Extreme’s S400, Part 1

The Reviewmeister loves those 10G switches, so this week we took Extreme’s new Summit 400-48t workgroup switch out for a spin.

We pushed more than 70 million packets per second through the S400. Results were generally good. The switch delivered low, consistent delay under heavy load, and it offers a long list of features, including 802.1x authentication for security.

On the downside, the S400’s optional 10G Ethernet module is a bit pricy for a workgroup switch, though at around $4,000 per 10G Ethernet port (plus optics) it’s still competitive. Also, the S400 posted subpar numbers in some tests involving jumbo frames.  On balance, though, we found the S400 to be a more than capable performer: In fact, it’s the fastest wiring closet switch we’ve tested to date.

The S400 fits in 1U and offers 48 10/100/1000 copper ports, with an optional module for two 10-gigabit Ethernet interfaces. Features include support for major routing protocols, IPv4 multicast, and up to 4,096 virtual LANs. External redundant power is also an option.

Our 10G Ethernet tests measured how quickly the S400 could move traffic between 10G Ethernet uplink ports and gigabit Ethernet downlink (edge) ports. We configured a Spirent SmartBits traffic generator/analyzer to send test frames to the S400’s uplink and downlink ports.

In a nutshell, the S400 delivered line-rate throughput in all the 10G Ethernet test cases we tried. These included baseline tests at Layer 2 and Layer 3 and tests with one and two 10G Ethernet interfaces exchanging traffic with 10 and 20 edge gigabit interfaces. The S400 didn’t drop a single frame in any of these tests.

Access control lists (ACL), which can severely degrade performance on some switches, posed no problem for the S400 either. We reran the 10G Ethernet baseline tests with the maximum number of ACLs applied to every switch interface; for the S400, that is 124 ACLs per port on all 50 ports. Again, the switch delivered line-rate throughput.

Delay was also low and constant across all our 10G Ethernet tests. The average delay and jitter numbers we observed are comparable to other high-performing 10G Ethernet backbone switches we’ve tested. Even the highest maximum delay number we observed – 104.4 microsec when moving jumbo frames – is nowhere near enough to have an appreciable effect on application performance.

Extreme showed off two security features in the S400: 802.1x authentication and Secure Shell (SSH) for remote access. Already widely used in WLANs, 802.1x authentication can enforce access through essentially any device – including wiring closet switches like the S400.

Extreme demonstrated basic port-based 802.1x authentication along with more extensive “network login” features. With port-based authentication, the S400 granted access to any user that requested authentication on a given port (provided that user’s credentials existed on an authentication server).

When it comes to secure remote access for management, the S400 is standout. The device supports SSH Version 2 only, and not the vulnerable first version of the SSH protocol. Further, enabling SSH disables insecure access methods such as telnet or HTTP.  We also checked whether the S400’s version of SSH against multiple databases of security vulnerabilities. SSH support on the S400 had no known vulnerabilities at press time.

For the full report, go to https://www.nwfusion.com/reviews/2004/090604rev.html