brocade ip productseminare.oldanygroup.cz/prezentace/05_lan v podání brocade.pdf · • brocade...
TRANSCRIPT
BROCADE IP PRODUCT Łukasz Kozłowski
Solutions Consultant Eastern Europe
May, 2012
© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 1
Me
tro
/ S
P
Da
ta C
en
ter
(LA
N)
En
terp
ris
e C
am
pu
s L
AN
Brocade IP - Product Portfolio
BigIron RX
Series
NetIron MLX /
XMR Series
ServerIron Classic/ADX
Series Data Center
Fabric Manager IronVieNetwork
Manager
FastIron CX Series
FastIron SX Series
Brocade
MLXe Routers
NetIron CER
NetIron CES
Mobility Series
Brocade 6910 Ethernet
Access Switch
NEW
VCS
Brocade VDX
6710/20/30 Switch
FastIron CX Series
Brocade Network
Advisor
ServerIron Classic/ADX
Series
NetIron CES
ICX 6610 NEW
2 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
NEW
ICX 6430/50
Vir
tua
liza
tio
n
Services on Demand
• Business Agility
• Cost Efficiency
Data Center Transformation Network Evolution
Hierarchical
LAN
SAN
• Historically 1 app:1 server; N-S traffic
• Virtualization limited scalability
• Traffic load strain
• Increasing E-W traffic
• STP: one path, narrow VM mobility
• Complex, underutilized, rigid
3 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Vir
tua
liza
tio
n
Services on Demand
• Business Agility
• Cost Efficiency
Data Center Transformation Network Evolution
Hierarchical
SAN
LAN
• More powerful, flatter network
• Higher traffic, E-W, avoid congestion
• Collapse layers reducing complexity
• High density, high bandwidth, wire-speed
• Layer 2 challenges remain… Flat
LAN
SAN
4 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Vir
tua
liza
tio
n
Services on Demand
• Business Agility
• Cost Efficiency
Data Center Transformation Network Evolution
Flat
LAN
SAN
Hierarchical
SAN
LAN
Today
SAN LAN Converged
Ethernet Fabric
Private Cloud
• Large, flat L2, high speed, HA
• All paths active–no STP
• Flexible topology
• Ability to converge IP/storage
• Wide, intelligent VM mobility
• Manage as a single entity
• Virtualize for the Cloud
5 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Ethernet Network Architecture
Next Generation Data Centre
Network vs Fabric Architecture
•More powerful, flatter network
• Higher traffic, E-W, avoid congestion
• Collapse layers reducing complexity
• High density, high bandwidth, wire-speed
• Layer 2 challenges remain…
• VCS is a Ethernet fabric
• Scalable single layer 2 domain
• Optimized for East to West traffic
• Logical Chassis Nodes working together
Layer 2
Scalability
Ethernet Fabric Architecture
Flat
LAN
SAN
6 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Brocade VCS – new design and technology for Data Center and Enterprise Networks
7 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Virtual Cluster Switching (VCS)
Logically flattens and collapses network layers
Scale edge and manage as if single switch
Auto-configuration
Centralized or distributed mgmt
Self-forming
Arbitrary topology
Fabric is aware of all members, devices, VMs
Masterless control, no reconfiguration
No Spanning Tree Protocol
Multi-path, deterministic
Auto-healing, non-disruptive
Lossless, low latency
Convergence-ready
Ethernet
Fabric Distributed
Intelligence
Logical
Chassis
Connectivity over Distance, Native Fibre
Channel, Security Services, Layer 4-7, etc. Dynamic Services
VCS
8 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Distributed Intelligence Details
• Distributed Fabric Services
• Fabric is self-forming
• Information shared across all
fabric members
• Fabric is aware of all devices
connected
• Masterless Control
• Switch or link failure does not
require full fabric
reconvergence
• Shared Port Profiles
information
• Automatic Migration of Port
Profiles (AMPP)
• Enables seamless VM migration
without compromise
• Optimized Virtual Access
Layer
• VEPA; frees host resources from
switching and policy
enforcement
Logical
Chassis Ethernet
Fabric Distributed
Intelligence
Dynamic Services
9 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Sharing Port Profiles Automatic Sharing to simplify management
Port Profile WebServer:
Enable QoS
Enable VLAN
Enable Security
Enable FCOE
10 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Brocade VM-Aware Network Automation Migration Dynamic configuration and secure communication
No need for manual configuration of MAC addresses and port profiles; less error-prone
Minimizes procedural delays between server and network IT teams
Eases configuration of multiple VCS fabrics
Protection against VM/MAC spoofing via secure vCenter communication
Brocade Network Advisor
NAS iSCSI FCoE FC
vCenter
NEW!
