celc - Архитектура коммутаторов catalyst 4500
DESCRIPTION
TRANSCRIPT
Cisco Expo Club 2011
Денисов Павел, системный инженер
Архитектура коммутаторов Catalyst 4500
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 2
Agenda Catalyst4500 chassis Supervisor modules Line cards Line cards architecture Sup7-E architecture Unicast packet walk Multicast packet walk Catalyst4500 IOS XE Flexible NetFlow
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Presentation_ID 3
Catalyst4500 Chassis
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 4
Cisco Catalyst 4500E Series Chassis
WS-C4503-E* 3 slot chassis With single Supervisor
WS-C4506-E* 6 slot chassis With Single supervisor
WS-C4507R-E 7 slot chassis With Redundant Supervisors
WS-C4510R-E 10 slot chassis with Redundant supervisors
• 3 and 6 slot chassis have supervisors in slot 1 and are non redundant chassis ( 1 supervisor only )
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 5
New Cisco Catalyst 4500E Series Chassis
WS-C4503-E
WS-C4507R+E 7 slot chassis With Redundant Supervisors
WS-C4510R+E 10 slot chassis with Redundant supervisors
WS-C4507R+E WS-C4506-E WS-C4510R+E
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 6
Catalyst 4507R+E W
S-C
4507R+E
240 Ports of 10/100/1000
11 RU Rack Units
2 Supervisors
5 Line Card Slots
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 7
Catalyst 4510R+E W
S-C
4510R+E
384 Ports of 10/100/1000
14 RU Rack Units
2 Supervisor
8 Line Card Slots
Sup6L-E Not Supported
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Presentation_ID 8
Supervisor modules
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 9
Cisco Catalyst 4500E Supervisor 7-E W
S-X
45-Sup7-E
USB
4 10G/1G Uplinks
Dual Core CPU
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 10
Cisco Catalyst 4500E Supervisor 6-E W
S-X
45-Sup6-E
10 G Twin 1G Converter
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 11
Cisco Catalyst 4500E Supervisor 6L-E W
S-X
45-Sup6L-E
10 G Twin 1G Converter
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 12
Catalyst 4500E Supervisor Comparison P
erfo
rman
ce
Supervisor 6L-E Supervisor 6-E Supervisor 7-E
Bandwidth: 280 Gbps Uplinks: 2x10G/4x1G CPU: 1 GHz DRAM: 512 MB Max Routes: 57K
Bandwidth: 320 Gbps Uplinks: 2x10G/4x1G CPU: 1.3 GHz DRAM: 512 MB Max Routes: 256 K
Bandwidth: 848 Gbps Uplinks: 4x10G/4x1G CPU: Dual Core 1.5 GHz DRAM: 2 GB Max Routes: 256 K
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 13
Catalyst 4500E Supervisor Comparison
Feature Supervisor 6L-E Supervisor 6-E Supervisor 7-E
Switching Capacity 280 Gbps 320 Gbps 848Gbps
Throughput 225 Mpps ( 125 Mpps for IPv6 )
250 Mpps ( 125 Mpps for IPv6) 250 Mpps ( 125 Mpps for IPv6)
Bandwidth / Slot Upto 24G Upto 24G Upto 48G
CPU Single Core 1 GHz Single Core 1.3 GHz Dual Core 1.5 GHz
DRAM 512 MB 512 MB ( Upgradable to 1G ) 2G ( Upgradable to 4G)
Bootflash 128 MB 128 MB 1G
Feature Supervisor 6L-E Supervisor 6-E Supervisor 7-E
Number of 10/100/1000 ports Upto 240 access Upto 4 GE uplinks
Upto 384 access Upto 4 GE uplinks
Upto 384 access Upto 4 GE uplinks
Number of 10GE ports Upto 30 on Line cards Upto 2 on Supervisors
Upto 30 on Line cards Upto 4 on Supervisors
Upto 96 on Line cards Upto 4 on Supervisors
NetFlow No Support No Support Native support 128K
Performance
Scalability
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 14
24G 24G 24G 24G
Supervisor 6-E Supervisor 6-E
24G 6G 6G 6G
WS-C4510R-E
24G 24G 24G 24G
Supervisor 7-E Supervisor 7-E
24G 24G 24G 24G
WS-C4510R-E
48G 48G 48G 48G
Supervisor 7-E Supervisor 7-E
48G 48G 48G 48G
WS-C4510R+E
24G 24G
24G 24G
Supervisor 6/6L-E Supervisor 6/6L-E
24G
WS-C4507R-E
24G 24G
24G 24G
Supervisor 7-E Supervisor 7-E
24G
WS-C4507R-E
48G 48G
48G 48G
Supervisor 7-E Supervisor 7-E
48G
WS-C4507R+E
Catalyst 4500E Investment Protection
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Presentation_ID 15
Line cards
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 16
1 Gbps per port 30W per port (IEEE802.3at) on 48 ports
WS
-X4748-R
J45V+E
Catalyst 4500E PoE Line Cards
