Guest

Cisco Network Modules

Cisco Catalyst 6500 Supervisor Engine 32 PISA Q&A

  • Viewing Options

  • PDF (204.4 KB)
  • Feedback

Product and Architecture Overview

Q. What is the Cisco ® Catalyst ® 6500 Supervisor Engine 32 Programmable Intelligent Services Accelerator (PISA)?
A. The Supervisor Engine 32 PISA is an intelligent services supervisor for the Cisco Catalyst 6500 Series modular switches, delivering superior deep packet inspection, application awareness, security, availability, and manageability services for the networks of small and medium-sized business, enterprises, and service providers.

The PISA on the Cisco Catalyst 6500 Series Supervisor Engine 32 PISA provides hardware acceleration of intelligent services such as network-based application (NBAR) and flexible packet matching (FPM) at multigigabit speeds, in addition to the management and control plane functions traditionally provided by the multilayer switch feature card (MSFC). The Supervisor Engine 32 PISA is offered with the Policy Feature Card 3B (PFC3B), to ensure feature and performance compatibility with the Cisco Catalyst 6500 Supervisor Engine 32.
Q. Where can I deploy the Supervisor Engine 32 PISA?
A. This supervisor engine is ideal for securing campus access networks, converged services MAN/WAN applications and small/medium backbone functions.
Q. What are the different uplink options available on the Supervisor Engine 32 PISA?
A. The Supervisor Engine 32 PISA is available in two options:

• Supervisor Engine 32 PISA with eight Gigabit Ethernet uplinks plus one 10/100/1000 port

• Supervisor Engine 32 PISA with two 10 Gigabit Ethernet Uplinks plus one 10/100/1000 port

Q. Is the PISA available as a daughter card upgrade on the Supervisor Engine 32?
A. No. The PISA is only available in the form of two new supervisor engine options on the Cisco Catalyst 6500.
Q. What is the difference between the MSFC2A and the PISA?
A. The PISA is a superset of the MSFC2A. The PISA provides all the management and control plane functions traditionally provided by the MSFC2A. In addition, it provides hardware acceleration of intelligent services such as NBAR and FPM at multigigabit speeds.
Q. Does the Supervisor Engine 32 PISA support all the hardware features supported on the Supervisor Engines 32?
A. Yes. The Supervisor Engine 32 PISA is offered with the PFC3B, delivering the same features and services available on the Supervisor Engines 32.
Q. What are the architectural capabilities of the PISA on the Supervisor Engine 32 PISA?
A. The Supervisor Engine 32 PISA enables integration of high-performance, programmable deep packet inspection capabilities for application-aware services. The architecture enables multiple services to operate at multigigabit speeds in parallel. Additionally, the architecture integrates a high-performance hardware-based AES encryption engine capable of providing multigigabit encryption services in the future
Q. What is the Supervisory Engine 32 PISA default DRAM and flash memory size?
A. Table 1 shows the DRAM sizes.

Table 1. DRAM Sizes

 

Switch Processor

Route Processor

DRAM

512 MB

1 GB

BootFlash

512 MB

256 MB

Q. Does the Supervisor Engine 32 PISA support compact flash removable storage?
A. Yes, the Supervisor Engine 32 PISA has a single external compact flash slot which can take a 256-MB or a 512-MB compact flash card.
Q. What line cards are supported with the Supervisor Engine 32 PISA?
A. All classic line cards and all CEF256 line cards (without a DFC) are supported with the Supervisor Engine 32 PISA.
Q. What WAN interfaces are supported with the Supervisor Engine 32 PISA?
A. The Supervisor Engine 32 PISA supports the enhanced FlexWAN module and the shared port adapter (SPA) interface processors (SIPs) along with the associated SPAs already supported with the Supervisor Engine 32 in Cisco IOS ® Software Release 12.2(18)SXF. For the most recent information, refer to the software release notes.
Q. What service modules are supported with the Supervisor Engine 32 PISA?
A. The Supervisor Engine 32 PISA supports the firewall services module (FWSM), IP Security (IPsec) SPA, and network analysis module (NAM). Further services modules will be added in upcoming releases.
Q. Can two Supervisor Engine 32 boards be used in a high-availability configuration?
A. Yes. The Supervisor Engine 32 PISA supports nonstop forwarding/stateful switchover (NSF/SSO) on the uplinks on the active as well as the standby supervisor. In order to support high availability same type of supervisors should be used on the Cisco Catalyst 6500.
Q. Is NBAR and FPM functionality on the Supervisor Engine 32 PISA SSO aware?
A. NBAR is not SSO aware in the initial Supervisor Engine 32 software release. However, SSO awareness for NBAR is planned for a subsequent release. Since FPM is a stateless feature, SSO awareness does not apply to this functionality.

