Cisco SecureX 架构
Cisco
徐洪涛
高级安全顾问
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
引入了新的威胁
美国医院笔记本电脑失窃:
14,000 病人记录丢失
400+ 移动终端的恶意软件出现
预计到年底有超过1000 个
© 2010 Cisco and/or its affiliates. All rights reserved.
Skype 带来了后门
IM 能够绕过安全控制
新的攻击浮出水面- 针对VM和
Hypervisor的攻击
缺乏对虚拟网络内部的控制
- 缺乏安全策略
Cisco Confidential
2
如何保护云/虚拟化主机上的数据
用户自有设备的新的安全风险
如何保护扩展网络的边界和连接
不一致的无线、有线控制策略
零碎的安全方法－二十多个厂商，不同
的安全架构
我们需要一个新的安全方法
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
3
= Cisco
安全系统
远程访问
协作
虚拟化
移动
Asset Mgmt
Zero Day
云
设备
取证
设备安全
AV
Lock / Wipe
Encryption
审计
设备管理.
应用安全
数据控制
数据内容安全
Email
认证
网络与系统管理
Logging
Coding / Hardening
Web Application
Web
Penetration
Encryption
DLP
Monitoring
Alerting
Directories
策略
APIs
网络安全
Firewall
IDS / IPS
VPN
可信系统
架构
© 2010 Cisco and/or its affiliates. All rights reserved.
物理
设备
网络
计算
存储
Cisco Confidential
4
情景感知的策略执行
Cisco
网络基础架构
网络设备集成 独立硬件平台
云安全服务
TrustSec
访问控制
访问控制
TrustSec
安全访问终端
AnyConnect
情景感知的策略
网络
可见性
情景感知
可控性
Nexus 1K and Cloud
安全的虚拟化云数据中心
Connected Network
Cisco SIO
智能威胁防御
应用编程接口API
安全管理
© 2010 Cisco and/or its affiliates. All rights reserved.
安全服务
合作伙伴
Cisco Confidential
5
在全网范围增强可见性与安全的执行。
提供基于身份、终端状态、位置、设备和
时间的动态策略，集成于网络设备进行访
问控制
对终端、网络和数据流提供端到端的加密
安全连接
保护虚拟化的云数据中心
提供全球智能威胁感知与防御
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
Identity
Services
Engine
入策略控制点
终端用户
Cisco Wireless
LAN Controller
?
Cisco
Catalyst Switch
MACsec
Devices
Active
Directory
出策略控制点
Cisco
Catalyst Switch
Campus
Network
Cisco
Router
Cisco
Nexus Switch
MACsec
Cisco
ASA
?
受保护的网
络资源
CISCO解决方案
• 一致的，基于情景感知t的策略，集成的网络设备执行。
• 分布式、智能的在整个网络当中执行策略
• 基于安全分组的标签、访问控制
• ©基于MACsec的加密传输，保护数据私密性
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
Identity
Services
Engine
Cisco
ASA
Campus
Network
Internet
移动员工+
AnyConnect Client
Cisco
Catalyst Switch
+ TrustSec
Active
Directory
Cisco
Nexus
Switch +
TrustSec
受保护的网
络资源
CISCO解决方案
• 业界唯一的统一客户端方案
• Secure Mobility提供安全的远程接入
• 提供对跨平台终端的支持
• 对有线、无线和VPN连接，提供统一的情景感知的策略
• 基于SSL和MACsec的加密集成，保证了数据传输的私密性
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
分支办公
室
18xx
ScanSafe
on
ISR G2
28xx
Site-to-site VPN
(GetVPN
DMVPN)
总部
ASR
ASR
38xx
CISCO 解决方案
• 全面的VPN方案 VPN (IPSec, EZVPN,GET VPN, DMVPN, SSL, …) 满足多种场景
• 集成的分支解决方案，提供最低的TCO，包括：FW, IPS, VPN,ScanSafe等
• 集成了安全、广域网加速、无线，简化部署，减少开支
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
9
整合
虚拟化
数据中心分布层
ASA
5585-X
Nexus
7018
Nexus
7018
云
Unified
Computing
System
ASA
5585-X
Nexus
1000V
VSG
Email
Firewall
IPS
Web
NAM
CISCO 解决方案
• 高性能的 ASA 和新的防火墙模块ASA-SM专为为DC设计
• VSG在VM的安全区域上执行，动态的可扩展的操作
• 基于云的邮件和WEB安全服务
• 在物理和虚拟环境下统一的安全策略
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
10
SIO 全球威胁智能
Inside
Malware
Cisco ASA, IPS
and TrustSec.
