Performance And Scalability
Today's business and networking applications continue to consume more bandwidth. A future-ready network needs to scale to support the growing and evolving demands of these environments.
Enterprises will benefit from the systems' wire-speed switching architecture and its ability to support four RJ-45 or SFP Gigabit Ethernet Combo ports. The FastIron WS switches support a range of Gigabit Ethernet optics including SX, SX2, LX, LHA, LGB, 1000Base-BX, and CWDM.
FastIron WS Series is a powerful solution for the delivery of high-performance, delay-sensitive applications. The product features advanced QoS capabilities including low-latency switching, eight priority queues, ingress and egress rate limiting, weighted round robin (WRR), strict priority (SP), and a mix of SP and WRR scheduling methods.Ease Of Use: Plug And Play
The FastIron WS Series supports the IEEE 802.1AB LLDP and ANSI TIA 1057 LLDP-MED standards, enabling organizations to build open convergence, advanced multi-vendor networks. LLDP greatly simplifies and enhances network management, asset management, and network troubleshooting. For example, it enables discovery of accurate physical network topologies, including those with multiple VLANs where all subnets may not be known. LLDP-MED addresses the unique needs that voice and video demand in a converged network by advertising media and IP telephony specific messages that can be exchanged between the network and the endpoint devices. LLDP-MED provides exceptional interoperability, IP telephony troubleshooting, and automatic deployment of policies, inventory management, and E911 location/emergency call service support. These sophisticated features make converged networks services easier to install, manage, and upgrade while significantly reducing operations costs.Simplified Deployment with Auto-Configuration
The FastIron WS Series supports DHCP client-based auto-configuration, simplifying customer deployment and configuration and providing true plug-and-play. Enterprises can automate the IP address and feature configuration of FastIron WS switches without the presence of a highly-trained, on-site network engineer. Technicians can simply power up a new FastIron WS and the unit will automatically get its IP address and configuration from DHCP and TFTP servers. Auto-configuration and built-in intelligence reduces OPEX while simplifying network management. When the switches power up, they automatically receive an IP address from DHCP and configuration information from an already configured Trivial File Transport Protocol (TFTP) server. At this time, the switches can also automatically receive a software update to be at the same code revision as already installed switches.Redundant Power Supply Option
All FastIron WS switches offer an external redundant powers supply option. The Brocade External Redundant Power Supply operates as a backup to the internal power supply for a device. If an internal power supply fails, the redundant power supply will power the device without affecting network operation.Advanced Multicast Features
FastIron WS switches support a rich set of Layer 2 multicast features that enable advanced multicast services delivery. Internet Group Management Protocol (IGMP) snooping for IGMP version 1, 2, and 3 is supported. Source-based multicast—a key requirement for IGMP v3 snooping—is a Layer 2 service feature. This provides improved bandwidth utilization and more secure multicast services delivery.
FastIron WS Series also supports Multicast Listener Discovery (MLD) versions 1 and 2 snooping, enabling source-based multicast applications in IPv6 environments.Advanced Layer 2 And Layer 3 Protocols For Building Resilient Networks
Software features including Virtual Switch Redundancy Protocol, Brocade Metro Ring Protocol, Rapid Spanning Tree Protocol, Multiple Spanning Tree Protocol and 802.3ad Link Aggregation provide alternate paths for traffic in the event of a link failure. Sub-second fault detection utilizing Link Fault Signaling, protected link groups, and Uni-directional Link Detection (UDLD) ensure rapid fault detection and recovery.
Enhanced Spanning Tree features such as Root Guard and BPDU Guard prevent rogue hijacking of Spanning Tree root and maintain a contention and loop free environment especially during dynamic network deployments. FastIron WS software and hardware features provide a robust and resilient infrastructure solution in a cost-effective and compact form.
Edge PREM Layer 3 functionality enhances the capability of the FastIron WS as an edge router platform. The powerful Layer 3 features enable dynamic routing via OSFPv1/v2, RIPv1/v2, IPv4 static routes, virtual interfaces (VE), routing between directly connected subnets, VRRP, DHCP Relay, routed interfaces, and host routes. With the FastIron WS, network managers can deploy end-to-end Layer 3 networks and propagate the same routing policies from edge to core, simplifying network design and operations.Comprehensive Enterprise-Class Edge Security
Brocade IronWare operating software powers FastIron WS switches. This OS offers a rich set of Layer 2 switching services and Layer 3 routing functionality, an advanced security suite for network access control (NAC) and denial of service protection, and QoS. IronWare embedded security features include protection against Man-in-Middle and Denial of Service (DOS) attacks via Dynamic ARP inspection, DHCP snooping, TCP SYN, and ICMP smurf attack prevention. FastIron WS supports key features such as Spanning Tree Root Guard and BPDU Guard to protect network spanning tree operation and broadcast and multicast packet rate limiting.Unified Convergence
IronWare advanced QoS controls include honoring, prioritizing, classifying, and marking Ethernet and IP traffic, enabling the switches to honor VoIP traffic using 802.1p priority and IP Type of Service and DiffServ Codepoints (TOS/DSCP).Lawful Intercept
Today's heightened security environment may require traffic intercept. The U.S. Communications Assistance for Law Enforcement Act (CALEA) compliance, for example, requires businesses be able to intercept and replicate data traffic directed to a particular user, subnet, port, etc. This compliance requirement is particularly essential with networks implementing IP phones. The FastIron WS provides the capability necessary to support this requirement through ACL-based Mirroring, MAC filter-based Mirroring, and VLAN-based Mirroring. Network managers can apply a “mirror ACL” on a port and mirror a traffic stream based on IP source/destination address, TCP/UDP source/destination ports, and IP protocols such as ICMP, IGMP, TCP, and UDP. A MAC filter can be applied on a port and mirror a traffic stream based on a source/destination MAC address. VLAN-based mirroring is another option for CALEA compliance (i.e., Lawful Intercept). Many enterprises have service-specific VLANs, such as voice VLANs. With VLAN mirroring, all traffic on an entire VLAN within a switch can be mirrored, or specific VLANs can be transferred to a remote server.Secure Network Access
FastIron WS supports IronShield 360°, Brocade unique and powerful closed loop threat mitigation solution. IronShield 360° is a system-side security solution that uses best-of-breed intrusion detection systems to inspect sFlow traffic samples for possible network attacks. In response to a detected attack, Brocade Network Advisor can apply a security policy to the compromised port. This automated threat detection and mitigation stops network attacks in real time, without human intervention.
