Solving the Tough Stuff: We believe the only way to stay ahead of a rapidly evolving business world is to be relentless about staying on top of it. Some people distinguish the psychological aspect of a brand from the experiential aspect. Modern value-creation branding-and-advertising campaigns are highly successful at inducing consumers to pay, for example, 50 dollars for a T-shirt that cost a mere 50 cents to make, or 5 dollars for a box of breakfast cereal that contains a few cents' worth of wheat.The key word is Disrupt! You need to change the customer from what he is doing today to something different. In many cases, this change will represent a risk to the account. As a result, the reason for the change needs to be more compelling than the risk! I think when trying to position our value proposition we should take off the table the discussion where we are trying to compare ports and speeds with the competition. Cisco's share of the Ethernet switching market dropped from 75% in the fourth quarter of 2008 to 69% in the third quarter of 2009, Goldman notes, citing data from Dell'Oro Group. So I would like to point out why your customers should change?Goldman Sachs published survey results on IT spending patterns for 200911% of respondents said they were able to lower their switching costs by shifting their business away from Cisco. 12% said they were able to get better discounts on Cisco products10% received lower prices on support and maintenance from Cisco, the survey found. 13% said they said they can get better than typical discounts from non-Cisco switching vendors as well.Pricing was No. 2 on the list of factors weighing most heavily on the respondents' switch purchase decision. Performance was No. 1 and that, combined with price, suggests "best of-breed vendors with superior price/performance can gain market share despite Cisco's significant incumbency advantages," the Goldman survey found. Vendor reputation and pre-existing relationships rank fourth and last, respectively, on the list of important factors in making a switching purchase; and product roadmap for converged or virtualized solutions -- where Cisco and Brocade currently have a time to market lead, Goldman notes -- ranked near the bottom of the list, "indicating that most customers are making their purchase decisions based on near-term performance of their networks rather than future proofing their systems," the survey report states.John Chambers Said SoThe most obvious sign something is amiss at a major tech vendor? When a CEO known for his relentless enthusiasm and powerful optimism tells his employees exactly that: something is amiss. In a letter to Cisco employees this week that set much of the tech world buzzing about its implications, John Chambers said that aspects of Cisco's current "operational execution" are flawed, and admitted that Cisco had disappointed investors, confused employees and lost some credibility in the market. Changes are coming: "Cisco will make a number of targeted moves in the coming weeks," Chambers said. Cisco partners appreciated the letter's candor and honesty, though it also left many wondering why Chambers wasn't so candid during his keynote address at the Cisco Partner Summit last month.
From Big Ugly to Faster Simpler & Cheaper: Network World reported that according to Goldman Sachs, Cisco's share of the Ethernet switching market dropped from 75 percent in the fourth quarter of 2008 to 69 percent in the third quarter of 2009. Duffy noted that Goldman Sachs attributes Cisco's declining market share to increased competition in the networking switch market, and to customers selecting vendors that are less costly. More businesses are ‘thinking’ They need the ‘car keys’and they might not need the Rolls Royce! Although Extreme competes primarily with Cisco Systems and HP’s ProCurve unit, it is also raising the bar for other switch manufacturers. If you trade-in your Cisco equipment, HP ProCurve will take 20% off its list price. By doing so, I feel that HP ProCurve is whacking Cisco in its most vulnerable spot, its lack of pricing flexibility. While Cisco lacks pricing flexibility Extreme can match HP’s value without sacrificing feature, function or performance. Cisco VARs no longer have enough margin left to profitably match HP ProCurve pricing on a deal-by-deal basis for their. It is not uncommon to see Cisco offer price-matching discounts to existing customers in order to equal value prices, but this only a reaction after a direct competitive threat. As a result, if the customer does not create a competitive purchasing climate they are most likely paying a premium network technology. The first shoe to drop from Cisco happened, as Cisco cancelled out of its Nexus blade switch agreement with Dell, according to Network World. The next was even bigger, as Cisco dumped HP as a partner across the board, for channel, global on Thursday. (Reportedly, HP was already weakened, as its management is busy digesting their acquisition of EDS, HP people are disorganized due to the number of re-organizations, cutbacks, and acquisitions, per this industry expert blog.) With all these questions about competitors…. Extreme remains focused, committed to delivering high performance products on time, to our customers and channel partners. In Extreme Networks news, CRN reported on the 10 biggest networking stories of 2010, ranging from Cisco’s supply-chain nightmare to the ongoing trend of networking convergence and virtualization. CRN noted that the Ethernet switching market had an economic comeback this year with 32.7 percent revenue growth and its strength as the bread and butter of the networking channel. CRN also reported on the slew of vendors that announced data center architectures that address the growing demands of virtualization such as Extreme Networks' data center blueprint and Cisco’s FabricPath.
Extreme delivers converged Ethernet with “ATM like” QoS The impact of the internet, deregulation, convergence and consolidation is causing equipment vendors to shift the business model from a vertically integrated model to a horizontally integrated model. In the vertically integrated model vendors focused on providing separated data and voice networks for the enterprise. Likewise in the old public network, service providers built our separate data, voice, video, and mobile network infrastructures. The new model is moving to a horizontally layered business model where vendors are focusing on breadth of solution along a given layer for both the public network and the enterprise network. The use of a layered architecture for converged multiservice networking solutions provides customers with the flexibility to select the best technology combination that best fits the business, geographical, and facility constraints. Also, in a layered architecture if you want to swap out a component or technology in one layer, you can do so without having to swap everything out.The modern WAN got its start in 1969 with the deployment of ARPANET which was the precursor to today's Internet. The technology used to build the Internet began to be commercialized in the late 1970s with the development of X.25 based packet switched networks. In addition to the continued evolution of the Internet, the 20-year period that began in 1985 saw the deployment of four distinct generations of enterprise-focused WAN technologies. For example, in the mid to late 1980s, it became common for enterprise IT organizations to deploy integrated TDM-based WANs to carry both voice and data traffic. In the early 1990s, IT organizations began to deploy Frame Relay-based WANs. In the mid to late 1990s, some IT organizations replaced their Frame Relay-based WANs with WANs based on ATM (Asynchronous Transfer Mode) technology. In the 2000s, many IT organizations replaced their Frame Relay or ATM-based WANs with WANs based on MPLS. Cost savings was the primary factor that drove the adoption of each of the four generations of WAN technologies. The cost savings, however, were very modest when compared with the price performance improvements that local area networking experienced over the same time frame. However, in contrast to the volatility of this 20-year period, today the WAN is relatively staid. In particular, today there is not a new generation of WAN technology in development. Relative to the deployment of new WAN services what sometimes happens in the current environment is that variations are made to existing WAN technologies and services. An example of that phenomenon is Virtual Private LAN Service (VPLS). Within VPLS an Ethernet frame is encapsulated inside of MPLS. While creating variations on existing services can result in significant benefits, it does not produce fundamentally new WAN services. In the past, the Eternal network question is, how do you use this technology in building your network. There was a simple principle to follow - “Switch where you can, Route where you have to." With a layer 3 switch you don’t compromise performance when routing is required. If you have a small network, and all of your devices will be on the same IP subnet, then use a switch. The routing can be accomplished by using a Layer 3 switch, which has routing in the fast path.
Our innovative spirit, outstanding products and customer commitment, combined with our history of building some of the largest networks in the world, has given us a unique perspective on solving tough network challenges. As advisors we go beyond to recommend and deliver the best technical solutions to our customers, not based on what we manufacture, but based on what their business requires. Throughout its history, the Company has delivered more than 15 Million Ethernet ports and has established a presence in more than 50 countries. We take innovation very seriously at Extreme Networks®. Extreme Networks is responsible for many innovations in the networking industry and our decision to go beyond conventional thinking was essential to these accomplishments. One measure of our success is that these innovations have been embraced by enterprise IT managers and service providers. They rely on Extreme Networks products and services to help them meet their business goals today and to be ready for tomorrow’s tough challenges. Ethernet leadership for 15 years , Extreme is proud to be among one of the first companies to:Introduce Gigabit Ethernet products that were tested at full wire-speed with zero packet loss Offer patented Quality of Service (QoS) capability on IP/Ethernet networks Deliver carrier-class Ethernet for metro area networks Offer patented network level resiliency protocols for IP/Ethernet networks Deliver a unified solution that allows wired and wireless devices, applications and equipment to share the same infrastructure and management tools Deliver a truly modular switching operating system for enterprises and metro service providers Introduce a voice-class modular switch for the network edgeThere's value in independence sometimes. And his company does have something special to offer in the Ethernet space: low cost of ownership and a rich feature set make Extreme a compelling alternative to solutions from Cisco or Brocade Communications Systems in many cases. Moreover, Extreme's focus on just one piece of the datacenter ecosystems can be attractive to clients who don't want to get locked in to a single company from server to extranet, which is where everyone else is moving these days through acquisitions. Based on these strengths, Extreme Networks gleefully announced that virtual computing leader VMware actually runs much of its internal operations on Extreme switches. Given how closely VMware works with Cisco, Brocade, and others, it's a major vote of confidence when the company announces 50,000 Extreme network ports installed for its own use. Rest assured, you'll be hearing a lot more about Cisco FabricPath, Avaya VENA, Juniper's Virtual Chassis, Brocade's Brocade One and Virtual Cluster Switching, Extreme Networks' data center blueprint, and plenty of others.
Solving the Tough Stuff:We believe the only way to stay ahead of a rapidly evolving business world is to be relentless about staying on top of it. Some people distinguish the psychological aspect of a brand from the experiential aspect. Modern value-creation branding-and-advertising campaigns are highly successful at inducing consumers to pay, for example, 50 dollars for a T-shirt that cost a mere 50 cents to make, or 5 dollars for a box of breakfast cereal that contains a few cents' worth of wheat.Asymmetric warfare is war between belligerents whose relative military power differs significantly, or whose strategy or tactics differ significantly."Asymmetric warfare" can describe a conflict in which the resources of two belligerents differ in essence and in the struggle, interact and attempt to exploit each other's characteristic weaknesses. Such struggles often involve strategies and tactics of unconventional warfare, the "weaker" combatants attempting to use strategy to offset deficiencies in quantity or quality.The key with Asymmetric warfare is a Disruptive! You need to change the customer from what he is doing today to something different. In many cases, this change will represent a risk to the account. As a result, the reason for the change needs to be more compelling than the risk! I think when trying to position our value proposition we should take off the table the discussion where we are trying to compare ports and speeds with the competition. Cisco's share of the Ethernet switching market dropped from 75% in the fourth quarter of 2008 to 69% in the third quarter of 2009, Goldman notes, citing data from Dell'Oro Group. So I would like to point out why your customers should change?Pricing was No. 2 on the list of factors weighing most heavily on the respondents' switch purchase decision. Performance was No. 1 and that, combined with price, suggests "best of-breed vendors with superior price/performance can gain market share despite Cisco's significant incumbency advantages," the Goldman survey found. Vendor reputation and pre-existing relationships rank fourth and last, respectively, on the list of important factors in making a switching purchase; and product roadmap for converged or virtualized solutions -- where Cisco and Brocade currently have a time to market lead,
Next Generation Ethernet Next Generation Ethernet is a platform that should deliver all of previous function requirements under on hood. I have grouped the Generations in this way because Cisco has different purpose-built product lines for each of 4 waves of technology. Counter to that Extreme offers a platform solution for a customer to build his network on. Extreme does not require different switches to address different convergence requirements, this would be cost prohibitive for most customers and complicated. Simply put to disrupt the Cisco market, Extreme must deliver more with less.The IEEE is pushing Ethernet to unimaginable speeds, with the 40/100Gigabit Ethernet standard expected to be ratified in 2010 and Terabit Ethernet on the drawing board for 2015. Here's a timeline showing key milestones in the growth of EthernetStandards-compliant products are expected to ship in the second half of next year, not long after the expected June 2010 ratification of the 802.3ba standard. The 90’s: Network Connectivity Ethernet became de-facto connectivity for computers and printers-Token ring, FDDI, DECnet, ATM, etc., became legacy Extreme Networks introduced line-rate switching and QoS - High-performance Enterprise Campus, Data Center and Service Provider deployments worldwide2000 – 09: Network Convergence Ethernet became common network infrastructure - For telephony, storage, mobility, storage, servers, and machine-to-machine communication Extreme Networks introduced ExtremeXOS - One resilient OS with protection switching, advanced stacking, green chassis, and open approach enabled best-of-breed customer deployments that are simpler to design, deploy and operate In the attached presentation, I try to make the point that there are ,at least, four waves or generations of convergence for Ethernet. Even though customers are focusing on the Next Generation of Ethernet, previous generations are still very important concerns. Extreme is a company founded on convergence and active in developing technology each of these generations of Ethernet Technology.Extreme Swiss Army Knife approach to the 4 Generations of convergenceEnterprise – Convergence of Voice Video & DataMetro – Replacing traditional Mux, SONET, ATM and other WAN equipmentConsumer Electronic – Everything get Ethernet – It becomes Ubiquitous.Data Center – SANs, Fiber Channel, Infiniband outpaced by 10G, 40G and 100G Ethernet.
Applications are no longer a subset of smartphone’s capabilities – in other words, in the past the smartphone could only run a few limited apps, but we will soon reach the point where smartphones and tablets have the capacity of a PC and will be able to run any application.The proposed Extreme switches deliver non-blocking switching with full wire-speed Layer 3 and Layer 2 performance at all times. In each instance, the backplane capacity is greater than the aggregation of all its ports, so data is never lost—even when the network load requires all ports to deliver full gigabit bandwidth. When trying to position our value proposition, I believe we should take off the table the fact with our products we have 10 more ports or we can do ‘X’ faster that ‘Y’. With all of the benefits that VoIP has to offer, it still poses a challenge to organizations that must rely on it for secure transmission of critical information. The true value of an Extreme at XYZ Customers is that it will deliver a simple to support system that can not only guarantee high quality voice but reduces cost today and cost going forward.For the past 10 years, IT has rapidly added low cost hardware to accommodate growth in their business. However, lets see and explore the impact that has had on cost. Under-utilized assets and the sprawl it has created .. With avg utilization at 10% (or less), IT assets are not well utilized today Power and Cooling is increasing draw on budget. Today .. For every $1 that IT spends on innovation (new HW), another 50 cents of IT budget is spent cooling existing HW (remember 10% utilized) … if this trend is not stopped … it is predicted that in 5 years these numbers could be equal. The increasing % of IT budget being spent on cooling limits innovation to support growth – industry wide, we spend $29B annually Space. Building new data centers is an expensive proposition. So is maintaining underutilized data centers across dispersed sites. Finally, the cost to maintain servers is a real expense in IT … in fact, this is another large drain on IT budgets .. Limiting innovation to support growth. IT must find a way to reduce costs, free up operational $ for innovation to support growthToday no single technology can drive this multi-billion dollar market forward. However, today’s complex network environments can delay the deployment of new technology while inflicting more support cost each year. The biggest thing customers should demand with technology convergence should be simplicity. In the XYZ Customers network the grand challenge is not capacity, but integration with security, voice, mobility, and application networking technologies. Employing more engineers is a brute force answer that will not scale to a customer’s ever growing network requirements. Extreme Networks products have a common feature set, software, architecture, and command syntax. This reduces the ramp time for new customers, increases the local technical staff’s confidence, reduces the time to configure and troubleshoot network equipment, minimize the volume of files (software images) required to be stored locally. One support Engineer can support all of the switching products due to the common architecture, command syntax and features.
Next Generation Broadband Services- Ethernet Transport switches and proactive service management software for:Carriers and service providers around the world are in the process of transforming their networks from legacy circuit-based architectures to next generation packet-based architectures. Carrier Ethernet has emerged as the technology front runner to support these next generation networks. Worldwide revenues from Ethernet services are expected to reach $30B by 2011 according to Infonetics Research. Business Ethernet services provide an opportunity to convert both T1 and Frame Relay subscribers to higher speed and higher revenue Ethernet subscribers. Residential Triple Play MEF Certified Business Ethernet Ethernet Mobile Backhaul Service providers are deploying next-generation broadband access networks primarily for residential triple-play services. For network planners deploying PON (Passive Optical Networks) or Active Ethernet in the first mile, there are a number of middle-mile design considerations which impact the ultimate performance and longevity of the network. This paper explains these key design considerations and offers solutions that address these important factors.As service providers roll out triple-play services including voice, high-speed Internet and video, they need to deliverfar more bandwidth to each customer. Considering that just one High-Definition (HD) video feed can require up to 10 Mbps of bandwidth per TV channel and that each customer may have two or more HD DVRs plus multiple digital phone lines and 10 Mbps Internet service, the requirement can easily approach 30 Mbps per household. To meet the bandwidth (PON), Active Ethernet and to some extent, ADSL 2+.These changes at the edge are driving up the need for more bandwidth in the middle mile portion of the network thatconnects local central offices (COs) with regional central office aggregation points. (See Figure 1.) While yesterday’snetworks may have needed only a 1 Gbps connection from an access central office back to the aggregation point, today’s deployment of high-speed broadband connections to the edge requires 10 Gigabit Ethernet (10 GbE) ringsbetween the access central offices and the aggregation central office. When designing this middle mile network, service providers must consider four key operational areas that impact the longevity of the basic network infrastructure, namely, bandwidth scalability, service scalability, management scalability, and resiliency.
Migration to a unified Ethernet fabric that converges storage protocols onto Ethernet requires a very low latency and a highly available lossless architecture that lends itself to simple flat network design . Storage traffic cannot tolerate the buffering and latency of extra switch hops through a three-tier architecture that includes a layer of aggregation switching. This time, speed needs to be coupled with lower latency, abandoning spanning tree and support for the new storage protocols. Networking in the data center must evolve to a unified Ethernet switching fabric. Legacy three-tier architectures naturally have a large Cisco component – specifically, the 10-year-old Catalyst 6500 switch – given the company's dominance in enterprise and data center switching. It boils down to what the customer tries to achieve in the network. Each tier adds another two hops, which adds latency; on the flipside it comes down to what domain size you want and how big of a switch fabric you have in your aggregation layer. If the customer wants to have 1,000 10G ports aggregated, you need a two-tier design big enough to do that. If you don't, you need another tier to do that.Who owns the networking configuration?Server and network administrators traditionally distinctServer administrators not skilled at network configurationDealing with inconsistencies in server and network configurationIncreased likelihood of errorsTroubleshooting, maintenance require direct coordination across groupsLegacy three-tier model doesn't work because most of the switches are 10:1, 50:1 oversubscribed. As a result, applications contend for limited bandwidth. This oversubscription plays a role in the latency of today's switches in a three-tier data center architecture, which is 50 to 100 microseconds for an application request across the network. Cloud and virtualized data center computing with a unified switching fabric requires less than 10 microseconds of latency to function properly. Storage channel I/O was an early example of offloading specific tasks from the main system CPU. Storage I/O operations required specific logic for I/O and data management operations. While these tasks could have been performed by the system CPU, storage systems were exceedingly slow in comparison to CPU performance. Therefore, executing storage I/O commands in the main CPU would have consumed valuable processor cycles while the CPU waited for slow storage peripherals to respond to requests. To overcome this inefficiency, computer scientists developed the concept of channel I/O. Rather than executing storage I/O in the main CPU, the CPU actually sends small commands to an independent channel I/O processor and continues on with other tasks. The channel I/O processor executes the command and then alerts the CPU upon completion. Channel I/O is also tightly coupled with main system memory in order to fetch digital bits from peripheral storage to be processed by the CPU. Since storage channel I/O was designed as a high performance bridge between a system CPU and peripheral storage, it has a number of specific design elements and technical requirements.
