The integration of advanced services and technologies within Cisco® Catalyst® 6500 Series switches offers innovative solutions that provide the business agility and operational efficiency you need to achieve your goals.
The Cisco Catalyst 6500 Series lays the foundation for enterprise networking innovation.
EXECUTIVE SUMMARY
Enterprise IT systems have become overly complex. As technologies and new applications have emerged over time, they have been bolted on as disparate systems, each with its own associated management and maintenance overhead. Combining this kind of complexity with the rapid pace of business evolution often leads to failure. Laying the right network foundation for integrated innovation is essential for anticipating business changes in the most efficient manner.
UNDERSTANDING TODAY'S BUSINESS DRIVERS
Enterprises are at an inflection point regarding network decisions and deployments. Businesses looking to become more competitive and productive in their markets require their networks to be resilient, be secure, and "do more with less." As requirements to protect, optimize, and grow the enterprise have extended from basic connectivity to a much higher level of intelligent service-based infrastructures, the network has evolved to provide an even greater value to the organization.
This inflection point, from both a business and a technology perspective, can take one of two paths-simple connectivity-based products or a complete virtualized systems approach. Cisco Systems® supports the latter-moving to a more integrated, open systems environment where resources become virtualized to provide a common, flexible, and adaptable infrastructure that brings new capabilities into the network. The Cisco Catalyst 6500 Series provides this foundation-the core capabilities that support and underlie today's technology trends yet prepare you for the future. It enables the virtual organization while also providing three fundamental services-connectivity, access to applications (as well as enhancing application performance), and network convergence.
Connectivity has moved far beyond simple access to resources. It is now defined by the ability of the user to have access to the network, anytime, anywhere. Connectivity means that the network is wired and wireless, available and resilient in case of a network failure or attack. This matches users' expectations that their networks are always available, whether those users are onsite, wireless, or remotely accessing the network using a VPN. Users expect transparent mobility, transparent access to resources, and a safe and secure connectivity environment. As more users connect to the network, security has become critically important. Whereas security used to be about simply placing a firewall at the edge of the network to prevent unauthorized access, the almost-weekly occurrence of Internet worms and viruses, as well as new laws such as Sarbanes-Oxley in the United States, has made pervasive security throughout the network a top priority.
Applications that are critical to employee productivity also require service from the network. An application has expectations of the network-that the network will allow the user to "experience" the application as intended. This requires effective application optimization to help ensure that the application is running efficiently and effectively. Many such applications-not just one or two-running simultaneously on the user end station and within the network need to be optimized. This creates a need for greater delivery optimization of network traffic with predictable performance, especially as the simultaneous use of these applications increases over time. Multigigahertz processors are now a reality in desktop deployments, meaning that the desktops can make greater use of faster networks.
The last element is the ability to converge multiple networks over a common IP infrastructure. The most commonly understood area of network convergence is bringing voice or IP telephony to the network infrastructure. True convergence, though, provides optimization for different networks, be they voice, wireless, video, or even building management and automation. This provides even greater value in the network and as a result provides incremental value to the business from that network infrastructure.
CHALLENGE
Organizations-large and small-recognize that today's networks are the most strategic part of their IT infrastructure, but have limited resources to keep pace with growing application requirements. The operational gap between the level of IT staffing and the requirements companies are placing on their network continues to widen.
As organizations continue to invest in costly business applications and broaden access to those assets, they run the risk of creating a rigid network that cannot support more advanced requirements and scale those new features and functionality across the network. Organizations need more innovative ways to allow network managers to perform routine tasks more efficiently and above all successfully confront business situations that they have never faced before.
In the traditional client-server environment, the campus network was simply used for connectivity. But today's campus network has become a critical component of business success-enabling new applications, enhancing productivity, and providing a multitude of services to employees.
Real-time, collaborative applications and communications tools (such as IP telephony, IP video, and e-learning) and technologies that expand the scope of a network (such as WLANs) offer an opportunity for enterprises to increase the productivity of their employees. As today's enterprises take steps to transform the network into a tool that enables employees to be more productive, they must find ways to protect the network and the data that traverses it, helping ensure the availability of the network and its resources, and do all this while reducing expenses.
