LAN v podání Brocade


Published on

Společnost Brocade je známa zejména ze světa SAN (Storage Area Network), ale mimo to vyrábí špičková zařízení (switche, routery, load balancery,…) pro LAN/WAN/WIFI a doručování aplikací, které vynikají oproti konkurenci zejména vysokým výkonem a propustností. Seznámíme vás s produkty pro lokální a konvergované sítě vašich datových center určených pro virtuální serverovou i desktopovou virtualizaci. Łukasz Kozłowski (Brocade) / Jaroslav Prodělal (OldanyGroup)

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Give a real world case: how do you do it now. Slide 2A transformation is taking place in enterprise data centers that is driving significant change to how data center networks are designed and built. Two principle business objectives are driving this transformation: (click):Greater business agility. Enable the business to respond faster to market opportunities and changes in business needs or conditions.Greater cost efficiency. Ensure $$ are spent in the most efficient manner and delivering the greatest overall return on investment (not necessarily lowest cost). In the data center this spans infrastructure, staffing, space, and energy costs. To achieve these objectives, enterprise IT organizations are:(click) Making extensive use of virtualization technology, especially for server deployments Assessing how to transition from a traditional application deployment model where infrastructure – compute, storage, and networking - is procured “by the project” for business units (e.g. finance department) and implemented over a period of months, to a model that is more strategic to the business. (click) Where infrastructure resources are delivered as services to any application on demand, utilizing a common pool that can be rapidly allocated (hours or days) and charged back to business units based on usage. A model often referred to in the Data Center as the Private Cloud. What many enterprise customers are recognizing, however, is that conventional Ethernet networks limit their ability to scale virtualization and are not built to provide a dynamic “Cloud” infrastructure. As a result, Data Center networks are evolving over the next 3-5 years in very significant ways.I’ll walk you through at a high level how we see this Data Center transformation taking shape and how the network will evolve to achieve greater business agility and cost efficiency.(click) Here we see a conventional Data Center network architecture with the classic LAN access, aggregation, and core tiers. (Note to presenter: if asked why the SAN is depicted differently, simply answer a Fibre Channel SAN utilizes a fabric vs. tiered architecture. No need to add more at this stage in the discussion - the audience is LAN focused).(click) A key item to note is that this hierarchical design is rooted in connecting a conventional client-server environment, that assumed one application per physical server and traffic running predominantly north to south from the Data Center to the Campus or WAN. This type of environment can tolerate oversubscription in the switching components because on average, each server connection utilizes a relatively small portion of network bandwidth. To help ensure application availability, network resiliency is delivered through redundant switching components and network connections. Server virtualization and the distribution of application components across virtual machines changes the dynamics of network traffic and coupled with the high growth in application data and rich media, introduce challenges that limit scalability: As more virtual machines (VMs) are added per physical server, the traffic load per server increases accordingly, straining access and aggregation layer connections and impacting application service levels in the event of network congestion.The cost and time savings of server virtualization allow more applications to be deployed, but may also require a re-design of the network to support traffic growth.More applications, bigger and broader server clusters, and the growth in data volume all lead to greater server-to-server traffic and more East – West traffic flows that the network must support. Note that Virtual machine mobility is only supported at Layer 2 and is therefore limited to the size of the Layer 2 network. However network traffic and Spanning Tree Protocol (resulting in only one active path between switches) makes building large Layer 2 networks problematic. And the increasing complexity and inability to fully utilize the entire network also creates cost inefficiencies.
  • Slide 3 (click) Network architects are now looking for ways to build more powerful, flatter networks that can support higher traffic loads and increasing East-West traffic in virtualized environments, while avoiding network congestion. Collapsing network layers also reduces complexity, which lowers overhead costs and reduces risk. This flatter design, however, requires high density, high bandwidth, and low latency network components that deliver full wire-speed connectivity. Yet Layer 2 network challenges still remain. Spanning Tree Protocol brings traffic to a halt during tree convergence, allows only one active path between switches, and requires switch reconfiguration when changing inter-switch connections. VM mobility also remains restricted. Thus the ability to scale virtualization – and achieve greater agility and cost efficiency - is still limited.
  • Slide 4 (click) Speaker: People are asking for a solution and vendors are providing Ethernet FabricsA recent and very significant architectural breakthrough for Ethernet addresses these challenges and can change the way Data Center LANs are designed. It is called an Ethernet Fabric.Imagine a large, flat Layer 2 network with high wire-speed performance, high network resiliency, and all paths between switches fully active – there is no Spanning Tree Protocol. The topology of the network is flexible and can change as the environment grows. And if appropriate to the application, IP and storage traffic can be “converged” over a common network connection. Ethernet Fabricenables intelligent and seamless VM mobility across your server environment and greatly simplifies network administration as all switches in the fabric are managed as a single entity or individually as needed.A large, flat, fully utilized Layer 2 network providing high bandwidth and wide virtual machine mobility, enables IT organizations to significantly scale virtualization and rewrite IT policies and processes and begin to deliver services via the Private Cloud. (Note: if audience asks if this is what Cisco and Juniper are beginning to talk about, a simple answer is:Cisco’s early “Fabric Path” feature and Juniper’s “Stratus” initiative are squarely centered on delivering an Ethernet Fabric. So yes, this is the future. PL Comment: Note to speaker - Leave the response at that. Do not go into the differences between Brocade, Cisco, and Juniper. Those differences will come out throughout this presentation and plant the seed in the audience mind on how Ethernet fabrics work. If/When they go back to Cisco and Juniper and ask about things like simplified management or distributed intelligence, neither will be able to provide and Brocade will come out on top. As noted, we are now at the forefront of this evolutionary stage and innovation in LAN architecture. We also see it broadening as IT organizations look to further increase business agility and cost efficiency by extending the Private Cloud (click).
