Cisco CSS 11501, CSS 11503, CSS 11500 Series, CSS 11506 Datasheet

Page 1

Cisco CSS 11500 Series

Content Services Switch

The Cisco CSS 11500 Series Content Services Switch is a compact modular platform, delivering the richest Layer 4–7 traffic management services for e-business applications.

Data Sheet

The Cisco CSS 11500 with the

award-winning Cisco Web Network

Services (WebNS) is specifically designed to

provide robust transport and application

(Layer 4–7) services for Internet and

intranet data centers. The Cisco CSS 11500

builds on the success of the Cisco CSS

11000 Series in five key areas:

• Introduces an intelligent, distributed

architecture to meet the real-world

scaling requirements of today’s

e-business infrastructure

• Improves site availability and

transaction integrity by introducing

Adaptive Session Redundancy (ASR)—

a new industry standard in stateful

failover

• Delivers the greatest flexibility of

any content switch in its class for

customizing combinations of ports,

performance, and services

• Scales secured transaction performance

through support of an integrated,

high-capacity Secure Sockets Layer

(SSL) module (WebNS 5.20)

• Protects investment by enabling

upgrades of performance, ports, and

services through modularity

The Cisco CSS 11500 Series Content

Services Switch enables businesses to

simultaneously reduce costs by optimizing

data center resources and boost

productivity by offering a superior online

experience for customers, business partners,

and employees. Through fast switching and

forwarding of content, the Cisco CSS

11500 Series switches improve utilization,

responsiveness, availability, scalability, and

security of Web sites, server farms, cache

clusters, and firewall systems.

Premier Traffic Management

for E-Business

In addition to the Cisco CSS 11500, Cisco

delivers a complete product line, including

the Cisco CSS 11050, CSS 11150, and

Content Switching Module (CSM)—an

integrated services module for the Cisco

Catalyst® 6500 Series Switch and Cisco

7600 Internet Router. The Cisco CSM

attains the highest performance and offers

transport and application (Layer 4–7)

features as rich as those in WebNS.

Through full integration with Cisco IOS®

Software, the Cisco Catalyst 6500, and the

Cisco 7600 Internet Router—Cisco CSM

also supports the highest port density and

richest internetworking features.

The Cisco CSS 11500 and CSM together

are, simply, the solutions of choice for

enterprises and service providers deploying

content services.

Cisco Systems, Inc.

Page 1 of 10

Page 2

Scalable Distributed Architecture for Today and Tomorrow

In a typical deployment, the Cisco CSS 11500 intercepts a request from a client browser, characterizes the flow by

reading Hypertext Transfer Protocol (HTTP) headers, selects a destination server based on resource availability, and

forwards the flow. Because it quickly processes the entire HTTP header (full URL, cookie, extensive resource

verification information), the Cisco CSS 11500 knows who the user is, what the user wants to do, and how best to

service the user’s request within a global Web infrastructure.

The Cisco CSS 11500 provides a fully distributed architecture—all modules in the system contribute to the overall

processing and memory needs for policy-based flow setup and flow forwarding. In this way, performance scales

linearly as modules are added, and heavy traffic that hits one module can be balanced to others within a single system.

So the Cisco CSS 11500 balances traffic not only within a data center but also across its own internal modules.

This innovative architecture addresses the primary limitations of PC- and application-specific integrated circuit

(ASIC)-based solutions. Unlike PC-based systems, the network processors of the Cisco CSS 11500 provide ample

packet processing power and bandwidth, avoiding the bottlenecks of the PC bus and a single central processor. And

unlike ASIC-based platforms, the powerful, yet adaptable processors of the Cisco CSS 11500 enable easy integration

of new software features.

The Cisco CSS 11500 can apply all its processing power to any port at any time, and it can grow with changing

feature and scalability requirements. The system is designed to readily adapt to changing e-business needs—without

complex and costly hardware upgrades.

New Standard in High Availability

The Cisco CSS 11500 delivers ASR—the industry’s first stateful Layer 5 session redundancy feature that enables

failover of important flows while maximizing performance.

Some flows—such as a long-lived File Transfer Protocol (FTP) or a database session—may be mission critical, but

many flows are not. Most solutions on the market today require all traffic—important or not—to be backed up from

one box to another. If the majority of flows are not critical, then most of system performance is wasted on

unnecessary back ups.

With ASR, the Cisco CSS 11500 may be configured so critical flows are marked as replication worthy, whereas others

do not need to be so marked. ASR focuses traffic management resources precisely where needed.

SSL Integration for Security and Performance

Cisco offers the most scalable integrated SSL solutions of any Layer 4–7 switches.