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 17
WS
-X4648-R
J45V+E
1 Gbps per port (2:1 Oversubscribed) 30W per port (IEEE802.3at) on 24 ports
Catalyst 4500E PoE Line Cards
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 18
Catalyst 4500E Data Line Card W
S-X
4648-RJ45-E
1 Gbps per port (2:1 Oversubscribed) Data only
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 19
Catalyst 4500E 10G Fiber Line Card W
S-X
4712-SFP
+E Flexibility of 10G/1G
2.5:1 Oversubscribed if all ports used for 10G LR, SR, CX1, and LRM Optics
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 20
Catalyst 4500E 10G Fiber Line Card W
S-X
4606-X2-E
Flexibility of 10G/1G 2.5:1 Oversubscribed if all ports used for 10G LR, SR, LX4, and LRM X2 Optics
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 21
Catalyst 4500E 1G Fiber Line Card
WS
-X4612-S
FP-E
WS
-X4624-S
FP-E
12 Port GigE SX and LX Optics
24 Port GigE SX and LX Optics
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Presentation_ID 22
Line cards architecture
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 23
46xx and 47xx Line Card Speeds
Bandwidth per Slot with 46XX series line card
8 dedicated lanes to Supervisor
Each lane operates at 3Gbps
Bandwidth per Slot with 47xx series line cards
8 dedicated lanes to Supervisor
Each lane runs at 6Gbps
Packet Processor
E-Series 46xx Line Card
3 G
bps
3 G
bps
3 G
bps
3 G
bps
3 G
bps
3 G
bps
3 G
bps
3 G
bps
Packet Processor
E-Series 47xx Line Card
6 G
bps
6 G
bps
6 G
bps
6 G
bps
6 G
bps
6 G
bps
6 G
bps
6 G
bps
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 24
Catalyst-4506-E# show hw-module module 3 port-group
Module Port-group Active Inactive ---------------------------------------------- 3 1 Gi3/7-12 Te3/1-3 3 2 Te3/4-6 Gi3/13-18
4606 Linecard Port Groups
Groups of 12: 10/100/1000 or 1000 Mbps
Groups of 3: 10 GE
Groups of 6: 1 GE ports (TwinGig)
1 2 3 4 5 6
10 9 12 11 16 15 18 17 14 13 8 7
Default
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 25
Complete Flexibility of using 10G or 1G
The port will always be named TenGigabitEthernet x/y irrespective of optic being used
SUP7-E#show int status module 2
Port Name Status Vlan Duplex Speed Type Te2/1 connected routed full 10G 10GBase-SR Te2/2 connected 400 full auto 1000BaseSX Te2/3 disabled 1 full auto No XCVR Te2/4 disabled 1 full auto No XCVR Te2/3 disabled 1 full auto No XCVR <snip…..snip> Te2/11 disabled 1 full auto No XCVR Te2/12 disabled 1 full auto No XCVR
4712 Line Card Port Group
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Presentation_ID 26
Sup7-E architecture
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 27
Supervisor 7E Block Diagram - Physical
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 28 28
Catalyst 4500E Sup7-E Dual Core CPU
SUP7-E#show process cpu
Core 0: CPU utilization for five seconds: 24%; one minute: 23%; five minutes: 23% Core 1: CPU utilization for five seconds: 24%; one minute: 19%; five minutes: 19% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 1 915 918 997366 0.00 0.00 0.00 0 init 2 0 79 10810 0.00 0.00 0.00 0 kthreadd 3 247 43563 5672 0.00 0.00 0.00 0 migration/0 4 57 5786 9923 0.00 0.00 0.00 0 ksoftirqd/0 5 236 41567 5700 0.00 0.00 0.00 0 migration/1
<SNIP>
Sup 7-E has a dual-core (1.5GHz) CPU
Increased control plane scalability
Better routing , L2 convergence
2GB DRAM by default , upgradable to 4GB
Allows future Application hosting
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 29 29
Catalyst 4500E Sup7-E USB Support
SUP7-E#directory usb0:
Directory of usb0:/
38 drwx 16384 Nov 3 2009 13:43:32 +00:00 .rollback_timer 66 -rwx 257615 Nov 16 2009 12:46:52 +00:00 startup-config
Support Image, Configuration storage, booting
12 MB/s
Supported size 4G
Part number USB-X45-4GB-E
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 30
Catalyst 4500E Sup7-E Secure Digital Card
External storage by SD card on Supervisor 7-E
Average speed of data transfer between 10 MB/s – 20 MB/s
Supported size 2G . PID MEM-X45-2GB-E
Accessed by “dir disk0” command