Ethernet switching hit the market only 20 years ago, when Kalpana introduced the concept with its seven-port bridge.. Kalpana started Ethernet switching with Cut-through switches. These switches begin forwarding the frame as soon as the switch has read the destination address. A cut through switch will forward the data before it has completed receiving the frame. These switches will function at wire speed, forwarding traffic as fast as it receives it. Nearly all cut-through switches have no RAM buffers for storing frames. As a result, switches eliminated collisions which is the mechanism used by Ethernet to control access and allocate shared bandwidth among stations (Kalpana's first EtherSwitch debuted for $10,500). Early on Layer 2 switches which used MAC addresses to make the switching connection. Later on Extreme introduce L3 intelligence for equally fast to look up an IP address. Today the product name switch is a marketing term rather than a technical one. The 1st and best example of a switch is a operator at a cord board. The operator provide the switching functionality while the cardboard delivered the connection or the circuit. The operator was the controller of the traffic she made all the decisions. For sake of this discussion she represented the slow path of the switching function while the cardboard represented the fast path. What changed with today’s switching technology is that we continually move more and more decision making into the fast path. The vehicle for moving intelligence to the fast path is advanced ASIC development. When a call is received, a jack lamp lights up on the back panel and the operator responds by placing the rear cord into the jack and throwing the front key forward. The operator now converses with the caller and finds out where the caller would like to be connected to. If it is another extension, the operator places the front cord in the associated jack and pulls the front key backwards to ring the called party. After connecting, the operator leaves both cords "up" with the keys in the normal position so the parties can converse. The supervision lamps light to alert the operator when the parties finish their conversation and go on-hook. When the operator pulls down a cord, a pulley weight behind the switchboard pulls it down to prevent it from tangling. On a trunk, on-hook and off-hook signals must pass in both directions. In a one-way trunk, the originating or A board sends a short for off-hook, and an open for on-hook, while the terminating or B board sends normal polarity or reverse polarity. Put simply switch is a multi-port bridge. In simple terms, you can almost think of each port as being the equivalent of a hub - one collision domain. Each port on a switch is it's own collision domain, so you can have one conversation on each port, and the switch bridges the conversations between ports. For example, port 1 could be transmitting data to a device on port 24, while port 2 is tranmitting to a divice on port 5. On a 24 port hub, you could have 24 devices tranmitting at the same time (okay, really 23).
Deterministic performance is having the switch perform at par whether you have one user with no Ethernet features or thousands of users with thousands of features. All switches have CPUs and Memory, just like your PC. Deterministic performance would mean that you can turn on your PC, open 4 browsers (2 Explorer, 2 Firefox etx..) and download songs from Itunes, while Streaming a live video, watching a DVD, while sending receiving emails, and editing a 80 slide power point. The reality is that your PC might be able to do all of that, and if it does, it will all be very slow. PCs use memory (Slow Path) to handle transaction as do the majority of Ethernet Switches. FAST PATH - Packet forwarding path that flows only through “hardware” or ASICs. Fast path traffic is characterized by very fast packet forwarding rates (millions of packets per second) and very low latency. SLOW PATH - Packet forwarding path that flows through the system CPU. Slow path traffic characterized by low packet forwarding rates (thousands of packets per second) and higher latency.ASIC’s are intended to perform a single well defined function to provide scalability and performance. The key word is well defined requirements. The blind store and forward mechanism of the switch (which is a non data-intensive operation) enabled vendors to choose ASIC architecture. Classic switching operates at layer2 (MAC layer) of the TCP/IP stack in the networking model. The switch needs to blindly forward packets just by reading the control information of the IP packet without touching the data portion of the packet. This requires the switch to do a basic parsing of the control information for packet forwarding which is not very process intensive. The function is very clearly defined and ASIC is the best solution as it is tailored to perform a single customized function in the most efficient manner. As such switches could offer enterprise class performance by adopting ASIC as the basic framework. In comparison, a CPU initial goal is to support a generic enough processes that can perform myriad of functions within a switch. So the CPU function and design is loosely coupled with the function. Instead of host-based or flow-based approaches, any next-generation switch should have the more sophisticated LPM lookup engine built into the ASIC. Using LPM, routed packets are NEVER sent to the CPU. Instead, the ASICs themselves store the full LPM table in their forwarding database, including net mask information. In a Layer 3 switch with LPM in ASICs, ASIC-based LPM has a number of critical advantages. Cisco is still, however, expected to launch a new data center fabric line under the code-name "Jawbreaker." This week's product rollout did not include Jawbreaker. Why would Cisco be developing a new data center fabric product line based on merchant silicon when its Nexus switches and FabricPath software are already available? Observers are still speculating about last week's news that Cisco is developing a new Nexus switch, and perhaps fabric switches, based on Broadcom silicon instead of internally developed ASICs. Cisco won't discuss the unannounced products, so an explanation from the company isn't available. Some analysts believe Nexus/FabricPath is incomplete, that it doesn't take the data center to a completely flat, one-layer fabric. That's why Cisco needs to develop a new line, which sources say it is doing under the code name "Jawbreaker." Other analysts believe Cisco's decision to use merchant silicon reflects a confidence in the performance of the devices, and frugality.
Ethernet continues to connect ‘everything’ including scalable storage using advanced iSCSI and NAS technologies. Extreme Networks is already a participant in the converged storage and server networking needs with these technologies. The industry is now moving forward in adding more ‘lossless’ technologies over Ethernet so customers can converge more of their Storage Area Networks (SAN) to a common Ethernet fabric. The XOS 12.5 release added enhanced capabilities include Priority-based Flow Control (PFC) and Enhanced Transmission Selection (ETS): - PFC enables selective pause on per virtual link basis- ETS allows reserving bandwidth per each class, each with different priorityComing next is support for Data Center Bridging Exchange (DCBX) that allows negotiation of DCB parameters with storage adapters and switches. The DCBX protocol is specified in the 802.1Qaz specification from the IEEE. Devices enabled for Data Center Bridging can use the DCBX protocol to discover and exchange information about their administratively configured capabilities like ETS, PFC etc. Extreme Networks is leading the ecosystem here with participation in early multi-vendor testing, more hereExtreme Networks introduced two new products (XNV and Direct Attach) with XOS 12.5 and Ridgeline 3.0 tofacilitate the growing server, storage, network virtualization. Several enhancements are planned for both thesevirtualization engines to help customer cut network tiers and simplify network complexity with growthvirtualization.PFC: in ExtremeXOS® 12.5Selective pause on per virtual link basisETS: in ExtremeXOS 12.5Bandwidth per each class, each with different priorityDCBx: DemoNegotiate DCB parameters with storage adapters and switchesConvergence - Converged Ethernet switching fabricEven fewer tiersMuch higher non-blocking 10G/40GLower end to end latency10x capacityMore virtualization supportPhysical port virtual port virtual policy/counterLess power,Efficient PSUs,Manage power per throughputEase of managementSame infrastructure, ExtremeXOS®, feature consistency,Lower costTrendsServersBecoming faster with multi-core CPUVM explosion, 8-16 today 64-128Adding multiple 10G interfaces Converged 10G adaptersVEPA enabled
Data Center Bridging (DCB) comprises a set of protocols defined by the IEEE.Allows traditional storage networks to be converged with Ethernet data networks.It also makes Ethernet work better for other applications.Sometimes called Converged Enhanced Ethernet (CEE)So what can Ultra Low, consistent latency deliver? Sub-800ns latency is conceivable for small packet sizes using the single chip PHY-less architecture. This product is best suited for applications such as financial markets which have requirements for ultra-low latency. 40GbE uplink ports for aggregation are critical with this type of switch, as application latency is an end-to-end metric. 40G will allow customers to build larger networks with multiple switches will yield latency comparable to a reduced tier network based on larger switches with higher density port counts. The Summit X650/670 is a data center optimized switch with redundant power supplies. Integrated fan modules and front/side to rear cooling. Data center protocols such as priority flow control (PFC) and Data Center Bridging (DCB) are available on some Summit X650/670 models. The summit X650/X670 supports stacking without any additional hardware, and high speed stacking ports with the addition of VIM modules. Is it just all about the latency? The X670 and X670v delivers cloud scale 10G/40G Low Latency and Low Oversubscription. Both Summit X670 and 670V support the following Cloud Ready functionality. The Summit 670 delivers a big control-path and a data center ready fast-path featuring 128K L2 MAC address and 16K IPv4 route/host with PFC, ETS, DCBx, QCN, Trill. EVB/VEPA support (all ports run at non‐blocking, wire‐speed performance in addition the VIM4 slot for the two Summit X670V models has handle 4 x 40 GbE at wire rate).1+1 redundant hot-swappable power, N+1 redundant hot-swappable fans and front-to-rear or rear-to-front cooling. X670s can be configured with either (FB) front to back or (BF) Back to Front air flow with embedded motion sensors. Summit X670 delivers a fixed format Data Center Optimized Design. Ultra-low Latency featuring PHY-less connectivity delivers sub 1 µsec latency and less power consumption. The Summit X670 models have a tuned, optimized “PHY‐less” design, which means that the packet processor ASIC is connected directly to the 10 GbE SFP+ ports, instead of using PHY chips in between (less is more when considering latency).Summit X670 does not support certain options, such as 10GBASE‐LRM, but the upside benefit is lower latency, lower power and lower price as compared to Summit X670V models. The Summit X670 supports passive copper cable up to 3‐meters, while the Summit X670V support passive copper cable up to 10 meters.SummitStack-V stacking uses 10 GbE ports as stacking ports (front panel ports #47, 48 compatible with X650/X480/X450e/X450a/X460). SummitStack-V supports distances up to 40 km with longer reach optics
Extreme is rethinking the data plane, the control plane, and the management plane.Extreme is a better mouse trap which delivers new features, advanced function, and wire-speed performance. Our switches deliver deterministic performance independent of load or what features are enabled. All Extreme Switches are based on XOS, the industries first and only truly modular operating system. Having a modular OS provides higher availability of critical network resources. By isolating each critical process in its own protected memory space, a single failed process can not take down the entire switch. Application modules can be loaded and unloaded without the need for rebooting the switch. This is the level of functionality that users expect on other technology. Reaching the twenty million port milestone is a significant achievement demonstrating how our highly effective network solutions, with rich features, innovative software and integrated support for secure convergence. Enterprises depend on modular switching solutions for all aspects of the enterprise network: in the enterprise core and data center, the distribution layer that lies between the core and wiring closet, and in the wiring closet itself. Modular solutions provide port diversity and density that fixed solutions simply cannot match. There are also high-capacity modular solutions that only the largest of enterprises and institutions use for high-density and high-speed deployments. Modular solutions are generally much more expensive than their fixed cousins, especially in situations where density or flexibility are not required. Fixed-configuration stackable switches are typically cost- optimized, but they offer no real port diversity on an individual switch. Port diversity means the availability of different port types, such as fiber versus copper ports. Stackable switches have gotten better at offering port diversity, but they still cannot match their modular cousins. Many of these products now offer high-end features such as 802.3af PoE, QoS, and multi-layer intelligence that were only found on modular switches in the past. This is due to the proliferation of third-party merchant silicon in the fixed configuration market. Generally, a stack of fixed configuration switches can be managed as a single virtual entity. Fixed configuration switches generally cannot be used to provision an entire large enterprise, but instead are mostly used out at the edge or departmental level as a low-cost alternative to modular products.
By employing the existing 802.3 MAC protocol, 802.3ba is intended to maintain full compatibility with the installed base of Ethernet nodes. The spec is also expected to use "proven and familiar media," including optical fiber, backplanes and copper cabling, and preserve existing network architecture, management and software, in an effort to keep design, installation and maintenance costs at a minimum. Driving demand for 40/100G Ethernet are the same drivers currently stoking 10G: data center virtualization and storage, and high-definition videoconferencing and medical imaging. Some vendors are building 40/100G Ethernet capabilities into their products now. The advancements in science and technology have never been so much about "why" as they have been about "why not" and "how far". The march toward Terabit Ethernet will clearly lead to many of the advances discussed here and most likely many others that today we cannot even fathom. Kajeepeta is CTO, Applications and Technology Services, Managed Services Sector, CSC.Where does Extreme Fit? The Extreme Summit X650, Summit X450 and X250 switch families have one important capability in common. SummitStack unifies extreme switches into a single entity offering a mix of 100M, 1G and 10G interfaces. The Summit X650 Versatile Interface Module architecture can support up to 512Gbps of stacking delivering 48-ports of non blocking 10G Ethernet. Redundancy is cheaper with two-tier networks. Full redundancy costs more than nonredundant networks. The incremental TCO for redundancy is 12% lower for Extreme’s two-tier networks and 15% lower for Cisco’s two-tier networks, compared to comparable three tier networks. Redundancy is cheaper primarily because it’s possible to add redundant components (uplinks, power supplies, and supervisors) to chassis switches in the access layer of two-tier networks. Three-tier networks generally have more boxes and each box requires redundancy. Also, three-tier networks sometimes have redundant aggregation switches, and that increases TCO significantly.You can't always get what you want but if you try sometimes you just might find - You get what you need! Rolling Stones released on their 1969 album Let It Bleed. Written by Mick Jagger and Keith Richards, it was named as the 100th greatest song of all time by Rolling Stone
Ethernet switching products from Extreme Networks® solve tough network connectivity challenges. Ethernet has become the foundation for global communications. Now, new expectations for rich infrastructure capabilities, high security, and flawless operations are testing network professionals like never before. Extreme Networks is responding with solutions that help deliver secure, robust connectivity for voice, video, and data to a discerning and highly mobile user community. In today’s world, your infrastructure partner matters. We can help you solve your toughest networking challenges.PoE Power Budget Summit X460 supports PoE-plus 802.3atOne AC-PoE PSU can provide up to ~380Watts of PoE power budgetWhen you have two AC-PoE PSU installed you would get ~760Watts of PoE power budgetAsk yourself…Will the new stacking on the Cat 3750e work with a Cat 3750 purchased years ago?What will be required for Cisco future stacking work with the current Cat 3750e?When will Cisco ship stacking for 10G core networks like the X650?With our Ethernet switches, enterprises and service providers can build scalable, highly-available networks that deliver voice and video traffic with clarity. We’ve integrated critical security features directly into the switch fabric and we’ve pioneered the Virtualized Security Resource architecture. Which means you’ll enjoy peace of mind today with the confidence that your network can grow and adapt to your changing needs. At Extreme Networks, it all starts with our switches! The connectivity requirement in the core of the network is different from that at the edge. The network core must be able to react to the bandwidth variability at the edge. For example - some applications may suddenly burst large amount of traffic, however, these bursts should not impact, anybody else, connected to the core. So having good quality of service capabilities, having deep buffers, having large routing tables, ensuring that the switches perform the same way regardless of the traffic conditions, are all requirements, that the core must meet, in order for it to be predictable. This is the hallmark of our core products.
Extreme Networks launched its Summitx460 switch family designed to address the needs of converged campus networks and virtualized data centers. The ability to use one switch for multiple uses in any number of environments can be critical as more enterprises look for ways to save money and reduce the complexity often involved in network design. The Summit X460 switches feature improved hardware, software and mechanical design with a big Fast Path.All ports run at non-blocking performance and can carry wire-rate traffic to the option slots with less than 4 microsecond latency while supporting 4,192 ingress and 512 egress ACL rules, meters and counters with Ingress and egress bandwidth policing/rate limiting per flow/ACL.Wide Key ACLs: XoS now supports wide match ACLs with 362 bit double wide key as opposed to standard 181 bit single wide key including IPv6 src and dst.Dense fast-path supporting 32K Layer 2 MAC Addresses, 12K IPv4 LPM Entries, 6K IPv6 LPM Entries, Multicast (6,000), ACLs (4K) and MPLS support.Sync-E is a line-timing method for transporting timing information over the Ethernet physical layer similar to SONET/SDH except it does not provide time/phase synchronization (Supported on Summit X460-24x/48x only).Extreme Networks has a "better mouse trap" which delivers a superset of previously available features, advanced function, and wire-speed performance. Our switches deliver deterministic performance independent of load or what features are enabled. All Extreme Switches are based on ExtremeXOS®, the industry’s first and only truly modular operating system. Having a modular OS provides higher availability of critical network resources. By isolating each critical process in its own protected memory space, a single failed process cannot impact the entire switch. Application modules can be loaded and unloaded without the need for rebooting the switch. This is the level of functionality that users expect on other technology. Advanced traffic monitoring, IPFIX hardware support: IPFIX (RFC 3917) a follow-on protocol to the proprietary Netflow Version 9. IPFIX gathers information about network flows through the switch and sends the information to an external collector. An X460switch will output a flow record when it determines that the flow is finished. It does this by flow aging: when the switch sees new traffic for an existing flow it resets the aging counter. Summit X460 switches include hardware to keep track of these flow records without slowing the switch CPU and dropping packets. Without hardware assist, NetFlow can be computationally expensive and a burden the CPU to the point where it runs out of capacity (other proprietary traffic monitoring protocols include Jflow for Juniper, NetStream for 3Com/H3C, HP and Huawei , Cflowd for Alcatel-Lucent and Rflow for Ericsson).