Malware
Hacker
Mobile Worker
Internet
Content security: IronPort
email and web appliances
Campus
Network
Inside
Attacker
CISCO解决方案
•
•
•
•
CSIO提供全球最大的智能威胁系统和数据库，提供信誉度关联
为用户侧的防火墙、IPS、邮件和WEB安全提供全球智能
混合模式、基于云的邮件和WEB安全
在网络基础设施中，智能内置安全防护
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
11
1
您使用了基于云的新的业务模型了吗？
2
你的员工用他自己的智能手机/PDA/PC
来办公吗？
3
你需要防护一些协作工具或者其他社会
媒体站点带来的安全漏洞？
4
您主动的去防范一些最新的威胁吗？您
如何去面对零日威胁？
5
您有法规遵从上的要求吗？您是如何去
遵从它的？
6
您在全网当中执行一致的安全策略吗？
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
12
1
全面网络可见性与可控性——增强防护、减少复杂度
2
全网一致的基于context的策略
3
独有的安全智能，帮助您发现和防护最新的威胁
4
与网络的紧密集成，提供从端点到数据中心的可扩展安全
5
业界最全面领先的安全产品线和专业服务
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
13
新一代Catalyst 6500 平台
思科中国无边界网络事业部
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
14
议程
新一代Catalyst 6500概览
―2T‖ 产品系列
新一代Catalyst 6500在无边界网络中价值
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
15
…及为何思科持续投资6500系列
超过 700,000 整机部署
© 2010 Cisco and/or its affiliates. All rights reserved.
超过 $42B 销售额
Cisco Confidential
16
自Sup1和Sup720以来最重大更新
Sup2T
Sup720
Sup1
Sup720
Sup2
Cat5K
1999
$1B
2003
$13B
2011
$42B
1st Multicast Replication in ASICs
1st IPv6 switching in ASICs
1st Netflow in ASICs
1st MPLS in ASICs
1st Multicast IPv6 in ASICs
1st MVPN in ASICs
1st Service Mod. Integration
1st UC Integration
1st Virtual Switching
Driving IGMP Snooping Std.
Driving 802.1af Std
1st UDLD, TDR, GOLD, EEM
1st PVLAN, DAI, DHCP Snooping
1st NSF/SSO
1st RPSAN, ERSPAN, WCCP
500+ Patents
无数行业标准的建立, 重要技术的普及
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
17
Sup2T and 6513-E
69xx Series 单槽 80Gbps
8p 10G全线速
单端口256M缓存
4p 40G/16p 10G
Built-in DFC4
68xx/67xx
Series 单槽40Gbps
1GbE Fiber: 24p/48p
10/100/1000: 48p
10GBASE-T: 16p
10G Fiber: 16p
Built-in DFC4
服务模块
WiSM-2
ASA-SM
NAM-3
ACE-30
创新
Cat6500-E
投资保护
支持所有E-系机框
© 2011 Cisco and/or its affiliates. All rights reserved.
支持67xx 线卡升级
支持所有61XX
POE/ POE+线卡
支持旧款服务模块
Cisco Confidential
18
兼具性能和服务优势
4T VSS
40G 端口就绪
Tunnels, L3VPNomGRE
L3SGT For TrustSec Interoperability
OTV, Trill Ready
Flexible Netflow
VSS 4T
Next Gen
核心
Cat6k/Sup2T
4T VSS
Integrated NG Svcs (WisM2, ASA, NAM,
ACE-30), Multicast HA
Smart Install Director*
OTV, Trill Ready
Flexible Netflow, Egress Netflow
VSS 4T
Next Gen
汇聚
Cat6k/Sup2T
TrustSec
EnergyWise
NGPoE (60W) Ready
Flexible Netflow
IPv6 First Hop Sec.
