Overview

Bandwidth demands continue to grow, but equipment budgets are not. At the same time, the requirement for high-value and resilient solutions continues to guide equipment choices. The FastIron LS series enterprise-class Layer 2/Base Layer 3 switches address these competing goals—low cost and high value.

The FastIron LS series provides organizations with a scalable "pay-as-you-grow" architecture in a compact form. Featuring redundant power, 10-Gigabit Ethernet upgradeability for high capacity connectivity to the network backbone, the FastIron LS delivers the scalability, low latency, and resilience needed to implement a high-value solution that can scale to meet future growth at the network edge.

Combining Fast Ethernet, and Gigabit Ethernet with a robust feature set, advance security, exceptional quality of service assurance and intelligent fault detection, the FastIron LS series offers maximum productivity and investment protection, while enabling the deployment of intelligent edge solutions delivering Ethernet services to laptops, servers, workstations, mobile networks, wireless LAN networks, and other Ethernet connected endpoints.

The FastIron LS series are designed to conserve space and power. Their one rack unit height and shallow depth (~33 cm/13 inches) allow them to be installed in cabinets in which larger systems are not supported.

Expanding beyond the enterprise, the FastIron LS series can also be deployed in metro area networks connecting branch offices with 10GbE uplinks. In this environment, important features include Foundry's Metro Ring Protocol for building resilient ring-based topologies, VLAN stacking, and advance multicast capabilities including IGMP v1/v2/v3 and MLD v1/v2 snooping for controlling multicast traffic in high-bandwidth content distribution applications.

In addition, the FastIron LS switches are optimized for flexibility with upgradeability for 10-Gigabit Ethernet, and redundant power. The FastIron LS switches include an integral, non-removable AC power supply. An optional one rack unit high AC power supply unit can be used to provide redundant power operation for up to four FastIron LS switches.

The FastIron LS series is offered in two base models.

The FastIron LS 624 model:

• Twenty-four 10/100/1000 Mbps RJ-45 Ethernet ports
  • Four ports are combination RJ45-SFP ports used as either a copper 10/100/1000 Mbps Ethernet or as a fiber 100/1000 Mbps
• Up to three 10-Gigabit Ethernet slots configurable with single-port 10-Gigabit Ethernet pluggable modules

The FastIron LS 648 model:

• Forty-eight 10/100/1000 Mbps RJ-45 Ethernet ports
  • Four ports are combination RJ45-SFP ports.
• Up to two 10-Gigabit Ethernet slots configurable with single-port 10-Gigabit Ethernet pluggable modules.

Target Applications

With a powerful set of Layer 2 switching and Base Layer 3 routing capabilities, extensive security features, bandwidth scalability and compact design the FastIron LS series is well-suited for broad range of applications including:

• Enterprise: High bandwidth network access for desktops, servers, workstations, mobile networks, and other Ethernet connected endpoints
• Education: Secure network access connectivity for K-12 and universities
• Metro networks: cost-effective in-building MTU or CPE for unicast and multicast services delivery

Back to top

Features

Performance and Scalability

Today's business and networking applications continue to consume more bandwidth. A future-ready network needs to scale to support the growing and evolving demands of these environments.

FastIron LS customers will benefit from the systems' wire-speed switching architecture and its ability to support one or more ports of 10-Gigabit Ethernet. The FastIron LS switches support two types of single port 10-Gigabit Ethernet pluggable modules, the FLS-1XG and the FLS-1XGC. The FLS-1XG supports a range of XFP optic transceivers, while the FLS-1XGC supports an integrated CX4 transceiver providing a low cost, high performance 10-Gigabit Ethernet solution for inter-switch or server-to-switch connectivity.

Additionally, the product features advanced quality of service capabilities including low-latency switching (less than 5 microseconds), eight priority queues, ingress and egress rate limiting, weighted round robin (WRR), strict priority (SP) and a mix of SP and WRR scheduling methods.

FastIron LS series is a powerful solution for the delivery of high-performance and delay-sensitive applications.

