Catalyst 6500 ASA Service Module
•Download as PPTX, PDF•
0 likes•4,131 views
This document discusses the Cisco Catalyst 6500 ASA Services Module, a new security blade for the Cisco Catalyst 6500 switch. It offers the best performance per blade in the industry and the fastest single chassis performance. Known as the ASASM, it provides firewall, IPS and VPN capabilities with throughput of up to 16Gbps and over 300,000 connections per second. It simplifies installation of security capabilities into the data center network and offers better price and performance than competing solutions.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Catalyst 6500 ASA Service Module
Similar to Catalyst 6500 ASA Service Module (20)
More from Ixia
More from Ixia (20)
Recently uploaded
Recently uploaded (20)
Catalyst 6500 ASA Service Module
- 1. Catalyst 6500 ASA Service Module
- 2. Increasing Demands 4G 4G 3G 3G Home Office Coffee Shop Airport Mobile User Corporate Office
- 3. CONNECTIONS PER SECOND 8 9 7 5 9 # OF CONCURRENT CONNECTIONS Power & Space THROUGHPUT
- 4. MultiScaleTM Cisco ASA 5585-X Firewall IPS Remote access
- 5. Cisco ASA 5500 Series Portfolio Comprehensive Solutions from SOHO to the Data Center Firewall and VPN Appliance ASA 5585 SSP-60(20 Gbps, 350K cps) ASA 5585 SSP-40(10 Gbps, 200K cps) Multi-Service (Firewall/VPN and IPS) ASA 5585 SSP-20(5 Gbps, 125K cps) ASA 5585 SSP-10(2 Gbps, 50K cps) ASA 5540 (650 Mbps,25K cps) Performance and Scalability ASA 5520 (450 Mbps,12K cps) ASA 5510 (300 Mbps,9K cps) ASA 5505 (150 Mbps, 4K cps) FWSM(3 Gbps, 50K cps) Data Center Campus Branch Office SOHO Internet Edge
- 6. Part of a Full Portfolio Solution Software focused and hardware agnostic Single code base for all deployments No compromising features for form factor All managed in the same way with the same tools ASDM CLI CSM
- 8. Places security directly into the datacenter backbone
- 9. Simplified installation and greater flexibility
- 10. High performance and capacityMultiScaleTM
- 11. Cisco ASA 5500 Series Portfolio Comprehensive Solutions from SOHO to the Data Center Firewall and VPN Appliance ASA 5585 SSP-60(20 Gbps, 350K cps) NEW ASA 5585 SSP-40(10 Gbps, 200K cps) Multi-Service (Firewall/VPN and IPS) ASA 5585 SSP-20(5 Gbps, 125K cps) ASA 5585 SSP-10(2 Gbps, 50K cps) ASA 5540 (650 Mbps,25K cps) Performance and Scalability ASA 5520 (450 Mbps,12K cps) ASA 5510 (300 Mbps,9K cps) ASA 5505 (150 Mbps, 4K cps) ASASM(16 Gbps, 300K cps) FWSM(3 Gbps, 100K cps) Data Center Campus Branch Office SOHO Internet Edge
- 12. Targeted Deployment Available World-wide and Shipping Now 20Gbps firewall 10Gbpsfirewall 5Gbpsfirewall 2Gbpsfirewall 16Gbps firewall Data Center Campus
- 15. Double the nearest competitors performance Session count over four times the nearest competitor Best Per Blade Performance
- 17. 2 4x10G I/OC
- 18. 1 SUP 720-10G
- 19. 5,000 watts
- 21. 4 IO Cards
- 22. 5,000 watts
- 23. 16 U~40% more performance/capacity at less than half the price
- 24. In Summary ASA security blade for the Catalyst 6500 Switch Best performance per blade in the industry Fastest single chassis performance in the industry Works with the majority of Catalyst 6500s Leverages the same software, management and feature roadmap as the other ASA products Lower Capex and Opex than competing solutions Simplifies installation and increases flexibility
Editor's Notes
- We are constantly evolving our products and portfolio to match the changing needs of our customers. To best do this we need to keep a close eye on changes in the market and customers environments over time and ensure our products keep up with those changes.Several trends became clear that needed to be addressed. First we noticed a change in the performance characteristics in customers environments. While performance requirements continued to increase the mix started to change more and more over time.This has largely been due to the evolution of the devices that are connecting to the network. In the past it was mostly PCs connecting to the network. Now we are seeing that the devices that are connecting to the network are increasingly smaller such as phones and tablets. These devices tend to use a lot of connections but less throughput than a traditional PC requires. Some employees may have several of these devices at once further increasing the problem. This change is shifting the performance demands from raw throughput to a more mixed solution that increasingly requires higher numbers of sessions and connections per second to keep up. Delivering the needed capacities to support this change but without increasing space and power demands are another two keys areas that we see as critical for customers. With an increasing requirement for networks and data centers to become green and reduce the overall power usage becoming a large concern. This has other key advantages as well as any reduction in power draw also reduces costs by reducing the power load needed to run the network. A reduction in power also translates in a reduction in cooling costs which also are a substantial part of the operating cost of a network.We also see that actual space in the rack has and continues to be an issue with customer. Rack space is precious and can often be costly if managed by another company or simply isn't available so any reduction in rack space cal also leads to increased operating cost savings.Market trendsPerformance characteristics changedMore phones, iPads and multi device usersMore connections with fewer throughput per connectionSpace and Power keyGreen NetworksCosts savings are large
- To solve these and other challenges we have developed the ASA 5585-X platform. It runs the same ASA software as the rest of the other ASA 5500 products and uses the same management as well. Because of this we are able to immediately take advantage of all the award wining capabilities of the ASA software on a next generation hardware platform. This includes everything you’d expect from an ASA from a full suite of remote access solutions, a fully capable firewall and a no compromise IPS solution in the same platform.Runs existing ASA software (FW, IPS, VPN)Next generation HW