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 31
Supervisor 7-E Uplink Configurations Supervisor 7-E uplinks can either operate in 10GE or 1GE mode
All modes are non-blocking
Any port can be used as 1GE or 10GE without any limitation
Speed selection is dynamic based on Optic type SFP / SFP+
Operationally simple
40G
4G
22G
22G
10GE 10GE 10GE 10GE
1GE 1GE 1GE 1GE
10GE 10GE 1GE 1GE
1GE 10GE 10GE 1GE
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 32
Redundant Supervisor Uplink Configurations
Supervisor 7-E uplinks can either operate in 10GE or 1GE mode
All modes are non-blocking
Different port speeds can be used on the same or across supervisors
Speed selection is dynamic based on optic type SFP/SFP+
Operationally simple
40G 10GE 10GE
10GE 10GE
4G 1GE 1GE
1GE 1GE
22G 10GE 1GE
10GE 1GE
Inactive
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 33
Supervisor 7E Packet Processor
Packet Processor
Provides Throughput
Parses Header
RMON Port Statistics
802.1q Tagging/Untagging
Shared Packet Memory (32 MB)
Data Header
Header
Forwarding Engine
Header
Data Header
Data
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 34
Supervisor 7E Forwarding Engine
Packet Lookup/Forward
Classification
Policing and Queuing
Replication
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 35
Supervisor 7E Forwarding Engine
DMAC/SMAC Lookup, STP, State
of VLANs
Input ACL/QoS
Creates NetFlow Entries and enables
NetFlow features
Stores FIB and adjacency, Unicast and Multicast entries
Output ACL/QoS
Stores VLAN Flood L2/L3 Multicast Receiver OIFs
Used for Dynamic Buffer Limiting
Transmit Queue Used for CPU, Drop and Normal queues
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Presentation_ID 36
Unicast packet walk
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 37
Supervisor 7E Packet Walk
Switch Backplane
Packet Processor
Forwarding Engine
NetFlow Engine
Line Card Line Card
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 38
Supervisor 7E Unicast Packet Walk
Packet Processor
Shared Packet Memory (32 MB)
Data Header
Header
Forwarding Engine
Data
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 39
Supervisor 7E Unicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Header
Packet Processor
Layer 2 Lookup Spanning Tree Lookup
Source/Dest MAC Lookup Decision for Layer 3 Lookup
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 40
Supervisor 7E Unicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Header
Packet Processor
Ingress ACL Permit/Deny Input QoS Policing Input QoS Marking
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 41
Supervisor 7E Unicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Packet Processor
NetFlow entries created/updated
Microflow Policing + Input Policing for the packet
NLD
NRD Header
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 42
Supervisor 7E Unicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Header
Packet Processor
Layer 3 Lookup Decision for replication
(multicast) IPv4 and IPv6 FIB
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 43
Supervisor 7E Unicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Header
Packet Processor
Egress ACL permit/deny Output policing
Marking
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 44
Supervisor 7E Unicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Header
Packet Processor
Dynamic Buffer Limiting Avoid congestion in the
output queue
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 45
Supervisor 7E Unicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Header
Packet Processor
Queued in queue memory
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 46
Supervisor 7E Unicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
New header sent out Counters incremented
Header
Packet Processor
NUD
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 47
Supervisor 7E Unicast Packet Walk
Packet Processor
Shared Packet Memory (32 MB)
Forwarding Engine
Header
Data Header
Data
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Presentation_ID 48
Multicast packet walk