Services and Scalability Overview

Q. What is the hardware acceleration performance of intelligent services such as NBAR and FPM on the PISA?
A. The PISA is capable of accelerating intelligent services such as NBAR and FPM at 2-Gbps speeds for Internet mix (IMIX) traffic, which is optimal for standard campus access networks of typical enterprises using a pair of Gigabit Ethernet Small Form-Factor Pluggable (SFP) uplinks to each distribution layer switch. The PISA also provides support for OC48/STM16 interfaces for WAN/MAN deployments. A future software release of the Supervisor Engine 32 PISA will provide the capability to define "intelligent" traffic that can be redirected to the PISA for acceleration, essentially allowing these networks to operate at multigigabit speeds.
Q. What do I need to do in order to get maximum services acceleration performance on the Supervisor Engine 32 PISA?
A. In order to obtain maximum performance, two external gigabit uplinks on the Supervisor Engine 32 PISA need to be converted into a dedicated PISA channel interface. Please refer to the release notes for details on PISA channel configuration.
Q. How deep can packets be inspected for intelligent services such as NBAR and FPM on Supervisor Engine 32 PISA?
A. FPM and NBAR can look as far as 4 KB into the packet. NBAR custom policies are however restricted in the first release to 256 bytes into the packet.
Q. Are jumbo frames supported with NBAR and FPM on the Supervisor Engine 32 PISA?
A. Jumbo frames are supported with the Supervisor Engine 32 PISA. The initial release will allow up to 4K bytes frames to be inspected.
Q. What are the deep packet inspection and application policy scalability limits for NBAR on Supervisor Engine 32 PISA?
A. Table 2 provides the deep packet inspection and application policy scalability limits for NBAR on Supervisor Engine 32 PISA.

Table 2. NBAR Scalability Limits

 

NBAR

Stateful

Yes

Maximum throughput

2 Gbps

Supports L3 IPv4 packets

Yes

Current number of PDLM supported

90+

Supports regular expressions

Yes (only for PDLM)

Maximum number of bytes matched in a row by regular expressions

32 bytes

Maximum number of classes

32

Maximum number of matches per class

8

Maximum number of policies

1024

Maximum number of interfaces

1024

Supports custom policies with match at an offset

Yes (TCP and UDP packets only)

Custom policies (how far into payload)

256 bytes into the payload

Maximum number of bits matched in a row

Up to 32 bytes

Q. What are the deep packet inspection and application policy scalability limits for FPM on Supervisor Engine 32 PISA?
A. Table 3 provides the deep packet inspection and application policy scalability limits for FPM on Supervisor Engine 32 PISA.

Table 3. FPM Scalability Limits

 

FPM

Stateful

No

Maximum packet inspection depth

4 KB into packet

Maximum throughput

2 Gbps

Supports L3 IPv4 packets

Yes

Supports custom protocol header definition

Yes (XML)

Supports custom classification description file

Yes (XML)

Policy map actions supported

Permit, drop, log

Supports custom policies with match at an offset

Yes

Maximum number of bits matched in a row

32 bytes

Supports regular expressions

Yes (up to 48)