Ease of use: Plug and Play

The FastIron LS series supports the IEEE 802.1AB LLDP and ANSI TIA 1057 LLDP-MED standards enabling organizations to build open convergence, advanced multi-vendor networks. LLDP greatly simplifies and enhances network management, asset management and network troubleshooting. For example it enables discovery of accurate physical network topologies, including those which have multiple VLANs where all subnets may not be known. LLDP-MED addresses the unique needs that voice and video demand in a converged network by advertising media and IP telephony specific messages that can be exchanged between the network and the endpoint devices. LLDP-MED provides exceptional interoperability, IP telephony troubleshooting and automatic deployment of policies, inventory management, and E911 location/emergency call service support. These sophisticated features make converged networks services easier to install, manage and upgrade and significantly reduce operations costs.

The FastIron LS Series supports DHCP client-based auto-configuration, simplifying customer deployment and configuration providing true Plug-and-Play. Enterprises can use this feature to automate the IP address and feature configuration of FastIron LS switches without the presence of a highly-trained network engineer on-site. Technicians can simply power up a new FastIron LS and the unit will automatically get its IP address and configuration from DHCP and TFTP servers. Auto-configuration provides and intelligent solution to reduce OPEX while simplifying network management.

Advanced Multicast Features

FastIron LS switches support a rich set of Layer 2 multicast features enabling advanced multicast services delivery. Internet Group Management Protocol (IGMP) snooping for IGMP version 1, 2 and 3 is supported. Source-based multicast—a key requirement for IGMP v3 snooping—is a Layer 2 service feature. This provides improved bandwidth utilization and more secure multicast services delivery.

FastIron LS series also supports Multicast Listener Discovery (MLD) versions 1 and 2 snooping, enabling source-based multicast applications in IPv6 environments.

Advanced Layer 2 and base Layer 3 Protocols for Building Resilient Networks

Software features including Virtual Switch Redundancy Protocol, Foundry's Metro Ring Protocol, Rapid Spanning Tree Protocol, Multiple Spanning Tree Protocol and 802.3ad Link Aggregation provide alternate paths for traffic in the event of a link failure. Sub-second fault detection utilizing Link Fault Signaling, protected link groups and Uni-directional Link Detection (UDLD) ensure rapid fault detection and recovery.

Enhanced Spanning Tree features such as Root Guard and BPDU Guard prevent rogue hijacking of Spanning Tree root and maintain a contention and loop free environment especially during dynamic network deployments. FastIron LS software and hardware features provide a robust and resilient infrastructure solution in a cost-effective and compact form.

Base Layer 3 functionality enhances the capability of the FastIron LS as an edge platform. Base Layer 3 allows customers to use simple Layer 3 features such as IPv4 static routes, virtual interfaces (VE), routing between directly connected subnets, RIPv1/v2 announce, VRRP, DHCP Relay and routed interfaces. Network managers can remove complexity from an end-to-end Layer 3 network design and eliminate the cost required for a full Layer 3 edge switch.

Comprehensive Enterprise-class Edge Security and Quality of Service Assurance

FastIron LS switches are powered by Foundry's IronWare operating software, which offers a rich set of Layer 2 switching services, Base Layer 3 functionality, an advanced security suite for network access control (NAC) and denial of service protection, and quality of service (QoS). IronWare security features include protection against TCP SYN and ICMP denial of service (DoS) attacks, Spanning Tree Root Guard and BPDU Guard to protect network spanning tree operation, and broadcast and multicast packet rate limiting.

