Vigor 3300 VigorAccess Product Introduction August, 2005

Vigor 3300VigorAccess

Product Introduction

August, 2005August, 2005

Outline

• SME Solution-Vigor 3300V SeriesSME Solution-Vigor 3300V Series

• Broadband Access Solution-Vigor Access

3

SME Solution SME Solution 3300V Series3300V Series

Product Feature Product Feature • Load Balance• QoS• High Availability• Firewall / URL Filtering• Physical DMZ/VLAN• VPN• VoIP

4

• Reduce Enterprise High Speed Trunk Fee.• Redundancy.• Intelligently Distribute Network Traffic to the Internet.

Load Balancing

5

– Allows the Network Administrator to Monitor, Analyze, and Allocate Bandwidth for Various Types of Network Traffic in Real Time and/or for Business-Critical Traffic.

– 8 Priority Queue.– Low Latency Queuing (LLQ).– 802.1p, DiffServ-Codepoint Marking.– Management by IP Address, Application, Service-

Oriented.

Quality of Service

6

High Availability

7

• 7x24x365 Service.

• Uninterrupted Network Access in the Event of Hardware Failure.

• Apply on Master Maintenance.

• Allows Users to Access Multiple Public Servers (e.g. Web, FTP, Mail servers) via Internet while Maintaining Security of Private LAN

De-Militarized Zone

8

• Protect the Trusted Network from Various Types Attacks that Explore Protocol Security Holes.

• Benefit of Vigor Firewall– IP-based Packet Filtering.– URL Filtering.– Denial of Service (Dos) Prevention.

– NAT : Port Redirection, Open port, DMZ.

Firewall

9

• Inappropriate content blocking.– Improve Staff Working Efficiency.

• Benefit of Vigor Content Filtering– Malicious Code Prevention.

(Java,ActiveX,Cookie,exe,zip, ...etc.)– Filtering based on Access List, Keywords, or Time

of Day.

• Bundle with Surf Control Scan Mechanism

URL Filtering

10

URL Filtering

11

• Router-based Port Security can be used to Restrict Access to each VLAN as Required.

• Benefit of Vigor VLAN– Isolate Users into the Different VLANs.

Virtual LAN Security

12

VLAN Architecture

13

– ICSA IPSec Certification (Vigor3300 series).– Supports 200 IPSec Tunnels.– Hardware-based accelerator of DES/3DES,

AES/HMAC-SHA-1/HMAC-MD5 Encryption.– IPSec, PPTP, L2TP, L2TP over IPSec.– 30Mbps throughput in AES/3DES.– Preshared key and Certificate Authority (X.509 v3)

Authentication.– DHCP over IPsec

– RADIUS client support.

DrayTek VPN Solution

14

• LAN-to-LAN VPN connection (Gateway-to-Gateway) Made by two Routers to Connect two Portions of Private Networks. The Vigor router support IPSec tunnel protocols.

• Remote Dial-in VPN connection (Host-to-Gateway) Made by a remote access client, or a single user computer, that connects to a private network. In this type of connection, the Vigor router support IPSec tunnel for DHCP over IPsec protocols.

DrayTek VPN Solution

15

To Optical Connection

• For Windows2000/XP.• Simplifies the Procedures to Create IPSec Tunnel with

the Vigor Router by Easy-to-Use GUI.

Smart VPN Client

16

VPN Scenario

17

• VoIP -VoIP - FXO on-net/off-net calling

VoIP ApplicationVoIP Application

18

• VoIP -VoIP - Integrate FXO to PBX

Case1. From VoIP to Extension

1) David dials the VoIP number of Vigor3300V.2) After connection success, presses Linda’s extension 611.


19

DavidDavid

LindaLinda


Case2. From VoIP to PSTN (Off-Net Calling)

1) David dials the VoIP number of Vigor3300V.2) After connection success, presses prefix number (e.g. “0”) to

choose exterior line – PSTN.3) Then dials Linda’s PSTN number.


20

DavidDavid

LindaLinda


Case3. From Extension to VoIP

1) Linda presses extension 610 to connect to Vigor3300V.2) After connection success, dials David’s VoIP number.