  • Key PointsThree-tier Ethernet networks have been successfully deployed in data center environments for the past few decades.Now, a new type of data center network architecture is emerging called Ethernet Fabrics.VCS is the leading Ethernet Fabric technology.
  • Key PointsBrocade Virtual Cluster Switching (VCS) is a revolutionary layer 2 Ethernet technology that raises network utilization, maximizes application availability, increases scalability, and drastically simplifies the network architecture in next-generation virtualized data centers.VCS is comprises of three main pillars of innovation; Ethernet Fabric, Distributed Intelligence, and Logical Chassis. The VCS architecture is designed to incorporate a set of Dynamic Services for the highest level of functionality and investment protection, making it a core building block for virtualizing the data center network.Ethernet FabricBrocade pioneered the development, architecture, and deployment of network fabric technology in the data center. Brocade’s SAN fabric technology is successfully proven in over 90% of the Global 1000 data centers. Now Brocade is bringing the same level of innovation to the data center LAN, combining Ethernet and Brocade fabric technology.STP is not necessary because the Ethernet fabric appears as a single logical switch to connected servers, devices, and the rest of the network. The Ethernet fabric is an advanced multi-path network utilizing an emerging standard called TRILL (Transparent Interconnect of Lots of Links). Unlike STP, with TRILL, all paths in the network are active and traffic is distributed across those equal cost paths automatically. In this optimized environment, traffic automatically takes the shortest path for minimum latency without any manual configuration.Events like added, removed, or failed links are not disruptive to the Ethernet fabric and do not require all traffic in the fabric to stop. If a single link fails, traffic is automatically rerouted to other available paths in under a second. Single component failures do not require the entire fabric topology to reconverge, ensuring all traffic is not affected by an isolated issue. The fabric is lossless and low latency.The Ethernet fabric is designed to include advanced Ethernet technology for higher utilization, greater performance, and to be network convergence ready. With Data Center Bridging (DCB) capabilities built-in, the Ethernet fabric is lossless, making it ideal for FCoE and iSCSI storage traffic and will enable LAN and SAN convergence for Tier 2 and 3 applications. Distributed IntelligenceWith VCS, all configuration and end device information is automatically distributed to each member switch in the fabric. The Ethernet fabric is self forming. When two VCS-enabled switches are connected, the fabric is automatically created and the switches learn the common fabric configuration.The Ethernet fabric does not dictate any specific topology, so it does not restrict over-subscription ratios. This allows the architect to create a topology that best meets application requirements.The fabric is aware of all members, devices, and VMs. When a server connects to the fabric for the first time, all switches in the fabric learn about that server. This allows for fabric switches to be added or removed and for physical or virtual servers to be relocated, without the fabric needing to be manually reconfigured.Unlike switch stacking technologies, the Ethernet fabric is masterless. This means that no single switch stores configuration information or controls fabric operations.Distributed Intelligence supports a more virtualized access layer. Instead of distributed software switch functionality to exist in the virtualization hypervisor, access layer switching is done in the switch hardware, improving performance, ensuring consistent and correct security policies, and simplifying network operations and management. Automatic Migration of Port Profiles (AMPP) supports VM migrations to another physical server, ensuring that the source and destination network ports will have the same configuration for the VM. This is key technology that helps enable Brocade Virtual Access Layer (VAL) capabilities.Logical ChassisAll switches in an Ethernet fabric are managed as if they were a single Logical Chassis. To the rest of the network, the fabric looks no different than any other layer 2 switch. The network just sees the fabric as a single switch, no matter if the fabric contains a little as 48 ports, or thousands of ports.The Ethernet fabric is designed to scale over 1000 ports per Logical Chassis. Consequently, VCS removes the need for separate aggregation switches because the fabric is self-aggregating. This enables the network architecture to be flattened, dramatically reducing cost and management complexity.Each physical switch in the fabric is managed as if it were a port module in a chassis. This allows for fabric scalability without manual configuration. When you add a port module to a chassis, you do not have to configure that module, and a switch can be added to the Ethernet fabric just as easily.The logical chassis functionality drastically reduces management of small-form-factor edge switches. Instead of managing each top-of-rack switch or switches in blade server chassis individually, they are managed as one Logical Chassis.Dynamic ServicesDynamic Services extends the capabilities of VCS for maximum investment protection and to incrementally incorporate new network services. A Dynamic Service behaves like a special service module in a modular chassis.Examples of these services are fabric extension over distance, native Fibre Channel connectivity, Layer 4-7 services such as Brocade’s Application Resource Broker, and enhanced security services such as firewalls and data encryption.Switches with these unique capabilities can be added to the Ethernet fabric, adding a network service layer available across the entire fabric.
