Switches don't need complex algorithms, updated daily, to catch most threats. Instead, the nimble application of human intelligence through elegant code can achieve real results.

by Alex Goldman ISP-Planet Managing Editor [February 12, 2007]

Santa Clara, Calif.-based Extreme Networks recently announced an upgrade to its operating system for switches, ExtremeXOS version 11.6. The latest release focuses on security and policy enforcement.

For example, the company says that its OS resolves a problem with Network Access Control (NAC) on DHCP servers by only allowing access to the network by devices with valid DHCP assigned IP addresses.

Similarly, the newest version enhances 802.1x by enabling per-user or per-group policy enforcement with greater granularity. "We can obtain a lot of information from the RADIUS server," says Suresh Gopalakrishnan, Extreme Networks vice president and general manager of the emerging products group (which focuses on security and wireless). "For example, we could prioritize calls to a call center."

Recent enhancements
Gopalakrishnan is also proud of the company's recent additions to the OS, released in previous versions. At the most basic level, ISPs of all sizes can no longer tolerate any downtime on switches, so Extreme supplies each switch with two CPUs, and during a version upgrade, it can upgrade one CPU while switching operations to the other.

Another key feature enables service providers to run Ethernet over fiber networks that would in the past have used SONET. "We can failover to an alternate ring on the same network in less than 50 ms," says Gopalakrishnan. "Taking more time would cause dropped calls, so this is a key requirement for larger ISPs. Now, even VoIP will not fail if the fiber is cut. We took that capability from the SONET specification and implemented it using Ethernet. We call it Ethernet Automatic Protection Switching, EAPS, where SONET uses Automatic Protection Switching (APS)."

Sentriant
Gopalakrishnan wants to be certain we know about the company's Sentriant series of security boxes. "ISPs want to know what's going on in their own network. They can turn on one product and find out. Many know that bad things are going on, but are surprised when they learn the details."

Jeani Park, Extreme Network director of product strategy for the security group, says that the box uses a simple set of algorithms, finding a large number of problems by looking for basic bad behaviors. "The box uses twenty simple rules, such as looking for a device that tries to contact every other device on the network. Even though it's examining basic behavior, we haven't found a worm it hasn't caught. And of course, it doesn't require rule updates to catch them."

She adds that placing the device out of band is best so that if villains see it and manage to take it down, the network is not affected.

Pricing and availability
Extreme Networks' latest OS is available to all up to date customers. Gopalakrishnan says the company updates its OS a few times each year.

—End