Specifications
4
WWW.EXTREMENETWORKS.COM
routes. It is a scalable technique for measuring network
trac, and collecting, storing, and analyzing trac data.
This enables thousands of interfaces to be monitored from a
single location.
sFlow is scalable, thereby enabling it to monitor links of
speeds up to 10 Gigabits per Second (Gbps) and beyond
without impacting the performance even of core Internet
routers and switches, and without adding significant
network load. IPFIX (Internet Protocol Flow Information
eXport), or RFC 3917, can be used as an alternative to sFlow.
IPFIX oers templates for the data to be transferred, or
network managers can define data types to adapt to their
specific needs.
Application Telemetry
Application Telemetry is a unique feature ofv
ExtremeAnalytics that enables ExtremeSwitching
systems to provide granular visibility into application
performance, users, locations and devices. This all
without the need for expensive dedicated sensors or
collectors. Application Telemetry combines packet flow
(e.g., sFlow) information from the ExtremeSwitching
system, along with deep packet inspection abilities of
ExtremeAnalytics, to deliver actionable insights into
network and application performance.
Universal Port
ExtremeXOS Universal Port infrastructure is a powerful
framework of event-driven activation of CLI scripts. While
Universal Port can leverage any system event log message
as an event trigger, the most popular use cases are time/
user/location-based dynamic security policies as well as
VoIP auto-configuration. For these applications, Universal
Port uses standards authentication (Network Login/802.1x)
and discovery protocols (LLDP + LLDPMED) as trigger
events. Configurable CLI scripts can be tied to events
on a per-port basis. As such, dynamic security policies,
including fine-grained access control via ACLs, can follow
a user independently of where he logs into the network.
VoIP phones and the connecting switch edge port can be
auto-configured for the voice VLAN and QoS. The switch
can receive the exact power budget requirements from the
phone and provision it accordingly. The phone can receive
the E911 ECS location from the switch as well as the call
server address in order to receive additional configuration.
Deploying VoIP endpoints is as easy as opening the
package, programming the extension, and plugging into the
network. The following diagram explains the mechanism.
Note that steps 1 and 2 are only done once using scripting,
and then rolled out to all voice-capable ports. Steps 3 to 5
are the resulting automatic runtime events.
Integrated Security
Network Login
Extreme Networks open, standards-based approach allows
network access control on all edge ports of a network
through the use of authentication. Authentication allows
organizations to provide secure network access and provide
mobility to users and devices. ExtremeXOS Network Login
provides support for simultaneous authentication methods
and can support multiple concurrent authentication
techniques, including: IEEE 802.1X, MAC-based and Web-
based methods.
Additionally Network Login provides support for multi-user
authentication. This allows multiple users and devices to
be connected to the same physical port and each user or
device to be authenticated individually using one of the
authentication technique (802.1X, MAC, Web). The major
benefit of multiuser authentication is to authorize multiple
users, either using dynamic policy or VLAN assignment for
each authenticated user.
Figure 2: VoIP Auto Configuration with ExtremeXOS Universal Port
Figure 3: Network Login