The Summit X480 switches are the highest end gigabit fixed configuration stackable switches offered by Extreme Networks®. They are engineered to support highly virtualized data center network, and carrier ethernet aggregation where very high Layer-2 and Layer-3 scalability are required.Summit X480 has three different models, in 24-port and 48-port configuration. Summit X480-24x comes with 24-port Gigabit Ethernet and 2-port 10 Gigabit Ethernet. Half of Gigabit Ethernet ports are dual personality so you can choose between copper or fiber.Summit X480-48t comes with 48-port Gigabit ethernet with the last 4-ports being dual personality for copper and fiber. Summit X480-48x has 48-port Gigabit Ethernet fiber SFP ports and supports both 100M and 1000M speed optics.All three models have highly available hardware design by supporting dual hot-swappable AC/DC power supply, hot swappable fan tray. To provide unmatched flexibility, Summit X480 has one VIM2 module slot in the back of the chassis, and can provide options for additional 10 gigabit Ethernet ports or stacking. With the flexible VIM design, Summit X480 can be configured to match with customers’ needs.Massive ScalingMore than 10x MAC/IPv4 Routes (vs. X450a)More than 10x ACL Entries (vs. X450a)MPLS support (option software license)Stacking Support (option hardware module)Improved DesignFront/Side to back coolingDual Redundant AC/DC PSUHot swap FAN trayStill compact 1RU, 19inch depth
TheSummit X650 switch.It has 24 ports of 10-Gigabit Ethernet with either 10G BASE-T or SFP. On the front panel it has a 10/100/1000 BASE-T out-of-band management port and an RS232 console port. On the back, it has dual, hot-swappable power supplies for internal power redundancy and a field-replaceable, removable fan tray. On the left side of the chassis is a plug-in module slot with SummitStack™ installed. The VIM module has a 4-port, gigabit SFP port and two SummitStack 40-gigabit ports. This allows the switch to stack with any other SummitStack capable switch. There are three additional options available for the Summit X650.The VIM1-10G8X provides 8 additional ports of 10-Gigabit Ethernet to create a 32-port, 10-Gigabit Ethernet system with a 1RU footprint. These ports can be used for high-speed uplink connectivity with a 3:1 network oversubscription ratio.If a customer wants higher density and high performance, there are two high-speed stacking modules available.The VIM1-SummitStack256 provides 256 gigabits-per-second throughput stacking, which is more than 6 times faster than the SummitStack™ 40-gigabit solution. This module would deliver up to 192 ports of 10-Gigabit Ethernet in a virtual system with 2:1 oversubscription.The VIM1-SummitStack512 delivers 48-ports of 10GbE on a non-blocking system. With this VIM, two Summit X650s can be stacked together to create a 48-port, non-blocking 10-Gigabit Ethernet system.The Summit X650 comes in two models: a 10G BASE-T version and an SFP+ version. The 10G BASE-T configuration provides 24 10-Gigabit Ethernet ports over standard UTP cable. With category 6a cable or better, 10G BASE-T can reach up to 100 meters. SFP+ models can be used with either passive copper cable or with an SFP+ optics module. The passive copper module is a good solution for connectivity within a rack when the required distance is less than 100 meters. In cases where fiber optics are desired or distances exceed 100 meters, you can use SPF+ optics configured with either 10G BASE-SR or 10G BASE-LR transmitters.
Summit X450 series and Summit X250 series switches with SummitStack stacking architecture were designed to support converged services. The significant throughput provided by SummitStack stacking, up to 320 Gigabits per Second (Gbps) per stack, and the distributed, shortest path forwarding can provide performance comparable with chassis switches. Resiliency is of key importance for these applications and is provided by redundant bidirectional ring architecture and n-1 master redundancy, distributed Layer 2 and Layer 3 link aggregation, link redundancy and distributed uplinks. Each stack member maintains local hardware tables that receive updates from the stack master. Each stack member can perform Layer 2 and Layer 3 forwarding—a distributed, resilient and highly efficient switching architecture.SummitStack stacking on Summit X450 series and Summit X250 series switches delivers the best of both worlds: the benefits of a chassis at the cost of a stackable, in an architecture designed to support today’s evolving LAN applications. The resulting network simplification can provide lower management and maintenance costs while enhancing overall availability. SummitStack stacking offers management simplicity like modular chassis at lower entry cost. Benefits of SummitStack stacking technology are summarized as follows:Connectivity Cost Using Extreme Networks® special stacking interconnect cables to connect Summit X450 switches and Summit X250 switches with built-in dedicated high-speed stacking interfaces together provides a lower cost inter-switch connectivity alternative to 10 Gigabit Ethernet links.Combined ManagementExtremeXOS™ SummitStack creates a single management point of control for configuring and managing all of the member switches in a stack. Configuring Layer 2 VLANs or Layer 3 routing interfaces is simplified with a single management view of all the ports in the entire stack.Pay as You GrowWith ExtremeXOS SummitStack, you can start out with a single switch and grow to eight switches in a single stack. Features such as Link Aggregation, Multicast and Port Mirroring operate with ports on a single switch or operate on ports spread across multiple stack member switches. You can add ports to your Extreme Networks SummitStack when customers need additional port density. By using ExtremeXOS SummitStack, you can mix switches with different interface types and port densities in a single stack to support a range of applications.
Cross-Platform (40 Gbps with 10 Gbps CX4 ) stacking with the SummitStack™ module. SummitStack delivers Voice-grade high-speed stacking featuring compatibility with all ExtremeXOS-based stackable switches. Multi-platform stack technology allows a customer to buy what he needs with the ability to mix and match Summit X250e, X450a, X450e, X460, X480 and X650 switches running the same version of ExtremeXOS. In addition, SummitStack will protect your investment in the future by allowing the customer to mix and match ports from Ethernet, Fast Ethernet, Gigabit, 10 Gigabit and 40 Gigabit Ethernet in the same Virtual Chassis™ cross-platform stack of switches – a feature unique to Extreme Networks Summit switches.Cross-Rack (80 Gbps with QSFP+) High Speed stacking for server access to the network fabric.SummitStack-V80 provides 80 Gbps high speed stacking for environments where high amounts of data must traverse the stacking links, such as in data centers. The higher speed stacking module supports the QSFP+ standard (which will be the standard for 40 GbE) and accommodates passive copper cable, active fiber cable and QSFP+ optics with inter-switch distances to 100 meters, ideal for "cross-rack stacking". Depending on data center size, SummitStack-V80 may be able to enable a single managed entity, a single Virtual Chassis™, for an entire top-of-rack system greatly simplifying network management.Cross-site stacking using SummitStack-V (10 Gbps with non-keyed MSA compliant optics): Introduced with Summit X460 switches is SummitStack-V which adds the capability to utilize the optional dual 10 GbE ports on an XGM3-2sf module as stacking ports. This reduces cable complexity by enabling the use of standard direct-attach copper cabling and optics technologies used for 10 GbE, such as XFP, SFP+, 10GBASE-T and XENPAK. One 10 GbE port is used per stack link per switch. SummitStack-V also enables long distance stacking connectivity of up to 40 km (24.85 miles) using long reach 10GBASE-ER optics. SummitStack-V is compatible with Summit X450e, X450a, X460, X480 and X650 switches running the same version of ExtremeXOS. SummitStack-V and SummitStack both operate at 10 Gbps, but using the industry two-link FDX terms, it's 40 Gbps, but we don't call SummitStack-V 40 Gbps ... FYI
Extreme’s Value Proposition in the DatacenterReducing operator, management, and design complexity … Delivering an innovative collapsed datacenter network vs. the traditional 4 or 5 tier network design through the „Direct Attach‟ ArchitectureReturning visibility an control to network managers in highly virtualized environmentsTracking the proliferation of Virtual Machine mobility with XNV.Single operating system across all End-of-Row, Top-of-Rack, and core switches Increasing application availability … Delivering resilient software operation with Extreme XOS modular operating systemDelivering resilient network fabric solutions (i.e. SummitStack, Redundant Hot-swappable MSMs)Delivering resilient link protection with EAPS Lowering TCO … Achieving green connectivity with lower power consumption across modular chassis solutionDynamic power management for peak/off-peak operationOn-demand provisioning of new servers or virtual servers without manual interventionBuilt-in network automation tools that help reduce repetitive tasks A high performance, scalable architecture … High performance (throughput) and scalable (L2/L3 table sizes, port density) 10GbE/1GbE solutionsFlexible network fabric clustering up to 512Gbps with Extreme Networks Summit-StackVEPA and CEE ready
The BlackDiamond 8800 delivers a chassis switch family and Ethernet platform for high performance, high value and smart connectivity from the network edge to the network core and data center. The BlackDiamond 8500-series wiring closet modules offer a high-value solution addressing customers’ needs for cost-effective, yet feature-rich switching capabilities with natural upgrade paths for scalability and growth on demand. BD8500 is a entry level Edge chassis that can be upgraded to BD8800 and BD8900 levels just by changing MSMs. Black Diamond Blade FitLow entry price yet full upgrade option (8500 POE Edge, 8800 Aggregation and 8900 Data Center)Investment Protection (Scalability grow on demand, allowing for flexible end-to-end deployment)Mix & Match blades to match you specific requirements (Buy what you need)Automated Configuration (simplify with Universal Port software to ease network provisioning)Reduced service price with ‘Limited Lifetime Warranty’ (comparable to stackable warranty)The core needs availability that is higher than voice grade availability required at the edge. It needs carrier-class availability. The products that we recommend for the core have been built to the exacting standards required by our carrier Education Customers. While security at the edge of the network is mostly about the right permissions, the right users, etc., security in the core is different. It is technologies like firewalls, intrusion detection or intrusion prevention that apply in the core of the network. The role of a core switch in our opinion is to have key technologies that will allow specialized security appliances to be integrated into the core. Competitive technology such as the Nexus 7000 and it’s large punitive price tag are nice but they are overkill for many network applications.With other chassis… It's like ten thousand spoons when all you need is a knife ... Alanis Morissette used Ironic lyrics in the Jagged Little Pill Album. Mar 31, 2008. I don’t think she was talking about the Extreme Black Diamond Chassis but the phrase seems to apply.
The BlackDiamond 8800 switching system enables our customers to build smarter networks. The BlackDiamond 8500 Series modules. We have publicly announced the new management and line cards at our Partner conference in EMEA and as you will see in today’s press, we have good coverage from media around the world. Our customers have told us that they need more than just cheap connectivity; they need plug and play connectivity to discover and provision users and devices, they need resilient connectivity to handle outages with minimal impact to users and they also need secured connections to identify and mitigate threats. With our Universal Port feature, dual MSM management across the whole BlackDiamond 8K family (warm fail-over in the 8500, hot in the 8800/8900), and our robust security capabilities, a wiring closet built around the Black Diamond 8500 addresses all of these needs. With the addition of the 8500-series modules to complement the original 8800 c-series management and line card modules, and the high-performance 8900-series modules, you can offer the only solution in the industry that scales from the wiring closet to the data center. As our customers’ networks grow they can leverage the same switching-system including the chassis, power supplies and even fabric modules. From the cost effective 8500 modules enabling a smart enterprise edge to the 80/120Gb per-slot performance offered by the BlackDiamond 8900-series modules for server connectivity in the data center, no other vendor can offer this level of investment protection and value. Switching technology from Cisco and HP would need two or three different chassis families to offer the same capabilities. The Black Diamond 8810 design has a high degree of built-in redundancy via; N+ 1 power supplies, redundant management modules and a passive backplane. With converged networks comes an increased need for always-on networking that is, 100% network availability. This is important both for emergency purposes and to guarantee business continuity. This sort of reliability starts at the core of the network combined with highly available solutions and robust network designs that have millisecond failover and recovery times. When XYZ Customers is implementing a converged network, you need to think about resiliency at the network level as well. A delay between packets that exceed 50 milliseconds is noticeable to the user. This is a critical point to remember as you build converged networks today. If you do not have the failover mechanisms that get you to less than 50 milliseconds, phone calls may be dropped.
Today we have in production a broad range of data center specific products. We have stackables with dense 1 gig connectivity and stackables with 10 gig connectivity. And all of our stackables really do stack simplifying management in the data center.We have a complete series of chassis systems: the BlackDiamond® 8800/8500-series/8900-series modules. The BlackDiamond 8900 has more density and larger table sizes for large deployments.Both these platforms are upgradeable to 40 GbE with currently announced products and 100 GbE in the future. ll of these systems run the same version of our operating system, ExtremeXOS®. All of these systems will support our virtualization capabilitiesProductsInnovating with Extreme Products from Extreme Networks Deliver Insight and Control to Solve the Toughest Communications Challenges for Enterprises and Service Providers. SwitchingCore and aggregation switching solutions scale to solve tough voice and security challenges with high availability, crystal clarity, and integrated security features. Edge switching solutions provide a powerful portfolio to support everything from basic connectivity to advanced, high-speed services for demanding desktop applications.ExtendersPort extenders enable the Ethernet network to be scaled to support conference rooms, small work groups and other applications without the high costs of management, deployment and maintenance for the network operator.Wireless ProductsWirelessScalable wireless LAN solutions are available for small to medium to large enterprises. Extreme Networks wireless solutions offers world class capabilities including comprehensive network-wide security, enterprise grade voice services and unified policies and services across wired and wireless networks. We enable the enterprise customer to reduce the complexity for wireless network deployment and management.SecurityOur pioneering Virtualized Security Resource architecture enables cost-effective and pervasive deployment of advanced security capabilities.ManagementSolve tough management challenges with simple tools to configure, monitor, secure, and operate your network.OSExtremeXOS is an open, extensible network operating system with a modular design for high availability and application versatility.
The BlackDiamond X8 modular switch will provide a game‐changing approach to building scalable networks for highly virtualized and high performance computing environments. It will provide the ideal platform for building collapsed and converged network architectures for high performance and highly virtualized data centers at an industry leading price point. Key features will include: The target GA is planned for early 2012. The BlackDiamond X8 will require ExtremeXOS 15.1.x Preliminary pricing:192-port 40 GbE QSFP+ (768-port 10 GbE) $775,000 US ListFully loaded 40 GbE config, MM, 1.28 Tbps Fabric, PSU all redundant 384-port 10 GbE SFP+ $475,000 US ListFully loaded 10G config, MM, 1.28 Tbps Fabric PSUs all redundant Highly Scalable Data Plane20.48 Terabit switching capacity1.28 Terabit per slot, 960 Gigabit per slot with 3+1 config768-port wire speed 10 GbE, 192-port wire speed 40 GbEMidplane-less, high-performance mating systemHigh-Performance Control PlaneDual Core, 2GHz Intel i7 main processorHigh-speed control plane, multi-gigabit path to all I/OFully Redundant DesignDual management module with hitless failover3+1 fabric redundancy to sustain 960 Gbps (1.92 Tbps bidirectional) capacity per slot under one fabric failureN+1 and N+1 power grid redundancyExtremeXOSAvailability and IntelligenceHigh availability with hardened operating system and protocolsIntelligence to automate network operationsProven track record and 10+ years experience in merchant silicon designIdeal for Data Center networking where servers/apps dynamically provisionedUnmatched Virtualization Support128K Virtual MachinesVPPVirtual Machine Lifecycle ManagementZero-Touch ConfigurationStorage ConvergenceNFS, CIFS, iSCSI, FCoESustainability Metrics5W per 10 GbE portFront-to-back Cooling (FB)Intelligent Power ManagementVariable Fan Speed
Optimized air ventilationEnergy efficient cooling Pure front to back, air-flow straight through chassis Midplane-less design efficient coolingSeparation of cold-hot aisleVariable fan speed control for lower power
XYZ Customers “Event-Driven” Expenses” I also wanted to go through one of the other dynamics that a lot of enterprises confront as they think about the costs they incur on operational basis. I will call this the Cost to Chaos Ratio. We are all familiar with the idea that as chaos or change rates within a particular network go up, so do your costs. You have a lot of people moving around with adds, moves and changes, and you have new applications added to the network. If you are merging with other companies or doing acquisitions, the operational costs and ongoing design costs that you will confront in your network infrastructure will start to skyrocket. Monthly costs to complete adds, moves, and changes Estimated at $150 per change Users in the model move once every 2.5 years)Design Equity to help you lower these redesign and rebuild costs. EPICenter® Universal Port Manager simplifies management of profiles across the networkUniversal Port automates device discovery and configures and manages ports based on Link Layer Discovery Protocol (LLDP), MAC ID or network authentication informationPower Conservation Module reduces energy consumption by turning off power to Power over Ethernet enabled IP handsets when not in use.The second thing we are providing here is the Automation Framework itself, which further lowers this Cost to Chaos Ratio. The Automation Framework gives us the ability to lower your company’s operational costs by helping automate the deployment of your gear, the operations of your infrastructure and the optimization of the infrastructure as time goes onExtreme delivers Deterministic Performance (Switches continue to perform with all the features turned on).ASICs perform all the heavy lifting supporting QoS, sFlow, ACLs, IPv4/v6 & Mirroring in hardware LPM eliminates the need for control plane software to learn new flows Common feature set including vMAN, CLI, SNMP MIBs, protocol engines, GUI management.Full routing support advanced protocols including OSPF, PIM, ESRP, VRRP, EAPS, and BGP (slow path).Investment protection avoiding continual upgrades
Identity Manager is available in theExtremeXOS 12.4 operating system orlater and EPICenter 7.1 or later, and runson the existing Extreme Networksenterprise switching portfolio, eliminatingthe need for a forklift upgrade. Theflexible and modular architecture ofExtremeXOS allows for gathering andcollecting attributes from differentsources on the network (e.g. IT applicationsand servers), which helps inconstructing identities and correlatinginformation from multiple sources.In future development, role-basedaccess control policies are enforced byconfiguration through either EPICenteror the ExtremeXOS based switch. Anextensible framework based on XMLAPIs is used for communicationbetween EPICenter and the switches.When user or device identities arediscovered, the switch determines ifthe identity can be placed in one of the configured roles.There is a fundamental shift in the Enterprise market to move away from a static infrastructure where users, devices and applications are locked to physical cubes, wiring closets, and server racks. Smart connectivity removes these physical barriers and takes advantage of the expanding mobility of these users, devices and applications to make an interactive network available to deliver the best "user experience" for:Beyond the Static Network: User, Device, Location and Presence AwarenessExtreme Networks moves beyond the traditional static network, enabling smart enterprises to proactively manage their business operations, maintain business continuity, and enhance user productivity and IT manageability while applying on-demand network performance for business critical applications. As a result, Extreme Networks delivers unprecedented network visibility, mobility, and control that enable businesses to successfully deploy a converged, smarter network that enables network awareness of users, devices, applications, location and presence through transparent authentication, role-based access control, automation, and zero-touch configuration. The next generation of network intelligence is embedded within Extreme Networks smart enterprise solutions to achieve plug-and-play, resilient, and secure connectivity at lower cost of ownership.
