Avaya 100 Series Application And Qualification Manual
  1. Manuals
  2. Brands
  3. Avaya Manuals
  4. Network Router
  5. 100 Series
  6. Application and qualification manual
Avaya 100 Series Application And Qualification Manual

Avaya 100 Series Application And Qualification Manual

Secure router
Hide thumbs Also See for 100 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual
Avaya Secure Router
1001S/1001/1002/1004/3210
Application and Qualification Guide
Avaya Secure Router 100x and 3120
Technical Solution Guide
Avaya Data Solutions
Document Date: October_2010
Document Number: NN48500-528
Document Version: 02.01

Advertisement

Table of Contents
loading

Related Manuals for Avaya 100 Series

Summary of Contents for Avaya 100 Series

  • Page 1 Avaya Secure Router 1001S/1001/1002/1004/3210 Application and Qualification Guide Avaya Secure Router 100x and 3120 Technical Solution Guide Avaya Data Solutions Document Date: October_2010 Document Number: NN48500-528 Document Version: 02.01...
  • Page 2 Avaya Support Web site: http://www.avaya.com/support Please note that if you acquired the product from an authorized reseller, the warranty is provided to you by said reseller and not by Avaya. Licenses THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA WEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO/...
  • Page 3 Abstract This guide should serve as an application qualification guide for the Avaya Secure Router 1001S, 1001, 1002, 1004 and 3120 running NT2.0 software. It includes a brief overview of the products as well as clearly identified applications. In addition there is a section that can be used to quickly determine if the current product offering meets customers requirements based on a number of simple questions.

  • Page 4: Table Of Contents

    Table of Contents Introduction............................4 Differentiators ..........................4 Portfolio Overview ......................... 5 Project Assessment .......................... 7 Does Avaya Secure Router 100X/3120 Meet the Requirements? ..........8 Applications ............................. 10 Maximizing WAN Investment ...................... 10 Multimedia QoS ........................... 12 Internet Gateway ......................... 14 Business Continuity ........................

  • Page 5: Introduction

    1.1 Differentiators The SR portfolio provides the following competitive differentiators for Avaya: 1) The portfolio strengthens Avaya’s position as one of the few companies in the industry delivering end-to-end converged IP telephony and multimedia networks for real-time communications. Avaya Secure Routers demonstrate our commitment to enterprise customers by providing them with an entire converged multimedia networking infrastructure.

  • Page 6: Portfolio Overview

    1.2 Portfolio Overview The Secure Router 1000 & 3120 series are part of Avaya’s Secure Router product family. Secure Router 1000 Series, which deliver fast, secure, reliable and scalable wide area network (WAN) T1/E1 access for enterprises. These powerful platforms provide consistent high-speed throughput with no degradation in performance - even with advanced services enabled.
  • Page 7 802.1p 802.1Q QinQ Ethernet Virtual Ethernet VPN  Layer 3 OSPF VRRP BGP4 PIM-SM PIM-SSM IGMPv1 IGMPv2 IGMPv3 DHCP RADIUS ECMP  Services Stateful Firewall Access Control Lists Class Based Queuing (Ethernet interface support introduced in NT2.0) Policing ALGs (over 30)

  • Page 8: Project Assessment

    2. Project Assessment The following should be filled out completely for every product assessment. This data will serve to identify future directions and market placement for the Avaya Secure Router family. Project name Customer name Number of sites Bandwidth per site...

  • Page 9: Does Avaya Secure Router 100X/3120 Meet The Requirements

    3. Does Avaya Secure Router 100X/3120 Meet the Requirements? The following list of questions can be used to quickly determine if the current SR portfolio product offering meets customer’s requirements which could prevent it from being an immediate fit for shorter term opportunities.
  • Page 10 The SR 1000 and 3000 support 550K BGP routes with 150K active system routes. The current Internet routing table is around 180K and must be filtered using an inbound policy to reduce the number of imported routes into the active routing table.

  • Page 11: Applications

    4. Applications The following sections identify several key applications in which the Avaya Secure Router excels. Keep in mind that these applications are technology focused. An additional benefit of the SR products is their low cost relative to leading competitors.
  • Page 12 These bandwidths are bidirectional and are with firewalling and QoS enabled. SR also supports multilinking of multiple PPP encapsulated WAN interfaces as well as FRF.15 and FRF.16 for multilink frame relay. These solutions enable incremental and cost-effective growth of WAN connectivity.

  • Page 13: Multimedia Qos

    4.2 Multimedia QoS What: Comprehensive QoS for multimedia applications including low latency and line rate performance enables advanced QoS for services like voice and video. Who: Customers looking to differentiate traffic and applications, specifically voice and multimedia. Why: SR hierarchical QoS enables Enterprises to manage traffic and applications across the WAN with significantly more control than typical edge routers.
  • Page 14 The parent is used to define a class hierarchy. Ultimately the top level class has a parent of either root- out or root-in representing the interface itself. CBQ is supported on both inbound and outbound on all WAN interfaces as well as outbound for Ethernet LAN interfaces however shaping is typically configured on interfaces in the outbound direction.