Maximum number of bytes matched in a row by regular expressions

32 bytes

Maximum number of classes

32

Maximum number of matches per class

8

Maximum number of policies

1024

Maximum number of interfaces

1024

Q. How does the system decide if a packet needs to be hardware accelerated by PISA?
A. The decision to send traffic to PISA is primarily based on whether intelligent services such as NBAR and FPM are configured on an interface. If either of these features is configured, traffic is redirected to PISA for deep packet inspection; otherwise it flows through the regular PFC data path.
Q. Where do I go to download NBAR PDLM's for Supervisor Engine 32 PISA?
A. To download NBAR PDLM's for Supervisor Engine 32 PISA, go to http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm.
Q. How do I know which protocols/applications are supported with NBAR on the Supervisor Engine 32 PISA?
A. Supervisor Engine 32 PISA datasheet lists the protocols/applications supported with NBAR. To access the Supervisor Engine 32 datasheet, go to http://www.cisco.com/en/US/products/hw/switches/ps708/products_data_sheets_list.html.
Q. Where can I download FPM PHDF files for the Supervisor Engine 32 PISA?
Q. What type of interfaces can have FPM and NBAR policies applied to them on the Supervisor Engine 32 PISA?
A. FPM and NBAR policies can be applied on any Layer 3 LAN port (routed ports, SVIs, port channels) on the Supervisor Engine 32 PISA. They cannot be applied to WAN interfaces or MPLS VPN/tunnel interfaces.
Q. Which features are incompatible when NBAR or FPM is configured on an interface on the Supervisor Engine 32 PISA?
A. Microflow policing is not supported with FPM or NBAR on a given interface.
Q. Where can I find more information about FPM and NBAR?

Software Overview

Q. What images will be supported at FCS for the Supervisor Engine 32 PISA?
A. Table 4 shows what images that will be supported for the Supervisor Engine 32 PISA at FCS.

Table 4. Software Options for Supervisor Engine 32 PISA

 

Software Options

S3P3IBL-12218ZY

Cisco CAT6000 SUP 32 PISA IP BASE LAN ONLY

Includes support for:

• RIP, Static Routing, EIGRP Stub
• Network Based Application Recognition (NBAR)
• Flexible Packet Matching (FPM)

S3P3IBK9L-12218ZY

Cisco CAT6000 SUP 32 PISA IP BASE SSH LAN ONLY

Includes support for:

• RIP, Static Routing, EIGRP Stub
• Network Based Application Recognition (NBAR)
• Flexible Packet Matching (FPM)

S3P3IS-12218ZY

Cisco CAT6000 SUP32 PISA IP SERVICES

Same functionality as the IP BASE image PLUS

• IPv4 routing and services

S3P3ISK9-12218ZY

Cisco CAT6000 SUP32 PISA IP SERVICES SSH

Same functionality as the IP BASE image PLUS

• IPv4 routing and services

S3P3AIK9-12218ZY

Cisco CAT6000 SUP32 PISA ADVANCED IP SERVICES SSH

Same functionality as the IP SERVICES image PLUS

• Advanced MPLS feature set
• Layer3 IPv6 Services
• Advanced FPM Manageability

Q. Do Cisco IOS Software modularity images support the Supervisor Engine 32 PISA?
A. Cisco IOS Software modularity images will not support the Supervisor Engine 32 PISA in the initial release. A subsequent release will add this support.
Q. With which Supervisor Engine 32 image does Cisco IOS Software Release 12.2(18) ZY have feature parity?
A. Cisco IOS Software Release 12.2(18) ZY has feature parity with Cisco IOS Software Release 12.2(18)SXF.
Q. Does the Supervisor Engine 32 PISA support IPv6, multicast, and MPLS traffic?
A. Yes, the Supervisor Engine 32 PISA does support IPv6, multicast, and MPLS traffic. However, NBAR and FPM support for IPv6, multicast, and MPLS does not exist in the initial release.

Manageability Overview

Q. What relevant MIBs are supported with the Supervisor Engine 32 PISA?
A. The following are supported:

• CISCO-NBAR-PROTOCOL-DISCOVERY-MIB: Provides the ability to retrieve NBAR protocol discovery statistics using SNMP into a central performance monitoring system.

• CISCO-CLASS-BASED-QOS-MIB: Provides read access to QoS configurations. It also provides QoS statistics information based on the modular QoS CLI, including information regarding class map and policy map parameters.

Q. What provisioning and monitoring tools are available for NBAR support on the Supervisor Engine 32 PISA?
A. The QoS Policy Manager (QPM) can be used for provisioning and monitoring NBAR on the Supervisor Engine 32 PISA. In addition, NBAR monitoring is supported by Cisco QoS partners such as AdvenNet, Computer Associates, InfoVista, and Micromuse.
Q. What provisioning and monitoring tools are available for FPM support on the Supervisor Engine 32 PISA?
A. FPM provisioning can be managed through the flexible configuration option on the Cisco Security Manager. A future release of Cisco Security Manager will support the FPM policy management and monitoring on the Supervisor Engine 32 PISA.