Vigor 3300 VigorAccess Product Introduction
description
Transcript of Vigor 3300 VigorAccess Product Introduction
Vigor 3300VigorAccess
Product Introduction
August, 2005August, 2005
Outline
• SME Solution-Vigor 3300V SeriesSME Solution-Vigor 3300V Series
• Broadband Access Solution-Vigor Access
3
SME Solution SME Solution 3300V Series3300V Series
Product Feature Product Feature • Load Balance• QoS• High Availability• Firewall / URL Filtering• Physical DMZ/VLAN• VPN• VoIP
4
• Reduce Enterprise High Speed Trunk Fee.• Redundancy.• Intelligently Distribute Network Traffic to the Internet.
Load Balancing
5
– Allows the Network Administrator to Monitor, Analyze, and Allocate Bandwidth for Various Types of Network Traffic in Real Time and/or for Business-Critical Traffic.
– 8 Priority Queue.– Low Latency Queuing (LLQ).– 802.1p, DiffServ-Codepoint Marking.– Management by IP Address, Application, Service-
Oriented.
Quality of Service
6
High Availability
7
• 7x24x365 Service.
• Uninterrupted Network Access in the Event of Hardware Failure.
• Apply on Master Maintenance.
• Allows Users to Access Multiple Public Servers (e.g. Web, FTP, Mail servers) via Internet while Maintaining Security of Private LAN
De-Militarized Zone
8
• Protect the Trusted Network from Various Types Attacks that Explore Protocol Security Holes.
• Benefit of Vigor Firewall– IP-based Packet Filtering.– URL Filtering.– Denial of Service (Dos) Prevention.
– NAT : Port Redirection, Open port, DMZ.
Firewall
9
• Inappropriate content blocking.– Improve Staff Working Efficiency.
• Benefit of Vigor Content Filtering– Malicious Code Prevention.
(Java,ActiveX,Cookie,exe,zip, ...etc.)– Filtering based on Access List, Keywords, or Time
of Day.
• Bundle with Surf Control Scan Mechanism
URL Filtering
10
URL Filtering
11
• Router-based Port Security can be used to Restrict Access to each VLAN as Required.
• Benefit of Vigor VLAN– Isolate Users into the Different VLANs.
Virtual LAN Security
12
VLAN Architecture
13
– ICSA IPSec Certification (Vigor3300 series).– Supports 200 IPSec Tunnels.– Hardware-based accelerator of DES/3DES,
AES/HMAC-SHA-1/HMAC-MD5 Encryption.– IPSec, PPTP, L2TP, L2TP over IPSec.– 30Mbps throughput in AES/3DES.– Preshared key and Certificate Authority (X.509 v3)
Authentication.– DHCP over IPsec
– RADIUS client support.
DrayTek VPN Solution
14
• LAN-to-LAN VPN connection (Gateway-to-Gateway) Made by two Routers to Connect two Portions of Private Networks. The Vigor router support IPSec tunnel protocols.
• Remote Dial-in VPN connection (Host-to-Gateway) Made by a remote access client, or a single user computer, that connects to a private network. In this type of connection, the Vigor router support IPSec tunnel for DHCP over IPsec protocols.
DrayTek VPN Solution
15
To Optical Connection
• For Windows2000/XP.• Simplifies the Procedures to Create IPSec Tunnel with
the Vigor Router by Easy-to-Use GUI.
Smart VPN Client
16
VPN Scenario
17
• VoIP -VoIP - FXO on-net/off-net calling
VoIP ApplicationVoIP Application
18
• VoIP -VoIP - Integrate FXO to PBX
Case1. From VoIP to Extension
1) David dials the VoIP number of Vigor3300V.2) After connection success, presses Linda’s extension 611.
VoIP ApplicationVoIP Application
19
DavidDavid
LindaLinda
• VoIP -VoIP - Integrate FXO to PBX
Case2. From VoIP to PSTN (Off-Net Calling)
1) David dials the VoIP number of Vigor3300V.2) After connection success, presses prefix number (e.g. “0”) to
choose exterior line – PSTN.3) Then dials Linda’s PSTN number.
VoIP ApplicationVoIP Application
20
DavidDavid
LindaLinda
• VoIP -VoIP - Integrate FXO to PBX
Case3. From Extension to VoIP
1) Linda presses extension 610 to connect to Vigor3300V.2) After connection success, dials David’s VoIP number.
