Foundry FastIron X-Series

Foundry Networks FastIron Family - FastIron Edge X-Series

Foundry Network Products

Layer 3 Backbone Switches	Routers
SecureIron Products	Layer 4-7 Switches
Wireless	Network Management
Layer 2/3 Enterprise Core/Edge and Service Provider Edge Switches

Foundry Networks FastIron Range

Foundry Network’s FastIron family of Enterprise and Service Provider products includes the FastIron 4802, the FastIron Edge Switch, the FastIron Edge Switch POE, the FastIron Workgroup X Series, the FastIron Edge X Series, the FastIron SuperX and the FI 400, 800, 1500.

Foundry Network’s FastIron family is purpose-built to deliver high density 10/100 with Power Over Ethernet, 10/100/1000 with Power Over Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet for high performance networking solutions with advanced security features. Foundry’s FastIron family is built with high-performance ASICs and Foundry’s IronWare™ that includes advanced Layer 2 features such as Foundry’s award winning Metro Ring Protocol (MRP), and full Layer 3 features such as Border Gateway Protocol 4 (BGP4). Foundry’s FastIron family ensures increase in return on investment (ROI) and a much lower total cost of ownership (TCO) for both Enterprises and Service Providers.

FastIron 4802	FastIron Edge Switch
FastIron Edge Switch POE	FastIron Workgroup X Series
FastIron Edge X Series	FastIron SuperX
Fast Iron FI 400, 800, 1500.

Foundry FastIron Edge Switch Specifications

Features

• Includes 1-port or 2-port 10-Gigabit Ethernet (10-GbE) module that uses hot-pluggable, state-of-the-art, low-cost, and removable "10-Gigabit Small Form Factor Pluggable" (XFP) optics to support SR, LR, ER, ZR, and ZRD optics—orderable or field upgradeable
• The all-fiber model features Ethernet in the First Mile optics—the industry’s first product to support 100/1000 SFP with 10-GbE uplinks
• Raises the VoIP convergence bar with the first product to combine 10/100/1000 POE, 10-GbE, and redundant, removable power in a compact form
• IronWare™—Foundry’s intelligent embedded software—includes advanced Layer 2 features such as Metro Ring Protocol, Virtual Switch Redundancy Protocol, and IronShield™—for wire-speed security network protection. Software upgradeable to full Layer 3, including support for IP routing protocols such as RIPv1/v2, OSPF, BGP, and support for multicast routing, including PIM-SM, PIM-DM, and DVMRP.
• Embedded sFlow™—the industry standard for network traffic monitoring—delivers hardware-based and real-time network traffic monitoring and inline intrusion detection and prevention
• Protection against Denial of Service attacks comes from IronShield™ security with wire-speed extended Access Control Lists, Secure Shell, Secure Copy, SNMP v3, and authentication with AAA, 802.1x, RADIUS, and TACACS+.
• Load-balanced, hot-swappable, and redundant power supply units ensure network reliability for Enterprises and Metro Service Providers

Overview

Foundry’s FastIron® Edge Switch X-series (FESX) products—the FastIron Edge X Series 424 (FESX424), the FastIron Edge X Series 448 (FESX448), the FastIron Edge X Series 424HF (FESX424HF), and the FastIron Edge X Series 424 Power Over Ethernet (FESX424-POE)—provide greater flexibility, higher reliability, enhanced security, extensive redundancy, and a new level of high performance by combin­ing 10/100/1000, 10/100/1000 with POE, 100/1000 SFP, and 10-Gigabit Ethernet (10-GbE). The FastIron Edge X Series increases a network’s return on investment (ROI) and decreases total cost of ownership (TCO) by offering improved functionality, advanced technology, and security in a compact (1.5 Rack Units) form factor at industry-leading prices. The FastIron Edge X Series is the ideal networking platform to deliver 10-Gigabit Ethernet from the edge to the core.