Solving tough business problems at the edge of the networkThe proliferation of IP devices in a typical business network today is overwhelming. Different types of devices require completely different configurations, security policies, etc. This proves to be expensive and time consuming for the typical Education Customer. To address this new level of network complexity, Extreme Networks recently announced a new Ethernet Switch feature called Universal Port. See the March 2007 Press Release on Extreme’s Universal Port feature.What is Universal Port?This feature was originally created to provide automated provisioning for IP Telephones. With the ability to recognize phones from Avaya, Shoretel, Nortel, Cisco and Mitel, the module supports 65 percent of the IP handset market. Critical network parameters related to access control, network topology, power and bandwidth allocation, and Quality of Service (QoS) can be consistently configured on an event-driven basis, helping to reduce configuration errors and save time when installing or moving networked devices. In addition, the module can also configure the handsets themselves if they support the IEEE standard link-layer discovery protocol (LLDP). The result is one of the industry's most comprehensive, automated solutions solving tough handset deployment challenges However, the feature continues to evolve and has been expanded to provide similar functionality for many different types of network endpoints.Simply put, Universal Port virtually eliminates the need for manually switch configuration as devices are added or moved within the network. This also improves security at the edge of the network by restricting access for unknown or unauthorized devices. A single policy can be defined and tested before rolling it out enterprise-wide. Further, Extreme Networks' Universal Port supports multiple device policies on a single port. For example, an Avaya IP Phone and a desktop connected to the Ethernet port on the phone will the phone will receive their own port policies, independent of one another. Extreme also is trying to build a community similar to the open-source model where organizations develop their own profiles and share them. Extreme will, from time to time, test and redistribute some or all of the user-submitted policies under a royalty-free license. Building community is a difficult task and Extreme must develop the tools--like a Wiki--around which a community can develop and grow.”
In XOS 12.4.1 release slated for December of this year, Extreme is introducing a feature called Identity Manager. This feature allows customers to track users who access their network, based on username (which can be derived from several types of Netlogin authentication). A distinctive feature that we are adding is Kerberos snooping, which is the ability to transparently identify network users based on Windows Active Directory Domain login. The benefit of Kerberos snooping is that there is no interruption to the user’s workflow.Benefit: Extends control/enforcement of application services to the network Delivering robust internal and external network securityRole-based NetworkingUser ID and application awareness independent of L2-L4 informationUser-based segmentation vs. L2 VLANsTo help address the changing factors in today’s network, Extreme is moving beyond the L4 limits to deliver an identity-aware network. Traditional networks identify users based on IP or MAC addresses and applications are identified based on L4 information, which is no longer accurate because L2, L3, and L4 information can be easily spoofed. Extreme’s vision is to deliver an identity-aware network to help identify users and applications independent of L2, L3, or L4 information. And by doing so, allows us to deliver network-based identity and access management. Once we derive the username, we can then map the username to the associated IP, MAC, VLAN, computer hostname, and port location of the user. For example, in an Extreme networks infrastructure, when a user logs into a windows active directory domain, the Extreme switch will snoop the windows login (also known as Kerberos login process). A Kerberos login request gets sent to the Windows AD server, which contains the username. Extreme extracts the username and maintains it in our switch database, which we will then map it to the port, MAC, IP address, and VLAN. In the CLI example shown here, the Extreme switch has identified that a user decahedron has logged into the network via Kerberos. We can also get additional details of the user by identifying the domain name and hostname (which is the computer name) where the user logged into the network from. The network is no longer IP and MAC limited, instead the network is now identity-awar
Take the commitment to "maintain and sustain the integrity of enterprise data". Seems simple enough to say, and is reasonably simple to measure, but before this straight forward commitment can be realized within the environment by protecting files and folders, it has to pass through the gauntlet of massive technological complexity. Consider all of the technological nuances to the commitment; protecting data in motion and data at rest both have unique technical solutions and both represent substantial technical complexity that makes delivering upon a seemingly simple commitment, very tough. Take a look at another reasonably simple commitment - "to reduce the cost of ownership of IT by 10%". Certainly simple to say and measure, and ultimately a simple transformation for a user community to experience, but a very tough set of challenges and questions exist between the commitment and the resultant actions. How do you take costs out without impacting service ? The wireless ACL uses location as a credential and as such is designed to enforce admission policies based on the current location of the client. By default all clients are allowed admission in all zones and the wireless ACLs can be configured to deny admission to a single MAC address (client) or a group of clients for each defined zone.Building a Smarter Network. There is a fundamental shift in the Enterprise campus to move away from a static infrastructure where users, devices and applications are locked to physical cubes, wiring closets, and server racks. A smarter network removes these physical barriers and takes advantage of the expanding mobility of these users, devices and applications, and through collaboration, delivers the best "user experience" for:Network users Network managers As a result, Extreme Networks delivers unprecedented network visibility, mobility, and control that enable businesses to successfully deploy a converged, smarter network. A smarter network enables location and presence awareness of users, devices and applications through automation, identity management, role-based networking, network virtualization, and ease of deployment through zero-touch configuration. The next generation of network intelligence is embedded within Extreme Networks smart enterprise solutions to achieve plug-and-play, resilient, and secured connectivity at a lower cost of ownership.
Companies are slowly but surely moving to some sort of cloud computing model. According to Gartner Group research, 8 percent of U.S. corporations had implemented a cloud service at the end of 2010, and Gartner expects that number to jump to over 50 percent by the end of 2012.A cloud model offers obvious benefits: cheaper pay-as-you-go delivery methods, less operational complexity and fewer, if any, servers to manage.Step 1 The PhoneFactor Agent adds a second authentication step – a confirmation phone call – to your existing authentication process. If the username and password are correct, the agent sends an SSL request to one of the PhoneFactor data centers. Step 2 The data center calls the user, who confirms the login by answering and pressing the # or a PIN. Finally, it returns success or failure to the application.Tokens have been considered a workable method for securing enterprise logins for many years. However, that doesn’t mean that they are the best two-factor methodology available today. Like many technologies – Betamax, VHS, even DVD at this point – a better, more effective solution has come along. There are five critical considerations you must take into account before you decide to either purchase tokens for the first time or renew your current token contract so that you don’t make a costly mistake. Here are the five critical considerations:Tokens do not protect against all threats.Users don’t like tokens. They lose them, have trouble using them, and generally disregard their primary purpose - security.Tokens really don’t serve the user’s purpose – mobility.Tokens do not easily scale – it will cost you money, time, and a considerable headache.Tokens are more expensive than you realize, and there are better, lower cost alternatives.key issues regarding tokens – the security and scalability of the technology, user acceptance, and the total cost(including internal costs) to maintain security token systems. It then provides a more detailed analysis of both hardware and software token technology and finally presents phone-based authentication as a secure, cost-effective, and user friendly alternative. The underlying security of the authentication method is the most critical factor.If the second factor of authentication is not truly protecting your network, data, and users, then it’s not worth implementing at any cost. Given the ever-changing threat landscape, evaluating the level of protection is not an easy task. Industry experts and leading analyst firms are now recommending out-of-band or multichannel authentication as a best practice. Also consider not just the threat prevention aspect of the solution, but also the threat alerting capabilities or other features that go beyond just stopping an attack.
Identity ManagementThe Identity Management capabilities today enable user identity for a mobile workforce, adapting userexperience based on location, role, and device. From an XOS-based switching infrastructure, networkadministrators can track and provision of network users based on identity obtained through Netlogin orWindows Active Directory Domain Login (using Kerberos snooping).The roadmap brings forward additional Identity Management capabilities including:o Black Lists/White Lists: Ability to black list and white list users and/or devices such printers, etco Network Zones: Ability to create security zones (defined by IP, MAC, Subnet, etc) and associatethese ‘zones’ to a policy. For example:- Users in “guest role” deny access to “internal zone”- Network zone “finance” deny access to network zone “internet”o ACL Enhancements: Ability to define more flexible combination of match qualifiers (i.e. MAC Source + Destination IP ACLs)o LLDP: support LLDP attributes for LLDP authenticated devices like IP Phones, WIFI Access point, which don’t go through Kerberos based authentication system.
This VR feature delivers basic service isolation through separate L2 and L3 tables. In the conversations on a switch, the L2 switching of traffic is based on the mac address and the L3 switching is based on the IP address of the devices. L3Switches are both learning bridges and routers which build tables for each port, they learn the mac or IP addresses of devices on each port. Using these tables, it can move traffic from one address to a port that contains another address based on what it has learned and stored in its tables12.5 VR SupportFeature Description63 User VRs + 1 System VRFeature ValueIncreased scalability and Isolation of of customer services through partitioning PlatformsSummit X460, x480, x650, BlackDiamond 8K c & xl and BlackDiamond 20KThe Summit X460 switches deliver L3 Virtual Switching at the network edge. Virtual Routers allow you to virtualize your physical switches into multiple, independent domains without increasing the complexity of added devices and connections. You are probably thinking that L3 Virtual Switching is another term for VLANs. This is not true. As a matter of fact, Layer 3 Virtual Switching complements VLAN technology. In the case of Virtual Routing, each virtual router has an isolated routing table. The Summit X460 ASICs are sufficiently intelligent to assign and segregate physical resources on the switch to a specific process or Layer-3 Virtual Switch instance. In this case, the X460 switch can individually assign CPU cycles, packet/CPU memory, forwarding table space, and physical port to each of the configured Virtual Switches. What happens if the switch crashes? Whatever the reason -- a process that went died, or maybe an external attack on the switch itself -- the result is that any user attached to that particular switch is now isolated from the network and has to wait until the switch recovers from the crash, is rebooted, or replaced. Now let’s take a look at what happens in a Layer 3 Virtual Switch environment like the one supported today on Extreme Networks’ Summit X460. In this case, as with any other Layer-3 switch, the Layer-1 and Layer-2 portions of the architecture are fairly similar. When we go up to the Layer-3 section, however, you can see that we now have segregated Layer-3 instances. Each Layer-3 instance has its own routing table and resources. Given this architecture, what would happen in the case of, for example, an attack is launched on the blue Layer-3 Virtual Switch. When the attack strikes, or a process goes awry, the blue Layer-3 Virtual Switch will naturally crash. That crash, though, will not affect users connected to other Layer 3 Virtual Switch instances, even though they reside on the same Summit X460. You can see the pink, yellow, and green Layer-3 Virtual Switches are still up and running and forwarding traffic. So the only affected users are the users connected to the blue Virtual Switch. If this is still a little bit hazy, you can think about Layer-3 Virtual Switches as separate physical routers housed in a single physical enclosure. Instead of having a separate router somewhere out there to support a particular application or particular interface, what we have done is taken that router, virtualized it, and put it in a physical enclosure. The only difference is that we can do that with multiple routing instances. Of course, in order to do this, we must also guarantee that these “virtual” routers are isolated from each other, and that they have their own routing table.
The need for business continuity has placed a greater demand on today’s data networks – redundancy and reliability are imperative and the network must be able to support them. The network infrastructure must be able to achieve a high availability environment and continuous access to resources. For this reason the networking industry has relied on the Spanning Tree Protocol (STP) in large Layer 2 networks to provide a certain level of redundancy. However, STP has proven inadequate to provide the level of resiliency required for real-time and mission critical applications. It is important to note that the entire industry has recognized that a new technology is needed to replace STP and many vendors are in the process of developing pre-standard technologies to meet that requirement.Ethernet Automatic Protection Switching (EAPS) is Extreme Networks’ solution for fault-tolerant Layer 2 ring topologies. EAPS is responsible for a loop-free operation and a sub-second ring recovery. This revolutionary technology provides end users with a continuous operation usually only available in voice networks. While EAPS provides an advanced function, it does so with radical simplicity.A ring is made up of two or more switches. One of the nodes on the ring is designated as master (S1) as shown in Figure 1. The two ring ports on the Master node are configured as primary port (P) and secondary port (S) respectively. All other nodes on the ring (S2-S6) are designated as transit, which are also configured with their respective primary and secondary ports.The benefit of EAPS technology, available with Extreme Networks' switching solutions, is its use of off-the-shelf Ethernet technology to deliver rapid failover and resiliency. This allows Ethernet and IP to equal the performance of legacy SONET technology at a lower cost point. This allows carriers and enterprises to implement IP networks that are both simple and scalable. Progressing as an industry-accepted technology, EAPS is recognized as RFC #3619 by the IETF Internet and networking standards body. As noted, the use of the spanning tree protocol to avoid loops is losing favor. The primary reason for that is that the spanning tree protocol prevents all available forwarding resources in a redundant network design from being simultaneously utilized. This dramatically limits the scalability of the LAN at a time when there is the growing requirement for data center LANs to be more scalable. It is now possible to ensure a loop-free topology without using the spanning tree protocol. This is accomplished by implementing a combination of switch virtualization and multi-chassis Link Aggregation (MC LAG).
M-LAG allows two physical separate switches use a single LAG control plane acting as one distributed switch. The downstream switches link back to the two physically separate switches as if they were connected to one switch and one LAG group (like a normal LAG group). Welcome to the wonderful world of Multi-Chassis Link Aggregation (M-LAG). M-LAG can help ensure five-9s availability when combined with redundant hardware and a robust modular operating system. With M-LAG ports remain active/active, while STP only kicks in during a misconfiguration. This enables an increase in cross-sectional bandwidth and faster failover times. Plus M-LAG will eliminate one of the biggest pain points for network engineers, Spanning Tree Protocol (STP) not to mention that you lose half the bandwidth to STP loop prevention (the architectural approaches used by individual vendors are widely different).LAG is a method of inverse multiplexing over multiple Ethernet links. Link Aggregation allows one or more links to be aggregated together to form a Link Aggregation Group, such that a MAC client can treat the Link Aggregation Group as if it were a single link. This layer 2 transparency is achieved by the LAG using a single MAC address for all the device’s ports in the LAG group. MLAG enables the network administrator to use all interconnects in an active/active, Layer-2 topology. MLAG and Spanning Tree can work together - ports remain active/active, while STP only kicks in during a misconfiguration. This enables an increase in cross-sectional bandwidth, and faster failover times measured in the 100s of milliseconds for link or nodal failure.MLAG can work at almost any layer of the network - to interconnect servers in an active/active topology to the leaf layer, or from the leaf layer to the spine/aggregation layer.MLAG is obviously a highly desirable design tool... (with no vendor standard-based open approach) Switch virtualization refers to two or more physical switches being made to appear to other network elements as a single logical switch or virtual switch, with a single control plane. Link Aggregation is not new. For example, today it is common to create a high-speed uplink (a.k.a., a LAG) by aggregating multiple 10Gigabit Ethernet links. What MC LAG adds is that it allows the links of the LAG to span the multiple physical switches that comprise a virtual switch. From the server perspective, links to each of the physical members of a virtual access switch appear as a conventional LAG or teamed links. This means that switches can be virtualized without requiring any changes in the server domain.
TRILL uses a concept of a Routing Bridge, known as an RBridge, running IS-IS routing protocol((Older engineers will recall Bridging Routers or BRouters. In this case IS-IS does not use IP to establish neighbor relationships, its uses OSI protocols which includes CLNS and PDU’s to perform the neighbor and protocol exchanges. This means that IS-IS works for IPv4 & IPv6 and can equally be used for other protocols such as is proposed by TRILL.Radia Perlman is the creator of Spanning Tree who currently works for SUN, and appears to be the lead author of TRILL. Other authors include Dinesh G. Dutt from Cisco, Silvano Gai from Nuova (now Cisco Nexus products). These people are at the core of the data centre fabric development and their employers Sun and Cisco are promoting their Cloud Computing credentials. Many Switch Vendors are focusing on TRILL, DCB, and Logical Chassis (stacking) as their main feature set to deliver something they refer to as an “Ethernet Fabric”. Conventional Ethernet networks -- known in the Internet as Ethernet link subnets -- have a number of attractive features, allowing hosts and routers to relocate within the subnet without requiring renumbering, and supporting automatic configuration. The basis of the simplicity of these subnets is the spanning tree, which although simple and elegant, can have substantial limitations. With spanning trees, the bandwidth across the subnet is limited because traffic flows over a subset of links forming a single tree -- or, with the latest version of the protocol and significant additional configuration, over a small number of superimposed trees. TRILL stands for Transparent Interconnect of Lots of Links.It's in development to enhance the 10Gb Converged Enhanced Ethernet protocol with 'multipathing'. Currently 1Gb Ethernet and below is using the spanning tree protocol, which used blocking/non-blocking of network ports and thus is not multipathing capable.The importance for data center converge:CEE will be used for both storage and standard networking. To be able to use multipathing on the storage level, which FCP has done for years, you need a protocol which supports this. TRILL is being developed for this.TRILL is not a panacea and it’s definitely not for everyone. It locks out the competition and locks in the customer to a switching Vendor’s proprietary implementation. It requires a forklift upgrade to function fully. Extreme Networks takes a better approach with industry-standard Multi-Switch LAG (Link Aggregation Groups) which can address bandwidth limitations and improve network resiliency, in part by routing network traffic around bottlenecks, reducing the risks of a single point of failure, and allowing load balancing across multiple switches.
Advanced traffic monitoring, IPFIX hardware support: IPFIX (RFC 3917) a follow-on protocol to the proprietary Netflow Version 9. IPFIX gathers information about network flows through the switch and sends the information to an external collector. An X460switch will output a flow record when it determines that the flow is finished. It does this by flow aging: when the switch sees new traffic for an existing flow it resets the aging counter. Summit X460 switches include hardware to keep track of these flow records without slowing the switch CPU and dropping packets. Without hardware assist, NetFlow can be computationally expensive and a burden the CPU to the point where it runs out of capacity (other proprietary traffic monitoring protocols include Jflow for Juniper, NetStream for 3Com/H3C, HP and Huawei , Cflowd for Alcatel-Lucent and Rflow for Ericsson). information flow in an IPFIX architecture.Usage-based accounting is one of the target applications for IPFIX asdefined in [RFC3917]. IPFIX records provide fine-grained measurementresults for highly flexible and detailed usage reporting. Such data is used to realize usage-based accounting. Nevertheless, IPFIX does not provide the reliability required by usage-based billing systemsMeasurement results reported in IPFIX records can provide usefulinput for traffic profiling. IPFIX records captured over a long period of time can be used to track and anticipate network growth andusage. Such information is valuable for trend analysis and networkplanning.Traffic engineering aims at the optimization of network resourceutilization and traffic performance [RFC2702]. Typical parameters are link utilization, load between specific network, nodes, number, size and entry/exit points of active Flows, and routing informationAttack and intrusion detection are among the IPFIX targetapplications described in [RFC3917]. Due to the enormous amount ofdifferent network attack types, only general requirements could beaddressed in [RFC3917]. For example, Worms may leave signatures in traffic patterns. Detecting such events requires more detailed measurements and post-processing than detecting simple changes in traffic volumes.IP Flow Information eXport (IPFIX) that has been standardized to generate the flow-level traffic measurement information. The IPFIX protocol defines how IP Flow information can be exported from routers, measurement probes, or other devices. IP Flow information provides important input data for a variety of applications. The IPFIX protocol is a general data transport protocol that is easily extensible to suit the needs of such applications.
