Extreme Networks S-Series S4 Chassis
Offering up to 288 ports of Gigabit Ethernet or 64 ports of 10 Gigabit Ethernet connectivity
Sorry, this product is no longer available, please contact us for a replacement.
The Extreme Networks S-Series delivers a powerful combination of Terabit-class performance along with granular visibility and control over users, services, and applications to meet the increasing demands of today's businesses and enable optimization of key technologies including voice and video, virtualization, and cloud computing. Unlike competitive solutions lacking comprehensive centralized management and adequate high availability services, the Extreme Networks S-Series drives down operational costs through a combination of management automatin, a robust and highly resilient distributed architecture, built-in security, and flexible power configurations specifically designed to reduce power and cooling costs. The highly versatile Extreme Networks S-Series delivers both the comprehensive functionality and configuration flexibility to be deployed as a premium high-density network edge access device, high performance distribution layer switch, resilient enterprise class multi-Terabit core router, or as a data center virtualization solution.
- Terabit-class performance with granular traffic visibility and control
- Automated network provisioning for virtualized, cloud, and converged voice/video/data environments
- High availability features including self-healing maximize business continuity for critical applications
- Versatile high density solution with highly flexible connectivity and power options reduces cost of ownership
- Greater than 6 Tbps backplane capacity with 1.28 Tbps switching capacity and 960 Mpps throughput
The S-Series provides a highly resilient distributed switching and routing architecture with management and control functions embedded in each module, delivering unsurpassed reliability, scalability, and fault tolerance. Organizations can cost-effectively add connectivity as needed while scaling performance capacity with each new module. The highly available architecture makes forwarding decisions, and enforces security policies and roles while classifying/prioritizing traffic at wire speed. All I/O modules provide the highest Quality of Service Q( oS) features for critical applications such as voice and HD video even during periods of high network traffic load while also proactively preventing Denial of Service (DoS) attacks and malware propagation.
The S-Series implements an industry-leading, flow-based switching architecture to intelligently manage individual user and application conversations-far beyond the capabilities of switches that are limited to using VLANs, ACLs, and ports to implement role-based access controls. Users are identified and roles are applied to ensure each individual user can access their business-critical applications no matter where they connect to the network. S-Series policy rules combined with deep packet inspection can intelligently sense and automatically respond to security threats while improving reliability and quality of the user experience.
A significant differentiator for the S-Series is the ability toc ollect NetFlow data at wire-speed on every port, providing total visibility into network resource consumption for users and applications. The S-Series is the only enterprise switch to support multi-user, multi-method authentication on every port - absolutely essential when you have devices such as IP phones ,computers, printers, copiers, security cameras, badge readers, and virtual machines connected to the network. When quality of service, device and application prioritization, and security matters there is no better choice than the Extreme Networks S-Series.
Unified Cross-Platform Operating System
The Extreme Networks S-Series firmware adds the benefit of becoming a multi-platform operating system that unifies the Extreme Networks N-Series and S-Series into a single firmware image that operates on both platforms ensuring feature parity and consistent operation across the flow-based switches. This provides many customer benefits: reduced TCO via a single, unified operating system from network edge/access layer to the network core and data center, feature and function consistency across platforms, and easy deployment and upgrades to ensure operational efficiency.
Integrated Services Design
Integrated services design is a key differentiator that separates the Extreme Networks S-Series from the competition. Integrated services design reduces the number and type of modules required to build typical wiring closet configurations, simplifying the overall network design. In turn, this significantly reduces the maintenance and sparing cost as each I/O fabric or I/O module can perform all of these services, unlike competitive offerings with multiple dedicated module types for each specific service.
Multi-layer packet classification - enables the delivery of critical applications to specific users via traffic awareness and control
- User, Port, and Device Level (Layer 2 through 4 packet classification)
- QoS mapping to priority queues (802.1p & IP ToS/ DSCP) up to 11 queues/port for S130/S150; 15 queues/port for S155
- Multiple queuing mechanisms (SPQ, WFQ, WRR, and Hybrid)
- Granular QoS/rate limiting
- VLAN to policy mapping a guest access role, helping to protect corporate applications and information.
