In an exclusive network World verify, Cisco's Catalyst 4948-10GE delivered checklist low latency and line-cost throughput. Coupled with resourceful safety mechanisms and an extensive checklist of switching and routing features, this swap earns a clear alternative award.
In an exclusive network World test, Cisco's Catalyst 4948-10GE delivered record low latency and line-cost throughput. Coupled with ingenious protection mechanisms and an extensive list of switching and routing elements, this change earns a clear option award.How they did it
Archive of community World exams
Subscribe to the network Product check consequences e-newsletter
With a cost of $30,000, the Catalyst 4948-10GE is too costly to be deployed in each wiring closet, however the rate makes sense to be used in records centers where the switch can combination connections from many servers and ship site visitors over a 10-Gigabit Ethernet backbone.
The Catalyst 4948-10GE offers 48 copper Gigabit Ethernet and two 10G Ethernet ports, a whole lot like competing items from excessive Networks, Force10 Networks and Foundry Networks. There are some key adjustments, although: The Cisco swap has a 1-rack unit (1.75-inch) form aspect, while Foundry's FESX448 occupies 1.5 rack devices. The Cisco swap helps redundant power substances, while redundancy for severe's S400-48t requires one external energy supply (however, intense's external vigor give can be shared throughout assorted switches). On the downside, Cisco's device isn't expandable, in contrast to Force10's S50, and its listing price is higher than in a similar way configured opponents' switches.
in all probability the greatest difference is Cisco's use of X2 transceivers for 10G Ethernet interfaces. These are roughly the size of Gigabit Ethernet transceivers, putting them about halfway between 10G Ethernet Transceiver kit (XENPAK) transceivers and smaller 10 Gigabit Small kind factor Pluggable transceivers (XFP) in more recent 10G switches from Force10, Foundry and Nortel, amongst others. One consideration for adopters of distinct transceiver kinds is that they'll must keep multiple styles of spares reachable, with fees smartly into the lots of bucks for each and every.
X2 transceivers are functionally just like XENPAK transceivers, while XFP transceivers offload the serializer/deserializer (Serdes) characteristic to the switch's circuit board. Cisco says X2s raise reliability as a result of a Serdes failure requires replacement of just a transceiver in preference to a whole swap. We're not certain about that claim: whereas or not it's nevertheless especially early for XFPs, they have yet to junk an XFP machine as a result of a Serdes failure. They did examine that X2 transceivers interoperate with each XENPAK and XFP transceivers over single-mode fiber cabling.
We stress-confirmed the Catalyst 4948-10GE in numerous configurations, and it came up aces in all of them. These configurations concerned Layer-2 and -three switching, virtual LANs (VLAN) and Open Shortest course First (OSPF ) routing, all common projects for an aggregation change. They also measured the swap's buffering and unicast handle discovering means.
We pounded the swap with a traffic sample that worried absolutely meshed site visitors between all forty eight Gigabit Ethernet ports, in addition to traffic between both 10G Ethernet ports (see How they did it ). No production network (hopefully) ever sees site visitors like this, however does allow us to investigate the boundaries of device efficiency.
The Layer-2 and -three switching checks were standard, with only one media access handle (MAC) and/or IP tackle per port. For the VLAN checks, they defined 28 VLANs on every Gigabit Ethernet port, for a complete of 1,344 VLANs. For the OSPF exams, they used the Spirent SmartBits traffic generator/analyzer to emulate 10,000 networks with 250 hosts on every. as a result of this ultimate check worried 2.5 million flows, it's a good way to check if performance degrades as move count rises.
In all checks, the Catalyst 4948-10GE delivered line-cost throughput of as much as one zero one.19 million frames per 2nd (see picture).
We also measured latency - the time vital by means of the swap to forward each and every frame at the throughput price (see graphic, under). normal latency hovered within the latitude of four microsec for most frame lengths, a new low among Ethernet switches they now have validated. All latency numbers they recorded are as a minimum one order of magnitude beneath the factor the place they'd have an effect on even the most time-sensitive software. Latency and jitter have been additionally remarkably low and incessant for the Gigabit Ethernet interfaces.
We also measured the switch's buffering potential, or how long it holds up site visitors when it be overloaded. With both 2-to-1 and 10-to-1 overloads, the optimum lengthen they followed turned into about 1.four millisec for 64-byte frames; 26 millisec for 1,518-byte frames; and 128 millisec for 9,000-byte frames. None of those worst-case consequences are prone to degrade software efficiency in creation networks.
Cisco says the Catalyst 4948-10GE can maintain music of fifty five,000 unicast MAC addresses without flooding. They validated that declare by offering 54,999 addresses of their own, which, brought to the switch's own handle, fits the information-sheet claim.
The Catalyst 4948-10GE has a neatly-stocked safety arsenal. Like many other switches, it helps 802.1X consumer authentication, relaxed Shell v2 for remote entry, and entry manage lists. The swap offers many different protection facets, as smartly.
The port protection feature allows the change to be trained the MAC addresses of connected hosts, even across reboots, preventing spoofing and boosting reliability.
DHCP snooping makes it possible for the swap to listen for and reject responses from rogue DHCP servers, therefore fighting an attacker from misconfiguring hosts and redirecting site visitors. DHCP snooping also can fee-limit site visitors to professional DHCP servers, fighting denial-of-provider attacks.
The IP supply preserve feature builds on DHCP snooping to steer clear of an attacker from the usage of a legitimate user's IP handle to inject spoofed traffic. The gadget builds a table that acquaintances IP addresses with swap ports. If an attacker tries to ship traffic with a source IP tackle already registered to another port, the change drops the traffic.
both DHCP snooping and IP source defend both work on 802.1Q trunks, 802.3ad hyperlink aggregation trunks (or Cisco EtherChannels), and private virtual LANs, in addition to on individual ports.
The Dynamic ARP inspection (DAI) function blocks attackers from the use of handle decision Protocol (ARP) cache poisoning, a relatively effortless and customary exploit for many different switches and routers. by using sending gratuitous ARP messages to many switches and routers, an attacker can redirect site visitors to and from a valid person's IP address, thus taking pictures passwords, e mail, VoIP calls or another site visitors. DAI thwarts this attack by way of protecting a desk of IP-MAC bindings, and dropping traffic to MAC addresses now not listed in the binding table.
Our handiest complaints with the Catalyst 4948-10GE are minor: is relatively high checklist rate (often discounted in enormous deals); its lack of expandability; the feasible should stock assorted 10G transceiver types; and its lack of IPv6 assist (which is rarely yet a requirement for a lot of community managers, anyway). In every different admire, the switch is a standout. It brings line-fee throughput, minimal latency and innovative security points to facts center networks.
Newman is president of community test, an unbiased engineering capabilities consultancy in Westlake Village, Calif. He will also be reached at firstname.lastname@example.org.
network World gratefully acknowledges the support of Spirent Communications, which provided its SmartBits site visitors generator/analyzer system.
Newman is additionally a member of the network World Lab Alliance, a cooperative of the premier reviewers in the community business, each bringing to bear years of useful experience on every overview. For extra Lab Alliance suggestions, including what it takes to turn into a member, go to www.networkworld.com/alliance.be part of the community World communities on fb and LinkedIn to comment on themes that are right of intellect.