21

DavidDavid

LindaLinda


Case4. From PSTN to VoIP (On-Net Calling)

1) Linda dials to PBX.2) After connection success, presses extension 610 to connect

to Vigor3300V.3) Then dials David’s VoIP number.


22

DavidDavid

LindaLinda

• VoIP - VoIP - Integrate FXS to PBX


1) David dials the VoIP number of Vigor3300V.2) After connection success, presses Linda’s extension 610.


23

DavidDavid

LindaLinda

• VoIP VoIP - - Integrate FXS to PBX



24

DavidDavid

LindaLinda

• VoIP -VoIP - Integrate FXS to PBX


1) Linda presses prefix number (e.g. “7”) to choose exterior line – FXS of Vigor3300V.

2) Then dials David’s VoIP number.


25

DavidDavid

LindaLinda

• VoIPVoIP - - Integrate FXS to PBX



26

DavidDavid

LindaLinda

Note: The FXS model can’t provide on-net/off-net calling applications.


Secure VoIP– VoIP over VPN– sRTP (Secure Real-Time Transport Protocol)

• Encrypts the Payload of VoIP Packets• Compatible with RTP

VoIP -VoIP - Integrated Scenario


28

Broadband Access Broadband Access Solution Solution

VigorAccessVigorAccess

• System Benefit

• Product Architecture

• Broadband Application Scenario

• IPDLSAM Advance Feature

• Vigor CMS Feature Description

System Benefit

New Technology DSL -ADSL2/+

ScalableInventory Saving

Friendly EMS

Reliability Multimedia

QoS

Product Architecture• Target on Medium-Size CO • up to 168 ADSL2/+• Service and Signaling

– Supports Voice & Data • Modular Flexibility

– 24/48 Ports DSL/Splitter– WAN for FE or GE Interface

• Network Resource Saving• EMS Management and Email Altering • Inventory Savings – Common Equipment on CO & Outside Plant Deployments• Firewall/Security/QoS Optional Support• Ready on April

To MDF

To Optical Fiber

Features

• Target on Outdoor and Small-Size CO• 19” Rack Mountable Chassis, 1U Height • 24 G.dmt/G.lite/ ADSL/ADSL2/+, and

Splitter build in• WAN Ethernet 10/100 Base-T Interface• MPoA, IPoA• IP ToS• Remote TFTP/FTP

Firmware/Configuration • RS-232 & Telnet Command Line Interface • SNMP In-Band Management Support• Web-based GUI • EMS

– IP Multicast: IGMP Snooping

• Security/Firewall

– Access Control List, Packet Filtering

– Password Protected System

– 512 VLAN (802.1Q)

Master Feature 2 Selectable WAN Interface - 802.3, 802.3ab Ethernet Standard - 1000 Base-SX Module (SC connector) - 1000 Base-FX Module(SC connector) - 1000 Base-T Module(RJ45 connector) - 100 Base-T RJ45 Connector MGN Interface - 1 port RJ45 10/100 Base-T L2 Switch Function - IEEE 802.1d Spanning-Tree Protocol - IEEE 802.3x Flow Control - IEEE 802.1q VLAN - IEEE 802.1p Class of Service (CoS) Prioritization - 4-level Prioritization- 802.1ad Port Trucking/Link Aggregation

Network Operation and Management - User Friendly Web-Based Interface - Telnet Server for Remote Management - TFTP Software Upgrade Utility - Console CLI for Local Management - SNMPv1,v2 - MIBII, Bridge MIB, Ethernet Like MIB, Private MIB, RMON 1,2,3,9 Groups Q.o.S

- Packet filter and Classification.

Slave FeatureNetwork Interface - Two 10/100M Fast Ethernet Interfaces or one Cascade Link is Gigabit Copper Interface Capacity– It Supports 24 ADSL 2/+ Ports.Security – It Supports Packet Filter, and Password Protection.Splitter Build in – It Supports 24 port xDSL/Splitter.Inventory Savings - Common Equipment across Central Office and Outside Plant DeploymentsManagement – It is managed by IP-DSLAM Master Unit.Q.o.S - Packet Filter and Classification.

