The catalyst 6500 switching platform supports various services and functionality through the use of service modules. Several service module options extend the capabilities of different service for voice, security, wireless deployment with Cisco Catalyst 6500 platform. Many environments now combine many of these service modules together to form what is now referred to as services switches
Catalyst 6500 includes the following service modules:
Cisco Firewall Services Module (FWSM):
FWSM is a high-speed firewall module for use in the Cisco Catalyst 6500 switches and Cisco 7600 Series routing platform provide the fastest firewall data rates in the industry: 5-Gbps throughput, 100,000 CPS, and 1M concurrent connections. Up to four FWSMs can be installed in a single chassis, providing scalability to 20 Gbps per chassis. The Cisco FWSM offers large enterprises and service provider’s unmatched security, reliability, and performance.
For service provider and large enterprise environment, the FWSM supports advanced features such as multiple security contexts for both routed and bridged firewall modes. You can run multiple contexts on firewall hardware to virtualize firewall into multiple firewalls, each with its own configuration and policy.
Anomaly Guard module:
It provides the attack response by blocking malicious traffic at Gbps line rates. With multiple layers of defense, it can be divert traffic destined for specific targeted devices only whereby not affecting legitimate traffic.
The Anomaly Guard Module employs a unique "on-demand" deployment model, diverting and scrubbing only traffic addressed to targeted devices or zones without affecting other traffic Business operations continue uninterrupted, even in the midst of attack.
The Anomaly Guard Module's multiprocessor architecture can support future licensed software upgrades to enhance and improve performance for defending against massive attacks.
Intrusion Detection System (IDSM-2) Module:
The Cisco IDS Module (IDSM) integrates Cisco IPS functionality directly into your Catalyst 6000 family switch. This line card captures traffic directly off of the switch’s backplane. Beginning with Cisco IDS version 4.0, Cisco introduced the second-generation IDSM, called the IDSM-2 and it is Compatible with the Catalyst 6500 switch and 7600 router. This new module runs the same code base as the appliance sensor. Therefore, both platforms now support the same functionality. The Cisco IDSM-2 is part of the Cisco IPS family that supports both inline (IPS) and passive (IDS) solutions. IDSM2 provides up to 500mbps of packet inspection capability to efficiently monitor and protect your data infrastructure.
Network Analysis Module(NAM):
Cisco NAM provides comprehensive network and application visibility to reduce management complexity, optimize usage of network resources and improve application performance. NAM is available as a service module on Cisco Catalyst 6500 Series Switches, Cisco 7600 Series Routers, and Cisco Integrated Services Routers.
NAM implements intelligent application performance analytics to accurately characterize end-user experience and monitor committed service level objectives. It analyzes the TCP-based client/server messages to provide a comprehensive set of transaction and session-based performance statistics. The visibility allows network managers to effectively use control and optimization mechanisms such as quality of service (QoS) and Cisco Wide Area Application Services (WAAS) to improve the performance of applications and services. It measures application response time, transaction time, bandwidth usage, and LAN and WAN data throughput, among other performance metrics. As a result, it helps to accurately quantify the impact of WAN optimization; thereby effectively managing application delivery over WANs.
NAM combines advanced voice monitoring with real-time troubleshooting capabilities to help improve the quality of voice services delivered to the end user. NAM provides resolution with advanced troubleshooting using intelligent packet captures, decodes and filters; hence improving IT operational efficiency and minimizing any impact to the end users. NAM managed remotely from any desktop, eliminating the need to send staff to remote sites or transfer large amounts of data to a central site.
NAM can also monitor both LAN and WAN performance. It provides visibility into traffic from local and remote switches and routers for comprehensive traffic analysis. It offers views with the detailed information on VLANs, Differentiated Services, hosts, conversation pairs, and application usage that is essential for managing effective and reliable delivery of applications.
IPsec VPN SPA:
It enables cost-effective and scalable VPN services using the Cisco cat 6500 and Cisco 7600 series routing platforms. This module doesn’t have interfaces, but instead uses other LAN and WAN interface available on the chassis. By using SPA carrier-400, each slot of Cisco cat 6500 or 7600 can support up to 2 Cisco IPsec VPN SPAs.
SSL service module:
SSL module is an integrated service module for terminating SSL session on Cisco cat 6500 series switch or Cisco 7600 series routing platform. By offloading the SSL termination with the SSL module, the web server’s CPU is reduced, and they can support more connection and that increase the operational efficiency. Up to 4 SSL module can be used in single chassis.
The SSL Services Module is a Layer 4-through-Layer 7 service module. The module operates either in a standalone configuration or with the Content Switching Module (CSM). In a standalone configuration, secure traffic is directed to the module using policy-based routing (PBR).When used with the CSM, only encrypted client traffic is forwarded to the module, while clear text traffic is forwarded to the real servers. The SSL Services Module uses the SSL protocol to enable secure transactions of data through privacy, authentication, and data integrity; the protocol relies upon certificates, public keys, and private keys.