Providing greater access to more advanced applications across the extended enterprise creates new network demands:
• Increased need for more capacity and better traffic optimization to support bandwidth-intensive applications while avoiding service degradation
• Increased requirement for greater reach and mobility as organizations share their information assets across the extended enterprise
• Increased urgency for greater protection against security threats at all levels
SOLUTION
Cisco Catalyst 6500 Series switches are market-leading modular LAN switches that continue to set the standard with continual innovations. The Catalyst 6500 Series integrates advanced network services and technologies that provide network resilience and nonstop innovation, which strengthen, simplify, and extend the value of the network, enabling maximum operational efficiency and faster response to business opportunities.
The Cisco Catalyst 6500 Series is the foundation for secure converged network services in the campus, providing data and voice integration; LAN, WAN, and metropolitan-area network (Metro) consolidation; and intelligent multilayer switching in core, distribution, data center access, and wiring closet topologies. The Catalyst 6500 Series centralizes management of the main network functions, significantly reducing overhead and downtime.
The Cisco Catalyst 6500 Series Switch is a modular system that can grow as customer requirements expand and technology evolves, allowing businesses to upgrade and reconfigure systems by adding new modules, replacing existing modules, and adding and redeploying systems. Throughout the Catalyst 6500 Series, modules are:
• Configurable-Simplifying the addition of new services
• Interoperable-In the same chassis, providing flexible design options
• Interchangeable-Among Catalyst 6500 Series systems, simplifying sparing and network expansion
• Upgradable-As newer modules come along, providing investment protection
The modular design of the Cisco Catalyst 6500 Series facilitates network growth and helps meet the changing needs of its users. There is no need to redesign the entire network each time a module is added or removed. The Catalyst 6500 Series also provides improved fault isolation that greatly enhances troubleshooting, problem isolation, and network management.
BUSINESS BENEFITS
Through a combination of hardware integration and Cisco IOS® Software, the Cisco Catalyst 6500 Series provides a foundation of advanced network services. These capabilities enable new applications and uses for the network and enable the campus LAN and data center to be more resilient, more available, and more secure. This network integration translates to protecting, optimizing, and growing your business (see Figure 1).
• Protect-To meet business continuity targets and service-level agreements (SLAs), businesses need to ensure that their applications and voice and data communications can survive disruptions and attacks. In addition, employees need to maintain continuous access to these applications and communication systems under any circumstance. Integrated security protects against and mitigates the negative effects of worms, viruses, and other attacks on your network. In addition, support for secure connectivity (for example, VPNs), identity and access management, and VLANs enables you to improve performance and security and decrease costs. The Cisco Catalyst 6500 Series helps ensure high availability through a resilient multilayer design, redundant hardware and software features, and automatic procedures for reconfiguring network paths.
• Optimize-An enterprisewide resiliency strategy deployed using a Cisco integrated network architecture improves efficiency, agility, profitability, and service levels. It also enables the deployment of new and emerging technologies and applications so that companies can capitalize rapidly on change, reduce operational and management overhead, and allow employees to collaborate and communicate more efficiently. A cohesive, adaptive network architecture supports your requirements for consolidation, business continuance, and security while enabling emerging service-oriented architectures, consolidation, virtualization, and on-demand computing. Integrated systems have been found to generate 29 percent in savings through operating expense reduction, training, support, and integration compared to an aggregation of discrete devices from multiple vendors (Sage Research, 2003).
• Grow-The Cisco Catalyst 6500 Series helps enable organizations to capitalize on new opportunities and deploy profitable new applications and advanced technologies that allow for optimization of business processes. The Catalyst 6500 Series is a core platform with integrated IP Communications, wireless networking, and advanced security that enables the enterprise to rapidly adapt to and capitalize on the changing business environment. It allows scaling without major changes to the infrastructure. In addition, new applications and services can be easily added while providing predictable traffic paths and performance for steady and failover states.