11 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Logical Chassis Details
• Fabric auto-configures
• Once VCS is enabled, no
configuration necessary
• Fabric behaves/managed
as a single logical chassis
• Aggregation (or Core) layer
sees one switch
• Fabric members act like a
blade in a chassis
• Logically flattens and
collapses network layers
• Fabric is self-aggregating
• Flexible fabric topologies
• Will scale to greater than
2000 device ports without
added management
Ethernet
Fabric Distributed
Intelligence
Logical
Chassis
Dynamic Services
12 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Brocade VDX – devices to create a fabric
13 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Brocade VDX product family The Flexible Choice for the Evolving Data Center
Ideal for every stage of network evolution
Ultra-low latency for unmatched performance
Superior size and power efficiency critical for today’s data center
Flexible storage connectivity for FCoE, iSCSI, and NAS
Brocade
VDX 6710
Switch
Brocade
VDX 6720
Switch
Brocade
VDX 6730
Switch
NEW!
NEW!
14 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
• Leading Performance and Density
• 32- and 76-port models with Ports on Demand (PoD)
• Brocade VDX 6730-32
• Compact 1U form factor; 24 1/10 Gbps SFP+ ports; 8x 2/4/8 Gbps Fibre Channel ports
• Brocade VDX 6730-76
• 2U form factor; 60 1/10 Gbps SFP+ ports; 16x 2/4/8 Gbps Fibre Channel ports
• Non-blocking, cut-through architecture, wire-speed
• 600 ns port-to-port latency; 1.8 μs across port groups
• Unified Storage Connectivity
• Ethernet storage connectivity for FCoE, iSCSI, and NAS storage
• Multihop FCoE and iSCSI Data Center Bridging (DCB) support
• Environmental Flexibility
• 10 Gbps and 1 Gbps supported on every LAN port; 2,4, and 8 Gbps on SAN port
• Direct-attached copper and SFP optical connectivity options
• Switch depth less than 17 inches; reversible front-to-back airflow
• Highly Resilient and Efficient Design
• Brocade Fabric Watch provides proactive monitoring and notification of critical switch component failure
• Simplistic design for better MTBF and optimal power efficiency
Brocade VDX 6730-
32
Brocade VDX 6730-76
Brocade VDX 6730 Data Center Switches Product details
15 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Data Center Access
Brocade VDX 6720 Data Center Switches
• Built for the Virtualized Data Center
• Uses Brocade fabric switching ASICs
• First switches to run new Brocade Network Operating System
• Virtual Cluster Switching (VCS) fabric technology
• Automatic Migration of Port Profiles (AMPP)
• Best-In-Class Performance and Density
• 24 and 60 port models with Ports On Demand
• Non-blocking, cut-through architecture, wire-speed
• 600 ns port-to-port latency; 1.8 us across port groups
• Environmental Flexibility
• 10 Gb and 1 Gb supported on every port
• Direct-attached copper, active optical, and SFP optical connectivity options
• Less than 17” switch depth and reversible front-to-back airflow
• Enables Network Convergence
• Complete FCoE support, multi-hop
• iSCSI DCB support
• Highly Resilient and Efficient Design
• Hot code load and activation
• Remote Lights Out Management
• Simplistic design, optimal power efficiency
16 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Product details
Brocade VDX 6720-
24
Brocade VDX 6720-60
Brocade VDX 6710 Data Center Switches Product details
Brocade VDX 6710-
54
• Leading Performance and Density • Brocade VDX 6710-54
• Compact 1U form factor; 6 1/10 Gbps SFP+ ports; 48 1 Gbps RJ45 copper ports
