Cisco Cisco ACE Application Control Engine Module Information Guide
© 2006 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 5 of 10
SSL Off-Load
•
SSL decryption
•
SSL encryption
•
Centralized certificate management
•
Back-end SSL
•
Export cipher suite
•
SSL v2 and v3 and transparent LAN services (TLS) v1.0
•
Step-up certificates
Data Center Security
•
Protocol inspection and fixup of the most popular data center protocols
•
Access control lists (ACLs) with up to 256,000 access control elements to selectively allow traffic between ports
•
SYN cookies
•
TCP connection state tracking
•
Virtual connection state for UDP
•
SEQ number randomization
•
TCP header validation
•
TCP window size checking
•
Unicast Reverse Path Forwarding (URPF) checking at session establishment
Q.
What are the performance characteristics of the Cisco ACE Services Module?
A.
The Cisco ACE Services Module brings the highest performance to the application delivery market: up to 16 Gbps of throughput and sustained
rate of 345,000 Layer 4 connection setups per second by a single service module; up to 4 ACE modules can be housed in a single Catalyst 6500
chassis offering maximum scalability. Performance metrics are available in the data sheet and can be found online at
http://www.cisco.com/go/ace
.
Q.
What supervisor engines are compatible with the Cisco ACE Services Module?
A.
The Cisco ACE Services Module is initially supported by the Cisco Catalyst 6500 Series Supervisor Engine 720 (with a policy feature card
3A [PFC3A], PFC3B, or PFC3b-XL).
Q.
Does the Cisco ACE Services Module run Cisco IOS
®
Software?
A.
No. The Cisco ACE Services Module runs its own operating system. The ACE is a Catalyst 6500 fabric-enabled module.
Q.
Can I put the Cisco Catalyst 6500 Series Firewall Services Module, Cisco CSM, Cisco SSLM, and Cisco ACE Services Module together
in the chassis?
A.
Yes.
Q.
Does the Cisco ACE Services Module have any external interfaces?
A.
Yes. The Cisco ACE Services Module provides several management interfaces for external control. First, ACE has a relatively standard
external console port for administrative access for using a standard CLI. Second, ACE provides an XML API for integration with management tools
and to be controlled by specific applications themselves. Finally, there will be a full GUI-based manager that will provide full support for all
functions and RBAC. While operational, the Cisco ACE can be sessioned into from the supervisor engine of the Catalyst 6500. The ACE has no data
input/output ports.
Q.
How many Cisco ACE Services Modules can I put into one Catalyst 6500 chassis?
A.
Up to 4 Cisco ACE Services Modules are supported per chassis.