Hi all, Here's what I propose as a list of contents for the IXP Switching Wishlist: ------------------------------------------------------ * Abstract - so people know what this is about :-) * Brief background and overview of who exchange points work, how they use switching products. I've then broken the "wishes" down in to various sections, along with some ideas for what we can cover: * Security and access control - Control of dynamic MAC learning (i.e. set maximum number of addresses learnable on a per-interface basis) - Ability to disable acting on STP (802.1d) packets on a per-port basis - Wire-speed access-list-type filtering of L3 traffic (without switch acting at L3) - ARP snooping and control (i.e. pickup "off-net" ARPs, etc) - Good policy exception logging - TACACS/RADIUS authentication on CLI/web interfaces - ACL control on CLI/web interfaces - https on web interfaces (or we're passing passwords in the clear!) - SSH availability - Ability to enable/disable management functions (telnet/ssh/web/SNMP) on a per VLAN basis (Foundry implement this now :-). - Ability to have a port on one card mirror a port on any other card in the chassis, in real-time (i.e. switch fabric writes to both ports simultaneously). We can then use a single GigE port to mirror any port in the box :-). * Scalability and Resilience - Spanning Tree - What's wrong with it, various optimisations, ability to declare a port as an "end station" and not run spanning tree on that port, and not go blocking while STP calculation is in progress (e.g. "uplink-fast"?). Security in spanning-tree (i.e. could someone inject .1d information into your STP domain and "hijack" it?) - touched on earlier, disable listening for STP on ports declared as "end-stations". - Resilient Packet Ring (standards-based Cisco DPT) - go get involved while it's at study group stage. Look toward implementing it once it starts reaching draft stage. - Layer 2 routing - develop a standards-based(!) SPF algorithm to calculate the forwarding table across inter-switch backbone links, rather than use address learning. Permit all links to run with live traffic, using best path routing. Load-balancing (or do we achieve this using trunking/dot1ad link-agg)? Definitely need help fleshing this one out! - Multicast control and containment - Push Cisco RGMP toward standards track. Alternative - control based on PIM/MSDP snooping. - IPv6 - We should probably think about control of things like IPv6 anycast in here as well. * Physical wishes - True hot-swap of things like management cards, switch fabric/shared packet memory modules (i.e. not reboot the box on the "spare" module) - True hot-swap and full redundancy of PSUs. - True wire-speed - all ports can talk to all ports, at full speed, all the time (no oversubscribing of backplane, simultaneous conversations across the backplane - i.e. not bus-based) - GBIC optics all round for flexibility - maximise port utilisation - Rapid bootup, card restart ------------------------------------------- OK, has anyone got any feedback on the following, or is able to add to any/all sections of the above? Comments welcome :-). Mike -- Mike Hughes Network Architect London Internet Exchange mike@linx.net http://www.linx.net/ "Only one thing in life is certain: init is Process #1"