10G aggregators for providers and data centers

Today, with your permission, I will tell you about a fairly new topic - 10-gigabit aggregating switches. Competition among providers pushes subscribers to offer all new speeds, up to gigabit. Someone is doing this on GPON technology, someone with copper using inexpensive gigabit access switches. And what is it to collect in the center? At first glance, there are quite a few options - all the grandees are releasing modular kernel switches. Usually it is such a heavy and very smart (well, expensive, respectively) piece of iron.

But there is another way - specialized solutions. These are compact 1-2 RU switches with a fairly large number of 10G ports (for SFP + modules), some of them have the possibility of combining or uplink 40G. Today we will talk about the 44-port 10G aggregator with advanced routing functions with a port cost of only $ 230.


')
So, Dasan Networks , a former division of Siemens , and now an independent company, manufactures switches under its own brand name and NSN (Nokia Siemens Networks). And production and development in South Korea. GPON equipment for Korea Telecom and aggregating switches are manufactured. And L3, which distinguishes them from other offers on the market. That is, Dasan aggregators can be assigned a serious part of handling the entire network traffic at the network level, saving on the central router.

Two models - 44 10G ports in 1RU and 4 40G ports on the V6748XG model (pictured below)


The most delicious inside:

The performance of the switching matrix is ​​1200 Gbps, that is, it is non-blocking!

Capacity 655-850 Mpps. A very serious thresher for 1 RU and its price (the price per port, I remind you, is only $ 280).

Now what the mean datasheet on the aggregator is silent about:

Physics

1. Very high port density 44 ports 1 / 10GE SFP / SFP + with support for reading and monitoring DDM.
2. The possibility of a gradual network upgrade with the replacement of SFP with SFP + allows operators to transfer links to 10G mode as the network needs increase in bandwidth
3. Separate MNG port 100BaseT for management
4. The powerful central processor - 1.3 GHz PowerPC allows you not to worry about network storms, to withstand a significant load of IGMP and ARP when terminating the network traffic of a large number of BBA subscribers. There are diagnostic functions and advanced monitoring of CPU utilization of various types of traffic.
5. Availability of autonegotiation function on ports
6. Dual redundancy power supplies, the possibility of "hot-swappable power supplies. Possibility of power supply from the mains 220V and -48V DC
7. Hot swappable fan unit

Channel Level:

1. Support STP, RSTP, MSTP, PVSTP, BPDU Filtering
2. LACP bonding support, incl. based on src ip, dst ip.
3. Extended Q-in-Q support. In networks operating according to the “VLAN per subscriber” scheme, the switch allows aggregation and tunneling of traffic on the way to the core and BRAS.

Network level:

1. Hardware routing of IP traffic (static, OSPFv2, BGPv4).
2. Extended ACL support on hardware basis, incl. L2, L3, L4
3. QOS, Scheduling: Strict priority, WRR, DRR. Policer, Rate-limiter.
4. IPv6 routing support
5. PBR - ACL-Based Policy Based Routing Support
6. VRRP support - Virtual routing redundancy protocol
7. SuperVLAN support (analogue of IP Unnumbered) - it is convenient to use on aggregation to save address space by terminating a large number of client sub-VLANs per IP network.
8. Availability of developed means of working with Multicast traffic:
   
   
   • Multicast - Routing PIM-SM, PIM-SSM, PIM-DM
   • Support for the MSDP protocol of the multicast source directory. Usually used by operators - providers of multicast stream for the delimitation of domains. Allows the provider to create their own supplier-independent multicast stream RP (Rendezvous-point) and associate it with the RP provider.
   • IGMP v.1,2,3 support
   • IGMP Querier, IGMP Proxy

Useful security features:

1. SSH - console
2. Authentication based on RADIUS or TACACS + servers.
3. IP source guard based on DHCP Snooping - prohibits the passage of any traffic on the port, except for outgoing from the host that received the IP through DHCP.
4. ARP Inspection - prohibits the processing of ARP requests from hosts that did not receive IP via DHCP. There is a configurable delay to enable this feature - to give time to fill the table after a reboot.
5. Loop Guard - protection from topology loops
6. Flood Guard - limiting packet rate on MAC, broadcast, multicast frames, as well as packets addressed to the switch CPU.
7. User-tuned auto-rebooter (Watchdog) for ping loss on IP, processor overload, memory overflow.

Control functions

1. Very handy Cisco-like CLI
2. Logging can be performed on a remote syslog server
3. SNMP - management and monitoring

Of course, in the world of 10G aggregators, this is far from the only piece of hardware, but in terms of the functionality / price ratio of the port, in my opinion, it still has no equal. You can see the piece of metal alive in the KompTek office . Well, ask questions, I will try to answer.