Figure 1. Network Integration Helps Protect, Optimize, and Increase Business
Using the Cisco Catalyst 6500 Series as an integrated network foundation, Cisco enables a suite of business solutions that allow you to protect your assets; connect people, customers, and suppliers in the most efficient way; scale your operations; and accommodate change through the rapid deployment of new technologies across your entire enterprise.
ARCHITECTURE
The Cisco Catalyst 6500 Series is a highly flexible and innovative switching platform and is the premier Cisco switching platform, setting the standard for IP Communications and application delivery in campus and service provider environments. Since the platform's inception in 1999, it has provided investment protection by supporting all line cards and supervisor engines. The Catalyst 6500 Series has evolved from a 32 Gbps system with the Supervisor Engine I to a 720 Gbps system featuring more than 400 million packets per second (mpps) of performance while maintaining backward compatibility. The Catalyst 6500 Series scales to support maximum port densities for 10/100, 10/100/100 Gigabit Ethernet, and 10 Gigabit Ethernet. It also integrates WAN access connectivity and aggregation from DS-0 to OC-192 using shared port adapters (SPAs), optical service modules (OSMs), and the enhanced FlexWAN module.
Figure 2 shows campus network deployment scenarios for the Catalyst 6500 Series.
Figure 2. Campus Network Deployment Scenarios for Catalyst 6500 Series
Network managers who previously had to purchase specialized appliances to implement firewall, intrusion detection, content load balancing, wireless control, or time-division multiplexing (TDM) voice gateways can now integrate all these capabilities into the Cisco Catalyst 6500 Series in the form of services modules. Unique in the industry, these specialized modules provide high-speed services that can be managed within the switch while providing multigigabit performance. The modules can be deployed in campus environments to create virtual, secure workgroups or in data centers to provide an integrated services platform.
Services that are currently integrated in the Cisco Catalyst 6500 Series include content switching, application oriented networking, network analysis, WLAN, firewall, intrusion detection, VPN (IP Security [IPSec] and Secure Sockets Layer [SSL]), SSL termination, and TDM voice gateway.
CISCO CATALYST 6500 SERIES ARCHITECTURAL FOUNDATIONS
The Cisco LAN switching strategy is focused around using innovation to deliver secure converged networking capabilities. Coupled with industry-leading innovation is an evolutionary approach to switching architecture. Products such as the Cisco Catalyst 6500 Series lead the industry today in performance, service integration, and hardware-enabled features. At the same time, the Cisco Catalyst 6500 Series provides backward compatibility for existing line cards throughout its three generations of line cards.
Through the Cisco Catalyst 6500 Series portfolio, Cisco delivers long-lasting technology for both hardware and software platforms that will evolve as the industry evolves. This allows enterprises to get the longest-lasting value from their network investments and to continue to deploy new innovations that meet current and future technology trends and business goals while maintaining investment protection in currently deployed systems.
Application and Content Networking
Application services optimize bandwidth and transactions so that employees have fast access to applications and data. Application acceleration also facilitates efficient, cost-effective companywide communications. Integrated services are a comprehensive, end-to-end strategy that can be centrally managed in the Catalyst 6500 Series.
The Catalyst 6500 Series application services solution includes features to help ensure the correct level of quality of service (QoS) for voice, video, and mission-critical data traffic. It includes software and features to help ensure a highly available network. Embedded features such as IP Multicast allow the distribution of a single traffic stream to multiple locations (as with IP videoconferencing). Cisco Catalyst 6500 Series switches help enable intelligent server and application load balancing, as well as end-to-end management capabilities. This improves performance and resource usage and allows enterprises to meet both service-level objectives and governance requirements.
The Cisco Application-Oriented Networking (AON) Services Module can be installed in any Cisco Catalyst 6500 Series Switch to take full advantage of the switch's high availability, security, and traffic-management capabilities. It provides application-level intelligence, improved message visibility, and security and reduces total cost of ownership by consolidating elements of the network and application infrastructures and providing centralized management capabilities.
The Cisco Content Switching Module (CSM) integrates content load balancing and SSL acceleration into the switch. The integrated Cisco CSM provides multigigabit load balancing of servers, firewalls, caches, and other network devices-a flexible deployment option for data centers or e-commerce Websites that require high throughput for their applications. The Cisco CSM also provides stateful failover, providing for the best-case resiliency of content load balancing in the data center. The module helps to ensure that applications and data are available to the users and network manager when needed.
