Dray Tek Corp Broadband Access Solution Vigor Access
Dray. Tek Corp. Broadband Access Solution Vigor. Access ADSL 2/2+ IP DSLAM Confidential
Content n n n System Benefit and Introduction Application ADSL 2/2+ Bridging Functions Advanced Features Management Confidential
System Benefit n n n n New DSL Technology - ADSL 2/2+ Inventory Saving Scalable Reliability Multimedia Qo. S Friendly EMS Confidential
Introduction n n ADSL 2/2+ IP DSLAM Target on outdoor and/or small-size CO side – 24 DSL Ports per Unit – Maximum 168 Ports for Master-Slave Architecture n n Splitter Built-in Data Flow – ATM/AAL 5/SAR on CPE side – IP/Ethernet Packet on Network side n n n Bridging Functions: 802. 1 d, 802. 1 p, 802. 1 q Multicasting Support - IGMP Snooping Packet Filtering, Scheduling, Qo. S Confidential
Topology n n Cascade Master/Slave Standalone Confidential
Specification n n n Max 168 (7*24) ADSL 2/2+ Ports 1 or 2 Giga Fiber Uplink Max 8 VCCs per DSL Port 4000 MAC Addresses 256 Multicast Groups per unit 4094 VLAN ID, Concurrent 512 VLANs Confidential
Ethernet Interfaces n Master Box – 1 or 2 x Fiber WAN(s) • 1000 Base-LX (SC connector) - Long Haul, Single Mode • 1000 Base-SX (SC connector) - Short Haul, Multi Mode – 6 x GE (1000) Subtends to Slaves – 1 x FE (10/100) MGM for outband management n Slave Box – 2 x FE (10/100) WANs or – 1 x GE (1000) WAN Confidential
Content n n n System Benefit and Introduction Application ADSL 2/2+ Bridging Functions Advanced Features Management Confidential
Application n n Broadband FTTB Application Broadband Enterprise Application DSL Extension Application Campus/Hospital Application Hotel Application Confidential
Broadband FTTB Application Confidential
Broadband Enterprise App. Confidential
Broadband DSL-Extension Confidential
Campus/Hospital Application Confidential
Hotel Application Confidential
Content n n n System Benefit and Introduction Application ADSL 2/2+ Bridging Functions Advanced Features Management Confidential
ADSL 2/2+ n n n Higher Data Rate Longer Reach – READSL 2 Seamless Rate Adaptation Power Management Loop Diagnostics – DELT: Double Ended Line Testing – SELT: Single Ended Line Testing Confidential
ADSL/ADSL 2+ Confidential
Bin Map ADSL 2+ ADSL 2/ADSL Confidential
EC/FDM Mode EC Mode FDM Mode Confidential
Seamless Rate Adaptation (SRA) Confidential
Power Management (PM) Confidential
Content n n n System Benefit and Introduction Application ADSL 2/2+ Bridging Functions Advanced Features Management Confidential
Bridging Functions n n 802. 1 d Address Learning and Aging Broadcast Flooding Prevention 802. 1 q VLAN Bridging Multicasting - IGMP Snooping Confidential
VLAN Bridging n n n Ingress Rules Forwarding Process Egress Rules Learning Process Filtering Database Confidential
IGMP Snooping n n A layer-2 switch supported IGMP snooping can passively snoop on IGMP Query, Report and Leave packets to learn the IP Multicast group membership. Multicast traffic of a group is only forwarded to ports that have members of that group. Confidential
Content n n n System Benefit and Introduction Application ADSL 2/2+ Bridging Functions Advanced Features Management Confidential
Advanced Features n n n Security Packet Filtering Qo. S Confidential
Security n n MAC Address Tracking MAC Address Access Control List – Global Deny – Per Port Accept n IP Address Access Control List Confidential
Packet Filtering Confidential
Qo. S n n Prioritized Bridging Input Rate Limiting (IRL) – AAL 5 based n Output Rate Limiting (IRL) – Ethernet/ATM port based n n Packet Priority to Traffic Class Mapping 802. 1 p Re-Tagging Confidential
Priority Operation Priority Determination Priority Regeneration Traffic Classification and Priority to Traffic Class Mapping Priority. Retagging INGRESS EGRESS Confidential Queue Scheduling
Content n n n System Benefit and Introduction Application ADSL 2/2+ Bridging Functions Advanced Features Management Confidential
Management n n n n n Serial CLI Telnet CLI SNMP v 1/v 2 TFTP Firmware Upgrade Configuration Backup/Restore Inband/Outband Management VLAN Single IP Management Access Control Confidential
TMN Telecommunications Management Network Confidential
Logical Layered Architecture Business Management Layer Service Management Layer Network Management Layer TL 1, SNMP … Element Management Layer EMS SNMP, Proprietary… NE 1 NE 2 NEn Network Element . . . NE 1 NE 2 Confidential NEm
