全认证特性 TrustSec on VSS

  5. 思科TrustSec 认证解决方案 SGT Enforcement SGT=7 IT Portal (SGT 4) Users, Endpoints LWA 802.1X Active Directory ACS v5.1 Sup2T Sup2T Sup2T MAB Agent-less Device SGT Assignment Public Portal (SGT 8) Internal Portal (SGT 9) Campus Network Tagged Frame Untagged Frame Doctor (SGT 7) Patient Record DB (SGT 10) IT Admin (SGT 5) Sup2T对SGT控制及转发提供硬件支持

  6. 6500最新支持硬件MACSec 加密 • 802.1ae 线速数据加解密及完整性控制 • 从二层开始防止非法攻击 • 防嗅探 • 防篡改 • 防攻击 • 不影响其他包侦测特性 • 点到点部署, 可按链路情况控制 • 支持EoMPLS上的MacSec • 保障全园区汇聚及核心网络链路层数据安全 线速2Tbps加解密能力!

  7. Catalyst 6500-E新一代2T平台 Sup2T and 6513-E 69xx Series 单槽80Gbps 8p 10G全线速4p 40G/16p10G Built-in DFC4 68xx/67xx Series 单槽40Gbps 1GbE Fiber: 24p/48p 10/100/1000: 48p 10GBASE-T: 16p 10G Fiber: 16p Built-in DFC4 服务模块 WiSM-2 ASA-SM NAM-3 ACE-30 创新 Cat6500-E 投资保护 所有E-系列机框 从67xx 线卡轻松升级 所有61XXPOE/ POE+线卡 兼容旧款服务模块

  8. E-系列机框全线支持 “2T” 在所有E系列机框上支持80G/160G 80G/Slot 6503-E 6504-E 6506-E 6509-E 6513-E 6509-V-E 34x10GE 96x1GE 8x40GE 150Mpps 50x10GE 144x1GE 12x40GE 210Mpps 82x10GE 240x1GE 20x40GE 330Mpps 130x10GE 384x1GE 32x40GE 510Mpps 180x10GE 528x1GE 44x40GE 720Mpps 130x10GE 384x1GE 32x40GE 510Mpps

  9. Catalyst 6500 产品线更新 Supervisor Engine Portfolio 10-GEUplink VS-S2T-10G VS-S2T-10G-XL Service Module Portfolio FWSM /ASA-SM WiSM 1/2 NAM 2/3 ACE 30 10-GE Line-Card Portfolio 10GEFiber WS-X6148A-GE-TX WS-X6148E-GE-45AT WS-X6816-10T-2T (XL) WS-X6908-10G-2T (XL) WS-X6816-10G-2T (XL) Wiring Closet 10 / 100 /1000 TX & PoE 10G Copper Nonblocking Oversubscribed Line-Card Portfolio Power Supply 1 GE 3000W AC, 4000W AC 6000W AC, 8700W AC 4000W DC, 6000W DC WS-X6848-SFP-2T(XL) WS-X6824-SFP-2T(XL) WS-X6848-TX-2T(XL) Fiber Copper Industry-Leading Power Efficiency

  10. 轻松进入2T时代: 全新Supervisor 2T 迄今为止最强的Catalyst 6500平台 3X System Performance 4X Data Plane Scalability 4T Virtual Switching System 40 Gigabit Ethernet Ready Up to 13M NetFlow Entries/system 1 million routes and 25k6 multicast groups Large Packet Buffers Catalyst平台上最丰富的无边界网络特性集合 End to End Network Virtualization – MPLS, EoMPLS, L2VPN/VPLS, VRF-Lite, Easy Virtual Networks (EVN) Security with TrustSec, MACsec, Atomic ACL’s and ASA-SM Application Visibility with NAM-3 and Flexible NetFlow Unified Mobility with WiSM2 Comprehensive IPv6 Ready for Transition Future Proof: 40G Ready, OTV Ready, TRILL Ready, LiSP Ready Supported with LMS 4.1 & DCNM

  11. Two SKUs: regular and XL tables (DFC4) X2 Transceiver or SFP+ w/ adapter Wire Rate MacSec (IEEE 802.1AE) Large packet buffers (256MB/port) Virtual Switch Link (for VSS) A-VPLS, OTV and LISP ready* IEEE 802.3ba standard compliant Two SKUs: regular and XL tables (DFC4) CFP Transceiver for 40G, SFP+ for 10G Wire Rate MacSec (IEEE 802.1AE) 10G mode via FourX adapter Virtual Switch Link (for VSS) A-VPLS, OTV and LISP ready* 4端口40G线卡 8端口 10G 全线速线卡 69xx 系列—80G 线卡