VoIP ApplicationVoIP Application
21
DavidDavid
LindaLinda
• VoIP -VoIP - Integrate FXO to PBX
Case4. From PSTN to VoIP (On-Net Calling)
1) Linda dials to PBX.2) After connection success, presses extension 610 to connect
to Vigor3300V.3) Then dials David’s VoIP number.
VoIP ApplicationVoIP Application
22
DavidDavid
LindaLinda
• VoIP - VoIP - Integrate FXS to PBX
Case1. From VoIP to Extension
1) David dials the VoIP number of Vigor3300V.2) After connection success, presses Linda’s extension 610.
VoIP ApplicationVoIP Application
23
DavidDavid
LindaLinda
• VoIP VoIP - - Integrate FXS to PBX
Case1. From VoIP to Extension
VoIP ApplicationVoIP Application
24
DavidDavid
LindaLinda
• VoIP -VoIP - Integrate FXS to PBX
Case2. From Extension to VoIP
1) Linda presses prefix number (e.g. “7”) to choose exterior line – FXS of Vigor3300V.
2) Then dials David’s VoIP number.
VoIP ApplicationVoIP Application
25
DavidDavid
LindaLinda
• VoIPVoIP - - Integrate FXS to PBX
Case2. From Extension to VoIP
VoIP ApplicationVoIP Application
26
DavidDavid
LindaLinda
Note: The FXS model can’t provide on-net/off-net calling applications.
VoIP ApplicationVoIP Application
Secure VoIP– VoIP over VPN– sRTP (Secure Real-Time Transport Protocol)
• Encrypts the Payload of VoIP Packets• Compatible with RTP
VoIP -VoIP - Integrated Scenario
VoIP ApplicationVoIP Application
28
Broadband Access Broadband Access Solution Solution
VigorAccessVigorAccess
• System Benefit
• Product Architecture
• Broadband Application Scenario
• IPDLSAM Advance Feature
• Vigor CMS Feature Description
System Benefit
New Technology DSL -ADSL2/+
ScalableInventory Saving
Friendly EMS
Reliability Multimedia
QoS
Product Architecture• Target on Medium-Size CO • up to 168 ADSL2/+• Service and Signaling
– Supports Voice & Data • Modular Flexibility
– 24/48 Ports DSL/Splitter– WAN for FE or GE Interface
• Network Resource Saving• EMS Management and Email Altering • Inventory Savings – Common Equipment on CO & Outside Plant Deployments• Firewall/Security/QoS Optional Support• Ready on April
To MDF
To Optical Fiber
Features
• Target on Outdoor and Small-Size CO• 19” Rack Mountable Chassis, 1U Height • 24 G.dmt/G.lite/ ADSL/ADSL2/+, and
Splitter build in• WAN Ethernet 10/100 Base-T Interface• MPoA, IPoA• IP ToS• Remote TFTP/FTP
Firmware/Configuration • RS-232 & Telnet Command Line Interface • SNMP In-Band Management Support• Web-based GUI • EMS
– IP Multicast: IGMP Snooping
• Security/Firewall
– Access Control List, Packet Filtering
– Password Protected System
– 512 VLAN (802.1Q)
Master Feature 2 Selectable WAN Interface - 802.3, 802.3ab Ethernet Standard - 1000 Base-SX Module (SC connector) - 1000 Base-FX Module(SC connector) - 1000 Base-T Module(RJ45 connector) - 100 Base-T RJ45 Connector MGN Interface - 1 port RJ45 10/100 Base-T L2 Switch Function - IEEE 802.1d Spanning-Tree Protocol - IEEE 802.3x Flow Control - IEEE 802.1q VLAN - IEEE 802.1p Class of Service (CoS) Prioritization - 4-level Prioritization- 802.1ad Port Trucking/Link Aggregation
Network Operation and Management - User Friendly Web-Based Interface - Telnet Server for Remote Management - TFTP Software Upgrade Utility - Console CLI for Local Management - SNMPv1,v2 - MIBII, Bridge MIB, Ethernet Like MIB, Private MIB, RMON 1,2,3,9 Groups Q.o.S
- Packet filter and Classification.
Slave FeatureNetwork Interface - Two 10/100M Fast Ethernet Interfaces or one Cascade Link is Gigabit Copper Interface Capacity– It Supports 24 ADSL 2/+ Ports.Security – It Supports Packet Filter, and Password Protection.Splitter Build in – It Supports 24 port xDSL/Splitter.Inventory Savings - Common Equipment across Central Office and Outside Plant DeploymentsManagement – It is managed by IP-DSLAM Master Unit.Q.o.S - Packet Filter and Classification.