WEB VPN Services module:
It’s a high speed integrated SSL VPN services module for support of large scale remote access VPN deployments. The WEB VPN services module support up to 32,000 SSL VPN users and up to 4 modules can be used in single chassis.
Traffic Anomaly Detector Module:
It uses behavioral analysis and attack recognition technology to identify attack pattern. It can also monitor traffic destined to application server and create detailed profiles based on the normal operating conditions. If module detects any abnormal behavior in per flow data conversation, it considers this behavior as potential attack and respond based on the configuration. You can also use this module sent an operator an alert or launch Cisco Anomaly Guard module to begin mitigation services.
The Cisco Wi-fi Service Module 2 (WiSM2) Controller is integrate with Cisco Cat 6500 Series Switches that enables system wide solutions for mission-essential wireless networking in medium-sized to huge enterprises and campus environments. Made for 802.11n efficiency and maximum scalability, the Cisco WiSM2 controller supports a much larger density of clientele and delivers considerably far more useful roaming, with at the incredibly minimum nine events the throughput of current 802.11a/g networks. The WiSM2 controllers provide:
- Enhanced uptime with the ability to concurrently control as considerably as 1000 access points
- Remarkable total functionality for trusted streaming video and toll-good quality voice
- Improved fault recovery for a consistent mobility encounter in the most demanding environments
The Cisco WiSM2 Controller supports a lot of distinct organization mobility desires, these types of as the Cisco Office Extend solution for protected, mobile phone teleworking and Cisco Enterprise Wireless Mesh, which would make it possible for entry factors to dynamically establish wireless connections in places where by it could potentially be difficult or difficult to physically hook up to the wired network.
Application Control Engine (ACE):
The Cisco ACE Module can integrate with Cisco Cat 6500 Series Switches and the Cisco 7600 Series Routers. The Cisco ACE provides load-balancing and content-switching functions with granular traffic control based on customizable Layer 4 through 7 rules with support for IPv4 and IPv6 addresses, VIPs, and server farms.
Cisco ACE can load-balance the following protocols like HTTP/HTTPS, FTP, Domain Name System (DNS), Internet Control Message Protocol (ICMP), Session Initiation Protocol (SIP), Real-Time Streaming Protocol (RTSP), Extended RTSP, Lightweight Directory Access Protocol (LDAP), RADIUS, Skinny Client Control Protocol (SCCP) and Microsoft Remote Desktop Protocol (RDP) in in IPv4 environment.
In an IPv6 environment, it can natively load-balance HTTP, HTTPS, and SSL protocols. It has generic protocol parsing capabilities that enable the configuration of application switching and persistence policies based on any information in the traffic payload for custom and packaged applications without requiring any programming.
The Cisco ACE supports translation and load balancing between IPv4 and IPv6 networks and provides flexibility to customers in planning their IPv6 migrations.
ASA Services Module:
The Cisco Catalyst 6500 Series ASA Services Module is a high-speed, integrated network security module for Cisco Catalyst 6500 Series switches.
It delivers industry-leading firewall data rates; this module provides exceptional scalability to meet the needs of today's dynamic organizations - in single blade architecture.
This ASA Services Module provides twice the performance and four times the session count of competitive network security modules.
it supports up to:
- 20 Gbps maximum firewall throughput (max)
- 16 Gbps of maximum firewall throughput (multi-protocol)
- 300,000 connections per second
- 10 million concurrent connections
- 250 security contexts
- 1,000 VLANs
It provides various benefits customer including:
- Advanced scalability and performance
- Exceptional security protection at Layer 2 through Layer 7
- Ability to work with other modules in the chassis for comprehensive security delivery
Content Switching Module (CSM):
The Cisco Content Switching Module (CSM) adds advanced layer 4 to layer 7 content switching capabilities to the Cisco Catalyst 6500 Series Switch providing high-performance, feature rich layer 4 to layer 7 load balancing to existing layer 2 and layer 3 features of the Catalyst platforms.
The Content Switching Module (CSM) is a single slot service module and it provides high-performance server load balancing (SLB) for clusters of network devices, such as web servers, fire walls, and caches.
A server load balancing device provides a public IP address for clients to reach the service and executes a server-selection algorithm to distribute client requests among the servers.The CSM provides intelligent load balancing by offering a wide variety of configurable server-selection algorithms. Also, the CSM provides content switching by inspecting incoming messages (to a configurable depth) as part of the distribution decision.The CSM performs server health checks, so that requests are only sent to operational servers. The CSM supports a variety of configurations (including redundant configurations) to maximize the performance and availability of the network servers.
Please read CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE document to know more about CSM in Cisco 6500