Seamless Wired and Wireless Network
As today's enterprises take steps to transform the network into a tool that enables employees to be more productive, they must find ways to extend the network and the data that traverses it. They must also help to ensure the availability of the network and its resources, while being tasked with reducing expenses. Providing greater access to more advanced applications across the extended enterprise has become a requirement that necessitates greater reach and mobility as organizations share their information assets wherever they may be.
The Cisco Unified Wireless Network allows organizations to deliver the same level of security, scalability, reliability, ease of deployment, and management for WLANs that they expect from their wired LANs. This powerful unified wired and wireless solution cost-effectively addresses the WLAN security, deployment, management, and control issues facing enterprises. It combines the best elements of wireless and wired networking to deliver scalable, manageable, and secure WLANs with a low total cost of ownership.
The Cisco Catalyst 6500 Series Wireless Services Module (WiSM) enables pervasive, campus-wide wireless services and is a central component of the Cisco Unified Wireless Network. Integrating WiSM into the Catalyst 6500 combines the best of the wireless and wired worlds, resulting in simplified wireless deployment and management, leading wireless security, maximum wireless scalability, and the highest levels of wireless availability.
The Cisco Communication Media Module provides flexible, high-density T1/E1 gateways, allowing organizations to connect their existing TDM networks to their IP Communications networks and providing connectivity to the public switched telephone network (PSTN). The network analysis modules (NAM 1 and NAM 2) for the Cisco Catalyst 6500 Series provide application-level visibility into the network infrastructure for real-time traffic analysis, performance monitoring, and troubleshooting and perform traffic monitoring with the embedded Web-based Traffic Analyzer.
Integrated Multilayer Security
The Cisco Catalyst 6500 Series is a key foundational component of the Cisco Self-Defending Network initiative. By securing the infrastructure and protecting users, servers, and the switch itself, Cisco Catalyst 6500 Series integrated security provides the first line of defense in an enterprise or commercial company's overall security strategy. In an ongoing effort to retain its leadership position in LAN switching, Cisco, and particularly the Catalyst 6500 Series, is promoting the development and implementation of security features designed for protection, control, and privacy.
The Cisco Catalyst 6500 Series security solution is a collaboration of IP networking and security technologies. It is a flexible, customizable deployment that uses existing investments in platform options (such as switch-based security) and technology options (such as firewalls; threat protection; Authentication, Authorization and Accounting [AAA]; URL filtering; and 802.1X).
The components of the Cisco Catalyst 6500 Series security solution address the major security concerns of defending against threats, establishing trust boundaries and verifying identity, and securing business communications. These include the following:
• Threat Defense-Guarding the network against malicious as well as unintentional attack. Threat defense can be further broken down further into the goals of:
– Defending the Edge-Using the Cisco Catalyst 6500 Series integrated Firewall Services Module, Intrusion Detection Systems Services Module (IDSM), Traffic Anomaly Detector Services Module, and Anomaly Guard Services Module to fortify the network edge against intrusion and attack.
– Protecting the Interior-Enabling the Cisco Catalyst 6500 Series integrated security features to protect the network against emerging internal attacks and utilizing built-in intrusion prevention system (IPS) features of the Cisco WiSM.
– Guarding the Endpoints-Using the Cisco Security Agent and Network Admission Control (NAC) to proactively defend against infection and damage to hosts.
• Trust and Identity-Controlling who has access to the network and what they can do. This control is provided by Cisco Identity and Cisco Wireless Security Suite, which can be used to prevent unauthorized wireless access to the network.
• Secure Communications-Protecting the confidentiality of internal and external voice and data communication. The Cisco Catalyst 6500 Series integrated IPSec VPN Services Module, SSL Services Module, and WebVPN Services Module provide the encryption protection needed for voice and data secure network transmission.
In addition, QoS can be used to help ensure network accessibility during denial-of-service (DoS) attacks, while Cisco NAC can be used to protect your network from inadvertent infection by mobile users.