• System Benefit
• Product Architecture
• Broadband Application Scenario
• IPDLSAM Advance Feature
• Vigor CMS Feature Description
Broadband FTTB Application Scenario
Broadband Enterprise Application
Broadband Application Scenario-DSL Extension
Campus Application
Hotel Application
IPDSLAM PPPoE
PPPoE
MAC
PHY
MAC
PHY
ATM
ADSL2/+
1483B MAC
PHY
ATM
ADSL2/+
MAC
PHY
1483B
PPPoE
PPPoA to PPPoE
IP
MAC
PHY
MAC
PHY
ATM
ADSL2/+
PPPPPP
PHY
ATM
ADSL2/+
IP
MAC
PHY
IP IP
MAC
PPPoE PPPoE
Static IP Application
Intranet
IP
MAC
PHY
MAC
PHY
ATM
ADSL2/+
1483BMAC
(VLAN)
PHY
ATM
ADSL2/+
1483B
IP
MAC(VLAN)
PHY
• System Benefit
• Product Architecture
• Broadband Application Scenario
• IPDLSAM Advance Feature
• Vigor CMS Feature Description
<= 16 MAC Address
16 MAC Address
Limited on One Port
>16 MAC Address
MAC limit -Port Security
‧ Ethernet
‧ TCP
‧ UDP
‧ ICMP
‧ IGMP
‧ PPP or
‧ Packet Offset
Generic Filter Mechanism
o Source MAC address
o Destination MAC addresses
o EtherType
o VLAN ID
o Priority Tag
o Destination Service Access Point (DSAP) of 802.2 LLC frame
o Source Service Access Point (SSAP) of 802.2 LLC frame.
Ethernet Type Filter
‧ IP Layer
o Destination IP Address
o Source IP Address
o IP Protocol type.
‧ TCP Layer
o Destination Port
o Source Port.
‧ UDP Layer
o Destination Port
o Source Port.
‧ ICMP Layer
o ICMP type
o ICMP code.
‧ IGMP Layer
o IGMP Type
o IGMP Code
o Group Address.
‧ PPP Layer
o PPP Protocol type
‧ Packet Offset.
IP/TCP/UDP/ICMP/ PPP/Packet Offset Filter
‧ Downstream Bandwidth Limit per PVC
‧ Upstream Bandwidth Limit per PVC
‧ 802.1p mapping to Class to Service
‧ Scheduling , Shaper and policing
IP QoS Mechanism
TR-069 WAN CPE Management
• Can Limit Incoming Broadcast Packet Rate to Avoid Broadcast Storm
Avoiding Broadcast Storm
• General class is prohibited to access Luxurious class content
InternetGeneral class
Luxurious Class
General Channel Extra Channel
Triple Play –Channel Classification IPTV
Agenda
• System Benefit
• Product Architecture
• Broadband Application Scenario
• IPDLSAM Advance Feature
• Vigor CMS Feature Description
Vigor CMS Scenario Manage SME, Mini DSLAM and Large Scale DSManage SME, Mini DSLAM and Large Scale DSLAMLAM。。 Efficiency Security Management from 1,000 to Efficiency Security Management from 1,000 to 10,000 NEs10,000 NEs
Vigor CMS Capability
• SNMP In-band through the IP network
• Authentication and Security Management
• Software Download
• Configuration Backup/Restore
• Alarm, Diagnostics, Status Update
• Fault and Performance Management
– Configuration Management• Auto Provisioning, Firmware Upgrade
– Deployment Management• Configuration Backup/Restore.
– Topology Management• Auto Discovery for Managing Devices. (eg. Add
or Delete from Layer Structure Subnets) – Security Management
• Authentication, Resource Control– Monitor management
• Fault Management, Device Polling
Vigor CMS Vigor CMS Benefit
57
– Backend Storage Management• Store Alarms, Events and User Activities.
– Interoperability• User Authentication Message that Forwarded to
RADIUS Server could be integrated with Enterprise Security Management.
– Northbound Interface to Bundle with Billing System
• All SNMP Compliant NMS can Receive and Collect Devices Status Information from Vigor CMS through Northbound Interface.
Vigor CMS BenefitVigor CMS Benefit
58
Status Report
Alarm Management
Configuration Management
Performance Management
Monitor Management