• Non-blocking, cut-through architecture, wire-speed
• 600 ns port-to-port latency; 1.8 μs across port groups
• Environmental Flexibility • Switch depth less than 17 inches; reversible
front-to-back airflow
• Two internal, redundant, field-replaceable, load-sharing AC power supplies
• Highly Resilient and Efficient Design • Brocade Fabric Watch provides proactive
monitoring and notification of critical switch component failure
• Simplistic design for better MTBF and optimal power efficiency
17 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Data Center Access
CAMPUS LAN SOLUTION
18 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Campus Architecture Reference architecture
Core
Aggregation
NetIron
MLX
Campus HQ
FastIron
CX
Campus Building 1
Access
FastIron
SX
Backbone
Branch
NetIron MLX
FastIron
CX
Access
FWS/FCX
Access
FastIron
SX
FastIron
CX
FastIron
SX
Call Manager
Brocade
Mobility
Controller
BNA
NAC
FW/IPS
FastIron
SX
Data Center
Internet
NetIron
MLX
Highly available wired
and wireless access
Real-time traffic
management
using sFlow,
network visibility
Dynamic Resource Allocation
High availability with hitless
failover at
edge/aggregation/core
Plug-and-Play deployment
sFlow
sFlow
sFlow
sFlow
sFlow
sFlow
sFlow
sFlow
19 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
20 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Function and scalability
Pri
ce
/p
erf
orm
an
ce
• 2x 10 GbE uplinks
• 64 GB stacking
• Copper and fiber
• PoE/PoE+
• Dual power supply, fans
• IPv4 and IPv6 routing
• BGP, Multicast, GRE
• ACL, VLAN scalability
Brocade FCX-S Mission-Critical
Market Leading Campus Edge Stackable Portfolio
NEW!
GA in Q2
• 4x 10 GbE uplinks/stacking
• 40 GB stacking
• Full PoE
• PoE+
• Basic Layer 3
• MACSec, EEE-ready
Brocade ICX 6450 Midmarket
• 4x 1 GbE uplinks/stacking
• Stackable
• PoE/PoE+
• One fanless model
• Energy Efficient Ethernet (EEE) ready
Brocade ICX 6430 Entry-level
• 8x 10 GbE uplinks
• 320 GB stacking
• Full PoE/PoE+ (up to 48 ports)
• Copper and fiber models
• Dual power supply, fans
• IPv4 and IPv6 routing
• BGP, Multicast
• MACSec, EEE-ready
• Virtual Routing and Forwarding (VRF)-roadmap
Brocade ICX 6610
High-Performance
ICX6610: Most Powerful Campus Stackable
Highest-stacking bandwidth in the
industry
• 160 GB of stacking BW per switch
• Hitless stacking for data and control
Highest-density uplinks—with 40 GbE–
ready HW
• 40 GbE–ready
• In addition, up to 8x10 GbE uplink ports per switch
Advanced features
• Encryption via MACSEC
• Energy-Efficient Ethernet (EEE)
Optimum flexibility
• Redundant, removable, power supplies and fans
• Footprint—1RU and 16 inches deep
• PoE+ with high-density power supplies (1000 W)
21 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
ICX6610 - Next Gen Stackable Product highlights
22 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Leading performance and port density • 24 or 48 RJ-45 10/100/1000 Mbps port models
• 24 or 48 RJ-45 10/100/1000 Mbps PoE+ port models
• 24 100/1000 Mbps SFP port models
• Eight dual-mode 1 GbE/10 GbE software upgradable ports
• Four 40 Gbps standards-based QSFP stacking ports
• Non-blocking, wire-speed architecture
Advanced scalability and features • Full Layer 3 feature capability (IPv4, IPv6, multicast, GRE)
• Hardware-ready for encryption via MACsec
• sFlow for granular network traffic accounting
• 12K ACL, 16K routes, 32K MAC, 8K multicast groups
High availability • Hitless stacking failover, redundant stacking links.