Management Functions n FCAPS – – – Configuration Management (CM) Fault Management (FM) Security Management (SM) Performance Management (PM) Accounting Management (AM) Confidential
Vigor CMS n n n n Centralized Management System Client/Server Multi-Tier Architecture Easy to Use GUI Pure Java Implementation Support Commercial Databases Customized Northbound Interface Scalability - 1000 to 10000 NEs Confidential
CMS Architecture Confidential
Device Management Confidential
DSL Status Report Confidential
DSL Line Profile Confidential
DSL Alarm Profile Confidential
Connection (VCCs) Management Confidential
Performance Management Confidential
Traffic Statistics Confidential
Fault Management Confidential
Bridging Management Confidential
Security Management Confidential
Diagnostics n n F 5 OAM Loopback Ping Trace. Route Telnet Confidential
Firmware Upgrade Confidential
Configuration Backup/Restore Confidential
Thank you Confidential
Vigor 3300 series Confidential
Topic n n n n Load Balance Qo. S High Availability Firewall / URL Filtering DMZ VPN Vo. IP 54 Confidential
Advanced Features Load Balancing n n n Reduces enterprise high-speed trunk fees. Redundancy. Intelligently distribute network traffic to the Internet. 55 Confidential
Advanced Features Qo. S (Quality of Service) n n Allows network administrators to monitor, analyze, and allocate bandwidth to various types of network traffic in real time and/or to business-critical traffic. Benefits of Vigor Qo. S – 8 Priority Queues. – Bandwidth reservation. – Management by IP address, application, serviceoriented and diff. Serv-codepoint. 56 Confidential
Advanced Features n n Non-stop Network access in the event of hardware failure. Applied when Master’s under maintenance. 57 Confidential
Information Security DMZ (De-Militarized Zone) n Allows users to access multiple public servers (e. g. Web, FTP, Mail servers) via the Internet while maintaining security of LAN Confidential 58
Information Security Firewall n n Protects the trusted network from various types of attacks that are aimed at protocol security loopholes. Benefits of Vigor Firewall – IP-based packet filtering. – URL filtering. – Denial of Service (Dos) prevention. Confidential 59
Information Security URL Filtering n n Inappropriate content blocking. – Improves staff working efficiency. – Protects children from unhealthy information. Benefits of Vigor content filtering – Malicious code prevention. (Java, Active. X, Cookie, exe, zip, . . . etc. ) – Filtering based on access List, keywords, or time of day. Confidential 60
Information Security URL Filtering Confidential 61
Information Security n Benefits of Vigor VPN applications – Supports 200 IPSec Tunnels. – Hardware-based accelerator of DES/3 DES, AES/HMAC-SHA-1/HMAC-MD 5 Encryption. – IPSec, PPTP, L 2 TP over IPSec. – 30 Mbps throughput in AES/3 DES. – Preshared key and Certificate Authority (X. 509 v 3) authentication. – DHCP over IPsec – RADIUS client support. 62 Confidential
Information Security VPN - Dray. Tek VPN Solutions n n LAN-to-LAN VPN connection (Gateway-to-Gateway) made by two Routers to connect two private networks. In this scenario, the Vigor routers supports IPSec tunnel protocol. Remote Dial-in VPN connection (Host-to-Gateway) made by a remote access client, or a single user computer, that connects to a private network. In this type of connection, the Vigor router supports IPSec tunnel for DHCP over IPsec protocol. Confidential 63
Information Security VPN Confidential 64
Information Security VPN - Smart VPN Client n n For Windows 2000/XP. Simplifies the procedures for establishing IPSec tunnels with Vigor routers with the help of Easy-to. Use GUI. Confidential 65
Vo. IP Application n Vo. IP - FXO on-net/off-net calling Confidential 66
Vo. IP Application • Vo. IP - Integrate FXO to PBX Case 1. From Vo. IP to Extension 1) David dials the Vo. IP number of Vigor 3300 V. 2) After the connection is established, David dials Linda’s extension number 611 to reach her. David Linda Confidential 67
Vo. IP Application • Vo. IP - Integrate FXO to PBX Case 2. From Vo. IP to PSTN (Off-Net Calling) 1) David dials the Vo. IP number of Vigor 3300 V. 2) After the connection is established, David dials prefix number (e. g. “ 0”) to choose the exterior line – PSTN. 3) Afterwards David dials Linda’s PSTN number. David Linda 68 Confidential
Vo. IP Application • Vo. IP - Integrate FXO to PBX Case 3. From Extension to Vo. IP 1) Linda dials the extension number 610 to connect to Vigor 3300 V. 2) After the connection is established, Linda dials David’s Vo. IP number to reach him. David Linda Confidential 69
