Vigor 3300 Vigor Access Product Introduction August 2005

Vigor 3300 Vigor. Access Product Introduction August, 2005

Outline • SME Solution-Vigor 3300 V Series • Broadband Access Solution-Vigor Access

SME Solution 3300 V Series 3

Product Feature • • Load Balance Qo. S High Availability Firewall / URL Filtering Physical DMZ/VLAN VPN Vo. IP 4

Load Balancing • Reduce Enterprise High Speed Trunk Fee. • Redundancy. • Intelligently Distribute Network Traffic to the Internet. 5

Quality of Service – Allows the Network Administrator to Monitor, Analyze, and Allocate Bandwidth for Various Types of Network Traffic in Real Time and/or for Business -Critical Traffic. – 8 Priority Queue. – Low Latency Queuing (LLQ). – 802. 1 p, Diff. Serv-Codepoint Marking. – Management by IP Address, Application, Service. Oriented. 6

High Availability • 7 x 24 x 365 Service. • Uninterrupted Network Access in the Event of Hardware Failure. • Apply on Master Maintenance. 7

De-Militarized Zone • Allows Users to Access Multiple Public Servers (e. g. Web, FTP, Mail servers) via Internet while Maintaining Security of Private LAN 8

Firewall • Protect the Trusted Network from Various Types Attacks that Explore Protocol Security Holes. • Benefit of Vigor Firewall – IP-based Packet Filtering. – URL Filtering. – Denial of Service (Dos) Prevention. – NAT : Port Redirection, Open port, DMZ. 9

URL Filtering • Inappropriate content blocking. – Improve Staff Working Efficiency. • Benefit of Vigor Content Filtering – Malicious Code Prevention. (Java, Active. X, Cookie, exe, zip, . . . etc. ) – Filtering based on Access List, Keywords, or Time of Day. • Bundle with Surf Control Scan Mechanism 10

URL Filtering 11

Virtual LAN Security • Router-based Port Security can be used to Restrict Access to each VLAN as Required. • Benefit of Vigor VLAN – Isolate Users into the Different VLANs. 12

VLAN Architecture 13

Dray. Tek VPN Solution – ICSA IPSec Certification (Vigor 3300 series). – Supports 200 IPSec Tunnels. – Hardware-based accelerator of DES/3 DES, AES/HMAC-SHA-1/HMAC-MD 5 Encryption. – IPSec, PPTP, L 2 TP over IPSec. – 30 Mbps throughput in AES/3 DES. – Preshared key and Certificate Authority (X. 509 v 3) Authentication. – DHCP over IPsec – RADIUS client support. 14

Dray. Tek VPN Solution • LAN-to-LAN VPN connection (Gateway-to-Gateway) Made by two Routers to Connect two Portions of Private Networks. The Vigor router support IPSec tunnel protocols. • Remote Dial-in VPN connection (Host-to-Gateway) Made by a remote access client, or a single user To Optical computer, that connects to a private network. In this Connection type of connection, the Vigor router support IPSec tunnel for DHCP over IPsec protocols. 15

Smart VPN Client • For Windows 2000/XP. • Simplifies the Procedures to Create IPSec Tunnel with the Vigor Router by Easy-to-Use GUI. 16

VPN Scenario 17

Vo. IP Application • Vo. IP - FXO on-net/off-net calling 18

Vo. IP Application • Vo. IP - Integrate FXO to PBX Case 1. From Vo. IP to Extension 1) David dials the Vo. IP number of Vigor 3300 V. 2) After connection success, presses Linda’s extension 611. David Linda 19

Vo. IP Application • Vo. IP - Integrate FXO to PBX Case 2. From Vo. IP to PSTN (Off-Net Calling) 1) David dials the Vo. IP number of Vigor 3300 V. 2) After connection success, presses prefix number (e. g. “ 0”) to choose exterior line – PSTN. 3) Then dials Linda’s PSTN number. David Linda 20

Vo. IP Application • Vo. IP - Integrate FXO to PBX Case 3. From Extension to Vo. IP 1) Linda presses extension 610 to connect to Vigor 3300 V. 2) After connection success, dials David’s Vo. IP number. David Linda 21