• Redundant, removable, load-sharing power supplies and fans
• High-density power supplies (1000 W)
Deployment flexibility • Reversible front-to-back or back-to-front airflow
• Hardware-ready for Energy Efficient Ethernet (EEE)
• Footprint—1RU and 16 inches deep
• Noise level <40 db
Brocade ICX 6610-24
Brocade ICX 6610-24P
Brocade ICX 6610-48
Brocade ICX 6610-48P
Brocade ICX 6610-24F
ICX6610-48P: Front and Back View
Uplinks
8x1/10 GbE
24/48 RJ45
Ports
Stacking Ports
4x40 GB Redundant Fans Redundant Power
Supplies
23 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
ICX 6430 & 6450 Product Overview
24
• Cost-effective Ethernet Stacking
• 40G of stacking bandwidth with 10G ports (full duplex)
• Hitless stacking controller failover
• 384 ports per stack (ICX 6450)
• Flexible Model Configurations
• Dual-purpose uplink/stacking ports
• 24/48 x 10/100/1G + 4x1G SFP uplinks/stacking
• 24/48 x 10/100/1G + 4x1G/10G SFP+ uplinks/stacking
• PoE/PoE+ and non-PoE models
• Includes fanless model: ICX6430-24
• Advanced Features
• RPS/EPS – redundant power and extended PoE
power
• Encryption via MACSEC 802.1ae (HW ready)
• Energy Efficient Ethernet (EEE) (HW ready)
• sFlow for granular traffic accounting (ICX 6450)
• L2 and Basic L3 Features
• Common CLI and feature parity with FWS
• Base software includes IPv4 static routing (ICX6450)
• Premium license for L3 – OSPF, RIP, VRRP
(ICX6450)
Enterprise-Class Stackable Switching at an Entry Level Price
ICX 6450
4 x 10G SFP+
Uplink/Stacking
(8 unit stack)
24/48 x 10/100/1G
with PoE+
ICX 6430
4 x 1G SFP
Uplink/Stacking
(4 unit stack)
2xRJ45 Console,
OOB
ICX 6430 and 6450 Comparison Key Differences
25
ICX 6430 ICX 6450
4 x 1G SFP 4 x 1/10G SFP+
4G Stacking BW (full duplex) 40G Stacking BW (full duplex)
4 units per stack 8 units per stack
192 ports per stack 384 ports per stack
Max 24 PoE+ Ports (w/ EPS1500) Max 48 PoE+ Ports (w/ EPS1500)
L2 only L2 and Basic L3 via license
No sFlow sFlow network monitoring
No MACsec MACsec HW-ready
EEE HW-ready EEE HW-ready
8K MAC addresses 16K MAC address
4 QoS queues 8 QoS queues
26
• Stacking using 1G / 10G uplink/stacking ports
• ICX6450: 8 units/stack; ICX6430: 4 units/stack
• Stack with low-cost Direct-Attached Copper (Twinax)
cables (not included with the switch)
• Stacking cable length: 1 m, 3 m and 5 m
• Mix stacking not supported between 6430 and 6450; 6610
and 6430/6450 (HyperEdge roadmap)
• Stacking between ICX6430 24- and 48-port models is not
supported
• Horizontal stacking supported with fiber optics for longer
distance stacking
Entry-Level Cost-Effective Stacking
10G 10G
ICX 6450 Switch 10G Port License
• Default uplink/stacking port configuration (out of the box)
• 2 x 10G SFP+ ports enabled
• 2 x 1G SFP ports enabled
• Optional license required to upgrade 2 x 1G ports to 2 x 10G speed
• ICX6450-2X10G-POD-LIC: List Price $1000
• Buy only what you need, don’t need POD license for all switches within the stack
ICX6450-2X10G-POD-LIC
27
External Power Supply ICX6400-EPS1500
28
• Provides redundant system power and PoE/PoE+ power extension
• External RPS and can add to the PoE/PoE+ power budget of the switch
• 19 inch rack mountable and 1U high
• 3 DC cables and rackmount kit are included