The FastIron Edge X Series establishes the next benchmark in delivering the most adaptable feature set, combined with the highest density 10/100/1000, 10/100/1000 with POE, and 100/1000 SFP with 10-GbE upgradeability in a compact form factor. Specifically, the FastIron Edge X Series establishes the industry’s leading price-performance value for fixed Ethernet solutions with the addition of removable, replaceable, load-sharing power supply and 10-GbE modules in a 1.5 Rack Unit (RU) form factor. The FastIron Edge X Series can be initially installed using “Small Form Pluggable” (SFP) Gigabit Ethernet ports and then later field-upgraded to support one or two “10-Gigabit Small Form Factor Pluggable” (XFP) modules, extending the usability of the product.

To meet existing and emerging network requirements, the FastIron Edge X Series comes standard with advanced Layer 2 features, such as Metro Ring Protocol and Base Layer 3 routing capabilities, complete quality of service (QoS) controls including prioritization and rate limiting, and Foundry’s IronShield™ for denial of service protection. The FastIron Edge X Series is also software upgradeable to full Layer 3 to support advanced routing protocol such as BGP4. The extensive feature set supports network requirements ranging from basic connectivity to multicast-based streaming audio/video applications for converged services including Voice over IP (VoIP), using a software upgrade to full Layer 3.

System Summary

Purpose-Built Features for Enterprise and Service Provider

IronShield™Security—Complete Network Protection

The FastIron Edge X Series supports configurable levels of user-selectable security starting with support for MAC address lockdown. The network administrator can assign a single MAC address or a group of addresses to an individual port in order to prevent unauthorized users from plugging into open RJ45 wall outlets. For more complex networking environments using Remote Authentication Dial-In User Service (RADIUS) authentication servers, the network manager can enable 802.1x port-based authentication—ensuring that the FastIron Edge X Series first authenticates the user before allowing the port to trans-mit data onto the network. This also grants users secure mobility while maintaining the integrity and security of the network against unwarranted breaches.

Once the port is operational, the network administrator can use both regular and extended ACLs to control access to and through the network, enabling control policies that can permit or deny traffic based on a wide variety of identification characteristics, such as source/destination MAC addresses, source/destination IP addresses, and TCP/UDP ports/sockets or well-known port numbers—further protecting and restricting network access from malicious users. The FastIron Edge X Series implements ACL lookups in hardware so that providing security and protec-tion for the network does not adversely affect switching or routing performance.

By deploying the FastIron Edge X Series, network managers can provide layered levels of access to the management console. Multilevel access security on the console and web-based manage-ment interface prevent unauthorized users from accessing or changing the switch configuration. By using Terminal Access Controller Access Control Systems (TACACS/TACACS+) as well as RADIUS authentication, the network administrator can enable considerable centralized control and restrict unauthorized users from altering network configurations. The FastIron Edge X Series also supports Secure Shell and SNMPv3 to further restrict and encrypt communications to the management interface and system, thereby assuring highly secure network management access. For an added level of protection, the network administrator can use ACLs and provide fine-tuned access and control to the system by binding the ACL to TELNET, Web-Management, and SNMP interfaces.

To protect the network against Denial of Service (DoS) attacks, the network manager can disable the forwarding of ICMP messages and also enable the option to rate limit ICMP and TCP SYN packets. The FastIron Edge X Series can monitor, throttle, and lock out ICMP and TCP SYN traffic both to the management address of the switch and for traffic transiting the system. Enabling this feature can secure and protect the network from suffering a user-generated DoS attack or aiding one.

sFlow—“Always-On” Wire-Speed Network Monitoring

All versions of the FastIron Edge X Series support sFlow™—Foundry’s unique solution to simplifying network management. Deploying switches in a networking infrastructure increases overall network performance but essentially eliminates the network administrator’s ability to receive a total picture of network capacity, bandwidth consumption, utilization, and overall network health. sFlow delivers real-time, complete network visibility, enabling network managers to completely manage every network transaction flowing throughout the network. sFlow uses the built-in capability of the FastIron Edge X Series ASICs to collect and aggregate details on traffic flows from Layer 2 through Layer 4, and automatically delivers that information to the IronView Network Management station—a Java-based network-configuration and management tool that displays, in detail and graphically, network- and application-level traffic information. With the resulting insight, the network manager can quickly and accurately review overall networking operations, zero in on hot spots, and quickly diagnose and troubleshoot difficulties before they develop into widespread problems. sFlow also automatically delivers accurate SNMP/ RMON statistics to reduce the administrative burden normally associated with proactive network management, design, and capacity planning.

