Catalyst 4500 boasts new supervisor card, PoE, and energy-efficient Ethernet line cards
Cisco doesn't just want to sell you switches. It also wants to be your power distribution vendor.
New line cards for the Catalyst 4500 switches support Universal Power Over Ethernet (UPoE), a means of supplying up to 60 watts per switch port. That's enough to power all devices in a cubicle, including a 23-inch monitor, thin-client computer and webcam-equipped IP phone.
We lit up all that gear in this exclusive Clear Choice test, and also examined performance and features of a new Supervisor 7-E management module and an energy-efficient Ethernet line card that drops power consumption when idle. Together, these transformed a venerable Catalyst 4500 from modular Ethernet switch to master power-distribution system.
UPoE differs from previous versions of PoE in that it uses all four pairs of an Ethernet cable to supply power, doubling the wattage available to UPoE-capable devices. Cisco's implementation is proprietary, but the vendor says it will bring this variant of the existing 802.3at specification to the IEEE for standardization.
The new WS-X4748-UPoE+E line card has 48 Gigabit Ethernet ports, 24 of which can supply UPoE power. We verified this by using Sifos Technologies' PowerSync analyzer to draw a full 60-watt load on 24 ports during all performance tests. UPoE had no impact on system throughput or latency, as measured with a Spirent TestCenter analyzer.
We also verified UPoE functionality by plugging in devices typically found in an office cubicle. For the phone and computer, we used a Cisco 9971 IP phone equipped with a webcam and embedded CVXC-2111C virtual desktop client. The latter is a thin-client computer that we used with VMware's Virtual Desktop Infrastructure (VDI). We also attached a 23-inch Samsung SyncMaster NC220 monitor over UPoE.
Finally, we attached BT Group's ITS.Netrix, a phone intended mainly for stock traders with up to 20 lines, four speakers and a video display. All these devices operated successfully using UPoE.
Two kinds of devices that won't work with UPoE, at least for now, are conventional notebook and desktop PCs. While they're getting more efficient, most laptop and desktop PCs currently draw well more than the 60 watts supplied by UPoE. For example, this article was written and edited on an a Apple MacBook Pro with an 85-watt power supply and a Dell OptiPlex desktop that can draw up to 590 watts. Even though actual power draw is usually far lower, 60 watts sometimes isn't enough for either type of machine.
Net management ABCs
A common PoE misperception is that adding wattage means adding heat in the wiring closet. PoE is a method of power distribution, with the switch acting merely as a passthrough system. Most heat dissipation occurs at the powered device, not at the power-supplying equipment (in this case, the switch).
In contrast, another IEEE spec called energy-efficient Ethernet (EEE) specifically aims to reduce power at the switch port during idle periods. In a test of new EEE-capable line cards involving 384 copper Gigabit Ethernet ports, we saw power consumption fall from 1,462 watts to 1,278 watts when we enabled EEE, a 12.6% power savings.
Cisco also demonstrated an alpha version of a protocol analyzer running on the Supervisor 7-E module. Network engineers familiar with Wireshark and tcpdump will be right at home with the analyzer, which can save captures to a file or present them in format similar to a Wireshark decode in a terminal window. This early version captured only 100 packets, but Cisco says a version slated for release this fall will be limited only by buffer memory on the supervisor card. Like Wireshark, the analyzer uses capture and display filters to zero in on interesting packets.
The analyzer can be used in conjunction with Flexible NetFlow (FNF) and Embedded Event Manager (EEM) features of the supervisor card to take action in response to network conditions. For example, FNF can identify a SYN flood attack, and a simple EEM script could then shut down the affected switch port or throttle traffic rates. Similarly, the analyzer could start a capture of any unknown protocol.
FNF can track more than 70,000 concurrent flows on the Supervisor 7-E module. We verified this by enabling FNF during all performance tests, and saw FNF tracking 73,536 of the 147,072 flows we generated.
Performance is job one
Delivering high throughput and low latency is job one for any Ethernet switch, and accordingly we devoted most testing in this area. We measured throughput and latency with four test cases: Layer-2 unicast, Layer-3 unicast, with separate IPv4 and IPv6 tests; and Layer-2 multicast (see "How We Did It"). We also measured media access control address capacity and the time needed to upgrade and downgrade software.
