IXP Switching Wishlist - Draft Contents

[Mike Hughes <]

Hi all,

Here's what I propose as a list of contents for the IXP Switching
Wishlist:

------------------------------------------------------

* Abstract - so people know what this is about :-)

* Brief background and overview of who exchange points work, how they use
switching products.

I've then broken the "wishes" down in to various sections, along with
some ideas for what we can cover:

* Security and access control 
- Control of dynamic MAC learning (i.e. set maximum number of addresses
learnable on a per-interface basis)
- Ability to disable acting on STP (802.1d) packets on a per-port basis
- Wire-speed access-list-type filtering of L3 traffic (without switch
acting at L3)
- ARP snooping and control (i.e. pickup "off-net" ARPs, etc)
- Good policy exception logging
- TACACS/RADIUS authentication on CLI/web interfaces 
- ACL control on CLI/web interfaces
- https on web interfaces (or we're passing passwords in the clear!)
- SSH availability 
- Ability to enable/disable management functions (telnet/ssh/web/SNMP) on
a per VLAN basis (Foundry implement this now :-).
- Ability to have a port on one card mirror a port on any other card in
the chassis, in real-time (i.e. switch fabric writes to both ports
simultaneously). We can then use a single GigE port to mirror any port in
the box :-).

* Scalability and Resilience 
- Spanning Tree - What's wrong with it, various optimisations, ability to
declare a port as an "end station" and not run spanning tree on that port,
and not go blocking while STP calculation is in progress (e.g.
"uplink-fast"?). Security in spanning-tree (i.e. could someone inject .1d
information into your STP domain and "hijack" it?) - touched on earlier,
disable listening for STP on ports declared as "end-stations".

- Resilient Packet Ring (standards-based Cisco DPT) - go get involved
while it's at study group stage. Look toward implementing it once it
starts reaching draft stage.

- Layer 2 routing - develop a standards-based(!) SPF algorithm to
calculate the forwarding table across inter-switch backbone links, rather
than use address learning. Permit all links to run with live traffic,
using best path routing. Load-balancing (or do we achieve
this using trunking/dot1ad link-agg)? Definitely need help fleshing this
one out!

- Multicast control and containment - Push Cisco RGMP toward standards
track. Alternative - control based on PIM/MSDP snooping.

- IPv6 - We should probably think about control of things like IPv6
anycast in here as well.

* Physical wishes
- True hot-swap of things like management cards, switch fabric/shared
packet memory modules (i.e. not reboot the box on the "spare" module)
- True hot-swap and full redundancy of PSUs.
- True wire-speed - all ports can talk to all ports, at full speed, all
the time (no oversubscribing of backplane, simultaneous conversations
across the backplane - i.e. not bus-based)
- GBIC optics all round for flexibility - maximise port utilisation
- Rapid bootup, card restart

-------------------------------------------

OK, has anyone got any feedback on the following, or is able to add to
any/all sections of the above?

Comments welcome :-).

Mike
-- 
Mike Hughes	Network Architect	London Internet Exchange
mike@localhost	http://www.linx.net/	
     "Only one thing in life is certain: init is Process #1"