  • Key PointsDistributed Fabric Services is like a shared database across all members in the Ethernet fabric.The Ethernet Fabric is masterless. Full fabric reconvergence is never required.Virtual Ethernet Port Aggregator (VEPA)
  • Let’s start with the Brocade Ethernet Fabric, in a private cloud with five VDX switches. You can create a port profile on any switch in the fabric.  When you do, the profile is automatically shared throughout the fabric. In essence, the cloud has become a big virtual switch.  Now, we’re going to bring up a new webserver, a virtual machine with the MAC address of 0000.0000.0000.0000. You will see that the “WebServer” port profile has been applied to this new VM. In this table, MAC address has also been propagated to all switches in the fabric so they all know what port that VM currently resides on.  I will show you that it has access to the applicable VLANs and devices in this VLAN. I can ping devices in my VLAN and Now we’re going to show VM migration. We’re going to spin off three more virtual machines.
  • Key PointsThe Ethernet fabric is managed as if it were a single logical chassis.Scaling the fabric is like adding a new port module in a chassis like MLX or DCX.The VCS technology will allow Ethernet fabrics to scale greater than 1000 usable ports.
  • Role-based wired/wireless firewall (Layer 2-7) with stateful inspection for wired and wireless traffic; active firewall sessions—50,000 per controller and 600,000 per cluster; protects against IP spoofing and ARP cache poisoning With ADSEC License:RFS6000 – 512RFS7000 – 1024 The RFS4000, since it has ADSEC license as part of the image- always allows 256 tunnels.
  • The product family also includes the first true data center wide management platform calledBrocade Network Advisor. This platform is designed as both a best-in-class element management platform for Ethernet, Fibre Channel, and converged products, and it also supports a set of open, publically available APIs to allow integration with existing external tools. We are doing deeper integration with many of our partners, including IBM, DELL, and EMC as well as creating plug-ins for VMware and Microsoft Hyper-v. Between the integration efforts underway and the available APIs, I think we have coverage for about 90% of the tools that our customers are using today.Note: let people know that DCB replaces CEE.
  • Welcome and personal introductionThis presentation is designed to provide an insightful view of the industry…along with a detailed outline of the Brocade vision and our innovative technology to achieve that vision
  • LAN v podání Brocade

    1. 1. BROCADE IP PRODUCTŁukasz KozłowskiSolutions Consultant Eastern EuropeMay, 2012© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 1
    2. 2. Brocade IP - Product Portfolio NEWEnterprise Campus LAN ICX 6430/50 Mobility Series ServerIron Classic/ADX Series FastIron CX Series Brocade NetIron MLX / MLXe Routers XMR Series NetIron CER Metro / SP FastIron SX Series NEW ICX 6610 BigIron RX SeriesData Center (LAN) FastIron CX Series VCS NetIron CES NetIron CES Brocade VDX 6710/20/30 Switch NEW Brocade 6910 Ethernet Access Switch ServerIron Classic/ADX Series Data Center IronVieNetwork Brocade Network Manager Fabric Manager Advisor © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 2
    3. 3. Data Center TransformationNetwork Evolution • Business Agility • Cost EfficiencyVirtualization LAN • Historically 1 app:1 server; N-S traffic SAN • Virtualization  limited scalability • Traffic load strain • Increasing E-W traffic • STP: one path, narrow VM mobility • Complex, underutilized, rigid Hierarchical Services on Demand © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 3
    4. 4. Data Center TransformationNetwork Evolution • Business Agility • Cost EfficiencyVirtualization LAN SAN • More powerful, flatter network • Higher traffic, E-W, avoid congestion • Collapse layers reducing complexity • High density, high bandwidth, wire-speed LAN SAN • Layer 2 challenges remain… Flat Hierarchical Services on Demand © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 4
    5. 5. Data Center TransformationNetwork Evolution • Business Agility • Cost Efficiency Today Private CloudVirtualization • Large, flat L2, high speed, HA LAN Converged SAN • All paths active–no STP • Flexible topology • Ability to converge IP/storage LAN • Wide, intelligent VM mobility • Manage as a single entity SAN Ethernet Fabric • Virtualize for the Cloud LAN Flat SAN Hierarchical Services on Demand © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 5
    6. 6. Next Generation Data CentreNetwork vs Fabric Architecture Ethernet Network Architecture Ethernet Fabric Architecture LAN Layer 2 Scalability SAN Flat •More powerful, flatter network • VCS is a Ethernet fabric • Higher traffic, E-W, avoid congestion • Scalable single layer 2 domain • Collapse layers reducing complexity • Optimized for East to West traffic • High density, high bandwidth, wire-speed • Layer 2 challenges remain… • Logical Chassis Nodes working together© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 6
    7. 7. Brocade VCS – new design and technologyfor Data Center and Enterprise Networks© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 7