SSL, the industry standard for secure transport of traffic from client browsers to Web servers, presents two key

challenges for today’s e-business infrastructure. First, because SSL encrypts data and headers, it obscures the

request-specific information that Layer 4–7 switching decisions are made on. Second, SSL authentication places a

high processing load for each SSL flow setup.

The Cisco CSS 11500 with integrated SSL modules meets both of these challenges by combining leading SSL

acceleration technology with the Cisco WebNS technology. In addition to superior price performance, the SSL

module simplifies the management of digital certificates and offers new possibilities in optimizing the switch-to-server

architecture for security and performance. And SSL transaction performance may be scaled by adding multiple SSL

modules to a chassis.

Cisco Systems, Inc.

Page 2 of 10

Page 3

Modularity for Investment Protection

The Cisco CSS 11500 offers the greatest flexibility and scalability of any midrange Layer 4-7 switch. Through its

modular design, the Cisco CSS 11500 will meet your functional requirements today while providing for expansion

for tomorrow’s needs. The Cisco CSS 11500 Session Accelerator Module is a cost-effective way to add performance

for flow setup and flow forwarding. A selection of input/output (I/O) modules not only gives you the choice of port

densities of Fast or Gigabit Ethernet, but also boosts flow performance. Optional memory upgrades increase the

number of simultaneous flows supported. PCMCIA Flash memory and hard disks are supported.

Local and Global Load Balancing

By supporting the latest advances in local and global load balancing, the Cisco CSS 11500 Series Switch not only

dramatically increases site availability—greatly improving user response time and retention—but also optimally

utilizes site resources, thereby decreasing the cost to serve end users.

The Cisco CSS 11500 learns where specific content resides, either locally or remotely, and dynamically selects the

best Web server or cache for specific content requests.

Local server selection is based on server load and application response time, as well as traditional least connection

and round-robin algorithms. Any application that uses standard TCP or User Datagram Protocol (UDP) protocols

can also be load balanced, including firewalls, mail, news, chat, and Lightweight Directory Access Protocol (LDAP).

The Cisco CSS 11500 also provides a complete solution for building and provisioning Internet-scale global content

distribution and delivery. Whereas local load-balancing features determine the best device within a data center, global

load-balancing functions choose the best data center in the Internet to service requests.

The Cisco CSS 11500 performs comprehensive resource verification before routing user requests, ensuring that they

are directed to the location that has the best response time and the least load for the requested content. Cisco supports

global load balancing through redirection based on both Domain Name System (DNS) and HTTP. The DNS

mechanism is fast and scalable; the HTTP method provides the highest degree of control.

Site and System Security

The Cisco CSS 11500 with Cisco WebNS Software ensures high levels of security without compromising site

performance. The Cisco CSS 11500 provides stateful, content-based access control, and supports security policies

based on any combination of source address, destination address, protocol, TCP port, or URL. The Cisco CSS 11500

monitors start-to-finish Web transaction activity and guards against denial-of-service (DoS) attacks such as SYN

floods, ping floods, “smurfs,” and any other undesirable connection attempts. Wire-speed Network Address

Translation (NAT) protects real server IP addresses.

For additional security, the Cisco CSS 11500 intelligently directs traffic across multiple firewalls. By load balancing

firewalls, the Cisco CSS 11500 eliminates performance bottlenecks and single points of failure that result in system

downtime, a situation that can close off the connection to the network and disrupt e-commerce purchases or other

mission-critical transactions.

Cisco Systems, Inc.

Page 3 of 10

Page 4

Manage Through Simple GUIs or Sophisticated Tools

Effective management tools reduce the ongoing cost of operating a business-critical Web site. The Cisco CSS 11500

with WebNS supports a wide range of management tools that offer simplicity, security, and flexibility. For

configuration, administrators have a choice of a “Cisco IOS Software-like” command-line interface (CLI) or an

intuitive, embedded graphical user interface (GUI). For large networks, the Cisco CSS 11500 may be managed

through enterprise management systems such as CiscoWorks 2000 CiscoView and tiered-access tools such as the

Cisco Hosting Solutions Engine. For integration with customized management systems or even user applications

requiring network interaction, the Cisco CSS 11500 offers an Extensible Markup Language (XML)-based,

programmatic management application programming interface (API), Simple Network Management Protocol

(SNMP), Remote Monitoring (RMON), and log files. Effective management tools reduce the ongoing cost of

operating a business-critical Web site.