Vo. IP Application • Vo. IP - Integrate FXO to PBX Case 4. From PSTN to Vo. IP (On-Net Calling) 1) Linda dials to PBX. 2) After connection success, presses extension 610 to connect to Vigor 3300 V. 3) Then dials David’s Vo. IP number. David Linda 22

Vo. IP Application • Vo. IP - Integrate FXS to PBX Case 1. From Vo. IP to Extension 1) David dials the Vo. IP number of Vigor 3300 V. 2) After connection success, presses Linda’s extension 610. David Linda 23

Vo. IP Application • Vo. IP - Integrate FXS to PBX Case 1. From Vo. IP to Extension David Linda 24

Vo. IP Application • Vo. IP - Integrate FXS to PBX Case 2. From Extension to Vo. IP 1) Linda presses prefix number (e. g. “ 7”) to choose exterior line – FXS of Vigor 3300 V. 2) Then dials David’s Vo. IP number. David Linda 25

Vo. IP Application • Vo. IP - Integrate FXS to PBX Case 2. From Extension to Vo. IP David Linda Note: The FXS model can’t provide on-net/off-net calling applications. 26

Vo. IP Application Secure Vo. IP – Vo. IP over VPN – s. RTP (Secure Real-Time Transport Protocol) • Encrypts the Payload of Vo. IP Packets • Compatible with RTP

Vo. IP Application Vo. IP - Integrated Scenario 28

Broadband Access Solution Vigor. Access

• • • System Benefit Product Architecture Broadband Application Scenario IPDLSAM Advance Feature Vigor CMS Feature Description

System Benefit New Technology DSL -ADSL 2/+ Inventory Saving Scalable Reliability Multimedia Friendly EMS Qo. S

Product Architecture • • • Target on Medium-Size CO up to 168 ADSL 2/+ Service and Signaling – Supports Voice & Data • Modular Flexibility To Optical – 24/48 Ports DSL/Splitter – WAN for FE or GE Interface Fiber • Network Resource Saving • EMS Management and Email Altering • Inventory Savings – Common Equipment on CO & Outside Plant Deployments • Firewall/Security/Qo. S Optional Support • Ready on April To MDF

Features • • • Target on Outdoor and Small-Size CO 19” Rack Mountable Chassis, 1 U Height • 24 G. dmt/G. lite/ ADSL/ADSL 2/+, and Splitter build in WAN Ethernet 10/100 Base-T Interface MPo. A, IPo. A IP To. S Remote TFTP/FTP Firmware/Configuration RS-232 & Telnet Command Line Interface SNMP In-Band Management Support Web-based GUI EMS – IP Multicast: IGMP Snooping Security/Firewall – Access Control List, Packet Filtering – Password Protected System – 512 VLAN (802. 1 Q)

Master Feature 2 Selectable WAN Interface Network Operation and Management - 802. 3, 802. 3 ab Ethernet Standard - User Friendly Web-Based Interface - 1000 Base-SX Module (SC connector) - Telnet Server for Remote Management - 1000 Base-FX Module(SC connector) - TFTP Software Upgrade Utility - 1000 Base-T Module(RJ 45 connector) - Console CLI for Local Management - 100 Base-T RJ 45 Connector - SNMPv 1, v 2 MGN Interface - MIBII, Bridge MIB, Ethernet Like MIB, - 1 port RJ 45 10/100 Base-T Private MIB, RMON 1, 2, 3, 9 Groups L 2 Switch Function - IEEE 802. 1 d Spanning-Tree Protocol Q. o. S - Packet filter and Classification. - IEEE 802. 3 x Flow Control - IEEE 802. 1 q VLAN - IEEE 802. 1 p Class of Service (Co. S) Prioritization - 4 -level Prioritization - 802. 1 ad Port Trucking/Link Aggregation

Slave Feature Network Interface - Two 10/100 M Fast Ethernet Interfaces or one Cascade Link is Gigabit Copper Interface Capacity – It Supports 24 ADSL 2/+ Ports. Security – It Supports Packet Filter, and Password Protection. Splitter Build in – It Supports 24 port x. DSL/Splitter. Inventory Savings - Common Equipment across Central Office and Outside Plant Deployments Management – It is managed by IP-DSLAM Master Unit. Q. o. S - Packet Filter and Classification.