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 49
Supervisor 7E Unicast Packet Walk
Packet Processor
Shared Packet Memory (32 MB)
Data Header
Header
Forwarding Engine
Data
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 50
Supervisor 7E Multicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Header
Packet Processor
Ingress ACL Permit/Deny Input Policing
Marking
Replication Module
Replication Queue
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 51
Supervisor 7E Multicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Packet Processor
NetFlow entries created/updated
Microflow Policing + Input Policing for the packet
NLD
NRD Header
Replication Module
Replication Queue
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 52
Supervisor 7E Multicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Header
Packet Processor
Layer 3 Lookup Decision for replication
(multicast) IPv4 and IPv6 FIB
Replication Module
Replication Queue
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 53
Supervisor 7E Multicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Header
Packet Processor
Entry Created in the Replication Table which
includes number of copies of the header
Replication Module
Replication Queue
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 54
Supervisor 7E Multicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Header
Packet Processor
Replication Module
Replication Queue
Replication Module checks the Replication Table to make
header copies
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 55
Supervisor 7E Multicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Header
Packet Processor
Replication Module
Replication Queue
Headers queued in Replication Queue for
respective egress interfaces
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 56
Supervisor 7E Multicast Packet Walk
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Packet Processor
Egress ACL permit/deny Output policing
Marking
Forwarding Engine Header
Replication Module
Replication Queue
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 57
Supervisor 7E Multicast Packet Walk
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Packet Processor
Dynamic Buffer Limiting Avoid congestion in the
output queue
Forwarding Engine
Header
Replication Module
Replication Queue
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 58
Supervisor 7E Multicast Packet Walk
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
Packet Processor
Queued in queue memory
Forwarding Engine
Header
Replication Module
Replication Queue
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 59
Supervisor 7E Multicast Packet Walk
Forwarding Engine
Queue Memory
DBL Hash Memory
Replication Table
STP Lookup
Input TCAM
NetFlow Engine
Forwarding Lookup
Forwarding Lookup Memory
Output TCAM
New header sent out Counters incremented
Header
Packet Processor
NUD
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 60
Supervisor 7E Multicast Packet Walk
Packet Processor
Shared Packet Memory (32 MB)
Forwarding Engine
Header
Data Header
Data
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Presentation_ID 61
Catalyst4500 IOS XE
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 62
Infra Mgmt
Drivers Kernels
IOS Classic IOS XE
Hosted Apps / Service
s Features
Components
Common Infrastructure / HA Management Interface
Module Drivers Kernel
Modern IOS to enable multi-core CPU
Allows Lower TCO capabilities such as silent roll, single sup ISSU
Smooth migration and investment protection with consistent IOS look & feel
Fast adoption of latest Borderless Networks Services
Enables open application platform
Next-Gen OS Architecture
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 63
Pre 15.0 IOS
IOS Reformation
Separate IOS Images for Each Package
Current Sup6/L-E series will remain on this model
With 15.0 IOS
Cisco Software Activation
Universal IOS image. Feature activation via license
Ease of Ordering
Services on Demand
Supported only on Sup7-E and future
Cisco Software Activation