Figure 3.Catalyst 6500 with VPN, Firewall, SSL, and NAM 2 Service Modules
ADVANCED INTEGRATED SERVICES MODULES
The Cisco Catalyst 6500 Series focuses on the following key areas for ongoing innovation with its service modules: application & content networking, network monitoring, wireless, security, and telephony.
Application and Content Networking
• Cisco Catalyst 6500 Series Application-Oriented Networking Services Module (AON SM)-Provides application-level intelligence, improved message visibility, and security and reduces total cost of ownership by consolidating elements of the network and application infrastructures and providing centralized management capabilities. For more information, visit: http://www.cisco.com/en/US/products/ps6448/index.html
• Cisco Catalyst 6500 Series Cisco Content Switching Module (CSM)-Integrates advanced content switching into the Catalyst 6500 Series to provide high-performance, high-availability load balancing of caches, firewalls, Web servers, and other network devices. For more information, visit: http://www.cisco.com/en/US/products/hw/modules/ps2706/products_data_sheet09186a00800887f3.html
Network Monitoring
• Cisco Catalyst 6500 Series Cisco Network Analysis Module (NAM 1 and NAM 2)-Provide application-level visibility into the network infrastructure for real-time traffic analysis, performance monitoring, and troubleshooting; perform traffic monitoring with embedded Web-based Traffic Analyzer.
Wireless Services Modules
• Cisco Catalyst 6500 Series Wireless Services Module (WiSM)-Provides superior security, mobility, redundancy, and ease of use for business-critical WLANs. It gives network managers the control to scale and manage their wireless networks as easily as they scale and manage their traditional wired networks. For more information, visit: http://www.cisco.com/go/wism
Security Services Modules
• Cisco Catalyst 6500 Series Firewall Services Module-Allows any port in the chassis to operate as a firewall port and integrates stateful firewall security inside the network infrastructure.
• Cisco Catalyst 6500 Series IPSec VPN Services Module-Provides infrastructure-integrated IPSec VPN services capable of 1.9 Gbps Triple Data Encryption Standard (3DES) performance, 8000 active tunnels, and up to 60 tunnels per second. For more information, visit: http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4221/index.html
• Cisco Catalyst 6500 Series WebVPN Services Module-High-speed, integrated SSL VPN services module that addresses the scalability, performance, application support, and security required for large-scale, remote-access SSL VPN deployments. For more information, visit: http://www.cisco.com/en/US/products/ps6404/index.html
• Cisco Catalyst 6500 Series Traffic Anomaly Detector Services Module-Protects large organizations against DDoSs and other online assaults by quickly detecting attacks and automatically activating the Anomaly Guard Services Module to initiate mitigation services that block attacks before business is adversely affected. For more information, visit: http://www.cisco.com/en/US/products/ps6236/index.html
• Cisco Catalyst 6500 Series Anomaly Guard Services Module-Delivers a powerful, extensive, and integrated solution for defending online applications and businesses, data centers, and the network infrastructure against increasingly complex and elusive DDoS attacks. For more information, visit: http://www.cisco.com/en/US/products/ps6235/index.html
Telephony Services Module
• Cisco Catalyst 6500 Series Communication Media Module-Provides flexible, high-density T1/E1 gateways, allowing organizations to connect their existing TDM networks to their IP Communications networks and providing connectivity to the PSTN.
WHY CISCO
Cisco recognizes that it is not enough to have a patchwork of best-of-breed point products. Networking point players offer discrete niche products that can create interoperability and integration problems in the future. Unlike such vendors, who use speed as the primary metric of value, Cisco provides unmatched functional integration of advanced network solutions that make business applications run better.
The distinctive Cisco Catalyst 6500 Series integrated approach to engineering intelligence, security, and management within the network helps enterprises use their network strategically. With the ability to build a network capable of rapidly and cost-effectively deploying ongoing innovation, the Cisco Catalyst 6500 Series can help you protect your business assets and optimize applications and employee performance. Having a cohesive network solution translates to a more cohesive business operation. The result puts your company in a better position to take advantage of growth opportunities and have competitive differentiation.