IronWare advanced QoS controls include honoring, prioritizing, classifying, and marking Ethernet and IP traffic, enabling the switches to honor VoIP traffic using 802.1p priority and IP Type of Service and DiffServ Codepoints (TOS/DSCP). In today's heightened security environment there may be a need to set up traffic intercept, for example in the case of the US Communications Assistance for Law Enforcement Act (CALEA) compliance that requires businesses be able to intercept and replicate data traffic directed to a particular user, subnet, port, etc. This is particularly essential with networks implementing IP phones. The FastIron LS provides the capability necessary to support this requirement through ACL-based Mirroring, MAC filter-based Mirroring and VLAN-based Mirroring. Network managers can apply a "mirror ACL" on a port and mirror a traffic stream based on IP source/destination address, TCP/UDP source/destination ports and IP protocols such as ICMP, IGMP, TCP, UDP. A MAC filter can be applied on a port and mirror a traffic stream based on a source/destination MAC address. VLAN-based mirroring is another option for CALEA compliance. Many enterprises have service-specific VLANs, such as voice VLANs. With VLAN mirroring all traffic on an entire VLAN within a switch can be mirrored or specific VLANs can be transferred to a remote server.

FastIron LS come standard with IronShield 360, Foundry's unique and powerful closed loop threat mitigation solution. IronShield 360 is a system-side security solution that uses best-of-breed intrusion detection systems to inspect sFlow traffic samples for possible network attacks. In response to a detected attack, IronView Network Manager can apply a security policy to the compromised port. This automated threat detection and mitigation stops network attacks in real time, without human intervention.

Network managers can rely on features such as multi-device and 802.1X authentication with dynamic policy assignment to control network access and perform targeted authorization on a per-user level. Additionally, the FastIron LS supports enhanced static MAC with the ability to deny traffic to and from a MAC address on a per-VLAN basis allowing network managers to control and deploy access policies per endpoint MAC address. This provides network administrators with a powerful tool for controlling access policies per endpoint device.

The FastIron LS series supports Foundry's IronShield 360 security solution for detecting and mitigating zero-day (i.e., anomaly-based) and known (i.e., signature-based) network attacks. IronShield leverages hardware-based sFlow packet sampling technology embedded in FastIron LS switches. The combination of sFlow packet sampling, Foundry's IronView Network Manager (INM), and Snort intrusion detection protects the enterprise from network attacks. This advanced security capability provides a network-wide security umbrella without the added complexity and cost of ancillary sensors.

Standards-based NAC enables network operators to deploy best-of-breed NAC solutions for authenticating network users and validating the security posture of a connecting device. Support for policy-controlled MAC-based VLANs provides additional control of network access, allowing for policy-controlled assignments of devices to Layer 2 VLANs.

Unified and Secure Element Management

FastIron LS series is supported by Foundry's IronView Network Manager (INM) providing unified network management across Foundry products. INM greatly simplifies network operations, provisioning, troubleshooting and alarm reporting. INM offers multilevel access security on the console and a secure Web management interface preventing unauthorized users from accessing or changing the switch configuration.

INM employs a Java-based network-configuration and management tool that displays, in graphical detail, network and application-level traffic information. This allows network managers to accurately monitor overall networking operations, zero in on hot spots, and quickly diagnose and troubleshoot difficulties before they develop into widespread problems.

FastIron LS series includes Secure Shell (SSHv2), Secure Copy, and SNMPv3 to restrict and encrypt management communications to the system. Additionally, support for Terminal Access Controller Access Control Systems (TACACS/TACACS+) and RADIUS authentication ensure secure operator access.

Fault Detection

The FastIron LS switches provide both logical fault detection and physical fault isolation capability. Logical fault detection is supported through software features such as Link Fault Signaling (LFS), Remote Fault Notification (RFN) , Protected Link Groups and Uni-directional Link Detection (UDLD).

• Link Fault Signaling (LFS) is a physical layer protocol that enables communication on a link between two 10 Gigabit Ethernet switches. When configured on a 10 Gigabit Ethernet port, the port can detect and report fault conditions on transmit and receive ports.
• Remote Fault Notification (RFN) enabled on 1Gb transmit ports notifies the remote port whenever the fiber cable is either physically disconnected or has failed. When this occurs the device disables the link and turns OFF both LEDs associated with the ports.
• Protected Link Groups minimize disruption to the network by protecting critical links from loss of data and power. In a protected link group, one port in the group acts as the primary or active link, and the other ports act as secondary or standby links. The active link carries the traffic. If the active link goes down, one of the standby links takes over.
• UDLD monitors a link between two FastIron LS switches and brings the ports on both ends of the link down if the link goes down at any point between the two devices.