  12. 业界第一款40G以太交换模块 在Supercomputing中成功演示业界第一款40G交换模块 在CRS-3上展示业界第一款100GE模块 展示40G模块针对服务器及各种线缆和模块的良好支持 Catalyst 6500 40G端口就绪于2010年九月业界演示 40GE 10GE 10GE 10GE 10GE CiscoUSC C200 M2 CiscoUSC C200 M2 Reference: http://www.ethernetalliance.org/files/static_page_files/2Ethernet_Alliance_Demonstration_at_SC10.pdf

  13. 新一代无边界网络服务模块支持Sup720 and Sup2T 新一代无线服务模块- WiSM-2 新一代负载均衡模块- ACE-30 新一代流量分析模块- NAM-3 新一代防火墙模块- ASA-SM

  14. 如何将720平台升级至Sup2T平台 Sup720 Sup2T 67xx Series w/ CFC Supported 67xx Series 1GbE w/ DFC3 WS-F6K-DFC4-A 6704-10GE w/ DFC3 WS-F6K-DFC4-A 6716-10GE Fiber WS-F6K-DFC4-E 6716-10GBASE-T WS-F6K-DFC4-E 6708-10G Fiber 6908-10GFiber (80G) 61xx Series Supported 上一代服务模块 Supported

  15. Sup2T—支持传统线卡及新老服务模块 61xx Line Cards Legacy Service Modules Next Gen. Service Modules WS-X6148A-RJ-45 FWSM ASA-SM * WS-X6148A-45AF ACE 20 ACE 30 WS-X6148-FE-SFP WiSM WiSM-2 WS-X6148A-GE-TX NAM-1 NAM-3 * WS-X6148A-GE-45AF NAM-2 WS-X6148E-GE-AT

  16. 新一代Catalyst 企业园区网兼具性能和服务优势 4T VSS 40G 端口就绪 Tunnels, L3VPNomGRE L3SGT For TrustSec Interoperability OTV, Trill Ready FlexibleNetflow VSS 4T 核心 Next Gen Cat6k/Sup2T 4T VSS Integrated NG Svcs (WisM2, ASA, NAM, ACE-30), Multicast HA Smart Install Director* OTV, Trill Ready Flexible Netflow, Egress Netflow VSS 4T Next Gen Cat6k/Sup2T 汇聚 TrustSec EnergyWise NGPoE (60W) Ready Flexible Netflow IPv6 First Hop Sec. Next Gen Cat4k/ Sup7-E Cat3k/ 3750X Cat2K/2960S 接入 安全 健壮 简单 VDI就绪 弹性 虚拟化 视频优化 支持IPv6

  17. Catalyst 6500 在企业园区网独有的端到端优势 完整的核心网络特性集合 丰富的接入网络特性集合 720 2T Sup32 720 2T 强大的核心矩阵 4T VSS 40G ready L3VPN omGRE 完整的虚拟化支持 VRF-Lite, L3VPN, L2VPN, EVN*, LISP* 完善的高可用性 VSS Quad Sup SSO* 业界领先的IPv6和多播支持 Tunnels, URPF, 256K mcast Groups 业界领先的流量分析能力 Flexible Netflow, Egress, Sampled 完善的安全特性 TrustSec, L3 SGT, 性能卓越的新一代服务模块 WiSM2, ASA SM*, NAM*, ACE30 WAN 完善的PoE+ 能力 Smart Install* EnergyWise Medianet TrustSec Identity Kit TrustSec Reflector IPv6 First Hop Security DHCP Snooping Dynamic ARP Inspection IP Source Guard PACL Autosecure Smartports/Auto QoS Auto Smartports* OSPF Router Acces

  18. 6500 “2T” 同样适用于传统数据中心前所未有的升级良机 • 业界领先Table Scalability: ACL, Netflow, IPv4/v6 • 业界领先Packet Buffers: up to 256MB/10GbEport(业界最高) • 业界领先Multicast转发能力 • 提升至16K Bridge Domains为云部署提供高扩展性 • 从1GbE 平滑过度10GbE/40GbE 可扩展性 • 128K MAC Table (effective +50% vs. Sup720) • VPLS in HW for L2 extension/VM Mobility • Large L2 domains up to 1152 GbE ports/VSS for VM Mobility • LISP and OTV ready • 为服务器提供10GBASE-T 接入 虚拟化 • Simplify w/ VSS: no STP, no FHRP, 减少维护成本 • 一致性IOS方便用户升级 • 唯一一款带独立带外管理系统CMP的交换机 • 丰富的控制层保护CoPP, SPAN/RSPAN/ERSPAN/mini protocol analyzer… • Open Manageability with XML/Web service API 运维简化 • ASA-SM Firewall blade for up to 64 Gbps (Chassis Performance) • ACE-30 Load Balancer for up to 16 Gbps • Performance analytics and 1588 services with NAM-3 • Up to 13MNetflowentries w/ FNF, Sampled, Egress, Multicast… • Full IPv6 Hardware parity with IPv4 丰富服务