Switching/VLAN services - provides high performance connectivity, aggregation, and rapid recovery services
- Extensive industry standards compliance (IEEE and IETF)
- Inbound and outbound bandwidth rate control per flow
- VLAN services support
- Link aggregation (IEEE 802.3ad)
- Multiple spanning trees (IEEE 802.1s)
- Rapid reconfiguration of spanning tree (IEEE 802.1w)
- Provider Bridges (IEEE 802.1ad), Q-in-Q Ready
- Flow setup throttling
Distributed IP Routing - provides dynamic traffic optimization, broadcast containment, and more efficient network resilience
- Standard routing features include static routes, OSPFv2, RIPv2, IPv4, and Multicast routing support (DVMRP, IGMP v1/v2/v3, PIM-SM), Policy Based Routing and Route Maps, and VRRP
- Extended ACLs
- S150 class I/O Modules and I/O fabric modules include all standard IP routing features and also include the following features:
- NAT (Network Address Translation)
- LSNAT (Load sharing Network Address Translation) for server load balancing
- TWCB (Transparent Web Cache Balancing) redirects web page requests to local web cache servers to efficiently manage web access bandwidth and increase web page response time
- S155 class fabric modules have all the standard IP routing features and deliver a hardware upgrade to enhance protocol capacities including:
- BGP: Larger route tables (Multiple copies of internet tables)
- Enhanced queuing
- Virtual Switch Bonding
Security (User, Network, and Management)
- User security
- Authentication (802.1X, MAC and PWA+, CEP), MAC (Static and Dynamic) port locking
- Multi-user authentication/policies
- Network security
- Access Control Lists (ACL) - basic and extended
- Policy-based security services (examples: spoofing, unsupported protocol access, intrusion prevention, DoS attacks limits)
- Management Security
- Secure access to the S-Series via SSH, SNMP v3
Management, Control, and Analysis - provide streamlined tools for maintaining network availability and health
- Industry-standard CLI and web management support
- Multiple firmware images with editable configuration files
- Network Analysis
- SNMP v1/v2c/v3, RMON (9 groups), and SMON (rfc2613) VLAN and Stats
- Port/VLAN mirroring (one-to-one, one-to-many, many-to-many)
- Unsampled NetFlow on every port with no impact on system switching and routing performance
- Automated set-up and reconfiguration
- Replacement I/O module will automatically inherit previous modules configuration
- New modules added to chassis will automatically be updated with active configuration and firmware
Examples of additional functionality and features that are supported by the Extreme Networks S-Series:
- NetFlow - Provides real-time visibility, application profiling, and capacity planning
- Server Load Balancing - Enabled via LSNAT without requiring costly external server load balancing hardware and software
- NAT - Network Address Translation (NAT) streamlines IP addressing and IP address management schemes
- LLDP-MED - Link Layer Discovery Protocol for Media Endpoint Devices enhances VoIP deployments
- Flow Setup Throttling - (FST) effectively preempts and defends against DoS attacks
- Web Cache Redirect - Increases WAN and Internet bandwidth efficiency
- Node & Alias Location - Automatically tracks user and device location and enhances network management productivity and fault isolation
- Port Protection Suite - Maintain network availability by ensuring good protocol and end station behavior
- Flex-Edge Technology - Provides advanced bandwidth management and allocation for demanding access/edge devices
- Virtual Switch Bonding - Provides increased resiliency and performance by combining two or more physical switches to create a single logical switch
- High Availability Firmware Upgrade (In-Service Software Upgrade) - System software upgrade without service interruption
- Secure https switch management via NetSight OneView
Network performance, management, and security capabilities via NetFlow are available on every S-Series I/O Fabric and I/O Module without affecting switching/routing performance or requiring the purchase of expensive daughter cards for every blade. The S-Series tracks every packet in every flow unlike competitor's statistical sampling techniques. The Extreme Networks advantage is the Extreme Networks ASIC capabilities that collect NetFlow statistics for every packet in every flow without sacrificing performance. Extreme Networks S-Series switches can output 9,000 flow records per second, per I/O module. This is an order of magnitude greater NetFlow performance than any other NetFlow appliance vendor (over 70,000 flow records per second in a fully populated S8 chassis).