Wide Key ACLs: XoS now supports wide match ACLs with 362 bit double wide key as opposed to standard 181 bit single wide key including IPv6 src and dst.ACL is a list of (user, rights) pairs attached to object• e.g., [(Alice, read/write), (Bob, read)] for file /data/stuff.txt• authorization: look up identity of principal in ACL, and grantenumerated rightsDrawbacks:• requires authentication to establish identity• identity must be established across machines• ACLs must be kept up-to-date across machines and in the face ofnetwork failure or partitioning• potential for inconsistent or incomplete ACLs• that is, hard to correctly implement policy across machines• hard to delegate authorization duties• hard to pass along access rights to othersadvantages:• no authentication required (no identity checks)• no need to establish identities• no ACL-like metadata that must be kept up-to-date• no possibility for inconsistency or incompleteness since no metadataexists• can delegate authorization duties by granting authorizationcapability• can selectively grant rights to others• can enforce Principle of Least Privilegereal-world examples of capability-like objects:• car keys• car doesn't check your identity before starting engine• can give car keys to valet without worrying about valet entering your house
OpenFlow allows network applications and controllers running on external servers to define packet handing within each switching element in a network. OpenFlow got another boost when the Open Networking Foundation (ONF), which is focused on promoting a new approach to networking called Software-Defined Networking (SDN), was established by six of the largest network operators, including Google, Microsoft, Verizon and Yahoo.
Firewalls, Intrusion Detection and/or Prevention systems are point security products that protect the internal network from the public WAN or Internet. Turning these devices 180 degrees and deploying them facing the internal LAN user as a way to segment the internal network is costly because the number of firewalls and IPS/IDS’ will dramatically increase. Typically, only one or two firewalls and IPS/IDS’ are needed to protect the internal network against the public WAN link. In contrast, the internal network significantly has more network entry points, which require a greater number of firewalls or IPS/IDS.Extreme Networks® Identity Manager feature provides abest-of-breed solution to bring user profiles, device,location, and presence awareness to network managerswhile enabling enforcement of corporate policies atevery network point of entry. Identity Manager providesnetwork-wide viewing and reporting of identities andalso helps administrators manage network-widerole-based policies for both users and devices. Applyingthat intelligence consistently across the network enablesseamless mobility and on-demand access to applicationsto maintain business continuity.Challenges leading to security and compliance deficiency:• No transparency of enterprise-wide access rights is currently available• Firewalls’ enforcement points create more internal network entry points with more complex policies• Troubleshooting can take longer and amplify security risks when multiple devices and applications are involved• Implementing the compliance framework is not automated• Monitoring wrongfully accumulated access rights is difficultExtreme’s Data Center Networking solutions and products are strong and still growing. We have set the pace with a Four-Pillar Data Center Strategy one year ago, which coincidentally has been mimicked by Cisco with a Three-Pillar DC Strategy. Extreme is currently #2 in Top of Rack (TOR) Data Center Switch market and this is an indication that customers are accepting solutions from Extreme and deploying Extreme gear in mission critical DCs. Cisco’s announcement covers, network, compute and services solutions, as the notion of being a single vendor Data Center solution provider (as in the days of IBM Mainframes). This is not in the best interest of customers seeking open standards and internetworking products. Extreme will thrive to push open networking standards and solutions, providing well architected networking products, allowing our customers to pick the best of breed servers, storage devices and appliances for their Data Centers.
Most enterprises start their virtualization journey with server consolidation. Progressing beyond that first step is the key to reap the true ROI rewards from their investments.Yet most enterprises are stuck at the consolidation stage and, therefore, have yet to realize the benefits of virtualizing business applications, implementing virtual systems management, creating self-service portals or automatically provisioning workloads. It is fair to say that over the last ten years that data center LAN design has been somewhat staid. For example, over the last decade most data center LANs were designed around a number of key technologies, requirements and design concepts. That includes the use of the spanning tree protocol at the link layer to ensure a loop-free topology; the use of Ethernet on a best-effort basis by which packets may be dropped when the network is busy; the need to support applications that are neither bandwidth intensive nor sensitive to latency; the use of switches with relatively low port densities; the use of a three tier LAN design and the separation of the data network from the storage network. Today’s hypervisors utilize an internal “virtual switch” which facilitates communications between virtual machines (VMs) within a server and between those VMs and the rest of the network. This virtual switch adds a fourth tier to the network infrastructure. Many blade servers today utilize an internal “blade switch” to aggregate traffic for each of the physical servers within the blade server chassis. These switches add a fifth tier to the network. The combination of virtual switches and blade switches raises the number of tiers from 3 to 5 – significantly increasing latency and increasing the number of network elements within the data center. This increases the complexity of data center management.From Physical to Virtual to Cloud - To solve the challenges of the evolving data center landscape, Extreme Networks developed a scalable network infrastructure solution that enables users to migrate from a traditional or “physical” network to a virtualized network, to a location-independent cloud network, without forcing a certain technology, or operating methodology on the user.Extreme Networks accomplishes this with solutions that leverage applied performance through a flexible network architecture built on a family of fixed and modular switching platforms that enables a flattening of network tiers while providing the network scale to meet the needs of the future. Extreme solutions also provide network-level awareness that enables a network to be highly automated, virtual machine (VM) aware, cloud-ready and easily integrated into the world around it.Switching Platforms for the data center are flexible and avoid locking organizations into using a single vendor or proprietary technologies that contribute to increased TCO and limit future choice; products and services have innovative functionality that meets existing requirements and provides the flexibility to adapt to future requirements. In addition, Extreme’s vision blends new technology with existing infrastructure (no-fork-lift required), existing expertise, and industry-standard approaches designed to drive down TCO and complexity.
Flattened Layer 2 architectures Data center switches must support high performance low latency and high bandwidth in a port-dense configuration. CPU overhead is one of the main sources of latency from processing the TCP/IP protocol stack Remote Direct Memory Access and TCP offload can help reduce server processing overhead. 10 Gigabit Ethernet can significantly lower latency compared to Gigabit Ethernet. A typical 10GbE NIC will have a latency of under 10 microseconds, where a 1000BASE-T NIC will usually be over 50 microseconds. Non-blocking between access and aggregation layers for best performance in east-west computational traffic replacing Spanning Tree Protocol to detect loops in Layer 2 networks A modular approach of scaling the data center by building out replicated racks and rows of servers, storage and networking can shrink data center footprint, enable faster communication across fewer hops, and minimize overall application latency.A low blocking ratio 2 between access and aggregation layer is used to minimize the latency in east-west application traffic within the data center. A much higher oversubscription ratio is acceptable between aggregation layer switching to the core routers; the amount of bandwidth needed to send traffic destined to the Internet in most financial calculations is much smaller than the bandwidth needed to carry the east-west computational traffic from within the data center. A low oversubscription ratio, or blocking ratio, is also a key requirement for maintaining application performance in the scaled-out data center. Simply put, oversubscription ratio is the amount of uplink bandwidth divided by the amount of server bandwidth. Acceptable oversubscription ratios vary depending on the application and the number of hops in the network. To prevent application bottlenecks, a low oversubscription ratio can increase application performance and decrease latency for market data applications. Higher oversubscription ratios lead to network congestion and drives up latency. In the financial services data center, most traffic is concentrated in east-to-west computational direction—therefore requiring a much lower oversubscription ratio than north-south traffic volume (to and from the Internet). With server virtualization gaining broad adoption, complexities of switching traffic between virtual machines both within a server and across servers are increasing. A VEPA based approach to inter-VM switching provides an interesting and attractive alternative to the traditional virtual switch based approach. Standards efforts are underway to provide the capabilities needed in the network and server infrastructure to support VEPA.
The data center is changing rapidly. Enterprise and service providers alike are looking to provision applications on the fly, scale applications seamlessly, and simply submit jobs without worrying about server capacity, memory or even location.Blade servers, rack servers, multi-core processors of virtualization are enabling a high degree of consolidation in the data center. These technologies have led to a much greater computational density in the server, rack and data center. As a result, enterprises have been able to greatly reduce the number of and physical footprint of their data center locations. It is very common for enterprises today to look to host their data centers in two or three locations as opposed to 10 or greater. Efficient power management is becoming key. Costs of power are increasing as new high density data centers draw more power and cooling. Governments around the world are putting caps in place as they look to reduce carbon emissions. Data center administrators are looking to optimize power consumption by automating power management. An example of this is being able to follow the moon models due to lower power costs at night.There are many similarities between enterprise and managed hosted with enterprise data centers looking more like service providers having application level SLAs with internal departments.
Today, only a handful of products aimed at managing virtual environmentscan also manage physical machines, and for good reason: Even themost modest of data centers will already have an array of tools for monitoringand maintaining physical servers and other devices. To some,bundling physical management capabilities into a tool aimed at hypervisorsseems almost silly—like bundling a turntable on top of an iPod.But maybe it’s not so silly. Many customers might see Themselvesat war with legacy IT management techniques. Server virtualization has upended thedata center and it’s easy toforecast that IT pros are going to be spending more time configuring,deploying and managing a virtual environment. Why make them stepout of a virtualization console when it comes time to bring more desktops or servers online?Everybody loves a circus, but not when it’s running wild in your data center. As IT shopsembrace virtualization, they may find themselves in a three-ring management nightmare. Themajor virtualization vendors all offer a suite of tools to help control their own environments,but they lack robustcross-hypervisor support and completely ignore the physical devices youstill need to manage. At the same time, IT is deploying multiple species of hypervisors. VMware may have Software based Security Services implemented in conjunction with the Nexus v1000 is another attempt to cajole customers to buy into the soft-switch model pressed by Cisco and VMware. Though widely implemented and supported by VMware, soft-switches and attached applications inherently consume CPU cycles, an expensive commodity in the Data Center. Performance and capacity of soft-switch based solutions are questionable, and forces customers to limit the number of VMs deployed within a single host server due to soft-switch capacity and limits. Extreme’s see 802.1Qbg based Direct Attached architecture as simple and open way to deliver a multi-vendor toolbox. The Direct Attached Architecture allows VMs to directly communicate to the network adapter without a burden on the hypervisor or host computer’s CPU. This allows the adjacent network switch to forward as well as control this traffic while implementing hardware based network controls such as ACLs, QOS, Rate Limiting, and use of network appliances such as Firewalls, and IPS/IDS devices, at line rate, in hardware.A Storage License Feature is required to implement Fibre-Channel or FCOE – a hidden cost to customers that is marketed as a “flexible option”. The FCOE implementation available in October is based on a not yet ratified standard. Though not widely adopted by the industry, as anticipated earlier, FCOE offers some benefits to storage access, albeit at a cost. Priority Flow Control (PFC), Quantized Congestion Notification (QCN), Enhanced Transmission Service (ETS) and Data Center Bridging eXchange (DCBX) protocol are vital to the success of FCOE implementations over a network, unless implemented in a single switch. As a consequence, the VEPA based approach has the promise of being able to scale up virtualization deployments, reduce complexity and cost, and speed up the adoption of virtualization. Despite some of the advantages of a VEPA based approach, there may be some select environments where switching inter-VM traffic within the server may be desirable. For example, there may be environments where a physical server is heavily loaded with virtual machines that have significant inter-VM communication and it is desirable to keep the inter-VM traffic within the server to minimize latency. In such scenarios, one possible approach may be to bypass the hypervisor based software virtual switch and leverage the switching capabilities that newer NICs are providing in hardware, based on upcoming I/O virtualization capabilities such as SR-IOV. Still, the operational complexity of such an approach along with the security and cost considerations need to be carefully weighed before fully operationalizing the “network within the server” model. It’s a mistake to assume you can use your existing monitoring tools in a virtualized environment.Not only do you need to add core monitoring components for your hypervisors, youmust also modify your monitoring parameters and thresholds for newly virtualized servers.Remember, avirtualized server doesn’t use CPU cycles in the traditional sense, nor can you usethe same threshold for available memory and disk space. Legacy Monitoring vendors such asSolarwinds and Ipswitch (maker of WhatsUp Gold) have kept up by updating their core monitoringsystems and templates to support virtual servers and desktops.
It's common knowledge that virtualization enables server consolidation, cuts costs and improves overall IT efficiency, but not everyone knows that virtualization can dramatically increase the manageability and flexibility of data recovery for critical systems. In fact, virtualized Disaster Recovery promises better-optimized hardware, more redundant backups, and faster clones and restores. Virtualized DR enables new capabilities, such as the ability to transport an entire operating system, configurations and data in one move, without the need to take dissimilar hardware into account. Direct Attach™ (Future)Industry support for standardization802.1Qbg compliant Moves switching functionality back to the networkReduces management complexityIncreases performance & securityXNV (ExtremeXOS Network Virtualization) - XNV™ is a set of licensable software modules for both the ExtremeXOS® based switching product portfolio, as well as for Extreme Networks EPICenter®, a network provisioning and management application. XNV brings insight, control and automation for highly virtualized data centers to the network.XNV provides centralized network-based virtual machine (VM) inventory, VM location history and VM provisioning. XNV achieves this through EPICenter, which interfaces through standard application programming interfaces (APIs) to virtual machine management platforms such as VMware vCenter, Citrix and others. XNV allows centralized network-based configuration and distributed network-based enforcement of network-level capabilities down to the individual virtual machine level. XNV does this through a virtual port profile (VPP) which can be associated with individual virtual machines in a centralized manner through EPICenter. VPPs allow configuration of access control lists (ACLs), Quality of service (QoS), rate limiting, and other capabilities to individual virtual machines. VPPs are enforced through the ExtremeXOS enabled network switches running XNV. XNV provides automated VM lifecycle tracking of virtual machines in the network as VMs migrate from server to server, as well as the ability to automatically move the VM’s VPP to the appropriate network switch and enforce the VPP-based parameters and policies in real time. Several different solutions are being proposed to address some of these challenges, including VEPA. VEPA is proposed as a promising alternative to the virtual switch; both in the standardization track, as well as by a broad set of industry vendors. A VEPA in effect takes all the traffic generated from virtual machines on a server and moves it out to the external networkswitch. The external network switch in turn provides connectivity between the virtual machines on the same physical server as well as to the rest of the infrastructure. This is accomplished by incorporating a new forwarding mode on the physical switch which allows traffic to “hairpin” back out the same port it came in on, to facilitate inter-VM communication on the same server. The “hairpin” mode (or “reflective-relay” as it is also called) reflects a single copy of the packet back to the destination or target virtual machine on the server as and when needed. For broadcast or multicast traffic, the VEPA provides packet replication to each VM locally on the server. Traditionally, this “hairpin” mode behavior was not supported by most network switches due to the possibility of causing loops and broadcast storms in a non-virtualized world. However, many network vendors are beginning to support this behavior to address virtual machine switching, using a simple software or firmware upgrade. This behavior is also being standardized as part of the IEEE working group 802.1Qbg. A VEPA can be implemented on the server either in software as a thin layer in the hypervisor, or can be implemented in hardware in NIC cards, in which case it can be used in conjunction with PCIe I/O virtualization technologies such as SR-IOV. An example of a software based VEPA implementation is available in the Linux KVM hypervisor. A VEPA in effect moves switching out of the server and back into the physical network and makes all virtual machine traffic visible to the external network switch. By moving virtual machine switching back into the physical network, a VEPA based approach makes existing network tools and processes work consistently across both virtualized and non-virtualized environments as well as across hypervisor technologies. Network based appliances such as firewalls and IDS/IPS, as well as mature network switch functionality like Access Control Lists (ACLs), Quality of Service (QoS),and port mirroring, all become immediately available for VM traffic and inter-VM switching, thus reducing or eliminating the need to qualify, test and deploy costly new virtual network appliances.Additionally, a VEPA brings network administrative control back to the network administrator, providing a single point of control for provisioning, monitoring, and troubleshooting all virtual machine related networking functions. Offloading the network functions from the server to the network switch also has the benefit of freeing up server resources and making them available for applications, while providing the advantage of wire speed switching between both virtualized and non-virtualized servers; from 1Gbps to 10Gbps to 40Gbps and moving to 100Gbps. Direct Attach™ — Technology that enables switching of VMs from the physical switch resulting inreduced switching tiers in the network, thereby enabling better design and management of the datacenter network.Does the Direct Attach feature require specialized hardware support?No, as long as the underlying virtual switch of Hypervisor supports VEPA. For instance, on Linux KVM(Kernel Virtual Machine) a version 2.6.32 or higher should work. However, with older kernel versions, theMAC/VLAN driver should be enabled in order for Direct Attach to work. On VMware, Exar’s/Neterion’sX3120 10GbE adapter should be configured in VMDirectPath mode to “bypass” Hypervisor switching andallow inter-VM traffic to be switched at switch.Do XNV or ID Management require any special license or feature pack?No. On ExtremeXOS, no special license or feature pack is required for these features. It is highlyrecommended to manage these features via EPICenter® – as it provides a centralized place to configureand monitor policies for XNV and ID Management. Please refer to the ExtremeXOS concept guide/datasheet to check on which platform these features are supported.