• EPS1500 requires 20 Amp AC power cord (included)
• Connects up to 3 switches
• ICX6450-48P has 2 EPS connectors to get full PoE+ on all 48-ports
• No RPS support for ICX6430 -24 fanless model (for classrooms, open offices)
ICX6400-EPS1500
ICX6450-48P
ICX6400-EPS1500
Brocade Assurance Limited Lifetime Warranty and Phone Support
• HW Lifetime Warranty – No Change, all hardware covered except pluggable optics
• SW Lifetime Updates – Includes patch releases and maintenance updates (except for ADV images)
• Phone Support – Included with campus products, duration varied by product • FSX, FCX, ICX6610 - 90 days 8x5 support
• ICX 6430/6450 - 3 years 8x5 support
• Optional remote support available for 24 x 7 TAC support and on-site support
• Warranty and support applicable for campus products sold worldwide
29
Brocade Juniper Cisco HP Procurve
HW Warranty NBD Adv HW Replacement
Excludes: Optics
NBD Adv HW (30 days)
5 yrs Fan & PS
NBD Adv HW
5 yrs: Fan & PS
NBD Adv HW
SW Policy SW maintenance Updates - NEW! SW Updates SW Updates SW Updates
Remote Support
8x5, 90 days - FCX, ICX 6610 NEW!
8x5, 90 days - SX from 1 yr, 24x7
8x5, 3 years ICX 6400 NEW!
24x7, 90 days 8x5, 90 days 8x5 Basic Support,
Lifetime
APPLICATION DELIVERY CONTROLLERS
30 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Defining ADC
• Basic features
• Load balancing
• Failover
• NAT
• Caching
• SSL server offload
• TCP connection multiplexing
• Compression
• Advanced features
• Web application firewall
• Content transformation
• Application protocol optimization
• Programming interface
• XML transformation
31 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
MOBILITY PRODUCTS
32 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
802.11n: The Need For A New Architecture And why the old models won’t work
© 2011 Brocade Communications Systems, Inc.
SMART
Adaptive (Distributed)
Dependent (Thin AP)
Managing Scalability
Wireless Controller
Thin APs – Split MACs
Independent (Standalone)
Standalone APs
Services and Application Provider
with Policy Management
Distributed Computing and
Security Enforcement at the
Edge
Challenge •Difficult to manage
scalability
Challenge
• Scalability for 11n
Best of both worlds and
more…
• Performance/Scalability for
11n
• Reliability/High Availability
• Distributed Security
• 125 Mbps = Typical max real world TCP throughput
• Per 802.11n radio. Individual results may vary.
• 250 Mbps for dual radio access point
• Four dual radio access points = 1 Gbps
• 40 dual radio access points = 10 Gbps, and so on
For 802.11n:
1. Spend more on
controllers
2. Oversubscribe
your network
Brocade Mobility For High Availability All-Wireless or Wired+Wireless, Down Time Is Not Tolerated. Period.
Campus Office Branch Office
Data Center 1 Data Center 2
2
3
4
LOCAL WIRED SWITCH FAILURE Adaptive AP(s) Dynamically Forms Mesh
Connection to Neighboring AP’s and
backhaul through redundant switch
WIRELESS SWITCH
FAILURE Distributed cluster allows for
seamless transition
WAN LINK FAILURE Adaptive AP survivability. All
Local Services Continue,
Including Security
Mesh
1 ACCESS POINT FAILURE Neighboring mesh node backhauls
the traffic
1
2
3
BACKBONE/ WAN
4
© 2010 Brocade Communications Systems, Inc.