Next Gen
Cat4k/ Sup7-E
Cat3k/ 3750X
Cat2K/2960S
接入
安全
弹性
© 2011 Cisco and/or its affiliates. All rights reserved.
健壮
虚拟化
简单
视频优化
VDI就绪
支持IPv6
Cisco Confidential
19
完整的核心网络特性集合
720
丰富的接入网络特性集合
2T
强大的核心矩阵
4T VSS
40G ready
L3VPN o mGRE
Sup32
WAN
720
2T
完善的PoE+ 能力
Smart Install*
EnergyWise
完整的虚拟化支持
Medianet
完善的高可用性
TrustSec Identity Kit
TrustSec Reflector
IPv6 First Hop Security
VRF-Lite, L3VPN, L2VPN, EVN*, LISP*
VSS Quad Sup SSO*
业界领先的IPv6和多播支持
Tunnels, URPF, 256K mcast Groups
业界领先的流量分析能力
Flexible Netflow, Egress, Sampled
完善的安全特性
TrustSec, L3 SGT,
性能卓越的新一代服务模块
WisM2*, ASA SM*, NAM*, ACE30
© 2011 Cisco and/or its affiliates. All rights reserved.
DHCP Snooping
Dynamic ARP Inspection
IP Source Guard
PACL
Autosecure
Smartports/Auto QoS
Auto Smartports*
OSPF Router Acces
Cisco Confidential
20
•
•
•
•
•
Industry Leading Table Scalability: ACL, Netflow, IPv4/v6
Industry Leading Packet Buffers: up to 256MB/10GbE port
Industry Leading Multicast Forwarding Capabilities
Up to 16K Bridge Domains for scalable Cloud Deployments
Drive transition from 1GbE to 10GbE/40GbE
虚拟化
•
•
•
•
•
128K MAC Table (effective +50% vs. Sup720)
VPLS in HW for L2 extension/VM Mobility
Large L2 domains up to 1152 GbE ports/VSS for VM Mobility
LISP and OTV ready
Insert 10GbE to the server with 10GBASE-T
运维简化
•
•
•
•
•
Simplify w/ VSS: no STP, no FHRP, reduced mgmt overhead
Preserve IOS operational model for ―brownfield‖ deployments
Only Catalyst with Lights out management (CMP)
CoPP, SPAN/RSPAN/ERSPAN/mini protocol analyzer…
Open Manageability with XML/Web service API
•
•
•
•
•
ASA-SM Firewall blade for up to 64 Gbps (Chassis Performance)
ACE-30 Load Balancer for up to 16 Gbps
Performance analytics and 1588 services with NAM-3
Up to 13M Netflow entries w/ FNF, Sampled, Egress, Multicast…
Full IPv6 Hardware parity with IPv4
可扩展性
丰富服务
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
21
特性
每槽带宽
C6K-Sup2T
EX8200
A9500/A7500
C4500
N7000
80 G
80 G
60-120G/24-48G
48 G
230 G
虚拟交换系统
*
MPLS/VPLS
安全服务模块
无线服务模块
网络分析模块
可采样Netflow
灵活Netflow
ERSPAN/EEM/GOLD
TrustSec
路由表规模(IPv4)
1M
512K
256K
256K
1M
支持40G端口
LISP 就绪
EVN 就绪
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
22
议程
新一代Catalyst 6500概览
―2T‖ 产品系列介绍
新一代Catalyst 6500在无边界网络中价值
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
23
PFC3/DFC3
PFC4/DFC4
L2 MAC Table
96K
128K
Bridge Domains
4K
16K
MacSec/SGACL
–
Y
3 bits
8 bits
48
60
256K/1M
256K/1M
L3 Interfaces
4K
128K
Netflow Table
128K/256K
512K/1M
Security ACL Table
32K
64K/256K
QoS ACL Table
32K
Programmable
ACL Labels
4K
16K
Port ACLs
2K
8K
Aggregate Policers
1K
8K
Shared uflow Policers
63
512
Etherchannel Hash
L2/IPv4 Mpps
FIB Table
Sup2T
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
24
Cisco TrustSec
E-OAM 3.0
Stateful EoMPLS
RBACL
IPSLA support for EVC
Etherchannel Enhancements
TrustSec Ingress/Egress reflector
802.1ag CFM Draft 8
Native VPLS
SGT Tagging and Filtering
Service Module Support
VRF aware SSH, FTP, NTP
Dry run for ACLs
On Board Failure Logging
DAI accelerated in HW
Atomic ACL Update
Netconf, Http, Soal, TCL… over IPv6
WCCP Closed group
Flexible Netflow
IPv6 uRPF
MQC Queuing policy for ingress/egress
Egress Netflow
PACL support for IPv6
DSCP classification
Sampling Netflow in HW
CMP
QoS ACL per policy class
Hardware CoPP
XML Programmatic interface
Per-protocol statistics
New level of IPv6 support
Web Service
PIM Registers in HW
Per VLAN broadcast statistics
Distributed Aggregate Policers
IP-Based IGMPv3 Snooping support
EEM v3.0
Bi-dir Enhancements
EVC 2.0
ACL/QoS scalability
uRPF + ACL
New ACL classifications Options
VPLS
NAT
TrustSec
FnF
QoS
MCast
MPLS
IPv6
ACL Enh.
