Scalable advanced 10Gb aggregation switch
The X670-G2 product family provides high density 10 Gigabit Ethernet and 40 Gigabit Ethernet switching in a small 1RU form factor. With its versatile design, the X670-G2 provides high density Layer 2/3 10Gb networking with low latency cut-through switching, and IPv4 and IPv6 unicast and multicast routing. This enables the X670-G2 to be flexibly deployed in enterprise aggregation or core backbone environments. The X670-G2 can additionally serve as the controlling aggregation switch within Extreme's Extended Edge Switching solution.
The X670-G2 comes in two models:
The X670-G2-48x-4q supports four QSFP+ ports of 40 GbE. Each 40 Gigabit Ethernet port can be independently configured as 40 Gigabit Ethernet or 4 x 10 Gigabit Ethernet.
The X670-G2-72x model supports 72 ports of native 1Gb/10Gb SFP+ ports in a single compact system without the requirement to use break-out cables to achieve high density 10Gb connections.
The X670-G2 offers Boundary Clock (BC), Transparent Clock (TC), and Ordinary Clock (OC) for synchronizing phase and frequency and allowing the network and the connected devices to be synchronized down to microseconds of accuracy over Ethernet connection.
*1588 PTP supported only in EXOS Release 30.6 and earlier
The X670-G2 series supports IEEE 802.1 Audio Video Bridging to enable reliable, real-time audio/video transmission over Ethernet. AVB technology delivers the quality of service required for today’s high-definition and time-sensitive multimedia streams.
The X670-G2 supports Extreme Extended Edge Switching, an innovative solution that simplifies the deployment and operation of edge switches. With this solution, the X670-G2 can be meshed with economical V300 or V400 Series access devices to form a single logical switch. Advanced X670-G2 services can then be seamlessly delivered to the V300 or V400 edge switches. The result is a simplified operational model that reduces costs.
The X670-G2 supports sophisticated and intelligent Layer 2 switching, as well as Layer 3 IPv4/IPv6 routing including policy-based switching/routing, Provider Bridges, bidirectional ingress and egress Access Control Lists, and bandwidth control by 8 Kbps granularity both for ingress and egress.
To provide scalable network architectures used mainly for Carrier Ethernet network deployment, the X670-G2 supports MPLS LSP-based Layer 3 forwarding and Hierarchical VPLS (H-VPLS) for transparent LAN services. With H-VPLS, transparent Layer 3 networks can be extended throughout the Layer 3 network cloud by using a VPLS tunnel between the regional transparent LAN services typically built by Provider Bridges (IEEE 802.1ad) technology.
EAPS allows the IP network to provide the level of resiliency and up time that users expect from their traditional voice network. EAPS is more adaptable than Spanning Tree or Rapid Spanning Tree protocols and can achieve sub-second recovery that delivers consistent failover regardless of the number of VLANs, network nodes, or network topology in Extreme Networks-recommended configurations.
EAPS functionality increases network recovery time, which results in significant reduction in Voice-over IP call drop rates and improvement in digital video performance in supported solution configurations.
TheX670-G2 supports Spanning Tree (802.1D), Per VLAN Spanning Tree (PVST+), Rapid Spanning Tree (802.1w) and Multiple Instances of Spanning Tree (802.1s) protocols for Layer 2 resiliency.
Software-enhanced availability allows users to remain connected to the network even if part of the network infrastructure is down. The X670-G2 continuously checks for problems in the unlink connections using advanced Layer 3 protocols such as OSPF, VRRP and Extreme Standby Router Protocol (ESRP, supported in Layer 2 or Layer 3), and dynamically routes traffic around the problem.
Equal Cost Multipath (ECMP) routing allows uplinks to be load balanced for performance and cost savings while also supporting redundant fail over. If an unlink fails, traffic is automatically routed to the remaining up links and connectivity is maintained.
Link aggregation allows trunking of up to 32 links on a single logical connection, for up to 320 Gbps of redundant bandwidth per logical connection.
MLAG can address bandwidth limitations and improve network resiliency, in part by routing network traffic around bottlenecks, reducing the risks of a single point of failure, and allowing load balancing across multiple switches.
X670-G2 series switches support a dual redundant AC/DC power supply to provide high availability. The power supply can be hot-swapped and replaced should it fail. The X670-G2 also supports standardized N+1 redundant hot-swappable fan units.
The X670-G2 supports 4 different methods of stacking: SummitStack-V, SummitStack-V80, SummitStack-V160, and SummitStack-V320.
ExtremeXOS supports the SummitStack-V capability using 2 of the native 10GbE ports on the faceplate as stacking ports, enabling the useof standard cabling and optics technologies used for 10GbE SFP+, SummitStack-V provides long-distance stacking connectivity of up to 40 km while reducing the cable complexity of implementing a stacking solution. SummitStack-V is compatible with X440, X440-G2, X450, X450-G2, X460, X460-G2, X480, X670, X670V, and X770 switches running the same version of ExtremeXOS. SummitStack-V enabled 10GbE ports must be physically direct-connected.