Securing The Network From Threat Inside & Out
Branch Office 1 Branch Office 2
Data Center 1 Data Center 2
Mesh
2
3 4
INTEGRATED Firewall on
Adaptive AP – Stateful Inspection of
Local Traffic
ADAPTIVE AP is Simultaneously
a WIPS Sensor for 24*7 Monitoring
SECURE INTEGRATED VPN Tunnel Between WLAN Switch & AP’s
1 INTEGRATED Wireless (L2)
Firewall on WLAN Switch – Stateful
Inspection of WAN Traffic
4
3
1 1
2
Rogue AP
Central Security Policy and Control,
Multiple Points of Enforcement
BACKBONE/ WAN
© 2010 Brocade Communications Systems, Inc.
Security Features
• 802.11i/WPA2
• Stateful wireless firewall
• Standard wireless Intrusion
Prevention System (IPS)
• Rogue AP detection
• Included without extra cost
STANDARD Baseline for most
enterprise networks
• Role-based firewall
(requires advanced security
license upgrade)
• Advanced wireless IPS and
rogue AP protection
(requires advanced wireless
IPS license upgrade)
• Requires license upgrade
only; no additional hardware
required
ADVANCED For security-conscious
enterprise networks
• AirDefense Enterprise-class
scalability
• Rogue detection and
elimination
• Intrusion detection
• Automated termination
• Policy compliance
• Wireless troubleshooting
• Forensic analysis
• Location tracking
PREMIUM To meet regulatory and industrial compliance
© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
STANDARD Baseline for most
enterprise networks
STANDARD Baseline for most
enterprise networks
ADVANCED For security-conscious
enterprise networks
Security
Action Threat Feature Benefit
Peer-to-Peer (P2P) file
sharing of large music
and video files
Brings network to a standstill;
organization liable for legal costs
• Blocks well-known
network ports in the
wireless firewall
• Rate limiting
Prevents illicit P2P file
sharing; offers better control
of Internet bandwidth
Deployment of
unauthorized AP, soft AP
on laptop or smartphone
Creates a large security gap by
allowing unauthorized users to
use the WLAN
• Dedicated monitoring and
control of rogue APs
• Wireless IPS for rogue AP
suppression
Shuts down rogue APs, but
not “friendly” APs, on the
perimeter of the network
Malicious guest behavior Guest “insider” has access to
sensitive information
• Deploys guest portal
• Intrusion detection system
for wired networks
Enables safe and secure
Internet guest and visitor
access
© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Security
Authentication and
Encryption Wireless Firewall Wireless IPS
STANDARD
Included at no
extra cost
• 802.1x EAP
• WPA/WPA2-TKIP, WPA2-
CCMP, WEP 64, WEP 128
• Captive portal guest access
and registration
• Integrated RADIUS server
• Local user database
• Network Access Control
(NAC) support
• Internet Protocol Security
(IPSec) Virtual Private
Network (VPN)
• Layer 2, 3, and 4 Access Control
Lists (ACLs)
• Layer 2 and 3 stateful packet
inspection
• 24 Denial of Service (DoS)
signatures
• Storm control
• Address Resolution Protocol
(ARP) spoofing protection
• Dynamic Host Configuration
Protocol (DHCP) offers
conversion
• Application-layer gateways
• 37 wireless IPS signatures
• Customizable wireless IPS
signatures
• Rogue AP detection
ADVANCED
Requires advanced
wireless
IPS/security
license
• Additional IPSec VPNs • Dynamic firewall rule
assignments
• 35 additional wireless IPS
signatures
• Device characterization
• Rogue AP termination
• Wired rogue AP detection
PREMIUM
AirDefense Enterprise for Brocade Mobility
© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Advanced Security
• Role-based Layer 2-7 wired/wireless firewall
VPN tunnels
Brocade
Mobility
RFS4000
Brocade
Mobility
RFS6000
Brocade
Mobility
RFS7000
Without
ADSEC 256 300 512
With ADSEC 256 512 1024
© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Brocade Mobility—Advanced Wireless IPS
Excessive AP Anomaly Wireless Client
802.11 replay check failure Ad hoc advertising authorized SSID Crackable WEP IV key used
Aggressive scanning Ad hoc network violation DoS broadcast deauthentication
Failures reported by authentication servers AirJack attack Frames with bad ESSIDs
Decryption failures AP default configuration Fuzzing: All zero MAC address observed
DoS association or authentication flood AP SSID broadcast in beacon Fuzzing: invalid frame type detected
DoS EAPOL-start storm ASLEAP attack Fuzzing: invalid management frame