    8. 8. Virtual Cluster Switching (VCS) VCS Ethernet Distributed Logical Fabric Intelligence Chassis No Spanning Tree Protocol Logically flattens and Self-forming collapses network layers Multi-path, deterministic Arbitrary topology Scale edge and manage Auto-healing, non- as if single switch disruptive Fabric is aware of all members, devices, VMs Auto-configuration Lossless, low latency Masterless control, no Centralized or distributed Convergence-ready reconfiguration mgmt Connectivity over Distance, Native Fibre Dynamic Services Channel, Security Services, Layer 4-7, etc.© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 8
    9. 9. Distributed Intelligence Details Ethernet Fabric Distributed Intelligence Logical Chassis Dynamic Services • Distributed Fabric Services • Shared Port Profiles • Fabric is self-forming information • Information shared across all • Automatic Migration of Port fabric members Profiles (AMPP) • Fabric is aware of all devices • Enables seamless VM migration connected without compromise • Masterless Control • Optimized Virtual Access • Switch or link failure does not Layer require full fabric • VEPA; frees host resources from reconvergence switching and policy enforcement© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 9
    10. 10. Sharing Port ProfilesAutomatic Sharing to simplify management Port Profile WebServer: Enable QoS Enable VLAN Enable Security Enable FCOE© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 10
    11. 11. Brocade VM-Aware Network Automation NEW!MigrationDynamic configuration and secure communication  No need for manual configuration of MAC vCenter Brocade Network addresses and port Advisor profiles; less error-prone  Minimizes procedural delays between server and network IT teams  Eases configuration of multiple VCS fabrics  Protection against VM/MAC spoofing via secure vCenter NAS iSCSI FCoE FC communication© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 11
    12. 12. Logical Chassis Details Ethernet Fabric Distributed Intelligence Logical Chassis Dynamic Services• Fabric auto-configures • Logically flattens and • Once VCS is enabled, no collapses network layers configuration necessary • Fabric is self-aggregating• Fabric behaves/managed • Flexible fabric topologies as a single logical chassis • Will scale to greater than • Aggregation (or Core) layer 2000 device ports without sees one switch added management • Fabric members act like a blade in a chassis© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 12
    13. 13. Brocade VDX – devices to create a fabric© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 13
    14. 14. Brocade VDX product family The Flexible Choice for the Evolving Data CenterNEW! Brocade VDX 6710  Ideal for every stage of network Switch evolution Brocade  Ultra-low latency for unmatched VDX 6720 performance Switch  Superior size and powerNEW! efficiency critical for today’s data center Brocade VDX 6730  Flexible storage connectivity for Switch FCoE, iSCSI, and NAS © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 14
    15. 15. Brocade VDX 6730 Data Center SwitchesProduct details• Leading Performance and Density • 32- and 76-port models with Ports on Demand (PoD) • Brocade VDX 6730-32 • Compact 1U form factor; 24 1/10 Gbps SFP+ ports; 8x 2/4/8 Gbps Fibre Channel ports • Brocade VDX 6730-76 • 2U form factor; 60 1/10 Gbps SFP+ ports; 16x 2/4/8 Gbps Fibre Channel ports • Non-blocking, cut-through architecture, wire-speed • 600 ns port-to-port latency; 1.8 μs across port groups Brocade VDX 6730-• Unified Storage Connectivity 32 • Ethernet storage connectivity for FCoE, iSCSI, and NAS storage • Multihop FCoE and iSCSI Data Center Bridging (DCB) support• Environmental Flexibility • 10 Gbps and 1 Gbps supported on every LAN port; 2,4, and Brocade VDX 6730-76 8 Gbps on SAN port • Direct-attached copper and SFP optical connectivity options • Switch depth less than 17 inches; reversible front-to-back airflow• Highly Resilient and Efficient Design • Brocade Fabric Watch provides proactive monitoring and notification of critical switch component failure • Simplistic design Systems, Inc. Company Proprietary Information © 2011 Brocade Communications for better MTBF and optimal power 15
    16. 16. Brocade VDX 6720 Data Center SwitchesProduct details• Built for the Virtualized Data Center • Uses Brocade fabric switching ASICs • First switches to run new Brocade Network Operating System • Virtual Cluster Switching (VCS) fabric technology • Automatic Migration of Port Profiles (AMPP) Brocade VDX 6720-• Best-In-Class Performance and Density 24 • 24 and 60 port models with Ports On Demand • Non-blocking, cut-through architecture, wire-speed • 600 ns port-to-port latency; 1.8 us across port groups• Environmental Flexibility • 10 Gb and 1 Gb supported on every port • Direct-attached copper, active optical, and SFP optical connectivity Brocade VDX 6720-60 options • Less than 17‖ switch depth and reversible front-to-back airflow• Enables Network Convergence Data Center Access • Complete FCoE support, multi-hop • iSCSI DCB support• Highly Resilient and Efficient Design • Hot code load and activation • Remote Lights Out Management • Simplistic design, optimal power efficiency© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 16