Cisco CSS 11500 Series Content Services Switch: Chassis and Modules

The Cisco CSS 11500 Series Content Services Switch includes two models: the two-rack unit, three-slot Cisco CSS

11503 with 20-Gbps aggregate throughput and the five-rack unit, six-slot Cisco CSS 11506 with 40-Gbps aggregate

throughput. The modules, memory and disks for the Cisco CSS 11506 are interchangeable with those for the Cisco

CSS 11503.

The Cisco CSS 11506 requires at least one switch control module (SCM) and may be configured with a second in

standby mode. With the required SCM in one slot, the Cisco CSS 11506 has five additional slots supporting any

combination of I/O, SSL, or session accelerator modules. The Cisco CSS 11503 requires a SCM and accommodates

any two of the other optional modules.

The Cisco CSS 11506 supports not only redundancy in switch control modules but also redundant power supplies

and redundant switch modules (20 Gbps each). All SCMs support redundant disk drives.

All modules participate in flow setup, but they differ primarily in control functions, performance, SSL capabilities,

and I/O. Each Cisco CSS 11500 Module consists of one high-speed MIPS RISC processor for flow setup, one network

processor for flow forwarding, one classification engine for accelerated lookups in bridge/access control list (ACL)

tables, and up to 288 MB of RDRAM.

Switch Control Module for the Cisco CSS 11500 Content Services Switch

The Cisco CSS 11500 Switch Control Module not only governs the whole system but also contributes to I/O density

and flow performance. The SCM comes standard with 2-Gigabit Ethernet ports—supporting small-form factor,

pluggable gigabit interface converters (SFP GBICs) and has a console port and Ethernet port for management. The

SCM also features two PCMCIA slots that hold up to two 256-MB Flash memory disks, up to two 512-MB hard

disks, or one of each.

SSL Module for the Cisco CSS 11500 Content Services Switch

The Cisco CSS 11500 SSL Module is the ideal solution for handling high volumes of SSL transactions that occupy

today’s e-business data centers. The module integrates state-of-the-art SSL processors into the leading content

switching technology of Cisco WebNS. In addition to superior price performance, the SSL module simplifies the

management of digital certificates and offers new possibilities in optimizing the switch-to-server architecture for

security and performance.

Cisco Systems, Inc.

Page 4 of 10

Page 5

I/O Modules for the Cisco CSS 11500 Content Services Switch

The Cisco CSS 11500 I/O modules deliver port density and flow performance. The product line supports three types

of I/O modules:

• Two-port Gigabit Ethernet

• Sixteen-port Fast Ethernet

• Eight-port Fast Ethernet

The Fast Ethernet ports are 10/100BASE-TX with standard RJ-45 connectors, whereas the Gigabit Ethernet ports

require small-form factor GBICs (1000BASE-SX or 1000BASE-LX).

Session Accelerator Module for the Cisco CSS 11500 Content Services Switch

The session accelerator module is a cost-effective way to add flow performance when additional connectivity is not

required. Using the same flow setup and forwarding processors as the I/O modules, it provides the flexibility to

optimize the system for port density and performance. Table 1 gives the features of the Cisco CSS 11500 models.

Ta b le 1 Cisco CSS 11500 Models: Quick Look

Cisco CSS 11503 Cisco CSS 11506

Number of modular slots 36

Included in base configuration Switch Control Module

2 Gigabit Ethernet (GBIC) ports

Maximum Gigabit Ethernet ports 612

Maximum 10/100 Ethernet ports 32 80

2-port Gigabit Ethernet I/O Module Maximum of 2 Maximum of 5

16-port 10/100 Ethernet I/O Module Maximum of 2 Maximum of 5

8-port 10/100 Ethernet I/O Module Maximum of 2 Maximum of 5

SSL modules Maximum of 2 Maximum of 5

Session accelerator modules Maximum of 2 Maximum of 5

Redundancy features Active-active Layer 5

Adaptive Session Redundancy

redundancy

VIP

Height 3.5” (2 rack units) 8.75” (5 rack units)

Bandwidth Aggregate 20 Gbps Aggregate 40 Gbps

Storage 512-MB hard disk or

256-MB Flash memory disk

Switch Control Module

2 Gigabit Ethernet (GBIC) ports

Active-active Layer 5

Adaptive Session Redundancy

VIP redundancy

Active-standby SCM

Redundant switch fabric module

Redundant power supplies

512-MB hard disk or

256-MB Flash memory disk

Power Integrated AC or DC Up to 3 AC or 3 DC

Virtual Internet Protocol (Address)

Cisco Systems, Inc.

Page 5 of 10

Page 6

Ordering Information

Table 2 lists the product numbers and their descriptions for the Cisco CSS 11500 Series.