The vSwitch runs within the Hypervisor and is thereforespecific to the hypervisor deployed in the data center.Today, VMware, Microsoft and Citrix all include their ownvSwitches with their hypervisors. In addition, somenetworking systems vendors have introduced vSwitchproducts (notably the Cisco Nexus 1000) for additional cost. A key point to understand is that each physical serverrequires a virtual switch. For example, a rack with 40 1Uservers installed would run 40 instances of a virtual switch.A blade server with 16 server blades would run 16 instancesof a virtual switch. The number of vSwitches in a networkscales 1:1 with the number of servers running virtualization.Each of these vSwitches must be managed and configured.Today’s hypervisors utilize an internal “virtual switch” which facilitates communicationsbetween virtual machines (VMs) within a server and between those VMs and the rest of thenetwork. This virtual switch adds a fourth tier to the network infrastructure.Many blade servers today utilize an internal “Blade Switch” to aggregate traffic for eachof the physical servers within the blade server chassis. These switches add a fifth tier tothe network.The combination of virtual switches and blade switches raises the number of tiers from 3 to5 – significantly increasing latency and increasing the number of network elements withinthe data center. This increases the complexity of data center management.Extreme NetworksDirect Attach™ eliminates the virtual switch layer, simplifying the networkand improving the performance. Extreme Networks high density BlackDiamond®8800series switches with 8900-series modules further enable data center simplification byutilizing high density blades and cabling to eliminate the blade switch, thereby reducing thenumber of tiers in the data center from 5 to 3.Today’s data center networks are architected and defined as“tiers”. Typically, there is a “network core” which is thecentral connection point of all data center equipment. Thisis the “first tier” of the data center architecture. This coremay be a single switch, or more typically a cluster ofredundant switches that connect all of the assets: networkelements, security and servers. The “second tier” of thenetwork is a series of aggregation switches that connect the access switches to the core. This tier is used in large datacenters, but may not be necessary in mid-sized datacenters. The third tier of switches is typically referred to asthe “access layer” and provides for the direct connection ofservers. These access switches are often referred to as“Top-of-Rack” or “End-of-Row”.This model – whether two or three tiers based on size – hasbeen used for many years and is well understood.
vSwitch Benefits:The concept of the vSwitch was created by the hypervisorsuppliers as a way to communicate with the network. Untilnow, the vSwitch has been the only way to manage communicationsbetween VMs within the server, and between VMsand the users.vSwitch Issues:Security: The primary function of the vSwitch is to enableVM-to-VM communication within the server. Because thevSwitch itself is in the server, any traffic between VMs isinvisible to the outside network. This makes it verydifficult to detect any security issues that may be created bya rogue VM.Visibility for Network & System Management: Again,because traffic between VMs is hidden from the outsideworld it isvery difficult to monitor traffic and to managetraffic between VMs. Traditional network tools that rely onport mirroring do not work in this environment.Unpredictable Performance: vSwitches perform forwardingand all network functions in software without the benefitof wire-speed hardware switching. The performance of thevSwitch, and thereby the networkperformance of theserver, is dependent upon the CPU resources available,which in turn is dependent upon the application load onthe VMs. This can create a conflict in server optimization:as server loading increasesdue to the efficiency improvementsin virtualization, performance on the network mayactually decrease, offsetting the improvements createdby virtualization.Additional Layer in the Network: The vSwitch adds a“fourth tier” to a typical data center network. This layerincreases end-to-end latency of the network by creating anadditional “network hop”.
Direct Attach is Extreme Networks implementation ofvirtual machine switching done in the network. Variousvendors have taken the path of implementing virtualmachine switching within the server through the hypervisorvirtual switch (vSwitch). Extreme Networks Direct Attachapproach takes the path of moving virtual machine switchingback into the network and out of the server domain.This allows administrators to leverage mature, well understoodand fully capable network switches at wire speed forvirtual machine switching, while still enjoying the benefitsof server virtualization.In essence, Direct Attach allows Virtual Machines to be“directly attached” to the network without going through asoftware switch on the server. In doing this, Direct Attachenables reduction in switching tiers by eliminating thevirtual switch tier which in turn, reduces cost, end-to-endlatency, and oversubscription in the network, as well assimplifies management. Finally, it allows uniform networkbased enforcement of security, compliance and regulatorypolicies in a hypervisor agnostic manner.In addition, high fan-out switch blades and specializedcabling solutions further simplify the network by providinga way to directly attach the blade servers in a blade serverchassis to the data center network.How Direct Attach WorksThe Direct Attach software package is an ExtremeXOSloadable module that is installed on any ExtremeXOS basedExtreme Networks Summitstackable switch (includingthe Summit X450, Summit X480, Summit X650) orBlackDiamond 8800 series switches with 8900-series modules.The Direct Attach software manages the data on a switch’sport by classifying it by VM and then forwarding based uponthe switch’s Layer 2/Layer 3 forwarding protocols. Althoughall packets are transmitted/received from the physicalserver, all switch policies are applied to the individualstreams from the VM. More Predictable, Higher Performance: With DirectAttach there is no software forwarding of packets within theserver. All packet forwarding is done at wire speed in theEthernet switch. The result is fast, predictable performanceat any server loading factor.
Cisco has crafted a unified data center portfolio by augmenting the current productofferings to support storage access (with the 2nd generation Nexus 5K), security and monitoring in thevirtualization platforms (with the Virtual Security Gateway), and availability and acceleration (with the virtualWide Area Application Services vWAAS) products.Software based Security Services implemented in conjunction with the Nexus v1000 is another attempt tocajole customers to buy into the soft‐switch model pressed by Cisco and VMware. Though widelyimplemented and supported by VMware, soft‐switches and attached applications inherently consume CPUcycles, an expensive commodity in the Data Center. Performance and capacity of soft‐switch based solutionsFor Internal Use Only. Extreme Networks Confidential and Proprietary. Not to be distributed outside of Extreme Networks, Inc.are questionable, and forces customers to limit the number of VMs deployed within a single host server due tosoft‐switch capacity and limits.Extreme’s 802.1Qbg based Direct Attached architecture, allows VMs to directly communicate to the networkadapter without a burden on the hypervisor or host computer’s CPU. This allows the adjacent network switchto forward as well as control this traffic while implementing hardware based network controls such as ACLs,QOS, Rate Limiting, and use of network appliances such as Firewalls, and IPS/IDS devices, at line rate, in hardware.Storage License Feature is required to implement Fibre‐Channel or FCOE – a hidden costto customers that is marketed as a “flexible option”.The FCOE implementation available in October is based on a not yet ratified standard. Though not widelyadopted by the industry, as anticipated earlier, FCOE offers some benefits to storage access, albeit at a cost.Other control protocols, namely Priority Flow Control (PFC), Quantized Congestion Notification (QCN),Enhanced Transmission Service (ETS) and Data Center Bridging eXchange (DCBX) protocol are vital to thesuccess of FCOE implementations over a network, unless implemented in a single switch. No mention wasmade on supporting these protocols in this announcement, placing doubt on the ability for Cisco to deliverthese solutions for large‐scale deployments.Extreme’s Data Center Networking solutions and products are strong and still growing. We have set the pace witha Four‐Pillar Data Center Strategy one year ago, which coincidentally has been mimicked by Cisco with a Three‐Pillar DC Strategy. Extreme iscurrently #2 in Top of Rack (TOR) Data Center Switch market and this is an indicationthat customers are accepting solutionsfrom Extreme and deploying Extreme gear in mission critical DCs. Cisco’sannouncement covers, network, compute and services solutions, as the notion of being a single vendor DataCenter solution provider (as in the days of IBM Mainframes). This is not in the best interest of customers seekingopen standards and internetworking products. Extreme will thrive to push open networking standards andsolutions, providing well architected networking products, allowing our customers to pick the best of breedservers, storage devices and appliances for their Data Centers.
More Comprehensive Network Capabilities: Today’sEthernet switches have very sophisticated features thatinclude Quality of Service, security features (such as ACLs)and many other capabilities that have been developed overmany years. With Direct Attach, all of these capabilities areavailable to all of the VMs in the data center.Fewer Network Elements to Manage: In a data centerwith 10 racks, each with 40 1U servers, Direct Attachrequires 10 network elements in Tier 3 and no Tier 4elements. Without Direct Attach, the same 10 racks wouldrequire 410 network elements – the same 10 Ethernetswitches plus 400 vSwitches! This example, represents a98% reduction in the number of network elements thatneed to be configured,managed and possibly debugged.Improved Security: With a vSwitch, traffic between VMs isnever sent outside of the server. This makes it difficult toimplement switch security features such as dynamic accesscontrol lists or to enable external security devices that needto be in-line. With Direct Attach, all VM to VM traffic with aserver is visible to the network switch and is processedthrough the security features of the Ethernet switch such asACLs and/or port mirroring.Manageable: Direct Attach puts the management of alldata center switching back in the hands of the networkmanagers, eliminating any conflict with server administration.Simpler Management across Hypervisors: Direct Attach is hypervisor agnostic and will be able to be used with mosthypervisors. The result is that management of all networkfunctions is consistent across the data center that usesmultiple vendors for hypervisors/virtualization.Switch Design and Cabling; In addition to eliminating the vSwitch with its Direct Attacharchitecture, thisExtreme Networks solution offersadditional benefits. The BlackDiamond 8800 provides highdensity Gigabit Ethernet ports utilizing MRJ21 high densityconnectors. The MRJ21 integrates 6 full bandwidth GigabitEthernet ports into a single, flexible cable. With the abilityto support up to 96 ports per blade and 768 ports perchassis with 1/6 of the number of cables typically used, thisprovides great flexibility when connecting a blade serverchassis to the network.
When there is change, when there is a dislocation in technology, it creates an opportunity. An opportunity for companies with strong assets and strong visions to move quickly, to take advantage of the discontinuity and establish leadership. Market share changes often happen during times of market transitions. The growth in the data center market and the shift toward virtualization creates an opportunity for Extreme. That is because, in our view, virtualization is a networking problem. And we are in a strong position to solve this problem because of our great technology assets -- specifically our software – Extreme XOS and EPICenter.The emergence of virtualization technology has transformed the modern data center by improving server utilization, reducing power requirements and increasing both availability and scalability. At the same time, the requirement for server density has led to the growth in blade servers. These trends have had an impact on data center networking. A typical “non-virtualized” data center has three network layers:Top-of-Rack Switch: interconnects the servers in a rack End-of-Row Switch: interconnects the racks Core Switch: Interconnects all rows and other devices Driving this is a need for greater efficiency, and to enable tomorrow's higher speeds and lower latencies. Right now, each time a packet arrives at a switch, it needs to be unpacked to ascertain where it's come from and where it's going. That's a lot of unpacking that occurs millions of times per second -- and in computing terms, it's an expensive operation.Maybe your storage group is looking to upgrade to Fibre Channel over Ethernet, a nascent technology that may ultimately do away with SANs as we know them. Far from being fearful of FCoE, LAN managers should embrace this development, because placing storage traffic on the network in the form of raw SCSI communications allows for a more efficient data center footprint. No duplicate infrastructure needed to handle writing data to disk arrays. This convergence lowers not only cabling requirements and costs, but also energy, cooling, and physical space demands. Of course, storage traffic needs to be delivered without any packet loss and as quickly as possible. While UC performance problems become evident through frozen frames, choppy voice, or the inability of your security team to see in a particular area of the building, storage performance glitches will manifest via delayed reading and writing of just about everything. This is a critical requirement in data centers today because a lot of the innovations going on with Ethernet and a lot of the demand for all these changes in data centers are meant to address lower latencies..
Bringing network-level insight and visibility into the virtual machine lifecycle:From the time a VM is created by the server administrator, to the time it is activated, moved, and finally deactivated, complete visibility—both present as well as historical—is made available to the network administrator. Being able to pinpoint the location of a VM in the network, down to the individual network switch and switch port along with the VM’s attributes and location history, as well as having visibility of the complete network-based VM inventory will greatly simplify troubleshooting, reduce the coordination required between server and network administrators, and result in less application downtime and better service level agreement (SLA) response times. Dynamically tracking and enforcing VM attributes in the network in an automated manner:This is a key requirement to making the network efficient at supporting virtualization. Since virtual machines can move dynamically from server to server, the network needs to be able to track the movement of the virtual machines, and move the network profile or attributes of the virtual machine automatically to the Extreme Networks White Paper target switch that the VM moves to in order to enforce those attributes in real time. All this needs to be done in an automated manner in order to reduce configuration errors and minimize service disruptions. Providing this level of automation will also significantly reduce network and server team interdependency and greatly simplify and streamline the operation of the data center. Hypervisor-Agnostic Operation:Many data centers are beginning to deploy multiple virtualization technologies. One of the advantages of moving more networking functionality out of the server and into the network is to be able to support heterogeneous virtualization environments. For that reason, any support the network provides in terms of virtualization needs to be made available across multiple hypervisors and without any change to the server operating environment. Investment Protection:Virtualization can be enabled on existing server infrastructures. It is important that capabilities provided in the network infrastructure to support virtualization be made available on existing networking products as well in order to minimize hardware upgrade cycles and provide investment protection. This also allows administrators to phase their virtualization plans without requiring a “rip-and-replace” policy.
Extreme Networks Carrier Ethernet Transport solutions enable service providers to:Increase Network LongevityPowerful Ethernet Transport solutions designed for carriers delivering residential triple-play, business Ethernet, mobile backhaul, and wholesale Ethernet services over a common transport network Wide range of high-performance 10 GbE and 100-GbE ready Ethernet Transport systems built to support the explosive video traffic demand Simplified service engineering that maximizes network efficiency EAPS EnhancementsFeature DescriptionPBB access to core and Priority domainsFeature ValueIncreased availability for select VLANs EAPS will recognize any SVLAN/CVLAN to BVLAN mapping with PBB access (20K)Allow the user to prioritize EAPS domains thus allows VLANS in high priority domains to be blocked/unblocked first, to minimize convergence timesPlatformAll platforms (Priority Domain)Lower Operational Expenses with Easy-to-Operate Next-Generation NetworksPoint-and-click service provisioning that significantly reduces operator errors during service roll-outs Lower annual maintenance expenses due to reduced number of network elements, lower service contract cost, and lower power and space requirements Enhance Subscriber Experience with Proactive Service ManagementIndustry-leading resilient Ethernet ring protocol for service continuity when links fail Service management software with visual service monitoring for simplified troubleshooting Industry-standard Ethernet OA&M designed to accelerate resolution of service problems
Ridgeline™ Service Advisor is service management software with powerful features that enable carriers to monetize their networks by shifting from reactive circuit monitoring to proactive service management. Ridgeline Service Advisor unifies service fulfillment, service assurance, and service engineering so carriers can effectively manage next-generation residential triple play, business Ethernet, wholesale Ethernet, and mobile backhaul services.Ridgeline Service Advisor Service Fulfillment - Simplify and accelerate the turn-up of new services Service Assurance – Improve subscriber loyalty by visualizing and assuring the service Service Engineering – Improve network efficiency with simplified traffic and transport engineering Operational Simplicity – Reduce operating costs with an easy-to-use management software Security – Secure the network EPICenter Detailed topology view with alarm integration, intelligent alarm systems with customization and more Flexible scripts, macros and ExtremeXOS® CLI script management for easier and quicker configuration Provide voice-class availability through real-time data monitoring and statistics End-to-end network service visualization and monitoring Flexible and intuitive user interface Extreme Networks Policy Manager (EPM) Client-based software designed to help IT staff quickly and efficiently create and manage ACLs and CLEAR-Flow rules on ExtremeXOS switches Real-time interaction with the switches Improves efficiency and accuracy of both ACL and CLEAR-Flow rules management Helps prevent ACL mis-configuration which can lead to security breaches eToggle Extreme Networks iPhone™ Application for Conference Rooms Allows enabling and disabling of ports on Extreme Networks Ethernet switches Helps make public conference rooms and other areas more secure Personal Identification Number (PIN) prevents unauthorized access to application Freely available source code can serve as a template to create your own iPhone apps to control and monitor Extreme Networks Ethernet switches
Technical Assistance Center (TAC)Extreme Networks provides global coverage 24x7x365 with TAC offices worldwide. Extreme Networks TAC team provides personalized assistance via telephone, web (eSupport) or email to quickly resolve networking questions or issues. An Extreme Networks technical support specialist will provide a telephone callback within two (2) hours of your call. Email support will be provided within twenty-four (24) hours. Upon receipt of notification of a defective product under a current support contract, TAC will troubleshoot and determine if a replacement product is required. If a replacement product is required, Extreme Networks will replace such product in accordance with the Support Plan purchased for such product.When returning defective product to Extreme Networks, the Return Material Authorization (RMA) policy must be followed, as set forth at:The password-protected eSupport web site is a valuable resource that contains up-to-date information and technical documentation to enable you to quickly research issues and find answers to your questions. In addition, this technical support site may include access to software updates, information on software upgrades, and technical support alerts. Software updates are included within the cost of support for those assets specifically covered by a current support contract. You may only install one (1) copy of the update for each product for which the update is provided. Extreme Networks may impose additional charges for software upgrades, in which case you may only install one(1) copy of the upgrade for each product for which the upgrade is purchased. Extreme Networks will use commercially reasonable efforts to ensure web access is available 24x7x365, but is not responsible for Internetdowntime beyond its reasonable control.Extreme Networks will provide onsite replacement of a defective product with a like or equivalent product model in accordance with the response times for each applicable Service Plan. Response times are measured from Extreme Networks determination that onsite product replacement is required. NBD Onsite Services and 4 Hour Onsite Services are not available under the PartnerWorks Plus Support Program. Extreme Networks is not responsible for any delays related to export or customs regulations or processes, or transportation issues.The important thingsto consider when beginning the purchase of networking solution are:Buy from a reseller who will provide installation, configuration and support.Find a trusted network adviser, whether that be a local reseller, independent consultant or service company. Let them help you plan and implement your network correctly to keep it invisible to your users.Plan for 100 percent growth. If you need 500GB (gigabytes) of local storage now, get a shared storage system that provides 1TB (terabyte) to be ahead of your growth curve. Think of security first when considering network additions. Thinking of security after the fact leads to lousy security.
Data CentersData center managers face uniquechallenges, such as virtual machinemobility and security. ExtremeXOSsupports multiple capabilities and featuresto support this ever-evolving environment.XNV™ (ExtremeXOS NetworkVirtualization) is a set of licensablesoftware modules for both theExtremeXOS based switching productportfolio, as well as for EPICenter, anetwork provisioning and managementapplication. XNV brings insight, controland automation for highly virtualized datacenters to the network.ExtremeXOS also supports Direct Attach,which eliminates switching at the virtualswitch layer, simplifying the network andimproving performance. Direct Attachenables data center simplification byreducing network tiers from 4 or 5 tiers tojust 3 or 2 tiers, depending on the size ofthe data center.Priority-based Flow Control (PFC), orIEEE 802.1Qbb, allows network traffic tobe controlled independently based onClass of Service. PFC allows networktraffic that requires lossless throughput tobe prioritized, while other traffic types thatdo not require or perform better withoutPFC can continue as normal.Multi-Switch Link Aggregation Groups(M-LAG) can address bandwidth limitationsand improve network resiliency, inpart by routing network traffic aroundbottlenecks, reducing the risks of a singlepoint of failure, and allowing load balancingacross multiple switches.
DDMI (Digital Diagnostics Monitoring Interface) support allows monitoring the health of various transceivers. With DDMI, the user has capability of performing component monitoring, fault isolation and failure prediction functions on their transceiverbased applications.The SFP+ modules are hot-pluggable. Hot pluggable refers to plugging in orunplugging a module while the host board is powered.The enhanced digital interface allows real-time access to device operating parameters, and includes optional digital features such as soft control and monitoring of SFP I/O signals. In addition, it fully incorporates the functionality needed to implement digital alarms and warnings, as defined by the SFF-8472 MSA. With the digital diagnostic monitoring interface, the user has capability of performing component monitoring, fault isolation and failure prediction functions on their transceiver based applications. As stated in the SFF-8472 MSA, the diagnostic monitoring interface (DMI) is an extension of the serial ID interface defined in the GBIC specification, as well as the SFP MSA. Both specifications define a 256- byte memory map in EEPROM that is accessible over a two-wire serial interface at the 8-bit address 1010000X (0xA0). The digital diagnostic monitoring interface makes use of the 8-bit address 1010001X (0xA2), so the originally defined serial ID memory map remains unchanged. The interface is backward compatible with both the GBIC specification and the SFP MSA.
