Справочник Пользователя для Foundry Networks RX-8
4
t
Per VLAN Spanning Tree (PVST)—Allows for control of STP
on an individual VLAN basis for traffic engineering VLAN traffic
(i.e., load distribution)
(i.e., load distribution)
t
Topology Groups—Dramatically improves Layer 2 control
protocol scalability by allowing a few instances of STP, RSTP,
MRP, or VSRP to control large groups of VLANs
MRP, or VSRP to control large groups of VLANs
t
Super Aggregated VLANs (SAVs)—Allows transparent
tunneling of multiple VLANs through a single backbone VLAN
t
PIM and IGMP Snooping—Offers efficient handling of
multicast traffic in Layer 2 topologies by identifying ports that
request a multicast stream and forwarding the stream only
on these ports. This dramatically improves the performance
of multicast applications, allowing for many more streams to
be transiting the network.
request a multicast stream and forwarding the stream only
on these ports. This dramatically improves the performance
of multicast applications, allowing for many more streams to
be transiting the network.
ADVANCED QUALITY OF SERVICE
t
Advanced QoS—Allows administrators to enforce QoS policies
based on port, VLAN, source MAC, ACL rules, 802.1p priority,
Type of Service (ToS), DiffServ settings or Rate Limiting status
Type of Service (ToS), DiffServ settings or Rate Limiting status
t
Very low latency across all packet sizes—Consistent low
latency for strict priority applications such as voice over IP, high
performance computing and video over IP
performance computing and video over IP
t
Configurable combinations of queuing disciplines and
congestion control policies
—Combinations of Strict Priority
(SP) and Weighted Fair Queuing (WFQ) provide flexibility for
network administrators. In the event of egress port congestion,
traffic policies can be configured for tail drop or weighted
random early detection (WRED) operation.
network administrators. In the event of egress port congestion,
traffic policies can be configured for tail drop or weighted
random early detection (WRED) operation.
t
Advanced Bandwidth Management—Allows intelligent
bandwidth management using hardware based enforcement of
Committed Information Rate (CIR) with Excess Burst control
capabilities and seamless integration with other advanced QoS
features including priority marking and honoring.
Committed Information Rate (CIR) with Excess Burst control
capabilities and seamless integration with other advanced QoS
features including priority marking and honoring.
COHESIVE, UNIFIED AND EASY-TO-USE
NETWORK MANAGEMENT
t
Centralized network management—Foundry’s IronView
Network Manager is a web-based, graphical interface tool that
empowers network operators to seamlessly control software and
configuration
empowers network operators to seamlessly control software and
configuration
updates
t
Command Line Interface (CLI)—Industry-standard
configuration interface, consistent and common throughout
all Foundry’s products
all Foundry’s products
t
Web interface—Provides easy-to-use Graphical User Interface
(GUI) for system configuration from standard Web browsers
t
sFlow (RFC 3176)—Provides scalable, wire-speed network
monitoring and accounting with no impact on network
performance
performance
IRONSHIELD
™
SECURITY
t
Wire-speed extended Layer 2, Layer 3 & 4 Access Control
Lists
(ACL)
—Control packet forwarding and restricts access
to the system management interface, while providing wire-speed
switching and routing:
switching and routing:
– Extensible ACL Implementation for Layer 3 & 4
Information
Information
: Identifies traffic based on source or destination
IP address, IP protocol type, TCP or UDP port, IP precedence
or ToS values
– Flexible ACL Implementation for Layer 2 Information:
Identifies traffic based on source or destination MAC address,
Ethernet type, VLAN-ID values and 802.1p values
– ACL scalability: Support for up to 8,000 ACLs
– Ease of administration: Identify an ACL by name or
number, or add a comment line for ease of administration
– Secure Shell and Secure Copy: Provides secure access to the
administration and management interface over the network
t
Protection against Denial of Service (DoS) attacks—Prevents
or minimizes network downtime from malicious users by limiting
TCP SYN and ICMP traffic and protects against broadcast storms
TCP SYN and ICMP traffic and protects against broadcast storms
t
User authentication—Authentication with AAA, 802.1x,
RADIUS, TACACS, and TACACS+ prevents unauthorized
network
network
access
t
MAC Port Security—Controls the MAC addresses allowed
per
port
t
sFlow (RFC 3176)—Provides cost-effective, scalable, wire-
speed network monitoring to detect unusual network activity
t
SNMPv3—Secured SNMP management with authentication
and privacy services
t
BGP-Guard—Complements MD5 security for BGP sessions
to protect against session disruption by restricting the number
of hops the BGP session can traverse
of hops the BGP session can traverse