Flow Setup Throttling (FST) is a proactive feature designed to mitigate zero-day threats and Denial of Service (DoS) attacks before they can affect the network. FST directly combats the effects of zero-day and DoS attacks by limiting the number of new or established flows that can be programmed on any individual switch port. This is achieved by monitoring the new flow arrival rate and/or controlling the maximum number of allowable flows.
In network operations, it is very time consuming to locate a device or find exactly where a user is connected. This is especialy important when reacting to security breaches. Extreme Networks S-Series modules automatically track the network's user/device location information by listening to network traffic as it passes through the switch. This information is then used to populate the Node/Alias table with information such as an end-station's MAC address and Layer 3 alias information (IP address, IPX address, etc). This information can then be utilized by Extreme Networks NMS Suite management tools to quickly determine the switch and port number for any IP address and take action against that device in the event of a security breach. This node and alias functionality is unique to Extreme Networks and reduces the time to pinpoint the exact location of a problem from hours to minutes.
For organizations looking to deploy VoIP technologies, the Extreme Networks S-Series provides significant capabilities through its support for the industrystandard discovery protocol, LLDP-MED (Link Layer Discovery Protocol for Media Endpoint Devices). This protocol allows for the accurate representation of network topologies within Network Management Systems (NMS). S-Series switches are able to learn about all the devices connected to them to identify VoIP phones, tell the phone which VLAN to use for voice, and even negotiate the power that the phone can consume. LLDP-MED also enables 911 emergency services location functions whereby the location of a phone can be determined by the switch port.
Extreme Networks S-Series support for Network Address Translation (NAT) provides a practical solution for organizations who wish to streamline their IP addressing schemes. NAT operates on a router connecting two networks, simplifying network design and conserving IP addresses. NAT can help organizations merge multiple networks together and enhance network security by helping to prevent malicious activity initiated by outside hosts from entering the corporate network; this improves the reliability of local systems by stopping worms and augments privacy by discouraging scans.
Within server farm environments, the S-Series can help to increase reliability and performance via the implementation of Load Sharing Network Address Translation (LSNAT). Based on RFC 2391, LSNAT uses a number of load sharing algorithms to transparently offload network load on a single server and distributes the load across a pool of servers.
The S-Series also supports a comprehensive portfolio of port protection capabilities, such as SPANguard and MACLock, which provide the ability to detect unauthorised bridges in the network and restrict a MAC address to a specific port. Other port protection features include Link Flap, Broadcast Suppression, and Spanning Tree Loop protection which protects against mis-configuration and protocol failure. The S-Series Virtual Switch Bonding technology allows two or more S-Series systems to create a single virtual switch.
Extreme Networks S-Series Flex-Edge technology provides line rate traffic classification for all access ports with guaranteed priority delivery for control plane traffic and high-priority traffic as defined by the Extreme Networks policy overlay. In addition to allocating resources for important network traffic, prioritized bandwidth can be assigned on a per port or per authenticated user basis. Flex-Edge technology is ideal for deployment in wiring closets and distribution points that can often suffer from spikes in utilization that cause network congestion. With Flex-Edge technologies, organizations no longer have to fear a momentary network congestion event that would result in topology changes and random packet discards.
CoreFlow2 policy enabled edge and core switches managed via NetSight play fundamental and essential roles in moving data reliably, efficiently and securely. The combined hardware and management suite provide superior traffic visibility, enforcement and security.
