Solution Designed for High-Quality and Reliable Network Convergence

The FastIron SX Series provides a scalable, secure, low-latency, and fault-tolerant infrastructure for cost-effective integration of VoIP, video, wireless access, and high-performance data onto a common network. The system architecture features a scalable and resilient PoE design and a low-latency, cell-based switch fabric with intelligent traffic management to ensure reliable and high-quality VoIP service. A rich suite of security features, including policy-based access control, IP source guard, dynamic ARP inspection, and DHCP snooping, work in unison to control network access and shield the network from internal and external threats. The FastIron SX Series establishes a new class of convergence-ready solutions, enabling organizations to implement a secure, reliable, scalable, and high-quality infrastructure for total network convergence.

Resilient Design Ensures Business Continuity

A FastIron SX networking solution is built for high-value environments. The Brocade FastIron SX features MCT (available for purchase the first half of 2012), enabling two FastIron SX chassis to appear as a single logical switch at Layer 2 in active/active mode and delivering uninterrupted traffic flow in the event of node failover. Additionally, with redundant management modules with hitless failover, redundant fans, redundant load-sharing switch fabrics, and power supply modules, the FastIron SX 800/1600 switches are designed for maximum system availability. Switch fabric failover preserves network connectivity in the event of a switch module failure. Automatic management failover quickly restores network connectivity in the event of a management module failure without interruption of traffic forwarding. In the event of a topology change due to a port or facility failure, Layer 1 and Layer 2 protocols—such as Protected Link, Metro Ring Protocol (MRP), IEEE 802.3ad, UDLD, VSRP, and Rapid Spanning Tree Protocol—will restore service in sub-second time (tens to hundreds of milliseconds, depending on the protocol), protecting users from costly service disruption. Enhanced spanning tree features such as Root Guard and BPDU Guard prevent rogue hijacking of spanning tree root and maintain a contention- and loop-free environment, especially during dynamic network deployments. These high-availability capabilities enable network deployments of a highly reliable network infrastructure that is resilient to, and tolerant of, network and equipment failures.

Future-Proofing the Network through Deployment of IPv6-Capable Hardware

Networks are in the early stages of large-scale IPv6 production deployment; however, few IPv6-capable applications are currently on the market. Although the success of IPv6 will ultimately depend on the new applications that run over IPv6, a key part of the IPv6 design is the ability to integrate into and coexist with existing IPv4 switches within the network and across networks during the steady migration from IPv4 to IPv6.

The FastIron SX IPv6-capable management and interface modules, commencing with software release Brocade FSX 04.0.01, support an easy migration path by interworking between IPv4 and IPv6 switches with the existing network or across networks. The network manager can pick and choose which sites are upgraded with IPv6-capable modules, preparing the network for future IPv6 applications.

Designed for medium to large enterprise backbones, the IPv6-capable FastIron SX Series of modular switches provides the enterprise network with a complete, end-to-end enterprise LAN solution, ranging from the wiring closet to the LAN backbone.

Benefits of the IPv6-capable modules include:

• The IPv6-capable FastIron SX management modules are non-blocking, with a built-in switch fabric module and 12 combination Gigabit Ethernet copper or fiber ports that provide connectivity to the existing management network.
• The IPv6-capable FastIron SX 800 and FastIron SX 1600 management modules have a console port and a 10/100/1000 port for out-of-band management. The management modules optionally support 2-port 10 GbE ports or 8-port 1 GbE fiber and copper ports.
• The IPv6-capable FastIron SX 800 and FastIron SX 1600 management modules are interchangeable between devices with systems using second- or third-generation modules.
• Redundant management modules on the IPv6-capable FastIron SX 800 and FastIron SX 1600 provide 100 percent redundancy.
• The crossbar (xbar) architecture enables the management module to switch 30 Gbps between each interface module and within the management module.
• The IPv6-capable interface modules and power supplies are interchangeable among FastIron SX Series switches.
• The IPv6-capable FastIron SX 800 and FastIron SX 1600 management, switch fabric, and interface modules are hot swappable, which means a module may be removed and replaced while the chassis is powered on and running.

Advanced QoS and Low Latency for Enterprise Convergence

The FastIron SX Series offers superior Quality of Service (QoS) features that enable network administrators to prioritize high-priority and delay-sensitive services throughout the network. FastIron SX switches can classify, re-classify, police, mark, and re-mark an Ethernet frame or an IP packet prior to delivery. This flexibility lets network administrators discriminate among various traffic flows and enforce packet-scheduling policies based on Layer 2 and Layer 3 QoS fields.

Once classified, the traffic is queued and scheduled for delivery. Three configurable queuing options provide the network administrator with flexible control over how the system services the queues. Weighted Round Robin (WRR) queuing applies user-configured weighting for servicing multiple queues, ensuring that even low-priority queues are not starved for bandwidth. With Strict Priority (SP) queuing, queues are serviced in priority order, ensuring that the highest-priority traffic is serviced ahead of lower priority queues. Combined SP and WRR queuing ensures that packets in the SP queue are serviced ahead of the WRR queues. Combined queuing is often used in VoIP networks where the VoIP traffic is assigned to the SP queue and data traffic is assigned to the WRR queues.