Increasing Network Value with Converged (Voice, Video, and Data) Deployments

The FastIron Edge X Series establishes a high-performance platform on which to build converged voice, video, and data services that can easily adapt to changes and future technologies. Deployed in the wiring closet, the FastIron Edge X Series provides the capabilities and functionalities required for supporting robust telephony integration within existing networking infrastructures. Advanced QoS features can also be enabled to deliver the same level of reliability and availability that exist within existing legacy telephone and video systems. Coupling multiple levels of protocol redundancy with advanced QoS ensures a fault-tolerant network design and zero service disruption.

Intelligent Traffic Control to Manage QoS and Bandwidth Consumption

The FastIron Edge X Series offers superior QoS features that enable network administrators to provide and ensure high-quality services throughout the network from end to end. Foundry’s QoS implementation uses the most efficient methodology to classify and prioritize network traffic to eliminate network congestion. The FastIron Edge X Series supports Dual-Mode operation to allow for both 802.1Q tagged and untagged data streams, and placement of these streams into assigned virtual LANs (VLANs). Dual-Mode operation enables network managers to properly assign priorities to various 802.1Q-tagged packets such as Voice over IP (VoIP) packets to eliminate latency and jitter.

Enhancing QoS to Ensure High Availability and Superior Data Traffic Integrity

The FastIron Edge X Series can classify, re-classify, police, and mark the traffic prior to delivery. Network administrators can classify traffic, such as VoIP handsets or bandwidth-critical applications, to discriminate among various traffic flows and enforce bandwidth policies on Layer 2 and Layer 3 QoS fields. The FastIron Edge X Series can identify, classify, and reclassify traffic based on specific criteria such as port, source/destination Media Access Control (MAC) address, 802.1p priority bit, source/ destination IP address, Type of Service (ToS) or Differentiated Services Control Point (DSCP) fields, or the Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port.

Once classified, the traffic is queued and scheduled for delivery —the network administrator has complete control over how the system services the queues: Weighted, adjustable Round Robin (WRR) queuing ensures that all packets can be delivered and ensures that lower-priority packets are not starved for bandwidth; Strict Priority (SP) queuing ensures that highest-priority traffic always gets serviced first, ahead of all other traffic (which could result in lower-priority bandwidth starvation); combined SP with WRR guarantees highest-priority traffic delivery while equally servicing the lower priority queues.

The FastIron Edge X Series is capable of performing rate-limiting to give a network administrator the granular control needed to regulate how end users consume bandwidth. Using rate limiting together with the multiple queuing techniques enables the network manager to fairly balance, fine-tune, and control bandwidth consumption, providing the foundation for end-to-end QoS parameters to regulate traffic flows across the entire network. Voice, video, and high-speed data services can be combined and delivered throughout a unified network without suffering from reduced performance or negatively impacting the end-user experience.

Industry Leading Layer 2 Features for Metro and Service Providers

By deploying the FastIron Edge X Series, Metro and Service Providers can extend high-speed networks at the edge, as well as closer to the core of access networks. Metro and Service Providers can begin to deliver Ethernet-based services, an alternative to TDM-based services, to support low-cost and high-speed services from 1 Mbps up to 10 Gbps. The following Layer 2 metro features ensure flexible, secure, and resilient Ethernet services:

• Metro Ring Protocol (MRP)—Offers an alternative to Spanning Tree-based designs and provides sub-second fault detection and  failover specifically for Metro Ethernet ring topologies. MRP works
  in conjunction with VSRP and 802.3ad-based link aggregation to provide bandwidth scalability and SONET-like resiliency in Metro Ethernet networks.
• Virtual Switch Redundancy Protocol (VSRP)—Offers an alternative to Spanning Tree-based designs and provides sub-second fault detection and fail-over protocol for mesh topologies. VSRP works in conjunction with MRP to provide SONET-like resiliency required for critical Data Center and Metro Ethernet networks and protects against link or switch failures.
• Rapid Spanning Tree Protocol based on IEEE 802.1w— Dramatically improves the spanning tree convergence time to sub-seconds by automatically renegotiating port roles without relying on timers in case of a link failure.
• Per VLAN Spanning Tree (PVST)—Allows Metro service providers control over STP on an individual VLAN basis to provide traffic engineering.
• Per VLAN Group Spanning Tree (PVGST)—Allows Metro service providers dramatic improvements in STP and VLAN scalability by servicing up to 4,096 VLANs with 2 to 16 STP or Rapid STP instances. PVGST also provides VLAN load balancing for all  4,096 VLANs for efficient utilization of all fiber in a Metro network.
• Topology Groups—Goes beyond PVGST to scale all supported  Layer 2 control protocols including STP, RSTP, MRP, and VSRP, while providing the ability to isolate the provider from any subscriber-influenced changes.
• Super Aggregated VLANs (SAV)—Allows service providers to decouple the provider VLAN domains from customer VLAN domains. SAV allows the provider to tunnel and preserve the subscriber VLANs by stacking VLAN tags.