Traffic control and monitoring features include: Automatic application of ingress and egress policies for bi-directional traffic control; Rule Hit Accounting for network visibility and troubleshooting; and Flow Based Mirroring allowing for tapping individual traffic streams. Security features include: RA Guard (IPv6 Router advertisement containment) and features similar to DHCP Snooping, IP Source Guard and Dynamic ARP Inspection.
- A future-proofed, standards-based multi-Terabit architecture for secure, reliable deployment of business-critical applications
- Best-in-class Quality of Service functionality for predictable performance of demanding voice, video, and data applications
- Flow-based architecture delivers unrivalled end-to-end visibility and control over users, services, and applications ensuring consistent end-user experience
- Built-in hardware support for 40 and 100 Gbps Ethernet, emerging protocols (IPv6) and large scale deployment protocols (MPLS)
- Edge-to-core architecture flexibility reduces deployment and maintenance costs and simplifies network management
- Management automation and built-in resiliency features combine to drive down operational costs and maximize uptime
- Optimized flow-based architecture for iSCSI, CEE, and virtualization enabling consolidation of servers, applications, and storage, while reducing data center operational costs
- Flexible power configurations optimized for low power consumption and thermal output drives down data center power and cooling costs
- High-density, small form factor chassis providing over 1700 ports in a standard equipment rack that reduces footprint costs and scales from hundreds of Gigabits to multi-Terabit performance
- Unrivalled capabilities to protect business traffic from malicious attacks and maintain information confidentiality, integrity, and availability
- Built-in not bolted-on security reduces cost of ownership and network administration complexity
- Multi-method network access control and role-based security that extends to existing edge switches and wireless access points allowing authentication of thousands of users or devices simultaneously on a single port
Support and Service
- Industry-leading customer satisfaction and first call resolution rates
- Personalized services, including site surveys, network design, installation, and training
Standards and Protocols:
Network Security and Policy Management
Extreme Networks Network Management Suite (NMS)
Management, Control and Analysis
IETF and IEEE MIB Support
|IP Routing Features
|System Switching Capacity||160 Gbps||120 Gbps||640 Gbps||960 Gbps||1.28 Tbps|
|System Switching Throughput||120 Mpps||90 Mpps||480 Mpps||720Mpps||960 Mpps|
|Total Backplane Capacity||240 Gbps||480 Gbps||3 Tbps||4.5Tbps||6 Tbps|
|Maximum 10/100/1000BASE-TX Class 3 PoE ports per system||72||180||288||432||576|
|Maximum 1000BASE-X SFP (MGBIC) ports per system||72||180||288||432||576|
|Maximum 10GBASE-X SFP+ ports per system||16||12||64||96||128|
|Switching Fabric Bandwidth||1280 Gbps Load Sharing Fabric Pair|
|Switching Throughput||960 Mpps (Measured in 64-byte packets)|
|IPv4/IPv6 Routing Throughput||960 Mpps (Measured in 64-byte packets)|
|Address Table Size||65k MAC Addresses|
|Dimensions (H x W x D)||• S1-Chassis: 8.69cm x 44.88cm x 60.27cm (3.42" x 17.67" x 23.73"), 2U||• S3-Chassis: 31.11 cm x 44.70 cm x 47.32c m (12.25" x 17.60" x 18.63"), 7U
• S3-Chassis-POE4: 37.46 cm x 44.70 cm x 47.32 cm (14.75" x 17.60" x 18.63"), 9U
|• S4-Chassis: 40.00 cm x 44.70 cm x 47.32c m (15.75" x 17.60" x 18.63"), 9U
• S4-Chassis-POE4: 48.90 cm x 44.70 cm x 47.32 cm (19.25" x 17.60" x 18.63"), 11U
|• S6-Chassis: 88.7 cm x 44.70 cm x 47.35 cm (34.92" x 17.59" x 18.64"), 20U
• S6-Chassis-POE4: 97.5 cm x 44.70 cm x 47.35 cm (38.39" x 17.59" x 18.64"), 22U
