Specifications
3
WWW.EXTREMENETWORKS.COM
Denial of Service Protection
ExtremeXOS switches provides eective Denial of
Service (DOS) attack protection. If the switch detects
an unusually large number of packets in the CPU input
queue, it assembles ACLs that automatically stop these
packets reaching CPU. After a period of time these ACLs
are removed, and reinstalled if the attach continues. ASIC-
based LPM routing eliminates the need for control plane
software to learn new flows, allowing more network
resiliency against DOS attacks.
Extensibility
Dynamic Module Loading
ExtremeXOS provides an infrastructure to dynamically load,
start and gracefully stop new applications. ExtremeXOS
embraces POSIX-compliant interfaces that ease the
integration of new applications. ExtremeXOS uses this
infrastructure to dynamically load Extreme Networks
developed functionality such as SSH/SCP/SSL that is
export-controlled, avoiding the requirement for new
operating system image installs to gain this functionality.
The same infrastructure is also used to integrate third-party
developed applications. An example is a VoIP application
layer monitoring agent developed to simulate and closely
monitor VoIP connection behavior in a network.
Scripting
ExtremeXOS provides a CLI scripting infrastructure through
Python or Tcl languages. Scripting can be used to add
incremental configuration to the network infrastructure,
such as a list of VLANs to be configured. This capability
eases the roll-out of networks, reduces repetitive tasks and
configuration errors. Scripting capabilities, such as system-
and user-defined environment variables, such as if/then
and loops, allow automating regular management tasks
in scripts and deploying configurations such as QoS, rate
limiting and ACLs, for example, to multiple ports. Scripts
can access CLI output, and a rich set of Python or Tcl
functions that provide a utility library of string manipulation,
search or mathematical functions. By leveraging scripting
for switch configuration, rolling out a new switch can be
reduced to minutes and just a few commands for switch-
specific settings. Scripting is also used in the ExtremeXOS
Universal Port framework to define trigger event actions.
XML Application Programming
Interfaces
Extreme Networks uses XML APIs – concepts originally
developed in the emerging field of Web services.
ExtremeXOS can provide a secure, simple mechanism to
access processes and information within the switch. For
example, a security appliance can utilize ExtremeXOS to
limit access, control bandwidth or redirect trac from a
client that is attempting to connect to the network. XML
also provides a scalable and reliable transport for device
configuration and statistics, for example OSS and service
provisioning systems in Carrier Ethernet deployments.
This XML infrastructure embraces the concept of open
yet secure communications to allow business applications
to easily interact with the network for security policy
enforcement, regulatory compliance and performance
management, and higher security. The XML infrastructure
is also used by ExtremeXOS ScreenPlay™ Web-based
management interface.
Ease of Management
Link Layer Discovery Protocol
(LLDP, IEEE 802.1AB)
ExtremeXOS support of IEEE 802.1ab standards-based
discovery protocol provides vendor-independent device
discovery as well as integration with VoIP infrastructure and
phones, including E911 ECS location, inventory information,
PoE budgeting and configuration of information such as
VLANs and QoS tagging.
LLDP not only simplifies deployment and locating of access
devices, but it can also be used as a troubleshooting and
firmware management tool. LLDP is tightly integrated
with the IEEE 802.1x authentication at edge ports. As
endpoint devices are first authenticated, the LLDP-provided
information is trustable and can be used for automated
configuration, helping protect the network from attacks
against automated configuration mechanisms.
Network Trac Monitoring
sFLOW and IPFIX
ExtremeXOS sFlow and IPFIX standards-based data
monitoring support provides Layer 2-7 visibility into the
network, including statistics on which applications are
running over your network, biggest talkers, etc.
sFlow is a sampling technology that meets the key
requirements for a network trac monitoring solution:
sFlow provides a network-wide view of usage and active