eWeek - April 30, 2007

work; see how much bandwidth they are
using; and, after you identify the appli-
Networks grow cation, you can rate-limit them, block
them or prioritize them,” Yen said.
Deep packet inspection, imple-
mented in hardware on the module,
mo_re _intelligentenables stateless or stateful inspection.
That allows users to more easily identify
applications that move from one port
to another, such as Skype, and discern
which of the growing number of Web
CISCO GEAR EXPANDS SECURITY, POLICY ENFORCEMENT ^applications ^are ^{business-related} ^or,as with Kazaa or Bit Torrent, are recre-

By Paula Musich intends to migrate the functions into ational. Deep packet inspection can also Cisco systems is following its smaller-form-factor Catalyst switches identify whether video traffic is for a rivals’ lead in extending greater as the market dictates. videoconference or a video-on-demand intelligence to the edge of the “They weren’t first to market, but training exercise. corporate network with a new I think you’d be hard-pressed to say Cisco’s Supervisor Engine 32 with Supervisor module for its Cata- they’re late,” Kerravala said. “Cisco PISA uses flexible pattern matching to lyst 6500 Series switches and a new tends to hit markets at the right time, match string patterns associated with small-form-factor router. and their presence legitimizes the known worms and viruses; this capa-

Introduced April 30, Cisco’s Catalyst market.” bility also works on partial matches to 6500 Series Supervisor Engine 32 with Driving such adoption is a change catch variants of those known worms PISA (Programmable Intelligent Ser- in the pattern of network traffic. With and viruses. Once a match is found, the vices Accelerator) technology can per- more peer-to-peer traffic from VOIP packets can be blocked and discarded. form deep packet inspection to classify (voice over IP), video over IP and “PISA does prefiltering at the edge network traffic or spot malicious traf- similar applications, network traffic and allows centralized security ser-fic and apply security or QOS vices in the core to scale more effec- (quality of service) policies tively,” said Yen. accordingly. One Catalyst 6500 user briefed Cisco officials said cus- on Cisco’s Supervi-tomers are using the com- sor Engine 32 with pany’s Catalyst 6000 Series PISA was pleased network switches in wiring to see such control. closets, although the devices were “We want more con-designed for the campus network trol over our access layer. As traffic ^core. The Supervisor Engine 32 with PISA classifies ^comes ^into ^our ^network, ^we ^want ^to

“One quarter of all [Catalyst 6000s] network traffic using deep packet inspection. be able to mark it for QOS,” said Luis today are going into the wiring closet Chanu, global network and security or enterprise WAN edge as a router,” no longer involves just client-to-data- architect at PDL BioPharma, in Fre-said John Yen, senior manager for center-based servers. mont, Calif. network systems at Cisco, in San Jose, To help customers better design net- “By having inspection in hardware, Calif. “[ Their] presence in the campus works to accommodate that change, we can classify our various applications network is expanding beyond core Cisco created the Campus Commu- and mark them and be alerted of any deployment.” nication Fabric blueprint. “We call it a viruses that may exist in the closets,”

“There are an awful lot of [Catalyst fabric because the campus network is Chanu said. “We want to leverage the 6000s] in wiring closets, but this does being stretched in multiple directions. PISA capability and use flexible pattern limit [use of the new technology] to It becomes a key communications matching to see virus outbreaks as they larger enterprises,” said Zeus Kerra- medium as more and more business occur and mitigate them.” vala, an analyst with Yankee Group. services are being rolled out on top of Cisco also extended its 7200 Series

Rivals such as Hewlett-Packard and [it],” said Marie Hattar, senior direc- line with the Cisco 7201, a compact Extreme Networks already are dis- tor for network systems marketing router that features higher perfor-tributing intelligence for security and at Cisco. mance and lower power consump-policy enforcement to the network “[Using the Supervisor Engine 32 tion. The 7201 can be used as a WAN edge and offer such capabilities in with PISA,] you can now identify what edge router or for broadband aggre-smaller, less costly switches. Cisco applications are running on your net- gation. ´