Product Overview
Today’s businesses operate less on local/country or even regional levels, and more on a global level. With greater and more ubiquitous connectivity also comes greater opportunity for enterprises to discover new ways to connect and collaborate. New tools such as video telephony, web collaboration, e-communities, information sharing, and the like are growing in maturity and value. At the heart of these communications and collaboration models is the network, which serves as the primary conduit of business interactions and services among various sites, evolving at a greater speed. As the network evolves and grows, security technologies should evolve to transparently protect the data and various applications in the network.
The Cisco® VPN Services Port Adapter (VSPA) is the next-generation VPN module designed to support next-generation VPN technologies with system bandwidths of 8 Gbps in a modular, flexible, and scalable form factor (refer to Figure 1). The Cisco VSPA requires the Cisco Catalyst® 6500 Series Services SPA Carrier-600 (SSC-600) to operate in the Cisco Catalyst 6500 Series Switches. Each SSC-600 module takes up one slot in a Cisco Catalyst 6500 Series Switch and can support up to two Cisco VPN Services Port Adapters. The Cisco VSPA, accompanied with the SSC-600, delivers scalable and cost-effective VPN performance for Cisco Catalyst 6500 Series Switches.
Although the Cisco VSPA does not have physical WAN or LAN interfaces, it takes advantage of the breadth of LAN and WAN interfaces in the Cisco Catalyst 6500 Series Switches, making it very attractive for enterprises deploying the Cisco Catalyst 6500 Series Switch.
Primary VPN features delivered by the Cisco VSPA include:
● Security integrated into network infrastructure: The Cisco VSPA supports IPsec VPN encryption in the Cisco Catalyst 6500 Series Switches. When VPNs are integrated into these infrastructure platforms, the network can be secured without extra overlay equipment or network alterations. Furthermore, the broad range of LAN and WAN interfaces, as well as the entire line of security services modules (VPN, firewall, network anomaly detection, intrusion detection and prevention, content services, Secure Sockets Layer [SSL], and wireless LAN) can now be used together within the same platform.
● Support for industry-leading encryption technology: In addition to Data Encryption Standard (DES) and Triple Data Encryption Standard (3DES), the Cisco VSPA also supports Advanced Encryption Stanced (AES) 192 and AES 256, the latest standard in encryption technology demanded by most government agencies and the leading financial institutions in the most secure network environments.
● High performance: Using the latest in encryption hardware acceleration modules, each Cisco VSPA can deliver up to 8 Gbps of AES traffic at large packet sizes and 7 Gbps at average packet sizes as defined by internet mix traffic (IMIX) traffic.
● Modular design and scalability: The Cisco VSPA can terminate up to 16,000 site-to-site or remote-access IPsec tunnels simultaneously and can establish those tunnels at up to 65 new tunnels per second. Taking advantage of modular architecture, each slot of the Cisco Catalyst 6500 can support up to 2 Cisco VSPAs, and up to 10 Cisco VSPAs can be combined in a single chassis. Additionally, the half-slot form factor of the Cisco VSPA allows the customer to reduce slot consumption, potentially reducing cost while enhancing per-slot and overall system encryption performance.
● Enhanced quality of service (QoS): The VSPA is designed to handle preencryption QoS configured on IPsec tunnel interfaces and provides priority, bandwidth, and traffic shaping services. Because the VSPA does not rely on the physical interface for QoS classification of outbound packets, packets are less likely to be dropped because of antireplay issues.
● Scalable IPv6 encryption: Support for multigigabit IPv6 networks based on Static Virtual Tunnel Interfaces (sVTIs).
● Engine sharing: Physical ports can terminate multiple tunnels on multiple VSPAs simultaneously.
● VPN resiliency and high availability: Using innovative features such as stateful failover for IPsec and generic routing encapsulation (GRE), Hot Standby Router Protocol with Reverse Route Injection (HSRP+RRI), Dead Peer Detection (DPD), and support of dynamic routing updates over site-to-site tunnels, the Cisco VSPA provides superior VPN resiliency and high availability.
● Advanced security services: Adding strong encryption, authentication, and integrity to network services is easy with the Cisco VSPA. Secured campus and provider-edge VPN applications, including integrated data, voice, and video-enabled VPN; storage area networks; and integration of IPsec and MPLS VPNs, are now easily deployable. The Cisco VSPA provides advanced site-to-site and remote-access IPsec services over both LAN and WAN interfaces.
Key Features and Benefits
Table 1 gives the primary features of the Cisco VSPA.
Table 1. Features of Cisco VSPA
Product Specifications
Table 2 gives specifications of the Cisco VSPA.
Table 2. Product Specifications
Table 3 gives Regulatory Standards Compliance of the Cisco VSPA.
Table 3. Regulatory Standards Compliance: Safety and EMC
Specification |
Description |
Regulatory Compliance |
Products should comply with CE Markings per directives 2004/108/EC and 2006/95/EC |
Safety |
● UL 60950
● CAN/CSA-C22.2 No. 60950
● EN 60950
● IEC 60950
● AS/NZS 60950
|
EMC—Emissions
|
● 47CFR Part 15 (CFR 47) Class A
● AS/NZS CISPR22 Class A
● CISPR2 2 Class A
● EN55022 Class A
● ICES003 Class A
● VCCI Class A
● EN61000-3-2
● EN61000-3-3
● KN22 Class A
● CNS13438 Class A
|
EMC—Immunity
|
● EN50082-1
● EN61000-6-1
● EN55024
● CISPR24
● EN300386
● KN immunity series
|
Table 4 gives NEBS Compliance and ETSI 300-019 Environmental Requirements.
Table 4. NEBS Compliance and ETSI 300-019 Environmental Requirements
Specification |
Description |
NEBS Criteria Levels |
SR-3580 NEBS level 3 (GR-63-CORE, issue 3, GR-1089 CORE, issue 4) |
Verizon NEBS Compliance |
Telecommunications Carrier Group (TCG) Checklist |
Qwest NEBS requirements |
Telecommunications Carrier Group (TCG) Checklist |
ATT NEBS Requirements |
ATT TP76200 level 3, TP7645 and TCG Checklist |
ETSI |
● ETS 300 019-1-1, Class 1.2 Storage
● ETS 300 019-1-2, Class 2.3 Transportation
● ETS 300 019-1-3, Class 3.2 Stationary Use
|
Ordering Information
To place an order, visit the Cisco Ordering Home Page or refer to Table 5.
Table 5. Ordering Information
Product Name |
Part Number |
Cisco Catalyst 6500 Series VPN Services Port Adapter |
WS-IPSEC-3 |
Cisco Catalyst 6500 Series Services SPA Carrier-600 |
WS-SSC-600 |
Cisco Catalyst 6500 IPsec VSPA Bundle 1 (system only) |
WS-IPSEC-SSC600-L1 |
Cisco Catalyst 6500 IPsec VSPA Bundle 2 (system only) |
WS-IPSEC-SSC600-L2 |
Cisco Catalyst 6504E IPsec VSPA Security System |
WS-C6504-E-VPN+-K9 |
Cisco Catalyst 6506E IPsec VSPA Security System |
WS-C6506-E-VPN+-K9 |
Cisco Catalyst 6509E IPsec VSPA Security System |
WS-C6509-E-VPN+-K9 |
Cisco Catalyst 6513 IPsec VSPA Security System |
WS-C6513-VPN+-K9 |
Service and Support
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco Services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, refer to Cisco Technical Support Services or Cisco Advanced Services.
For More Information
For more information about the Cisco VSPA and the Cisco SPA/SIP portfolio, visit http://www.cisco.com/go/spa or contact your local Cisco account representative.