    17. 17. Brocade VDX 6710 Data Center SwitchesProduct details• Leading Performance and Density • Brocade VDX 6710-54 • Compact 1U form factor; 6 1/10 Gbps SFP+ ports; 48 1 Gbps RJ45 copper ports • Non-blocking, cut-through architecture, wire- speed • 600 ns port-to-port latency; 1.8 μs across port groups• Environmental Flexibility • Switch depth less than 17 inches; reversible front-to-back airflow Brocade VDX 6710- • Two internal, redundant, field-replaceable, load- 54 sharing AC power supplies• Highly Resilient and Efficient Design Data Center Access • Brocade Fabric Watch provides proactive monitoring and notification of critical switch component failure • Simplistic design for better MTBF and optimal power efficiency© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 17
    18. 18. CAMPUS LAN SOLUTION© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 18
    19. 19. Brocade InternetCampus Architecture Data Center Mobility Controller Call ManagerReference architecture NAC FW/IPS NetIron MLX sFlow FastIron NetIron BNA Backbone SX MLX FastIron NetIron MLX SX Access sFlow FastIron CX sFlow sFlow Core FastIron FastIron Branch SX SX sFlow Real-time traffic management Aggregation sFlow FastIron using sFlow, CX network visibility sFlow FastIron CX High availability with hitless Access failover at FWS/FCX Campus HQ edge/aggregation/core sFlow Campus Building 1 Plug-and-Play deployment Access Highly available wired Dynamic Resource Allocation and wireless access© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 19
    20. 20. Market Leading Campus Edge Stackable Portfolio Brocade ICX 6610 High-Performance Brocade FCX-S Mission-Critical NEW! GA in Q2 • 8x 10 GbE uplinks Brocade ICX 6450 Price/performance • 320 GB stacking Midmarket • Full PoE/PoE+ (up to 48 ports) Brocade ICX 6430 • 2x 10 GbE uplinks • Copper and fiber models • 64 GB stacking • Dual power supply, fans Entry-level • IPv4 and IPv6 routing • Copper and fiber • PoE/PoE+ • BGP, Multicast • 4x 10 GbE • Dual power supply, fans • MACSec, EEE-ready uplinks/stacking • IPv4 and IPv6 routing • Virtual Routing and Forwarding • 40 GB stacking • BGP, Multicast, GRE (VRF)-roadmap • 4x 1 GbE • Full PoE • ACL, VLAN scalability uplinks/stacking • PoE+ • Stackable • Basic Layer 3 • PoE/PoE+ • MACSec, EEE-ready • One fanless model • Energy Efficient Ethernet (EEE) ready Function and scalability© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 20
    21. 21. ICX6610: Most Powerful Campus StackableHighest-stacking bandwidth in the Highest-density uplinks—with 40 GbE– industry ready HW • 160 GB of stacking BW per switch • 40 GbE–ready • Hitless stacking for data and control • In addition, up to 8x10 GbE uplink ports per switchAdvanced features Optimum flexibility• Encryption via MACSEC • Redundant, removable, power supplies and fans• Energy-Efficient Ethernet (EEE) • Footprint—1RU and 16 inches deep • PoE+ with high-density power supplies (1000 W)© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 21
    22. 22. ICX6610 - Next Gen StackableProduct highlightsLeading performance and port density • 24 or 48 RJ-45 10/100/1000 Mbps port models • 24 or 48 RJ-45 10/100/1000 Mbps PoE+ port models • 24 100/1000 Mbps SFP port models • Eight dual-mode 1 GbE/10 GbE software upgradable ports • Four 40 Gbps standards-based QSFP stacking ports • Non-blocking, wire-speed architecture Brocade ICX 6610-24 Brocade ICX 6610-24PAdvanced scalability and features • Full Layer 3 feature capability (IPv4, IPv6, multicast, GRE) • Hardware-ready for encryption via MACsec • sFlow for granular network traffic accounting • 12K ACL, 16K routes, 32K MAC, 8K multicast groups Brocade ICX 6610-48High availability Brocade ICX 6610-48P • Hitless stacking failover, redundant stacking links. • Redundant, removable, load-sharing power supplies and fans • High-density power supplies (1000 W)Deployment flexibility Brocade ICX 6610-24F • Reversible front-to-back or back-to-front airflow • Hardware-ready for Energy Efficient Ethernet (EEE) • Footprint—1RU and 16 inches deep • Noise level <40 db© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 22
    23. 23. ICX6610-48P: Front and Back View Uplinks 24/48 RJ45 8x1/10 GbE Ports Redundant Power Stacking Ports Supplies 4x40 GB Redundant Fans© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 23
    24. 24. ICX 6430 & 6450 Product Overview Enterprise-Class Stackable Switching at an Entry Level Price • Cost-effective Ethernet Stacking • 40G of stacking bandwidth with 10G ports (full duplex) • Hitless stacking controller failover 24/48 x 10/100/1G with PoE+ • 384 ports per stack (ICX 6450) 2xRJ45 Console, OOB • Flexible Model Configurations • Dual-purpose uplink/stacking ports • 24/48 x 10/100/1G + 4x1G SFP uplinks/stacking • 24/48 x 10/100/1G + 4x1G/10G SFP+ uplinks/stacking • PoE/PoE+ and non-PoE models • Includes fanless model: ICX6430-24 • Advanced Features • RPS/EPS – redundant power and extended PoE power • Encryption via MACSEC 802.1ae (HW ready) ICX 6430 ICX 6450 • Energy Efficient Ethernet (EEE) (HW ready) 4 x 1G SFP 4 x 10G SFP+ • sFlow for granular traffic accounting (ICX 6450)Uplink/Stacking Uplink/Stacking (4 unit stack) (8 unit stack) • L2 and Basic L3 Features • Common CLI and feature parity with FWS • Base software includes IPv4 static routing (ICX6450) • Premium license for L3 – OSPF, RIP, VRRP 24