• • • System Benefit Product Architecture Broadband Application Scenario IPDLSAM Advance Feature Vigor CMS Feature Description

Broadband FTTB Application Scenario

Broadband Enterprise Application

Broadband Application Scenario-DSL Extension

Campus Application

Hotel Application

IPDSLAM PPPo. E MAC PHY PPPo. E MAC 1483 B ATM PHY ADSL 2/+ 1483 B MAC ATM ADSL 2/+ PHY

PPPo. A to PPPo. E IP IP MAC IP PPP ATM PHY ADSL 2/+ IP PPPo. E MAC ADSL 2/+ PHY PPP ATM

Static IP Application IP MAC PHY IP MAC 1483 B ATM PHY ADSL 2/+ 1483 B ATM ADSL 2/+ MAC (VLAN) PHY Intranet

• • • System Benefit Product Architecture Broadband Application Scenario IPDLSAM Advance Feature Vigor CMS Feature Description

MAC limit -Port Security 16 MAC Address >16 MAC Address <= 16 MAC Address Limited on One Port

Generic Filter Mechanism ‧ Ethernet ‧ TCP ‧ UDP ‧ ICMP ‧ IGMP ‧ PPP or ‧ Packet Offset

Ethernet Type Filter o Source MAC address o Destination MAC addresses o Ether. Type o VLAN ID o Priority Tag o Destination Service Access Point (DSAP) of 802. 2 LLC frame o Source Service Access Point (SSAP) of 802. 2 LLC frame.

IP/TCP/UDP/ICMP/ PPP/Packet Offset Filter ‧ IP Layer ‧ ICMP Layer o Destination IP Address o ICMP type o Source IP Address o IP Protocol type. ‧ TCP Layer o Destination Port o Source Port. ‧ UDP Layer o Destination Port o Source Port. o ICMP code. ‧ IGMP Layer o IGMP Type o IGMP Code o Group Address. ‧ PPP Layer o PPP Protocol type ‧ Packet Offset.

IP Qo. S Mechanism ‧ Downstream Bandwidth Limit per PVC ‧ Upstream Bandwidth Limit per PVC ‧ 802. 1 p mapping to Class to Service ‧ Scheduling , Shaper and policing

TR-069 WAN CPE Management

Avoiding Broadcast Storm • Can Limit Incoming Broadcast Packet Rate to Avoid Broadcast Storm

Triple Play –Channel Classification IPTV • General class is prohibited to access Luxurious class content Luxurious Class General class Internet Extra Channel General Channel

Agenda • • • System Benefit Product Architecture Broadband Application Scenario IPDLSAM Advance Feature Vigor CMS Feature Description

Vigor CMS Scenario Manage SME, Mini DSLAM and Large Scale DSLAM。 l Efficiency Security Management from 1, 000 to 10, 000 NEs l

Vigor CMS Capability • SNMP In-band through the IP network • Authentication and Security Management • Software Download • Configuration Backup/Restore • Alarm, Diagnostics, Status Update • Fault and Performance Management

Vigor CMS Benefit – Configuration Management • Auto Provisioning, Firmware Upgrade – Deployment Management • Configuration Backup/Restore. – Topology Management • Auto Discovery for Managing Devices. (eg. Add or Delete from Layer Structure Subnets) – Security Management • Authentication, Resource Control – Monitor management • Fault Management, Device Polling 57

Vigor CMS Benefit – Backend Storage Management • Store Alarms, Events and User Activities. – Interoperability • User Authentication Message that Forwarded to RADIUS Server could be integrated with Enterprise Security Management. – Northbound Interface to Bundle with Billing System • All SNMP Compliant NMS can Receive and Collect Devices Status Information from Vigor CMS through Northbound Interface. 58

Status Report

Alarm Management

Configuration Management

Performance Management

Monitor Management