Ta b le 2 Cisco CSS 11500 Series Product Numbers

Product number Description

CSS11506-2AC Cisco 11506 Content Services Switch including SCM with 2 Gigabit Ethernet ports,

CSS11506-2DC Cisco 11506 Content Services Switch including SCM with 2 Gigabit Ethernet ports,

CSS11503-AC Cisco 11503 Content Services Switch including SCM with 2 Gigabit Ethernet ports,

CSS11503-DC Cisco 11503 Content Services Switch including SCM with 2 Gigabit Ethernet ports,

CSS5-SCM-2GE Cisco CSS 11500 System Control Module with 2 Gigabit Ethernet ports and hard

CSS5-IOM-8FE Cisco CSS 11500 Fast Ethernet I/O Module: 8-port TX

CSS5-IOM-16FE Cisco CSS 11500 Fast Ethernet I/O Module: 16-port TX

CSS5-IOM-2GE Cisco CSS 11500 Gigabit Ethernet I/O Module: 2-port (requires SFP GBICs)

CSS5-SAM Cisco CSS 11500 Session Accelerator Module

CSS5-SSL Cisco CSS 11500 SSL Module

hard disk, 2 switch modules, 2 AC power supplies, and a fan (requires SFP GBICs)

hard disk, 2 switch modules, 2 DC power supplies, and a fan (requires SFP GBICs)

hard disk, and integrated AC power supply, integrated fan, and integrated switch module (requires SFP GBICs)

hard disk, and integrated DC power supply, integrated fan, and integrated switch module (requires SFP GBICs)

disk (requires SFP GBICs)

Cisco Systems, Inc.

Page 6 of 10

Page 7

Cisco CSS 11500 Specifications

Table 3 lists the specifications for the Cisco CSS 11500 Series.

Tab l e 3 Cisco CSS 11500 Specification

Cisco CSS 11500 Specifications

Key System Parameters* (*For WebNS Version 5.10)

• Maximum supported keepalives: 1024

• Maximum concurrent connections per I/O module: 200,000 with 256-MB RDRAM

• Maximum supported virtual LANs (VLANs) (802.1Q): 512 (64 per port)

Cisco CSS 11506

• Requires WebNS 5.10 or later versions • One slot for SCM

• Rack units: 5 • Five slots for additional modules

• Two slots for switch modules • Aggregate switch throughput: 40 Gbps

• Dimensions (Height x Width x Depth): 8.75 x 17.0 x 12.5 in.(22.2 x 43.2 x 31.8 cm)

Cisco CSS 11503

• Requires WebNS 5.10 or later versions • One SCM slot

• Rack Units: 2 • Two slots for additional modules

• Integrated switch fabric module • Aggregate switch throughput: 20.0 Gbps

• Dimensions (Height x Width x Depth): 3.5 x 17.0 x 12.5 in.(8.9 x 43.2 x 31.8 cm)

Key Cisco WebNS Features

The Cisco CSS 11500 supports all WebNS 5.1 features, including:

• Full URL parsing • HTTP (1.0, 1.1)

• Sticky cookie insertion • All TCP services, UDP, and SSL

• Content policy ACLs on all HTTP headers • VLAN 802.1Q

• DoS protection against SYN floods and other Layer 4 attacks

• Management: Secure Shell Protocol (SSH), SNMP, SSL browser-based interface, embedded GUI

• Integrated global load balancing with HTTP and DNS-based redirection

• Routing Information Protocol (RIP) versions 1 and 2, Open Shortest Path First (OSPF)

• Server/node operating system compatibility: Any TCP/IP OS, including Windows XP, Windows 2000, Windows NT, Windows 98, Windows 95, all UNIX platforms, LINUX, and Mac OS

• Dynamic content support: Active Server Pages (ASP), Visual Basic Script, ActiveX, Java, Virtual Reality Markup Language (VRML), Common Gateway Interface (CGI), CoolTalk, NetMeeting, RealAudio, RealVideo, NetShow, QuickTime, PointCast, Any HTTP Encapsulated Data

Cisco Systems, Inc.