CoPP Enh
CMP
XML API
Cisco IOS Software 12.2(33)SXI3 Features Set
…总计超过200项新特性支持!
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
25
8端口 10G 全线速线卡
4端口 40G 线卡
• Two SKUs: regular and XL tables (DFC4)
• IEEE 802.3ba standard compliant
• X2 Transceiver or SFP+ w/ adapter
• Two SKUs: regular and XL tables (DFC4)
• Wire Rate MacSec (IEEE 802.1AE)
• CFP Transceiver for 40G, SFP+ for 10G
• Large packet buffers (256MB/port)
• Wire Rate MacSec (IEEE 802.1AE)
• Virtual Switch Link (for VSS)
• 10G mode via FourX adapter
• A-VPLS , OTV and LISP ready*
• Virtual Switch Link (for VSS)
• A-VPLS , OTV and LISP ready*
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
26
2010年九月全球演示业界第一款40G交换线卡
业界第一款单端口40G模块化
交换平台
• Showcased industry’s
40GE
first modular 40GE with
Cat 6500 at the Nov. 2010
Supercomputing show
• Showcased industry first
10GE
10GE
10GE
10GE
100GE with CRS-3
• Demonstrated interoperability
Cisco
USC C200 M2
Cisco
USC C200 M2
with 40 GE Server as well as
with variety of cable and
transceivers
Reference: http://www.ethernetalliance.org/files/static_page_files/2Ethernet_Alliance_Demonstration_at_SC10.pdf
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
27
61xx
Line Cards
Legacy
Service Modules
Next Gen.
Service Modules
WS-X6148A-RJ-45
FWSM
ASA-SM
WS-X6148A-45AF
ACE 20
ACE 30
WS-X6148-FE-SFP
WiSM
WiSM-2
WS-X6148A-GE-TX
NAM-1
NAM-3
WS-X6148A-GE-45AF
NAM-2
WS-X6148E-GE-AT
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
28
新一代无线服务模块- WiSM-2
Performance
Access Points
Clients
Concurrent AP Upgrade/Joints
Mobility, Domain Size
10 Gbps
500
10,000
UP to 16 Gbps
Performance
Up to 6 Gbps
Compression
30,000
250
Virtual Context
Up to 18,000 APs
250
VLANs
Monitoring Performance
10 Gbps Plus
Capture to External Disk
Up to 5 Gbps
1588
Timestamps
新一代防火墙模块- ASA-SM
64 Gbps
16 G
10,000,000
300,000
250
HW Filters/ Pkt Captures
© 2010 Cisco and/or its affiliates. All rights reserved.