    25. 25. ICX 6430 and 6450 ComparisonKey Differences ICX 6430 ICX 6450 4 x 1G SFP 4 x 1/10G SFP+ 4G Stacking BW (full duplex) 40G Stacking BW (full duplex) 4 units per stack 8 units per stack 192 ports per stack 384 ports per stack Max 24 PoE+ Ports (w/ EPS1500) Max 48 PoE+ Ports (w/ EPS1500) L2 only L2 and Basic L3 via license No sFlow sFlow network monitoring No MACsec MACsec HW-ready EEE HW-ready EEE HW-ready 8K MAC addresses 16K MAC address 4 QoS queues 8 QoS queues 25
    26. 26. Entry-Level Cost-Effective Stacking• Stacking using 1G / 10G uplink/stacking ports• ICX6450: 8 units/stack; ICX6430: 4 units/stack• Stack with low-cost Direct-Attached Copper (Twinax) cables (not included with the switch)• Stacking cable length: 1 m, 3 m and 5 m• Mix stacking not supported between 6430 and 6450; 6610 and 6430/6450 (HyperEdge roadmap)• Stacking between ICX6430 24- and 48-port models is not supported• Horizontal stacking supported with fiber optics for longer distance stacking 10G 10G 26
    27. 27. ICX 6450 Switch 10G Port LicenseICX6450-2X10G-POD-LIC• Default uplink/stacking port configuration (out of the box) • 2 x 10G SFP+ ports enabled • 2 x 1G SFP ports enabled• Optional license required to upgrade 2 x 1G ports to 2 x 10G speed • ICX6450-2X10G-POD-LIC: List Price $1000• Buy only what you need, don’t need POD license for all switches within the stack 27
    28. 28. External Power SupplyICX6400-EPS1500• Provides redundant system power and PoE/PoE+ power extension • External RPS and can add to the PoE/PoE+ power budget of the switch • 19 inch rack mountable and 1U high • 3 DC cables and rackmount kit are included • EPS1500 requires 20 Amp AC power cord (included)• Connects up to 3 switches• ICX6450-48P has 2 EPS connectors to get full PoE+ on all 48-ports• No RPS support for ICX6430 -24 fanless model (for classrooms, open offices) ICX6450-48P ICX6400-EPS1500 ICX6400-EPS1500 28
    29. 29. Brocade Assurance Limited Lifetime Warranty and Phone Support Brocade Juniper Cisco HP ProcurveHW Warranty NBD Adv HW Replacement NBD Adv HW (30 days) NBD Adv HW NBD Adv HW Excludes: Optics 5 yrs Fan & PS 5 yrs: Fan & PSSW Policy SW maintenance Updates - NEW! SW Updates SW Updates SW Updates 8x5, 90 days - FCX, ICX 6610 NEW! 24x7, 90 days 8x5, 90 days 8x5 Basic Support,Remote Support 8x5, 90 days - SX from 1 yr, 24x7 Lifetime 8x5, 3 years ICX 6400 NEW! • HW Lifetime Warranty – No Change, all hardware covered except pluggable optics • SW Lifetime Updates – Includes patch releases and maintenance updates (except for ADV images) • Phone Support – Included with campus products, duration varied by product • FSX, FCX, ICX6610 - 90 days 8x5 support • ICX 6430/6450 - 3 years 8x5 support • Optional remote support available for 24 x 7 TAC support and on-site support • Warranty and support applicable for campus products sold worldwide 29
    30. 30. APPLICATION DELIVERY CONTROLLERS© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 30
    31. 31. Defining ADC• Basic features • Advanced features • Load balancing • Web application firewall • Failover • Content transformation • NAT • Application protocol optimization • Caching • Programming interface • SSL server offload • XML transformation • TCP connection multiplexing • Compression © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 31
    32. 32. MOBILITY PRODUCTS© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 32
    33. 33. 802.11n: The Need For A New ArchitectureAnd why the old models won’t work Independent Dependent SMART (Standalone) (Thin AP) Adaptive (Distributed) • 125 Mbps = Typical max real world TCP throughput Challenge For 802.11n: Challenge Best of both worlds and • Per 802.11n radio. Individual results may vary. •Difficult to manage 1. Spend more on • Scalability for 11n more… scalability • Performance/Scalability for • 250 Mbps for dual radio access point controllers 11n • Reliability/High Availability • Four dual radio access points =Oversubscribe 2. 1 Gbps • Distributed Security Wireless Controller your network Managing Scalability • 40 dual radio access points = 10 Gbps, and so on Services and Application Provider with Policy Management Standalone APs Distributed Computing and Security Enforcement at the Thin APs – Split MACs Edge© 2011 Brocade Communications Systems, Inc.
    34. 34. Brocade Mobility For High AvailabilityAll-Wireless or Wired+Wireless, Down Time Is Not Tolerated. Period. 3  1 ACCESS POINT FAILURE Neighboring mesh node backhauls the trafficData Center 1 Data Center 2 4 BACKBONE/ WAN 2 LOCAL WIRED SWITCH FAILURECampus Office Branch Office Adaptive AP(s) Dynamically Forms Mesh Connection to Neighboring AP’s and backhaul through redundant switch 2 3 WIRELESS SWITCH FAILURE Distributed cluster allows for 1 seamless transition Mesh 4 WAN LINK FAILURE Adaptive AP survivability. All Local Services Continue, Including Security© 2010 Brocade Communications Systems, Inc.
    35. 35. Securing The Network From Threat Inside &Out 1 1 INTEGRATED Wireless (L2)Data Center 1 Data Center 2 1 Firewall on WLAN Switch – Stateful Inspection of WAN Traffic BACKBONE/ INTEGRATED Firewall onBranch Office 1 4 WAN Branch Office 2 2 Adaptive AP – Stateful Inspection of Local Traffic ADAPTIVE AP is Simultaneously 2 Mesh 3 3 a WIPS Sensor for 24*7 Monitoring 4 SECURE INTEGRATED VPN Tunnel Between WLAN Switch & AP’s Central Security Policy and Control, Rogue AP Multiple Points of Enforcement© 2010 Brocade Communications Systems, Inc.