  19. 与Catalyst 4500及 Nexus 7000对比 C6K-Sup2T EX8200 A9500/A7500 C4500 N7000 特性 每槽带宽 虚拟交换系统 MPLS/VPLS 安全服务模块 无线服务模块 网络分析模块 可采样Netflow 灵活Netflow ERSPAN/EEM/GOLD TrustSec 路由表规模(IPv4) 支持40G端口 LISP 就绪 EVN 就绪 60-120G/24-48G 80 G 80 G 48 G 230 G * 1M 512K 256K 256K 1M

  20. 与友商主力产品定位比较 Nexus 7000 核心 HP A12500/10500 Juniper EX8200 HW S12700 Catalyst 6500 Sup2T-VSS Catalyst 6500 Sup2T-VSS PERFORMANCE 汇聚 PRICE HP A9500 HW S9300 Juniper EX8200 Catalyst 6500 Sup2T Catalyst 6500 Sup2T-VSS 接入 HP A7500 Catalyst 4500E 侧重性价比 侧重性能

  21. Catalyst 6500体现思科无边界网络核心价值 Manageability Energy Sustainability Network Virtualization IPv6 VSS4T TrustSec Security ToolKit Application Performance and Monitoring Robust Control Plane MediaNet VSS 4T VSS 4T

  22. 将VSS 提升到更高阶段 Next Generation Linecards asWell as 67XX Based Infrastructureof 6500, so VSS 4T Supports Standalone Features and More VSS4T Flexible Netflow TrustSec L2 and L3MEC Enhancements Service Modules Support Up to 4T bps on up to 388 TenGigPorts VSS 1440

  23. What’s New with Sup2T? ACL “Dry Run”—test if the ACL will fit in the TCAM before applying it Protect your control plane from unanticipated disruption due to ACL programming ACL Atomic “Hitless” update No traffic disruption when applying complex ACL Role-based ACL with SGACL Identity aware ACL 1:1 ACL masking to maximize TCAM usage New match criterias—DSCP, IP Prec, TTL, length, Q-Q inner and outer CoS and Vlan IPv4/IPv6 parity in ACL features Large Scale ACL ACL的巨大提升 x4 PFC3 PFC4 x6 PFC3 PFC4 x4 PFC3 PFC4

  24. 更好的控制层面安全性Protect Your Most Important CPUs of Your Infrastructure Why it matters? • When under a DOS attack, you want to avoid network meltdown, so you need to keep control on your network How it protects the CPU? • Control Plane Policing protects the Switch Control Plane from being Compromised from excessive traffic loads • Select and limit the traffic that will hit your CPU What’s new with Sup2T? Control Plane Policing Etc… TTL=1 PIM IGMP SNMP ICMP IP Options IPv6NDP Netflow on CoPP interface Easy Provisioning Sup2T’s CoPP Per byte / Per Packet accounting More Granularity Hardware Distributed Policing Predictable Policing

  25. 灵活性及可自定义性Increased flexibility and customization by selecting the fields to match and collect Sup2T 创新的Netflow体系适用于高流量骨干网络 FlexibleNetflow CPU优化 Optimal CPU utilization with Yielding Netflow Data Export,direct export from linecard Up to 13M Flows/System CPU Friendly Export 更强flow处理能力 Bigger tables mean more entries per DFC. Up to 13 million entries with a 13 slot chassis. You can get better visibility in your network Sup2TNetflow 支持出口方向NetFlow Allow to use netflow after ingress lookup is done (ex: after DSCP remarking is done) Allow to account for multicast traffic per destination instead of per group SampledNetflowin Hardware EgressNetflow 优化硬件利用率 To optimize the Netflow tables utilization and minimize load on analyzers

  26. Sup2T更加方便运维 Connectivity Management Processor (CMP) Per Protocol (v4, v6, MPLS, VPN Interface) Interfaces Statistics Manageability NEW onSup2T Over 2 million counters! • Blue Beacon LEDs Open Manageability XML API Gold EEM Smart Call Home ERSPAN Multi-Protocol Analyzer Comprehensive MIBs