Unlike many modular switches, the Catalyst 4500 uses a centralized switch fabric, which means all flows have the same latency regardless of source and destination port. Many newer switches use distributed architectures that exhibit low latency between ports on a single switch module but higher latency when crossing the switch backplane. By measuring the latency of every frame in every flow using the Spirent TestCenter traffic generator/analyzer, we verified uniform latency across all flows.
Average and maximum latency was remarkably consistent across test cases. With short frames offered in a fully meshed pattern among all 384 ports, the switch held up traffic for an average of around 6.5 microseconds for unicast traffic. With multicast traffic, tested with 383 ports all subscribed to the same 1,000 multicast groups, average latency was 7.9 microseconds.
There was little variation in delay across different unicast test cases, indicating that the switch processes all flows the same way in hardware. Perhaps more significantly, latency is relatively low for a large Gigabit Ethernet modular switch.
While the Catalyst 4500 doesn't delay traffic for long, its fabric is blocking under some conditions. The new Supervisor 7-E card, like the 6-E before it, has a processing limit of 250 million frames per second, and that in turn limits non-blocking performance to 167 out of a possible 384 Gigabit Ethernet ports.
With all 384 ports fully loaded, system throughput is only around 43.7% of Gigabit Ethernet line rate when handing 64-byte frames. With multicast traffic, the limit is lower still, around 38.5% of line rate with 64-byte frames.
Granted, no production network would ever see only short frames on all 384 ports of any switch. But 64-byte frames are very common (think TCP acknowledgments), and every dropped frame degrades application performance. Given that wire-speed "merchant silicon" ASICs have been around for 10 years or so, it's always surprising to see any new switch with blocking performance.
We also measured throughput for 256-, 1,518- and 9,216-byte jumbo frames. In those cases, the Catalyst 4500 forwards traffic at line rate on all 384 Gigabit Ethernet ports both for unicast and multicast traffic.
The Supervisor 7-E card also supports up to 96 10G Ethernet ports, increased from 30 ports in the 6-E, but we did not test these.
Another key acronym supported by the Catalyst 4500 is ISSU, or in-service software upgrade. This refers to the ability to upgrade and downgrade software with almost no disruption to users' control- or data-plane traffic. We tested this capability both to upgrade and downgrade software images while concurrently blasting all ports with line-rate traffic. In both cases, the cutover time was around 30.5 msec, well below Cisco's 50 msec claim.
The final test determined MAC address capacity, the maximum number of addresses the switch is capable of learning.
In our tests, the Catalyst 4500 learned 55,000 MAC addresses. That's probably more than enough for most enterprise data centers using virtualization.
As usual with Cisco switches, the Catalyst 4500 also supports a long list of other switching, routing, security and management features. For network managers who've long considered switching a commodity technology, the new power-management capabilities represent very interesting additions to the features list. Suddenly, the venerable Catalyst 4500 is no longer "just" an Ethernet switch, but a new way to distribute and manage power as well.
Network World gratefully acknowledges the vendors that supplied key test bed infrastructure to make testing possible. Spirent Communications supplied its Spirent TestCenter traffic generator/analyzer with both 10G and Gigabit Ethernet test ports. Sifos Technologies, a vendor of power over Ethernet and Ethernet PHY test sets, supplied its PowerSync analyzers. Both companies also provided considerable engineering support during testing.
Newman is a member of the Network World Lab Alliance and president of Network Test, an independent test lab and engineering services consultancy. He can be reached at firstname.lastname@example.org.
Learn more about this topic
In what may be a first for the technology industry, RSA Conference 2015 next month apparently will be...
Website password strength meters, like a spouse asked to assess your haircut or outfit, often tell you...
With all the public cloud storage offerings on the market today, many vendors just want customers to...
Sponsored by AT&T
Sponsored by Brocade
Investors made a crowd around the cloud this week, investing $175 million in companies focused on...
The SDN project now has a security response team to quickly handle new vulnerability reports
Here's how many cybersecurity entry-level job seekers fail to make a great first impression.
As CIOs become overwhelmed by IT demands, chief data officers (CDOs) are stepping in to serve as a...