Cisco unveils Catalyst updates

Cisco this week unveiled the biggest refresh of its Catalyst switch line in more than a year, highlighted by the industry’s first copper-based 10G Ethernet switch offering.

The $600-per-port 10G Ethernet module for the Catalyst 6500 is based on the IEEE 10G-BaseCX4 standard, which was ratified at the beginning of the month. The offering is designed for linking backbone switches or server clusters in data centers at a fraction of the cost of fiber-only technology.

Cisco announced the module, along with fiber-based 10G Ethernet products and management modules that support VPN and VoIP networks, at the CeBit conference in Hannover, Germany.

The announcements signal an effort by Cisco to better articulate its data center network strategy, says Zeus Kerravala, an analyst with The Yankee Group.

“I hadn’t seen much of a high-level enterprise vision from Cisco over the last 18 months,” he says. “They’ve been doing a lot of spot product announcements, but this launch across the Catalyst family really boosts their overall IP communications story.”

Some industry watchers have knocked copper 10G technology as being too short in range — 50 feet or less — and for running over IBX4 (four-pair, twin-axial cabling, similar to an InfiniBand cable), which is far less common than Category 5 or 6 cabling, which supports 10/100/1000M bit/sec Ethernet. But Kerravala says the price is right  vs. fiber-based 10G offerings and 1G trunking. (The price of fiber-based 10G offerings is about $7,000 per port;  eight Gigabit ports trunked together costs about $1,000.)

Cisco’s 10G-BaseCX4 ports are integrated into modular Xenpak transceivers, two or four of which can fit into Catalyst 6500 blades, depending on the model.

Other leading switch makers have indicated plans to deliver copper-based 10G products but have not announced specifics. 

Catalyst boost

Cisco also announced a version of its Catalyst 3750 10/100/1000 switch with a fiber-based 10G uplink. Aimed at server cluster aggregation, or high-end desktop deployments, the $20,000 device can be stacked with up to 10 others to form a virtual wiring closet switch, Cisco says. Foundry and Extreme launched 10/100/1000 switches with dual 10G uplinks last month and earlier this month, respectively.

McGill University in Montreal is employing 10G uplinks on Catalyst 3750s at its music school to replace an older setup based on trunking eight Gigabit Ethernet links using Cisco’s EthernetChannel technology. The network supports PCs used to encode high-bandwidth recordings.

“A single [10G] uplink is nice, because it takes up less ports on your switches and uses less fiber,” says Quan Nguyen, associate director for systems engineering at the university. “One port is easier to manage than eight.”

Other new hardware from Cisco includes:

* A management module upgrade for the Catalyst 4500 and a 10-slot version of the 4500 chassis. They cost $16,500 and $12,500, respectively.

* A 48-port Gigabit Ethernet module for the Catalyst 6500 with all-fiber connections and priced at $25,000.

* A Catalyst 6500 management module daughtercard that triples IPv4 and IPv6 routing capacity, priced at $12,000.

* Eighty- and 1,000-foot range 10G Ethernet modules for the Catalyst 6500 with multi-mode fiber ports. They cost $3,000 and $4,000, respectively.

Cisco also announced free software upgrades for four Catalyst 6500 service modules.

l VPN module — Stateful IPSec traffic failover between modules.

l SSL module — Centralized key certificate storage and failover between SSL modules.

l Content switching module — Denial-of-service traffic detection with Layer 4 to 7 packet switching.

l Network analysis module (NAM) — VoIP monitoring.

HealthNet, a Sacramento, Calif., HMO, is using Catalyst switches with NAMs to remotely monitor VoIP traffic performance and voice quality at a 400-seat customer service call center in the Midwest.

“Using the modules gives us visibility into any type of traffic,” says Jeff Jacobs, senior network design engineer at HealthNet. “The kind of reporting and monitoring we can do remotely in the past would have required someone onsite with tools like a network sniffer.”

The upgraded  Catalyst modules in the call center and data center allow Jacobs and his staff to view voice calls as they take place. The modules also send alerts (via e-mail and to a centralized network management system) if traffic quality falls below specified thresholds.

Cisco also announced firmware upgrades across all Catalyst modular and fixed-configuration switches that boosts security at the port level.

The Advanced Integrated Security feature set includes a modified version of the IEEE 802.1x standard for port-based authentication, which allows wireless and wired end users to authenticate to a network with different levels of access, depending on pre-defined network polices. Cisco says this fine-tunes the basic functionality of 802.1x, which can only permit or deny access.

Cisco also has added the ability to set up Layer 2 access-control lists based on PC and laptop media access control (MAC) addresses. Cisco says this feature can block flooding, where an attacker tries to bring down a switch by overloading its MAC address table list. This can also prevent man-in-the-middle network intrusions, where attackers spoof a MAC address to intercept Ethernet traffic.

Chris Kozup, a Meta Group analyst, says many of these new products and upgrades fit into an end-to-end network strategy from Cisco based on the idea that the whole is greater than the sum of its parts.

“It can be good because it offers the ability to deploy end-to-end services [such as VoIP or security] across different platforms that can be centrally managed,” Kozup says. “But some say that when you buy Cisco, you’re forced into a never-ending cycle of upgrades.”