  • Page 15: Internet Gateway

    4.3 Internet Gateway What: Internet access sharing for a corporate environment complete with stateful firewall, comprehensive address translation and QoS. Who: Customers looking to deploy an edge device to manage a provider Internet connection Why: SR provides a complete all-in-one solution for firewall, address translation, DHCP and QoS enabling Enterprises to deploy it as a cost effective solution for Internet gateway applications.
  • Page 16 The SR firewall solution includes more than 30 ALGs that are used to enable the firewall to open only the ports necessary to support complex applications such as Voice over IP (VoIP) and Session Initiation Protocol (SIP) communications. ...

  • Page 17: Business Continuity

    4.4 Business Continuity What: Fault tolerance and advanced routing techniques for reliable WAN and LAN connectivity. Who: Enterprises looking to protect themselves against loss of critical connectivity and services Why: SR provides advanced mechanisms for resiliency including VRRP and comprehensive multilink bonding enabling Enterprises to deploy a fault tolerant gateway solution.
  • Page 18  Internet Service Provider (ISP) Backup With Border Gateway Protocol version 4 (BGP4)-equipped Secure Routers, enterprises can ensure Internet access remains available even if service from one ISP shuts down. BGP4 multi- homing enables organizations to utilize two ISPs for dual homed load sharing. When the connection between one ISP fails, the router quickly and automatically redirects all traffic to the remaining available ISP.

  • Page 19: Multicast

    4.5 Multicast What: Multicast protocols for provisioning of multimedia and data casting deployments. Who: Customers looking to deploy multicast video solutions or support data casting to multiple sites Why: SR supports leading multicast protocols including PIM-SSM and IGMPv3 for effective management of multimedia and data casting applications.

  • Page 20: Virtual Private Networking

    4.6 Virtual Private Networking What: Branch to branch and remote access VPNs across a Wide Area Network (WAN) Who: Customers looking to deploy branch to branch secure VPNs or remote access. Why: SR offers a full suite of VPN technologies including branch to branch and remote access IPSec in a single cost effective edge routing platform.
  • Page 21 SR uses GRE encapsulation for dynamic routing over IPSec. See security for additional security features. Support for CVC in future releases. In addition SR supports routing over IPIP for interoperability with Avaya VPN Router products. Secure Router 100x and 3120 Technical Solution Guide...

  • Page 22: Security

    4.7 Security What: Advanced infrastructure protection including address translation, denial of service defense and stateful firewalling Who: Customers looking to secure their enterprise resources from 3 parties Why: SR provides full stateful firewalling and address translation with up to 25 zones and 1,024 policies per zone.
  • Page 23 Policy-based NAT and Port Address Translation (PAT) allows network managers to apply rules to NAT functionality, providing more intelligence than standard NAT; the NAT policy integrates easily with an organization’s security and QoS policies.  Application Level Gateways (ALGs)

  • Page 24: Virtual Ethernet

    4.8 Virtual Ethernet What: Seamless virtual LAN connections across a WAN Who: Customers looking to seamlessly connect multiple sites while leveraging their existing routing, security, QoS and management infrastructures. Why: SR provides a unique comprehensive virtual Ethernet solution enabling transparent Ethernet across the WAN.
  • Page 25 In addition the SR supports the following enhanced features:  Layer 2 QoS Comprehensive QoS in Layer 2 mode supports Class-Based Queuing (CBQ), allowing VLAN traffic to be classified and prioritized according to the VLAN tag and on the contents of the IP header.

  • Page 26: Rfc2547 Ce

    4.9 RFC2547 CE What: Operation as a reliable Customer Edge device for integration into an RFC2547 VPN environment Who: Customers looking to capitalize on provider MPLS VPN technologies Why: SR supports a full implementation of BGP and comprehensive QoS; elements required for full integration into an RFC2547 VPN environment.
  • Page 27  SR supports advanced traffic shaping and policing allowing enterprises to take advantage of provider next generation multi-service networks.  Reliability A hardened platform with full software features for reliable connections including MLPPP, MLFR, VRRP and backup connections provides an ideal reliable extension to a carrier grade provider network.

  • Page 28: Multi-Hospitality Unit Services

    4.10 Multi-Hospitality Unit Services What: Features specific to address multi-tenant access for hotels, apartments and WiFi hotspots Who: Customers looking for an all-in-one solution to providing Internet or network access in a dynamic multi- tenant environment. Why: SR supports DHCP, firewall, address translation and content portal functionality for dynamic multi-tenant deployments allowing enterprises to deploy a single box solution.
  • Page 29 SR supports stateful firewalling and DoS prevention for over 60 well-known attacks. This feature allows a trouble free mechanism for securely sharing a common Internet connection.  Captive Portal The SR redirects incoming subscribers to a defined server for authentication. Authenticated users are then granted access to network resources.

