Cisco Systems Inc. is adding a deep-packet-inspection ASIC to its 65xx Catalyst switching line, challenging com- petitive single-function appliances for local-area networks.
The Programmable Intelligent Services Accelerator (Pisa) is a hardware element within the Supervisor Engine 32, a card introduced in 2005 for the Catalyst 6500.
Cisco no longer refers to the Catalyst line as a Layer 3 switch family, since many enterprises deploy the systems as de facto routers, said John Yen, senior manager for Cisco's enterprise switching group. Since the advent of the Supervisor 720 card in 2003, the Catalyst 6500 has handled multiprotocol label switching and hardwired packet forwarding.
The addition of Pisa allows packets to be filtered based on application type, such as customer relationship management or Internet Protocol video, and makes it possible to block or prioritize traffic types based on high-layer business objectives. Deep packet inspection can be scaled to 8 kbytes per packet header. Quality-of-service prioritization management is centralized in the Cisco QoS Policy Manager 4.0 tool.
Pisa also supports security filtering, using pattern-matching engines operating on Layers 2 through 7. The security application acts on zero-day threats, worms and viruses, using Cisco Security Manager 3.1 as a central manager. Yen said the software is not a substitute for pattern-matching tools from companies such as Kaspersky Labs, but instead acts in concert with such tools.
Cisco can extend the list of protocols supported as applications emerge by loading a special module into the Network-Based Application Recognition (NBAR) suite. The Packet Description Language module is loaded at run-time to expand the application list in NBAR, without requiring a new Internetworking Operating System image or a router reload. A subport classification capability lets NBAR drill down beneath the port numbers of a TCP/IP port to classify by HTTP or URL.
Cisco configures the Pisa board with either eight 1-Gbit Ethernet ports or dual 10-Gbit Ethernet ports. The Supervisor 32 is priced at $28,000 in either version.
A Catalyst configured with Pisa can manage full application-based routing for remote routers such as the Cisco ISR series. The Pisa marks the traffic for prioritization, and the line card for the WAN manages the traffic going out to the public network. The system works in concert with Cisco's Wide Area Application Services to set route priorities based on all seven layers of network traffic.
As a potential companion on the client side to the 6500, Cisco has introduced a 1RU router, the 7201, intended for services aggregation for such applications as broadband services to the home in a residential gateway or small-business voice-over-Internet Protocol in a VoIP gateway configuration.