|• S8-Chassis: 63.96 cm x 44.70 cm x 47.32c m (25.19" x 17.60" x 18.63"), 14.5U
• S8-Chassis-POE4: 72.87 cm x 44.70 cm x 47.32 cm (28.69" x 17.60" x 18.63"), 16.5U
• S8-Chassis-POE8: 77.31 cm x 44.70 cm x 47.32 cm (30.44" x 17.60" x 18.63"), 17.5U
|Operating Temperature||+5 °C to +40 °C (41 °F to 104 °F)|
|Storage Temperature||-30 °C to +73 °C (-22 °F to 164 °F)|
|Operating Humidity||5% to 95% relative humidity, non-condensing|
|Storage Humidity||5% to 95% relative humidity, non-condensing|
|Power Requirements||100 to 125 VAC or 200 to 250 VAC; 50 to 60 Hz|
|Operational Altitude||10K Feet|
|Agency and Standards Specifications|
|Safety||UL 60950-1, FDA 21 CFR 1040.10 and 1040.11, CAN/CSA C22.2 No. 60950-1, EN 60950-1, EN 60825-1, EN 60825-2, IEC 60950-1, 2006/95/EC (Low Voltage Directive)|
|Electromagnetic compatibility||FCC 47 CFR Part 15 (Class A), ICES- 003 (Class A), EN 55022 (Class A), EN 55024, EN 61000-3-2, EN 61000-3-3, AS/NZ CISPR-22 (Class A). VCCI V-3. CNS 13438 (BSMI), 2004/108/EC (EMC Directive)|
|Power over Ethernet (PoE) Specifications|
|Power over Ethernet (PoE)||
Hardware-Based High Availability Features
The S-Series includes many standard high availability features. These hardware-based high availability features allow the S-Series to be deployed in mission critical environments that require 24/7 availability.
The S-Series supports the following hardware-based high availability features:
- Passive chassis backplane in the S1, S3, S4, S6, and S8 chassis
- Meshed backplane architecture in the S3 chassis
- Hot swappable fan trays with multiple cooling fans
- Separate system and PoE power supplies
- Hot swappable power supplies
- Multiple AC input connections for power circuit redundancy
- Load sharing/redundant I/O fabrics in the S4, S6, and S8 chassis
- N+1 fabric redundancy in the S8 and S6 chassis
- Hot swappable I/O fabrics and I/O modules
- Multiple host CPU for N+X redundancy
- Virtual Switch Bonding (bonds two physical switches to create a single logical switch)
I/O Fabric and I/O Module Specifications:
The Extreme Networks S-Series chassis utilize both fabric-based point-to-point and fabric-less meshed forwarding architectures. The S1, S4, S6, and S8 chassis use a fabric-based forwarding architecture that provides multiple high bandwidth data paths between I/O modules, while the S3 chassis provides a high performance, fabric-less meshed forwarding architecture ideally suited for highly available network edge wiring closet deployments. All chassis are optimized for redundant high performance switching and routing as well as providing flexible connectivity and the ability to add features and scale performance as required and as new technologies become available.
I/O fabric modules provide scalable, high performance data paths as well as a full complement of front panel interfaces with flexible modular interface options. A single I/O fabric may be used in either an S1, S4, S6, or an S8 chassis, howeve,r the use of two I/O fabrics creates a load sharing fabric pai rthat provides up to 1280 Gbps switching capacity and adds high-avaialbility features. The S8 and S6 chassis augments the load sharing fabric pair by allowing the addition of a third I/O fabric module, increasing the system reliability and performance in the unlikely event of an I/O fabric failure. An S8 system with two I/O fabrics installed will gracefully reduce the fabric swtiching capacity by 50% in the event of an I/O fabric failure, however, when a third I/O fabric is installed the system will maintain a full 1280 Gbps of switching performance if an I/O fabric module were to fail. The load sharing fabric architecture ensures the highest availability and performance for the most demanding and mission-critical networks.
