Advertisement
QuickSpecs
Overview
is an important element for the transition from IPv4 to IPv6; allows IPv6 packets to traverse IPv4-only networks by
encapsulating the IPv6 packet into a standard IPv4 packet; supports manually configured, 6to4, and Intra-Site Automatic Tunnel
Addressing Protocol (ISATAP) tunnels
Multiprotocol Label Switching (MPLS)
uses BGP to advertise routes across Label Switched Paths (LSPs), but uses simple labels to forward packets from any Layer 2 or
Layer 3 protocol, thus reducing complexity and increasing performance; supports graceful restart for reduced failure impact;
supports LSP tunneling and multilevel stacks
Multiprotocol Label Switching (MPLS) Layer 3 VPN
allows Layer 3 VPNs across a provider network; uses Multiprotocol BGP (MP-BGP) to establish private routes for increased
security; supports RFC 2547bis multiple autonomous system VPNs for added flexibility; supports IPv6 MPLS VPN
Multiprotocol Label Switching (MPLS) Layer 2 VPN
establishes simple Layer 2 point-to-point VPNs across a provider network using only MPLS Label Distribution Protocol (LDP);
requires no routing and therefore decreases complexity, increases performance, and allows VPNs of non-routable protocols;
uses no routing information for increased security; supports Circuit Cross Connect (CCC), Static Virtual Circuits (SVCs), Martini
draft, and Kompella-draft technologies
Policy routing
allows custom filters for increased performance and security; supports ACLs, IP prefix, AS paths, community lists, and aggregate
policies
Security
Access control list (ACL): supports powerful ACLs for both IPv4 and IPv6; ACLs are used for filtering traffic to prevent
unauthorized users from accessing the network, or for controlling network traffic to save resources; rules can either deny or
permit traffic to be forwarded; rules can be based on a Layer 2 header or a Layer 3 protocol header; rules can be set to operate
on specific dates or times
TACACS+: is an authentication tool using TCP with encryption of the full authentication request that provides additional security
Network login: standard IEEE 802.1x allows authentication of multiple users per port
RADIUS: eases security access administration by using a password authentication server
Network address translation (NAT): supports one-to-one NAT, many-to-many NAT, and NAT control, enabling NAT-PT to
support multiple connections; supports blacklist in NAT/NAT-PT, a limit on the number of connections, session logs, and multi-
instances
Secure Shell (SSHv2): uses external servers to securely login into a remote device or securely login into MSR from a remote
location; with authentication and encryption, it protects against IP spoofing and plain text password interception; increases the
security of SFTP transfers
Unicast Reverse Path Forwarding (URPF): allows normal packets to be forwarded correctly, but discards the attaching packet
due to lack of reverse path route or incorrect inbound interface; prevents source spoofing and distributed attacks
IPSec VPN: supports DES, 3DES, and AES 128/192/256 encryption, and MD5 and SHA-1 authentication
DVPN (Dynamic Virtual Private Network): collects, maintains, and distributes dynamic public addresses through the VPN Address
Management (VAM) protocol, making VPN establishment available between enterprise branches that use dynamic addresses to
access the public network; compared to traditional VPN technologies, DVPN technology is more flexible and has richer features,
such as NAT traversal of DVPN packets, AAA identity authentication, IPSec protection of data packets, and multiple VPN domains
Convergence
Internet Group Management Protocol (IGMP): is used by IP hosts to establish and maintain multicast groups; supports IGMPv1,
v2, and v3; utilizes Any-Source Multicast (ASM) or Source-Specific Multicast (SSM) to manage IPv4 multicast networks
Protocol Independent Multicast (PIM): is used for IPv4 and IPv6 multicast applications; supports PIM Dense Mode (PIM-DM),
Sparse Mode (PIM-SM), and Source-Specific Mode (PIM-SSM)
Multicast Source Discovery Protocol (MSDP): is used for inter-domain multicast applications, allowing multiple PIM-SM
domains to interoperate
DA - 13777 Worldwide — Version 12 — January 31, 2014
HP MSR20-1x Series
Page 4
Advertisement