  27. 6500 Sup2T提供更完善的虚拟化支持 Sup720 Sup2T • 1000 VRF support • MPLS TE, CSC • Multicast VPN MPLS • 4000 VRF support • L3VPN o mGRE • Label Switched Multicast (LSM)* VRF-Lite • Up to 8 VRFs • Easy Virtual Networks (EVN)* • 32 VRFs VRF Services • VRF aware ACLs, VACL, BFD, HSRP, PBR, Syslog, TACACS, Telnet, GLBP, VRRP • VRF aware: WCCP, NTP, SSH, FTP, IPv6 Tunnels L2VPN • VPLS on WAN linecards • Advanced VPLS • EoMPLS Native Ethernet • Native VPLS any Ethernet port • No multicast flooding on VPLS* Operations • Set syslog to a VRF loopback • MPLS egress Netflow • Call Home email in a VRF • NDE collector in a VRF • IP SLA Phase 1 • MPLS interface counters • MPLS aware Netflow P Router* • Flexible Netflow for MPLS

  28. Supervisor 2T 带给金融行业的优化 • L3 and L2 Multicast Replication @880 Gbps • 2 Terabit Fabric Bandwidth with 500+ ports • 256,000 multicast routes in new mFIB • NAT in Hardware • IGMPv3/MLDv2 Snooping in Hardware Performance • Deep Packet Buffers 256MB/port WS-X6908 • Resiliency with VSS, Multicast High Availability Microbursts • Multicast Flexible Netflow v9, SPAN, VACL, • Replication Drop Counters Compliance • MD5 authentication, Router Guard, Multicast Group-Range, Multicast Boundary, CoPPMulticast enhancements Security • PIM Registers and SPT switch in Hardware • IEEE 1588 Timestamps (NAM-3)* • PIM SM, PIM SSM, Bidir-PIM, IGMPv2/3 Control

  29. Supervisor 2T 在园区IPv6网络的领导地位 针对IPv6安全性 针对v4-v6迁移 针对IPv6优化 MPLS/ IPv4/IPv6 Core Internet • EIGRPv6, OSPFv3, BGPv6 • IPv6 PBR* • IPv6 IPsec • IPv6 Firewall Security • IPv6 IDS • IPv6 ASA Service Module* • Dual Stack IPv4/IPv6 • V6 over v4 tunnels: 6vPE/6PE, L3VPNoMGRE, DMVPNv6, Static tunnels • 6 to 4 translation, LISP* • NAT64 with ASA* Edge • EIGRPv6, OSPFv3, IS-IS • IPv6 support for VSS • ECMP • OSPFv3GR • Dual Stack IPv4/IPv6 • 6to4 tunneling, ISATAP • LISP* • IPv6 CoPP Core • IPv6 PIM-SSM, MLDv2, Embedded RP • IPv6 QoS • DHCPv6 Relay Agent • HSRPv6/GLBPv6 • IPv6 support for VSS • IPv6 ACL • IPv6 ACL Atomic Commit/Dry Run • uRPF • IPv6 Ingress Netflow • IPv6 Flexible Netflow • Dual Stack IPv4/IPv6 • 6vPE/6PE • 6to4 tunneling • ISATAP tunnels • LISP* • Unified VRRP* Distribution • Stateless Auto configuration • IPv6 management: SNMP, Syslog, SSH, NTPv4, Tacacs+ • IPv6 interface stats • IGMPv3/MLDv2 Snooping • IPv6 First Hop Security • IPv6 PACL/RA Guard • Dual Stack IPv4/IPv6 • ISATAP and static Tunnels Access

  30. Maintain Support Catalyst 6500 生命周期长至2020+ 交换行业史无前例的超强生命力平台 Supervisor 2T发布于2011七月 EOS End of Sale End of Life End of Support EOL EOL EOS 12 years EOS EOL 12 years EOL EOS 12 years 2000 2005 2010 2015 2020+