Extreme Networks S-Series I/O modules are high performance, fully-featured switch routers that deliver a fully distributed switching system as well as management and route processing capabilities, where each module is individually driven and managed by on-board processors. Extreme Networks flowbased ASICs, together with firmware microprocessors, create a traffic control solution that delivers high performance and flexibility. This distributed ASICbased architecture increases processing power as modules are added for a higher level of scalability and flexibility.
I/O fabrics and I/O modules are available with a wide array ofi nterface types and port densities (10/100/1000BASE-TX, 1000BASE-X SFP, and 10GBASE-X SFP+) to address varied network requirements. All triple speed copper I/O modules are PoE-enabled. A number of I/O modules also include either one or two option-module slots; an option-module slot provides additional media and port speed connectivity via triple speed copper, Gigabit SFP and 10 Gigabit SFP+ Ethernet option modules. This further simplifies network design and reduces the cost of network deployments. Al lS-Series I/O Fabrics and I/O Modules include very deep packet buffers per port to avoid dropped packets in the event of network congestion.
All S-Series 10 Gigabit Ethernet SFP+ ports are dual speed and will also accept standard Gigabit SFP transceivers. This capability enables a smooth migration path from Gigabit Ethernet for connecting devices to 10 Gigabit Ethernet in the future. Customers can use Gigabit Ethernet optical uplinks today and migrate to 10 Gigabit at their own pace. In addition, all Gigabit SFP ports will accept Fast Ethernet 100BASE-FX SFPs to enable connection of legacy devices.
S130 Class I/O Modules
S130 class I/O modules are optimized for use in wiring closetsf or user connectivity, in the distribution layer to aggregate edge switches, and in small and medium network cores. These modules provide high density with media flexibility and support for IEEE 802.3af PoE and IEEE 802.3at high power PoE standards. S130 class I/O modules deliver scalable triple speed performance and flexibility to ensure compatibility with today's high performance workstations, as well as legacy devices, while providing the highest levels of QoS, security, and bandwidth control via flow-based switching.
S130 class I/O modules include a unique feature that enables full line rate forwarding for bandwidth hungry workstations or when downstream switches are connected. Flex-Edge technology provides line rate forwarding through the switch even when the systems uplinks are in an oversubscribed state; this ensures that critical and time sensitive data pass through the switch to its destination at line rate, unlike inefficient methods used by other solutions on the market.
S130 class I/O modules support up to 512 users or eight authenitcated users per port in contrast to S150 class modules which support up to1 ,024 users/ devices per module with no restriction to the number of users per port. In cases where an S130 class I/O module needs to support more than 8 auhtenticated users per port, a software upgrade license may be purchased and applied to the module that removes this restriction. The S-EOS-PPC license is required for each S130 class I/O module that needs the 8 users per portr estriction removed. Only one S-EOS-PPC license is required for the S130 calss SSA switch. All S-Series triple speed I/O modules support PoE as standard, no additional daughter cards or software is required.
S150 Class I/O Modules
A selection of S-Series I/O modules are designed for use in the most demanding areas of the network where sustained high volumes of traffic are most common. Gigabit and 10 Gigabit Ethernet modules that incorporate advanced traffic management mechanisms and large packet buffers ensure optimal network performance and predictable reliability. S150 class I/O modules are optimized for the highly demanding performance and throughput requirements of enterprise network cores and data centers with high density line rate Gigabit and 10 Gigabit connectivity as well as industry-leading port type flexibility. S150 class I/O modules support the full range of Extreme Networks features and can be upgraded with advanced routing features as needed.
