small port density

  • 12 September 2013
  • 13 replies

How many out there are looking for a small port density of 1G (24 copper or sfp) and at least 4/6 10G + 2 40G in a 1U factor, dual power, and OSPF/BGP at a competitive price point? This would suit well for an edge WAN router or for an MDF closet in a building with no edge ports that feeds multiple IDF's in the same building.

13 replies

...with VRF capability too, please.
Maybe different licensing schemes can be used to save on initial costs?
Userlevel 2
Thank you both for the great feedback. Today is the first day I will be meeting with our product teams for weekly updates on community suggestions. Keep an eye out for progress on your great suggestions.
Not sure if you are talking about multiple product ideas or one product that meets all the features you mentioned. Also, are you thinking high performance WAN VPN or BGP Internet routing?
Javier Something like the 7100 series?
I would be interested in one product that meets all the feature requests that would be geared more toward BGP/OSPF edge routing. The 7100 series looks nice, but that product line looks to fall more towards high performance data center switching. It would be nice to have a product that had routing available. In order to keep costs low, it would be nice to see a product with 24 sfp or 24 10/100/100 along with at least 8 sfp+ ports or a mixture of 40G + 10G. Maybe 6sfp+ and 2-40G? This would allow for enough ports to bond multiple devices together and provide 10G to core. Again, I am picturing this device to do core routing on the WAN edge or to front end multiple building MDF's. Take a look at the brocade icx6610 or the extreme summit x460. Thanks,
Javier - Thanks for the input. As you know, soon we will become part of Extreme Networks, where products from both companies will significantly strengthen our portfolio. Please stay tuned.
Userlevel 2
My needs are slightly different since I could use what would look like a K 1. My main issue is the lack of the powerful policies on the stackable series. I utilize deep packet inspections to catch the garbage that would flood the network but I don't always need the port density. Hence my network has a lot of S-series, K-series, N-series and some D2G's and C5K's.
James, What policy feature set do you get with the S that you don't get with the stackables?
Userlevel 2
Javier, We use quite a few policies actually. We protect our default gateways (both MAC and IP addresses) plus other VLAN's gateways. We protect against network loops and cross network connections. We dump various protocols on the floor. We black hole MAC addresses and sometimes ports, depending upon the reason for the black hole. This is where things fall apart on the stackables and as we have recently discovered the N series. Stackables are just not capable of doing some of the black hole stuff at all. Consider your friends at Microsoft. They developed UPNP (Universal Plug'N'Play). Works great at home but destroys enterprise networks because it uses multicast. We found out it has an IPV6 equivalent. That particular one is really ugly since it sends out packets claiming to be the gateway. It takes deep packet inspections to catch those which the stackables and N series can't do. Along with that we do the easy stuff: Disallow hosts from being DHCP servers, DNS and the like. (BTW, we came up with a work-around for the IPV6 multicast problem with N-Series.) Ever wanted to connect two layer 2 networks together on one VLAN? Watch out for that spanning tree! You don't want those packets crossing multiple networks!
Interesting, thanks for the input James. We block the normal stuff you listed such as DHCP, DNS, etc. I haven't looked into the UPNP stuff. Just curious, what kind of issues did you see with UPNP before you started blocking it? For your default gateway protection, are you just dropping spoofed IP/MAC on the edge ports? Thanks again, this is great feedback!!!
Userlevel 2
Glad you asked. One building that was trying to do some fairly simple things like down load machines were failing miserably. The protocols they were using were not very robust and dropped packets killed them in a short while. Investigating we noticed some 71% of the traffic was multicast. Mind you these are one and ten gig links so that is a major number of bits flowing. Further tracking of the multicast sources revealed UPNP and its underlying protocol SSDP to be the culprit. We built a policy to drop it on the floor and the multicast rate went from 71% to under 1%. Magically the downloads starting working and all was wonderful in the world. Microsoft is doing something similar in the IPV6 domain with 2 types of packets, one using FEC0::/10 as an address which is "Site Local" and the second being RA packets (Router Announce) coming from newer Windows platforms. Goggle "IPV6 FEC0" for information about that address range. On the network protection (spoofed IP/MAC) question we shut the MAC address down. Depending on the issue, it will auto-enable in 15 minutes or be permanent requiring the end user to make contact so we can have a chat. Our database have owner & technical contact names/email addresses who get notified automatically. We have difficulty with our own field services staff deploying IP Phones when they fat finger the IP address and Gateway addresses (typically setting the IP address to the Gateway address.) There are some scenarios where we administratively shut the port down.
Userlevel 2
Oh, not to let our Apple friends off the hook, there is BonJour and AppleTV that you get to worry about. Both protocols multicast all over the place and need to be contained. We by default drop them on the floor but allow those with an SLA with us to be on a highly contained VLAN so it doesn't affect all the users.