Physical fault isolation on the FastIron LS switches is supported through Virtual Cable Test (VCT) technology. VCT technology enables diagnosing a conductor (wire or cable) by sending a pulsed signal into the conductor, then examining the reflection of that pulse. By examining the reflection, the FastIron LS switches can detect and report cable statistics such as local and remote link pair, cable length, and link status.

The FastIron LS also supports enhanced Digital Optical Monitoring of Foundry XFP optics providing real time detection resulting in reduced down time. Network managers can use the enhanced Digital Optical Monitoring capability to monitor the health and strength of the transceivers. Key optic parameters that can be monitored include TX/RX power, temperature and bias current. The switch will generate alarms when any of these parameters go beyond the normal range.

In addition, the FastIron LS supports network loop detection and stability features such as Port Flap Dampening, single link LACP and Port Loop Detection. Port Flap Dampening feature increases the resilience and availability of the network by limiting the number of port state transitions on an interface. This reduces the protocol overhead and network inefficiencies caused by frequent state transitions occurring on misbehaving ports. Single Link LACP can be used as a bi-directional link detection protocol. This solution appeals to customers because it is standards-based and works with other switch vendors. The Port Loop Detection feature enables network managers to detect and prevent Layer 1 and Layer 2 loops without using STP. Customers that do not enable a Layer 2 Protocol, such as STP to detect physical loops at the edge, can use Port Loop detection. Port Loop detection can be used to detect loops occurring on a port as well as within an entire network.

Back to top

Specifications

Standards Compliance

• IEEE 802.1D-1998 MAC Bridging
• IEEE 802.1q/p VLAN Tagging
• IEEE 802.1w Rapid Spanning Tree
• IEEE 802.1s Multiple Spanning Tree
• IEEE 802.1X Port-based Network Access Control
• IEEE 802.3 10Base-T
• IEEE 802.3ad Link Aggregation (Dynamic and Static)
• IEEE 802.3u 100Base-TX
• IEEE 802.3x Flow control
• IEEE 802.3z 1000Base-SX/LX
• IEEE 802.3ab 1000BaseT
• IEEE 802.3ak CX4
• IEEE 802.3ae 10 Gigabit Ethernet
• IEEE 802.3 MAU MIB (RFC 2239)
• IEEE 802.1AB LLDP/LLDP-MED
• IEEE 802.1p Mapping to Priority Queue

Layer 2 Features

• 4,096 VLANs
• 16,000 MAC Addresses
• Single-instance Spanning Tree
• IEEE 802.1s Multiple Spanning Tree
• Foundry's Protocol VLANs, subnet VLANs
• MAC based VLANs
• Port Security
• MAC Address Locking
• Port-based Access Control Lists
• Dual Mode VLANs
• Fast Port Span
• BPDU Guard, Root Guard
• GARP VLAN Registration Protocol
• MAC-Layer Filtering
• Port-based Mirroring, ACL-based Mirroring, MAC filter-based Mirroring, VLAN-based Mirroring
• Per VLAN STP (PVST/PVST+/PVRST)
• VLAN Groups
• Uni-Directional Link Detection (UDLD)
• Port speed downshift and selective auto-negotiation
• Dynamic Voice VLAN Assignment
• Jumbo Frames up to 9,216 bytes for 10/100/1000 ad 10GbE ports
• IGMP Snooping (v1/v2/v3)1
• MLD Snooping (v1/v2)
• PIM-SM Snooping
• Private VLANs and uplink-switch
• Trunk groups
• Auto MDI/MDIX
• Trunk threshold
• Single link LACP
• Protected Link Groups
• Port Loop Detection
• VLAN based Static MAC Denial
• Flexible static MAC address configuration