  31. 全球2000+ Sup2T 预售客户 “Video is a core technology at Apple; … The Supervisor Engine 2T, with VSS implementation, expands the existing, available bandwidth of all deployed E-Series Catalyst 6500 chassis to 4 Terabits per second.This compounded with80 Gigabits per slot capacity and scaled, hardware multicast  route support ensures the operational integrity of Apple’s network.” – Patrick Millette, AM Apple … BT, a long-time Catalyst customer, has 6500 switches deployed throughout the network in IP Core, Data Center, Enterprise, and Ethernet aggregation points. The Sup2T, in VSS configuration, enables BT to leverage their extensive existing infrastructure andd expand the current switch bandwidth to 2-Terabit capacity and future-proof for 40G readiness. ….” – Jim Wicks, SE, BT  “For Penn State University, Bandwidth is at the forefront of their core network requirements. With Catalyst 6500 Switches deployed through the core and into distribution, Penn State is looking to the Supervisor Engine 2T to expand the current bandwidth to 2-Terabit capacity and future-proof the existing infrastructure for 40G readiness. Flexible Netflow capability enables the transition to IP-based statistics collection, driving enhanced billback capabilities” – Chris Sullivan, AM Penn State “We are excited to be working with Cisco to receive some of the first shipments of the eagerly awaited Supervisor 2T modules. Loughborough's IT service provision requires the cutting edge technology these new modules provide, complementing the new functions on Cisco's IPv6 roadmap. We look forward to working with Cisco for many years to come.” – Matthew Cook, Network and Security Manager, Loughborough University, IT Services “Rackspace is a long-standing Cisco customer with Catalyst 6500 switches deployed throughout their network for various use cases; Internet Edge, IP Core, as well as L3 Aggregation utilizing VSS for services applicable to both Cloud and Managed Hosted environments. … Rackspace is looking to the Sup2T to provide more capacity; Control Plane scalability, bandwidth scalability at 80G per slot, and the ability to utilize the larger Netflow tables are all key metrics.  Sheer capacity is key for hosting companies, and Flexible Netflow is ideal for Denial of Service mitigation techniques. – Ellis Merworth, SE Rackspace,

  32. 升级至“2T”平台的50个理由 + 800%-3200% +180 10G ports +3200% Configurable Security/QoS Scalability + 400% Operations

  33. 升级至“2T”平台的50个理由 Security QoS +pktlen/TTL+IP opt v4/v6 Ingress/egress

  34. 升级至“2T”平台的50个理由 Virtualization Multicast

  35. Backup slides

  36. Catalyst 6500 Strategy and Direction INNOVATION DIFFERENTIATION The Network Services Platform for UnifiedAccess and Unified Fabric Innovation withInvestment Protection TRANSITION COMPETITIVELEADERSHIP CATALYST 6500 E-SERIES Driving Next-Gen Ethernet In the Campus 1G» 10G »40G» 100G Lead Core/Distribution Platform in Industry over HP (A7500/A9500) and Juniper (EX8200)

  37. Enterprise Core Flexibility Catalyst Nexus Core Access Aggregation Core Aggregation Access Modular Catalyst 4500 Catalyst 6500 Nexus 7K Fixed Catalyst 3750 Catalyst 2960 Catalyst 4900 N5K Nexus 3K | Nexus 2K Cisco Unified Access | Enterprise Campus Differentiation NGA 1.0 / NCS »EnergyWise ISE » UPOE Cisco Unified Fabric | Data Center Architectural Innovation Unified Ports » DCB / FCoE Nexus 1000v » VDC Cisco Unified Services | Cross Architecture Network Value FabricPath»Medianet» LISP » FEX-link OTV »Netflow v9 »TrustSec» VSS / vPC Unified Fabric = Nexus + NXOS Unified Access = CATALYST + IOS!

  38. Sup2T 软件特性更新 Cisco TrustSec RBACL TrustSec Ingress/Egress reflector SGT Tagging and Filtering Dry run for ACLs Atomic ACL Update Flexible Netflow Egress Netflow Sampling Netflow in HW Hardware CoPP New level of IPv6 support Distributed Aggregate Policers EEMv3.0 EVC 2.0 E-OAM 3.0 IPSLA support for EVC 802.1agCFM Draft 8 Service Module Support On Board Failure Logging Netconf, Http, Soal, TCL… over IPv6 IPv6uRPF PACL support for IPv6 CMP XML Programmatic interface Web ServicePIM Registers in HW IP-Based IGMPv3 Snooping support Bi-dir Enhancements StatefulEoMPLS Etherchannel Enhancements Native VPLS VRF aware SSH, FTP, NTP DAI accelerated in HW WCCP Closed group MQC Queuing policy for ingress/egress DSCP classification QoS ACL per policy class Per-protocol statistics Per VLAN broadcast statistics ACL/QoS scalability uRPF + ACL New ACL classifications Options VPLS NAT TrustSec FnF QoS MCast MPLS IPv6 ACL Enh. CoPPEnh CMP XML API Cisco IOS Software 12.2(33)SXI3 Features Set …总计超过200项新特性支持!

More Related