|S130 Class I/O Modules||S150 Class I/O Modules|
|Network Applications||Wiring Closet, Distribution Layer, Small Network Core||Distribution Layer, Server Aggregation, Data Center Core, Enterprise/ Campus Core|
|Port Speed||10/100/1000 Mbps||1000 Mbps||10/100/1000 Mbps||1000 Mbps||10 Gbps|
|PoE Support||802.3af, 802.3at||-||802.3af, 802.3at||-||-|
|Option Module Slots||1, (Type1)||1, (Type1)||2, (Type2)||2, (Type2)||-|
|Module Throughput||30 Mpps||30 Mpps||120 Mpps||120 Mpps||120 Mpps|
|I/O Switching Capacity||40 Gbps||40 Gbps||160 Gbps||160 Gbps||160 Gbps|
|S130 I/O Fabric Modules||S150/155 I/O Fabric Modules|
|Network Applications||Wiring Closet, Distribution Layer, Small Network Core||Distribution Layer, Server Aggregation, Data Center Core, Enterprise/Campus Core|
|Used in||S1/S4/S6/S8 Chassis||S1/S4/S6/S8
|Port Speed||10/100/1000 Mbps||10/100/1000 Mbps||1000 Mbps||10 Gbps|
|PoE Support||802.3af, 802.3at||802.3af, 802.3at||-||-|
|Option Module Slots||1, (Type2)||2, (Type 2)||2, (Type 2)||2, (Type 2)|
|Module Throughput||45 Mpps||120 Mpps||120 Mpps||120 Mpps|
|I/O Switching Capacity||60 Gbps||160 Gbps||160 Gbps||160 Gbps|
|Fabric Throughput||480 Mpps||480 Mpps||480 Mpps||480 Mpps|
Optimized, High-Availability and Self Healing Services
Aside from the standard high-availability features of typical wiring closet and data center switches, the Extreme Networks S-Series includes many advanced self healing features such as dynamic service fail-over, automatic module self-configuration, and multi-image support.
Dynamic service fail-over enables each I/O module service (e.g., management, switching/VLANs, routing, etc.) to be automaticaly switched to another I/O module in an event of module or process failure. This "self healing" capability happens in milliseconds because each service is replicated in real-time on every I/O fabric and I/O module.
Automatic module self-configuration is another innovative feature that allows I/O modules to receive their configuration from other I/O modules automatically. This is ideal for replacing failed modules without manually reconfiguring the replacement module.
The Extreme Networks S-Series allows users to download and store multiple firmware image files; this feature is useful for reverting back to a previous version in the event that a firmware upgrade fails. This multi-image support provides significant operational efficiencies especially with regard to the application of firmware patches.
Distributed, Flow-Based Architecture
In order to ensure granular visibility and manage of traffic wihtout sacrificing performance, the Extreme Networks S-Series deploys a distributed, flow-based architecture. This architecture ensures that when a specific communications flow is being established between two end points, the first packets in that communication are processed through the multilayer classification engines in hte switch I/O modules and I/O fabric modules . In this process, the role is identified, the applicable policies are determined, the packets are inspected, and the action is determined. After the flow is identified, all usbsequent packets associated with that flow are automatically handled in the Extreme Networks ASICs without any further processing. In this way the Extreme Networks S-Series is able to apply a very granular level of control to each flow at full line rate.
Multi-User/Method Authentication and Policy
Authentication allows enterprise organizations to manage network access and provide mobility to users and devices. It provides a way to know who or what is connected to the network and where this connection is at any time. The Extreme Networks S- Series has unique, industry leading capabilities regarding types of simultaneous authentication methods. S-Series modules can support multiple concurrent authentication techniques, including:
- 802.1X authentication
- MAC authentication, which is a way to authenticate devices on the network using the MAC address
- Web-based authentication, also known as Port Web Authentication (PWA), where a user name and password are supplied through a browser
- CEP, also known as Convergence End Point, where multiple vendors VoIP phones are identified and authenticated; this capability provides great flexibility to enterprises looking to implement access control mechanisms across their infrastructure
A significant additional feature of the S-Series is the capability to support multi-user authentication. This allows multiple users and devices to be connected to the same physical port and each user or device to be authenticated individually using one of the multi-method options (802.1x, MAC, PWA, or CEP). The major benefit of multi-user authentication is to authorize multiple users, either using dynamic policy or VLAN assignment for each authenticated user. In the case of dynamic policy, this is called Multi-User Policy. Multi-user port capacities with the S-Series are determined on a per port, per I/O module, and per multi-slot system basis. Default I/O module capacities are detailed below.