Layer 2 Metro Features

• VLAN stacking (Q-in-Q)2
• Super Aggregated VLAN (SAV)
• Metro Ring Protocol (MRP)
• Virtual Switch Redundancy Protocol
• Topology Groups

Base Layer 3 features

• Virtual Interfaces (VE)
• Routed Interfaces
• IPv4 Static Routes
• Routing between directly connected subnets
• RIP v1/v2 announce
• VRRP
• DHCP Relay

Quality of Service

• MAC Address Mapping to Priority Queue
• ACL Mapping to Priority Queue
• ACL Mapping to ToS/DSCP
• Honoring DSCP and 802.1p
• ACL Mapping and Marking of ToS/DSCP
• DiffServ Support
• Classifying and Limiting Flows based on TCP flags
• DHCP Relay
• QoS Queue Management Using Weighted Round Robin (WRR), Strict Priority (SP), and a combination of WRR and SP

Traffic Management

• Inbound Rate Limiting per port
• ACL-based inbound rate limiting and traffic policies
• Outbound Rate Limiting per port and per queue
• Broadcast, Multicast and unknown Unicast Rate Limiting

Management and Control

• Virtual Cable Tester
• RFC 2571 Architecture for Describing SNMP Framework
• RFC 2131 DHCP Relay
• RFC 1493 Bridge MIB
• Configuration Logging
• RFC 1643 Ethernet Interface MIB
• RFC 1643 Ethernet MIB
• Foundry Discovery Protocol (FDP)
• RFC 2068 Embedded HTTP
• RFC 2818 Embedded HTTPS
• Industry Standard Command Line Interface (CLI)
• Integration with HP OpenView for Sun Solaris, HP-UX, IBM's AIX, and Windows NT Standalone Windows NT
• IronView Network Manager (INM) Web-based graphical user interface
• Embedded Web Management
• RFC 3176 sFlow
• RFC 1213 MIB-II
• RFC 1516 Repeater MIB
• RFC 1724 RIP v1/v2 MIB
• RFC 1757 RMON MIB
• RFC 2572 SNMP Message Processing and Dispatching
• RFC 1573 SNMP MIB II
• RFC 2575 SNMP View-based Access Control Model SNMP
• RFC 1157 SNMPv1/v2c
• RFC 2573 SNMPv3 Applications
• RFC 2570 SNMPv3 Intro to Framework
• RFC 2574 SNMPv3 User-based Security Model
• SNTP Simple Network Time Protocol
• Support for Multiple syslog Servers
• RFC 854 TELNET Client and Server
• RFC 783 TFTP
• MIB support for MRP, Port Security, MAC authentication and MAC-based VLANs
• IPv6 Management (for Layer 2 and Base Layer 3)
• Display log messages on multiple terminals
• Auto-configuration

Performance

FastIron LS 624/FastIron LS 648

• Switching Capacity 108 Gbps/136 Gbps
• Forwarding Performance 85 Mpps/106 Mpps

Element Security Options

• IEEE 802.1X username export in sflow
• Authentication, Authorization, and Accounting (AAA)
• Bi-level Access Mode (Standard and EXEC Level)
• Protection for Denial of Service attacks
• RADIUS/TACACS/TACACS+
• Secure Copy (SCP)
• Secure Shell (SSHv2)
• Username/Password
• Advanced Encryption Standard (AES) with SSHv2

Physical Dimensions

All FastIron LS models:

• 1.7" (H) x 17.3" (W) x 12.92" (D)
• 4.34 cm (H) x 44 cm (W) x 32.84 cm (D)

Weight

FastIron LS 624/FastIron LS 648

• 10 lbs (4.52 kg)/10.9 lbs (4.93 kg)

Environmental Ranges

• Operating Noise: < 43 dBA
• Operating temperature: 32° to 122°F (0° to 50°C)
• Relative humidity: 5% to 95% @ 122°F (50°C), non-condensing
• Storage temperature: -40° to 158°F (-40° to 70°C)
• Maximum watts: 100W (340 BTU/Hr)
• Storage altitude: 10,000 ft (3,000 m) maximum