    36. 36. Security Features PREMIUM To meet regulatory and industrial compliance • AirDefense Enterprise-class ADVANCED scalability For security-conscious • Rogue detection and enterprise networks elimination • Role-based firewall • Intrusion detection (requires advanced security • Automated termination STANDARD license upgrade) • Policy compliance Baseline for most • Advanced wireless IPS and enterprise networks • Wireless troubleshooting rogue AP protection • Forensic analysis• 802.11i/WPA2 (requires advanced wireless • Location tracking• Stateful wireless firewall IPS license upgrade) • Requires license upgrade ADVANCED• Standard wireless Intrusion only; no additional hardware For security-conscious Prevention System (IPS) required enterprise networks• Rogue AP detection STANDARD STANDARD• Included without extra cost Baseline for most Baseline for most enterprise networks enterprise networks© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
    37. 37. SecurityAction Threat Feature BenefitPeer-to-Peer (P2P) file Brings network to a standstill; • Blocks well-known Prevents illicit P2P filesharing of large music organization liable for legal costs network ports in the sharing; offers better controland video files wireless firewall of Internet bandwidth • Rate limitingDeployment of Creates a large security gap by • Dedicated monitoring and Shuts down rogue APs, butunauthorized AP, soft AP allowing unauthorized users to control of rogue APs not ―friendly‖ APs, on theon laptop or smartphone use the WLAN • Wireless IPS for rogue AP perimeter of the network suppressionMalicious guest behavior Guest ―insider‖ has access to • Deploys guest portal Enables safe and secure sensitive information • Intrusion detection system Internet guest and visitor for wired networks access© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
    38. 38. Security Authentication and Wireless Firewall Wireless IPS Encryption • Layer 2, 3, and 4 Access Control • 802.1x EAP Lists (ACLs) • WPA/WPA2-TKIP, WPA2- • Layer 2 and 3 stateful packet CCMP, WEP 64, WEP 128 inspection • Captive portal guest access • 24 Denial of Service (DoS) • 37 wireless IPS signatures and registrationSTANDARD signatures • Customizable wireless IPS • Integrated RADIUS serverIncluded at no • Storm control signatures • Local user databaseextra cost • Address Resolution Protocol • Rogue AP detection • Network Access Control (ARP) spoofing protection (NAC) support • Dynamic Host Configuration • Internet Protocol Security Protocol (DHCP) offers (IPSec) Virtual Private conversion Network (VPN) • Application-layer gatewaysADVANCED • 35 additional wireless IPSRequires advanced signatures • Dynamic firewall rulewireless • Additional IPSec VPNs • Device characterization assignmentsIPS/security • Rogue AP terminationlicense • Wired rogue AP detectionPREMIUM AirDefense Enterprise for Brocade Mobility© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
    39. 39. Advanced Security• Role-based Layer 2-7 wired/wireless firewall Brocade Brocade Brocade VPN tunnels Mobility Mobility Mobility RFS4000 RFS6000 RFS7000 Without 256 300 512 ADSEC With ADSEC 256 512 1024© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
    40. 40. Brocade Mobility—Advanced Wireless IPSExcessive AP Anomaly Wireless Client802.11 replay check failure Ad hoc advertising authorized SSID Crackable WEP IV key usedAggressive scanning Ad hoc network violation DoS broadcast deauthenticationFailures reported by authentication servers Events AirJack attack Mitigation Thresholds Events Frames with bad ESSIDs Thresholds MitigationDecryption failures MU association Accidental AP default configuration Y Detect all multicast routers Fuzzing: All zero MAC address observed in the subnetDoS association orWEP IV used Crackable authentication flood AP SSID broadcast in beacon Detect all multicast systems on the subnet frame type detected Fuzzing: invalidDoS EAPOL-start flood DoS CTS storm ASLEAP attack Y Multicast DHCP server relay agent detection management frame Fuzzing: invalid DoS deauthentication detectionDoS association or authentication flood Fake AP flood Multicast HSRP agent detection Fuzzing: invalid sequence number DoS dissociation detectionEAP flood Impersonation attack detected Multicast IGMP detection Identical source and destination addressesEAP-NAK flood failure spoof DoS EAP Null probe response Multicast IGMP routers detection Fuzzing: invalid 802.1x frames detected DoS EAPoL logoff storm Y Multicast OSPF all routers detectionFrames from unassociated stations Suspicious AP—high RSSI Netstumbler (v3.2.0, 3.2.3, 3.3.0) DoS RTS flood Multicast OSPF designated routers detectionReplay injection attack Transmitting device using invalid MAC Non-changing WEP IV Essid Jack Attack detection Multicast RIP2 routers detection Unauthorized AP using authorized SSID TKIP MIC countermeasures caused by station Fake DHCP server detection Multicast VRRP agent detection Unencrypted wired leakage detected Wellenreiter Fata-Jack Attack detection NetBIOS detection ID theft—EAPOL success spoof detection Null probe response detection ID theft—out of sequence Probe response flood detection Y Invalid channel advertised Rogue AP detection Invalid management frame STP detection IPX detection Unauthorized bridge detection Y Monkey-Jack Attack detection Windows zero config memory leak WLAN Jack Attack detection © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
    41. 41. Brocade Mobility Enterprise Wireless LAN Access Points Mobility Controllers Wireless IDS Mobility 7131/7131N Mobility RFS4000 AirDefense Enterprise Mobility RFS6000 Mobility 650 Advanced Forensics LiveRF Mobility 6511 Advanced Mobility RFS7000 Troubleshooting Spectrum Analysis© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 41