Increasing Network Reliability with Load-Balanced and Redundant Power

The FastIron Edge X Series includes power redundancy features, which are only available in a modular chassis. Every FastIron Edge X Series ships with a single AC power supply and adding one more power AC power supply enables 1+1 redundancy. These AC power supplies are hot-swappable and load-sharing AC power supplies, critical for delivering power redundancy and deployment flexibility.

Enhancing Network Resilience with Redundant Uplink Options

The FastIron Edge X Series can be ordered (or field-upgraded later) with a 1-port or 2-port 10-GbE module that supports one or two XFP optics, allowing for a full breadth of networking interconnectivity, including 10-GbE-SR, 10-GbE-LR, and 10-GbE-ER for 10-GbE links up to 300m over Multimode Fiber (MMF), 10km over Single Mode Fiber (SMF), and 40km over Single Mode Fiber (SMF), respectively.

The FastIron Edge X Series comes built with 4-port SFP for use with 1000Base-X Gigabit Ethernet interfaces supporting a wide range of Gigabit Ethernet transceivers for the full breadth of networking interconnectivity including 1000Base-SX, 1000Base-LX, and 1000Base-LHA for Gigabit Ethernet links up to 550m over Multimode Fiber (MMF), 10km over Single Mode Fiber (SMF), and 120km over SMF, respectively.

Higher levels of link resilience can be implemented by deploying dual-homed and redundant 10-GbE uplinks enabled with 802.3ad, Per-VLAN Spanning Tree (PVST/PVST+), Protected-Link, Load-sharing 802.1Q trunks, or OSPF Equal Cost Multi Path (ECMP) data center connections. This unmatched selection of redundancy, quick recovery, and load balancing options grants the network administrator the widest range of implementation choices, making the FastIron Edge X Series the ideal intelligent enterprise switch to deliver 10-GbE from the edge to the core.

Enterprise Application

Low Cost GoC+10-GbE Solution for the Enterprise Campus

Foundry’s FastIron Edge X Series is ideal for delivering high-density and low-cost 10/100/1000, and is a 10-GbE solution for the enterprise campus. The FESX424 and FESX448 can be fitted with 1-port or 2-port 10-GbE modules, which use the state-of-the-art “10-Gigabit small form factor pluggable” optics (XFP optics). With two ports of 10-GbE, network managers can easily build redundancy into their campus network and take advantage of low cost XFP optics priced much lower than XENPAK optics.

As shown in figure 2, the FastIron Edge X Series can be used to deliver to the desktop, high-density aggregation within the distribution layer, and connectivity for high-performance computing, grid-computing, and network-attached storage. Support for jumbo frames of up to 9,126 bytes ensures faster file transfer between high-end servers within the data center and assists in reducing server CPU load. The 10-GbE uplinks within the FastIron Edge X Series ensure that the data center can be easily connected to Foundry’s BigIron MG8, enabling concurrent support for low-latency applications such as VoIP, mission-critical applications such as manufacturing-resource planning, and high-volume network traffic such as remote backup.

Enterprise customers that demand high-capacity 10-GbE networking within the collapsed aggregation, distribution and data center can combine the FastIron Edge X Series with Foundry’s BigIron MG8. The FastIron Edge X Series includes IronWare that comes with high-availability features such as Protected-Link or Metro Ring Protocol (MRP) to ensure resiliency from any network outages. In addition, enterprise customers can rely on the FastIron Edge X Series to deliver high-availability from any power outages for the collapse aggregation, distribution and the data center.