DoS association or authentication flood Fake AP flood Fuzzing: invalid sequence number
EAP flood Impersonation attack detected Identical source and destination addresses
EAP-NAK flood Null probe response Fuzzing: invalid 802.1x frames detected
Frames from unassociated stations Suspicious AP—high RSSI Netstumbler (v3.2.0, 3.2.3, 3.3.0)
Replay injection attack Transmitting device using invalid MAC Non-changing WEP IV
Unauthorized AP using authorized SSID TKIP MIC countermeasures caused by station
Unencrypted wired leakage detected Wellenreiter
Events Thresholds Mitigation Events Thresholds Mitigation
Accidental MU association Y Detect all multicast routers in the subnet
Crackable WEP IV used Detect all multicast systems on the subnet
DoS CTS flood Y Multicast DHCP server relay agent detection
DoS deauthentication detection Multicast HSRP agent detection
DoS dissociation detection Multicast IGMP detection
DoS EAP failure spoof Multicast IGMP routers detection
DoS EAPoL logoff storm Y Multicast OSPF all routers detection
DoS RTS flood Multicast OSPF designated routers detection
Essid Jack Attack detection Multicast RIP2 routers detection
Fake DHCP server detection Multicast VRRP agent detection
Fata-Jack Attack detection NetBIOS detection
ID theft—EAPOL success spoof detection Null probe response detection
ID theft—out of sequence Probe response flood detection Y
Invalid channel advertised Rogue AP detection
Invalid management frame STP detection
IPX detection Unauthorized bridge detection Y
Monkey-Jack Attack detection Windows zero config memory leak
WLAN Jack Attack detection
© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Mobility 6511
Brocade Mobility Enterprise Wireless LAN
Access Points Mobility Controllers Wireless IDS
Mobility
7131/7131N
AirDefense Enterprise
LiveRF Advanced Forensics
Advanced
Troubleshooting Spectrum Analysis
Mobility 650
Mobility RFS7000
Mobility RFS4000
Mobility RFS6000
41 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Brocade Mobility 7131 Product highlights
Scalable resilient wireless infrastructure
– 802.11a/b/g/n
– Adaptive Switch assisted Mesh
– Mesh networking for data backhaul
Advanced features
– Best solution for 802.11n with PoE+ support
– 802.11h WW operation dynamic freq selection
– Virtual AP: wireless VLANs, separate broadcast
domains
– Wireless mobility at Layer 2 or Layer 3
– WiFi Multimedia extensions for QoS
Ease of management
– Zero-configuration setup using plug-and-play
architecture
– WLAN Manager: deploy, configure, and monitor all
controllers and APs from single console
Robust security
– Integrated Wireless IPS, rogue AP protection,
wireless firewall, and guest access
– WIPS sensor for Air Defense
– 802.1x supplicant: auth to Radius server November 2009 42 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Brocade Mobility 650 AP Key Specifications
802.11n performance that is priced for value • Full performance on 802.3af power • 2x3 MIMO for improved RF performance • Rated for operation from 0 – 50 degrees C • Fully DFS2 compliant for full use of 5GHz channels
Flexibility of installation • Dual or Single radio SKUs available • Metal Plenum rated version with external antennas • Attractive non-plenum plastic enclosure with integrated antennas
43 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Brocade Mobility 6511 Wallplate Access Point Converged Wired/Wireless 802.11n connectivity
11
5 m
m
70 mm • 300 Mbps 802.11n radio
• Sleek low-profile design
• Optional Ethernet module
• Controller-less operation
• Value pricing
44 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Brocade WLAN Controller Portfolio
• Brocade Mobility RFS4000
• 36 Adaptive APs
• 500 WLAN devices
• For:
• Healthcare clinics
• Small businesses
• Branch/remote offices
• Brocade Mobility RFS6000
• 256 Adaptive APs
• 2000 WLAN devices
• For:
• K-12
• Midsized campuses
Small campus Mission-critical campus High-performance
campus
• Brocade Mobility RFS7000
• 1024 Adaptive APs
• 8000 WLAN devices
• For:
• Higher Ed
• Healthcare
• Large campuses
45 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
CONFIGURATION/ ADMINISTRATION
49 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Brocade Configuration Example:
interface ethernet 1
ip address 10.1.1.1 255.255.255.0
ip ospf area 0.0.0.0
!