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 64
Catalyst 4500 IOS Licensing
Enterprise Services
BGPv4 IS-IS EIGRP OSPF v2/v3 PBR VRF-Lite IP-SLA NSF Multicast VRF-Lite
IP BASE In Service Software Upgrade Stateful Switchover EIGRP Stub OSPF for Routed Access QinQ IP SLA Responder Network Mobility Services L2PT Multicast Routing Embedded Event Manager HSRP/GLBP/VRRP
Auto QoS Energywise POE + IEEE 802.3at Flexlink+ IGMP/MLD Snooping Rapid-PVST+ IEEE 802.1x Smartports PACL/VACL
LAN BASE
IP BASE
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Presentation_ID 65
Flexible NetFlow
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 66
NetFlow
Network Operation Capacity Planning Network Performance Analysis Historic Performance and Trend Analysis
Security Real Time anomaly detection Eliminate network blind spots
Compliance User Accountability Enables Industry and Government regulations
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 67
High performance Next-gen ASIC enables scalable and high-performance NetFlow monitoring, supports up to 128K cached flows
Flexibility User-defined flow records reusable in different flow monitors for different applications with per-port, per-VLAN, or per-port-per-VLAN granularity
Extensibility In-depth traffic visibility allows monitoring extensive key and non-key fields, including Layer 2, Layer 3 (IPv4 or IPv6), Layer 4 header fields
Intelligent Customizable Event Policies
Integration with EEM faciliates highly customizable event-driven policies
Broad Partner Ecosystem
Version 9 (the most flexible) format exported to a wide range of industry netflow collectors
Flexible NetFlow on Supervisor 7-E
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 68
Flexible NetFlow
Traditional NetFlow vs. Flexible NetFlow
Traditional NetFlow
NetFlow Cache
Fixed 7 keys Export
Flow cache 1
Flow Monitor 1
Flow Monitor 2
Flow Monitor 3
Flow cache 2
Flow cache 3
Export
Export
Export Destination 1
Destination 2
Destination 3
IT team#1
IT team#2
Security focused analyzer
Flexible definition of flow records applied to selected interface or VLAN
Ability to export flow information to multiple collectors/analyzers
Fixed definition of flow record globally Export only to one collector
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 69
Flexible NetFlow Record: Key Fields
IPv4 Source IP address
Destination IP address
Protocol
Precedence
DSCP
TTL
Total Length
Interface Input
IPv6 Source IP address
Destination IP address
Protocol
Traffic Class
Flow Label
Total Length
Extension Headers**
DSCP
Next-header*
Hop-Limit
Is-multicast
Transport ICMP Code
ICMP Type
IGMP Type
TCP Source Port
TCP Destination Port
UDP Source Port
UDP Destination Port
• Only first header is reported ** TBD
Layer 2 Dot1q priority
Dot1q Vlan ID
Source MAC address
Destination MAC address
--- New Key Fields in FnF
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 70
Flexible NetFlow Record: Non-Key Fields
Counters Bytes
(32 bit counters) Bytes Long
(64 bit counters) Packets
(32 bit counters) Packets Long
(64 bit counters)
Timestamp First Seen
Last Seen
IPv4
TTL Minimum
TTL Maximum
Fragmentation Flags*
ToS
IPv6
Total Length Minimum
Total Length Maximum
Option Header
Hop-limit minimum
Hop-limit maximum
Routing Forwarding Status
Is-multicast
*more fragment fields
--- New Non-Key Fields in FnF
Transport TCP Flags: ACK, FIN, PSH, RST, SYN, URG
Interface Output
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 71
Enterprise Class Catalyst 4500E
848Gbps System
82M+ Ports
650K+ Chassis
Industry Leadership
Lower TCO
Borderless Network Services Flexible NetFlow
Power over Ethernet Plus Energy Efficient Ethernet
10ms Resiliency IPv6 functionality
All specifications subject to change without notice
End-End Campus Platform Open Application Platform
Easy Upgrades Gig/10Gig upgrade flexibility
Standard service across access
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 72
Вопросы и Ответы
© 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 73
Мы хотели бы узнать Ваше мнение
Пожалуйста, заполните анкету