Transactions per Second
Up to 500
新一代流量分析模块- NAM-3
Performance Analytics
新一代负载均衡模块- ACE-30
1,000
Chassis Performance
Performance
Concurrent Sessions
Connections per Second
Security Contexts
VLANs
Cisco Confidential
29
议程
新一代Catalyst 6500概览
―2T‖ 产品系列
新一代Catalyst 6500在无边界网络中价值
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
30
TrustSec
VSS 4T
Security ToolKit
Application
Performance and
Monitoring
Manageability
Energy
Sustainability
VSS 4T
Network
Virtualization
Robust Control Plane
IPv6
MediaNet
VSS4T
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
31
Security Group Tagging and forwarding
Sup2T上
的思科
TrustSec
Security Group Enforcement
MACSec Encryption
TrustSec Reflector
TrustSec on VSS
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
32
SGT Enforcement
SGT=7
IT Portal (SGT 4)
Users,
Endpoints
LWA
802.1X
Sup2T
Campus
Network
Sup2T
Sup2T
ACS v5.1
Active
Directory
MAB
Agent-less
Device
SGT Assignment
Public Portal (SGT 8)
Internal Portal (SGT 9)
Doctor (SGT 7)
IT Admin (SGT 5)
Untagged Frame
Patient Record DB (SGT 10)
Tagged Frame
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
33
 802.1ae 线速数据加解密及完整性控制
 从二层开始防止非法攻击
 防嗅探
 防篡改
 防攻击
 不影响其他包侦测特性
 点到点部署, 可按链路情况控制
 支持EoMPLS上的MacSec
 保障全园区汇聚及核心网络链路层数据安全
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
34
适用于高流量骨干网络
CPU优化
Optimal CPU utilization
with Yielding Netflow
Data Export, direct
export from
linecard
Flexible
Netflow
CPU Friendly
Export
支持出口方向NetFlow
Allow to use netflow
after ingress lookup is
done (ex: after DSCP
remarking is done)
Allow to account for
multicast traffic per
destination instead of
per group
© 2010 Cisco and/or its affiliates. All rights reserved.
灵活性及可自定义性
Increased flexibility and
customization by selecting the
fields to match and collect
Egress
Netflow
Sup2T
Netflow
Up to 13M
Flows/
System
Sampled
Netflow in
Hardware
更强flow处理能力
Bigger tables mean
more entries per DFC.
Up to 13 million entries
with a 13 slot chassis.
You can get better
visibility in your
network
优化硬件利用率
To optimize the Netflow
tables utilization and
minimize load on
analyzers
Cisco Confidential
35
Sup720
Sup2T
MPLS
• 1000 VRF support
• MPLS TE, CSC
• Multicast VPN
• 4000 VRF support
• L3VPN o mGRE
• Label Switched Multicast (LSM)*
VRF-Lite
• Up to 8 VRFs
• Easy Virtual Networks (EVN)*
• 32 VRFs
VRF Services
• VRF aware ACLs, VACL, BFD,
HSRP, PBR, Syslog, TACACS,
Telnet, GLBP, VRRP
• VRF aware: WCCP, NTP, SSH,
FTP, IPv6 Tunnels
• VPLS on WAN linecards
• Advanced VPLS
• EoMPLS Native Ethernet
• Native VPLS any Ethernet port
• No multicast flooding on VPLS*
•
•
•
•
•
• MPLS interface counters
• MPLS aware Netflow P Router*
• Flexible Netflow for MPLS
L2VPN
Operations
© 2010 Cisco and/or its affiliates. All rights reserved.
Set syslog to a VRF loopback
MPLS egress Netflow
Call Home email in a VRF
NDE collector in a VRF
IP SLA Phase 1
Cisco Confidential
36
Sup720
Sup2T
Performance
• 24 million IPv6 pps
• 512k IPv6 Routing Entries (XL)
• 390 million IPv6 packets/second
• 512k IPv6 Routing Entries (XL)
Services
• IPv6 ACE-30 Load Balancing
• IPv6 WISM-2 Wireless Controller
• IPv6 ASA Service Module
• IPv6 Flexible Netflow
• IPv6 BFD
• WCCPv3*
Operations
• IPv6 SNMP, Syslog, SSH,
• Stateless autoconfiguration
• IPv6 NTPv4
•
•
•
•
IPv6 interface counters, IPv6 Tunnel MIB
IPv6 Interface MIBs RFC 4292 RFC 4293
IPv6 SLA, TCL, LLDP
OSPFv3 Max Metric minimize downtime*
Core
Aggregation
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
IPv6 Unicast and Multicast High Availability
BGPv6 Graceful Restart
OSPFv3 Graceful Restart/IPSec Authentication
OSPFv3 Fast Convergence SPF
IPv6 CoPP, EIGRPv6 VRF-Lite
IGMPv3/MLDv2 Snooping
Unified VRRP*
OSPFv3 VRF PE-CE*
Security
• First Hop Security: PACL and RA Guard
• IPv6 TACACS+
• IPv6 ACL
•
•
•
•
IPv6 First Hop Security: Device Tracking/NDP Inspect
IPv6 uRPF, IPv6 VACL*
IPv6 ACL Atomic and Dry Run
TrustSec
Transition
•
•
•
•
•
•
•
•
IPv6 in IPv4 tunnels, VRF aware IPv6 Tunnels
L3VPN over multipoint GRE
LISP*
NAT64 with ASA-SM*
© 2011 Cisco and/or its affiliates. All rights reserved.