Carriers all over the world are facing explosive demand for bandwidth, driven by residential triple-play, business Ethernet, mobile backhaul, and wholesale Ethernet services. In an effort to keep up with demand and maximize revenue opportunities, they are deploying next-generation networks that provide converged IP services over a common Ethernet transport infrastructure. Converging IP services over a common transport network, however, increases operational complexity. With potentially hundreds of thousands of subscribers with varying service requirements, the complexity of provisioning, troubleshooting, and maximizing network efficiency increases significantly. Meanwhile, both residential and business subscribers are constantly on the lookout for new services that offer them the best possible value. With intensified competition, carriers must differentiate themselves by rapidly deploying new, compelling services and creating the best possible subscriber experience.These challenges drive carriers' requirement for high-performance Ethernet Transport solutions that meet the performance objectives of services and are more affordable, simpler to operate and flexible enough to meet the ever-changing requirements of the industry.Extreme Networks® offers a broad portfolio of high-performance Carrier Ethernet Transport solutions which provide the flexibility that service providers need to meet the growing demand for IP and Ethernet services within budget while offering ample room for growth without major reinvestments. Ethernet Transport’s simplification of the network yields significant savings in both capital expenses (CapEx) and operational expenses (OpEx). CapEx savings accrue by requiring less equipment to aggregate traffic from more services as well as a simplified operational model. By providing the shift from reactive circuit monitoring to proactive service management, Extreme Networks Carrier Ethernet Transport solutions enable carriers to monetize their networks.Sync-EFeature DescriptionSync-E is a line-timing method for transporting timing information over the Ethernet physical layer similar to SONET/SDHFeature ValueMaintain and increase application qualityPlatformSummit® X460-24x and -48x with Network Timing Feature PackIndividual Line Card SW upgradeFeature DescriptionEnabling update of each blade separatelyFeature ValueIncrease network availabilityLower OPEX by minimizing non-business hour upgradesPlatformBlackDiamond® 20K
Tunable DWDM (Dense Wavelength DivisionMultiplexing) support allows service providersand others to tune SFP optics to a specificfrequency, reducing the need for additionalfiber runs and SFP sparing. ExtremeXOSsupport for the Digital Diagnostics MonitoringInterface support allows service providers tomonitor and diagnose pluggable optics(SFPs) in real-time.Why Tunable Devices?Current DWDM networks are static since unique laser required for each wavelengthProvisioning is a local, manual processExpensive, takes weeksTunable devices enable dynamic DWDM networksFlexible, remote service provisioning under software control Cost savings to carriers by reducing inventory, provisioning and the wavelength contention costsNew revenue generating services to carriers for rapidly provisioned servicesTunable lasers have become the “Holy Grail” for next generation DWDM networks.Tunable lasers, under development for over a decade, have only recently met the basic optical performance requirementsNew developments have allowed tunable lasers to approach performance levels of fixed lasersMaturation of new technologiesIntegration of multiple technologiesBenefits:Rapid service turn-up with ability to rapidly handle churnMaximum flexibility with limited pre-deployment of capitalHighest network availability with additional photonic layer restoration capabilitySimplified network operations and significant OPEX savings Lowest deployed capital costEnables photonic flexibility, thereby reducing EXC core size requirements
ExtremeXOS OS’s sFlow® amd IPFIXstandards-based data monitoring supportprovides Layer 2 – 7 visibility into thenetwork, including statistics on whichapplications are running over your network,biggest talkers, etc.With the ever-increasing reliance on networkservices for business-critical applications,the smallest change in network usage canimpact the performance and reliability of anetwork. This has a direct impact on theability of a company to conduct key businessfunctions and on the cost of maintainingnetwork services. Therefore, it is importantto monitor the network traffic in order tokeep the network operating reliably and atthe right performance level.sFlow is a sampling technology that meetsthe key requirements for a network trafficmonitoring solution: sFlow provides anetwork-wide view of usage and activeroutes. It is a scalable technique formeasuring network traffic, collecting,storing, and analyzing traffic data. Thisenables tens of thousands of interfaces to bemonitored from a single location.sFlow is scalable, thereby enabling it tomonitor links of speeds up to 10 Gigabits perSecond (Gbps) and beyond withoutimpacting the performance even of coreInternet routers and switches, and withoutadding significant network load.IPFIX (Internet Protocol Flow InformationeXport), or RFC 3917, can be used as an alternative to sFlow. IPFIX offers templatesfor the data to be transferred, or networkmanagers can define data types to adapt totheir specific needs.
We take innovation very seriously at Extreme Networks®. Since the start of our company in 1996, it has been a key element in our corporate vision. We focus on creating a culture of innovation, encouraging employees to go beyond the usual solutions. Extreme Networks is responsible for many innovations in the networking industry and our decision to go beyond conventional thinking was essential to these accomplishments. One measure of our success is that these innovations have been embraced by enterprise IT managers and service providers. They rely on Extreme Networks products and services to help them meet their business goals today and to be ready for tomorrow’s tough challenges. We are proud to be among one of the first companies to:Introduce Gigabit Ethernet products that were tested at full wire-speed with zero packet loss Offer patented Quality of Service (QoS) capability on IP/Ethernet networks Deliver carrier-class Ethernet for metro area networks Offer patented network level resiliency protocols for IP/Ethernet networks Deliver a unified solution that allows wired and wireless devices, applications and equipment to share the same infrastructure and management tools Deliver a truly modular switching operating system for enterprises and metro service providers Introduce a voice-class modular switch for the network edge Insight and ControlAs voice, video and data converge network designers everywhere are posing the all important question—What will it take to implement a converged IP network that improves productivity of diverse users accessing the network with a variety of devices, all the while meeting budget restrictions and government mandated security regulations?With meaningful insight and unprecedented control, Extreme Networks can help customers with the demands of their business—merging together converged applications, diverse user groups, multiple device types and security mandates, providing the best possible user experience.
Driven by InnovationSophisticated Ethernet solutions that meet the toughest challenges in network connectivity and IP-based communications.Extreme Networks® of Santa Clara, Calif., founded in 1996, is a publicly listed company that designs, builds, and installs sophisticated Ethernet solutions that meet the toughest challenges in network connectivity and IP-based communications. Throughout its history, the Company has delivered more than 15 Million Ethernet ports and has established a presence in more than 50 countries. The Company increases the value of the network with its advanced software platforms that deliver meaningful insight and control to applications and services. This helps corporate enterprises and service providers who must have high performance, secure networks that support converged voice, video and data. Intelligence is enhanced with an extensible, flexible and secure protocol-based communication capability, allowing devices to talk to one another. Extreme Networks addresses a wide range of customers with wired and wireless network infrastructures. From corporate enterprises such as manufacturers, retailers, financial institutions, utilities and healthcare organizations, to large universities and K-12 school districts to federal and local governments worldwide. To complement its products, Extreme Networks provides a complete selection of professional services and custom offerings, including network design, enhanced visibility into flows and applications, voice and security testing, network kit implementation as well as technical assistance on a 24x7 basis to a global footprint. With Extreme Networks open standards architecture, businesses can easily and safely interoperate with third-party solutions, allowing them to easily migrate to the next-generation converged network and make the choice to move from reactive management of their business operations to proactively manage for growth and efficiency, while preparing for the demanding requirements of the future. Extreme Networks provides smart enterprise solutions to help businesses move to the next level of network awareness.
QoS and VLAN ServicesQuality of Service and Policies• IEEE 802.1D – 1998 (802.1p) Packet Priority• RFC 2474 DiffServ Precedence, including8 queues/port• RFC 2598 DiffServ Expedited Forwarding (EF)• RFC 2597 DiffServ Assured Forwarding (AF)• RFC 2475 DiffServ Core and EdgeRouter FunctionsTraffic Engineering• RFC 3784 IS-IS Externs for Traffic Engineering(wide metrics only)VLAN Services: VLANs, vMANs• IEEE 802.1Q VLAN Tagging• IEEE 802.1v: VLAN classification by Protocoland Port• Port-based VLANs• Protocol-based VLANs• MAC-based VLANs• Multiple STP domains per VLAN• Upstream Forwarding Only/Disable Flooding• RFC 5517 Private VLANs• VLAN Translation• IEEE 802.1ad Provider Bridge Network, virtualMANs (vMANs)• vMANEthertype Translation/Secondary vMANEthertype• Multicast Support for PVLAN• Multicast Support for VLAN Aggregation• VLAN Aggregation (Requires Advanced EdgeLicense or above)• VLAN Translation in vMAN environments• vMAN Translation
True preemptive scheduling and memoryprotection allow each of the manyapplications—such as Open Shortest PathFirst (OSPF) and Spanning Tree Protocol(STP)—to run as separate OS processesthat are protected from each other. Thisprovides increased system integrity andinherently protects against DoS attacks.The ExtremeXOS OS dramaticallyincreases network availability usingprocess monitoring and restart. Eachindependent OS process is monitored inreal time. If a process becomes unresponsiveor stops running, it may be possible automatically restart, or other automaticcorrective actions such as hitless failoverto a redundant management module orstandby stack master can be taken.The modular design of the ExtremeXOSOS allows the upgrading of certainindividual software modules, should thisbe necessary, leading to higher availabilityin the network.Thisincludes security stacks such as SSH andSSL as well as the Converged NetworkAnalyzer VoIP SLA monitoring agent.ScriptingExtremeXOS provides a CLI scriptinginfrastructure. Scripting can be used to addincremental configuration to the networkinfrastructure, such as a list of VLANs to beconfigured. This capability eases the roll-outof networks and reduces configurationerrors. Scripting capabilities, such assystem- and user-defined environmentvariables, and constructs, such as if/thenand loops, allow automating regularmanagement tasks in scripts and deployingconfigurations such as QoS, rate limitingand ACLs, for example, to multiple ports.Scripts can access CLI output, and a richset of Tcl functions provides a utility libraryof string manipulation, search or mathematicalfunctions. By leveraging scripting forswitch configuration, rolling out a newswitch can be reduced to minutes and just afew commands for switch-specific settings.Scripting is also used in the ExtremeXOSUniversal Port framework to define triggerevent actions.
Security, Switch andNetwork Protection• Secure Shell (SSH-2), Secure Copy (SCP-2) andSFTP client/server with encryption/authentication(requires export controlled encryption module)• SNMPv3 user based security, with encryption/authentication (see above)• RFC 1492 TACACS+• RFC 2138 RADIUS Authentication• RFC 2139 RADIUS Accounting• RFC 3579 RADIUS EAP support for 802.1x• RADIUS Per-command Authentication• Access Profiles on All Routing Protocols• Access Policies for Telnet/SSH-2/SCP-2• Network Login – 802.1x, Web andMAC-based mechanisms• IEEE 802.1x – 2001 Port-Based NetworkAccess Control for Network Login• Multiple supplicants with multiple VLANs forNetwork Login (all modes)• Fallback to local authentication database(MAC and Web-based methods)• Guest VLAN for 802.1x• RFC 1866 HTML – used for Web-basedNetwork Login and ExtremeXOS ScreenPlay• SSL/TLS transport – used for Web-basedNetwork Login and ExtremeXOS ScreenPlay(requires exportcontrolled encryption module)• MAC Security – Lockdown and Limit• IP Security – RFC 3046 DHCP Option 82 withport and VLAN ID• IP Security – Trusted DHCP Server• Layer 2/3/4 Access Control Lists (ACLs)• RFC 2267 Network Ingress Filtering• RPF (Unicast Reverse Path Forwarding) Controlvia ACLs• Wire-speed ACLs• Rate Limiting/Shaping by ACLs• IP Broadcast Forwarding Control• ICMP and IP-Option Response Control• SYN attack protection• CPU DoS Protection with traffic rate-limiting tomanagement CPU
Extreme Networks has introduced a next generation Gigabit Ethernet switch family which delivers new features, advanced function, and wire-speed performance. Our switches deliver deterministic performance independent of load or what features are enabled. All Extreme Switches are based on ExtremeXOS, the industry’s first and only truly modular operating system. Having a modular OS provides higher availability of critical network resources. By isolating each critical process in its own protected memory space, a single failed process cannot take down the entire switch. Application modules can be loaded and unloaded without the need for rebooting the switch. This is the level of functionality that users expect on other technology. Here are the Ten Top Reasons to Deploy Extreme Networks Switches ...Tri-speed PoE-plus deliver up to 30 watts per port with intelligence and control (PoE saves labor and cabling costs)..SummitStack cross-platform stacking (40 Gbps with 10 Gbps CX4) protects your investment and lets you buy only what you need todaySummitStack-V80 cross-rack stacking (80 Gbps with QSFP+) for data center top-of-rack applicationsSummitStack-V cross-site stacking (10Gbps with non-keyed MSA compliant optics) for remote campus and mirrored data centersVM Mobility (Hyper Visor Aware) with simple control plane for virtual machines (no additional server software required)Direct Attach™ (VEPA) reduces the network tiers in the data center (no forklift upgraded required for future VEPA support)Service Isolation (up to 8 Virtual Routers) to separate VoIP and data from wireless or DMZ (one switch now can look like 8 switches)M-LAG (L2 redundancy) delivering more bandwidth and less complexity (no more spanning tree, simpler network and twice the bandwidth)Active Directory Identity Management and Control (Integrated NAC) with zero footprint (no supplicant required)Advanced traffic monitoring, IPFIX hardware support (without proprietary vendor tie-in or over-burdened CPU)
Extreme Networks® provides a broad portfolio of wired and wireless solutions that help meet industry-specific business challenges. Our simple, agile, and scalable solutions based on our open, extensible architecture can help you quickly respond to your business and user community needs with a networking environment that is easy to operate and maintain, helping you maximize your valuable resources. Our strong commitment and support in helping you meet your green initiatives is shown through solutions that have been tested and proven to consume significantly less energy than solutions from other leading vendors.Carrier EthernetAllows differentiated new services for business and residential subscribers such as Ethernet VPNs, video on demand, VoIP and high-speed Internet access.Data CenterExtreme Networks 10 Gigabit Ethernet top of rack, end of row and core switches provide agile network infrastructure solutions to keep ahead of the growing bandwidth demands in data center networks.Green ITExtreme Networks technology saves power, and that helps with both environmental concerns as well as the bottom line. Use our convenient energy savings estimator to discover how much you could save.HealthcareExtreme Networks helps healthcare organizations meet tough business transformation and regulatory challenges with networking solutions that deliver the best balance of costs and capabilities.Higher EducationChallenged with limited capital and personnel resources, higher education IT managers are more pressured than ever before in maximizing the value of their network investments. Solutions from Extreme Networks can help meet these challenges.
My Moto for 2010 is to Disrupt and Innovate to derail Cisco gravy train… Many people look at Ethernet Switching as just a key sustaining technology. Extreme technology will help organizations to make measurable improvements in what they are doing. While many customers require only gradual change and pretty much retain the status quo of their network operation. In comparison, Extreme can interrupt the normal sustaining technology buying decision by changing the game and delivering a new level of network design, value and simplicity. Simplicity might be the most important factor driving a customer to deploy Extreme technology. To Disrupt Status Quo, Extreme ,“the new network agitator“ , can bring disorder by becoming a credible value based alternative to HP and Cisco! Through Innovation, Extreme can interrupt the normal default decision to a purchase HP or Cisco by changing the game and delivering a new level of simplicity. To win against Cisco we must do both! Bring new value and change the game.To start what does it mean to Disrupt a market. Looking for Definition? Function: transitive verb Etymology: Latin disrupts, past participle of disrumpere, from dis- + rumpere : to break apart to throw into disorder <agitators trying to disrupt the normal course of action! to interrupt the normal course or of unity from Cisco to Extreme.Extreme Value PropositionExtreme deliver’s a simple networking solutions platform from the edge to the core. Extreme networks deliver maximum network uptime, availability and quality of service (QoS) for superior application supportOpen infrastructure solutions with proven interoperability helps businesses reduce costs, lower risks and grow revenue Multi-vendor standards-based solution provides flexibility with no single manufacturer lock-in to expensive proprietary solutionsOur Vision: “A fully connected world enabled by Ethernet Everywhere”Our Mission: “Deliver high performance, innovative products and superior services to ensure the success of our customers & partners.”
The Switch uses POE Plus uplink and switches 4 POE Ports. OUTREACH QUAD is a 4+1 port 10/100 switch that is both powered by PoE and can forward PoE to other devices. This allows multiple cameras to be connected from a single Cat 5 run, or means extra PoE ports can be quickly added to existing installations. As a 10/100 edge switch with no local power source requirement, OUTREACH QUAD brings simplified cabling, flexible location and easy future expansion to installed networks.http://www.veracityglobal.com/products/ethernet-and-poe-extension.aspxHighwire Quad has an available budget of 30 Watts, which it can allocate to POE devices according to their Power Class.Note: PoE out capability is limited to 2 ports when using Class0 devices. Add the new OUTCLASS PoE Adaptors in this case (not included). MSRP Price: $235.00• These switches are cheap we should buy one and try it out
PoE Plus’s proposed increase inthe supplied power will result in a potential doubling or tripling of the PoE market. PoE installation costs vs. traditional powering methods have been demonstrated to be significantly lower in most traditional cases. For many applications that require enhanced power services, such as power management or UPS, PoE is demonstrably less expensive than traditional power distribution This has introduced a need for the network to deploy policy for the user based on its current point of attachment, as this is no longer static or wired. Extreme propose an efficient switch with Layer-2 power management protocol for enhanced power allocation, beyond just heating, cooling and cabling considerations wiring closet switches need the intelligence to: Negotiate PoE levels as opposed to using the non-granular IEEE 802.3af classes; negotiate end-point policies based on identity and/or equipment type; and Provide for automatic VLAN assignment for UC and other applications.IEEE 802.3at uses the link layer discover protocol (LLPD) from IEEE 802.1AB, which allows dynamic power allocation and negotiation down to one-tenth of a watt.PoE technology has been used in the field for at least six years; There are currently three organizational extensions to LLDP:IEEE 802.1 – Port VLAN, Port & Protocol VLANs, VLAN Name, Protocol EntityIEEE 802.3 – MAC/PHY configuration, Power, Link Aggregation, Maximum Frame SizeTIA, LLDP-MEDFundamentally, there are two classes of devices: Steady state devices require little additional functionality, so features likestandby/dynamic usage should be optional for PDs with reduced complexityMax power required / supplied is sufficient for most “steady state” devices Dynamic negotiation for rapidly fluctuating devices seems impractical and likely. Some devices, like PTZ security cameras, may change power usage very frequently and also require near instantaneous responsiveness.After extensive study and significant data collection, TIA was able to develop profiles of temperature rise versus applied current per pair for category 5e, 6, and 6A cables configured in 100-cable bundles.As expected, since category 5e cables have the smallest conductor diameter, they also have the worst heat dissipation performance and exhibit the greatest temperature rise due to applied current. While the TIA current carrying capacity profiles are helpful in that they clearly demonstrate relative advantages between select media types (e.g. category 6A UTP cables have better heat dissipation performance than category 5e UTP and category 6 UTP cables), the story that they tell is incomplete.