Muti-user authentication and policy can provide significant benefits to customers by extending security services to users connected to unmanaged devices, third party switches/routers, VPN concentrators, or wireless LAN access points at the edge of their network. Using authentication provides security, priority, and bandwidth control are enhanced while protecting existing network investments. The S-Series supports up to 9000 concurrently authenticated users in a single system.
Dynamic, Flow-Based Packet Classification
Another unique feature that separates the Extreme Networks S-Series from all competitive switches is the capability to provide User- Based Multi-layer Packet Classification/QoS. With the wide array of network applications used on networks today, traditional Multi-layer Packet Classification by itself is not enough to guarantee the timely transport of businesscritical applications. In the S-Series, User-Based Multi-layer Packet Classification allows traffic classification not just by packet type, but also by the role of the user on the network and the assigned policy of that user. With User-Based Multi-layer Packet Classification, packets can be classified based on unique identifiers like "All Users", "User Groups", and "Individual User", thus ensuring a more granular approach to managing and maintaining network confidentiality, integrity, and availability.
Network Visibility From High Fidelity NetFlow
Network performance management and security capabilities via NetFlow are available on every Extreme Networks S-Series switch port without slowing down switching and routing performance or requiring the purchase of expensive daughter cards for every module. Extreme Networks NetFlow tracks every packet in every flow as opposed to competitor's statistical sampling techniques or restrictive appliance-based implementations. The value of unsampled, real-time NetFlow monitoring is the visibility into exactly what traffic is traversing the network and if something abnormal occurs it will be captured by NetFlow and appropriate action can be applied. Additionally, NetFlow can be used for capacity planning allowing the network manager to monitor the traffic flows and volumes of traffic in the network and understand where the network needs to be reconfigured or upgraded. This will save time and money, by enabling administrators to know when and where upgrades might be needed. The S-Series flow monitoring capabilities are industry leading, it can concurrently monitor in excess of 70,000 flows per second, a far greater capacity than any other vendors switch or router.
Sample Deployment Scenario:
From the Network Edge to the Core and Data Center
Today's enterprise networking customers demand highly-reliable, feature-rich networking devices to fulfill their requirements across all layers of the network, providing the scalability, return on investment (ROI), and security required of a 21st century business environment.
Extreme Networks S-Series switches provide industry-leading, high performance distributed switching for enterprise networks, providing customers with the scalability, performance, and application control to meet the growing needs of today's enterprises. S-Series solutions provide high-performance, featurerich, and highly scalable 10/100/1000, Gigabit, and 10 Gigabit Ethernet connectivity and the scalability to support future 40/100 Gigabit technologies. This allows them to scale from the network access/edge right to the heart of the network core where they are well positioned to meet emerging high bandwidth requirements for core routing implementations.
High performance distributed computing increases the demand for secure campus networks, at the same time business-critical systems and services are becoming increasingly dependent upon enterprise backbone infrastructures. Extreme Networks S-Series solutions have the capacity, scalability, and QoS functionality required to deal with these new demands. Architected to ensure no single point of failure with industry-leading high-availability, S-Series switches are the perfect solution for core routing and secure data center applications. With I/O Fabric and modules that are optimized for multi tier network deployments there is an S-Series solution ideally suited to any enterprise or campus network.
Extreme Networks S-Series modular switches use common power supplies, fan trays, and I/O modules that are interchangeable between chassis. This reduces capital investment in on-site spares.
Download the Extreme Networks S-Series Datasheet (PDF).