RE: [nsp] Cat 6500... what is really possible together...

From: KF (kf@reign.sk)
Date: Wed Feb 06 2002 - 04:19:29 EST


Many Thanks for respones...

But Running Native or Hybrid system is dependent on my requirements and it seems like only with Native IOS is possible to fulfil all
the functions.

Still I don't have clear, if is possible to run together on ONE CAT 6500 mine requirements... seems like not, therefore I didn't get
right answer..

Anyway..Yes there is a lot of doc's at Cisco site ..ofcourse I have readed them all ;-) but.... like I'm used to ... on cisco site
is confusing informations (it's possible to read somewhere that A is A and later you will find information that B is A..).. so some
other questions..

Is anyone here who using Cat6500 for Load Balancing/firewalling server farm?

- Is possible to install to 6509 chassis SUP2/PFC2/MSFC2 ?
- Is possible to install to such chassis with SUP2/PFC2/MSFC2 CSM module?
- Why is limited CSM to 32 VLAN only? is this going to be changed ?
- Does NDE works together with this setup? also with data, which has beed handled by CSM?
- am I able to police(CAR) traffic on L2 directly?
- am I able to police at L3 traffic in conjunction with CSM .. (Bandwidth management)?
- am I able to secure load balanced VLANS against DoS/viruses ..etc?

don't get me wrong.. I need to have an light here....

Many Thanks

Alex

> -----Original Message-----
> From: Nash Darukhanawalla [mailto:ndarukha@cisco.com]
> Sent: Tuesday, February 05, 2002 6:36 PM
> To: kf@reign.sk
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [nsp] Cat 6500... what is really possible together...
>
>
> Alex,
>
> Comments in line...
>
> Thanks,
> Nash
>
>
> At 01:37 PM 2/5/2002 +0100, KF wrote:
> >Hi,
> >
> >Since I'm confused what can I combine together
> (hardware/features) with
> >Cat 6500 and what is hardware/features difference between
> >SUP 2/SUP 1A; PFC/PFC2 ; MSFC/MSFC2 with chassis 6506/9/13,
> I decide to
> >share mine questionaries with you..
>
> http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/
> supcc_ov.htm
> would be a good starting point.
>
>
> >Cat 6500 is VERY interesting MARKETING box.. since it can do almost
> >everything.. "-)
>
> True. Cat6500 is a very feature rich box.
>
> >What is the difference (features) and future support (is
> cisco goin' to
> >migrate at the future to the native IOS at 6500?) between
> >Hybrid and Native IOS support? Where can I obtain whole research,
> >features/support/hardware in one place?
>
> Distributed forwarding card (DFC) is a daughter card can be
> installed on
> line cards which are Fabric enabled to perform local switching. This
> distributed switching architecture is only supported in Native IOS.
>
> For more details on DFC and local switching, please refer to
> this document:
> http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/
> 65dfc_ds.htm
>
> This document provides comparison between CatOS and
> Supervisor or Native IOS
> http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/cat
> 65_wp.htm
>
>
> >I want to combine this features together if possible on WIRE SPEED...
> >
> >Firewalling (ACL/antispoofing/DoS preventing/statefull checking..)
> >
> >Content switching (not Accelerated SLB... using CSM, what is
> switched in
> >ASICs? , scripted health checking, bandwidth management,
> >further SSL offload ..)
>
> There are blades available which can be installed in cat6500
> to achieve max
> performance. Here are some documents on CSM and IDS blades
> http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/
ccsm_ds.htm
------ Content switching module
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/1584_pp.htm
------- New features
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/1584_pp.htm
------- Intrusion detection system module

>MLS

Depending on the hardware, i.e. MSFC/PFC combination, the forwarding
mechanism is either "MultiLayer Switching" or "CEF"

MSFC/PFC does MLS
MSFC2/PFC2 uses CEF

MSFC2 can be installed on Sup1A but MSFC cannot be installed on Sup2

>HSRP..
>NETFLOW Export

Even though CEF is the forwarding mechanism when using Sup2/MSFC2, netflow
tables are maintained in the hardware for stats.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/nde.htm
provides details on configuring NDE.

>QoS (CAR, allocate and prioritize traffic..NBAR/DSCP)

QoS is also done in the hardware for wire rate performance.
Configuring QoS:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/qos.htm

>An idea behind is to build up an server farm, where each server (group of)
>should have it's own security policy and reside at self
>VLAN and traffic will be content switched..is necessary to have some
>BANDWIDTH management of L7 traffic or CAR physicaly per L2
>port or defined by QoS. need of maximalized redundancy (not the marketing
>one ;-)
>
>Many Thanks for any imput..
>
>alex



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:03 EDT