Power over Ethernet: How High Can You Go? Summit X460 switches can be configured with optional redundant AC or DC power supplies. When configured with two power supplies, the switches have the intelligence to give priority to specific ports if one power supply fails. Before POE-Plus, network connected surveillance cameras were limited to fixed scene coverage. With the additional power of POE-Plus surveillance cameras can support the enhance functionality of pan, tilt or zoom. If flexibility and future readiness are goals, the answer might be adding PoE-plus at strategic sites or as a ubiquitous platform for new networks. The additional power can support standards-compliant devices such as wireless access points, badge and RFID readers, industrial sensors, and other emerging devices (PoE saves labor and cabling costs).The popularization of these applications triggered the inventiveness of developers and marketers into creating more power hungry derivative devices, such as Video IP Phones, Multi-channel WLAN Access Points (like the ones in the IEEE802.11n upcoming MIMO standard) and Pan-Tilt-Zoom IP Cameras. All these applications require typically more than 13W, normally between 13W and 30W. And of course, going further laptops and even desktop PC’s could be powered too. The bottom line is more devices can be powered via the network, thus eliminating the need to use a power supply and install costly power outlets close to the end device. IEEE 802.3af PoE, (soon to be known as "Type 1") systems can easily support devices such as:IP-based voice and video transmission equipment, IP-based network security cameras, Wireless access points (WAPs), Radio frequency identification (RFID) tag readers, Building automation systems (e.g. thermostats, smoke detectors, alarm systems, security access, industrial clocks/timekeepers, and badge readers), Print servers, and bar code scanners IEEE 802.3at4 task force initiated specification of a PoE Plus or "Type 2" system that can deliver up to 29.5 wattsLaptop computers Thin clients (typically running web browsers or remote desktop software applications) Security cameras with Pan/Tilt/Zoom capabilities Internet Protocol Television (IPTV) Biometric sensors WiMAX3 transceivers providing wireless data over long distances (e.g. point-to-point links and mobile cellular access), and high volumes of other devices that require additional power
Jeff Green April 2011 May V1
Jeff Green<br />248-521-7593<br />
Too Big to Innovate (Brand 1st )<br />Brand<br />Solution<br />Ultra-loyal<br />Platform v Brand<br />Brand<br />Value<br />Not- loyal<br />Brand<br />Solution<br />loyal<br />Customer-centric Innovation or too Big to Innovate <br />
In the beginning (1996) <br />CONVERGENCE<br />To HorizontallyLayered<br />Vertically Integrated<br />Ethernet with “ATM like” QoS delivers toll-quality voice even under adverse congestion conditions<br /><ul><li>low latency (.1ms),
BlackDiamond X8* System Architecture<br />True Future-Proof Chassis Architecture: No Mid-Data Plane Design<br />* Future availability.<br />
Intelligent and Efficient Cooling System<br />BlackDiamond® X8* – <br />Data Center in a Box<br />Single Tier Physical and Logical Network<br />Supports Up to 768 10 GbE Servers in a Single Switch<br />Supports 128,000 Virtual Machines in a Single Switch<br />Heterogeneous Hypervisor Integration<br />M-LAG Support for “Multi-path” Capability<br />VEPA Support – Moving Switching Back to the Network<br />Data Center Bridging for data and storage integration<br />XNV (ExtremeXOS® Network Virtualization) for VM Mobility Management<br /><3 µsec Latency <br />
Is your Network Aware?<br />Of Identity, Location, and Presence?<br />Of People, Devices, and Machines?<br />The first decade was about speeds, feeds and protocols<br />Now it’s about:<br /><ul><li>Identity
Automation</li></li></ul><li>Event Awareness<br />Application Aware<br />Device Aware<br />Location Aware<br />Service Aware<br />User Aware<br />The Foundation: Extreme Networks<br />Applied Performance<br />Event Aware<br />if X + Y, then Z<br />Actionable Network Tasks based on Event Triggers<br />“if ” user matches a defined attribute value …<br />…. “then” place user into a defined ROLE<br />
XYZ Customer Global Event Driven Identity Manager <br />Tracking and provisioning of network users based on identity <br />Netlogin 802.1X Login ID<br />Netlogin Web-based ID<br />Netlogin MAC-radius<br />Windows Active Directory Domain Login <br /> (Passive Authentication through KERBEROS Snooping)<br />Transparent method of tracking users attached to the network<br />Tracking of network devices based on:<br />LLDP-based device identification (e.g. VoIP Phone)<br />Computer Name<br />RFID Tags<br />Location, location, location<br />Page 30<br />
Two-factor authentication with no token and no supplicant<br />Jeff ‘s unqualified opinion (plus cut and paste)<br />Step 1:<br />User logs into any application using their standard username and password.<br />Step 2:<br />Step<br />1<br />Step<br />2<br />Remote<br />Login<br />Website<br />Login<br />Funds<br />Transfer<br />PHONE NETWORK<br />SSL<br />Phone Factor<br />Agent<br />Web Services | Gateway<br />Direct SDK<br />Java | .NET | PHP<br />Page 34<br />User Portal<br />MgmtPortal<br />PhoneFactor Service<br />Custom<br />Applications<br />Oracle/SQL<br />AD/LDAP<br />RADIUS<br />
35<br />CY 2011-12<br />Identity Management: Continued Innovation<br />Black Lists/White Lists<br /><ul><li>Ability to black list and white list users and/or devices such printers, etc…</li></ul>Network Zones<br /><ul><li>Ability to create security zones (defined by IP, MAC, Subnet, etc) and associate these ‘zones’ to a policy. For example: </li></ul>Users in “guest role” deny access to “internal zone”<br />Network zone “finance” deny access to network zone “internet”<br />ACL Enhancements<br /><ul><li>Ability to define more flexible combination of match qualifiers (i.e. MAC Source + Destination IP ACLs)</li></ul>Roles per VLAN<br /><ul><li>Ability to assign users/devices to VLAN based on role assignment</li></ul>RADIUS Snooping<br /><ul><li>Ability to snoop RADIUS username/identity for wireless deployments</li></ul>LLDP Mapping<br /><ul><li>Ability to handle devices as identities, for example, create a printer role, or phone role</li></ul>*April 2011 Roadmap, subject to change without notice<br />
XYZ Customer Service Isolation (up to 8 Virtual Routers)<br /><ul><li>L3 virtual switches act as separate routers housed in a single physical enclosure.
Segregation of internal physical resources including CPU cycles, packet memory, forwarding table space
A single L3VS-capable switch replaces multiple physical switches</li></li></ul><li>XYZ Customer Hardware, Software & Network Resiliency<br />Network Resiliency<br />EAPS – Sub 50ms Restoration<br />Hardware Resiliency<br />Software Resiliency<br />Modular Operating System Hitless Failover Process MonitoringGraceful restartCPU DoS Protection<br />Passive BackplaneRedundant SwitchingRedundant ManagementRedundant PowerRedundant Fans<br />
Multi-Switch LAG (Simple L2 XYZ Customer redundancy) <br />Link Aggregation <br />Multi-Chassis Link Aggregation<br />No Ethernet Loop<br />Just more bandwidth!<br />active-active paths and topology awareness.<br />
Multi-Switch Link Aggregation<br />CY 2010<br />Efficient Bandwidth Usage<br /><ul><li>Allows combining ports on ‘two’ switches to form a single logical connection to another network device
Aggregate dual-homed servers or switches redundantly while utilizing full available bandwidth
Peer Switches communicate with each other to learn LAG states, MAC FDB, and IP multicast FDB</li></ul>Core Network<br />Inter-Switch Connection (ISC)<br />M-LAG Group 1<br />M-LAG Group 2<br />Data Center<br />39<br />
TRILL (Transparent Interconnection of Lots of Links )<br />The new TRILL Control Plane<br /><ul><li>Loop Free for flooded traffic
No Spanning Tree</li></ul>RBridge<br />RBridge<br />RBridge<br />RBridge<br />Several different states must be synced<br /><ul><li>TRILL uses IS-IS to carry routing information about MAC Addresses devices connected to VLANs and to build a shorted path tree for each MAC address in the VLAN.
TRILL encapsulates forwarded traffic with a new TRILL header and requires receipt from a TRILL interface.
TRILL extended the L2 bridging logic with Bridge nicknames to determine whether bridged traffic is local or not.</li></ul>active-active paths and topology awareness.<br />
XYZ Customer’s Application Awareness<br />Device Aware<br />Location Aware<br />User Aware<br />Service Aware<br />Event Aware<br />The Foundation: Extreme Networks<br />Applied Performance<br />Application Aware<br />Moving up the stack to enable …<br />Application<br />Mobility<br />ExtremeXOS®<br />End to End <br />
Virtualized End-of-Row <br />End of Row<br />Top of Rack solution with End-of-Row benefit<br /><ul><li>You can physically mount ToR switch per Rack
But you don’t have to manage ToR switch one-by-one
Very high speed stacking with distributed forwarding</li></ul>Top of Rack<br />Save Power, Cost and Space<br />Lower Latency while increasing bandwidth<br />Page 46<br />
Data Center Trends<br />Servers<br />Becoming faster with multi-core CPU<br />VM explosion, 8-16 today 64-128<br />Adding multiple 10G interfaces <br />Converged 10G adapters<br />VEPA enabled<br />Power<br />2-4W per 1Gig 10-30W per 10Gig<br />Higher power/cooling cost<br />Green initiative, premium cap and trade<br />Need for efficient power management <br />Convergence<br />Storage, HPC move to Ethernet<br />
Network has Zero visibility into VM Lifecycle<br />Server Manager<br />Network Admin<br />Initiate<br />e.g.<br />NIC<br />NIC<br />VM1<br />IP: 220.127.116.11MAC: 00:0A<br />Switch Port<br />IP: 18.104.22.168<br />MAC: 00:0A<br />QoS: QP7<br />ACL: Deny HTTP<br />Switch Port Config <br />None or Disabled<br />Resulting Configuration:<br />Port is incorrectly configured for a specific VM.<br />Hypervisor<br />Hypervisor<br />Task to move VM: <br />Administrator has NO visibility into VM location or when the movement will occur <br />
Direct Attach with XNV visibility into VM Lifecycle<br />Network Admin<br />Server Admin<br />Query<br />Direct Attach VM awareness<br />Initiate<br />VM info<br />XNV-enabled<br />Ridgeline provisioning<br /><ul><li>Pull VM Inventory
Eliminate the vSwitch<br />Inter-VM traffic is transmitted and received on the same network physical port. VM2 CPU and network utilization severely impacted, due to DoS attack.<br />CLEAR-Flow enabled to dynamically provision/block DoS traffic. VM2 CPU and network utilization reverts to healthy.<br />Direct Attach™ Enabled Switch<br />Guest OS: Ubuntu<br />Active applications:<br /><ul><li>gnome-system-monitor for network and CPU utilization
hping to generate DoS attack targeted at VM2</li></ul>Guest OS: Ubuntu<br />Active applications:<br /><ul><li>gnome-system-monitor for network and CPU utilization
tcpdump to monitor attack traffic from VM1</li></ul>VM2<br />VM2<br />VM1<br />
Lossless Ethernet and FCoE<br />Jeff ‘s unqualified opinion (plus cut and paste)<br />IPC with 20% with P1 and P5<br />PFC creates eight virtual links to allow different types of traffic to coexist on single physical link by selectively applying pause on per virtual link basis as defined in PFC vector<br /><ul><li>PFC and ACL based bandwidth partitioning
Priority Flow Control and ACL based bandwidth partitioning (ETS sort)
EAPS+PBB Redundant Access<br /><ul><li>EAPS-aware SVLAN/CVLAN mapping to BVLANs
On a shared-link failure, the EAPS Controller will give precedence to the BVLAN port, port 3:38 in this case, when selecting an Active-Open port
If the BVLAN port which was Active-Open failed, EAPS selects the lowest port number as the next Active-Open
If the BVLAN port recovers, EAPS will revert Active-Open to back to BVLAN port</li></ul>58<br />
Ridgeline Point-and-Click Service Deployment<br />The creation and provisioning of a new, billable service for a subscriber<br />Monitoring service qualityand troubleshooting problemsbefore they impact the subscriber<br />eToggle<br />Services Management <br /><ul><li>View configured services in a map or device group
Provision and modify an E-Line or E-LAN service
Coupled with UPM can be automated </li></ul>* (pacman) BlackDiamond-8806.12 # show ports 2:3 transceiver information detail <br />Port : 2:3 <br /> Media Type : XFP_ER <br /> Part Number : TRF7052BN-GA170 <br /> Serial Number : 1012A-80190 <br /> Temp (Celsius) : 36.30 <br /> Low Warn Threshold : -10.00 High Warn Threshold : 80.00 <br /> Low Alarm Threshold : -13.00 High Alarm Threshold : 83.00 <br /> Status : Normal <br />Tx Power (dBm) : 0.87 <br /> Low Warn Threshold : -1.00 High Warn Threshold : 2.00 <br /> Low Alarm Threshold : -2.00 High Alarm Threshold : 3.00 <br /> Status : Normal <br />Show transceiver details<br />Current computed value of temperature in<br />Celsius<br />Low threshold values for warning and alarms read from XFP EEPROM<br />62<br />High threshold values for warning and alarms read from XFP EEPROM<br />
Synchronous Ethernet<br /><ul><li>Packet Networks were initially designed to work in asynchronous mode
The MEF 22 standard with G.8261, G.8262 and G.8264 specify distribution of timing over a packet network</li></ul>Packet Network<br />Physical Layer<br />Physical Layer<br />Physical Layer<br />DPLL<br />DPLL<br />DPLL<br />63<br />Stratum 1 Traceable Reference<br />Clock<br />Data<br />
Tunable DWDM <br /><ul><li>Tune to a given wavelength/channel
Eliminates need to maintain inventory of XFPs for different wavelengths </li></ul>Tunable Lasers Have Arrived!<br />* (pacman) BlackDiamond-8806.1 # sh ports 2:1 config no-refresh<br />Port Configuration<br />Port Virtual Port Link Auto Speed Duplex Flow Load Media<br /> router State StateNegCfg Actual Cfg Actual Cntrl Master Pri Red<br />================================================================================<br />2:1 VR-Default E A OFF 10000 10000 FULL FULL NONE TWDM21 <br />================================================================================<br /> > indicates Port Display Name truncated past 8 characters<br /> Link State: A-Active R-Ready NP- Port not present L-Loopback <br /> Port State: D-Disabled, E-Enabled<br /> Media: !-Unsupported Optic Module<br /> Media Red: * - use "show port info detail" for redundant media type<br /><ul><li>(pacman) BlackDiamond-8806.2 # config ports 2:1 dwdm channel 35 </li></ul>* (pacman) BlackDiamond-8806.3 # sh ports 2:1 config no-refresh<br />Port Configuration<br />Port Virtual Port Link Auto Speed Duplex Flow Load Media<br /> router State StateNegCfg Actual Cfg Actual Cntrl Master Pri Red<br />================================================================================<br />2:1 VR-Default E A OFF 10000 10000 FULL FULL NONE TWDM35 <br />================================================================================<br /> > indicates Port Display Name truncated past 8 characters<br /> Link State: A-Active R-Ready NP- Port not present L-Loopback <br /> Port State: D-Disabled, E-Enabled<br /> Media: !-Unsupported Optic Module<br /> Media Red: * - use "show port info detail" for redundant media type<br />Show the current configuration of T-DWM module<br />Current channel the module is tuned to “21”<br />Configure it to new channel “35”<br />64<br />Show the current configuration of T-DWDM module<br />The new channel is “35”<br />
<ul><li>VLAN statistics were previously implemented in ExtremeXOS® for the BlackDiamond®12K. In ExtremeXOS 12.5, support for VLAN statistics is extended to the BlackDiamond 8K and Summit X series switches.
Need to provide VLAN-level statistics for VLAN #1, #2 and #3 in order to gain insight into traffic behavior on given port </li></ul> * (Beta) PO-CO-MAUE_Man.7 # configure ports 3:1 monitor vlan "cv3001"<br />* (Beta) PO-CO-MAUE_Man.8 # show port 3:1 vlan statistics<br /> <cr> Execute the command<br /> no-refresh Page by page display without auto-refresh<br /> * (Beta) PO-CO-MAUE_Man.8 # show port 3:1 vlan statistics<br /> Port VLAN Statistics Wed Nov 3 15:04:35 2010<br /> Port Vlan Rx Frames Rx Byte Tx Frame Tx Byte<br /> Count CountCountCount<br /> ================================================================================<br /> 3:1 cv3001 1400 2132194 1421 114524<br />Accounting Server (VLAN 3)<br />Main Server (All VLANs)<br />VLAN 1<br />VLAN 2<br />VLAN 3<br />Configure a given VLAN on a given port for monitoring<br />Shared Media Segment<br />Show statistics pertaining to all the VLAN on a given port <br />PC 1<br />Marketing<br />VLAN 2<br />PC 2<br />Marketing<br />VLAN 2<br />PC 4<br />Engineering<br />VLAN 3<br />PC 3<br />IT Dept.<br />VLAN 1<br />PC 5<br />Marketing/IT<br />VLANs 1 and 2<br />VLAN Statistics<br />Statistics pertaining to “cv3001” VLAN includes Tx/Rx Frame and Byte count<br />
Auto Provisioning for Edge Switches<br /><ul><li>Designed to reduce operational cost and deployment time in large scale deployment
Minimal human interaction required to bring the switch with right configuration
Z exceeds your need</li></li></ul><li>Disrupt and Innovate<br />“derail Cisco gravy train”<br />
POE Plus uplink and switches 4 POE Ports<br />
Keeping it XYZ Customer cabling Cool “Big Ticket” Items for 802.3at<br />Layer 1<br />Propose an efficient switch with Layer-2 power management protocol for enhanced power allocation, beyond just heating, cooling and cabling considerations:<br /><ul><li>LLDP delivers low complexity and higher interoperability potential