interface ethernet 2
ip address 20.1.1.1 255.255.255.0
ip rip v2-only
!
router rip
!
router ospf
area 0.0.0.0
redistribution rip
!
router bgp
local-as 100
neighbor 209.157.23.99 remote-as 200
Ease of Migration Industry-Standard CLI
Cisco Configuration Example:
interface ethernet 1
ip address 10.1.1.1 255.255.255.0
!
interface ethernet 2
ip address 20.1.1.1 255.255.255.0
!
router rip
version 2
network 20.0.0.0
no-summary
!
router ospf 10
network 10.1.1.0 0.0.0.255 area 0
redistribution rip
!
router bgp 100
neighbor 209.157.23.99 remote-as 200
Familiar CLI = Smooth
transition
50 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
sFlow Technology
Foundry ASIC
1 in N sampling
packet header src/dst i/f sampling parms forwarding user ID URL i/f counters sFlow agent
forwarding tables
interface counters
sFlow Datagram (UDP6343)
eg 128B MAC IPv4 IPv6 IPX AppleTalk
rate pool
src 802.1p/Q dst 802.1p/Q next hop src/dst mask AS path communities localPref
src/dst Radius TACACS
sFlow Collector & Analyzer
Switch/Router
Network
51 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Embedded sFlow Reporting and Analysis
Call Manager
App and Web Servers
IronView
802.1X and/or
MAC Authentication (IP Phones)
Closed Loop
Security
sFlow
Issues – Traffic monitoring requires
multiple devices
– Difficult to deploy and maintain
Solution Brocade sFlow report and analysis:
– All switches act as traffic
monitors
– Unified security and traffic
analysis
– Identify top talkers
– Traffic, protocol, trend analysis
– 802.1x user ID detection
Benefits
• Monitor traffic flows network-wide
• Simplify network analysis
• Reduce overall operational costs
52 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
Brocade Network Advisor
• Data center-wide platform for all network types: Ethernet, Fibre Channel, and DCB
• Predictive event notification
• Open northbound APIs
• Integration with leading orchestration tools
• VMware and Microsoft hypervisor plug-ins
Single-Pane-of-Glass Management for Data Center Networks
© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 53
LAN Converged SAN
ELEMENT MANAGEMENT
NORTHBOUND APIs
Brocade Network Advisor
Brocade Network Advisor Simplified Management for SAN, IP and Converged Networks
• Unified Network Management product for SAN, IP, Application Delivery, and Converged Networks
• One management GUI across FC, IP, FCoE protocols
• Custom views based on Operator specialization
• Flexible user management with Role Based Access Control
• Standards-based architecture
• Provides seamless integration with leading partner Orchestration frameworks
54 54 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
1 2
4 5
3
6
1 SAN Operational Status
2 SAN Inventory
3
IP Reachability Status 4
IP Inventory 5
Events Summary 6 Status Summary
Brocade Network Advisor End-to-End Service Orchestration with Leading Partner Products
LAN Converged SAN
NETWORK MANAGEMENT
NORTHBOUND APIs
• Open architecture with industry-standard APIs (SMI-S, Web Services, NETCONF, SNMP)
• Seamless integration with leading Orchestration Frameworks and Service Delivery platforms
• VMware and Microsoft hypervisor plug-ins
55 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
WHEN YOU THINK NETWORKS, THINK BROCADE
Děkuji za pozornost!
© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 56