    42. 42. Brocade Mobility 7131Product highlights  Scalable resilient wireless infrastructure – 802.11a/b/g/n – Adaptive Switch assisted Mesh – Mesh networking for data backhaul  Advanced features – Best solution for 802.11n with PoE+ support – 802.11h WW operation dynamic freq selection – Virtual AP: wireless VLANs, separate broadcast domains – Wireless mobility at Layer 2 or Layer 3 – WiFi Multimedia extensions for QoS  Ease of management – Zero-configuration setup using plug-and-play architecture – WLAN Manager: deploy, configure, and monitor all controllers and APs from single console  Robust security – Integrated Wireless IPS, rogue AP protection, wireless firewall, and guest access – WIPS sensor for Air Defense – 802.1x supplicant: auth to Radius server November 2009 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 42
    43. 43. Brocade Mobility 650 APKey Specifications 802.11n performance that is priced for value • Full performance on 802.3af power • 2x3 MIMO for improved RF performance • Rated for operation from 0 – 50 degrees C • Fully DFS2 compliant for full use of 5GHz channels Flexibility of installation • Dual or Single radio SKUs available • Metal Plenum rated version with external antennas • Attractive non-plenum plastic enclosure with integrated antennas© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 43
    44. 44. Brocade Mobility 6511 Wallplate Access PointConverged Wired/Wireless 802.11n connectivity 70 mm • 300 Mbps 802.11n radio • Sleek low-profile design • Optional Ethernet module 115 mm • Controller-less operation • Value pricing© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 44
    45. 45. Brocade WLAN Controller Portfolio Small campus Mission-critical campus High-performance campus • Brocade Mobility RFS4000 • Brocade Mobility RFS6000 • Brocade Mobility RFS7000 • 36 Adaptive APs • 256 Adaptive APs • 1024 Adaptive APs • 500 WLAN devices • 2000 WLAN devices • 8000 WLAN devices • For: • For: • For: • Healthcare clinics • K-12 • Higher Ed • Small businesses • Midsized campuses • Healthcare • Branch/remote offices • Large campuses© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 45
    46. 46. CONFIGURATION/ ADMINISTRATION© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 49
    47. 47. Ease of MigrationIndustry-Standard CLI Familiar CLI = Smooth transition Cisco Configuration Example: Brocade Configuration Example: interface ethernet 1 interface ethernet 1 ip address ip address ! ip ospf area interface ethernet 2 ! ip address interface ethernet 2 ! ip address router rip ip rip v2-only version 2 ! network router rip no-summary ! ! router ospf router ospf 10 area network area 0 redistribution rip redistribution rip ! ! router bgp router bgp 100 local-as 100 neighbor remote-as 200 neighbor remote-as 200© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 50
    48. 48. sFlow Technology Switch/Route sFlow Datagram (UDP6343) r forward sFlow packet src/dst sampling forwardi user URL i/f header i/f parms ng ID counters ing agent eg 128B rate src src/dst tables interface MAC poo 802.1p/Q Radius IPv4 l dst TACACS counters IPv6 802.1p/Q IPX next hop Foundry 1 in N AppleTalk src/dst samplin ASIC g mask AS path communitie s localPref Network sFlow Collector & Analyzer© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 51
    49. 49. Closed Embedded sFlow Reporting and Analysis Loop Security Issues – Traffic monitoring requires multiple devices – Difficult to deploy and maintain Solution Brocade sFlow report and analysis:IronView – All switches act as traffic sFlow monitors – Unified security and traffic analysis – Identify top talkers App and – Traffic, protocol, trend analysisWeb Servers – 802.1x user ID detection Benefits • Monitor traffic flows network-wide • Simplify network analysis • Reduce overall operational costs 802.1X and/orCall Manager MAC Authentication (IP Phones) © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 52
    50. 50. Brocade Network AdvisorSingle-Pane-of-Glass Management for Data Center Networks• Data center-wide platform for all network types: Ethernet, Fibre Channel, and DCB• Predictive event notification• Open northbound APIs NORTHBOUND APIs Brocade• Integration with leading Network Advisor orchestration tools• VMware and Microsoft ELEMENT MANAGEMENT hypervisor plug-ins LAN Converged SAN© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 53
    51. 51. Brocade Network AdvisorSimplified Management for SAN, IP and Converged Networks• Unified Network Management product for SAN, IP, Application Delivery, and Converged Networks 1 2 3 • One management GUI across FC, IP, FCoE protocols • Custom views based on Operator specialization • Flexible user management 5 6 4 with Role Based Access Control• Standards-based architecture• Provides seamless integration with leading partner Orchestration frameworks 1 SAN Operational Status 4 IP Reachability Status 2 SAN Inventory 5 IP Inventory 3 Events Summary 6 Status Summary © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 54
    52. 52. Brocade Network AdvisorEnd-to-End Service Orchestration with Leading Partner Products• Open architecture with industry- standard APIs (SMI-S, Web Services, NETCONF, SNMP) NORTHBOUND APIs• Seamless integration with leading Orchestration Frameworks and Service Delivery platforms• VMware and Microsoft hypervisor NETWORK MANAGEMENT plug-ins LAN Converged SAN © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 55
    53. 53. WHEN YOU THINKNETWORKS, THINKBROCADEDěkuji za pozornost!© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 56