MTBF (estimated)

• FLS624 162,484 Hrs @ 25°C (76.9°F)
• FLS648 149,870 Hrs @25°C (76.9°F)
• FLS-1XG—6 years
• FLS-1XGC—6 years

Regulatory Compliance and Safety Approvals

• Emissions
  • ICES-003, Electromagnetic Emission
  • FCC Part 15 Class A
  • EN 55022/CISPR 22 Class A
  • VCCI Class A
  • EN 61000-3-2, Power Line Harmonic
  • EN 61000-3-3, Voltage Fluctuation and Flicker
  • EN 61000-6-3, Electromagnetic Compatibility, Generic Standard
  • AS/NZS CISPR 22, Electromagnetic Compatibility
• Immunity
  • EN 61000-6-1, Electromagnetic Compatibility, Generic Standard
  • EN 55024, Information Technology Equipment—Immunity Characteristics
• RoHS
  • RoHS Compliant (6 of 6)
• WEEE compliant
• Safety
  • BI-NAT CSA 60950-1-90/UL 60850-1
  • EN 60950-1:2001
  • IEC 60950-1:2001

Warranty

• 5-year Limited Lifetime Hardware Warranty
  • Foundry warrants that, excluding the power supply, fan, removable optics and LED, the product hardware will be free from defects in material and workmanship that result in a material deviation from the applicable published Foundry technical specifications.
• 90-days Limited Software Warranty
  • Foundry warrants that software, when used in accordance with the terms of the Foundry license, will operate substantially as set forth in the applicable Foundry Documentation following delivery of the software to licensee.

Back to top

System Options

Feature	FLS624	FLS648
Switching Performance	108 Gbps	136 Gbps
Forwarding Performance	85 Mpps	106 Mpps
10/100/1000 Port Density	20 plus 4-port Combo	44 plus 4-port Combo
100/1000 Mbps SFP Density	4 Combo Ports	4 Combo Ports
Gigabit Ethernet SFP Density	4 Combo Ports	4 Combo Ports
10-Gigabit Ethernet	3	2
100 Mbps Optics	100Base-FX and 100Base-BX
Gigabit Ethernet Optics	SX, SX2, LX, LHA, LHB, 1000Base-BX and CWDM
10 Gigabit Ethernet XFP Transceivers	CX4, SR, LR, ER, 1310-MM, ZR and ZRD
Power Supply	AC (Internal)	AC (Internal)
External RPS Supporting up to 4 FLS Units	Yes (RPS2-EIF)	Yes (RPS2-EIF)
Maximum Number of MAC Addresses	16,000	16,000
Maximum Number of VLANs	4,096	4,096
Maximum Number of STP	255	255
IGMP Snooping	v1, v2, and v31	v1, v2, and v31
MLD Snooping	v1 and v2	v1 and v2
PIM-SM Snooping	Yes	Yes
IGMP Proxy for Static Groups	Yes	Yes
Rate Limiting	Inbound and Outbound	Inbound and Outbound
L3 Access Control List	Yes	Yes
Aggregation Stability Features	BPDU and Root Guard, Single Link LACP, Port Loop Detection, Port Flap Dampening, Trunk Threshold
Number of Ports per Trunk	8	8
Number of Trunk Groups	13	25
Multi-device Authentication and Dynamic VLAN Assignment	Yes	Yes
802.1X Authentication and Dynamic VLAN and ACL Assignment	Yes	Yes
MAC-based VLANs	Yes	Yes
Metro Features	Metro Ring Protocol, Virtual Switch Redundancy Protocol, Super Aggregated VLAN (SAV), VLAN stacking (Q-in-Q)2 and Topology Groups

Back to top

Literature

Datasheets

• FastIron LS Series Datasheet (PDF 252K)
• Optics Family (PDF 171K)

White Papers

• Leveraging the Advantages of a Multi-vendor Network Strategy (PDF 181K)
• Multicast Deployment Guide (PDF 187K)

Back to top