- The 5585 was designed from the beginning for flexibility and simple scalability. Since it is a passive chassis we have the ability to offer a variety of firewall and IPS modules at various perofrmance and capacity levels to match your needs. You can start out with a slower module and as your needs increase you can easily replace it without having to remove the chassis or worry about changes to your configuration or policy. Simply swap out the existing module for a faster one and reload your existing config and policy and you are ready to go.Now lets take a look at the performance numbers for these four modules. Since performance is very dpendant on the enviroment the product runs in and the policy defined in it we typically list perofrmance in one of three ways. Best case (though not realistic), IMIX which is a router standard that is a more accurate interperation of performance based on different packet types and sizes and EMIX wich is a uniqe mix based on an even more realistic test of mixed multi protocol application access. We have teamed up with breaking point to ensure we have the most accurate performance numbers we can get.The numbers listed here are for EMIX. We also publish our IMIX and best case numbers in our data sheets as well. Those numbers are even higher with the highest end module being 40 Gbps for example. So when you do a data sheet comparison be sure you look at the apples to apples numbers. Some vendors don’t publish anything expect their best case number because in a realistic environment they can see a drop of 60-70% from their best case numbers.Designed to scale.Perf measured in three ways, Best, IMIX, EMIX
- The 5585 was designed from the beginning for flexibility and simple scalability. Since it is a passive chassis we have the ability to offer a variety of firewall and IPS modules at various perofrmance and capacity levels to match your needs. You can start out with a slower module and as your needs increase you can easily replace it without having to remove the chassis or worry about changes to your configuration or policy. Simply swap out the existing module for a faster one and reload your existing config and policy and you are ready to go.Now lets take a look at the performance numbers for these four modules. Since performance is very dpendant on the enviroment the product runs in and the policy defined in it we typically list perofrmance in one of three ways. Best case (though not realistic), IMIX which is a router standard that is a more accurate interperation of performance based on different packet types and sizes and EMIX wich is a uniqe mix based on an even more realistic test of mixed multi protocol application access. We have teamed up with breaking point to ensure we have the most accurate performance numbers we can get.The numbers listed here are for EMIX. We also publish our IMIX and best case numbers in our data sheets as well. Those numbers are even higher with the highest end module being 40 Gbps for example. So when you do a data sheet comparison be sure you look at the apples to apples numbers. Some vendors don’t publish anything expect their best case number because in a realistic environment they can see a drop of 60-70% from their best case numbers.Designed to scale.Perf measured in three ways, Best, IMIX, EMIX
- The Catalyst 6500 is still a very popular switch and selling very well as both a distribution switch as well as in a new roll as service switch. Development is planned well into the future with a rich and long roadmap. An example of this is the brand new Supervisor that was just announced to greatly improve performance and capacities of the switch. Add to that the new ASASM and several other important pieces coming soon such as higher speed interface cards and you can see that Cisco is fully committed to the Catalyst 6500 for a long time to come.The performance and features have greatly improved with the ASASM as you mentioned. The backplane connectivity has also improved significantly. With the FWSM you had six 1Gb links to the backplane. Now with the ASASM you have two 10Gb links instead. So the backplane went from 6 Gb total to 20Gbs total. More importantly the link per flow has increased from 1Gb to 10Gb.The ASASM is more expensive than the FWSM at $115k before discount but it also much more capable and much faster. If you compare the ASASM to the FWSM it is about 5x times the throughput overall. If you look at other measurements such as maximum number of connections the ASASM is closer to 10x more capable than the FWSM.The ASASM is really more a new form factor of the 5585- X SSP- 60 than an FWSM 2 though since they share the same architecture and software. So price comparisons to competitive products are the best way to look at what you are getting for the money.To put the performance into perspective the ASASM is more than twice as fast per blade than the fastest network security competitor at 16Gbps based on a real world, multi- protocol test. If you put four of these in a single switch you get to 64Gbps multi- protocol throughput. No other product in the market can even come close to that in a single chassis.Beyond performance it also has much higher capacity as well. At 10million sessions it is 2 to 4 times the competition at a better price point. To get to the same capacities from a competitor you need to spend more than 5 times as much. Even then the security and switching are not integrated and you end up taking up a lot more rack space and using a lot more power.Because of this significant increase in performance and capacities your CAPEX savings with an ASASM is up to 80% depending on what metric is important to your network. If it’s throughput only, the CAPEX saving is closer to 50%. If maximum connections and connectons per second is what matters to you then the CAPEX is closer to 80%. Even more importantly your OPEX saving can be up to 90% just from the decrease in power usage needed from a single ASASM versus a large chassis to get equivalent performance. If you are an existing FWSM customer and you apply the 15% discount the value becomes even greater.