IronShield 360° detects and mitigates zero-day (anomaly-based) and known (signature-based) network attacks. It leverages hardware-based sFlow packet sampling technology embedded in FastIron WS switches. The combination of sFlow packet sampling, Brocade BNA, and Snort intrusion detection protects the enterprise from network attacks. This advanced security capability provides a network-wide security umbrella without the added complexity and cost of ancillary sensors.
Network managers can rely on features such as multi-device and 802.1X authentication with dynamic policy assignment to control network access and perform targeted authorization on a per-user level. Additionally, the FastIron WS supports enhanced static MAC with the ability to deny traffic to and from a MAC address on a per-VLAN basis allowing network managers to control and deploy access policies per endpoint MAC address. This provides network administrators with a powerful tool for controlling access policies per endpoint device.
Standards-based NAC enables network operators to deploy best-of-breed NAC solutions for authenticating network users and validating the security posture of a connecting device. Support for policy-controlled, MAC-based VLANs provides additional control of network access, allowing for policy-based assignments of devices to Layer 2 VLANs.Secure Element Management
FastIron WS Series includes Secure Shell (SSHv2), Secure Copy, and SNMPv3 to restrict and encrypt management communications to the system. Additionally, support for Terminal Access Controller Access Control Systems (TACACS/TACACS+) and RADIUS authentication ensure secure operator access.Unified Wired/Wireless Network Management with Brocade Network Advisor
Managing enterprise campus networks continues to become more complex, thanks to the growth in services that rely on wired and wireless networks. Services such as Internet, e-mail, video conferencing, real-time collaboration, and distance learning all have specific configuration and management requirements. And at the same time, organizations face increasing demand to provide uninterrupted services for high-quality voice and Unified Communications (UC), wireless mobility, and multimedia applications.
To reduce complexity and time spent managing these environments, the easy-to-use Brocade Network Advisor discovers, manages, and deploys configurations to groups of IP devices. By using the Brocade Network Advisor Device Configuration Manager tool, organizations can configure VLANs within the network, manage wireless access point realms or execute CLI commands on specific devices or groups of IP devices. sFlow-based proactive monitoring is ideal for performing network-wide troubleshooting, generating traffic reports, and gaining visibility into network activity from the edge to the core. Brocade Network Advisor centralizes management of the entire family of Brocade wired and wireless products.Fault Detection
The FastIron WS switches provide both logical fault detection and physical fault isolation capability. Logical fault detection is supported through software features such as Remote Fault Notification (RFN), Protected Link Groups and Uni-directional Link Detection (UDLD).
- RFN, enabled on 1Gb transmit ports, notifies the remote port whenever the fiber cable is either physically disconnected or has failed. When this occurs the device disables the link and turns OFF both LEDs associated with the ports.
- Protected Link Groups minimize disruption to the network by protecting critical links from loss of data and power. In a protected link group, one port in the group acts as the primary or active link, and the other ports act as secondary or standby links. The active link carries the traffic. If the active link goes down, one of the standby links takes over.
- UDLD monitors a link between two FastIron WS switches and brings the ports on both ends of the link down if the link goes down at any point between the two devices.
Physical fault isolation on the FastIron WS switches is supported through Virtual Cable Test (VCT) technology. VCT technology enables diagnosing a conductor (wire or cable) by sending a pulsed signal into the conductor, then examining the reflection of that pulse. By examining the reflection, the FastIron WS switches can detect and report cable statistics such as local and remote link pair, cable length, and link status.
In addition, the FastIron WS supports network loop detection and stability features such as Port Flap Dampening, single link LACP, and Port Loop Detection. Port Flap Dampening increases the resilience and availability of the network by limiting the number of port state transitions on an interface. This reduces the protocol overhead and network inefficiencies caused by frequent state transitions occurring on misbehaving ports. Single Link LACP can be used as a bi-directional link detection protocol. This standards-based solution is appealing for mixed network environments because it works with a variety of switches from other vendors. The Port Loop Detection feature enables network managers to detect and prevent Layer 1 and Layer 2 loops without using STP. Customers that do not enable a Layer 2 Protocol, such as STP to detect physical loops at the edge, can use Port Loop detection. Port Loop detection can be used to detect loops occurring on a port as well as within an entire network.