In addition, the switch management modules are available with integrated 1 GbE or 10 GbE ports. These modules provide cost-effective system configurations supporting high-capacity connections to upstream switches. The management modules utilize high-performance system processors with high-capacity memory for scalable networking up to a routing capacity of 1 million BGP routes and 20 BGP peers.

The FastIron SX switches utilize an advanced cell-based switch fabric with internal flow-control, ensuring very low latency and jitter performance for converged applications.

Flexible Bandwidth Management

The FastIron SX switches support a rich set of bandwidth management features, allowing granular control of bandwidth utilization. On ingress, extended ACLs can be used in combination with traffic policies to control bandwidth by user, by application, and by VLAN. On egress, outbound rate limiting can control bandwidth per port and per priority queue. These features allow the network operator fine-grained control of bandwidth utilization based on a wide range of application and user criteria.

Complete Solution for Multicast and Broadcast Video

The use of video applications in the workplace requires support for scalable multicast services from the edge to the core. IGMP and PIM snooping improves bandwidth utilization in Layer 2 networks by restricting multicast flows to only those switch ports that have multicast receivers. In Layer 3 networks, support for IGMP (v1, v2, and v3), IGMP Proxy, PIM-SM, PIM-SSM, and PIM-DM multicast routing optimizes traffic routing and network utilization for multicast applications.

Advanced Full Layer2/Layer 3 Wire-Speed IP Routing Solution

Brocade Advanced IronWare supports a full complement of unicast and multicast routing protocols, enabling users to build fully featured Layer 2/Layer 3 networks. Supported routing protocols include RIPv1/v2, OSPF, PIM-SM/DM, BGP, and Equal Cost Multi-Path (ECMP) for improved network performance. M2, M3, and M4 management modules can support routing table capacity of up to 1 million BGP routes and 20 BGP peers. FastIron SX switches can be upgraded with Advanced IronWare routing software (a Layer 3 upgrade).

To achieve wire-speed Layer 3 performance, the FastIron SX switches support Brocade Direct Routing (BDR), in which the Forwarding Information Base (FIB) is maintained in local memory on the line modules. The hardware forwarding tables are dynamically populated by system management with as many as 256,000 routes.

Comprehensive Bulletproof Security Suite

Security is a concern for today's network managers, and the FastIron SX switches support a powerful set of network management solutions to help protect the switch. Multilevel access security on the console and a secure Web management interface prevent unauthorized users from accessing or changing the switch configuration. Using Terminal Access Controller Access Control Systems (TACACS/TACACS+) and RADIUS authentication, network managers can enable considerable centralized control and restrict unauthorized users from altering network configurations.

The FastIron SX Series includes Secure Shell (SSHv2), Secure Copy, and SNMPv3 to restrict and encrypt communications to the management interface and system, thereby ensuring highly secure network management access. For an added level of protection, network managers can use ACLs to control which ports and interfaces have TELNET, Web, and/or SNMP access.

Controlling network access is a top priority for network operators. FastIron SX switches support a flexible suite of access control capabilities. The network access control features include multi-host IEEE 802.1x and MAC authentication schemes. Upon successful user or device authentication, the FastIron SX switch will apply the appropriate access policy for the user. The access policy may define the assigned VLAN, QoS, and ACL to be applied to the user's traffic. The network administrator can also specify an action in case the MAC or 802.1x authentication times out. Because of its standards-based design, this solution can be augmented with access control software and external appliances for enhanced access control operation. For example, an external NAC appliance and/or software can be used in combination with the FastIron SX, providing host posture verification and remediation. This design allows customers the flexibility to build best-of-breed solutions for their access control infrastructure and not be locked into a single offering.

Once the user is permitted access to the network, protecting the user's identity and controlling where the user connects becomes a priority. To prevent “user identity theft” (spoofing), the FastIron SX switches support DHCP snooping, Dynamic ARP inspection, and IP source guard. These three features work together to deny spoofing attempts and to defeat man-in-the-middle attacks. To control where users connect, the FastIron SX switches support private VLANs, quarantine VLANs, policy-based routing, and extended ACLs, all of which can be used to control a user's access to the network.

In addition, FastIron SX switches feature embedded sFlow packet sampling, which provides system-wide traffic monitoring for accounting, troubleshooting, and intrusion detection. Using Brocade Network Advisor to process sFlow data from the switches, Brocade IronShield 360 provides closed loop threat detection and response. sFlow packet samples are scanned for known threat signatures. Upon a positive match, Brocade Network Advisor can automatically send a control command to the FastIron SX switch to throttle or disable the port on which the threat has been detected. This advanced security capability provides a network-wide security umbrella without the added complexity and cost of ancillary sensors.