• System Benefit





Broadband FTTB Application Scenario

Broadband Enterprise Application

Broadband Application Scenario-DSL Extension

Campus Application

Hotel Application

IPDSLAM PPPoE

PPPoE

MAC

PHY

MAC

PHY

ATM

ADSL2/+

1483B MAC

PHY

ATM

ADSL2/+

MAC

PHY

1483B

PPPoE

PPPoA to PPPoE

IP

MAC

PHY

MAC

PHY

ATM

ADSL2/+

PPPPPP

PHY

ATM

ADSL2/+

IP

MAC

PHY

IP IP

MAC

PPPoE PPPoE

Static IP Application

Intranet

IP

MAC

PHY

MAC

PHY

ATM

ADSL2/+

1483BMAC

(VLAN)

PHY

ATM

ADSL2/+

1483B

IP

MAC(VLAN)

PHY

• System Benefit





<= 16 MAC Address

16 MAC Address

Limited on One Port

>16 MAC Address

MAC limit -Port Security

‧ Ethernet

‧ TCP

‧ UDP

‧ ICMP

‧ IGMP

‧ PPP or

‧ Packet Offset

Generic Filter Mechanism

o Source MAC address

o Destination MAC addresses

o EtherType

o VLAN ID

o Priority Tag

o Destination Service Access Point (DSAP) of 802.2 LLC frame

o Source Service Access Point (SSAP) of 802.2 LLC frame.

Ethernet Type Filter

‧ IP Layer

o Destination IP Address

o Source IP Address

o IP Protocol type.

‧ TCP Layer

o Destination Port

o Source Port.

‧ UDP Layer

o Destination Port

o Source Port.

‧ ICMP Layer

o ICMP type

o ICMP code.

‧ IGMP Layer

o IGMP Type

o IGMP Code

o Group Address.

‧ PPP Layer

o PPP Protocol type

‧ Packet Offset.

IP/TCP/UDP/ICMP/ PPP/Packet Offset Filter

‧ Downstream Bandwidth Limit per PVC

‧ Upstream Bandwidth Limit per PVC

‧ 802.1p mapping to Class to Service

‧ Scheduling , Shaper and policing

IP QoS Mechanism

TR-069 WAN CPE Management

• Can Limit Incoming Broadcast Packet Rate to Avoid Broadcast Storm

Avoiding Broadcast Storm

• General class is prohibited to access Luxurious class content

InternetGeneral class

Luxurious Class

General Channel Extra Channel

Triple Play –Channel Classification IPTV

Agenda

• System Benefit





Vigor CMS Scenario Manage SME, Mini DSLAM and Large Scale DSManage SME, Mini DSLAM and Large Scale DSLAMLAM。。 Efficiency Security Management from 1,000 to Efficiency Security Management from 1,000 to 10,000 NEs10,000 NEs

Vigor CMS Capability

• SNMP In-band through the IP network

• Authentication and Security Management

• Software Download

• Configuration Backup/Restore

• Alarm, Diagnostics, Status Update

• Fault and Performance Management

– Configuration Management• Auto Provisioning, Firmware Upgrade

– Deployment Management• Configuration Backup/Restore.

– Topology Management• Auto Discovery for Managing Devices. (eg. Add

or Delete from Layer Structure Subnets) – Security Management

• Authentication, Resource Control– Monitor management

• Fault Management, Device Polling

Vigor CMS Vigor CMS Benefit

57

– Backend Storage Management• Store Alarms, Events and User Activities.

– Interoperability• User Authentication Message that Forwarded to

RADIUS Server could be integrated with Enterprise Security Management.

– Northbound Interface to Bundle with Billing System

• All SNMP Compliant NMS can Receive and Collect Devices Status Information from Vigor CMS through Northbound Interface.

Vigor CMS BenefitVigor CMS Benefit

58

Status Report

Alarm Management

Configuration Management

Performance Management

Monitor Management

Documents

Vigor 3300 VigorAccess Product Introduction August, 2005