Foundry’s FastIron Edge X Series can be installed in an enterprise’s distribution layer to aggregate switches with its high-density connections, and its 4-port SFP enables connec-tivity to upper floors within a building. The FastIron Edge X Series can be configured with two load-sharing and redundant AC power supplies—a requirement for network equipment used to aggregate many switches. Most fixed Ethernet solutions offer an external power supply to deliver redundancy, but this solution becomes cumbersome because network managers now have two units to manage and the combined RU size of the two units impacts wiring closet space.

Aside from power-supply redundancy to deliver zero network downtime, the FastIron Edge X Series comes installed with Foundry’s time-tested and proven IronWare software. IronWare software, tested and used by thousands of Foundry customers including the U.S. Department of Defense, includes IronShield to protect the network and the equipment against any denial of service. In addition, IronWare comes with standard Layer 2 features such as 802.3ad and 802.1w and Layer-3 features, such as OSPF with ECMP or VRRP-E, that assure protocol redundancy.

Metro Service Provider Application

High-Performance, High-Availability and Cost-Effective Metro Access Solution

Foundry’s FastIron Edge X Series comes installed with IronWare, which includes metro features like Metro Ring Protocol, Virtual Switch Redundancy Protocol, Super Aggregated VLAN, and Protected-Link. The FastIron Edge X Series includes support for jumbo frames up to 9,216 bytes, required for metro providers wanting to offer high-speed and high-value Ethernet services for storage and high-performance networking.

As shown in figure 3, the FastIron Edge X Series is ideal for 1-GbE service delivery within a 10-GbE metro access infra-structure. The FastIron Edge X Series can be equipped with a 2-port 10-GbE module that can be populated with one (1) or two (2) XFP optics capable of reaching distances of up to 40km, allowing Metro Service Providers to connect various point-of-presence with 10-GbE. This solution optimizes the use of their fiber infrastructure and allows for the delivery of high-speed service offerings such as remote backup or remote data-center facilities.

The FastIron Edge X Series includes sFlow (RFC 3176)—an industry standard to deliver networkwide visibility for manage-ment and control. sFlow can be used by Metro Service Providers to deliver scalable end-user network accounting and billing and capacity planning. sFlow coupled with SNORT—a leading, open-source intrusion detection system—delivers an almost zero-cost security solution. Metro Service Providers can make high-end services such as detailed end-user billing and network-intrusion prevention available to their customers.

Ideal Infrastructure to Deliver IPTV and Video On-Demand Solution

Multicast is used to deliver IP-TV services or On-Demand video services because it offers an efficient method for broad-casting traffic to many subscribers. Service and metro providers, who have transit networks and want to offer high-end services such as IPTV or Video On-Demand services, rely on multicast routing to distribute multicast traffic.

Figure 4(a) shows a simple network that supports IPTV services. Subscribers for video services can exist in PIM Sparse Router 2 and PIM Sparse Router 3. To ensure that subscribers can imme-diately acquire any video service, a route entry must be created for each video service in each PIM Sparse Router. The creation of a route entry for a video service, which has no subscriber, removes impact to the CPU and is done by enabling Passive Multicast Route Insertion.

For example, assume (S1, G1) is movie1 and (S2, G2) is movie2. A subscriber in PIM Sparse Router2 subscribes to movie1. PMRI assures that a route entry pointing to a null client for movie2 is created in PIM Sparse Router2, in order to give any new client quick access to movie2. PMRI also assures that all video streams, including those without any subscriber, contin-uously traverse the network without any impact to the network equipment’s CPU.

Figure 4(b) combines PIM Snooping and PMRI to ensure multicast distribution can be made in an Ethernet-based network or Layer 2 network. Foundry switches with PIM Snooping enabled acquire multicast routes by listening to PIM Sparse join-and-prune messages, and IGMP group membership reports. Learning multicast route information enables Foundry switches to intelligently switch multicast traffic and not broadcast multicast traffic, which is the default behavior of any Layer 2 switch.

Combining PIM Snooping and PMRI gives service and metro providers a solution to deliver video services, aside from voice and data services, using a Layer 2 switch, which is more cost-effective over MPLS switches.