EIGRPv6, OSPFv3, IS-IS, BGPv6
IPv6 VSS support
IPv6 PIM-SSM
IPv6 QoS
DHCPv6 Relay Agent
HSRPv6-Global/GLBPv6
IPv6 PBR
Dual Stack IPv4/IPv6
ISATAP and Static Tunnels
6to4 Tunnels
6VPE/6PE
Cisco Confidential
37
Supervisor 2T 发布于2011七月
交换行业史无前例的超强生命力平台
Sup 2T—Next Generation Supervisor
Sup720-10G (VSS Enabled)
EOS
End of Sale
EOL
End of Life
End of Support
Sup32
Sup720-3B
Sup720-3A
EOS
EOS
Sup2
Sup 1A
2000
© 2011 Cisco and/or its affiliates. All rights reserved.
2005
EOS
EOL
Maintain Support
EOL
Maintain Support
EOL
Maintain Support
2010
12 years
12 years
12 years
2015
2020+
Cisco Confidential
38
150+ 套Sup2T提前部署运行
―Video is a core technology at Apple; … The Supervisor
Engine 2T, with VSS implementation, expands the
existing, available bandwidth of all deployed E-Series
Catalyst 6500 chassis to 4 Terabits per second. This
compounded with 80 Gigabits per slot capacity and
scaled, hardware multicast route support ensures the
operational integrity of Apple’s network.‖
– Patrick Millette, AM Apple
… BT, a long-time Catalyst customer, has
6500 switches deployed throughout the
network in IP Core, Data Center, Enterprise,
and Ethernet aggregation points. The Sup2T, in VSS
configuration, enables BT to leverage their extensive
existing infrastructure andd expand the current switch
bandwidth to 2-Terabit capacity and future-proof for 40G
readiness. ….‖
– Jim Wicks, SE, BT
―We are excited to be working with Cisco to receive
some of the first shipments of the eagerly awaited
Supervisor 2T modules. Loughborough's IT service
provision requires the cutting edge technology these
new modules provide, complementing the new
functions on Cisco's IPv6 roadmap. We look forward to
working with Cisco for many years to come.‖
– Matthew Cook, Network and Security Manager,
Loughborough University, IT Services
―For Penn State University, Bandwidth
is at the forefront of their core network
requirements. With Catalyst 6500 Switches
deployed through the core and into distribution,
Penn State is looking to the Supervisor Engine 2T to
expand the current bandwidth to 2-Terabit capacity and
future-proof the existing infrastructure for 40G
readiness. Flexible Netflow capability enables the
transition to IP-based statistics collection, driving
enhanced billback capabilities‖
– Chris Sullivan, AM Penn State
―Rackspace is a long-standing Cisco customer with Catalyst 6500 switches deployed throughout their
network for various use cases; Internet Edge, IP Core, as well as L3 Aggregation utilizing VSS for
services applicable to both Cloud and Managed Hosted environments. … Rackspace is looking to the
Sup2T to provide more capacity; Control Plane scalability, bandwidth scalability at 80G per slot, and the
ability to utilize the larger Netflow tables are all key metrics. Sheer capacity is key for hosting
companies, and Flexible Netflow is ideal for Denial of Service mitigation techniques.
– Ellis Merworth, SE Rackspace,
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
39
Thank you.