Page 7 of 10

Page 8

Ta b le 3 Cisco CSS 11500 Specification (Continued)

Cisco CSS 1150 0 Specifications

SSL* (* For Cisco WebNS Version 5.20)

• Full and transparent proxy modes • SSL session reuse

• Number of digital certificates: 256 • Clock with battery backup (on Switch Control Module)

• Key sizes 512, 768, 1024, and 2048

• Security protocols SSL 3.0 and Transport Layer Security (TLS) 1.0

• Importing certificates: Apache, Microsoft IIS, Netscape

• PCKS no. 12: Personal information exchange syntax standard

• Security algorithms Rivest, Shamir, Adelman (RSA), Digital Encryption Standard (DES), Triple DES (3DES), and RC4

• Encryption (3DES) of certificates and keys in configuration file

Environmental

Temperature

• Operating: 32° to 104°F (0° to 40°C)

• Nonoperating: –4° to 149°F (–20° to 65°C)

Altitude

• Operating: 0 to 10,000 ft (0 to 3000 m)

• Nonoperating: 0 to 15,000 ft (0 to 4570 m)

Electrical

• 100–240 VAC input, 50–60 Hz

• Cisco CSS 11506 current rating: 9A

• Cisco CSS 11503 current rating: 5A

Heat dissipation

Cisco CSS 11506 maximum

• DC: 860VA@2936 Btu/hr

• AC: 860VA@2936 Btu/hr

Acoustic noise

• 70 dB maximum

Shock

• Operating (half sine): 21 in./sec (0.53 m/sec)

Humidity

• Operating: 10 to 90% noncondensing

• Nonoperating: up to 95% noncondensing

• –46 to –60 VDC input

• Cisco CSS 11506 current rating: 9A

• Cisco CSS 11503 current rating: 5A

Cisco CSS 11503 maximum

• DC: 430VA@1468 Btu/hr

• AC: 430VA@1468 Btu/hr

• Nonoperating (trapezoidal pulse): 20G1, 52 in./sec (1.32 m/sec)

• 1G is a value of acceleration, where 1G equals 32.17 ft/sec** (9.81 m/sec**)

Cisco Systems, Inc.

Page 8 of 10

Page 9

Ta b le 3 Cisco CSS 11500 Specification (Continued)

Cisco CSS 1150 0 Specifications

Vibration

• Operating: 0.35 Grms from 3 to 500 Hz (Grms is the root mean square value of acceleration)

• Nonoperating: 1.0 Grms from 3 to 500 Hz

Weight

Cisco CSS 11506

• Shipping: 68.65 lb

• Standalone: 57.7 lb

Cisco CSS 11503

• Shipping: 42.85 lb

• Standalone: 33.3 lb

Safety certification

• CSA-22.2 No. 950 - UL1950 • ACA TS001

• EN60950/IEC60950 • AS/NZS 3260

• EN60825/IEC60825

Electromagnetic compliance (emissions)

• FCC CFR 47 Part 15 Class A • FCC CFR 47 Part 15.109 Class B

• ICES-003 Class A • CISPR 22 EN55022 Class B (to 1 GHz)

• CISPR 22 EN55022 Class A • EN61000-3-2/IEC-1000-3-2 (power line harmonics)

• EN61000-3-2/IEC-1000-3-2 (power line harmonics) • VCCI V-3/01.4 Class B (to 1GHz)

• VCCI Class A • ICES-003 Class B

• AS/NZS 3548 Class A • AS/NZS3548 Class B

Immunity

• EN300386 (EMC for network equipment) • EN61000-4-8/IEC-1000-4-8

(Power frequency magnetic field immunity)

• EN61000-4-3/IEC-1000-4-2

• EN61000-4-11/IEC-1000-4-11 (voltage dips and sags)

(electrostatic discharge [ESD])

• EN61000-4-3/IEC-1000-4-3 (radiated immunity) • ETS-300386

• EN61000-4/IEC-1000-4-4 (EFT) • FCC Class A Compliance Notice (United States)

• EN61000-4-5/IEC-1000-4-5 (surge) • ICES-003 Class A Compliance Notice (Canada)

• EN61000-4-6/IEC-1000-4-6 (low-frequency conducted immunity)

• VCCI Class A Compliance Notice (Japan)

Cisco Systems, Inc.

Page 9 of 10

Page 10

Corporate Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 526-4100

European Headquarters

Cisco Systems Europe 11, Rue Camille Desmoulins 92782 Issy-les-Moulineaux Cedex 9 France www-europe.cisco.com Tel: 33 1 58 04 60 00 Fax: 33 1 58 04 61 00

Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the

Cisco Web site at www.cisco.com/go/offices

Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica • Croatia Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe

Copyright © 2002, Cisco Systems, Inc. All righ ts reserved. Catalyst, Cisco, Cisco IOS, Cisco Systems, and the Cisco Systems logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other tr ademarks mentioned in this document or Web site ar e the property of their respec tive owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0202R)

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883

Asia Pacific Headquarters

Cisco Systems, Inc. Capital Tower 168 Robinson Road #22-01 to #29-01 Singapore 068912 www.cisco.com Tel: 65 317 7777 Fax: 65 317 7799