  • Page 30: Wan Aggregation

    4.11 WAN Aggregation What: Aggregation of multiple T1/E1 and sub T1 connections into DS3 or channelized DS3 Who: Customers looking to aggregate multiple remote office connections into a single connection or location for central management or cost reduction Why: Enables customers with multiple remote offices to cost effectively manage network and Internet service provider connections from a single location.
  • Page 31 Model ISDN Serial T1/E1 DS3/ChDS3 Ethernet SR 1001S optional SR 1001 optional SR 1002 SR 1004 SR 3120 * The 3120 provides 2 fixed Ethernet ports and 2 expansion slots. Modules include: 2 or 4 port serial; 4 or 8 port T1/E1; 1 port DS3.

  • Page 32: Appendix A: Application Layer Gateway Support

    5. Appendix A: Application Layer Gateway Support The Avaya Secure Router 1000 and 3000 provide support for the following applications for Firewalling and NAT requiring Application Level Gateways (ALGs). General   ICMP (Echo, Echo response, Destination unreachable, time exceed & source quench) ...

  • Page 33: Appendix B: Denial Of Service Prevention Support

    6. Appendix B: Denial of Service Prevention Support The Avaya Secure Router 1000 and 3000 support DoS prevention for the following attacks: – LAND attack – Smurf attacks – Winnuke attack – Unknown IP protocol, – IP Spoofing across network –...

  • Page 34: Appendix C: Competitive Analysis

    7. Appendix C: Competitive Analysis The Avaya Secure Router portfolio includes products ranging from single T1 up to DS3 and competes against a variety of products. The following highlights several of these. General Feature Comparison Feature Description Secure Router WAN Protocols PPP, MLPPP, FR, MFR (FRF.12,...
  • Page 35 Security IPSec, stateful firewall IOS firewall with license IOS firewall with license Size ½ RU, halfwidth 1 RU, fullwidth 1 RU, fullwidth Misc No voice support 2 PVDM slots for 2 x 8- 64 channel fax and voice DSP modules The SR 1002/1004 target application is multilinking of multiple T1/E1 interfaces.
  • Page 36 SR 1004 Feature Comparison Feature SR 3120 ISR2821/2851 ISR3825/3845 MSRP $3895 (single AC $3895 (2821) $9500 (3825) power) $6495 (2851) $13000 (3845) $4395 (dual AC chassis only chassis only power) chassis only Ports 2 FE 2 FE 2 GE...
  • Page 37 Cisco routers have 8 different image licenses:  IP Base Default image includes DSL, Ethernet Switching 802.1Q and trunking  IP Voice Adds support for VoIP, VoFR, H.323, MGCP Signaling, Cisco IOS Telephony Services and Survivable Remote Site Telephony (SRST) to the IP Base ...

  • Page 38: Appendix D: Tolly Results

    8. Appendix D: Tolly Results The following are some general comments from Tolly when testing the Avaya Secure Router family. SR 100X versus ISR 1841, 2811 and 2821: “SR 1004 consistently outperformed the Cisco 2811 for all the packet sizes tested, especially at smaller packet sizes, when tested across four T1s with QoS, IPSec VPN and stateful firewall services, delivering 3X more throughput than its counterpart.”...

  • Page 39: Appendix E: Avaya Secure Router In A Nutshell

    9. Appendix E: Avaya Secure Router in a Nutshell 1001 (1001S) 1002 1004 3120 Hardware Device Appliance Appliance Appliance Appliance 1 RU (half 1 RU (half 1 RU (half Size width) width) width) 1 RU Redundancy Dual power 256 (2 HDLC...
  • Page 40 Latency 64 byte packet (us) > 200 > 200 > 200 > 200 1500 byte packet (us) > 400 > 400 > 400 > 400 VPN and Security IPSec Branch Office Tunnels 1,000 IPSec User Tunnels 1,000 Firewall Max policies per FW instance...

  • Page 41: Appendix F: Faq

    When will SR support a DSL interface? It is unlikely that Avaya Secure Router 1000 or 3000 will support a native DSL interface. Instead future models based on the new modular formats will support DSL. This interface should be introduced late 2007 / early 2008.
  • Page 42 Although there are many overlapping features the VPN Router is still predominantly an IPSec solution. The SR does support IPSec branch-to-branch and end-user tunnels however for greater scalability and flexibility VPN Router should be deployed where high end-user aggregation is required. For predominantly router focused applications SR should be deployed except where interface limitations dictate that VPN Router can be used (i.e.

  • Page 43: Customer Service

    11. Customer service Visit the Avaya Web site to access the complete range of services and support that Avaya provides. Go www.avaya.com or go to one of the pages listed in the following sections. 11.1 Getting technical documentation To download and print selected technical publications and release notes directly from the Internet go to www.avaya.com/support.

This manual is also suitable for:

10023120 series100432101001s1001

Table of Contents