Cisco gives Catalyst a 10G jolt

Cisco last week unveiled the most ambitious upgrade of its Catalyst switch line in more than a year, highlighted by the industry’s first copper-based 10G Ethernet switch offering.

Cisco last week unveiled the most ambitious upgrade of its Catalyst switch line in more than a year, highlighted by the industry’s first copper-based 10G Ethernet switch offering.

The $600-per-port 10G Ethernet module for the Catalyst 6500 is based on the IEEE 10G-BaseCX4 standard, which was ratified this month. The offering is designed to link backbone switches or server clusters in data centers at a fraction of the cost of fiber-only technology.

Cisco announced the module, along with fiber-based 10G Ethernet products and management modules that support VPN and VoIP networks, at the CeBit conference in Hannover, Germany.

The announcements signal an effort by Cisco to better articulate its data center network strategy, says Zeus Kerravala, an analyst with The Yankee Group.

“I hadn’t seen much of a high-level enterprise vision from Cisco over the last 18 months,” he says. “They’ve been doing a lot of spot product announcements, but this launch across the Catalyst family really boosts their overall IP communications story.”

Some industry watchers have criticized copper 10G technology as being too short in range – 50 feet or less – and for running over IBX4 (four-pair, twin-axial cabling, similar to an InfiniBand cable), which is less common than Category 5 or 6 cabling, which supports 10/100/1000M bit/sec Ethernet. But Kerravala says the price is right vs. fiber-based 10G offerings and 1G trunking. (The price of fiber-based 10G offerings is about $7,000 per port; eight Gigabit ports trunked together costs about $1,000.)

Cisco’s 10G-BaseCX4 ports are integrated into modular Xenpak transceivers, two or four of which can fit into Catalyst 6500 blades, depending on the model.

Other leading switch makers have indicated they plan to deliver copper-based 10G products but have not announced specifics.

Catalyst boost

Cisco also announced a version of its Catalyst 3750 10/100/1000 switch with a fiber-based 10G uplink. Aimed at server cluster aggregation, or high-end desktop deployments, the $20,000 device can be stacked with up to 10 others to form a virtual wiring-closet switch, Cisco says. Foundry Networks and Extreme Networks launched 10/100/1000 switches with dual 10G uplinks last month and earlier this month, respectively.

McGill University in Montreal is using 10G uplinks on Catalyst 3750s at its music school to replace an older setup based on trunking eight Gigabit Ethernet links using Cisco’s EthernetChannel technology. The network supports PCs used to encode high-bandwidth recordings.

“A single [10G] uplink is nice because it takes up less ports on your switches and uses less fiber,” says Quan Nguyen, associate director for systems engineering at the university. “One port is easier to manage than eight.”

Other new hardware from Cisco includes:

• A management module upgrade for the Catalyst 4500 and a 10-slot version of the 4500 chassis. They cost $16,500 and $12,500, respectively.

• A 48-port Gigabit Ethernet module for the Catalyst 6500 with all-fiber connections and priced at $25,000.

• A Catalyst 6500 management module daughtercard that triples IPv4 and IPv6 routing capacity, priced at $12,000.

• Eighty- and 1,000-foot range 10G Ethernet modules for the Catalyst 6500 with multi-mode fiber ports. They cost $3,000 and $4,000, respectively.

Cisco also announced free software upgrades for four Catalyst 6500 service modules.

• VPN module – Stateful IPSec traffic failover between modules.

• SSL module – Centralized key certificate storage and failover between Secure Sockets Layer modules.

• Content switching module – Denial-of-service traffic detection with Layer 4 to 7 packet switching.

• Network analysis module (NAM) – VoIP monitoring.

HealthNet, a Sacramento, Calif., HMO, uses Catalyst switches with NAMs to remotely monitor VoIP traffic performance and voice quality at a 400-seat customer service call center in the Midwest.

“Using the modules gives us visibility into any type of traffic,” says Jeff Jacobs, senior network design engineer at HealthNet. “The kind of reporting and monitoring we can do remotely in the past would have required someone onsite with tools like a network sniffer.”

The upgraded Catalyst modules in the call center and data center lets Jacobs and his staff view voice calls as they take place. The modules also send alerts (via e-mail and to a centralized network management system) if traffic quality falls below specified thresholds.

Cisco also announced firmware upgrades across all Catalyst modular and fixed-configuration switches that boosts security at the port level.

The Advanced Integrated Security feature set includes a modified version of the IEEE 802.1x standard for port-based authentication that lets wireless and wired end users authenticate to a network with different levels of access, depending on pre-defined network policies. Cisco says this fine-tunes the basic functionality of 802.1x, which can only permit or deny access.

Cisco also has added the ability to set up Layer 2 access-control lists based on PC and laptop media access control (MAC) addresses. Cisco says this feature can block flooding, in which an attacker tries to bring down a switch by overloading its MAC address table list. This can also prevent “man in the middle” network intrusions, where attackers spoof a MAC address to intercept Ethernet traffic.

Chris Kozup, a Meta Group analyst, says many of these new products and upgrades fit into an end-to-end network strategy from Cisco based on the idea that the whole is greater than the sum of its parts.

“It can be good because it offers the ability to deploy end-to-end services [such as VoIP or security] across different platforms that can be centrally managed,” Kozup says. “But some say that when you buy Cisco, you’re forced into a never-ending cycle of upgrades.”