Growing up, most of us were fascinated by the gadgets aboard the Starship USS Enterprise in Star Trek. Although tele-porting may remain a Sci-Fi thing, amazing innovations have now made several of those gadgets a reality. Soon smart buildings will reserve rooms, measure temperature, count people by using light bulbs with built-in sensors. Hotel rooms will provide intelligent minibars that monitor the shelf life of food, do stock keeping and smart mirrors that can transform into video displays. All this can be made possible by enhanced PoE (Power-over-Ethernet). PoE has become mainstream for transporting power and data over copper for IP phones, wireless access points, cameras, compact switches, small cell radios and several IOT devices.
The two main driving factors are:
Lower Capex and Opex by not having to install and manage separate cabling for power.
PoE availability on multi-gig switches for APs and compact switches for >1GE data rate.
PoE recently got a shot in the arm with the ratification of IEEE 802.3bt standard that promises to extend PoE to many more PDs (powered devices) and enable brand new use cases. But before we go into that, a brief History of PoE:
IEEE 802.3 working group first ratified 802.3af (15W PoE) in 2003, followed by 802.3at (PoE+ 30W) in 2009. Standardization guarantees that the switch or PSE (Power Source Equipment) and PD (Powered Device) can interop across the eco-system and power can be safely delivered to end systems. These standards deliver power using two out of the four pair sets of the ethernet twisted pair cable. In 2011, Cisco pioneered 60W Cisco UPOE® leveraging all four pair sets for compact switches and PDs that needed more power like Video phones, cameras daisy chained to access points etc.
IEEE 802.3bt brings many improvements over the previous standards:
• Expands the PD ecosystem by four new classes of PDs from the existing four, while retaining full backward compatibility with earlier standards
• Higher power draw compared to previous standards; up to 90W of power can be safely sourced from the PSE.
• Support for non-compliant PDs by allowing them to draw at least 15W of power using the classless category.
• Better housekeeping using ‘connection check’ feature that tests if end-point is a functional PD, can draw power over 1, 2 or 4 pairs and if the cable can provide requested power
• Energy savings, as transmitting power over four pairs of copper strands is 50% more energy efficient than two pairs. The standard adds support for Energy Efficient Ethernet (EEE) reducing minimum power signal by a factor of 10. (MPS: The minimum power from a PSE to keep a PD active)
All the above improvements facilitate new use cases and guarantee a safe method of delivering higher power that can be easily setup by IT staff. Like the previous standards, safety is built in where current won’t be applied until the PD identifies itself as a powered device and current won’t exceed the maximum negotiated by the device. This safety aspect becomes even more critical with higher power delivery. 802.3bt opens up PoE to a variety of applications beyond what has been accomplished so far. Power drawn by intelligent lighting, small cell radios, daisy-chained access points or compact switches, stepper and brush-less motors, pan-tilt-and-zoom cameras, thin clients, all-in-one PCs, large screen displays, USB-C power adapters, etc. These are the building blocks of modern digital buildings for enterprises that strive to reduce cost, lower carbon footprint and at the same time build intelligent, collaborative and efficient work spaces that increase productivity significantly. Still, certain challenges cannot be overlooked:
“With great power comes greater responsibility – Ben Parker”.
Power efficiency: Power supplies powering the PSE need to be more energy efficient to ensure that they deliver more usable DC power for every watt of AC power drawn, to the PSE for not only the data functions on the switch but also power the PDs. Cisco Catalyst 9000 802.3bt switches1 are powered using efficient 80 PLUS platinum rated power supplies.
Power availability: Increasingly enterprises are relying on DC power sources as backup with AC power provided from the grid to mitigate downtime due to power outages. These switches also provide power redundancy using N+1 or N+N AC, DC or mixed mode power supply configurations and any failed power supply can be serviced in the field while the PSE remains online. Cisco innovations such as “Perpetual PoE” and “Fast PoE” ensure higher availability of sourced power. Perpetual PoE continues to power the PD even if the PSE is power cycled during a software upgrade. In the event both active and standby power sources were to go down, the disruption of power to critical PDs is significantly reduced using the Fast PoE feature which restores power to PD in matter of seconds, long before the PSE boots up. Also, in case of reduction in available power, POE priority ensures critical PDs continue to receive power.
PD on-boarding: As 802.3bt connects new PDs to the network at scale, they still need to be provisioned and then authenticated to use the network services. Having to do that manually will significantly burden the IT. As IoT and LAN networks converge at the campus access, a centralized management layer is needed that can automate the provisioning of devices the same way it does for all campus connected end-points. Cisco DNA Center can be used to automate the on-boarding, authentication, configuring policies and segmentation of the devices. Cisco DNA assurance can proactively determine issues affecting the connectivity to those devices and provides step-by-step troubleshooting.
Security threats: The security of the network becomes even more challenging as PDs proliferate and end-point security is not an option. As these devices become more intelligent, attackers are creating sophisticated malware to infect them. Firewalls won’t see these malware as they only inspect the traffic entering and exiting the network. To reduce the attack surface, it’s important to segment the IoT devices. Traditional segmentation using VLANs and IPACLs are not scalable as the number of devices explode. Cisco DNA provides identity-based segmentation using Cisco Software-Defined Access where any device is segmented right from the point it’s on-boarded onto the network.
PD classification: As the number of connected devices expand, it’s quite likely that a number of these will be unknown for policy enforcement. To be able to segment them correctly, it’s a pre-requisite to be able to classify them correctly. Cisco Identity Services Engine provides PD device classification by integrating with a majority of 3rd party eco-system products that are used to manage these devices.
Finally, “Will the introduction of 802.3bt PSE maintain connectivity with existing Cisco UPOE endpoints?” The answer is, “YES – Cisco’s 802.3bt implementation is fully backward compatible, not only with existing Cisco UPOE as well as IEEE 802.3x (x=af/at) compliant PDs”. 802.3bt compliant PSEs protect new PoE investments by expanding the PD eco-system to drive brand new use cases today and in future.
The saga continues with Part 2 of this blog …So, stay tuned.
1 802.3bt Type 3 is shipping on Catalyst 9400 series and will be available soon on Catalyst 9300 series through a firmware upgrade
I replaced an ASA5508X which was totally fried and I did have a backup configuration saved so I managed to transfer it.I have several VLANs of which 1 I need to get out through WAN2 instead of WAN1 like all the rest. There is 1 LAN interface (Gi...
Hi All. I have Edge devices where users connected with cable and each edge has APs connected which has Bonjour devices connected to it. So my question how can I make SDG Agent to any service-filter both as source and query.
Hello,i have a nexus 3064pq and i have set 192.168.1.2/27 on my management interface and add default route to 192.168.1.1 for my management vrf and i need to establish bgp with 192.168.1.2 towards 192.168.1.1 , but it seems my nexus is using default vrf a...
I've been reading up on MPLS and LDP and, as I understand it, LDP is just another forwarding table that replicates the IGP forwarding table. For example, if you're running OSPF or IS-IS, LDP just takes whatever prefixes are learned via the IGP and builds ...