The X670-G2-48x-4q also supports high-speed 80Gbps, 160Gbps, and 320Gbps stacking using QSFP+ ports, which is ideal for demanding applications where a high volume of traffic traverses through the stacking links, yet bandwidth is not compromised through stacking. SummitStack-V80, -V160, and -V320 can support passive copper cables (up to 1m), active multi-mode fiber cable (up to 100m), and QSFP+ optical transceivers for 40GbE up to 10 km. With SummitStack, the X670-G2-48x-4q provides a flexible stacking solution inside the data center or central office to create a virtualized switching infrastructure across rows of racks.
The X670-G2 can achieve latency less than 600 nanoseconds and supports cut-through switching for latency-sensitive cluster computing.
The modular design of the ExtremeXOS OS allows the adding or upgrading of individual software modules dynamically without requiring a system reboot, leading to higher availability in the network.
The X670-G2 series switches allow each of many applications— such as Open Shortest Path First (OSPF) and Spanning Tree Protocol (STP)—to run as separate OS processes that are protected from each other. This drives increased system integrity and inherently protects against cross-platform DoS attacks.
ExtremeXOS increases network availability using process monitoring and restart. Each independent OS process is monitored in real time. If a process becomes unresponsive or stops running, it can be automatically restarted.
On the X670-G2 series switches MPLS can be enabled, if needed,by way of an optional feature pack. MPLS provides the ability to implement traffic engineering and multi-service networks, and improve network resiliency. The MPLS protocol suite provides the ability to deploy services based on L2VPNS (VPLS/VPWS), BGP-based L3VPNS; LSP Establishment based on LDP, RSVP-TE, Static provisioning; Integrated OAM tools like VCCV, BFD and CFM; And MPLS Fast Reroute to support rapid local convergence around network failures.
The X670-G2 series switches supports a rich suite of protocols to help with Operations, Administration and Maintenance. Connectivity Fault Management (CFM) allows detection, verification, and isolation of connectivity failures in virtual bridged LAN. Y.1731 is largely similar to CFM but also supports performance management by way of frame delay and frame delay variation measurements. Bidirectional Forwarding Detection (BFD) is a hello protocol that provides the rapid detection of failures in the forwarding path and helps the separation of control plane connectivity from forwarding plane connectivity. By having multiple control plane protocols like OSPF or MPLS rely on BFD to detect forwarding plane connectivity failures, network operators can benefit from simpler network profiling and planning, and consistent and predictable re-convergence times.
MAC security allows the lockdown of a port to a given MAC address and limiting the number of MAC addresses on a port. This capability can be used to dedicate ports to specific hosts or devices such as VoIP phones or printers and avoid abuse of the port—a capability that can be especially useful in environments such as hotels. In addition, an aging timer can be configured for the MAC lockdown, protecting the network from the effects of attacks using (often rapidly) changing MAC addresses.
The ExtremeXOS IP security framework helps protect the network infrastructure, network services such as DHCP and DNS, and host computers from spoofing and attacker-in-the-middle attacks. It also protects the network from statically configured and/or spoofed IP addresses and builds an external trusted database of MAC/IP/port bindings providing the traffic’s source from a specific address for immediate defense.
Identity Manager allows network managers to track users who access their network. User identity is captured based on NetLogin authentication, LLDP discovery and Kerberos snooping. ExtremeXOS uses the information to then report on the MAC, VLAN, computer hostname, and port location of the user. Further, Identity Manager can create both roles and policies, and then bind them together to create role-based profiles based on organizational structure or other logical groupings, and apply them across multiple users to allow appropriate access to network resources. In addition, support for Wide Key ACLs further improves security by going beyond the typical source/destination and MAC address as identification criteria access mechanism to provide filtering capabilities.
A list of supported protocols and standards is available on the Extreme Networks website
CLEAR-Flow Security Rules Engine provides first-order threat detection and mitigation, and mirrors traffic to security appliances for further analysis of suspicious traffic in the network.
The X670-G2 series supports hardware-based sFlow® sampling that provides the ability to sample application- level traffic flows on all interfaces simultaneously.
To allow threat detection and prevention, the X670-G2 supports many-to-one and one-to-many port mirroring. This allows the mirroring of traffic to an external network appliance such as an intrusion detection device for trend analysis or for utilization by a network administrator for diagnostic purposes. Port mirroring can also be enabled across switches in a stack.
ACLs are one of the most powerful components used in controlling network resource utilization as well as in protecting the network. The X670-G2 series supports up to 4,096 ingress ACLs and 1,024 egress ACLs per system based on Layer 2-, 3- or 4-header information such as the MAC or IP source/destination address. ACLs are used for filtering the traffic, as well as classifying the traffic flow to control bandwidth, priority, mirroring, and policy-based routing/switching.
The X670-G2 series effectively handles Denial of Service (DoS) attacks. If the switch detects an unusually large number of packets in the CPU input queue, it assembles ACLs that automatically stop these packets from reaching the CPU. After a period of time these ACLs are removed, and reinstalled if the attack continues. ASIC-based LPM routing eliminates the need for control plane software to learn new flows, allowing more network resilience against DoS attacks.
As the network becomes a foundation of the enterprise application, network management becomes an important piece of the solution. The X670-G2 supports comprehensive network management through Command Line Interface (CLI), SNMP v1, v2c, v3, and ExtremeXOS ScreenPlay embedded XML-based Web user interface. With a variety of management options and consistency across other Extreme Networks modular and stackable switches, X670-G2 series switches provide ease of management for demanding converged applications.