Vo. IP Application • Vo. IP - Integrate FXO to PBX Case 4. From PSTN to Vo. IP (On-Net Calling) 1) Linda dials to the PBX. 2) After the connection is established, Linda dials the extension number 610 to connect to Vigor 3300 V. 3) Afterwards Linda dials David’s Vo. IP number to reach him. David Linda 70 Confidential
Vo. IP Application • Vo. IP - Integrate FXS to PBX Case 1. From Vo. IP to Extension 1) David dials the Vo. IP number of Vigor 3300 V. 2) After the connection is established, David dials Linda’s extension number 610 to reach her. David Linda Confidential 71
Vo. IP Application • Vo. IP - Integrate FXS to PBX Case 2. From Extension to Vo. IP 1) Linda dials the prefix number (e. g. “ 7”) to choose the exterior line – FXS of Vigor 3300 V. 2) Afterwards Linda dials David’s Vo. IP number to reach him. David Linda Confidential 72
Vigor 3300 V Series Enterprise Multiservice Security Vo. IP Router Techincal Training
VPN n n n n ICSA IPSec certification 200 IPSec tunnels. Hardware-based accelerator of DES/3 DES, AES/HMAC-SHA-1/HMACMD 5 encryption. Support for IPSec, PPTP, L 2 TP over IPSec. Preshared key and Certificate Authority (X. 509 v 3) Authentication. DHCP over IPsec RADIUS client support. LAN to LAN and Remote Dial-In VPN connection types Confidential
VPN-1 Confidential
VPN Confidential
VPN-Three Parts Communication Confidential
PPTP Confidential
PPTP Confidential
Topic n 4 x WAN n – Load Balance – Redundancy n n – IPSec, PKI(X. 509), CA – PPTP Firewall – IP Filter – Do. S – Content Filtering Qo. S VPN n Vo. IP – FXS/FXO n Advanced – High Availability Confidential
Load Balance Feature – High Speed Trunk – Bandwidth Management – Redundancy Confidential
Load Balance WAN Setting Confidential
Firewall n n n IP Based Packet Filtering Do. S Prevention URL Filter – Various Access Control – Malicious Code Prevention – Filter Schedule Confidential
Firewall – IP Filter
Firewall – Do. S Confidential
Firewall – URL Filter n Access Control by Category
Firewall – URL Filter n n n Access Control by Keyword Block Direct IP Web Access Exception List
Firewall – URL Filter n Web Feature Restriction
Firewall – URL Filter n Filter Schedule
Qo. S n For Both Incoming & Outgoing – 8 Priority (Class). – Bandwidth Reservation. – Managed by IP Address, Application, Service. Oriented and Diff. Serv-codepoint.
Qo. S n Class Setup
Qo. S n Filter Setup
Vo. IP n n n n n FXS/FXO SIP/MGCP Per Port Settings Group Tone Settings Qo. S NAT Traversal Incoming Call Barring Call History Advance Speed Dail
Vo. IP – FXS/FXO n Selectable FXS/FXO modules – – – No Vo. IP Modules 4 FXS 4 FXO 8 FXS 8 FXO 4 FXS + 4 FXO
Vo. IP – SIP/MGCP n n n Supports SIP/MGCP Supports 3 SIP Proxy Servers Supports Vo. IP over VPN
Vo. IP – Per Port Settings
Vo. IP – Group
Vo. IP – Tone Settings
Vo. IP – Qo. S
Vo. IP – NAT Traversal
Vo. IP – Incoming Call Barring
Vo. IP – Call History
Vo. IP –Advanced Speed Dial Telephone Number 5972727 Prefix 597 Strip 0 Append 0028863 Destination SIP URL draytek. co m 0028863597272 7@draytek. com
SIP Call, Proxy, Outbound Proxy and Domain Confidential
SIP Outbound/Domain Setting Proxy/Registrar: 1. 1 Outbound Proxy: yes Domain: domain. net Confidential
SIP Domain Setting Proxy/Registrar: 1. 1 Outbound Proxy: no Domain: domain. net Confidential
SIP Proxy Setting Proxy/Registrar: 1. 1 Outbound Proxy: yes Domain: no Confidential
SIP IP Setting Proxy/Registrar: 1. 1 Outbound Proxy: no Domain: domain. net Confidential
SIP Protocol Configurations Proxy/Registrar: no Outbound Proxy: no Domain: no Confidential
Incoming Call Barring Based on : Name IP/Domain Confidential
FXO Hot Line Confidential
Hot Line-Incoming Preset Number Confidential
FXO Hot Line Confidential
Hot Line-Outgoing Preset Number Confidential
FXO card and PBX Confidential
T. 38 Application Vo. IP Gateway Confidential
Advanced n n High Availablity NAT – Port Redirection – DMZ n n Port Mirror VPN Confidential
Advanced – High Availability Uninterrupted Network Access in the Event of Hardware Failure n Confidential
Advanced – High Availability n n n Master Failure / Shutdown Master Restart Multiple Slaves Confidential
Advanced – Port Mirroring n n Network Debugging Traffic Monitoring Confidential
Advanced – Port Mirroring Confidential
Multi NAT Function Confidential
Multi NAT Setting Confidential
Multi-DMZ Function Confidential
Thank you Confidential
- Slides: 125